Repository: alibaba/tengine Branch: master Commit: c72279105721 Files: 1664 Total size: 16.1 MB Directory structure: gitextract_yjuswt18/ ├── .github/ │ ├── ISSUE_TEMPLATE/ │ │ ├── bug_report.md │ │ ├── feature_request.md │ │ └── question-about-tengine.md │ └── workflows/ │ ├── ci-arm64.yml │ ├── ci.yml │ ├── test-nginx-core.yml │ └── test-ntls.yml ├── .gitignore ├── AUTHORS.te ├── CHANGES ├── CHANGES.cn ├── CHANGES.te ├── LICENSE ├── README.markdown ├── THANKS.te ├── auto/ │ ├── cc/ │ │ ├── acc │ │ ├── bcc │ │ ├── ccc │ │ ├── clang │ │ ├── conf │ │ ├── gcc │ │ ├── icc │ │ ├── msvc │ │ ├── name │ │ ├── owc │ │ └── sunc │ ├── configure │ ├── define │ ├── endianness │ ├── feature │ ├── have │ ├── have_headers │ ├── headers │ ├── include │ ├── init │ ├── install │ ├── lib/ │ │ ├── conf │ │ ├── geoip/ │ │ │ └── conf │ │ ├── google-perftools/ │ │ │ └── conf │ │ ├── jemalloc/ │ │ │ ├── conf │ │ │ └── make │ │ ├── libatomic/ │ │ │ ├── conf │ │ │ └── make │ │ ├── libgd/ │ │ │ └── conf │ │ ├── libxslt/ │ │ │ └── conf │ │ ├── make │ │ ├── openssl/ │ │ │ ├── conf │ │ │ ├── make │ │ │ ├── makefile.bcc │ │ │ └── makefile.msvc │ │ ├── pcre/ │ │ │ ├── conf │ │ │ ├── make │ │ │ ├── makefile.bcc │ │ │ ├── makefile.msvc │ │ │ └── makefile.owc │ │ ├── perl/ │ │ │ ├── conf │ │ │ └── make │ │ └── zlib/ │ │ ├── conf │ │ ├── make │ │ ├── makefile.bcc │ │ ├── makefile.msvc │ │ └── makefile.owc │ ├── make │ ├── module │ ├── modules │ ├── nohave │ ├── options │ ├── os/ │ │ ├── conf │ │ ├── darwin │ │ ├── freebsd │ │ ├── linux │ │ ├── solaris │ │ └── win32 │ ├── sources │ ├── stubs │ ├── summary │ ├── threads │ ├── types/ │ │ ├── sizeof │ │ ├── typedef │ │ ├── uintptr_t │ │ └── value │ └── unix ├── conf/ │ ├── browsers │ ├── fastcgi.conf │ ├── fastcgi_params │ ├── koi-utf │ ├── koi-win │ ├── mime.types │ ├── nginx.conf │ ├── scgi_params │ ├── uwsgi_params │ └── win-utf ├── configure ├── contrib/ │ ├── README │ ├── dso.in │ ├── geo2nginx.pl │ ├── stylechecker.py │ ├── unicode2nginx/ │ │ ├── koi-utf │ │ ├── unicode-to-nginx.pl │ │ └── win-utf │ └── vim/ │ ├── ftdetect/ │ │ └── nginx.vim │ ├── ftplugin/ │ │ └── nginx.vim │ ├── indent/ │ │ └── nginx.vim │ └── syntax/ │ └── nginx.vim ├── docs/ │ ├── core.md │ ├── core_cn.md │ └── modules/ │ ├── TFS_RESTful_API.md │ ├── TFS_RESTful_API_cn.md │ ├── ngx_backtrace_module.md │ ├── ngx_debug_pool.md │ ├── ngx_debug_pool_cn.md │ ├── ngx_dso_module.md │ ├── ngx_dso_module_cn.md │ ├── ngx_http_concat_cn.md │ ├── ngx_http_core_module.md │ ├── ngx_http_core_module_cn.md │ ├── ngx_http_dubbo_module.md │ ├── ngx_http_dubbo_module_cn.md │ ├── ngx_http_limit_req_module.md │ ├── ngx_http_proxy_connect_module.md │ ├── ngx_http_proxy_connect_module_cn.md │ ├── ngx_http_reqstat_module.md │ ├── ngx_http_reqstat_module_cn.md │ ├── ngx_http_spdy_module.md │ ├── ngx_http_spdy_module_cn.md │ ├── ngx_http_ssl_asynchronous_mode.md │ ├── ngx_http_ssl_asynchronous_mode_cn.md │ ├── ngx_http_sysguard.md │ ├── ngx_http_sysguard_cn.md │ ├── ngx_http_tfs_module.md │ ├── ngx_http_tfs_module_cn.md │ ├── ngx_http_trim_filter_module.md │ ├── ngx_http_trim_filter_module_cn.md │ ├── ngx_http_upstream_check_module.md │ ├── ngx_http_upstream_check_module_cn.md │ ├── ngx_http_upstream_consistent_hash_module.md │ ├── ngx_http_upstream_consistent_hash_module_cn.md │ ├── ngx_http_upstream_dynamic.md │ ├── ngx_http_upstream_dynamic_cn.md │ ├── ngx_http_upstream_dyups_module.md │ ├── ngx_http_upstream_iwrr_module.md │ ├── ngx_http_upstream_iwrr_module_cn.md │ ├── ngx_http_upstream_session_sticky_module.md │ ├── ngx_http_upstream_session_sticky_module_cn.md │ ├── ngx_http_upstream_vnswrr_module.md │ ├── ngx_http_upstream_vnswrr_module_cn.md │ ├── ngx_http_user_agent.md │ ├── ngx_limit_upstream.md │ ├── ngx_limit_upstream_cn.md │ ├── ngx_log_pipe.md │ ├── ngx_log_pipe_cn.md │ ├── ngx_procs_module.md │ └── ngx_procs_module_cn.md ├── html/ │ ├── 50x.html │ └── index.html ├── man/ │ └── nginx.8 ├── modules/ │ ├── mod_common/ │ │ ├── config │ │ ├── ngx_comm_encrypt.c │ │ ├── ngx_comm_encrypt.h │ │ ├── ngx_comm_serialize.c │ │ ├── ngx_comm_serialize.h │ │ ├── ngx_comm_shm.c │ │ ├── ngx_comm_shm.h │ │ ├── ngx_comm_string.c │ │ └── ngx_comm_string.h │ ├── mod_config/ │ │ └── config │ ├── mod_dubbo/ │ │ ├── README.md │ │ ├── config │ │ ├── hessian2/ │ │ │ ├── hessian2_ext.cc │ │ │ ├── hessian2_ext.h │ │ │ ├── hessian2_input.cc │ │ │ ├── hessian2_input.h │ │ │ ├── hessian2_output.cc │ │ │ └── hessian2_output.h │ │ ├── ngx_dubbo.c │ │ ├── ngx_dubbo.h │ │ ├── ngx_dubbo_util.cpp │ │ ├── ngx_http_dubbo_module.c │ │ ├── ngx_http_dubbo_module.h │ │ └── utils/ │ │ ├── exceptions.h │ │ ├── objects.cc │ │ ├── objects.h │ │ ├── utils.cc │ │ └── utils.h │ ├── mod_strategy/ │ │ ├── config │ │ ├── ngx_http_strategy_module.c │ │ ├── ngx_proc_strategy_module.c │ │ └── ngx_proc_strategy_module.h │ ├── mod_xudp/ │ │ ├── config │ │ ├── ngx_xudp.c │ │ ├── ngx_xudp.h │ │ ├── ngx_xudp_inc.h │ │ ├── ngx_xudp_internal.h │ │ ├── ngx_xudp_module.c │ │ ├── ngx_xudp_module.h │ │ └── xquic-xdp/ │ │ ├── dispatch_xquic.c │ │ ├── readme.md │ │ ├── test.c │ │ └── xquic_xdp.h │ ├── ngx_backtrace_module/ │ │ ├── config │ │ └── ngx_backtrace_module.c │ ├── ngx_debug_conn/ │ │ ├── README.cn │ │ ├── README.md │ │ ├── config │ │ ├── ngx_http_debug_conn_module.c │ │ └── t/ │ │ └── test.t │ ├── ngx_debug_pool/ │ │ ├── config │ │ ├── debug_pool.gdb │ │ ├── ngx_http_debug_pool_module.c │ │ ├── ngx_palloc.c │ │ ├── ngx_palloc.h │ │ └── t/ │ │ └── test.t │ ├── ngx_debug_timer/ │ │ ├── README.cn │ │ ├── README.md │ │ ├── config │ │ ├── ngx_http_debug_timer_module.c │ │ └── t/ │ │ └── test.t │ ├── ngx_http_concat_module/ │ │ ├── config │ │ └── ngx_http_concat_module.c │ ├── ngx_http_footer_filter_module/ │ │ ├── config │ │ └── ngx_http_footer_filter_module.c │ ├── ngx_http_lua_module/ │ │ ├── .mergify.yml │ │ ├── .travis.yml │ │ ├── README.markdown │ │ ├── config │ │ ├── doc/ │ │ │ └── HttpLuaModule.wiki │ │ ├── dtrace/ │ │ │ └── ngx_lua_provider.d │ │ ├── misc/ │ │ │ └── recv-until-pm/ │ │ │ ├── lib/ │ │ │ │ └── RecvUntil.pm │ │ │ └── t/ │ │ │ └── sanity.t │ │ ├── src/ │ │ │ ├── api/ │ │ │ │ └── ngx_http_lua_api.h │ │ │ ├── ddebug.h │ │ │ ├── ngx_http_lua_accessby.c │ │ │ ├── ngx_http_lua_accessby.h │ │ │ ├── ngx_http_lua_api.c │ │ │ ├── ngx_http_lua_args.c │ │ │ ├── ngx_http_lua_args.h │ │ │ ├── ngx_http_lua_balancer.c │ │ │ ├── ngx_http_lua_balancer.h │ │ │ ├── ngx_http_lua_bodyfilterby.c │ │ │ ├── ngx_http_lua_bodyfilterby.h │ │ │ ├── ngx_http_lua_cache.c │ │ │ ├── ngx_http_lua_cache.h │ │ │ ├── ngx_http_lua_capturefilter.c │ │ │ ├── ngx_http_lua_capturefilter.h │ │ │ ├── ngx_http_lua_clfactory.c │ │ │ ├── ngx_http_lua_clfactory.h │ │ │ ├── ngx_http_lua_common.h │ │ │ ├── ngx_http_lua_config.c │ │ │ ├── ngx_http_lua_config.h │ │ │ ├── ngx_http_lua_consts.c │ │ │ ├── ngx_http_lua_consts.h │ │ │ ├── ngx_http_lua_contentby.c │ │ │ ├── ngx_http_lua_contentby.h │ │ │ ├── ngx_http_lua_control.c │ │ │ ├── ngx_http_lua_control.h │ │ │ ├── ngx_http_lua_coroutine.c │ │ │ ├── ngx_http_lua_coroutine.h │ │ │ ├── ngx_http_lua_ctx.c │ │ │ ├── ngx_http_lua_ctx.h │ │ │ ├── ngx_http_lua_directive.c │ │ │ ├── ngx_http_lua_directive.h │ │ │ ├── ngx_http_lua_exception.c │ │ │ ├── ngx_http_lua_exception.h │ │ │ ├── ngx_http_lua_exitworkerby.c │ │ │ ├── ngx_http_lua_exitworkerby.h │ │ │ ├── ngx_http_lua_headerfilterby.c │ │ │ ├── ngx_http_lua_headerfilterby.h │ │ │ ├── ngx_http_lua_headers.c │ │ │ ├── ngx_http_lua_headers.h │ │ │ ├── ngx_http_lua_headers_in.c │ │ │ ├── ngx_http_lua_headers_in.h │ │ │ ├── ngx_http_lua_headers_out.c │ │ │ ├── ngx_http_lua_headers_out.h │ │ │ ├── ngx_http_lua_initby.c │ │ │ ├── ngx_http_lua_initby.h │ │ │ ├── ngx_http_lua_initworkerby.c │ │ │ ├── ngx_http_lua_initworkerby.h │ │ │ ├── ngx_http_lua_input_filters.c │ │ │ ├── ngx_http_lua_input_filters.h │ │ │ ├── ngx_http_lua_lex.c │ │ │ ├── ngx_http_lua_lex.h │ │ │ ├── ngx_http_lua_log.c │ │ │ ├── ngx_http_lua_log.h │ │ │ ├── ngx_http_lua_log_ringbuf.c │ │ │ ├── ngx_http_lua_log_ringbuf.h │ │ │ ├── ngx_http_lua_logby.c │ │ │ ├── ngx_http_lua_logby.h │ │ │ ├── ngx_http_lua_misc.c │ │ │ ├── ngx_http_lua_misc.h │ │ │ ├── ngx_http_lua_module.c │ │ │ ├── ngx_http_lua_ndk.c │ │ │ ├── ngx_http_lua_ndk.h │ │ │ ├── ngx_http_lua_output.c │ │ │ ├── ngx_http_lua_output.h │ │ │ ├── ngx_http_lua_pcrefix.c │ │ │ ├── ngx_http_lua_pcrefix.h │ │ │ ├── ngx_http_lua_phase.c │ │ │ ├── ngx_http_lua_phase.h │ │ │ ├── ngx_http_lua_pipe.c │ │ │ ├── ngx_http_lua_pipe.h │ │ │ ├── ngx_http_lua_probe.h │ │ │ ├── ngx_http_lua_regex.c │ │ │ ├── ngx_http_lua_regex.h │ │ │ ├── ngx_http_lua_req_body.c │ │ │ ├── ngx_http_lua_req_body.h │ │ │ ├── ngx_http_lua_req_method.c │ │ │ ├── ngx_http_lua_req_method.h │ │ │ ├── ngx_http_lua_rewriteby.c │ │ │ ├── ngx_http_lua_rewriteby.h │ │ │ ├── ngx_http_lua_script.c │ │ │ ├── ngx_http_lua_script.h │ │ │ ├── ngx_http_lua_semaphore.c │ │ │ ├── ngx_http_lua_semaphore.h │ │ │ ├── ngx_http_lua_server_rewriteby.c │ │ │ ├── ngx_http_lua_server_rewriteby.h │ │ │ ├── ngx_http_lua_setby.c │ │ │ ├── ngx_http_lua_setby.h │ │ │ ├── ngx_http_lua_shdict.c │ │ │ ├── ngx_http_lua_shdict.h │ │ │ ├── ngx_http_lua_sleep.c │ │ │ ├── ngx_http_lua_sleep.h │ │ │ ├── ngx_http_lua_socket_tcp.c │ │ │ ├── ngx_http_lua_socket_tcp.h │ │ │ ├── ngx_http_lua_socket_udp.c │ │ │ ├── ngx_http_lua_socket_udp.h │ │ │ ├── ngx_http_lua_ssl.c │ │ │ ├── ngx_http_lua_ssl.h │ │ │ ├── ngx_http_lua_ssl_certby.c │ │ │ ├── ngx_http_lua_ssl_certby.h │ │ │ ├── ngx_http_lua_ssl_client_helloby.c │ │ │ ├── ngx_http_lua_ssl_client_helloby.h │ │ │ ├── ngx_http_lua_ssl_ocsp.c │ │ │ ├── ngx_http_lua_ssl_session_fetchby.c │ │ │ ├── ngx_http_lua_ssl_session_fetchby.h │ │ │ ├── ngx_http_lua_ssl_session_storeby.c │ │ │ ├── ngx_http_lua_ssl_session_storeby.h │ │ │ ├── ngx_http_lua_string.c │ │ │ ├── ngx_http_lua_string.h │ │ │ ├── ngx_http_lua_subrequest.c │ │ │ ├── ngx_http_lua_subrequest.h │ │ │ ├── ngx_http_lua_time.c │ │ │ ├── ngx_http_lua_time.h │ │ │ ├── ngx_http_lua_timer.c │ │ │ ├── ngx_http_lua_timer.h │ │ │ ├── ngx_http_lua_uri.c │ │ │ ├── ngx_http_lua_uri.h │ │ │ ├── ngx_http_lua_uthread.c │ │ │ ├── ngx_http_lua_uthread.h │ │ │ ├── ngx_http_lua_util.c │ │ │ ├── ngx_http_lua_util.h │ │ │ ├── ngx_http_lua_variable.c │ │ │ ├── ngx_http_lua_variable.h │ │ │ ├── ngx_http_lua_worker.c │ │ │ ├── ngx_http_lua_worker.h │ │ │ ├── ngx_http_lua_worker_thread.c │ │ │ └── ngx_http_lua_worker_thread.h │ │ ├── t/ │ │ │ ├── .gitignore │ │ │ ├── 000--init.t │ │ │ ├── 000-sanity.t │ │ │ ├── 001-set.t │ │ │ ├── 002-content.t │ │ │ ├── 003-errors.t │ │ │ ├── 004-require.t │ │ │ ├── 005-exit.t │ │ │ ├── 006-escape.t │ │ │ ├── 007-md5.t │ │ │ ├── 008-today.t │ │ │ ├── 009-log.t │ │ │ ├── 010-request_body.t │ │ │ ├── 011-md5_bin.t │ │ │ ├── 012-now.t │ │ │ ├── 013-base64.t │ │ │ ├── 014-bugs.t │ │ │ ├── 015-status.t │ │ │ ├── 016-resp-header.t │ │ │ ├── 017-exec.t │ │ │ ├── 018-ndk.t │ │ │ ├── 019-const.t │ │ │ ├── 020-subrequest.t │ │ │ ├── 021-cookie-time.t │ │ │ ├── 022-redirect.t │ │ │ ├── 023-rewrite/ │ │ │ │ ├── client-abort.t │ │ │ │ ├── exec.t │ │ │ │ ├── exit.t │ │ │ │ ├── mixed.t │ │ │ │ ├── multi-capture.t │ │ │ │ ├── on-abort.t │ │ │ │ ├── redirect.t │ │ │ │ ├── req-body.t │ │ │ │ ├── req-socket.t │ │ │ │ ├── request_body.t │ │ │ │ ├── sanity.t │ │ │ │ ├── sleep.t │ │ │ │ ├── socket-keepalive.t │ │ │ │ ├── subrequest.t │ │ │ │ ├── tcp-socket-timeout.t │ │ │ │ ├── tcp-socket.t │ │ │ │ ├── unix-socket.t │ │ │ │ ├── uthread-exec.t │ │ │ │ ├── uthread-exit.t │ │ │ │ ├── uthread-redirect.t │ │ │ │ └── uthread-spawn.t │ │ │ ├── 024-access/ │ │ │ │ ├── auth.t │ │ │ │ ├── client-abort.t │ │ │ │ ├── exec.t │ │ │ │ ├── exit.t │ │ │ │ ├── mixed.t │ │ │ │ ├── multi-capture.t │ │ │ │ ├── on-abort.t │ │ │ │ ├── redirect.t │ │ │ │ ├── req-body.t │ │ │ │ ├── request_body.t │ │ │ │ ├── sanity.t │ │ │ │ ├── satisfy.t │ │ │ │ ├── sleep.t │ │ │ │ ├── subrequest.t │ │ │ │ ├── uthread-exec.t │ │ │ │ ├── uthread-exit.t │ │ │ │ ├── uthread-redirect.t │ │ │ │ └── uthread-spawn.t │ │ │ ├── 025-codecache.t │ │ │ ├── 026-mysql.t │ │ │ ├── 027-multi-capture.t │ │ │ ├── 028-req-header.t │ │ │ ├── 029-http-time.t │ │ │ ├── 030-uri-args-with-ctrl.t │ │ │ ├── 030-uri-args.t │ │ │ ├── 031-post-args.t │ │ │ ├── 032-iolist.t │ │ │ ├── 033-ctx.t │ │ │ ├── 034-match.t │ │ │ ├── 035-gmatch.t │ │ │ ├── 036-sub.t │ │ │ ├── 037-gsub.t │ │ │ ├── 038-match-o.t │ │ │ ├── 039-sub-o.t │ │ │ ├── 040-gsub-o.t │ │ │ ├── 041-header-filter.t │ │ │ ├── 042-crc32.t │ │ │ ├── 043-shdict.t │ │ │ ├── 044-req-body.t │ │ │ ├── 045-ngx-var.t │ │ │ ├── 046-hmac.t │ │ │ ├── 047-match-jit.t │ │ │ ├── 048-match-dfa.t │ │ │ ├── 049-gmatch-jit.t │ │ │ ├── 050-gmatch-dfa.t │ │ │ ├── 051-sub-jit.t │ │ │ ├── 052-sub-dfa.t │ │ │ ├── 053-gsub-jit.t │ │ │ ├── 054-gsub-dfa.t │ │ │ ├── 055-subreq-vars.t │ │ │ ├── 056-flush.t │ │ │ ├── 057-flush-timeout.t │ │ │ ├── 058-tcp-socket.t │ │ │ ├── 059-unix-socket.t │ │ │ ├── 060-lua-memcached.t │ │ │ ├── 061-lua-redis.t │ │ │ ├── 062-count.t │ │ │ ├── 063-abort.t │ │ │ ├── 064-pcall.t │ │ │ ├── 065-tcp-socket-timeout.t │ │ │ ├── 066-socket-receiveuntil.t │ │ │ ├── 067-req-socket.t │ │ │ ├── 068-socket-keepalive.t │ │ │ ├── 069-null.t │ │ │ ├── 070-sha1.t │ │ │ ├── 071-idle-socket.t │ │ │ ├── 072-conditional-get.t │ │ │ ├── 073-backtrace.t │ │ │ ├── 074-prefix-var.t │ │ │ ├── 075-logby.t │ │ │ ├── 076-no-postpone.t │ │ │ ├── 077-sleep.t │ │ │ ├── 078-hup-vars.t │ │ │ ├── 079-unused-directives.t │ │ │ ├── 080-hup-shdict.t │ │ │ ├── 081-bytecode.t │ │ │ ├── 082-body-filter-2.t │ │ │ ├── 082-body-filter.t │ │ │ ├── 083-bad-sock-self.t │ │ │ ├── 084-inclusive-receiveuntil.t │ │ │ ├── 085-if.t │ │ │ ├── 086-init-by.t │ │ │ ├── 087-udp-socket.t │ │ │ ├── 088-req-method.t │ │ │ ├── 089-phase.t │ │ │ ├── 090-log-socket-errors.t │ │ │ ├── 091-coroutine.t │ │ │ ├── 092-eof.t │ │ │ ├── 093-uthread-spawn.t │ │ │ ├── 094-uthread-exit.t │ │ │ ├── 095-uthread-exec.t │ │ │ ├── 096-uthread-redirect.t │ │ │ ├── 097-uthread-rewrite.t │ │ │ ├── 098-uthread-wait.t │ │ │ ├── 099-c-api.t │ │ │ ├── 100-client-abort.t │ │ │ ├── 101-on-abort.t │ │ │ ├── 102-req-start-time.t │ │ │ ├── 103-req-http-ver.t │ │ │ ├── 104-req-raw-header.t │ │ │ ├── 105-pressure.t │ │ │ ├── 106-timer.t │ │ │ ├── 107-timer-errors.t │ │ │ ├── 108-timer-safe.t │ │ │ ├── 109-timer-hup.t │ │ │ ├── 110-etag.t │ │ │ ├── 111-req-header-ua.t │ │ │ ├── 112-req-header-conn.t │ │ │ ├── 113-req-header-cookie.t │ │ │ ├── 114-config.t │ │ │ ├── 115-quote-sql-str.t │ │ │ ├── 116-raw-req-socket.t │ │ │ ├── 117-raw-req-socket-timeout.t │ │ │ ├── 118-use-default-type.t │ │ │ ├── 119-config-prefix.t │ │ │ ├── 120-re-find.t │ │ │ ├── 121-version.t │ │ │ ├── 122-worker-2.t │ │ │ ├── 122-worker-3.t │ │ │ ├── 122-worker.t │ │ │ ├── 123-lua-path.t │ │ │ ├── 124-init-worker.t │ │ │ ├── 125-configure-args.t │ │ │ ├── 126-shdict-frag.t │ │ │ ├── 127-uthread-kill.t │ │ │ ├── 128-duplex-tcp-socket.t │ │ │ ├── 129-ssl-socket.t │ │ │ ├── 130-internal-api.t │ │ │ ├── 131-duplex-req-socket.t │ │ │ ├── 132-lua-blocks.t │ │ │ ├── 133-worker-count.t │ │ │ ├── 134-worker-count-5.t │ │ │ ├── 135-worker-id.t │ │ │ ├── 136-timer-counts.t │ │ │ ├── 137-req-misc.t │ │ │ ├── 138-balancer.t │ │ │ ├── 139-ssl-cert-by.t │ │ │ ├── 140-ssl-c-api.t │ │ │ ├── 141-luajit.t │ │ │ ├── 142-ssl-session-store.t │ │ │ ├── 143-ssl-session-fetch.t │ │ │ ├── 144-shdict-incr-init.t │ │ │ ├── 145-shdict-list.t │ │ │ ├── 146-malloc-trim.t │ │ │ ├── 147-tcp-socket-timeouts.t │ │ │ ├── 148-fake-shm-zone.t │ │ │ ├── 149-hup-fake-shm-zone.t │ │ │ ├── 150-fake-delayed-load.t │ │ │ ├── 151-initby-hup.t │ │ │ ├── 152-timer-every.t │ │ │ ├── 153-semaphore-hup.t │ │ │ ├── 154-semaphore.t │ │ │ ├── 155-tls13.t │ │ │ ├── 156-slow-network.t │ │ │ ├── 157-socket-keepalive-hup.t │ │ │ ├── 158-global-var.t │ │ │ ├── 159-sa-restart.t │ │ │ ├── 160-disable-init-by-lua.t │ │ │ ├── 161-load-resty-core.t │ │ │ ├── 162-exit-worker.t │ │ │ ├── 162-fake-merge.t │ │ │ ├── 162-socket-tls-handshake.t │ │ │ ├── 162-static-module-location.t │ │ │ ├── 163-exit-worker-hup.t │ │ │ ├── 163-signal.t │ │ │ ├── 164-say.t │ │ │ ├── 165-thread-cache.t │ │ │ ├── 166-ssl-client-hello.t │ │ │ ├── 166-worker-thread.t │ │ │ ├── 167-server-rewrite.t │ │ │ ├── 168-tcp-socket-bind.t │ │ │ ├── 185-ngx-buf-double-free.t │ │ │ ├── 186-cosocket-busy-bufs.t │ │ │ ├── StapThread.pm │ │ │ ├── cert/ │ │ │ │ ├── dst-ca.crt │ │ │ │ ├── equifax.crt │ │ │ │ ├── mtls_ca.crt │ │ │ │ ├── mtls_ca.key │ │ │ │ ├── mtls_cert_gen/ │ │ │ │ │ ├── .gitignore │ │ │ │ │ ├── generate.sh │ │ │ │ │ ├── mtls_ca.json │ │ │ │ │ ├── mtls_client.json │ │ │ │ │ ├── mtls_server.json │ │ │ │ │ └── profile.json │ │ │ │ ├── mtls_client.crt │ │ │ │ ├── mtls_client.key │ │ │ │ ├── mtls_server.crt │ │ │ │ ├── mtls_server.key │ │ │ │ ├── test.crl │ │ │ │ ├── test.crt │ │ │ │ ├── test.key │ │ │ │ ├── test2.crt │ │ │ │ ├── test2.key │ │ │ │ ├── test_ecdsa.crt │ │ │ │ ├── test_ecdsa.key │ │ │ │ ├── test_passphrase.crt │ │ │ │ └── test_passphrase.key │ │ │ ├── data/ │ │ │ │ ├── fake-delayed-load-module/ │ │ │ │ │ ├── config │ │ │ │ │ └── ngx_http_lua_fake_delayed_load_module.c │ │ │ │ ├── fake-merge-module/ │ │ │ │ │ ├── config │ │ │ │ │ └── ngx_http_fake_merge_module.c │ │ │ │ ├── fake-module/ │ │ │ │ │ ├── config │ │ │ │ │ └── ngx_http_fake_module.c │ │ │ │ └── fake-shm-module/ │ │ │ │ ├── config │ │ │ │ └── ngx_http_lua_fake_shm_module.c │ │ │ └── lib/ │ │ │ ├── CRC32.lua │ │ │ ├── Memcached.lua │ │ │ ├── Redis.lua │ │ │ └── ljson.lua │ │ ├── tapset/ │ │ │ └── ngx_lua.stp │ │ ├── util/ │ │ │ ├── build-with-dd.sh │ │ │ ├── build-without-ssl.sh │ │ │ ├── build.sh │ │ │ ├── fix-comments │ │ │ ├── gen-lexer-c │ │ │ ├── nc_server.py │ │ │ ├── ngx-links │ │ │ ├── releng │ │ │ ├── retab │ │ │ ├── revim │ │ │ ├── run_test.sh │ │ │ └── update-readme.sh │ │ └── valgrind.suppress │ ├── ngx_http_proxy_connect_module/ │ │ ├── config │ │ ├── ngx_http_proxy_connect_module.c │ │ └── t/ │ │ ├── http_proxy_connect.t │ │ ├── http_proxy_connect_lua.t │ │ ├── http_proxy_connect_resolve_variables.t │ │ └── http_proxy_connect_timeout.t │ ├── ngx_http_reqstat_module/ │ │ ├── config │ │ ├── ngx_http_reqstat.h │ │ └── ngx_http_reqstat_module.c │ ├── ngx_http_slice_module/ │ │ ├── config │ │ └── ngx_http_slice_module.c │ ├── ngx_http_sysguard_module/ │ │ ├── config │ │ └── ngx_http_sysguard_module.c │ ├── ngx_http_tfs_module/ │ │ ├── config │ │ ├── ngx_http_connection_pool.c │ │ ├── ngx_http_connection_pool.h │ │ ├── ngx_http_tfs.c │ │ ├── ngx_http_tfs.h │ │ ├── ngx_http_tfs_block_cache.c │ │ ├── ngx_http_tfs_block_cache.h │ │ ├── ngx_http_tfs_data_server_message.c │ │ ├── ngx_http_tfs_data_server_message.h │ │ ├── ngx_http_tfs_duplicate.c │ │ ├── ngx_http_tfs_duplicate.h │ │ ├── ngx_http_tfs_errno.h │ │ ├── ngx_http_tfs_json.c │ │ ├── ngx_http_tfs_json.h │ │ ├── ngx_http_tfs_local_block_cache.c │ │ ├── ngx_http_tfs_local_block_cache.h │ │ ├── ngx_http_tfs_meta_server_message.c │ │ ├── ngx_http_tfs_meta_server_message.h │ │ ├── ngx_http_tfs_module.c │ │ ├── ngx_http_tfs_name_server_message.c │ │ ├── ngx_http_tfs_name_server_message.h │ │ ├── ngx_http_tfs_peer_connection.c │ │ ├── ngx_http_tfs_peer_connection.h │ │ ├── ngx_http_tfs_protocol.h │ │ ├── ngx_http_tfs_raw_fsname.c │ │ ├── ngx_http_tfs_raw_fsname.h │ │ ├── ngx_http_tfs_rc_server_info.c │ │ ├── ngx_http_tfs_rc_server_info.h │ │ ├── ngx_http_tfs_rc_server_message.c │ │ ├── ngx_http_tfs_rc_server_message.h │ │ ├── ngx_http_tfs_remote_block_cache.c │ │ ├── ngx_http_tfs_remote_block_cache.h │ │ ├── ngx_http_tfs_restful.c │ │ ├── ngx_http_tfs_restful.h │ │ ├── ngx_http_tfs_root_server_message.c │ │ ├── ngx_http_tfs_root_server_message.h │ │ ├── ngx_http_tfs_serialization.c │ │ ├── ngx_http_tfs_serialization.h │ │ ├── ngx_http_tfs_server_handler.c │ │ ├── ngx_http_tfs_server_handler.h │ │ ├── ngx_http_tfs_tair_helper.c │ │ ├── ngx_http_tfs_tair_helper.h │ │ ├── ngx_http_tfs_timers.c │ │ ├── ngx_http_tfs_timers.h │ │ ├── ngx_tfs_common.c │ │ └── ngx_tfs_common.h │ ├── ngx_http_trim_filter_module/ │ │ ├── config │ │ └── ngx_http_trim_filter_module.c │ ├── ngx_http_upstream_check_module/ │ │ ├── config │ │ ├── ngx_http_upstream_check_module.c │ │ └── ngx_http_upstream_check_module.h │ ├── ngx_http_upstream_consistent_hash_module/ │ │ ├── config │ │ └── ngx_http_upstream_consistent_hash_module.c │ ├── ngx_http_upstream_dynamic_module/ │ │ ├── config │ │ └── ngx_http_upstream_dynamic_module.c │ ├── ngx_http_upstream_dyups_module/ │ │ ├── config │ │ ├── ngx_http_dyups.h │ │ ├── ngx_http_dyups_lua.c │ │ ├── ngx_http_dyups_lua.h │ │ └── ngx_http_dyups_module.c │ ├── ngx_http_upstream_iwrr_module/ │ │ ├── config │ │ └── ngx_http_upstream_iwrr_module.c │ ├── ngx_http_upstream_keepalive_module/ │ │ ├── config │ │ ├── ngx_http_upstream_keepalive_module.c │ │ ├── ngx_http_upstream_keepalive_module.md │ │ └── proxy_keepalive.t │ ├── ngx_http_upstream_session_sticky_module/ │ │ ├── config │ │ └── ngx_http_upstream_session_sticky_module.c │ ├── ngx_http_upstream_vnswrr_module/ │ │ ├── config │ │ └── ngx_http_upstream_vnswrr_module.c │ ├── ngx_http_user_agent_module/ │ │ ├── config │ │ └── ngx_http_user_agent_module.c │ ├── ngx_http_xquic_module/ │ │ ├── README.md │ │ ├── config │ │ ├── ngx_http_v3_stream.c │ │ ├── ngx_http_v3_stream.h │ │ ├── ngx_http_xquic.c │ │ ├── ngx_http_xquic.h │ │ ├── ngx_http_xquic_filter_module.c │ │ ├── ngx_http_xquic_module.c │ │ ├── ngx_http_xquic_module.h │ │ ├── ngx_xquic.c │ │ ├── ngx_xquic.h │ │ ├── ngx_xquic_intercom.c │ │ ├── ngx_xquic_intercom.h │ │ ├── ngx_xquic_recv.c │ │ ├── ngx_xquic_recv.h │ │ ├── ngx_xquic_send.c │ │ └── ngx_xquic_send.h │ ├── ngx_ingress_module/ │ │ ├── config │ │ ├── ingress.pb-c.c │ │ ├── ingress.pb-c.h │ │ ├── ingress.proto │ │ ├── ngx_ingress_module.c │ │ ├── ngx_ingress_module.h │ │ ├── ngx_ingress_protobuf.c │ │ └── ngx_ingress_protobuf.h │ ├── ngx_multi_upstream_module/ │ │ ├── config │ │ ├── ngx_http_multi_upstream.c │ │ ├── ngx_http_multi_upstream_module.c │ │ ├── ngx_http_multi_upstream_module.h │ │ ├── ngx_multi_upstream_module.c │ │ ├── ngx_multi_upstream_module.h │ │ ├── ngx_stream_multi_upstream_module.c │ │ └── ngx_stream_multi_upstream_module.h │ ├── ngx_slab_stat/ │ │ ├── README.cn │ │ ├── README.md │ │ ├── config │ │ ├── ngx_http_slab_stat_module.c │ │ ├── slab_stat.patch │ │ └── t/ │ │ └── test.t │ └── ngx_tongsuo_ntls/ │ ├── README.md │ ├── config │ └── t/ │ ├── CA.pm │ ├── ntls.t │ ├── ntls_certificate_chain.t │ ├── ntls_proxy.t │ ├── ntls_session_cache.t │ ├── ntls_sni.t │ ├── ntls_sni_sessions.t │ ├── ntls_variables.t │ ├── ntls_verify_client.t │ ├── ntls_verify_depth.t │ ├── stream_ntls.t │ ├── stream_ntls_proxy.t │ ├── stream_ntls_session_cache.t │ ├── stream_ntls_variables.t │ ├── stream_ntls_verify_client.t │ └── stream_sni.t ├── packages/ │ └── debian/ │ ├── README.Debian │ ├── README.md │ ├── README.source │ ├── changelog │ ├── compat │ ├── control │ ├── copyright │ ├── docs │ ├── files │ ├── init.d │ ├── logrotate │ ├── nginx-debug.install │ ├── nginx.conf │ ├── nginx.default │ ├── nginx.vh.default.conf │ ├── nginx.vh.example_ssl.conf │ ├── rules │ ├── source/ │ │ └── format │ ├── tengine.debhelper.log │ ├── tengine.dirs │ ├── tengine.doc-base.EX │ ├── tengine.docs │ ├── tengine.postinst │ ├── tengine.postinst.debhelper │ ├── tengine.postrm │ ├── tengine.postrm.debhelper │ ├── tengine.preinst │ ├── tengine.prerm │ ├── tengine.prerm.debhelper │ └── tengine.substvars ├── src/ │ ├── core/ │ │ ├── nginx.c │ │ ├── nginx.h │ │ ├── ngx_array.c │ │ ├── ngx_array.h │ │ ├── ngx_buf.c │ │ ├── ngx_buf.h │ │ ├── ngx_conf_file.c │ │ ├── ngx_conf_file.h │ │ ├── ngx_config.h │ │ ├── ngx_connection.c │ │ ├── ngx_connection.h │ │ ├── ngx_core.h │ │ ├── ngx_cpuinfo.c │ │ ├── ngx_crc.h │ │ ├── ngx_crc32.c │ │ ├── ngx_crc32.h │ │ ├── ngx_crypt.c │ │ ├── ngx_crypt.h │ │ ├── ngx_cycle.c │ │ ├── ngx_cycle.h │ │ ├── ngx_file.c │ │ ├── ngx_file.h │ │ ├── ngx_hash.c │ │ ├── ngx_hash.h │ │ ├── ngx_inet.c │ │ ├── ngx_inet.h │ │ ├── ngx_list.c │ │ ├── ngx_list.h │ │ ├── ngx_log.c │ │ ├── ngx_log.h │ │ ├── ngx_md5.c │ │ ├── ngx_md5.h │ │ ├── ngx_module.c │ │ ├── ngx_module.h │ │ ├── ngx_murmurhash.c │ │ ├── ngx_murmurhash.h │ │ ├── ngx_open_file_cache.c │ │ ├── ngx_open_file_cache.h │ │ ├── ngx_output_chain.c │ │ ├── ngx_palloc.c │ │ ├── ngx_palloc.h │ │ ├── ngx_parse.c │ │ ├── ngx_parse.h │ │ ├── ngx_parse_time.c │ │ ├── ngx_parse_time.h │ │ ├── ngx_proxy_protocol.c │ │ ├── ngx_proxy_protocol.h │ │ ├── ngx_queue.c │ │ ├── ngx_queue.h │ │ ├── ngx_radix_tree.c │ │ ├── ngx_radix_tree.h │ │ ├── ngx_rbtree.c │ │ ├── ngx_rbtree.h │ │ ├── ngx_regex.c │ │ ├── ngx_regex.h │ │ ├── ngx_resolver.c │ │ ├── ngx_resolver.h │ │ ├── ngx_rwlock.c │ │ ├── ngx_rwlock.h │ │ ├── ngx_segment_tree.c │ │ ├── ngx_segment_tree.h │ │ ├── ngx_sha1.c │ │ ├── ngx_sha1.h │ │ ├── ngx_shmtx.c │ │ ├── ngx_shmtx.h │ │ ├── ngx_slab.c │ │ ├── ngx_slab.h │ │ ├── ngx_spinlock.c │ │ ├── ngx_string.c │ │ ├── ngx_string.h │ │ ├── ngx_syslog.c │ │ ├── ngx_syslog.h │ │ ├── ngx_thread_pool.c │ │ ├── ngx_thread_pool.h │ │ ├── ngx_times.c │ │ ├── ngx_times.h │ │ ├── ngx_trie.c │ │ └── ngx_trie.h │ ├── event/ │ │ ├── modules/ │ │ │ ├── ngx_aio_module.c │ │ │ ├── ngx_devpoll_module.c │ │ │ ├── ngx_epoll_module.c │ │ │ ├── ngx_eventport_module.c │ │ │ ├── ngx_iocp_module.c │ │ │ ├── ngx_iocp_module.h │ │ │ ├── ngx_kqueue_module.c │ │ │ ├── ngx_poll_module.c │ │ │ ├── ngx_rtsig_module.c │ │ │ ├── ngx_select_module.c │ │ │ ├── ngx_win32_poll_module.c │ │ │ └── ngx_win32_select_module.c │ │ ├── ngx_dlopen.h │ │ ├── ngx_event.c │ │ ├── ngx_event.h │ │ ├── ngx_event_accept.c │ │ ├── ngx_event_acceptex.c │ │ ├── ngx_event_connect.c │ │ ├── ngx_event_connect.h │ │ ├── ngx_event_connectex.c │ │ ├── ngx_event_openssl.c │ │ ├── ngx_event_openssl.h │ │ ├── ngx_event_openssl_stapling.c │ │ ├── ngx_event_pipe.c │ │ ├── ngx_event_pipe.h │ │ ├── ngx_event_posted.c │ │ ├── ngx_event_posted.h │ │ ├── ngx_event_timer.c │ │ ├── ngx_event_timer.h │ │ ├── ngx_event_udp.c │ │ ├── ngx_event_udp.h │ │ ├── ngx_event_udpv2.c │ │ └── ngx_event_udpv2.h │ ├── http/ │ │ ├── modules/ │ │ │ ├── ngx_http_access_module.c │ │ │ ├── ngx_http_addition_filter_module.c │ │ │ ├── ngx_http_auth_basic_module.c │ │ │ ├── ngx_http_auth_request_module.c │ │ │ ├── ngx_http_autoindex_module.c │ │ │ ├── ngx_http_browser_module.c │ │ │ ├── ngx_http_charset_filter_module.c │ │ │ ├── ngx_http_chunked_filter_module.c │ │ │ ├── ngx_http_dav_module.c │ │ │ ├── ngx_http_degradation_module.c │ │ │ ├── ngx_http_empty_gif_module.c │ │ │ ├── ngx_http_fastcgi_module.c │ │ │ ├── ngx_http_flv_module.c │ │ │ ├── ngx_http_geo_module.c │ │ │ ├── ngx_http_geoip_module.c │ │ │ ├── ngx_http_grpc_module.c │ │ │ ├── ngx_http_gunzip_filter_module.c │ │ │ ├── ngx_http_gzip_filter_module.c │ │ │ ├── ngx_http_gzip_static_module.c │ │ │ ├── ngx_http_headers_filter_module.c │ │ │ ├── ngx_http_image_filter_module.c │ │ │ ├── ngx_http_index_module.c │ │ │ ├── ngx_http_limit_conn_module.c │ │ │ ├── ngx_http_limit_req_module.c │ │ │ ├── ngx_http_log_module.c │ │ │ ├── ngx_http_map_module.c │ │ │ ├── ngx_http_memcached_module.c │ │ │ ├── ngx_http_mirror_module.c │ │ │ ├── ngx_http_mp4_module.c │ │ │ ├── ngx_http_not_modified_filter_module.c │ │ │ ├── ngx_http_proxy_module.c │ │ │ ├── ngx_http_random_index_module.c │ │ │ ├── ngx_http_range_filter_module.c │ │ │ ├── ngx_http_realip_module.c │ │ │ ├── ngx_http_referer_module.c │ │ │ ├── ngx_http_rewrite_module.c │ │ │ ├── ngx_http_scgi_module.c │ │ │ ├── ngx_http_secure_link_module.c │ │ │ ├── ngx_http_slice_filter_module.c │ │ │ ├── ngx_http_split_clients_module.c │ │ │ ├── ngx_http_ssi_filter_module.c │ │ │ ├── ngx_http_ssi_filter_module.h │ │ │ ├── ngx_http_ssl_module.c │ │ │ ├── ngx_http_ssl_module.h │ │ │ ├── ngx_http_static_module.c │ │ │ ├── ngx_http_stub_status_module.c │ │ │ ├── ngx_http_sub_filter_module.c │ │ │ ├── ngx_http_try_files_module.c │ │ │ ├── ngx_http_upstream_hash_module.c │ │ │ ├── ngx_http_upstream_ip_hash_module.c │ │ │ ├── ngx_http_upstream_keepalive_module.c │ │ │ ├── ngx_http_upstream_least_conn_module.c │ │ │ ├── ngx_http_upstream_random_module.c │ │ │ ├── ngx_http_upstream_zone_module.c │ │ │ ├── ngx_http_userid_filter_module.c │ │ │ ├── ngx_http_uwsgi_module.c │ │ │ ├── ngx_http_xslt_filter_module.c │ │ │ └── perl/ │ │ │ ├── Makefile.PL │ │ │ ├── nginx.pm │ │ │ ├── nginx.xs │ │ │ ├── ngx_http_perl_module.c │ │ │ ├── ngx_http_perl_module.h │ │ │ └── typemap │ │ ├── ngx_http.c │ │ ├── ngx_http.h │ │ ├── ngx_http_cache.h │ │ ├── ngx_http_config.h │ │ ├── ngx_http_copy_filter_module.c │ │ ├── ngx_http_core_module.c │ │ ├── ngx_http_core_module.h │ │ ├── ngx_http_file_cache.c │ │ ├── ngx_http_header_filter_module.c │ │ ├── ngx_http_huff_decode.c │ │ ├── ngx_http_huff_encode.c │ │ ├── ngx_http_parse.c │ │ ├── ngx_http_postpone_filter_module.c │ │ ├── ngx_http_request.c │ │ ├── ngx_http_request.h │ │ ├── ngx_http_request_body.c │ │ ├── ngx_http_script.c │ │ ├── ngx_http_script.h │ │ ├── ngx_http_special_response.c │ │ ├── ngx_http_upstream.c │ │ ├── ngx_http_upstream.h │ │ ├── ngx_http_upstream_round_robin.c │ │ ├── ngx_http_upstream_round_robin.h │ │ ├── ngx_http_variables.c │ │ ├── ngx_http_variables.h │ │ ├── ngx_http_write_filter_module.c │ │ └── v2/ │ │ ├── ngx_http_v2.c │ │ ├── ngx_http_v2.h │ │ ├── ngx_http_v2_encode.c │ │ ├── ngx_http_v2_filter_module.c │ │ ├── ngx_http_v2_module.c │ │ ├── ngx_http_v2_module.h │ │ └── ngx_http_v2_table.c │ ├── mail/ │ │ ├── ngx_mail.c │ │ ├── ngx_mail.h │ │ ├── ngx_mail_auth_http_module.c │ │ ├── ngx_mail_core_module.c │ │ ├── ngx_mail_handler.c │ │ ├── ngx_mail_imap_handler.c │ │ ├── ngx_mail_imap_module.c │ │ ├── ngx_mail_imap_module.h │ │ ├── ngx_mail_parse.c │ │ ├── ngx_mail_pop3_handler.c │ │ ├── ngx_mail_pop3_module.c │ │ ├── ngx_mail_pop3_module.h │ │ ├── ngx_mail_proxy_module.c │ │ ├── ngx_mail_realip_module.c │ │ ├── ngx_mail_smtp_handler.c │ │ ├── ngx_mail_smtp_module.c │ │ ├── ngx_mail_smtp_module.h │ │ ├── ngx_mail_ssl_module.c │ │ └── ngx_mail_ssl_module.h │ ├── misc/ │ │ ├── ngx_cpp_test_module.cpp │ │ └── ngx_google_perftools_module.c │ ├── os/ │ │ └── unix/ │ │ ├── ngx_aio_read.c │ │ ├── ngx_aio_read_chain.c │ │ ├── ngx_aio_write.c │ │ ├── ngx_aio_write_chain.c │ │ ├── ngx_alloc.c │ │ ├── ngx_alloc.h │ │ ├── ngx_atomic.h │ │ ├── ngx_channel.c │ │ ├── ngx_channel.h │ │ ├── ngx_daemon.c │ │ ├── ngx_darwin.h │ │ ├── ngx_darwin_config.h │ │ ├── ngx_darwin_init.c │ │ ├── ngx_darwin_sendfile_chain.c │ │ ├── ngx_dlopen.c │ │ ├── ngx_dlopen.h │ │ ├── ngx_errno.c │ │ ├── ngx_errno.h │ │ ├── ngx_file_aio_read.c │ │ ├── ngx_files.c │ │ ├── ngx_files.h │ │ ├── ngx_freebsd.h │ │ ├── ngx_freebsd_config.h │ │ ├── ngx_freebsd_init.c │ │ ├── ngx_freebsd_sendfile_chain.c │ │ ├── ngx_gcc_atomic_amd64.h │ │ ├── ngx_gcc_atomic_ppc.h │ │ ├── ngx_gcc_atomic_sparc64.h │ │ ├── ngx_gcc_atomic_x86.h │ │ ├── ngx_linux.h │ │ ├── ngx_linux_aio_read.c │ │ ├── ngx_linux_config.h │ │ ├── ngx_linux_init.c │ │ ├── ngx_linux_sendfile_chain.c │ │ ├── ngx_os.h │ │ ├── ngx_pipe.c │ │ ├── ngx_pipe.h │ │ ├── ngx_posix_config.h │ │ ├── ngx_posix_init.c │ │ ├── ngx_process.c │ │ ├── ngx_process.h │ │ ├── ngx_process_cycle.c │ │ ├── ngx_process_cycle.h │ │ ├── ngx_readv_chain.c │ │ ├── ngx_recv.c │ │ ├── ngx_send.c │ │ ├── ngx_setaffinity.c │ │ ├── ngx_setaffinity.h │ │ ├── ngx_setproctitle.c │ │ ├── ngx_setproctitle.h │ │ ├── ngx_shmem.c │ │ ├── ngx_shmem.h │ │ ├── ngx_socket.c │ │ ├── ngx_socket.h │ │ ├── ngx_solaris.h │ │ ├── ngx_solaris_config.h │ │ ├── ngx_solaris_init.c │ │ ├── ngx_solaris_sendfilev_chain.c │ │ ├── ngx_sunpro_amd64.il │ │ ├── ngx_sunpro_atomic_sparc64.h │ │ ├── ngx_sunpro_sparc64.il │ │ ├── ngx_sunpro_x86.il │ │ ├── ngx_sysinfo.c │ │ ├── ngx_sysinfo.h │ │ ├── ngx_thread.h │ │ ├── ngx_thread_cond.c │ │ ├── ngx_thread_id.c │ │ ├── ngx_thread_mutex.c │ │ ├── ngx_time.c │ │ ├── ngx_time.h │ │ ├── ngx_udp_recv.c │ │ ├── ngx_udp_send.c │ │ ├── ngx_udp_sendmsg_chain.c │ │ ├── ngx_user.c │ │ ├── ngx_user.h │ │ └── ngx_writev_chain.c │ ├── proc/ │ │ ├── ngx_proc.c │ │ └── ngx_proc.h │ └── stream/ │ ├── ngx_stream.c │ ├── ngx_stream.h │ ├── ngx_stream_access_module.c │ ├── ngx_stream_core_module.c │ ├── ngx_stream_geo_module.c │ ├── ngx_stream_geoip_module.c │ ├── ngx_stream_handler.c │ ├── ngx_stream_limit_conn_module.c │ ├── ngx_stream_log_module.c │ ├── ngx_stream_map_module.c │ ├── ngx_stream_proxy_module.c │ ├── ngx_stream_realip_module.c │ ├── ngx_stream_return_module.c │ ├── ngx_stream_script.c │ ├── ngx_stream_script.h │ ├── ngx_stream_set_module.c │ ├── ngx_stream_split_clients_module.c │ ├── ngx_stream_ssl_module.c │ ├── ngx_stream_ssl_module.h │ ├── ngx_stream_ssl_preread_module.c │ ├── ngx_stream_upstream.c │ ├── ngx_stream_upstream.h │ ├── ngx_stream_upstream_hash_module.c │ ├── ngx_stream_upstream_least_conn_module.c │ ├── ngx_stream_upstream_random_module.c │ ├── ngx_stream_upstream_round_robin.c │ ├── ngx_stream_upstream_round_robin.h │ ├── ngx_stream_upstream_zone_module.c │ ├── ngx_stream_variables.c │ ├── ngx_stream_variables.h │ └── ngx_stream_write_filter_module.c └── tests/ ├── nginx-tests/ │ ├── nginx-tests/ │ │ ├── LICENSE │ │ ├── README │ │ ├── access.t │ │ ├── access_log.t │ │ ├── access_log_variables.t │ │ ├── addition.t │ │ ├── addition_buffered.t │ │ ├── auth_basic.t │ │ ├── auth_delay.t │ │ ├── auth_request.t │ │ ├── auth_request_satisfy.t │ │ ├── auth_request_set.t │ │ ├── autoindex.t │ │ ├── autoindex_format.t │ │ ├── binary_upgrade.t │ │ ├── body.t │ │ ├── body_chunked.t │ │ ├── charset.t │ │ ├── charset_gzip_static.t │ │ ├── config_dump.t │ │ ├── dav.t │ │ ├── dav_chunked.t │ │ ├── dav_utf8.t │ │ ├── debug_connection.t │ │ ├── debug_connection_syslog.t │ │ ├── debug_connection_unix.t │ │ ├── empty_gif.t │ │ ├── error_log.t │ │ ├── fastcgi.t │ │ ├── fastcgi_body.t │ │ ├── fastcgi_body2.t │ │ ├── fastcgi_buffering.t │ │ ├── fastcgi_cache.t │ │ ├── fastcgi_extra_data.t │ │ ├── fastcgi_header_params.t │ │ ├── fastcgi_keepalive.t │ │ ├── fastcgi_merge_params.t │ │ ├── fastcgi_merge_params2.t │ │ ├── fastcgi_request_buffering.t │ │ ├── fastcgi_request_buffering_chunked.t │ │ ├── fastcgi_split.t │ │ ├── fastcgi_unix.t │ │ ├── fastcgi_variables.t │ │ ├── geo.t │ │ ├── geo_binary.t │ │ ├── geo_ipv6.t │ │ ├── geo_unix.t │ │ ├── geoip.t │ │ ├── grpc.t │ │ ├── grpc_next_upstream.t │ │ ├── grpc_pass.t │ │ ├── grpc_request_buffering.t │ │ ├── grpc_ssl.t │ │ ├── gunzip.t │ │ ├── gunzip_memcached.t │ │ ├── gunzip_perl.t │ │ ├── gunzip_ssi.t │ │ ├── gunzip_static.t │ │ ├── gzip.t │ │ ├── gzip_flush.t │ │ ├── h2.t │ │ ├── h2_absolute_redirect.t │ │ ├── h2_auth_request.t │ │ ├── h2_error_page.t │ │ ├── h2_fastcgi_request_buffering.t │ │ ├── h2_headers.t │ │ ├── h2_keepalive.t │ │ ├── h2_limit_conn.t │ │ ├── h2_limit_req.t │ │ ├── h2_priority.t │ │ ├── h2_proxy_cache.t │ │ ├── h2_proxy_max_temp_file_size.t │ │ ├── h2_proxy_protocol.t │ │ ├── h2_proxy_request_buffering.t │ │ ├── h2_proxy_request_buffering_redirect.t │ │ ├── h2_proxy_request_buffering_ssl.t │ │ ├── h2_proxy_ssl.t │ │ ├── h2_request_body.t │ │ ├── h2_request_body_extra.t │ │ ├── h2_request_body_js.t │ │ ├── h2_request_body_preread.t │ │ ├── h2_server_push.t │ │ ├── h2_server_tokens.t │ │ ├── h2_ssl.t │ │ ├── h2_ssl_proxy_cache.t │ │ ├── h2_ssl_proxy_protocol.t │ │ ├── h2_ssl_variables.t │ │ ├── h2_ssl_verify_client.t │ │ ├── h2_trailers.t │ │ ├── h2_variables.t │ │ ├── headers.t │ │ ├── http_absolute_redirect.t │ │ ├── http_disable_symlinks.t │ │ ├── http_error_page.t │ │ ├── http_expect_100_continue.t │ │ ├── http_header_buffers.t │ │ ├── http_headers_multi.t │ │ ├── http_host.t │ │ ├── http_include.t │ │ ├── http_keepalive.t │ │ ├── http_keepalive_shutdown.t │ │ ├── http_listen.t │ │ ├── http_listen_wildcard.t │ │ ├── http_location.t │ │ ├── http_location_auto.t │ │ ├── http_location_win32.t │ │ ├── http_method.t │ │ ├── http_resolver.t │ │ ├── http_resolver_aaaa.t │ │ ├── http_resolver_cleanup.t │ │ ├── http_resolver_cname.t │ │ ├── http_resolver_ipv4.t │ │ ├── http_server_name.t │ │ ├── http_time_http_variable.t │ │ ├── http_try_files.t │ │ ├── http_uri.t │ │ ├── http_variables.t │ │ ├── ignore_invalid_headers.t │ │ ├── image_filter.t │ │ ├── image_filter_finalize.t │ │ ├── image_filter_webp.t │ │ ├── index.t │ │ ├── js.t │ │ ├── js_args.t │ │ ├── js_async.t │ │ ├── js_body_filter.t │ │ ├── js_body_filter_if.t │ │ ├── js_buffer.t │ │ ├── js_dump.t │ │ ├── js_fetch.t │ │ ├── js_fetch_https.t │ │ ├── js_fetch_resolver.t │ │ ├── js_fetch_timeout.t │ │ ├── js_fetch_verify.t │ │ ├── js_header_filter.t │ │ ├── js_header_filter_if.t │ │ ├── js_headers.t │ │ ├── js_import.t │ │ ├── js_import2.t │ │ ├── js_internal_redirect.t │ │ ├── js_modules.t │ │ ├── js_ngx.t │ │ ├── js_object.t │ │ ├── js_paths.t │ │ ├── js_preload_object.t │ │ ├── js_promise.t │ │ ├── js_request_body.t │ │ ├── js_return.t │ │ ├── js_subrequests.t │ │ ├── js_var.t │ │ ├── js_var2.t │ │ ├── js_variables.t │ │ ├── lib/ │ │ │ ├── Test/ │ │ │ │ ├── Nginx/ │ │ │ │ │ ├── HTTP2.pm │ │ │ │ │ ├── IMAP.pm │ │ │ │ │ ├── POP3.pm │ │ │ │ │ ├── SMTP.pm │ │ │ │ │ └── Stream.pm │ │ │ │ └── Nginx.pm │ │ │ └── Time/ │ │ │ ├── Parse.pm │ │ │ └── Zone.pm │ │ ├── limit_conn.t │ │ ├── limit_conn_complex.t │ │ ├── limit_conn_dry_run.t │ │ ├── limit_rate.t │ │ ├── limit_req.t │ │ ├── limit_req2.t │ │ ├── limit_req_delay.t │ │ ├── limit_req_dry_run.t │ │ ├── mail_capability.t │ │ ├── mail_error_log.t │ │ ├── mail_imap.t │ │ ├── mail_imap_ssl.t │ │ ├── mail_max_errors.t │ │ ├── mail_pop3.t │ │ ├── mail_proxy_protocol.t │ │ ├── mail_proxy_smtp_auth.t │ │ ├── mail_resolver.t │ │ ├── mail_smtp.t │ │ ├── mail_smtp_greeting_delay.t │ │ ├── mail_smtp_xclient.t │ │ ├── mail_ssl.t │ │ ├── mail_ssl_conf_command.t │ │ ├── mail_ssl_session_reuse.t │ │ ├── map.t │ │ ├── map_complex.t │ │ ├── map_volatile.t │ │ ├── memcached.t │ │ ├── memcached_fake.t │ │ ├── memcached_fake_extra.t │ │ ├── memcached_keepalive.t │ │ ├── memcached_keepalive_stale.t │ │ ├── merge_slashes.t │ │ ├── mirror.t │ │ ├── mirror_proxy.t │ │ ├── mp4.t │ │ ├── mp4_ssi.t │ │ ├── mp4_start_key_frame.t │ │ ├── msie_refresh.t │ │ ├── not_modified.t │ │ ├── not_modified_finalize.t │ │ ├── not_modified_proxy.t │ │ ├── perl.t │ │ ├── perl_gzip.t │ │ ├── perl_sleep.t │ │ ├── perl_ssi.t │ │ ├── post_action.t │ │ ├── proxy.t │ │ ├── proxy_available.t │ │ ├── proxy_bind.t │ │ ├── proxy_bind_transparent.t │ │ ├── proxy_bind_transparent_capability.t │ │ ├── proxy_cache.t │ │ ├── proxy_cache_bypass.t │ │ ├── proxy_cache_chunked.t │ │ ├── proxy_cache_control.t │ │ ├── proxy_cache_convert_head.t │ │ ├── proxy_cache_error.t │ │ ├── proxy_cache_lock.t │ │ ├── proxy_cache_lock_age.t │ │ ├── proxy_cache_lock_ssi.t │ │ ├── proxy_cache_manager.t │ │ ├── proxy_cache_max_range_offset.t │ │ ├── proxy_cache_min_free.t │ │ ├── proxy_cache_path.t │ │ ├── proxy_cache_range.t │ │ ├── proxy_cache_revalidate.t │ │ ├── proxy_cache_use_stale.t │ │ ├── proxy_cache_valid.t │ │ ├── proxy_cache_variables.t │ │ ├── proxy_cache_vary.t │ │ ├── proxy_chunked.t │ │ ├── proxy_chunked_extra.t │ │ ├── proxy_cookie.t │ │ ├── proxy_cookie_flags.t │ │ ├── proxy_duplicate_headers.t │ │ ├── proxy_extra_data.t │ │ ├── proxy_force_ranges.t │ │ ├── proxy_if.t │ │ ├── proxy_implicit.t │ │ ├── proxy_intercept_errors.t │ │ ├── proxy_keepalive.t │ │ ├── proxy_limit_rate.t │ │ ├── proxy_max_temp_file_size.t │ │ ├── proxy_merge_headers.t │ │ ├── proxy_method.t │ │ ├── proxy_next_upstream.t │ │ ├── proxy_next_upstream_tries.t │ │ ├── proxy_noclose.t │ │ ├── proxy_non_idempotent.t │ │ ├── proxy_pass_request.t │ │ ├── proxy_protocol.t │ │ ├── proxy_protocol2.t │ │ ├── proxy_protocol2_port.t │ │ ├── proxy_protocol2_server.t │ │ ├── proxy_protocol2_tlv.t │ │ ├── proxy_protocol_ipv6.t │ │ ├── proxy_protocol_port.t │ │ ├── proxy_protocol_server.t │ │ ├── proxy_protocol_unix.t │ │ ├── proxy_redirect.t │ │ ├── proxy_request_buffering.t │ │ ├── proxy_request_buffering_chunked.t │ │ ├── proxy_request_buffering_keepalive.t │ │ ├── proxy_request_buffering_ssl.t │ │ ├── proxy_set_body.t │ │ ├── proxy_ssi_body.t │ │ ├── proxy_ssl.t │ │ ├── proxy_ssl_certificate.t │ │ ├── proxy_ssl_certificate_empty.t │ │ ├── proxy_ssl_certificate_vars.t │ │ ├── proxy_ssl_conf_command.t │ │ ├── proxy_ssl_keepalive.t │ │ ├── proxy_ssl_name.t │ │ ├── proxy_ssl_verify.t │ │ ├── proxy_store.t │ │ ├── proxy_unfinished.t │ │ ├── proxy_unix.t │ │ ├── proxy_upgrade.t │ │ ├── proxy_upstream_cookie.t │ │ ├── proxy_variables.t │ │ ├── proxy_websocket.t │ │ ├── proxy_xar.t │ │ ├── random_index.t │ │ ├── range.t │ │ ├── range_charset.t │ │ ├── range_clearing.t │ │ ├── range_flv.t │ │ ├── range_if_range.t │ │ ├── range_mp4.t │ │ ├── realip.t │ │ ├── realip_hostname.t │ │ ├── realip_remote_addr.t │ │ ├── realip_remote_port.t │ │ ├── referer.t │ │ ├── request_id.t │ │ ├── rewrite.t │ │ ├── rewrite_if.t │ │ ├── rewrite_set.t │ │ ├── rewrite_unescape.t │ │ ├── scgi.t │ │ ├── scgi_body.t │ │ ├── scgi_cache.t │ │ ├── scgi_extra_data.t │ │ ├── scgi_gzip.t │ │ ├── scgi_merge_params.t │ │ ├── secure_link.t │ │ ├── server_tokens.t │ │ ├── slice.t │ │ ├── split_clients.t │ │ ├── ssi.t │ │ ├── ssi_delayed.t │ │ ├── ssi_if.t │ │ ├── ssi_include_big.t │ │ ├── ssi_waited.t │ │ ├── ssl.t │ │ ├── ssl_certificate.t │ │ ├── ssl_certificate_chain.t │ │ ├── ssl_certificate_perl.t │ │ ├── ssl_certificates.t │ │ ├── ssl_client_escaped_cert.t │ │ ├── ssl_conf_command.t │ │ ├── ssl_crl.t │ │ ├── ssl_curve.t │ │ ├── ssl_engine_keys.t │ │ ├── ssl_password_file.t │ │ ├── ssl_proxy_protocol.t │ │ ├── ssl_proxy_upgrade.t │ │ ├── ssl_reject_handshake.t │ │ ├── ssl_session_reuse.t │ │ ├── ssl_session_ticket_key.t │ │ ├── ssl_sni.t │ │ ├── ssl_sni_reneg.t │ │ ├── ssl_sni_sessions.t │ │ ├── ssl_stapling.t │ │ ├── ssl_verify_client.t │ │ ├── ssl_verify_depth.t │ │ ├── stream_access.t │ │ ├── stream_access_log.t │ │ ├── stream_access_log_escape.t │ │ ├── stream_access_log_none.t │ │ ├── stream_error_log.t │ │ ├── stream_geo.t │ │ ├── stream_geo_binary.t │ │ ├── stream_geo_ipv6.t │ │ ├── stream_geo_unix.t │ │ ├── stream_geoip.t │ │ ├── stream_js.t │ │ ├── stream_js_buffer.t │ │ ├── stream_js_exit.t │ │ ├── stream_js_fetch.t │ │ ├── stream_js_fetch_https.t │ │ ├── stream_js_import.t │ │ ├── stream_js_import2.t │ │ ├── stream_js_ngx.t │ │ ├── stream_js_object.t │ │ ├── stream_js_preload_object.t │ │ ├── stream_js_var.t │ │ ├── stream_js_var2.t │ │ ├── stream_js_variables.t │ │ ├── stream_limit_conn.t │ │ ├── stream_limit_conn_complex.t │ │ ├── stream_limit_conn_dry_run.t │ │ ├── stream_limit_rate.t │ │ ├── stream_limit_rate2.t │ │ ├── stream_map.t │ │ ├── stream_proxy.t │ │ ├── stream_proxy_bind.t │ │ ├── stream_proxy_complex.t │ │ ├── stream_proxy_half_close.t │ │ ├── stream_proxy_next_upstream.t │ │ ├── stream_proxy_protocol.t │ │ ├── stream_proxy_protocol2_tlv.t │ │ ├── stream_proxy_protocol_ipv6.t │ │ ├── stream_proxy_protocol_ssl.t │ │ ├── stream_proxy_ssl.t │ │ ├── stream_proxy_ssl_certificate.t │ │ ├── stream_proxy_ssl_certificate_vars.t │ │ ├── stream_proxy_ssl_conf_command.t │ │ ├── stream_proxy_ssl_name.t │ │ ├── stream_proxy_ssl_name_complex.t │ │ ├── stream_proxy_ssl_verify.t │ │ ├── stream_realip.t │ │ ├── stream_realip_hostname.t │ │ ├── stream_resolver.t │ │ ├── stream_set.t │ │ ├── stream_split_clients.t │ │ ├── stream_ssl.t │ │ ├── stream_ssl_alpn.t │ │ ├── stream_ssl_certificate.t │ │ ├── stream_ssl_conf_command.t │ │ ├── stream_ssl_preread.t │ │ ├── stream_ssl_preread_alpn.t │ │ ├── stream_ssl_preread_protocol.t │ │ ├── stream_ssl_realip.t │ │ ├── stream_ssl_session_reuse.t │ │ ├── stream_ssl_variables.t │ │ ├── stream_ssl_verify_client.t │ │ ├── stream_status_variable.t │ │ ├── stream_tcp_nodelay.t │ │ ├── stream_udp_limit_conn.t │ │ ├── stream_udp_limit_rate.t │ │ ├── stream_udp_proxy.t │ │ ├── stream_udp_proxy_requests.t │ │ ├── stream_udp_stream.t │ │ ├── stream_udp_upstream.t │ │ ├── stream_udp_upstream_hash.t │ │ ├── stream_udp_upstream_least_conn.t │ │ ├── stream_udp_wildcard.t │ │ ├── stream_unix.t │ │ ├── stream_upstream.t │ │ ├── stream_upstream_hash.t │ │ ├── stream_upstream_least_conn.t │ │ ├── stream_upstream_max_conns.t │ │ ├── stream_upstream_random.t │ │ ├── stream_upstream_zone.t │ │ ├── stream_upstream_zone_ssl.t │ │ ├── stream_variables.t │ │ ├── stub_status.t │ │ ├── sub_filter.t │ │ ├── sub_filter_buffering.t │ │ ├── sub_filter_merge.t │ │ ├── sub_filter_multi.t │ │ ├── sub_filter_multi2.t │ │ ├── sub_filter_perl.t │ │ ├── sub_filter_slice.t │ │ ├── sub_filter_ssi.t │ │ ├── subrequest_output_buffer_size.t │ │ ├── syslog.t │ │ ├── trailers.t │ │ ├── upstream.t │ │ ├── upstream_hash.t │ │ ├── upstream_hash_memcached.t │ │ ├── upstream_ip_hash.t │ │ ├── upstream_ip_hash_ipv6.t │ │ ├── upstream_keepalive.t │ │ ├── upstream_least_conn.t │ │ ├── upstream_max_conns.t │ │ ├── upstream_random.t │ │ ├── upstream_zone.t │ │ ├── upstream_zone_ssl.t │ │ ├── userid.t │ │ ├── userid_flags.t │ │ ├── uwsgi.t │ │ ├── uwsgi_body.t │ │ ├── uwsgi_ssl.t │ │ ├── uwsgi_ssl_certificate.t │ │ ├── uwsgi_ssl_certificate_vars.t │ │ ├── uwsgi_ssl_verify.t │ │ ├── worker_shutdown_timeout.t │ │ ├── worker_shutdown_timeout_h2.t │ │ ├── worker_shutdown_timeout_mail.t │ │ ├── worker_shutdown_timeout_proxy_upgrade.t │ │ ├── worker_shutdown_timeout_stream.t │ │ ├── xslt.t │ │ └── xslt_params.t │ └── tengine-tests/ │ ├── concat.t │ ├── consistent_hash.t │ ├── dynamic_resolve.t │ ├── dynamic_resolve_aaaa.t │ ├── dyups.t │ ├── fastcgi_check.t │ ├── gzip_clear_etag.t │ ├── http_raw_uri_variable.t │ ├── http_ssl_asynchronous_mode.t │ ├── http_ssl_handshakd_time.t │ ├── if_numeric_comparison.t │ ├── iwrr.t │ ├── limit_req_enhance.t │ ├── ngx_dtls.t │ ├── ngx_http_upstream_vnswrr.t │ ├── reqstat.t │ ├── resolver.t │ ├── resolver_file.t │ ├── server_banner.t │ ├── session_sticky.t │ ├── slice.t │ ├── stream_sni.t │ ├── stream_ssl_handshakd_time.t │ ├── sysguard.t │ ├── upstream.t │ ├── upstream_keepalive_timeout.t │ ├── variable.t │ └── vnswrr4dynamic_ups.t └── test-nginx/ ├── README ├── cases/ │ ├── footer.t │ ├── ngx_http_upstream_check_module/ │ │ ├── check_interface.t │ │ ├── http_check.t │ │ ├── ssl_hello_check.t │ │ ├── tcp_check.t │ │ └── websocket.t │ ├── req-start-time-variable.t │ ├── trim.t │ └── user_agent.t └── test-nginx/ ├── .gitignore ├── Changes ├── MANIFEST ├── MANIFEST.SKIP ├── META.yml ├── Makefile.PL ├── README ├── inc/ │ ├── Module/ │ │ ├── AutoInstall.pm │ │ ├── Install/ │ │ │ ├── AutoInstall.pm │ │ │ ├── Base.pm │ │ │ ├── Can.pm │ │ │ ├── Fetch.pm │ │ │ ├── Include.pm │ │ │ ├── Makefile.pm │ │ │ ├── Metadata.pm │ │ │ ├── TestBase.pm │ │ │ ├── Win32.pm │ │ │ └── WriteAll.pm │ │ └── Install.pm │ ├── Spiffy.pm │ └── Test/ │ ├── Base/ │ │ └── Filter.pm │ ├── Base.pm │ ├── Builder/ │ │ └── Module.pm │ ├── Builder.pm │ └── More.pm ├── lib/ │ └── Test/ │ ├── Nginx/ │ │ ├── LWP.pm │ │ ├── Socket/ │ │ │ └── Lua.pm │ │ ├── Socket.pm │ │ └── Util.pm │ └── Nginx.pm └── t/ ├── apply_moves.t ├── check_response_body.t ├── get_req_from_block.t ├── parse_request.t ├── pod-coverage.t ├── pod.t └── syntax.t ================================================ FILE CONTENTS ================================================ ================================================ FILE: .github/ISSUE_TEMPLATE/bug_report.md ================================================ --- name: Bug report about: Create a report to help us improve title: '' labels: '' assignees: '' --- ### Ⅰ. Issue Description ### Ⅱ. Describe what happened ### Ⅲ. Describe what you expected to happen ### Ⅳ. How to reproduce it (as minimally and precisely as possible) 1. 2. 3. ### Ⅴ. Anything else we need to know? 1. If applicable, add nginx [debug log doc](http://nginx.org/en/docs/debugging_log.html). 2. 3. ### Ⅵ. Environment: - Tengine version (use `sbin/nginx -V`): - OS (e.g. from /etc/os-release): - Kernel (e.g. `uname -a`): - Others: ================================================ FILE: .github/ISSUE_TEMPLATE/feature_request.md ================================================ --- name: Feature request about: Suggest an idea for this project title: '' labels: '' assignees: '' --- ## Why you need it? ## How it could be? ## Other related information ================================================ FILE: .github/ISSUE_TEMPLATE/question-about-tengine.md ================================================ --- name: Question about Tengine about: Ask whatever you want to know or confusion about Tengine title: '' labels: '' assignees: chobits --- ## Question ================================================ FILE: .github/workflows/ci-arm64.yml ================================================ name: build tengine on: push: branches: [ master ] pull_request: jobs: build-arm64: runs-on: "ubuntu-24.04" strategy: fail-fast: false matrix: compiler: - { compiler: GNU, CC: gcc, CXX: g++} - { compiler: LLVM, CC: clang, CXX: clang++} steps: - name: Checkout Tengine uses: actions/checkout@v3 - name: 'checkout luajit2' uses: actions/checkout@v3 with: repository: openresty/luajit2 path: luajit2 - name: Compile with ${{ matrix.compiler.compiler }} uses: uraimo/run-on-arch-action@v3 with: arch: aarch64 distro: ubuntu24.04 githubToken: ${{ github.token }} dockerRunArgs: | --volume "${PWD}:/tengine" install: | set -x apt-get update -q -y apt-get install -q -y make gcc g++ clang libgd-dev libgeoip-dev libxslt1-dev libpcre3 libpcre3-dev liblua5.1-0-dev lua5.1 libperl-dev cpanminus libssl-dev file run: | set -x cd /tengine echo "Build luajit2" cd luajit2 make -j4 make install cd .. echo "Build tengine" export CC=${{ matrix.compiler.CC }} export CXX=${{ matrix.compiler.CXX }} export LUAJIT_LIB=/usr/local/lib export LUAJIT_INC=/usr/local/include/luajit-2.1 ./configure \ --with-ld-opt="-Wl,-lpcre,-rpath,/usr/local/lib" \ --with-ipv6 \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_addition_module \ --with-stream \ --with-stream_ssl_module \ --with-stream_realip_module \ --with-stream_geoip_module \ --with-stream_ssl_preread_module \ --with-stream_sni \ --add-module=./modules/ngx_backtrace_module \ --add-module=./modules/ngx_debug_pool \ --add-module=./modules/ngx_debug_timer \ --add-module=./modules/ngx_debug_conn \ --add-module=./modules/ngx_http_concat_module \ --add-module=./modules/ngx_http_footer_filter_module \ --add-module=./modules/ngx_http_lua_module \ --add-module=./modules/ngx_http_proxy_connect_module \ --add-module=./modules/ngx_http_reqstat_module \ --add-module=./modules/ngx_http_slice_module \ --add-module=./modules/ngx_http_sysguard_module \ --add-module=./modules/ngx_http_trim_filter_module \ --add-module=./modules/ngx_http_upstream_check_module \ --add-module=./modules/ngx_http_upstream_consistent_hash_module \ --add-module=./modules/ngx_http_upstream_dynamic_module \ --add-module=./modules/ngx_http_upstream_dyups_module \ --add-module=./modules/ngx_http_upstream_iwrr_module \ --add-module=./modules/ngx_http_upstream_keepalive_module \ --add-module=./modules/ngx_http_upstream_session_sticky_module \ --add-module=./modules/ngx_http_upstream_vnswrr_module \ --add-module=./modules/ngx_http_user_agent_module \ --add-module=./modules/ngx_multi_upstream_module \ --add-module=./modules/ngx_slab_stat \ --without-http_upstream_keepalive_module make -j4 make install file /usr/local/nginx/sbin/nginx | grep aarch64 ================================================ FILE: .github/workflows/ci.yml ================================================ name: test tengine on: push: branches: [ master ] pull_request: branches: [ master ] jobs: build-and-test: runs-on: "ubuntu-24.04" strategy: fail-fast: false matrix: compiler: - { compiler: GNU, CC: gcc, CXX: g++} - { compiler: LLVM, CC: clang, CXX: clang++} steps: - uses: actions/checkout@v3 - name: get dependencies run: | sudo apt update sudo apt remove nginx libgd3 sudo apt install -y libgd-dev libgeoip-dev libxslt1-dev libpcre3 libpcre3-dev liblua5.1-0-dev lua5.1 libperl-dev cpanminus libssl-dev - name: 'checkout luajit2' uses: actions/checkout@v3 with: repository: openresty/luajit2 path: luajit2 - name: 'build luajit2' working-directory: luajit2 run: | make sudo make install - name: 'checkout lua-resty-lrucache' uses: actions/checkout@v3 with: repository: openresty/lua-resty-lrucache path: lua-resty-lrucache - name: 'build lua-resty-lrucache' working-directory: lua-resty-lrucache run: | sudo make install - name: 'checkout lua-resty-core' uses: actions/checkout@v3 with: repository: openresty/lua-resty-core ref: v0.1.27 path: lua-resty-core - name: 'build lua-resty-core' working-directory: lua-resty-core run: | sudo make install # TODO: fix tests so they don't depend on /usr/local/nginx/logs/ # so we can run `make`, `make test`, `make install`. - name: build env: CC: ${{ matrix.compiler.CC }} CXX: ${{ matrix.compiler.CXX }} LUAJIT_LIB: /usr/local/lib LUAJIT_INC: /usr/local/include/luajit-2.1 run: | ./configure \ --with-debug \ --with-ld-opt="-Wl,-lpcre,-rpath,/usr/local/lib" \ --with-ipv6 \ --with-openssl-async \ --with-http_ssl_module \ --with-http_v2_module \ --with-http_addition_module \ --with-stream \ --with-stream_ssl_module \ --with-stream_realip_module \ --with-stream_geoip_module \ --with-stream_ssl_preread_module \ --with-stream_sni \ --add-module=./modules/ngx_backtrace_module \ --add-module=./modules/ngx_debug_pool \ --add-module=./modules/ngx_debug_timer \ --add-module=./modules/ngx_debug_conn \ --add-module=./modules/ngx_http_concat_module \ --add-module=./modules/ngx_http_footer_filter_module \ --add-module=./modules/ngx_http_lua_module \ --add-module=./modules/ngx_http_proxy_connect_module \ --add-module=./modules/ngx_http_reqstat_module \ --add-module=./modules/ngx_http_slice_module \ --add-module=./modules/ngx_http_sysguard_module \ --add-module=./modules/ngx_http_trim_filter_module \ --add-module=./modules/ngx_http_upstream_check_module \ --add-module=./modules/ngx_http_upstream_consistent_hash_module \ --add-module=./modules/ngx_http_upstream_dynamic_module \ --add-module=./modules/ngx_http_upstream_dyups_module \ --add-module=./modules/ngx_http_upstream_iwrr_module \ --add-module=./modules/ngx_http_upstream_keepalive_module \ --add-module=./modules/ngx_http_upstream_session_sticky_module \ --add-module=./modules/ngx_http_upstream_vnswrr_module \ --add-module=./modules/ngx_http_user_agent_module \ --add-module=./modules/ngx_multi_upstream_module \ --add-module=./modules/ngx_slab_stat \ --without-http_upstream_keepalive_module make -j2 sudo make install - name: tengine test cases using nginx-tests lib working-directory: tests/nginx-tests env: TEST_NGINX_BINARY: /usr/local/nginx/sbin/nginx run: | sudo cpanm --notest Net::DNS::Nameserver > build.log 2>&1 || (cat build.log && exit 1) prove -v -Inginx-tests/lib tengine-tests/ prove -v -Inginx-tests/lib ../../modules/ngx_http_proxy_connect_module/t prove -v -Inginx-tests/lib ../../modules/ngx_debug_timer/t prove -v -Inginx-tests/lib ../../modules/ngx_debug_conn/t prove -v -Inginx-tests/lib ../../modules/ngx_slab_stat/t - name: tengine test cases using test-nginx lib working-directory: tests/test-nginx run: | sudo cpanm --notest Shell Test::Base Test::LongString List::MoreUtils LWP::UserAgent HTTP::Response > build.log 2>&1 || (cat build.log && exit 1) mkdir t PATH=/usr/local/nginx/sbin:$PATH \ prove -v -Itest-nginx/lib cases/ ================================================ FILE: .github/workflows/test-nginx-core.yml ================================================ name: test nginx core on: push: branches: [ master ] pull_request: branches: [ master ] jobs: build-and-test: runs-on: "ubuntu-24.04" strategy: fail-fast: false matrix: compiler: - { compiler: GNU, CC: gcc, CXX: g++} - { compiler: LLVM, CC: clang, CXX: clang++} steps: - uses: actions/checkout@v3 - name: get dependencies run: | sudo apt update sudo apt remove nginx libgd3 sudo apt install -y libgd-dev libgeoip-dev libxslt1-dev libpcre3 libpcre3-dev liblua5.1-0-dev lua5.1 libperl-dev cpanminus libssl-dev # for building nginx core sudo apt install -y libgoogle-perftools-dev # for running cases in nginx-tests sudo apt install -y uwsgi-plugin-python3 uwsgi ffmpeg memcached libsofthsm2-dev - name: 'checkout luajit2' uses: actions/checkout@v3 with: repository: openresty/luajit2 path: luajit2 - name: 'build luajit2' working-directory: luajit2 run: | make sudo make install - name: 'checkout lua-resty-lrucache' uses: actions/checkout@v3 with: repository: openresty/lua-resty-lrucache path: lua-resty-lrucache - name: 'build lua-resty-lrucache' working-directory: lua-resty-lrucache run: | sudo make install - name: 'checkout lua-resty-core' uses: actions/checkout@v3 with: repository: openresty/lua-resty-core ref: v0.1.27 path: lua-resty-core - name: 'build lua-resty-core' working-directory: lua-resty-core run: | sudo make install - name: build env: CC: ${{ matrix.compiler.CC }} CXX: ${{ matrix.compiler.CXX }} LUAJIT_LIB: /usr/local/lib LUAJIT_INC: /usr/local/include/luajit-2.1 run: | # TODO: fix https://github.com/alibaba/tengine/issues/1720, then remove "-D T_NGX_HTTP_IMAGE_FILTER=0" # NOTE: # For "-D T_NGX_MODIFY_DEFAULT_VALUE=0", we dont compile the source included in this macro, otherwise some nginx-tests cases tests will fail. # For "-D T_NGX_SERVER_INFO=0", it makes some cases pass, such as userid.t. # For "-D T_NGX_HTTP_UPSTREAM_RANDOM=0", it makes some cases pass, such as image_filter_finalize.t. ./configure \ --with-cc-opt="-D T_NGX_MODIFY_DEFAULT_VALUE=0 -D T_NGX_HTTP_IMAGE_FILTER=0 -D T_NGX_SERVER_INFO=0 -D T_NGX_HTTP_UPSTREAM_RANDOM=0" \ --with-ld-opt="-Wl,-lpcre,-rpath,/usr/local/lib" \ --with-openssl-async \ --with-pcre \ --with-http_ssl_module \ --with-http_image_filter_module \ --with-http_v2_module \ --with-http_addition_module \ --with-http_mp4_module \ --with-http_realip_module \ --with-http_xslt_module \ --with-http_geoip_module \ --with-http_sub_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_gunzip_module \ --with-http_gzip_static_module \ --with-http_auth_request_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_degradation_module \ --with-http_slice_module \ --with-http_stub_status_module \ --with-mail \ --with-mail_ssl_module \ --with-stream \ --with-stream_ssl_module \ --with-stream_realip_module \ --with-stream_geoip_module \ --with-stream_ssl_preread_module \ --with-google_perftools_module \ --with-cpp_test_module \ --with-compat \ --add-module=modules/mod_config \ --add-module=modules/mod_dubbo \ --add-module=modules/ngx_backtrace_module \ --add-module=modules/ngx_debug_timer \ --add-module=modules/ngx_http_concat_module \ --add-module=modules/ngx_http_footer_filter_module \ --add-module=modules/ngx_http_lua_module \ --add-module=modules/ngx_http_proxy_connect_module \ --add-module=modules/ngx_http_reqstat_module \ --add-module=modules/ngx_http_sysguard_module \ --add-module=modules/ngx_http_trim_filter_module \ --add-module=modules/ngx_http_upstream_check_module \ --add-module=modules/ngx_http_upstream_consistent_hash_module \ --add-module=modules/ngx_http_upstream_dynamic_module \ --add-module=modules/ngx_http_upstream_session_sticky_module \ --add-module=modules/ngx_http_upstream_vnswrr_module \ --add-module=modules/ngx_http_user_agent_module \ --add-module=modules/ngx_multi_upstream_module \ --add-module=modules/ngx_slab_stat \ --add-module=modules/ngx_http_upstream_dyups_module \ --with-http_perl_module \ --with-stream_sni \ --with-openssl-async \ --with-debug # skip ngx_debug_pool, it modified NGX_MIN_POOL_SIZE, which made some test case failed (http_header_buffers.t) # skip tengine upstream keepalive module #--without-http_upstream_keepalive_module \ #--add-module=modules/ngx_http_upstream_keepalive_module \ # skip tengine slice module #--add-module=modules/ngx_http_slice_module \ make -j2 sudo make install - name: run cases in nginx-tests working-directory: tests/nginx-tests env: TEST_NGINX_BINARY: /usr/local/nginx/sbin/nginx TEST_NGINX_UNSAFE: yes run: | # prepare perl library for test case sudo cpanm --notest SCGI Protocol::WebSocket Net::SSLeay IO::Socket::SSL Cache::Memcached Cache::Memcached::Fast Net::DNS::Nameserver GD > build.log 2>&1 || (cat build.log && exit 1) # fixed http_method.t for tengine proxy_connect module sed -i -e "s+405 Not Allowed(?!.*200 OK)/s, 'connect'+400 Bad Request(?!.*200 OK)/s, 'connect'+" nginx-tests/http_method.t # run cases in nginx-tests prove -I nginx-tests/lib nginx-tests/ # It must be root for some cases. sudo groupadd wheel # for proxy_bind_transparent.t sudo TEST_NGINX_BINARY=/usr/local/nginx/sbin/nginx TEST_NGINX_UNSAFE=yes prove -I nginx-tests/lib nginx-tests/proxy_bind_transparent.t nginx-tests/proxy_bind_transparent_capability.t ================================================ FILE: .github/workflows/test-ntls.yml ================================================ name: test tengine ntls on: push: branches: [ master ] pull_request: branches: [ master ] jobs: build-and-test: runs-on: "ubuntu-24.04" strategy: fail-fast: false matrix: compiler: - { compiler: GNU, CC: gcc, CXX: g++} - { compiler: LLVM, CC: clang, CXX: clang++} steps: - uses: actions/checkout@v3 with: path: tengine - name: get dependencies run: | sudo apt install -y libpcre3 libpcre3-dev - name: 'checkout luajit2' uses: actions/checkout@v3 with: repository: openresty/luajit2 path: luajit2 - name: 'build luajit2' working-directory: luajit2 run: | make sudo make install - name: 'checkout lua-resty-lrucache' uses: actions/checkout@v3 with: repository: openresty/lua-resty-lrucache path: lua-resty-lrucache - name: 'build lua-resty-lrucache' working-directory: lua-resty-lrucache run: | sudo make install - name: 'checkout lua-resty-core' uses: actions/checkout@v3 with: repository: openresty/lua-resty-core ref: v0.1.27 path: lua-resty-core - name: 'build lua-resty-core' working-directory: lua-resty-core run: | sudo make install - name: checkout Tongsuo uses: actions/checkout@v3 with: repository: Tongsuo-Project/Tongsuo path: Tongsuo - name: build Tongsuo working-directory: Tongsuo env: CC: ${{ matrix.compiler.CC }} run: | ./config --prefix=${RUNNER_TEMP}/tongsuo enable-ntls no-shared make -s -j4 make install_sw make clean - name: build Tengine working-directory: tengine env: CC: ${{ matrix.compiler.CC }} CXX: ${{ matrix.compiler.CXX }} LUAJIT_LIB: /usr/local/lib LUAJIT_INC: /usr/local/include/luajit-2.1 run: | ./configure \ --with-ld-opt="-Wl,-lpcre,-rpath,/usr/local/lib" \ --with-pcre \ --add-module=modules/ngx_tongsuo_ntls \ --add-module=modules/ngx_http_lua_module \ --with-openssl=../Tongsuo \ --with-openssl-opt="--api=1.1.1 enable-ntls" \ --with-http_ssl_module \ --with-http_v2_module \ --with-stream \ --with-stream_ssl_module \ --with-stream_sni make -j2 sudo make install - name: run test cases working-directory: tengine env: TEST_OPENSSL_BINARY: ${{ runner.temp }}/tongsuo/bin/tongsuo TEST_NGINX_BINARY: /usr/local/nginx/sbin/nginx TEST_NGINX_LEAVE: 1 run: | prove -Itests/nginx-tests/nginx-tests/lib/ modules/ngx_tongsuo_ntls/t - name: debug if: ${{ failure() }} run: | for file in `ls /tmp/nginx-test-*/error.log`; do cat $file; done ================================================ FILE: .gitignore ================================================ Makefile objs/ tags ================================================ FILE: AUTHORS.te ================================================ Names are in alphabetical order: António P. P. Almeida (appa [at] perusio [dot] net) Charles Chen (weiyue [at] taobao [dot] com) Xiaojiang Chen (zhongsheng.cxj [at] taobao [dot] com) Yunxing Chen (yunxing.cyx [at] taobao [dot] com) Zhen Chen (gongyuan.cz [at] taobao [dot] com) Shanyuan Gao (kangbo [at] taobao [dot] com) Steve Peng (jinglong.pq [at] taobao [dot] com) Feibo Li (lizi [at] taobao [dot] com) Simon Liu (diaoliang [at] taobao [dot] com) Yang Tian (lieyuan [at] taobao [dot] com) Xiaozhe "chaoslawful" Wang (chaoslawful [at] gmail [dot] com) Xiaowei Wu (yixiao.wxw [at] taobao [dot] com) Junmin Xiong (xiongjunmin.pt [at] taobao [dot] com) Zhuo Yuan (yuanzhuo.pt [at] taobao [dot] com) Weibin Yao (wenjing.ywb [at] taobao [dot] com) Zhang "agentzh" Yichun (agentzh [at] gmail [dot] com) Lanshun Zhou (zls.sogou [at] gmail [dot] com) Joshua Zhu (shudu [at] taobao [dot] com) Liang Li (lianglli [at] taobao [dot] com) ================================================ FILE: CHANGES ================================================ Changes with nginx 1.24.0 11 Apr 2023 *) 1.24.x stable branch. Changes with nginx 1.23.4 28 Mar 2023 *) Change: now TLSv1.3 protocol is enabled by default. *) Change: now nginx issues a warning if protocol parameters of a listening socket are redefined. *) Change: now nginx closes connections with lingering if pipelining was used by the client. *) Feature: byte ranges support in the ngx_http_gzip_static_module. *) Bugfix: port ranges in the "listen" directive did not work; the bug had appeared in 1.23.3. Thanks to Valentin Bartenev. *) Bugfix: incorrect location might be chosen to process a request if a prefix location longer than 255 characters was used in the configuration. *) Bugfix: non-ASCII characters in file names on Windows were not supported by the ngx_http_autoindex_module, the ngx_http_dav_module, and the "include" directive. *) Change: the logging level of the "data length too long", "length too short", "bad legacy version", "no shared signature algorithms", "bad digest length", "missing sigalgs extension", "encrypted length too long", "bad length", "bad key update", "mixed handshake and non handshake data", "ccs received early", "data between ccs and finished", "packet length too long", "too many warn alerts", "record too small", and "got a fin before a ccs" SSL errors has been lowered from "crit" to "info". *) Bugfix: a socket leak might occur when using HTTP/2 and the "error_page" directive to redirect errors with code 400. *) Bugfix: messages about logging to syslog errors did not contain information that the errors happened while logging to syslog. Thanks to Safar Safarly. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. *) Bugfix: in the mail proxy server. Changes with nginx 1.23.3 13 Dec 2022 *) Bugfix: an error might occur when reading PROXY protocol version 2 header with large number of TLVs. *) Bugfix: a segmentation fault might occur in a worker process if SSI was used to process subrequests created by other modules. Thanks to Ciel Zhao. *) Workaround: when a hostname used in the "listen" directive resolves to multiple addresses, nginx now ignores duplicates within these addresses. *) Bugfix: nginx might hog CPU during unbuffered proxying if SSL connections to backends were used. Changes with nginx 1.23.2 19 Oct 2022 *) Security: processing of a specially crafted mp4 file by the ngx_http_mp4_module might cause a worker process crash, worker process memory disclosure, or might have potential other impact (CVE-2022-41741, CVE-2022-41742). *) Feature: the "$proxy_protocol_tlv_..." variables. *) Feature: TLS session tickets encryption keys are now automatically rotated when using shared memory in the "ssl_session_cache" directive. *) Change: the logging level of the "bad record type" SSL errors has been lowered from "crit" to "info". Thanks to Murilo Andrade. *) Change: now when using shared memory in the "ssl_session_cache" directive the "could not allocate new session" errors are logged at the "warn" level instead of "alert" and not more often than once per second. *) Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x. *) Bugfix: in logging of the PROXY protocol errors. Thanks to Sergey Brester. *) Workaround: shared memory from the "ssl_session_cache" directive was spent on sessions using TLS session tickets when using TLSv1.3 with OpenSSL. *) Workaround: timeout specified with the "ssl_session_timeout" directive did not work when using TLSv1.3 with OpenSSL or BoringSSL. Changes with nginx 1.23.1 19 Jul 2022 *) Feature: memory usage optimization in configurations with SSL proxying. *) Feature: looking up of IPv4 addresses while resolving now can be disabled with the "ipv4=off" parameter of the "resolver" directive. *) Change: the logging level of the "bad key share", "bad extension", "bad cipher", and "bad ecpoint" SSL errors has been lowered from "crit" to "info". *) Bugfix: while returning byte ranges nginx did not remove the "Content-Range" header line if it was present in the original backend response. *) Bugfix: a proxied response might be truncated during reconfiguration on Linux; the bug had appeared in 1.17.5. Changes with nginx 1.23.0 21 Jun 2022 *) Change in internal API: now header lines are represented as linked lists. *) Change: now nginx combines arbitrary header lines with identical names when sending to FastCGI, SCGI, and uwsgi backends, in the $r->header_in() method of the ngx_http_perl_module, and during lookup of the "$http_...", "$sent_http_...", "$sent_trailer_...", "$upstream_http_...", and "$upstream_trailer_..." variables. *) Bugfix: if there were multiple "Vary" header lines in the backend response, nginx only used the last of them when caching. *) Bugfix: if there were multiple "WWW-Authenticate" header lines in the backend response and errors with code 401 were intercepted or the "auth_request" directive was used, nginx only sent the first of the header lines to the client. *) Change: the logging level of the "application data after close notify" SSL errors has been lowered from "crit" to "info". *) Bugfix: connections might hang if nginx was built on Linux 2.6.17 or newer, but was used on systems without EPOLLRDHUP support, notably with epoll emulation layers; the bug had appeared in 1.17.5. Thanks to Marcus Ball. *) Bugfix: nginx did not cache the response if the "Expires" response header line disabled caching, but following "Cache-Control" header line enabled caching. Changes with nginx 1.21.6 25 Jan 2022 *) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were unevenly distributed among worker processes. *) Bugfix: nginx returned the "Connection: keep-alive" header line in responses during graceful shutdown of old worker processes. *) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3. Changes with nginx 1.21.5 28 Dec 2021 *) Change: now nginx is built with the PCRE2 library by default. *) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD. *) Feature: support for sendfile(SF_NOCACHE) on FreeBSD. *) Feature: the $ssl_curve variable. *) Bugfix: connections might hang when using HTTP/2 without SSL with the "sendfile" and "aio" directives. Changes with nginx 1.21.4 02 Nov 2021 *) Change: support for NPN instead of ALPN to establish HTTP/2 connections has been removed. *) Change: now nginx rejects SSL connections if ALPN is used by the client, but no supported protocols can be negotiated. *) Change: the default value of the "sendfile_max_chunk" directive was changed to 2 megabytes. *) Feature: the "proxy_half_close" directive in the stream module. *) Feature: the "ssl_alpn" directive in the stream module. *) Feature: the $ssl_alpn_protocol variable. *) Feature: support for SSL_sendfile() when using OpenSSL 3.0. *) Feature: the "mp4_start_key_frame" directive in the ngx_http_mp4_module. Thanks to Tracey Jaquith. *) Bugfix: in the $content_length variable when using chunked transfer encoding. *) Bugfix: after receiving a response with incorrect length from a proxied backend nginx might nevertheless cache the connection. Thanks to Awdhesh Mathpal. *) Bugfix: invalid headers from backends were logged at the "info" level instead of "error"; the bug had appeared in 1.21.1. *) Bugfix: requests might hang when using HTTP/2 and the "aio_write" directive. Changes with nginx 1.21.3 07 Sep 2021 *) Change: optimization of client request body reading when using HTTP/2. *) Bugfix: in request body filters internal API when using HTTP/2 and buffering of the data being processed. Changes with nginx 1.21.2 31 Aug 2021 *) Change: now nginx rejects HTTP/1.0 requests with the "Transfer-Encoding" header line. *) Change: export ciphers are no longer supported. *) Feature: OpenSSL 3.0 compatibility. *) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines are now passed to the mail proxy authentication server. Thanks to Rob Mueller. *) Feature: request body filters API now permits buffering of the data being processed. *) Bugfix: backend SSL connections in the stream module might hang after an SSL handshake. *) Bugfix: the security level, which is available in OpenSSL 1.1.0 or newer, did not affect loading of the server certificates when set with "@SECLEVEL=N" in the "ssl_ciphers" directive. *) Bugfix: SSL connections with gRPC backends might hang if select, poll, or /dev/poll methods were used. *) Bugfix: when using HTTP/2 client request body was always written to disk if the "Content-Length" header line was not present in the request. Changes with nginx 1.21.1 06 Jul 2021 *) Change: now nginx always returns an error for the CONNECT method. *) Change: now nginx always returns an error if both "Content-Length" and "Transfer-Encoding" header lines are present in the request. *) Change: now nginx always returns an error if spaces or control characters are used in the request line. *) Change: now nginx always returns an error if spaces or control characters are used in a header name. *) Change: now nginx always returns an error if spaces or control characters are used in the "Host" request header line. *) Change: optimization of configuration testing when using many listening sockets. *) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|", and "}" characters when proxying with changed URI. *) Bugfix: SSL variables might be empty when used in logs; the bug had appeared in 1.19.5. *) Bugfix: keepalive connections with gRPC backends might not be closed after receiving a GOAWAY frame. *) Bugfix: reduced memory consumption for long-lived requests when proxying with more than 64 buffers. Changes with nginx 1.21.0 25 May 2021 *) Security: 1-byte memory overwrite might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause worker process crash or, potentially, arbitrary code execution (CVE-2021-23017). *) Feature: variables support in the "proxy_ssl_certificate", "proxy_ssl_certificate_key" "grpc_ssl_certificate", "grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and "uwsgi_ssl_certificate_key" directives. *) Feature: the "max_errors" directive in the mail proxy module. *) Feature: the mail proxy module supports POP3 and IMAP pipelining. *) Feature: the "fastopen" parameter of the "listen" directive in the stream module. Thanks to Anbang Wen. *) Bugfix: special characters were not escaped during automatic redirect with appended trailing slash. *) Bugfix: connections with clients in the mail proxy module might be closed unexpectedly when using SMTP pipelining. Changes with nginx 1.19.10 13 Apr 2021 *) Change: the default value of the "keepalive_requests" directive was changed to 1000. *) Feature: the "keepalive_time" directive. *) Feature: the $connection_time variable. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. Changes with nginx 1.19.9 30 Mar 2021 *) Bugfix: nginx could not be built with the mail proxy module, but without the ngx_mail_ssl_module; the bug had appeared in 1.19.8. *) Bugfix: "upstream sent response body larger than indicated content length" errors might occur when working with gRPC backends; the bug had appeared in 1.19.1. *) Bugfix: nginx might not close a connection till keepalive timeout expiration if the connection was closed by the client while discarding the request body. *) Bugfix: nginx might not detect that a connection was already closed by the client when waiting for auth_delay or limit_req delay, or when working with backends. *) Bugfix: in the eventport method. Changes with nginx 1.19.8 09 Mar 2021 *) Feature: flags in the "proxy_cookie_flags" directive can now contain variables. *) Feature: the "proxy_protocol" parameter of the "listen" directive, the "proxy_protocol" and "set_real_ip_from" directives in mail proxy. *) Bugfix: HTTP/2 connections were immediately closed when using "keepalive_timeout 0"; the bug had appeared in 1.19.7. *) Bugfix: some errors were logged as unknown if nginx was built with glibc 2.32. *) Bugfix: in the eventport method. Changes with nginx 1.19.7 16 Feb 2021 *) Change: connections handling in HTTP/2 has been changed to better match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and "http2_max_requests" directives have been removed, the "keepalive_timeout" and "keepalive_requests" directives should be used instead. *) Change: the "http2_max_field_size" and "http2_max_header_size" directives have been removed, the "large_client_header_buffers" directive should be used instead. *) Feature: now, if free worker connections are exhausted, nginx starts closing not only keepalive connections, but also connections in lingering close. *) Bugfix: "zero size buf in output" alerts might appear in logs if an upstream server returned an incorrect response during unbuffered proxying; the bug had appeared in 1.19.1. *) Bugfix: HEAD requests were handled incorrectly if the "return" directive was used with the "image_filter" or "xslt_stylesheet" directives. *) Bugfix: in the "add_trailer" directive. Changes with nginx 1.19.6 15 Dec 2020 *) Bugfix: "no live upstreams" errors if a "server" inside "upstream" block was marked as "down". *) Bugfix: a segmentation fault might occur in a worker process if HTTPS was used; the bug had appeared in 1.19.5. *) Bugfix: nginx returned the 400 response on requests like "GET http://example.com?args HTTP/1.0". *) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module. Thanks to Chris Newton. Changes with nginx 1.19.5 24 Nov 2020 *) Feature: the -e switch. *) Feature: the same source files can now be specified in different modules while building addon modules. *) Bugfix: SSL shutdown did not work when lingering close was used. *) Bugfix: "upstream sent frame for closed stream" errors might occur when working with gRPC backends. *) Bugfix: in request body filters internal API. Changes with nginx 1.19.4 27 Oct 2020 *) Feature: the "ssl_conf_command", "proxy_ssl_conf_command", "grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives. *) Feature: the "ssl_reject_handshake" directive. *) Feature: the "proxy_smtp_auth" directive in mail proxy. Changes with nginx 1.19.3 29 Sep 2020 *) Feature: the ngx_stream_set_module. *) Feature: the "proxy_cookie_flags" directive. *) Feature: the "userid_flags" directive. *) Bugfix: the "stale-if-error" cache control extension was erroneously applied if backend returned a response with status code 500, 502, 503, 504, 403, 404, or 429. *) Bugfix: "[crit] cache file ... has too long header" messages might appear in logs if caching was used and the backend returned responses with the "Vary" header line. *) Workaround: "[crit] SSL_write() failed" messages might appear in logs when using OpenSSL 1.1.1. *) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages might appear in logs; the bug had appeared in 1.19.2. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 if errors with code 400 were redirected to a proxied location using the "error_page" directive. *) Bugfix: socket leak when using HTTP/2 and subrequests in the njs module. Changes with nginx 1.19.2 11 Aug 2020 *) Change: now nginx starts closing keepalive connections before all free worker connections are exhausted, and logs a warning about this to the error log. *) Change: optimization of client request body reading when using chunked transfer encoding. *) Bugfix: memory leak if the "ssl_ocsp" directive was used. *) Bugfix: "zero size buf in output" alerts might appear in logs if a FastCGI server returned an incorrect response; the bug had appeared in 1.19.1. *) Bugfix: a segmentation fault might occur in a worker process if different large_client_header_buffers sizes were used in different virtual servers. *) Bugfix: SSL shutdown might not work. *) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages might appear in logs. *) Bugfix: in the ngx_http_slice_module. *) Bugfix: in the ngx_http_xslt_filter_module. Changes with nginx 1.19.1 07 Jul 2020 *) Change: the "lingering_close", "lingering_time", and "lingering_timeout" directives now work when using HTTP/2. *) Change: now extra data sent by a backend are always discarded. *) Change: now after receiving a too short response from a FastCGI server nginx tries to send the available part of the response to the client, and then closes the client connection. *) Change: now after receiving a response with incorrect length from a gRPC backend nginx stops response processing with an error. *) Feature: the "min_free" parameter of the "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path" directives. Thanks to Adam Bambuch. *) Bugfix: nginx did not delete unix domain listen sockets during graceful shutdown on the SIGQUIT signal. *) Bugfix: zero length UDP datagrams were not proxied. *) Bugfix: proxying to uwsgi backends using SSL might not work. Thanks to Guanzhong Chen. *) Bugfix: in error handling when using the "ssl_ocsp" directive. *) Bugfix: on XFS and NFS file systems disk cache size might be calculated incorrectly. *) Bugfix: "negative size buf in writer" alerts might appear in logs if a memcached server returned a malformed response. Changes with nginx 1.19.0 26 May 2020 *) Feature: client certificate validation with OCSP. *) Bugfix: "upstream sent frame for closed stream" errors might occur when working with gRPC backends. *) Bugfix: OCSP stapling might not work if the "resolver" directive was not specified. *) Bugfix: connections with incorrect HTTP/2 preface were not logged. Changes with nginx 1.17.10 14 Apr 2020 *) Feature: the "auth_delay" directive. Changes with nginx 1.17.9 03 Mar 2020 *) Change: now nginx does not allow several "Host" request header lines. *) Bugfix: nginx ignored additional "Transfer-Encoding" request header lines. *) Bugfix: socket leak when using HTTP/2. *) Bugfix: a segmentation fault might occur in a worker process if OCSP stapling was used. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: nginx used status code 494 instead of 400 if errors with code 494 were redirected with the "error_page" directive. *) Bugfix: socket leak when using subrequests in the njs module and the "aio" directive. Changes with nginx 1.17.8 21 Jan 2020 *) Feature: variables support in the "grpc_pass" directive. *) Bugfix: a timeout might occur while handling pipelined requests in an SSL connection; the bug had appeared in 1.17.5. *) Bugfix: in the "debug_points" directive when using HTTP/2. Thanks to Daniil Bondarev. Changes with nginx 1.17.7 24 Dec 2019 *) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "rewrite" directive with an empty replacement string was used in the configuration. *) Bugfix: a segmentation fault might occur in a worker process if the "break" directive was used with the "alias" directive or with the "proxy_pass" directive with a URI. *) Bugfix: the "Location" response header line might contain garbage if the request URI was rewritten to the one containing a null character. *) Bugfix: requests with bodies were handled incorrectly when returning redirections with the "error_page" directive; the bug had appeared in 0.7.12. *) Bugfix: socket leak when using HTTP/2. *) Bugfix: a timeout might occur while handling pipelined requests in an SSL connection; the bug had appeared in 1.17.5. *) Bugfix: in the ngx_http_dav_module. Changes with nginx 1.17.6 19 Nov 2019 *) Feature: the $proxy_protocol_server_addr and $proxy_protocol_server_port variables. *) Feature: the "limit_conn_dry_run" directive. *) Feature: the $limit_req_status and $limit_conn_status variables. Changes with nginx 1.17.5 22 Oct 2019 *) Feature: now nginx uses ioctl(FIONREAD), if available, to avoid reading from a fast connection for a long time. *) Bugfix: incomplete escaped characters at the end of the request URI were ignored. *) Bugfix: "/." and "/.." at the end of the request URI were not normalized. *) Bugfix: in the "merge_slashes" directive. *) Bugfix: in the "ignore_invalid_headers" directive. Thanks to Alan Kemp. *) Bugfix: nginx could not be built with MinGW-w64 gcc 8.1 or newer. Changes with nginx 1.17.4 24 Sep 2019 *) Change: better detection of incorrect client behavior in HTTP/2. *) Change: in handling of not fully read client request body when returning errors in HTTP/2. *) Bugfix: the "worker_shutdown_timeout" directive might not work when using HTTP/2. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 and the "proxy_request_buffering" directive. *) Bugfix: the ECONNABORTED error log level was "crit" instead of "error" on Windows when using SSL. *) Bugfix: nginx ignored extra data when using chunked transfer encoding. *) Bugfix: nginx always returned the 500 error if the "return" directive was used and an error occurred during reading client request body. *) Bugfix: in memory allocation error handling. Changes with nginx 1.17.3 13 Aug 2019 *) Security: when using HTTP/2 a client might cause excessive memory consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). *) Bugfix: "zero size buf" alerts might appear in logs when using gzipping; the bug had appeared in 1.17.2. *) Bugfix: a segmentation fault might occur in a worker process if the "resolver" directive was used in SMTP proxy. Changes with nginx 1.17.2 23 Jul 2019 *) Change: minimum supported zlib version is 1.2.0.4. Thanks to Ilya Leoshkevich. *) Change: the $r->internal_redirect() embedded perl method now expects escaped URIs. *) Feature: it is now possible to switch to a named location using the $r->internal_redirect() embedded perl method. *) Bugfix: in error handling in embedded perl. *) Bugfix: a segmentation fault might occur on start or during reconfiguration if hash bucket size larger than 64 kilobytes was used in the configuration. *) Bugfix: nginx might hog CPU during unbuffered proxying and when proxying WebSocket connections if the select, poll, or /dev/poll methods were used. *) Bugfix: in the ngx_http_xslt_filter_module. *) Bugfix: in the ngx_http_ssi_filter_module. Changes with nginx 1.17.1 25 Jun 2019 *) Feature: the "limit_req_dry_run" directive. *) Feature: when using the "hash" directive inside the "upstream" block an empty hash key now triggers round-robin balancing. Thanks to Niklas Keller. *) Bugfix: a segmentation fault might occur in a worker process if caching was used along with the "image_filter" directive, and errors with code 415 were redirected with the "error_page" directive; the bug had appeared in 1.11.10. *) Bugfix: a segmentation fault might occur in a worker process if embedded perl was used; the bug had appeared in 1.7.3. Changes with nginx 1.17.0 21 May 2019 *) Feature: variables support in the "limit_rate" and "limit_rate_after" directives. *) Feature: variables support in the "proxy_upload_rate" and "proxy_download_rate" directives in the stream module. *) Change: minimum supported OpenSSL version is 0.9.8. *) Change: now the postpone filter is always built. *) Bugfix: the "include" directive did not work inside the "if" and "limit_except" blocks. *) Bugfix: in byte ranges processing. Changes with nginx 1.15.12 16 Apr 2019 *) Bugfix: a segmentation fault might occur in a worker process if variables were used in the "ssl_certificate" or "ssl_certificate_key" directives and OCSP stapling was enabled. Changes with nginx 1.15.11 09 Apr 2019 *) Bugfix: in the "ssl_stapling_file" directive on Windows. Changes with nginx 1.15.10 26 Mar 2019 *) Change: when using a hostname in the "listen" directive nginx now creates listening sockets for all addresses the hostname resolves to (previously, only the first address was used). *) Feature: port ranges in the "listen" directive. *) Feature: loading of SSL certificates and secret keys from variables. *) Workaround: the $ssl_server_name variable might be empty when using OpenSSL 1.1.1. *) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or newer; the bug had appeared in 1.15.9. Changes with nginx 1.15.9 26 Feb 2019 *) Feature: variables support in the "ssl_certificate" and "ssl_certificate_key" directives. *) Feature: the "poll" method is now available on Windows when using Windows Vista or newer. *) Bugfix: if the "select" method was used on Windows and an error occurred while establishing a backend connection, nginx waited for the connection establishment timeout to expire. *) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives in the stream module worked incorrectly when proxying UDP datagrams. Changes with nginx 1.15.8 25 Dec 2018 *) Feature: the $upstream_bytes_sent variable. Thanks to Piotr Sikora. *) Feature: new directives in vim syntax highlighting scripts. Thanks to Gena Makhomed. *) Bugfix: in the "proxy_cache_background_update" directive. *) Bugfix: in the "geo" directive when using unix domain listen sockets. *) Workaround: the "ignoring stale global SSL error ... bad length" alerts might appear in logs when using the "ssl_early_data" directive with OpenSSL. *) Bugfix: in nginx/Windows. *) Bugfix: in the ngx_http_autoindex_module on 32-bit platforms. Changes with nginx 1.15.7 27 Nov 2018 *) Feature: the "proxy_requests" directive in the stream module. *) Feature: the "delay" parameter of the "limit_req" directive. Thanks to Vladislav Shabanov and Peter Shchuchkin. *) Bugfix: memory leak on errors during reconfiguration. *) Bugfix: in the $upstream_response_time, $upstream_connect_time, and $upstream_header_time variables. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_mp4_module was used on 32-bit platforms. Changes with nginx 1.15.6 06 Nov 2018 *) Security: when using HTTP/2 a client might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844). *) Security: processing of a specially crafted mp4 file with the ngx_http_mp4_module might result in worker process memory disclosure (CVE-2018-16845). *) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive", "grpc_socket_keepalive", "memcached_socket_keepalive", "scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives. *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL 1.1.1, the TLS 1.3 protocol was always enabled. *) Bugfix: working with gRPC backends might result in excessive memory consumption. Changes with nginx 1.15.5 02 Oct 2018 *) Bugfix: a segmentation fault might occur in a worker process when using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4. *) Bugfix: of minor potential bugs. Changes with nginx 1.15.4 25 Sep 2018 *) Feature: now the "ssl_early_data" directive can be used with OpenSSL. *) Bugfix: in the ngx_http_uwsgi_module. Thanks to Chris Caputo. *) Bugfix: connections with some gRPC backends might not be cached when using the "keepalive" directive. *) Bugfix: a socket leak might occur when using the "error_page" directive to redirect early request processing errors, notably errors with code 400. *) Bugfix: the "return" directive did not change the response code when returning errors if the request was redirected by the "error_page" directive. *) Bugfix: standard error pages and responses of the ngx_http_autoindex_module module used the "bgcolor" attribute, and might be displayed incorrectly when using custom color settings in browsers. Thanks to Nova DasSarma. *) Change: the logging level of the "no suitable key share" and "no suitable signature algorithm" SSL errors has been lowered from "crit" to "info". Changes with nginx 1.15.3 28 Aug 2018 *) Feature: now TLSv1.3 can be used with BoringSSL. *) Feature: the "ssl_early_data" directive, currently available with BoringSSL. *) Feature: the "keepalive_timeout" and "keepalive_requests" directives in the "upstream" block. *) Bugfix: the ngx_http_dav_module did not truncate destination file when copying a file over an existing one with the COPY method. *) Bugfix: the ngx_http_dav_module used zero access rights on the destination file and did not preserve file modification time when moving a file between different file systems with the MOVE method. *) Bugfix: the ngx_http_dav_module used default access rights when copying a file with the COPY method. *) Workaround: some clients might not work when using HTTP/2; the bug had appeared in 1.13.5. *) Bugfix: nginx could not be built with LibreSSL 2.8.0. Changes with nginx 1.15.2 24 Jul 2018 *) Feature: the $ssl_preread_protocol variable in the ngx_stream_ssl_preread_module. *) Feature: now when using the "reset_timedout_connection" directive nginx will reset connections being closed with the 444 code. *) Change: a logging level of the "http request", "https proxy request", "unsupported protocol", and "version too low" SSL errors has been lowered from "crit" to "info". *) Bugfix: DNS requests were not resent if initial sending of a request failed. *) Bugfix: the "reuseport" parameter of the "listen" directive was ignored if the number of worker processes was specified after the "listen" directive. *) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to switch off "ssl_prefer_server_ciphers" in a virtual server if it was switched on in the default server. *) Bugfix: SSL session reuse with upstream servers did not work with the TLS 1.3 protocol. Changes with nginx 1.15.1 03 Jul 2018 *) Feature: the "random" directive inside the "upstream" block. *) Feature: improved performance when using the "hash" and "ip_hash" directives with the "zone" directive. *) Feature: the "reuseport" parameter of the "listen" directive now uses SO_REUSEPORT_LB on FreeBSD 12. *) Bugfix: HTTP/2 server push did not work if SSL was terminated by a proxy server in front of nginx. *) Bugfix: the "tcp_nopush" directive was always used on backend connections. *) Bugfix: sending a disk-buffered request body to a gRPC backend might fail. Changes with nginx 1.15.0 05 Jun 2018 *) Change: the "ssl" directive is deprecated; the "ssl" parameter of the "listen" directive should be used instead. *) Change: now nginx detects missing SSL certificates during configuration testing when using the "ssl" parameter of the "listen" directive. *) Feature: now the stream module can handle multiple incoming UDP datagrams from a client within a single session. *) Bugfix: it was possible to specify an incorrect response code in the "proxy_cache_valid" directive. *) Bugfix: nginx could not be built by gcc 8.1. *) Bugfix: logging to syslog stopped on local IP address changes. *) Bugfix: nginx could not be built by clang with CUDA SDK installed; the bug had appeared in 1.13.8. *) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear in logs during binary upgrade when using unix domain listen sockets on FreeBSD. *) Bugfix: nginx could not be built on Fedora 28 Linux. *) Bugfix: request processing rate might exceed configured rate when using the "limit_req" directive. *) Bugfix: in handling of client addresses when using unix domain listen sockets to work with datagrams on Linux. *) Bugfix: in memory allocation error handling. Changes with nginx 1.13.12 10 Apr 2018 *) Bugfix: connections with gRPC backends might be closed unexpectedly when returning a large response. Changes with nginx 1.13.11 03 Apr 2018 *) Feature: the "proxy_protocol" parameter of the "listen" directive now supports the PROXY protocol version 2. *) Bugfix: nginx could not be built with OpenSSL 1.1.1 statically on Linux. *) Bugfix: in the "http_404", "http_500", etc. parameters of the "proxy_next_upstream" directive. Changes with nginx 1.13.10 20 Mar 2018 *) Feature: the "set" parameter of the "include" SSI directive now allows writing arbitrary responses to a variable; the "subrequest_output_buffer_size" directive defines maximum response size. *) Feature: now nginx uses clock_gettime(CLOCK_MONOTONIC) if available, to avoid timeouts being incorrectly triggered on system time changes. *) Feature: the "escape=none" parameter of the "log_format" directive. Thanks to Johannes Baiter and Calin Don. *) Feature: the $ssl_preread_alpn_protocols variable in the ngx_stream_ssl_preread_module. *) Feature: the ngx_http_grpc_module. *) Bugfix: in memory allocation error handling in the "geo" directive. *) Bugfix: when using variables in the "auth_basic_user_file" directive a null character might appear in logs. Thanks to Vadim Filimonov. Changes with nginx 1.13.9 20 Feb 2018 *) Feature: HTTP/2 server push support; the "http2_push" and "http2_push_preload" directives. *) Bugfix: "header already sent" alerts might appear in logs when using cache; the bug had appeared in 1.9.13. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_verify_client" directive was used and no SSL certificate was specified in a virtual server. *) Bugfix: in the ngx_http_v2_module. *) Bugfix: in the ngx_http_dav_module. Changes with nginx 1.13.8 26 Dec 2017 *) Feature: now nginx automatically preserves the CAP_NET_RAW capability in worker processes when using the "transparent" parameter of the "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind" directives. *) Feature: improved CPU cache line size detection. Thanks to Debayan Ghosh. *) Feature: new directives in vim syntax highlighting scripts. Thanks to Gena Makhomed. *) Bugfix: binary upgrade refused to work if nginx was re-parented to a process with PID different from 1 after its parent process has finished. *) Bugfix: the ngx_http_autoindex_module incorrectly handled requests with bodies. *) Bugfix: in the "proxy_limit_rate" directive when used with the "keepalive" directive. *) Bugfix: some parts of a response might be buffered when using "proxy_buffering off" if the client connection used SSL. Thanks to Patryk Lesiewicz. *) Bugfix: in the "proxy_cache_background_update" directive. *) Bugfix: it was not possible to start a parameter with a variable in the "${name}" form with the name in curly brackets without enclosing the parameter into single or double quotes. Changes with nginx 1.13.7 21 Nov 2017 *) Bugfix: in the $upstream_status variable. *) Bugfix: a segmentation fault might occur in a worker process if a backend returned a "101 Switching Protocols" response to a subrequest. *) Bugfix: a segmentation fault occurred in a master process if a shared memory zone size was changed during a reconfiguration and the reconfiguration failed. *) Bugfix: in the ngx_http_fastcgi_module. *) Bugfix: nginx returned the 500 error if parameters without variables were specified in the "xslt_stylesheet" directive. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using a zlib library variant from Intel. *) Bugfix: the "worker_shutdown_timeout" directive did not work when using mail proxy and when proxying WebSocket connections. Changes with nginx 1.13.6 10 Oct 2017 *) Bugfix: switching to the next upstream server in the stream module did not work when using the "ssl_preread" directive. *) Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora. *) Bugfix: nginx did not support dates after the year 2038 on 32-bit platforms with 64-bit time_t. *) Bugfix: in handling of dates prior to the year 1970 and after the year 10000. *) Bugfix: in the stream module timeouts waiting for UDP datagrams from upstream servers were not logged or logged at the "info" level instead of "error". *) Bugfix: when using HTTP/2 nginx might return the 400 response without logging the reason. *) Bugfix: in processing of corrupted cache files. *) Bugfix: cache control headers were ignored when caching errors intercepted by error_page. *) Bugfix: when using HTTP/2 client request body might be corrupted. *) Bugfix: in handling of client addresses when using unix domain sockets. *) Bugfix: nginx hogged CPU when using the "hash ... consistent" directive in the upstream block if large weights were used and all or most of the servers were unavailable. Changes with nginx 1.13.5 05 Sep 2017 *) Feature: the $ssl_client_escaped_cert variable. *) Bugfix: the "ssl_session_ticket_key" directive and the "include" parameter of the "geo" directive did not work on Windows. *) Bugfix: incorrect response length was returned on 32-bit platforms when requesting more than 4 gigabytes with multiple ranges. *) Bugfix: the "expires modified" directive and processing of the "If-Range" request header line did not use the response last modification time if proxying without caching was used. Changes with nginx 1.13.4 08 Aug 2017 *) Feature: the ngx_http_mirror_module. *) Bugfix: client connections might be dropped during configuration testing when using the "reuseport" parameter of the "listen" directive on Linux. *) Bugfix: request body might not be available in subrequests if it was saved to a file and proxying was used. *) Bugfix: cleaning cache based on the "max_size" parameter did not work on Windows. *) Bugfix: any shared memory allocation required 4096 bytes on Windows. *) Bugfix: nginx worker might be terminated abnormally when using the "zone" directive inside the "upstream" block on Windows. Changes with nginx 1.13.3 11 Jul 2017 *) Security: a specially crafted request might result in an integer overflow and incorrect processing of ranges in the range filter, potentially resulting in sensitive information leak (CVE-2017-7529). Changes with nginx 1.13.2 27 Jun 2017 *) Change: nginx now returns 200 instead of 416 when a range starting with 0 is requested from an empty file. *) Feature: the "add_trailer" directive. Thanks to Piotr Sikora. *) Bugfix: nginx could not be built on Cygwin and NetBSD; the bug had appeared in 1.13.0. *) Bugfix: nginx could not be built under MSYS2 / MinGW 64-bit. Thanks to Orgad Shaneh. *) Bugfix: a segmentation fault might occur in a worker process when using SSI with many includes and proxy_pass with variables. *) Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora. Changes with nginx 1.13.1 30 May 2017 *) Feature: now a hostname can be used as the "set_real_ip_from" directive parameter. *) Feature: vim syntax highlighting scripts improvements. *) Feature: the "worker_cpu_affinity" directive now works on DragonFly BSD. Thanks to Sepherosa Ziehau. *) Bugfix: SSL renegotiation on backend connections did not work when using OpenSSL before 1.1.0. *) Workaround: nginx could not be built with Oracle Developer Studio 12.5. *) Workaround: now cache manager ignores long locked cache entries when cleaning cache based on the "max_size" parameter. *) Bugfix: client SSL connections were immediately closed if deferred accept and the "proxy_protocol" parameter of the "listen" directive were used. *) Bugfix: in the "proxy_cache_background_update" directive. *) Workaround: now the "tcp_nodelay" directive sets the TCP_NODELAY option before an SSL handshake. Changes with nginx 1.13.0 25 Apr 2017 *) Change: SSL renegotiation is now allowed on backend connections. *) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen" directives of the mail proxy and stream modules. *) Feature: the "return" and "error_page" directives can now be used to return 308 redirections. Thanks to Simon Leblanc. *) Feature: the "TLSv1.3" parameter of the "ssl_protocols" directive. *) Feature: when logging signals nginx now logs PID of the process which sent the signal. *) Bugfix: in memory allocation error handling. *) Bugfix: if a server in the stream module listened on a wildcard address, the source address of a response UDP datagram could differ from the original datagram destination address. Changes with nginx 1.11.13 04 Apr 2017 *) Feature: the "http_429" parameter of the "proxy_next_upstream", "fastcgi_next_upstream", "scgi_next_upstream", and "uwsgi_next_upstream" directives. Thanks to Piotr Sikora. *) Bugfix: in memory allocation error handling. *) Bugfix: requests might hang when using the "sendfile" and "timer_resolution" directives on Linux. *) Bugfix: requests might hang when using the "sendfile" and "aio_write" directives with subrequests. *) Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2. *) Bugfix: requests might hang when using the "limit_rate", "sendfile_max_chunk", "limit_req" directives, or the $r->sleep() embedded perl method with subrequests. *) Bugfix: in the ngx_http_slice_module. Changes with nginx 1.11.12 24 Mar 2017 *) Bugfix: nginx might hog CPU; the bug had appeared in 1.11.11. Changes with nginx 1.11.11 21 Mar 2017 *) Feature: the "worker_shutdown_timeout" directive. *) Feature: vim syntax highlighting scripts improvements. Thanks to Wei-Ko Kao. *) Bugfix: a segmentation fault might occur in a worker process if the $limit_rate variable was set to an empty string. *) Bugfix: the "proxy_cache_background_update", "fastcgi_cache_background_update", "scgi_cache_background_update", and "uwsgi_cache_background_update" directives might work incorrectly if the "if" directive was used. *) Bugfix: a segmentation fault might occur in a worker process if number of large_client_header_buffers in a virtual server was different from the one in the default server. *) Bugfix: in the mail proxy server. Changes with nginx 1.11.10 14 Feb 2017 *) Change: cache header format has been changed, previously cached responses will be invalidated. *) Feature: support of "stale-while-revalidate" and "stale-if-error" extensions in the "Cache-Control" backend response header line. *) Feature: the "proxy_cache_background_update", "fastcgi_cache_background_update", "scgi_cache_background_update", and "uwsgi_cache_background_update" directives. *) Feature: nginx is now able to cache responses with the "Vary" header line up to 128 characters long (instead of 42 characters in previous versions). *) Feature: the "build" parameter of the "server_tokens" directive. Thanks to Tom Thorogood. *) Bugfix: "[crit] SSL_write() failed" messages might appear in logs when handling requests with the "Expect: 100-continue" request header line. *) Bugfix: the ngx_http_slice_module did not work in named locations. *) Bugfix: a segmentation fault might occur in a worker process when using AIO after an "X-Accel-Redirect" redirection. *) Bugfix: reduced memory consumption for long-lived requests using gzipping. Changes with nginx 1.11.9 24 Jan 2017 *) Bugfix: nginx might hog CPU when using the stream module; the bug had appeared in 1.11.5. *) Bugfix: EXTERNAL authentication mechanism in mail proxy was accepted even if it was not enabled in the configuration. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_verify_client" directive of the stream module was used. *) Bugfix: the "ssl_verify_client" directive of the stream module might not work. *) Bugfix: closing keepalive connections due to no free worker connections might be too aggressive. Thanks to Joel Cunningham. *) Bugfix: an incorrect response might be returned when using the "sendfile" directive on FreeBSD and macOS; the bug had appeared in 1.7.8. *) Bugfix: a truncated response might be stored in cache when using the "aio_write" directive. *) Bugfix: a socket leak might occur when using the "aio_write" directive. Changes with nginx 1.11.8 27 Dec 2016 *) Feature: the "absolute_redirect" directive. *) Feature: the "escape" parameter of the "log_format" directive. *) Feature: client SSL certificates verification in the stream module. *) Feature: the "ssl_session_ticket_key" directive supports AES256 encryption of TLS session tickets when used with 80-byte keys. *) Feature: vim-commentary support in vim scripts. Thanks to Armin Grodon. *) Bugfix: recursion when evaluating variables was not limited. *) Bugfix: in the ngx_stream_ssl_preread_module. *) Bugfix: if a server in an upstream in the stream module failed, it was considered alive only when a test connection sent to it after fail_timeout was closed; now a successfully established connection is enough. *) Bugfix: nginx/Windows could not be built with 64-bit Visual Studio. *) Bugfix: nginx/Windows could not be built with OpenSSL 1.1.0. Changes with nginx 1.11.7 13 Dec 2016 *) Change: now in case of a client certificate verification error the $ssl_client_verify variable contains a string with the failure reason, for example, "FAILED:certificate has expired". *) Feature: the $ssl_ciphers, $ssl_curves, $ssl_client_v_start, $ssl_client_v_end, and $ssl_client_v_remain variables. *) Feature: the "volatile" parameter of the "map" directive. *) Bugfix: dependencies specified for a module were ignored while building dynamic modules. *) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request" directives client request body might be corrupted; the bug had appeared in 1.11.0. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2; the bug had appeared in 1.11.3. *) Bugfix: in the ngx_http_mp4_module. Thanks to Congcong Hu. *) Bugfix: in the ngx_http_perl_module. Changes with nginx 1.11.6 15 Nov 2016 *) Change: format of the $ssl_client_s_dn and $ssl_client_i_dn variables has been changed to follow RFC 2253 (RFC 4514); values in the old format are available in the $ssl_client_s_dn_legacy and $ssl_client_i_dn_legacy variables. *) Change: when storing temporary files in a cache directory they will be stored in the same subdirectories as corresponding cache files instead of a separate subdirectory for temporary files. *) Feature: EXTERNAL authentication mechanism support in mail proxy. Thanks to Robert Norris. *) Feature: WebP support in the ngx_http_image_filter_module. *) Feature: variables support in the "proxy_method" directive. Thanks to Dmitry Lazurkin. *) Feature: the "http2_max_requests" directive in the ngx_http_v2_module. *) Feature: the "proxy_cache_max_range_offset", "fastcgi_cache_max_range_offset", "scgi_cache_max_range_offset", and "uwsgi_cache_max_range_offset" directives. *) Bugfix: graceful shutdown of old worker processes might require infinite time when using HTTP/2. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: "ignore long locked inactive cache entry" alerts might appear in logs when proxying WebSocket connections with caching enabled. *) Bugfix: nginx did not write anything to log and returned a response with code 502 instead of 504 when a timeout occurred during an SSL handshake to a backend. Changes with nginx 1.11.5 11 Oct 2016 *) Change: the --with-ipv6 configure option was removed, now IPv6 support is configured automatically. *) Change: now if there are no available servers in an upstream, nginx will not reset number of failures of all servers as it previously did, but will wait for fail_timeout to expire. *) Feature: the ngx_stream_ssl_preread_module. *) Feature: the "server" directive in the "upstream" context supports the "max_conns" parameter. *) Feature: the --with-compat configure option. *) Feature: "manager_files", "manager_threshold", and "manager_sleep" parameters of the "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path" directives. *) Bugfix: flags passed by the --with-ld-opt configure option were not used while building perl module. *) Bugfix: in the "add_after_body" directive when used with the "sub_filter" directive. *) Bugfix: in the $realip_remote_addr variable. *) Bugfix: the "dav_access", "proxy_store_access", "fastcgi_store_access", "scgi_store_access", and "uwsgi_store_access" directives ignored permissions specified for user. *) Bugfix: unix domain listen sockets might not be inherited during binary upgrade on Linux. *) Bugfix: nginx returned the 400 response on requests with the "-" character in the HTTP method. Changes with nginx 1.11.4 13 Sep 2016 *) Feature: the $upstream_bytes_received variable. *) Feature: the $bytes_received, $session_time, $protocol, $status, $upstream_addr, $upstream_bytes_sent, $upstream_bytes_received, $upstream_connect_time, $upstream_first_byte_time, and $upstream_session_time variables in the stream module. *) Feature: the ngx_stream_log_module. *) Feature: the "proxy_protocol" parameter of the "listen" directive, the $proxy_protocol_addr and $proxy_protocol_port variables in the stream module. *) Feature: the ngx_stream_realip_module. *) Bugfix: nginx could not be built with the stream module and the ngx_http_ssl_module, but without ngx_stream_ssl_module; the bug had appeared in 1.11.3. *) Feature: the IP_BIND_ADDRESS_NO_PORT socket option was not used; the bug had appeared in 1.11.2. *) Bugfix: in the "ranges" parameter of the "geo" directive. *) Bugfix: an incorrect response might be returned when using the "aio threads" and "sendfile" directives; the bug had appeared in 1.9.13. Changes with nginx 1.11.3 26 Jul 2016 *) Change: now the "accept_mutex" directive is turned off by default. *) Feature: now nginx uses EPOLLEXCLUSIVE on Linux. *) Feature: the ngx_stream_geo_module. *) Feature: the ngx_stream_geoip_module. *) Feature: the ngx_stream_split_clients_module. *) Feature: variables support in the "proxy_pass" and "proxy_ssl_name" directives in the stream module. *) Bugfix: socket leak when using HTTP/2. *) Bugfix: in configure tests. Thanks to Piotr Sikora. Changes with nginx 1.11.2 05 Jul 2016 *) Change: now nginx always uses internal MD5 and SHA1 implementations; the --with-md5 and --with-sha1 configure options were canceled. *) Feature: variables support in the stream module. *) Feature: the ngx_stream_map_module. *) Feature: the ngx_stream_return_module. *) Feature: a port can be specified in the "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind" directives. *) Feature: now nginx uses the IP_BIND_ADDRESS_NO_PORT socket option when available. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2 and the "proxy_request_buffering" directive. *) Bugfix: the "Content-Length" request header line was always added to requests passed to backends, including requests without body, when using HTTP/2. *) Bugfix: "http request count is zero" alerts might appear in logs when using HTTP/2. *) Bugfix: unnecessary buffering might occur when using the "sub_filter" directive; the issue had appeared in 1.9.4. Changes with nginx 1.11.1 31 May 2016 *) Security: a segmentation fault might occur in a worker process while writing a specially crafted request body to a temporary file (CVE-2016-4450); the bug had appeared in 1.3.9. Changes with nginx 1.11.0 24 May 2016 *) Feature: the "transparent" parameter of the "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind" directives. *) Feature: the $request_id variable. *) Feature: the "map" directive supports combinations of multiple variables as resulting values. *) Feature: now nginx checks if EPOLLRDHUP events are supported by kernel, and optimizes connection handling accordingly if the "epoll" method is used. *) Feature: the "ssl_certificate" and "ssl_certificate_key" directives can be specified multiple times to load certificates of different types (for example, RSA and ECDSA). *) Feature: the "ssl_ecdh_curve" directive now allows specifying a list of curves when using OpenSSL 1.0.2 or newer; by default a list built into OpenSSL is used. *) Change: to use DHE ciphers it is now required to specify parameters using the "ssl_dhparam" directive. *) Feature: the $proxy_protocol_port variable. *) Feature: the $realip_remote_port variable in the ngx_http_realip_module. *) Feature: the ngx_http_realip_module is now able to set the client port in addition to the address. *) Change: the "421 Misdirected Request" response now used when rejecting requests to a virtual server different from one negotiated during an SSL handshake; this improves interoperability with some HTTP/2 clients when using client certificates. *) Change: HTTP/2 clients can now start sending request body immediately; the "http2_body_preread_size" directive controls size of the buffer used before nginx will start reading client request body. *) Bugfix: cached error responses were not updated when using the "proxy_cache_bypass" directive. Changes with nginx 1.9.15 19 Apr 2016 *) Bugfix: "recv() failed" errors might occur when using HHVM as a FastCGI server. *) Bugfix: when using HTTP/2 and the "limit_req" or "auth_request" directives a timeout or a "client violated flow control" error might occur while reading client request body; the bug had appeared in 1.9.14. *) Workaround: a response might not be shown by some browsers if HTTP/2 was used and client request body was not fully read; the bug had appeared in 1.9.14. *) Bugfix: connections might hang when using the "aio threads" directive. Thanks to Mindaugas Rasiukevicius. Changes with nginx 1.9.14 05 Apr 2016 *) Feature: OpenSSL 1.1.0 compatibility. *) Feature: the "proxy_request_buffering", "fastcgi_request_buffering", "scgi_request_buffering", and "uwsgi_request_buffering" directives now work with HTTP/2. *) Bugfix: "zero size buf in output" alerts might appear in logs when using HTTP/2. *) Bugfix: the "client_max_body_size" directive might work incorrectly when using HTTP/2. *) Bugfix: of minor bugs in logging. Changes with nginx 1.9.13 29 Mar 2016 *) Change: non-idempotent requests (POST, LOCK, PATCH) are no longer passed to the next server by default if a request has been sent to a backend; the "non_idempotent" parameter of the "proxy_next_upstream" directive explicitly allows retrying such requests. *) Feature: the ngx_http_perl_module can be built dynamically. *) Feature: UDP support in the stream module. *) Feature: the "aio_write" directive. *) Feature: now cache manager monitors number of elements in caches and tries to avoid cache keys zone overflows. *) Bugfix: "task already active" and "second aio post" alerts might appear in logs when using the "sendfile" and "aio" directives with subrequests. *) Bugfix: "zero size buf in output" alerts might appear in logs if caching was used and a client closed a connection prematurely. *) Bugfix: connections with clients might be closed needlessly if caching was used. Thanks to Justin Li. *) Bugfix: nginx might hog CPU if the "sendfile" directive was used on Linux or Solaris and a file being sent was changed during sending. *) Bugfix: connections might hang when using the "sendfile" and "aio threads" directives. *) Bugfix: in the "proxy_pass", "fastcgi_pass", "scgi_pass", and "uwsgi_pass" directives when using variables. Thanks to Piotr Sikora. *) Bugfix: in the ngx_http_sub_filter_module. *) Bugfix: if an error occurred in a cached backend connection, the request was passed to the next server regardless of the proxy_next_upstream directive. *) Bugfix: "CreateFile() failed" errors when creating temporary files on Windows. Changes with nginx 1.9.12 24 Feb 2016 *) Feature: Huffman encoding of response headers in HTTP/2. Thanks to Vlad Krasnov. *) Feature: the "worker_cpu_affinity" directive now supports more than 64 CPUs. *) Bugfix: compatibility with 3rd party C++ modules; the bug had appeared in 1.9.11. Thanks to Piotr Sikora. *) Bugfix: nginx could not be built statically with OpenSSL on Linux; the bug had appeared in 1.9.11. *) Bugfix: the "add_header ... always" directive with an empty value did not delete "Last-Modified" and "ETag" header lines from error responses. *) Workaround: "called a function you should not call" and "shutdown while in init" messages might appear in logs when using OpenSSL 1.0.2f. *) Bugfix: invalid headers might be logged incorrectly. *) Bugfix: socket leak when using HTTP/2. *) Bugfix: in the ngx_http_v2_module. Changes with nginx 1.9.11 09 Feb 2016 *) Feature: TCP support in resolver. *) Feature: dynamic modules. *) Bugfix: the $request_length variable did not include size of request headers when using HTTP/2. *) Bugfix: in the ngx_http_v2_module. Changes with nginx 1.9.10 26 Jan 2016 *) Security: invalid pointer dereference might occur during DNS server response processing if the "resolver" directive was used, allowing an attacker who is able to forge UDP packets from the DNS server to cause segmentation fault in a worker process (CVE-2016-0742). *) Security: use-after-free condition might occur during CNAME response processing if the "resolver" directive was used, allowing an attacker who is able to trigger name resolution to cause segmentation fault in a worker process, or might have potential other impact (CVE-2016-0746). *) Security: CNAME resolution was insufficiently limited if the "resolver" directive was used, allowing an attacker who is able to trigger arbitrary name resolution to cause excessive resource consumption in worker processes (CVE-2016-0747). *) Feature: the "auto" parameter of the "worker_cpu_affinity" directive. *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work with IPv6 listen sockets. *) Bugfix: connections to upstream servers might be cached incorrectly when using the "keepalive" directive. *) Bugfix: proxying used the HTTP method of the original request after an "X-Accel-Redirect" redirection. Changes with nginx 1.9.9 09 Dec 2015 *) Bugfix: proxying to unix domain sockets did not work when using variables; the bug had appeared in 1.9.8. Changes with nginx 1.9.8 08 Dec 2015 *) Feature: pwritev() support. *) Feature: the "include" directive inside the "upstream" block. *) Feature: the ngx_http_slice_module. *) Bugfix: a segmentation fault might occur in a worker process when using LibreSSL; the bug had appeared in 1.9.6. *) Bugfix: nginx could not be built on OS X in some cases. Changes with nginx 1.9.7 17 Nov 2015 *) Feature: the "nohostname" parameter of logging to syslog. *) Feature: the "proxy_cache_convert_head" directive. *) Feature: the $realip_remote_addr variable in the ngx_http_realip_module. *) Bugfix: the "expires" directive might not work when using variables. *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2; the bug had appeared in 1.9.6. *) Bugfix: if nginx was built with the ngx_http_v2_module it was possible to use the HTTP/2 protocol even if the "http2" parameter of the "listen" directive was not specified. *) Bugfix: in the ngx_http_v2_module. Changes with nginx 1.9.6 27 Oct 2015 *) Bugfix: a segmentation fault might occur in a worker process when using HTTP/2. Thanks to Piotr Sikora and Denis Andzakovic. *) Bugfix: the $server_protocol variable was empty when using HTTP/2. *) Bugfix: backend SSL connections in the stream module might be timed out unexpectedly. *) Bugfix: a segmentation fault might occur in a worker process if different ssl_session_cache settings were used in different virtual servers. *) Bugfix: nginx/Windows could not be built with MinGW gcc; the bug had appeared in 1.9.4. Thanks to Kouhei Sutou. *) Bugfix: time was not updated when the timer_resolution directive was used on Windows. *) Miscellaneous minor fixes and improvements. Thanks to Markus Linnala, Kurtis Nusbaum and Piotr Sikora. Changes with nginx 1.9.5 22 Sep 2015 *) Feature: the ngx_http_v2_module (replaces ngx_http_spdy_module). Thanks to Dropbox and Automattic for sponsoring this work. *) Change: now the "output_buffers" directive uses two buffers by default. *) Change: now nginx limits subrequests recursion, not simultaneous subrequests. *) Change: now nginx checks the whole cache key when returning a response from cache. Thanks to Gena Makhomed and Sergey Brester. *) Bugfix: "header already sent" alerts might appear in logs when using cache; the bug had appeared in 1.7.5. *) Bugfix: "writev() failed (4: Interrupted system call)" errors might appear in logs when using CephFS and the "timer_resolution" directive on Linux. *) Bugfix: in invalid configurations handling. Thanks to Markus Linnala. *) Bugfix: a segmentation fault occurred in a worker process if the "sub_filter" directive was used at http level; the bug had appeared in 1.9.4. Changes with nginx 1.9.4 18 Aug 2015 *) Change: the "proxy_downstream_buffer" and "proxy_upstream_buffer" directives of the stream module are replaced with the "proxy_buffer_size" directive. *) Feature: the "tcp_nodelay" directive in the stream module. *) Feature: multiple "sub_filter" directives can be used simultaneously. *) Feature: variables support in the search string of the "sub_filter" directive. *) Workaround: configuration testing might fail under Linux OpenVZ. Thanks to Gena Makhomed. *) Bugfix: old worker processes might hog CPU after reconfiguration with a large number of worker_connections. *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" and "alias" directives were used inside a location given by a regular expression; the bug had appeared in 1.7.1. *) Bugfix: the "try_files" directive inside a nested location given by a regular expression worked incorrectly if the "alias" directive was used in the outer location. *) Bugfix: in hash table initialization error handling. *) Bugfix: nginx could not be built with Visual Studio 2015. Changes with nginx 1.9.3 14 Jul 2015 *) Change: duplicate "http", "mail", and "stream" blocks are now disallowed. *) Feature: connection limiting in the stream module. *) Feature: data rate limiting in the stream module. *) Bugfix: the "zone" directive inside the "upstream" block did not work on Windows. *) Bugfix: compatibility with LibreSSL in the stream module. Thanks to Piotr Sikora. *) Bugfix: in the "--builddir" configure parameter. Thanks to Piotr Sikora. *) Bugfix: the "ssl_stapling_file" directive did not work; the bug had appeared in 1.9.2. Thanks to Faidon Liambotis and Brandon Black. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_stapling" directive was used; the bug had appeared in 1.9.2. Thanks to Matthew Baldwin. Changes with nginx 1.9.2 16 Jun 2015 *) Feature: the "backlog" parameter of the "listen" directives of the mail proxy and stream modules. *) Feature: the "allow" and "deny" directives in the stream module. *) Feature: the "proxy_bind" directive in the stream module. *) Feature: the "proxy_protocol" directive in the stream module. *) Feature: the -T switch. *) Feature: the REQUEST_SCHEME parameter added to the fastcgi.conf, fastcgi_params, scgi_params, and uwsgi_params standard configuration files. *) Bugfix: the "reuseport" parameter of the "listen" directive of the stream module did not work. *) Bugfix: OCSP stapling might return an expired OCSP response in some cases. Changes with nginx 1.9.1 26 May 2015 *) Change: now SSLv3 protocol is disabled by default. *) Change: some long deprecated directives are not supported anymore. *) Feature: the "reuseport" parameter of the "listen" directive. Thanks to Yingqi Lu at Intel and Sepherosa Ziehau. *) Feature: the $upstream_connect_time variable. *) Bugfix: in the "hash" directive on big-endian platforms. *) Bugfix: nginx might fail to start on some old Linux variants; the bug had appeared in 1.7.11. *) Bugfix: in IP address parsing. Thanks to Sergey Polovko. Changes with nginx 1.9.0 28 Apr 2015 *) Change: obsolete aio and rtsig event methods have been removed. *) Feature: the "zone" directive inside the "upstream" block. *) Feature: the stream module. *) Feature: byte ranges support in the ngx_http_memcached_module. Thanks to Martin Mlynář. *) Feature: shared memory can now be used on Windows versions with address space layout randomization. Thanks to Sergey Brester. *) Feature: the "error_log" directive can now be used on mail and server levels in mail proxy. *) Bugfix: the "proxy_protocol" parameter of the "listen" directive did not work if not specified in the first "listen" directive for a listen socket. Changes with nginx 1.7.12 07 Apr 2015 *) Feature: now the "tcp_nodelay" directive works with backend SSL connections. *) Feature: now thread pools can be used to read cache file headers. *) Bugfix: in the "proxy_request_buffering" directive. *) Bugfix: a segmentation fault might occur in a worker process when using thread pools on Linux. *) Bugfix: in error handling when using the "ssl_stapling" directive. Thanks to Filipe da Silva. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.7.11 24 Mar 2015 *) Change: the "sendfile" parameter of the "aio" directive is deprecated; now nginx automatically uses AIO to pre-load data for sendfile if both "aio" and "sendfile" directives are used. *) Feature: experimental thread pools support. *) Feature: the "proxy_request_buffering", "fastcgi_request_buffering", "scgi_request_buffering", and "uwsgi_request_buffering" directives. *) Feature: request body filters experimental API. *) Feature: client SSL certificates support in mail proxy. Thanks to Sven Peter, Franck Levionnois, and Filipe Da Silva. *) Feature: startup speedup when using the "hash ... consistent" directive in the upstream block. Thanks to Wai Keen Woon. *) Feature: debug logging into a cyclic memory buffer. *) Bugfix: in hash table handling. Thanks to Chris West. *) Bugfix: in the "proxy_cache_revalidate" directive. *) Bugfix: SSL connections might hang if deferred accept or the "proxy_protocol" parameter of the "listen" directive were used. Thanks to James Hamlin. *) Bugfix: the $upstream_response_time variable might contain a wrong value if the "image_filter" directive was used. *) Bugfix: in integer overflow handling. Thanks to Régis Leroy. *) Bugfix: it was not possible to enable SSLv3 with LibreSSL. *) Bugfix: the "ignoring stale global SSL error ... called a function you should not call" alerts appeared in logs when using LibreSSL. *) Bugfix: certificates specified by the "ssl_client_certificate" and "ssl_trusted_certificate" directives were inadvertently used to automatically construct certificate chains. Changes with nginx 1.7.10 10 Feb 2015 *) Feature: the "use_temp_path" parameter of the "proxy_cache_path", "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path" directives. *) Feature: the $upstream_header_time variable. *) Workaround: now on disk overflow nginx tries to write error logs once a second only. *) Bugfix: the "try_files" directive did not ignore normal files while testing directories. Thanks to Damien Tournoud. *) Bugfix: alerts "sendfile() failed" if the "sendfile" directive was used on OS X; the bug had appeared in 1.7.8. *) Bugfix: alerts "sem_post() failed" might appear in logs. *) Bugfix: nginx could not be built with musl libc. Thanks to James Taylor. *) Bugfix: nginx could not be built on Tru64 UNIX. Thanks to Goetz T. Fischer. Changes with nginx 1.7.9 23 Dec 2014 *) Feature: variables support in the "proxy_cache", "fastcgi_cache", "scgi_cache", and "uwsgi_cache" directives. *) Feature: variables support in the "expires" directive. *) Feature: loading of secret keys from hardware tokens with OpenSSL engines. Thanks to Dmitrii Pichulin. *) Feature: the "autoindex_format" directive. *) Bugfix: cache revalidation is now only used for responses with 200 and 206 status codes. Thanks to Piotr Sikora. *) Bugfix: the "TE" client request header line was passed to backends while proxying. *) Bugfix: the "proxy_pass", "fastcgi_pass", "scgi_pass", and "uwsgi_pass" directives might not work correctly inside the "if" and "limit_except" blocks. *) Bugfix: the "proxy_store" directive with the "on" parameter was ignored if the "proxy_store" directive with an explicitly specified file path was used on a previous level. *) Bugfix: nginx could not be built with BoringSSL. Thanks to Lukas Tribus. Changes with nginx 1.7.8 02 Dec 2014 *) Change: now the "If-Modified-Since", "If-Range", etc. client request header lines are passed to a backend while caching if nginx knows in advance that the response will not be cached (e.g., when using proxy_cache_min_uses). *) Change: now after proxy_cache_lock_timeout nginx sends a request to a backend with caching disabled; the new directives "proxy_cache_lock_age", "fastcgi_cache_lock_age", "scgi_cache_lock_age", and "uwsgi_cache_lock_age" specify a time after which the lock will be released and another attempt to cache a response will be made. *) Change: the "log_format" directive can now be used only at http level. *) Feature: the "proxy_ssl_certificate", "proxy_ssl_certificate_key", "proxy_ssl_password_file", "uwsgi_ssl_certificate", "uwsgi_ssl_certificate_key", and "uwsgi_ssl_password_file" directives. Thanks to Piotr Sikora. *) Feature: it is now possible to switch to a named location using "X-Accel-Redirect". Thanks to Toshikuni Fukaya. *) Feature: now the "tcp_nodelay" directive works with SPDY connections. *) Feature: new directives in vim syntax highliting scripts. Thanks to Peter Wu. *) Bugfix: nginx ignored the "s-maxage" value in the "Cache-Control" backend response header line. Thanks to Piotr Sikora. *) Bugfix: in the ngx_http_spdy_module. Thanks to Piotr Sikora. *) Bugfix: in the "ssl_password_file" directive when using OpenSSL 0.9.8zc, 1.0.0o, 1.0.1j. *) Bugfix: alerts "header already sent" appeared in logs if the "post_action" directive was used; the bug had appeared in 1.5.4. *) Bugfix: alerts "the http output chain is empty" might appear in logs if the "postpone_output 0" directive was used with SSI includes. *) Bugfix: in the "proxy_cache_lock" directive with SSI subrequests. Thanks to Yichun Zhang. Changes with nginx 1.7.7 28 Oct 2014 *) Change: now nginx takes into account the "Vary" header line in a backend response while caching. *) Feature: the "proxy_force_ranges", "fastcgi_force_ranges", "scgi_force_ranges", and "uwsgi_force_ranges" directives. *) Feature: the "proxy_limit_rate", "fastcgi_limit_rate", "scgi_limit_rate", and "uwsgi_limit_rate" directives. *) Feature: the "Vary" parameter of the "proxy_ignore_headers", "fastcgi_ignore_headers", "scgi_ignore_headers", and "uwsgi_ignore_headers" directives. *) Bugfix: the last part of a response received from a backend with unbufferred proxy might not be sent to a client if "gzip" or "gunzip" directives were used. *) Bugfix: in the "proxy_cache_revalidate" directive. Thanks to Piotr Sikora. *) Bugfix: in error handling. Thanks to Yichun Zhang and Daniil Bondarev. *) Bugfix: in the "proxy_next_upstream_tries" and "proxy_next_upstream_timeout" directives. Thanks to Feng Gu. *) Bugfix: nginx/Windows could not be built with MinGW-w64 gcc. Thanks to Kouhei Sutou. Changes with nginx 1.7.6 30 Sep 2014 *) Change: the deprecated "limit_zone" directive is not supported anymore. *) Feature: the "limit_conn_zone" and "limit_req_zone" directives now can be used with combinations of multiple variables. *) Bugfix: request body might be transmitted incorrectly when retrying a FastCGI request to the next upstream server. *) Bugfix: in logging to syslog. Changes with nginx 1.7.5 16 Sep 2014 *) Security: it was possible to reuse SSL sessions in unrelated contexts if a shared SSL session cache or the same TLS session ticket key was used for multiple "server" blocks (CVE-2014-3616). Thanks to Antoine Delignat-Lavaud. *) Change: now the "stub_status" directive does not require a parameter. *) Feature: the "always" parameter of the "add_header" directive. *) Feature: the "proxy_next_upstream_tries", "proxy_next_upstream_timeout", "fastcgi_next_upstream_tries", "fastcgi_next_upstream_timeout", "memcached_next_upstream_tries", "memcached_next_upstream_timeout", "scgi_next_upstream_tries", "scgi_next_upstream_timeout", "uwsgi_next_upstream_tries", and "uwsgi_next_upstream_timeout" directives. *) Bugfix: in the "if" parameter of the "access_log" directive. *) Bugfix: in the ngx_http_perl_module. Thanks to Piotr Sikora. *) Bugfix: the "listen" directive of the mail proxy module did not allow to specify more than two parameters. *) Bugfix: the "sub_filter" directive did not work with a string to replace consisting of a single character. *) Bugfix: requests might hang if resolver was used and a timeout occurred during a DNS request. *) Bugfix: in the ngx_http_spdy_module when using with AIO. *) Bugfix: a segmentation fault might occur in a worker process if the "set" directive was used to change the "$http_...", "$sent_http_...", or "$upstream_http_..." variables. *) Bugfix: in memory allocation error handling. Thanks to Markus Linnala and Feng Gu. Changes with nginx 1.7.4 05 Aug 2014 *) Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. Thanks to Chris Boulton. *) Change: URI escaping now uses uppercase hexadecimal digits. Thanks to Piotr Sikora. *) Feature: now nginx can be build with BoringSSL and LibreSSL. Thanks to Piotr Sikora. *) Bugfix: requests might hang if resolver was used and a DNS server returned a malformed response; the bug had appeared in 1.5.8. *) Bugfix: in the ngx_http_spdy_module. Thanks to Piotr Sikora. *) Bugfix: the $uri variable might contain garbage when returning errors with code 400. Thanks to Sergey Bobrov. *) Bugfix: in error handling in the "proxy_store" directive and the ngx_http_dav_module. Thanks to Feng Gu. *) Bugfix: a segmentation fault might occur if logging of errors to syslog was used; the bug had appeared in 1.7.1. *) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and $geoip_area_code variables might not work. Thanks to Yichun Zhang. *) Bugfix: in memory allocation error handling. Thanks to Tatsuhiko Kubo and Piotr Sikora. Changes with nginx 1.7.3 08 Jul 2014 *) Feature: weak entity tags are now preserved on response modifications, and strong ones are changed to weak. *) Feature: cache revalidation now uses If-None-Match header if possible. *) Feature: the "ssl_password_file" directive. *) Bugfix: the If-None-Match request header line was ignored if there was no Last-Modified header in a response returned from cache. *) Bugfix: "peer closed connection in SSL handshake" messages were logged at "info" level instead of "error" while connecting to backends. *) Bugfix: in the ngx_http_dav_module module in nginx/Windows. *) Bugfix: SPDY connections might be closed prematurely if caching was used. Changes with nginx 1.7.2 17 Jun 2014 *) Feature: the "hash" directive inside the "upstream" block. *) Feature: defragmentation of free shared memory blocks. Thanks to Wandenberg Peixoto and Yichun Zhang. *) Bugfix: a segmentation fault might occur in a worker process if the default value of the "access_log" directive was used; the bug had appeared in 1.7.0. Thanks to Piotr Sikora. *) Bugfix: trailing slash was mistakenly removed from the last parameter of the "try_files" directive. *) Bugfix: nginx could not be built on OS X in some cases. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.7.1 27 May 2014 *) Feature: the "$upstream_cookie_..." variables. *) Feature: the $ssl_client_fingerprint variable. *) Feature: the "error_log" and "access_log" directives now support logging to syslog. *) Feature: the mail proxy now logs client port on connect. *) Bugfix: memory leak if the "ssl_stapling" directive was used. Thanks to Filipe da Silva. *) Bugfix: the "alias" directive used inside a location given by a regular expression worked incorrectly if the "if" or "limit_except" directives were used. *) Bugfix: the "charset" directive did not set a charset to encoded backend responses. *) Bugfix: a "proxy_pass" directive without URI part might use original request after the $args variable was set. Thanks to Yichun Zhang. *) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug had appeared in 1.5.6. Thanks to Svyatoslav Nikolsky. *) Bugfix: if sub_filter and SSI were used together, then responses might be transferred incorrectly. *) Bugfix: nginx could not be built with the --with-file-aio option on Linux/aarch64. Changes with nginx 1.7.0 24 Apr 2014 *) Feature: backend SSL certificate verification. *) Feature: support for SNI while working with SSL backends. *) Feature: the $ssl_server_name variable. *) Feature: the "if" parameter of the "access_log" directive. Changes with nginx 1.5.13 08 Apr 2014 *) Change: improved hash table handling; the default values of the "variables_hash_max_size" and "types_hash_bucket_size" were changed to 1024 and 64 respectively. *) Feature: the ngx_http_mp4_module now supports the "end" argument. *) Feature: byte ranges support in the ngx_http_mp4_module and while saving responses to cache. *) Bugfix: alerts "ngx_slab_alloc() failed: no memory" no longer logged when using shared memory in the "ssl_session_cache" directive and in the ngx_http_limit_req_module. *) Bugfix: the "underscores_in_headers" directive did not allow underscore as a first character of a header. Thanks to Piotr Sikora. *) Bugfix: cache manager might hog CPU on exit in nginx/Windows. *) Bugfix: nginx/Windows terminated abnormally if the "ssl_session_cache" directive was used with the "shared" parameter. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.12 18 Mar 2014 *) Security: a heap memory buffer overflow might occur in a worker process while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0133). Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr. Manuel Sadosky, Buenos Aires, Argentina. *) Feature: the "proxy_protocol" parameters of the "listen" and "real_ip_header" directives, the $proxy_protocol_addr variable. *) Bugfix: in the "fastcgi_next_upstream" directive. Thanks to Lucas Molas. Changes with nginx 1.5.11 04 Mar 2014 *) Security: memory corruption might occur in a worker process on 32-bit platforms while handling a specially crafted request by ngx_http_spdy_module, potentially resulting in arbitrary code execution (CVE-2014-0088); the bug had appeared in 1.5.10. Thanks to Lucas Molas, researcher at Programa STIC, Fundación Dr. Manuel Sadosky, Buenos Aires, Argentina. *) Feature: the $ssl_session_reused variable. *) Bugfix: the "client_max_body_size" directive might not work when reading a request body using chunked transfer encoding; the bug had appeared in 1.3.9. Thanks to Lucas Molas. *) Bugfix: a segmentation fault might occur in a worker process when proxying WebSocket connections. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used on 32-bit platforms; the bug had appeared in 1.5.10. *) Bugfix: the $upstream_status variable might contain wrong data if the "proxy_cache_use_stale" or "proxy_cache_revalidate" directives were used. Thanks to Piotr Sikora. *) Bugfix: a segmentation fault might occur in a worker process if errors with code 400 were redirected to a named location using the "error_page" directive. *) Bugfix: nginx/Windows could not be built with Visual Studio 2013. Changes with nginx 1.5.10 04 Feb 2014 *) Feature: the ngx_http_spdy_module now uses SPDY 3.1 protocol. Thanks to Automattic and MaxCDN for sponsoring this work. *) Feature: the ngx_http_mp4_module now skips tracks too short for a seek requested. *) Bugfix: a segmentation fault might occur in a worker process if the $ssl_session_id variable was used in logs; the bug had appeared in 1.5.9. *) Bugfix: the $date_local and $date_gmt variables used wrong format outside of the ngx_http_ssi_filter_module. *) Bugfix: client connections might be immediately closed if deferred accept was used; the bug had appeared in 1.3.15. *) Bugfix: alerts "getsockopt(TCP_FASTOPEN) ... failed" appeared in logs during binary upgrade on Linux; the bug had appeared in 1.5.8. Thanks to Piotr Sikora. Changes with nginx 1.5.9 22 Jan 2014 *) Change: now nginx expects escaped URIs in "X-Accel-Redirect" headers. *) Feature: the "ssl_buffer_size" directive. *) Feature: the "limit_rate" directive can now be used to rate limit responses sent in SPDY connections. *) Feature: the "spdy_chunk_size" directive. *) Feature: the "ssl_session_tickets" directive. Thanks to Dirkjan Bussink. *) Bugfix: the $ssl_session_id variable contained full session serialized instead of just a session id. Thanks to Ivan Ristić. *) Bugfix: nginx incorrectly handled escaped "?" character in the "include" SSI command. *) Bugfix: the ngx_http_dav_module did not unescape destination URI of the COPY and MOVE methods. *) Bugfix: resolver did not understand domain names with a trailing dot. Thanks to Yichun Zhang. *) Bugfix: alerts "zero size buf in output" might appear in logs while proxying; the bug had appeared in 1.3.9. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used. *) Bugfix: proxied WebSocket connections might hang right after handshake if the select, poll, or /dev/poll methods were used. *) Bugfix: the "xclient" directive of the mail proxy module incorrectly handled IPv6 client addresses. Changes with nginx 1.5.8 17 Dec 2013 *) Feature: IPv6 support in resolver. *) Feature: the "listen" directive supports the "fastopen" parameter. Thanks to Mathew Rodley. *) Feature: SSL support in the ngx_http_uwsgi_module. Thanks to Roberto De Ioris. *) Feature: vim syntax highlighting scripts were added to contrib. Thanks to Evan Miller. *) Bugfix: a timeout might occur while reading client request body in an SSL connection using chunked transfer encoding. *) Bugfix: the "master_process" directive did not work correctly in nginx/Windows. *) Bugfix: the "setfib" parameter of the "listen" directive might not work. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.7 19 Nov 2013 *) Security: a character following an unescaped space in a request line was handled incorrectly (CVE-2013-4547); the bug had appeared in 0.8.41. Thanks to Ivan Fratric of the Google Security Team. *) Change: a logging level of auth_basic errors about no user/password provided has been lowered from "error" to "info". *) Feature: the "proxy_cache_revalidate", "fastcgi_cache_revalidate", "scgi_cache_revalidate", and "uwsgi_cache_revalidate" directives. *) Feature: the "ssl_session_ticket_key" directive. Thanks to Piotr Sikora. *) Bugfix: the directive "add_header Cache-Control ''" added a "Cache-Control" response header line with an empty value. *) Bugfix: the "satisfy any" directive might return 403 error instead of 401 if auth_request and auth_basic directives were used. Thanks to Jan Marc Hoffmann. *) Bugfix: the "accept_filter" and "deferred" parameters of the "listen" directive were ignored for listen sockets created during binary upgrade. Thanks to Piotr Sikora. *) Bugfix: some data received from a backend with unbufferred proxy might not be sent to a client immediately if "gzip" or "gunzip" directives were used. Thanks to Yichun Zhang. *) Bugfix: in error handling in ngx_http_gunzip_filter_module. *) Bugfix: responses might hang if the ngx_http_spdy_module was used with the "auth_request" directive. *) Bugfix: memory leak in nginx/Windows. Changes with nginx 1.5.6 01 Oct 2013 *) Feature: the "fastcgi_buffering" directive. *) Feature: the "proxy_ssl_protocols" and "proxy_ssl_ciphers" directives. Thanks to Piotr Sikora. *) Feature: optimization of SSL handshakes when using long certificate chains. *) Feature: the mail proxy supports SMTP pipelining. *) Bugfix: in the ngx_http_auth_basic_module when using "$apr1$" password encryption method. Thanks to Markus Linnala. *) Bugfix: in MacOSX, Cygwin, and nginx/Windows incorrect location might be used to process a request if locations were given using characters in different cases. *) Bugfix: automatic redirect with appended trailing slash for proxied locations might not work. *) Bugfix: in the mail proxy server. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.5 17 Sep 2013 *) Change: now nginx assumes HTTP/1.0 by default if it is not able to detect protocol reliably. *) Feature: the "disable_symlinks" directive now uses O_PATH on Linux. *) Feature: now nginx uses EPOLLRDHUP events to detect premature connection close by clients if the "epoll" method is used. *) Bugfix: in the "valid_referers" directive if the "server_names" parameter was used. *) Bugfix: the $request_time variable did not work in nginx/Windows. *) Bugfix: in the "image_filter" directive. Thanks to Lanshun Zhou. *) Bugfix: OpenSSL 1.0.1f compatibility. Thanks to Piotr Sikora. Changes with nginx 1.5.4 27 Aug 2013 *) Change: the "js" extension MIME type has been changed to "application/javascript"; default value of the "charset_types" directive was changed accordingly. *) Change: now the "image_filter" directive with the "size" parameter returns responses with the "application/json" MIME type. *) Feature: the ngx_http_auth_request_module. *) Bugfix: a segmentation fault might occur on start or during reconfiguration if the "try_files" directive was used with an empty parameter. *) Bugfix: memory leak if relative paths were specified using variables in the "root" or "auth_basic_user_file" directives. *) Bugfix: the "valid_referers" directive incorrectly executed regular expressions if a "Referer" header started with "https://". Thanks to Liangbin Li. *) Bugfix: responses might hang if subrequests were used and an SSL handshake error happened during subrequest processing. Thanks to Aviram Cohen. *) Bugfix: in the ngx_http_autoindex_module. *) Bugfix: in the ngx_http_spdy_module. Changes with nginx 1.5.3 30 Jul 2013 *) Change in internal API: now u->length defaults to -1 if working with backends in unbuffered mode. *) Change: now after receiving an incomplete response from a backend server nginx tries to send an available part of the response to a client, and then closes client connection. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_spdy_module was used with the "client_body_in_file_only" directive. *) Bugfix: the "so_keepalive" parameter of the "listen" directive might be handled incorrectly on DragonFlyBSD. Thanks to Sepherosa Ziehau. *) Bugfix: in the ngx_http_xslt_filter_module. *) Bugfix: in the ngx_http_sub_filter_module. Changes with nginx 1.5.2 02 Jul 2013 *) Feature: now several "error_log" directives can be used. *) Bugfix: the $r->header_in() embedded perl method did not return value of the "Cookie" and "X-Forwarded-For" request header lines; the bug had appeared in 1.3.14. *) Bugfix: in the ngx_http_spdy_module. Thanks to Jim Radford. *) Bugfix: nginx could not be built on Linux with x32 ABI. Thanks to Serguei Ivantsov. Changes with nginx 1.5.1 04 Jun 2013 *) Feature: the "ssi_last_modified", "sub_filter_last_modified", and "xslt_last_modified" directives. Thanks to Alexey Kolpakov. *) Feature: the "http_403" parameter of the "proxy_next_upstream", "fastcgi_next_upstream", "scgi_next_upstream", and "uwsgi_next_upstream" directives. *) Feature: the "allow" and "deny" directives now support unix domain sockets. *) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but without ngx_http_ssl_module; the bug had appeared in 1.3.14. *) Bugfix: in the "proxy_set_body" directive. Thanks to Lanshun Zhou. *) Bugfix: in the "lingering_time" directive. Thanks to Lanshun Zhou. *) Bugfix: the "fail_timeout" parameter of the "server" directive in the "upstream" context might not work if "max_fails" parameter was used; the bug had appeared in 1.3.0. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_stapling" directive was used. Thanks to Piotr Sikora. *) Bugfix: in the mail proxy server. Thanks to Filipe Da Silva. *) Bugfix: nginx/Windows might stop accepting connections if several worker processes were used. Changes with nginx 1.5.0 07 May 2013 *) Security: a stack-based buffer overflow might occur in a worker process while handling a specially crafted request, potentially resulting in arbitrary code execution (CVE-2013-2028); the bug had appeared in 1.3.9. Thanks to Greg MacManus, iSIGHT Partners Labs. Changes with nginx 1.4.0 24 Apr 2013 *) Bugfix: nginx could not be built with the ngx_http_perl_module if the --with-openssl option was used; the bug had appeared in 1.3.16. *) Bugfix: in a request body handling in the ngx_http_perl_module; the bug had appeared in 1.3.9. Changes with nginx 1.3.16 16 Apr 2013 *) Bugfix: a segmentation fault might occur in a worker process if subrequests were used; the bug had appeared in 1.3.9. *) Bugfix: the "tcp_nodelay" directive caused an error if a WebSocket connection was proxied into a unix domain socket. *) Bugfix: the $upstream_response_length variable has an incorrect value "0" if buffering was not used. Thanks to Piotr Sikora. *) Bugfix: in the eventport and /dev/poll methods. Changes with nginx 1.3.15 26 Mar 2013 *) Change: opening and closing a connection without sending any data in it is no longer logged to access_log with error code 400. *) Feature: the ngx_http_spdy_module. Thanks to Automattic for sponsoring this work. *) Feature: the "limit_req_status" and "limit_conn_status" directives. Thanks to Nick Marden. *) Feature: the "image_filter_interlace" directive. Thanks to Ian Babrou. *) Feature: $connections_waiting variable in the ngx_http_stub_status_module. *) Feature: the mail proxy module now supports IPv6 backends. *) Bugfix: request body might be transmitted incorrectly when retrying a request to the next upstream server; the bug had appeared in 1.3.9. Thanks to Piotr Sikora. *) Bugfix: in the "client_body_in_file_only" directive; the bug had appeared in 1.3.9. *) Bugfix: responses might hang if subrequests were used and a DNS error happened during subrequest processing. Thanks to Lanshun Zhou. *) Bugfix: in backend usage accounting. Changes with nginx 1.3.14 05 Mar 2013 *) Feature: $connections_active, $connections_reading, and $connections_writing variables in the ngx_http_stub_status_module. *) Feature: support of WebSocket connections in the ngx_http_uwsgi_module and ngx_http_scgi_module. *) Bugfix: in virtual servers handling with SNI. *) Bugfix: new sessions were not always stored if the "ssl_session_cache shared" directive was used and there was no free space in shared memory. Thanks to Piotr Sikora. *) Bugfix: multiple X-Forwarded-For headers were handled incorrectly. Thanks to Neal Poole for sponsoring this work. *) Bugfix: in the ngx_http_mp4_module. Thanks to Gernot Vormayr. Changes with nginx 1.3.13 19 Feb 2013 *) Change: a compiler with name "cc" is now used by default. *) Feature: support for proxying of WebSocket connections. Thanks to Apcera and CloudBees for sponsoring this work. *) Feature: the "auth_basic_user_file" directive supports "{SHA}" password encryption method. Thanks to Louis Opter. Changes with nginx 1.3.12 05 Feb 2013 *) Feature: variables support in the "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and "uwsgi_bind" directives. *) Feature: the $pipe, $request_length, $time_iso8601, and $time_local variables can now be used not only in the "log_format" directive. Thanks to Kiril Kalchev. *) Feature: IPv6 support in the ngx_http_geoip_module. Thanks to Gregor Kališnik. *) Bugfix: in the "proxy_method" directive. *) Bugfix: a segmentation fault might occur in a worker process if resolver was used with the poll method. *) Bugfix: nginx might hog CPU during SSL handshake with a backend if the select, poll, or /dev/poll methods were used. *) Bugfix: the "[crit] SSL_write() failed (SSL:)" error. *) Bugfix: in the "client_body_in_file_only" directive; the bug had appeared in 1.3.9. *) Bugfix: in the "fastcgi_keep_conn" directive. Changes with nginx 1.3.11 10 Jan 2013 *) Bugfix: a segmentation fault might occur if logging was used; the bug had appeared in 1.3.10. *) Bugfix: the "proxy_pass" directive did not work with IP addresses without port specified; the bug had appeared in 1.3.10. *) Bugfix: a segmentation fault occurred on start or during reconfiguration if the "keepalive" directive was specified more than once in a single upstream block. *) Bugfix: parameter "default" of the "geo" directive did not set default value for IPv6 addresses. Changes with nginx 1.3.10 25 Dec 2012 *) Change: domain names specified in configuration file are now resolved to IPv6 addresses as well as IPv4 ones. *) Change: now if the "include" directive with mask is used on Unix systems, included files are sorted in alphabetical order. *) Change: the "add_header" directive adds headers to 201 responses. *) Feature: the "geo" directive now supports IPv6 addresses in CIDR notation. *) Feature: the "flush" and "gzip" parameters of the "access_log" directive. *) Feature: variables support in the "auth_basic" directive. *) Bugfix: nginx could not be built with the ngx_http_perl_module in some cases. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_xslt_module was used. *) Bugfix: nginx could not be built on MacOSX in some cases. Thanks to Piotr Sikora. *) Bugfix: the "limit_rate" directive with high rates might result in truncated responses on 32-bit platforms. Thanks to Alexey Antropov. *) Bugfix: a segmentation fault might occur in a worker process if the "if" directive was used. Thanks to Piotr Sikora. *) Bugfix: a "100 Continue" response was issued with "413 Request Entity Too Large" responses. *) Bugfix: the "image_filter", "image_filter_jpeg_quality" and "image_filter_sharpen" directives might be inherited incorrectly. Thanks to Ian Babrou. *) Bugfix: "crypt_r() failed" errors might appear if the "auth_basic" directive was used on Linux. *) Bugfix: in backup servers handling. Thanks to Thomas Chen. *) Bugfix: proxied HEAD requests might return incorrect response if the "gzip" directive was used. Changes with nginx 1.3.9 27 Nov 2012 *) Feature: support for chunked transfer encoding while reading client request body. *) Feature: the $request_time and $msec variables can now be used not only in the "log_format" directive. *) Bugfix: cache manager and cache loader processes might not be able to start if more than 512 listen sockets were used. *) Bugfix: in the ngx_http_dav_module. Changes with nginx 1.3.8 30 Oct 2012 *) Feature: the "optional_no_ca" parameter of the "ssl_verify_client" directive. Thanks to Mike Kazantsev and Eric O'Connor. *) Feature: the $bytes_sent, $connection, and $connection_requests variables can now be used not only in the "log_format" directive. Thanks to Benjamin Grössing. *) Feature: the "auto" parameter of the "worker_processes" directive. *) Bugfix: "cache file ... has md5 collision" alert. *) Bugfix: in the ngx_http_gunzip_filter_module. *) Bugfix: in the "ssl_stapling" directive. Changes with nginx 1.3.7 02 Oct 2012 *) Feature: OCSP stapling support. Thanks to Comodo, DigiCert and GlobalSign for sponsoring this work. *) Feature: the "ssl_trusted_certificate" directive. *) Feature: resolver now randomly rotates addresses returned from cache. Thanks to Anton Jouline. *) Bugfix: OpenSSL 0.9.7 compatibility. Changes with nginx 1.3.6 12 Sep 2012 *) Feature: the ngx_http_gunzip_filter_module. *) Feature: the "memcached_gzip_flag" directive. *) Feature: the "always" parameter of the "gzip_static" directive. *) Bugfix: in the "limit_req" directive; the bug had appeared in 1.1.14. Thanks to Charles Chen. *) Bugfix: nginx could not be built by gcc 4.7 with -O2 optimization if the --with-ipv6 option was used. Changes with nginx 1.3.5 21 Aug 2012 *) Change: the ngx_http_mp4_module module no longer skips tracks in formats other than H.264 and AAC. *) Bugfix: a segmentation fault might occur in a worker process if the "map" directive was used with variables as values. *) Bugfix: a segmentation fault might occur in a worker process if the "geo" directive was used with the "ranges" parameter but without the "default" parameter; the bug had appeared in 0.8.43. Thanks to Zhen Chen and Weibin Yao. *) Bugfix: in the -p command-line parameter handling. *) Bugfix: in the mail proxy server. *) Bugfix: of minor potential bugs. Thanks to Coverity. *) Bugfix: nginx/Windows could not be built with Visual Studio 2005 Express. Thanks to HAYASHI Kentaro. Changes with nginx 1.3.4 31 Jul 2012 *) Change: the "ipv6only" parameter is now turned on by default for listening IPv6 sockets. *) Feature: the Clang compiler support. *) Bugfix: extra listening sockets might be created. Thanks to Roman Odaisky. *) Bugfix: nginx/Windows might hog CPU if a worker process failed to start. Thanks to Ricardo Villalobos Guevara. *) Bugfix: the "proxy_pass_header", "fastcgi_pass_header", "scgi_pass_header", "uwsgi_pass_header", "proxy_hide_header", "fastcgi_hide_header", "scgi_hide_header", and "uwsgi_hide_header" directives might be inherited incorrectly. Changes with nginx 1.3.3 10 Jul 2012 *) Feature: entity tags support and the "etag" directive. *) Bugfix: trailing dot in a source value was not ignored if the "map" directive was used with the "hostnames" parameter. *) Bugfix: incorrect location might be used to process a request if a URI was changed via a "rewrite" directive before an internal redirect to a named location. Changes with nginx 1.3.2 26 Jun 2012 *) Change: the "single" parameter of the "keepalive" directive is now ignored. *) Change: SSL compression is now disabled when using all versions of OpenSSL, including ones prior to 1.0.0. *) Feature: it is now possible to use the "ip_hash" directive to balance IPv6 clients. *) Feature: the $status variable can now be used not only in the "log_format" directive. *) Bugfix: a segmentation fault might occur in a worker process on shutdown if the "resolver" directive was used. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_mp4_module was used. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: a segmentation fault might occur in a worker process if conflicting wildcard server names were used. *) Bugfix: nginx might be terminated abnormally on a SIGBUS signal on ARM platform. *) Bugfix: an alert "sendmsg() failed (9: Bad file number)" on HP-UX while reconfiguration. Changes with nginx 1.3.1 05 Jun 2012 *) Security: now nginx/Windows ignores trailing dot in URI path component, and does not allow URIs with ":$" in it. Thanks to Vladimir Kochetkov, Positive Research Center. *) Feature: the "proxy_pass", "fastcgi_pass", "scgi_pass", "uwsgi_pass" directives, and the "server" directive inside the "upstream" block, now support IPv6 addresses. *) Feature: the "resolver" directive now supports IPv6 addresses and an optional port specification. *) Feature: the "least_conn" directive inside the "upstream" block. *) Feature: it is now possible to specify a weight for servers while using the "ip_hash" directive. *) Bugfix: a segmentation fault might occur in a worker process if the "image_filter" directive was used; the bug had appeared in 1.3.0. *) Bugfix: nginx could not be built with ngx_cpp_test_module; the bug had appeared in 1.1.12. *) Bugfix: access to variables from SSI and embedded perl module might not work after reconfiguration. Thanks to Yichun Zhang. *) Bugfix: in the ngx_http_xslt_filter_module. Thanks to Kuramoto Eiji. *) Bugfix: memory leak if $geoip_org variable was used. Thanks to Denis F. Latypoff. *) Bugfix: in the "proxy_cookie_domain" and "proxy_cookie_path" directives. Changes with nginx 1.3.0 15 May 2012 *) Feature: the "debug_connection" directive now supports IPv6 addresses and the "unix:" parameter. *) Feature: the "set_real_ip_from" directive and the "proxy" parameter of the "geo" directive now support IPv6 addresses. *) Feature: the "real_ip_recursive", "geoip_proxy", and "geoip_proxy_recursive" directives. *) Feature: the "proxy_recursive" parameter of the "geo" directive. *) Bugfix: a segmentation fault might occur in a worker process if the "resolver" directive was used. *) Bugfix: a segmentation fault might occur in a worker process if the "fastcgi_pass", "scgi_pass", or "uwsgi_pass" directives were used and backend returned incorrect response. *) Bugfix: a segmentation fault might occur in a worker process if the "rewrite" directive was used and new request arguments in a replacement used variables. *) Bugfix: nginx might hog CPU if the open file resource limit was reached. *) Bugfix: nginx might loop infinitely over backends if the "proxy_next_upstream" directive with the "http_404" parameter was used and there were backup servers specified in an upstream block. *) Bugfix: adding the "down" parameter of the "server" directive might cause unneeded client redistribution among backend servers if the "ip_hash" directive was used. *) Bugfix: socket leak. Thanks to Yichun Zhang. *) Bugfix: in the ngx_http_fastcgi_module. Changes with nginx 1.2.0 23 Apr 2012 *) Bugfix: a segmentation fault might occur in a worker process if the "try_files" directive was used; the bug had appeared in 1.1.19. *) Bugfix: response might be truncated if there were more than IOV_MAX buffers used. *) Bugfix: in the "crop" parameter of the "image_filter" directive. Thanks to Maxim Bublis. Changes with nginx 1.1.19 12 Apr 2012 *) Security: specially crafted mp4 file might allow to overwrite memory locations in a worker process if the ngx_http_mp4_module was used, potentially resulting in arbitrary code execution (CVE-2012-2089). Thanks to Matthew Daley. *) Bugfix: nginx/Windows might be terminated abnormally. Thanks to Vincent Lee. *) Bugfix: nginx hogged CPU if all servers in an upstream were marked as "backup". *) Bugfix: the "allow" and "deny" directives might be inherited incorrectly if they were used with IPv6 addresses. *) Bugfix: the "modern_browser" and "ancient_browser" directives might be inherited incorrectly. *) Bugfix: timeouts might be handled incorrectly on Solaris/SPARC. *) Bugfix: in the ngx_http_mp4_module. Changes with nginx 1.1.18 28 Mar 2012 *) Change: keepalive connections are no longer disabled for Safari by default. *) Feature: the $connection_requests variable. *) Feature: $tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd and $tcpinfo_rcv_space variables. *) Feature: the "worker_cpu_affinity" directive now works on FreeBSD. *) Feature: the "xslt_param" and "xslt_string_param" directives. Thanks to Samuel Behan. *) Bugfix: in configure tests. Thanks to Piotr Sikora. *) Bugfix: in the ngx_http_xslt_filter_module. *) Bugfix: nginx could not be built on Debian GNU/Hurd. Changes with nginx 1.1.17 15 Mar 2012 *) Security: content of previously freed memory might be sent to a client if backend returned specially crafted response. Thanks to Matthew Daley. *) Bugfix: in the embedded perl module if used from SSI. Thanks to Matthew Daley. *) Bugfix: in the ngx_http_uwsgi_module. Changes with nginx 1.1.16 29 Feb 2012 *) Change: the simultaneous subrequest limit has been raised to 200. *) Feature: the "from" parameter of the "disable_symlinks" directive. *) Feature: the "return" and "error_page" directives can now be used to return 307 redirections. *) Bugfix: a segmentation fault might occur in a worker process if the "resolver" directive was used and there was no "error_log" directive specified at global level. Thanks to Roman Arutyunyan. *) Bugfix: a segmentation fault might occur in a worker process if the "proxy_http_version 1.1" or "fastcgi_keep_conn on" directives were used. *) Bugfix: memory leaks. Thanks to Lanshun Zhou. *) Bugfix: in the "disable_symlinks" directive. *) Bugfix: on ZFS filesystem disk cache size might be calculated incorrectly; the bug had appeared in 1.0.1. *) Bugfix: nginx could not be built by the icc 12.1 compiler. *) Bugfix: nginx could not be built by gcc on Solaris; the bug had appeared in 1.1.15. Changes with nginx 1.1.15 15 Feb 2012 *) Feature: the "disable_symlinks" directive. *) Feature: the "proxy_cookie_domain" and "proxy_cookie_path" directives. *) Bugfix: nginx might log incorrect error "upstream prematurely closed connection" instead of correct "upstream sent too big header" one. Thanks to Feibo Li. *) Bugfix: nginx could not be built with the ngx_http_perl_module if the --with-openssl option was used. *) Bugfix: the number of internal redirects to named locations was not limited. *) Bugfix: calling $r->flush() multiple times might cause errors in the ngx_http_gzip_filter_module. *) Bugfix: temporary files might be not removed if the "proxy_store" directive was used with SSI includes. *) Bugfix: in some cases non-cacheable variables (such as the $args variable) returned old empty cached value. *) Bugfix: a segmentation fault might occur in a worker process if too many SSI subrequests were issued simultaneously; the bug had appeared in 0.7.25. Changes with nginx 1.1.14 30 Jan 2012 *) Feature: multiple "limit_req" limits may be used simultaneously. *) Bugfix: in error handling while connecting to a backend. Thanks to Piotr Sikora. *) Bugfix: in AIO error handling on FreeBSD. *) Bugfix: in the OpenSSL library initialization. *) Bugfix: the "proxy_redirect" directives might be inherited incorrectly. *) Bugfix: memory leak during reconfiguration if the "pcre_jit" directive was used. Changes with nginx 1.1.13 16 Jan 2012 *) Feature: the "TLSv1.1" and "TLSv1.2" parameters of the "ssl_protocols" directive. *) Bugfix: the "limit_req" directive parameters were not inherited correctly; the bug had appeared in 1.1.12. *) Bugfix: the "proxy_redirect" directive incorrectly processed "Refresh" header if regular expression were used. *) Bugfix: the "proxy_cache_use_stale" directive with "error" parameter did not return answer from cache if there were no live upstreams. *) Bugfix: the "worker_cpu_affinity" directive might not work. *) Bugfix: nginx could not be built on Solaris; the bug had appeared in 1.1.12. *) Bugfix: in the ngx_http_mp4_module. Changes with nginx 1.1.12 26 Dec 2011 *) Change: a "proxy_pass" directive without URI part now uses changed URI after redirection with the "error_page" directive. Thanks to Lanshun Zhou. *) Feature: the "proxy/fastcgi/scgi/uwsgi_cache_lock", "proxy/fastcgi/scgi/uwsgi_cache_lock_timeout" directives. *) Feature: the "pcre_jit" directive. *) Feature: the "if" SSI command supports captures in regular expressions. *) Bugfix: the "if" SSI command did not work inside the "block" command. *) Bugfix: the "limit_conn_log_level" and "limit_req_log_level" directives might not work. *) Bugfix: the "limit_rate" directive did not allow to use full throughput, even if limit value was very high. *) Bugfix: the "sendfile_max_chunk" directive did not work, if the "limit_rate" directive was used. *) Bugfix: a "proxy_pass" directive without URI part always used original request URI if variables were used. *) Bugfix: a "proxy_pass" directive without URI part might use original request after redirection with the "try_files" directive. Thanks to Lanshun Zhou. *) Bugfix: in the ngx_http_scgi_module. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: nginx could not be built on Solaris; the bug had appeared in 1.1.9. Changes with nginx 1.1.11 12 Dec 2011 *) Feature: the "so_keepalive" parameter of the "listen" directive. Thanks to Vsevolod Stakhov. *) Feature: the "if_not_empty" parameter of the "fastcgi/scgi/uwsgi_param" directives. *) Feature: the $https variable. *) Feature: the "proxy_redirect" directive supports variables in the first parameter. *) Feature: the "proxy_redirect" directive supports regular expressions. *) Bugfix: the $sent_http_cache_control variable might contain a wrong value if the "expires" directive was used. Thanks to Yichun Zhang. *) Bugfix: the "read_ahead" directive might not work combined with "try_files" and "open_file_cache". *) Bugfix: a segmentation fault might occur in a worker process if small time was used in the "inactive" parameter of the "proxy_cache_path" directive. *) Bugfix: responses from cache might hang. Changes with nginx 1.1.10 30 Nov 2011 *) Bugfix: a segmentation fault occurred in a worker process if AIO was used on Linux; the bug had appeared in 1.1.9. Changes with nginx 1.1.9 28 Nov 2011 *) Change: now double quotes are encoded in an "echo" SSI-command output. Thanks to Zaur Abasmirzoev. *) Feature: the "valid" parameter of the "resolver" directive. By default TTL returned by a DNS server is used. Thanks to Kirill A. Korinskiy. *) Bugfix: nginx might hang after a worker process abnormal termination. *) Bugfix: a segmentation fault might occur in a worker process if SNI was used; the bug had appeared in 1.1.2. *) Bugfix: in the "keepalive_disable" directive; the bug had appeared in 1.1.8. Thanks to Alexander Usov. *) Bugfix: SIGWINCH signal did not work after first binary upgrade; the bug had appeared in 1.1.1. *) Bugfix: backend responses with length not matching "Content-Length" header line are no longer cached. *) Bugfix: in the "scgi_param" directive, if complex parameters were used. *) Bugfix: in the "epoll" event method. Thanks to Yichun Zhang. *) Bugfix: in the ngx_http_flv_module. Thanks to Piotr Sikora. *) Bugfix: in the ngx_http_mp4_module. *) Bugfix: IPv6 addresses are now handled properly in a request line and in a "Host" request header line. *) Bugfix: "add_header" and "expires" directives did not work if a request was proxied and response status code was 206. *) Bugfix: nginx could not be built on FreeBSD 10. *) Bugfix: nginx could not be built on AIX. Changes with nginx 1.1.8 14 Nov 2011 *) Change: the ngx_http_limit_zone_module was renamed to the ngx_http_limit_conn_module. *) Change: the "limit_zone" directive was superseded by the "limit_conn_zone" directive with a new syntax. *) Feature: support for multiple "limit_conn" limits on the same level. *) Feature: the "image_filter_sharpen" directive. *) Bugfix: a segmentation fault might occur in a worker process if resolver got a big DNS response. Thanks to Ben Hawkes. *) Bugfix: in cache key calculation if internal MD5 implementation was used; the bug had appeared in 1.0.4. *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request header lines might be passed to backend while caching; or not passed without caching if caching was enabled in another part of the configuration. *) Bugfix: the module ngx_http_mp4_module sent incorrect "Content-Length" response header line if the "start" argument was used. Thanks to Piotr Sikora. Changes with nginx 1.1.7 31 Oct 2011 *) Feature: support of several DNS servers in the "resolver" directive. Thanks to Kirill A. Korinskiy. *) Bugfix: a segmentation fault occurred on start or during reconfiguration if the "ssl" directive was used at http level and there was no "ssl_certificate" defined. *) Bugfix: reduced memory consumption while proxying big files if they were buffered to disk. *) Bugfix: a segmentation fault might occur in a worker process if "proxy_http_version 1.1" directive was used. *) Bugfix: in the "expires @time" directive. Changes with nginx 1.1.6 17 Oct 2011 *) Change in internal API: now module context data are cleared while internal redirect to named location. Requested by Yichun Zhang. *) Change: if a server in an upstream failed, only one request will be sent to it after fail_timeout; the server will be considered alive if it will successfully respond to the request. *) Change: now the 0x7F-0xFF characters are escaped as \xXX in an access_log. *) Feature: "proxy/fastcgi/scgi/uwsgi_ignore_headers" directives support the following additional values: X-Accel-Limit-Rate, X-Accel-Buffering, X-Accel-Charset. *) Feature: decrease of memory consumption if SSL is used. *) Bugfix: some UTF-8 characters were processed incorrectly. Thanks to Alexey Kuts. *) Bugfix: the ngx_http_rewrite_module directives specified at "server" level were executed twice if no matching locations were defined. *) Bugfix: a socket leak might occurred if "aio sendfile" was used. *) Bugfix: connections with fast clients might be closed after send_timeout if file AIO was used. *) Bugfix: in the ngx_http_autoindex_module. *) Bugfix: the module ngx_http_mp4_module did not support seeking on 32-bit platforms. Changes with nginx 1.1.5 05 Oct 2011 *) Feature: the "uwsgi_buffering" and "scgi_buffering" directives. Thanks to Peter Smit. *) Bugfix: non-cacheable responses might be cached if "proxy_cache_bypass" directive was used. Thanks to John Ferlito. *) Bugfix: in HTTP/1.1 support in the ngx_http_proxy_module. *) Bugfix: cached responses with an empty body were returned incorrectly; the bug had appeared in 0.8.31. *) Bugfix: 201 responses of the ngx_http_dav_module were incorrect; the bug had appeared in 0.8.32. *) Bugfix: in the "return" directive. *) Bugfix: the "ssl_session_cache builtin" directive caused segmentation fault; the bug had appeared in 1.1.1. Changes with nginx 1.1.4 20 Sep 2011 *) Feature: the ngx_http_upstream_keepalive module. *) Feature: the "proxy_http_version" directive. *) Feature: the "fastcgi_keep_conn" directive. *) Feature: the "worker_aio_requests" directive. *) Bugfix: if nginx was built --with-file-aio it could not be run on Linux kernel which did not support AIO. *) Bugfix: in Linux AIO error processing. Thanks to Hagai Avrahami. *) Bugfix: reduced memory consumption for long-lived requests. *) Bugfix: the module ngx_http_mp4_module did not support 64-bit MP4 "co64" atom. Changes with nginx 1.1.3 14 Sep 2011 *) Feature: the module ngx_http_mp4_module. *) Bugfix: in Linux AIO combined with open_file_cache. *) Bugfix: open_file_cache did not update file info on retest if file was not atomically changed. *) Bugfix: nginx could not be built on MacOSX 10.7. Changes with nginx 1.1.2 05 Sep 2011 *) Change: now if total size of all ranges is greater than source response size, then nginx disables ranges and returns just the source response. *) Feature: the "max_ranges" directive. *) Bugfix: the "ssl_verify_client", "ssl_verify_depth", and "ssl_prefer_server_ciphers" directives might work incorrectly if SNI was used. *) Bugfix: in the "proxy/fastcgi/scgi/uwsgi_ignore_client_abort" directives. Changes with nginx 1.1.1 22 Aug 2011 *) Change: now cache loader processes either as many files as specified by "loader_files" parameter or works no longer than time specified by the "loader_threshold" parameter during each iteration. *) Change: now SIGWINCH signal works only in daemon mode. *) Feature: now shared zones and caches use POSIX semaphores on Solaris. Thanks to Den Ivanov. *) Feature: accept filters are now supported on NetBSD. *) Bugfix: nginx could not be built on Linux 3.0. *) Bugfix: nginx did not use gzipping in some cases; the bug had appeared in 1.1.0. *) Bugfix: request body might be processed incorrectly if client used pipelining. *) Bugfix: in the "request_body_in_single_buf" directive. *) Bugfix: in "proxy_set_body" and "proxy_pass_request_body" directives if SSL connection to backend was used. *) Bugfix: nginx hogged CPU if all servers in an upstream were marked as "down". *) Bugfix: a segmentation fault might occur during reconfiguration if ssl_session_cache was defined but not used in previous configuration. *) Bugfix: a segmentation fault might occur in a worker process if many backup servers were used in an upstream. *) Bugfix: a segmentation fault might occur in a worker process if "fastcgi/scgi/uwsgi_param" directives were used with values starting with "HTTP_"; the bug had appeared in 0.8.40. Changes with nginx 1.1.0 01 Aug 2011 *) Feature: cache loader run time decrease. *) Feature: "loader_files", "loader_sleep", and "loader_threshold" options of the "proxy/fastcgi/scgi/uwsgi_cache_path" directives. *) Feature: loading time decrease of configuration with large number of HTTPS sites. *) Feature: now nginx supports ECDHE key exchange ciphers. Thanks to Adrian Kotelba. *) Feature: the "lingering_close" directive. Thanks to Maxim Dounin. *) Bugfix: in closing connection for pipelined requests. Thanks to Maxim Dounin. *) Bugfix: nginx did not disable gzipping if client sent "gzip;q=0" in "Accept-Encoding" request header line. *) Bugfix: in timeout in unbuffered proxied mode. Thanks to Maxim Dounin. *) Bugfix: memory leaks when a "proxy_pass" directive contains variables and proxies to an HTTPS backend. Thanks to Maxim Dounin. *) Bugfix: in parameter validation of a "proxy_pass" directive with variables. Thanks to Lanshun Zhou. *) Bugfix: SSL did not work on QNX. Thanks to Maxim Dounin. *) Bugfix: SSL modules could not be built by gcc 4.6 without --with-debug option. Changes with nginx 1.0.5 19 Jul 2011 *) Change: now default SSL ciphers are "HIGH:!aNULL:!MD5". Thanks to Rob Stradling. *) Feature: the "referer_hash_max_size" and "referer_hash_bucket_size" directives. Thanks to Witold Filipczyk. *) Feature: $uid_reset variable. *) Bugfix: a segmentation fault might occur in a worker process, if a caching was used. Thanks to Lanshun Zhou. *) Bugfix: worker processes may got caught in an endless loop during reconfiguration, if a caching was used; the bug had appeared in 0.8.48. Thanks to Maxim Dounin. *) Bugfix: "stalled cache updating" alert. Thanks to Maxim Dounin. Changes with nginx 1.0.4 01 Jun 2011 *) Change: now regular expressions case sensitivity in the "map" directive is given by prefixes "~" or "~*". *) Feature: now shared zones and caches use POSIX semaphores on Linux. Thanks to Denis F. Latypoff. *) Bugfix: "stalled cache updating" alert. *) Bugfix: nginx could not be built --without-http_auth_basic_module; the bug had appeared in 1.0.3. Changes with nginx 1.0.3 25 May 2011 *) Feature: the "auth_basic_user_file" directive supports "$apr1", "{PLAIN}", and "{SSHA}" password encryption methods. Thanks to Maxim Dounin. *) Feature: the "geoip_org" directive and $geoip_org variable. Thanks to Alexander Uskov, Arnaud Granal, and Denis F. Latypoff. *) Feature: ngx_http_geo_module and ngx_http_geoip_module support IPv4 addresses mapped to IPv6 addresses. *) Bugfix: a segmentation fault occurred in a worker process during testing IPv4 address mapped to IPv6 address, if access or deny rules were defined only for IPv6; the bug had appeared in 0.8.22. *) Bugfix: a cached response may be broken if "proxy/fastcgi/scgi/ uwsgi_cache_bypass" and "proxy/fastcgi/scgi/uwsgi_no_cache" directive values were different; the bug had appeared in 0.8.46. Changes with nginx 1.0.2 10 May 2011 *) Feature: now shared zones and caches use POSIX semaphores. *) Bugfix: in the "rotate" parameter of the "image_filter" directive. Thanks to Adam Bocim. *) Bugfix: nginx could not be built on Solaris; the bug had appeared in 1.0.1. Changes with nginx 1.0.1 03 May 2011 *) Change: now the "split_clients" directive uses MurmurHash2 algorithm because of better distribution. Thanks to Oleg Mamontov. *) Change: now long strings starting with zero are not considered as false values. Thanks to Maxim Dounin. *) Change: now nginx uses a default listen backlog value 511 on Linux. *) Feature: the $upstream_... variables may be used in the SSI and perl modules. *) Bugfix: now nginx limits better disk cache size. Thanks to Oleg Mamontov. *) Bugfix: a segmentation fault might occur while parsing incorrect IPv4 address; the bug had appeared in 0.9.3. Thanks to Maxim Dounin. *) Bugfix: nginx could not be built by gcc 4.6 without --with-debug option. *) Bugfix: nginx could not be built on Solaris 9 and earlier; the bug had appeared in 0.9.3. Thanks to Dagobert Michelsen. *) Bugfix: $request_time variable had invalid values if subrequests were used; the bug had appeared in 0.8.47. Thanks to Igor A. Valcov. Changes with nginx 1.0.0 12 Apr 2011 *) Bugfix: a cache manager might hog CPU after reload. Thanks to Maxim Dounin. *) Bugfix: an "image_filter crop" directive worked incorrectly coupled with an "image_filter rotate 180" directive. *) Bugfix: a "satisfy any" directive disabled custom 401 error page. Changes with nginx 0.9.7 04 Apr 2011 *) Feature: now keepalive connections may be closed premature, if there are no free worker connections. Thanks to Maxim Dounin. *) Feature: the "rotate" parameter of the "image_filter" directive. Thanks to Adam Bocim. *) Bugfix: a case when a backend in "fastcgi_pass", "scgi_pass", or "uwsgi_pass" directives is given by expression and refers to a defined upstream. Changes with nginx 0.9.6 21 Mar 2011 *) Feature: the "map" directive supports regular expressions as value of the first parameter. *) Feature: $time_iso8601 access_log variable. Thanks to Michael Lustfield. Changes with nginx 0.9.5 21 Feb 2011 *) Change: now nginx uses a default listen backlog value -1 on Linux. Thanks to Andrei Nigmatulin. *) Feature: the "utf8" parameter of "geoip_country" and "geoip_city" directives. Thanks to Denis F. Latypoff. *) Bugfix: in a default "proxy_redirect" directive if "proxy_pass" directive has no URI part. Thanks to Maxim Dounin. *) Bugfix: an "error_page" directive did not work with nonstandard error codes; the bug had appeared in 0.8.53. Thanks to Maxim Dounin. Changes with nginx 0.9.4 21 Jan 2011 *) Feature: the "server_name" directive supports the $hostname variable. *) Feature: 494 code for "Request Header Too Large" error. Changes with nginx 0.9.3 13 Dec 2010 *) Bugfix: if there was a single server for given IPv6 address:port pair, then captures in regular expressions in a "server_name" directive did not work. *) Bugfix: nginx could not be built on Solaris; the bug had appeared in 0.9.0. Changes with nginx 0.9.2 06 Dec 2010 *) Feature: the "If-Unmodified-Since" client request header line support. *) Workaround: fallback to accept() syscall if accept4() was not implemented; the issue had appeared in 0.9.0. *) Bugfix: nginx could not be built on Cygwin; the bug had appeared in 0.9.0. *) Bugfix: for OpenSSL vulnerability CVE-2010-4180. Thanks to Maxim Dounin. Changes with nginx 0.9.1 30 Nov 2010 *) Bugfix: "return CODE message" directives did not work; the bug had appeared in 0.9.0. Changes with nginx 0.9.0 29 Nov 2010 *) Feature: the "keepalive_disable" directive. *) Feature: the "map" directive supports variables as value of a defined variable. *) Feature: the "map" directive supports empty strings as value of the first parameter. *) Feature: the "map" directive supports expressions as the first parameter. *) Feature: nginx(8) manual page. Thanks to Sergey Osokin. *) Feature: Linux accept4() support. Thanks to Simon Liu. *) Workaround: elimination of Linux linker warning about "sys_errlist" and "sys_nerr"; the warning had appeared in 0.8.35. *) Bugfix: a segmentation fault might occur in a worker process, if the "auth_basic" directive was used. Thanks to Michail Laletin. *) Bugfix: compatibility with ngx_http_eval_module; the bug had appeared in 0.8.42. Changes with nginx 0.8.53 18 Oct 2010 *) Feature: now the "error_page" directive allows to change a status code in a redirect. *) Feature: the "gzip_disable" directive supports special "degradation" mask. *) Bugfix: a socket leak might occurred if file AIO was used. Thanks to Maxim Dounin. *) Bugfix: if the first server had no "listen" directive and there was no explicit default server, then a next server with a "listen" directive became the default server; the bug had appeared in 0.8.21. Changes with nginx 0.8.52 28 Sep 2010 *) Bugfix: nginx used SSL mode for a listen socket if any listen option was set; the bug had appeared in 0.8.51. Changes with nginx 0.8.51 27 Sep 2010 *) Change: the "secure_link_expires" directive has been canceled. *) Change: a logging level of resolver errors has been lowered from "alert" to "error". *) Feature: now a listen socket "ssl" parameter may be set several times. Changes with nginx 0.8.50 02 Sep 2010 *) Feature: the "secure_link", "secure_link_md5", and "secure_link_expires" directives of the ngx_http_secure_link_module. *) Feature: the -q switch. Thanks to Gena Makhomed. *) Bugfix: worker processes may got caught in an endless loop during reconfiguration, if a caching was used; the bug had appeared in 0.8.48. *) Bugfix: in the "gzip_disable" directive. Thanks to Derrick Petzold. *) Bugfix: nginx/Windows could not send stop, quit, reopen, and reload signals to a process run in other session. Changes with nginx 0.8.49 09 Aug 2010 *) Feature: the "image_filter_jpeg_quality" directive supports variables. *) Bugfix: a segmentation fault might occur in a worker process, if the $geoip_region_name variables was used; the bug had appeared in 0.8.48. *) Bugfix: errors intercepted by error_page were cached only for next request; the bug had appeared in 0.8.48. Changes with nginx 0.8.48 03 Aug 2010 *) Change: now the "server_name" directive default value is an empty name "". Thanks to Gena Makhomed. *) Change: now the "server_name_in_redirect" directive default value is "off". *) Feature: the $geoip_dma_code, $geoip_area_code, and $geoip_region_name variables. Thanks to Christine McGonagle. *) Bugfix: the "proxy_pass", "fastcgi_pass", "uwsgi_pass", and "scgi_pass" directives were not inherited inside "limit_except" blocks. *) Bugfix: the "proxy_cache_min_uses", "fastcgi_cache_min_uses" "uwsgi_cache_min_uses", and "scgi_cache_min_uses" directives did not work; the bug had appeared in 0.8.46. *) Bugfix: the "fastcgi_split_path_info" directive used incorrectly captures, if only parts of an URI were captured. Thanks to Yuriy Taraday and Frank Enderle. *) Bugfix: the "rewrite" directive did not escape a ";" character during copying from URI to query string. Thanks to Daisuke Murase. *) Bugfix: the ngx_http_image_filter_module closed a connection, if an image was larger than "image_filter_buffer" size. Changes with nginx 0.8.47 28 Jul 2010 *) Bugfix: $request_time variable had invalid values for subrequests. *) Bugfix: errors intercepted by error_page could not be cached. *) Bugfix: a cache manager process may got caught in an endless loop, if max_size parameter was used; the bug had appeared in 0.8.46. Changes with nginx 0.8.46 19 Jul 2010 *) Change: now the "proxy_no_cache", "fastcgi_no_cache", "uwsgi_no_cache", and "scgi_no_cache" directives affect on a cached response saving only. *) Feature: the "proxy_cache_bypass", "fastcgi_cache_bypass", "uwsgi_cache_bypass", and "scgi_cache_bypass" directives. *) Bugfix: nginx did not free memory in cache keys zones if there was an error during working with backend: the memory was freed only after inactivity time or on memory low condition. Changes with nginx 0.8.45 13 Jul 2010 *) Feature: ngx_http_xslt_filter improvements. Thanks to Laurence Rowe. *) Bugfix: SSI response might be truncated after include with wait="yes"; the bug had appeared in 0.7.25. Thanks to Maxim Dounin. *) Bugfix: the "listen" directive did not support the "setfib=0" parameter. Changes with nginx 0.8.44 05 Jul 2010 *) Change: now nginx does not cache by default backend responses, if they have a "Set-Cookie" header line. *) Feature: the "listen" directive supports the "setfib" parameter. Thanks to Andrew Filonov. *) Bugfix: the "sub_filter" directive might change character case on partial match. *) Bugfix: compatibility with HP/UX. *) Bugfix: compatibility with AIX xlC_r compiler. *) Bugfix: nginx treated large SSLv2 packets as plain requests. Thanks to Miroslaw Jaworski. Changes with nginx 0.8.43 30 Jun 2010 *) Feature: large geo ranges base loading speed-up. *) Bugfix: an error_page redirection to "location /zero {return 204;}" without changing status code kept the error body; the bug had appeared in 0.8.42. *) Bugfix: nginx might close IPv6 listen socket during reconfiguration. Thanks to Maxim Dounin. *) Bugfix: the $uid_set variable may be used at any request processing stage. Changes with nginx 0.8.42 21 Jun 2010 *) Change: now nginx tests locations given by regular expressions, if request was matched exactly by a location given by a prefix string. The previous behavior has been introduced in 0.7.1. *) Feature: the ngx_http_scgi_module. Thanks to Manlio Perillo. *) Feature: a text answer may be added to a "return" directive. Changes with nginx 0.8.41 15 Jun 2010 *) Security: nginx/Windows worker might be terminated abnormally if a requested file name has invalid UTF-8 encoding. *) Change: now nginx allows to use spaces in a request line. *) Bugfix: the "proxy_redirect" directive changed incorrectly a backend "Refresh" response header line. Thanks to Andrey Andreew and Max Sogin. *) Bugfix: nginx did not support path without host name in "Destination" request header line. Changes with nginx 0.8.40 07 Jun 2010 *) Security: now nginx/Windows ignores default file stream name. Thanks to Jose Antonio Vazquez Gonzalez. *) Feature: the ngx_http_uwsgi_module. Thanks to Roberto De Ioris. *) Feature: a "fastcgi_param" directive with value starting with "HTTP_" overrides a client request header line. *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request header lines were passed to FastCGI-server while caching. *) Bugfix: listen unix domain socket could not be changed during reconfiguration. Thanks to Maxim Dounin. Changes with nginx 0.8.39 31 May 2010 *) Bugfix: an inherited "alias" directive worked incorrectly in inclusive location. *) Bugfix: in "alias" with variables and "try_files" directives combination. *) Bugfix: listen unix domain and IPv6 sockets did not inherit while online upgrade. Thanks to Maxim Dounin. Changes with nginx 0.8.38 24 May 2010 *) Feature: the "proxy_no_cache" and "fastcgi_no_cache" directives. *) Feature: now the "rewrite" directive does a redirect automatically if the $scheme variable is used. Thanks to Piotr Sikora. *) Bugfix: now "limit_req" delay directive conforms to the described algorithm. Thanks to Maxim Dounin. *) Bugfix: the $uid_got variable might not be used in the SSI and perl modules. Changes with nginx 0.8.37 17 May 2010 *) Feature: the ngx_http_split_clients_module. *) Feature: the "map" directive supports keys more than 255 characters. *) Bugfix: nginx ignored the "private" and "no-store" values in the "Cache-Control" backend response header line. *) Bugfix: a "stub" parameter of an "include" SSI directive was not used, if empty response has 200 status code. *) Bugfix: if a proxied or FastCGI request was internally redirected to another proxied or FastCGI location, then a segmentation fault might occur in a worker process; the bug had appeared in 0.8.33. Thanks to Yichun Zhang. *) Bugfix: IMAP connections may hang until they timed out while talking to Zimbra server. Thanks to Alan Batie. Changes with nginx 0.8.36 22 Apr 2010 *) Bugfix: the ngx_http_dav_module handled incorrectly the DELETE, COPY, and MOVE methods for symlinks. *) Bugfix: values of the $query_string, $arg_..., etc. variables cached in main request were used by the SSI module in subrequests. *) Bugfix: a variable value was repeatedly encoded after each an "echo" SSI-command output; the bug had appeared in 0.6.14. *) Bugfix: a worker process hung if a FIFO file was requested. Thanks to Vicente Aguilar and Maxim Dounin. *) Bugfix: OpenSSL-1.0.0 compatibility on 64-bit Linux. Thanks to Maxim Dounin. *) Bugfix: nginx could not be built --without-http-cache; the bug had appeared in 0.8.35. Changes with nginx 0.8.35 01 Apr 2010 *) Change: now the charset filter runs before the SSI filter. *) Feature: the "chunked_transfer_encoding" directive. *) Bugfix: an "&" character was not escaped when it was copied in arguments part in a rewrite rule. *) Bugfix: nginx might be terminated abnormally while a signal processing or if the directive "timer_resolution" was used on platforms which do not support kqueue or eventport notification methods. Thanks to George Xie and Maxim Dounin. *) Bugfix: if temporary files and permanent storage area resided at different file systems, then permanent file modification times were incorrect. Thanks to Maxim Dounin. *) Bugfix: ngx_http_memcached_module might issue the error message "memcached sent invalid trailer". Thanks to Maxim Dounin. *) Bugfix: nginx could not built zlib-1.2.4 library using the library sources. Thanks to Maxim Dounin. *) Bugfix: a segmentation fault occurred in a worker process, if there was large stderr output before FastCGI response; the bug had appeared in 0.8.34. Thanks to Maxim Dounin. Changes with nginx 0.8.34 03 Mar 2010 *) Bugfix: nginx did not support all ciphers and digests used in client certificates. Thanks to Innocenty Enikeew. *) Bugfix: nginx cached incorrectly FastCGI responses if there was large stderr output before response. *) Bugfix: nginx did not support HTTPS referrers. *) Bugfix: nginx/Windows might not find file if path in configuration was given in other character case; the bug had appeared in 0.8.33. *) Bugfix: the $date_local variable has an incorrect value, if the "%s" format was used. Thanks to Maxim Dounin. *) Bugfix: if ssl_session_cache was not set or was set to "none", then during client certificate verify the error "session id context uninitialized" might occur; the bug had appeared in 0.7.1. *) Bugfix: a geo range returned default value if the range included two or more /16 networks and did not begin at /16 network boundary. *) Bugfix: a block used in a "stub" parameter of an "include" SSI directive was output with "text/plain" MIME type. *) Bugfix: $r->sleep() did not work; the bug had appeared in 0.8.11. Changes with nginx 0.8.33 01 Feb 2010 *) Security: now nginx/Windows ignores trailing spaces in URI. Thanks to Dan Crowley, Core Security Technologies. *) Security: now nginx/Windows ignores short files names. Thanks to Dan Crowley, Core Security Technologies. *) Change: now keepalive connections after POST requests are not disabled for MSIE 7.0+. Thanks to Adam Lounds. *) Workaround: now keepalive connections are disabled for Safari. Thanks to Joshua Sierles. *) Bugfix: if a proxied or FastCGI request was internally redirected to another proxied or FastCGI location, then $upstream_response_time variable may have abnormally large value; the bug had appeared in 0.8.7. *) Bugfix: a segmentation fault might occur in a worker process, while discarding a request body; the bug had appeared in 0.8.11. Changes with nginx 0.8.32 11 Jan 2010 *) Bugfix: UTF-8 encoding usage in the ngx_http_autoindex_module. Thanks to Maxim Dounin. *) Bugfix: regular expression named captures worked for two names only. Thanks to Maxim Dounin. *) Bugfix: now the "localhost" name is used in the "Host" request header line, if an unix domain socket is defined in the "auth_http" directive. Thanks to Maxim Dounin. *) Bugfix: nginx did not support chunked transfer encoding for 201 responses. Thanks to Julian Reich. *) Bugfix: if the "expires modified" set date in the past, then a negative number was set in the "Cache-Control" response header line. Thanks to Alex Kapranoff. Changes with nginx 0.8.31 23 Dec 2009 *) Feature: now the "error_page" directive may redirect the 301 and 302 responses. *) Feature: the $geoip_city_continent_code, $geoip_latitude, and $geoip_longitude variables. Thanks to Arvind Sundararajan. *) Feature: now the ngx_http_image_filter_module deletes always EXIF and other application specific data if the data consume more than 5% of a JPEG file. *) Bugfix: nginx closed a connection if a cached response had an empty body. Thanks to Piotr Sikora. *) Bugfix: nginx might not be built by gcc 4.x if the -O2 or higher optimization option was used. Thanks to Maxim Dounin and Denis F. Latypoff. *) Bugfix: regular expressions in location were always tested in case-sensitive mode; the bug had appeared in 0.8.25. *) Bugfix: nginx cached a 304 response if there was the "If-None-Match" header line in a proxied request. Thanks to Tim Dettrick and David Kostal. *) Bugfix: nginx/Windows tried to delete a temporary file twice if the file should replace an already existent file. Changes with nginx 0.8.30 15 Dec 2009 *) Change: now the default buffer size of the "large_client_header_buffers" directive is 8K. Thanks to Andrew Cholakian. *) Feature: the conf/fastcgi.conf for simple FastCGI configurations. *) Bugfix: nginx/Windows tried to rename a temporary file twice if the file should replace an already existent file. *) Bugfix: of "double free or corruption" error issued if host could not be resolved; the bug had appeared in 0.8.22. Thanks to Konstantin Svist. *) Bugfix: in libatomic usage on some platforms. Thanks to W-Mark Kubacki. Changes with nginx 0.8.29 30 Nov 2009 *) Change: now the "009" status code is written to an access log for proxied HTTP/0.9 responses. *) Feature: the "addition_types", "charset_types", "gzip_types", "ssi_types", "sub_filter_types", and "xslt_types" directives support an "*" parameter. *) Feature: GCC 4.1+ built-in atomic operations usage. Thanks to W-Mark Kubacki. *) Feature: the --with-libatomic[=DIR] option in the configure. Thanks to W-Mark Kubacki. *) Bugfix: listen unix domain socket had limited access rights. *) Bugfix: cached HTTP/0.9 responses were handled incorrectly. *) Bugfix: regular expression named captures given by "?P<...>" did not work in a "server_name" directive. Thanks to Maxim Dounin. Changes with nginx 0.8.28 23 Nov 2009 *) Bugfix: nginx could not be built with the --without-pcre parameter; the bug had appeared in 0.8.25. Changes with nginx 0.8.27 17 Nov 2009 *) Bugfix: regular expressions did not work in nginx/Windows; the bug had appeared in 0.8.25. Changes with nginx 0.8.26 16 Nov 2009 *) Bugfix: in captures usage in "rewrite" directive; the bug had appeared in 0.8.25. *) Bugfix: nginx could not be built without the --with-debug option; the bug had appeared in 0.8.25. Changes with nginx 0.8.25 16 Nov 2009 *) Change: now no message is written in an error log if a variable is not found by $r->variable() method. *) Feature: the ngx_http_degradation_module. *) Feature: regular expression named captures. *) Feature: now URI part is not required a "proxy_pass" directive if variables are used. *) Feature: now the "msie_padding" directive works for Chrome too. *) Bugfix: a segmentation fault occurred in a worker process on low memory condition; the bug had appeared in 0.8.18. *) Bugfix: nginx sent gzipped responses to clients those do not support gzip, if "gzip_static on" and "gzip_vary off"; the bug had appeared in 0.8.16. Changes with nginx 0.8.24 11 Nov 2009 *) Bugfix: nginx always added "Content-Encoding: gzip" response header line in 304 responses sent by ngx_http_gzip_static_module. *) Bugfix: nginx could not be built without the --with-debug option; the bug had appeared in 0.8.23. *) Bugfix: the "unix:" parameter of the "set_real_ip_from" directive inherited incorrectly from previous level. *) Bugfix: in resolving empty name. Changes with nginx 0.8.23 11 Nov 2009 *) Security: now SSL/TLS renegotiation is disabled. Thanks to Maxim Dounin. *) Bugfix: listen unix domain socket did not inherit while online upgrade. *) Bugfix: the "unix:" parameter of the "set_real_ip_from" directive did not without yet another directive with any IP address. *) Bugfix: segmentation fault and infinite looping in resolver. *) Bugfix: in resolver. Thanks to Artem Bokhan. Changes with nginx 0.8.22 03 Nov 2009 *) Feature: the "proxy_bind", "fastcgi_bind", and "memcached_bind" directives. *) Feature: the "access" and the "deny" directives support IPv6. *) Feature: the "set_real_ip_from" directive supports IPv6 addresses in request headers. *) Feature: the "unix:" parameter of the "set_real_ip_from" directive. *) Bugfix: nginx did not delete unix domain socket after configuration testing. *) Bugfix: nginx deleted unix domain socket while online upgrade. *) Bugfix: the "!-x" operator did not work. Thanks to Maxim Dounin. *) Bugfix: a segmentation fault might occur in a worker process, if limit_rate was used in HTTPS server. Thanks to Maxim Dounin. *) Bugfix: a segmentation fault might occur in a worker process while $limit_rate logging. Thanks to Maxim Dounin. *) Bugfix: a segmentation fault might occur in a worker process, if there was no "listen" directive in "server" block; the bug had appeared in 0.8.21. Changes with nginx 0.8.21 26 Oct 2009 *) Feature: now the "-V" switch shows TLS SNI support. *) Feature: the "listen" directive of the HTTP module supports unix domain sockets. Thanks to Hongli Lai. *) Feature: the "default_server" parameter of the "listen" directive. *) Feature: now a "default" parameter is not required to set listen socket options. *) Bugfix: nginx did not support dates in 2038 year on 32-bit platforms; *) Bugfix: socket leak; the bug had appeared in 0.8.11. Changes with nginx 0.8.20 14 Oct 2009 *) Change: now default SSL ciphers are "HIGH:!ADH:!MD5". *) Bugfix: the ngx_http_autoindex_module did not show the trailing slash in links to a directory; the bug had appeared in 0.7.15. *) Bugfix: nginx did not close a log file set by the --error-log-path configuration option; the bug had appeared in 0.7.53. *) Bugfix: nginx did not treat a comma as separator in the "Cache-Control" backend response header line. *) Bugfix: nginx/Windows might not create temporary file, a cache file, or "proxy/fastcgi_store"d file if a worker had no enough access rights for top level directories. *) Bugfix: the "Set-Cookie" and "P3P" FastCGI response header lines were not hidden while caching if no "fastcgi_hide_header" directives were used with any parameters. *) Bugfix: nginx counted incorrectly disk cache size. Changes with nginx 0.8.19 06 Oct 2009 *) Change: now SSLv2 protocol is disabled by default. *) Change: now default SSL ciphers are "ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM". *) Bugfix: a "limit_req" directive did not work; the bug had appeared in 0.8.18. Changes with nginx 0.8.18 06 Oct 2009 *) Feature: the "read_ahead" directive. *) Feature: now several "perl_modules" directives may be used. *) Feature: the "limit_req_log_level" and "limit_conn_log_level" directives. *) Bugfix: now "limit_req" directive conforms to the leaky bucket algorithm. Thanks to Maxim Dounin. *) Bugfix: nginx did not work on Linux/sparc. Thanks to Marcus Ramberg. *) Bugfix: nginx sent '\0' in a "Location" response header line on MKCOL request. Thanks to Xie Zhenye. *) Bugfix: zero status code was logged instead of 499 status code; the bug had appeared in 0.8.11. *) Bugfix: socket leak; the bug had appeared in 0.8.11. Changes with nginx 0.8.17 28 Sep 2009 *) Security: now "/../" are disabled in "Destination" request header line. *) Change: now $host variable value is always low case. *) Feature: the $ssl_session_id variable. *) Bugfix: socket leak; the bug had appeared in 0.8.11. Changes with nginx 0.8.16 22 Sep 2009 *) Feature: the "image_filter_transparency" directive. *) Bugfix: "addition_types" directive was incorrectly named "addtion_types". *) Bugfix: resolver cache poisoning. Thanks to Matthew Dempsky. *) Bugfix: memory leak in resolver. Thanks to Matthew Dempsky. *) Bugfix: invalid request line in $request variable was written in access_log only if error_log was set to "info" or "debug" level. *) Bugfix: in PNG alpha-channel support in the ngx_http_image_filter_module. *) Bugfix: nginx always added "Vary: Accept-Encoding" response header line, if both "gzip_static" and "gzip_vary" were on. *) Bugfix: in UTF-8 encoding support by "try_files" directive in nginx/Windows. *) Bugfix: in "post_action" directive usage; the bug had appeared in 0.8.11. Thanks to Igor Artemiev. Changes with nginx 0.8.15 14 Sep 2009 *) Security: a segmentation fault might occur in worker process while specially crafted request handling. Thanks to Chris Ries. *) Bugfix: if names .domain.tld, .sub.domain.tld, and .domain-some.tld were defined, then the name .sub.domain.tld was matched by .domain.tld. *) Bugfix: in transparency support in the ngx_http_image_filter_module. *) Bugfix: in file AIO. *) Bugfix: in X-Accel-Redirect usage; the bug had appeared in 0.8.11. *) Bugfix: in embedded perl module; the bug had appeared in 0.8.11. Changes with nginx 0.8.14 07 Sep 2009 *) Bugfix: an expired cached response might stick in the "UPDATING" state. *) Bugfix: a segmentation fault might occur in worker process, if error_log was set to info or debug level. Thanks to Sergey Bochenkov. *) Bugfix: in embedded perl module; the bug had appeared in 0.8.11. *) Bugfix: an "error_page" directive did not redirect a 413 error; the bug had appeared in 0.6.10. Changes with nginx 0.8.13 31 Aug 2009 *) Bugfix: in the "aio sendfile" directive; the bug had appeared in 0.8.12. *) Bugfix: nginx could not be built without the --with-file-aio option on FreeBSD; the bug had appeared in 0.8.12. Changes with nginx 0.8.12 31 Aug 2009 *) Feature: the "sendfile" parameter in the "aio" directive on FreeBSD. *) Bugfix: in try_files; the bug had appeared in 0.8.11. *) Bugfix: in memcached; the bug had appeared in 0.8.11. Changes with nginx 0.8.11 28 Aug 2009 *) Change: now directive "gzip_disable msie6" does not disable gzipping for MSIE 6.0 SV1. *) Feature: file AIO support on FreeBSD and Linux. *) Feature: the "directio_alignment" directive. Changes with nginx 0.8.10 24 Aug 2009 *) Bugfix: memory leaks if GeoIP City database was used. *) Bugfix: in copying temporary files to permanent storage area; the bug had appeared in 0.8.9. Changes with nginx 0.8.9 17 Aug 2009 *) Feature: now the start cache loader runs in a separate process; this should improve large caches handling. *) Feature: now temporary files and permanent storage area may reside at different file systems. Changes with nginx 0.8.8 10 Aug 2009 *) Bugfix: in handling FastCGI headers split in records. *) Bugfix: a segmentation fault occurred in worker process, if a request was handled in two proxied or FastCGIed locations and a caching was enabled in the first location; the bug had appeared in 0.8.7. Changes with nginx 0.8.7 27 Jul 2009 *) Change: minimum supported OpenSSL version is 0.9.7. *) Change: the "ask" parameter of the "ssl_verify_client" directive was changed to the "optional" parameter and now it checks a client certificate if it was offered. Thanks to Brice Figureau. *) Feature: the $ssl_client_verify variable. Thanks to Brice Figureau. *) Feature: the "ssl_crl" directive. Thanks to Brice Figureau. *) Feature: the "proxy" parameter of the "geo" directive. *) Feature: the "image_filter" directive supports variables for setting size. *) Bugfix: the $ssl_client_cert variable usage corrupted memory; the bug had appeared in 0.7.7. Thanks to Sergey Zhuravlev. *) Bugfix: "proxy_pass_header" and "fastcgi_pass_header" directives did not pass to a client the "X-Accel-Redirect", "X-Accel-Limit-Rate", "X-Accel-Buffering", and "X-Accel-Charset" lines from backend response header. Thanks to Maxim Dounin. *) Bugfix: in handling "Last-Modified" and "Accept-Ranges" backend response header lines; the bug had appeared in 0.7.44. Thanks to Maxim Dounin. *) Bugfix: the "[alert] zero size buf" error if subrequest returns an empty response; the bug had appeared in 0.8.5. Changes with nginx 0.8.6 20 Jul 2009 *) Feature: the ngx_http_geoip_module. *) Bugfix: XSLT filter may fail with message "not well formed XML document" for valid XML document. Thanks to Kuramoto Eiji. *) Bugfix: now in MacOSX, Cygwin, and nginx/Windows locations given by a regular expression are always tested in case insensitive mode. *) Bugfix: now nginx/Windows ignores trailing dots in URI. Thanks to Hugo Leisink. *) Bugfix: name of file specified in --conf-path was not honored during installation; the bug had appeared in 0.6.6. Thanks to Maxim Dounin. Changes with nginx 0.8.5 13 Jul 2009 *) Bugfix: now nginx allows underscores in a request method. *) Bugfix: a 500 error code was returned for invalid login/password while HTTP Basic authentication on Windows. *) Bugfix: ngx_http_perl_module responses did not work in subrequests. *) Bugfix: in ngx_http_limit_req_module. Thanks to Maxim Dounin. Changes with nginx 0.8.4 22 Jun 2009 *) Bugfix: nginx could not be built --without-http-cache; the bug had appeared in 0.8.3. Changes with nginx 0.8.3 19 Jun 2009 *) Feature: the $upstream_cache_status variable. *) Bugfix: nginx could not be built on MacOSX 10.6. *) Bugfix: nginx could not be built --without-http-cache; the bug had appeared in 0.8.2. *) Bugfix: a segmentation fault occurred in worker process, if a backend 401 error was intercepted and the backend did not set the "WWW-Authenticate" response header line. Thanks to Eugene Mychlo. Changes with nginx 0.8.2 15 Jun 2009 *) Bugfix: in open_file_cache and proxy/fastcgi cache interaction on start up. *) Bugfix: open_file_cache might cache open file descriptors too long; the bug had appeared in 0.7.4. Changes with nginx 0.8.1 08 Jun 2009 *) Feature: the "updating" parameter in "proxy_cache_use_stale" and "fastcgi_cache_use_stale" directives. *) Bugfix: the "If-Modified-Since", "If-Range", etc. client request header lines were passed to backend while caching if no "proxy_set_header" directive was used with any parameters. *) Bugfix: the "Set-Cookie" and "P3P" response header lines were not hidden while caching if no "proxy_hide_header/fastcgi_hide_header" directives were used with any parameters. *) Bugfix: the ngx_http_image_filter_module did not support GIF87a format. Thanks to Denis Ilyinyh. *) Bugfix: nginx could not be built modules on Solaris 10 and early; the bug had appeared in 0.7.56. Changes with nginx 0.8.0 02 Jun 2009 *) Feature: the "keepalive_requests" directive. *) Feature: the "limit_rate_after" directive. Thanks to Ivan Debnar. *) Bugfix: XLST filter did not work in subrequests. *) Bugfix: in relative paths handling in nginx/Windows. *) Bugfix: in proxy_store, fastcgi_store, proxy_cache, and fastcgi_cache in nginx/Windows. *) Bugfix: in memory allocation error handling. Thanks to Maxim Dounin and Kirill A. Korinskiy. Changes with nginx 0.7.59 25 May 2009 *) Feature: the "proxy_cache_methods" and "fastcgi_cache_methods" directives. *) Bugfix: socket leak; the bug had appeared in 0.7.25. Thanks to Maxim Dounin. *) Bugfix: a segmentation fault occurred in worker process, if a request had no body and the $request_body variable was used; the bug had appeared in 0.7.58. *) Bugfix: the SSL modules might not built on Solaris and Linux; the bug had appeared in 0.7.56. *) Bugfix: ngx_http_xslt_filter_module responses were not handled by SSI, charset, and gzip filters. *) Bugfix: a "charset" directive did not set a charset to ngx_http_gzip_static_module responses. Changes with nginx 0.7.58 18 May 2009 *) Feature: a "listen" directive of the mail proxy module supports IPv6. *) Feature: the "image_filter_jpeg_quality" directive. *) Feature: the "client_body_in_single_buffer" directive. *) Feature: the $request_body variable. *) Bugfix: in ngx_http_autoindex_module in file name links having a ":" symbol in the name. *) Bugfix: "make upgrade" procedure did not work; the bug had appeared in 0.7.53. Thanks to Denis F. Latypoff. Changes with nginx 0.7.57 12 May 2009 *) Bugfix: a floating-point fault occurred in worker process, if the ngx_http_image_filter_module errors were redirected to named location; the bug had appeared in 0.7.56. Changes with nginx 0.7.56 11 May 2009 *) Feature: nginx/Windows supports IPv6 in a "listen" directive of the HTTP module. *) Bugfix: in ngx_http_image_filter_module. Changes with nginx 0.7.55 06 May 2009 *) Bugfix: the http_XXX parameters in "proxy_cache_use_stale" and "fastcgi_cache_use_stale" directives did not work. *) Bugfix: fastcgi cache did not cache header only responses. *) Bugfix: of "select() failed (9: Bad file descriptor)" error in nginx/Unix and "select() failed (10038: ...)" error in nginx/Windows. *) Bugfix: a segmentation fault might occur in worker process, if an "debug_connection" directive was used; the bug had appeared in 0.7.54. *) Bugfix: fix ngx_http_image_filter_module building errors. *) Bugfix: the files bigger than 2G could not be transferred using $r->sendfile. Thanks to Maxim Dounin. Changes with nginx 0.7.54 01 May 2009 *) Feature: the ngx_http_image_filter_module. *) Feature: the "proxy_ignore_headers" and "fastcgi_ignore_headers" directives. *) Bugfix: a segmentation fault might occur in worker process, if an "open_file_cache_errors off" directive was used; the bug had appeared in 0.7.53. *) Bugfix: the "port_in_redirect off" directive did not work; the bug had appeared in 0.7.39. *) Bugfix: improve handling of "select" method errors. *) Bugfix: of "select() failed (10022: ...)" error in nginx/Windows. *) Bugfix: in error text descriptions in nginx/Windows; the bug had appeared in 0.7.53. Changes with nginx 0.7.53 27 Apr 2009 *) Change: now a log set by --error-log-path is created from the very start-up. *) Feature: now the start up errors and warnings are outputted to an error_log and stderr. *) Feature: the empty --prefix= configure parameter forces nginx to use a directory where it was run as prefix. *) Feature: the -p switch. *) Feature: the -s switch on Unix platforms. *) Feature: the -? and -h switches. Thanks to Jerome Loyet. *) Feature: now switches may be set in condensed form. *) Bugfix: nginx/Windows did not work if configuration file was given by the -c switch. *) Bugfix: temporary files might be not removed if the "proxy_store", "fastcgi_store", "proxy_cache", or "fastcgi_cache" were used. Thanks to Maxim Dounin. *) Bugfix: an incorrect value was passed to mail proxy authentication server in "Auth-Method" header line; the bug had appeared in 0.7.34. Thanks to Simon Lecaille. *) Bugfix: system error text descriptions were not logged on Linux; the bug had appeared in 0.7.45. *) Bugfix: the "fastcgi_cache_min_uses" directive did not work. Thanks to Andrew Vorobyoff. Changes with nginx 0.7.52 20 Apr 2009 *) Feature: the first native Windows binary release. *) Bugfix: in processing HEAD method while caching. *) Bugfix: in processing the "If-Modified-Since", "If-Range", etc. client request header lines while caching. *) Bugfix: now the "Set-Cookie" and "P3P" header lines are hidden in cacheable responses. *) Bugfix: if nginx was built with the ngx_http_perl_module and with a perl which supports threads, then during a master process exit the message "panic: MUTEX_LOCK" might be issued. *) Bugfix: nginx could not be built --without-http-cache; the bug had appeared in 0.7.48. *) Bugfix: nginx could not be built on platforms different from i386, amd64, sparc, and ppc; the bug had appeared in 0.7.42. Changes with nginx 0.7.51 12 Apr 2009 *) Feature: the "try_files" directive supports a response code in the fallback parameter. *) Feature: now any response code can be used in the "return" directive. *) Bugfix: the "error_page" directive made an external redirect without query string; the bug had appeared in 0.7.44. *) Bugfix: if servers listened on several defined explicitly addresses, then virtual servers might not work; the bug had appeared in 0.7.39. Changes with nginx 0.7.50 06 Apr 2009 *) Bugfix: the $arg_... variables did not work; the bug had appeared in 0.7.49. Changes with nginx 0.7.49 06 Apr 2009 *) Bugfix: a segmentation fault might occur in worker process, if the $arg_... variables were used; the bug had appeared in 0.7.48. Changes with nginx 0.7.48 06 Apr 2009 *) Feature: the "proxy_cache_key" directive. *) Bugfix: now nginx takes into account the "X-Accel-Expires", "Expires", and "Cache-Control" header lines in a backend response. *) Bugfix: now nginx caches responses for the GET requests only. *) Bugfix: the "fastcgi_cache_key" directive was not inherited. *) Bugfix: the $arg_... variables did not work with SSI subrequests. Thanks to Maxim Dounin. *) Bugfix: nginx could not be built with uclibc library. Thanks to Timothy Redaelli. *) Bugfix: nginx could not be built on OpenBSD; the bug had appeared in 0.7.46. Changes with nginx 0.7.47 01 Apr 2009 *) Bugfix: nginx could not be built on FreeBSD 6 and early versions; the bug had appeared in 0.7.46. *) Bugfix: nginx could not be built on MacOSX; the bug had appeared in 0.7.46. *) Bugfix: if the "max_size" parameter was set, then the cache manager might purge a whole cache; the bug had appeared in 0.7.46. *) Change: a segmentation fault might occur in worker process, if the "proxy_cache"/"fastcgi_cache" and the "proxy_cache_valid"/ "fastcgi_cache_valid" were set on different levels; the bug had appeared in 0.7.46. *) Bugfix: a segmentation fault might occur in worker process, if a request was redirected to a proxied or FastCGI server via error_page or try_files; the bug had appeared in 0.7.44. Changes with nginx 0.7.46 30 Mar 2009 *) Bugfix: the previous release tarball was incorrect. Changes with nginx 0.7.45 30 Mar 2009 *) Change: now the "proxy_cache" and the "proxy_cache_valid" directives can be set on different levels. *) Change: the "clean_time" parameter of the "proxy_cache_path" directive is canceled. *) Feature: the "max_size" parameter of the "proxy_cache_path" directive. *) Feature: the ngx_http_fastcgi_module preliminary cache support. *) Feature: now on shared memory allocation errors directive and zone names are logged. *) Bugfix: the directive "add_header last-modified ''" did not delete a "Last-Modified" response header line; the bug had appeared in 0.7.44. *) Bugfix: a relative path in the "auth_basic_user_file" directive given without variables did not work; the bug had appeared in 0.7.44. Thanks to Jerome Loyet. *) Bugfix: in an "alias" directive given using variables without references to captures of regular expressions; the bug had appeared in 0.7.42. Changes with nginx 0.7.44 23 Mar 2009 *) Feature: the ngx_http_proxy_module preliminary cache support. *) Feature: the --with-pcre option in the configure. *) Feature: the "try_files" directive is now allowed on the server block level. *) Bugfix: the "try_files" directive handled incorrectly a query string in a fallback parameter. *) Bugfix: the "try_files" directive might test incorrectly directories. *) Bugfix: if there was a single server for given address:port pair, then captures in regular expressions in a "server_name" directive did not work. Changes with nginx 0.7.43 18 Mar 2009 *) Bugfix: a request was handled incorrectly, if a "root" directive used variables; the bug had appeared in 0.7.42. *) Bugfix: if a server listened on wildcard address, then the $server_addr variable value was "0.0.0.0"; the bug had appeared in 0.7.36. Changes with nginx 0.7.42 16 Mar 2009 *) Change: now the "Invalid argument" error returned by setsockopt(TCP_NODELAY) on Solaris, is ignored. *) Change: now if a file specified in a "auth_basic_user_file" directive is absent, then the 403 error is returned instead of the 500 one. *) Feature: the "auth_basic_user_file" directive supports variables. Thanks to Kirill A. Korinskiy. *) Feature: the "listen" directive supports the "ipv6only" parameter. Thanks to Zhang Hua. *) Bugfix: in an "alias" directive with references to captures of regular expressions; the bug had appeared in 0.7.40. *) Bugfix: compatibility with Tru64 UNIX. Thanks to Dustin Marquess. *) Bugfix: nginx could not be built without PCRE library; the bug had appeared in 0.7.41. Changes with nginx 0.7.41 11 Mar 2009 *) Bugfix: a segmentation fault might occur in worker process, if a "server_name" or a "location" directives had captures in regular expressions; the issue had appeared in 0.7.40. Thanks to Vladimir Sopot. Changes with nginx 0.7.40 09 Mar 2009 *) Feature: the "location" directive supports captures in regular expressions. *) Feature: an "alias" directive with capture references may be used inside a location given by a regular expression with captures. *) Feature: the "server_name" directive supports captures in regular expressions. *) Workaround: the ngx_http_autoindex_module did not show the trailing slash in directories on XFS filesystem; the issue had appeared in 0.7.15. Thanks to Dmitry Kuzmenko. Changes with nginx 0.7.39 02 Mar 2009 *) Bugfix: large response with SSI might hang, if gzipping was enabled; the bug had appeared in 0.7.28. Thanks to Artem Bokhan. *) Bugfix: a segmentation fault might occur in worker process, if short static variants are used in a "try_files" directive. Changes with nginx 0.7.38 23 Feb 2009 *) Feature: authentication failures logging. *) Bugfix: name/password in auth_basic_user_file were ignored after odd number of empty lines. Thanks to Alexander Zagrebin. *) Bugfix: a segmentation fault occurred in a master process, if long path was used in unix domain socket; the bug had appeared in 0.7.36. Changes with nginx 0.7.37 21 Feb 2009 *) Bugfix: directives using upstreams did not work; the bug had appeared in 0.7.36. Changes with nginx 0.7.36 21 Feb 2009 *) Feature: a preliminary IPv6 support; the "listen" directive of the HTTP module supports IPv6. *) Bugfix: the $ancient_browser variable did not work for browsers preset by a "modern_browser" directives. Changes with nginx 0.7.35 16 Feb 2009 *) Bugfix: a "ssl_engine" directive did not use a SSL-accelerator for asymmetric ciphers. Thanks to Marcin Gozdalik. *) Bugfix: a "try_files" directive set MIME type depending on an original request extension. *) Bugfix: "*domain.tld" names were handled incorrectly in "server_name", "valid_referers", and "map" directives, if ".domain.tld" and ".subdomain.domain.tld" wildcards were used; the bug had appeared in 0.7.9. Changes with nginx 0.7.34 10 Feb 2009 *) Feature: the "off" parameter of the "if_modified_since" directive. *) Feature: now nginx sends an HELO/EHLO command after a XCLIENT command. Thanks to Maxim Dounin. *) Feature: Microsoft specific "AUTH LOGIN with User Name" mode support in mail proxy server. Thanks to Maxim Dounin. *) Bugfix: in a redirect rewrite directive original arguments were concatenated with new arguments by a "?" rather than an "&"; the bug had appeared in 0.1.18. Thanks to Maxim Dounin. *) Bugfix: nginx could not be built on AIX. Changes with nginx 0.7.33 02 Feb 2009 *) Bugfix: a double response might be returned if the epoll or rtsig methods are used and a redirect was returned to a request with body. Thanks to Eden Li. *) Bugfix: the $sent_http_location variable was empty for some redirects types. *) Bugfix: a segmentation fault might occur in worker process if "resolver" directive was used in SMTP proxy. Changes with nginx 0.7.32 26 Jan 2009 *) Feature: now a directory existence testing can be set explicitly in the "try_files" directive. *) Bugfix: fastcgi_store stored files not always. *) Bugfix: in geo ranges. *) Bugfix: in shared memory allocations if nginx was built without debugging. Thanks to Andrey Kvasov. Changes with nginx 0.7.31 19 Jan 2009 *) Change: now the "try_files" directive tests files only and ignores directories. *) Feature: the "fastcgi_split_path_info" directive. *) Bugfixes in an "Expect" request header line support. *) Bugfixes in geo ranges. *) Bugfix: in a miss case ngx_http_memcached_module returned the "END" line as response body instead of default 404 page body; the bug had appeared in 0.7.18. Thanks to Maxim Dounin. *) Bugfix: while SMTP proxying nginx issued message "250 2.0.0 OK" instead of "235 2.0.0 OK"; the bug had appeared in 0.7.22. Thanks to Maxim Dounin. Changes with nginx 0.7.30 24 Dec 2008 *) Bugfix: a segmentation fault occurred in worker process, if variables were used in the "fastcgi_pass" or "proxy_pass" directives and host name must be resolved; the bug had appeared in 0.7.29. Changes with nginx 0.7.29 24 Dec 2008 *) Bugfix: the "fastcgi_pass" and "proxy_pass" directives did not support variables if unix domain sockets were used. *) Bugfixes in subrequest processing; the bugs had appeared in 0.7.25. *) Bugfix: a "100 Continue" response was issued for HTTP/1.0 requests; Thanks to Maxim Dounin. *) Bugfix: in memory allocation in the ngx_http_gzip_filter_module on Cygwin. Changes with nginx 0.7.28 22 Dec 2008 *) Change: in memory allocation in the ngx_http_gzip_filter_module. *) Change: the default "gzip_buffers" directive values have been changed to 32 4k or 16 8k from 4 4k/8k. Changes with nginx 0.7.27 15 Dec 2008 *) Feature: the "try_files" directive. *) Feature: variables support in the "fastcgi_pass" directive. *) Feature: now the $geo variable may get an address from a variable. Thanks to Andrei Nigmatulin. *) Feature: now a location's modifier may be used without space before name. *) Feature: the $upstream_response_length variable. *) Bugfix: now a "add_header" directive does not add an empty value. *) Bugfix: if zero length static file was requested, then nginx just closed connection; the bug had appeared in 0.7.25. *) Bugfix: a MOVE method could not move file in non-existent directory. *) Bugfix: a segmentation fault occurred in worker process, if no one named location was defined in server, but some one was used in an error_page directive. Thanks to Sergey Bochenkov. Changes with nginx 0.7.26 08 Dec 2008 *) Bugfix: in subrequest processing; the bug had appeared in 0.7.25. Changes with nginx 0.7.25 08 Dec 2008 *) Change: in subrequest processing. *) Change: now POSTs without "Content-Length" header line are allowed. *) Bugfix: now the "limit_req" and "limit_conn" directives log a prohibition reason. *) Bugfix: in the "delete" parameter of the "geo" directive. Changes with nginx 0.7.24 01 Dec 2008 *) Feature: the "if_modified_since" directive. *) Bugfix: nginx did not process a FastCGI server response, if the server send too many messages to stderr before response. *) Bugfix: the "$cookie_..." variables did not work in the SSI and the perl module. Changes with nginx 0.7.23 27 Nov 2008 *) Feature: the "delete" and "ranges" parameters in the "geo" directive. *) Feature: speeding up loading of geo base with large number of values. *) Feature: decrease of memory required for geo base load. Changes with nginx 0.7.22 20 Nov 2008 *) Feature: the "none" parameter in the "smtp_auth" directive. Thanks to Maxim Dounin. *) Feature: the "$cookie_..." variables. *) Bugfix: the "directio" directive did not work in XFS filesystem. *) Bugfix: the resolver did not understand big DNS responses. Thanks to Zyb. Changes with nginx 0.7.21 11 Nov 2008 *) Changes in the ngx_http_limit_req_module. *) Feature: the EXSLT support in the ngx_http_xslt_module. Thanks to Denis F. Latypoff. *) Workaround: compatibility with glibc 2.3. Thanks to Eric Benson and Maxim Dounin. *) Bugfix: nginx could not run on MacOSX 10.4 and earlier; the bug had appeared in 0.7.6. Changes with nginx 0.7.20 10 Nov 2008 *) Changes in the ngx_http_gzip_filter_module. *) Feature: the ngx_http_limit_req_module. *) Bugfix: worker processes might exit on a SIGBUS signal on sparc and ppc platforms; the bug had appeared in 0.7.3. Thanks to Maxim Dounin. *) Bugfix: the "proxy_pass http://host/some:uri" directives did not work; the bug had appeared in 0.7.12. *) Bugfix: in HTTPS mode requests might fail with the "bad write retry" error. *) Bugfix: the ngx_http_secure_link_module did not work inside locations, whose names are less than 3 characters. *) Bugfix: $server_addr variable might have no value. Changes with nginx 0.7.19 13 Oct 2008 *) Bugfix: version number update. Changes with nginx 0.7.18 13 Oct 2008 *) Change: the "underscores_in_headers" directive; now nginx does not allows underscores in a client request header line names. *) Feature: the ngx_http_secure_link_module. *) Feature: the "real_ip_header" directive supports any header. *) Feature: the "log_subrequest" directive. *) Feature: the $realpath_root variable. *) Feature: the "http_502" and "http_504" parameters of the "proxy_next_upstream" directive. *) Bugfix: the "http_503" parameter of the "proxy_next_upstream" or "fastcgi_next_upstream" directives did not work. *) Bugfix: nginx might send a "Transfer-Encoding: chunked" header line for HEAD requests. *) Bugfix: now accept threshold depends on worker_connections. Changes with nginx 0.7.17 15 Sep 2008 *) Feature: now the "directio" directive works on Linux. *) Feature: the $pid variable. *) Bugfix: the "directio" optimization that had appeared in 0.7.15 did not work with open_file_cache. *) Bugfix: the "access_log" with variables did not work on Linux; the bug had appeared in 0.7.7. *) Bugfix: the ngx_http_charset_module did not understand quoted charset name received from backend. Changes with nginx 0.7.16 08 Sep 2008 *) Bugfix: nginx could not be built on 64-bit platforms; the bug had appeared in 0.7.15. Changes with nginx 0.7.15 08 Sep 2008 *) Feature: the ngx_http_random_index_module. *) Feature: the "directio" directive has been optimized for file requests starting from arbitrary position. *) Feature: the "directio" directive turns off sendfile if it is necessary. *) Feature: now nginx allows underscores in a client request header line names. Changes with nginx 0.7.14 01 Sep 2008 *) Change: now the ssl_certificate and ssl_certificate_key directives have no default values. *) Feature: the "listen" directive supports the "ssl" parameter. *) Feature: now nginx takes into account a time zone change while reconfiguration on FreeBSD and Linux. *) Bugfix: the "listen" directive parameters such as "backlog", "rcvbuf", etc. were not set, if a default server was not the first one. *) Bugfix: if URI part captured by a "rewrite" directive was used as a query string, then the query string was not escaped. *) Bugfix: configuration file validity test improvements. Changes with nginx 0.7.13 26 Aug 2008 *) Bugfix: nginx could not be built on Linux and Solaris; the bug had appeared in 0.7.12. Changes with nginx 0.7.12 26 Aug 2008 *) Feature: the "server_name" directive supports empty name "". *) Feature: the "gzip_disable" directive supports special "msie6" mask. *) Bugfix: if the "max_fails=0" parameter was used in upstream with several servers, then a worker process exited on a SIGFPE signal. Thanks to Maxim Dounin. *) Bugfix: a request body was dropped while redirection via an "error_page" directive. *) Bugfix: a full response was returned for request method HEAD while redirection via an "error_page" directive. *) Bugfix: the $r->header_in() method did not return value of the "Host", "User-Agent", and "Connection" request header lines; the bug had appeared in 0.7.0. Changes with nginx 0.7.11 18 Aug 2008 *) Change: now ngx_http_charset_module does not work by default with text/css MIME type. *) Feature: now nginx returns the 405 status code for POST method requesting a static file only if the file exists. *) Feature: the "proxy_ssl_session_reuse" directive. *) Bugfix: a "proxy_pass" directive without URI part might use original request after the "X-Accel-Redirect" redirection was used. *) Bugfix: if a directory has search only rights and the first index file was absent, then nginx returned the 500 status code. *) Bugfix: in inclusive locations; the bugs had appeared in 0.7.1. Changes with nginx 0.7.10 13 Aug 2008 *) Bugfix: in the "addition_types", "charset_types", "gzip_types", "ssi_types", "sub_filter_types", and "xslt_types" directives; the bugs had appeared in 0.7.9. *) Bugfix: of recursive error_page for 500 status code. *) Bugfix: now the ngx_http_realip_module sets address not for whole keepalive connection, but for each request passed via the connection. Changes with nginx 0.7.9 12 Aug 2008 *) Change: now ngx_http_charset_module works by default with following MIME types: text/html, text/css, text/xml, text/plain, text/vnd.wap.wml, application/x-javascript, and application/rss+xml. *) Feature: the "charset_types" and "addition_types" directives. *) Feature: now the "gzip_types", "ssi_types", and "sub_filter_types" directives use hash. *) Feature: the ngx_cpp_test_module. *) Feature: the "expires" directive supports daily time. *) Feature: the ngx_http_xslt_module improvements and bug fixing. Thanks to Denis F. Latypoff and Maxim Dounin. *) Bugfix: the "log_not_found" directive did not work for index files tests. *) Bugfix: HTTPS connections might hang, if kqueue, epoll, rtsig, or eventport methods were used; the bug had appeared in 0.7.7. *) Bugfix: if the "server_name", "valid_referers", and "map" directives used an "*.domain.tld" wildcard and exact name "domain.tld" was not set, then the exact name was matched by the wildcard; the bug had appeared in 0.3.18. Changes with nginx 0.7.8 04 Aug 2008 *) Feature: the ngx_http_xslt_module. *) Feature: the "$arg_..." variables. *) Feature: Solaris directio support. Thanks to Ivan Debnar. *) Bugfix: now if FastCGI server sends a "Location" header line without status line, then nginx uses 302 status code. Thanks to Maxim Dounin. Changes with nginx 0.7.7 30 Jul 2008 *) Change: now the EAGAIN error returned by connect() is not considered as temporary error. *) Change: now the $ssl_client_cert variable value is a certificate with TAB character intended before each line except first one; an unchanged certificate is available in the $ssl_client_raw_cert variable. *) Feature: the "ask" parameter in the "ssl_verify_client" directive. *) Feature: byte-range processing improvements. Thanks to Maxim Dounin. *) Feature: the "directio" directive. Thanks to Jiang Hong. *) Feature: MacOSX 10.5 sendfile() support. *) Bugfix: now in MacOSX and Cygwin locations are tested in case insensitive mode; however, the compare is provided by single-byte locales only. *) Bugfix: mail proxy SSL connections hanged, if select, poll, or /dev/poll methods were used. *) Bugfix: UTF-8 encoding usage in the ngx_http_autoindex_module. Changes with nginx 0.7.6 07 Jul 2008 *) Bugfix: now if variables are used in the "access_log" directive a request root existence is always tested. *) Bugfix: the ngx_http_flv_module did not support several values in a query string. Changes with nginx 0.7.5 01 Jul 2008 *) Bugfixes in variables support in the "access_log" directive; the bugs had appeared in 0.7.4. *) Bugfix: nginx could not be built --without-http_gzip_module; the bug had appeared in 0.7.3. Thanks to Kirill A. Korinskiy. *) Bugfix: if sub_filter and SSI were used together, then responses might were transferred incorrectly. Changes with nginx 0.7.4 30 Jun 2008 *) Feature: variables support in the "access_log" directive. *) Feature: the "open_log_file_cache" directive. *) Feature: the -g switch. *) Feature: the "Expect" request header line support. *) Bugfix: large SSI inclusions might be truncated. Changes with nginx 0.7.3 23 Jun 2008 *) Change: the "rss" extension MIME type has been changed to "application/rss+xml". *) Change: now the "gzip_vary" directive turned on issues a "Vary: Accept-Encoding" header line for uncompressed responses too. *) Feature: now the "rewrite" directive does a redirect automatically if the "https://" protocol is used. *) Bugfix: the "proxy_pass" directive did not work with the HTTPS protocol; the bug had appeared in 0.6.9. Changes with nginx 0.7.2 16 Jun 2008 *) Feature: now nginx supports EDH key exchange ciphers. *) Feature: the "ssl_dhparam" directive. *) Feature: the $ssl_client_cert variable. Thanks to Manlio Perillo. *) Bugfix: after changing URI via a "rewrite" directive nginx did not search a new location; the bug had appeared in 0.7.1. Thanks to Maxim Dounin. *) Bugfix: nginx could not be built without PCRE library; the bug had appeared in 0.7.1. *) Bugfix: when a request to a directory was redirected with the slash added, nginx dropped a query string from the original request. Changes with nginx 0.7.1 26 May 2008 *) Change: now locations are searched in a tree. *) Change: the "optimize_server_names" directive was canceled due to the "server_name_in_redirect" directive introduction. *) Change: some long deprecated directives are not supported anymore. *) Change: the "none" parameter in the "ssl_session_cache" directive; now this is default parameter. Thanks to Rob Mueller. *) Bugfix: worker processes might not catch reconfiguration and log rotation signals. *) Bugfix: nginx could not be built on latest Fedora 9 Linux. Thanks to Roxis. Changes with nginx 0.7.0 19 May 2008 *) Change: now the 0x00-0x1F, '"' and '\' characters are escaped as \xXX in an access_log. Thanks to Maxim Dounin. *) Change: now nginx allows several "Host" request header line. *) Feature: the "modified" flag in the "expires" directive. *) Feature: the $uid_got and $uid_set variables may be used at any request processing stage. *) Feature: the $hostname variable. Thanks to Andrei Nigmatulin. *) Feature: DESTDIR support. Thanks to Todd A. Fisher and Andras Voroskoi. *) Bugfix: a segmentation fault might occur in worker process on Linux, if keepalive was enabled. Changes with nginx 0.6.31 12 May 2008 *) Bugfix: nginx did not process FastCGI response if header was at the end of FastCGI record; the bug had appeared in 0.6.2. Thanks to Sergey Serov. *) Bugfix: a segmentation fault might occur in worker process if a file was deleted and the "open_file_cache_errors" directive was off. Changes with nginx 0.6.30 29 Apr 2008 *) Change: now if an "include" directive pattern does not match any file, then nginx does not issue an error. *) Feature: now the time in directives may be specified without spaces, for example, "1h50m". *) Bugfix: memory leaks if the "ssl_verify_client" directive was on. Thanks to Chavelle Vincent. *) Bugfix: the "sub_filter" directive might set text to change into output. *) Bugfix: the "error_page" directive did not take into account arguments in redirected URI. *) Bugfix: now nginx always opens files in binary mode under Cygwin. *) Bugfix: nginx could not be built on OpenBSD; the bug had appeared in 0.6.15. Changes with nginx 0.6.29 18 Mar 2008 *) Feature: the ngx_google_perftools_module. *) Bugfix: the ngx_http_perl_module could not be built on 64-bit platforms; the bug had appeared in 0.6.27. Changes with nginx 0.6.28 13 Mar 2008 *) Bugfix: the rtsig method could not be built; the bug had appeared in 0.6.27. Changes with nginx 0.6.27 12 Mar 2008 *) Change: now by default the rtsig method is not built on Linux 2.6.18+. *) Change: now a request method is not changed while redirection to a named location via an "error_page" directive. *) Feature: the "resolver" and "resolver_timeout" directives in SMTP proxy. *) Feature: the "post_action" directive supports named locations. *) Bugfix: a segmentation fault occurred in worker process, if a request was redirected from proxy, FastCGI, or memcached location to static named locations. *) Bugfix: browsers did not repeat SSL handshake if there is no valid client certificate in first handshake. Thanks to Alexander V. Inyukhin. *) Bugfix: if response code 495-497 was redirected via an "error_page" directive without code change, then nginx tried to allocate too many memory. *) Bugfix: memory leak in long-lived non buffered connections. *) Bugfix: memory leak in resolver. *) Bugfix: a segmentation fault occurred in worker process, if a request was redirected from proxy, FastCGI, or memcached location to static named locations. *) Bugfix: in the $proxy_host and $proxy_port variables caching. Thanks to Sergey Bochenkov. *) Bugfix: a "proxy_pass" directive with variables used incorrectly the same port as in another "proxy_pass" directive with the same host name and without variables. Thanks to Sergey Bochenkov. *) Bugfix: an alert "sendmsg() failed (9: Bad file descriptor)" on some 64-bit platforms while reconfiguration. *) Bugfix: a segmentation fault occurred in worker process, if empty stub block was used second time in SSI. *) Bugfix: in copying URI part contained escaped symbols into arguments. Changes with nginx 0.6.26 11 Feb 2008 *) Bugfix: the "proxy_store" and "fastcgi_store" directives did not check a response length. *) Bugfix: a segmentation fault occurred in worker process, if big value was used in a "expires" directive. Thanks to Joaquin Cuenca Abela. *) Bugfix: nginx incorrectly detected cache line size on Pentium 4. Thanks to Gena Makhomed. *) Bugfix: in proxied or FastCGI subrequests a client original method was used instead of the GET method. *) Bugfix: socket leak in HTTPS mode if deferred accept was used. Thanks to Ben Maurer. *) Bugfix: nginx issued the bogus error message "SSL_shutdown() failed (SSL: )"; the bug had appeared in 0.6.23. *) Bugfix: in HTTPS mode requests might fail with the "bad write retry" error; the bug had appeared in 0.6.23. Changes with nginx 0.6.25 08 Jan 2008 *) Change: now the "server_name_in_redirect" directive is used instead of the "server_name" directive's special "*" parameter. *) Change: now wildcard and regex names can be used as main name in a "server_name" directive. *) Change: the "satisfy_any" directive was replaced by the "satisfy" directive. *) Workaround: old worker processes might hog CPU after reconfiguration if they was run under Linux OpenVZ. *) Feature: the "min_delete_depth" directive. *) Bugfix: the COPY and MOVE methods did not work with single files. *) Bugfix: the ngx_http_gzip_static_module did not allow the ngx_http_dav_module to work; the bug had appeared in 0.6.23. *) Bugfix: socket leak in HTTPS mode if deferred accept was used. Thanks to Ben Maurer. *) Bugfix: nginx could not be built without PCRE library; the bug had appeared in 0.6.23. Changes with nginx 0.6.24 27 Dec 2007 *) Bugfix: a segmentation fault might occur in worker process if HTTPS was used; the bug had appeared in 0.6.23. Changes with nginx 0.6.23 27 Dec 2007 *) Change: the "off" parameter in the "ssl_session_cache" directive; now this is default parameter. *) Change: the "open_file_cache_retest" directive was renamed to the "open_file_cache_valid". *) Feature: the "open_file_cache_min_uses" directive. *) Feature: the ngx_http_gzip_static_module. *) Feature: the "gzip_disable" directive. *) Feature: the "memcached_pass" directive may be used inside the "if" block. *) Bugfix: a segmentation fault occurred in worker process, if the "memcached_pass" and "if" directives were used in the same location. *) Bugfix: if a "satisfy_any on" directive was used and not all access and auth modules directives were set, then other given access and auth directives were not tested; *) Bugfix: regex parameters in a "valid_referers" directive were not inherited from previous level. *) Bugfix: a "post_action" directive did run if a request was completed with 499 status code. *) Bugfix: optimization of 16K buffer usage in a SSL connection. Thanks to Ben Maurer. *) Bugfix: the STARTTLS in SMTP mode did not work. Thanks to Oleg Motienko. *) Bugfix: in HTTPS mode requests might fail with the "bad write retry" error; the bug had appeared in 0.5.13. Changes with nginx 0.6.22 19 Dec 2007 *) Change: now all ngx_http_perl_module methods return values copied to perl's allocated memory. *) Bugfix: if nginx was built with ngx_http_perl_module, the perl before 5.8.6 was used, and perl supported threads, then during reconfiguration the master process aborted; the bug had appeared in 0.5.9. Thanks to Boris Zhmurov. *) Bugfix: the ngx_http_perl_module methods may get invalid values of the regex captures. *) Bugfix: a segmentation fault occurred in worker process, if the $r->has_request_body() method was called for a request whose small request body was already received. *) Bugfix: large_client_header_buffers did not freed before going to keep-alive state. Thanks to Olexander Shtepa. *) Bugfix: the last address was missed in the $upstream_addr variable; the bug had appeared in 0.6.18. *) Bugfix: the "fastcgi_catch_stderr" directive did return error code; now it returns 502 code, that can be rerouted to a next server using the "fastcgi_next_upstream invalid_header" directive. *) Bugfix: a segmentation fault occurred in master process if the "fastcgi_catch_stderr" directive was used; the bug had appeared in 0.6.10. Thanks to Manlio Perillo. Changes with nginx 0.6.21 03 Dec 2007 *) Change: if variable values used in a "proxy_pass" directive contain IP-addresses only, then a "resolver" directive is not mandatory. *) Bugfix: a segmentation fault might occur in worker process if a "proxy_pass" directive with URI-part was used; the bug had appeared in 0.6.19. *) Bugfix: if resolver was used on platform that does not support kqueue, then nginx issued an alert "name is out of response". Thanks to Andrei Nigmatulin. *) Bugfix: if the $server_protocol was used in FastCGI parameters and a request line length was near to the "client_header_buffer_size" directive value, then nginx issued an alert "fastcgi: the request record is too big". *) Bugfix: if a plain text HTTP/0.9 version request was made to HTTPS server, then nginx returned usual response. Changes with nginx 0.6.20 28 Nov 2007 *) Bugfix: a segmentation fault might occur in worker process if a "proxy_pass" directive with URI-part was used; the bug had appeared in 0.6.19. Changes with nginx 0.6.19 27 Nov 2007 *) Bugfix: the 0.6.18 version could not be built. Changes with nginx 0.6.18 27 Nov 2007 *) Change: now the ngx_http_userid_module adds start time microseconds to the cookie field contains a pid value. *) Change: now the full request line instead of URI only is written to error_log. *) Feature: variables support in the "proxy_pass" directive. *) Feature: the "resolver" and "resolver_timeout" directives. *) Feature: now the directive "add_header last-modified ''" deletes a "Last-Modified" response header line. *) Bugfix: the "limit_rate" directive did not allow to use full throughput, even if limit value was very high. Changes with nginx 0.6.17 15 Nov 2007 *) Feature: the "If-Range" request header line support. Thanks to Alexander V. Inyukhin. *) Bugfix: URL double escaping in a redirect of the "msie_refresh" directive; the bug had appeared in 0.6.4. *) Bugfix: the "autoindex" directive did not work with the "alias /" directive. *) Bugfix: a segmentation fault might occur in worker process if subrequests were used. *) Bugfix: the big responses may be transferred truncated if SSL and gzip were used. *) Bugfix: the $status variable was equal to 0 if a proxied server returned response in HTTP/0.9 version. Changes with nginx 0.6.16 29 Oct 2007 *) Change: now the uname(2) is used on Linux instead of procfs. Thanks to Ilya Novikov. *) Bugfix: if the "?" character was in a "error_page" directive, then it was escaped in a proxied request; the bug had appeared in 0.6.11. *) Bugfix: compatibility with mget. Changes with nginx 0.6.15 22 Oct 2007 *) Feature: Cygwin compatibility. Thanks to Vladimir Kutakov. *) Feature: the "merge_slashes" directive. *) Feature: the "gzip_vary" directive. *) Feature: the "server_tokens" directive. *) Bugfix: nginx did not unescape URI in the "include" SSI command. *) Bugfix: the segmentation fault was occurred on start or while reconfiguration if variable was used in the "charset" or "source_charset" directives. *) Bugfix: nginx returned the 400 response on requests like "GET http://www.domain.com HTTP/1.0". Thanks to James Oakley. *) Bugfix: if request with request body was redirected using the "error_page" directive, then nginx tried to read the request body again; the bug had appeared in 0.6.7. *) Bugfix: a segmentation fault occurred in worker process if no server_name was explicitly defined for server processing request; the bug had appeared in 0.6.7. Changes with nginx 0.6.14 15 Oct 2007 *) Change: now by default the "echo" SSI command uses entity encoding. *) Feature: the "encoding" parameter in the "echo" SSI command. *) Feature: the "access_log" directive may be used inside the "limit_except" block. *) Bugfix: if all upstream servers were failed, then all servers had got weight the was equal one until servers became alive; the bug had appeared in 0.6.6. *) Bugfix: a segmentation fault occurred in worker process if $date_local and $date_gmt were used outside the ngx_http_ssi_filter_module. *) Bugfix: a segmentation fault might occur in worker process if debug log was enabled. Thanks to Andrei Nigmatulin. *) Bugfix: ngx_http_memcached_module did not set $upstream_response_time. Thanks to Maxim Dounin. *) Bugfix: a worker process may got caught in an endless loop, if the memcached was used. *) Bugfix: nginx supported low case only "close" and "keep-alive" values in the "Connection" request header line; the bug had appeared in 0.6.11. *) Bugfix: sub_filter did not work with empty substitution. *) Bugfix: in sub_filter parsing. Changes with nginx 0.6.13 24 Sep 2007 *) Bugfix: nginx did not close directory file on HEAD request if autoindex was used. Thanks to Arkadiusz Patyk. Changes with nginx 0.6.12 21 Sep 2007 *) Change: mail proxy was split on three modules: pop3, imap and smtp. *) Feature: the --without-mail_pop3_module, --without-mail_imap_module, and --without-mail_smtp_module configuration parameters. *) Feature: the "smtp_greeting_delay" and "smtp_client_buffer" directives of the ngx_mail_smtp_module. *) Bugfix: the trailing wildcards did not work; the bug had appeared in 0.6.9. *) Bugfix: nginx could not start on Solaris if the shared PCRE library located in non-standard place was used. *) Bugfix: the "proxy_hide_header" and "fastcgi_hide_header" directives did not hide response header lines whose name was longer than 32 characters. Thanks to Manlio Perillo. Changes with nginx 0.6.11 11 Sep 2007 *) Bugfix: active connection counter always increased if mail proxy was used. *) Bugfix: if backend returned response header only using non-buffered proxy, then nginx closed backend connection on timeout. *) Bugfix: nginx did not support several "Connection" request header lines. *) Bugfix: if the "max_fails" was set for upstream server, then after first failure server weight was always one; the bug had appeared in 0.6.6. Changes with nginx 0.6.10 03 Sep 2007 *) Feature: the "open_file_cache", "open_file_cache_retest", and "open_file_cache_errors" directives. *) Bugfix: socket leak; the bug had appeared in 0.6.7. *) Bugfix: a charset set by the "charset" directive was not appended to the "Content-Type" header set by $r->send_http_header(). *) Bugfix: a segmentation fault might occur in worker process if /dev/poll method was used. Changes with nginx 0.6.9 28 Aug 2007 *) Bugfix: a worker process may got caught in an endless loop, if the HTTPS protocol was used; the bug had appeared in 0.6.7. *) Bugfix: if server listened on two addresses or ports and trailing wildcard was used, then nginx did not run. *) Bugfix: the "ip_hash" directive might incorrectly mark servers as down. *) Bugfix: nginx could not be built on amd64; the bug had appeared in 0.6.8. Changes with nginx 0.6.8 20 Aug 2007 *) Change: now nginx tries to set the "worker_priority", "worker_rlimit_nofile", "worker_rlimit_core", and "worker_rlimit_sigpending" without super-user privileges. *) Change: now nginx escapes space and "%" in request to a mail proxy authentication server. *) Change: now nginx escapes "%" in $memcached_key variable. *) Bugfix: nginx used path relative to configuration prefix for non-absolute configuration file path specified in the "-c" key; the bug had appeared in 0.6.6. *) Bugfix: nginx did not work on FreeBSD/sparc64. Changes with nginx 0.6.7 15 Aug 2007 *) Change: now the paths specified in the "include", "auth_basic_user_file", "perl_modules", "ssl_certificate", "ssl_certificate_key", and "ssl_client_certificate" directives are relative to directory of nginx configuration file nginx.conf, but not to nginx prefix directory. *) Change: the --sysconfdir=PATH option in configure was canceled. *) Change: the special make target "upgrade1" was defined for online upgrade of 0.1.x versions. *) Feature: the "server_name" and "valid_referers" directives support regular expressions. *) Feature: the "server" directive in the "upstream" context supports the "backup" parameter. *) Feature: the ngx_http_perl_module supports the $r->discard_request_body. *) Feature: the "add_header Last-Modified ..." directive changes the "Last-Modified" response header line. *) Bugfix: if a response different than 200 was returned to a request with body and connection went to the keep-alive state after the request, then nginx returned 400 for the next request. *) Bugfix: a segmentation fault occurred in worker process if invalid address was set in the "auth_http" directive. *) Bugfix: now nginx uses default listen backlog value 511 on all platforms except FreeBSD. Thanks to Jiang Hong. *) Bugfix: a worker process may got caught in an endless loop, if a "server" inside "upstream" block was marked as "down"; the bug had appeared in 0.6.6. *) Bugfix: now Solaris sendfilev() is not used to transfer the client request body to FastCGI-server via the unix domain socket. Changes with nginx 0.6.6 30 Jul 2007 *) Feature: the --sysconfdir=PATH option in configure. *) Feature: named locations. *) Feature: the $args variable can be set with the "set" directive. *) Feature: the $is_args variable. *) Bugfix: fair big weight upstream balancer. *) Bugfix: if a client has closed connection to mail proxy then nginx might not close connection to backend. *) Bugfix: if the same host without specified port was used as backend for HTTP and HTTPS, then nginx used only one port - 80 or 443. *) Bugfix: fix building on Solaris/amd64 by Sun Studio 11 and early versions; the bug had appeared in 0.6.4. Changes with nginx 0.6.5 23 Jul 2007 *) Feature: $nginx_version variable. Thanks to Nick S. Grechukh. *) Feature: the mail proxy supports AUTHENTICATE in IMAP mode. Thanks to Maxim Dounin. *) Feature: the mail proxy supports STARTTLS in SMTP mode. Thanks to Maxim Dounin. *) Bugfix: now nginx escapes space in $memcached_key variable. *) Bugfix: nginx was incorrectly built by Sun Studio on Solaris/amd64. Thanks to Jiang Hong. *) Bugfix: of minor potential bugs. Thanks to Coverity's Scan. Changes with nginx 0.6.4 17 Jul 2007 *) Security: the "msie_refresh" directive allowed XSS. Thanks to Maxim Boguk. *) Change: the "proxy_store" and "fastcgi_store" directives were changed. *) Feature: the "proxy_store_access" and "fastcgi_store_access" directives. *) Bugfix: nginx did not work on Solaris/sparc64 if it was built by Sun Studio. Thanks to Andrei Nigmatulin. *) Workaround: for Sun Studio 12. Thanks to Jiang Hong. Changes with nginx 0.6.3 12 Jul 2007 *) Feature: the "proxy_store" and "fastcgi_store" directives. *) Bugfix: a segmentation fault might occur in worker process if the "auth_http_header" directive was used. Thanks to Maxim Dounin. *) Bugfix: a segmentation fault occurred in worker process if the CRAM-MD5 authentication method was used, but it was not enabled. *) Bugfix: a segmentation fault might occur in worker process when the HTTPS protocol was used in the "proxy_pass" directive. *) Bugfix: a segmentation fault might occur in worker process if the eventport method was used. *) Bugfix: the "proxy_ignore_client_abort" and "fastcgi_ignore_client_abort" directives did not work; the bug had appeared in 0.5.13. Changes with nginx 0.6.2 09 Jul 2007 *) Bugfix: if the FastCGI header was split in records, then nginx passed garbage in the header to a client. Changes with nginx 0.6.1 17 Jun 2007 *) Bugfix: in SSI parsing. *) Bugfix: if remote SSI subrequest was used, then posterior local file subrequest might transferred to client in wrong order. *) Bugfix: large SSI inclusions buffered in temporary files were truncated. *) Bugfix: the perl $$ variable value in ngx_http_perl_module was equal to the master process identification number. Changes with nginx 0.6.0 14 Jun 2007 *) Feature: the "server_name", "map", and "valid_referers" directives support the "www.example.*" wildcards. Changes with nginx 0.5.25 11 Jun 2007 *) Bugfix: nginx could not be built with the --without-http_rewrite_module parameter; the bug had appeared in 0.5.24. Changes with nginx 0.5.24 06 Jun 2007 *) Security: the "ssl_verify_client" directive did not work if request was made using HTTP/0.9. *) Bugfix: a part of response body might be passed uncompressed if gzip was used; the bug had appeared in 0.5.23. Changes with nginx 0.5.23 04 Jun 2007 *) Feature: the ngx_http_ssl_module supports Server Name Indication TLS extension. *) Feature: the "fastcgi_catch_stderr" directive. Thanks to Nick S. Grechukh, OWOX project. *) Bugfix: a segmentation fault occurred in master process if two virtual servers should bind() to the overlapping ports. *) Bugfix: if nginx was built with ngx_http_perl_module and perl supported threads, then during second reconfiguration the error messages "panic: MUTEX_LOCK" and "perl_parse() failed" were issued. *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive. Changes with nginx 0.5.22 29 May 2007 *) Bugfix: a big request body might not be passed to backend; the bug had appeared in 0.5.21. Changes with nginx 0.5.21 28 May 2007 *) Bugfix: if server has more than about ten locations, then regex locations might be chosen not in that order as they were specified. *) Bugfix: a worker process may got caught in an endless loop on 64-bit platform, if the 33-rd or next in succession backend has failed. Thanks to Anton Povarov. *) Bugfix: a bus error might occur on Solaris/sparc64 if the PCRE library was used. Thanks to Andrei Nigmatulin. *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive. Changes with nginx 0.5.20 07 May 2007 *) Feature: the "sendfile_max_chunk" directive. *) Feature: the "$http_...", "$sent_http_...", and "$upstream_http_..." variables may be changed using the "set" directive. *) Bugfix: a segmentation fault might occur in worker process if the SSI command 'if expr="$var = /"' was used. *) Bugfix: trailing boundary of multipart range response was transferred incorrectly. Thanks to Evan Miller. *) Bugfix: nginx did not work on Solaris/sparc64 if it was built by Sun Studio. Thanks to Andrei Nigmatulin. *) Bugfix: the ngx_http_perl_module could not be built by Solaris make. Thanks to Andrei Nigmatulin. Changes with nginx 0.5.19 24 Apr 2007 *) Change: now the $request_time variable has millisecond precision. *) Change: the method $r->rflush of ngx_http_perl_module was renamed to the $r->flush. *) Feature: the $upstream_addr variable. *) Feature: the "proxy_headers_hash_max_size" and "proxy_headers_hash_bucket_size" directives. Thanks to Volodymyr Kostyrko. *) Bugfix: the files more than 2G could not be transferred using sendfile and limit_rate on 64-bit platforms. *) Bugfix: the files more than 2G could not be transferred using sendfile on 64-bit Linux. Changes with nginx 0.5.18 19 Apr 2007 *) Feature: the ngx_http_sub_filter_module. *) Feature: the "$upstream_http_..." variables. *) Feature: now the $upstream_status and $upstream_response_time variables keep data about all upstreams before X-Accel-Redirect. *) Bugfix: a segmentation fault occurred in master process after first reconfiguration and receiving any signal if nginx was built with ngx_http_perl_module and perl did not support multiplicity; the bug had appeared in 0.5.9. *) Bugfix: if perl did not support multiplicity, then after reconfiguration perl code did not work; the bug had appeared in 0.3.38. Changes with nginx 0.5.17 02 Apr 2007 *) Change: now nginx always returns the 405 status for the TRACE method. *) Feature: now nginx supports the "include" directive inside the "types" block. *) Bugfix: the $document_root variable usage in the "root" and "alias" directives is disabled: this caused recursive stack overflow. *) Bugfix: in the HTTPS protocol in the "proxy_pass" directive. *) Bugfix: in some cases non-cacheable variables (such as $uri variable) returned old cached value. Changes with nginx 0.5.16 26 Mar 2007 *) Bugfix: the C-class network was not used as hash key in the "ip_hash" directive. Thanks to Pavel Yarkovoy. *) Bugfix: a segmentation fault might occur in worker process if a charset was set in the "Content-Type" header line and the line has trailing ";"; the bug had appeared in 0.3.50. *) Bugfix: the "[alert] zero size buf" error when FastCGI server was used and a request body written in a temporary file was multiple of 32K. *) Bugfix: nginx could not be built on Solaris without the --with-debug option; the bug had appeared in 0.5.15. Changes with nginx 0.5.15 19 Mar 2007 *) Feature: the mail proxy supports authenticated SMTP proxying and the "smtp_auth", "smtp_capabilities", and "xclient" directives. Thanks to Anton Yuzhaninov and Maxim Dounin. *) Feature: now the keep-alive connections are closed just after receiving the reconfiguration signal. *) Change: the "imap" and "auth" directives were renamed to the "mail" and "pop3_auth" directives. *) Bugfix: a segmentation fault occurred in worker process if the CRAM-MD5 authentication method was used and the APOP method was disabled. *) Bugfix: if the "starttls only" directive was used in POP3 protocol, then nginx allowed authentication without switching to the SSL mode. *) Bugfix: worker processes did not exit after reconfiguration and did not rotate logs if the eventport method was used. *) Bugfix: a worker process may got caught in an endless loop, if the "ip_hash" directive was used. *) Bugfix: now nginx does not log some alerts if eventport or /dev/poll methods are used. Changes with nginx 0.5.14 23 Feb 2007 *) Bugfix: nginx ignored superfluous closing "}" in the end of configuration file. Changes with nginx 0.5.13 19 Feb 2007 *) Feature: the COPY and MOVE methods. *) Bugfix: the ngx_http_realip_module set garbage for requests passed via keep-alive connection. *) Bugfix: nginx did not work on big-endian 64-bit Linux. Thanks to Andrei Nigmatulin. *) Bugfix: now when IMAP/POP3 proxy receives too long command it closes the connection right away, but not after timeout. *) Bugfix: if the "epoll" method was used and a client closed a connection prematurely, then nginx closed the connection after a send timeout only. *) Bugfix: nginx could not be built on platforms different from i386, amd64, sparc, and ppc; the bug had appeared in 0.5.8. Changes with nginx 0.5.12 12 Feb 2007 *) Bugfix: nginx could not be built on platforms different from i386, amd64, sparc, and ppc; the bug had appeared in 0.5.8. *) Bugfix: a segmentation fault might occur in worker process if the temporary files were used while working with FastCGI server; the bug had appeared in 0.5.8. *) Bugfix: a segmentation fault might occur in worker process if the $fastcgi_script_name variable was logged. *) Bugfix: ngx_http_perl_module could not be built on Solaris. Changes with nginx 0.5.11 05 Feb 2007 *) Feature: now configure detects system PCRE library in MacPorts. Thanks to Chris McGrath. *) Bugfix: the response was incorrect if several ranges were requested; the bug had appeared in 0.5.6. *) Bugfix: the "create_full_put_path" directive could not create the intermediate directories if no "dav_access" directive was set. Thanks to Evan Miller. *) Bugfix: the "0" response code might be logged in the access_log instead of the "400" and "408" error codes. *) Bugfix: a segmentation fault might occur in worker process if nginx was built with -O2 optimization. Changes with nginx 0.5.10 26 Jan 2007 *) Bugfix: while online executable file upgrade the new master process did not inherit the listening sockets; the bug had appeared in 0.5.9. *) Bugfix: a segmentation fault might occur in worker process if nginx was built with -O2 optimization; the bug had appeared in 0.5.1. Changes with nginx 0.5.9 25 Jan 2007 *) Change: now the ngx_http_memcached_module uses the $memcached_key variable value as a key. *) Feature: the $memcached_key variable. *) Feature: the "clean" parameter in the "client_body_in_file_only" directive. *) Feature: the "env" directive. *) Feature: the "sendfile" directive is available inside the "if" block. *) Feature: now on failure of the writing to access nginx logs a message to error_log, but not more often than once a minute. *) Bugfix: the "access_log off" directive did not always turn off the logging. Changes with nginx 0.5.8 19 Jan 2007 *) Bugfix: a segmentation fault might occur if "client_body_in_file_only on" was used and a request body was small. *) Bugfix: a segmentation fault occurred if "client_body_in_file_only on" and "proxy_pass_request_body off" or "fastcgi_pass_request_body off" directives were used, and nginx switched to a next upstream. *) Bugfix: if the "proxy_buffering off" directive was used and a client connection was non-active, then the connection was closed after send timeout; the bug had appeared in 0.4.7. *) Bugfix: if the "epoll" method was used and a client closed a connection prematurely, then nginx closed the connection after a send timeout only. *) Bugfix: the "[alert] zero size buf" error when FastCGI server was used. *) Bugfixes in the "limit_zone" directive. Changes with nginx 0.5.7 15 Jan 2007 *) Feature: the ssl_session_cache storage optimization. *) Bugfixes in the "ssl_session_cache" and "limit_zone" directives. *) Bugfix: the segmentation fault was occurred on start or while reconfiguration if the "ssl_session_cache" or "limit_zone" directives were used on 64-bit platforms. *) Bugfix: a segmentation fault occurred if the "add_before_body" or "add_after_body" directives were used and there was no "Content-Type" header line in response. *) Bugfix: the OpenSSL library was always built with the threads support. Thanks to Den Ivanov. *) Bugfix: the PCRE-6.5+ library and the icc compiler compatibility. Changes with nginx 0.5.6 09 Jan 2007 *) Change: now the ngx_http_index_module ignores all methods except the GET, HEAD, and POST methods. *) Feature: the ngx_http_limit_zone_module. *) Feature: the $binary_remote_addr variable. *) Feature: the "ssl_session_cache" directives of the ngx_http_ssl_module and ngx_imap_ssl_module. *) Feature: the DELETE method supports recursive removal. *) Bugfix: the byte-ranges were transferred incorrectly if the $r->sendfile() was used. Changes with nginx 0.5.5 24 Dec 2006 *) Change: the -v switch does not show compiler information any more. *) Feature: the -V switch. *) Feature: the "worker_rlimit_core" directive supports size in K, M, and G. *) Bugfix: the nginx.pm module now could be installed by an unprivileged user. *) Bugfix: a segmentation fault might occur if the $r->request_body or $r->request_body_file methods were used. *) Bugfix: the ppc platform specific bugs. Changes with nginx 0.5.4 15 Dec 2006 *) Feature: the "perl" directive may be used inside the "limit_except" block. *) Bugfix: the ngx_http_dav_module required the "Date" request header line for the DELETE method. *) Bugfix: if one only parameter was used in the "dav_access" directive, then nginx might report about configuration error. *) Bugfix: a segmentation fault might occur if the $host variable was used; the bug had appeared in 0.4.14. Changes with nginx 0.5.3 13 Dec 2006 *) Feature: the ngx_http_perl_module supports the $r->status, $r->log_error, and $r->sleep methods. *) Feature: the $r->variable method supports variables that do not exist in nginx configuration. *) Bugfix: the $r->has_request_body method did not work. Changes with nginx 0.5.2 11 Dec 2006 *) Bugfix: if the "proxy_pass" directive used the name of the "upstream" block, then nginx tried to resolve the name; the bug had appeared in 0.5.1. Changes with nginx 0.5.1 11 Dec 2006 *) Bugfix: the "post_action" directive might not run after a unsuccessful completion of a request. *) Workaround: for Eudora for Mac; the bug had appeared in 0.4.11. Thanks to Bron Gondwana. *) Bugfix: if the "upstream" name was used in the "fastcgi_pass", then the message "no port in upstream" was issued; the bug had appeared in 0.5.0. *) Bugfix: if the "proxy_pass" and "fastcgi_pass" directives used the same servers but different ports, then these directives uses the first described port; the bug had appeared in 0.5.0. *) Bugfix: if the "proxy_pass" and "fastcgi_pass" directives used the unix domain sockets, then these directives used first described socket; the bug had appeared in 0.5.0. *) Bugfix: ngx_http_auth_basic_module ignored the user if it was in the last line in the password file and there was no the carriage return, the line feed, or the ":" symbol after the password. *) Bugfix: the $upstream_response_time variable might be equal to "0.000", although response time was more than 1 millisecond. Changes with nginx 0.5.0 04 Dec 2006 *) Change: the parameters in the "%name" form in the "log_format" directive are not supported anymore. *) Change: the "proxy_upstream_max_fails", "proxy_upstream_fail_timeout", "fastcgi_upstream_max_fails", "fastcgi_upstream_fail_timeout", "memcached_upstream_max_fails", and "memcached_upstream_fail_timeout" directives are not supported anymore. *) Feature: the "server" directive in the "upstream" context supports the "max_fails", "fail_timeout", and "down" parameters. *) Feature: the "ip_hash" directive inside the "upstream" block. *) Feature: the WAIT status in the "Auth-Status" header line of the IMAP/POP3 proxy authentication server response. *) Bugfix: nginx could not be built on 64-bit platforms; the bug had appeared in 0.4.14. Changes with nginx 0.4.14 27 Nov 2006 *) Feature: the "proxy_pass_error_message" directive in IMAP/POP3 proxy. *) Feature: now configure detects system PCRE library on FreeBSD, Linux, and NetBSD. *) Bugfix: ngx_http_perl_module did not work with perl built with the threads support; the bug had appeared in 0.3.38. *) Bugfix: ngx_http_perl_module did not work if perl was called recursively. *) Bugfix: nginx ignored a host name in a request line. *) Bugfix: a worker process may got caught in an endless loop, if a FastCGI server sent too many data to the stderr. *) Bugfix: the $upstream_response_time variable may be negative if the system time was changed backward. *) Bugfix: the "Auth-Login-Attempt" parameter was not sent to IMAP/POP3 proxy authentication server when POP3 was used. *) Bugfix: a segmentation fault might occur if connect to IMAP/POP3 proxy authentication server failed. Changes with nginx 0.4.13 15 Nov 2006 *) Feature: the "proxy_pass" directive may be used inside the "limit_except" block. *) Feature: the "limit_except" directive supports all WebDAV methods. *) Bugfix: if the "add_before_body" directive was used without the "add_after_body" directive, then a response did not transferred complete. *) Bugfix: a large request body did not receive if the epoll method and the deferred accept() were used. *) Bugfix: a charset could not be set for ngx_http_autoindex_module responses; the bug had appeared in 0.3.50. *) Bugfix: the "[alert] zero size buf" error when FastCGI server was used; *) Bugfix: the --group= configuration parameter was ignored. Thanks to Thomas Moschny. *) Bugfix: the 50th subrequest in SSI response did not work; the bug had appeared in 0.3.50. Changes with nginx 0.4.12 31 Oct 2006 *) Feature: the ngx_http_perl_module supports the $r->variable method. *) Bugfix: if a big static file was included using SSI in a response, then the response may be transferred incomplete. *) Bugfix: nginx did not omit the "#fragment" part in URI. Changes with nginx 0.4.11 25 Oct 2006 *) Feature: the POP3 proxy supports the AUTH LOGIN PLAIN and CRAM-MD5. *) Feature: the ngx_http_perl_module supports the $r->allow_ranges method. *) Bugfix: if the APOP was enabled in the POP3 proxy, then the USER/PASS commands might not work; the bug had appeared in 0.4.10. Changes with nginx 0.4.10 23 Oct 2006 *) Feature: the POP3 proxy supports the APOP command. *) Bugfix: if the select, poll or /dev/poll methods were used, then while waiting authentication server response the IMAP/POP3 proxy hogged CPU. *) Bugfix: a segmentation fault might occur if the $server_addr variable was used in the "map" directive. *) Bugfix: the ngx_http_flv_module did not support the byte ranges for full responses; the bug had appeared in 0.4.7. *) Bugfix: nginx could not be built on Debian amd64; the bug had appeared in 0.4.9. Changes with nginx 0.4.9 13 Oct 2006 *) Feature: the "set" parameter in the "include" SSI command. *) Feature: the ngx_http_perl_module now tests the nginx.pm module version. Changes with nginx 0.4.8 11 Oct 2006 *) Bugfix: if an "include" SSI command were before another "include" SSI command with a "wait" parameter, then the "wait" parameter might not work. *) Bugfix: the ngx_http_flv_module added the FLV header to the full responses. Thanks to Alexey Kovyrin. Changes with nginx 0.4.7 10 Oct 2006 *) Feature: the ngx_http_flv_module. *) Feature: the $request_body_file variable. *) Feature: the "charset" and "source_charset" directives support the variables. *) Bugfix: if an "include" SSI command were before another "include" SSI command with a "wait" parameter, then the "wait" parameter might not work. *) Bugfix: if the "proxy_buffering off" directive was used or while working with memcached the connections might not be closed on timeout. *) Bugfix: nginx did not run on 64-bit platforms except amd64, sparc64, and ppc64. Changes with nginx 0.4.6 06 Oct 2006 *) Bugfix: nginx did not run on 64-bit platforms except amd64, sparc64, and ppc64. *) Bugfix: nginx sent the chunked response for HTTP/1.1 request, if its length was set by text string in the $r->headers_out("Content-Length", ...) method. *) Bugfix: after redirecting error by an "error_page" directive any ngx_http_rewrite_module directive returned this error code; the bug had appeared in 0.4.4. Changes with nginx 0.4.5 02 Oct 2006 *) Bugfix: nginx could not be built on Linux and Solaris; the bug had appeared in 0.4.4. Changes with nginx 0.4.4 02 Oct 2006 *) Feature: the $scheme variable. *) Feature: the "expires" directive supports the "max" parameter. *) Feature: the "include" directive supports the "*" mask. Thanks to Jonathan Dance. *) Bugfix: the "return" directive always overrode the "error_page" response code redirected by the "error_page" directive. *) Bugfix: a segmentation fault occurred if zero-length body was in PUT method. *) Bugfix: the redirect was changed incorrectly if the variables were used in the "proxy_redirect" directive. Changes with nginx 0.4.3 26 Sep 2006 *) Change: now the 499 error could not be redirected using an "error_page" directive. *) Feature: the Solaris 10 event ports support. *) Feature: the ngx_http_browser_module. *) Bugfix: a segmentation fault may occur while redirecting the 400 error to the proxied server using a "proxy_pass" directive. *) Bugfix: a segmentation fault occurred if an unix domain socket was used in a "proxy_pass" directive; the bug had appeared in 0.3.47. *) Bugfix: SSI did work with memcached and nonbuffered responses. *) Workaround: of the Sun Studio PAUSE hardware capability bug. Changes with nginx 0.4.2 14 Sep 2006 *) Bugfix: the O_NOATIME flag support on Linux was canceled; the bug had appeared in 0.4.1. Changes with nginx 0.4.1 14 Sep 2006 *) Bugfix: the DragonFlyBSD compatibility. Thanks to Pavel Nazarov. *) Workaround: of bug in 64-bit Linux sendfile(), when file is more than 2G. *) Feature: now on Linux nginx uses O_NOATIME flag for static requests. Thanks to Yusuf Goolamabbas. Changes with nginx 0.4.0 30 Aug 2006 *) Change in internal API: the HTTP modules initialization was moved from the init module phase to the HTTP postconfiguration phase. *) Change: now the request body is not read beforehand for the ngx_http_perl_module: it's required to start the reading using the $r->has_request_body method. *) Feature: the ngx_http_perl_module supports the DECLINED return code. *) Feature: the ngx_http_dav_module supports the incoming "Date" header line for the PUT method. *) Feature: the "ssi" directive is available inside the "if" block. *) Bugfix: a segmentation fault occurred if there was an "index" directive with variables and the first index name was without variables; the bug had appeared in 0.1.29. Changes with nginx 0.3.61 28 Aug 2006 *) Change: now the "tcp_nodelay" directive is turned on by default. *) Feature: the "msie_refresh" directive. *) Feature: the "recursive_error_pages" directive. *) Bugfix: the "rewrite" directive returned incorrect redirect, if the redirect had the captured escaped symbols from original URI. Changes with nginx 0.3.60 18 Aug 2006 *) Bugfix: a worker process may got caught in an endless loop while an error redirection; the bug had appeared in 0.3.59. Changes with nginx 0.3.59 16 Aug 2006 *) Feature: now is possible to do several redirection using the "error_page" directive. *) Bugfix: the "dav_access" directive did not support three parameters. *) Bugfix: the "error_page" directive did not changes the "Content-Type" header line after the "X-Accel-Redirect" was used; the bug had appeared in 0.3.58. Changes with nginx 0.3.58 14 Aug 2006 *) Feature: the "error_page" directive supports the variables. *) Change: now the procfs interface instead of sysctl is used on Linux. *) Change: now the "Content-Type" header line is inherited from first response when the "X-Accel-Redirect" was used. *) Bugfix: the "error_page" directive did not redirect the 413 error. *) Bugfix: the trailing "?" did not remove old arguments if no new arguments were added to a rewritten URI. *) Bugfix: nginx could not run on 64-bit FreeBSD 7.0-CURRENT. Changes with nginx 0.3.57 09 Aug 2006 *) Feature: the $ssl_client_serial variable. *) Bugfix: in the "!-e" operator of the "if" directive. Thanks to Andrian Budanstov. *) Bugfix: while a client certificate verification nginx did not send to a client the required certificates information. *) Bugfix: the $document_root variable did not support the variables in the "root" directive. Changes with nginx 0.3.56 04 Aug 2006 *) Feature: the "dav_access" directive. *) Feature: the "if" directive supports the "-d", "!-d", "-e", "!-e", "-x", and "!-x" operators. *) Bugfix: a segmentation fault occurred if a request returned a redirect and some sent to client header lines were logged in the access log. Changes with nginx 0.3.55 28 Jul 2006 *) Feature: the "stub" parameter in the "include" SSI command. *) Feature: the "block" SSI command. *) Feature: the unicode2nginx script was added to contrib. *) Bugfix: if a "root" was specified by variable only, then the root was relative to a server prefix. *) Bugfix: if the request contained "//" or "/./" and escaped symbols after them, then the proxied request was sent unescaped. *) Bugfix: the $r->header_in("Cookie") of the ngx_http_perl_module now returns all "Cookie" header lines. *) Bugfix: a segmentation fault occurred if "client_body_in_file_only on" was used and nginx switched to a next upstream. *) Bugfix: on some condition while reconfiguration character codes inside the "charset_map" may be treated invalid; the bug had appeared in 0.3.50. Changes with nginx 0.3.54 11 Jul 2006 *) Feature: nginx now logs the subrequest information to the error log. *) Feature: the "proxy_next_upstream", "fastcgi_next_upstream", and "memcached_next_upstream" directives support the "off" parameter. *) Feature: the "debug_connection" directive supports the CIDR address form. *) Bugfix: if a response of proxied server or FastCGI server was converted from UTF-8 or back, then it may be transferred incomplete. *) Bugfix: the $upstream_response_time variable had the time of the first request to a backend only. *) Bugfix: nginx could not be built on amd64 platform; the bug had appeared in 0.3.53. Changes with nginx 0.3.53 07 Jul 2006 *) Change: the "add_header" directive adds the string to 204, 301, and 302 responses. *) Feature: the "server" directive in the "upstream" context supports the "weight" parameter. *) Feature: the "server_name" directive supports the "*" wildcard. *) Feature: nginx supports the request body size more than 2G. *) Bugfix: if a client was successfully authorized using "satisfy_any on", then anyway the message "access forbidden by rule" was written in the log. *) Bugfix: the "PUT" method may erroneously not create a file and return the 409 code. *) Bugfix: if the IMAP/POP3 backend returned an error, then nginx continued proxying anyway. Changes with nginx 0.3.52 03 Jul 2006 *) Change: the ngx_http_index_module behavior for the "POST /" requests is reverted to the 0.3.40 version state: the module now does not return the 405 error. *) Bugfix: the worker process may got caught in an endless loop if the limit rate was used; the bug had appeared in 0.3.37. *) Bugfix: ngx_http_charset_module logged "unknown charset" alert, even if the recoding was not needed; the bug had appeared in 0.3.50. *) Bugfix: if a code response of the PUT request was 409, then a temporary file was not removed. Changes with nginx 0.3.51 30 Jun 2006 *) Bugfix: the "<" symbols might disappeared some conditions in the SSI; the bug had appeared in 0.3.50. Changes with nginx 0.3.50 28 Jun 2006 *) Change: the "proxy_redirect_errors" and "fastcgi_redirect_errors" directives was renamed to the "proxy_intercept_errors" and "fastcgi_intercept_errors" directives. *) Feature: the ngx_http_charset_module supports the recoding from the single byte encodings to the UTF-8 encoding and back. *) Feature: the "X-Accel-Charset" response header line is supported in proxy and FastCGI mode. *) Bugfix: the "\" escape symbol in the "\"" and "\'" pairs in the SSI command was removed only if the command also has the "$" symbol. *) Bugfix: the "| | | |--- Dubbo Multiplexing Binary RPC Request -->| | | | | |<-- Dubbo Multiplexing Binary RPC Response ---| |<-- HTTP/1.1 200 ---| | ``` Example ======= Tengine Configuration Example --------------------- ``` upstream dubbo_backend { multi 1; server 127.0.0.1:20880; } server { listen 8080; location / { dubbo_pass org.apache.dubbo.demo.DemoService 0.0.0 http_dubbo_tengine dubbo_backend; } } ``` Dubbo Demo Service Example ---------------- ### Standard Dubbo Provider need implement this interface, then configure the service name, Service version and service method to ```dubbo_pass``` like this. Tengine will convert HTTP/HTTPS/HTTP2 request to Dubbo interface invoke. ``` Map dubbo_method(Map context); ``` Input param ```Map context``` with a number of key and value, you can use ```dubbo_pass_set```,```dubbo_pass_all_headers```,```dubbo_pass_body``` directives to div them, last key is the retained field: ``` body: HTTP request Body, value Object type is byte[] ``` For output param ```Map context```, last key is the retained field: ``` body: HTTP response Body, value Object type is byte[] statue: HTTP response Status, value type is String ``` ### Extend(Stay tuned for updates) Support configure param mapping on Tengine, support invoke any Dubbo Provider method not need any change (Stay tuned for updates). QuickStart ======= This is a [QuickStart for Tengine Dubbo](https://github.com/apache/dubbo-samples/tree/master/dubbo-samples-tengine) Install ======= Build Tengine with this module from source: ``` $ ./configure --add-module=./modules/mod_dubbo --add-module=./modules/ngx_multi_upstream_module --add-module=./modules/mod_config $ make && make install ``` Dynamic module support * mod_dubbo: ```support``` build as a dynamic module * ngx_multi_upstream_module: ```no support``` build as a dynamic module * mod_config: ```support but no need``` build as a dynamic module Directive ========= dubbo_pass ------------- Syntax: **dubbo_pass** *service_name* *service_version* *method* *upstream_name* Default: `none` Context: `location, if in location` configure use Dubbo protocol proxy to upstream * *service_name*: Dubbo provider service name * *service_version*: Dubbo provider service version * *method*: Dubbo provider service method * *upstream_name*: backend upstream name Nginx variables can be used as `service_name`, `service_version` and `method`. ``` # proxy to upstream dubbo_backend upstream dubbo_backend { multi 1; server 127.0.0.1:20880; } set $dubbo_service_name "org.apache.dubbo.demo.DemoService"; set $dubbo_service_name "0.0.0"; set $dubbo_service_name "http_dubbo_nginx"; dubbo_pass $dubbo_service_name $dubbo_service_version $dubbo_method dubbo_backend; ``` Notice: `dubbo_pass` only support multi upstream, must use `multi` configure in upstream, multi param is number of multiplexing connection. dubbo_pass_set ------------------- Syntax: **dubbo_pass_set** *key* *value*; Default: `none` Context: `location, if in location` When proxy request to backend, need pass this key-value, key and value can contain variables. ``` dubbo_pass_set username $cookie_user; ``` dubbo_pass_all_headers ----------------------------- Syntax: **dubbo_pass_all_headers** on | off; Default: `off` Context: `location, if in location` Enables or disables passing all http header to backend as key-value. dubbo_pass_body -------------------------- Syntax: **dubbo_pass_body** on | off; Default: `on` Context: `location, if in location` Enables or disables passing request body to backend. dubbo_heartbeat_interval -------------------------- Syntax: **dubbo_heartbeat_interval** *time*; Default: `60s` Context: `http, server, location` Defines a interval for auto sending ping frame to backend. dubbo_bind -------------------------- Syntax: **dubbo_bind** *address* [transparent ] | off; Default: `off` Context: `http, server, location` Like ```proxy_bind```. makes outgoing connections to a Dubbo provider originate from the specified local IP address with an optional port. Parameter value can contain variables. The special value off cancels the effect of the dubbo_bind directive inherited from the previous configuration level, which allows the system to auto-assign the local IP address and port. The transparent parameter allows outgoing connections to a Dubbo provider originate from a non-local IP address, for example, from a real IP address of a client: ``` dubbo_bind $remote_addr transparent; ``` In order for this parameter to work, it is usually necessary to run nginx worker processes with the superuser privileges. On Linux it is not required as if the transparent parameter is specified, worker processes inherit the CAP_NET_RAW capability from the master process. It is also necessary to configure kernel routing table to intercept network traffic from the Dubbo provider. dubbo_socket_keepalive -------------------------- Syntax: **dubbo_socket_keepalive** on | off; Default: `off` Context: `http, server, location` Like ```proxy_socket_keepalive```, configures the "TCP keepalive" behavior for outgoing connections to a Dubbo provider. By default, the operating system's settings are in effect for the socket. If the directive is set to the value "on", the SO_KEEPALIVE socket option is turned on for the socket. dubbo_connect_timeout -------------------------- Syntax: **dubbo_connect_timeout** *time*; Default: `60s` Context: `http, server, location` Like ```proxy_connect_timeout```, defines a timeout for establishing a connection with a Dubbo provider. It should be noted that this timeout cannot usually exceed 75 seconds. dubbo_send_timeout -------------------------- Syntax: **dubbo_send_timeout** *time*; Default: `60s` Context: `http, server, location` Like ```proxy_send_timeout```, sets a timeout for transmitting a request to the Dubbo provider. The timeout is set only between two successive write operations, not for the transmission of the whole request. If the Dubbo provider does not receive anything within this time, the connection is closed. dubbo_read_timeout -------------------------- Syntax: **dubbo_read_timeout** *time*; Default: `60s` Context: `http, server, location` Like ```proxy_read_timeout```, defines a timeout for reading a response from the Dubbo provider. The timeout is set only between two successive read operations, not for the transmission of the whole response. If the Dubbo provider does not transmit anything within this time, the connection is closed. dubbo_intercept_errors -------------------------- Syntax: **dubbo_intercept_errors** on | off; Default: `off` Context: `http, server, location` Like ```proxy_intercept_errors```, determines whether Dubbo provider responses with codes greater than or equal to 300 should be passed to a client or be intercepted and redirected to nginx for processing with the `error_page` directive. dubbo_buffer_size -------------------------- Syntax: **dubbo_buffer_size** *size*; Default: `4k|8k` Context: `http, server, location` Like ```proxy_buffer_size```, sets the size of the buffer used for reading the response received from the Dubbo provider. The response is passed to the client synchronously, as soon as it is received. dubbo_next_upstream -------------------------- Syntax: **dubbo_next_upstream** error | timeout | invalid_header | http_500 | http_502 | http_503 | http_504 | http_403 | http_404 | http_429 | non_idempotent | off ...; Default: `error timeout` Context: `http, server, location` Like ```proxy_next_upstream```, specifies in which cases a request should be passed to the next server. dubbo_next_upstream_tries -------------------------- Syntax: **dubbo_next_upstream_tries** *number*; Default: `0` Context: `http, server, location` Like ```proxy_next_upstream_tries```, limits the number of possible tries for passing a request to the next server. The 0 value turns off this limitation. dubbo_next_upstream_timeout -------------------------- Syntax: **dubbo_next_upstream_timeout** *timer*; Default: `0` Context: `http, server, location` Like ```proxy_next_upstream_tries```, limits the time during which a request can be passed to the next server. The 0 value turns off this limitation. dubbo_pass_header -------------------------- Syntax: **dubbo_pass_header** *field*; Default: `none` Context: `http, server, location` Like ```proxy_pass_header```, permits passing otherwise disabled header fields from a Dubbo provider to a client. dubbo_hide_header -------------------------- Syntax: **dubbo_hide_header** *field*; Default: `none` Context: `http, server, location` Like ```proxy_hide_header```, by default, tengine does not pass the header fields "Date", "Server", and "X-Accel-..." from the response of a Dubbo provider to a client. The dubbo_hide_header directive sets additional fields that will not be passed. If, on the contrary, the passing of fields needs to be permitted, the dubbo_pass_header directive can be used. Variables ========= ================================================ FILE: docs/modules/ngx_http_dubbo_module_cn.md ================================================ ngx_http_dubbo_module ================= 该模块提供对后端Dubbo服务体系对接的支持。(Tengine 2.3.2版本之后) [Apache Dubbo™](http://dubbo.apache.org) 是一款高性能Java RPC框架。最初由Alibaba开源,经过长期发展和演进,目前已经成为业界主流微服务框架之一。 在Dubbo服务框架中包含Consumer(client)和Provider(Server)两个角色。该模块支持Tengine作为网关代理,前端接收HTTP/HTTPS/HTTP2等请求,后端作为Dubbo的Consumer调用Dubbo的Provider服务(业务)。 ``` User tengine (dubbo_pass) Dubbo Service Provider | | | |--- GET github.com:443 -->| | | |--- Dubbo Multiplexing Binary RPC Request -->| | | | | |<-- Dubbo Multiplexing Binary RPC Response ---| |<-- HTTP/1.1 200 ---| | ``` Example =================== Tengine Configuration Example --------------------- ``` upstream dubbo_backend { multi 1; server 127.0.0.1:20880; } server { listen 8080; location / { dubbo_pass org.apache.dubbo.demo.DemoService 0.0.0 http_dubbo_tengine dubbo_backend; } } ``` Dubbo Demo Service Example ---------------- ### 标准方式下 Dubbo Provider侧需要实现如下接口,然后将服务名、服务版本号、方法名配置到```dubbo_pass```中。Tengine将前端HTTP/HTTPS/HTTP2请求,转换为对如下Dubbo接口的调用。 ``` Map dubbo_method(Map context); ``` 其中,方法入参Map context中包含若干键值对,可以通过```dubbo_pass_set```、```dubbo_pass_all_headers```、```dubbo_pass_body```等指令进行调整,如下Key为有特殊含义的规定: ``` body: HTTP请求的Body,value的Object类型为byte[] ``` 方法返回值中,如下Key为有特殊含义的规定: ``` body: HTTP响应的Body,value的Object类型为byte[] statue: HTTP响应的状态码,value的类型为String ``` ### 扩展方式(持续更新中,敬请期待) 支持在Tengine侧配置参数映射,动态生成对后端任意Dubbo Provider方法的调用(持续更新中,敬请期待)。 QuickStart ======= 这里有一个[Tengine Dubbo功能的QuickStart](https://github.com/apache/dubbo-samples/tree/master/dubbo-samples-tengine) Install ======= 源码安装此模块: ``` $ ./configure --add-module=./modules/mod_dubbo --add-module=./modules/ngx_multi_upstream_module --add-module=./modules/mod_config $ make && make install ``` Dynamic module 支持 * mod_dubbo: ```支持```编译成 dynamic module * ngx_multi_upstream_module: ```不支持```编译成 dynamic module * mod_config: ```支持但无需```编译成 dynamic module Directive ========= dubbo_pass ------------- Syntax: **dubbo_pass** *service_name* *service_version* *method* *upstream_name* Default: `none` Context: `location, if in location` 该指令用于配置使用Dubbo协议,代理到后端upstream * *service_name*: Dubbo provider发布的服务名 * *service_version*: Dubbo provider发布的服务版本号 * *method*: Dubbo provider发布的服务方法 * *upstream_name*: 后端upstream名称 `service_name`、`service_version`、`method` 支持使用变量。 ``` # 代理到dubbo_backend这个upstream upstream dubbo_backend { multi 1; server 127.0.0.1:20880; } set $dubbo_service_name "org.apache.dubbo.demo.DemoService"; set $dubbo_service_name "0.0.0"; set $dubbo_service_name "http_dubbo_nginx"; dubbo_pass $dubbo_service_name $dubbo_service_version $dubbo_method dubbo_backend; ``` 注意: `dubbo_pass`只支持multi模式的upstream,相关upstream,必须通过`multi`指令,配置为多路复用模式,multi指令的参数为,多路复用连接的个数。 dubbo_pass_set ------------------- Syntax: **dubbo_pass_set** *key* *value*; Default: `none` Context: `location, if in location` 该指令用于设置,代理到后端时,需要携带哪些key、value,支持变量。 ``` dubbo_pass_set username $cookie_user; ``` dubbo_pass_all_headers ----------------------------- Syntax: **dubbo_pass_all_headers** on | off; Default: `off` Context: `location, if in location` 指定是否向后端自动携带所有http头的key、value对。 dubbo_pass_body -------------------------- Syntax: **dubbo_pass_body** on | off; Default: `on` Context: `location, if in location` 指定是否向后端携带请求Body。 dubbo_heartbeat_interval -------------------------- Syntax: **dubbo_heartbeat_interval** *time*; Default: `60s` Context: `http, server, location` 指定后端Dubbo连接,自动发送ping帧的间隔。 dubbo_bind -------------------------- Syntax: **dubbo_bind** *address* [transparent ] | off; Default: `off` Context: `http, server, location` 类似```proxy_bind```指令,提供Dubbo连接时指定本地IP Port。当设置为off时,使用操作系统自动分配的本地IP地址和Port。当设置为transparent时,使用指定的非本地IP地址连接后端。 ``` dubbo_bind $remote_addr transparent; ``` dubbo_socket_keepalive -------------------------- Syntax: **dubbo_socket_keepalive** on | off; Default: `off` Context: `http, server, location` 类似```proxy_socket_keepalive```指令,配置 “TCP keepalive” 选项,当设置为on是,后端Dubbo连接将设置 SO_KEEPALIVE socket选项。 dubbo_connect_timeout -------------------------- Syntax: **dubbo_connect_timeout** *time*; Default: `60s` Context: `http, server, location` 类似```proxy_connect_timeout```指令,配置后端Dubbo建立TCP连接的超时,注意,这个时间通常不超过75s。 dubbo_send_timeout -------------------------- Syntax: **dubbo_send_timeout** *time*; Default: `60s` Context: `http, server, location` 类似```proxy_send_timeout```指令,配置后端Dubbo连接发送超时,这个超时仅代表两次相邻的成功write操作,而不是整个请求的处理时间。 dubbo_read_timeout -------------------------- Syntax: **dubbo_read_timeout** *time*; Default: `60s` Context: `http, server, location` 类似```proxy_read_timeout```指令,配置后端Dubbo连接读取超时,这个超时仅代表两次相邻的成功read操作,而不是整个请求的处理时间。 dubbo_intercept_errors -------------------------- Syntax: **dubbo_intercept_errors** on | off; Default: `off` Context: `http, server, location` 类似```proxy_intercept_errors```指令,指定后端返回的状态码大于300时,使用```error_page```处理还是直接返回给客户端。 dubbo_buffer_size -------------------------- Syntax: **dubbo_buffer_size** *size*; Default: `4k|8k` Context: `http, server, location` 类似```proxy_buffer_size```指令,指定读取后端Dubbo response时buffer的大小。 dubbo_next_upstream -------------------------- Syntax: **dubbo_next_upstream** error | timeout | invalid_header | http_500 | http_502 | http_503 | http_504 | http_403 | http_404 | http_429 | non_idempotent | off ...; Default: `error timeout` Context: `http, server, location` 类似```proxy_next_upstream```指令,指定对请求进行next server的条件。 dubbo_next_upstream_tries -------------------------- Syntax: **dubbo_next_upstream_tries** *number*; Default: `0` Context: `http, server, location` 类似```proxy_next_upstream_tries```指令,指定可以对请求进行next server的次数,0的话,代表不进行next server。 dubbo_next_upstream_timeout -------------------------- Syntax: **dubbo_next_upstream_timeout** *timer*; Default: `0` Context: `http, server, location` 类似```proxy_next_upstream_tries```指令,指定可以对请求进行next server的次数,0的话,代表不进行next server。 dubbo_pass_header -------------------------- Syntax: **dubbo_pass_header** *field*; Default: `none` Context: `http, server, location` 类似```proxy_pass_header```指令,默认情况下,Tengine不向客户端传递,后端Server返回的 “Date”, “Server”, and “X-Accel-...”,该指令用于允许向客户端传递指定的头。 dubbo_hide_header -------------------------- Syntax: **dubbo_hide_header** *field*; Default: `none` Context: `http, server, location` 类似```proxy_hide_header```指令,默认情况下,Tengine不向客户端传递,后端Server返回的 “Date”, “Server”, and “X-Accel-...”,该指令用于增加不向客户端传递的头。 Variables ========= ================================================ FILE: docs/modules/ngx_http_limit_req_module.md ================================================ Name ==== * limit_req module Description =========== * This is the enhanced version of nginx's limit_req module with white list support, and more limit conditions are allowed in a single location. Directives ========== limit_req_zone ------------- **Syntax**: *limit_req_zone $session_variable1 $session_variable2 ... zone=name_of_zone:size rate=rate | rate=$limit_variable* **Default**: *none* **Context**: *http* Support more than one limit variables. For example: limit_req_zone $binary_remote_addr $uri zone=one:3m rate=1r/s; limit_req_zone $binary_remote_addr $request_uri zone=two:3m rate=1r/s; The last line of the above example indicates a client can access a specific URI only once in a second. Support variable for rate. For example: limit_req_zone $binary_remote_addr zone=three:3m rate=$limit_count; Prior to tengine version 2.3.0, requests with any empty variable are not accounted. From tengine version 2.3.0, requests with all empty variables are not accounted. The variable can contain text, variables, and their combination. For example: limit_req_zone $binary_remote_addr$request_uri zone=two:3m rate=1r/s; limit_req ------------------------ **Syntax**: *limit_req [off] | zone=zone_name [burst=burst] \[forbid_action=action\] \[nodelay\]* **Default**: *none* **Context**: *http, server, location* Multiple limit conditions are allowed in a single block. And all the conditions are examined in order. You can turn this directive on or off (default is on). 'forbid_action' specifies the action URL to redirect. It can be a named location. By default, tengine will return 503. For example: limit_req_zone $binary_remote_addr zone=one:3m rate=1r/s; limit_req_zone $binary_remote_addr $uri zone=two:3m rate=1r/s; limit_req_zone $binary_remote_addr $request_uri zone=three:3m rate=1r/s; limit_req_zone $binary_remote_addr $request_uri zone=four:3m rate=$limit_count; location / { limit_req zone=one burst=5; limit_req zone=two forbid_action=@test1; limit_req zone=three burst=3 forbid_action=@test2; set $limit_count "10r/s"; if ($http_user_agent ~* "Android") { set $limit_count "1r/s"; } if ($http_user_agent ~* "Iphone") { set $limit_count "100r/s"; } limit_req zone=four burst=3 forbid_action=@test2; } location /off { limit_req off; } location @test1 { rewrite ^ /test1.html; } location @test2 { rewrite ^ /test2.html; } limit_req_whitelist ------------------------ **Syntax**: *limit_req_whitelist geo_var_name=var_name geo_var_value=var_value* **Default**: *none* **Context**: *http, server, location* Set the whitelist. This directive needs work with the geo module. The 'geo_var_name' is the variable name declared in the geo module, 'geo_var_value' is its value. For example: geo $white_ip { ranges; default 0; 127.0.0.1-127.0.0.255 1; } limit_req_whitelist geo_var_name=white_ip geo_var_value=1; It means requests from IP (127.0.0.1 to 127.0.0.255) will be considered safe and let pass. ================================================ FILE: docs/modules/ngx_http_proxy_connect_module.md ================================================ name ==== This module provides support for the CONNECT HTTP method after Tengine version 2.3.0. This method is mainly used to [tunnel SSL requests](https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling) through proxy servers. Table of Contents ================= * [name](#name) * [Example](#example) * [configuration example](#configuration-example) * [example for curl](#example-for-curl) * [Install](#install) * [Error Log](#error-log) * [Directive](#directive) * [proxy_connect](#proxy_connect) * [proxy_connect_allow](#proxy_connect_allow) * [proxy_connect_connect_timeout](#proxy_connect_connect_timeout) * [proxy_connect_data_timeout](#proxy_connect_data_timeout) * [proxy_connect_read_timeout(deprecated)](#proxy_connect_read_timeout) * [proxy_connect_send_timeout(deprecated)](#proxy_connect_send_timeout) * [proxy_connect_address](#proxy_connect_address) * [proxy_connect_bind](#proxy_connect_bind) * [proxy_connect_response](#proxy_connect_response) * [Variables](#variables) * [$connect_host](#connect_host) * [$connect_port](#connect_port) * [$connect_addr](#connect_addr) * [$proxy_connect_connect_timeout](#proxy_connect_connect_timeout-1) * [$proxy_connect_read_timeout](#proxy_connect_read_timeout-1) * [$proxy_connect_send_timeout(deprecated)](#proxy_connect_send_timeout-1) * [$proxy_connect_resolve_time](#proxy_connect_resolve_time) * [$proxy_connect_connect_time](#proxy_connect_connect_time) * [$proxy_connect_first_byte_time](#proxy_connect_first_byte_time) * [$proxy_connect_response](#proxy_connect_response-1) * [Known Issues](#known-issues) Example ======= Configuration Example --------------------- ```nginx server { listen 3128; # dns resolver used by forward proxying resolver 8.8.8.8; # forward proxy for CONNECT request proxy_connect; proxy_connect_allow 443 563; proxy_connect_connect_timeout 10s; proxy_connect_data_timeout 10s; # forward proxy for non-CONNECT request location / { proxy_pass http://$host; proxy_set_header Host $host; } } ``` Example for curl ---------------- With above configuration, you can get any https website via HTTP CONNECT tunnel. A simple test with command `curl` is as following: ``` $ curl https://github.com/ -v -x 127.0.0.1:3128 * Trying 127.0.0.1... -. * Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0) | curl creates TCP connection with nginx (with proxy_connect module). * Establish HTTP proxy tunnel to github.com:443 -' > CONNECT github.com:443 HTTP/1.1 -. > Host: github.com:443 (1) | curl sends CONNECT request to create tunnel. > User-Agent: curl/7.43.0 | > Proxy-Connection: Keep-Alive -' > < HTTP/1.0 200 Connection Established .- nginx replies 200 that tunnel is established. < Proxy-agent: nginx (2)| (The client is now being proxied to the remote host. Any data sent < '- to nginx is now forwarded, unmodified, to the remote host) * Proxy replied OK to CONNECT request * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -. * Server certificate: github.com | * Server certificate: DigiCert SHA2 Extended Validation Server CA | curl sends "https://github.com" request via tunnel, * Server certificate: DigiCert High Assurance EV Root CA | proxy_connect module will proxy data to remote host (github.com). > GET / HTTP/1.1 | > Host: github.com (3) | > User-Agent: curl/7.43.0 | > Accept: */* -' > < HTTP/1.1 200 OK .- < Date: Fri, 11 Aug 2017 04:13:57 GMT | < Content-Type: text/html; charset=utf-8 | Any data received from remote host will be sent to client < Transfer-Encoding: chunked | by proxy_connect module. < Server: GitHub.com (4)| < Status: 200 OK | < Cache-Control: no-cache | < Vary: X-PJAX | ... | ... ... | ... '- ``` The sequence diagram of above example is as following: ``` curl nginx (proxy_connect) github.com | | | (1) |-- CONNECT github.com:443 -->| | | | | | |----[ TCP connection ]--->| | | | (2) |<- HTTP/1.1 200 ---| | | Connection Established | | | | | | | ========= CONNECT tunnel has been established. =========== | | | | | | | | | [ SSL stream ] | | (3) |---[ GET / HTTP/1.1 ]----->| [ SSL stream ] | | [ Host: github.com ] |---[ GET / HTTP/1.1 ]-->. | | [ Host: github.com ] | | | | | | | | | | | | [ SSL stream ] | | [ SSL stream ] |<--[ HTTP/1.1 200 OK ]---' (4) |<--[ HTTP/1.1 200 OK ]------| [ < html page > ] | | [ < html page > ] | | | | | ``` Install ======= * Build Tengine with this module from source: ``` $ ./configure --add-module=./modules/ngx_http_proxy_connect_module $ make && make install ``` Error Log ========= This module logs its own error message beginning with `"proxy_connect:"` string. Some typical error logs are shown as following: * The proxy_connect module tries to establish tunnel connection with backend server, but the TCP connection timeout occurs. ``` 2019/08/07 17:27:20 [error] 19257#0: *1 proxy_connect: upstream connect timed out (peer:216.58.200.4:443) while connecting to upstream, client: 127.0.0.1, server: , request: "CONNECT www.google.com:443 HTTP/1.1", host: "www.google.com:443" ``` Directive ========= proxy_connect ------------- Syntax: **proxy_connect** Default: `none` Context: `server` Enable "CONNECT" HTTP method support. proxy_connect_allow ------------------- Syntax: **proxy_connect_allow `all | [port ...] | [port-range ...]`** Default: `443 563` Context: `server` This directive specifies a list of port numbers or ranges to which the proxy CONNECT method may connect. By default, only the default https port (443) and the default snews port (563) are enabled. Using this directive will override this default and allow connections to the listed ports only. The value `all` will allow all ports to proxy. The value `port` will allow specified port to proxy. The value `port-range` will allow specified range of port to proxy, for example: ``` proxy_connect_allow 1000-2000 3000-4000; # allow range of port from 1000 to 2000, from 3000 to 4000. ``` proxy_connect_connect_timeout ----------------------------- Syntax: **proxy_connect_connect_timeout `time`** Default: `none` Context: `server` Defines a timeout for establishing a connection with a proxied server. proxy_connect_data_timeout -------------------------- Syntax: **proxy_connect_data_timeout `time`** Default: `60s` Context: `server` Sets the timeout between two successive read or write operations on client or proxied server connections. If no data is transmitted within this time, the connection is closed. proxy_connect_read_timeout -------------------------- Syntax: **proxy_connect_read_timeout `time`** Default: `60s` Context: `server` Deprecated. It has the same function as the directive `proxy_connect_data_timeout` for compatibility. You can configure only one of the directives (`proxy_connect_data_timeout` or `proxy_connect_read_timeout`). proxy_connect_send_timeout -------------------------- Syntax: **proxy_connect_send_timeout `time`** Default: `60s` Context: `server` Deprecated. It has no function. proxy_connect_address --------------------- Syntax: **proxy_connect_address `address | off`** Default: `none` Context: `server` Specifiy an IP address of the proxied server. The address can contain variables. The special value off is equal to none, which uses the IP address resolved from host name of CONNECT request line. proxy_connect_bind ------------------ Syntax: **proxy_connect_bind `address [transparent] | off`** Default: `none` Context: `server` Makes outgoing connections to a proxied server originate from the specified local IP address with an optional port. Parameter value can contain variables. The special value off is equal to none, which allows the system to auto-assign the local IP address and port. The transparent parameter allows outgoing connections to a proxied server originate from a non-local IP address, for example, from a real IP address of a client: ``` proxy_connect_bind $remote_addr transparent; ``` In order for this parameter to work, it is usually necessary to run nginx worker processes with the [superuser](http://nginx.org/en/docs/ngx_core_module.html#user) privileges. On Linux it is not required (1.13.8) as if the transparent parameter is specified, worker processes inherit the CAP_NET_RAW capability from the master process. It is also necessary to configure kernel routing table to intercept network traffic from the proxied server. proxy_connect_response ---------------------- Syntax: **proxy_connect_response `CONNECT response`** Default: `HTTP/1.1 200 Connection Established\r\nProxy-agent: nginx\r\n\r\n` Context: `server` Set the response of CONNECT request. Note that it is only used for CONNECT request, it cannot modify the data flow over CONNECT tunnel. For example: ``` proxy_connect_response "HTTP/1.1 200 Connection Established\r\nProxy-agent: nginx\r\nX-Proxy-Connected-Addr: $connect_addr\r\n\r\n"; ``` The `curl` command test case with above config is as following: ``` $ curl https://github.com -sv -x localhost:3128 * Connected to localhost (127.0.0.1) port 3128 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to github.com:443 > CONNECT github.com:443 HTTP/1.1 > Host: github.com:443 > User-Agent: curl/7.64.1 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection Established --. < Proxy-agent: nginx | custom CONNECT response < X-Proxy-Connected-Addr: 13.229.188.59:443 --' ... ``` Variables ========= $connect_host ------------- host name from CONNECT request line. $connect_port ------------- port from CONNECT request line. $connect_addr ------------- IP address and port of the remote host, e.g. "192.168.1.5:12345". IP address is resolved from host name of CONNECT request line. $proxy_connect_connect_timeout ------------------------------ Get or set timeout of [`proxy_connect_connect_timeout` directive](#proxy_connect_connect_timeout). For example: ```nginx # Set default value proxy_connect_connect_timeout 10s; proxy_connect_data_timeout 10s; # Overlap default value if ($host = "test.com") { set $proxy_connect_connect_timeout "10ms"; set $proxy_connect_data_timeout "10ms"; } ``` $proxy_connect_data_timeout --------------------------- Get or set a timeout of [`proxy_connect_data_timeout` directive](#proxy_connect_data_timeout). $proxy_connect_read_timeout --------------------------- Deprecated. It still can get or set a timeout of [`proxy_connect_data_timeout` directive](#proxy_connect_data_timeout) for compatibility. $proxy_connect_send_timeout --------------------------- Deprecated. It has no function. $proxy_connect_resolve_time --------------------------- Keeps time spent on name resolving; the time is kept in seconds with millisecond resolution. * Value of "" means this module does not work on this request. * Value of "-" means name resolving failed. $proxy_connect_connect_time --------------------------- Keeps time spent on establishing a connection with the upstream server; the time is kept in seconds with millisecond resolution. * Value of "" means this module does not work on this request. * Value of "-" means name resolving or connecting failed. $proxy_connect_first_byte_time --------------------------- Keeps time to receive the first byte of data from the upstream server; the time is kept in seconds with millisecond resolution. * Value of "" means this module does not work on this request. * Value of "-" means name resolving, connecting or receving failed. $proxy_connect_response --------------------------- Get or set the response of CONNECT request. The default response of CONNECT request is "HTTP/1.1 200 Connection Established\r\nProxy-agent: nginx\r\n\r\n". Note that it is only used for CONNECT request, it cannot modify the data flow over CONNECT tunnel. For example: ```nginx # modify default Proxy-agent header set $proxy_connect_response "HTTP/1.1 200\r\nProxy-agent: nginx/1.19\r\n\r\n"; ``` Known Issues ============ * In HTTP/2, the CONNECT method is not supported. It only supports the CONNECT method request in HTTP/1.x and HTTPS. See Also ======== * [HTTP tunnel - Wikipedia](https://en.wikipedia.org/wiki/HTTP_tunnel) * [CONNECT method in HTTP/1.1](https://tools.ietf.org/html/rfc7231#section-4.3.6) * [CONNECT method in HTTP/2](https://httpwg.org/specs/rfc7540.html#CONNECT) ================================================ FILE: docs/modules/ngx_http_proxy_connect_module_cn.md ================================================ name ==== 该模块提供对HTTP方法CONNECT的支持。(Tengine 2.3.0版本之后) 该方法主要用于[SSL请求隧道](https://en.wikipedia.org/wiki/HTTP_tunnel#HTTP_CONNECT_tunneling)。 Table of Contents ================= * [name](#name) * [Example](#example) * [configuration example](#configuration-example) * [example for curl](#example-for-curl) * [Install](#install) * [Error Log](#error-log) * [Directive](#directive) * [proxy_connect](#proxy_connect) * [proxy_connect_allow](#proxy_connect_allow) * [proxy_connect_connect_timeout](#proxy_connect_connect_timeout) * [proxy_connect_data_timeout](#proxy_connect_data_timeout) * [proxy_connect_read_timeout(deprecated)](#proxy_connect_read_timeout) * [proxy_connect_send_timeout(deprecated)](#proxy_connect_send_timeout) * [proxy_connect_address](#proxy_connect_address) * [proxy_connect_bind](#proxy_connect_bind) * [proxy_connect_response](#proxy_connect_response) * [Variables](#variables) * [$connect_host](#connect_host) * [$connect_port](#connect_port) * [$connect_addr](#connect_addr) * [$proxy_connect_connect_timeout](#proxy_connect_connect_timeout-1) * [$proxy_connect_read_timeout](#proxy_connect_read_timeout-1) * [$proxy_connect_send_timeout(deprecated)](#proxy_connect_send_timeout-1) * [$proxy_connect_resolve_time](#proxy_connect_resolve_time) * [$proxy_connect_connect_time](#proxy_connect_connect_time) * [$proxy_connect_first_byte_time](#proxy_connect_first_byte_time) * [$proxy_connect_response](#proxy_connect_response-1) * [Known Issues](#known-issues) Example ======= Configuration Example --------------------- ```nginx server { listen 3128; # dns resolver used by forward proxying resolver 8.8.8.8; # forward proxy for CONNECT request proxy_connect; proxy_connect_allow 443 563; proxy_connect_connect_timeout 10s; proxy_connect_data_timeout 10s; # forward proxy for non-CONNECT request location / { proxy_pass http://$host; proxy_set_header Host $host; } } ``` Example for curl ---------------- 你可以通过HTTP CONNECT隧道访问任意HTTPS网站。 使用命令`curl`的简单示例如下: ``` $ curl https://github.com/ -v -x 127.0.0.1:3128 * Trying 127.0.0.1... -. * Connected to 127.0.0.1 (127.0.0.1) port 3128 (#0) | curl与Tengine(proxy_connect模块)创建TCP连接。 * Establish HTTP proxy tunnel to github.com:443 -' > CONNECT github.com:443 HTTP/1.1 -. > Host: github.com:443 (1) | curl发送CONNECT请求以创建隧道。 > User-Agent: curl/7.43.0 | > Proxy-Connection: Keep-Alive -' > < HTTP/1.0 200 Connection Established .- Tengine返回200说明隧道建立成功。 < Proxy-agent: nginx (2)| (后续客户端发送的任何数据都会被代理到对端,Tengine不会修改任何被代理的数据) < '- * Proxy replied OK to CONNECT request * TLS 1.2 connection using TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 -. * Server certificate: github.com | * Server certificate: DigiCert SHA2 Extended Validation Server CA | curl通过隧道发送"https://github.com"请求, * Server certificate: DigiCert High Assurance EV Root CA | proxy_connect模块将把数据代理到对端(github.com)。 > GET / HTTP/1.1 | > Host: github.com (3) | > User-Agent: curl/7.43.0 | > Accept: */* -' > < HTTP/1.1 200 OK .- < Date: Fri, 11 Aug 2017 04:13:57 GMT | < Content-Type: text/html; charset=utf-8 | 任何来自对端的数据都会被proxy_connect模块发送给客户端curl。 < Transfer-Encoding: chunked | < Server: GitHub.com (4)| < Status: 200 OK | < Cache-Control: no-cache | < Vary: X-PJAX | ... | ... ... | ... '- ``` 以上示例的流程图示例如下: ``` curl nginx (proxy_connect) github.com | | | (1) |-- CONNECT github.com:443 -->| | | | | | |----[ TCP connection ]--->| | | | (2) |<- HTTP/1.1 200 ---| | | Connection Established | | | | | | | ========= CONNECT 隧道已经被建立。======================== | | | | | | | | | [ SSL stream ] | | (3) |---[ GET / HTTP/1.1 ]----->| [ SSL stream ] | | [ Host: github.com ] |---[ GET / HTTP/1.1 ]-->. | | [ Host: github.com ] | | | | | | | | | | | | [ SSL stream ] | | [ SSL stream ] |<--[ HTTP/1.1 200 OK ]---' (4) |<--[ HTTP/1.1 200 OK ]------| [ < html page > ] | | [ < html page > ] | | | | | ``` Install ======= * 源码安装此模块: ``` $ ./configure --add-module=./modules/ngx_http_proxy_connect_module $ make && make install ``` Error Log ========= 该模块记录的错误日志以`"proxy_connect:"`字符串为开头。 典型的错误日志如下: * proxy_connect模块尝试与后端服务器建立隧道连接,但发生了连接超时。 ``` 2019/08/07 17:27:20 [error] 19257#0: *1 proxy_connect: upstream connect timed out (peer:216.58.200.4:443) while connecting to upstream, client: 127.0.0.1, server: , request: "CONNECT www.google.com:443 HTTP/1.1", host: "www.google.com:443" ``` Directive ========= proxy_connect ------------- Syntax: **proxy_connect** Default: `none` Context: `server` 开启对HTTP方法"CONNECT"的支持。 proxy_connect_allow ------------------- Syntax: **proxy_connect_allow `all | [port ...] | [port-range ...]`** Default: `443 563` Context: `server` 该指令指定允许开启CONNECT方法的端口。 默认情况下,只有443和563端口被允许。 使用如下参数来修改默认行为: `all`值允许所有端口。 `port`指定允许的特定端口。 `port-range`指定允许的指定端口范围,示例: ``` proxy_connect_allow 1000-2000 3000-4000; # 允许端口范围1000-2000 和 3000-4000 ``` proxy_connect_connect_timeout ----------------------------- Syntax: **proxy_connect_connect_timeout `time`** Default: `none` Context: `server` 指定与对端服务器建联的超时时间。 proxy_connect_data_timeout -------------------------- Syntax: **proxy_connect_data_timeout `time`** Default: `60s` Context: `server` 指定与客户端(或后端服务器)数据传输的等待时间。 如果在此时间内没有数据传输(读或写操作),连接将被关闭。 proxy_connect_read_timeout -------------------------- Syntax: **proxy_connect_read_timeout `time`** Default: `60s` Context: `server` 已弃用。 为了兼容性,它与指令`proxy_connect_data_timeout`具有相同的功能。只能配置其中一个指令(`proxy_connect_data_timeout`或`proxy_connect_read_timeout`)。 proxy_connect_send_timeout -------------------------- Syntax: **proxy_connect_send_timeout `time`** Default: `60s` Context: `server` 已弃用。 为了兼容性,此指令可以配置但没有任何作用。 proxy_connect_address --------------------- Syntax: **proxy_connect_address `address | off`** Default: `none` Context: `server` 指定对端服务器的地址。该值可以包含变量。 值`off`或者不设置该指令,则对端服务器的地址将CONNECT请求行的host字段提取并解析(如查询DNS)。 proxy_connect_bind ------------------ Syntax: **proxy_connect_bind `address [transparent] | off`** Default: `none` Context: `server` 指定与对端服务器的连接的来源地址。 该值可以包含变量。值`off`或者不设置该指令将由系统自动分配来源地址和端口。 `transparent`参数值使与对端服务器的连接的来源地址为非本地地址。示例如下(使用客户端地址作为来源地址): ``` proxy_connect_bind $remote_addr transparent; ``` 为了使`transparent`参数生效,需要配置内核路由表去截获来自对端服务器的网络流量。 proxy_connect_response ---------------------- Syntax: **proxy_connect_response `CONNECT response`** Default: `HTTP/1.1 200 Connection Established\r\nProxy-agent: nginx\r\n\r\n` Context: `server` 指定CONNECT请求的应答内容。 注意该指令只作用于CONNECT请求,它无法修改CONNECT隧道中的数据流。 示例: ``` proxy_connect_response "HTTP/1.1 200 Connection Established\r\nProxy-agent: nginx\r\nX-Proxy-Connected-Addr: $connect_addr\r\n\r\n"; ``` 使用`curl`指令测试上述配置的结果如下: ``` $ curl https://github.com -sv -x localhost:3128 * Connected to localhost (127.0.0.1) port 3128 (#0) * allocate connect buffer! * Establish HTTP proxy tunnel to github.com:443 > CONNECT github.com:443 HTTP/1.1 > Host: github.com:443 > User-Agent: curl/7.64.1 > Proxy-Connection: Keep-Alive > < HTTP/1.1 200 Connection Established --. < Proxy-agent: nginx | 自定义的CONNECT应答 < X-Proxy-Connected-Addr: 13.229.188.59:443 --' ... ``` Variables ========= $connect_host ------------- CONNECT请求行的主机名(host)字段。 $connect_port ------------- CONNECT请求行的端口(port)字段。 $connect_addr ------------- 对端服务器的IP地址和端口,如"192.168.1.5:12345"。 $proxy_connect_connect_timeout ------------------------------ 获取和设置[`proxy_connect_connect_timeout`指令](#proxy_connect_connect_timeout)的超时时间。 示例如下: ```nginx # 设置默认值 proxy_connect_connect_timeout 10s; proxy_connect_data_timeout 10s; # 覆盖默认值 if ($host = "test.com") { set $proxy_connect_connect_timeout "10ms"; set $proxy_connect_data_timeout "10ms"; } ``` $proxy_connect_data_timeout --------------------------- 获取和设置[`proxy_connect_data_timeout`指令](#proxy_connect_data_timeout)的超时时间。 $proxy_connect_read_timeout --------------------------- 弃用。 为了兼容性,仍然能够获取和设置[`proxy_connect_read_timeout`指令](#proxy_connect_read_timeout)的超时时间。 $proxy_connect_send_timeout --------------------------- 弃用。 为了兼容性,仍然能够配置此变量,但没有任何作用。 $proxy_connect_resolve_time --------------------------- 记录域名解析耗时;以秒为单位,以毫秒为精度。 * ""值意味着此模块未做用于该请求。 * "-"值意味着域名解析失败。 $proxy_connect_connect_time --------------------------- 记录与后端建立连接的耗时;以秒为单位,以毫秒为精度。 * ""值意味着此模块未做用于该请求。 * "-"值意味着域名解析或者连接后端失败。 $proxy_connect_first_byte_time --------------------------- 记录收到来自后端的首个字节的耗时;以秒为单位,以毫秒为精度。 * ""值意味着此模块未做用于该请求。 * "-"值意味着域名解析、连接后端或者接收后端数据失败。 $proxy_connect_response --------------------------- 获取和设置CONNECT请求的应答内容。 CONNECT请求的应答内容的默认值是"HTTP/1.1 200 Connection Established\r\nProxy-agent: nginx\r\n\r\n". 注意该变量只作用于CONNECT请求,它无法修改CONNECT隧道中的数据流。 示例: ```nginx # 修改Proxy-agent头的默认值 set $proxy_connect_response "HTTP/1.1 200\r\nProxy-agent: Tengine/2.4.0\r\n\r\n"; ``` Known Issues ============ * 不支持HTTP/2的CONNECT方法。CONNECT方法仅支持HTTP/1.x和HTTPS。 See Also ======== * [维基百科:HTTP隧道](https://en.wikipedia.org/wiki/HTTP_tunnel) * [HTTP/1.1协议中CONNECT方法](https://tools.ietf.org/html/rfc7231#section-4.3.6) * [HTTP/2协议中CONNECT方法](https://httpwg.org/specs/rfc7540.html#CONNECT) ================================================ FILE: docs/modules/ngx_http_reqstat_module.md ================================================ Name ==== * ngx_http_reqstat_module Description =========== This module will help monitor running status of Tengine. * It can provide running status information of Tengine. * The information is divided into different zones, and each zone is independent. * The status information is about connections, requests, response status codes, input and output flows, rt, upstreams, and so on. * It shows all the results by default, and can be set to show part of them by specifying zones. * It supports for user-defined status by using nginx variables. The maximum of all the status is 50. * It recycles out-of-date running status information. * It supports for defining output format. * It follows the request processing flow, so internal redirect will not affect monitoring. * Do not use variables of response as a condition, eg., $status. Compilation =========== The module is compiled into Tengine by default. It can be disabled with '--without-http_reqstat_module' configuration parameter, or it can be compiled as a '.so' with '--with-http_reqstat_module=shared'. If you use this module as a '.so', please make sure it is after 'ngx_http_lua_module'. Please refer to 'nginx -m'. Example =========== http { req_status_zone server "$host,$server_addr:$server_port" 10M; req_status_zone_add_indicator server $limit; server { location /us { req_status_show; req_status_show_field req_total $limit; } set $limit 0; if ($arg_limit = '1') { set $limit 1; } req_status server; } } * when you call '/us', you will get the results like this: www.example.com,127.0.0.1:80,162,6242,1,1,1,0,0,0,0,10,1,10,1.... * Each line shows the status infomation of a "$host,$server_addr:$server_port". * Default line format: kv,bytes_in,bytes_out,conn_total,req_total,http_2xx,http_3xx,http_4xx,http_5xx,http_other_status,rt,ups_req,ups_rt,ups_tries,http_200,http_206,http_302,http_304,http_403,http_404,http_416,http_499,http_500,http_502,http_503,http_504,http_508,http_other_detail_status,http_ups_4xx,http_ups_5xx * **kv** value of the variable defined by the directive 'req_status_zone'. The maximun key length is configurable, 152B by default, and overlength will be cut off * **bytes_in** total number of bytes received from client * **bytes_out** total number of bytes sent to client * **conn_total** total number of accepted connections * **req_total** total number of processed requests * **http_2xx** total number of 2xx requests * **http_3xx** total number of 3xx requests * **http_4xx** total number of 4xx requests * **http_5xx** total number of 5xx requests * **http_other_status** total number of other requests * **rt** accumulation or rt * **ups_req** total number of requests calling for upstream * **ups_rt** accumulation or upstream rt * **ups_tries** total number of times calling for upstream * **http_200** total number of 200 requests * **http_206** total number of 206 requests * **http_302** total number of 302 requests * **http_304** total number of 304 requests * **http_403** total number of 403 requests * **http_404** total number of 404 requests * **http_416** total number of 416 requests * **http_499** total number of 499 requests * **http_500** total number of 500 requests * **http_502** total number of 502 requests * **http_503** total number of 503 requests * **http_504** total number of 504 requests * **http_508** total number of 508 requests * **http_other_detail_status** total number of requests of other status codes * **http_ups_4xx** total number of requests of upstream 4xx * **http_ups_5xx** total number of requests of upstream 5xx * You can use names in the left column to define output format, with directive 'req_status_show_field' * Some fields will be removed in future, because user-defined status has been supported. * tsar can parse the result and monitor, see also https://github.com/alibaba/tsar Directives ========== req_status_zone ------------------------- **Syntax**: *req_status_zone zone_name value size* **Default**: *none* **Context**: *http* create shared memory for this module. 'zone_name' is the name of memory block. 'value' defines the key, in which variables can be used. 'size' defines the size of shared memory. Example: req_status_zone server "$host,$server_addr:$server_port" 10M; the memory is 10MB, the key is "$host,$server_addr:$server_port", and the name is "server". * Notice, if you want to use tsar to monitor, you should not use comma in the key. req_status ------------------------- **Syntax**: *req_status zone_name1 [zone_name2 [zone_name3 [...]]]* **Default**: *none* **Context**: *http、srv、loc* Enable monitoring. You can specify multiple zones to monitor. req_status_show ------------------------- **Syntax**: *req_status_show [zone_name1 [zone_name2 [...]]]* **Default**: *all the targets defined by 'req_status_zone'* **Context**: *loc* Display the status information. You can specify zones to display. req_status_show_field ------------------------------- **Syntax**: *req_status_show_field field_name1 [field_name2 [field_name3 [...]]]* **Default**: *all the fields, including user defined fields* **Context**: *loc* Define output format, used with the directive 'req_status_show'. You can use names to define internal supported fields, see it above. And also you can use variables to define user defined fields. 'kv' is always the first field in a line. req_status_zone_add_indicator -------------------------------- **Syntax**: *req_status_zone_add_indecator zone_name $var1 [$var2 [...]]* **Default**: *none* **Context**: *http* Add user-defined status by using nginx variables. The status will be appended at the end of each line on display. req_status_zone_key_length ------------------------------- **Syntax**: *req_status_zone_key_length zone_name length* **Default**: *none* **Context**: *http* Define the maximun length of key for a zone. The default is 104. req_status_zone_recycle ------------------------------- **Syntax**: *req_status_zone_recycle zone_name times seconds* **Default**: *none* **Context**: *http* Define the recycle threshold for a zone. Recycle will be switched on when the shared memory is exhausted, and will only take effect on imformation whose visit frequency is lower than the setting. The setting frequency is defined by 'times' and 'seconds', and it is 10r/min by default. req_status_zone_recycle demo_zone 10 60; req_status_lazy ------------------------------- **Syntax**: *req_status_lazy on|off* **Default**: *off* **Context**: *http、srv、loc* req_status_lazy directive is used to control whether the variable in the req_status_zone directive is recalculate during the log phasei. In order to solve some variables (such as the upstream_xxx related variable) as a key scene to get empty value. ================================================ FILE: docs/modules/ngx_http_reqstat_module_cn.md ================================================ 模块名 ==== * ngx_http_reqstat_module,监控模块 描述 =========== * 这个模块计算定义的变量,根据变量值分别统计Tengine的运行状况。 * 可以监视的运行状况有:连接数、请求数、各种响应码范围的请求数、输入输出流量、rt、upstream访问等。 * 可以指定获取所有监控结果或者一部分监控结果。 * 利用变量添加自定义监控状态。总的监控状态最大个数为50个。 * 回收过期的监控数据。 * 设置输出格式 * 跟踪请求,不受内部跳转的影响 * 不要使用与响应相关的变量作为条件,比如"$status" 编译 =========== 默认编入Tengine,可通过--without-http_reqstat_module不编译此模块,或通过--with-http_reqstat_module=shared编译为so模块。 使用so模块加载的话,请确保其顺序在"ngx_http_lua_module"之后。可以借助"nginx -m"来确认。 例子 =========== http { req_status_zone server "$host,$server_addr:$server_port" 10M; req_status_zone_add_indicator server $limit; server { location /us { req_status_show; req_status_show_field req_total $limit; } set $limit 0; if ($arg_limit = '1') { set $limit 1; } req_status server; } } * 以上例,通过访问/us得到统计结果 * 每行对应一个server * 每行的默认格式 kv,bytes_in,bytes_out,conn_total,req_total,http_2xx,http_3xx,http_4xx,http_5xx,http_other_status,rt,ups_req,ups_rt,ups_tries,http_200,http_206,http_302,http_304,http_403,http_404,http_416,http_499,http_500,http_502,http_503,http_504,http_508,http_other_detail_status,http_ups_4xx,http_ups_5xx * kv 计算得到的req_status_zone指令定义变量的值,最大长度可配置,默认104B,超长的部分截断 * bytes_in 从客户端接收流量总和 * bytes_out 发送到客户端流量总和 * conn_total 处理过的连接总数 * req_total 处理过的总请求数 * http_2xx 2xx请求的总数 * http_3xx 3xx请求的总数 * http_4xx 4xx请求的总数 * http_5xx 5xx请求的总数 * http_other_status 其他请求的总数 * rt rt的总数 * ups_req 需要访问upstream的请求总数 * ups_rt 访问upstream的总rt * ups_tries upstram总访问次数 * http_200 200请求的总数 * http_206 206请求的总数 * http_302 302请求的总数 * http_304 304请求的总数 * http_403 403请求的总数 * http_404 404请求的总数 * http_416 416请求的总数 * http_499 499请求的总数 * http_500 500请求的总数 * http_502 502请求的总数 * http_503 503请求的总数 * http_504 504请求的总数 * http_508 508请求的总数 * http_other_detail_status 非以上13种status code的请求总数 * http_ups_4xx upstream返回4xx响应的请求总数 * http_ups_5xx upstream返回5xx响应的请求总数 * 可以用"req_status_show_field"指令定义输出格式。左侧栏是字段的名字。 * 注,后续会清理这些状态,因为已经支持了自定义状态。 * tsar可解析输出结果,具体见https://github.com/alibaba/tsar 指令 ========== req_status_zone ------------------------- **Syntax**: *req_status_zone zone_name value size* **Default**: *none* **Context**: *main* 创建统计使用的共享内存。zone_name是共享内存的名称,value用于定义key,支持变量。size是共享内存的大小。 例子: req_status_zone server "$host,$server_addr:$server_port" 10M; 创建名为“server”的共享内存,大小10M,使用“$host,$server_addr:$server_port”计算key。 * 注意,如果希望用tsar来监控的话,key的定义中请不要使用逗号。 req_status ------------------------- **Syntax**: *req_status zone_name1 [zone_name2 [zone_name3 [...]]]* **Default**: *none* **Context**: *http、srv、loc* 开启统计,可以指定同时统计多个目标,每一个zone_name对应一个目标。 req_status_show ------------------------- **Syntax**: *req_status_show [zone_name1 [zone_name2 [...]]]* **Default**: *所有建立的共享内存目标* **Context**: *loc* 按格式返回统计结果。可指定返回部分目标的统计结果。 req_status_show_field ------------------------------- **Syntax**: *req_status_show_field field_name1 [field_name2 [field_name3 [...]]]* **Default**: *all the fields, including user defined fields* **Context**: *loc* 定义输出格式。可以使用的字段:内置字段,以上面的名字来表示;自定义字段,用变量表示。 'kv'总是每行的第一个字段。 req_status_zone_add_indicator -------------------------------- **Syntax**: *req_status_zone_add_indecator zone_name $var1 [$var2 [...]]* **Default**: *none* **Context**: *http* 通过变量增加自定义字段,新增加的字段目前会展现在每行的末尾。 req_status_zone_key_length ------------------------------- **Syntax**: *req_status_zone_key_length zone_name length* **Default**: *none* **Context**: *http* 定义某个共享内存块中key的最大长度,默认值104。key中超出的部分会被截断。 req_status_zone_recycle ------------------------------- **Syntax**: *req_status_zone_recycle zone_name times seconds* **Default**: *none* **Context**: *http* 定义某个共享内存块过期数据的回收。回收在共享内存耗尽时自动开启。只会回收访问频率低于设置值的监控数据。 频率定义为 times / seconds,默认值为10r/min,即 req_status_zone_recycle demo_zone 10 60; req_status_lazy ------------------------------- **Syntax**: *req_status_lazy on|off* **Default**: *off* **Context**: *http、srv、loc* req_status_lazy指令用于控制req_status_zone指令中配置的变量是否在log阶段重新取值,用来解决部分变量(如upstream_xxx相关变量)作为key场景下获取是空的问题。 ================================================ FILE: docs/modules/ngx_http_spdy_module.md ================================================ # Name # **NOTE** 1. This module has been updated to official nginx SPDY/3.1 module, the document is available here: http://nginx.org/en/docs/http/ngx_http_spdy_module.html 2. This document only applies to Tengine-2.1.0 and its old version. But the listen option `spdy_detect` can still be used with SPDY/3.1. 3. Tengine-2.2.0 or later provides support for HTTP/2 and supersedes the SPDY module. **ngx\_http\_spdy\_module** Tengine added SPDY/3 support to this module. The new directives are listed below. # Directives # ## spdy\_version ## Syntax: **spdy\_version** [2|3] Default: 3 Context: http, server Specify the version of current SPDY protocol. ## spdy\_flow\_control ## Syntax: **spdy\_flow\_control** on|off Default: on Context: http, server Turn on or off with SPDY flow control. ## spdy\_init\_recv\_window\_size ## Syntax: **spdy\_init\_recv\_window\_size** size Default: 64k Context: http, server Specify the receiving window size for SPDY. By default, it's 64K. It will send a WINDOW UPDATE frame when it receives half of the window size data every time. ## spdy\_detect ## Syntax: listen address[:port] [spdy_detect] [ssl] Default: Context: listen directive Server can work for SPDY and HTTP on the same port with this directive. Note that the server will examine the first byte of one connection and determine whether the connection is SPDY or HTTP based on what it looks like (0x80 or 0x00 for SPDY). Server will listen on port 80 for SPDY and HTTP, for example: listen 80 spdy_detect; Server will detect whether SPDY or HTTP is used without using a TLS extension (NPN), for example: listen 443 ssl spdy_detect; Server can detect whether SPDY or HTTP is used directly, and also it can negotiate with client via NPN, for example: listen 443 ssl spdy_detect spdy; ================================================ FILE: docs/modules/ngx_http_spdy_module_cn.md ================================================ # Name # **注意** 1. Tengine-2.1.0以上版本的SPDY模块已经与官方nginx同步,只支持SPDY/3.1。 文档参考: http://nginx.org/en/docs/http/ngx_http_SPDY_module.html 2. 以下文档只适用于Tengine-2.1.0及以下版本,只支持SPDY/2和SPDY/3。listen参数`spdy_detect`在SPDY/3.1下任然可以使用。 3. Tengine-2.2.0以上版本将该模块删除,改为支持HTTP/2模块。 **ngx\_http\_spdy\_module** Tengine对SPDY模块增加SPDY/3协议的支持。以下是新增的指令。 # Directives # ## spdy\_version ## Syntax: **spdy\_version** [2|3] Default: 3 Context: http, server 指定SPDY协议使用的版本。默认是SPDY/3。 ## spdy\_flow\_control ## Syntax: **spdy\_flow\_control** on|off Default: on Context: http, server 打开或关闭SPDY/3的流控功能。 ## spdy\_init\_recv\_window\_size ## Syntax: **spdy\_init\_recv\_window\_size** size Default: 64k Context: http, server 指定SPDY/3服务器的接收窗口大小。接收窗口大小默认值是64K。服务器每次会在接收窗口使用超过一半时给客户端发送窗口更新帧(WINDOW UPDATE frame)。 ## spdy\_detect ## Syntax: listen address[:port] [spdy_detect] [ssl] Default: Context: listen directive 启用这个指令时,SPDY协议和HTTP协议可以工作在同一个端口上。注意:服务器通过探测每个TCP连接上的首字节来判断此连接上是SPDY协议还是HTTP协议(如果首字节是0x80或者0x00,则认为是SPDY协议)。 服务器在80端口上同时监听SPDY连接和HTTP连接,配置如下: listen 80 spdy_detect; 服务器在443端口上自动探测SSL层下是SPDY协议还是HTTP协议。注意服务器不会通过TLS扩展(NPN)来协商是SPDY协议还是HTTP协议,配置如下: listen 443 ssl spdy_detect; 服务器在443端口上既可以自动探测SSL层下是SPDY协议还是HTTP协议,也可以通过TLS扩展(NPN)来协商是SPDY协议还是HTTP协议,配置如下: listen 443 ssl spdy_detect spdy; ================================================ FILE: docs/modules/ngx_http_ssl_asynchronous_mode.md ================================================ Name ==== * Nginx SSL/TLS asynchronous mode Description =========== Provide information about how to enable SSL/TLS asynchronous in Nginx. * SSL/TLS asynchronous mode is provided by OpenSSL 1.1.0+ version Compilation =========== Build Nginx with configuration item '--with-openssl-async' Directives =========== **Syntax**: ssl_async on | off; **Default**: ssl_async off; **Context**: http, server Enables SSL/TLS asynchronous mode for the given virtual server. Example ========== file: conf/nginx.conf ''' http { ssl_async on; server { ... } } } ''' OR ''' http { server { ssl_async on; } } } ''' Note ======================== To demostrate the asynchronous mode of SSL/TLS, it needs an asynchronous enabled engine support. As a reference implementation, OpenSSL 1.1.0+ version provides an 'dasync' engine which support the asynchronous working flow. 'dasync' engine will be built as a shared library 'dasync.so' in engines/ Please use below reference openssl.cnf file to enable it for RSA offloading. openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] dasync = dasync_section [dasync_section] engine_id = dasync dynamic_path = /path/to/openssl/source/engines/dasync.so default_algorithms = RSA For more details information, please refer to https://www.openssl.org ================================================ FILE: docs/modules/ngx_http_ssl_asynchronous_mode_cn.md ================================================ 名称 ==== * Nginx SSL/TLS 异步模式 Description =========== 本文档提供关于如何在Nginx开启异步SSL/TLS支持的说明. * 异步SSL/TLS模式是OpenSSL 1.1.0版本之后引入的新的模式 编译支持 =========== 启用--with-openssl-async编译选项 配置项 =========== **语法**: ssl_async on | off; **默认值**: ssl_async off; **作用域**: http, server 在给定的http块或者虚拟server块中配置启用异步SSL/TLS模式 配置示例 ========== 配置文件: conf/nginx.conf ''' http { ssl_async on; server { ... } } } ''' 或 ''' http { server { ssl_async on; } } } ''' 说明 ======================== 为了展示Nginx启用异步SSL/TLS的效果,需要OpenSSL在算法层提供支持异步的引擎模块 在OpenSSL 1.1.0之后的版本中,默认提供了名为'dasync'的参考异步引擎 在完成OpenSSL编译后,异步引擎'dasync'会以共享库'dasync.so'的形式出现在engines/ 目录下,使用如下openssl.cnf配置文件中的配置可以使能'dasync'异步引擎用于RSA算法 openssl_conf = openssl_def [openssl_def] engines = engine_section [engine_section] dasync = dasync_section [dasync_section] engine_id = dasync dynamic_path = /path/to/openssl/source/engines/dasync.so default_algorithms = RSA 更多详细信息请参考https://www.openssl.org ================================================ FILE: docs/modules/ngx_http_sysguard.md ================================================ # ngx_http_sysguard_module ## Description This module monitors memory usage (including the swap partition), load of CPUs and average response time of requests of the system and cpu usage. If any guideline that is monitored exceeds the threshold set by user, the current request will be redirected to a specific url. To be clarified, this module can only be full functional when the system supports sysinfo function and loadavg function. The sysguard module also need to read memory information from /proc file system. ## Configuration server { sysguard on; sysguard_mode or; sysguard_load load=10.5 action=/loadlimit; sysguard_mem swapratio=20% action=/swaplimit; sysguard_mem free=100M action=/freelimit; sysguard_rt rt=0.01 period=5s action=/rtlimit; location /loadlimit { return 503; } location /swaplimit { return 503; } location /freelimit { return 503; } location /rtlimit { return 503; } location /cpulimit { return 503; } } ## Directives **sysguard** `on` | `off` **Default:** `sysguard off` **Context:** `http, server, location` Enable or disable the sysguard module.

**sysguard_load** `load=[ncpu*]number [action=/url]` **Default:** `none` **Context:** `http, server, location` This directive tells the module to protect the system by monitoring the load of CPUs. If the system's loads reach the value that is specified by 'number' in one minute, the incoming request will be redirected to the url specified by 'action' parameter. If 'action' is not specified, tengine will respond with 503 error directly. It's also possible to use ncpu\* to make the configuration, in which case, ncpu stands for the number of the CPU cores. For instance, load = ncpu*1.5.

**sysguard_cpu** `usage=num [period=time] [action=/url]` **Default:** `period=3s` **Context:** `http, server, location` This directive tells the module to protect the system by monitoring the CPU usage. When the system in the `period` (` units: s `) within the CPU reach to num (` note: ` the num is a integer. such as protection CPU is 50% and could be set the usage = 50), the incoming request will be redirected to the url specified by 'action' parameter. If the action is not configured, tengine will return 503 directly. ``` cpu usage formula: cpu_usage = [(cur.usr + cur.nice + cur.sys) - (pre.usr + pre.nice + pre.sys)]/ [(cur.usr + cur.nice + cur.sys + cur.iowait + cur.irq + cur.softirq + cur.idle) - (pre.usr + pre.nice + pre.sys + pre.iowait + pre.irq + pre.softirq + pre.idle)] * 100 ```

**sysguard_mem** `[swapratio=ratio%] [free=size] [action=/url]` **Default:** `-` **Context:** `http, server, location` This directive is used to tell the module to protect the system by monitoring memroy usage. 'swapratio' is used to specify how many percent of the swap partition of the system, and 'free' is used to specify the miminum size of current memory. If any condition is fulfilled, the incoming request will be redirected to specified url, which is defined by parameter 'action'. If 'action' is not specified, the request will be responded with 503 error directly. Besides, if the user disables the swap partition in the system, this directive will not be functional. 'free' is calculated by /proc/meminfo, the algorithm is 'memfree = free + buffered + cached'.

**sysguard_rt** `[rt=seconds] [period=time] [action=/url]` **Default:** `-` **Context:** `http, server, location` This directive is used to tell the module to protect the system by monitoring average response time of requests in a specified period. Parameter rt is used to set a threshold of the average response time, in second. Parameter period is used to specifiy the period of the statistics cycle. If the average response time of the system exceeds the threshold specified by the user, the incoming request will be redirected to a specified url which is defined by parameter 'action'. If no 'action' is presented, the request will be responded with 503 error directly.

**sysguard_mode** `and` | `or` **Default:** `sysguard_mode or` **Context** `http, server, location` If there are more than one type of monitor, this directive is used to specified the relations among all the monitors which are: 'and' for all matching and 'or' for any matching.

**sysguard_interval** `time` **Default** `sysguard_interval 1s` **Context** `http, server, location` Specify the time interval to update your system information.

**sysguard_log_level** `[info | notice | warn | error]` **Default** `sysguard_log_level error` **Context** `http, server, location` Specify the log level of sysguard. ## Installation 1. Compile sysguard module configure [--with-http_sysguard_module | --with-http_sysguard_module=shared] --with-http_sysguard_module, sysguard module will be compiled statically into tengine. --with-http_sysguard_module=shared, sysguard module will be compiled dynamically into tengine. 2. Build and install make&make install 3. Make sysguard configuration 4. Run ================================================ FILE: docs/modules/ngx_http_sysguard_cn.md ================================================ # sysguard 模块 ## 介绍 该模块监控内存(含swap分区)、CPU和请求的响应时间,当某些监控指标达到设定的阈值时,跳转到指定的url。注意,目前该模块仅对系统支持sysinfo函数时,才支持基于load与内存信息的保护,以及系统支持loadavg函数时支持基于load进行保护。模块需要从/proc文件系统中读取内存信息。 ## 配置 server { sysguard on; sysguard_mode or; sysguard_load load=10.5 action=/loadlimit; sysguard_cpu usage=20 period=3s action=/cpulimit; sysguard_mem swapratio=20% action=/swaplimit; sysguard_mem free=100M action=/freelimit; sysguard_rt rt=0.01 period=5s action=/rtlimit; location /loadlimit { return 503; } location /swaplimit { return 503; } location /freelimit { return 503; } location /rtlimit { return 503; } location /cpulimit { return 503; } } ## 指令 **sysguard** `on` | `off` **默认:** `sysguard off` **上下文:** `http, server, location` 打开或者关闭这个模块

**sysguard_load** `load=[ncpu*]number [action=/url]` **默认:** `none` **上下文:** `http, server, location` 该指令用于配置根据系统的load来限制用户的请求,以保护系统。当系统在一分钟内的load达到number时,将进来的请求转到action所指定的url。如果action没有配置,则直接返回503错误。load的数值还支持使用ncpu\*系数的方式来配置,ncpu表示cpu核数,乘以固定的系数得出期望限制的load值,如: load=ncpu\*1.5。

**sysguard_cpu** `usage=num [period=time] [action=/url]` **默认:** `period=3s` **上下文:** `http, server, location` 该指令用于配置根据系统的cpu来限制用户的请求,以保护系统。当系统在period(`单位:s`)内的cpu达到num(`注意:` 取值是整数:如cpu保护阀值想设置为50%则可设置usage=50)时,将进来的请求转到action所指定的url。如果action没有配置,则直接返回503错误。 ``` 计算公式: cpu_usage = [(cur.usr + cur.nice + cur.sys) - (pre.usr + pre.nice + pre.sys)]/ [(cur.usr + cur.nice + cur.sys + cur.iowait + cur.irq + cur.softirq + cur.idle) - (pre.usr + pre.nice + pre.sys + pre.iowait + pre.irq + pre.softirq + pre.idle)] * 100 ```

**sysguard_mem** `[swapratio=ratio%] [free=size] [action=/url]` **默认:** `-` **上下文:** `http, server, location` 该指令用于配置根据系统的内存使用状态来限制用户请求,以保护系统。swapratio用于配置当当前交换空间的已使用ratio%时,或者剩下的内存少于size时,就将进来的请求跳转到指定的url。如果action没有配置,则直接返回503错误。另外,如果用户自己禁用了交换区间,则配置该指定是不起作用的。free是根据/proc/meminfo的内容来计算的,计算公式是"memfree= free + buffered + cached"

**sysguard_rt** `[rt=seconds] [period=time] [action=/url]` **默认:** `-` **上下文:** `http, server, location` 该指令用于配置根据系统的请求平均响应时间来限制用户请求,以保护系统。rt参数用于设置请求的平均响应时间的阈值,单位为秒,平均响应时间的统计周期使用period参数设置。当系统的请求平均响应时间大于阈值时,将当前请求跳转到action参数配置的url,如果action没有配置,则直接返回503。

**sysguard_mode** `and` | `or` **默认:** `sysguard_mode or` **上下文** `http, server, location` 如果设置了多个监控指标,此参数用于指定指标间的判断关系,and为全部满足,or为任一满足。

**sysguard_interval** `time` **默认** `sysguard_interval 1s` **上下文** `http, server, location` 该指定用于配置获取系统信息时的缓存时间。默认为1s,则表示在这1s内,只调用一次系统函数来获取系统的当前状况。

**sysguard_log_level** `[info | notice | warn | error]` **默认** `sysguard_log_level error` **上下文** `http, server, location` 该指令用于配置,当保护系统的操作执行时,记录日志时的日志级别。 ## 安装 1. 编译sysguard模块 configure [--with-http_sysguard_module | --with-http_sysguard_module=shared] --with-http_sysguard_module选项,sysguard模块将被静态编译到tengine中 --with-http_sysguard_module=shared, sysguard模块将被编译成动态文件,采用动态模块的方式添加到tengine中 2. 编译,安装 make&make install 3. 配置sysguard的配置项 4. 运行 ================================================ FILE: docs/modules/ngx_http_tfs_module.md ================================================ Name ==== * TFS module Description =========== * This module implements an asynchronous client of TFS(Taobao File System), providing RESTful API to it. [TFS](http://tfs.taobao.org) is a distributed file system developed by Taobao Inc. This module is not built by default, it should be enabled with the `--with-http_tfs_module` configuration parameter. Example ======= http { #tfs_upstream tfs_rc { # server 127.0.0.1:6100; # type rcs; # rcs_zone name=tfs1 size=128M; # rcs_interface eth0; # rcs_heartbeat lock_file=/logs/lk.file interval=10s; #} tfs_upstream tfs_ns { server 127.0.0.1:8108; type ns; } server { listen 7500; server_name localhost; tfs_keepalive max_cached=100 bucket_count=10; tfs_log "pipe:/usr/sbin/cronolog -p 30min /path/to/nginx/logs/cronolog/%Y/%m/%Y-%m-%d-%H-%M-tfs_access.log"; location / { tfs_pass tfs://tfs_ns; } } } Directives ========== tfs\_upstream ---------------- **Syntax**: *tfs\_upstream name {...}* **Default**: *none* **Context**: *http* Defines information of upstream TFS server. Example: tfs_upstream tfs_rc { server 127.0.0.1:6100; type rcs; rcs_zone name=tfs1 size=128M; rcs_interface eth0; rcs_heartbeat lock_file=/logs/lk.file interval=10s; } tfs_upstream tfs_ns { server 127.0.0.1:8100; type ns; } server ------------ **Syntax**: *server address* **Default**: *none* **Context**: *tfs_upstream* Defines the address of upstream TFS server. An address can be specified as a domain name or IP address. Example : server 10.0.0.1:8108; type ---------------- **Syntax**: *type [ns | rcs]* **Default**: *ns* **Context**: *tfs_upstream* Specify the type of upstream TFS server. It could be ns(NameServer) or rcs(RcServer), default is ns. rcs\_zone -------------- **Syntax**: *rcs_zone name=n size=num* **Default**: *none* **Context**: *tfs_upstream* Defines the shared memory zone used to store application configuration information registerd in RcServer. This directive is mandatory when upstream is RcServer. Application configuration information can be updated through heartbeat with RcServer(directive rcs_heartbeat). Example: rcs_zone name=tfs1 size=128M; rcs\_heartbeat -------------- **Syntax**: *rcs_heartbeat lock_file=/path/to/file interval=time* **Default**: *none* **Context**: *tfs_upstream* Enable heartbeat with RcServer so that application configuration information can be updated in time. It is mandatory when upstream is RcServer. The following parameters must be defined: lock_file=/path/to/file use to create a mutex so that only one Nginx worker can do heartbeat at one time. interval=time set heartbeat interval. Example: rcs_heartbeat lock_file=/path/to/nginx/logs/lk.file interval=10s; rcs\_interface ---------------- **Syntax**: *rcs\_interface interface* **Default**: *none* **Context**: *tfs_upstream* Specify net interface used by TFS module. It is used to get local IP address. It is only mandatory when upstream is RCServer. Example: rcs_interface eth0; tfs_pass -------- **Syntax**: *tfs_pass name* **Default**: *none* **Context**: *location* Specify TFS upstream. Remember that protocol used here must be "tfs". Example: tfs_upstream tfs_rc { }; location / { tfs_pass tfs://tfs_rc; } tfs_keepalive ------------- **Syntax**: *tfs_keepalive max_cached=num bucket_count=num* **Default**: *none* **Context**: *http, server* Defines connection pool used by TFS module. This connection pool caches upstream connections. The following parameters must be defined: max_cached=num set the capacity of one hash bucket. bucket_count=num set the count of hash buckets. Example: tfs_keepalive max_cached=100 bucket_count=15; tfs\_block\_cache\_zone ----------------------- **Syntax**: *tfs_block_cache_zone size=num* **Default**: *none* **Context**: *http* Defines the shared memory zone used for BlockCache. Example: tfs_block_cache_zone size=256M; tfs\_log ---------------- **Syntax**: *tfs_log path* **Default**: *none* **Context**: *http, server* Sets the TFS access log. Example: tfs_log "pipe:/usr/sbin/cronolog -p 30min /path/to/nginx/logs/cronolog/%Y/%m/%Y-%m-%d-%H-%M-tfs_access.log"; tfs\_body\_buffer\_size ----------------------- **Syntax**: *tfs_body_buffer_size size* **Default**: *2m* **Context**: *http, server, location* Sets the buffer size for reading upstream response. By default, buffer size is 2m. Example: tfs_body_buffer_size 2m; tfs\_connect\_timeout --------------------- **Syntax**: *tfs_connect_timeout time* **Default**: *3s* **Context**: *http, server, location* Sets a timeout for connecting upstream servers. tfs\_send\_timeout ------------------ **Syntax**: *tfs_send_timeout time* **Default**: *3s* **Context**: *http, server, location* Sets a timeout for transmitting data to upstream servers. tfs\_read\_timeout ------------------ **Syntax**: *tfs_read_timeout time* **Default**: *3s* **Context**: *http, server, location* Sets a timeout for reading data from upstream servers. Others ------ Uploading file size supported depends on the directive client_max_body_size. ================================================ FILE: docs/modules/ngx_http_tfs_module_cn.md ================================================ 模块名 ==== * nginx-tfs 描述 ==== * 这个模块实现了TFS的客户端,为TFS提供了RESTful API。TFS的全称是Taobao File System,是淘宝开源的一个分布式文件系统。 编译安装 ======= 1. TFS模块使用了一个开源的JSON库来支持JSON,请先安装[yajl](http://lloyd.github.com/yajl/)-2.0.1。 2. 下载[nginx](http://www.nginx.org/)或[tengine](http://tengine.taobao.org/)。 3. ./configure --add-module=/path/to/nginx-tfs 4. make && make install 配置 ==== http { #tfs_upstream tfs_rc { # server 127.0.0.1:6100; # type rcs; # rcs_zone name=tfs1 size=128M; # rcs_interface eth0; # rcs_heartbeat lock_file=/logs/lk.file interval=10s; #} tfs_upstream tfs_ns { server 127.0.0.1:6100; type ns; } server { listen 7500; server_name localhost; tfs_keepalive max_cached=100 bucket_count=10; tfs_log "pipe:/usr/sbin/cronolog -p 30min /path/to/nginx/logs/cronolog/%Y/%m/%Y-%m-%d-%H-%M-tfs_access.log"; location / { tfs_pass tfs://tfs_ns; } } } 指令 ==== server ------------ **Syntax**: *server address* **Default**: *none* **Context**: *tfs_upstream* 指定后端TFS服务器的地址,当指令typercs时为RcServer的地址,如果为为ns时为NameServer的地址。此指令必须配置。例如: server 10.0.0.1:8108; type ---------------- **Syntax**: *type [ns | rcs]* **Default**: *ns* **Context**: *tfs_upstream* 设置server类型,类型只能为ns或者rcs,如果为ns,则指令server指定的地址为NameServer的地址,如果为rcs,则为RcServer的地址。如需使用自定义文件名功能请设置类型为rcs,使用自定义文件名功能需额外配置MetaServer和RootServer。 rcs\_zone -------------- **Syntax**: *rcs_zone name=n size=num* **Default**: *none* **Context**: *tfs_upstream* 配置TFS应用在RcServer的配置信息。若开启RcServer(配置了type rcs),则必须配置此指令。配置此指令会在共享内存中缓存TFS应用在RcServer的配置信息,并可以通过指令rcs_heartbeat来和RcServer进行keepalive以保证应用的配置信息的及时更新。例如: rcs_zone name=tfs1 size=128M; rcs\_heartbeat -------------- **Syntax**: *rcs_heartbeat lock_file=/path/to/file interval=time* **Default**: *none* **Context**: *tfs_upstream* 配置TFS应用和RcServer的keepalive,应用可通过此功能来和RcServer定期交互,以及时更新其配置信息。若开启RcServer功能(配置了type rcs),则必须配置此指令。例如: rcs_heartbeat lock_file=/path/to/nginx/logs/lk.file interval=10s; rcs\_interface ---------------- **Syntax**: *rcs\_interface interface* **Default**: *none* **Context**: *tfs_upstream* 配置TFS模块使用的网卡。若开启RcServer功能(配置了type rcs),则必须配置此指令。例如: rcs_interface eth0; tfs\_upstream ---------------- **Syntax**: *tfs\_upstream name {...}* **Default**: *none* **Context**: *http* 配置TFS模块的server信息,这个块包括上面几个命令。例如: tfs_upstream tfs_rc { server 127.0.0.1:6100; type rcs; rcs_zone name=tfs1 size=128M; rcs_interface eth0; rcs_heartbeat lock_file=/logs/lk.file interval=10s; } tfs_pass -------- **Syntax**: *tfs_pass name* **Default**: *none* **Context**: *location* 是否打开TFS模块功能,此指令为关键指令,决定请求是否由TFS模块处理,必须配置。需要注意,这里不支持直接写ip地址或者域名,这里只支持指令tfs_upstream name {...} 配置的upstream,并且必须以 tfs:// 开头。例如: tfs_upstream tfs_rc { }; location / { tfs_pass tfs://tfs_rc; } tfs_keepalive ------------- **Syntax**: *tfs_keepalive max_cached=num bucket_count=num* **Default**: *none* **Context**: *http, server* 配置TFS模块使用的连接池的大小,TFS模块的连接池会缓存TFS模块和后端TFS服务器的连接。可以把这个连接池看作由多个hash桶构成的hash表,其中bucket\_count是桶的个数,max\_cached是桶的容量。此指令必须配置。注意,应该根据机器的内存情况来合理配置连接池的大小。例如: tfs_keepalive max_cached=100 bucket_count=15; tfs\_block\_cache\_zone ----------------------- **Syntax**: *tfs_block_cache_zone size=num* **Default**: *none* **Context**: *http* 配置TFS模块的本地BlockCache。配置此指令会在共享内存中缓存TFS中的Block和DataServer的映射关系。注意,应根据机器的内存情况来合理配置BlockCache大小。例如: tfs_block_cache_zone size=256M; tfs\_log ---------------- **Syntax**: *tfs_log path* **Default**: *none* **Context**: *http, server* 是否进行TFS访问记录。配置此指令会以固定格式将访问TFS的请求记录到指定log中,以便进行分析。具体格式参见代码。例如: tfs_log "pipe:/usr/sbin/cronolog -p 30min /path/to/nginx/logs/cronolog/%Y/%m/%Y-%m-%d-%H-%M-tfs_access.log"; 注:cronolog支持依赖于tengine提供的扩展的日志模块。 tfs\_body\_buffer\_size ----------------------- **Syntax**: *tfs_body_buffer_size size* **Default**: *2m* **Context**: *http, server, location* 配置用于和后端TFS服务器交互时使用的的body_buffer的大小。默认为2m。例如: tfs_body_buffer_size 2m; tfs\_connect\_timeout --------------------- **Syntax**: *tfs_connect_timeout time* **Default**: *3s* **Context**: *http, server, location* 配置连接后端TFS服务器的超时时间。 tfs\_send\_timeout ------------------ **Syntax**: *tfs_send_timeout time* **Default**: *3s* **Context**: *http, server, location* 配置向后端TFS服务器发送数据的超时时间。 tfs\_read\_timeout ------------------ **Syntax**: *tfs_read_timeout time* **Default**: *3s* **Context**: *http, server, location* 配置从后端TFS服务器接收数据的超时时间。 其他 ---- 能支持上传文件大小决定于client_max_body_size指令配置的大小。 ================================================ FILE: docs/modules/ngx_http_trim_filter_module.md ================================================ # Ngx_http_trim_filter module The ngx_http_trim_filter module is a filter that modifies a response by removing unnecessary whitespaces (spaces, tabs, newlines) and comments from HTML (including inline javascript and css). Trim module parses HTML with a state machine. ## Example Configuration location / { trim on; trim_js on; trim_css on; } ## Directives **trim** `on` | `off` **Default:** `trim off` **Context:** `http, server, location` Enable or disable trim module for pure HTML. This module will retain some contents unchanged, in case that they are enclosed by the tag `pre`,`textarea`,`script` and `style`,as well as IE/SSI/ESI comments. Parameter value can contain variables. Example: set $flag "off"; if ($condition) { set $flag "on"; } trim $flag;
**trim_js** `on` | `off` **Default:** `trim_js off` **Context:** `http, server, location` Enable or disable trim module for inline javascript. Parameter value can contain variables too.
**trim_css** `on` | `off` **Default:** `trim_css off` **Context:** `http, server, location` Enable or disable trim module for inline css. Parameter value can contain variables too.
**trim_types** `MIME types` **Default:** `trim_types: text/html` **Context:** `http, server, location` Enable trim module for the specified MIME types in addition to "text/html". Responses with the “text/html” type are always processed.
## Debug Trim module will be disabled if incoming request has `http_trim=off` parameter in url. e.g. `http://www.xxx.com/index.html?http_trim=off` ## Sample original: trim module 
Welcome    to    nginx!
result: trim module 
Welcome    to    nginx!
## Trim Rule ### Html ##### Whitespace + Remove '\r'. + Replace '\t' with space. + Replace multiple spaces with a single space. + Replace multiple '\n' with a single '\n'. + Replace multiple '\n' and '\t' in tag with a single space. + Do not trim quoted strings in tag. + Do not trim the contents enclosed by the tag `pre`,`textarea`,`script` and `style`. ##### Comment + Remove html comment(``). + Do not trim IE/SSI/ESI comments. IE comment: `` SSI comment: `` ESI comment: `` ### Javascript Contents enclosed by ` 结果: trim module 
Welcome    to    nginx!
## trim规则 ### html ##### 空白符 + 正文中的 '\r' 直接删除。 + 正文中的 '\t' 替换为空格,然后重复的空格保留一个。 + 正文中重复的 '\n' 保留一个。 + 标签中的 '\t','\n' 替换为空格,重复的空格保留一个,'=' 前后的空格直接删除,'>' 前面的空格直接删除。 + 标签的双引号和单引号内的空白符不做删除。 \
+ `pre` 和 `texterea` 标签的内容不做删除。 + 支持 `pre` 嵌套使用。 + `script` 和 `style` 标签的内容不做删除。 + ie条件注释的内容不做删除。 + ssi/esi注释的内容不做删除。 ##### 注释 + 如果是ie条件注释不做删除。 判断规则:`` 之间的内容判断为ie条件注释。 + 如果是ssi/esi注释的内容不做删除。 判断规则:`` `` 之间的内容分别判断为ssi和esi注释。 + 其他正常html注释直接删除. `` ### javascript 借鉴 jsmin 的处理规则 (http://www.crockford.com/javascript/jsmin.html) ` */ trim_state_tag_script_js_end, /* "); static ngx_str_t ngx_http_trim_style_css = ngx_string("text/css"); static ngx_str_t ngx_http_trim_script_js = ngx_string("text/javascript"); static ngx_str_t ngx_http_trim_comment = ngx_string("-->"); static ngx_str_t ngx_http_trim_textarea = ngx_string(""); static ngx_str_t ngx_http_trim_comment_ie = ngx_string("[if"); static ngx_str_t ngx_http_trim_comment_ie_end = ngx_string(""); static ngx_str_t ngx_http_trim_saved_html = ngx_string(" */ ctx->saved_comment++; continue; case 'p': ctx->state = trim_state_tag_pre_begin; ctx->looked = 3; /* */ break; case 't': ctx->state = trim_state_tag_textarea_begin; ctx->looked = 3; /* */ break; case 's': ctx->state = trim_state_tag_s; break; case '<': break; case '>': ctx->state = trim_state_text; break; default: if ((ch >= 'a' && ch <= 'z') || ch == '/') { ctx->state = trim_state_tag_text; } else { ctx->state = trim_state_text; } break; } if ((size_t) (read - buf->pos) >= ctx->saved_comment) { write = ngx_cpymem(write, ngx_http_trim_saved_html.data, ctx->saved_comment); } else { ctx->saved = ctx->saved_comment; } if (ctx->state == trim_state_tag || ctx->state == trim_state_text_whitespace) { ctx->prev = '<'; continue; } break; case trim_state_tag_text: switch (ch) { case '\r': case '\n': case '\t': case ' ': ctx->state = trim_state_tag_whitespace; continue; case '>': ctx->state = trim_state_text; break; default: break; } break; case trim_state_tag_attribute: switch (ch) { case '\r': case '\n': case '\t': case ' ': if (ctx->prev != '=') { ctx->state = trim_state_tag_whitespace; } continue; case '\'': ctx->state = trim_state_tag_single_quote; break; case '"': ctx->state = trim_state_tag_double_quote; break; case '>': if (ctx->tag == NGX_HTTP_TRIM_TAG_PRE) { ctx->state = trim_state_tag_pre; } else if (ctx->tag == NGX_HTTP_TRIM_TAG_TEXTAREA) { ctx->state = trim_state_tag_textarea_end; } else if (ctx->tag == NGX_HTTP_TRIM_TAG_SCRIPT) { if (ctx->js_enable && ctx->looked == ngx_http_trim_script_js.len) { ctx->state = trim_state_tag_script_js_text; } else { ctx->state = trim_state_tag_script_end; } } else if (ctx->tag == NGX_HTTP_TRIM_TAG_STYLE) { if (ctx->css_enable && ctx->looked == ngx_http_trim_style_css.len) { ctx->state = trim_state_tag_style_css_text; } else { ctx->state = trim_state_tag_style_end; } } else { ctx->state = trim_state_text; } ctx->tag = 0; ctx->looked = 0; break; default: break; } break; case trim_state_tag_s: switch (ch) { case '\r': case '\n': case '\t': case ' ': ctx->state = trim_state_tag_whitespace; continue; case 't': ctx->state = trim_state_tag_style_begin; ctx->looked = 4; /* */ break; case 'c': ctx->state = trim_state_tag_script_begin; ctx->looked = 4; /* */ break; case '>': ctx->state = trim_state_text; break; default: ctx->state = trim_state_tag_text; break; } break; case trim_state_comment_begin: look = ngx_http_trim_comment.data[ctx->looked++]; if (ch == look) { if (ctx->looked == ngx_http_trim_comment.len - 1) { /* --> */ ctx->state = trim_state_comment_hack_begin; ctx->looked = 0; } ctx->saved_comment++; continue; } switch (ch) { case '\r': case '\n': case '\t': case ' ': ctx->state = trim_state_tag_whitespace; continue; case '>': ctx->state = trim_state_text; break; default: ctx->state = trim_state_tag_text; break; } if ((size_t) (read - buf->pos) >= ctx->saved_comment) { write = ngx_cpymem(write, ngx_http_trim_saved_html.data, ctx->saved_comment); } else { ctx->saved = ctx->saved_comment; } break; case trim_state_comment_hack_begin: switch (ch) { case '#': ctx->state = trim_state_comment_hack_end; ctx->looked = 0; break; case 'e': ctx->state = trim_state_comment_hack_end; ctx->looked = 0; break; case '[': ctx->state = trim_state_comment_ie_begin; ctx->looked = 1; ctx->saved_comment++; continue; case '-': ctx->state = trim_state_comment_end; ctx->looked = 1; continue; default: ctx->state = trim_state_comment_end; ctx->looked = 0; continue; } if ((size_t) (read - buf->pos) >= ctx->saved_comment) { write = ngx_cpymem(write, ngx_http_trim_saved_html.data, ctx->saved_comment); } else { ctx->saved = ctx->saved_comment; } break; case trim_state_comment_ie_begin: look = ngx_http_trim_comment_ie.data[ctx->looked++]; if (ch == look) { if (ctx->looked == ngx_http_trim_comment_ie.len) { /* [if */ ctx->state = trim_state_comment_ie_end; ctx->looked = 0; if ((size_t) (read - buf->pos) >= ctx->saved_comment) { write = ngx_cpymem(write, ngx_http_trim_saved_html.data, ctx->saved_comment); } else { ctx->saved = ctx->saved_comment; } break; } ctx->saved_comment++; continue; } switch (ch) { case '-': ctx->state = trim_state_comment_end; ctx->looked = 1; break; default: ctx->state = trim_state_comment_end; ctx->looked = 0; break; } continue; case trim_state_tag_pre_begin: look = ngx_http_trim_pre.data[ctx->looked++]; /* 
 */
            if (ch == look) {
                if (ctx->looked == ngx_http_trim_pre.len) {
                    ctx->state = trim_state_tag_pre;
                    ctx->count = 1;
                    ctx->looked = 0;
                }
                break;
            }

            switch (ch) {
            case '\r':
            case '\n':
            case '\t':
            case ' ':
                if (ctx->looked == ngx_http_trim_pre.len) {
                    ctx->tag = NGX_HTTP_TRIM_TAG_PRE;
                    ctx->count = 1;
                }

                ctx->state = trim_state_tag_whitespace;
                ctx->looked = 0;
                continue;
            case '>':
                ctx->state = trim_state_text;
                break;
            default:
                ctx->state = trim_state_tag_text;
                break;
            }
            break;

        case trim_state_tag_textarea_begin:
            look = ngx_http_trim_textarea.data[ctx->looked++]; /*