diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 7665f8e..0000000 --- a/.gitignore +++ /dev/null @@ -1,10 +0,0 @@ -objs/* -!objs/ndk_* -.pc/ -.vscode/ -modules/media-framework/ -modules/nginx-srt-module/ -modules/nginx-vod-module/ -Makefile -*.orig -*.txt \ No newline at end of file diff --git a/.hgtags b/.hgtags deleted file mode 100644 index 0dc64a5..0000000 --- a/.hgtags +++ /dev/null @@ -1,483 +0,0 @@ -551102312e19b704cd22bd7254a9444b9ea14e96 release-0.1.0 -23fb87bddda14ce9faec90f774085634106aded4 release-0.1.1 -295d97d70c698585705345f1a8f92b02e63d6d0d release-0.1.2 -ded1284520cc939ad5ae6ddab39925375e64237d release-0.1.3 -0491b909ef7612d8411f1f59054186c1f3471b52 release-0.1.4 -a88a3e4e158fade0aaa6f3eb25597d5ced2c1075 release-0.1.5 -1f31dc6d33a3a4e65240b08066bf186df9e33b79 release-0.1.6 -5aecc125bc33d81d6214c91d73eb44230a903dde release-0.1.7 -bbd6b0b4a2b15ef8c8f1aaf7b027b6da47303524 release-0.1.8 -2ff194b74f1e60cd04670986973e3b1a6aa3bece release-0.1.9 -31ee1b50354fb829564b81a6f34e8d6ceb2d3f48 release-0.1.10 -8e8f3af115b5b903b2b8f3335de971f18891246f release-0.1.11 -c3c2848fc081e19aec5ffa97e468ad20ddb81df0 release-0.1.12 -ad1e9ebf93bb5ae4c748d471fad2de8a0afc4d2a release-0.1.13 -c5240858380136a67bec261c59b1532560b57885 release-0.1.14 -fd661d14a7fad212e326a7dad6234ea0de992fbf release-0.1.15 -621229427cba1b0af417ff2a101fc4f17a7d93c8 release-0.1.16 -4ebe09b07e3021f1a63b459903ec58f162183b26 release-0.1.17 -31ff3e943e1675a2caf745ba7a981244445d4c98 release-0.1.18 -45a460f82aec80b0f61136aa09f412436d42203a release-0.1.19 -0f836f0288eee4980f57736d50a7a60fa082d8e9 release-0.1.20 -975f62e77f0244f1b631f740be77c72c8f2da1de release-0.1.21 -fc9909c369b2b4716304ac8e38da57b8fb781211 release-0.1.22 -d7c90bb5ce83dab08715e98f9c7b81c7df4b37be release-0.1.23 -64d9afb209da0cd4a917202b7b77e51cc23e2229 release-0.1.24 -d4ea69372b946dc4ec37fc3f5ddd93ff7c3da675 release-0.1.25 -b1648294f6935e993e436fd8a68bca75c74c826d release-0.1.26 -ee66921ecd47a7fa459f70f4a9d660f91f6a1b94 release-0.1.27 -cd3117ad9aab9c58c6f7e677e551e1adbdeaba54 release-0.1.28 -9b8c906f6e63ec2c71cecebfff35819a7d32227d release-0.1.29 -c12967aadd8726daf2d85e3f3e622d89c42db176 release-0.1.30 -fbbf16224844e7d560c00043e8ade8a560415bba release-0.1.31 -417a087c9c4d9abb9b0b9b3f787aff515c43c035 release-0.1.32 -dadfa78d227027348d7f9d1e7b7093d06ba545a0 release-0.1.33 -12234c998d83bfbbaa305273b3dd1b855ca325dc release-0.1.34 -6f00349b98e5f706b82115c6e4dc84456fc0d770 release-0.1.35 -2019117e6b38cc3e89fe4f56a23b271479c627a6 release-0.1.36 -09b42134ac0c42625340f16628e29690a04f8db5 release-0.1.37 -7fa11e5c6e9612ecff5eb58274cc846ae742d1d2 release-0.1.38 -e5d7d0334fdb946133c17523c198800142ac9fe9 release-0.1.39 -c3bd8cdabb8f73e5600a91f198eb7df6fac65e92 release-0.1.40 -d6e48c08d718bf5a9e58c20a37e8ae172bff1139 release-0.1.41 -563ad09abf5042eb41e8ecaf5b4e6c9deaa42731 release-0.1.42 -c9ad0d9c7d59b2fa2a5fe669f1e88debd03e6c04 release-0.1.43 -371c1cee100d7a1b0e6cad4d188e05c98a641ee7 release-0.1.44 -b09ee85d0ac823e36861491eedfc4dfafe282997 release-0.1.45 -511a89da35ada16ae806667d699f9610b4f8499a release-0.2.0 -0148586012ab3dde69b394ec5a389d44bb11c869 release-0.2.1 -818fbd4750b99d14d2736212c939855a11b1f1ef release-0.2.2 -e16a8d574da511622b97d6237d005f40f2cddb30 release-0.2.3 -483cca23060331f2078b1c2984870d80f288ad41 release-0.2.4 -45033d85b30e3f12c407b7cfc518d76e0eda0263 release-0.2.5 -7bd37aef1e7e87858c12b124e253e98558889b50 release-0.2.6 -ecd9c160f25b7a7075dd93383d98a0fc8d8c0a41 release-0.3.0 -c1f965ef97188fd7ef81342dcf8719da18c554d2 release-0.3.1 -e48ebafc69393fc94fecfdf9997c4179fd1ce473 release-0.3.2 -9c2f3ed7a24711d3b42b124d5f831155c8beff95 release-0.3.3 -7c1369d37c7eb0017c28ebcaa0778046f5aafdcc release-0.3.4 -1af2fcb3be8a63796b6b23a488049c92a6bc12f4 release-0.3.5 -174f1e853e1e831b01000aeccfd06a9c8d4d95a2 release-0.3.6 -458b6c3fea65a894c99dd429334a77bb164c7e83 release-0.3.7 -58475592100cb792c125101b6d2d898f5adada30 release-0.3.8 -fcd6fc7ff7f9b132c35193d834e6e7d05026c716 release-0.3.9 -4d9ea73a627a914d364e83e20c58eb1283f4031d release-0.3.10 -4c5c2c55975c1152b5ca5d5d55b32d4dd7945f7a release-0.3.11 -326634fb9d47912ad94221dc2f8fa4bec424d40c release-0.3.12 -4e296b7d25bf62390ca2afb599e395426b94f785 release-0.3.13 -401de5a43ba5a8acdb9c52465193c0ea7354afe7 release-0.3.14 -284cc140593bb16ac71094acd509ab415ff4837d release-0.3.15 -d4e858a5751a7fd08e64586795ed7d336011fbc0 release-0.3.16 -8c0cdd81580eb76d774cfc5724de68e7e5cbbdc2 release-0.3.17 -425af804d968f30eeff01e33b808bc2e8c467f2c release-0.3.18 -ebc68d8ca4962fe3531b7e13444f7ac4395d9c6e release-0.3.19 -9262f520ce214d3d5fd7c842891519336ef85ca6 release-0.3.20 -869b6444d2341a587183859d4df736c7f3381169 release-0.3.21 -77f77f53214a0e3a68fef8226c15532b54f2c365 release-0.3.22 -858700ae46b453ea111b966b6d03f2c21ddcb94e release-0.3.23 -5dac8c7fb71b86aafed8ea352305e7f85759f72e release-0.3.24 -77cdfe394a94a625955e7585e09983b3af9b889b release-0.3.25 -608cf78b24ef7baaf9705e4715a361f26bb16ba9 release-0.3.26 -3f8a2132b93d66ac19bec006205a304a68524a0b release-0.3.27 -c73c5c58c619c22dd3a5a26c91bb0567a62c6930 release-0.3.28 -5ef026a2ac7481f04154f29ab49377bf99aaf96f release-0.3.29 -51b27717f140b71a2e9158807d79da17c888ce4c release-0.3.30 -7a16e281c01f1c7ab3b79c64b43ddb754ea7935e release-0.3.31 -93e85a79757c49d502e42a1cb8264a0f133b0b00 release-0.3.32 -0216fd1471f386168545f772836156761eddec08 release-0.3.33 -fbed40ce7cb4fd7203fecc22a617b9ce5b950fb3 release-0.3.34 -387450de0b4d21652f0b6242a5e26a31e3be8d8c release-0.3.35 -65bf042c0b4f39f18a235464c52f980e9fa24f6b release-0.3.36 -5d2b8078c1c2593b95ec50acfeeafbefa65be344 release-0.3.37 -f971949ffb585d400e0f15508a56232a0f897c80 release-0.3.38 -18268abd340cb351e0c01b9c44e9f8cc05492364 release-0.3.39 -e60fe4cf1d4ea3c34be8c49047c712c6d46c1727 release-0.3.40 -715d243270806d38be776fc3ed826d97514a73d6 release-0.3.41 -5e8fb59c18c19347a5607fb5af075fe1e2925b9a release-0.3.42 -947c6fd27699e0199249ad592151f844c8a900b0 release-0.3.43 -4946078f0a79e6cc952d3e410813aac9b8bda650 release-0.3.44 -95d7da23ea5315a6e9255ce036ed2c51f091f180 release-0.3.45 -1e720b0be7ecd92358da8a60944669fa493e78cd release-0.3.46 -39b7d7b33c918d8f4abc86c4075052d8c19da3c7 release-0.3.47 -7cbef16c71a1f43a07f8141f02e0135c775f0f5b release-0.3.48 -4c8cd5ae5cc100add5c08c252d991b82b1838c6b release-0.3.49 -400711951595aef7cd2ef865b84b31df52b15782 release-0.3.50 -649c9063d0fda23620eaeaf0f6393be0a672ebe7 release-0.3.51 -9079ee4735aefa98165bb2cb26dee4f58d58c1d7 release-0.3.52 -6d5c1535bb9dcd891c5963971f767421a334a728 release-0.3.53 -5fd7a5e990477189c40718c8c3e01002a2c20b81 release-0.3.54 -63a820b0bc6ca629c8e45a069b52d622ddc27a2d release-0.3.55 -562806624c4afb1687cba83bc1852f5d0fecbac3 release-0.3.56 -cec32b3753acf610ac1a6227d14032c1a89d6319 release-0.3.57 -b80f94fa2197b99db5e033fec92e0426d1fe5026 release-0.3.58 -e924670896abe2769ea0fcfd2058b405bed8e8ec release-0.3.59 -921a7ce4baf42fd1091b7e40f89c858c6b23053e release-0.3.60 -df95dcff753a6dc5e94257302aea02c18c7a7c87 release-0.3.61 -7e24168b0853ee7e46c9c7b943ef077dc64f17f5 release-0.4.0 -8183d4ba50f8500465efb27e66dd23f98775dd21 release-0.4.1 -610267a772c7bf911b499d37f66c21ce8f2ebaf7 release-0.4.2 -39dd0b045441e21512e0a6061a03d0df63414d8b release-0.4.3 -5e42c1615f4de0079bd4d8913886d588ce6a295d release-0.4.4 -40266f92b829a870808b3d4ee54c8fccdecbd2d6 release-0.4.5 -56e33c6efee7ff63cdc52bd1cf172bde195079df release-0.4.6 -119bad43bfd493400c57a05848eada2c35a46810 release-0.4.7 -0f404f82a1343cb4e4b277a44e3417385798e5e5 release-0.4.8 -d24a717314365c857b9f283d6072c2a427d5e342 release-0.4.9 -d6f0a00015fdef861fd67fb583b9690638650656 release-0.4.10 -e372368dadd7b2ecd0182b2f1b11db86fc27b2c3 release-0.4.11 -fd57967d850d2361072c72562d1ed03598473478 release-0.4.12 -979045fdcbd20cf7188545c1c589ff240251f890 release-0.4.13 -93c94cfa9f78f0a5740595dde4466ec4fba664f8 release-0.4.14 -589ee12e8d7c2ae5e4f4676bcc7a1279a76f9e8e release-0.5.0 -13416db8a807e5acb4021bc3c581203de57e2f50 release-0.5.1 -06c58edc88831fb31c492a8eddcf2c6056567f18 release-0.5.2 -e2ac5fa41bcba14adbbb722d45c083c30c07bb5c release-0.5.3 -393dbc659df15ccd411680b5c1ce87ed86d4c144 release-0.5.4 -38cc7bd8e04f2c519fd4526c12841a876be353cb release-0.5.5 -6d1fcec2ea79101c756316c015f72e75f601a5ab release-0.5.6 -aed8a9de62456c4b360358bc112ccca32ce02e8d release-0.5.7 -7642f45af67d805452df2667486201c36efaff85 release-0.5.8 -779216610662c3a459935d506f66a9b16b9c9576 release-0.5.9 -9eeb585454f3daa30cf768e95c088a092fe229b9 release-0.5.10 -bb491c8197e38ca10ae63b1f1ecb36bf6fdaf950 release-0.5.11 -613369e08810f36bbcc9734ef1059a03ccbf5e16 release-0.5.12 -bd796ef5c9c9dd34bfac20261b98685e0410122a release-0.5.13 -8a730c49f906d783b47e4b44d735efd083936c64 release-0.5.14 -cb447039152d85e9145139ff2575a6199b9af9d4 release-0.5.15 -64854c7c95d04f838585ca08492823000503fa61 release-0.5.16 -d1ffcf84ea1244f659145c36ff28de6fcdf528b2 release-0.5.17 -796a6e30ca9d29504195c10210dbc8deced0ae83 release-0.5.18 -1f81c711d2a039e1f93b9b515065a2235372d455 release-0.5.19 -8e8f6082654aedb4438c8fca408cfc316c7c5a2a release-0.5.20 -e9551132f7dd40da5719dd5bcf924c86f1436f85 release-0.5.21 -533a252896c4d1cff1586ae42129d610f7497811 release-0.5.22 -f461a49b6c747e0b67f721f2be172902afea5528 release-0.5.23 -2d5ef73671f690b65bf6d9e22e7155f68f484d5a release-0.5.24 -77bf42576050862c268e267ef3e508b145845a25 release-0.5.25 -2aefee4d4ed69eb7567680bf27a2efd212232488 release-0.6.0 -7ac0fe9bec9a2b5f8e191f6fdd6922bfd916a6cb release-0.6.1 -4882735ebc71eeec0fbfe645bdfdb31306872d82 release-0.6.2 -b94731c73d0922f472ff938b9d252ba29020f20c release-0.6.3 -13e649b813d6ccba5db33a61e08ebe09d683cd5b release-0.6.4 -80de622646b0059fd4c553eff47c391bf7503b89 release-0.6.5 -3b05edb2619d5935023b979ee7a9611b61b6c9e5 release-0.6.6 -1dcfd375100c4479611f71efb99271d0a3059215 release-0.6.7 -0228185d4c5772947b842e856ad74cf7f7fd52f3 release-0.6.8 -d1879c52326ecac45c713203670f54220879911e release-0.6.9 -5a80c6ccbe2ad24fa3d4ff6f9fe4a2b07408d19d release-0.6.10 -f88a8b0b39601b19cd740e4db614ab0b5b874686 release-0.6.11 -5557460a7247a1602ae96efd1d0ccf781344cb58 release-0.6.12 -451b02cc770a794cd41363461b446948ae1d8bc8 release-0.6.13 -537b6ef014c4a133e0ab0b7dc817508e0647e315 release-0.6.14 -5e68764f0d6e91a983170fa806e7450a9e9b33fe release-0.6.15 -158aa4e8cc46fcf9504a61469d22daf3476b17bf release-0.6.16 -d8fcca555542619228d9fab89e1665b993f8c3ee release-0.6.17 -60707ebc037086cf004736a0d4979e2a608da033 release-0.6.18 -3c2a99d3a71af846855be35e62edb9a12f363f44 release-0.6.19 -3e0a27f9358ffc1b5249e0ea2311ce7da5c8967e release-0.6.20 -143f4d65b1c875d6563ccb7f653d9157afc72194 release-0.6.21 -95e6160d2b7d0af8ffd1b95a23cadadf8f0b3f6d release-0.6.22 -69a03d5e3b6e6660079ef1ef172db7ac08d8370e release-0.6.23 -3e2a58fb48f1e1a99ebf851e0d47a7034c52ae22 release-0.6.24 -3b8607c05a8bebcfa59235c2126a70d737f0ccf5 release-0.6.25 -07ad5b2606614c4be4ee720c46cf4af126059d31 release-0.6.26 -be531addfabe5214f409d457140c1038af10d199 release-0.6.27 -58f05255d3a345d04baef5cff0ca1ae0ac7ecebb release-0.6.28 -eb2bd21dc8d03f6c94016f04ffb9adaf83a2b606 release-0.6.29 -55408deb3cd171efa9b81d23d7a1dd1ccde0b839 release-0.6.30 -d4288915bba73c4c3c9cf5d39d34e86879eb2b45 release-0.6.31 -0a189588830b8629c4dfea68feb49af36b59e4a9 release-0.7.0 -6ab27a06f3346cf9ec8737f5dbcc82dd4031e30f release-0.7.1 -a07e258cef3b0a0b6e76a6ff4ba4651c5facc85a release-0.7.2 -9992c4583513d2804fc2e7fec860fbc7ab043009 release-0.7.3 -4dc24d50230fbadfc037a414a86390db2de69dd2 release-0.7.4 -9527137b4354a648a229c7169850c7c65272c00d release-0.7.5 -c2f0f7cf306f302254beae512bda18713922375c release-0.7.6 -bbcf6d75556fdcee8bd4aba8f6c27014be9920ee release-0.7.7 -43bde71f0bbe5a33b161760d7f9f980d50386597 release-0.7.8 -769f0dd7081e9011394f264aa22aa66fd79730d8 release-0.7.9 -511edfa732da637f5f0c9476335df7dca994706d release-0.7.10 -0e7023bf6b2461309c29885935443449a41be807 release-0.7.11 -9ad1bd2b21d93902863807528e426862aedee737 release-0.7.12 -d90ea21e24ea35379aef50c5d70564158e110a15 release-0.7.13 -c07d2d20d95c83d804079bbdcecbce4a0c8282f0 release-0.7.14 -0cd7bb051f67eac2b179fb9f9cc988b9ba18ed76 release-0.7.15 -eab2e87deba73ae6abd9cc740e8d4365bed96322 release-0.7.16 -91d7a9eb8ade90e9421d7b1e3c2e47a6bc427876 release-0.7.17 -fc10f7b5cb1305fb930f8ac40b46882d0828d61e release-0.7.18 -9dba9779e37e5969a2d408c792084fd7acfec062 release-0.7.19 -61838d1bcbddc7bc4dd9f30d535573a6fddca8f9 release-0.7.20 -5f665d0fa6a5f6e748157f2ccbc445b2db8125d0 release-0.7.21 -24763afa5efe91e54f00b2ae5b87666eb6c08c3b release-0.7.22 -0562fb355a25266150cbe8c8d4e00f55e3654df3 release-0.7.23 -19c452ecd083550816873a8a31eb3ed9879085e6 release-0.7.24 -46b68faf271d6fdcaaf3ad2c69f6167ea9e9fa28 release-0.7.25 -d04bfca0c7e3ae2e4422bc1d383553139d6f0a19 release-0.7.26 -9425d9c7f8ead95b00a3929a9a5e487e0e3c8499 release-0.7.27 -fbc3e7e8b3ee756568a875f87d8a954a2f9d3bf6 release-0.7.28 -5176dfdf153fc785b18604197d58806f919829ad release-0.7.29 -87e07ccdf0a4ec53458d9d7a4ea66e1239910968 release-0.7.30 -9fddd7e1a7a27f8463867f41a461aad57df461b2 release-0.7.31 -780b2ba1ec6daf6e3773774e26b05b9ff0d5483e release-0.7.32 -83027471a25385b1c671968be761e9aa7a8591a7 release-0.7.33 -1e9a362c3dcee221ca6e34308c483ed93867aca2 release-0.7.34 -c7ee9e15717b54ead5f4a554686e74abe66c6b07 release-0.7.35 -b84548abe9b9d4f4e203f848696e52c8c82c308f release-0.7.36 -3286f0bab8e77dbc7ebb370b1dc379592ccff123 release-0.7.37 -11a4e2ed5b166b9c9f119171aa399a9e3aa4684a release-0.7.38 -f822655d4120629977794c32d3b969343b6c30db release-0.7.39 -8a350e49d2b6751296db6d8e27277ccf63ed412a release-0.7.40 -c4a56c197eeafd71fc1caef7a9d890a330e3c23d release-0.7.41 -a9575a57a5443df39611774cf3840e9088132b0e release-0.7.42 -7503d95d6eadad14c28b2db183ba09848265274b release-0.7.43 -9be652e9114435fc6f1fdec84c0458d56702db91 release-0.7.44 -797e070d480a34b31ddac0d364784773f1bbbcf9 release-0.7.45 -9b5037e7ec7db25875c40f9d1cf20a853388b124 release-0.7.46 -d1d0e6d7ff0ca3c0dd1be1ef1cfff2e3fd0b4e1c release-0.7.47 -9816fb28eda599bfd53940e6d3b6617d1ecb6323 release-0.7.48 -452b9d09df8e3f2fb04b2a33d04d2f3a6436eb34 release-0.7.49 -e4350efa7cf7a0e868c2236a1137de8a33bd8ec6 release-0.7.50 -f51f2bec766c8b6d7e1799d904f18f8ea631bd44 release-0.7.51 -18e39e566781c9c187e2eb62bebd9d669d68f08c release-0.7.52 -b073eaa1dcea296a3488b83d455fab6621a73932 release-0.7.53 -01c6fe6c2a55998434cd3b05dd10ca487ac3fb6c release-0.7.54 -3ed9377e686f2521e6ec15873084381033fb490d release-0.7.55 -a1e44954549c35023b409f728c678be8bf898148 release-0.7.56 -fbb1918a85e38a7becdb1a001dbaf5933f23a919 release-0.7.57 -87f4a49a9cc34a5b11c8784cc5ea89e97b4b2bd8 release-0.7.58 -0c22cb4862c8beb4ee1b9e4627125162a29a5304 release-0.7.59 -82d56c2425ef857cd430b8530a3f9e1127145a67 release-0.8.0 -f4acb784b53cd952559567971b97dde1e818a2b6 release-0.8.1 -b3503597c1a0f0f378afdc5e5e5b85e2c095a4be release-0.8.2 -c98da980514a02ba81c421b25bf91803ffffddf3 release-0.8.3 -db34ec0c53c4b9dec12ffdf70caf89a325ab9577 release-0.8.4 -0914802433b8678ba2cdf91280766f00f4b9b76e release-0.8.5 -ff52ee9e6422f3759f43a442b7ba615595b3a3d4 release-0.8.6 -7607237b4829fff1f60999f4663c50ed9d5182f7 release-0.8.7 -1cef1807bc12cb05ac52fb0e7a0f111d3760b569 release-0.8.8 -a40f8475511d74a468ade29c1505e8986600d7a3 release-0.8.9 -2d9faf2260df6c3e5d4aa1781493c31f27a557d0 release-0.8.10 -d0d61c32331a6505381b5218318f7b69db167ca8 release-0.8.11 -ca7a1c6c798a7eb5b294d4ac3179ec87ecf297d3 release-0.8.12 -81c8277cd8ed55febcb2dd9d9213076f6c0ccb09 release-0.8.13 -3089486a8dc5844b5b6e9f78d536b4b26f7ffa16 release-0.8.14 -d364c2c12dd9723a2dfac3f096f5e55d4cfe6838 release-0.8.15 -52163a1027c3efd6b4c461b60a2ca6266c23e193 release-0.8.16 -06564e9a2d9ec5852132c212e85eda0bf1300307 release-0.8.17 -7aaa959da85e09e29bcac3b1cadec35b0a25b64d release-0.8.18 -4bc73c644329a510da4e96b7241b80ead7772f83 release-0.8.19 -ea3d168fb99c32a5c3545717ecc61e85a375e5dd release-0.8.20 -27951ca037e63dae45ff5b6279124c224ae1255a release-0.8.21 -d56c8b5df517c2bf6e7bc2827b8bf3e08cda90e1 release-0.8.22 -3c6ac062b379b126212cbb27e98a3c8275ef381a release-0.8.23 -89b9173476de14688b1418fbf7df10f91d1719ef release-0.8.24 -aa550cb4159ae0d566006e091fb1c7a888771050 release-0.8.25 -06ce92293f6a65651b08c466f90f55bd69984b98 release-0.8.26 -ea50b0d79ef1d7d901cd0e4dcd7373447849d719 release-0.8.27 -e68b1c35cad86105ff1c5b240f53442f4c36356e release-0.8.28 -78d3582a30afe63fc0adb17c3ac8891a64e47146 release-0.8.29 -9852c5965a3292a1b6127dbb4da9fce4912d898a release-0.8.30 -4f84115914490e572bcbee5069157b7334df2744 release-0.8.31 -59dee6f7f3afeb1fad6ed5983756e48c81ad2a5c release-0.8.32 -a4456378d234c07038456cf32bfe3c651f1d5e82 release-0.8.33 -21cb50799a20575a42f9733342d37a426f79db4d release-0.8.34 -7cb3cb8d78ef7ae63561733ed91fd07933896bc8 release-0.8.35 -aed68639d4eb6afe944b7fb50499c16f7f3f503c release-0.8.36 -265b7fd2ae21c75bbffa5115b83a0123d6c4acb4 release-0.8.37 -fa5f1ca353c0c5aa5415f51d72fd7bbcc02d1ed7 release-0.8.38 -af10bf9d4c6532850aa1f70cdf7504bd109b284c release-0.8.39 -4846ec9f83cb5bc4c8519d5641b35fb9b190430c release-0.8.40 -718b4cb3faf7efe4e0648140f064bf7a92c3f7e8 release-0.8.41 -b5a3065749093282ddd19845e0b77ffc2e54333e release-0.8.42 -34df9fb22fed415cdad52def04095dc6d4b48222 release-0.8.43 -00ec8cd76fb89af27363b76c40d9f88bf4679c3b release-0.8.44 -e16dd52a0d226c23dcae9a11252564a04753bbed release-0.8.45 -f034d9173df0a433e0bbcf5974f12ea9eb9076c0 release-0.8.46 -4434dc967087315efcd0658206a67fe6c85528f3 release-0.8.47 -0b65c962e0cd6783a854877b52c903cb058eec8c release-0.8.48 -a2b7e94b9807e981866bf07e37b715847d1b7120 release-0.8.49 -e7bdb8edc1bab2bc352a9fb6ce765c46575c35bf release-0.8.50 -21dacebd12f65cb57ceb8d2688db5b07fad6e06d release-0.8.51 -67dd7533b99c8945b5b8b5b393504d4e003a1c50 release-0.8.52 -010468d890dbac33a4cae6dfb2017db70721b2fe release-0.8.53 -62b599022a2fa625b526c2ad1711dc6db7d66786 release-0.9.0 -71281dd73b17a0ead5535d531afaee098da723cb release-0.9.1 -16cff36b0e49fc9fdeee13b2e92690286bcc1b3d release-0.9.2 -b7b306325972661117694879d3e22faf4cf0df32 release-0.9.3 -fe671505a8ea86a76f0358b3ec4de84a9037ac2b release-0.9.4 -70542931bc5436d1bbd38f152245d93ac063968d release-0.9.5 -27e2f3b7a3db1819c5d0ba28327ceaba84a13c4e release-0.9.6 -657d05d63915ce2f6c4d763091059f5f85bb10e5 release-0.9.7 -e0fd9f36005923b8f98d1ba1ea583cb7625f318f release-1.0.0 -f8f89eb4e0c27e857ec517d893d4f9a454985084 release-1.0.1 -c50df367648e53d55e80b60a447c9c66caa0d326 release-1.0.2 -80d586db316512b5a9d39f00fe185f7f91523f52 release-1.0.3 -c9c2805ac9245cc48ce6efeba2b4a444f859d6aa release-1.0.4 -fa2c37b1122c2c983b6e91d1188e387d72dde4d6 release-1.0.5 -f31aea5b06654c9163be5acd6d9b7aaf0fdf6b33 release-1.1.0 -44bf95f670656fae01ccb266b3863843ea13d324 release-1.1.1 -da1289482a143dfa016769649bdff636c26f53c8 release-1.1.2 -bac8ba08a6570bac2ecd3bf2ad64b0ac3030c903 release-1.1.3 -911060bc8221d4113a693ae97952a1fa88663ca8 release-1.1.4 -e47531dfabbf8e5f8b8aff9ff353642ea4aa7abb release-1.1.5 -f9ddecfe331462f870a95e4c1c3ba1bb8f19f2d3 release-1.1.6 -378c297bb7459fb99aa9c77decac0d35391a3932 release-1.1.7 -71600ce67510af093d4bc0117a78b3b4678c6b3a release-1.1.8 -482d7d907f1ab92b78084d8b8631ed0eb7dd08f7 release-1.1.9 -c7e65deabf0db5109e8d8f6cf64cd3fb7633a3d1 release-1.1.10 -9590f0cf5aab8e6e0b0c8ae59c70187b2b97d886 release-1.1.11 -ade8fc136430cfc04a8d0885c757968b0987d56c release-1.1.12 -6a6836e65827fd3cb10a406e7bbbe36e0dad8736 release-1.1.13 -6845f4ac909233f5a08ed8a51de137713a888328 release-1.1.14 -2397e9c72f1bc5eac67006e12ad3e33e0ea9ba74 release-1.1.15 -7b7c49639a7bceecabf4963c60b26b65a77d6ce0 release-1.1.16 -f7e1113a9a1648cad122543e7080e895cf2d88f4 release-1.1.17 -2b22743c3079b41233ded0fc35af8aa89bcfab91 release-1.1.18 -0f0b425659e0b26f5bc8ea14a42dbf34de2eaba6 release-1.1.19 -f582d662cc408eb7a132c21f4b298b71d0701abb release-1.2.0 -9ee68d629722f583d43d92271f2eb84281afc630 release-1.3.0 -61b6a3438afef630774e568eefd89c53e3b93287 release-1.3.1 -7ccd50a0a455f2f2d3b241f376e1193ad956196d release-1.2.1 -0000000000000000000000000000000000000000 release-1.2.1 -50107e2d96bbfc2c59e46f889b1a5f68dd10cf19 release-1.3.2 -2c5e1e88c8cf710caf551c5c67eba00443601efe release-1.3.3 -a43447fb82aa03eabcd85352758ae14606a84d35 release-1.3.4 -90f3b4ea7992a7bf9385851a3e77173363091eea release-1.3.5 -3aeb14f88daeb973e4708310daa3dc68ac1200f7 release-1.3.6 -dafd375f1c882b15fa4a9b7aa7c801c55082395e release-1.3.7 -ab7ce0eb4cf78a656750ab1d8e55ef61f7e535ec release-1.3.8 -1b1a9337a7399ad3cdc5e3a2f9fbaaec990271d5 release-1.3.9 -2c053b2572694eb9cd4aed26a498b6cb1f51bbcc release-1.3.10 -36409ac209872ce53019f084e4e07467c5d9d25e release-1.3.11 -560dc55e90c13860a79d8f3e0d67a81c7b0257bb release-1.3.12 -dc195ffe0965b2b9072f8e213fe74ecce38f6773 release-1.3.13 -e04428778567dd4de329bbbe97ad653e22801612 release-1.3.14 -cd84e467c72967b9f5fb4d96bfc708c93edeb634 release-1.3.15 -23159600bdea695db8f9d2890aaf73424303e49c release-1.3.16 -7809529022b83157067e7d1e2fb65d57db5f4d99 release-1.4.0 -48a84bc3ff074a65a63e353b9796ff2b14239699 release-1.5.0 -99eed1a88fc33f32d66e2ec913874dfef3e12fcc release-1.5.1 -5bdca4812974011731e5719a6c398b54f14a6d61 release-1.5.2 -644a079526295aca11c52c46cb81e3754e6ad4ad release-1.5.3 -376a5e7694004048a9d073e4feb81bb54ee3ba91 release-1.5.4 -60e0409b9ec7ee194c6d8102f0656598cc4a6cfe release-1.5.5 -70c5cd3a61cb476c2afb3a61826e59c7cda0b7a7 release-1.5.6 -9ba2542d75bf62a3972278c63561fc2ef5ec573a release-1.5.7 -eaa76f24975948b0ce8be01838d949122d44ed67 release-1.5.8 -5a1759f33b7fa6270e1617c08d7e655b7b127f26 release-1.5.9 -b798fc020e3a84ef68e6c9f47865a319c826d33c release-1.5.10 -f995a10d4c7e9a817157a6ce7b753297ad32897e release-1.5.11 -97b47d95e4449cbde976657cf8cbbc118351ffe0 release-1.5.12 -fd722b890eabc600394349730a093f50dac31639 release-1.5.13 -d161d68df8be32e5cbf72b07db1a707714827803 release-1.7.0 -0351a6d89c3dbcc7a76295024ba6b70e27b9a497 release-1.7.1 -0bd223a546192fdf2e862f33938f4ec2a3b5b283 release-1.7.2 -fe7cd01828d5ca7491059f0690bb4453645eb28b release-1.7.3 -cbb146b120296852e781079d5138b04495bab6df release-1.7.4 -fe129aa02db9001d220f1db7c3c056f79482c111 release-1.7.5 -a8d111bb68847f61d682a3c8792fecb2e52efa2c release-1.7.6 -6d2fbc30f8a7f70136cf08f32d5ff3179d524873 release-1.7.7 -d5ea659b8bab2d6402a2266efa691f705e84001e release-1.7.8 -34b201c1abd1e2d4faeae4650a21574771a03c0e release-1.7.9 -860cfbcc4606ee36d898a9cd0c5ae8858db984d6 release-1.7.10 -2b3b737b5456c05cd63d3d834f4fb4d3776953d0 release-1.7.11 -3ef00a71f56420a9c3e9cec311c9a2109a015d67 release-1.7.12 -53d850fe292f157d2fb999c52788ec1dc53c91ed release-1.9.0 -884a967c369f73ab16ea859670d690fb094d3850 release-1.9.1 -3a32d6e7404a79a0973bcd8d0b83181c5bf66074 release-1.9.2 -e27a215601292872f545a733859e06d01af1017d release-1.9.3 -5cb7e2eed2031e32d2e5422caf9402758c38a6ad release-1.9.4 -942475e10cb47654205ede7ccbe7d568698e665b release-1.9.5 -b78018cfaa2f0ec20494fccb16252daa87c48a31 release-1.9.6 -54117529e40b988590ea2d38aae909b0b191663f release-1.9.7 -1bdc497c81607d854e3edf8b9a3be324c3d136b6 release-1.9.8 -ef107f3ddc237a3007e2769ec04adde0dcf627fa release-1.9.9 -be00ca08e41a69e585b6aff70a725ed6c9e1a876 release-1.9.10 -fe66cff450a95beed36a2515210eb2d7ef62c9d3 release-1.9.11 -ead3907d74f90a14d1646f1b2b56ba01d3d11702 release-1.9.12 -5936b7ed929237f1a73b467f662611cdc0309e51 release-1.9.13 -4106db71cbcb9c8274700199ac17e520902c6c0f release-1.9.14 -13070ecfda67397985f0e986eb9c42ecb46d05b5 release-1.9.15 -271ee30c6791847980cd139d31807541f5e569bf release-1.11.0 -cb783d9cc19761e14e1285d91c38f4b84d0b8756 release-1.11.1 -4d3b3a13a8cf5fc3351a7f167d1c13325e00f21c release-1.11.2 -b83a067949a3384a49fd3d943eb8d0997b31f87b release-1.11.3 -953512ca02c6f63b4fcbbc3e10d0d9835896bf99 release-1.11.4 -5253015a339aaca0a3111473d3e931b6d4752393 release-1.11.5 -5e371426b3bcba4312ce08606194b89b758927d1 release-1.11.6 -5c8f60faf33ca8926473d2da27b4c3c417bd4630 release-1.11.7 -4591da489a30f790def29bc5987f43409b503cae release-1.11.8 -20a45c768e5ed26b740679d0e22045c98727c3cc release-1.11.9 -1ad0999a7ded3d4fb01c7acf8ff57c80b643da7e release-1.11.10 -d8b321a876d6254e9e98795e3b194ef053290354 release-1.11.11 -7f394e433f0003222aa6531931ecc0b24740d5e4 release-1.11.12 -3d0e8655f897959e48cc74e87670bb5492a58871 release-1.11.13 -3671096a45bce570a2afa20b9faf42c7fb0f7e66 release-1.13.0 -539f7893ecb96bee60965528c8958d7eb2f1ce6b release-1.13.1 -5be2b25bdc65775a85f18f68a4be4f58c7384415 release-1.13.2 -8457ce87640f9bfe6221c4ac4466ced20e03bebe release-1.13.3 -bbc642c813c829963ce8197c0ca237ab7601f3d4 release-1.13.4 -0d45b4cf7c2e4e626a5a16e1fe604402ace1cea5 release-1.13.5 -f87da7d9ca02b8ced4caa6c5eb9013ccd47b0117 release-1.13.6 -47cca243d0ed39bf5dcb9859184affc958b79b6f release-1.13.7 -20ca4bcff108d3e66977f4d97508637093492287 release-1.13.8 -fb1212c7eca4c5328fe17d6cd95b010c67336aac release-1.13.9 -31c929e16910c38492581ef474e72fa67c28f124 release-1.13.10 -64179f242cb55fc206bca59de9bfdc4cf5ebcec7 release-1.13.11 -051e5fa03b92b8a564f6b12debd483d267391e82 release-1.13.12 -990b3e885636d763b97ed02d0d2cfc161a4e0c09 release-1.15.0 -4189160cb946bb38d0bc0a452b5eb4cdd8979fb5 release-1.15.1 -b234199c7ed8a156a6bb98f7ff58302c857c954f release-1.15.2 -28b3e17ca7eba1e6a0891afde0e4bc5bcc99c861 release-1.15.3 -49d49835653857daa418e68d6cbfed4958c78fca release-1.15.4 -f062e43d74fc2578bb100a9e82a953efa1eb9e4e release-1.15.5 -2351853ce6867b6166823bdf94333c0a76633c0a release-1.15.6 -051a039ce1c7e09144de4a4846669ec7116cecea release-1.15.7 -ee551e3f6dba336c0d875e266d7d55385f379b42 release-1.15.8 -d2fd76709909767fc727a5b4affcf1dc9ca488a7 release-1.15.9 -75f5c7f628411c79c7044102049f7ab4f7a246e7 release-1.15.10 -5155d0296a5ef9841f035920527ffdb771076b44 release-1.15.11 -0130ca3d58437b3c7c707cdddd813d530c68da9a release-1.15.12 -054c1c46395caff79bb4caf16f40b331f71bb6dd release-1.17.0 -7816bd7dabf6ee86c53c073b90a7143161546e06 release-1.17.1 -2fc9f853a6b7cd29dc84e0af2ed3cf78e0da6ca8 release-1.17.2 -ed4303aa1b31a9aad5440640c0840d9d0af45fed release-1.17.3 -ce2ced3856909f36f8130c99eaa4dbdbae636ddc release-1.17.4 -9af0dddbddb2c368bfedd2801bc100ffad01e19b release-1.17.5 -de68d0d94320cbf033599c6f3ca37e5335c67fd7 release-1.17.6 -e56295fe0ea76bf53b06bffa77a2d3a9a335cb8c release-1.17.7 -fdacd273711ddf20f778c1fb91529ab53979a454 release-1.17.8 -5e8d52bca714d4b85284ddb649d1ba4a3ca978a8 release-1.17.9 -c44970de01474f6f3e01b0adea85ec1d03e3a5f2 release-1.17.10 -cbe6ba650211541310618849168631ce0b788f35 release-1.19.0 -062920e2f3bf871ef7a3d8496edec1b3065faf80 release-1.19.1 -a7b46539f507e6c64efa0efda69ad60b6f4ffbce release-1.19.2 -3cbc2602325f0ac08917a4397d76f5155c34b7b1 release-1.19.3 -dc0cc425fa63a80315f6efb68697cadb6626cdf2 release-1.19.4 -8e5b068f761cd512d10c9671fbde0b568c1fd08b release-1.19.5 -f618488eb769e0ed74ef0d93cd118d2ad79ef94d release-1.19.6 -3fa6e2095a7a51acc630517e1c27a7b7ac41f7b3 release-1.19.7 -8c65d21464aaa5923775f80c32474adc7a320068 release-1.19.8 -da571b8eaf8f30f36c43b3c9b25e01e31f47149c release-1.19.9 -ffcbb9980ee2bad27b4d7b1cd680b14ff47b29aa release-1.19.10 -df34dcc9ac072ffd0945e5a1f3eb7987e8275375 release-1.21.0 -a68ac0677f8553b1f84d357bc9da114731ab5f47 release-1.21.1 -bfbc52374adcbf2f9060afd62de940f6fab3bba5 release-1.21.2 -2217a9c1d0b86026f22700b3c089545db1964f55 release-1.21.3 -39be8a682c58308d9399cddd57e37f9fdb7bdf3e release-1.21.4 -d986378168fd4d70e0121cabac274c560cca9bdf release-1.21.5 -714eb4b2c09e712fb2572a2164ce2bf67638ccac release-1.21.6 -5da2c0902e8e2aa4534008a582a60c61c135960e release-1.23.0 -a63d0a70afea96813ba6667997bc7d68b5863f0d release-1.23.1 -aa901551a7ebad1e8b0f8c11cb44e3424ba29707 release-1.23.2 -ff3afd1ce6a6b65057741df442adfaa71a0e2588 release-1.23.3 -ac779115ed6ee4f3039e9aea414a54e560450ee2 release-1.23.4 -12dcf92b0c2c68552398f19644ce3104459807d7 release-1.25.0 -f8134640e8615448205785cf00b0bc810489b495 release-1.25.1 -1d839f05409d1a50d0f15a2bf36547001f99ae40 release-1.25.2 -294a3d07234f8f65d7b0e0b0e2c5b05c12c5da0a release-1.25.3 -173a0a7dbce569adbb70257c6ec4f0f6bc585009 release-1.25.4 -8618e4d900cc71082fbe7dc72af087937d64faf5 release-1.25.5 -a58202a8c41bf0bd97eef1b946e13105a105520d release-1.26.0 -a63c124e34bcf2d1d1feb8d40ff075103b967c4c release-1.26.1 -e4c5da06073ca24e2ffc5c8f8b8d7833a926356f release-1.26.2 diff --git a/CHANGES b/CHANGES index 9c2fb00..597c270 100644 --- a/CHANGES +++ b/CHANGES @@ -1,972 +1,38 @@ -Changes with nginx 1.26.3 05 Feb 2025 +Changes with nginx 1.14.2 04 Dec 2018 - *) Security: insufficient check in virtual servers handling with TLSv1.3 - SNI allowed to reuse SSL sessions in a different virtual server, to - bypass client SSL certificates verification (CVE-2025-23419). + *) Bugfix: nginx could not be built by gcc 8.1. - *) Bugfix: in the ngx_http_mp4_module. - Thanks to Nils Bars. + *) Bugfix: nginx could not be built on Fedora 28 Linux. - *) Workaround: "gzip filter failed to use preallocated memory" alerts - appeared in logs when using zlib-ng. + *) Bugfix: in handling of client addresses when using unix domain listen + sockets to work with datagrams on Linux. - *) Bugfix: nginx could not build libatomic library using the library - sources if the --with-libatomic=DIR option was used. + *) Change: the logging level of the "http request", "https proxy + request", "unsupported protocol", "version too low", "no suitable key + share", and "no suitable signature algorithm" SSL errors has been + lowered from "crit" to "info". - *) Bugfix: nginx now ignores QUIC version negotiation packets from - clients. + *) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to + switch off "ssl_prefer_server_ciphers" in a virtual server if it was + switched on in the default server. - *) Bugfix: nginx could not be built on Solaris 10 and earlier with the - ngx_http_v3_module. + *) Bugfix: nginx could not be built with LibreSSL 2.8.0. - *) Bugfixes in HTTP/3. + *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL + 1.1.1, the TLS 1.3 protocol was always enabled. + *) Bugfix: sending a disk-buffered request body to a gRPC backend might + fail. -Changes with nginx 1.26.2 14 Aug 2024 - - *) Security: processing of a specially crafted mp4 file by the - ngx_http_mp4_module might cause a worker process crash - (CVE-2024-7347). - Thanks to Nils Bars. - - -Changes with nginx 1.26.1 29 May 2024 - - *) Security: when using HTTP/3, processing of a specially crafted QUIC - session might cause a worker process crash, worker process memory - disclosure on systems with MTU larger than 4096 bytes, or might have - potential other impact (CVE-2024-32760, CVE-2024-31079, - CVE-2024-35200, CVE-2024-34161). - Thanks to Nils Bars of CISPA. - - *) Bugfix: reduced memory consumption for long-lived requests if "gzip", - "gunzip", "ssi", "sub_filter", or "grpc_pass" directives are used. - - *) Bugfix: nginx could not be built by gcc 14 if the --with-libatomic - option was used. - Thanks to Edgar Bonet. - - *) Bugfix: in HTTP/3. - - -Changes with nginx 1.26.0 23 Apr 2024 - - *) 1.26.x stable branch. - - -Changes with nginx 1.25.5 16 Apr 2024 - - *) Feature: virtual servers in the stream module. - - *) Feature: the ngx_stream_pass_module. - - *) Feature: the "deferred", "accept_filter", and "setfib" parameters of - the "listen" directive in the stream module. - - *) Feature: cache line size detection for some architectures. - Thanks to Piotr Sikora. - - *) Feature: support for Homebrew on Apple Silicon. - Thanks to Piotr Sikora. - - *) Bugfix: Windows cross-compilation bugfixes and improvements. - Thanks to Piotr Sikora. - - *) Bugfix: unexpected connection closure while using 0-RTT in QUIC. - Thanks to Vladimir Khomutov. - - -Changes with nginx 1.25.4 14 Feb 2024 - - *) Security: when using HTTP/3 a segmentation fault might occur in a - worker process while processing a specially crafted QUIC session - (CVE-2024-24989, CVE-2024-24990). - - *) Bugfix: connections with pending AIO operations might be closed - prematurely during graceful shutdown of old worker processes. - - *) Bugfix: socket leak alerts no longer logged when fast shutdown was - requested after graceful shutdown of old worker processes. - - *) Bugfix: a socket descriptor error, a socket leak, or a segmentation - fault in a worker process (for SSL proxying) might occur if AIO was - used in a subrequest. - - *) Bugfix: a segmentation fault might occur in a worker process if SSL - proxying was used along with the "image_filter" directive and errors - with code 415 were redirected with the "error_page" directive. - - *) Bugfixes and improvements in HTTP/3. - - -Changes with nginx 1.25.3 24 Oct 2023 - - *) Change: improved detection of misbehaving clients when using HTTP/2. - - *) Feature: startup speedup when using a large number of locations. - Thanks to Yusuke Nojima. - - *) Bugfix: a segmentation fault might occur in a worker process when - using HTTP/2 without SSL; the bug had appeared in 1.25.1. - - *) Bugfix: the "Status" backend response header line with an empty - reason phrase was handled incorrectly. - - *) Bugfix: memory leak during reconfiguration when using the PCRE2 - library. - Thanks to ZhenZhong Wu. - - *) Bugfixes and improvements in HTTP/3. - - -Changes with nginx 1.25.2 15 Aug 2023 - - *) Feature: path MTU discovery when using HTTP/3. - - *) Feature: TLS_AES_128_CCM_SHA256 cipher suite support when using - HTTP/3. - - *) Change: now nginx uses appname "nginx" when loading OpenSSL - configuration. - - *) Change: now nginx does not try to load OpenSSL configuration if the - --with-openssl option was used to built OpenSSL and the OPENSSL_CONF - environment variable is not set. - - *) Bugfix: in the $body_bytes_sent variable when using HTTP/3. - - *) Bugfix: in HTTP/3. - - -Changes with nginx 1.25.1 13 Jun 2023 - - *) Feature: the "http2" directive, which enables HTTP/2 on a per-server - basis; the "http2" parameter of the "listen" directive is now - deprecated. - - *) Change: HTTP/2 server push support has been removed. - - *) Change: the deprecated "ssl" directive is not supported anymore. - - *) Bugfix: in HTTP/3 when using OpenSSL. - - -Changes with nginx 1.25.0 23 May 2023 - - *) Feature: experimental HTTP/3 support. - - -Changes with nginx 1.23.4 28 Mar 2023 - - *) Change: now TLSv1.3 protocol is enabled by default. - - *) Change: now nginx issues a warning if protocol parameters of a - listening socket are redefined. - - *) Change: now nginx closes connections with lingering if pipelining was - used by the client. - - *) Feature: byte ranges support in the ngx_http_gzip_static_module. - - *) Bugfix: port ranges in the "listen" directive did not work; the bug - had appeared in 1.23.3. - Thanks to Valentin Bartenev. - - *) Bugfix: incorrect location might be chosen to process a request if a - prefix location longer than 255 characters was used in the - configuration. - - *) Bugfix: non-ASCII characters in file names on Windows were not - supported by the ngx_http_autoindex_module, the ngx_http_dav_module, - and the "include" directive. - - *) Change: the logging level of the "data length too long", "length too - short", "bad legacy version", "no shared signature algorithms", "bad - digest length", "missing sigalgs extension", "encrypted length too - long", "bad length", "bad key update", "mixed handshake and non - handshake data", "ccs received early", "data between ccs and - finished", "packet length too long", "too many warn alerts", "record - too small", and "got a fin before a ccs" SSL errors has been lowered - from "crit" to "info". - - *) Bugfix: a socket leak might occur when using HTTP/2 and the - "error_page" directive to redirect errors with code 400. - - *) Bugfix: messages about logging to syslog errors did not contain - information that the errors happened while logging to syslog. - Thanks to Safar Safarly. - - *) Workaround: "gzip filter failed to use preallocated memory" alerts - appeared in logs when using zlib-ng. - - *) Bugfix: in the mail proxy server. - - -Changes with nginx 1.23.3 13 Dec 2022 - - *) Bugfix: an error might occur when reading PROXY protocol version 2 - header with large number of TLVs. - - *) Bugfix: a segmentation fault might occur in a worker process if SSI - was used to process subrequests created by other modules. - Thanks to Ciel Zhao. - - *) Workaround: when a hostname used in the "listen" directive resolves - to multiple addresses, nginx now ignores duplicates within these - addresses. - - *) Bugfix: nginx might hog CPU during unbuffered proxying if SSL - connections to backends were used. - - -Changes with nginx 1.23.2 19 Oct 2022 - - *) Security: processing of a specially crafted mp4 file by the - ngx_http_mp4_module might cause a worker process crash, worker - process memory disclosure, or might have potential other impact - (CVE-2022-41741, CVE-2022-41742). - - *) Feature: the "$proxy_protocol_tlv_..." variables. - - *) Feature: TLS session tickets encryption keys are now automatically - rotated when using shared memory in the "ssl_session_cache" - directive. - - *) Change: the logging level of the "bad record type" SSL errors has - been lowered from "crit" to "info". - Thanks to Murilo Andrade. - - *) Change: now when using shared memory in the "ssl_session_cache" - directive the "could not allocate new session" errors are logged at - the "warn" level instead of "alert" and not more often than once per - second. - - *) Bugfix: nginx/Windows could not be built with OpenSSL 3.0.x. - - *) Bugfix: in logging of the PROXY protocol errors. - Thanks to Sergey Brester. - - *) Workaround: shared memory from the "ssl_session_cache" directive was - spent on sessions using TLS session tickets when using TLSv1.3 with - OpenSSL. - - *) Workaround: timeout specified with the "ssl_session_timeout" - directive did not work when using TLSv1.3 with OpenSSL or BoringSSL. - - -Changes with nginx 1.23.1 19 Jul 2022 - - *) Feature: memory usage optimization in configurations with SSL - proxying. - - *) Feature: looking up of IPv4 addresses while resolving now can be - disabled with the "ipv4=off" parameter of the "resolver" directive. - - *) Change: the logging level of the "bad key share", "bad extension", - "bad cipher", and "bad ecpoint" SSL errors has been lowered from - "crit" to "info". - - *) Bugfix: while returning byte ranges nginx did not remove the - "Content-Range" header line if it was present in the original backend - response. - - *) Bugfix: a proxied response might be truncated during reconfiguration - on Linux; the bug had appeared in 1.17.5. - - -Changes with nginx 1.23.0 21 Jun 2022 - - *) Change in internal API: now header lines are represented as linked - lists. - - *) Change: now nginx combines arbitrary header lines with identical - names when sending to FastCGI, SCGI, and uwsgi backends, in the - $r->header_in() method of the ngx_http_perl_module, and during lookup - of the "$http_...", "$sent_http_...", "$sent_trailer_...", - "$upstream_http_...", and "$upstream_trailer_..." variables. - - *) Bugfix: if there were multiple "Vary" header lines in the backend - response, nginx only used the last of them when caching. - - *) Bugfix: if there were multiple "WWW-Authenticate" header lines in the - backend response and errors with code 401 were intercepted or the - "auth_request" directive was used, nginx only sent the first of the - header lines to the client. - - *) Change: the logging level of the "application data after close - notify" SSL errors has been lowered from "crit" to "info". - - *) Bugfix: connections might hang if nginx was built on Linux 2.6.17 or - newer, but was used on systems without EPOLLRDHUP support, notably - with epoll emulation layers; the bug had appeared in 1.17.5. - Thanks to Marcus Ball. - - *) Bugfix: nginx did not cache the response if the "Expires" response - header line disabled caching, but following "Cache-Control" header - line enabled caching. - - -Changes with nginx 1.21.6 25 Jan 2022 - - *) Bugfix: when using EPOLLEXCLUSIVE on Linux client connections were - unevenly distributed among worker processes. - - *) Bugfix: nginx returned the "Connection: keep-alive" header line in - responses during graceful shutdown of old worker processes. - - *) Bugfix: in the "ssl_session_ticket_key" when using TLSv1.3. - - -Changes with nginx 1.21.5 28 Dec 2021 - - *) Change: now nginx is built with the PCRE2 library by default. - - *) Change: now nginx always uses sendfile(SF_NODISKIO) on FreeBSD. - - *) Feature: support for sendfile(SF_NOCACHE) on FreeBSD. - - *) Feature: the $ssl_curve variable. - - *) Bugfix: connections might hang when using HTTP/2 without SSL with the - "sendfile" and "aio" directives. - - -Changes with nginx 1.21.4 02 Nov 2021 - - *) Change: support for NPN instead of ALPN to establish HTTP/2 - connections has been removed. - - *) Change: now nginx rejects SSL connections if ALPN is used by the - client, but no supported protocols can be negotiated. - - *) Change: the default value of the "sendfile_max_chunk" directive was - changed to 2 megabytes. - - *) Feature: the "proxy_half_close" directive in the stream module. - - *) Feature: the "ssl_alpn" directive in the stream module. - - *) Feature: the $ssl_alpn_protocol variable. - - *) Feature: support for SSL_sendfile() when using OpenSSL 3.0. - - *) Feature: the "mp4_start_key_frame" directive in the - ngx_http_mp4_module. - Thanks to Tracey Jaquith. - - *) Bugfix: in the $content_length variable when using chunked transfer - encoding. - - *) Bugfix: after receiving a response with incorrect length from a - proxied backend nginx might nevertheless cache the connection. - Thanks to Awdhesh Mathpal. - - *) Bugfix: invalid headers from backends were logged at the "info" level - instead of "error"; the bug had appeared in 1.21.1. - - *) Bugfix: requests might hang when using HTTP/2 and the "aio_write" - directive. - - -Changes with nginx 1.21.3 07 Sep 2021 - - *) Change: optimization of client request body reading when using - HTTP/2. - - *) Bugfix: in request body filters internal API when using HTTP/2 and - buffering of the data being processed. - - -Changes with nginx 1.21.2 31 Aug 2021 - - *) Change: now nginx rejects HTTP/1.0 requests with the - "Transfer-Encoding" header line. - - *) Change: export ciphers are no longer supported. - - *) Feature: OpenSSL 3.0 compatibility. - - *) Feature: the "Auth-SSL-Protocol" and "Auth-SSL-Cipher" header lines - are now passed to the mail proxy authentication server. - Thanks to Rob Mueller. - - *) Feature: request body filters API now permits buffering of the data - being processed. - - *) Bugfix: backend SSL connections in the stream module might hang after - an SSL handshake. - - *) Bugfix: the security level, which is available in OpenSSL 1.1.0 or - newer, did not affect loading of the server certificates when set - with "@SECLEVEL=N" in the "ssl_ciphers" directive. - - *) Bugfix: SSL connections with gRPC backends might hang if select, - poll, or /dev/poll methods were used. - - *) Bugfix: when using HTTP/2 client request body was always written to - disk if the "Content-Length" header line was not present in the - request. - - -Changes with nginx 1.21.1 06 Jul 2021 - - *) Change: now nginx always returns an error for the CONNECT method. - - *) Change: now nginx always returns an error if both "Content-Length" - and "Transfer-Encoding" header lines are present in the request. - - *) Change: now nginx always returns an error if spaces or control - characters are used in the request line. - - *) Change: now nginx always returns an error if spaces or control - characters are used in a header name. - - *) Change: now nginx always returns an error if spaces or control - characters are used in the "Host" request header line. - - *) Change: optimization of configuration testing when using many - listening sockets. - - *) Bugfix: nginx did not escape """, "<", ">", "\", "^", "`", "{", "|", - and "}" characters when proxying with changed URI. - - *) Bugfix: SSL variables might be empty when used in logs; the bug had - appeared in 1.19.5. - - *) Bugfix: keepalive connections with gRPC backends might not be closed - after receiving a GOAWAY frame. - - *) Bugfix: reduced memory consumption for long-lived requests when - proxying with more than 64 buffers. - - -Changes with nginx 1.21.0 25 May 2021 - - *) Security: 1-byte memory overwrite might occur during DNS server - response processing if the "resolver" directive was used, allowing an - attacker who is able to forge UDP packets from the DNS server to - cause worker process crash or, potentially, arbitrary code execution - (CVE-2021-23017). - - *) Feature: variables support in the "proxy_ssl_certificate", - "proxy_ssl_certificate_key" "grpc_ssl_certificate", - "grpc_ssl_certificate_key", "uwsgi_ssl_certificate", and - "uwsgi_ssl_certificate_key" directives. - - *) Feature: the "max_errors" directive in the mail proxy module. - - *) Feature: the mail proxy module supports POP3 and IMAP pipelining. - - *) Feature: the "fastopen" parameter of the "listen" directive in the - stream module. - Thanks to Anbang Wen. - - *) Bugfix: special characters were not escaped during automatic redirect - with appended trailing slash. - - *) Bugfix: connections with clients in the mail proxy module might be - closed unexpectedly when using SMTP pipelining. - - -Changes with nginx 1.19.10 13 Apr 2021 - - *) Change: the default value of the "keepalive_requests" directive was - changed to 1000. - - *) Feature: the "keepalive_time" directive. - - *) Feature: the $connection_time variable. - - *) Workaround: "gzip filter failed to use preallocated memory" alerts - appeared in logs when using zlib-ng. - - -Changes with nginx 1.19.9 30 Mar 2021 - - *) Bugfix: nginx could not be built with the mail proxy module, but - without the ngx_mail_ssl_module; the bug had appeared in 1.19.8. - - *) Bugfix: "upstream sent response body larger than indicated content - length" errors might occur when working with gRPC backends; the bug - had appeared in 1.19.1. - - *) Bugfix: nginx might not close a connection till keepalive timeout - expiration if the connection was closed by the client while - discarding the request body. - - *) Bugfix: nginx might not detect that a connection was already closed - by the client when waiting for auth_delay or limit_req delay, or when - working with backends. - - *) Bugfix: in the eventport method. - - -Changes with nginx 1.19.8 09 Mar 2021 - - *) Feature: flags in the "proxy_cookie_flags" directive can now contain - variables. - - *) Feature: the "proxy_protocol" parameter of the "listen" directive, - the "proxy_protocol" and "set_real_ip_from" directives in mail proxy. - - *) Bugfix: HTTP/2 connections were immediately closed when using - "keepalive_timeout 0"; the bug had appeared in 1.19.7. - - *) Bugfix: some errors were logged as unknown if nginx was built with - glibc 2.32. - - *) Bugfix: in the eventport method. - - -Changes with nginx 1.19.7 16 Feb 2021 - - *) Change: connections handling in HTTP/2 has been changed to better - match HTTP/1.x; the "http2_recv_timeout", "http2_idle_timeout", and - "http2_max_requests" directives have been removed, the - "keepalive_timeout" and "keepalive_requests" directives should be - used instead. - - *) Change: the "http2_max_field_size" and "http2_max_header_size" - directives have been removed, the "large_client_header_buffers" - directive should be used instead. - - *) Feature: now, if free worker connections are exhausted, nginx starts - closing not only keepalive connections, but also connections in - lingering close. - - *) Bugfix: "zero size buf in output" alerts might appear in logs if an - upstream server returned an incorrect response during unbuffered - proxying; the bug had appeared in 1.19.1. - - *) Bugfix: HEAD requests were handled incorrectly if the "return" - directive was used with the "image_filter" or "xslt_stylesheet" - directives. - - *) Bugfix: in the "add_trailer" directive. - - -Changes with nginx 1.19.6 15 Dec 2020 - - *) Bugfix: "no live upstreams" errors if a "server" inside "upstream" - block was marked as "down". - - *) Bugfix: a segmentation fault might occur in a worker process if HTTPS - was used; the bug had appeared in 1.19.5. - - *) Bugfix: nginx returned the 400 response on requests like - "GET http://example.com?args HTTP/1.0". - - *) Bugfix: in the ngx_http_flv_module and ngx_http_mp4_module. - Thanks to Chris Newton. - - -Changes with nginx 1.19.5 24 Nov 2020 - - *) Feature: the -e switch. - - *) Feature: the same source files can now be specified in different - modules while building addon modules. - - *) Bugfix: SSL shutdown did not work when lingering close was used. - - *) Bugfix: "upstream sent frame for closed stream" errors might occur - when working with gRPC backends. - - *) Bugfix: in request body filters internal API. - - -Changes with nginx 1.19.4 27 Oct 2020 - - *) Feature: the "ssl_conf_command", "proxy_ssl_conf_command", - "grpc_ssl_conf_command", and "uwsgi_ssl_conf_command" directives. - - *) Feature: the "ssl_reject_handshake" directive. - - *) Feature: the "proxy_smtp_auth" directive in mail proxy. - - -Changes with nginx 1.19.3 29 Sep 2020 - - *) Feature: the ngx_stream_set_module. - - *) Feature: the "proxy_cookie_flags" directive. - - *) Feature: the "userid_flags" directive. - - *) Bugfix: the "stale-if-error" cache control extension was erroneously - applied if backend returned a response with status code 500, 502, - 503, 504, 403, 404, or 429. - - *) Bugfix: "[crit] cache file ... has too long header" messages might - appear in logs if caching was used and the backend returned responses - with the "Vary" header line. - - *) Workaround: "[crit] SSL_write() failed" messages might appear in logs - when using OpenSSL 1.1.1. - - *) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages - might appear in logs; the bug had appeared in 1.19.2. - - *) Bugfix: a segmentation fault might occur in a worker process when - using HTTP/2 if errors with code 400 were redirected to a proxied - location using the "error_page" directive. - - *) Bugfix: socket leak when using HTTP/2 and subrequests in the njs - module. - - -Changes with nginx 1.19.2 11 Aug 2020 - - *) Change: now nginx starts closing keepalive connections before all - free worker connections are exhausted, and logs a warning about this - to the error log. - - *) Change: optimization of client request body reading when using - chunked transfer encoding. - - *) Bugfix: memory leak if the "ssl_ocsp" directive was used. - - *) Bugfix: "zero size buf in output" alerts might appear in logs if a - FastCGI server returned an incorrect response; the bug had appeared - in 1.19.1. - - *) Bugfix: a segmentation fault might occur in a worker process if - different large_client_header_buffers sizes were used in different - virtual servers. - - *) Bugfix: SSL shutdown might not work. - - *) Bugfix: "SSL_shutdown() failed (SSL: ... bad write retry)" messages - might appear in logs. - - *) Bugfix: in the ngx_http_slice_module. - - *) Bugfix: in the ngx_http_xslt_filter_module. - - -Changes with nginx 1.19.1 07 Jul 2020 - - *) Change: the "lingering_close", "lingering_time", and - "lingering_timeout" directives now work when using HTTP/2. - - *) Change: now extra data sent by a backend are always discarded. - - *) Change: now after receiving a too short response from a FastCGI - server nginx tries to send the available part of the response to the - client, and then closes the client connection. - - *) Change: now after receiving a response with incorrect length from a - gRPC backend nginx stops response processing with an error. - - *) Feature: the "min_free" parameter of the "proxy_cache_path", - "fastcgi_cache_path", "scgi_cache_path", and "uwsgi_cache_path" - directives. - Thanks to Adam Bambuch. - - *) Bugfix: nginx did not delete unix domain listen sockets during - graceful shutdown on the SIGQUIT signal. - - *) Bugfix: zero length UDP datagrams were not proxied. - - *) Bugfix: proxying to uwsgi backends using SSL might not work. - Thanks to Guanzhong Chen. - - *) Bugfix: in error handling when using the "ssl_ocsp" directive. - - *) Bugfix: on XFS and NFS file systems disk cache size might be - calculated incorrectly. - - *) Bugfix: "negative size buf in writer" alerts might appear in logs if - a memcached server returned a malformed response. - - -Changes with nginx 1.19.0 26 May 2020 - - *) Feature: client certificate validation with OCSP. - - *) Bugfix: "upstream sent frame for closed stream" errors might occur - when working with gRPC backends. - - *) Bugfix: OCSP stapling might not work if the "resolver" directive was - not specified. - - *) Bugfix: connections with incorrect HTTP/2 preface were not logged. - - -Changes with nginx 1.17.10 14 Apr 2020 - - *) Feature: the "auth_delay" directive. - - -Changes with nginx 1.17.9 03 Mar 2020 - - *) Change: now nginx does not allow several "Host" request header lines. - - *) Bugfix: nginx ignored additional "Transfer-Encoding" request header - lines. - - *) Bugfix: socket leak when using HTTP/2. - - *) Bugfix: a segmentation fault might occur in a worker process if OCSP - stapling was used. - - *) Bugfix: in the ngx_http_mp4_module. - - *) Bugfix: nginx used status code 494 instead of 400 if errors with code - 494 were redirected with the "error_page" directive. - - *) Bugfix: socket leak when using subrequests in the njs module and the - "aio" directive. - - -Changes with nginx 1.17.8 21 Jan 2020 - - *) Feature: variables support in the "grpc_pass" directive. - - *) Bugfix: a timeout might occur while handling pipelined requests in an - SSL connection; the bug had appeared in 1.17.5. - - *) Bugfix: in the "debug_points" directive when using HTTP/2. - Thanks to Daniil Bondarev. - - -Changes with nginx 1.17.7 24 Dec 2019 - - *) Bugfix: a segmentation fault might occur on start or during - reconfiguration if the "rewrite" directive with an empty replacement - string was used in the configuration. - - *) Bugfix: a segmentation fault might occur in a worker process if the - "break" directive was used with the "alias" directive or with the - "proxy_pass" directive with a URI. - - *) Bugfix: the "Location" response header line might contain garbage if - the request URI was rewritten to the one containing a null character. - - *) Bugfix: requests with bodies were handled incorrectly when returning - redirections with the "error_page" directive; the bug had appeared in - 0.7.12. - - *) Bugfix: socket leak when using HTTP/2. - - *) Bugfix: a timeout might occur while handling pipelined requests in an - SSL connection; the bug had appeared in 1.17.5. - - *) Bugfix: in the ngx_http_dav_module. - - -Changes with nginx 1.17.6 19 Nov 2019 - - *) Feature: the $proxy_protocol_server_addr and - $proxy_protocol_server_port variables. - - *) Feature: the "limit_conn_dry_run" directive. - - *) Feature: the $limit_req_status and $limit_conn_status variables. - - -Changes with nginx 1.17.5 22 Oct 2019 - - *) Feature: now nginx uses ioctl(FIONREAD), if available, to avoid - reading from a fast connection for a long time. - - *) Bugfix: incomplete escaped characters at the end of the request URI - were ignored. - - *) Bugfix: "/." and "/.." at the end of the request URI were not - normalized. - - *) Bugfix: in the "merge_slashes" directive. - - *) Bugfix: in the "ignore_invalid_headers" directive. - Thanks to Alan Kemp. - - *) Bugfix: nginx could not be built with MinGW-w64 gcc 8.1 or newer. - - -Changes with nginx 1.17.4 24 Sep 2019 - - *) Change: better detection of incorrect client behavior in HTTP/2. - - *) Change: in handling of not fully read client request body when - returning errors in HTTP/2. - - *) Bugfix: the "worker_shutdown_timeout" directive might not work when - using HTTP/2. - - *) Bugfix: a segmentation fault might occur in a worker process when - using HTTP/2 and the "proxy_request_buffering" directive. - - *) Bugfix: the ECONNABORTED error log level was "crit" instead of - "error" on Windows when using SSL. - - *) Bugfix: nginx ignored extra data when using chunked transfer - encoding. - - *) Bugfix: nginx always returned the 500 error if the "return" directive - was used and an error occurred during reading client request body. - - *) Bugfix: in memory allocation error handling. - - -Changes with nginx 1.17.3 13 Aug 2019 - - *) Security: when using HTTP/2 a client might cause excessive memory - consumption and CPU usage (CVE-2019-9511, CVE-2019-9513, - CVE-2019-9516). - - *) Bugfix: "zero size buf" alerts might appear in logs when using - gzipping; the bug had appeared in 1.17.2. - - *) Bugfix: a segmentation fault might occur in a worker process if the - "resolver" directive was used in SMTP proxy. - - -Changes with nginx 1.17.2 23 Jul 2019 - - *) Change: minimum supported zlib version is 1.2.0.4. - Thanks to Ilya Leoshkevich. - - *) Change: the $r->internal_redirect() embedded perl method now expects - escaped URIs. - - *) Feature: it is now possible to switch to a named location using the - $r->internal_redirect() embedded perl method. - - *) Bugfix: in error handling in embedded perl. - - *) Bugfix: a segmentation fault might occur on start or during - reconfiguration if hash bucket size larger than 64 kilobytes was used - in the configuration. - - *) Bugfix: nginx might hog CPU during unbuffered proxying and when - proxying WebSocket connections if the select, poll, or /dev/poll - methods were used. - - *) Bugfix: in the ngx_http_xslt_filter_module. - - *) Bugfix: in the ngx_http_ssi_filter_module. - - -Changes with nginx 1.17.1 25 Jun 2019 - - *) Feature: the "limit_req_dry_run" directive. - - *) Feature: when using the "hash" directive inside the "upstream" block - an empty hash key now triggers round-robin balancing. - Thanks to Niklas Keller. - - *) Bugfix: a segmentation fault might occur in a worker process if - caching was used along with the "image_filter" directive, and errors - with code 415 were redirected with the "error_page" directive; the - bug had appeared in 1.11.10. - - *) Bugfix: a segmentation fault might occur in a worker process if - embedded perl was used; the bug had appeared in 1.7.3. - - -Changes with nginx 1.17.0 21 May 2019 - - *) Feature: variables support in the "limit_rate" and "limit_rate_after" - directives. - - *) Feature: variables support in the "proxy_upload_rate" and - "proxy_download_rate" directives in the stream module. - - *) Change: minimum supported OpenSSL version is 0.9.8. - - *) Change: now the postpone filter is always built. - - *) Bugfix: the "include" directive did not work inside the "if" and - "limit_except" blocks. - - *) Bugfix: in byte ranges processing. - - -Changes with nginx 1.15.12 16 Apr 2019 - - *) Bugfix: a segmentation fault might occur in a worker process if - variables were used in the "ssl_certificate" or "ssl_certificate_key" - directives and OCSP stapling was enabled. - - -Changes with nginx 1.15.11 09 Apr 2019 - - *) Bugfix: in the "ssl_stapling_file" directive on Windows. - - -Changes with nginx 1.15.10 26 Mar 2019 - - *) Change: when using a hostname in the "listen" directive nginx now - creates listening sockets for all addresses the hostname resolves to - (previously, only the first address was used). - - *) Feature: port ranges in the "listen" directive. - - *) Feature: loading of SSL certificates and secret keys from variables. - - *) Workaround: the $ssl_server_name variable might be empty when using - OpenSSL 1.1.1. - - *) Bugfix: nginx/Windows could not be built with Visual Studio 2015 or - newer; the bug had appeared in 1.15.9. - - -Changes with nginx 1.15.9 26 Feb 2019 - - *) Feature: variables support in the "ssl_certificate" and - "ssl_certificate_key" directives. - - *) Feature: the "poll" method is now available on Windows when using - Windows Vista or newer. - - *) Bugfix: if the "select" method was used on Windows and an error - occurred while establishing a backend connection, nginx waited for - the connection establishment timeout to expire. - - *) Bugfix: the "proxy_upload_rate" and "proxy_download_rate" directives - in the stream module worked incorrectly when proxying UDP datagrams. - - -Changes with nginx 1.15.8 25 Dec 2018 - - *) Feature: the $upstream_bytes_sent variable. - Thanks to Piotr Sikora. - - *) Feature: new directives in vim syntax highlighting scripts. - Thanks to Gena Makhomed. - - *) Bugfix: in the "proxy_cache_background_update" directive. - - *) Bugfix: in the "geo" directive when using unix domain listen sockets. - - *) Workaround: the "ignoring stale global SSL error ... bad length" - alerts might appear in logs when using the "ssl_early_data" directive - with OpenSSL. - - *) Bugfix: in nginx/Windows. - - *) Bugfix: in the ngx_http_autoindex_module on 32-bit platforms. - - -Changes with nginx 1.15.7 27 Nov 2018 - - *) Feature: the "proxy_requests" directive in the stream module. - - *) Feature: the "delay" parameter of the "limit_req" directive. - Thanks to Vladislav Shabanov and Peter Shchuchkin. - - *) Bugfix: memory leak on errors during reconfiguration. - - *) Bugfix: in the $upstream_response_time, $upstream_connect_time, and - $upstream_header_time variables. + *) Bugfix: connections with some gRPC backends might not be cached when + using the "keepalive" directive. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_mp4_module was used on 32-bit platforms. -Changes with nginx 1.15.6 06 Nov 2018 +Changes with nginx 1.14.1 06 Nov 2018 *) Security: when using HTTP/2 a client might cause excessive memory consumption (CVE-2018-16843) and CPU usage (CVE-2018-16844). @@ -975,162 +41,13 @@ Changes with nginx 1.15.6 06 Nov 2018 ngx_http_mp4_module might result in worker process memory disclosure (CVE-2018-16845). - *) Feature: the "proxy_socket_keepalive", "fastcgi_socket_keepalive", - "grpc_socket_keepalive", "memcached_socket_keepalive", - "scgi_socket_keepalive", and "uwsgi_socket_keepalive" directives. - - *) Bugfix: if nginx was built with OpenSSL 1.1.0 and used with OpenSSL - 1.1.1, the TLS 1.3 protocol was always enabled. - *) Bugfix: working with gRPC backends might result in excessive memory consumption. -Changes with nginx 1.15.5 02 Oct 2018 +Changes with nginx 1.14.0 17 Apr 2018 - *) Bugfix: a segmentation fault might occur in a worker process when - using OpenSSL 1.1.0h or newer; the bug had appeared in 1.15.4. - - *) Bugfix: of minor potential bugs. - - -Changes with nginx 1.15.4 25 Sep 2018 - - *) Feature: now the "ssl_early_data" directive can be used with OpenSSL. - - *) Bugfix: in the ngx_http_uwsgi_module. - Thanks to Chris Caputo. - - *) Bugfix: connections with some gRPC backends might not be cached when - using the "keepalive" directive. - - *) Bugfix: a socket leak might occur when using the "error_page" - directive to redirect early request processing errors, notably errors - with code 400. - - *) Bugfix: the "return" directive did not change the response code when - returning errors if the request was redirected by the "error_page" - directive. - - *) Bugfix: standard error pages and responses of the - ngx_http_autoindex_module module used the "bgcolor" attribute, and - might be displayed incorrectly when using custom color settings in - browsers. - Thanks to Nova DasSarma. - - *) Change: the logging level of the "no suitable key share" and "no - suitable signature algorithm" SSL errors has been lowered from "crit" - to "info". - - -Changes with nginx 1.15.3 28 Aug 2018 - - *) Feature: now TLSv1.3 can be used with BoringSSL. - - *) Feature: the "ssl_early_data" directive, currently available with - BoringSSL. - - *) Feature: the "keepalive_timeout" and "keepalive_requests" directives - in the "upstream" block. - - *) Bugfix: the ngx_http_dav_module did not truncate destination file - when copying a file over an existing one with the COPY method. - - *) Bugfix: the ngx_http_dav_module used zero access rights on the - destination file and did not preserve file modification time when - moving a file between different file systems with the MOVE method. - - *) Bugfix: the ngx_http_dav_module used default access rights when - copying a file with the COPY method. - - *) Workaround: some clients might not work when using HTTP/2; the bug - had appeared in 1.13.5. - - *) Bugfix: nginx could not be built with LibreSSL 2.8.0. - - -Changes with nginx 1.15.2 24 Jul 2018 - - *) Feature: the $ssl_preread_protocol variable in the - ngx_stream_ssl_preread_module. - - *) Feature: now when using the "reset_timedout_connection" directive - nginx will reset connections being closed with the 444 code. - - *) Change: a logging level of the "http request", "https proxy request", - "unsupported protocol", and "version too low" SSL errors has been - lowered from "crit" to "info". - - *) Bugfix: DNS requests were not resent if initial sending of a request - failed. - - *) Bugfix: the "reuseport" parameter of the "listen" directive was - ignored if the number of worker processes was specified after the - "listen" directive. - - *) Bugfix: when using OpenSSL 1.1.0 or newer it was not possible to - switch off "ssl_prefer_server_ciphers" in a virtual server if it was - switched on in the default server. - - *) Bugfix: SSL session reuse with upstream servers did not work with the - TLS 1.3 protocol. - - -Changes with nginx 1.15.1 03 Jul 2018 - - *) Feature: the "random" directive inside the "upstream" block. - - *) Feature: improved performance when using the "hash" and "ip_hash" - directives with the "zone" directive. - - *) Feature: the "reuseport" parameter of the "listen" directive now uses - SO_REUSEPORT_LB on FreeBSD 12. - - *) Bugfix: HTTP/2 server push did not work if SSL was terminated by a - proxy server in front of nginx. - - *) Bugfix: the "tcp_nopush" directive was always used on backend - connections. - - *) Bugfix: sending a disk-buffered request body to a gRPC backend might - fail. - - -Changes with nginx 1.15.0 05 Jun 2018 - - *) Change: the "ssl" directive is deprecated; the "ssl" parameter of the - "listen" directive should be used instead. - - *) Change: now nginx detects missing SSL certificates during - configuration testing when using the "ssl" parameter of the "listen" - directive. - - *) Feature: now the stream module can handle multiple incoming UDP - datagrams from a client within a single session. - - *) Bugfix: it was possible to specify an incorrect response code in the - "proxy_cache_valid" directive. - - *) Bugfix: nginx could not be built by gcc 8.1. - - *) Bugfix: logging to syslog stopped on local IP address changes. - - *) Bugfix: nginx could not be built by clang with CUDA SDK installed; - the bug had appeared in 1.13.8. - - *) Bugfix: "getsockopt(TCP_FASTOPEN) ... failed" messages might appear - in logs during binary upgrade when using unix domain listen sockets - on FreeBSD. - - *) Bugfix: nginx could not be built on Fedora 28 Linux. - - *) Bugfix: request processing rate might exceed configured rate when - using the "limit_req" directive. - - *) Bugfix: in handling of client addresses when using unix domain listen - sockets to work with datagrams on Linux. - - *) Bugfix: in memory allocation error handling. + *) 1.14.x stable branch. Changes with nginx 1.13.12 10 Apr 2018 diff --git a/CHANGES.ru b/CHANGES.ru index 0d1ba20..8c260fe 100644 --- a/CHANGES.ru +++ b/CHANGES.ru @@ -1,997 +1,39 @@ -Изменения в nginx 1.26.3 05.02.2025 +Изменения в nginx 1.14.2 04.12.2018 - *) Безопасность: недостаточная проверка в обработке виртуальных серверов - при использовании SNI в TLSv1.3 позволяла повторно использовать - SSL-сессию в контексте другого виртуального сервера, чтобы обойти - проверку клиентских SSL-сертификатов (CVE-2025-23419). + *) Исправление: nginx не собирался gcc 8.1. - *) Исправление: в модуле ngx_http_mp4_module. - Спасибо Nils Bars. + *) Исправление: nginx не собирался на Fedora 28 Linux. - *) Изменение: при использовании zlib-ng в логах появлялись сообщения - "gzip filter failed to use preallocated memory". + *) Исправление: в обработке адресов клиентов при использовании unix + domain listen-сокетов для работы с датаграммами на Linux. - *) Исправление: nginx не мог собрать библиотеку libatomic из исходных - текстов, если использовался параметр --with-libatomic=DIR. - - *) Исправление: теперь nginx игнорирует пакеты согласования версий QUIC - от клиентов. - - *) Исправление: nginx не собирался на Solaris 10 и более ранних с - модулем ngx_http_v3_module. - - *) Исправления в HTTP/3. - - -Изменения в nginx 1.26.2 14.08.2024 - - *) Безопасность: обработка специально созданного mp4-файла модулем - ngx_http_mp4_module могла приводить к падению рабочего процесса - (CVE-2024-7347). - Спасибо Nils Bars. - - -Изменения в nginx 1.26.1 29.05.2024 - - *) Безопасность: при использовании HTTP/3 обработка специально созданной - QUIC-сессии могла приводить к падению рабочего процесса, отправке - клиенту содержимого памяти рабочего процесса на системах с MTU больше - 4096 байт, а также потенциально могла иметь другие последствия - (CVE-2024-32760, CVE-2024-31079, CVE-2024-35200, CVE-2024-34161). - Спасибо Nils Bars из CISPA. - - *) Исправление: уменьшено потребление памяти для долгоживущих запросов, - если используются директивы gzip, gunzip, ssi, sub_filter или - grpc_pass. - - *) Исправление: nginx не собирался gcc 14, если использовался параметр - --with-libatomic. - Спасибо Edgar Bonet. - - *) Исправление: в HTTP/3. - - -Изменения в nginx 1.26.0 23.04.2024 - - *) Стабильная ветка 1.26.x. - - -Изменения в nginx 1.25.5 16.04.2024 - - *) Добавление: виртуальные сервера в модуле stream. - - *) Добавление: модуль ngx_stream_pass_module. - - *) Добавление: параметры deferred, accept_filter и setfib директивы - listen в модуле stream. - - *) Добавление: определение размера строки кеша процессора для некоторых - архитектур. - Спасибо Piotr Sikora. - - *) Добавление: поддержка Homebrew на Apple Silicon. - Спасибо Piotr Sikora. - - *) Исправление: улучшения и исправления кросс-компиляции для Windows. - Спасибо Piotr Sikora. - - *) Исправление: неожиданное закрытие соединения при использовании 0-RTT - в QUIC. - Спасибо Владимиру Хомутову. - - -Изменения в nginx 1.25.4 14.02.2024 - - *) Безопасность: при использовании HTTP/3 в рабочем процессе мог - произойти segmentation fault во время обработки специально созданной - QUIC-сессии (CVE-2024-24989, CVE-2024-24990). - - *) Исправление: соединения с незавершенными AIO-операциями могли - закрываться преждевременно во время плавного завершения старых - рабочих процессов. - - *) Исправление: теперь nginx не пишет в лог сообщения об утечке сокетов, - если во время плавного завершения старых рабочих процессов было - запрошено быстрое завершение. - - *) Исправление: при использовании AIO в подзапросе могла происходить - ошибка на сокете, утечка сокетов, либо segmentation fault в рабочем - процессе (при SSL-проксировании). - - *) Исправление: в рабочем процессе мог произойти segmentation fault, - если использовалось SSL-проксирование и директива image_filter, а - ошибки с кодом 415 перенаправлялись с помощью директивы error_page. - - *) Исправления и улучшения в HTTP/3. - - -Изменения в nginx 1.25.3 24.10.2023 - - *) Изменение: улучшено детектирование некорректного поведения клиентов - при использовании HTTP/2. - - *) Добавление: уменьшение времени запуска при использовании большого - количества location'ов. - Спасибо Yusuke Nojima. - - *) Исправление: при использовании HTTP/2 без SSL в рабочем процессе мог - произойти segmentation fault; ошибка появилась в 1.25.1. - - *) Исправление: строка "Status" в заголовке ответа бэкенда с пустой - поясняющей фразой обрабатывалась некорректно. - - *) Исправление: утечки памяти во время переконфигурации при - использовании библиотеки PCRE2. - Спасибо ZhenZhong Wu. - - *) Исправления и улучшения в HTTP/3. - - -Изменения в nginx 1.25.2 15.08.2023 - - *) Добавление: path MTU discovery при использовании HTTP/3. - - *) Добавление: поддержка шифра TLS_AES_128_CCM_SHA256 при использовании - HTTP/3. - - *) Изменение: теперь при загрузке конфигурации OpenSSL nginx использует - appname "nginx". - - *) Изменение: теперь nginx не пытается загружать конфигурацию OpenSSL, - если для сборки OpenSSL использовался параметр --with-openssl и - переменная окружения OPENSSL_CONF не установлена. - - *) Исправление: в переменной $body_bytes_sent при использовании HTTP/3. - - *) Исправление: в HTTP/3. - - -Изменения в nginx 1.25.1 13.06.2023 - - *) Добавление: директива http2, позволяющая включать HTTP/2 в отдельных - блоках server; параметр http2 директивы listen объявлен устаревшим. - - *) Изменение: поддержка HTTP/2 server push упразднена. - - *) Изменение: устаревшая директива ssl больше не поддерживается. - - *) Исправление: в HTTP/3 при использовании OpenSSL. - - -Изменения в nginx 1.25.0 23.05.2023 - - *) Добавление: экспериментальная поддержка HTTP/3. - - -Изменения в nginx 1.23.4 28.03.2023 - - *) Изменение: теперь протокол TLSv1.3 разрешён по умолчанию. - - *) Изменение: теперь nginx выдаёт предупреждение при переопределении - параметров listen-сокета, задающих используемые протоколы. - - *) Изменение: теперь, если клиент использует pipelining, nginx закрывает - соединения с ожиданием дополнительных данных (lingering close). - - *) Добавление: поддержка byte ranges для ответов модуля - ngx_http_gzip_static_module. - - *) Исправление: диапазоны портов в директиве listen не работали; ошибка - появилась в 1.23.3. - Спасибо Валентину Бартеневу. - - *) Исправление: для обработки запроса мог быть выбран неверный location, - если в конфигурации использовался префиксный location длиннее 255 - символов. - - *) Исправление: не-ASCII символы в именах файлов на Windows не - поддерживались модулями ngx_http_autoindex_module и - ngx_http_dav_module, а также директивой include. - - *) Изменение: уровень логгирования ошибок SSL "data length too long", - "length too short", "bad legacy version", "no shared signature - algorithms", "bad digest length", "missing sigalgs extension", - "encrypted length too long", "bad length", "bad key update", "mixed - handshake and non handshake data", "ccs received early", "data - between ccs and finished", "packet length too long", "too many warn - alerts", "record too small", и "got a fin before a ccs" понижен с + *) Изменение: уровень логгирования ошибок SSL "http request", "https + proxy request", "unsupported protocol", "version too low", "no + suitable key share" и "no suitable signature algorithm" понижен с уровня crit до info. - *) Исправление: при использовании HTTP/2 и директивы error_page для - перенаправления ошибок с кодом 400 могла происходить утечка сокетов. + *) Исправление: при использовании OpenSSL 1.1.0 и новее директиву + ssl_prefer_server_ciphers нельзя было выключить в виртуальном + сервере, если она была включена в сервере по умолчанию. - *) Исправление: сообщения об ошибках записи в syslog не содержали - информации о том, что ошибки происходили в процессе записи в syslog. - Спасибо Safar Safarly. + *) Исправление: nginx не собирался с LibreSSL 2.8.0. - *) Изменение: при использовании zlib-ng в логах появлялись сообщения - "gzip filter failed to use preallocated memory". + *) Исправление: если nginx был собран с OpenSSL 1.1.0, а использовался с + OpenSSL 1.1.1, протокол TLS 1.3 всегда был разрешён. - *) Исправление: в почтовом прокси-сервере. + *) Исправление: при отправке сохранённого на диск тела запроса на + gRPC-бэкенд могли возникать ошибки. - -Изменения в nginx 1.23.3 13.12.2022 - - *) Исправление: при чтении заголовка протокола PROXY версии 2, - содержащего большое количество TLV, могла возникать ошибка. - - *) Исправление: при использовании SSI для обработки подзапросов, - созданных другими модулями, в рабочем процессе мог произойти - segmentation fault. - Спасибо Ciel Zhao. - - *) Изменение: теперь, если при преобразовании в адреса имени хоста, - указанного в директиве listen, возвращается несколько адресов, nginx - игнорирует дубликаты среди этих адресов. - - *) Исправление: nginx мог нагружать процессор при небуферизированном - проксировании, если использовались SSL-соединения с бэкендами. - - -Изменения в nginx 1.23.2 19.10.2022 - - *) Безопасность: обработка специально созданного mp4-файла модулем - ngx_http_mp4_module могла приводить к падению рабочего процесса, - отправке клиенту части содержимого памяти рабочего процесса, а также - потенциально могла иметь другие последствия (CVE-2022-41741, - CVE-2022-41742). - - *) Добавление: переменные "$proxy_protocol_tlv_...". - - *) Добавление: ключи шифрования TLS session tickets теперь автоматически - меняются при использовании разделяемой памяти в ssl_session_cache. - - *) Изменение: уровень логгирования ошибок SSL "bad record type" понижен - с уровня crit до info. - Спасибо Murilo Andrade. - - *) Изменение: теперь при использовании разделяемой памяти в - ssl_session_cache сообщения "could not allocate new session" - логгируются на уровне warn вместо alert и не чаще одного раза в - секунду. - - *) Исправление: nginx/Windows не собирался с OpenSSL 3.0.x. - - *) Исправление: в логгировании ошибок протокола PROXY. - Спасибо Сергею Брестеру. - - *) Изменение: при использовании TLSv1.3 с OpenSSL разделяемая память из - ssl_session_cache расходовалась в том числе на сессии, использующие - TLS session tickets. - - *) Изменение: таймаут, заданный с помощью директивы ssl_session_timeout, - не работал при использовании TLSv1.3 с OpenSSL или BoringSSL. - - -Изменения в nginx 1.23.1 19.07.2022 - - *) Добавление: оптимизация использования памяти в конфигурациях с - SSL-проксированием. - - *) Добавление: теперь с помощью параметра "ipv4=off" директивы - "resolver" можно запретить поиск IPv4-адресов при преобразовании имён - в адреса. - - *) Изменение: уровень логгирования ошибок SSL "bad key share", "bad - extension", "bad cipher" и "bad ecpoint" понижен с уровня crit до - info. - - *) Исправление: при возврате диапазонов nginx не удалял строку заголовка - "Content-Range", если она присутствовала в исходном ответе бэкенда. - - *) Исправление: проксированный ответ мог быть отправлен не полностью при - переконфигурации на Linux; ошибка появилась в 1.17.5. - - -Изменения в nginx 1.23.0 21.06.2022 - - *) Изменение во внутреннем API: теперь строки заголовков представлены - связными списками. - - *) Изменение: теперь nginx объединяет произвольные строки заголовков с - одинаковыми именами при отправке на FastCGI-, SCGI- и uwsgi-бэкенды, - в методе $r->header_in() модуля ngx_http_perl_module, и при доступе - через переменные "$http_...", "$sent_http_...", "$sent_trailer_...", - "$upstream_http_..." и "$upstream_trailer_...". - - *) Исправление: если в заголовке ответа бэкенда было несколько строк - "Vary", при кэшировании nginx учитывал только последнюю из них. - - *) Исправление: если в заголовке ответа бэкенда было несколько строк - "WWW-Authenticate" и использовался перехват ошибок с кодом 401 от - бэкенда или директива auth_request, nginx пересылал клиенту только - первую из этих строк. - - *) Изменение: уровень логгирования ошибок SSL "application data after - close notify" понижен с уровня crit до info. - - *) Исправление: соединения могли зависать, если nginx был собран на - Linux 2.6.17 и новее, а использовался на системах без поддержки - EPOLLRDHUP, в частности, на системах с эмуляцией epoll; ошибка - появилась в 1.17.5. - Спасибо Marcus Ball. - - *) Исправление: nginx не кэшировал ответ, если строка заголовка ответа - "Expires" запрещала кэширование, а последующая строка заголовка - "Cache-Control" разрешала кэширование. - - -Изменения в nginx 1.21.6 25.01.2022 - - *) Исправление: при использование EPOLLEXCLUSIVE на Linux распределение - клиентских соединений между рабочими процессами было неравномерным. - - *) Исправление: во время плавного завершения старых рабочих процессов - nginx возвращал в ответах строку заголовка "Connection: keep-alive". - - *) Исправление: в директиве ssl_session_ticket_key при использовании - TLSv1.3. - - -Изменения в nginx 1.21.5 28.12.2021 - - *) Изменение: теперь nginx по умолчанию собирается с библиотекой PCRE2. - - *) Изменение: теперь nginx всегда использует sendfile(SF_NODISKIO) на - FreeBSD. - - *) Добавление: поддержка sendfile(SF_NOCACHE) на FreeBSD. - - *) Добавление: переменная $ssl_curve. - - *) Исправление: при использовании HTTP/2 без SSL вместе с директивами - sendfile и aio соединения могли зависать. - - -Изменения в nginx 1.21.4 02.11.2021 - - *) Изменение: поддержка NPN вместо ALPN для установления - HTTP/2-соединений упразднена. - - *) Изменение: теперь nginx закрывает SSL соединение, если клиент - использует ALPN, но nginx не поддерживает ни один из присланных - клиентом протоколов. - - *) Изменение: в директиве sendfile_max_chunk значение по умолчанию - изменено на 2 мегабайта. - - *) Добавление: директива proxy_half_close в модуле stream. - - *) Добавление: директива ssl_alpn в модуле stream. - - *) Добавление: переменная $ssl_alpn_protocol. - - *) Добавление: поддержка SSL_sendfile() при использовании OpenSSL 3.0. - - *) Добавление: директива mp4_start_key_frame в модуле - ngx_http_mp4_module. - Спасибо Tracey Jaquith. - - *) Исправление: в переменной $content_length при использовании chunked - transfer encoding. - - *) Исправление: при получении ответа некорректной длины от проксируемого - бэкенда nginx мог тем не менее закэшировать соединение. - Спасибо Awdhesh Mathpal. - - *) Исправление: некорректные заголовки от бэкендов логгировались на - уровне info вместо error; ошибка появилась в 1.21.1. - - *) Исправление: при использовании HTTP/2 и директивы aio_write запросы - могли зависать. - - -Изменения в nginx 1.21.3 07.09.2021 - - *) Изменение: оптимизация чтения тела запроса при использовании HTTP/2. - - *) Исправление: во внутреннем API для обработки тела запроса при - использовании HTTP/2 и буферизации обрабатываемых данных. - - -Изменения в nginx 1.21.2 31.08.2021 - - *) Изменение: теперь nginx возвращает ошибку, если в запросе по - протоколу HTTP/1.0 присутствует строка заголовка "Transfer-Encoding". - - *) Изменение: экспортные шифры больше не поддерживаются. - - *) Добавление: совместимость с OpenSSL 3.0. - - *) Добавление: теперь серверу аутентификации почтового прокси-сервера - передаются строки заголовка "Auth-SSL-Protocol" и "Auth-SSL-Cipher". - Спасибо Rob Mueller. - - *) Добавление: API для обработки тела запроса теперь позволяет - буферизировать обрабатываемые данные. - - *) Исправление: SSL-соединения к бэкендам в модуле stream могли зависать - после SSL handshake. - - *) Исправление: уровень безопасности, доступный в OpenSSL 1.1.0 и новее, - не учитывался при загрузке сертификатов сервера, если был задан через - "@SECLEVEL=N" в директиве ssl_ciphers. - - *) Исправление: SSL-соединения с gRPC-бэкендами могли зависать, если - использовались методы select, poll или /dev/poll. - - *) Исправление: при использовании HTTP/2 тело запроса всегда - записывалось на диск, если в запросе не было строки заголовка - "Content-Length". - - -Изменения в nginx 1.21.1 06.07.2021 - - *) Изменение: теперь nginx для метода CONNECT всегда возвращает ошибку. - - *) Изменение: теперь nginx всегда возвращает ошибку, если в запросе - одновременно присутствуют строки заголовка "Content-Length" и - "Transfer-Encoding". - - *) Изменение: теперь nginx всегда возвращает ошибку, если в строке - запроса используются пробелы или управляющие символы. - - *) Изменение: теперь nginx всегда возвращает ошибку, если в имени - заголовка используются пробелы или управляющие символы. - - *) Изменение: теперь nginx всегда возвращает ошибку, если в строке - "Host" заголовка запроса используются пробелы или управляющие - символы. - - *) Изменение: оптимизация тестирования конфигурации при использовании - большого количества listen-сокетов. - - *) Исправление: nginx не экранировал символы """, "<", ">", "\", "^", - "`", "{", "|", и "}" при проксировании с изменением URI запроса. - - *) Исправление: SSL-переменные могли быть пустыми при записи в лог; - ошибка появилась в 1.19.5. - - *) Исправление: keepalive-соединения с gRPC-бэкендами могли не - закрываться после получения GOAWAY-фрейма. - - *) Исправление: уменьшено потребление памяти для долгоживущих запросов - при проксировании с использованием более 64 буферов. - - -Изменения в nginx 1.21.0 25.05.2021 - - *) Безопасность: при использовании директивы resolver во время обработки - ответа DNS-сервера могла происходить перезапись одного байта памяти, - что позволяло атакующему, имеющему возможность подделывать UDP-пакеты - от DNS-сервера, вызвать падение рабочего процесса или, потенциально, - выполнение произвольного кода (CVE-2021-23017). - - *) Добавление: директивы proxy_ssl_certificate, - proxy_ssl_certificate_key, grpc_ssl_certificate, - grpc_ssl_certificate_key, uwsgi_ssl_certificate и - uwsgi_ssl_certificate_key поддерживают переменные. - - *) Добавление: директива max_errors в почтовом прокси-сервере. - - *) Добавление: почтовый прокси-сервер поддерживает POP3 и IMAP - pipelining. - - *) Добавление: параметр fastopen директивы listen в модуле stream. - Спасибо Anbang Wen. - - *) Исправление: специальные символы не экранировались при автоматическом - перенаправлении с добавлением завершающего слэша. - - *) Исправление: при использовании SMTP pipelining соединения с клиентами - в почтовом прокси-сервере могли неожиданно закрываться. - - -Изменения в nginx 1.19.10 13.04.2021 - - *) Изменение: в директиве keepalive_requests значение по умолчанию - изменено на 1000. - - *) Добавление: директива keepalive_time. - - *) Добавление: переменная $connection_time. - - *) Изменение: при использовании zlib-ng в логах появлялись сообщения - "gzip filter failed to use preallocated memory". - - -Изменения в nginx 1.19.9 30.03.2021 - - *) Исправление: nginx не собирался с почтовым прокси-сервером, но без - модуля ngx_mail_ssl_module; ошибка появилась в 1.19.8. - - *) Исправление: при работе с gRPC-бэкендами могли возникать ошибки - "upstream sent response body larger than indicated content length"; - ошибка появилась в 1.19.1. - - *) Исправление: если клиент закрывал соединение в момент отбрасывания - тела запроса, nginx мог не закрыть соединение до истечения - keepalive-таймаута. - - *) Исправление: при ожидании задержки limit_req или auth_delay, а также - при работе с бэкендами nginx мог не обнаружить, что соединение уже - закрыто клиентом. - - *) Исправление: в методе обработки соединений eventport. - - -Изменения в nginx 1.19.8 09.03.2021 - - *) Добавление: в директиве proxy_cookie_flags теперь флаги можно - задавать с помощью переменных. - - *) Добавление: параметр proxy_protocol в директиве listen, директивы - proxy_protocol и set_real_ip_from в почтовом прокси-сервере. - - *) Исправление: HTTP/2-соединения сразу закрывались при использовании - "keepalive_timeout 0"; ошибка появилась в 1.19.7. - - *) Исправление: некоторые ошибки логгировались как неизвестные, если - nginx был собран с glibc 2.32. - - *) Исправление: в методе обработки соединений eventport. - - -Изменения в nginx 1.19.7 16.02.2021 - - *) Изменение: обработка соединений в HTTP/2 была изменена и теперь более - соответствует HTTP/1.x; директивы http2_recv_timeout, - http2_idle_timeout и http2_max_requests упразднены, вместо них - следует использовать директивы keepalive_timeout и - keepalive_requests. - - *) Изменение: директивы http2_max_field_size и http2_max_header_size - упразднены, вместо них следует использовать директиву - large_client_header_buffers. - - *) Добавление: теперь при исчерпании свободных соединений nginx - закрывает не только keepalive-соединения, но и соединения в lingering - close. - - *) Исправление: в логах могли появляться сообщения "zero size buf in - output", если бэкенд возвращал некорректный ответ при - небуферизированном проксировании; ошибка появилась в 1.19.1. - - *) Исправление: при использовании директивы return вместе с image_filter - или xslt_stylesheet HEAD-запросы обрабатывались некорректно. - - *) Исправление: в директиве add_trailer. - - -Изменения в nginx 1.19.6 15.12.2020 - - *) Исправление: ошибки "no live upstreams", если server в блоке upstream - был помечен как down. - - *) Исправление: при использовании HTTPS в рабочем процессе мог произойти - segmentation fault; ошибка появилась в 1.19.5. - - *) Исправление: nginx возвращал ошибку 400 на запросы вида - "GET http://example.com?args HTTP/1.0". - - *) Исправление: в модулях ngx_http_flv_module и ngx_http_mp4_module. - Спасибо Chris Newton. - - -Изменения в nginx 1.19.5 24.11.2020 - - *) Добавление: ключ -e. - - *) Добавление: при сборке дополнительных модулей теперь можно указывать - одни и те же исходные файлы в разных модулях. - - *) Исправление: SSL shutdown не работал при закрытии соединений с - ожиданием дополнительных данных (lingering close). - - *) Исправление: при работе с gRPC-бэкендами могли возникать ошибки - "upstream sent frame for closed stream". - - *) Исправление: во внутреннем API для обработки тела запроса. - - -Изменения в nginx 1.19.4 27.10.2020 - - *) Добавление: директивы ssl_conf_command, proxy_ssl_conf_command, - grpc_ssl_conf_command и uwsgi_ssl_conf_command. - - *) Добавление: директива ssl_reject_handshake. - - *) Добавление: директива proxy_smtp_auth в почтовом прокси-сервере. - - -Изменения в nginx 1.19.3 29.09.2020 - - *) Добавление: модуль ngx_stream_set_module. - - *) Добавление: директива proxy_cookie_flags. - - *) Добавление: директива userid_flags. - - *) Исправление: расширение управления кэшированием stale-if-error - ошибочно применялось, если бэкенд возвращал ответ с кодом 500, 502, - 503, 504, 403, 404 или 429. - - *) Исправление: если использовалось кэширование и бэкенд возвращал - ответы с строкой заголовка Vary, в логах могли появляться сообщения - "[crit] cache file ... has too long header". - - *) Изменение: при использовании OpenSSL 1.1.1 в логах могли появляться - сообщения "[crit] SSL_write() failed". - - *) Исправление: в логах могли появляться сообщения "SSL_shutdown() - failed (SSL: ... bad write retry)"; ошибка появилась в 1.19.2. - - *) Исправление: при использовании HTTP/2 в рабочем процессе мог - произойти segmentation fault, если ошибки с кодом 400 с помощью - директивы error_page перенаправлялись в проксируемый location. - - *) Исправление: утечки сокетов при использовании HTTP/2 и подзапросов в - модуле njs. - - -Изменения в nginx 1.19.2 11.08.2020 - - *) Изменение: теперь nginx начинает закрывать keepalive-соединения, не - дожидаясь исчерпания всех свободных соединений, а также пишет об этом - предупреждение в лог ошибок. - - *) Изменение: оптимизация чтения тела запроса при использовании chunked - transfer encoding. - - *) Исправление: утечки памяти при использовании директивы ssl_ocsp. - - *) Исправление: в логах могли появляться сообщения "zero size buf in - output", если FastCGI-сервер возвращал некорректный ответ; ошибка - появилась в 1.19.1. - - *) Исправление: в рабочем процессе мог произойти segmentation fault, - если размеры large_client_header_buffers отличались в разных - виртуальных серверах. - - *) Исправление: SSL shutdown мог не работать. - - *) Исправление: в логах могли появляться сообщения "SSL_shutdown() - failed (SSL: ... bad write retry)". - - *) Исправление: в модуле ngx_http_slice_module. - - *) Исправление: в модуле ngx_http_xslt_filter_module. - - -Изменения в nginx 1.19.1 07.07.2020 - - *) Изменение: директивы lingering_close, lingering_time и - lingering_timeout теперь работают при использовании HTTP/2. - - *) Изменение: теперь лишние данные, присланные бэкендом, всегда - отбрасываются. - - *) Изменение: теперь при получении слишком короткого ответа от - FastCGI-сервера nginx пытается отправить клиенту доступную часть - ответа, после чего закрывает соединение с клиентом. - - *) Изменение: теперь при получении ответа некорректной длины от - gRPC-бэкенда nginx прекращает обработку ответа с ошибкой. - - *) Добавление: параметр min_free в директивах proxy_cache_path, - fastcgi_cache_path, scgi_cache_path и uwsgi_cache_path. - Спасибо Adam Bambuch. - - *) Исправление: nginx не удалял unix domain listen-сокеты при плавном - завершении по сигналу SIGQUIT. - - *) Исправление: UDP-пакеты нулевого размера не проксировались. - - *) Исправление: проксирование на uwsgi-бэкенды с использованием SSL - могло не работать. - Спасибо Guanzhong Chen. - - *) Исправление: в обработке ошибок при использовании директивы ssl_ocsp. - - *) Исправление: при использовании файловых систем XFS и NFS размер кэша - на диске мог считаться некорректно. - - *) Исправление: если сервер memcached возвращал некорректный ответ, в - логах могли появляться сообщения "negative size buf in writer". - - -Изменения в nginx 1.19.0 26.05.2020 - - *) Добавление: проверка клиентских сертификатов с помощью OCSP. - - *) Исправление: при работе с gRPC-бэкендами могли возникать ошибки - "upstream sent frame for closed stream". - - *) Исправление: OCSP stapling мог не работать, если не была указана - директива resolver. - - *) Исправление: соединения с некорректным HTTP/2 preface не - логгировались. - - -Изменения в nginx 1.17.10 14.04.2020 - - *) Добавление: директива auth_delay. - - -Изменения в nginx 1.17.9 03.03.2020 - - *) Изменение: теперь nginx не разрешает несколько строк "Host" в - заголовке запроса. - - *) Исправление: nginx игнорировал дополнительные строки - "Transfer-Encoding" в заголовке запроса. - - *) Исправление: утечки сокетов при использовании HTTP/2. - - *) Исправление: в рабочем процессе мог произойти segmentation fault, - если использовался OCSP stapling. - - *) Исправление: в модуле ngx_http_mp4_module. - - *) Исправление: при перенаправлении ошибок с кодом 494 с помощью - директивы error_page nginx возвращал ответ с кодом 494 вместо 400. - - *) Исправление: утечки сокетов при использовании подзапросов в модуле - njs и директивы aio. - - -Изменения в nginx 1.17.8 21.01.2020 - - *) Добавление: директива grpc_pass поддерживает переменные. - - *) Исправление: при обработке pipelined-запросов по SSL-соединению мог - произойти таймаут; ошибка появилась в 1.17.5. - - *) Исправление: в директиве debug_points при использовании HTTP/2. - Спасибо Даниилу Бондареву. - - -Изменения в nginx 1.17.7 24.12.2019 - - *) Исправление: на старте или во время переконфигурации мог произойти - segmentation fault, если в конфигурации использовалась директива - rewrite с пустой строкой замены. - - *) Исправление: в рабочем процессе мог произойти segmentation fault, - если директива break использовалась совместно с директивой alias или - директивой proxy_pass с URI. - - *) Исправление: строка Location заголовка ответа могла содержать мусор, - если URI запроса был изменён на URI, содержащий нулевой символ. - - *) Исправление: при возврате перенаправлений с помощью директивы - error_page запросы с телом обрабатывались некорректно; ошибка - появилась в 0.7.12. - - *) Исправление: утечки сокетов при использовании HTTP/2. - - *) Исправление: при обработке pipelined-запросов по SSL-соединению мог - произойти таймаут; ошибка появилась в 1.17.5. - - *) Исправление: в модуле ngx_http_dav_module. - - -Изменения в nginx 1.17.6 19.11.2019 - - *) Добавление: переменные $proxy_protocol_server_addr и - $proxy_protocol_server_port. - - *) Добавление: директива limit_conn_dry_run. - - *) Добавление: переменные $limit_req_status и $limit_conn_status. - - -Изменения в nginx 1.17.5 22.10.2019 - - *) Добавление: теперь nginx использует вызов ioctl(FIONREAD), если он - доступен, чтобы избежать чтения из быстрого соединения в течение - долгого времени. - - *) Исправление: неполные закодированные символы в конце URI запроса - игнорировались. - - *) Исправление: "/." и "/.." в конце URI запроса не нормализовывались. - - *) Исправление: в директиве merge_slashes. - - *) Исправление: в директиве ignore_invalid_headers. - Спасибо Alan Kemp. - - *) Исправление: nginx не собирался с MinGW-w64 gcc 8.1 и новее. - - -Изменения в nginx 1.17.4 24.09.2019 - - *) Изменение: улучшено детектирование некорректного поведения клиентов в - HTTP/2. - - *) Изменение: в обработке непрочитанного тела запроса при возврате - ошибок в HTTP/2. - - *) Исправление: директива worker_shutdown_timeout могла не работать при - использовании HTTP/2. - - *) Исправление: при использовании HTTP/2 и директивы - proxy_request_buffering в рабочем процессе мог произойти segmentation - fault. - - *) Исправление: на Windows при использовании SSL уровень записи в лог - ошибки ECONNABORTED был "crit" вместо "error". - - *) Исправление: nginx игнорировал лишние данные при использовании - chunked transfer encoding. - - *) Исправление: если использовалась директива return и при чтении тела - запроса возникала ошибка, nginx всегда возвращал ошибку 500. - - *) Исправление: в обработке ошибок выделения памяти. - - -Изменения в nginx 1.17.3 13.08.2019 - - *) Безопасность: при использовании HTTP/2 клиент мог вызвать чрезмерное - потребление памяти и ресурсов процессора (CVE-2019-9511, - CVE-2019-9513, CVE-2019-9516). - - *) Исправление: при использовании сжатия в логах могли появляться - сообщения "zero size buf"; ошибка появилась в 1.17.2. - - *) Исправление: при использовании директивы resolver в SMTP - прокси-сервере в рабочем процессе мог произойти segmentation fault. - - -Изменения в nginx 1.17.2 23.07.2019 - - *) Изменение: минимальная поддерживаемая версия zlib - 1.2.0.4. - Спасибо Илье Леошкевичу. - - *) Изменение: метод $r->internal_redirect() встроенного перла теперь - ожидает закодированный URI. - - *) Добавление: теперь с помощью метода $r->internal_redirect() - встроенного перла можно перейти в именованный location. - - *) Исправление: в обработке ошибок во встроенном перле. - - *) Исправление: на старте или во время переконфигурации мог произойти - segmentation fault, если в конфигурации использовалось значение hash - bucket size больше 64 килобайт. - - *) Исправление: при использовании методов обработки соединений select, - poll и /dev/poll nginx мог нагружать процессор во время - небуферизованного проксирования и при проксировании - WebSocket-соединений. - - *) Исправление: в модуле ngx_http_xslt_filter_module. - - *) Исправление: в модуле ngx_http_ssi_filter_module. - - -Изменения в nginx 1.17.1 25.06.2019 - - *) Добавление: директива limit_req_dry_run. - - *) Добавление: при использовании директивы hash в блоке upstream пустой - ключ хэширования теперь приводит к переключению на round-robin - балансировку. - Спасибо Niklas Keller. - - *) Исправление: в рабочем процессе мог произойти segmentation fault, - если использовалось кэширование и директива image_filter, а ошибки с - кодом 415 перенаправлялись с помощью директивы error_page; ошибка - появилась в 1.11.10. - - *) Исправление: в рабочем процессе мог произойти segmentation fault, - если использовался встроенный перл; ошибка появилась в 1.7.3. - - -Изменения в nginx 1.17.0 21.05.2019 - - *) Добавление: директивы limit_rate и limit_rate_after поддерживают - переменные. - - *) Добавление: директивы proxy_upload_rate и proxy_download_rate в - модуле stream поддерживают переменные. - - *) Изменение: минимальная поддерживаемая версия OpenSSL - 0.9.8. - - *) Изменение: теперь postpone-фильтр собирается всегда. - - *) Исправление: директива include не работала в блоках if и - limit_except. - - *) Исправление: в обработке byte ranges. - - -Изменения в nginx 1.15.12 16.04.2019 - - *) Исправление: в рабочем процессе мог произойти segmentation fault, - если в директивах ssl_certificate или ssl_certificate_key - использовались переменные и был включён OCSP stapling. - - -Изменения в nginx 1.15.11 09.04.2019 - - *) Исправление: в директиве ssl_stapling_file на Windows. - - -Изменения в nginx 1.15.10 26.03.2019 - - *) Изменение: теперь при использовании имени хоста в директиве listen - nginx создаёт listen-сокеты для всех адресов, соответствующих этому - имени (ранее использовался только первый адрес). - - *) Добавление: диапазоны портов в директиве listen. - - *) Добавление: возможность загрузки SSL-сертификатов и секретных ключей - из переменных. - - *) Изменение: переменная $ssl_server_name могла быть пустой при - использовании OpenSSL 1.1.1. - - *) Исправление: nginx/Windows не собирался с Visual Studio 2015 и новее; - ошибка появилась в 1.15.9. - - -Изменения в nginx 1.15.9 26.02.2019 - - *) Добавление: директивы ssl_certificate и ssl_certificate_key - поддерживают переменные. - - *) Добавление: метод poll теперь доступен на Windows при использовании - Windows Vista и новее. - - *) Исправление: если при использовании метода select на Windows - происходила ошибка при установлении соединения с бэкендом, nginx - ожидал истечения таймаута на установление соединения. - - *) Исправление: директивы proxy_upload_rate и proxy_download_rate в - модуле stream работали некорректно при проксировании UDP-пакетов. - - -Изменения в nginx 1.15.8 25.12.2018 - - *) Добавление: переменная $upstream_bytes_sent. - Спасибо Piotr Sikora. - - *) Добавление: новые директивы в скриптах подсветки синтаксиса для vim. - Спасибо Геннадию Махомеду. - - *) Исправление: в директиве proxy_cache_background_update. - - *) Исправление: в директиве geo при использовании unix domain - listen-сокетов. - - *) Изменение: при использовании директивы ssl_early_data с OpenSSL в - логах могли появляться сообщения "ignoring stale global SSL error ... - bad length". - - *) Исправление: в nginx/Windows. - - *) Исправление: в модуле ngx_http_autoindex_module на 32-битных - платформах. - - -Изменения в nginx 1.15.7 27.11.2018 - - *) Добавление: директива proxy_requests в модуле stream. - - *) Добавление: параметр "delay" директивы "limit_req". - Спасибо Владиславу Шабанову и Петру Щучкину. - - *) Исправление: утечки памяти в случае ошибок при переконфигурации. - - *) Исправление: в переменных $upstream_response_time, - $upstream_connect_time и $upstream_header_time. + *) Исправление: соединения к некоторым gRPC-бэкендам могли не + кэшироваться при использовании директивы keepalive. *) Исправление: в рабочем процессе мог произойти segmentation fault, если использовался модуль ngx_http_mp4_module на 32-битных платформах. -Изменения в nginx 1.15.6 06.11.2018 +Изменения в nginx 1.14.1 06.11.2018 *) Безопасность: при использовании HTTP/2 клиент мог вызвать чрезмерное потреблению памяти (CVE-2018-16843) и ресурсов процессора @@ -1001,165 +43,13 @@ ngx_http_mp4_module содержимое памяти рабочего процесса могло быть отправлено клиенту (CVE-2018-16845). - *) Добавление: директивы proxy_socket_keepalive, - fastcgi_socket_keepalive, grpc_socket_keepalive, - memcached_socket_keepalive, scgi_socket_keepalive и - uwsgi_socket_keepalive. - - *) Исправление: если nginx был собран с OpenSSL 1.1.0, а использовался с - OpenSSL 1.1.1, протокол TLS 1.3 всегда был разрешён. - *) Исправление: при работе с gRPC-бэкендами могло расходоваться большое количество памяти. -Изменения в nginx 1.15.5 02.10.2018 +Изменения в nginx 1.14.0 17.04.2018 - *) Исправление: при использовании OpenSSL 1.1.0h и новее в рабочем - процессе мог произойти segmentation fault; ошибка появилась в 1.15.4. - - *) Исправление: незначительных потенциальных ошибок. - - -Изменения в nginx 1.15.4 25.09.2018 - - *) Добавление: теперь директиву ssl_early_data можно использовать с - OpenSSL. - - *) Исправление: в модуле ngx_http_uwsgi_module. - Спасибо Chris Caputo. - - *) Исправление: соединения к некоторым gRPC-бэкендам могли не - кэшироваться при использовании директивы keepalive. - - *) Исправление: при использовании директивы error_page для - перенаправления ошибок, возникающих на ранних этапах обработки - запроса, в частности ошибок с кодом 400, могла происходить утечка - сокетов. - - *) Исправление: директива return при возврате ошибок не изменяла код - ответа, если запрос был перенаправлен с помощью директивы error_page. - - *) Исправление: стандартные сообщения об ошибках и ответы модуля - ngx_http_autoindex_module содержали атрибут bgcolor, что могло - приводить к их некорректному отображению при использовании - пользовательских настроек цветов в браузерах. - Спасибо Nova DasSarma. - - *) Изменение: уровень логгирования ошибок SSL "no suitable key share" и - "no suitable signature algorithm" понижен с уровня crit до info. - - -Изменения в nginx 1.15.3 28.08.2018 - - *) Добавление: теперь TLSv1.3 можно использовать с BoringSSL. - - *) Добавление: директива ssl_early_data, сейчас доступна при - использовании BoringSSL. - - *) Добавление: директивы keepalive_timeout и keepalive_requests в блоке - upstream. - - *) Исправление: модуль ngx_http_dav_module при копировании файла поверх - существующего файла с помощью метода COPY не обнулял целевой файл. - - *) Исправление: модуль ngx_http_dav_module при перемещении файла между - файловыми системами с помощью метода MOVE устанавливал нулевые права - доступа на результирующий файл и не сохранял время изменения файла. - - *) Исправление: модуль ngx_http_dav_module при копировании файла с - помощью метода COPY для результирующего файла использовал права - доступа по умолчанию. - - *) Изменение: некоторые клиенты могли не работать при использовании - HTTP/2; ошибка появилась в 1.13.5. - - *) Исправление: nginx не собирался с LibreSSL 2.8.0. - - -Изменения в nginx 1.15.2 24.07.2018 - - *) Добавление: переменная $ssl_preread_protocol в модуле - ngx_stream_ssl_preread_module. - - *) Добавление: теперь при использовании директивы - reset_timedout_connection nginx сбрасывает соединения, закрываемые с - кодом 444. - - *) Изменение: уровень логгирования ошибок SSL "http request", "https - proxy request", "unsupported protocol" и "version too low" понижен с - уровня crit до info. - - *) Исправление: запросы к DNS-серверу не отправлялись повторно, если при - первой попытке отправки происходила ошибка. - - *) Исправление: параметр reuseport директивы listen игнорировался, если - количество рабочих процессов было задано после директивы listen. - - *) Исправление: при использовании OpenSSL 1.1.0 и новее директиву - ssl_prefer_server_ciphers нельзя было выключить в виртуальном - сервере, если она была включена в сервере по умолчанию. - - *) Исправление: повторное использование SSL-сессий к бэкендам не - работало с протоколом TLS 1.3. - - -Изменения в nginx 1.15.1 03.07.2018 - - *) Добавление: директива random в блоке upstream. - - *) Добавление: улучшена производительность при использовании директив - hash и ip_hash совместно с директивой zone. - - *) Добавление: параметр reuseport директивы listen теперь использует - SO_REUSEPORT_LB на FreeBSD 12. - - *) Исправление: HTTP/2 server push не работал, если SSL терминировался - прокси-сервером перед nginx'ом. - - *) Исправление: директива tcp_nopush всегда использовалась для - соединений к бэкендам. - - *) Исправление: при отправке сохранённого на диск тела запроса на - gRPC-бэкенд могли возникать ошибки. - - -Изменения в nginx 1.15.0 05.06.2018 - - *) Изменение: директива "ssl" теперь считается устаревшей; вместо неё - следует использовать параметр ssl директивы listen. - - *) Изменение: теперь при использовании директивы listen с параметром ssl - nginx определяет отсутствие SSL-сертификатов при тестировании - конфигурации. - - *) Добавление: теперь модуль stream умеет обрабатывать несколько - входящих UDP-пакетов от клиента в рамках одной сессии. - - *) Исправление: в директиве proxy_cache_valid можно было указать - некорректный код ответа. - - *) Исправление: nginx не собирался gcc 8.1. - - *) Исправление: логгирование в syslog останавливалось при изменении - локального IP-адреса. - - *) Исправление: nginx не собирался компилятором clang, если был - установлен CUDA SDK; ошибка появилась в 1.13.8. - - *) Исправление: при использовании unix domain listen-сокетов на FreeBSD - в процессе обновления исполняемого файла в логе могли появляться - сообщения "getsockopt(TCP_FASTOPEN) ... failed". - - *) Исправление: nginx не собирался на Fedora 28 Linux. - - *) Исправление: при использовании директивы limit_req заданная скорость - обработки запросов могла не соблюдаться. - - *) Исправление: в обработке адресов клиентов при использовании unix - domain listen-сокетов для работы с датаграммами на Linux. - - *) Исправление: в обработке ошибок выделения памяти. + *) Стабильная ветка 1.14.x. Изменения в nginx 1.13.12 10.04.2018 diff --git a/LICENSE b/LICENSE index 985470e..9401174 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ /* - * Copyright (C) 2002-2021 Igor Sysoev - * Copyright (C) 2011-2024 Nginx, Inc. + * Copyright (C) 2002-2018 Igor Sysoev + * Copyright (C) 2011-2018 Nginx, Inc. * All rights reserved. * * Redistribution and use in source and binary forms, with or without diff --git a/auto/cc/clang b/auto/cc/clang index a962ee2..9d900c2 100644 --- a/auto/cc/clang +++ b/auto/cc/clang @@ -6,8 +6,7 @@ NGX_CLANG_VER=`$CC -v 2>&1 | grep 'version' 2>&1 \ - | sed -n -e 's/^.*clang version \(.*\)/\1/p' \ - -e 's/^.*LLVM version \(.*\)/\1/p'` + | sed -e 's/^.* version \(.*\)/\1/'` echo " + clang version: $NGX_CLANG_VER" diff --git a/auto/cc/conf b/auto/cc/conf index ba31cb8..afbca62 100644 --- a/auto/cc/conf +++ b/auto/cc/conf @@ -117,7 +117,7 @@ else . auto/cc/acc ;; - msvc) + msvc*) # MSVC++ 6.0 SP2, MSVC++ Toolkit 2003 . auto/cc/msvc diff --git a/auto/cc/msvc b/auto/cc/msvc index 567bac7..8257252 100644 --- a/auto/cc/msvc +++ b/auto/cc/msvc @@ -11,8 +11,8 @@ # MSVC 2015 (14.0) cl 19.00 -NGX_MSVC_VER=`$NGX_WINE $CC 2>&1 | grep 'C/C++.* [0-9][0-9]*\.[0-9]' 2>&1 \ - | sed -e 's/^.* \([0-9][0-9]*\.[0-9].*\)/\1/'` +NGX_MSVC_VER=`$NGX_WINE $CC 2>&1 | grep 'Compiler Version' 2>&1 \ + | sed -e 's/^.* Version \(.*\)/\1/'` echo " + cl version: $NGX_MSVC_VER" @@ -22,21 +22,6 @@ have=NGX_COMPILER value="\"cl $NGX_MSVC_VER\"" . auto/define ngx_msvc_ver=`echo $NGX_MSVC_VER | sed -e 's/^\([0-9]*\).*/\1/'` -# detect x64 builds - -case "$NGX_MSVC_VER" in - - *x64) - NGX_MACHINE=amd64 - ;; - - *) - NGX_MACHINE=i386 - ;; - -esac - - # optimizations # maximize speed, equivalent to -Og -Oi -Ot -Oy -Ob2 -Gs -GF -Gy @@ -123,7 +108,7 @@ CORE_LIBS="$CORE_LIBS kernel32.lib user32.lib" # msvc under Wine issues # C1902: Program database manager mismatch; please check your installation if [ -z "$NGX_WINE" ]; then - CFLAGS="$CFLAGS -Zi -Fd$NGX_OBJS/nginx.pdb" + CFLAGS="$CFLAGS -Zi" CORE_LINK="$CORE_LINK -debug" fi diff --git a/auto/init b/auto/init index f816dfc..910f529 100644 --- a/auto/init +++ b/auto/init @@ -48,6 +48,4 @@ default: build clean: rm -rf Makefile $NGX_OBJS - -.PHONY: default clean END diff --git a/auto/install b/auto/install index 7f73e4b..d884487 100644 --- a/auto/install +++ b/auto/install @@ -112,7 +112,7 @@ install: build $NGX_INSTALL_PERL_MODULES test ! -f '\$(DESTDIR)$NGX_SBIN_PATH' \\ || mv '\$(DESTDIR)$NGX_SBIN_PATH' \\ '\$(DESTDIR)$NGX_SBIN_PATH.old' - cp $NGX_OBJS/nginx$ngx_binext '\$(DESTDIR)$NGX_SBIN_PATH' + cp $NGX_OBJS/nginx '\$(DESTDIR)$NGX_SBIN_PATH' test -d '\$(DESTDIR)$NGX_CONF_PREFIX' \\ || mkdir -p '\$(DESTDIR)$NGX_CONF_PREFIX' @@ -215,6 +215,4 @@ upgrade: test -f $NGX_PID_PATH.oldbin kill -QUIT \`cat $NGX_PID_PATH.oldbin\` - -.PHONY: build install modules upgrade END diff --git a/auto/lib/geoip/conf b/auto/lib/geoip/conf index 47165b1..8302aae 100644 --- a/auto/lib/geoip/conf +++ b/auto/lib/geoip/conf @@ -64,23 +64,6 @@ if [ $ngx_found = no ]; then fi -if [ $ngx_found = no ]; then - - # Homebrew on Apple Silicon - - ngx_feature="GeoIP library in /opt/homebrew/" - ngx_feature_path="/opt/homebrew/include" - - if [ $NGX_RPATH = YES ]; then - ngx_feature_libs="-R/opt/homebrew/lib -L/opt/homebrew/lib -lGeoIP" - else - ngx_feature_libs="-L/opt/homebrew/lib -lGeoIP" - fi - - . auto/feature -fi - - if [ $ngx_found = yes ]; then CORE_INCS="$CORE_INCS $ngx_feature_path" diff --git a/auto/lib/google-perftools/conf b/auto/lib/google-perftools/conf index 94dadac..5d5ddae 100644 --- a/auto/lib/google-perftools/conf +++ b/auto/lib/google-perftools/conf @@ -9,8 +9,7 @@ ngx_feature_incs= ngx_feature_path= ngx_feature_libs="-lprofiler" - ngx_feature_test="void ProfilerStop(void); - ProfilerStop()" + ngx_feature_test="ProfilerStop()" . auto/feature @@ -46,22 +45,6 @@ if [ $ngx_found = no ]; then fi -if [ $ngx_found = no ]; then - - # Homebrew on Apple Silicon - - ngx_feature="Google perftools in /opt/homebrew/" - - if [ $NGX_RPATH = YES ]; then - ngx_feature_libs="-R/opt/homebrew/lib -L/opt/homebrew/lib -lprofiler" - else - ngx_feature_libs="-L/opt/homebrew/lib -lprofiler" - fi - - . auto/feature -fi - - if [ $ngx_found = yes ]; then CORE_LIBS="$CORE_LIBS $ngx_feature_libs" diff --git a/auto/lib/libatomic/conf b/auto/lib/libatomic/conf index dfdc1a6..d1e484a 100644 --- a/auto/lib/libatomic/conf +++ b/auto/lib/libatomic/conf @@ -7,8 +7,8 @@ if [ $NGX_LIBATOMIC != YES ]; then have=NGX_HAVE_LIBATOMIC . auto/have CORE_INCS="$CORE_INCS $NGX_LIBATOMIC/src" - LINK_DEPS="$LINK_DEPS $NGX_LIBATOMIC/build/lib/libatomic_ops.a" - CORE_LIBS="$CORE_LIBS $NGX_LIBATOMIC/build/lib/libatomic_ops.a" + LINK_DEPS="$LINK_DEPS $NGX_LIBATOMIC/src/libatomic_ops.a" + CORE_LIBS="$CORE_LIBS $NGX_LIBATOMIC/src/libatomic_ops.a" else @@ -19,7 +19,7 @@ else #include " ngx_feature_path= ngx_feature_libs="-latomic_ops" - ngx_feature_test="AO_t n = 0; + ngx_feature_test="long n = 0; if (!AO_compare_and_swap(&n, 0, 1)) return 1; if (AO_fetch_and_add(&n, 1) != 1) diff --git a/auto/lib/libatomic/make b/auto/lib/libatomic/make index 530c746..c90318e 100644 --- a/auto/lib/libatomic/make +++ b/auto/lib/libatomic/make @@ -3,19 +3,14 @@ # Copyright (C) Nginx, Inc. - case $NGX_LIBATOMIC in - /*) ngx_prefix="$NGX_LIBATOMIC/build" ;; - *) ngx_prefix="$PWD/$NGX_LIBATOMIC/build" ;; - esac - cat << END >> $NGX_MAKEFILE -$NGX_LIBATOMIC/build/lib/libatomic_ops.a: $NGX_LIBATOMIC/Makefile - cd $NGX_LIBATOMIC && \$(MAKE) && \$(MAKE) install +$NGX_LIBATOMIC/src/libatomic_ops.a: $NGX_LIBATOMIC/Makefile + cd $NGX_LIBATOMIC && \$(MAKE) $NGX_LIBATOMIC/Makefile: $NGX_MAKEFILE cd $NGX_LIBATOMIC \\ && if [ -f Makefile ]; then \$(MAKE) distclean; fi \\ - && ./configure --prefix=$ngx_prefix + && ./configure END diff --git a/auto/lib/libgd/conf b/auto/lib/libgd/conf index 07f5656..87761f1 100644 --- a/auto/lib/libgd/conf +++ b/auto/lib/libgd/conf @@ -9,8 +9,7 @@ ngx_feature_incs="#include " ngx_feature_path= ngx_feature_libs="-lgd" - ngx_feature_test="gdImagePtr img = gdImageCreateFromGifPtr(1, NULL); - (void) img" + ngx_feature_test="gdImagePtr img = gdImageCreateFromGifPtr(1, NULL);" . auto/feature @@ -65,23 +64,6 @@ if [ $ngx_found = no ]; then fi -if [ $ngx_found = no ]; then - - # Homebrew on Apple Silicon - - ngx_feature="GD library in /opt/homebrew/" - ngx_feature_path="/opt/homebrew/include" - - if [ $NGX_RPATH = YES ]; then - ngx_feature_libs="-R/opt/homebrew/lib -L/opt/homebrew/lib -lgd" - else - ngx_feature_libs="-L/opt/homebrew/lib -lgd" - fi - - . auto/feature -fi - - if [ $ngx_found = yes ]; then CORE_INCS="$CORE_INCS $ngx_feature_path" @@ -94,8 +76,7 @@ if [ $ngx_found = yes ]; then ngx_feature="GD WebP support" ngx_feature_name="NGX_HAVE_GD_WEBP" - ngx_feature_test="gdImagePtr img = gdImageCreateFromWebpPtr(1, NULL); - (void) img" + ngx_feature_test="gdImagePtr img = gdImageCreateFromWebpPtr(1, NULL);" . auto/feature else diff --git a/auto/lib/libxslt/conf b/auto/lib/libxslt/conf index 3063ac7..3a0f37b 100644 --- a/auto/lib/libxslt/conf +++ b/auto/lib/libxslt/conf @@ -16,8 +16,8 @@ ngx_feature_libs="-lxml2 -lxslt" ngx_feature_test="xmlParserCtxtPtr ctxt = NULL; xsltStylesheetPtr sheet = NULL; - xmlDocPtr doc = NULL; - xmlParseChunk(ctxt, NULL, 0, 0); + xmlDocPtr doc; + doc = xmlParseChunk(ctxt, NULL, 0, 0); xsltApplyStylesheet(sheet, doc, NULL);" . auto/feature diff --git a/auto/lib/openssl/conf b/auto/lib/openssl/conf index fdf430d..4fb52df 100644 --- a/auto/lib/openssl/conf +++ b/auto/lib/openssl/conf @@ -5,19 +5,12 @@ if [ $OPENSSL != NONE ]; then - have=NGX_OPENSSL . auto/have - have=NGX_SSL . auto/have - - have=NGX_OPENSSL_NO_CONFIG . auto/have - - if [ $USE_OPENSSL_QUIC = YES ]; then - have=NGX_QUIC . auto/have - have=NGX_QUIC_OPENSSL_COMPAT . auto/have - fi - case "$CC" in cl | bcc32) + have=NGX_OPENSSL . auto/have + have=NGX_SSL . auto/have + CFLAGS="$CFLAGS -DNO_SYS_TYPES_H" CORE_INCS="$CORE_INCS $OPENSSL/openssl/include" @@ -40,6 +33,9 @@ if [ $OPENSSL != NONE ]; then ;; *) + have=NGX_OPENSSL . auto/have + have=NGX_SSL . auto/have + CORE_INCS="$CORE_INCS $OPENSSL/.openssl/include" CORE_DEPS="$CORE_DEPS $OPENSSL/.openssl/include/openssl/ssl.h" CORE_LIBS="$CORE_LIBS $OPENSSL/.openssl/lib/libssl.a" @@ -122,58 +118,11 @@ else . auto/feature fi - if [ $ngx_found = no ]; then - - # Homebrew on Apple Silicon - - ngx_feature="OpenSSL library in /opt/homebrew/" - ngx_feature_path="/opt/homebrew/include" - - if [ $NGX_RPATH = YES ]; then - ngx_feature_libs="-R/opt/homebrew/lib -L/opt/homebrew/lib -lssl -lcrypto" - else - ngx_feature_libs="-L/opt/homebrew/lib -lssl -lcrypto" - fi - - ngx_feature_libs="$ngx_feature_libs $NGX_LIBDL $NGX_LIBPTHREAD" - - . auto/feature - fi - if [ $ngx_found = yes ]; then have=NGX_SSL . auto/have CORE_INCS="$CORE_INCS $ngx_feature_path" CORE_LIBS="$CORE_LIBS $ngx_feature_libs" OPENSSL=YES - - if [ $USE_OPENSSL_QUIC = YES ]; then - - ngx_feature="OpenSSL QUIC support" - ngx_feature_name="NGX_QUIC" - ngx_feature_test="SSL_set_quic_method(NULL, NULL)" - . auto/feature - - if [ $ngx_found = no ]; then - have=NGX_QUIC_OPENSSL_COMPAT . auto/have - - ngx_feature="OpenSSL QUIC compatibility" - ngx_feature_test="SSL_CTX_add_custom_ext(NULL, 0, 0, - NULL, NULL, NULL, NULL, NULL)" - . auto/feature - fi - - if [ $ngx_found = no ]; then -cat << END - -$0: error: certain modules require OpenSSL QUIC support. -You can either do not enable the modules, or install the OpenSSL library with -QUIC support into the system, or build the OpenSSL library with QUIC support -statically from the source with nginx by using --with-openssl= option. - -END - exit 1 - fi - fi fi fi diff --git a/auto/lib/openssl/make b/auto/lib/openssl/make index a7e9369..126a238 100644 --- a/auto/lib/openssl/make +++ b/auto/lib/openssl/make @@ -7,24 +7,11 @@ case "$CC" in cl) - case "$NGX_MACHINE" in - - amd64) - OPENSSL_TARGET=VC-WIN64A - ;; - - *) - OPENSSL_TARGET=VC-WIN32 - ;; - - esac - cat << END >> $NGX_MAKEFILE $OPENSSL/openssl/include/openssl/ssl.h: $NGX_MAKEFILE \$(MAKE) -f auto/lib/openssl/makefile.msvc \ - OPENSSL="$OPENSSL" OPENSSL_OPT="$OPENSSL_OPT" \ - OPENSSL_TARGET="$OPENSSL_TARGET" + OPENSSL="$OPENSSL" OPENSSL_OPT="$OPENSSL_OPT" END diff --git a/auto/lib/openssl/makefile.msvc b/auto/lib/openssl/makefile.msvc index ed17cde..5b90dcb 100644 --- a/auto/lib/openssl/makefile.msvc +++ b/auto/lib/openssl/makefile.msvc @@ -6,7 +6,7 @@ all: cd $(OPENSSL) - perl Configure $(OPENSSL_TARGET) no-shared no-threads \ + perl Configure VC-WIN32 no-shared \ --prefix="%cd%/openssl" \ --openssldir="%cd%/openssl/ssl" \ $(OPENSSL_OPT) diff --git a/auto/lib/pcre/conf b/auto/lib/pcre/conf index cdf1809..5e3960f 100644 --- a/auto/lib/pcre/conf +++ b/auto/lib/pcre/conf @@ -4,62 +4,87 @@ if [ $PCRE != NONE ]; then + CORE_INCS="$CORE_INCS $PCRE" - if [ -f $PCRE/src/pcre2.h.generic ]; then + case "$NGX_CC_NAME" in - PCRE_LIBRARY=PCRE2 - - have=NGX_PCRE . auto/have - have=NGX_PCRE2 . auto/have - - if [ "$NGX_PLATFORM" = win32 ]; then - have=PCRE2_STATIC . auto/have - fi - - CORE_INCS="$CORE_INCS $PCRE/src/" - CORE_DEPS="$CORE_DEPS $PCRE/src/pcre2.h" - - case "$NGX_CC_NAME" in - - msvc) - LINK_DEPS="$LINK_DEPS $PCRE/src/pcre2-8.lib" - CORE_LIBS="$CORE_LIBS $PCRE/src/pcre2-8.lib" - ;; - - *) - LINK_DEPS="$LINK_DEPS $PCRE/.libs/libpcre2-8.a" - CORE_LIBS="$CORE_LIBS $PCRE/.libs/libpcre2-8.a" - ;; - - esac - - else - - PCRE_LIBRARY=PCRE - - have=NGX_PCRE . auto/have - - if [ "$NGX_PLATFORM" = win32 ]; then + msvc | owc | bcc) + have=NGX_PCRE . auto/have have=PCRE_STATIC . auto/have - fi + CORE_DEPS="$CORE_DEPS $PCRE/pcre.h" + LINK_DEPS="$LINK_DEPS $PCRE/pcre.lib" + CORE_LIBS="$CORE_LIBS $PCRE/pcre.lib" + ;; - CORE_INCS="$CORE_INCS $PCRE" - CORE_DEPS="$CORE_DEPS $PCRE/pcre.h" + icc) + have=NGX_PCRE . auto/have + CORE_DEPS="$CORE_DEPS $PCRE/pcre.h" - case "$NGX_CC_NAME" in + LINK_DEPS="$LINK_DEPS $PCRE/.libs/libpcre.a" - msvc | owc | bcc) - LINK_DEPS="$LINK_DEPS $PCRE/pcre.lib" - CORE_LIBS="$CORE_LIBS $PCRE/pcre.lib" - ;; + echo $ngx_n "checking for PCRE library ...$ngx_c" - *) - LINK_DEPS="$LINK_DEPS $PCRE/.libs/libpcre.a" - CORE_LIBS="$CORE_LIBS $PCRE/.libs/libpcre.a" - ;; + if [ -f $PCRE/pcre.h ]; then + ngx_pcre_ver=`grep PCRE_MAJOR $PCRE/pcre.h \ + | sed -e 's/^.*PCRE_MAJOR.* \(.*\)$/\1/'` + + else if [ -f $PCRE/configure.in ]; then + ngx_pcre_ver=`grep PCRE_MAJOR= $PCRE/configure.in \ + | sed -e 's/^.*=\(.*\)$/\1/'` + + else + ngx_pcre_ver=`grep pcre_major, $PCRE/configure.ac \ + | sed -e 's/^.*pcre_major,.*\[\(.*\)\].*$/\1/'` + fi + fi + + echo " $ngx_pcre_ver major version found" + + # to allow -ipo optimization we link with the *.o but not library + + case "$ngx_pcre_ver" in + 4|5) + CORE_LIBS="$CORE_LIBS $PCRE/pcre.o" + ;; + + 6) + CORE_LIBS="$CORE_LIBS $PCRE/pcre_chartables.o" + CORE_LIBS="$CORE_LIBS $PCRE/pcre_compile.o" + CORE_LIBS="$CORE_LIBS $PCRE/pcre_exec.o" + CORE_LIBS="$CORE_LIBS $PCRE/pcre_fullinfo.o" + CORE_LIBS="$CORE_LIBS $PCRE/pcre_globals.o" + CORE_LIBS="$CORE_LIBS $PCRE/pcre_tables.o" + CORE_LIBS="$CORE_LIBS $PCRE/pcre_try_flipped.o" + ;; + + *) + CORE_LIBS="$CORE_LIBS $PCRE/pcre_chartables.o" + CORE_LIBS="$CORE_LIBS $PCRE/pcre_compile.o" + CORE_LIBS="$CORE_LIBS $PCRE/pcre_exec.o" + CORE_LIBS="$CORE_LIBS $PCRE/pcre_fullinfo.o" + CORE_LIBS="$CORE_LIBS $PCRE/pcre_globals.o" + CORE_LIBS="$CORE_LIBS $PCRE/pcre_tables.o" + CORE_LIBS="$CORE_LIBS $PCRE/pcre_try_flipped.o" + CORE_LIBS="$CORE_LIBS $PCRE/pcre_newline.o" + ;; + + esac + ;; + + *) + have=NGX_PCRE . auto/have + + if [ "$NGX_PLATFORM" = win32 ]; then + have=PCRE_STATIC . auto/have + fi + + CORE_DEPS="$CORE_DEPS $PCRE/pcre.h" + LINK_DEPS="$LINK_DEPS $PCRE/.libs/libpcre.a" + CORE_LIBS="$CORE_LIBS $PCRE/.libs/libpcre.a" + ;; + + esac - esac - fi if [ $PCRE_JIT = YES ]; then have=NGX_HAVE_PCRE_JIT . auto/have @@ -69,48 +94,8 @@ if [ $PCRE != NONE ]; then else if [ "$NGX_PLATFORM" != win32 ]; then + PCRE=NO - fi - - if [ $PCRE = NO -a $PCRE2 != DISABLED ]; then - - ngx_feature="PCRE2 library" - ngx_feature_name="NGX_PCRE2" - ngx_feature_run=no - ngx_feature_incs="#define PCRE2_CODE_UNIT_WIDTH 8 - #include " - ngx_feature_path= - ngx_feature_libs="-lpcre2-8" - ngx_feature_test="pcre2_code *re; - re = pcre2_compile(NULL, 0, 0, NULL, NULL, NULL); - if (re == NULL) return 1" - . auto/feature - - if [ $ngx_found = no ]; then - - # pcre2-config - - ngx_pcre2_prefix=`pcre2-config --prefix 2>/dev/null` - - if [ -n "$ngx_pcre2_prefix" ]; then - ngx_feature="PCRE2 library in $ngx_pcre2_prefix" - ngx_feature_path=`pcre2-config --cflags \ - | sed -n -e 's/.*-I *\([^ ][^ ]*\).*/\1/p'` - ngx_feature_libs=`pcre2-config --libs8` - . auto/feature - fi - fi - - if [ $ngx_found = yes ]; then - have=NGX_PCRE . auto/have - CORE_INCS="$CORE_INCS $ngx_feature_path" - CORE_LIBS="$CORE_LIBS $ngx_feature_libs" - PCRE=YES - PCRE_LIBRARY=PCRE2 - fi - fi - - if [ $PCRE = NO ]; then ngx_feature="PCRE library" ngx_feature_name="NGX_PCRE" @@ -182,27 +167,10 @@ else . auto/feature fi - if [ $ngx_found = no ]; then - - # Homebrew on Apple Silicon - - ngx_feature="PCRE library in /opt/homebrew/" - ngx_feature_path="/opt/homebrew/include" - - if [ $NGX_RPATH = YES ]; then - ngx_feature_libs="-R/opt/homebrew/lib -L/opt/homebrew/lib -lpcre" - else - ngx_feature_libs="-L/opt/homebrew/lib -lpcre" - fi - - . auto/feature - fi - if [ $ngx_found = yes ]; then CORE_INCS="$CORE_INCS $ngx_feature_path" CORE_LIBS="$CORE_LIBS $ngx_feature_libs" PCRE=YES - PCRE_LIBRARY=PCRE fi if [ $PCRE = YES ]; then diff --git a/auto/lib/pcre/make b/auto/lib/pcre/make index 182590a..97c9f3b 100644 --- a/auto/lib/pcre/make +++ b/auto/lib/pcre/make @@ -3,139 +3,36 @@ # Copyright (C) Nginx, Inc. -if [ $PCRE_LIBRARY = PCRE2 ]; then +case "$NGX_CC_NAME" in - # PCRE2 + msvc) + ngx_makefile=makefile.msvc + ngx_opt="CPU_OPT=\"$CPU_OPT\" LIBC=$LIBC" + ngx_pcre="PCRE=\"$PCRE\"" + ;; - if [ $NGX_CC_NAME = msvc ]; then + owc) + ngx_makefile=makefile.owc + ngx_opt="CPU_OPT=\"$CPU_OPT\"" + ngx_pcre=`echo PCRE=\"$PCRE\" | sed -e "s/\//$ngx_regex_dirsep/g"` + ;; - # With PCRE2, it is not possible to compile all sources. - # Since list of source files changes between versions, we - # test files which might not be present. + bcc) + ngx_makefile=makefile.bcc + ngx_opt="-DCPU_OPT=\"$CPU_OPT\"" + ngx_pcre=`echo \-DPCRE=\"$PCRE\" | sed -e "s/\//$ngx_regex_dirsep/g"` + ;; - ngx_pcre_srcs="pcre2_auto_possess.c \ - pcre2_chartables.c \ - pcre2_compile.c \ - pcre2_config.c \ - pcre2_context.c \ - pcre2_dfa_match.c \ - pcre2_error.c \ - pcre2_jit_compile.c \ - pcre2_maketables.c \ - pcre2_match.c \ - pcre2_match_data.c \ - pcre2_newline.c \ - pcre2_ord2utf.c \ - pcre2_pattern_info.c \ - pcre2_string_utils.c \ - pcre2_study.c \ - pcre2_substitute.c \ - pcre2_substring.c \ - pcre2_tables.c \ - pcre2_ucd.c \ - pcre2_valid_utf.c \ - pcre2_xclass.c" + *) + ngx_makefile= + ;; - ngx_pcre_test="pcre2_chkdint.c \ - pcre2_convert.c \ - pcre2_extuni.c \ - pcre2_find_bracket.c \ - pcre2_script_run.c \ - pcre2_serialize.c" - - for ngx_src in $ngx_pcre_test - do - if [ -f $PCRE/src/$ngx_src ]; then - ngx_pcre_srcs="$ngx_pcre_srcs $ngx_src" - fi - done - - ngx_pcre_objs=`echo $ngx_pcre_srcs \ - | sed -e "s#\([^ ]*\.\)c#\1$ngx_objext#g"` - - ngx_pcre_srcs=`echo $ngx_pcre_srcs \ - | sed -e "s/ *\([^ ][^ ]*\)/$ngx_regex_cont\1/g"` - ngx_pcre_objs=`echo $ngx_pcre_objs \ - | sed -e "s/ *\([^ ][^ ]*\)/$ngx_regex_cont\1/g"` - - cat << END >> $NGX_MAKEFILE - -PCRE_CFLAGS = -O2 -Ob1 -Oi -Gs $LIBC $CPU_OPT -PCRE_FLAGS = -DHAVE_CONFIG_H -DPCRE2_STATIC -DPCRE2_CODE_UNIT_WIDTH=8 \\ - -DHAVE_MEMMOVE - -PCRE_SRCS = $ngx_pcre_srcs -PCRE_OBJS = $ngx_pcre_objs - -$PCRE/src/pcre2.h: - cd $PCRE/src \\ - && copy /y config.h.generic config.h \\ - && copy /y pcre2.h.generic pcre2.h \\ - && copy /y pcre2_chartables.c.dist pcre2_chartables.c - -$PCRE/src/pcre2-8.lib: $PCRE/src/pcre2.h $NGX_MAKEFILE - cd $PCRE/src \\ - && cl -nologo -c \$(PCRE_CFLAGS) -I . \$(PCRE_FLAGS) \$(PCRE_SRCS) \\ - && link -lib -out:pcre2-8.lib -verbose:lib \$(PCRE_OBJS) - -END - - else - - cat << END >> $NGX_MAKEFILE - -$PCRE/src/pcre2.h: $PCRE/Makefile - -$PCRE/Makefile: $NGX_MAKEFILE - cd $PCRE \\ - && if [ -f Makefile ]; then \$(MAKE) distclean; fi \\ - && CC="\$(CC)" CFLAGS="$PCRE_OPT" \\ - ./configure --disable-shared $PCRE_CONF_OPT - -$PCRE/.libs/libpcre2-8.a: $PCRE/Makefile - cd $PCRE \\ - && \$(MAKE) libpcre2-8.la - -END - - fi +esac -else +if [ -n "$ngx_makefile" ]; then - # PCRE - - case "$NGX_CC_NAME" in - - msvc) - ngx_makefile=makefile.msvc - ngx_opt="CPU_OPT=\"$CPU_OPT\" LIBC=$LIBC" - ngx_pcre="PCRE=\"$PCRE\"" - ;; - - owc) - ngx_makefile=makefile.owc - ngx_opt="CPU_OPT=\"$CPU_OPT\"" - ngx_pcre=`echo PCRE=\"$PCRE\" | sed -e "s/\//$ngx_regex_dirsep/g"` - ;; - - bcc) - ngx_makefile=makefile.bcc - ngx_opt="-DCPU_OPT=\"$CPU_OPT\"" - ngx_pcre=`echo \-DPCRE=\"$PCRE\" \ - | sed -e "s/\//$ngx_regex_dirsep/g"` - ;; - - *) - ngx_makefile= - ;; - - esac - - - if [ -n "$ngx_makefile" ]; then - - cat << END >> $NGX_MAKEFILE + cat << END >> $NGX_MAKEFILE `echo "$PCRE/pcre.lib: $PCRE/pcre.h $NGX_MAKEFILE" \ | sed -e "s/\//$ngx_regex_dirsep/g"` @@ -146,9 +43,9 @@ else END - else +else - cat << END >> $NGX_MAKEFILE + cat << END >> $NGX_MAKEFILE $PCRE/pcre.h: $PCRE/Makefile @@ -164,6 +61,4 @@ $PCRE/.libs/libpcre.a: $PCRE/Makefile END - fi - fi diff --git a/auto/make b/auto/make index fad0844..7ddd100 100644 --- a/auto/make +++ b/auto/make @@ -2,19 +2,13 @@ # Copyright (C) Igor Sysoev # Copyright (C) Nginx, Inc. -basename_last2() { - local basename_1=`basename \`dirname $1\`` - local basename_2=$(basename "$1") - echo $(printf "$basename_1/$basename_2" | sed 's/\.\.\///') -} echo "creating $NGX_MAKEFILE" mkdir -p $NGX_OBJS/src/core $NGX_OBJS/src/event $NGX_OBJS/src/event/modules \ - $NGX_OBJS/src/event/quic \ $NGX_OBJS/src/os/unix $NGX_OBJS/src/os/win32 \ - $NGX_OBJS/src/http $NGX_OBJS/src/http/v2 $NGX_OBJS/src/http/v3 \ - $NGX_OBJS/src/http/modules $NGX_OBJS/src/http/modules/perl \ + $NGX_OBJS/src/http $NGX_OBJS/src/http/v2 $NGX_OBJS/src/http/modules \ + $NGX_OBJS/src/http/modules/perl \ $NGX_OBJS/src/mail \ $NGX_OBJS/src/stream \ $NGX_OBJS/src/misc @@ -179,7 +173,7 @@ ngx_all_srcs=`echo $ngx_all_srcs | sed -e "s/\//$ngx_regex_dirsep/g"` for ngx_src in $NGX_ADDON_SRCS do - ngx_obj="addon/`basename_last2 \`dirname $ngx_src\``" + ngx_obj="addon/`basename \`dirname $ngx_src\``" test -d $NGX_OBJS/$ngx_obj || mkdir -p $NGX_OBJS/$ngx_obj @@ -235,7 +229,7 @@ build: binary modules manpage binary: $NGX_OBJS${ngx_dirsep}nginx$ngx_binext $NGX_OBJS${ngx_dirsep}nginx$ngx_binext: $ngx_deps$ngx_spacer - \$(LINK) $ngx_long_start$ngx_binout$NGX_OBJS${ngx_dirsep}nginx$ngx_binext$ngx_long_cont$ngx_objs$ngx_libs$ngx_link$ngx_main_link + \$(LINK) $ngx_long_start$ngx_binout$NGX_OBJS${ngx_dirsep}nginx$ngx_long_cont$ngx_objs$ngx_libs$ngx_link$ngx_main_link $ngx_rcc $ngx_long_end @@ -319,7 +313,7 @@ $ngx_obj: \$(CORE_DEPS) \$(HTTP_DEPS)$ngx_cont$ngx_src END fi - done + done fi @@ -349,7 +343,7 @@ $ngx_obj: \$(CORE_DEPS) \$(MAIL_DEPS)$ngx_cont$ngx_src $ngx_cc$ngx_tab$ngx_objout$ngx_obj$ngx_tab$ngx_src$NGX_AUX END - done + done fi @@ -379,7 +373,7 @@ $ngx_obj: \$(CORE_DEPS) \$(STREAM_DEPS)$ngx_cont$ngx_src $ngx_cc$ngx_tab$ngx_objout$ngx_obj$ngx_tab$ngx_src$NGX_AUX END - done + done fi @@ -405,7 +399,7 @@ $ngx_obj: \$(CORE_DEPS) $ngx_cont$ngx_src $ngx_cc$ngx_tab$ngx_objout$ngx_obj$ngx_tab$ngx_src$NGX_AUX END - done + done fi @@ -418,7 +412,7 @@ if test -n "$NGX_ADDON_SRCS"; then for ngx_src in $NGX_ADDON_SRCS do - ngx_obj="addon/`basename_last2 \`dirname $ngx_src\``" + ngx_obj="addon/`basename \`dirname $ngx_src\``" ngx_obj=`echo $ngx_obj/\`basename $ngx_src\` \ | sed -e "s/\//$ngx_regex_dirsep/g"` @@ -437,7 +431,7 @@ $ngx_obj: \$(ADDON_DEPS)$ngx_cont$ngx_src $ngx_cc$ngx_tab$ngx_objout$ngx_obj$ngx_tab$ngx_src$NGX_AUX END - done + done fi @@ -508,7 +502,6 @@ fi for ngx_module in $DYNAMIC_MODULES do eval ngx_module_srcs="\$${ngx_module}_SRCS" - eval ngx_module_shrd="\$${ngx_module}_SHRD" eval eval ngx_module_libs="\\\"\$${ngx_module}_LIBS\\\"" eval ngx_module_modules="\$${ngx_module}_MODULES" @@ -574,14 +567,14 @@ END | sed -e "s/\(.*\.\)c/\1$ngx_objext/"` ngx_module_objs= - for ngx_src in $ngx_module_srcs $ngx_module_shrd + for ngx_src in $ngx_module_srcs do case "$ngx_src" in src/*) ngx_obj=$ngx_src ;; *) - ngx_obj="addon/`basename_last2 \`dirname $ngx_src\``" + ngx_obj="addon/`basename \`dirname $ngx_src\``" mkdir -p $NGX_OBJS/$ngx_obj ngx_obj="$ngx_obj/`basename $ngx_src`" ;; @@ -643,7 +636,7 @@ END ngx_obj=`echo $ngx_source | sed -e "s/\//$ngx_regex_dirsep/g"` ;; *) - ngx_obj="addon/`basename_last2 \`dirname $ngx_source\``" + ngx_obj="addon/`basename \`dirname $ngx_source\``" ngx_obj=`echo $ngx_obj/\`basename $ngx_source\` \ | sed -e "s/\//$ngx_regex_dirsep/g"` ;; diff --git a/auto/module b/auto/module index 3857d04..a2b578d 100644 --- a/auto/module +++ b/auto/module @@ -17,6 +17,7 @@ if [ "$ngx_module_link" = DYNAMIC ]; then done DYNAMIC_MODULES="$DYNAMIC_MODULES $ngx_module" + eval ${ngx_module}_SRCS=\"$ngx_module_srcs\" eval ${ngx_module}_MODULES=\"$ngx_module_name\" @@ -30,30 +31,6 @@ if [ "$ngx_module_link" = DYNAMIC ]; then eval ${ngx_module}_ORDER=\"$ngx_module_order\" fi - srcs= - shrd= - for src in $ngx_module_srcs - do - found=no - for old in $DYNAMIC_MODULES_SRCS - do - if [ $src = $old ]; then - found=yes - break - fi - done - - if [ $found = no ]; then - srcs="$srcs $src" - else - shrd="$shrd $src" - fi - done - eval ${ngx_module}_SRCS=\"$srcs\" - eval ${ngx_module}_SHRD=\"$shrd\" - - DYNAMIC_MODULES_SRCS="$DYNAMIC_MODULES_SRCS $srcs" - if test -n "$ngx_module_incs"; then CORE_INCS="$CORE_INCS $ngx_module_incs" fi @@ -130,24 +107,7 @@ elif [ "$ngx_module_link" = ADDON ]; then eval ${ngx_module_type}_MODULES=\"\$${ngx_module_type}_MODULES \ $ngx_module_name\" - srcs= - for src in $ngx_module_srcs - do - found=no - for old in $NGX_ADDON_SRCS - do - if [ $src = $old ]; then - found=yes - break - fi - done - - if [ $found = no ]; then - srcs="$srcs $src" - fi - done - - NGX_ADDON_SRCS="$NGX_ADDON_SRCS $srcs" + NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_module_srcs" if test -n "$ngx_module_incs"; then eval ${ngx_var}_INCS=\"\$${ngx_var}_INCS $ngx_module_incs\" diff --git a/auto/modules b/auto/modules index 1a5e421..73a9bae 100644 --- a/auto/modules +++ b/auto/modules @@ -102,8 +102,18 @@ if [ $HTTP = YES ]; then fi - if [ $HTTP_V2 = YES -o $HTTP_V3 = YES ]; then - HTTP_SRCS="$HTTP_SRCS $HTTP_HUFF_SRCS" + if [ $HTTP_SSI = YES ]; then + HTTP_POSTPONE=YES + fi + + + if [ $HTTP_SLICE = YES ]; then + HTTP_POSTPONE=YES + fi + + + if [ $HTTP_ADDITION = YES ]; then + HTTP_POSTPONE=YES fi @@ -124,7 +134,6 @@ if [ $HTTP = YES ]; then # ngx_http_header_filter # ngx_http_chunked_filter # ngx_http_v2_filter - # ngx_http_v3_filter # ngx_http_range_header_filter # ngx_http_gzip_filter # ngx_http_postpone_filter @@ -157,7 +166,6 @@ if [ $HTTP = YES ]; then ngx_http_header_filter_module \ ngx_http_chunked_filter_module \ ngx_http_v2_filter_module \ - ngx_http_v3_filter_module \ ngx_http_range_header_filter_module \ ngx_http_gzip_filter_module \ ngx_http_postpone_filter_module \ @@ -219,17 +227,6 @@ if [ $HTTP = YES ]; then . auto/module fi - if [ $HTTP_V3 = YES ]; then - ngx_module_name=ngx_http_v3_filter_module - ngx_module_incs= - ngx_module_deps= - ngx_module_srcs=src/http/v3/ngx_http_v3_filter_module.c - ngx_module_libs= - ngx_module_link=$HTTP_V3 - - . auto/module - fi - if :; then ngx_module_name=ngx_http_range_header_filter_module ngx_module_incs= @@ -255,13 +252,13 @@ if [ $HTTP = YES ]; then . auto/module fi - if :; then + if [ $HTTP_POSTPONE = YES ]; then ngx_module_name=ngx_http_postpone_filter_module ngx_module_incs= ngx_module_deps= ngx_module_srcs=src/http/ngx_http_postpone_filter_module.c ngx_module_libs= - ngx_module_link=YES + ngx_module_link=$HTTP_POSTPONE . auto/module fi @@ -423,6 +420,7 @@ if [ $HTTP = YES ]; then if [ $HTTP_V2 = YES ]; then have=NGX_HTTP_V2 . auto/have + have=NGX_HTTP_HEADERS . auto/have ngx_module_name=ngx_http_v2_module ngx_module_incs=src/http/v2 @@ -431,6 +429,8 @@ if [ $HTTP = YES ]; then ngx_module_srcs="src/http/v2/ngx_http_v2.c \ src/http/v2/ngx_http_v2_table.c \ src/http/v2/ngx_http_v2_encode.c \ + src/http/v2/ngx_http_v2_huff_decode.c \ + src/http/v2/ngx_http_v2_huff_encode.c \ src/http/v2/ngx_http_v2_module.c" ngx_module_libs= ngx_module_link=$HTTP_V2 @@ -438,32 +438,6 @@ if [ $HTTP = YES ]; then . auto/module fi - if [ $HTTP_V3 = YES ]; then - USE_OPENSSL_QUIC=YES - HTTP_SSL=YES - - have=NGX_HTTP_V3 . auto/have - - ngx_module_name=ngx_http_v3_module - ngx_module_incs=src/http/v3 - ngx_module_deps="src/http/v3/ngx_http_v3.h \ - src/http/v3/ngx_http_v3_encode.h \ - src/http/v3/ngx_http_v3_parse.h \ - src/http/v3/ngx_http_v3_table.h \ - src/http/v3/ngx_http_v3_uni.h" - ngx_module_srcs="src/http/v3/ngx_http_v3.c \ - src/http/v3/ngx_http_v3_encode.c \ - src/http/v3/ngx_http_v3_parse.c \ - src/http/v3/ngx_http_v3_table.c \ - src/http/v3/ngx_http_v3_uni.c \ - src/http/v3/ngx_http_v3_request.c \ - src/http/v3/ngx_http_v3_module.c" - ngx_module_libs= - ngx_module_link=$HTTP_V3 - - . auto/module - fi - if :; then ngx_module_name=ngx_http_static_module ngx_module_incs= @@ -904,17 +878,6 @@ if [ $HTTP = YES ]; then . auto/module fi - if [ $HTTP_UPSTREAM_RANDOM = YES ]; then - ngx_module_name=ngx_http_upstream_random_module - ngx_module_incs= - ngx_module_deps= - ngx_module_srcs=src/http/modules/ngx_http_upstream_random_module.c - ngx_module_libs= - ngx_module_link=$HTTP_UPSTREAM_RANDOM - - . auto/module - fi - if [ $HTTP_UPSTREAM_KEEPALIVE = YES ]; then ngx_module_name=ngx_http_upstream_keepalive_module ngx_module_incs= @@ -1026,12 +989,6 @@ if [ $MAIL != NO ]; then ngx_module_srcs=src/mail/ngx_mail_proxy_module.c . auto/module - - ngx_module_name=ngx_mail_realip_module - ngx_module_deps= - ngx_module_srcs=src/mail/ngx_mail_realip_module.c - - . auto/module fi @@ -1166,26 +1123,6 @@ if [ $STREAM != NO ]; then . auto/module fi - if [ $STREAM_PASS = YES ]; then - ngx_module_name=ngx_stream_pass_module - ngx_module_deps= - ngx_module_srcs=src/stream/ngx_stream_pass_module.c - ngx_module_libs= - ngx_module_link=$STREAM_PASS - - . auto/module - fi - - if [ $STREAM_SET = YES ]; then - ngx_module_name=ngx_stream_set_module - ngx_module_deps= - ngx_module_srcs=src/stream/ngx_stream_set_module.c - ngx_module_libs= - ngx_module_link=$STREAM_SET - - . auto/module - fi - if [ $STREAM_UPSTREAM_HASH = YES ]; then ngx_module_name=ngx_stream_upstream_hash_module ngx_module_deps= @@ -1206,16 +1143,6 @@ if [ $STREAM != NO ]; then . auto/module fi - if [ $STREAM_UPSTREAM_RANDOM = YES ]; then - ngx_module_name=ngx_stream_upstream_random_module - ngx_module_deps= - ngx_module_srcs=src/stream/ngx_stream_upstream_random_module.c - ngx_module_libs= - ngx_module_link=$STREAM_UPSTREAM_RANDOM - - . auto/module - fi - if [ $STREAM_UPSTREAM_ZONE = YES ]; then have=NGX_STREAM_UPSTREAM_ZONE . auto/have @@ -1320,63 +1247,6 @@ if [ $USE_OPENSSL = YES ]; then fi -if [ $USE_OPENSSL_QUIC = YES ]; then - ngx_module_type=CORE - ngx_module_name=ngx_quic_module - ngx_module_incs= - ngx_module_deps="src/event/quic/ngx_event_quic.h \ - src/event/quic/ngx_event_quic_transport.h \ - src/event/quic/ngx_event_quic_protection.h \ - src/event/quic/ngx_event_quic_connection.h \ - src/event/quic/ngx_event_quic_frames.h \ - src/event/quic/ngx_event_quic_connid.h \ - src/event/quic/ngx_event_quic_migration.h \ - src/event/quic/ngx_event_quic_streams.h \ - src/event/quic/ngx_event_quic_ssl.h \ - src/event/quic/ngx_event_quic_tokens.h \ - src/event/quic/ngx_event_quic_ack.h \ - src/event/quic/ngx_event_quic_output.h \ - src/event/quic/ngx_event_quic_socket.h \ - src/event/quic/ngx_event_quic_openssl_compat.h" - ngx_module_srcs="src/event/quic/ngx_event_quic.c \ - src/event/quic/ngx_event_quic_udp.c \ - src/event/quic/ngx_event_quic_transport.c \ - src/event/quic/ngx_event_quic_protection.c \ - src/event/quic/ngx_event_quic_frames.c \ - src/event/quic/ngx_event_quic_connid.c \ - src/event/quic/ngx_event_quic_migration.c \ - src/event/quic/ngx_event_quic_streams.c \ - src/event/quic/ngx_event_quic_ssl.c \ - src/event/quic/ngx_event_quic_tokens.c \ - src/event/quic/ngx_event_quic_ack.c \ - src/event/quic/ngx_event_quic_output.c \ - src/event/quic/ngx_event_quic_socket.c \ - src/event/quic/ngx_event_quic_openssl_compat.c" - - ngx_module_libs= - ngx_module_link=YES - ngx_module_order= - - . auto/module - - if [ $QUIC_BPF = YES -a $SO_COOKIE_FOUND = YES ]; then - ngx_module_type=CORE - ngx_module_name=ngx_quic_bpf_module - ngx_module_incs= - ngx_module_deps= - ngx_module_srcs="src/event/quic/ngx_event_quic_bpf.c \ - src/event/quic/ngx_event_quic_bpf_code.c" - ngx_module_libs= - ngx_module_link=YES - ngx_module_order= - - . auto/module - - have=NGX_QUIC_BPF . auto/have - fi -fi - - if [ $USE_PCRE = YES ]; then ngx_module_type=CORE ngx_module_name=ngx_regex_module diff --git a/auto/options b/auto/options index 6a6e990..59f0449 100644 --- a/auto/options +++ b/auto/options @@ -45,8 +45,6 @@ USE_THREADS=NO NGX_FILE_AIO=NO -QUIC_BPF=NO - HTTP=YES NGX_HTTP_LOG_PATH= @@ -61,8 +59,8 @@ HTTP_CHARSET=YES HTTP_GZIP=YES HTTP_SSL=NO HTTP_V2=NO -HTTP_V3=NO HTTP_SSI=YES +HTTP_POSTPONE=NO HTTP_REALIP=NO HTTP_XSLT=NO HTTP_IMAGE_FILTER=NO @@ -104,7 +102,6 @@ HTTP_GZIP_STATIC=NO HTTP_UPSTREAM_HASH=YES HTTP_UPSTREAM_IP_HASH=YES HTTP_UPSTREAM_LEAST_CONN=YES -HTTP_UPSTREAM_RANDOM=YES HTTP_UPSTREAM_KEEPALIVE=YES HTTP_UPSTREAM_ZONE=YES @@ -127,19 +124,14 @@ STREAM_GEOIP=NO STREAM_MAP=YES STREAM_SPLIT_CLIENTS=YES STREAM_RETURN=YES -STREAM_PASS=YES -STREAM_SET=YES STREAM_UPSTREAM_HASH=YES STREAM_UPSTREAM_LEAST_CONN=YES -STREAM_UPSTREAM_RANDOM=YES STREAM_UPSTREAM_ZONE=YES STREAM_SSL_PREREAD=NO DYNAMIC_MODULES= -DYNAMIC_MODULES_SRCS= NGX_ADDONS= -NGX_ADDON_SRCS= NGX_ADDON_DEPS= DYNAMIC_ADDONS= @@ -150,10 +142,8 @@ PCRE=NONE PCRE_OPT= PCRE_CONF_OPT= PCRE_JIT=NO -PCRE2=YES USE_OPENSSL=NO -USE_OPENSSL_QUIC=NO OPENSSL=NONE USE_ZLIB=NO @@ -171,8 +161,6 @@ USE_GEOIP=NO NGX_GOOGLE_PERFTOOLS=NO NGX_CPP_TEST=NO -SO_COOKIE_FOUND=NO - NGX_LIBATOMIC=NO NGX_CPU_CACHE_LINE= @@ -218,8 +206,6 @@ do --with-file-aio) NGX_FILE_AIO=YES ;; - --without-quic_bpf_module) QUIC_BPF=NONE ;; - --with-ipv6) NGX_POST_CONF_MSG="$NGX_POST_CONF_MSG $0: warning: the \"--with-ipv6\" option is deprecated" @@ -237,7 +223,6 @@ $0: warning: the \"--with-ipv6\" option is deprecated" --with-http_ssl_module) HTTP_SSL=YES ;; --with-http_v2_module) HTTP_V2=YES ;; - --with-http_v3_module) HTTP_V3=YES ;; --with-http_realip_module) HTTP_REALIP=YES ;; --with-http_addition_module) HTTP_ADDITION=YES ;; --with-http_xslt_module) HTTP_XSLT=YES ;; @@ -288,8 +273,6 @@ $0: warning: the \"--with-ipv6\" option is deprecated" --without-http_upstream_ip_hash_module) HTTP_UPSTREAM_IP_HASH=NO ;; --without-http_upstream_least_conn_module) HTTP_UPSTREAM_LEAST_CONN=NO ;; - --without-http_upstream_random_module) - HTTP_UPSTREAM_RANDOM=NO ;; --without-http_upstream_keepalive_module) HTTP_UPSTREAM_KEEPALIVE=NO ;; --without-http_upstream_zone_module) HTTP_UPSTREAM_ZONE=NO ;; @@ -338,14 +321,10 @@ use the \"--with-mail_ssl_module\" option instead" --without-stream_split_clients_module) STREAM_SPLIT_CLIENTS=NO ;; --without-stream_return_module) STREAM_RETURN=NO ;; - --without-stream_pass_module) STREAM_PASS=NO ;; - --without-stream_set_module) STREAM_SET=NO ;; --without-stream_upstream_hash_module) STREAM_UPSTREAM_HASH=NO ;; --without-stream_upstream_least_conn_module) STREAM_UPSTREAM_LEAST_CONN=NO ;; - --without-stream_upstream_random_module) - STREAM_UPSTREAM_RANDOM=NO ;; --without-stream_upstream_zone_module) STREAM_UPSTREAM_ZONE=NO ;; @@ -369,7 +348,6 @@ use the \"--with-mail_ssl_module\" option instead" --with-pcre=*) PCRE="$value" ;; --with-pcre-opt=*) PCRE_OPT="$value" ;; --with-pcre-jit) PCRE_JIT=YES ;; - --without-pcre2) PCRE2=DISABLED ;; --with-openssl=*) OPENSSL="$value" ;; --with-openssl-opt=*) OPENSSL_OPT="$value" ;; @@ -454,11 +432,8 @@ cat << END --with-file-aio enable file AIO support - --without-quic_bpf_module disable ngx_quic_bpf_module - --with-http_ssl_module enable ngx_http_ssl_module --with-http_v2_module enable ngx_http_v2_module - --with-http_v3_module enable ngx_http_v3_module --with-http_realip_module enable ngx_http_realip_module --with-http_addition_module enable ngx_http_addition_module --with-http_xslt_module enable ngx_http_xslt_module @@ -510,8 +485,6 @@ cat << END disable ngx_http_upstream_ip_hash_module --without-http_upstream_least_conn_module disable ngx_http_upstream_least_conn_module - --without-http_upstream_random_module - disable ngx_http_upstream_random_module --without-http_upstream_keepalive_module disable ngx_http_upstream_keepalive_module --without-http_upstream_zone_module @@ -558,14 +531,10 @@ cat << END --without-stream_split_clients_module disable ngx_stream_split_clients_module --without-stream_return_module disable ngx_stream_return_module - --without-stream_pass_module disable ngx_stream_pass_module - --without-stream_set_module disable ngx_stream_set_module --without-stream_upstream_hash_module disable ngx_stream_upstream_hash_module --without-stream_upstream_least_conn_module disable ngx_stream_upstream_least_conn_module - --without-stream_upstream_random_module - disable ngx_stream_upstream_random_module --without-stream_upstream_zone_module disable ngx_stream_upstream_zone_module @@ -590,7 +559,6 @@ cat << END --with-pcre=DIR set path to PCRE library sources --with-pcre-opt=OPTIONS set additional build options for PCRE --with-pcre-jit build PCRE with JIT compilation support - --without-pcre2 do not use PCRE2 library --with-zlib=DIR set path to zlib library sources --with-zlib-opt=OPTIONS set additional build options for zlib diff --git a/auto/os/conf b/auto/os/conf index bb0ce4e..7c6cb69 100644 --- a/auto/os/conf +++ b/auto/os/conf @@ -110,26 +110,11 @@ case "$NGX_MACHINE" in NGX_MACH_CACHE_LINE=64 ;; - aarch64 | arm64) + aarch64 ) have=NGX_ALIGNMENT value=16 . auto/define NGX_MACH_CACHE_LINE=64 ;; - ppc64* | powerpc64*) - have=NGX_ALIGNMENT value=16 . auto/define - NGX_MACH_CACHE_LINE=128 - ;; - - riscv64) - have=NGX_ALIGNMENT value=16 . auto/define - NGX_MACH_CACHE_LINE=64 - ;; - - s390x) - have=NGX_ALIGNMENT value=16 . auto/define - NGX_MACH_CACHE_LINE=256 - ;; - *) have=NGX_ALIGNMENT value=16 . auto/define NGX_MACH_CACHE_LINE=32 diff --git a/auto/os/freebsd b/auto/os/freebsd index 870bac4..937ca20 100644 --- a/auto/os/freebsd +++ b/auto/os/freebsd @@ -44,10 +44,12 @@ if [ $osreldate -gt 300007 ]; then CORE_SRCS="$CORE_SRCS $FREEBSD_SENDFILE_SRCS" fi -if [ $osreldate -gt 1100093 ]; then - echo " + sendfile()'s SF_NODISKIO found" +if [ $NGX_FILE_AIO = YES ]; then + if [ $osreldate -gt 502103 ]; then + echo " + sendfile()'s SF_NODISKIO found" - have=NGX_HAVE_SENDFILE_NODISKIO . auto/have + have=NGX_HAVE_AIO_SENDFILE . auto/have + fi fi # POSIX semaphores diff --git a/auto/os/linux b/auto/os/linux index bc0556b..2c8a9bb 100644 --- a/auto/os/linux +++ b/auto/os/linux @@ -86,31 +86,6 @@ if [ $ngx_found = yes ]; then ee.data.ptr = NULL; epoll_ctl(efd, EPOLL_CTL_ADD, fd, &ee)" . auto/feature - - - # eventfd() - - ngx_feature="eventfd()" - ngx_feature_name="NGX_HAVE_EVENTFD" - ngx_feature_run=no - ngx_feature_incs="#include " - ngx_feature_path= - ngx_feature_libs= - ngx_feature_test="(void) eventfd(0, 0)" - . auto/feature - - if [ $ngx_found = yes ]; then - have=NGX_HAVE_SYS_EVENTFD_H . auto/have - fi - - - if [ $ngx_found = no ]; then - - ngx_feature="eventfd() (SYS_eventfd)" - ngx_feature_incs="#include " - ngx_feature_test="(void) SYS_eventfd" - . auto/feature - fi fi @@ -210,8 +185,6 @@ ngx_feature_test="struct __user_cap_data_struct data; data.effective = CAP_TO_MASK(CAP_NET_RAW); data.permitted = 0; - (void) header; - (void) data; (void) SYS_capset" . auto/feature @@ -228,71 +201,8 @@ ngx_feature_test="struct crypt_data cd; crypt_r(\"key\", \"salt\", &cd);" . auto/feature -if [ $ngx_found = yes ]; then - CRYPT_LIB="-lcrypt" -fi - ngx_include="sys/vfs.h"; . auto/include -# BPF sockhash - -ngx_feature="BPF sockhash" -ngx_feature_name="NGX_HAVE_BPF" -ngx_feature_run=no -ngx_feature_incs="#include - #include " -ngx_feature_path= -ngx_feature_libs= -ngx_feature_test="union bpf_attr attr = { 0 }; - - attr.map_flags = 0; - attr.map_type = BPF_MAP_TYPE_SOCKHASH; - - syscall(__NR_bpf, 0, &attr, 0);" -. auto/feature - -if [ $ngx_found = yes ]; then - CORE_SRCS="$CORE_SRCS src/core/ngx_bpf.c" - CORE_DEPS="$CORE_DEPS src/core/ngx_bpf.h" - - if [ $QUIC_BPF != NONE ]; then - QUIC_BPF=YES - fi -fi - - -ngx_feature="SO_COOKIE" -ngx_feature_name="NGX_HAVE_SO_COOKIE" -ngx_feature_run=no -ngx_feature_incs="#include - $NGX_INCLUDE_INTTYPES_H" -ngx_feature_path= -ngx_feature_libs= -ngx_feature_test="socklen_t optlen = sizeof(uint64_t); - uint64_t cookie; - getsockopt(0, SOL_SOCKET, SO_COOKIE, &cookie, &optlen)" -. auto/feature - -if [ $ngx_found = yes ]; then - SO_COOKIE_FOUND=YES -fi - - -# UDP segmentation offloading - -ngx_feature="UDP_SEGMENT" -ngx_feature_name="NGX_HAVE_UDP_SEGMENT" -ngx_feature_run=no -ngx_feature_incs="#include - #include " -ngx_feature_path= -ngx_feature_libs= -ngx_feature_test="socklen_t optlen = sizeof(int); - int val; - getsockopt(0, SOL_UDP, UDP_SEGMENT, &val, &optlen)" -. auto/feature - - CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64" diff --git a/auto/os/win32 b/auto/os/win32 index bce764b..7a82774 100644 --- a/auto/os/win32 +++ b/auto/os/win32 @@ -11,14 +11,13 @@ CORE_SRCS="$WIN32_SRCS $IOCP_SRCS" OS_CONFIG="$WIN32_CONFIG" NGX_ICONS="$NGX_WIN32_ICONS" SELECT_SRCS=$WIN32_SELECT_SRCS -POLL_SRCS=$WIN32_POLL_SRCS ngx_pic_opt= ngx_binext=".exe" case "$NGX_CC_NAME" in - clang | gcc) + gcc) CORE_LIBS="$CORE_LIBS -ladvapi32 -lws2_32" MAIN_LINK="$MAIN_LINK -Wl,--export-all-symbols" MAIN_LINK="$MAIN_LINK -Wl,--out-implib=$NGX_OBJS/libnginx.a" @@ -32,7 +31,12 @@ case "$NGX_CC_NAME" in esac EVENT_MODULES="$EVENT_MODULES $IOCP_MODULE" -#EVENT_FOUND=YES +EVENT_FOUND=YES + +if [ $EVENT_SELECT = NO ]; then + CORE_SRCS="$CORE_SRCS $SELECT_SRCS" + EVENT_MODULES="$EVENT_MODULES $SELECT_MODULE" +fi have=NGX_HAVE_INET6 . auto/have diff --git a/auto/sources b/auto/sources index 46408ee..1398147 100644 --- a/auto/sources +++ b/auto/sources @@ -83,20 +83,18 @@ CORE_SRCS="src/core/nginx.c \ EVENT_MODULES="ngx_events_module ngx_event_core_module" -EVENT_INCS="src/event src/event/modules src/event/quic" +EVENT_INCS="src/event src/event/modules" EVENT_DEPS="src/event/ngx_event.h \ src/event/ngx_event_timer.h \ src/event/ngx_event_posted.h \ src/event/ngx_event_connect.h \ - src/event/ngx_event_pipe.h \ - src/event/ngx_event_udp.h" + src/event/ngx_event_pipe.h" EVENT_SRCS="src/event/ngx_event.c \ src/event/ngx_event_timer.c \ src/event/ngx_event_posted.c \ src/event/ngx_event_accept.c \ - src/event/ngx_event_udp.c \ src/event/ngx_event_connect.c \ src/event/ngx_event_pipe.c" @@ -107,7 +105,6 @@ WIN32_SELECT_SRCS=src/event/modules/ngx_win32_select_module.c POLL_MODULE=ngx_poll_module POLL_SRCS=src/event/modules/ngx_poll_module.c -WIN32_POLL_SRCS=src/event/modules/ngx_win32_poll_module.c KQUEUE_MODULE=ngx_kqueue_module KQUEUE_SRCS=src/event/modules/ngx_kqueue_module.c @@ -256,6 +253,3 @@ NGX_WIN32_RC="src/os/win32/nginx.rc" HTTP_FILE_CACHE_SRCS=src/http/ngx_http_file_cache.c - -HTTP_HUFF_SRCS="src/http/ngx_http_huff_decode.c - src/http/ngx_http_huff_encode.c" diff --git a/auto/summary b/auto/summary index b3c07ee..9aa776e 100644 --- a/auto/summary +++ b/auto/summary @@ -16,9 +16,9 @@ if [ $USE_PCRE = DISABLED ]; then else case $PCRE in - YES) echo " + using system $PCRE_LIBRARY library" ;; + YES) echo " + using system PCRE library" ;; NONE) echo " + PCRE library is not used" ;; - *) echo " + using $PCRE_LIBRARY library: $PCRE" ;; + *) echo " + using PCRE library: $PCRE" ;; esac fi diff --git a/auto/unix b/auto/unix index f29e69c..43d3b25 100644 --- a/auto/unix +++ b/auto/unix @@ -448,54 +448,6 @@ ngx_feature_test="setsockopt(0, IPPROTO_IPV6, IPV6_RECVPKTINFO, NULL, 0)" . auto/feature -# IP packet fragmentation - -ngx_feature="IP_MTU_DISCOVER" -ngx_feature_name="NGX_HAVE_IP_MTU_DISCOVER" -ngx_feature_run=no -ngx_feature_incs="#include - #include " -ngx_feature_path= -ngx_feature_libs= -ngx_feature_test="(void) IP_PMTUDISC_DO; - setsockopt(0, IPPROTO_IP, IP_MTU_DISCOVER, NULL, 0)" -. auto/feature - - -ngx_feature="IPV6_MTU_DISCOVER" -ngx_feature_name="NGX_HAVE_IPV6_MTU_DISCOVER" -ngx_feature_run=no -ngx_feature_incs="#include - #include " -ngx_feature_path= -ngx_feature_libs= -ngx_feature_test="(void) IPV6_PMTUDISC_DO; - setsockopt(0, IPPROTO_IPV6, IPV6_MTU_DISCOVER, NULL, 0)" -. auto/feature - - -ngx_feature="IP_DONTFRAG" -ngx_feature_name="NGX_HAVE_IP_DONTFRAG" -ngx_feature_run=no -ngx_feature_incs="#include - #include " -ngx_feature_path= -ngx_feature_libs= -ngx_feature_test="setsockopt(0, IPPROTO_IP, IP_DONTFRAG, NULL, 0)" -. auto/feature - - -ngx_feature="IPV6_DONTFRAG" -ngx_feature_name="NGX_HAVE_IPV6_DONTFRAG" -ngx_feature_run=no -ngx_feature_incs="#include - #include " -ngx_feature_path= -ngx_feature_libs= -ngx_feature_test="setsockopt(0, IPPROTO_IP, IPV6_DONTFRAG, NULL, 0)" -. auto/feature - - ngx_feature="TCP_DEFER_ACCEPT" ngx_feature_name="NGX_HAVE_DEFERRED_ACCEPT" ngx_feature_run=no @@ -630,6 +582,29 @@ Currently file AIO is supported on FreeBSD 4.3+ and Linux 2.6.22+ only END exit 1 fi + +else + + ngx_feature="eventfd()" + ngx_feature_name="NGX_HAVE_EVENTFD" + ngx_feature_run=no + ngx_feature_incs="#include " + ngx_feature_path= + ngx_feature_libs= + ngx_feature_test="(void) eventfd(0, 0)" + . auto/feature + + if [ $ngx_found = yes ]; then + have=NGX_HAVE_SYS_EVENTFD_H . auto/have + fi + + if [ $ngx_found = no ]; then + + ngx_feature="eventfd() (SYS_eventfd)" + ngx_feature_incs="#include " + ngx_feature_test="(void) SYS_eventfd" + . auto/feature + fi fi @@ -752,33 +727,17 @@ ngx_feature_test="char buf[1]; struct iovec vec[1]; ssize_t n; . auto/feature -# strerrordesc_np(), introduced in glibc 2.32 - -ngx_feature="strerrordesc_np()" -ngx_feature_name="NGX_HAVE_STRERRORDESC_NP" -ngx_feature_run=no -ngx_feature_incs='#include ' +ngx_feature="sys_nerr" +ngx_feature_name="NGX_SYS_NERR" +ngx_feature_run=value +ngx_feature_incs='#include + #include ' ngx_feature_path= ngx_feature_libs= -ngx_feature_test="char *p; p = strerrordesc_np(0); - if (p == NULL) return 1" +ngx_feature_test='printf("%d", sys_nerr);' . auto/feature -if [ $ngx_found = no ]; then - - ngx_feature="sys_nerr" - ngx_feature_name="NGX_SYS_NERR" - ngx_feature_run=value - ngx_feature_incs='#include - #include ' - ngx_feature_path= - ngx_feature_libs= - ngx_feature_test='printf("%d", sys_nerr);' - . auto/feature -fi - - if [ $ngx_found = no ]; then # Cygiwn defines _sys_nerr @@ -794,6 +753,34 @@ if [ $ngx_found = no ]; then fi +if [ $ngx_found = no ]; then + + # Solaris has no sys_nerr + ngx_feature='maximum errno' + ngx_feature_name=NGX_SYS_NERR + ngx_feature_run=value + ngx_feature_incs='#include + #include + #include ' + ngx_feature_path= + ngx_feature_libs= + ngx_feature_test='int n; + char *p; + for (n = 1; n < 1000; n++) { + errno = 0; + p = strerror(n); + if (errno == EINVAL + || p == NULL + || strncmp(p, "Unknown error", 13) == 0) + { + break; + } + } + printf("%d", n);' + . auto/feature +fi + + ngx_feature="localtime_r()" ngx_feature_name="NGX_HAVE_LOCALTIME_R" ngx_feature_run=no @@ -956,18 +943,6 @@ ngx_feature_test="int i = FIONBIO; printf(\"%d\", i)" . auto/feature -ngx_feature="ioctl(FIONREAD)" -ngx_feature_name="NGX_HAVE_FIONREAD" -ngx_feature_run=no -ngx_feature_incs="#include - #include - $NGX_INCLUDE_SYS_FILIO_H" -ngx_feature_path= -ngx_feature_libs= -ngx_feature_test="int i = FIONREAD; printf(\"%d\", i)" -. auto/feature - - ngx_feature="struct tm.tm_gmtoff" ngx_feature_name="NGX_HAVE_GMTOFF" ngx_feature_run=no diff --git a/conf/mime.types b/conf/mime.types index 1c00d70..8a2348a 100644 --- a/conf/mime.types +++ b/conf/mime.types @@ -15,7 +15,6 @@ types { text/vnd.wap.wml wml; text/x-component htc; - image/avif avif; image/png png; image/svg+xml svg svgz; image/tiff tif tiff; @@ -25,9 +24,7 @@ types { image/x-jng jng; image/x-ms-bmp bmp; - font/woff woff; - font/woff2 woff2; - + application/font-woff woff; application/java-archive jar war ear; application/json json; application/mac-binhex40 hqx; @@ -52,7 +49,6 @@ types { application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; application/vnd.wap.wmlc wmlc; - application/wasm wasm; application/x-7z-compressed 7z; application/x-cocoa cco; application/x-java-archive-diff jardiff; diff --git a/configure b/configure index 5b88ebb..7e6e33a 100755 --- a/configure +++ b/configure @@ -44,7 +44,6 @@ if test -z "$NGX_PLATFORM"; then else echo "building for $NGX_PLATFORM" NGX_SYSTEM=$NGX_PLATFORM - NGX_MACHINE=i386 fi . auto/cc/conf @@ -88,10 +87,6 @@ have=NGX_PID_PATH value="\"$NGX_PID_PATH\"" . auto/define have=NGX_LOCK_PATH value="\"$NGX_LOCK_PATH\"" . auto/define have=NGX_ERROR_LOG_PATH value="\"$NGX_ERROR_LOG_PATH\"" . auto/define -if [ ".$NGX_ERROR_LOG_PATH" = "." ]; then - have=NGX_ERROR_LOG_STDERR . auto/have -fi - have=NGX_HTTP_LOG_PATH value="\"$NGX_HTTP_LOG_PATH\"" . auto/define have=NGX_HTTP_CLIENT_TEMP_PATH value="\"$NGX_HTTP_CLIENT_TEMP_PATH\"" . auto/define diff --git a/configure.docker.sh b/configure.docker.sh deleted file mode 100755 index 4131c20..0000000 --- a/configure.docker.sh +++ /dev/null @@ -1,69 +0,0 @@ -#!/bin/bash -./configure \ - --with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -fPIC -D_FORTIFY_SOURCE=2 -I/tmp/build/quickjs/" \ - --with-ld-opt="-Wl,-z,relro -Wl,-z,now -fPIC -L/tmp/build/quickjs/" \ - --sbin-path=/usr/local/sbin/nginx \ - --conf-path=/video_server/nginx/nginx.conf \ - --error-log-path=/var/log/nginx/error.log \ - --pid-path=/var/run/nginx/nginx.pid \ - --lock-path=/var/lock/nginx/nginx.lock \ - --http-log-path=/var/log/nginx/access.log \ - --http-client-body-temp-path=/tmp/nginx-client-body \ - --with-compat \ - --with-debug \ - --with-pcre-jit \ - --with-http_ssl_module \ - --with-http_stub_status_module \ - --with-http_realip_module \ - --with-http_auth_request_module \ - --with-http_v2_module \ - --with-http_dav_module \ - --with-http_slice_module \ - --with-threads \ - --with-http_addition_module \ - --with-http_flv_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_mp4_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_sub_module \ - --with-mail_ssl_module \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-http_geoip_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_perl_module=dynamic \ - --with-http_xslt_module=dynamic \ - --with-mail=dynamic \ - --with-stream=dynamic \ - --with-stream_geoip_module=dynamic \ - --add-module=./modules_deb/libnginx-mod-http-ndk-0.3.4 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-brotli-1.0.0~rc \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-cache-purge-2.5.3 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-echo-0.63 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-geoip2-3.4 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-headers-more-filter-0.38 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-memc-0.20 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-set-misc-0.33 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-srcache-filter-0.33 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-subs-filter-0.6.4 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-upstream-fair-0.0~git20120408.a18b409 \ - --add-dynamic-module=./modules_deb/libnginx-mod-nchan-1.3.7+dfsg \ - --add-dynamic-module=./modules/njs/nginx \ - --add-dynamic-module=./modules/nginx-vod-module \ - --add-module=./modules/media-framework/nginx-common \ - --add-dynamic-module=./modules/nginx-stream-preread-str-module \ - --add-dynamic-module=./modules/media-framework/nginx-kmp-in-module \ - --add-dynamic-module=./modules/media-framework/nginx-kmp-out-module \ - --add-dynamic-module=./modules/media-framework/nginx-rtmp-module \ - --add-dynamic-module=./modules/media-framework/nginx-rtmp-kmp-module \ - --add-dynamic-module=./modules/media-framework/nginx-mpegts-module \ - --add-dynamic-module=./modules/media-framework/nginx-mpegts-kmp-module \ - --add-dynamic-module=./modules/media-framework/nginx-kmp-cc-module \ - --add-dynamic-module=./modules/media-framework/nginx-kmp-rtmp-module \ - --add-dynamic-module=./modules/media-framework/nginx-live-module \ - --add-dynamic-module=./modules/nginx-srt-module \ - --add-dynamic-module=./modules/media-framework/nginx-pckg-module \ - --add-dynamic-module=./modules/nginx-secure-token-module \ No newline at end of file diff --git a/configure.sh b/configure.sh deleted file mode 100755 index 3d780fe..0000000 --- a/configure.sh +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash -./configure \ - --with-cc-opt="-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -fPIC -D_FORTIFY_SOURCE=2 -I/usr/local/include/quickjs/" \ - --with-ld-opt="-Wl,-z,relro -Wl,-z,now -fPIC -L/usr/local/lib/quickjs/" \ - --prefix=/usr/local/temp/nginx/ \ - --error-log-path=stderr \ - --lock-path=/var/lock/nginx.lock \ - --pid-path=/run/nginx.pid \ - --with-compat \ - --with-debug \ - --with-pcre-jit \ - --with-http_ssl_module \ - --with-http_stub_status_module \ - --with-http_realip_module \ - --with-http_auth_request_module \ - --with-http_v2_module \ - --with-http_dav_module \ - --with-http_slice_module \ - --with-threads \ - --with-http_addition_module \ - --with-http_flv_module \ - --with-http_gunzip_module \ - --with-http_gzip_static_module \ - --with-http_mp4_module \ - --with-http_random_index_module \ - --with-http_secure_link_module \ - --with-http_sub_module \ - --with-mail_ssl_module \ - --with-stream_ssl_module \ - --with-stream_ssl_preread_module \ - --with-stream_realip_module \ - --with-http_geoip_module=dynamic \ - --with-http_image_filter_module=dynamic \ - --with-http_perl_module=dynamic \ - --with-http_xslt_module=dynamic \ - --with-mail=dynamic \ - --with-stream=dynamic \ - --with-stream_geoip_module=dynamic \ - --add-module=./modules_deb/libnginx-mod-http-ndk-0.3.4 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-brotli-1.0.0~rc \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-cache-purge-2.5.3 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-echo-0.63 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-geoip2-3.4 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-headers-more-filter-0.38 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-memc-0.20 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-set-misc-0.33 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-srcache-filter-0.33 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-subs-filter-0.6.4 \ - --add-dynamic-module=./modules_deb/libnginx-mod-http-upstream-fair-0.0~git20120408.a18b409 \ - --add-dynamic-module=./modules_deb/libnginx-mod-nchan-1.3.7+dfsg \ - --add-dynamic-module=./modules/njs/nginx \ - --add-dynamic-module=./modules/nginx-vod-module \ - --add-module=./modules/media-framework/nginx-common \ - --add-dynamic-module=./modules/nginx-stream-preread-str-module \ - --add-dynamic-module=./modules/media-framework/nginx-kmp-in-module \ - --add-dynamic-module=./modules/media-framework/nginx-kmp-out-module \ - --add-dynamic-module=./modules/media-framework/nginx-rtmp-module \ - --add-dynamic-module=./modules/media-framework/nginx-rtmp-kmp-module \ - --add-dynamic-module=./modules/media-framework/nginx-mpegts-module \ - --add-dynamic-module=./modules/media-framework/nginx-mpegts-kmp-module \ - --add-dynamic-module=./modules/media-framework/nginx-kmp-cc-module \ - --add-dynamic-module=./modules/media-framework/nginx-kmp-rtmp-module \ - --add-dynamic-module=./modules/media-framework/nginx-live-module \ - --add-dynamic-module=./modules/nginx-srt-module \ - --add-dynamic-module=./modules/media-framework/nginx-pckg-module \ - --add-dynamic-module=./modules/nginx-secure-token-module \ No newline at end of file diff --git a/contrib/vim/syntax/nginx.vim b/contrib/vim/syntax/nginx.vim index 29eef7a..075b19a 100644 --- a/contrib/vim/syntax/nginx.vim +++ b/contrib/vim/syntax/nginx.vim @@ -5,9 +5,6 @@ if exists("b:current_syntax") finish end -let s:save_cpo = &cpo -set cpo&vim - " general syntax if has("patch-7.4.1142") @@ -65,12 +62,12 @@ syn match ngxListenComment '#.*$' \ contained \ nextgroup=@ngxListenParams skipwhite skipempty syn keyword ngxListenOptions contained - \ default_server ssl quic proxy_protocol + \ default_server ssl http2 proxy_protocol \ setfib fastopen backlog rcvbuf sndbuf accept_filter deferred bind \ ipv6only reuseport so_keepalive \ nextgroup=@ngxListenParams skipwhite skipempty syn keyword ngxListenOptionsDeprecated contained - \ http2 + \ spdy \ nextgroup=@ngxListenParams skipwhite skipempty syn cluster ngxListenParams \ contains=ngxListenParam,ngxListenString,ngxListenComment @@ -90,6 +87,7 @@ syn keyword ngxDirectiveBlock contained if syn keyword ngxDirectiveBlock contained geo syn keyword ngxDirectiveBlock contained map syn keyword ngxDirectiveBlock contained split_clients +syn keyword ngxDirectiveBlock contained match syn keyword ngxDirectiveImportant contained include syn keyword ngxDirectiveImportant contained root @@ -112,11 +110,15 @@ syn keyword ngxDirectiveError contained post_action syn keyword ngxDirectiveDeprecated contained proxy_downstream_buffer syn keyword ngxDirectiveDeprecated contained proxy_upstream_buffer -syn keyword ngxDirectiveDeprecated contained http2_idle_timeout -syn keyword ngxDirectiveDeprecated contained http2_max_field_size -syn keyword ngxDirectiveDeprecated contained http2_max_header_size -syn keyword ngxDirectiveDeprecated contained http2_max_requests -syn keyword ngxDirectiveDeprecated contained http2_recv_timeout +syn keyword ngxDirectiveDeprecated contained spdy_chunk_size +syn keyword ngxDirectiveDeprecated contained spdy_headers_comp +syn keyword ngxDirectiveDeprecated contained spdy_keepalive_timeout +syn keyword ngxDirectiveDeprecated contained spdy_max_concurrent_streams +syn keyword ngxDirectiveDeprecated contained spdy_pool_size +syn keyword ngxDirectiveDeprecated contained spdy_recv_buffer_size +syn keyword ngxDirectiveDeprecated contained spdy_recv_timeout +syn keyword ngxDirectiveDeprecated contained spdy_streams_index_size +syn keyword ngxDirectiveDeprecated contained upstream_conf syn keyword ngxDirective contained absolute_redirect syn keyword ngxDirective contained accept_mutex @@ -136,11 +138,12 @@ syn keyword ngxDirective contained ancient_browser syn keyword ngxDirective contained ancient_browser_value syn keyword ngxDirective contained auth_basic syn keyword ngxDirective contained auth_basic_user_file -syn keyword ngxDirective contained auth_delay syn keyword ngxDirective contained auth_http syn keyword ngxDirective contained auth_http_header syn keyword ngxDirective contained auth_http_pass_client_cert syn keyword ngxDirective contained auth_http_timeout +syn keyword ngxDirective contained auth_jwt +syn keyword ngxDirective contained auth_jwt_key_file syn keyword ngxDirective contained auth_request syn keyword ngxDirective contained auth_request_set syn keyword ngxDirective contained autoindex @@ -181,6 +184,8 @@ syn keyword ngxDirective contained error_log syn keyword ngxDirective contained etag syn keyword ngxDirective contained eventport_events syn keyword ngxDirective contained expires +syn keyword ngxDirective contained f4f +syn keyword ngxDirective contained f4f_buffer_size syn keyword ngxDirective contained fastcgi_bind syn keyword ngxDirective contained fastcgi_buffer_size syn keyword ngxDirective contained fastcgi_buffering @@ -197,6 +202,7 @@ syn keyword ngxDirective contained fastcgi_cache_max_range_offset syn keyword ngxDirective contained fastcgi_cache_methods syn keyword ngxDirective contained fastcgi_cache_min_uses syn keyword ngxDirective contained fastcgi_cache_path +syn keyword ngxDirective contained fastcgi_cache_purge syn keyword ngxDirective contained fastcgi_cache_revalidate syn keyword ngxDirective contained fastcgi_cache_use_stale syn keyword ngxDirective contained fastcgi_cache_valid @@ -223,7 +229,6 @@ syn keyword ngxDirective contained fastcgi_read_timeout syn keyword ngxDirective contained fastcgi_request_buffering syn keyword ngxDirective contained fastcgi_send_lowat syn keyword ngxDirective contained fastcgi_send_timeout -syn keyword ngxDirective contained fastcgi_socket_keepalive syn keyword ngxDirective contained fastcgi_split_path_info syn keyword ngxDirective contained fastcgi_store syn keyword ngxDirective contained fastcgi_store_access @@ -250,11 +255,9 @@ syn keyword ngxDirective contained grpc_pass_header syn keyword ngxDirective contained grpc_read_timeout syn keyword ngxDirective contained grpc_send_timeout syn keyword ngxDirective contained grpc_set_header -syn keyword ngxDirective contained grpc_socket_keepalive syn keyword ngxDirective contained grpc_ssl_certificate syn keyword ngxDirective contained grpc_ssl_certificate_key syn keyword ngxDirective contained grpc_ssl_ciphers -syn keyword ngxDirective contained grpc_ssl_conf_command syn keyword ngxDirective contained grpc_ssl_crl syn keyword ngxDirective contained grpc_ssl_name syn keyword ngxDirective contained grpc_ssl_password_file @@ -280,20 +283,28 @@ syn keyword ngxDirective contained gzip_types syn keyword ngxDirective contained gzip_vary syn keyword ngxDirective contained gzip_window syn keyword ngxDirective contained hash -syn keyword ngxDirective contained http2 +syn keyword ngxDirective contained health_check +syn keyword ngxDirective contained health_check_timeout +syn keyword ngxDirective contained hls +syn keyword ngxDirective contained hls_buffers +syn keyword ngxDirective contained hls_forward_args +syn keyword ngxDirective contained hls_fragment +syn keyword ngxDirective contained hls_mp4_buffer_size +syn keyword ngxDirective contained hls_mp4_max_buffer_size syn keyword ngxDirective contained http2_body_preread_size syn keyword ngxDirective contained http2_chunk_size +syn keyword ngxDirective contained http2_idle_timeout syn keyword ngxDirective contained http2_max_concurrent_pushes syn keyword ngxDirective contained http2_max_concurrent_streams +syn keyword ngxDirective contained http2_max_field_size +syn keyword ngxDirective contained http2_max_header_size +syn keyword ngxDirective contained http2_max_requests syn keyword ngxDirective contained http2_pool_size syn keyword ngxDirective contained http2_push syn keyword ngxDirective contained http2_push_preload syn keyword ngxDirective contained http2_recv_buffer_size +syn keyword ngxDirective contained http2_recv_timeout syn keyword ngxDirective contained http2_streams_index_size -syn keyword ngxDirective contained http3 -syn keyword ngxDirective contained http3_hq -syn keyword ngxDirective contained http3_max_concurrent_streams -syn keyword ngxDirective contained http3_stream_buffer_size syn keyword ngxDirective contained if_modified_since syn keyword ngxDirective contained ignore_invalid_headers syn keyword ngxDirective contained image_filter @@ -310,43 +321,27 @@ syn keyword ngxDirective contained index syn keyword ngxDirective contained iocp_threads syn keyword ngxDirective contained ip_hash syn keyword ngxDirective contained js_access -syn keyword ngxDirective contained js_body_filter syn keyword ngxDirective contained js_content -syn keyword ngxDirective contained js_fetch_buffer_size -syn keyword ngxDirective contained js_fetch_ciphers -syn keyword ngxDirective contained js_fetch_max_response_buffer_size -syn keyword ngxDirective contained js_fetch_protocols -syn keyword ngxDirective contained js_fetch_timeout -syn keyword ngxDirective contained js_fetch_trusted_certificate -syn keyword ngxDirective contained js_fetch_verify -syn keyword ngxDirective contained js_fetch_verify_depth syn keyword ngxDirective contained js_filter -syn keyword ngxDirective contained js_header_filter -syn keyword ngxDirective contained js_import -syn keyword ngxDirective contained js_path -syn keyword ngxDirective contained js_preload_object +syn keyword ngxDirective contained js_include syn keyword ngxDirective contained js_preread syn keyword ngxDirective contained js_set -syn keyword ngxDirective contained js_shared_dict_zone -syn keyword ngxDirective contained js_var syn keyword ngxDirective contained keepalive syn keyword ngxDirective contained keepalive_disable syn keyword ngxDirective contained keepalive_requests -syn keyword ngxDirective contained keepalive_time syn keyword ngxDirective contained keepalive_timeout syn keyword ngxDirective contained kqueue_changes syn keyword ngxDirective contained kqueue_events syn keyword ngxDirective contained large_client_header_buffers syn keyword ngxDirective contained least_conn +syn keyword ngxDirective contained least_time syn keyword ngxDirective contained limit_conn -syn keyword ngxDirective contained limit_conn_dry_run syn keyword ngxDirective contained limit_conn_log_level syn keyword ngxDirective contained limit_conn_status syn keyword ngxDirective contained limit_conn_zone syn keyword ngxDirective contained limit_rate syn keyword ngxDirective contained limit_rate_after syn keyword ngxDirective contained limit_req -syn keyword ngxDirective contained limit_req_dry_run syn keyword ngxDirective contained limit_req_log_level syn keyword ngxDirective contained limit_req_status syn keyword ngxDirective contained limit_req_zone @@ -361,18 +356,17 @@ syn keyword ngxDirective contained log_subrequest syn keyword ngxDirective contained map_hash_bucket_size syn keyword ngxDirective contained map_hash_max_size syn keyword ngxDirective contained master_process -syn keyword ngxDirective contained max_errors syn keyword ngxDirective contained max_ranges syn keyword ngxDirective contained memcached_bind syn keyword ngxDirective contained memcached_buffer_size syn keyword ngxDirective contained memcached_connect_timeout +syn keyword ngxDirective contained memcached_force_ranges syn keyword ngxDirective contained memcached_gzip_flag syn keyword ngxDirective contained memcached_next_upstream syn keyword ngxDirective contained memcached_next_upstream_timeout syn keyword ngxDirective contained memcached_next_upstream_tries syn keyword ngxDirective contained memcached_read_timeout syn keyword ngxDirective contained memcached_send_timeout -syn keyword ngxDirective contained memcached_socket_keepalive syn keyword ngxDirective contained merge_slashes syn keyword ngxDirective contained min_delete_depth syn keyword ngxDirective contained mirror @@ -382,10 +376,12 @@ syn keyword ngxDirective contained modern_browser_value syn keyword ngxDirective contained mp4 syn keyword ngxDirective contained mp4_buffer_size syn keyword ngxDirective contained mp4_max_buffer_size -syn keyword ngxDirective contained mp4_start_key_frame +syn keyword ngxDirective contained mp4_limit_rate +syn keyword ngxDirective contained mp4_limit_rate_after syn keyword ngxDirective contained msie_padding syn keyword ngxDirective contained msie_refresh syn keyword ngxDirective contained multi_accept +syn keyword ngxDirective contained ntlm syn keyword ngxDirective contained open_file_cache syn keyword ngxDirective contained open_file_cache_errors syn keyword ngxDirective contained open_file_cache_events @@ -428,16 +424,15 @@ syn keyword ngxDirective contained proxy_cache_max_range_offset syn keyword ngxDirective contained proxy_cache_methods syn keyword ngxDirective contained proxy_cache_min_uses syn keyword ngxDirective contained proxy_cache_path +syn keyword ngxDirective contained proxy_cache_purge syn keyword ngxDirective contained proxy_cache_revalidate syn keyword ngxDirective contained proxy_cache_use_stale syn keyword ngxDirective contained proxy_cache_valid syn keyword ngxDirective contained proxy_connect_timeout syn keyword ngxDirective contained proxy_cookie_domain -syn keyword ngxDirective contained proxy_cookie_flags syn keyword ngxDirective contained proxy_cookie_path syn keyword ngxDirective contained proxy_download_rate syn keyword ngxDirective contained proxy_force_ranges -syn keyword ngxDirective contained proxy_half_close syn keyword ngxDirective contained proxy_headers_hash_bucket_size syn keyword ngxDirective contained proxy_headers_hash_max_size syn keyword ngxDirective contained proxy_hide_header @@ -461,19 +456,15 @@ syn keyword ngxDirective contained proxy_protocol_timeout syn keyword ngxDirective contained proxy_read_timeout syn keyword ngxDirective contained proxy_redirect syn keyword ngxDirective contained proxy_request_buffering -syn keyword ngxDirective contained proxy_requests syn keyword ngxDirective contained proxy_responses syn keyword ngxDirective contained proxy_send_lowat syn keyword ngxDirective contained proxy_send_timeout syn keyword ngxDirective contained proxy_set_body syn keyword ngxDirective contained proxy_set_header -syn keyword ngxDirective contained proxy_smtp_auth -syn keyword ngxDirective contained proxy_socket_keepalive syn keyword ngxDirective contained proxy_ssl syn keyword ngxDirective contained proxy_ssl_certificate syn keyword ngxDirective contained proxy_ssl_certificate_key syn keyword ngxDirective contained proxy_ssl_ciphers -syn keyword ngxDirective contained proxy_ssl_conf_command syn keyword ngxDirective contained proxy_ssl_crl syn keyword ngxDirective contained proxy_ssl_name syn keyword ngxDirective contained proxy_ssl_password_file @@ -489,12 +480,7 @@ syn keyword ngxDirective contained proxy_temp_file_write_size syn keyword ngxDirective contained proxy_temp_path syn keyword ngxDirective contained proxy_timeout syn keyword ngxDirective contained proxy_upload_rate -syn keyword ngxDirective contained quic_active_connection_id_limit -syn keyword ngxDirective contained quic_bpf -syn keyword ngxDirective contained quic_gso -syn keyword ngxDirective contained quic_host_key -syn keyword ngxDirective contained quic_retry -syn keyword ngxDirective contained random +syn keyword ngxDirective contained queue syn keyword ngxDirective contained random_index syn keyword ngxDirective contained read_ahead syn keyword ngxDirective contained real_ip_header @@ -524,6 +510,7 @@ syn keyword ngxDirective contained scgi_cache_max_range_offset syn keyword ngxDirective contained scgi_cache_methods syn keyword ngxDirective contained scgi_cache_min_uses syn keyword ngxDirective contained scgi_cache_path +syn keyword ngxDirective contained scgi_cache_purge syn keyword ngxDirective contained scgi_cache_revalidate syn keyword ngxDirective contained scgi_cache_use_stale syn keyword ngxDirective contained scgi_cache_valid @@ -546,7 +533,6 @@ syn keyword ngxDirective contained scgi_pass_request_headers syn keyword ngxDirective contained scgi_read_timeout syn keyword ngxDirective contained scgi_request_buffering syn keyword ngxDirective contained scgi_send_timeout -syn keyword ngxDirective contained scgi_socket_keepalive syn keyword ngxDirective contained scgi_store syn keyword ngxDirective contained scgi_store_access syn keyword ngxDirective contained scgi_temp_file_write_size @@ -562,6 +548,9 @@ syn keyword ngxDirective contained server_name_in_redirect syn keyword ngxDirective contained server_names_hash_bucket_size syn keyword ngxDirective contained server_names_hash_max_size syn keyword ngxDirective contained server_tokens +syn keyword ngxDirective contained session_log +syn keyword ngxDirective contained session_log_format +syn keyword ngxDirective contained session_log_zone syn keyword ngxDirective contained set_real_ip_from syn keyword ngxDirective contained slice syn keyword ngxDirective contained smtp_auth @@ -576,27 +565,21 @@ syn keyword ngxDirective contained ssi_min_file_chunk syn keyword ngxDirective contained ssi_silent_errors syn keyword ngxDirective contained ssi_types syn keyword ngxDirective contained ssi_value_length -syn keyword ngxDirective contained ssl_alpn +syn keyword ngxDirective contained ssl syn keyword ngxDirective contained ssl_buffer_size syn keyword ngxDirective contained ssl_certificate syn keyword ngxDirective contained ssl_certificate_key syn keyword ngxDirective contained ssl_ciphers syn keyword ngxDirective contained ssl_client_certificate -syn keyword ngxDirective contained ssl_conf_command syn keyword ngxDirective contained ssl_crl syn keyword ngxDirective contained ssl_dhparam -syn keyword ngxDirective contained ssl_early_data syn keyword ngxDirective contained ssl_ecdh_curve syn keyword ngxDirective contained ssl_engine syn keyword ngxDirective contained ssl_handshake_timeout -syn keyword ngxDirective contained ssl_ocsp -syn keyword ngxDirective contained ssl_ocsp_cache -syn keyword ngxDirective contained ssl_ocsp_responder syn keyword ngxDirective contained ssl_password_file syn keyword ngxDirective contained ssl_prefer_server_ciphers syn keyword ngxDirective contained ssl_preread syn keyword ngxDirective contained ssl_protocols -syn keyword ngxDirective contained ssl_reject_handshake syn keyword ngxDirective contained ssl_session_cache syn keyword ngxDirective contained ssl_session_ticket_key syn keyword ngxDirective contained ssl_session_tickets @@ -609,6 +592,12 @@ syn keyword ngxDirective contained ssl_trusted_certificate syn keyword ngxDirective contained ssl_verify_client syn keyword ngxDirective contained ssl_verify_depth syn keyword ngxDirective contained starttls +syn keyword ngxDirective contained state +syn keyword ngxDirective contained status +syn keyword ngxDirective contained status_format +syn keyword ngxDirective contained status_zone +syn keyword ngxDirective contained sticky +syn keyword ngxDirective contained sticky_cookie_insert syn keyword ngxDirective contained stub_status syn keyword ngxDirective contained sub_filter syn keyword ngxDirective contained sub_filter_last_modified @@ -629,7 +618,6 @@ syn keyword ngxDirective contained user syn keyword ngxDirective contained userid syn keyword ngxDirective contained userid_domain syn keyword ngxDirective contained userid_expires -syn keyword ngxDirective contained userid_flags syn keyword ngxDirective contained userid_mark syn keyword ngxDirective contained userid_name syn keyword ngxDirective contained userid_p3p @@ -651,6 +639,7 @@ syn keyword ngxDirective contained uwsgi_cache_max_range_offset syn keyword ngxDirective contained uwsgi_cache_methods syn keyword ngxDirective contained uwsgi_cache_min_uses syn keyword ngxDirective contained uwsgi_cache_path +syn keyword ngxDirective contained uwsgi_cache_purge syn keyword ngxDirective contained uwsgi_cache_revalidate syn keyword ngxDirective contained uwsgi_cache_use_stale syn keyword ngxDirective contained uwsgi_cache_valid @@ -675,11 +664,9 @@ syn keyword ngxDirective contained uwsgi_pass_request_headers syn keyword ngxDirective contained uwsgi_read_timeout syn keyword ngxDirective contained uwsgi_request_buffering syn keyword ngxDirective contained uwsgi_send_timeout -syn keyword ngxDirective contained uwsgi_socket_keepalive syn keyword ngxDirective contained uwsgi_ssl_certificate syn keyword ngxDirective contained uwsgi_ssl_certificate_key syn keyword ngxDirective contained uwsgi_ssl_ciphers -syn keyword ngxDirective contained uwsgi_ssl_conf_command syn keyword ngxDirective contained uwsgi_ssl_crl syn keyword ngxDirective contained uwsgi_ssl_name syn keyword ngxDirective contained uwsgi_ssl_password_file @@ -715,88 +702,55 @@ syn keyword ngxDirective contained xslt_stylesheet syn keyword ngxDirective contained xslt_types syn keyword ngxDirective contained zone -" nginx-plus commercial extensions directives - -syn keyword ngxDirectiveBlock contained match -syn keyword ngxDirectiveBlock contained otel_exporter - -syn keyword ngxDirective contained api -syn keyword ngxDirective contained auth_jwt -syn keyword ngxDirective contained auth_jwt_claim_set -syn keyword ngxDirective contained auth_jwt_header_set -syn keyword ngxDirective contained auth_jwt_key_cache -syn keyword ngxDirective contained auth_jwt_key_file -syn keyword ngxDirective contained auth_jwt_key_request -syn keyword ngxDirective contained auth_jwt_leeway -syn keyword ngxDirective contained auth_jwt_require -syn keyword ngxDirective contained auth_jwt_type -syn keyword ngxDirective contained f4f -syn keyword ngxDirective contained f4f_buffer_size -syn keyword ngxDirective contained fastcgi_cache_purge -syn keyword ngxDirective contained health_check -syn keyword ngxDirective contained health_check_timeout -syn keyword ngxDirective contained hls -syn keyword ngxDirective contained hls_buffers -syn keyword ngxDirective contained hls_forward_args -syn keyword ngxDirective contained hls_fragment -syn keyword ngxDirective contained hls_mp4_buffer_size -syn keyword ngxDirective contained hls_mp4_max_buffer_size -syn keyword ngxDirective contained internal_redirect -syn keyword ngxDirective contained keyval -syn keyword ngxDirective contained keyval_zone -syn keyword ngxDirective contained least_time -syn keyword ngxDirective contained mp4_limit_rate -syn keyword ngxDirective contained mp4_limit_rate_after -syn keyword ngxDirective contained mqtt -syn keyword ngxDirective contained mqtt_preread -syn keyword ngxDirective contained mqtt_rewrite_buffer_size -syn keyword ngxDirective contained mqtt_set_connect -syn keyword ngxDirective contained ntlm -syn keyword ngxDirective contained otel_service_name -syn keyword ngxDirective contained otel_span_attr -syn keyword ngxDirective contained otel_span_name -syn keyword ngxDirective contained otel_trace -syn keyword ngxDirective contained otel_trace_context -syn keyword ngxDirective contained proxy_cache_purge -syn keyword ngxDirective contained proxy_session_drop -syn keyword ngxDirective contained queue -syn keyword ngxDirective contained scgi_cache_purge -syn keyword ngxDirective contained session_log -syn keyword ngxDirective contained session_log_format -syn keyword ngxDirective contained session_log_zone -syn keyword ngxDirective contained state -syn keyword ngxDirective contained status -syn keyword ngxDirective contained status_format -syn keyword ngxDirective contained status_zone -syn keyword ngxDirective contained sticky -syn keyword ngxDirective contained uwsgi_cache_purge -syn keyword ngxDirective contained zone_sync -syn keyword ngxDirective contained zone_sync_buffers -syn keyword ngxDirective contained zone_sync_connect_retry_interval -syn keyword ngxDirective contained zone_sync_connect_timeout -syn keyword ngxDirective contained zone_sync_interval -syn keyword ngxDirective contained zone_sync_recv_buffer_size -syn keyword ngxDirective contained zone_sync_server -syn keyword ngxDirective contained zone_sync_ssl -syn keyword ngxDirective contained zone_sync_ssl_certificate -syn keyword ngxDirective contained zone_sync_ssl_certificate_key -syn keyword ngxDirective contained zone_sync_ssl_ciphers -syn keyword ngxDirective contained zone_sync_ssl_conf_command -syn keyword ngxDirective contained zone_sync_ssl_crl -syn keyword ngxDirective contained zone_sync_ssl_name -syn keyword ngxDirective contained zone_sync_ssl_password_file -syn keyword ngxDirective contained zone_sync_ssl_protocols -syn keyword ngxDirective contained zone_sync_ssl_server_name -syn keyword ngxDirective contained zone_sync_ssl_trusted_certificate -syn keyword ngxDirective contained zone_sync_ssl_verify -syn keyword ngxDirective contained zone_sync_ssl_verify_depth -syn keyword ngxDirective contained zone_sync_timeout - " 3rd party modules list taken from -" https://github.com/freebsd/freebsd-ports/blob/main/www/nginx-devel/Makefile.extmod -" ---------------------------------------------------------------------------------- +" https://github.com/freebsd/freebsd-ports/blob/master/www/nginx-devel/Makefile +" ----------------------------------------------------------------------------- -" https://github.com/msva/nginx_ajp_module +" Accept Language +" https://github.com/giom/nginx_accept_language_module +syn keyword ngxDirectiveThirdParty contained set_from_accept_language + +" Digest Authentication +" https://github.com/atomx/nginx-http-auth-digest +syn keyword ngxDirectiveThirdParty contained auth_digest +syn keyword ngxDirectiveThirdParty contained auth_digest_drop_time +syn keyword ngxDirectiveThirdParty contained auth_digest_evasion_time +syn keyword ngxDirectiveThirdParty contained auth_digest_expires +syn keyword ngxDirectiveThirdParty contained auth_digest_maxtries +syn keyword ngxDirectiveThirdParty contained auth_digest_replays +syn keyword ngxDirectiveThirdParty contained auth_digest_shm_size +syn keyword ngxDirectiveThirdParty contained auth_digest_timeout +syn keyword ngxDirectiveThirdParty contained auth_digest_user_file + +" SPNEGO Authentication +" https://github.com/stnoonan/spnego-http-auth-nginx-module +syn keyword ngxDirectiveThirdParty contained auth_gss +syn keyword ngxDirectiveThirdParty contained auth_gss_allow_basic_fallback +syn keyword ngxDirectiveThirdParty contained auth_gss_authorized_principal +syn keyword ngxDirectiveThirdParty contained auth_gss_force_realm +syn keyword ngxDirectiveThirdParty contained auth_gss_format_full +syn keyword ngxDirectiveThirdParty contained auth_gss_keytab +syn keyword ngxDirectiveThirdParty contained auth_gss_realm +syn keyword ngxDirectiveThirdParty contained auth_gss_service_name + +" LDAP Authentication +" https://github.com/kvspb/nginx-auth-ldap +syn keyword ngxDirectiveThirdParty contained auth_ldap +syn keyword ngxDirectiveThirdParty contained auth_ldap_cache_enabled +syn keyword ngxDirectiveThirdParty contained auth_ldap_cache_expiration_time +syn keyword ngxDirectiveThirdParty contained auth_ldap_cache_size +syn keyword ngxDirectiveThirdParty contained auth_ldap_servers +syn keyword ngxDirectiveThirdParty contained auth_ldap_servers_size +syn keyword ngxDirectiveThirdParty contained ldap_server + +" PAM Authentication +" https://github.com/sto/ngx_http_auth_pam_module +syn keyword ngxDirectiveThirdParty contained auth_pam +syn keyword ngxDirectiveThirdParty contained auth_pam_service_name +syn keyword ngxDirectiveThirdParty contained auth_pam_set_pam_env + +" AJP protocol proxy +" https://github.com/yaoweibin/nginx_ajp_module syn keyword ngxDirectiveThirdParty contained ajp_buffer_size syn keyword ngxDirectiveThirdParty contained ajp_buffers syn keyword ngxDirectiveThirdParty contained ajp_busy_buffers_size @@ -819,14 +773,11 @@ syn keyword ngxDirectiveThirdParty contained ajp_keep_conn syn keyword ngxDirectiveThirdParty contained ajp_max_data_packet_size syn keyword ngxDirectiveThirdParty contained ajp_max_temp_file_size syn keyword ngxDirectiveThirdParty contained ajp_next_upstream -syn keyword ngxDirectiveThirdParty contained ajp_param syn keyword ngxDirectiveThirdParty contained ajp_pass syn keyword ngxDirectiveThirdParty contained ajp_pass_header syn keyword ngxDirectiveThirdParty contained ajp_pass_request_body syn keyword ngxDirectiveThirdParty contained ajp_pass_request_headers syn keyword ngxDirectiveThirdParty contained ajp_read_timeout -syn keyword ngxDirectiveThirdParty contained ajp_script_url -syn keyword ngxDirectiveThirdParty contained ajp_secret syn keyword ngxDirectiveThirdParty contained ajp_send_lowat syn keyword ngxDirectiveThirdParty contained ajp_send_timeout syn keyword ngxDirectiveThirdParty contained ajp_store @@ -836,12 +787,7 @@ syn keyword ngxDirectiveThirdParty contained ajp_temp_path syn keyword ngxDirectiveThirdParty contained ajp_upstream_fail_timeout syn keyword ngxDirectiveThirdParty contained ajp_upstream_max_fails -" https://github.com/openresty/array-var-nginx-module -syn keyword ngxDirectiveThirdParty contained array_join -syn keyword ngxDirectiveThirdParty contained array_map -syn keyword ngxDirectiveThirdParty contained array_map_op -syn keyword ngxDirectiveThirdParty contained array_split - +" AWS proxy " https://github.com/anomalizer/ngx_aws_auth syn keyword ngxDirectiveThirdParty contained aws_access_key syn keyword ngxDirectiveThirdParty contained aws_endpoint @@ -850,32 +796,60 @@ syn keyword ngxDirectiveThirdParty contained aws_s3_bucket syn keyword ngxDirectiveThirdParty contained aws_sign syn keyword ngxDirectiveThirdParty contained aws_signing_key -" https://github.com/google/ngx_brotli -syn keyword ngxDirectiveThirdParty contained brotli -syn keyword ngxDirectiveThirdParty contained brotli_buffers -syn keyword ngxDirectiveThirdParty contained brotli_comp_level -syn keyword ngxDirectiveThirdParty contained brotli_min_length -syn keyword ngxDirectiveThirdParty contained brotli_static -syn keyword ngxDirectiveThirdParty contained brotli_types -syn keyword ngxDirectiveThirdParty contained brotli_window - -" https://github.com/torden/ngx_cache_purge -syn keyword ngxDirectiveThirdParty contained cache_purge_response_type - -" https://github.com/AirisX/nginx_cookie_flag_module -syn keyword ngxDirectiveThirdParty contained set_cookie_flag +" embedding Clojure or Java or Groovy programs +" https://github.com/nginx-clojure/nginx-clojure +syn keyword ngxDirectiveThirdParty contained access_handler_code +syn keyword ngxDirectiveThirdParty contained access_handler_name +syn keyword ngxDirectiveThirdParty contained access_handler_property +syn keyword ngxDirectiveThirdParty contained access_handler_type +syn keyword ngxDirectiveThirdParty contained always_read_body +syn keyword ngxDirectiveThirdParty contained auto_upgrade_ws +syn keyword ngxDirectiveThirdParty contained body_filter_code +syn keyword ngxDirectiveThirdParty contained body_filter_name +syn keyword ngxDirectiveThirdParty contained body_filter_property +syn keyword ngxDirectiveThirdParty contained body_filter_type +syn keyword ngxDirectiveThirdParty contained content_handler_code +syn keyword ngxDirectiveThirdParty contained content_handler_name +syn keyword ngxDirectiveThirdParty contained content_handler_property +syn keyword ngxDirectiveThirdParty contained content_handler_type +syn keyword ngxDirectiveThirdParty contained handler_code +syn keyword ngxDirectiveThirdParty contained handler_name +syn keyword ngxDirectiveThirdParty contained handler_type +syn keyword ngxDirectiveThirdParty contained handlers_lazy_init +syn keyword ngxDirectiveThirdParty contained header_filter_code +syn keyword ngxDirectiveThirdParty contained header_filter_name +syn keyword ngxDirectiveThirdParty contained header_filter_property +syn keyword ngxDirectiveThirdParty contained header_filter_type +syn keyword ngxDirectiveThirdParty contained jvm_classpath +syn keyword ngxDirectiveThirdParty contained jvm_classpath_check +syn keyword ngxDirectiveThirdParty contained jvm_exit_handler_code +syn keyword ngxDirectiveThirdParty contained jvm_exit_handler_name +syn keyword ngxDirectiveThirdParty contained jvm_handler_type +syn keyword ngxDirectiveThirdParty contained jvm_init_handler_code +syn keyword ngxDirectiveThirdParty contained jvm_init_handler_name +syn keyword ngxDirectiveThirdParty contained jvm_options +syn keyword ngxDirectiveThirdParty contained jvm_path +syn keyword ngxDirectiveThirdParty contained jvm_var +syn keyword ngxDirectiveThirdParty contained jvm_workers +syn keyword ngxDirectiveThirdParty contained max_balanced_tcp_connections +syn keyword ngxDirectiveThirdParty contained rewrite_handler_code +syn keyword ngxDirectiveThirdParty contained rewrite_handler_name +syn keyword ngxDirectiveThirdParty contained rewrite_handler_property +syn keyword ngxDirectiveThirdParty contained rewrite_handler_type +syn keyword ngxDirectiveThirdParty contained shared_map +syn keyword ngxDirectiveThirdParty contained write_page_size +" Certificate Transparency " https://github.com/grahamedgecombe/nginx-ct syn keyword ngxDirectiveThirdParty contained ssl_ct syn keyword ngxDirectiveThirdParty contained ssl_ct_static_scts +" ngx_echo " https://github.com/openresty/echo-nginx-module -syn keyword ngxDirectiveThirdParty contained echo syn keyword ngxDirectiveThirdParty contained echo_abort_parent syn keyword ngxDirectiveThirdParty contained echo_after_body syn keyword ngxDirectiveThirdParty contained echo_before_body syn keyword ngxDirectiveThirdParty contained echo_blocking_sleep -syn keyword ngxDirectiveThirdParty contained echo_duplicate syn keyword ngxDirectiveThirdParty contained echo_end syn keyword ngxDirectiveThirdParty contained echo_exec syn keyword ngxDirectiveThirdParty contained echo_flush @@ -885,102 +859,26 @@ syn keyword ngxDirectiveThirdParty contained echo_location_async syn keyword ngxDirectiveThirdParty contained echo_read_request_body syn keyword ngxDirectiveThirdParty contained echo_request_body syn keyword ngxDirectiveThirdParty contained echo_reset_timer -syn keyword ngxDirectiveThirdParty contained echo_sleep syn keyword ngxDirectiveThirdParty contained echo_status syn keyword ngxDirectiveThirdParty contained echo_subrequest syn keyword ngxDirectiveThirdParty contained echo_subrequest_async -" https://github.com/openresty/drizzle-nginx-module -syn keyword ngxDirectiveThirdParty contained drizzle_buffer_size -syn keyword ngxDirectiveThirdParty contained drizzle_connect_timeout -syn keyword ngxDirectiveThirdParty contained drizzle_dbname -syn keyword ngxDirectiveThirdParty contained drizzle_keepalive -syn keyword ngxDirectiveThirdParty contained drizzle_module_header -syn keyword ngxDirectiveThirdParty contained drizzle_pass -syn keyword ngxDirectiveThirdParty contained drizzle_query -syn keyword ngxDirectiveThirdParty contained drizzle_recv_cols_timeout -syn keyword ngxDirectiveThirdParty contained drizzle_recv_rows_timeout -syn keyword ngxDirectiveThirdParty contained drizzle_send_query_timeout -syn keyword ngxDirectiveThirdParty contained drizzle_server -syn keyword ngxDirectiveThirdParty contained drizzle_status - -" https://github.com/ZigzagAK/ngx_dynamic_upstream -syn keyword ngxDirectiveThirdParty contained dns_add_down -syn keyword ngxDirectiveThirdParty contained dns_ipv6 -syn keyword ngxDirectiveThirdParty contained dns_update -syn keyword ngxDirectiveThirdParty contained dynamic_state_file -syn keyword ngxDirectiveThirdParty contained dynamic_upstream - -" https://github.com/openresty/encrypted-session-nginx-module -syn keyword ngxDirectiveThirdParty contained encrypted_session_expires -syn keyword ngxDirectiveThirdParty contained encrypted_session_iv -syn keyword ngxDirectiveThirdParty contained encrypted_session_key -syn keyword ngxDirectiveThirdParty contained set_decrypt_session -syn keyword ngxDirectiveThirdParty contained set_encrypt_session - -" https://github.com/calio/form-input-nginx-module -syn keyword ngxDirectiveThirdParty contained set_form_input -syn keyword ngxDirectiveThirdParty contained set_form_input_multi - -" https://github.com/nieoding/nginx-gridfs -syn keyword ngxDirectiveThirdParty contained gridfs -syn keyword ngxDirectiveThirdParty contained mongo +" FastDFS +" https://github.com/happyfish100/fastdfs-nginx-module +syn keyword ngxDirectiveThirdParty contained ngx_fastdfs_module +" ngx_headers_more " https://github.com/openresty/headers-more-nginx-module syn keyword ngxDirectiveThirdParty contained more_clear_headers syn keyword ngxDirectiveThirdParty contained more_clear_input_headers syn keyword ngxDirectiveThirdParty contained more_set_headers syn keyword ngxDirectiveThirdParty contained more_set_input_headers -" https://github.com/dvershinin/nginx_accept_language_module -syn keyword ngxDirectiveThirdParty contained set_from_accept_language - -" https://github.com/atomx/nginx-http-auth-digest -syn keyword ngxDirectiveThirdParty contained auth_digest -syn keyword ngxDirectiveThirdParty contained auth_digest_drop_time -syn keyword ngxDirectiveThirdParty contained auth_digest_evasion_time -syn keyword ngxDirectiveThirdParty contained auth_digest_expires -syn keyword ngxDirectiveThirdParty contained auth_digest_maxtries -syn keyword ngxDirectiveThirdParty contained auth_digest_replays -syn keyword ngxDirectiveThirdParty contained auth_digest_shm_size -syn keyword ngxDirectiveThirdParty contained auth_digest_timeout -syn keyword ngxDirectiveThirdParty contained auth_digest_user_file - -" https://github.com/stnoonan/spnego-http-auth-nginx-module -syn keyword ngxDirectiveThirdParty contained auth_gss -syn keyword ngxDirectiveThirdParty contained auth_gss_allow_basic_fallback -syn keyword ngxDirectiveThirdParty contained auth_gss_authorized_principal -syn keyword ngxDirectiveThirdParty contained auth_gss_authorized_principal_regex -syn keyword ngxDirectiveThirdParty contained auth_gss_constrained_delegation -syn keyword ngxDirectiveThirdParty contained auth_gss_delegate_credentials -syn keyword ngxDirectiveThirdParty contained auth_gss_force_realm -syn keyword ngxDirectiveThirdParty contained auth_gss_format_full -syn keyword ngxDirectiveThirdParty contained auth_gss_keytab -syn keyword ngxDirectiveThirdParty contained auth_gss_map_to_local -syn keyword ngxDirectiveThirdParty contained auth_gss_realm -syn keyword ngxDirectiveThirdParty contained auth_gss_service_ccache -syn keyword ngxDirectiveThirdParty contained auth_gss_service_name -syn keyword ngxDirectiveThirdParty contained auth_gss_zone_name - -" https://github.com/kvspb/nginx-auth-ldap -syn keyword ngxDirectiveThirdParty contained auth_ldap -syn keyword ngxDirectiveThirdParty contained auth_ldap_cache_enabled -syn keyword ngxDirectiveThirdParty contained auth_ldap_cache_expiration_time -syn keyword ngxDirectiveThirdParty contained auth_ldap_cache_size -syn keyword ngxDirectiveThirdParty contained auth_ldap_servers -syn keyword ngxDirectiveThirdParty contained auth_ldap_servers_size -syn keyword ngxDirectiveThirdParty contained ldap_server - -" https://github.com/sto/ngx_http_auth_pam_module -syn keyword ngxDirectiveThirdParty contained auth_pam -syn keyword ngxDirectiveThirdParty contained auth_pam_service_name -syn keyword ngxDirectiveThirdParty contained auth_pam_set_pam_env - +" NGINX WebDAV missing commands support (PROPFIND & OPTIONS) " https://github.com/arut/nginx-dav-ext-module -syn keyword ngxDirectiveThirdParty contained dav_ext_lock -syn keyword ngxDirectiveThirdParty contained dav_ext_lock_zone syn keyword ngxDirectiveThirdParty contained dav_ext_methods +" ngx_eval " https://github.com/openresty/nginx-eval-module syn keyword ngxDirectiveThirdParty contained eval syn keyword ngxDirectiveThirdParty contained eval_buffer_size @@ -988,58 +886,59 @@ syn keyword ngxDirectiveThirdParty contained eval_escalate syn keyword ngxDirectiveThirdParty contained eval_override_content_type syn keyword ngxDirectiveThirdParty contained eval_subrequest_in_memory +" Fancy Index " https://github.com/aperezdc/ngx-fancyindex syn keyword ngxDirectiveThirdParty contained fancyindex -syn keyword ngxDirectiveThirdParty contained fancyindex_case_sensitive syn keyword ngxDirectiveThirdParty contained fancyindex_css_href syn keyword ngxDirectiveThirdParty contained fancyindex_default_sort syn keyword ngxDirectiveThirdParty contained fancyindex_directories_first syn keyword ngxDirectiveThirdParty contained fancyindex_exact_size syn keyword ngxDirectiveThirdParty contained fancyindex_footer syn keyword ngxDirectiveThirdParty contained fancyindex_header -syn keyword ngxDirectiveThirdParty contained fancyindex_hide_parent_dir syn keyword ngxDirectiveThirdParty contained fancyindex_hide_symlinks syn keyword ngxDirectiveThirdParty contained fancyindex_ignore syn keyword ngxDirectiveThirdParty contained fancyindex_localtime -syn keyword ngxDirectiveThirdParty contained fancyindex_show_dotfiles +syn keyword ngxDirectiveThirdParty contained fancyindex_name_length syn keyword ngxDirectiveThirdParty contained fancyindex_show_path syn keyword ngxDirectiveThirdParty contained fancyindex_time_format +" Footer filter " https://github.com/alibaba/nginx-http-footer-filter syn keyword ngxDirectiveThirdParty contained footer syn keyword ngxDirectiveThirdParty contained footer_types +" ngx_http_geoip2_module " https://github.com/leev/ngx_http_geoip2_module syn keyword ngxDirectiveThirdParty contained geoip2 syn keyword ngxDirectiveThirdParty contained geoip2_proxy syn keyword ngxDirectiveThirdParty contained geoip2_proxy_recursive -" https://github.com/ip2location/ip2location-nginx -syn keyword ngxDirectiveThirdParty contained ip2location_database -syn keyword ngxDirectiveThirdParty contained ip2location_proxy -syn keyword ngxDirectiveThirdParty contained ip2location_proxy_recursive +" A version of the Nginx HTTP stub status module that outputs in JSON format +" https://github.com/nginx-modules/nginx-json-status-module +syn keyword ngxDirectiveThirdParty contained json_status +syn keyword ngxDirectiveThirdParty contained json_status_type -" https://github.com/ip2location/ip2proxy-nginx -syn keyword ngxDirectiveThirdParty contained ip2proxy_database -syn keyword ngxDirectiveThirdParty contained ip2proxy_proxy -syn keyword ngxDirectiveThirdParty contained ip2proxy_proxy_recursive +" MogileFS client for nginx +" https://github.com/vkholodkov/nginx-mogilefs-module +syn keyword ngxDirectiveThirdParty contained mogilefs_class +syn keyword ngxDirectiveThirdParty contained mogilefs_connect_timeout +syn keyword ngxDirectiveThirdParty contained mogilefs_domain +syn keyword ngxDirectiveThirdParty contained mogilefs_methods +syn keyword ngxDirectiveThirdParty contained mogilefs_noverify +syn keyword ngxDirectiveThirdParty contained mogilefs_pass +syn keyword ngxDirectiveThirdParty contained mogilefs_read_timeout +syn keyword ngxDirectiveThirdParty contained mogilefs_send_timeout +syn keyword ngxDirectiveThirdParty contained mogilefs_tracker +" Ancient nginx plugin; probably not useful to anyone " https://github.com/kr/nginx-notice syn keyword ngxDirectiveThirdParty contained notice syn keyword ngxDirectiveThirdParty contained notice_type +" nchan " https://github.com/slact/nchan -syn keyword ngxDirectiveThirdParty contained nchan_access_control_allow_credentials syn keyword ngxDirectiveThirdParty contained nchan_access_control_allow_origin syn keyword ngxDirectiveThirdParty contained nchan_authorize_request -syn keyword ngxDirectiveThirdParty contained nchan_benchmark -syn keyword ngxDirectiveThirdParty contained nchan_benchmark_channels -syn keyword ngxDirectiveThirdParty contained nchan_benchmark_message_padding_bytes -syn keyword ngxDirectiveThirdParty contained nchan_benchmark_messages_per_channel_per_minute -syn keyword ngxDirectiveThirdParty contained nchan_benchmark_publisher_distribution -syn keyword ngxDirectiveThirdParty contained nchan_benchmark_subscriber_distribution -syn keyword ngxDirectiveThirdParty contained nchan_benchmark_subscribers_per_channel -syn keyword ngxDirectiveThirdParty contained nchan_benchmark_time syn keyword ngxDirectiveThirdParty contained nchan_channel_event_string syn keyword ngxDirectiveThirdParty contained nchan_channel_events_channel_id syn keyword ngxDirectiveThirdParty contained nchan_channel_group @@ -1049,10 +948,6 @@ syn keyword ngxDirectiveThirdParty contained nchan_channel_id_split_delimiter syn keyword ngxDirectiveThirdParty contained nchan_channel_timeout syn keyword ngxDirectiveThirdParty contained nchan_deflate_message_for_websocket syn keyword ngxDirectiveThirdParty contained nchan_eventsource_event -syn keyword ngxDirectiveThirdParty contained nchan_eventsource_ping_comment -syn keyword ngxDirectiveThirdParty contained nchan_eventsource_ping_data -syn keyword ngxDirectiveThirdParty contained nchan_eventsource_ping_event -syn keyword ngxDirectiveThirdParty contained nchan_eventsource_ping_interval syn keyword ngxDirectiveThirdParty contained nchan_group_location syn keyword ngxDirectiveThirdParty contained nchan_group_max_channels syn keyword ngxDirectiveThirdParty contained nchan_group_max_messages @@ -1079,69 +974,16 @@ syn keyword ngxDirectiveThirdParty contained nchan_publisher_upstream_request syn keyword ngxDirectiveThirdParty contained nchan_pubsub syn keyword ngxDirectiveThirdParty contained nchan_pubsub_channel_id syn keyword ngxDirectiveThirdParty contained nchan_pubsub_location -syn keyword ngxDirectiveThirdParty contained nchan_redis_accurate_subscriber_count -syn keyword ngxDirectiveThirdParty contained nchan_redis_cluster_check_interval -syn keyword ngxDirectiveThirdParty contained nchan_redis_cluster_check_interval_backoff -syn keyword ngxDirectiveThirdParty contained nchan_redis_cluster_check_interval_jitter -syn keyword ngxDirectiveThirdParty contained nchan_redis_cluster_check_interval_max -syn keyword ngxDirectiveThirdParty contained nchan_redis_cluster_check_interval_min -syn keyword ngxDirectiveThirdParty contained nchan_redis_cluster_connect_timeout -syn keyword ngxDirectiveThirdParty contained nchan_redis_cluster_max_failing_time -syn keyword ngxDirectiveThirdParty contained nchan_redis_cluster_recovery_delay -syn keyword ngxDirectiveThirdParty contained nchan_redis_cluster_recovery_delay_backoff -syn keyword ngxDirectiveThirdParty contained nchan_redis_cluster_recovery_delay_jitter -syn keyword ngxDirectiveThirdParty contained nchan_redis_cluster_recovery_delay_max -syn keyword ngxDirectiveThirdParty contained nchan_redis_cluster_recovery_delay_min -syn keyword ngxDirectiveThirdParty contained nchan_redis_command_timeout -syn keyword ngxDirectiveThirdParty contained nchan_redis_connect_timeout -syn keyword ngxDirectiveThirdParty contained nchan_redis_discovered_ip_range_blacklist syn keyword ngxDirectiveThirdParty contained nchan_redis_fakesub_timer_interval syn keyword ngxDirectiveThirdParty contained nchan_redis_idle_channel_cache_timeout -syn keyword ngxDirectiveThirdParty contained nchan_redis_idle_channel_keepalive_backoff -syn keyword ngxDirectiveThirdParty contained nchan_redis_idle_channel_keepalive_jitter -syn keyword ngxDirectiveThirdParty contained nchan_redis_idle_channel_keepalive_max -syn keyword ngxDirectiveThirdParty contained nchan_redis_idle_channel_keepalive_min -syn keyword ngxDirectiveThirdParty contained nchan_redis_idle_channel_keepalive_safety_margin -syn keyword ngxDirectiveThirdParty contained nchan_redis_load_scripts_unconditionally syn keyword ngxDirectiveThirdParty contained nchan_redis_namespace -syn keyword ngxDirectiveThirdParty contained nchan_redis_node_connect_timeout -syn keyword ngxDirectiveThirdParty contained nchan_redis_nostore_fastpublish -syn keyword ngxDirectiveThirdParty contained nchan_redis_optimize_target syn keyword ngxDirectiveThirdParty contained nchan_redis_pass syn keyword ngxDirectiveThirdParty contained nchan_redis_pass_inheritable -syn keyword ngxDirectiveThirdParty contained nchan_redis_password syn keyword ngxDirectiveThirdParty contained nchan_redis_ping_interval syn keyword ngxDirectiveThirdParty contained nchan_redis_publish_msgpacked_max_size -syn keyword ngxDirectiveThirdParty contained nchan_redis_reconnect_delay -syn keyword ngxDirectiveThirdParty contained nchan_redis_reconnect_delay_backoff -syn keyword ngxDirectiveThirdParty contained nchan_redis_reconnect_delay_jitter -syn keyword ngxDirectiveThirdParty contained nchan_redis_reconnect_delay_max -syn keyword ngxDirectiveThirdParty contained nchan_redis_reconnect_delay_min -syn keyword ngxDirectiveThirdParty contained nchan_redis_retry_commands -syn keyword ngxDirectiveThirdParty contained nchan_redis_retry_commands_max_wait syn keyword ngxDirectiveThirdParty contained nchan_redis_server -syn keyword ngxDirectiveThirdParty contained nchan_redis_ssl -syn keyword ngxDirectiveThirdParty contained nchan_redis_ssl_ciphers -syn keyword ngxDirectiveThirdParty contained nchan_redis_ssl_client_certificate -syn keyword ngxDirectiveThirdParty contained nchan_redis_ssl_client_certificate_key -syn keyword ngxDirectiveThirdParty contained nchan_redis_ssl_server_name -syn keyword ngxDirectiveThirdParty contained nchan_redis_ssl_trusted_certificate -syn keyword ngxDirectiveThirdParty contained nchan_redis_ssl_trusted_certificate_path -syn keyword ngxDirectiveThirdParty contained nchan_redis_ssl_verify_certificate syn keyword ngxDirectiveThirdParty contained nchan_redis_storage_mode -syn keyword ngxDirectiveThirdParty contained nchan_redis_subscribe_weights -syn keyword ngxDirectiveThirdParty contained nchan_redis_tls -syn keyword ngxDirectiveThirdParty contained nchan_redis_tls_ciphers -syn keyword ngxDirectiveThirdParty contained nchan_redis_tls_client_certificate -syn keyword ngxDirectiveThirdParty contained nchan_redis_tls_server_name -syn keyword ngxDirectiveThirdParty contained nchan_redis_tls_trusted_certificate -syn keyword ngxDirectiveThirdParty contained nchan_redis_tls_trusted_certificate_path -syn keyword ngxDirectiveThirdParty contained nchan_redis_tls_verify_certificate -syn keyword ngxDirectiveThirdParty contained nchan_redis_upstream_stats -syn keyword ngxDirectiveThirdParty contained nchan_redis_upstream_stats_disconnected_timeout -syn keyword ngxDirectiveThirdParty contained nchan_redis_upstream_stats_enabled syn keyword ngxDirectiveThirdParty contained nchan_redis_url -syn keyword ngxDirectiveThirdParty contained nchan_redis_username syn keyword ngxDirectiveThirdParty contained nchan_redis_wait_after_connecting syn keyword ngxDirectiveThirdParty contained nchan_shared_memory_size syn keyword ngxDirectiveThirdParty contained nchan_storage_engine @@ -1155,8 +997,6 @@ syn keyword ngxDirectiveThirdParty contained nchan_subscriber_channel_id syn keyword ngxDirectiveThirdParty contained nchan_subscriber_compound_etag_message_id syn keyword ngxDirectiveThirdParty contained nchan_subscriber_first_message syn keyword ngxDirectiveThirdParty contained nchan_subscriber_http_raw_stream_separator -syn keyword ngxDirectiveThirdParty contained nchan_subscriber_info -syn keyword ngxDirectiveThirdParty contained nchan_subscriber_info_string syn keyword ngxDirectiveThirdParty contained nchan_subscriber_last_message_id syn keyword ngxDirectiveThirdParty contained nchan_subscriber_location syn keyword ngxDirectiveThirdParty contained nchan_subscriber_message_id_custom_etag_header @@ -1181,6 +1021,7 @@ syn keyword ngxDirectiveThirdParty contained push_subscriber syn keyword ngxDirectiveThirdParty contained push_subscriber_concurrency syn keyword ngxDirectiveThirdParty contained push_subscriber_timeout +" Push Stream " https://github.com/wandenberg/nginx-push-stream-module syn keyword ngxDirectiveThirdParty contained push_stream_allow_connections_to_events_channel syn keyword ngxDirectiveThirdParty contained push_stream_allowed_origins @@ -1219,6 +1060,23 @@ syn keyword ngxDirectiveThirdParty contained push_stream_websocket_allow_publish syn keyword ngxDirectiveThirdParty contained push_stream_wildcard_channel_max_qtd syn keyword ngxDirectiveThirdParty contained push_stream_wildcard_channel_prefix +" redis module +" https://www.nginx.com/resources/wiki/modules/redis/ +syn keyword ngxDirectiveThirdParty contained redis_bind +syn keyword ngxDirectiveThirdParty contained redis_buffer_size +syn keyword ngxDirectiveThirdParty contained redis_connect_timeout +syn keyword ngxDirectiveThirdParty contained redis_gzip_flag +syn keyword ngxDirectiveThirdParty contained redis_next_upstream +syn keyword ngxDirectiveThirdParty contained redis_pass +syn keyword ngxDirectiveThirdParty contained redis_read_timeout +syn keyword ngxDirectiveThirdParty contained redis_send_timeout + +" ngx_http_response +" http://catap.ru/downloads/nginx/ +syn keyword ngxDirectiveThirdParty contained response +syn keyword ngxDirectiveThirdParty contained response_type + +" nginx_substitutions_filter " https://github.com/yaoweibin/ngx_http_substitutions_filter_module syn keyword ngxDirectiveThirdParty contained subs_buffers syn keyword ngxDirectiveThirdParty contained subs_filter @@ -1226,6 +1084,7 @@ syn keyword ngxDirectiveThirdParty contained subs_filter_bypass syn keyword ngxDirectiveThirdParty contained subs_filter_types syn keyword ngxDirectiveThirdParty contained subs_line_buffer_size +" Tarantool nginx upstream module " https://github.com/tarantool/nginx_upstream_module syn keyword ngxDirectiveThirdParty contained tnt_allowed_indexes syn keyword ngxDirectiveThirdParty contained tnt_allowed_spaces @@ -1255,28 +1114,44 @@ syn keyword ngxDirectiveThirdParty contained tnt_set_header syn keyword ngxDirectiveThirdParty contained tnt_update syn keyword ngxDirectiveThirdParty contained tnt_upsert -" https://github.com/fdintino/nginx-upload-module -syn keyword ngxDirectiveThirdParty contained upload_add_header +" A module for nginx web server for handling file uploads using multipart/form-data encoding (RFC 1867) +" https://github.com/Austinb/nginx-upload-module syn keyword ngxDirectiveThirdParty contained upload_aggregate_form_field +syn keyword ngxDirectiveThirdParty contained upload_archive_elm +syn keyword ngxDirectiveThirdParty contained upload_archive_elm_separator +syn keyword ngxDirectiveThirdParty contained upload_archive_path +syn keyword ngxDirectiveThirdParty contained upload_archive_path_separator syn keyword ngxDirectiveThirdParty contained upload_buffer_size syn keyword ngxDirectiveThirdParty contained upload_cleanup -syn keyword ngxDirectiveThirdParty contained upload_empty_fiels_names -syn keyword ngxDirectiveThirdParty contained upload_limit_rate +syn keyword ngxDirectiveThirdParty contained upload_content_type +syn keyword ngxDirectiveThirdParty contained upload_discard +syn keyword ngxDirectiveThirdParty contained upload_field_name +syn keyword ngxDirectiveThirdParty contained upload_file_crc32 +syn keyword ngxDirectiveThirdParty contained upload_file_md5 +syn keyword ngxDirectiveThirdParty contained upload_file_md5_uc +syn keyword ngxDirectiveThirdParty contained upload_file_name +syn keyword ngxDirectiveThirdParty contained upload_file_sha1 +syn keyword ngxDirectiveThirdParty contained upload_file_sha1_uc +syn keyword ngxDirectiveThirdParty contained upload_file_size +syn keyword ngxDirectiveThirdParty contained upload_filter syn keyword ngxDirectiveThirdParty contained upload_max_file_size syn keyword ngxDirectiveThirdParty contained upload_max_output_body_len syn keyword ngxDirectiveThirdParty contained upload_max_part_header_len -syn keyword ngxDirectiveThirdParty contained upload_merge_buffer_size syn keyword ngxDirectiveThirdParty contained upload_pass syn keyword ngxDirectiveThirdParty contained upload_pass_args syn keyword ngxDirectiveThirdParty contained upload_pass_form_field -syn keyword ngxDirectiveThirdParty contained upload_range_header_buffer_size -syn keyword ngxDirectiveThirdParty contained upload_resumable syn keyword ngxDirectiveThirdParty contained upload_set_form_field -syn keyword ngxDirectiveThirdParty contained upload_state_store syn keyword ngxDirectiveThirdParty contained upload_store syn keyword ngxDirectiveThirdParty contained upload_store_access -syn keyword ngxDirectiveThirdParty contained upload_tame_arrays +syn keyword ngxDirectiveThirdParty contained upload_tmp_path +syn keyword ngxDirectiveThirdParty contained upload_unzip +syn keyword ngxDirectiveThirdParty contained upload_unzip_buffers +syn keyword ngxDirectiveThirdParty contained upload_unzip_hash +syn keyword ngxDirectiveThirdParty contained upload_unzip_max_file_name_len +syn keyword ngxDirectiveThirdParty contained upload_unzip_window +syn keyword ngxDirectiveThirdParty contained upload_void_content_type +" nginx-upload-progress-module " https://github.com/masterzen/nginx-upload-progress-module syn keyword ngxDirectiveThirdParty contained report_uploads syn keyword ngxDirectiveThirdParty contained track_uploads @@ -1289,6 +1164,7 @@ syn keyword ngxDirectiveThirdParty contained upload_progress_jsonp_output syn keyword ngxDirectiveThirdParty contained upload_progress_jsonp_parameter syn keyword ngxDirectiveThirdParty contained upload_progress_template +" Health checks upstreams for nginx " https://github.com/yaoweibin/nginx_upstream_check_module syn keyword ngxDirectiveThirdParty contained check syn keyword ngxDirectiveThirdParty contained check_fastcgi_param @@ -1298,15 +1174,13 @@ syn keyword ngxDirectiveThirdParty contained check_keepalive_requests syn keyword ngxDirectiveThirdParty contained check_shm_size syn keyword ngxDirectiveThirdParty contained check_status -" https://github.com/jaygooby/nginx-upstream-fair +" The fair load balancer module for nginx +" https://github.com/cryptofuture/nginx-upstream-fair syn keyword ngxDirectiveThirdParty contained fair syn keyword ngxDirectiveThirdParty contained upstream_fair_shm_size -" https://github.com/ayty-adrianomartins/nginx-sticky-module-ng -syn keyword ngxDirectiveThirdParty contained sticky_hide_cookie -syn keyword ngxDirectiveThirdParty contained sticky_no_fallback - -" https://github.com/Novetta/nginx-video-thumbextractor-module +" Nginx Video Thumb Extractor Module +" https://github.com/wandenberg/nginx-video-thumbextractor-module syn keyword ngxDirectiveThirdParty contained video_thumbextractor syn keyword ngxDirectiveThirdParty contained video_thumbextractor_image_height syn keyword ngxDirectiveThirdParty contained video_thumbextractor_image_width @@ -1331,14 +1205,43 @@ syn keyword ngxDirectiveThirdParty contained video_thumbextractor_tile_sample_in syn keyword ngxDirectiveThirdParty contained video_thumbextractor_video_filename syn keyword ngxDirectiveThirdParty contained video_thumbextractor_video_second -" https://github.com/calio/iconv-nginx-module -syn keyword ngxDirectiveThirdParty contained iconv_buffer_size -syn keyword ngxDirectiveThirdParty contained iconv_filter -syn keyword ngxDirectiveThirdParty contained set_iconv +" drizzle-nginx-module - Upstream module for talking to MySQL and Drizzle directly +" https://github.com/openresty/drizzle-nginx-module +syn keyword ngxDirectiveThirdParty contained drizzle_buffer_size +syn keyword ngxDirectiveThirdParty contained drizzle_connect_timeout +syn keyword ngxDirectiveThirdParty contained drizzle_dbname +syn keyword ngxDirectiveThirdParty contained drizzle_keepalive +syn keyword ngxDirectiveThirdParty contained drizzle_module_header +syn keyword ngxDirectiveThirdParty contained drizzle_pass +syn keyword ngxDirectiveThirdParty contained drizzle_query +syn keyword ngxDirectiveThirdParty contained drizzle_recv_cols_timeout +syn keyword ngxDirectiveThirdParty contained drizzle_recv_rows_timeout +syn keyword ngxDirectiveThirdParty contained drizzle_send_query_timeout +syn keyword ngxDirectiveThirdParty contained drizzle_server +syn keyword ngxDirectiveThirdParty contained drizzle_status -" https://github.com/baysao/nginx-let-module +" ngx_dynamic_upstream +" https://github.com/cubicdaiya/ngx_dynamic_upstream +syn keyword ngxDirectiveThirdParty contained dynamic_upstream + +" encrypt and decrypt nginx variable values +" https://github.com/openresty/encrypted-session-nginx-module +syn keyword ngxDirectiveThirdParty contained encrypted_session_expires +syn keyword ngxDirectiveThirdParty contained encrypted_session_iv +syn keyword ngxDirectiveThirdParty contained encrypted_session_key +syn keyword ngxDirectiveThirdParty contained set_decrypt_session +syn keyword ngxDirectiveThirdParty contained set_encrypt_session + +" serve content directly from MongoDB's GridFS +" https://github.com/mdirolf/nginx-gridfs +syn keyword ngxDirectiveThirdParty contained gridfs +syn keyword ngxDirectiveThirdParty contained mongo + +" Adds support for arithmetic operations to NGINX config +" https://github.com/arut/nginx-let-module syn keyword ngxDirectiveThirdParty contained let +" ngx_http_lua_module - Embed the power of Lua into Nginx HTTP Servers " https://github.com/openresty/lua-nginx-module syn keyword ngxDirectiveThirdParty contained access_by_lua syn keyword ngxDirectiveThirdParty contained access_by_lua_block @@ -1352,8 +1255,6 @@ syn keyword ngxDirectiveThirdParty contained body_filter_by_lua_file syn keyword ngxDirectiveThirdParty contained content_by_lua syn keyword ngxDirectiveThirdParty contained content_by_lua_block syn keyword ngxDirectiveThirdParty contained content_by_lua_file -syn keyword ngxDirectiveThirdParty contained exit_worker_by_lua_block -syn keyword ngxDirectiveThirdParty contained exit_worker_by_lua_file syn keyword ngxDirectiveThirdParty contained header_filter_by_lua syn keyword ngxDirectiveThirdParty contained header_filter_by_lua_block syn keyword ngxDirectiveThirdParty contained header_filter_by_lua_file @@ -1371,7 +1272,6 @@ syn keyword ngxDirectiveThirdParty contained lua_check_client_abort syn keyword ngxDirectiveThirdParty contained lua_code_cache syn keyword ngxDirectiveThirdParty contained lua_fake_shm syn keyword ngxDirectiveThirdParty contained lua_http10_buffering -syn keyword ngxDirectiveThirdParty contained lua_load_resty_core syn keyword ngxDirectiveThirdParty contained lua_malloc_trim syn keyword ngxDirectiveThirdParty contained lua_max_pending_timers syn keyword ngxDirectiveThirdParty contained lua_max_running_timers @@ -1380,7 +1280,6 @@ syn keyword ngxDirectiveThirdParty contained lua_package_cpath syn keyword ngxDirectiveThirdParty contained lua_package_path syn keyword ngxDirectiveThirdParty contained lua_regex_cache_max_entries syn keyword ngxDirectiveThirdParty contained lua_regex_match_limit -syn keyword ngxDirectiveThirdParty contained lua_sa_restart syn keyword ngxDirectiveThirdParty contained lua_shared_dict syn keyword ngxDirectiveThirdParty contained lua_socket_buffer_size syn keyword ngxDirectiveThirdParty contained lua_socket_connect_timeout @@ -1390,46 +1289,28 @@ syn keyword ngxDirectiveThirdParty contained lua_socket_pool_size syn keyword ngxDirectiveThirdParty contained lua_socket_read_timeout syn keyword ngxDirectiveThirdParty contained lua_socket_send_lowat syn keyword ngxDirectiveThirdParty contained lua_socket_send_timeout -syn keyword ngxDirectiveThirdParty contained lua_ssl_certificate -syn keyword ngxDirectiveThirdParty contained lua_ssl_certificate_key syn keyword ngxDirectiveThirdParty contained lua_ssl_ciphers -syn keyword ngxDirectiveThirdParty contained lua_ssl_conf_command syn keyword ngxDirectiveThirdParty contained lua_ssl_crl syn keyword ngxDirectiveThirdParty contained lua_ssl_protocols syn keyword ngxDirectiveThirdParty contained lua_ssl_trusted_certificate syn keyword ngxDirectiveThirdParty contained lua_ssl_verify_depth -syn keyword ngxDirectiveThirdParty contained lua_thread_cache_max_entries syn keyword ngxDirectiveThirdParty contained lua_transform_underscores_in_response_headers syn keyword ngxDirectiveThirdParty contained lua_use_default_type -syn keyword ngxDirectiveThirdParty contained lua_worker_thread_vm_pool_size syn keyword ngxDirectiveThirdParty contained rewrite_by_lua syn keyword ngxDirectiveThirdParty contained rewrite_by_lua_block syn keyword ngxDirectiveThirdParty contained rewrite_by_lua_file syn keyword ngxDirectiveThirdParty contained rewrite_by_lua_no_postpone -syn keyword ngxDirectiveThirdParty contained server_rewrite_by_lua_block -syn keyword ngxDirectiveThirdParty contained server_rewrite_by_lua_file syn keyword ngxDirectiveThirdParty contained set_by_lua syn keyword ngxDirectiveThirdParty contained set_by_lua_block syn keyword ngxDirectiveThirdParty contained set_by_lua_file syn keyword ngxDirectiveThirdParty contained ssl_certificate_by_lua_block syn keyword ngxDirectiveThirdParty contained ssl_certificate_by_lua_file -syn keyword ngxDirectiveThirdParty contained ssl_client_hello_by_lua_block -syn keyword ngxDirectiveThirdParty contained ssl_client_hello_by_lua_file syn keyword ngxDirectiveThirdParty contained ssl_session_fetch_by_lua_block syn keyword ngxDirectiveThirdParty contained ssl_session_fetch_by_lua_file syn keyword ngxDirectiveThirdParty contained ssl_session_store_by_lua_block syn keyword ngxDirectiveThirdParty contained ssl_session_store_by_lua_file -" https://github.com/Taymindis/nginx-link-function -syn keyword ngxDirectiveThirdParty contained ngx_link_func_add_prop -syn keyword ngxDirectiveThirdParty contained ngx_link_func_add_req_header -syn keyword ngxDirectiveThirdParty contained ngx_link_func_ca_cert -syn keyword ngxDirectiveThirdParty contained ngx_link_func_call -syn keyword ngxDirectiveThirdParty contained ngx_link_func_download_link_lib -syn keyword ngxDirectiveThirdParty contained ngx_link_func_lib -syn keyword ngxDirectiveThirdParty contained ngx_link_func_shm_size -syn keyword ngxDirectiveThirdParty contained ngx_link_func_subrequest - +" ngx_memc - An extended version of the standard memcached module " https://github.com/openresty/memc-nginx-module syn keyword ngxDirectiveThirdParty contained memc_buffer_size syn keyword ngxDirectiveThirdParty contained memc_cmds_allowed @@ -1443,24 +1324,21 @@ syn keyword ngxDirectiveThirdParty contained memc_send_timeout syn keyword ngxDirectiveThirdParty contained memc_upstream_fail_timeout syn keyword ngxDirectiveThirdParty contained memc_upstream_max_fails -" https://github.com/SpiderLabs/ModSecurity-nginx -syn keyword ngxDirectiveThirdParty contained modsecurity -syn keyword ngxDirectiveThirdParty contained modsecurity_rules -syn keyword ngxDirectiveThirdParty contained modsecurity_rules_file -syn keyword ngxDirectiveThirdParty contained modsecurity_rules_remote -syn keyword ngxDirectiveThirdParty contained modsecurity_transaction_id +" ModSecurity web application firewall +" https://github.com/SpiderLabs/ModSecurity/tree/master +syn keyword ngxDirectiveThirdParty contained ModSecurityConfig +syn keyword ngxDirectiveThirdParty contained ModSecurityEnabled +syn keyword ngxDirectiveThirdParty contained pool_context_hash_size +" NAXSI is an open-source, high performance, low rules maintenance WAF for NGINX " https://github.com/nbs-system/naxsi syn keyword ngxDirectiveThirdParty contained BasicRule syn keyword ngxDirectiveThirdParty contained CheckRule syn keyword ngxDirectiveThirdParty contained DeniedUrl -syn keyword ngxDirectiveThirdParty contained IgnoreCIDR -syn keyword ngxDirectiveThirdParty contained IgnoreIP syn keyword ngxDirectiveThirdParty contained LearningMode syn keyword ngxDirectiveThirdParty contained LibInjectionSql syn keyword ngxDirectiveThirdParty contained LibInjectionXss syn keyword ngxDirectiveThirdParty contained MainRule -syn keyword ngxDirectiveThirdParty contained NaxsiLogFile syn keyword ngxDirectiveThirdParty contained SecRulesDisabled syn keyword ngxDirectiveThirdParty contained SecRulesEnabled syn keyword ngxDirectiveThirdParty contained basic_rule @@ -1470,60 +1348,33 @@ syn keyword ngxDirectiveThirdParty contained learning_mode syn keyword ngxDirectiveThirdParty contained libinjection_sql syn keyword ngxDirectiveThirdParty contained libinjection_xss syn keyword ngxDirectiveThirdParty contained main_rule -syn keyword ngxDirectiveThirdParty contained naxsi_log syn keyword ngxDirectiveThirdParty contained rules_disabled syn keyword ngxDirectiveThirdParty contained rules_enabled -" https://github.com/opentracing-contrib/nginx-opentracing -syn keyword ngxDirectiveThirdParty contained opentracing -syn keyword ngxDirectiveThirdParty contained opentracing_fastcgi_propagate_context -syn keyword ngxDirectiveThirdParty contained opentracing_grpc_propagate_context -syn keyword ngxDirectiveThirdParty contained opentracing_load_tracer -syn keyword ngxDirectiveThirdParty contained opentracing_location_operation_name -syn keyword ngxDirectiveThirdParty contained opentracing_operation_name -syn keyword ngxDirectiveThirdParty contained opentracing_propagate_context -syn keyword ngxDirectiveThirdParty contained opentracing_tag -syn keyword ngxDirectiveThirdParty contained opentracing_trace_locations -syn keyword ngxDirectiveThirdParty contained opentracing_trust_incoming_span - -" https://github.com/phusion/passenger +" Phusion Passenger +" https://www.phusionpassenger.com/library/config/nginx/reference/ syn keyword ngxDirectiveThirdParty contained passenger_abort_on_startup_error syn keyword ngxDirectiveThirdParty contained passenger_abort_websockets_on_process_shutdown -syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_auth_type -syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_password -syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_url -syn keyword ngxDirectiveThirdParty contained passenger_admin_panel_username -syn keyword ngxDirectiveThirdParty contained passenger_analytics_log_group -syn keyword ngxDirectiveThirdParty contained passenger_analytics_log_user -syn keyword ngxDirectiveThirdParty contained passenger_anonymous_telemetry_proxy syn keyword ngxDirectiveThirdParty contained passenger_app_env syn keyword ngxDirectiveThirdParty contained passenger_app_file_descriptor_ulimit syn keyword ngxDirectiveThirdParty contained passenger_app_group_name -syn keyword ngxDirectiveThirdParty contained passenger_app_log_file syn keyword ngxDirectiveThirdParty contained passenger_app_rights syn keyword ngxDirectiveThirdParty contained passenger_app_root -syn keyword ngxDirectiveThirdParty contained passenger_app_start_command syn keyword ngxDirectiveThirdParty contained passenger_app_type syn keyword ngxDirectiveThirdParty contained passenger_base_uri syn keyword ngxDirectiveThirdParty contained passenger_buffer_response syn keyword ngxDirectiveThirdParty contained passenger_buffer_size -syn keyword ngxDirectiveThirdParty contained passenger_buffer_upload syn keyword ngxDirectiveThirdParty contained passenger_buffers syn keyword ngxDirectiveThirdParty contained passenger_busy_buffers_size syn keyword ngxDirectiveThirdParty contained passenger_concurrency_model syn keyword ngxDirectiveThirdParty contained passenger_core_file_descriptor_ulimit syn keyword ngxDirectiveThirdParty contained passenger_ctl syn keyword ngxDirectiveThirdParty contained passenger_data_buffer_dir -syn keyword ngxDirectiveThirdParty contained passenger_debug_log_file syn keyword ngxDirectiveThirdParty contained passenger_debugger syn keyword ngxDirectiveThirdParty contained passenger_default_group syn keyword ngxDirectiveThirdParty contained passenger_default_user -syn keyword ngxDirectiveThirdParty contained passenger_direct_instance_request_address -syn keyword ngxDirectiveThirdParty contained passenger_disable_anonymous_telemetry -syn keyword ngxDirectiveThirdParty contained passenger_disable_log_prefix syn keyword ngxDirectiveThirdParty contained passenger_disable_security_update_check syn keyword ngxDirectiveThirdParty contained passenger_document_root -syn keyword ngxDirectiveThirdParty contained passenger_dump_config_manifest syn keyword ngxDirectiveThirdParty contained passenger_enabled syn keyword ngxDirectiveThirdParty contained passenger_env_var syn keyword ngxDirectiveThirdParty contained passenger_file_descriptor_log_file @@ -1551,15 +1402,12 @@ syn keyword ngxDirectiveThirdParty contained passenger_max_requests syn keyword ngxDirectiveThirdParty contained passenger_memory_limit syn keyword ngxDirectiveThirdParty contained passenger_meteor_app_settings syn keyword ngxDirectiveThirdParty contained passenger_min_instances -syn keyword ngxDirectiveThirdParty contained passenger_monitor_log_file syn keyword ngxDirectiveThirdParty contained passenger_nodejs syn keyword ngxDirectiveThirdParty contained passenger_pass_header syn keyword ngxDirectiveThirdParty contained passenger_pool_idle_time syn keyword ngxDirectiveThirdParty contained passenger_pre_start -syn keyword ngxDirectiveThirdParty contained passenger_preload_bundler syn keyword ngxDirectiveThirdParty contained passenger_python syn keyword ngxDirectiveThirdParty contained passenger_read_timeout -syn keyword ngxDirectiveThirdParty contained passenger_request_buffering syn keyword ngxDirectiveThirdParty contained passenger_request_queue_overflow_status_code syn keyword ngxDirectiveThirdParty contained passenger_resist_deployment_errors syn keyword ngxDirectiveThirdParty contained passenger_response_buffer_high_watermark @@ -1571,36 +1419,36 @@ syn keyword ngxDirectiveThirdParty contained passenger_security_update_check_pro syn keyword ngxDirectiveThirdParty contained passenger_set_header syn keyword ngxDirectiveThirdParty contained passenger_show_version_in_header syn keyword ngxDirectiveThirdParty contained passenger_socket_backlog -syn keyword ngxDirectiveThirdParty contained passenger_spawn_dir -syn keyword ngxDirectiveThirdParty contained passenger_spawn_exception_status_code syn keyword ngxDirectiveThirdParty contained passenger_spawn_method syn keyword ngxDirectiveThirdParty contained passenger_start_timeout syn keyword ngxDirectiveThirdParty contained passenger_startup_file syn keyword ngxDirectiveThirdParty contained passenger_stat_throttle_rate syn keyword ngxDirectiveThirdParty contained passenger_sticky_sessions -syn keyword ngxDirectiveThirdParty contained passenger_sticky_sessions_cookie_attributes syn keyword ngxDirectiveThirdParty contained passenger_sticky_sessions_cookie_name -syn keyword ngxDirectiveThirdParty contained passenger_temp_path syn keyword ngxDirectiveThirdParty contained passenger_thread_count syn keyword ngxDirectiveThirdParty contained passenger_turbocaching -syn keyword ngxDirectiveThirdParty contained passenger_use_global_queue syn keyword ngxDirectiveThirdParty contained passenger_user syn keyword ngxDirectiveThirdParty contained passenger_user_switching syn keyword ngxDirectiveThirdParty contained passenger_vary_turbocache_by_cookie -syn keyword ngxDirectiveThirdParty contained rack_env -syn keyword ngxDirectiveThirdParty contained rails_app_spawner_idle_time -syn keyword ngxDirectiveThirdParty contained rails_env -syn keyword ngxDirectiveThirdParty contained rails_framework_spawner_idle_time -syn keyword ngxDirectiveThirdParty contained rails_spawn_method -syn keyword ngxDirectiveThirdParty contained union_station_filter -syn keyword ngxDirectiveThirdParty contained union_station_gateway_address -syn keyword ngxDirectiveThirdParty contained union_station_gateway_cert -syn keyword ngxDirectiveThirdParty contained union_station_gateway_port -syn keyword ngxDirectiveThirdParty contained union_station_key -syn keyword ngxDirectiveThirdParty contained union_station_proxy_address -syn keyword ngxDirectiveThirdParty contained union_station_support +syn keyword ngxDirectiveThirdPartyDeprecated contained passenger_analytics_log_group +syn keyword ngxDirectiveThirdPartyDeprecated contained passenger_analytics_log_user +syn keyword ngxDirectiveThirdPartyDeprecated contained passenger_debug_log_file +syn keyword ngxDirectiveThirdPartyDeprecated contained passenger_use_global_queue +syn keyword ngxDirectiveThirdPartyDeprecated contained rack_env +syn keyword ngxDirectiveThirdPartyDeprecated contained rails_app_spawner_idle_time +syn keyword ngxDirectiveThirdPartyDeprecated contained rails_env +syn keyword ngxDirectiveThirdPartyDeprecated contained rails_framework_spawner_idle_time +syn keyword ngxDirectiveThirdPartyDeprecated contained rails_spawn_method +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_filter +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_gateway_address +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_gateway_cert +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_gateway_port +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_key +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_proxy_address +syn keyword ngxDirectiveThirdPartyDeprecated contained union_station_support -" https://github.com/konstruxi/ngx_postgres +" ngx_postgres is an upstream module that allows nginx to communicate directly with PostgreSQL database +" https://github.com/FRiCKLE/ngx_postgres syn keyword ngxDirectiveThirdParty contained postgres_connect_timeout syn keyword ngxDirectiveThirdParty contained postgres_escape syn keyword ngxDirectiveThirdParty contained postgres_keepalive @@ -1612,6 +1460,7 @@ syn keyword ngxDirectiveThirdParty contained postgres_rewrite syn keyword ngxDirectiveThirdParty contained postgres_server syn keyword ngxDirectiveThirdParty contained postgres_set +" ngx_rds_csv - Nginx output filter module to convert Resty-DBD-Streams (RDS) to Comma-Separated Values (CSV) " https://github.com/openresty/rds-csv-nginx-module syn keyword ngxDirectiveThirdParty contained rds_csv syn keyword ngxDirectiveThirdParty contained rds_csv_buffer_size @@ -1620,6 +1469,7 @@ syn keyword ngxDirectiveThirdParty contained rds_csv_field_name_header syn keyword ngxDirectiveThirdParty contained rds_csv_field_separator syn keyword ngxDirectiveThirdParty contained rds_csv_row_terminator +" ngx_rds_json - an output filter that formats Resty DBD Streams generated by ngx_drizzle and others to JSON " https://github.com/openresty/rds-json-nginx-module syn keyword ngxDirectiveThirdParty contained rds_json syn keyword ngxDirectiveThirdParty contained rds_json_buffer_size @@ -1632,6 +1482,7 @@ syn keyword ngxDirectiveThirdParty contained rds_json_root syn keyword ngxDirectiveThirdParty contained rds_json_success_property syn keyword ngxDirectiveThirdParty contained rds_json_user_property +" ngx_redis2 - Nginx upstream module for the Redis 2.0 protocol " https://github.com/openresty/redis2-nginx-module syn keyword ngxDirectiveThirdParty contained redis2_bind syn keyword ngxDirectiveThirdParty contained redis2_buffer_size @@ -1645,6 +1496,7 @@ syn keyword ngxDirectiveThirdParty contained redis2_raw_query syn keyword ngxDirectiveThirdParty contained redis2_read_timeout syn keyword ngxDirectiveThirdParty contained redis2_send_timeout +" NGINX-based Media Streaming Server " https://github.com/arut/nginx-rtmp-module syn keyword ngxDirectiveThirdParty contained ack_window syn keyword ngxDirectiveThirdParty contained application @@ -1756,26 +1608,23 @@ syn keyword ngxDirectiveThirdParty contained sync syn keyword ngxDirectiveThirdParty contained wait_key syn keyword ngxDirectiveThirdParty contained wait_video +" ngx_set_misc - Various set_xxx directives added to nginx's rewrite module (md5/sha1, sql/json quoting, and many more) " https://github.com/openresty/set-misc-nginx-module syn keyword ngxDirectiveThirdParty contained set_base32_alphabet syn keyword ngxDirectiveThirdParty contained set_base32_padding syn keyword ngxDirectiveThirdParty contained set_decode_base32 syn keyword ngxDirectiveThirdParty contained set_decode_base64 -syn keyword ngxDirectiveThirdParty contained set_decode_base64url syn keyword ngxDirectiveThirdParty contained set_decode_hex syn keyword ngxDirectiveThirdParty contained set_encode_base32 syn keyword ngxDirectiveThirdParty contained set_encode_base64 -syn keyword ngxDirectiveThirdParty contained set_encode_base64url syn keyword ngxDirectiveThirdParty contained set_encode_hex syn keyword ngxDirectiveThirdParty contained set_escape_uri syn keyword ngxDirectiveThirdParty contained set_formatted_gmt_time syn keyword ngxDirectiveThirdParty contained set_formatted_local_time syn keyword ngxDirectiveThirdParty contained set_hashed_upstream syn keyword ngxDirectiveThirdParty contained set_hmac_sha1 -syn keyword ngxDirectiveThirdParty contained set_hmac_sha256 syn keyword ngxDirectiveThirdParty contained set_if_empty syn keyword ngxDirectiveThirdParty contained set_local_today -syn keyword ngxDirectiveThirdParty contained set_md5 syn keyword ngxDirectiveThirdParty contained set_misc_base32_padding syn keyword ngxDirectiveThirdParty contained set_quote_json_str syn keyword ngxDirectiveThirdParty contained set_quote_pgsql_str @@ -1784,18 +1633,20 @@ syn keyword ngxDirectiveThirdParty contained set_random syn keyword ngxDirectiveThirdParty contained set_rotate syn keyword ngxDirectiveThirdParty contained set_secure_random_alphanum syn keyword ngxDirectiveThirdParty contained set_secure_random_lcalpha -syn keyword ngxDirectiveThirdParty contained set_sha1 syn keyword ngxDirectiveThirdParty contained set_unescape_uri +" nginx-sflow-module " https://github.com/sflow/nginx-sflow-module syn keyword ngxDirectiveThirdParty contained sflow +" Shibboleth auth request module for Nginx " https://github.com/nginx-shib/nginx-http-shibboleth syn keyword ngxDirectiveThirdParty contained shib_request syn keyword ngxDirectiveThirdParty contained shib_request_set syn keyword ngxDirectiveThirdParty contained shib_request_use_headers -" https://github.com/baysao/ngx_slowfs_cache +" nginx module which adds ability to cache static files +" https://github.com/FRiCKLE/ngx_slowfs_cache syn keyword ngxDirectiveThirdParty contained slowfs_big_file_size syn keyword ngxDirectiveThirdParty contained slowfs_cache syn keyword ngxDirectiveThirdParty contained slowfs_cache_key @@ -1805,6 +1656,18 @@ syn keyword ngxDirectiveThirdParty contained slowfs_cache_purge syn keyword ngxDirectiveThirdParty contained slowfs_cache_valid syn keyword ngxDirectiveThirdParty contained slowfs_temp_path +" Dynamic Image Transformation Module For nginx +" https://github.com/cubicdaiya/ngx_small_light +syn keyword ngxDirectiveThirdParty contained small_light +syn keyword ngxDirectiveThirdParty contained small_light_buffer +syn keyword ngxDirectiveThirdParty contained small_light_getparam_mode +syn keyword ngxDirectiveThirdParty contained small_light_imlib2_temp_dir +syn keyword ngxDirectiveThirdParty contained small_light_material_dir +syn keyword ngxDirectiveThirdParty contained small_light_pattern_define +syn keyword ngxDirectiveThirdParty contained small_light_radius_max +syn keyword ngxDirectiveThirdParty contained small_light_sigma_max + +" ngx_srcache - Transparent subrequest-based caching layout for arbitrary nginx locations " https://github.com/openresty/srcache-nginx-module syn keyword ngxDirectiveThirdParty contained srcache_buffer syn keyword ngxDirectiveThirdParty contained srcache_default_expire @@ -1827,6 +1690,7 @@ syn keyword ngxDirectiveThirdParty contained srcache_store_ranges syn keyword ngxDirectiveThirdParty contained srcache_store_skip syn keyword ngxDirectiveThirdParty contained srcache_store_statuses +" NGINX-based VOD Packager " https://github.com/kaltura/nginx-vod-module syn keyword ngxDirectiveThirdParty contained vod syn keyword ngxDirectiveThirdParty contained vod_align_segments_to_key_frames @@ -1852,7 +1716,6 @@ syn keyword ngxDirectiveThirdParty contained vod_expires_live_time_dependent syn keyword ngxDirectiveThirdParty contained vod_fallback_upstream_location syn keyword ngxDirectiveThirdParty contained vod_force_continuous_timestamps syn keyword ngxDirectiveThirdParty contained vod_force_playlist_type_vod -syn keyword ngxDirectiveThirdParty contained vod_force_sequence_index syn keyword ngxDirectiveThirdParty contained vod_gop_look_ahead syn keyword ngxDirectiveThirdParty contained vod_gop_look_behind syn keyword ngxDirectiveThirdParty contained vod_ignore_edit_list @@ -1866,7 +1729,6 @@ syn keyword ngxDirectiveThirdParty contained vod_live_window_duration syn keyword ngxDirectiveThirdParty contained vod_manifest_duration_policy syn keyword ngxDirectiveThirdParty contained vod_manifest_segment_durations_mode syn keyword ngxDirectiveThirdParty contained vod_mapping_cache -syn keyword ngxDirectiveThirdParty contained vod_max_frame_count syn keyword ngxDirectiveThirdParty contained vod_max_frames_size syn keyword ngxDirectiveThirdParty contained vod_max_mapping_response_size syn keyword ngxDirectiveThirdParty contained vod_max_metadata_size @@ -1881,7 +1743,6 @@ syn keyword ngxDirectiveThirdParty contained vod_notification_uri syn keyword ngxDirectiveThirdParty contained vod_open_file_thread_pool syn keyword ngxDirectiveThirdParty contained vod_output_buffer_pool syn keyword ngxDirectiveThirdParty contained vod_parse_hdlr_name -syn keyword ngxDirectiveThirdParty contained vod_parse_udta_name syn keyword ngxDirectiveThirdParty contained vod_path_response_postfix syn keyword ngxDirectiveThirdParty contained vod_path_response_prefix syn keyword ngxDirectiveThirdParty contained vod_performance_counters @@ -1893,7 +1754,6 @@ syn keyword ngxDirectiveThirdParty contained vod_response_cache syn keyword ngxDirectiveThirdParty contained vod_secret_key syn keyword ngxDirectiveThirdParty contained vod_segment_count_policy syn keyword ngxDirectiveThirdParty contained vod_segment_duration -syn keyword ngxDirectiveThirdParty contained vod_segment_max_frame_count syn keyword ngxDirectiveThirdParty contained vod_segments_base_url syn keyword ngxDirectiveThirdParty contained vod_source_clip_map_uri syn keyword ngxDirectiveThirdParty contained vod_speed_param_name @@ -1903,6 +1763,7 @@ syn keyword ngxDirectiveThirdParty contained vod_tracks_param_name syn keyword ngxDirectiveThirdParty contained vod_upstream_extra_args syn keyword ngxDirectiveThirdParty contained vod_upstream_location +" Nginx virtual host traffic status module " https://github.com/vozlt/nginx-module-vts syn keyword ngxDirectiveThirdParty contained vhost_traffic_status syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_average_method @@ -1917,8 +1778,6 @@ syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_host syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_by_set_key syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_check_duplicate -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_filter_max_node -syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_histogram_buckets syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_check_duplicate syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_traffic @@ -1926,6 +1785,7 @@ syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_limit_traffic_ syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_set_by_filter syn keyword ngxDirectiveThirdParty contained vhost_traffic_status_zone +" xss-nginx-module - Native cross-site scripting support in nginx " https://github.com/openresty/xss-nginx-module syn keyword ngxDirectiveThirdParty contained xss_callback_arg syn keyword ngxDirectiveThirdParty contained xss_check_status @@ -1934,46 +1794,475 @@ syn keyword ngxDirectiveThirdParty contained xss_input_types syn keyword ngxDirectiveThirdParty contained xss_output_type syn keyword ngxDirectiveThirdParty contained xss_override_status -" https://github.com/tg123/websockify-nginx-module -syn keyword ngxDirectiveThirdParty contained websockify_buffer_size -syn keyword ngxDirectiveThirdParty contained websockify_connect_timeout -syn keyword ngxDirectiveThirdParty contained websockify_pass -syn keyword ngxDirectiveThirdParty contained websockify_read_timeout -syn keyword ngxDirectiveThirdParty contained websockify_send_timeout +" Add support for array-typed variables to nginx config files +" https://github.com/openresty/array-var-nginx-module +syn keyword ngxDirectiveThirdParty contained array_join +syn keyword ngxDirectiveThirdParty contained array_map +syn keyword ngxDirectiveThirdParty contained array_map_op +syn keyword ngxDirectiveThirdParty contained array_split + +" NGINX module for Brotli compression +" https://github.com/eustas/ngx_brotli +syn keyword ngxDirectiveThirdParty contained brotli +syn keyword ngxDirectiveThirdParty contained brotli_buffers +syn keyword ngxDirectiveThirdParty contained brotli_comp_level +syn keyword ngxDirectiveThirdParty contained brotli_min_length +syn keyword ngxDirectiveThirdParty contained brotli_static +syn keyword ngxDirectiveThirdParty contained brotli_types +syn keyword ngxDirectiveThirdParty contained brotli_window + +" form-input-nginx-module +" https://github.com/calio/form-input-nginx-module +syn keyword ngxDirectiveThirdParty contained set_form_input +syn keyword ngxDirectiveThirdParty contained set_form_input_multi + +" character conversion nginx module using libiconv +" https://github.com/calio/iconv-nginx-module +syn keyword ngxDirectiveThirdParty contained iconv_buffer_size +syn keyword ngxDirectiveThirdParty contained iconv_filter +syn keyword ngxDirectiveThirdParty contained set_iconv + +" 3rd party modules list taken from +" https://www.nginx.com/resources/wiki/modules/ +" --------------------------------------------- + +" Nginx Module for Authenticating Akamai G2O requests +" https://github.com/kaltura/nginx_mod_akamai_g2o +syn keyword ngxDirectiveThirdParty contained g2o +syn keyword ngxDirectiveThirdParty contained g2o_data_header +syn keyword ngxDirectiveThirdParty contained g2o_hash_function +syn keyword ngxDirectiveThirdParty contained g2o_key +syn keyword ngxDirectiveThirdParty contained g2o_log_level +syn keyword ngxDirectiveThirdParty contained g2o_nonce +syn keyword ngxDirectiveThirdParty contained g2o_sign_header +syn keyword ngxDirectiveThirdParty contained g2o_time_window +syn keyword ngxDirectiveThirdParty contained g2o_version + +" nginx_lua_module +" https://github.com/alacner/nginx_lua_module +syn keyword ngxDirectiveThirdParty contained lua_file + +" Nginx Audio Track for HTTP Live Streaming +" https://github.com/flavioribeiro/nginx-audio-track-for-hls-module +syn keyword ngxDirectiveThirdParty contained ngx_hls_audio_track +syn keyword ngxDirectiveThirdParty contained ngx_hls_audio_track_output_format +syn keyword ngxDirectiveThirdParty contained ngx_hls_audio_track_output_header +syn keyword ngxDirectiveThirdParty contained ngx_hls_audio_track_rootpath + +" A Nginx module to dump backtrace when a worker process exits abnormally +" https://github.com/alibaba/nginx-backtrace +syn keyword ngxDirectiveThirdParty contained backtrace_log +syn keyword ngxDirectiveThirdParty contained backtrace_max_stack_size + +" circle_gif module +" https://github.com/evanmiller/nginx_circle_gif +syn keyword ngxDirectiveThirdParty contained circle_gif +syn keyword ngxDirectiveThirdParty contained circle_gif_max_radius +syn keyword ngxDirectiveThirdParty contained circle_gif_min_radius +syn keyword ngxDirectiveThirdParty contained circle_gif_step_radius + +" Upstream Consistent Hash +" https://github.com/replay/ngx_http_consistent_hash +syn keyword ngxDirectiveThirdParty contained consistent_hash + +" Nginx module for etags on dynamic content +" https://github.com/kali/nginx-dynamic-etags +syn keyword ngxDirectiveThirdParty contained dynamic_etags + +" Enhanced Nginx Memcached Module +" https://github.com/bpaquet/ngx_http_enhanced_memcached_module +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_allow_delete +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_allow_put +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_bind +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_buffer_size +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_connect_timeout +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_flush +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_flush_namespace +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_hash_keys_with_md5 +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_pass +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_read_timeout +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_send_timeout +syn keyword ngxDirectiveThirdParty contained enhanced_memcached_stats + +" nginx max connections queue +" https://github.com/ezmobius/nginx-ey-balancer +syn keyword ngxDirectiveThirdParty contained max_connections_max_queue_length +syn keyword ngxDirectiveThirdParty contained max_connections_queue_timeout + +" Nginx module for POST authentication and authorization +" https://github.com/veruu/ngx_form_auth +syn keyword ngxDirectiveThirdParty contained form_auth +syn keyword ngxDirectiveThirdParty contained form_auth_login +syn keyword ngxDirectiveThirdParty contained form_auth_pam_service +syn keyword ngxDirectiveThirdParty contained form_auth_password +syn keyword ngxDirectiveThirdParty contained form_auth_remote_user + +" ngx_http_accounting_module +" https://github.com/Lax/ngx_http_accounting_module +syn keyword ngxDirectiveThirdParty contained http_accounting +syn keyword ngxDirectiveThirdParty contained http_accounting_id +syn keyword ngxDirectiveThirdParty contained http_accounting_interval +syn keyword ngxDirectiveThirdParty contained http_accounting_log +syn keyword ngxDirectiveThirdParty contained http_accounting_perturb + +" concatenating files in a given context: CSS and JS files usually +" https://github.com/alibaba/nginx-http-concat +syn keyword ngxDirectiveThirdParty contained concat +syn keyword ngxDirectiveThirdParty contained concat_delimiter +syn keyword ngxDirectiveThirdParty contained concat_ignore_file_error +syn keyword ngxDirectiveThirdParty contained concat_max_files +syn keyword ngxDirectiveThirdParty contained concat_types +syn keyword ngxDirectiveThirdParty contained concat_unique + +" update upstreams' config by restful interface +" https://github.com/yzprofile/ngx_http_dyups_module +syn keyword ngxDirectiveThirdParty contained dyups_interface +syn keyword ngxDirectiveThirdParty contained dyups_read_msg_log +syn keyword ngxDirectiveThirdParty contained dyups_read_msg_timeout +syn keyword ngxDirectiveThirdParty contained dyups_shm_zone_size +syn keyword ngxDirectiveThirdParty contained dyups_trylock +syn keyword ngxDirectiveThirdParty contained dyups_upstream_conf + +" add given content to the end of the response according to the condition specified +" https://github.com/flygoast/ngx_http_footer_if_filter +syn keyword ngxDirectiveThirdParty contained footer_if + +" NGINX HTTP Internal Redirect Module +" https://github.com/flygoast/ngx_http_internal_redirect +syn keyword ngxDirectiveThirdParty contained internal_redirect_if +syn keyword ngxDirectiveThirdParty contained internal_redirect_if_no_postpone + +" nginx-ip-blocker +" https://github.com/tmthrgd/nginx-ip-blocker +syn keyword ngxDirectiveThirdParty contained ip_blocker + +" IP2Location Nginx +" https://github.com/chrislim2888/ip2location-nginx +syn keyword ngxDirectiveThirdParty contained ip2location_database + +" Limit upload rate +" https://github.com/cfsego/limit_upload_rate +syn keyword ngxDirectiveThirdParty contained limit_upload_rate +syn keyword ngxDirectiveThirdParty contained limit_upload_rate_after +syn keyword ngxDirectiveThirdParty contained limit_upload_rate_log_level + +" limit the number of connections to upstream +" https://github.com/cfsego/nginx-limit-upstream +syn keyword ngxDirectiveThirdParty contained limit_upstream_conn +syn keyword ngxDirectiveThirdParty contained limit_upstream_log_level +syn keyword ngxDirectiveThirdParty contained limit_upstream_zone + +" conditional accesslog for nginx +" https://github.com/cfsego/ngx_log_if +syn keyword ngxDirectiveThirdParty contained access_log_bypass_if + +" log messages over ZeroMQ +" https://github.com/alticelabs/nginx-log-zmq +syn keyword ngxDirectiveThirdParty contained log_zmq_endpoint +syn keyword ngxDirectiveThirdParty contained log_zmq_format +syn keyword ngxDirectiveThirdParty contained log_zmq_off +syn keyword ngxDirectiveThirdParty contained log_zmq_server + +" simple module to uppercase/lowercase strings in the nginx config +" https://github.com/replay/ngx_http_lower_upper_case +syn keyword ngxDirectiveThirdParty contained lower +syn keyword ngxDirectiveThirdParty contained upper + +" content filter for nginx, which returns the md5 hash of the content otherwise returned +" https://github.com/kainswor/nginx_md5_filter +syn keyword ngxDirectiveThirdParty contained md5_filter + +" Non-blocking upstream module for Nginx to connect to MongoDB +" https://github.com/simpl/ngx_mongo +syn keyword ngxDirectiveThirdParty contained mongo_auth +syn keyword ngxDirectiveThirdParty contained mongo_bind +syn keyword ngxDirectiveThirdParty contained mongo_buffer_size +syn keyword ngxDirectiveThirdParty contained mongo_buffering +syn keyword ngxDirectiveThirdParty contained mongo_buffers +syn keyword ngxDirectiveThirdParty contained mongo_busy_buffers_size +syn keyword ngxDirectiveThirdParty contained mongo_connect_timeout +syn keyword ngxDirectiveThirdParty contained mongo_json +syn keyword ngxDirectiveThirdParty contained mongo_next_upstream +syn keyword ngxDirectiveThirdParty contained mongo_pass +syn keyword ngxDirectiveThirdParty contained mongo_query +syn keyword ngxDirectiveThirdParty contained mongo_read_timeout +syn keyword ngxDirectiveThirdParty contained mongo_send_timeout + +" Nginx OCSP processing module designed for response caching +" https://github.com/kyprizel/nginx_ocsp_proxy-module +syn keyword ngxDirectiveThirdParty contained ocsp_cache_timeout +syn keyword ngxDirectiveThirdParty contained ocsp_proxy + +" Nginx OpenSSL version check at startup +" https://github.com/apcera/nginx-openssl-version +syn keyword ngxDirectiveThirdParty contained openssl_builddate_minimum +syn keyword ngxDirectiveThirdParty contained openssl_version_minimum + +" Automatic PageSpeed optimization module for Nginx +" https://github.com/pagespeed/ngx_pagespeed +syn keyword ngxDirectiveThirdParty contained pagespeed + +" PECL Memcache standard hashing compatible loadbalancer for Nginx +" https://github.com/replay/ngx_http_php_memcache_standard_balancer +syn keyword ngxDirectiveThirdParty contained hash_key + +" nginx module to parse php sessions +" https://github.com/replay/ngx_http_php_session +syn keyword ngxDirectiveThirdParty contained php_session_parse +syn keyword ngxDirectiveThirdParty contained php_session_strip_formatting + +" Nginx HTTP rDNS module +" https://github.com/flant/nginx-http-rdns +syn keyword ngxDirectiveThirdParty contained rdns +syn keyword ngxDirectiveThirdParty contained rdns_allow +syn keyword ngxDirectiveThirdParty contained rdns_deny + +" Streaming regular expression replacement in response bodies +" https://github.com/openresty/replace-filter-nginx-module +syn keyword ngxDirectiveThirdParty contained replace_filter +syn keyword ngxDirectiveThirdParty contained replace_filter_last_modified +syn keyword ngxDirectiveThirdParty contained replace_filter_max_buffered_size +syn keyword ngxDirectiveThirdParty contained replace_filter_skip +syn keyword ngxDirectiveThirdParty contained replace_filter_types + +" Link RRDtool's graphing facilities directly into nginx +" https://github.com/evanmiller/mod_rrd_graph +syn keyword ngxDirectiveThirdParty contained rrd_graph +syn keyword ngxDirectiveThirdParty contained rrd_graph_root + +" Module for nginx to proxy rtmp using http protocol +" https://github.com/kwojtek/nginx-rtmpt-proxy-module +syn keyword ngxDirectiveThirdParty contained rtmpt_proxy +syn keyword ngxDirectiveThirdParty contained rtmpt_proxy_http_timeout +syn keyword ngxDirectiveThirdParty contained rtmpt_proxy_rtmp_timeout +syn keyword ngxDirectiveThirdParty contained rtmpt_proxy_stat +syn keyword ngxDirectiveThirdParty contained rtmpt_proxy_stylesheet +syn keyword ngxDirectiveThirdParty contained rtmpt_proxy_target + +" Syntactically Awesome NGINX Module +" https://github.com/mneudert/sass-nginx-module +syn keyword ngxDirectiveThirdParty contained sass_compile +syn keyword ngxDirectiveThirdParty contained sass_error_log +syn keyword ngxDirectiveThirdParty contained sass_include_path +syn keyword ngxDirectiveThirdParty contained sass_indent +syn keyword ngxDirectiveThirdParty contained sass_is_indented_syntax +syn keyword ngxDirectiveThirdParty contained sass_linefeed +syn keyword ngxDirectiveThirdParty contained sass_output_style +syn keyword ngxDirectiveThirdParty contained sass_precision +syn keyword ngxDirectiveThirdParty contained sass_source_comments +syn keyword ngxDirectiveThirdParty contained sass_source_map_embed + +" Nginx Selective Cache Purge Module +" https://github.com/wandenberg/nginx-selective-cache-purge-module +syn keyword ngxDirectiveThirdParty contained selective_cache_purge_query +syn keyword ngxDirectiveThirdParty contained selective_cache_purge_redis_database +syn keyword ngxDirectiveThirdParty contained selective_cache_purge_redis_host +syn keyword ngxDirectiveThirdParty contained selective_cache_purge_redis_password +syn keyword ngxDirectiveThirdParty contained selective_cache_purge_redis_port +syn keyword ngxDirectiveThirdParty contained selective_cache_purge_redis_unix_socket + +" cconv nginx module +" https://github.com/liseen/set-cconv-nginx-module +syn keyword ngxDirectiveThirdParty contained set_cconv_to_simp +syn keyword ngxDirectiveThirdParty contained set_cconv_to_trad +syn keyword ngxDirectiveThirdParty contained set_pinyin_to_normal + +" Nginx module that allows the setting of variables to the value of a variety of hashes +" https://github.com/simpl/ngx_http_set_hash +syn keyword ngxDirectiveThirdParty contained set_md5 +syn keyword ngxDirectiveThirdParty contained set_md5_upper +syn keyword ngxDirectiveThirdParty contained set_murmur2 +syn keyword ngxDirectiveThirdParty contained set_murmur2_upper +syn keyword ngxDirectiveThirdParty contained set_sha1 +syn keyword ngxDirectiveThirdParty contained set_sha1_upper + +" Nginx module to set the language of a request based on a number of options +" https://github.com/simpl/ngx_http_set_lang +syn keyword ngxDirectiveThirdParty contained lang_cookie +syn keyword ngxDirectiveThirdParty contained lang_get_var +syn keyword ngxDirectiveThirdParty contained lang_host +syn keyword ngxDirectiveThirdParty contained lang_list +syn keyword ngxDirectiveThirdParty contained lang_post_var +syn keyword ngxDirectiveThirdParty contained lang_referer +syn keyword ngxDirectiveThirdParty contained set_lang +syn keyword ngxDirectiveThirdParty contained set_lang_method + +" Nginx Sorted Querystring Module +" https://github.com/wandenberg/nginx-sorted-querystring-module +syn keyword ngxDirectiveThirdParty contained sorted_querysting_filter_parameter + +" Nginx upstream module for Sphinx 2.x search daemon +" https://github.com/reeteshranjan/sphinx2-nginx-module +syn keyword ngxDirectiveThirdParty contained sphinx2_bind +syn keyword ngxDirectiveThirdParty contained sphinx2_buffer_size +syn keyword ngxDirectiveThirdParty contained sphinx2_connect_timeout +syn keyword ngxDirectiveThirdParty contained sphinx2_next_upstream +syn keyword ngxDirectiveThirdParty contained sphinx2_pass +syn keyword ngxDirectiveThirdParty contained sphinx2_read_timeout +syn keyword ngxDirectiveThirdParty contained sphinx2_send_timeout + +" Nginx module for retrieving user attributes and groups from SSSD +" https://github.com/veruu/ngx_sssd_info +syn keyword ngxDirectiveThirdParty contained sssd_info +syn keyword ngxDirectiveThirdParty contained sssd_info_attribute +syn keyword ngxDirectiveThirdParty contained sssd_info_attribute_separator +syn keyword ngxDirectiveThirdParty contained sssd_info_attributes +syn keyword ngxDirectiveThirdParty contained sssd_info_group +syn keyword ngxDirectiveThirdParty contained sssd_info_group_separator +syn keyword ngxDirectiveThirdParty contained sssd_info_groups +syn keyword ngxDirectiveThirdParty contained sssd_info_output_to + +" An nginx module for sending statistics to statsd +" https://github.com/zebrafishlabs/nginx-statsd +syn keyword ngxDirectiveThirdParty contained statsd_count +syn keyword ngxDirectiveThirdParty contained statsd_sample_rate +syn keyword ngxDirectiveThirdParty contained statsd_server +syn keyword ngxDirectiveThirdParty contained statsd_timing + +" ngx_stream_echo - TCP/stream echo module for NGINX (a port of the ngx_http_echo module) +" https://github.com/openresty/stream-echo-nginx-module +syn keyword ngxDirectiveThirdParty contained echo +syn keyword ngxDirectiveThirdParty contained echo_client_error_log_level +syn keyword ngxDirectiveThirdParty contained echo_discard_request +syn keyword ngxDirectiveThirdParty contained echo_duplicate +syn keyword ngxDirectiveThirdParty contained echo_flush_wait +syn keyword ngxDirectiveThirdParty contained echo_lingering_close +syn keyword ngxDirectiveThirdParty contained echo_lingering_time +syn keyword ngxDirectiveThirdParty contained echo_lingering_timeout +syn keyword ngxDirectiveThirdParty contained echo_read_buffer_size +syn keyword ngxDirectiveThirdParty contained echo_read_bytes +syn keyword ngxDirectiveThirdParty contained echo_read_line +syn keyword ngxDirectiveThirdParty contained echo_read_timeout +syn keyword ngxDirectiveThirdParty contained echo_request_data +syn keyword ngxDirectiveThirdParty contained echo_send_timeout +syn keyword ngxDirectiveThirdParty contained echo_sleep + +" Embed the power of Lua into NGINX TCP/UDP servers +" https://github.com/openresty/stream-lua-nginx-module +syn keyword ngxDirectiveThirdParty contained lua_add_variable +syn keyword ngxDirectiveThirdParty contained preread_by_lua_block +syn keyword ngxDirectiveThirdParty contained preread_by_lua_file +syn keyword ngxDirectiveThirdParty contained preread_by_lua_no_postpone + +" nginx-upsync-module +" https://github.com/weibocom/nginx-upsync-module +syn keyword ngxDirectiveThirdParty contained upstream_show +syn keyword ngxDirectiveThirdParty contained upsync +syn keyword ngxDirectiveThirdParty contained upsync_dump_path +syn keyword ngxDirectiveThirdParty contained upsync_lb + +" Whitespace stripper for nginx +" https://github.com/evanmiller/mod_strip +syn keyword ngxDirectiveThirdParty contained strip + +" Split one big HTTP/Range request to multiple subrange requesets +" https://github.com/Qihoo360/ngx_http_subrange_module +syn keyword ngxDirectiveThirdParty contained subrange + +" summarizer-nginx-module +" https://github.com/reeteshranjan/summarizer-nginx-module +syn keyword ngxDirectiveThirdParty contained summarizer_bind +syn keyword ngxDirectiveThirdParty contained summarizer_buffer_size +syn keyword ngxDirectiveThirdParty contained summarizer_connect_timeout +syn keyword ngxDirectiveThirdParty contained summarizer_next_upstream +syn keyword ngxDirectiveThirdParty contained summarizer_pass +syn keyword ngxDirectiveThirdParty contained summarizer_read_timeout +syn keyword ngxDirectiveThirdParty contained summarizer_send_timeout + +" nginx module providing API to communicate with supervisord and manage (start/stop) backends on-demand +" https://github.com/FRiCKLE/ngx_supervisord +syn keyword ngxDirectiveThirdParty contained supervisord +syn keyword ngxDirectiveThirdParty contained supervisord_inherit_backend_status +syn keyword ngxDirectiveThirdParty contained supervisord_name +syn keyword ngxDirectiveThirdParty contained supervisord_start +syn keyword ngxDirectiveThirdParty contained supervisord_stop + +" simple robot mitigation module using cookie based challenge/response technique. Not supported any more. +" https://github.com/kyprizel/testcookie-nginx-module +syn keyword ngxDirectiveThirdParty contained testcookie +syn keyword ngxDirectiveThirdParty contained testcookie_arg +syn keyword ngxDirectiveThirdParty contained testcookie_deny_keepalive +syn keyword ngxDirectiveThirdParty contained testcookie_domain +syn keyword ngxDirectiveThirdParty contained testcookie_expires +syn keyword ngxDirectiveThirdParty contained testcookie_fallback +syn keyword ngxDirectiveThirdParty contained testcookie_get_only +syn keyword ngxDirectiveThirdParty contained testcookie_httponly_flag +syn keyword ngxDirectiveThirdParty contained testcookie_https_location +syn keyword ngxDirectiveThirdParty contained testcookie_internal +syn keyword ngxDirectiveThirdParty contained testcookie_max_attempts +syn keyword ngxDirectiveThirdParty contained testcookie_name +syn keyword ngxDirectiveThirdParty contained testcookie_p3p +syn keyword ngxDirectiveThirdParty contained testcookie_pass +syn keyword ngxDirectiveThirdParty contained testcookie_path +syn keyword ngxDirectiveThirdParty contained testcookie_port_in_redirect +syn keyword ngxDirectiveThirdParty contained testcookie_redirect_via_refresh +syn keyword ngxDirectiveThirdParty contained testcookie_refresh_encrypt_cookie +syn keyword ngxDirectiveThirdParty contained testcookie_refresh_encrypt_cookie_iv +syn keyword ngxDirectiveThirdParty contained testcookie_refresh_encrypt_cookie_key +syn keyword ngxDirectiveThirdParty contained testcookie_refresh_status +syn keyword ngxDirectiveThirdParty contained testcookie_refresh_template +syn keyword ngxDirectiveThirdParty contained testcookie_secret +syn keyword ngxDirectiveThirdParty contained testcookie_secure_flag +syn keyword ngxDirectiveThirdParty contained testcookie_session +syn keyword ngxDirectiveThirdParty contained testcookie_whitelist + +" ngx_http_types_filter_module +" https://github.com/flygoast/ngx_http_types_filter +syn keyword ngxDirectiveThirdParty contained types_filter +syn keyword ngxDirectiveThirdParty contained types_filter_use_default + +" A module allowing the nginx to use files embedded in a zip file +" https://github.com/youzee/nginx-unzip-module +syn keyword ngxDirectiveThirdParty contained file_in_unzip +syn keyword ngxDirectiveThirdParty contained file_in_unzip_archivefile +syn keyword ngxDirectiveThirdParty contained file_in_unzip_extract + +" An asynchronous domain name resolve module for nginx upstream +" https://github.com/wdaike/ngx_upstream_jdomain +syn keyword ngxDirectiveThirdParty contained jdomain + +" Nginx url encoding converting module +" https://github.com/vozlt/nginx-module-url +syn keyword ngxDirectiveThirdParty contained url_encoding_convert +syn keyword ngxDirectiveThirdParty contained url_encoding_convert_alloc_size +syn keyword ngxDirectiveThirdParty contained url_encoding_convert_alloc_size_x +syn keyword ngxDirectiveThirdParty contained url_encoding_convert_from +syn keyword ngxDirectiveThirdParty contained url_encoding_convert_phase +syn keyword ngxDirectiveThirdParty contained url_encoding_convert_to + +" A nginx module to match browsers and crawlers +" https://github.com/alibaba/nginx-http-user-agent +syn keyword ngxDirectiveThirdParty contained user_agent + +" nginx load-balancer module implementing ketama consistent hashing +" https://github.com/flygoast/ngx_http_upstream_ketama_chash +syn keyword ngxDirectiveThirdParty contained ketama_chash + + -" https://github.com/vozlt/nginx-module-sts -syn keyword ngxDirectiveThirdParty contained stream_server_traffic_status -syn keyword ngxDirectiveThirdParty contained stream_server_traffic_status_average_method -syn keyword ngxDirectiveThirdParty contained stream_server_traffic_status_display -syn keyword ngxDirectiveThirdParty contained stream_server_traffic_status_display_format -syn keyword ngxDirectiveThirdParty contained stream_server_traffic_status_display_jsonp -syn keyword ngxDirectiveThirdParty contained stream_server_traffic_status_zone " highlight -hi def link ngxComment Comment -hi def link ngxParamComment Comment -hi def link ngxListenComment Comment -hi def link ngxVariable Identifier -hi def link ngxVariableString PreProc -hi def link ngxString String -hi def link ngxListenString String +hi link ngxComment Comment +hi link ngxParamComment Comment +hi link ngxListenComment Comment +hi link ngxVariable Identifier +hi link ngxVariableString PreProc +hi link ngxString String +hi link ngxListenString String -hi def link ngxBoolean Boolean -hi def link ngxDirectiveBlock Statement -hi def link ngxDirectiveImportant Type -hi def link ngxDirectiveListen Type -hi def link ngxDirectiveControl Keyword -hi def link ngxDirectiveError Constant -hi def link ngxDirectiveDeprecated Error -hi def link ngxDirective Identifier -hi def link ngxDirectiveThirdParty Special -hi def link ngxDirectiveThirdPartyDeprecated Error +hi link ngxBoolean Boolean +hi link ngxDirectiveBlock Statement +hi link ngxDirectiveImportant Type +hi link ngxDirectiveListen Type +hi link ngxDirectiveControl Keyword +hi link ngxDirectiveError Constant +hi link ngxDirectiveDeprecated Error +hi link ngxDirective Identifier +hi link ngxDirectiveThirdParty Special +hi link ngxDirectiveThirdPartyDeprecated Error -hi def link ngxListenOptions Keyword -hi def link ngxListenOptionsDeprecated Error - -let &cpo = s:save_cpo -unlet s:save_cpo +hi link ngxListenOptions Keyword +hi link ngxListenOptionsDeprecated Error let b:current_syntax = "nginx" diff --git a/debian/README.source b/debian/README.Packaging similarity index 68% rename from debian/README.source rename to debian/README.Packaging index dc71efa..47a582f 100644 --- a/debian/README.source +++ b/debian/README.Packaging @@ -1,7 +1,8 @@ Debian Packaging ================ -We use git-buildpackage for packaging. +We use git-buildpackage for packaging. Our repository can be found at +git.debian.org:/git/collab-maint/nginx.git. Workflow for Unstable ===================== @@ -13,9 +14,15 @@ Dynamic Modules Since v1.9.11 Nginx added dynamic module support. This will sanitize the nginx packaging flow in the long term, but there is a lot work to be done -in order to get there. We gradually convert all modules to dynamic +in order to get there. We will gradually convert all modules to dynamic as they add support for it. +Currently nginx modules need to be build together with nginx, but this +will be fixed upstream [0]. Since we already ship 3rd party modules under +debian/modules/ we will start shipping module packages (libnginx-mod) from +the same source. Once upstream implements separated building we will +split each module to a separate source. + [0] https://www.nginx.com/blog/dynamic-modules-nginx-1-9-11/ Workflow for Experimental @@ -27,7 +34,7 @@ as they lack security support. The workflow we use is based on the assumption that packaging work happens on origin/master and experimental builds are a trivial patch away from that. -The direct consequence of treating experimental as a patchset for origin/master +The direct consequense of treating experimental as a patchset for origin/master is that the relevant branches are forced-pushed whenever we release a new 1.11.x version. In other words, **it is not safe to base your work on the experimental branch**. @@ -60,4 +67,11 @@ them. Older 1.11.x releases are not referenced by any branch, but they can be found by the relevant debian/* tag. +3rd party experimental workflow +=============================== + +As we described, it is better not base you work on our forced-pushed +experimental branch. A better approach would be to maintain a custom-build +branch that is rebased to our latest experimental branch (basically git rebase +--onto the relevant commits should work). diff --git a/debian/apport/source_nginx.py b/debian/apport/source_nginx.py deleted file mode 100644 index aec6e8e..0000000 --- a/debian/apport/source_nginx.py +++ /dev/null @@ -1,19 +0,0 @@ -''' -apport package hook for nginx packages - -Copyright (c) 2015, Thomas Ward -''' - -import apport.hookutils -import os -import subprocess - -def add_info(report, ui): - if (report['Package'].split()[0] != 'nginx-common' - and report['ProblemType'] == 'Package' - and os.path.isdir('/run/systemd/system')): - report['Journalctl_Nginx.txt'] = apport.hookutils.command_output( - ['journalctl', '-xe', '--unit=nginx.service']) - report['SystemctlStatusFull_Nginx.txt'] = subprocess.Popen( - ['systemctl', '-l', 'status', 'nginx.service'], - stdout=subprocess.PIPE).communicate()[0] diff --git a/debian/changelog b/debian/changelog index 8ec0edd..2ae0be6 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,585 +1,18 @@ -nginx (1.26.3-3) unstable; urgency=medium - - [ Jan Mojžíš ] - * d/changelog: fix whitespace in 1.26.3-2 record - * d/control: add libnginx-mod-http-lua dependency for nginx-extras package - for riscv64 platform - - [ Thomas Ward ] - * d/nginx-common.nginx.service: Add ConditionFileIsExecutable to - SystemD service file, prevents starting of service if nginx is - not installed (which can happen if nginx-common is installed - independently from `nginx` itself (Closes: #1098477) - - -- Jan Mojžíš Thu, 15 May 2025 15:31:38 +0200 - -nginx (1.26.3-2) unstable; urgency=medium - - * Team upload - * Upload to unstable - - -- Jérémy Lal Fri, 07 Feb 2025 12:53:11 +0100 - -nginx (1.26.3-1) experimental; urgency=medium - - * Team upload - * New upstream version 1.26.3 - - -- Jérémy Lal Wed, 05 Feb 2025 19:08:02 +0100 - -nginx (1.26.2-1) experimental; urgency=medium - - * Team upload - * New upstream version 1.26.2 - * Add Sergey Kandaurov pgp public key - * Drop upstream patches - - [ Jan Mojžíš ] - * d/gbp.conf: add upstream-signatures = on - * d/{control,copyright}: update my email to "janmojzis@debian.org" - * d/copyright: bump my copyright year - - -- Jérémy Lal Sun, 02 Feb 2025 21:08:45 +0100 - -nginx (1.26.0-3) unstable; urgency=medium - - * d/control: Resolve dependency loop between nginx and nginx-common. - (Fixes: #1082373) - - -- Thomas Ward Fri, 20 Sep 2024 21:35:42 -0400 - -nginx (1.26.0-2) unstable; urgency=medium - - [ Jan Mojžíš ] - * d/rules: enable QUIC and HTTP/3 module (Closes: 1070488) - * d/control: bump Standards-Version: 4.7.0, no changes - * d/p/nginx-1.26.1.patch add, backport changes from the nginx 1.26.1 and fix - CVE-2024-32760, CVE-2024-31079, CVE-2024-35200, CVE-2024-34161 - * d/p/CVE-2024-7347.patch add, backport CVE-2024-7347 fix (Closes: 1078971) - * d/libnginx-mod.abisubstvars updated comment when ABI needs to be changed - - [ Thomas Ward ] - * d/conf/nginx.conf: Update default options for current security - practices and standards. SSL protos, disable prefer server - ciphers, hide server tokens/versions in responses. - - -- Jan Mojžíš Mon, 19 Aug 2024 18:46:30 +0200 - -nginx (1.26.0-1) unstable; urgency=medium - - * New upstream version 1.26.0 - * nginx ABI release: nginx-abi-1.26.0-1 (Closes: 1069997) - * d/libnginx-mod.abisubstvars: remove third-party modules version constraints - * d/u/signing-key.asc add Roman Arutyunyan’s PGP public key, - the key is used to sign the 1.26.0 release - * d/p/CVE-2023-44487.patch remove, fixed in upstream - * d/ufw/nginx update, add QUICK, thanks Marcus Bointon - * d/conf/mime.types add application/xslt+xml, thanks K. Widholm - * d/copyright: updated copyright related to new upstream version - * d/copyright: bump my copyright year - * d/conf/nginx.conf: add worker_cpu_affinity auto (Closes: 1063659) - * d/gbp.conf: add sign-tags = True, [pull] track-missing = True, - [import-orig] merge-mode = replace - - -- Jan Mojžíš Sun, 05 May 2024 18:48:05 +0200 - -nginx (1.24.0-2) unstable; urgency=medium - - * d/control added dependency nginx-common to nginx (Closes: 1039905) - After nginx installation, the nginx-common package is installed - automatically due to its dependencies. The nginx-common package includes - the systemd unit, which becomes enabled and activated upon installation. - When the nginx is removed, nginx-common package and the systemd unit will - remain in the system. Adding a dependency nginx-common to nginx solves - this problem. - * d/control fixed binNMU safe dependency declaration nginx to nginx-common, - nginx is 'any', nginx-common is 'all' -> dependency '= ${source:Version}' - * d/rules removed override_dh_strip, migration to automatic debug symbols is - already done, fixes debug-symbol-migration-possibly-complete lint. warning - * d/po/ro.po added Romanian debconf translation. (Closes: 1033084), - Thanks to Remus-Gabriel Chelu - * d/po/sv.po added Swedish debconf translation. (Closes: 1050443), - Thanks to Peter Kvillegård - * d/conf/mime.types added video/ogg, video/x-matroska (Closes: 1028144) - * d/p/CVE-2023-44487.patch adds additional mitigations for CVE-2023-44487 - that according to NGINX developers on nginx-devel are already suitably - mitigated with the default config options for keepalive. (Closes: 1053770) - * d/control added nginx-dev dependency on ${nginx:abi} - * d/debhelper/nginx_mod.pm automatic libnginx-mod-stream dependencies - - -- Jan Mojžíš Wed, 11 Oct 2023 01:17:51 +0200 - -nginx (1.24.0-1) unstable; urgency=medium - - * New upstream version 1.24.0 - * nginx ABI release: nginx-abi-1.24.0-1 - * d/libnginx-mod.abisubstvars update version constraints of the 3rd party - modules - * d/p/bug-{1024605,973861}.patch removed, fixed in upstream - * d/copyright: updated copyright for files src/event/ngx_event_udp.h, - src/os/win32/ngx_dlopen - - -- Jan Mojžíš Tue, 27 Jun 2023 23:19:31 +0200 - -nginx (1.22.1-9) unstable; urgency=medium - - * d/control: nginx-common Breaks+Replaces: nginx (<< 1.22.1-8) - (Closes: 1032929) - - -- Jan Mojžíš Tue, 14 Mar 2023 16:19:32 +0100 - -nginx (1.22.1-8) unstable; urgency=medium - - * Main change: - Configuration files returned to nginx-common package. This fixes - the serious problem of losing configuration files during upgrade. - This is a rollback of a change made in 1.22.1-6 (Closes: 1032517) - * d/control: fix nginx-full dependencies - * d/libnginx-mod.abisubstvars: update libnginx-mod-http-lua version - - -- Jan Mojžíš Tue, 14 Mar 2023 06:53:32 +0100 - -nginx (1.22.1-7) unstable; urgency=medium - - * nginx ABI release: nginx-abi-1.22.1-7 - * nginx ABI: Nginx now provides nginx-abi- to better manage - dependencies between nginx and 3rd party modules. Credit to Jérémy Lal. - * switched to libpcre2 (Closes: 1000013) - * d/p/bug-973861: added, lingering close for connections with pipelined - requests. The patch is backported from the upstream. (Closes: 973861) - * d/gbb.conf: switched to debian branch main (debian-branch = main) - * d/copyright: updated to be compatible with 'cme update dpkg-copyright' - - -- Jan Mojžíš Mon, 13 Feb 2023 13:04:16 +0100 - -nginx (1.22.1-6) unstable; urgency=medium - - * Main change: - Nginx binary moved to package nginx, also moved basic - configuration files from nginx-common to package nginx. - The packages nginx-{light,core,extras,common} are replaced - by a metapackage. (Closes: 1025763) - Users should simply install 'nginx' and 'libnginx-mod-...' - instead of these packages. - * Additional changes: - * d/nginx-{light,core,extras,full,common}.NEWS: added warning that - nginx-{light,core,extras,full,common} are deprecated - * d/control: fixed dependencies for safe binNMU - * d/copyright: updated debian/* copyright - * d/copyright: added missing copyright for d/apport/* - * d/copyright: added missing GPL-2+ copyright for d/debhelper/dh_nginx - * d/copyright: added missing copyright for d/help/examples/nginx_modsite - * d/po/it.po: added Italian debconf translation. (Closes: 1019160) - * d/control: removed dependency on obsolete package lsb-base - * d/control: bump Standards-Version: 4.6.2, no changes - - -- Jan Mojžíš Wed, 08 Feb 2023 17:20:27 +0100 - -nginx (1.22.1-5) unstable; urgency=medium - - [ Jan Mojžíš ] - * Since version 1.22.1-5 all third party modules are removed from Debian NGINX - package and all these modules are maintained in separate external packages. - Removed namely these remaining modules: - - libnginx-mod-http-geoip2 - - libnginx-mod-stream-geoip2 - - libnginx-mod-http-auth-pam - - libnginx-mod-http-echo - - libnginx-mod-http-upstream-fair - - libnginx-mod-http-headers-more-filter - - libnginx-mod-http-cache-purge - - libnginx-mod-http-fancyindex - - libnginx-mod-http-uploadprogress - - libnginx-mod-http-subs-filter - - libnginx-mod-http-dav-ext - * d/tests: all *-simple and *-deps tests updated to check if nginx works - after installation/reload/restart for all flavours - * d/control: updated nginx-common dependency, fixes lintian warning - maybe-not-arch-all-binnmuable - - [ Jérémy Lal ] - * d/rules: default error-log-path is stderr (--error-log-path=stderr) - instead of hardcoded /var/log/nginx/error.log (Closes: 1025858) - * dh nginx: auto-detect build-dependency on ndk-dev - * dh nginx: absolute /usr/sbin/nginx path for nginx tests - * d/p/nginx-ssl_cert_cb_yield.patch SSL_CTX_set_cert_cb() callback yielding - patch update - * d/conf/nginx.conf: Set global error_log to /var/log/error.log - Now that error_log default value is stderr, it is possible - to override that config using nginx -g 'error_log stderr;' - - [ Miao Wang ] - * d/control: removed unnecessary dependencies after removing 3rd party modules - * d/rules: enabled stream_realip_module (--with-stream_realip_module) - * d/rules: explicitly disabled pcre2 (--without-pcre2) - - -- Jan Mojžíš Tue, 20 Dec 2022 10:36:19 +0100 - -nginx (1.22.1-4) unstable; urgency=medium - - * d/t/*-module-deps: updated, added curl timeout 300 seconds and - added nginx restart before calling curl - * d/t/*-module-deps: update: - - added tests for new ext. module libnginx-mod-http-set-misc - - added tests for new ext. module libnginx-mod-http-brotli-filter - - added tests for new ext. module libnginx-mod-http-brotli-static - - added tests for new ext. module libnginx-mod-http-memc - - added tests for new ext. module libnginx-mod-http-srcache-filter - * removed 3th party modules and moved to separate packages: - - libnginx-mod-nchan module - - libnginx-mod-rtmp module - - libnginx-mod-http-ndk module - - -- Jan Mojžíš Thu, 08 Dec 2022 14:15:15 +0100 - -nginx (1.22.1-3) unstable; urgency=medium - - * d/control: added Multi-Arch: foreign for package nginx-dev - * d/rules: enabled NDK upstream list module NDK_UPSTREAM_LIST - * d/p/bug-1024605.patch: added header Forwarded: not-needed - - -- Jan Mojžíš Mon, 05 Dec 2022 18:25:16 +0100 - -nginx (1.22.1-2) unstable; urgency=medium - - [ Jan Mojžíš ] - * d/control: fixed spelling-error-in-description - * d/nginx-*.postinst: fixed postinst script, used invoke-rc.d instead of - pidof and ad-hoc tests, tnx Gioele Barabucci - * d/tests/ssi-module-test added, simple ngx_http_ssi_filter_module test - * d/p/bug-1024605.patch added: fixes problem when a subrequest has SSI - enabled but its main request does not, the SSI module may crash the worker - due to NULL-pointer dereference. The patch is backported from the upstream - (Closes: 1024605) - * d/control: updated implicit dependencies of third-party modules - for easier transition to third-party modules in separate packages. - - [ Jérémy Lal ] - * d/debhelper: set nginx_mod buildsystem by default - * d/control: nginx-dev provides dh-sequence-nginx (Closes: #1024879) - * d/control: remove Uploaders that are part of nginx-team, - keep only the most recent active one, per policy 5.6.3. - - [ Debian Janitor ] - * Remove constraints unnecessary since buster (oldstable): - + nginx-dev: Drop versioned constraint on dpkg-dev in Depends. - - -- Jan Mojžíš Wed, 30 Nov 2022 17:39:42 +0100 - -nginx (1.22.1-1) unstable; urgency=medium - - [ Jan Mojžíš ] - * New upstream version 1.22.1 - * d/control: added implicit version of dependency libnginx-mod-http-lua - (>=1:0.10.22-3~), it is a rebuilt version with nginx 1.22.1. - * Added libnginx-mod-http-lua powerpc architecture - - [ Debian Janitor ] - * Fix day-of-week for changelog entry 0.5.11-1. - - -- Jan Mojžíš Thu, 10 Nov 2022 18:21:43 +0100 - -nginx (1.22.0-3.1) unstable; urgency=medium - - * Non-maintainer upload. - * No source change upload to rebuild with debhelper 13.10. - - -- Michael Biebl Sat, 15 Oct 2022 12:28:07 +0200 - -nginx (1.22.0-3) unstable; urgency=medium - - * d/changelog: fixed typo in bug number 61261 -> 861261 (Closes: 861261) - * d/p/nginx-ssl_cert_cb_yield.patch added (Closes: 884434) - * http-lua: removed the http-lua module and moved it to a separate package - - -- Jan Mojžíš Wed, 17 Aug 2022 18:38:15 +0200 - -nginx (1.22.0-2) unstable; urgency=medium - - [ Miao Wang ] - * adding a new libnginx-mod-http-ndk-dev package including necessary - headers to build a 3rd party module depending on ndk. - - [ Jan Mojžíš ] - * d/nginx-common.nginx.service: added Systemd dependency - Wants=network-online.target and updated Systemd "After" dependency to - recommended NGINX values, namely: - - network-online.target (Closes: 861261) (Closes: 1000406) - - remote-fs.target (Closes: 898896) - - nss-lookup.target - * d/p/0003-define_gnu_source-on-other-glibc-based-platforms.patch: forwarded - to upstream (Closes: 859082) - * d/t/reboot: added, tests if nginx works after reboot - * d/m/p/http-subs-filter/pcre2.patch: added PCRE2 support - * d/p/nginx-fix-pidfile.patch: Fix NGINX PIDfile handling to avoid - SystemD race condition, this fix is backported from Ubuntu (Closes: 876365) - * d/apport/source_nginx.py: Add apport hooks for additional bug - information gathering, the script is backported from Ubuntu (Closes: 963668) - * d/nginx-common.install: Add install rule for apport hooks. - - [ Debian Janitor ] - * Remove constraints unnecessary since buster: - + Build-Depends: Drop versioned constraint on dpkg-dev. - + nginx-common: Drop versioned constraint on lsb-base in Depends. - + nginx-core: Drop versioned constraint on nginx in Breaks. - + nginx-full: Drop versioned constraint on nginx in Breaks. - + nginx-light: Drop versioned constraint on nginx in Breaks. - + nginx-extras: Drop versioned constraint on nginx in Breaks. - + libnginx-mod-http-perl: Drop versioned constraint on nginx-extras in - Replaces. - + Remove 5 maintscript entries from 1 files. - - -- Jan Mojžíš Sun, 07 Aug 2022 16:14:59 +0200 - -nginx (1.22.0-1) unstable; urgency=medium - - [ Thomas Ward ] - * New upstream release (1.22.0) - * Additional changes: - * d/conf/mime.types: Fix a typo in font/woff2 extension in - mime.types. (Closes: #1010798) - * d/upstream/signing-key.asc: Additional signing keys observed - in upstream (Konstantin Pavlov ) during - upstream merge/import by Thomas Ward, additional signing key - was added to the keyring while keeping Maxim's key in signing - keys as well. - * d/copyright: Updated copyright for src/core/ngx_murmurhash.c - and debian/modules/http-ndk/src/hash/murmurhash2.c to be - public-domain (Closes: #1011936) - * d/control: Use libluajit-5.1-dev for s390x. - Due to src:luajit2 landing in Unstable, superseding src:luajit, - and due to luajit2 having s390x support, we can use s390x now - with luajit instead of standard Lua. - Thanks to Paul Gevers for the heads up on luajit2 supporting s390x. - * d/control: Use liblua for ppc64el - src:luajit2 is still not ppc64el - stable and there seems to be nobody willing to support it. (Closes: 1013807) - - [ Jan Mojžíš ] - * d/patches/CVE-2021-3618.patch removed, fix is included in new upstream - release - * d/copyright: bump nginx copyright years - * d/copyright: added copyright for src/stream/ngx_stream_set_module.c - * d/copyright: removed copyright for src/http/v2/ngx_http_v2_huff_encode.c - * d/control: bump Standards-Version to 4.6.1, no changes - - [ Bastian Germann ] - * d/copyright: Update copyright for d/debhelper/* - - [ Miao Wang ] - * dh_nginx: support auto generating module config files - * adding a new nginx-dev package including necessary headers and debhelper - scripts to build and package a 3rd party module. (Closes: 985133) - * d/p/0002-Make-sure-signature-stays-the-same-in-all-nginx-buil.patch - removed, because feature already implemented with --with-compat configure - option since 1.11.5 - - -- Thomas Ward Tue, 10 May 2022 12:08:02 -0400 - -nginx (1.20.2-2) unstable; urgency=medium - - [ Thomas Ward ] - * d/patches/CVE-2021-3618.patch: Include upstream changeset from NGINX - that adds mitigations into the Mail module for CVE-2021-3618.patch. - (Closes: #991328) - - [ Jan Mojžíš ] - * d/p/0003-define_gnu_source-on-other-glibc-based-platforms.patch update, - fixes build on hurd-i386 platform - - -- Thomas Ward Wed, 04 May 2022 16:04:59 -0400 - -nginx (1.20.2-1) unstable; urgency=medium - - [ Ondřej Nový ] - * d/control: Update Uploaders for new maintainers. - - [ Thomas Ward ] - * Update to latest upstream Stable version (1.20.2) (Closes: #1008855) - * d/patches/Resolver-fixed-off-by-one-write-in-ngx_resolver - _copy.patch: Drop CVE-2021-23017 patch, as this is fixed in 1.20.1 - and we are now using 1.20.2 which already contains the patch. - * Refreshed d/patches/0002-Make-sure-signature-stays-the-same- - in-all-nginx-buil.patch (fuzz thanks to 1.20.2) - * d/conf/mime.types: Update mime.types to more match upstream mime.types - and include upstream changes with mime.types from 1.21.x via nginx.org - mercurial repository versions. - * d/control: Remove self from Uploaders per other Debian devs, who want - that commit to be done by someone on the current uploaders/maintainers - group instead. - - -- Thomas Ward Tue, 19 Apr 2022 09:50:42 -0400 - -nginx (1.18.0-9) unstable; urgency=medium - - [ Jan Mojžíš ] - * http-lua: Downgrade to 0.10.13 (Closes: #1008787). - * http-lua: Backport upstream bugfix for segfault in nginx core >= 1.15.0 - when libnginx-mod-http-lua is loaded and init_worker_by_lua* is used. - * d/control: Add mips64el,ppc64,kfreebsd-amd64 to list of luajit platforms. - * d/control: fix Homepage nginx.net -> nginx.org (Closes: #976158) - - [ Thomas Ward ] - * d/watch: Update watch syntax to match all even versions of NGINX releases - rather than use a watch syntax that is static to one specific version. - This will fix the untracked "New upstream stable versions" problem. - * d/control: Update 'uploaders' as Thomas Ward is now a maintainer in - the Salsa repository. - - -- Jan Mojžíš Tue, 05 Apr 2022 19:11:47 +0200 - -nginx (1.18.0-8) unstable; urgency=medium - - * Restore patch: - d/p/Resolver-fixed-off-by-one-write-in-ngx_resolver_copy.patch - - -- Ondřej Nový Tue, 15 Mar 2022 13:23:06 +0100 - -nginx (1.18.0-7) unstable; urgency=medium - - [ Ondřej Nový ] - * d/p/CVE-2019-20372.patch: Drop, applied upstream. - * http-auth-pam: Upgrade to 1.5.3. - * http-echo: Upgrade to 0.62. - * nchan: Upgrade to 1.2.15. - * http-fancyindex: Upgrade to 0.5.2. - * rtmp: Upgrade to 1.2.2. - * http-lua: Upgrade to 0.10.15 (Closes: #994178). - * http-lua: Rebase patch. - * nchan: Drop GCC 10 patch, applied upstream. - * d/watch: Bump version to 4. - * Bump standards version to 4.6.1 (no changes). - * d/copyright: Bump my copyright year. - - [ Ondřej Surý ] - * Add arm64 and ppc64el to list of luajit platforms. - - [ Athos Ribeiro ] - * d/nginx-common.nginx.service: Fix service shutdown description to mention - SIGQUIT instead of SIGSTOP (LP: #1919965). - - -- Ondřej Nový Tue, 15 Mar 2022 11:50:18 +0100 - -nginx (1.18.0-6.1) unstable; urgency=high - - * Non-maintainer upload. - * Resolver: fixed off-by-one write in ngx_resolver_copy() (CVE-2021-23017) - (Closes: #989095) - - -- Salvatore Bonaccorso Sat, 29 May 2021 16:21:37 +0200 - -nginx (1.18.0-6) unstable; urgency=medium - - * Fix GCC-10 compatibility (Closes: #957605). - - -- Ondřej Nový Wed, 19 Aug 2020 15:27:02 +0200 - -nginx (1.18.0-5) unstable; urgency=medium - - * Prevented request smuggling in LUA - CVE-2020-11724 - Closes: #964950 - - -- Ondřej Nový Tue, 14 Jul 2020 10:08:15 +0200 - -nginx (1.18.0-4) unstable; urgency=medium - - * Revert: libnginx-mod-* now depends on nginx- (Closes: #963860). - * Update ngx_http_auth_pam_module upstream URL. - * libnginx-mod-* recommends nginx now. - * http-auth-pam: Upgrade to 1.5.2 (Closes: #963567). - * d/copyright: Bump year of http-auth-pam. - - -- Ondřej Nový Fri, 03 Jul 2020 09:34:49 +0200 - -nginx (1.18.0-3) unstable; urgency=medium - - * Source-only upload to allow migration. - - -- Ondřej Nový Thu, 11 Jun 2020 15:14:59 +0200 - -nginx (1.18.0-2) unstable; urgency=medium - - [ Ondřej Nový ] - * d/copyright: - - Update for upstream release - - Add Thomas Ward from Ubuntu for debian/* - * d/conf/sites-available/default: Update PHP path for PHP 7.4 - * d/conf/nginx.conf: - - Enable TLSv1.3 - - Remove tcp_nodelay on, which is same as default - - Remove keepalive_timeout 65 and use default value 75s. - - Remove trailing whitespaces - * Introduce nginx-core and make it new default for "nginx" - * Add stream-geoip and stream-geoip2 modules - * d/ngx-conf: Convert to Python 3 - * d/control: Add GeoIP2 into description - * Build dynamic modules only in extras flavour - * libnginx-mod-* now depends on nginx- - * Check if port 80 is free before starting during install - - [ Ondřej Surý ] - * http-geoip2: Add ngx_http_geoip2_module 3.3 - - -- Ondřej Nový Fri, 05 Jun 2020 18:28:40 +0200 - -nginx (1.18.0-1) unstable; urgency=medium - - [ Ondřej Nový ] - * New upstream version 1.18.0 - * Add REMOTE_USER fastcgi param - * Use debhelper-compat instead of debian/compat - * Replace dh_systemd_enable with dh_installsystemd - * Set Rules-Requires-Root: no - * d/rules/dh_installinit: Replace --no-restart-on-upgrade with - --no-stop-on-upgrade - * Bump debhelper compat level to 13 - * Use package.maintscript instead of dpkg-maintscript-helper - * Bump standards version to 4.5.0 - * d/watch: Change to 1.18.x - * d/patches/CVE-2019-20372.patch: Rebase - * Convert d/ngxmod to Python 3 (Closes: #953025) - * nchan: Upgrade to 1.2.7 - * http-fancyindex: Upgrade to 0.4.4 - * d/copyright: Add myself for Debian part - * Add myself as uploader - - [ Mohamed Akram ] - * Enable --with-compat configure option (Closes: #897926) - - -- Ondřej Nový Fri, 29 May 2020 19:03:30 +0200 - -nginx (1.16.1-3) unstable; urgency=high +nginx (1.14.2-2+deb10u2) buster-security; urgency=high * Handle CVE-2019-20372, error page request smuggling (Closes: #948579) - -- Christos Trochalakis Sat, 11 Jan 2020 09:36:00 +0200 + -- Christos Trochalakis Sat, 11 Jan 2020 09:28:05 +0200 -nginx (1.16.1-2) unstable; urgency=medium - - * http-lua: Downgrade to 0.10.13 (Closes: #941917) - Temporary fix FTBFS on architectures where Luajit is not available. - - -- Christos Trochalakis Sat, 12 Oct 2019 17:59:23 +0300 - -nginx (1.16.1-1) unstable; urgency=medium - - * New upstream version (Closes: #929200) - * Follow stable 1.16 releases (Closes: #929199) - * Drop already included debian patches - * http-ndk: Upgrade to 0.3.1 - * http-lua: Upgrade to 0.10.15 - - -- Christos Trochalakis Mon, 09 Sep 2019 18:24:43 +0300 - -nginx (1.14.2-3) unstable; urgency=high +nginx (1.14.2-2+deb10u1) buster-security; urgency=high * Backport upstream fixes for 3 CVEs (Closes: #935037) Those fixes affect Nginx HTTP/2 implementation, which might cause excessive memory consumption and CPU usage. (CVE-2019-9511, CVE-2019-9513, CVE-2019-9516). - -- Christos Trochalakis Mon, 19 Aug 2019 11:30:08 +0300 + -- Christos Trochalakis Tue, 13 Aug 2019 21:10:28 +0300 nginx (1.14.2-2) unstable; urgency=medium @@ -2855,7 +2288,7 @@ nginx (0.5.11-1) unstable; urgency=low * New upstream version. (Closes: #405983) - -- Jose Parrella Mon, 05 Feb 2007 19:35:56 -0400 + -- Jose Parrella Sun, 5 Feb 2007 19:35:56 -0400 nginx (0.4.13-2) unstable; urgency=low @@ -2895,3 +2328,4 @@ nginx (0.4.2-1) unstable; urgency=low * Tweaked the configuration file and the path handling for Debian. -- Jose Parrella Thu, 14 Sep 2006 11:40:20 -0400 + diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..f599e28 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +10 diff --git a/debian/conf/fastcgi.conf b/debian/conf/fastcgi.conf index d53a628..091738c 100644 --- a/debian/conf/fastcgi.conf +++ b/debian/conf/fastcgi.conf @@ -18,7 +18,6 @@ fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param REMOTE_USER $remote_user; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; diff --git a/debian/conf/fastcgi_params b/debian/conf/fastcgi_params index 69c4387..28decb9 100644 --- a/debian/conf/fastcgi_params +++ b/debian/conf/fastcgi_params @@ -17,7 +17,6 @@ fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; -fastcgi_param REMOTE_USER $remote_user; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; diff --git a/debian/conf/mime.types b/debian/conf/mime.types index cf968c0..89be9a4 100644 --- a/debian/conf/mime.types +++ b/debian/conf/mime.types @@ -1,101 +1,89 @@ + types { - text/html html htm shtml; - text/css css; - text/xml xml; - image/gif gif; - image/jpeg jpeg jpg; - application/javascript js; - application/atom+xml atom; - application/rss+xml rss; + text/html html htm shtml; + text/css css; + text/xml xml; + image/gif gif; + image/jpeg jpeg jpg; + application/javascript js; + application/atom+xml atom; + application/rss+xml rss; - text/mathml mml; - text/plain txt; - text/vnd.sun.j2me.app-descriptor jad; - text/vnd.wap.wml wml; - text/x-component htc; + text/mathml mml; + text/plain txt; + text/vnd.sun.j2me.app-descriptor jad; + text/vnd.wap.wml wml; + text/x-component htc; - image/avif avif; - image/png png; - image/svg+xml svg svgz; - image/tiff tif tiff; - image/vnd.wap.wbmp wbmp; - image/webp webp; - image/x-icon ico; - image/x-jng jng; - image/x-ms-bmp bmp; + image/png png; + image/tiff tif tiff; + image/vnd.wap.wbmp wbmp; + image/x-icon ico; + image/x-jng jng; + image/x-ms-bmp bmp; + image/svg+xml svg svgz; + image/webp webp; - font/woff woff; - font/woff2 woff2; + application/font-woff woff; + application/java-archive jar war ear; + application/json json; + application/mac-binhex40 hqx; + application/msword doc; + application/pdf pdf; + application/postscript ps eps ai; + application/rtf rtf; + application/vnd.apple.mpegurl m3u8; + application/vnd.ms-excel xls; + application/vnd.ms-fontobject eot; + application/vnd.ms-powerpoint ppt; + application/vnd.wap.wmlc wmlc; + application/vnd.google-earth.kml+xml kml; + application/vnd.google-earth.kmz kmz; + application/x-7z-compressed 7z; + application/x-cocoa cco; + application/x-java-archive-diff jardiff; + application/x-java-jnlp-file jnlp; + application/x-makeself run; + application/x-perl pl pm; + application/x-pilot prc pdb; + application/x-rar-compressed rar; + application/x-redhat-package-manager rpm; + application/x-sea sea; + application/x-shockwave-flash swf; + application/x-stuffit sit; + application/x-tcl tcl tk; + application/x-x509-ca-cert der pem crt; + application/x-xpinstall xpi; + application/xhtml+xml xhtml; + application/xspf+xml xspf; + application/zip zip; - application/java-archive jar war ear; - application/json json; - application/mac-binhex40 hqx; - application/msword doc; - application/pdf pdf; - application/postscript ps eps ai; - application/rtf rtf; - application/vnd.apple.mpegurl m3u8; - application/vnd.google-earth.kml+xml kml; - application/vnd.google-earth.kmz kmz; - application/vnd.ms-excel xls; - application/vnd.ms-fontobject eot; - application/vnd.ms-powerpoint ppt; - application/vnd.oasis.opendocument.graphics odg; - application/vnd.oasis.opendocument.presentation odp; - application/vnd.oasis.opendocument.spreadsheet ods; - application/vnd.oasis.opendocument.text odt; - application/vnd.openxmlformats-officedocument.presentationml.presentation - pptx; - application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - xlsx; - application/vnd.openxmlformats-officedocument.wordprocessingml.document - docx; - application/vnd.wap.wmlc wmlc; - application/wasm wasm; - application/x-7z-compressed 7z; - application/x-cocoa cco; - application/x-java-archive-diff jardiff; - application/x-java-jnlp-file jnlp; - application/x-makeself run; - application/x-perl pl pm; - application/x-pilot prc pdb; - application/x-rar-compressed rar; - application/x-redhat-package-manager rpm; - application/x-sea sea; - application/x-shockwave-flash swf; - application/x-stuffit sit; - application/x-tcl tcl tk; - application/x-x509-ca-cert der pem crt; - application/x-xpinstall xpi; - application/xhtml+xml xhtml; - application/xslt+xml xsl xslt; - application/xspf+xml xspf; - application/zip zip; + application/octet-stream bin exe dll; + application/octet-stream deb; + application/octet-stream dmg; + application/octet-stream iso img; + application/octet-stream msi msp msm; - application/octet-stream bin exe dll; - application/octet-stream deb; - application/octet-stream dmg; - application/octet-stream iso img; - application/octet-stream msi msp msm; + application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; + application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; + application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; - audio/midi mid midi kar; - audio/mpeg mp3; - audio/ogg ogg; - audio/x-m4a m4a; - audio/x-realaudio ra; + audio/midi mid midi kar; + audio/mpeg mp3; + audio/ogg ogg; + audio/x-m4a m4a; + audio/x-realaudio ra; - video/3gpp 3gpp 3gp; - video/mp2t ts; - video/mp4 mp4; - video/mpeg mpeg mpg; - video/ogg ogv; - video/quicktime mov; - video/webm webm; - video/x-flv flv; - video/x-m4v m4v; - video/x-matroska mkv; - video/x-mng mng; - video/x-ms-asf asx asf; - video/x-ms-wmv wmv; - video/x-msvideo avi; + video/3gpp 3gpp 3gp; + video/mp2t ts; + video/mp4 mp4; + video/mpeg mpeg mpg; + video/quicktime mov; + video/webm webm; + video/x-flv flv; + video/x-m4v m4v; + video/x-mng mng; + video/x-ms-asf asx asf; + video/x-ms-wmv wmv; + video/x-msvideo avi; } diff --git a/debian/conf/nginx.conf b/debian/conf/nginx.conf index 68a8fd4..132f680 100644 --- a/debian/conf/nginx.conf +++ b/debian/conf/nginx.conf @@ -1,8 +1,6 @@ user www-data; worker_processes auto; -worker_cpu_affinity auto; pid /run/nginx.pid; -error_log /var/log/nginx/error.log; include /etc/nginx/modules-enabled/*.conf; events { @@ -18,8 +16,10 @@ http { sendfile on; tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 65; types_hash_max_size 2048; - server_tokens off; # Recommended practice is to turn this off + # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; @@ -31,14 +31,15 @@ http { # SSL Settings ## - ssl_protocols TLSv1.2 TLSv1.3; # Dropping SSLv3 (POODLE), TLS 1.0, 1.1 - ssl_prefer_server_ciphers off; # Don't force server cipher order. + ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE + ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; + error_log /var/log/nginx/error.log; ## # Gzip Settings @@ -65,17 +66,17 @@ http { #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript -# +# # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; -# +# # server { # listen localhost:110; # protocol pop3; # proxy on; # } -# +# # server { # listen localhost:143; # protocol imap; diff --git a/debian/conf/sites-available/default b/debian/conf/sites-available/default index c5af914..f5c5e1b 100644 --- a/debian/conf/sites-available/default +++ b/debian/conf/sites-available/default @@ -57,7 +57,7 @@ server { # include snippets/fastcgi-php.conf; # # # With php-fpm (or other unix sockets): - # fastcgi_pass unix:/run/php/php7.4-fpm.sock; + # fastcgi_pass unix:/run/php/php7.3-fpm.sock; # # With php-cgi (or other tcp sockets): # fastcgi_pass 127.0.0.1:9000; #} diff --git a/debian/control b/debian/control index 47749f4..409dc22 100644 --- a/debian/control +++ b/debian/control @@ -2,36 +2,41 @@ Source: nginx Section: httpd Priority: optional Maintainer: Debian Nginx Maintainers -Uploaders: Jan Mojžíš -Build-Depends: debhelper-compat (= 13), +Uploaders: Christos Trochalakis +Build-Depends: debhelper (>= 10), + dpkg-dev (>= 1.15.5), libexpat-dev, libgd-dev, libgeoip-dev, - libpcre2-dev, + libhiredis-dev, + liblua5.1-0-dev [!i386 !amd64 !kfreebsd-i386 !armel !armhf !powerpc !powerpcspe !mips !mipsel], + libluajit-5.1-dev [i386 amd64 kfreebsd-i386 armel armhf powerpc powerpcspe mips mipsel], + libmhash-dev, + libpam0g-dev, + libpcre3-dev, libperl-dev, libssl-dev, libxslt1-dev, po-debconf, + quilt, zlib1g-dev -Standards-Version: 4.7.0 -Homepage: https://nginx.org +Standards-Version: 4.3.0 +Homepage: https://nginx.net Vcs-Git: https://salsa.debian.org/nginx-team/nginx.git Vcs-Browser: https://salsa.debian.org/nginx-team/nginx -Rules-Requires-Root: no Package: nginx -Architecture: any -Depends: ${misc:Depends}, - ${shlibs:Depends}, - iproute2, - nginx-common (= ${source:Version}), -Breaks: nginx-light (<< 1.22.1-6~), nginx-extras (<< 1.22.1-6~), nginx-core (<< 1.22.1-6~), -Replaces: nginx-light (<< 1.22.1-6~), nginx-extras (<< 1.22.1-6~), nginx-core (<< 1.22.1-6~), -Provides: httpd, httpd-cgi, ${nginx:abi} +Architecture: all +Depends: nginx-full (<< ${source:Version}.1~) | nginx-light (<< ${source:Version}.1~) | nginx-extras (<< ${source:Version}.1~), + nginx-full (>= ${source:Version}) | nginx-light (>= ${source:Version}) | nginx-extras (>= ${source:Version}), + ${misc:Depends} Description: small, powerful, scalable web/proxy server Nginx ("engine X") is a high-performance web and reverse proxy server created by Igor Sysoev. It can be used both as a standalone web server and as a proxy to reduce the load on back-end HTTP or mail servers. + . + This is a dependency package to install either nginx-full (by default), + nginx-light or nginx-extras. Package: nginx-doc Architecture: all @@ -46,11 +51,9 @@ Description: small, powerful, scalable web/proxy server - documentation This package provides extra documentation to help unleash the power of Nginx. Package: nginx-common -Breaks: nginx (<< 1.22.1-8) -Replaces: nginx (<< 1.22.1-8) Architecture: all Multi-Arch: foreign -Depends: ${misc:Depends} +Depends: lsb-base (>= 3.0-6), ${misc:Depends} Suggests: fcgiwrap, nginx-doc, ssl-cert Description: small, powerful, scalable web/proxy server - common files Nginx ("engine X") is a high-performance web and reverse proxy server @@ -60,86 +63,33 @@ Description: small, powerful, scalable web/proxy server - common files This package contains base configuration files used by all versions of nginx. -Package: nginx-dev -Architecture: all -Multi-Arch: foreign -Depends: ${misc:Depends}, ${S:Build-Depends}, - ${nginx:abi}, - nginx (<< ${source:Version}.1~), - nginx (>= ${source:Version}), -Provides: dh-sequence-nginx -Description: nginx web/proxy server - development headers - Nginx ("engine X") is a high-performance web and reverse proxy server - created by Igor Sysoev. It can be used both as a standalone web server - and as a proxy to reduce the load on back-end HTTP or mail servers. - . - This package provides development headers and necessary config scripts - for the nginx web/proxy server, useful to develop and link third party - additions to the Debian nginx web/proxy server packages. - -Package: nginx-core -Architecture: all -Depends: libnginx-mod-http-geoip (>= ${source:Version}), - libnginx-mod-http-geoip (<< ${source:Version}.1~), - libnginx-mod-http-image-filter (>= ${source:Version}), - libnginx-mod-http-image-filter (<< ${source:Version}.1~), - libnginx-mod-http-xslt-filter (>= ${source:Version}), - libnginx-mod-http-xslt-filter (<< ${source:Version}.1~), - libnginx-mod-mail (>= ${source:Version}), - libnginx-mod-mail (<< ${source:Version}.1~), - libnginx-mod-stream (>= ${source:Version}), - libnginx-mod-stream (<< ${source:Version}.1~), - libnginx-mod-stream-geoip (>= ${source:Version}), - libnginx-mod-stream-geoip (<< ${source:Version}.1~), - nginx (>= ${source:Version}), - nginx (<< ${source:Version}.1~), +Package: nginx-full +Architecture: any +Depends: libnginx-mod-http-auth-pam (= ${binary:Version}), + libnginx-mod-http-dav-ext (= ${binary:Version}), + libnginx-mod-http-echo (= ${binary:Version}), + libnginx-mod-http-geoip (= ${binary:Version}), + libnginx-mod-http-image-filter (= ${binary:Version}), + libnginx-mod-http-subs-filter (= ${binary:Version}), + libnginx-mod-http-upstream-fair (= ${binary:Version}), + libnginx-mod-http-xslt-filter (= ${binary:Version}), + libnginx-mod-mail (= ${binary:Version}), + libnginx-mod-stream (= ${binary:Version}), + nginx-common (= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} -Breaks: nginx-full (<< 1.18.0-1), -Replaces: nginx-full (<< 1.18.0-1), +Breaks: nginx (<< 1.4.5-1) +Provides: httpd, httpd-cgi, nginx +Conflicts: nginx-extras, nginx-light +Suggests: nginx-doc (= ${source:Version}) Description: nginx web/proxy server (standard version) Nginx ("engine X") is a high-performance web and reverse proxy server created by Igor Sysoev. It can be used both as a standalone web server and as a proxy to reduce the load on back-end HTTP or mail servers. . - This metapackage provides a version of nginx identical to that of nginx-full, - but without any third-party modules, and only modules in the original - nginx code base. - . - STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Empty - GIF, FastCGI, Geo, Limit Connections, Limit Requests, Map, Memcached, Proxy, - Referer, Rewrite, SCGI, Split Clients, UWSGI. - . - OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, GeoIP, Gunzip, - Gzip, Gzip Precompression, Headers, HTTP/2, Image Filter, Index, Log, Real IP, - Slice, SSI, SSL, SSL Preread, Stub Status, Substitution, Thread Pool, - Upstream, User ID, XSLT. - . - OPTIONAL MAIL MODULES: Mail Core, Auth HTTP, Proxy, SSL, IMAP, POP3, SMTP. - . - OPTIONAL STREAM MODULES: Stream Core, GeoIP - -Package: nginx-full -Architecture: all -Depends: libnginx-mod-http-auth-pam, - libnginx-mod-http-dav-ext, - libnginx-mod-http-echo, - libnginx-mod-http-geoip2, - libnginx-mod-http-subs-filter, - libnginx-mod-http-upstream-fair, - libnginx-mod-stream-geoip2, - nginx (>= ${source:Version}), - nginx (<< ${source:Version}.1~), - ${misc:Depends}, - ${shlibs:Depends} -Description: nginx web/proxy server (standard version with 3rd parties) - Nginx ("engine X") is a high-performance web and reverse proxy server - created by Igor Sysoev. It can be used both as a standalone web server - and as a proxy to reduce the load on back-end HTTP or mail servers. - . - This metapackage provides a version of nginx with the complete set of + This package provides a version of nginx with the complete set of standard modules included (but omitting some of those included in - nginx-extras). + nginx-extra). . STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Browser, Empty GIF, FastCGI, Geo, Limit Connections, Limit Requests, Map, Memcached, Proxy, @@ -150,26 +100,27 @@ Description: nginx web/proxy server (standard version with 3rd parties) Slice, SSI, SSL, Stream, SSL Preread, Stub Status, Substitution, Thread Pool, Upstream, User ID, XSLT. . - OPTIONAL MAIL MODULES: Mail Core, Auth HTTP, Proxy, SSL, IMAP, POP3, SMTP. + MAIL MODULES: Mail Core, Auth HTTP, Proxy, SSL, IMAP, POP3, SMTP. . - OPTIONAL STREAM MODULES: Stream Core, GeoIP, GeoIP2 - . - THIRD PARTY MODULES: Auth PAM, DAV Ext, Echo, GeoIP2, HTTP Substitutions - Upstream Fair Queue. + THIRD PARTY MODULES: Auth PAM, DAV Ext, Echo, HTTP Substitutions, Upstream + Fair Queue. Package: nginx-light -Architecture: all -Depends: libnginx-mod-http-echo, - nginx (>= ${source:Version}), - nginx (<< ${source:Version}.1~), +Architecture: any +Depends: libnginx-mod-http-echo (= ${binary:Version}), + nginx-common (= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} +Breaks: nginx (<< 1.4.5-1) +Provides: httpd, httpd-cgi, nginx +Conflicts: nginx-extras, nginx-full +Suggests: nginx-doc (= ${source:Version}) Description: nginx web/proxy server (basic version) Nginx ("engine X") is a high-performance web and reverse proxy server created by Igor Sysoev. It can be used both as a standalone web server and as a proxy to reduce the load on back-end HTTP or mail servers. . - This metapackage provides a very light version of nginx with only the + This package provides a very light version of nginx with only the minimal set of features and modules. . STANDARD HTTP MODULES: Core, Access, Auth Basic, Auto Index, Empty GIF, @@ -183,35 +134,36 @@ Description: nginx web/proxy server (basic version) Package: nginx-extras Architecture: any -Depends: nginx (= ${binary:Version}), +Depends: libnginx-mod-http-auth-pam (= ${binary:Version}), + libnginx-mod-http-cache-purge (= ${binary:Version}), + libnginx-mod-http-dav-ext (= ${binary:Version}), + libnginx-mod-http-echo (= ${binary:Version}), + libnginx-mod-http-fancyindex (= ${binary:Version}), libnginx-mod-http-geoip (= ${binary:Version}), + libnginx-mod-http-headers-more-filter (= ${binary:Version}), libnginx-mod-http-image-filter (= ${binary:Version}), + libnginx-mod-http-lua (= ${binary:Version}), libnginx-mod-http-perl (= ${binary:Version}), + libnginx-mod-http-subs-filter (= ${binary:Version}), + libnginx-mod-http-uploadprogress (= ${binary:Version}), + libnginx-mod-http-upstream-fair (= ${binary:Version}), libnginx-mod-http-xslt-filter (= ${binary:Version}), libnginx-mod-mail (= ${binary:Version}), + libnginx-mod-nchan (= ${binary:Version}), libnginx-mod-stream (= ${binary:Version}), - libnginx-mod-stream-geoip (= ${binary:Version}), - libnginx-mod-http-auth-pam, - libnginx-mod-http-cache-purge, - libnginx-mod-http-dav-ext, - libnginx-mod-http-echo, - libnginx-mod-http-fancyindex, - libnginx-mod-http-geoip2, - libnginx-mod-http-headers-more-filter, - libnginx-mod-http-lua [amd64 arm64 armel armhf i386 mips64el mipsel s390x riscv64 powerpc], - libnginx-mod-http-subs-filter, - libnginx-mod-http-uploadprogress, - libnginx-mod-http-upstream-fair, - libnginx-mod-nchan, - libnginx-mod-stream-geoip2, + nginx-common (= ${source:Version}), ${misc:Depends}, ${shlibs:Depends} +Breaks: nginx (<< 1.4.5-1) +Provides: httpd, httpd-cgi, nginx +Conflicts: nginx-full, nginx-light +Suggests: nginx-doc (= ${source:Version}) Description: nginx web/proxy server (extended version) Nginx ("engine X") is a high-performance web and reverse proxy server created by Igor Sysoev. It can be used both as a standalone web server and as a proxy to reduce the load on back-end HTTP or mail servers. . - This metapackage provides a version of nginx with the standard modules, plus + This package provides a version of nginx with the standard modules, plus extra features and modules such as the Perl module, which allows the addition of Perl in configuration files. . @@ -222,20 +174,18 @@ Description: nginx web/proxy server (extended version) OPTIONAL HTTP MODULES: Addition, Auth Request, Charset, WebDAV, FLV, GeoIP, Gunzip, Gzip, Gzip Precompression, Headers, HTTP/2, Image Filter, Index, Log, MP4, Embedded Perl, Random Index, Real IP, Slice, Secure Link, SSI, SSL, - SSL Preread, Stub Status, Substitution, Thread Pool, Upstream, User ID, XSLT. + Stream, SSL Preread, Stub Status, Substitution, Thread Pool, Upstream, + User ID, XSLT. . - OPTIONAL MAIL MODULES: Mail Core, Auth HTTP, Proxy, SSL, IMAP, POP3, SMTP. - . - OPTIONAL STREAM MODULES: Stream, GeoIP, GeoIP2 + MAIL MODULES: Mail Core, Auth HTTP, Proxy, SSL, IMAP, POP3, SMTP. . THIRD PARTY MODULES: Auth PAM, Cache Purge, DAV Ext, Echo, Fancy Index, - GeoIP2, Headers More, Embedded Lua, HTTP Substitutions, Nchan, Upload Progress, + Headers More, Embedded Lua, HTTP Substitutions, Nchan, Upload Progress, Upstream Fair Queue. Package: libnginx-mod-http-geoip Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends}, -Recommends: nginx, +Depends: ${misc:Depends}, ${shlibs:Depends} Description: GeoIP HTTP module for Nginx The ngx_http_geoip module creates variables with values depending on the client IP address, using the precompiled MaxMind databases. @@ -245,8 +195,7 @@ Description: GeoIP HTTP module for Nginx Package: libnginx-mod-http-image-filter Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends}, -Recommends: nginx, +Depends: ${misc:Depends}, ${shlibs:Depends} Description: HTTP image filter module for Nginx The ngx_http_image_filter module is a filter that transforms images in JPEG, GIF, and PNG formats. @@ -256,8 +205,7 @@ Description: HTTP image filter module for Nginx Package: libnginx-mod-http-xslt-filter Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends}, -Recommends: nginx, +Depends: ${misc:Depends}, ${shlibs:Depends} Description: XSLT Transformation module for Nginx The ngx_http_xslt_filter module is a filter that transforms XML responses using one or more XSLT stylesheets. @@ -267,8 +215,7 @@ Description: XSLT Transformation module for Nginx Package: libnginx-mod-mail Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends}, -Recommends: nginx, +Depends: ${misc:Depends}, ${shlibs:Depends} Description: Mail module for Nginx The nginx_mail module adds mail proxy support to nginx. . @@ -277,8 +224,7 @@ Description: Mail module for Nginx Package: libnginx-mod-stream Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends}, -Recommends: nginx, +Depends: ${misc:Depends}, ${shlibs:Depends} Description: Stream module for Nginx The nginx_stream module adds stream proxy support to nginx. . @@ -286,22 +232,10 @@ Description: Stream module for Nginx also supports ACLs/connection limiting and configuring multiple operational parameters. -Package: libnginx-mod-stream-geoip -Architecture: any -Depends: ${misc:Depends}, ${shlibs:Depends}, - libnginx-mod-stream (= ${binary:Version}), -Recommends: nginx, -Description: GeoIP Stream module for Nginx - The ngx_stream_geoip module creates variables with values depending on the - client IP address, using the precompiled MaxMind databases. - . - Those variables include country, region, city, latitude, longitude, postal - code, etc. - Package: libnginx-mod-http-perl Architecture: any -Depends: ${misc:Depends}, ${perl:Depends}, ${shlibs:Depends}, -Recommends: nginx, +Depends: ${misc:Depends}, ${perl:Depends}, ${shlibs:Depends} +Replaces: nginx-extras (<< 1.9.14-1) Description: Perl module for Nginx Embed Perl runtime into nginx. . @@ -309,3 +243,150 @@ Description: Perl module for Nginx in Perl and insert Perl calls into SSI. . Note that this module is marked experimental. + +Package: libnginx-mod-http-auth-pam +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: PAM authentication module for Nginx + The nginx_http_auth_pam module enables authentication using PAM. + . + The module uses PAM as a backend for simple http authentication. It + also allows setting the pam service name to allow more fine grained control. + +Package: libnginx-mod-http-lua +Architecture: any +Depends: libnginx-mod-http-ndk (= ${binary:Version}), + ${misc:Depends}, + ${shlibs:Depends} +Description: Lua module for Nginx + Embed Lua runtime into nginx. + . + This module embeds Lua, via the standard Lua 5.1 interpreter or LuaJIT + 2.0/2.1, into Nginx and by leveraging Nginx's subrequests, allows the + integration of the powerful Lua threads (Lua coroutines) into the Nginx event + model. + +Package: libnginx-mod-http-ndk +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: Nginx Development Kit module + The NDK is an Nginx module that is designed to extend the core functionality of + the excellent Nginx webserver in a way that can be used as a basis of other + Nginx modules. + . + It has functions and macros to deal with generic tasks that don't currently + have generic code as part of the core distribution. The NDK itself adds few + features that are seen from a user's point of view - it's just designed to help + reduce the code that Nginx module developers need to write. + +Package: libnginx-mod-nchan +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: Fast, flexible pub/sub server for Nginx + Nchan is a scalable, flexible pub/sub server for the modern web, It can be + configured as a standalone server, or as a shim between your application and + tens, thousands, or millions of live subscribers. It can buffer messages in + memory, on-disk, or via Redis. All connections are handled asynchronously and + distributed among any number of worker processes. It can also scale to many + nginx server instances with Redis. + . + Full documentation available at https://nchan.slact.net + +Package: libnginx-mod-http-echo +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: Bring echo and more shell style goodies to Nginx + Echo module wraps lots of Nginx internal APIs for streaming input and output, + parallel/sequential subrequests, timers and sleeping, as well as various meta + data accessing. + . + Basically it provides various utilities that help testing and debugging of + other modules by trivially emulating different kinds of faked subrequest + locations. + . + People will also find it useful in real-world applications that need to: + . + 1. Serve static contents directly from memory. + 2. Wrap the upstream response with custom header and footer (kinda like the + addition module but with contents read directly from the config file and + Nginx variables). + 3. Merge contents of various "Nginx locations" (i.e., subrequests) together in + a single main request (using echo_location and its friends). + +Package: libnginx-mod-http-upstream-fair +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: Nginx Upstream Fair Proxy Load Balancer + The Nginx fair proxy balancer enhances the standard round-robin load balancer + provided with Nginx so that it tracks busy backend servers and adjusts + balancing accordingly. + +Package: libnginx-mod-http-headers-more-filter +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: Set and clear input and output headers for Nginx + The Headers More module allows you to add, set, or clear any output or input + header that you specify. + . + This is an enhanced version of the standard headers module because it provides + more utilities like resetting or clearing "builtin headers" like Content-Type, + Content-Length, and Server. + +Package: libnginx-mod-http-cache-purge +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: Purge content from Nginx caches + Cache Purge module adds purging capabilities to Nginx. It allows purging + content from caches used by all of Nginx proxy modules, like FastCGI, Proxy, + SCGI and uWSGI. + +Package: libnginx-mod-http-fancyindex +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: Fancy indexes module for the Nginx + The Fancy Index module makes possible the generation of file listings, like + the built-in autoindex module does, but adding a touch of style by introducing + ways to customize the result. + +Package: libnginx-mod-http-uploadprogress +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: Upload progress system for Nginx + Upload progress module is an implementation of an upload progress system, that + monitors RFC1867 POST uploads as they are transmitted to upstream servers. + . + It works by tracking the uploads proxied by Nginx to upstream servers without + analysing the uploaded content and offers a web API to report upload progress + in Javscript, Json or any other format. + +Package: libnginx-mod-http-subs-filter +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: Substitution filter module for Nginx + Subsitution Nginx module can do both regular expression and fixed string + substitutions on response bodies. The module is quite different from Nginx's + native Substitution module. It scans the output chains buffer and + matches string line by line, just like Apache's mod_substitute. + +Package: libnginx-mod-http-dav-ext +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: WebDAV missing commands support for Nginx + WebDAV Ext module complements the Nginx WebDAV module to provide a full + WebDAV support. + . + WebDAV Ext provides the missing PROPFIND & OPTIONS methods. + +Package: libnginx-mod-rtmp +Architecture: any +Depends: ${misc:Depends}, ${shlibs:Depends} +Description: RTMP support for Nginx + The nginx RTMP module is a fully-featured streaming solution implemented in + nginx. + . + It provides the following features: + - Live streaming with RTMP, HLS and MPEG-DASH; + - RTMP Video on Demand from local or HTTP sources; + - Stream relay support via a push or pull model; + - Integrated stream recording; + - and more. diff --git a/debian/copyright b/debian/copyright index 0536a8c..66a44d8 100644 --- a/debian/copyright +++ b/debian/copyright @@ -3,12 +3,24 @@ Upstream-Name: nginx Source: https://nginx.org/en/download.html Files: * -Copyright: Valentin V. Bartenev - Ruslan Ermilov - Roman Arutyunyan - Maxim Dounin - 2011-2024, Nginx, Inc. - 2002-2021, Igor Sysoev +Copyright: 2002-2014 Igor Sysoev + 2011-2014 Nginx, Inc. + Maxim Dounin + Valentin V. Bartenev + Roman Arutyunyan + Ruslan Ermilov +License: BSD-2-clause + +Files: src/core/ngx_murmurhash.c +Copyright: Copyright (C) Austin Appleby +License: BSD-2-clause + +Files: src/http/modules/ngx_http_scgi_module.c + src/http/modules/ngx_http_uwsgi_module.c +Copyright: Copyright (C) Igor Sysoev + Copyright (C) Nginx, Inc. + 2009-2010 Unbit S.a.s. + 2008 Manlio Perillo (manlio.perillo@gmail.com) License: BSD-2-clause Files: contrib/geo2nginx.pl @@ -16,67 +28,80 @@ Copyright: 2005, Andrei Nigmatulin License: BSD-2-clause Files: debian/* -Copyright: 2022-2025, Jan Mojžíš - 2020-2022, Ondřej Nový - 2019-2022, Thomas Ward - 2013-2016, Christos Trochalakis - 2011-2013, Cyril Lavier - 2011, Dmitry E. Oboukhov - 2010-2014, Michael Lustfield - 2009-2014, Kartik Mistry - 2008, Jose Parrella - 2007-2009, Fabio Tranchitella +Copyright: 2007-2009, Fabio Tranchitella + 2008, Jose Parrella + 2009-2014, Kartik Mistry + 2010-2014, Michael Lustfield + 2011 Dmitry E. Oboukhov + 2011-2013, Cyril Lavier + 2013-2016, Christos Trochalakis License: BSD-2-clause -Files: debian/apport/* -Copyright: 2015, Thomas Ward +Files: debian/modules/http-headers-more-filter/* +Copyright: Copyright (c) 2009-2014, Yichun "agentzh" Zhang (章亦春) , CloudFlare Inc. + Copyright (c) 2010-2013, Bernd Dorn + Copyright (c) Igor Sysoev License: BSD-2-clause -Files: debian/debhelper/* -Copyright: 2022, Miao Wang -License: Expat +Files: debian/modules/http-ndk/* +Copyright: Marcus Clyne +License: BSD-3-clause -Files: debian/debhelper/dh_nginx -Copyright: 2016, Christos Trochalakis -License: GPL-2+ +Files: debian/modules/http-ndk/src/hash/md5.h + debian/modules/http-ndk/src/hash/sha.h +Copyright: Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) +License: BSD-4-clause -Files: debian/ngx-conf/ngx-conf -Copyright: 2015, Michael Lustfield -License: Expat - -Files: man/* -Copyright: Nginx, Inc. - 2010, 2019, Sergey A. Osokin +Files: debian/modules/http-auth-pam/* +Copyright: 2008-2013, Sergio Talens Oliag License: BSD-2-clause -Files: src/core/ngx_murmurhash.c -Copyright: Austin Appleby -License: public-domain - All MurmurHash versions are public domain software, and the author - disclaims all copyright to their code. - -Files: src/http/modules/ngx_http_scgi_module.c -Copyright: Nginx, Inc. - Manlio Perillo (manlio.perillo@gmail.com) - Igor Sysoev +Files: debian/modules/http-echo/* +Copyright: Copyright (c) 2009-2014, Yichun "agentzh" Zhang License: BSD-2-clause -Files: src/http/modules/ngx_http_uwsgi_module.c -Copyright: Nginx, Inc. - Igor Sysoev - 2009, 2010, Unbit S.a.s. - 2008, Manlio Perillo (manlio.perillo@gmail.com) +Files: debian/modules/http-lua/* +Copyright: Copyright (C) 2009-2014, by Xiaozhe Wang (chaoslawful) . + Copyright (C) 2009-2014, by Yichun "agentzh" Zhang (章亦春) , CloudFlare Inc. License: BSD-2-clause -Files: src/http/ngx_http_huff_encode.c -Copyright: Valentin V. Bartenev - Nginx, Inc. - 2015, Vlad Krasnov +Files: debian/modules/http-upstream-fair/* +Copyright: Copyright (c) 2007 Grzegorz Nosek + Igor Sysoev License: BSD-2-clause -Files: src/stream/ngx_stream_set_module.c -Copyright: Pavel Pautov - Nginx, Inc. +Files: debian/modules/nchan/* +Copyright: 2009-2016 Leo Ponomarev +License: MIT + +Files: debian/modules/nchan/src/store/redis/cmp.* +Copyright: 2015 Charles Gunyon +License: MIT + +Files: debian/modules/http-uploadprogress/* +Copyright: Brice Figureau + 2002-2007, Igor Sysoev +License: BSD-2-clause + +Files: debian/modules/http-cache-purge/* +Copyright: 2009-2012, FRiCKLE , + 2009-2012, Piotr Sikora +License: BSD-2-clause + +Files: debian/modules/http-dav-ext/* +Copyright: Arutyunyan Roman +License: BSD-2-clause + +Files: debian/modules/http-fancyindex/* +Copyright: Copyright (c) Adrian Perez +License: BSD-2-clause + +Files: debian/modules/http-subs-filter/* +Copyright: Copyright (C) 2014 by Weibin Yao +License: BSD-2-clause + +Files: debian/modules/rtmp/* +Copyright: Copyright (C) 2012-2014, Roman Arutyunyan License: BSD-2-clause License: BSD-2-clause @@ -104,7 +129,59 @@ License: BSD-2-clause (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -License: Expat +License: BSD-3-clause + All rights reserved. + . + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions are + met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 3. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this + software without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS + BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR + BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, + WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR + OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF + ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + +License: BSD-4-clause + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + 4. Neither the name of the University nor the names of its contributors + may be used to endorse or promote products derived from this software + without specific prior written permission. + . + THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND + ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE + FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + SUCH DAMAGE. + +License: MIT Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the @@ -122,15 +199,3 @@ License: Expat LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -License: GPL-2+ - This is free software, licensed under: - . - The GNU General Public License, Version 2, June 1991 - . - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 2 dated June, 1991, or (at - your option) any later version. - On Debian systems, the complete text of version 2 of the GNU General - Public License can be found in '/usr/share/common-licenses/GPL-2'. diff --git a/debian/debhelper/nginx.pm b/debian/debhelper/nginx.pm deleted file mode 100644 index 0e41120..0000000 --- a/debian/debhelper/nginx.pm +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/perl -use warnings; -use strict; -use Debian::Debhelper::Dh_Lib; - -add_command_options( "dh_auto_test", "--buildsystem=nginx_mod" ); -add_command_options( "dh_auto_configure", "--buildsystem=nginx_mod" ); -add_command_options( "dh_auto_build", "--buildsystem=nginx_mod" ); -add_command_options( "dh_auto_install", "--buildsystem=nginx_mod" ); -add_command_options( "dh_auto_clean", "--buildsystem=nginx_mod" ); - -insert_after("dh_install", "dh_nginx"); - -1; diff --git a/debian/debhelper/nginx_mod.pm b/debian/debhelper/nginx_mod.pm deleted file mode 100644 index 1b1ecaf..0000000 --- a/debian/debhelper/nginx_mod.pm +++ /dev/null @@ -1,138 +0,0 @@ -# A build system class for handling nginx modules. -# -# Copyright: © 2022 Miao Wang -# License: MIT - -package Debian::Debhelper::Buildsystem::nginx_mod; - -use strict; -use warnings; -use Dpkg::Deps qw(deps_parse); -use Dpkg::Control::Info; -use Debian::Debhelper::Dh_Lib qw(error doit getpackages addsubstvar); -use File::Spec; -use parent qw(Debian::Debhelper::Buildsystem::makefile); -use Config; - -sub DESCRIPTION { - "Nginx Module (config)" -} - -sub check_auto_buildable { - my ($this, $step) = @_; - - return 1 if -e $this->get_sourcepath("config"); -} - -sub _NGINX_SRC_DIR { - "/usr/share/nginx/src" -} - -sub _NDK_SRC_DIR { - "/usr/share/nginx-ndk/src" -} - -sub new { - my $class=shift; - my $this= $class->SUPER::new(@_); - my $ngx_ver = `grep 'define NGINX_VERSION' /usr/share/nginx/src/src/core/nginx.h | sed -e 's/^.*"\\(.*\\)".*/\\1/'`; - chomp($ngx_ver); - $this->prefer_out_of_source_building(@_); - $this->{has_ndk} = $this->has_build_dep("libnginx-mod-http-ndk-dev"); - $this->{has_stream} = $this->has_build_dep("libnginx-mod-stream"); - foreach my $cur (getpackages('arch')) { - if ($this->{has_ndk} == 1) { - addsubstvar($cur, "misc:Depends", "libnginx-mod-http-ndk"); - } - if ($this->{has_stream} == 1) { - addsubstvar($cur, "misc:Depends", "libnginx-mod-stream (>= $ngx_ver), libnginx-mod-stream (<< $ngx_ver.1~)"); - } - } - return $this; -} - -sub configure { - my $this=shift; - - doit({ - "chdir" => $this->_NGINX_SRC_DIR, - "update_env" => { - "src_dir" => $this->get_sourcedir, - "bld_dir" => $this->get_builddir, - "pwd_dir" => $this->{cwd}, - }, - }, "bash", "-c", '. ./conf_flags - ./configure \\ - --with-cc-opt="$(cd "$pwd_dir/$src_dir"; dpkg-buildflags --get CFLAGS) -fPIC $(cd "$pwd_dir/$src_dir"; dpkg-buildflags --get CPPFLAGS)" \\ - --with-ld-opt="$(cd "$pwd_dir/$src_dir"; dpkg-buildflags --get LDFLAGS) -fPIC" \\ - "${NGX_CONF_FLAGS[@]}" \\ - --add-dynamic-module="$pwd_dir/$src_dir" \\ - --builddir="$pwd_dir/$bld_dir" \\ - ' . ($this->{has_ndk} ? '--add-module=' . $this->_NDK_SRC_DIR : '') . ' \\ - ' . ($this->{has_stream} ? '--with-stream' : '') . ' \\ - "$@"', "dummy", @_); -} - -sub build { - my $this=shift; - - $this->do_make("-f", File::Spec->catfile($this->{cwd}, $this->get_buildpath("Makefile")), "-C", $this->_NGINX_SRC_DIR, "modules"); -} - -sub test { - my $this=shift; - - if ( $this->{has_ndk} and !grep( /^ndk_http_module.so$/, @_ ) ) { - unshift @_, "ndk_http_module.so"; - } - - if ( $this->{has_stream} and !grep( /^ngx_stream_module.so$/, @_ ) ) { - unshift @_, "ngx_stream_module.so"; - } - - $this->doit_in_builddir("bash", "-e", "-o", "pipefail", "-c", ' - tmp_conf=$(mktemp -p .) - for pre_dep in "$@"; do - echo "load_module modules/$pre_dep;" >> "$tmp_conf" - done - for i in *.so; do - echo "load_module $PWD/$i;" >> "$tmp_conf" - done - echo "events{}" >> "$tmp_conf" - /usr/sbin/nginx -g "error_log /dev/null; pid /dev/null;" -t -q -c "$PWD/$tmp_conf" - rm -f "$tmp_conf" - ', "dummy", @_); -} - -sub install { - my $this=shift; - my $destdir=shift; - - $this->doit_in_builddir("bash", "-e", "-o", "pipefail", "-c", ' - destdir=$1 - mkdir -p "$destdir/usr/lib/nginx/modules" - for i in *.so; do - cp "$i" "$destdir/usr/lib/nginx/modules/" - done - ', "dummy", $destdir); -} - -sub clean { - my $this=shift; - $this->rmdir_builddir(); -} - -sub has_build_dep { - my $this=shift; - my $bd=shift; - my $control = Dpkg::Control::Info->new()->get_source(); - my $depends = deps_parse($control->{'Build-Depends'}); - foreach (split /,\s+/,$depends) { - if ($_ =~ /$bd/) { - return 1; - } - } - return 0; -} - -1 diff --git a/debian/debhelper/dh_nginx b/debian/dh_nginx similarity index 52% rename from debian/debhelper/dh_nginx rename to debian/dh_nginx index 9100220..8e6ce3b 100755 --- a/debian/debhelper/dh_nginx +++ b/debian/dh_nginx @@ -23,28 +23,17 @@ use strict; use File::Find; use Debian::Debhelper::Dh_Lib; -use Dpkg::Substvars; + =head1 NAME dh_nginx - register configuration snippets to the nginx web server =cut -my $nginx_in_tree; -my $abi; + sub nginx_depends { - if (!$abi) { - my $sv = Dpkg::Substvars->new(); - if ($nginx_in_tree) { - $sv->load("debian/libnginx-mod.abisubstvars"); - } - else { - $sv->load("/usr/share/nginx/src/debian/libnginx-mod.abisubstvars"); - } - $abi = $sv->get("nginx:abi"); - } - return "$abi"; + return 'nginx-common (= ${source:Version})' } sub nginx_api_installdir @@ -59,7 +48,7 @@ sub nginx_modules_conf_installdir =head1 SYNOPSIS -B [S>] [B<-n>|B<--noscripts>] [B<--in-nginx-tree>] +B [S>] [B<-n>|B<--noscripts>] =head1 DESCRIPTION @@ -74,8 +63,6 @@ It supports the following configuration types =item * Nginx modules -=back - =head1 INVOCATION %: @@ -95,11 +82,6 @@ Lists files to be registered with the Nginx HTTP server. The file is interpreted as line separated list of installation stanzas, where each entry consists of whitespace separated values conforming to the file semantics below. -When this file is missing but the name of the package looks like a nginx module, -the module load file and its loading priority is automatically generated inferring -from the package name. In this case, IB<.install> or other mechanisms -should be used for copying the B<.so> library into the correct place. - =head2 FILE SEMANTICS Each line consists of a triple @@ -146,10 +128,6 @@ configuration by default. Do not modify F/F/F maintainer scripts. -=item B<--in-nginx-tree> - -Specify this option when building in-tree modules along with nginx. When -specified, nginx abi version is not required in package name. =back @@ -174,7 +152,6 @@ dh_nginx is heavily influnced by dh_apache2 written by Arno Toell init(options => { "e|noenable" => \$dh{NOENABLE}, - "in-nginx-tree" => \$nginx_in_tree, }); foreach my $package ((@{$dh{DOPACKAGES}})) @@ -185,116 +162,85 @@ foreach my $package ((@{$dh{DOPACKAGES}})) my $file = pkgfile($package, "nginx"); my $tmp = tmpdir($package); - my $installdir = $tmp . "/" . nginx_modules_conf_installdir(); - my $modinstalldir = $tmp . "/" . nginx_api_installdir(); - if ($file){ - my @files_to_register = filedoublearray($file, ".") if $file; - foreach my $line (@files_to_register) + my @files_to_register = filedoublearray($file, ".") if $file; + foreach my $line (@files_to_register) + { + my $type = lc(shift @{$line}) if $line->[0]; + my $source = shift @{$line} if $line->[0]; + my @arguments = @{$line}; + my $destination; + + $type = "modules" if $type eq "mod"; + my $installdir = $tmp . "/" . nginx_modules_conf_installdir(); + + verbose_print("$type -- $source -- @arguments\n\n"); + + if ($type eq "modules") { - my $type = lc(shift @{$line}) if $line->[0]; - my $source = shift @{$line} if $line->[0]; - my @arguments = @{$line}; - my $destination; - - $type = "modules" if $type eq "mod"; - - verbose_print("$type -- $source -- @arguments\n\n"); + my $basesource = basename($source); if ($type eq "modules") { - my $basesource = basename($source); - - if ($type eq "modules") + if ($basesource =~ m/\.conf$/) { - if ($basesource =~ m/\.conf$/) - { - my $enablename = $basesource; - my $prio = $#arguments >= 0 ? $arguments[0] : 50; - $destination = "$prio-$basesource"; - push @{$PACKAGE_TYPE{'has_a_module'}}, "$enablename:$destination"; - verbose_print("Installing module configuration $enablename into $installdir prio:$prio\n"); - } - elsif ($basesource =~ m/\.so$/) - { - verbose_print("Installing module binary $source into $modinstalldir\n"); - if (! -d $modinstalldir) - { - complex_doit("mkdir","-p", $modinstalldir); - complex_doit("chmod","755","$modinstalldir"); - } - complex_doit("cp", $source, $modinstalldir); - next; - } - - # TODO - error("module: \"$basesource\" needs .conf, .so or suffix") if $basesource !~ m/\.(conf|so)/; + my $enablename = $basesource; + my $prio = $#arguments >= 0 ? $arguments[0] : 50; + $destination = "$prio-$basesource"; + push @{$PACKAGE_TYPE{'has_a_module'}}, "$enablename:$destination"; + verbose_print("Installing module configuration $enablename into $installdir prio:$prio\n"); } - - if (! -d $installdir) - { - complex_doit("mkdir","-p",$installdir); - complex_doit("chmod","755","$installdir"); - } - complex_doit("cp",$source,$installdir); - complex_doit("chmod","644","$installdir/$basesource"); - - } - else + elsif ($basesource =~ m/\.so$/) { - error("Unknown parameter: $type\n"); + my $modinstalldir = $tmp . "/" . nginx_api_installdir(); + verbose_print("Installing module binary $source into $modinstalldir\n"); + if (! -d $modinstalldir) + { + complex_doit("mkdir","-p", $modinstalldir); + complex_doit("chmod","755","$modinstalldir"); + } + complex_doit("cp", $source, $modinstalldir); + next; + } + + # TODO + error("module: \"$basesource\" needs .conf, .so or suffix") if $basesource !~ m/\.(conf|so)/; } - } - } elsif ($package =~ /^libnginx-mod-/){ - verbose_print("$package might be a nginx module\n"); - - my $module = $package; - $module =~ s/^libnginx-mod-//; - verbose_print("Guessed module name: $module\n"); - - my $modulepath = $module; - $modulepath =~ s/-/_/g; - - if (-e "$modinstalldir/ngx_${modulepath}_module.so"){ - my $prio = 50; - if ($module =~ /^\w+-/ && !($module =~ /^http-/) ){ - $prio = 70; + if (! -d $installdir) + { + complex_doit("mkdir","-p",$installdir); + complex_doit("chmod","755","$installdir"); } - verbose_print("Guessed load priority: $prio\n"); + complex_doit("cp",$source,$installdir); + complex_doit("chmod","644","$installdir/$basesource"); - my $conf_name = "mod-$module.conf"; - install_dir($installdir); - verbose_print("Installing module configuration $conf_name into $installdir prio:$prio\n"); - open(MOD_CONF, $dh{NO_ACT} ? ">&STDERR" : ">$installdir/$conf_name") or error("open($installdir/$conf_name): $!"); - print(MOD_CONF "load_module modules/ngx_${modulepath}_module.so;\n"); - close(MOD_CONF); - chmod(0644, "$installdir/$conf_name") or error("chmod(0644, $installdir/$conf_name): $!"); - push @{$PACKAGE_TYPE{'has_a_module'}}, "$conf_name:$prio-$conf_name"; - } else { - verbose_print("$package is not a nginx module because $modinstalldir/ngx_${modulepath}_module.so not found"); - verbose_print("If it is not correct, check if the module is installed before invoking this script"); } + else + { + error("Unknown parameter: $type\n"); + } + } - my @postinst_autoscripts; + my @postinst_autoscripts; - if ($#{$PACKAGE_TYPE{'has_a_module'}} >= 0) - { - if ($package !~ m/libnginx-mod-\w+?/) - { - warning("Package $package appears to be an Nginx module. It should comply to the package naming scheme libnginx-mod-\n"); - } - addsubstvar($package, "misc:Depends", nginx_depends()); + if ($#{$PACKAGE_TYPE{'has_a_module'}} >= 0) + { + if ($package !~ m/libnginx-mod-\w+?/) + { + warning("Package $package appears to be an Nginx module. It should comply to the package naming scheme libnginx-mod-\n"); + } + addsubstvar($package, "misc:Depends", nginx_depends()); - my $modules = ""; - foreach my $module (@{$PACKAGE_TYPE{'has_a_module'}}) - { - $modules .= "$module "; - } + my $modules = ""; + foreach my $module (@{$PACKAGE_TYPE{'has_a_module'}}) + { + $modules .= "$module "; + } - push @postinst_autoscripts, ["module", $modules]; - } + push @postinst_autoscripts, ["module", $modules]; + } if (! $dh{NOSCRIPTS}) { diff --git a/debian/gbp.conf b/debian/gbp.conf index 44bfd7d..b5fb2c9 100644 --- a/debian/gbp.conf +++ b/debian/gbp.conf @@ -1,13 +1,6 @@ [DEFAULT] -debian-branch = main +pristine-tar = True upstream-branch = upstream upstream-tag = upstream/%(version)s -pristine-tar = True -sign-tags = True -upstream-signatures = on - -[import-orig] -merge-mode = replace - -[pull] -track-missing = True +dist=buster +debian-branch=buster diff --git a/debian/libnginx-mod-stream-geoip.nginx b/debian/libnginx-mod-http-auth-pam.nginx similarity index 57% rename from debian/libnginx-mod-stream-geoip.nginx rename to debian/libnginx-mod-http-auth-pam.nginx index 438ee46..78c206f 100755 --- a/debian/libnginx-mod-stream-geoip.nginx +++ b/debian/libnginx-mod-http-auth-pam.nginx @@ -9,5 +9,5 @@ $module =~ s/^libnginx-mod-//; $modulepath = $module; $modulepath =~ s/-/_/g; -print "mod debian/build-bin/objs/ngx_${modulepath}_module.so\n"; -print "mod debian/libnginx-mod.conf/mod-${module}.conf 70\n"; +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-http-cache-purge.nginx b/debian/libnginx-mod-http-cache-purge.nginx new file mode 100755 index 0000000..78c206f --- /dev/null +++ b/debian/libnginx-mod-http-cache-purge.nginx @@ -0,0 +1,13 @@ +#!/usr/bin/perl -w + +use File::Basename; + +# Guess module name +$module = basename($0, '.nginx'); +$module =~ s/^libnginx-mod-//; + +$modulepath = $module; +$modulepath =~ s/-/_/g; + +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-http-dav-ext.nginx b/debian/libnginx-mod-http-dav-ext.nginx new file mode 100755 index 0000000..78c206f --- /dev/null +++ b/debian/libnginx-mod-http-dav-ext.nginx @@ -0,0 +1,13 @@ +#!/usr/bin/perl -w + +use File::Basename; + +# Guess module name +$module = basename($0, '.nginx'); +$module =~ s/^libnginx-mod-//; + +$modulepath = $module; +$modulepath =~ s/-/_/g; + +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-http-echo.nginx b/debian/libnginx-mod-http-echo.nginx new file mode 100755 index 0000000..78c206f --- /dev/null +++ b/debian/libnginx-mod-http-echo.nginx @@ -0,0 +1,13 @@ +#!/usr/bin/perl -w + +use File::Basename; + +# Guess module name +$module = basename($0, '.nginx'); +$module =~ s/^libnginx-mod-//; + +$modulepath = $module; +$modulepath =~ s/-/_/g; + +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-http-fancyindex.nginx b/debian/libnginx-mod-http-fancyindex.nginx new file mode 100755 index 0000000..78c206f --- /dev/null +++ b/debian/libnginx-mod-http-fancyindex.nginx @@ -0,0 +1,13 @@ +#!/usr/bin/perl -w + +use File::Basename; + +# Guess module name +$module = basename($0, '.nginx'); +$module =~ s/^libnginx-mod-//; + +$modulepath = $module; +$modulepath =~ s/-/_/g; + +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-http-geoip.nginx b/debian/libnginx-mod-http-geoip.nginx index 0ca730a..78c206f 100755 --- a/debian/libnginx-mod-http-geoip.nginx +++ b/debian/libnginx-mod-http-geoip.nginx @@ -9,5 +9,5 @@ $module =~ s/^libnginx-mod-//; $modulepath = $module; $modulepath =~ s/-/_/g; -print "mod debian/build-bin/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-http-headers-more-filter.nginx b/debian/libnginx-mod-http-headers-more-filter.nginx new file mode 100755 index 0000000..78c206f --- /dev/null +++ b/debian/libnginx-mod-http-headers-more-filter.nginx @@ -0,0 +1,13 @@ +#!/usr/bin/perl -w + +use File::Basename; + +# Guess module name +$module = basename($0, '.nginx'); +$module =~ s/^libnginx-mod-//; + +$modulepath = $module; +$modulepath =~ s/-/_/g; + +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-http-image-filter.nginx b/debian/libnginx-mod-http-image-filter.nginx index 0ca730a..78c206f 100755 --- a/debian/libnginx-mod-http-image-filter.nginx +++ b/debian/libnginx-mod-http-image-filter.nginx @@ -9,5 +9,5 @@ $module =~ s/^libnginx-mod-//; $modulepath = $module; $modulepath =~ s/-/_/g; -print "mod debian/build-bin/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-http-lua.nginx b/debian/libnginx-mod-http-lua.nginx new file mode 100755 index 0000000..78c206f --- /dev/null +++ b/debian/libnginx-mod-http-lua.nginx @@ -0,0 +1,13 @@ +#!/usr/bin/perl -w + +use File::Basename; + +# Guess module name +$module = basename($0, '.nginx'); +$module =~ s/^libnginx-mod-//; + +$modulepath = $module; +$modulepath =~ s/-/_/g; + +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-http-ndk.nginx b/debian/libnginx-mod-http-ndk.nginx new file mode 100644 index 0000000..562723b --- /dev/null +++ b/debian/libnginx-mod-http-ndk.nginx @@ -0,0 +1,2 @@ +mod debian/build-extras/objs/ndk_http_module.so +mod debian/libnginx-mod.conf/mod-http-ndk.conf 10 diff --git a/debian/libnginx-mod-http-perl.install b/debian/libnginx-mod-http-perl.install index 7382eca..14ca692 100755 --- a/debian/libnginx-mod-http-perl.install +++ b/debian/libnginx-mod-http-perl.install @@ -3,5 +3,5 @@ use Config; my $vendorarch = substr($Config{vendorarch}, 1); -print "debian/build-bin/objs/src/http/modules/perl/blib/arch/auto/nginx/* $vendorarch/auto/nginx\n"; -print "debian/build-bin/objs/src/http/modules/perl/blib/lib/nginx.pm $vendorarch\n"; +print "debian/build-extras/objs/src/http/modules/perl/blib/arch/auto/nginx/* $vendorarch/auto/nginx\n"; +print "debian/build-extras/objs/src/http/modules/perl/blib/lib/nginx.pm $vendorarch\n"; diff --git a/debian/libnginx-mod-http-perl.nginx b/debian/libnginx-mod-http-perl.nginx index 0ca730a..78c206f 100755 --- a/debian/libnginx-mod-http-perl.nginx +++ b/debian/libnginx-mod-http-perl.nginx @@ -9,5 +9,5 @@ $module =~ s/^libnginx-mod-//; $modulepath = $module; $modulepath =~ s/-/_/g; -print "mod debian/build-bin/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-http-subs-filter.nginx b/debian/libnginx-mod-http-subs-filter.nginx new file mode 100755 index 0000000..78c206f --- /dev/null +++ b/debian/libnginx-mod-http-subs-filter.nginx @@ -0,0 +1,13 @@ +#!/usr/bin/perl -w + +use File::Basename; + +# Guess module name +$module = basename($0, '.nginx'); +$module =~ s/^libnginx-mod-//; + +$modulepath = $module; +$modulepath =~ s/-/_/g; + +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-http-uploadprogress.nginx b/debian/libnginx-mod-http-uploadprogress.nginx new file mode 100755 index 0000000..78c206f --- /dev/null +++ b/debian/libnginx-mod-http-uploadprogress.nginx @@ -0,0 +1,13 @@ +#!/usr/bin/perl -w + +use File::Basename; + +# Guess module name +$module = basename($0, '.nginx'); +$module =~ s/^libnginx-mod-//; + +$modulepath = $module; +$modulepath =~ s/-/_/g; + +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-http-upstream-fair.nginx b/debian/libnginx-mod-http-upstream-fair.nginx new file mode 100755 index 0000000..78c206f --- /dev/null +++ b/debian/libnginx-mod-http-upstream-fair.nginx @@ -0,0 +1,13 @@ +#!/usr/bin/perl -w + +use File::Basename; + +# Guess module name +$module = basename($0, '.nginx'); +$module =~ s/^libnginx-mod-//; + +$modulepath = $module; +$modulepath =~ s/-/_/g; + +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-http-xslt-filter.nginx b/debian/libnginx-mod-http-xslt-filter.nginx index 0ca730a..78c206f 100755 --- a/debian/libnginx-mod-http-xslt-filter.nginx +++ b/debian/libnginx-mod-http-xslt-filter.nginx @@ -9,5 +9,5 @@ $module =~ s/^libnginx-mod-//; $modulepath = $module; $modulepath =~ s/-/_/g; -print "mod debian/build-bin/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-mail.nginx b/debian/libnginx-mod-mail.nginx index 0ca730a..78c206f 100755 --- a/debian/libnginx-mod-mail.nginx +++ b/debian/libnginx-mod-mail.nginx @@ -9,5 +9,5 @@ $module =~ s/^libnginx-mod-//; $modulepath = $module; $modulepath =~ s/-/_/g; -print "mod debian/build-bin/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-nchan.nginx b/debian/libnginx-mod-nchan.nginx new file mode 100755 index 0000000..78c206f --- /dev/null +++ b/debian/libnginx-mod-nchan.nginx @@ -0,0 +1,13 @@ +#!/usr/bin/perl -w + +use File::Basename; + +# Guess module name +$module = basename($0, '.nginx'); +$module =~ s/^libnginx-mod-//; + +$modulepath = $module; +$modulepath =~ s/-/_/g; + +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-rtmp.docs b/debian/libnginx-mod-rtmp.docs new file mode 100644 index 0000000..e5c5c00 --- /dev/null +++ b/debian/libnginx-mod-rtmp.docs @@ -0,0 +1 @@ +debian/modules/rtmp/README.md diff --git a/debian/libnginx-mod-rtmp.examples b/debian/libnginx-mod-rtmp.examples new file mode 100644 index 0000000..563f038 --- /dev/null +++ b/debian/libnginx-mod-rtmp.examples @@ -0,0 +1 @@ +debian/modules/rtmp/stat.xsl diff --git a/debian/libnginx-mod-rtmp.nginx b/debian/libnginx-mod-rtmp.nginx new file mode 100755 index 0000000..78c206f --- /dev/null +++ b/debian/libnginx-mod-rtmp.nginx @@ -0,0 +1,13 @@ +#!/usr/bin/perl -w + +use File::Basename; + +# Guess module name +$module = basename($0, '.nginx'); +$module =~ s/^libnginx-mod-//; + +$modulepath = $module; +$modulepath =~ s/-/_/g; + +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod-stream.nginx b/debian/libnginx-mod-stream.nginx index 0ca730a..78c206f 100755 --- a/debian/libnginx-mod-stream.nginx +++ b/debian/libnginx-mod-stream.nginx @@ -9,5 +9,5 @@ $module =~ s/^libnginx-mod-//; $modulepath = $module; $modulepath =~ s/-/_/g; -print "mod debian/build-bin/objs/ngx_${modulepath}_module.so\n"; +print "mod debian/build-extras/objs/ngx_${modulepath}_module.so\n"; print "mod debian/libnginx-mod.conf/mod-${module}.conf\n"; diff --git a/debian/libnginx-mod.abisubstvars b/debian/libnginx-mod.abisubstvars deleted file mode 100644 index 57261d4..0000000 --- a/debian/libnginx-mod.abisubstvars +++ /dev/null @@ -1,11 +0,0 @@ -# ABI must be changed: -# - when upstream nginx version is changed -# - when module signature is changed (e.g. time_t change from 32bit integer to 64bit integer https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069997) -# - when symbols/structures/... (exported from header files) are changed -# -# ABI format: nginx-abi-{UPSTREAM_VERSION}-{SUFFIX} -# the {SUFFIX} provides a mechanism on rare cases when there have to be ABI -# changes without upgrading the upstream nginx version, e.g. security updates -# in oldstable - -nginx:abi=nginx-abi-1.26.3-1 diff --git a/debian/libnginx-mod.conf/mod-http-auth-pam.conf b/debian/libnginx-mod.conf/mod-http-auth-pam.conf new file mode 100644 index 0000000..2eb6752 --- /dev/null +++ b/debian/libnginx-mod.conf/mod-http-auth-pam.conf @@ -0,0 +1 @@ +load_module modules/ngx_http_auth_pam_module.so; diff --git a/debian/libnginx-mod.conf/mod-http-cache-purge.conf b/debian/libnginx-mod.conf/mod-http-cache-purge.conf new file mode 100644 index 0000000..5974b1f --- /dev/null +++ b/debian/libnginx-mod.conf/mod-http-cache-purge.conf @@ -0,0 +1 @@ +load_module modules/ngx_http_cache_purge_module.so; diff --git a/debian/libnginx-mod.conf/mod-http-dav-ext.conf b/debian/libnginx-mod.conf/mod-http-dav-ext.conf new file mode 100644 index 0000000..e852329 --- /dev/null +++ b/debian/libnginx-mod.conf/mod-http-dav-ext.conf @@ -0,0 +1 @@ +load_module modules/ngx_http_dav_ext_module.so; diff --git a/debian/libnginx-mod.conf/mod-http-echo.conf b/debian/libnginx-mod.conf/mod-http-echo.conf new file mode 100644 index 0000000..a82ee29 --- /dev/null +++ b/debian/libnginx-mod.conf/mod-http-echo.conf @@ -0,0 +1 @@ +load_module modules/ngx_http_echo_module.so; diff --git a/debian/libnginx-mod.conf/mod-http-fancyindex.conf b/debian/libnginx-mod.conf/mod-http-fancyindex.conf new file mode 100644 index 0000000..4aa4f2f --- /dev/null +++ b/debian/libnginx-mod.conf/mod-http-fancyindex.conf @@ -0,0 +1 @@ +load_module modules/ngx_http_fancyindex_module.so; diff --git a/debian/libnginx-mod.conf/mod-http-headers-more-filter.conf b/debian/libnginx-mod.conf/mod-http-headers-more-filter.conf new file mode 100644 index 0000000..266d84e --- /dev/null +++ b/debian/libnginx-mod.conf/mod-http-headers-more-filter.conf @@ -0,0 +1 @@ +load_module modules/ngx_http_headers_more_filter_module.so; diff --git a/debian/libnginx-mod.conf/mod-http-lua.conf b/debian/libnginx-mod.conf/mod-http-lua.conf new file mode 100644 index 0000000..f6311f4 --- /dev/null +++ b/debian/libnginx-mod.conf/mod-http-lua.conf @@ -0,0 +1 @@ +load_module modules/ngx_http_lua_module.so; diff --git a/modules_deb/libnginx-mod-http-ndk-0.3.4/debian/mod-http-ndk.conf b/debian/libnginx-mod.conf/mod-http-ndk.conf similarity index 100% rename from modules_deb/libnginx-mod-http-ndk-0.3.4/debian/mod-http-ndk.conf rename to debian/libnginx-mod.conf/mod-http-ndk.conf diff --git a/debian/libnginx-mod.conf/mod-http-subs-filter.conf b/debian/libnginx-mod.conf/mod-http-subs-filter.conf new file mode 100644 index 0000000..fe34b6c --- /dev/null +++ b/debian/libnginx-mod.conf/mod-http-subs-filter.conf @@ -0,0 +1 @@ +load_module modules/ngx_http_subs_filter_module.so; diff --git a/debian/libnginx-mod.conf/mod-http-uploadprogress.conf b/debian/libnginx-mod.conf/mod-http-uploadprogress.conf new file mode 100644 index 0000000..edc0c0b --- /dev/null +++ b/debian/libnginx-mod.conf/mod-http-uploadprogress.conf @@ -0,0 +1 @@ +load_module modules/ngx_http_uploadprogress_module.so; diff --git a/debian/libnginx-mod.conf/mod-http-upstream-fair.conf b/debian/libnginx-mod.conf/mod-http-upstream-fair.conf new file mode 100644 index 0000000..62750b5 --- /dev/null +++ b/debian/libnginx-mod.conf/mod-http-upstream-fair.conf @@ -0,0 +1 @@ +load_module modules/ngx_http_upstream_fair_module.so; diff --git a/debian/libnginx-mod.conf/mod-nchan.conf b/debian/libnginx-mod.conf/mod-nchan.conf new file mode 100644 index 0000000..0a524e5 --- /dev/null +++ b/debian/libnginx-mod.conf/mod-nchan.conf @@ -0,0 +1 @@ +load_module modules/ngx_nchan_module.so; diff --git a/debian/libnginx-mod.conf/mod-rtmp.conf b/debian/libnginx-mod.conf/mod-rtmp.conf new file mode 100644 index 0000000..4e87e6e --- /dev/null +++ b/debian/libnginx-mod.conf/mod-rtmp.conf @@ -0,0 +1 @@ +load_module modules/ngx_rtmp_module.so; diff --git a/debian/libnginx-mod.conf/mod-stream-geoip.conf b/debian/libnginx-mod.conf/mod-stream-geoip.conf deleted file mode 100644 index 7195856..0000000 --- a/debian/libnginx-mod.conf/mod-stream-geoip.conf +++ /dev/null @@ -1 +0,0 @@ -load_module modules/ngx_stream_geoip_module.so; diff --git a/debian/modules/control b/debian/modules/control new file mode 100644 index 0000000..a5d65a8 --- /dev/null +++ b/debian/modules/control @@ -0,0 +1,70 @@ +Module: http-headers-more-filter +Homepage: https://github.com/agentzh/headers-more-nginx-module +Version: 0.33 +Files-Excluded: .gitignore .gitattributes .travis.yml + +Module: http-ndk +Homepage: https://github.com/simpl/ngx_devel_kit/ +Version: 0.3.0 + +Module: http-auth-pam +Homepage: https://github.com/stogh/ngx_http_auth_pam_module +Version: 1.5.1 + +Module: http-echo +Homepage: https://github.com/agentzh/echo-nginx-module +Version: v0.61 +Files-Excluded: .gitignore .gitattributes .travis.yml + +Module: http-lua +Homepage: https://github.com/openresty/lua-nginx-module +Version: 0.10.13 +Patch: + openssl-1.1.0.patch + discover-luajit-2.1.patch +Files-Excluded: .gitignore .gitattributes .travis.yml .github + +Module: http-upstream-fair +Homepage: https://github.com/gnosek/nginx-upstream-fair +Version: a18b409 +Patch: + dynamic-module.patch + openssl-1.1.0.patch + drop-default-port.patch + +Module: nchan +Homepage: https://github.com/slact/nchan +Version: 1.0.8 +Files-Excluded: dev nchan_logo.png NchanSubscriber.js src/hiredis + +Module: http-uploadprogress +Homepage: https://github.com/masterzen/nginx-upload-progress-module +Files-Excluded: test +Version: 0.9.2 + +Module: http-cache-purge +Homepage: https://github.com/FRiCKLE/ngx_cache_purge/ +Version: 2.3 +Patch: + dynamic-module.patch + segfault-1.11.6.patch + +Module: http-dav-ext +Homepage: https://github.com/arut/nginx-dav-ext-module +Version: 3.0.0 + +Module: http-fancyindex +Homepage: https://github.com/aperezdc/ngx-fancyindex +Version: 0.4.3 +Files-Excluded: .gitignore .travis.yml + +Module: http-subs-filter +Homepage: https://github.com/yaoweibin/ngx_http_substitutions_filter_module +Version: 0.6.4 +Patch: dynamic-module.patch + +Module: rtmp +Homepage: https://github.com/arut/nginx-rtmp-module +Files-Excluded: test +Version: 1.2.1 + diff --git a/debian/modules/http-auth-pam/ChangeLog b/debian/modules/http-auth-pam/ChangeLog new file mode 100644 index 0000000..d45eae4 --- /dev/null +++ b/debian/modules/http-auth-pam/ChangeLog @@ -0,0 +1,49 @@ +2016-04-06 sto@iti.es + + * Version 1.5.1. + * Fix building alongside other modules in nginx 1.9.11+ (patch provided by + Graham Edgecombe ) + +2016-03-23 sto@iti.es + + * Version 1.5. + * Added support to build module dynamically (patch provided by Sjir + Bagmeijer ). + * Log PAM error and info messages to nginx log files (patch provided by + André Caron ). + +2015-02-04 sto@iti.es + + * Version 1.4. + * Cleanup PAM responses on error, the module was not doing it, causing + memory leaks (thanks to Michael Koziarski for the report). + +2013-09-17 sto@iti.es + + * Version 1.3. + * Added support to export HOST and REQUEST variables to the PAM ENVIRONMENT. + Thanks to Ruben Jenster for the initial patch, his version is available + from https://github.com/r10r/ngx_http_auth_pam_module; my version uses his + implementation but only if the user sets the ``pam_auth_set_pam_env`` + flag. + * Fixed bug from http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=+721702 + (ngx_module_t commands array should end with a ngx_null_command); the bug + was already fixed on the PAM_ENV patch, but I forgot about it until I went + back to my svn repository to add the debian patch... better latter than + never... ;) + +2010-11-15 sto@iti.upv.es + + * Version 1.2. + * Fixed possible memory leak when authentication fails, pam_end has to + be called to free memory (thanks to Neil Chintomby). + +2009-01-26 sto@iti.upv.es + + * Version 1.1. + * Fixed ngx_log_debugX calls, no we use the correct X value on each + call. + +2008-09-17 sto@iti.upv.es + + * Initial version (1.0). diff --git a/modules_deb/libnginx-mod-http-brotli-1.0.0~rc/LICENSE b/debian/modules/http-auth-pam/LICENSE similarity index 79% rename from modules_deb/libnginx-mod-http-brotli-1.0.0~rc/LICENSE rename to debian/modules/http-auth-pam/LICENSE index db3aca7..b2d9324 100644 --- a/modules_deb/libnginx-mod-http-brotli-1.0.0~rc/LICENSE +++ b/debian/modules/http-auth-pam/LICENSE @@ -1,8 +1,5 @@ -/* - * Copyright (C) 2002-2015 Igor Sysoev - * Copyright (C) 2011-2015 Nginx, Inc. - * Copyright (C) 2015-2019 Google Inc. - * All rights reserved. +/* + * Copyright (C) 2008-2016 Sergio Talens Oliag * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -13,10 +10,10 @@ * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * - * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) @@ -24,4 +21,5 @@ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. + * */ diff --git a/debian/modules/http-auth-pam/README.md b/debian/modules/http-auth-pam/README.md new file mode 100644 index 0000000..a4eea45 --- /dev/null +++ b/debian/modules/http-auth-pam/README.md @@ -0,0 +1,95 @@ +# ngx_http_auth_pam_module + +## Nginx module to use PAM for simple http authentication + +### Compilation + +When compiling from source build as usual adding the ``--add-module`` option: + + ./configure --add-module=$PATH_TO_MODULE + +or if you want to build the module as dynamic use the ``--add-dynamic-module`` +option. + +If you are using a Debian GNU/Linux distribution install the ``nginx-full`` +package; the module has been included in the debian package since version +``1.1.6-1``, so it is available on all stable distributions since the *wheezy* +release. + +### Configuration + +The module only has two directives: + +- ``auth_pam``: This is the http authentication realm. If given the value + ``off`` the module is disabled (needed when we want to override the value + set on a lower-level directive). + +- ``auth_pam_service_name``: this is the PAM service name and by default it is + set to ``nginx``. + +### Examples + +To protect everything under ``/secure`` you will add the following to the +``nginx.conf`` file: + + location /secure { + auth_pam "Secure Zone"; + auth_pam_service_name "nginx"; + } + +Note that the module runs as the web server user, so the PAM modules used must +be able to authenticate the users without being root; that means that if you +want to use the ``pam_unix.so`` module to autenticate users you need to let the +web server user to read the ``/etc/shadow`` file if that does not scare you (on +Debian like systems you can add the ``www-data`` user to the ``shadow`` group). + +As an example, to authenticate users against an LDAP server (using the +``pam_ldap.so`` module) you will use an ``/etc/pam.d/nginx`` like the +following: + + auth required /lib/security/pam_ldap.so + account required /lib/security/pam_ldap.so + +If you also want to limit the users from LDAP that can authenticate you can +use the ``pam_listfile.so`` module; to limit who can access resources under +``/restricted`` add the following to the ``nginx.conf`` file: + + location /restricted { + auth_pam "Restricted Zone"; + auth_pam_service_name "nginx_restricted"; + } + +Use the following ``/etc/pam.d/nginx_restricted`` file: + + auth required /lib/security/pam_listfile.so onerr=fail item=user \ + sense=allow file=/etc/nginx/restricted_users + auth required /lib/security/pam_ldap.so + account required /lib/security/pam_ldap.so + +And add the users allowed to authenticate to the ``/etc/nginx/restricted_users`` +(remember that the web server user has to be able to read this file). + +### PAM Environment + +If you want use the ``pam_exec.so`` plugin for request based authentication the +module can add to the PAM environment the ``HOST`` and ``REQUEST`` variables if +you set the ``auth_pam_set_pam_env`` flag:: + + location /pam_exec_protected { + auth_pam "Exec Zone"; + auth_pam_service_name "nginx_exec"; + auth_pam_set_pam_env on; + } + +With this configuration if you access an URL like: + + http://localhost:8000/pam_exec_protected/page?foo=yes&bar=too + +the PAM environment will include the following variables: + + HOST=localhost:8000 + REQUEST=GET /pam_exec_protected/page?foo=yes&bar=too HTTP/1.1 + +You may use this information for request based authentication. +You need a recent pam release (>= version 1.0.90) to expose environment +variables to pam_exec. diff --git a/debian/modules/http-auth-pam/VERSION b/debian/modules/http-auth-pam/VERSION new file mode 100644 index 0000000..c239c60 --- /dev/null +++ b/debian/modules/http-auth-pam/VERSION @@ -0,0 +1 @@ +1.5 diff --git a/debian/modules/http-auth-pam/config b/debian/modules/http-auth-pam/config new file mode 100644 index 0000000..2275262 --- /dev/null +++ b/debian/modules/http-auth-pam/config @@ -0,0 +1,16 @@ +ngx_addon_name=ngx_http_auth_pam_module + +if test -n "$ngx_module_link"; then + ngx_module_type=HTTP + ngx_module_name=ngx_http_auth_pam_module + ngx_module_incs= + ngx_module_deps= + ngx_module_srcs="$ngx_addon_dir/ngx_http_auth_pam_module.c" + ngx_module_libs="-lpam" + + . auto/module +else + HTTP_MODULES="$HTTP_MODULES ngx_http_auth_pam_module" + NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_auth_pam_module.c" + CORE_LIBS="$CORE_LIBS -lpam" +fi \ No newline at end of file diff --git a/debian/modules/http-auth-pam/ngx_http_auth_pam_module.c b/debian/modules/http-auth-pam/ngx_http_auth_pam_module.c new file mode 100644 index 0000000..167a37f --- /dev/null +++ b/debian/modules/http-auth-pam/ngx_http_auth_pam_module.c @@ -0,0 +1,473 @@ +/* + * Copyright (C) 2008-2016 Sergio Talens-Oliag + * + * Based on nginx's 'ngx_http_auth_basic_module.c' by Igor Sysoev and apache's + * 'mod_auth_pam.c' by Ingo Luetkebolhe. + * + * File: ngx_http_auth_pam_module.c + */ + +#include +#include +#include +#include + +#define NGX_PAM_SERVICE_NAME "nginx" + +/* Module context data */ +typedef struct { + ngx_str_t passwd; +} ngx_http_auth_pam_ctx_t; + +/* PAM authinfo */ +typedef struct { + ngx_str_t username; + ngx_str_t password; + ngx_log_t *log; +} ngx_pam_authinfo; + +/* Module configuration struct */ +typedef struct { + ngx_str_t realm; /* http basic auth realm */ + ngx_str_t service_name; /* pam service name */ + ngx_flag_t set_pam_env; /* flag that indicates if we should export + variables to PAM or NOT */ +} ngx_http_auth_pam_loc_conf_t; + +/* Module handler */ +static ngx_int_t ngx_http_auth_pam_handler(ngx_http_request_t *r); + +/* Function that authenticates the user -- is the only function that uses PAM */ +static ngx_int_t ngx_http_auth_pam_authenticate(ngx_http_request_t *r, + ngx_http_auth_pam_ctx_t *ctx, + ngx_str_t *passwd, void *conf); + +static ngx_int_t ngx_http_auth_pam_set_realm(ngx_http_request_t *r, + ngx_str_t *realm); + +static void *ngx_http_auth_pam_create_loc_conf(ngx_conf_t *cf); + +static char *ngx_http_auth_pam_merge_loc_conf(ngx_conf_t *cf, + void *parent, void *child); + +static ngx_int_t ngx_http_auth_pam_init(ngx_conf_t *cf); + +static char *ngx_http_auth_pam(ngx_conf_t *cf, void *post, void *data); + +static ngx_conf_post_handler_pt ngx_http_auth_pam_p = ngx_http_auth_pam; + +static int ngx_auth_pam_talker(int num_msg, const struct pam_message ** msg, + struct pam_response ** resp, void *appdata_ptr); + +static ngx_command_t ngx_http_auth_pam_commands[] = { + + { ngx_string("auth_pam"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF + |NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_auth_pam_loc_conf_t, realm), + &ngx_http_auth_pam_p }, + + { ngx_string("auth_pam_service_name"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF + |NGX_CONF_TAKE1, + ngx_conf_set_str_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_auth_pam_loc_conf_t, service_name), + NULL }, + + { ngx_string("auth_pam_set_pam_env"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_HTTP_LMT_CONF + |NGX_CONF_FLAG, + ngx_conf_set_flag_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_auth_pam_loc_conf_t, set_pam_env), + NULL }, + + ngx_null_command +}; + + +static ngx_http_module_t ngx_http_auth_pam_module_ctx = { + NULL, /* preconfiguration */ + ngx_http_auth_pam_init, /* postconfiguration */ + + NULL, /* create main configuration */ + NULL, /* init main configuration */ + + NULL, /* create server configuration */ + NULL, /* merge server configuration */ + + ngx_http_auth_pam_create_loc_conf, /* create location configuration */ + ngx_http_auth_pam_merge_loc_conf /* merge location configuration */ +}; + + +ngx_module_t ngx_http_auth_pam_module = { + NGX_MODULE_V1, + &ngx_http_auth_pam_module_ctx, /* module context */ + ngx_http_auth_pam_commands, /* module directives */ + NGX_HTTP_MODULE, /* module type */ + NULL, /* init master */ + NULL, /* init module */ + NULL, /* init process */ + NULL, /* init thread */ + NULL, /* exit thread */ + NULL, /* exit process */ + NULL, /* exit master */ + NGX_MODULE_V1_PADDING +}; + + +/* + * Function to free PAM_CONV responses if an error is returned. + */ +static void +free_resp(int num_msg, struct pam_response *response) +{ + int i; + if (response == NULL) + return; + for (i = 0; i < num_msg; i++) { + if (response[i].resp) { + /* clear before freeing -- may be a password */ + bzero(response[i].resp, strlen(response[i].resp)); + free(response[i].resp); + response[i].resp = NULL; + } + } + free(response); +} + +/* + * ngx_auth_pam_talker: supply authentication information to PAM when asked + * + * Assumptions: + * A password is asked for by requesting input without echoing + * A username is asked for by requesting input _with_ echoing + */ +static int +ngx_auth_pam_talker(int num_msg, const struct pam_message ** msg, + struct pam_response ** resp, void *appdata_ptr) +{ + int i; + ngx_pam_authinfo *ainfo; + struct pam_response *response; + + ainfo = (ngx_pam_authinfo *) appdata_ptr; + response = NULL; + + /* parameter sanity checking */ + if (!resp || !msg || !ainfo) + return PAM_CONV_ERR; + + /* allocate memory to store response */ + response = malloc(num_msg * sizeof(struct pam_response)); + if (!response) + return PAM_CONV_ERR; + + /* copy values */ + for (i = 0; i < num_msg; i++) { + /* initialize to safe values */ + response[i].resp_retcode = 0; + response[i].resp = 0; + + /* select response based on requested output style */ + switch (msg[i]->msg_style) { + case PAM_PROMPT_ECHO_ON: + /* on memory allocation failure, auth fails */ + response[i].resp = strdup((const char *)ainfo->username.data); + break; + case PAM_PROMPT_ECHO_OFF: + response[i].resp = strdup((const char *)ainfo->password.data); + break; + case PAM_ERROR_MSG: + ngx_log_error(NGX_LOG_ERR, ainfo->log, 0, + "PAM: \'%s\'.", msg[i]->msg); + break; + case PAM_TEXT_INFO: + ngx_log_error(NGX_LOG_INFO, ainfo->log, 0, + "PAM: \'%s\'.", msg[i]->msg); + break; + default: + free_resp(i, response); + return PAM_CONV_ERR; + } + } + /* everything okay, set PAM response values */ + *resp = response; + return PAM_SUCCESS; +} + +static ngx_int_t +ngx_http_auth_pam_handler(ngx_http_request_t *r) +{ + ngx_int_t rc; + ngx_http_auth_pam_ctx_t *ctx; + ngx_http_auth_pam_loc_conf_t *alcf; + + alcf = ngx_http_get_module_loc_conf(r, ngx_http_auth_pam_module); + + if (alcf->realm.len == 0) { + return NGX_DECLINED; + } + + ctx = ngx_http_get_module_ctx(r, ngx_http_auth_pam_module); + + if (ctx) { + return ngx_http_auth_pam_authenticate(r, ctx, &ctx->passwd, alcf); + } + + /* Decode http auth user and passwd, leaving values on the request */ + rc = ngx_http_auth_basic_user(r); + + if (rc == NGX_DECLINED) { + return ngx_http_auth_pam_set_realm(r, &alcf->realm); + } + + if (rc == NGX_ERROR) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + /* Check user & password using PAM */ + return ngx_http_auth_pam_authenticate(r, ctx, &ctx->passwd, alcf); +} + +/** + * create a key value pair from the given key and value string + */ +static void set_to_pam_env(pam_handle_t *pamh, ngx_http_request_t *r, + char *key, char *value) +{ + if (key != NULL && value != NULL) { + size_t size = strlen(key) + strlen(value) + 1 * sizeof(char); + char *key_value_pair = ngx_palloc(r->pool, size); + sprintf(key_value_pair, "%s=%s", key, value); + + pam_putenv(pamh, key_value_pair); + } +} + +/** + * creates a '\0' terminated string from the given ngx_str_t + * + * @param source nginx string structure with data and length + * @param pool pool of the request used for memory allocation + */ +static char* ngx_strncpy_s(ngx_str_t source, ngx_pool_t *pool) +{ + // allocate memory in pool + char* destination = ngx_palloc(pool, source.len + 1); + strncpy(destination, (char *) source.data, source.len); + // add null terminator + destination[source.len] = '\0'; + return destination; +} + +/** + * enrich pam environment with request parameters + */ +static void add_request_info_to_pam_env(pam_handle_t *pamh, + ngx_http_request_t *r) +{ + char *request_info = ngx_strncpy_s(r->request_line, r->pool); + char *host_info = ngx_strncpy_s(r->headers_in.host->value, r->pool); + + set_to_pam_env(pamh, r, "REQUEST", request_info); + set_to_pam_env(pamh, r, "HOST", host_info); +} + +static ngx_int_t +ngx_http_auth_pam_authenticate(ngx_http_request_t *r, + ngx_http_auth_pam_ctx_t *ctx, ngx_str_t *passwd, + void *conf) +{ + ngx_int_t rc; + ngx_http_auth_pam_loc_conf_t *alcf; + + ngx_pam_authinfo ainfo; + struct pam_conv conv_info; /* PAM struct */ + pam_handle_t *pamh; + u_char *service_name; + + alcf = conf; + + size_t len; + u_char *uname_buf, *p; + + /** + * Get username and password, note that r->headers_in.user contains the + * string 'user:pass', so we need to copy the username + **/ + for (len = 0; len < r->headers_in.user.len; len++) { + if (r->headers_in.user.data[len] == ':') { + break; + } + } + uname_buf = ngx_palloc(r->pool, len+1); + if (uname_buf == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + p = ngx_cpymem(uname_buf, r->headers_in.user.data , len); + *p ='\0'; + + ainfo.username.data = uname_buf; + ainfo.username.len = len; + + ainfo.password.data = r->headers_in.passwd.data; + ainfo.password.len = r->headers_in.passwd.len; + + ainfo.log = r->connection->log; + + conv_info.conv = &ngx_auth_pam_talker; + conv_info.appdata_ptr = (void *) &ainfo; + + pamh = NULL; + + /* Initialize PAM */ + if (alcf->service_name.data == NULL) { + service_name = (u_char *) NGX_PAM_SERVICE_NAME; + } else { + service_name = alcf->service_name.data; + } + if ((rc = pam_start((const char *) service_name, + (const char *) ainfo.username.data, + &conv_info, + &pamh)) != PAM_SUCCESS) { + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "PAM: Could not start pam service: %s", + pam_strerror(pamh, rc)); + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + if (alcf->set_pam_env) { + add_request_info_to_pam_env(pamh, r); + } + + /* try to authenticate user, log error on failure */ + if ((rc = pam_authenticate(pamh, + PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) { + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "PAM: user '%s' - not authenticated: %s", + ainfo.username.data, pam_strerror(pamh, rc)); + pam_end(pamh, PAM_SUCCESS); + return ngx_http_auth_pam_set_realm(r, &alcf->realm); + } /* endif authenticate */ + + /* check that the account is healthy */ + if ((rc = pam_acct_mgmt(pamh, PAM_DISALLOW_NULL_AUTHTOK)) != PAM_SUCCESS) { + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "PAM: user '%s' - invalid account: %s", + ainfo.username.data, pam_strerror(pamh, rc)); + pam_end(pamh, PAM_SUCCESS); + return ngx_http_auth_pam_set_realm(r, &alcf->realm); + } + + pam_end(pamh, PAM_SUCCESS); + return NGX_OK; +} + +static ngx_int_t +ngx_http_auth_pam_set_realm(ngx_http_request_t *r, ngx_str_t *realm) +{ + r->headers_out.www_authenticate = ngx_list_push(&r->headers_out.headers); + if (r->headers_out.www_authenticate == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + r->headers_out.www_authenticate->hash = 1; + r->headers_out.www_authenticate->key.len = sizeof("WWW-Authenticate") - 1; + r->headers_out.www_authenticate->key.data = (u_char *) "WWW-Authenticate"; + r->headers_out.www_authenticate->value = *realm; + + return NGX_HTTP_UNAUTHORIZED; +} + +static void * +ngx_http_auth_pam_create_loc_conf(ngx_conf_t *cf) +{ + ngx_http_auth_pam_loc_conf_t *conf; + + conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_auth_pam_loc_conf_t)); + if (conf == NULL) { + return NGX_CONF_ERROR; + } + + /* Strings are already NULL, but the flags have to be marked as unset */ + conf->set_pam_env = NGX_CONF_UNSET; + + return conf; +} + +static char * +ngx_http_auth_pam_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) +{ + ngx_http_auth_pam_loc_conf_t *prev = parent; + ngx_http_auth_pam_loc_conf_t *conf = child; + + if (conf->realm.data == NULL) { + conf->realm = prev->realm; + } + + if (conf->service_name.data == NULL) { + conf->service_name = prev->service_name; + } + + /* By default set_pam_env is off */ + ngx_conf_merge_value(conf->set_pam_env, prev->set_pam_env, 0); + + return NGX_CONF_OK; +} + +static ngx_int_t +ngx_http_auth_pam_init(ngx_conf_t *cf) +{ + ngx_http_handler_pt *h; + ngx_http_core_main_conf_t *cmcf; + + cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); + + h = ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers); + if (h == NULL) { + return NGX_ERROR; + } + + *h = ngx_http_auth_pam_handler; + + return NGX_OK; +} + +static char * +ngx_http_auth_pam(ngx_conf_t *cf, void *post, void *data) +{ + ngx_str_t *realm = data; + + size_t len; + u_char *basic, *p; + + if (ngx_strcmp(realm->data, "off") == 0) { + realm->len = 0; + realm->data = (u_char *) ""; + + return NGX_CONF_OK; + } + + len = sizeof("Basic realm=\"") - 1 + realm->len + 1; + + basic = ngx_palloc(cf->pool, len); + if (basic == NULL) { + return NGX_CONF_ERROR; + } + + p = ngx_cpymem(basic, "Basic realm=\"", sizeof("Basic realm=\"") - 1); + p = ngx_cpymem(p, realm->data, realm->len); + *p = '"'; + + realm->len = len; + realm->data = basic; + + return NGX_CONF_OK; +} + +/* File: ngx_http_auth_pam_module.c */ diff --git a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/CHANGES b/debian/modules/http-cache-purge/CHANGES similarity index 52% rename from modules_deb/libnginx-mod-http-cache-purge-2.5.3/CHANGES rename to debian/modules/http-cache-purge/CHANGES index 7495742..ead3cdf 100644 --- a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/CHANGES +++ b/debian/modules/http-cache-purge/CHANGES @@ -1,40 +1,3 @@ -2020-06-27 VERSION 2.5.1 - * fix: empty key check - it coredumps when cache key is empty, Tuğrul Topuz - * fix: purge report calloc fix - Report template has not cache file path but it's length is use in buffer memory allocation, Tuğrul Topuz - -2018-08-04 VERSION 2.5 - * feat/docs: cache_purge_response_type directive, selecting response type (html|json|xml|text) - * break: changed status of HTTP code 404 (Not Found) to 412 (Precondition Failed) - * fix: remove path information of response body (#4, 3a8c08a, #11) - -2020-06-27 VERSION 2.4.3 - * fix: empty key check - it coredumps when cache key is empty, Tuğrul Topuz - -2017-09-28 VERSION 2.4.2 - * fix: segfault in call to `ngx_read_file` of partial key purge, Frankie Dintino - * fix: segfault in `cplcf->conf->purge_all` with separate location syntax, Frankie Dintino - -2017-02-21 VERSION 2.4.1 - * Fix compatibility with nginx-1.11.6+, Sułowicz Paweł - -2016-11-20 VERSION 2.4 - * Fix compatibility with nginx-1.7.12+. - * explain the purge logic - * feat(purge all): Include option to purge all the cached files - This option can be slow if a lot of content is cached, or if the - storage used for the cache is slow. But you really should be using - RAM as your cache storage. - * feat(partial keys): Support partial keys to purge multiple keys. - Put an '*' at the end of your purge cache URL. - e.g: - proxy_cache_key $scheme$host$uri$is_args$args$cookie_JSESSIONID; - curl -X PURGE https://example.com/pass* - This will remove every cached page whose key cache starting with: - httpsexample.com/pass* - Be careful not passing any value for the values after the $uri, or put - it at the end of your cache key. - * Convert a config file to build a dynamic module - 2014-12-23 VERSION 2.3 * Fix compatibility with nginx-1.7.9+. diff --git a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/LICENSE b/debian/modules/http-cache-purge/LICENSE similarity index 100% rename from modules_deb/libnginx-mod-http-cache-purge-2.5.3/LICENSE rename to debian/modules/http-cache-purge/LICENSE diff --git a/debian/modules/http-cache-purge/README.md b/debian/modules/http-cache-purge/README.md new file mode 100644 index 0000000..3b42e32 --- /dev/null +++ b/debian/modules/http-cache-purge/README.md @@ -0,0 +1,171 @@ +About +===== +`ngx_cache_purge` is `nginx` module which adds ability to purge content from +`FastCGI`, `proxy`, `SCGI` and `uWSGI` caches. + + +Sponsors +======== +Work on the original patch was fully funded by [yo.se](http://yo.se). + + +Status +====== +This module is production-ready. + + +Configuration directives (same location syntax) +=============================================== +fastcgi_cache_purge +------------------- +* **syntax**: `fastcgi_cache_purge on|off| [from all| [.. ]]` +* **default**: `none` +* **context**: `http`, `server`, `location` + +Allow purging of selected pages from `FastCGI`'s cache. + + +proxy_cache_purge +----------------- +* **syntax**: `proxy_cache_purge on|off| [from all| [.. ]]` +* **default**: `none` +* **context**: `http`, `server`, `location` + +Allow purging of selected pages from `proxy`'s cache. + + +scgi_cache_purge +---------------- +* **syntax**: `scgi_cache_purge on|off| [from all| [.. ]]` +* **default**: `none` +* **context**: `http`, `server`, `location` + +Allow purging of selected pages from `SCGI`'s cache. + + +uwsgi_cache_purge +----------------- +* **syntax**: `uwsgi_cache_purge on|off| [from all| [.. ]]` +* **default**: `none` +* **context**: `http`, `server`, `location` + +Allow purging of selected pages from `uWSGI`'s cache. + + +Configuration directives (separate location syntax) +=================================================== +fastcgi_cache_purge +------------------- +* **syntax**: `fastcgi_cache_purge zone_name key` +* **default**: `none` +* **context**: `location` + +Sets area and key used for purging selected pages from `FastCGI`'s cache. + + +proxy_cache_purge +----------------- +* **syntax**: `proxy_cache_purge zone_name key` +* **default**: `none` +* **context**: `location` + +Sets area and key used for purging selected pages from `proxy`'s cache. + + +scgi_cache_purge +---------------- +* **syntax**: `scgi_cache_purge zone_name key` +* **default**: `none` +* **context**: `location` + +Sets area and key used for purging selected pages from `SCGI`'s cache. + + +uwsgi_cache_purge +----------------- +* **syntax**: `uwsgi_cache_purge zone_name key` +* **default**: `none` +* **context**: `location` + +Sets area and key used for purging selected pages from `uWSGI`'s cache. + + +Sample configuration (same location syntax) +=========================================== + http { + proxy_cache_path /tmp/cache keys_zone=tmpcache:10m; + + server { + location / { + proxy_pass http://127.0.0.1:8000; + proxy_cache tmpcache; + proxy_cache_key $uri$is_args$args; + proxy_cache_purge PURGE from 127.0.0.1; + } + } + } + + +Sample configuration (separate location syntax) +=============================================== + http { + proxy_cache_path /tmp/cache keys_zone=tmpcache:10m; + + server { + location / { + proxy_pass http://127.0.0.1:8000; + proxy_cache tmpcache; + proxy_cache_key $uri$is_args$args; + } + + location ~ /purge(/.*) { + allow 127.0.0.1; + deny all; + proxy_cache_purge tmpcache $1$is_args$args; + } + } + } + + +Testing +======= +`ngx_cache_purge` comes with complete test suite based on [Test::Nginx](http://github.com/agentzh/test-nginx). + +You can test it by running: + +`$ prove` + + +License +======= + Copyright (c) 2009-2014, FRiCKLE + Copyright (c) 2009-2014, Piotr Sikora + All rights reserved. + + This project was fully funded by yo.se. + + Redistribution and use in source and binary forms, with or without + modification, are permitted provided that the following conditions + are met: + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + + THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS + "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT + LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR + A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT + HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT + LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, + DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY + THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT + (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE + OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. + + +See also +======== +- [ngx_slowfs_cache](http://github.com/FRiCKLE/ngx_slowfs_cache). diff --git a/debian/modules/http-cache-purge/TODO.md b/debian/modules/http-cache-purge/TODO.md new file mode 100644 index 0000000..e279043 --- /dev/null +++ b/debian/modules/http-cache-purge/TODO.md @@ -0,0 +1,7 @@ +Features that __will not__ be added to `ngx_cache_purge`: + +* Support for prefixed purges (`/purge/images/*`). + Reason: Impossible with current cache implementation. + +* Support for wildcard/regex purges (`/purge/*.jpg`). + Reason: Impossible with current cache implementation. diff --git a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/config b/debian/modules/http-cache-purge/config similarity index 53% rename from modules_deb/libnginx-mod-http-cache-purge-2.5.3/config rename to debian/modules/http-cache-purge/config index b900680..34f42ec 100644 --- a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/config +++ b/debian/modules/http-cache-purge/config @@ -15,17 +15,7 @@ if [ "$HTTP_UWSGI" = "YES" ]; then fi ngx_addon_name=ngx_http_cache_purge_module -CACHE_PURGE_SRCS="$ngx_addon_dir/ngx_cache_purge_module.c" - -if [ -n "$ngx_module_link" ]; then - ngx_module_type=HTTP - ngx_module_name="$ngx_addon_name" - ngx_module_srcs="$CACHE_PURGE_SRCS" - - . auto/module -else - HTTP_MODULES="$HTTP_MODULES $ngx_addon_name" - NGX_ADDON_SRCS="$NGX_ADDON_SRCS $CACHE_PURGE_SRCS" -fi +HTTP_MODULES="$HTTP_MODULES ngx_http_cache_purge_module" +NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_cache_purge_module.c" have=NGX_CACHE_PURGE_MODULE . auto/have diff --git a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/ngx_cache_purge_module.c b/debian/modules/http-cache-purge/ngx_cache_purge_module.c similarity index 68% rename from modules_deb/libnginx-mod-http-cache-purge-2.5.3/ngx_cache_purge_module.c rename to debian/modules/http-cache-purge/ngx_cache_purge_module.c index 251d3fe..62d3818 100644 --- a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/ngx_cache_purge_module.c +++ b/debian/modules/http-cache-purge/ngx_cache_purge_module.c @@ -27,47 +27,22 @@ * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. */ -#include #include +#include #include #include #ifndef nginx_version - #error This module cannot be build against an unknown nginx version. +#error This module cannot be build against an unknown nginx version. #endif -#define NGX_REPONSE_TYPE_HTML 1 -#define NGX_REPONSE_TYPE_XML 2 -#define NGX_REPONSE_TYPE_JSON 3 -#define NGX_REPONSE_TYPE_TEXT 4 - -static const char ngx_http_cache_purge_content_type_json[] = "application/json"; -static const char ngx_http_cache_purge_content_type_html[] = "text/html"; -static const char ngx_http_cache_purge_content_type_xml[] = "text/xml"; -static const char ngx_http_cache_purge_content_type_text[] = "text/plain"; - -static size_t ngx_http_cache_purge_content_type_json_size = sizeof(ngx_http_cache_purge_content_type_json); -static size_t ngx_http_cache_purge_content_type_html_size = sizeof(ngx_http_cache_purge_content_type_html); -static size_t ngx_http_cache_purge_content_type_xml_size = sizeof(ngx_http_cache_purge_content_type_xml); -static size_t ngx_http_cache_purge_content_type_text_size = sizeof(ngx_http_cache_purge_content_type_text); - -static const char ngx_http_cache_purge_body_templ_json[] = "{\"Key\": \"%s\"}"; -static const char ngx_http_cache_purge_body_templ_html[] = "Successful purge

Successful purge

Key : %s

"; -static const char ngx_http_cache_purge_body_templ_xml[] = ""; -static const char ngx_http_cache_purge_body_templ_text[] = "Key:%s\n"; - -static size_t ngx_http_cache_purge_body_templ_json_size = sizeof(ngx_http_cache_purge_body_templ_json); -static size_t ngx_http_cache_purge_body_templ_html_size = sizeof(ngx_http_cache_purge_body_templ_html); -static size_t ngx_http_cache_purge_body_templ_xml_size = sizeof(ngx_http_cache_purge_body_templ_xml); -static size_t ngx_http_cache_purge_body_templ_text_size = sizeof(ngx_http_cache_purge_body_templ_text); #if (NGX_HTTP_CACHE) typedef struct { ngx_flag_t enable; ngx_str_t method; - ngx_flag_t purge_all; ngx_array_t *access; /* array of ngx_in_cidr_t */ ngx_array_t *access6; /* array of ngx_in6_cidr_t */ } ngx_http_cache_purge_conf_t; @@ -89,123 +64,93 @@ typedef struct { ngx_http_cache_purge_conf_t *conf; ngx_http_handler_pt handler; ngx_http_handler_pt original_handler; - - ngx_uint_t resptype; /* response content-type */ } ngx_http_cache_purge_loc_conf_t; # if (NGX_HTTP_FASTCGI) char *ngx_http_fastcgi_cache_purge_conf(ngx_conf_t *cf, - ngx_command_t *cmd, void *conf); + ngx_command_t *cmd, void *conf); ngx_int_t ngx_http_fastcgi_cache_purge_handler(ngx_http_request_t *r); # endif /* NGX_HTTP_FASTCGI */ # if (NGX_HTTP_PROXY) char *ngx_http_proxy_cache_purge_conf(ngx_conf_t *cf, - ngx_command_t *cmd, void *conf); + ngx_command_t *cmd, void *conf); ngx_int_t ngx_http_proxy_cache_purge_handler(ngx_http_request_t *r); # endif /* NGX_HTTP_PROXY */ # if (NGX_HTTP_SCGI) char *ngx_http_scgi_cache_purge_conf(ngx_conf_t *cf, - ngx_command_t *cmd, void *conf); + ngx_command_t *cmd, void *conf); ngx_int_t ngx_http_scgi_cache_purge_handler(ngx_http_request_t *r); # endif /* NGX_HTTP_SCGI */ # if (NGX_HTTP_UWSGI) char *ngx_http_uwsgi_cache_purge_conf(ngx_conf_t *cf, - ngx_command_t *cmd, void *conf); + ngx_command_t *cmd, void *conf); ngx_int_t ngx_http_uwsgi_cache_purge_handler(ngx_http_request_t *r); # endif /* NGX_HTTP_UWSGI */ -char *ngx_http_cache_purge_response_type_conf(ngx_conf_t *cf, - ngx_command_t *cmd, void *conf); -static ngx_int_t -ngx_http_purge_file_cache_noop(ngx_tree_ctx_t *ctx, ngx_str_t *path); -static ngx_int_t -ngx_http_purge_file_cache_delete_file(ngx_tree_ctx_t *ctx, ngx_str_t *path); - ngx_int_t ngx_http_cache_purge_access_handler(ngx_http_request_t *r); ngx_int_t ngx_http_cache_purge_access(ngx_array_t *a, ngx_array_t *a6, - struct sockaddr *s); + struct sockaddr *s); ngx_int_t ngx_http_cache_purge_send_response(ngx_http_request_t *r); # if (nginx_version >= 1007009) ngx_int_t ngx_http_cache_purge_cache_get(ngx_http_request_t *r, - ngx_http_upstream_t *u, ngx_http_file_cache_t **cache); + ngx_http_upstream_t *u, ngx_http_file_cache_t **cache); # endif /* nginx_version >= 1007009 */ ngx_int_t ngx_http_cache_purge_init(ngx_http_request_t *r, - ngx_http_file_cache_t *cache, ngx_http_complex_value_t *cache_key); + ngx_http_file_cache_t *cache, ngx_http_complex_value_t *cache_key); void ngx_http_cache_purge_handler(ngx_http_request_t *r); ngx_int_t ngx_http_file_cache_purge(ngx_http_request_t *r); - -void ngx_http_cache_purge_all(ngx_http_request_t *r, ngx_http_file_cache_t *cache); -void ngx_http_cache_purge_partial(ngx_http_request_t *r, ngx_http_file_cache_t *cache); -ngx_int_t ngx_http_cache_purge_is_partial(ngx_http_request_t *r); - char *ngx_http_cache_purge_conf(ngx_conf_t *cf, - ngx_http_cache_purge_conf_t *cpcf); + ngx_http_cache_purge_conf_t *cpcf); void *ngx_http_cache_purge_create_loc_conf(ngx_conf_t *cf); char *ngx_http_cache_purge_merge_loc_conf(ngx_conf_t *cf, - void *parent, void *child); + void *parent, void *child); static ngx_command_t ngx_http_cache_purge_module_commands[] = { # if (NGX_HTTP_FASTCGI) - { - ngx_string("fastcgi_cache_purge"), - NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, - ngx_http_fastcgi_cache_purge_conf, - NGX_HTTP_LOC_CONF_OFFSET, - 0, - NULL - }, -# endif /* NGX_HTTP_FASTCGI */ - -# if (NGX_HTTP_PROXY) - { - ngx_string("proxy_cache_purge"), - NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, - ngx_http_proxy_cache_purge_conf, - NGX_HTTP_LOC_CONF_OFFSET, - 0, - NULL - }, -# endif /* NGX_HTTP_PROXY */ - -# if (NGX_HTTP_SCGI) - { - ngx_string("scgi_cache_purge"), - NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, - ngx_http_scgi_cache_purge_conf, - NGX_HTTP_LOC_CONF_OFFSET, - 0, - NULL - }, -# endif /* NGX_HTTP_SCGI */ - -# if (NGX_HTTP_UWSGI) - { - ngx_string("uwsgi_cache_purge"), - NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, - ngx_http_uwsgi_cache_purge_conf, - NGX_HTTP_LOC_CONF_OFFSET, - 0, - NULL - }, -# endif /* NGX_HTTP_UWSGI */ - - - { ngx_string("cache_purge_response_type"), - NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, - ngx_http_cache_purge_response_type_conf, + { ngx_string("fastcgi_cache_purge"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, + ngx_http_fastcgi_cache_purge_conf, NGX_HTTP_LOC_CONF_OFFSET, 0, NULL }, +# endif /* NGX_HTTP_FASTCGI */ - ngx_null_command +# if (NGX_HTTP_PROXY) + { ngx_string("proxy_cache_purge"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, + ngx_http_proxy_cache_purge_conf, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, +# endif /* NGX_HTTP_PROXY */ + +# if (NGX_HTTP_SCGI) + { ngx_string("scgi_cache_purge"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, + ngx_http_scgi_cache_purge_conf, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, +# endif /* NGX_HTTP_SCGI */ + +# if (NGX_HTTP_UWSGI) + { ngx_string("uwsgi_cache_purge"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, + ngx_http_uwsgi_cache_purge_conf, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, +# endif /* NGX_HTTP_UWSGI */ + + ngx_null_command }; static ngx_http_module_t ngx_http_cache_purge_module_ctx = { @@ -237,6 +182,20 @@ ngx_module_t ngx_http_cache_purge_module = { NGX_MODULE_V1_PADDING }; +static char ngx_http_cache_purge_success_page_top[] = +"" CRLF +"Successful purge" CRLF +"" CRLF +"

Successful purge

" CRLF +; + +static char ngx_http_cache_purge_success_page_tail[] = +CRLF "
" CRLF +"
" NGINX_VER "
" CRLF +"" CRLF +"" CRLF +; + # if (NGX_HTTP_FASTCGI) extern ngx_module_t ngx_http_fastcgi_module; @@ -299,7 +258,8 @@ typedef struct { char * ngx_http_fastcgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, - void *conf) { + void *conf) +{ ngx_http_compile_complex_value_t ccv; ngx_http_cache_purge_loc_conf_t *cplcf; ngx_http_core_loc_conf_t *clcf; @@ -330,7 +290,7 @@ ngx_http_fastcgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, if (flcf->upstream.cache > 0) # else if (flcf->upstream.cache != NGX_CONF_UNSET_PTR - && flcf->upstream.cache != NULL) + && flcf->upstream.cache != NULL) # endif /* nginx_version >= 1007009 */ { return "is incompatible with \"fastcgi_cache\""; @@ -342,9 +302,10 @@ ngx_http_fastcgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, if (flcf->upstream.store > 0 # if (nginx_version < 1007009) - || flcf->upstream.store_lengths + || flcf->upstream.store_lengths # endif /* nginx_version >= 1007009 */ - ) { + ) + { return "is incompatible with \"fastcgi_store\""; } @@ -368,7 +329,7 @@ ngx_http_fastcgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, if (cv.lengths != NULL) { flcf->upstream.cache_value = ngx_palloc(cf->pool, - sizeof(ngx_http_complex_value_t)); + sizeof(ngx_http_complex_value_t)); if (flcf->upstream.cache_value == NULL) { return NGX_CONF_ERROR; } @@ -378,7 +339,7 @@ ngx_http_fastcgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, } else { flcf->upstream.cache_zone = ngx_shared_memory_add(cf, &value[1], 0, - &ngx_http_fastcgi_module); + &ngx_http_fastcgi_module); if (flcf->upstream.cache_zone == NULL) { return NGX_CONF_ERROR; } @@ -387,7 +348,7 @@ ngx_http_fastcgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, # else flcf->upstream.cache = ngx_shared_memory_add(cf, &value[1], 0, - &ngx_http_fastcgi_module); + &ngx_http_fastcgi_module); if (flcf->upstream.cache == NULL) { return NGX_CONF_ERROR; } @@ -409,20 +370,19 @@ ngx_http_fastcgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); cplcf->fastcgi.enable = 0; - cplcf->conf = &cplcf->fastcgi; clcf->handler = ngx_http_fastcgi_cache_purge_handler; return NGX_CONF_OK; } ngx_int_t -ngx_http_fastcgi_cache_purge_handler(ngx_http_request_t *r) { - ngx_http_file_cache_t *cache; - ngx_http_fastcgi_loc_conf_t *flcf; - ngx_http_cache_purge_loc_conf_t *cplcf; +ngx_http_fastcgi_cache_purge_handler(ngx_http_request_t *r) +{ + ngx_http_file_cache_t *cache; + ngx_http_fastcgi_loc_conf_t *flcf; # if (nginx_version >= 1007009) - ngx_http_fastcgi_main_conf_t *fmcf; - ngx_int_t rc; + ngx_http_fastcgi_main_conf_t *fmcf; + ngx_int_t rc; # endif /* nginx_version >= 1007009 */ if (ngx_http_upstream_create(r) != NGX_OK) { @@ -454,19 +414,6 @@ ngx_http_fastcgi_cache_purge_handler(ngx_http_request_t *r) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } - /* Purge-all option */ - cplcf = ngx_http_get_module_loc_conf(r, ngx_http_cache_purge_module); - if (cplcf->conf->purge_all) { - ngx_http_cache_purge_all(r, cache); - } else { - if (ngx_http_cache_purge_is_partial(r)) { - ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "http file cache purge with partial enabled"); - - ngx_http_cache_purge_partial(r, cache); - } - } - # if (nginx_version >= 8011) r->main->count++; # endif @@ -540,18 +487,12 @@ typedef struct { ngx_array_t *cookie_domains; ngx_array_t *cookie_paths; # endif /* nginx_version >= 1001015 */ -# if (nginx_version >= 1019003) - ngx_array_t *cookie_flags; -# endif /* nginx_version >= 1019003 */ + # if (nginx_version < 1007008) ngx_str_t body_source; # endif /* nginx_version < 1007008 */ -# if (nginx_version >= 1011006) - ngx_http_complex_value_t *method; -# else ngx_str_t method; -# endif /* nginx_version >= 1011006 */ ngx_str_t location; ngx_str_t url; @@ -579,19 +520,17 @@ typedef struct { ngx_str_t ssl_trusted_certificate; ngx_str_t ssl_crl; # endif /* nginx_version >= 1007000 */ -# if ((nginx_version >= 1007008) && (nginx_version < 1021000)) +# if (nginx_version >= 1007008) ngx_str_t ssl_certificate; ngx_str_t ssl_certificate_key; ngx_array_t *ssl_passwords; -# endif /* nginx_version >= 1007008 && nginx_version < 1021000 */ -# if (nginx_version >= 1019004) - ngx_array_t *ssl_conf_commands; -# endif /*nginx_version >= 1019004 */ +# endif /* nginx_version >= 1007008 */ # endif } ngx_http_proxy_loc_conf_t; char * -ngx_http_proxy_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { +ngx_http_proxy_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ ngx_http_compile_complex_value_t ccv; ngx_http_cache_purge_loc_conf_t *cplcf; ngx_http_core_loc_conf_t *clcf; @@ -622,7 +561,7 @@ ngx_http_proxy_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) if (plcf->upstream.cache > 0) # else if (plcf->upstream.cache != NGX_CONF_UNSET_PTR - && plcf->upstream.cache != NULL) + && plcf->upstream.cache != NULL) # endif /* nginx_version >= 1007009 */ { return "is incompatible with \"proxy_cache\""; @@ -634,9 +573,10 @@ ngx_http_proxy_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) if (plcf->upstream.store > 0 # if (nginx_version < 1007009) - || plcf->upstream.store_lengths + || plcf->upstream.store_lengths # endif /* nginx_version >= 1007009 */ - ) { + ) + { return "is incompatible with \"proxy_store\""; } @@ -660,7 +600,7 @@ ngx_http_proxy_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) if (cv.lengths != NULL) { plcf->upstream.cache_value = ngx_palloc(cf->pool, - sizeof(ngx_http_complex_value_t)); + sizeof(ngx_http_complex_value_t)); if (plcf->upstream.cache_value == NULL) { return NGX_CONF_ERROR; } @@ -670,7 +610,7 @@ ngx_http_proxy_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) } else { plcf->upstream.cache_zone = ngx_shared_memory_add(cf, &value[1], 0, - &ngx_http_proxy_module); + &ngx_http_proxy_module); if (plcf->upstream.cache_zone == NULL) { return NGX_CONF_ERROR; } @@ -679,7 +619,7 @@ ngx_http_proxy_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) # else plcf->upstream.cache = ngx_shared_memory_add(cf, &value[1], 0, - &ngx_http_proxy_module); + &ngx_http_proxy_module); if (plcf->upstream.cache == NULL) { return NGX_CONF_ERROR; } @@ -701,20 +641,19 @@ ngx_http_proxy_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); cplcf->proxy.enable = 0; - cplcf->conf = &cplcf->proxy; clcf->handler = ngx_http_proxy_cache_purge_handler; return NGX_CONF_OK; } ngx_int_t -ngx_http_proxy_cache_purge_handler(ngx_http_request_t *r) { - ngx_http_file_cache_t *cache; - ngx_http_proxy_loc_conf_t *plcf; - ngx_http_cache_purge_loc_conf_t *cplcf; +ngx_http_proxy_cache_purge_handler(ngx_http_request_t *r) +{ + ngx_http_file_cache_t *cache; + ngx_http_proxy_loc_conf_t *plcf; # if (nginx_version >= 1007009) - ngx_http_proxy_main_conf_t *pmcf; - ngx_int_t rc; + ngx_http_proxy_main_conf_t *pmcf; + ngx_int_t rc; # endif /* nginx_version >= 1007009 */ if (ngx_http_upstream_create(r) != NGX_OK) { @@ -746,19 +685,6 @@ ngx_http_proxy_cache_purge_handler(ngx_http_request_t *r) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } - /* Purge-all option */ - cplcf = ngx_http_get_module_loc_conf(r, ngx_http_cache_purge_module); - if (cplcf->conf->purge_all) { - ngx_http_cache_purge_all(r, cache); - } else { - if (ngx_http_cache_purge_is_partial(r)) { - ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "http file cache purge with partial enabled"); - - ngx_http_cache_purge_partial(r, cache); - } - } - # if (nginx_version >= 8011) r->main->count++; # endif @@ -816,7 +742,8 @@ typedef struct { } ngx_http_scgi_loc_conf_t; char * -ngx_http_scgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { +ngx_http_scgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ ngx_http_compile_complex_value_t ccv; ngx_http_cache_purge_loc_conf_t *cplcf; ngx_http_core_loc_conf_t *clcf; @@ -847,7 +774,7 @@ ngx_http_scgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { if (slcf->upstream.cache > 0) # else if (slcf->upstream.cache != NGX_CONF_UNSET_PTR - && slcf->upstream.cache != NULL) + && slcf->upstream.cache != NULL) # endif /* nginx_version >= 1007009 */ { return "is incompatible with \"scgi_cache\""; @@ -859,9 +786,10 @@ ngx_http_scgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { if (slcf->upstream.store > 0 # if (nginx_version < 1007009) - || slcf->upstream.store_lengths + || slcf->upstream.store_lengths # endif /* nginx_version >= 1007009 */ - ) { + ) + { return "is incompatible with \"scgi_store\""; } @@ -885,7 +813,7 @@ ngx_http_scgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { if (cv.lengths != NULL) { slcf->upstream.cache_value = ngx_palloc(cf->pool, - sizeof(ngx_http_complex_value_t)); + sizeof(ngx_http_complex_value_t)); if (slcf->upstream.cache_value == NULL) { return NGX_CONF_ERROR; } @@ -895,7 +823,7 @@ ngx_http_scgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { } else { slcf->upstream.cache_zone = ngx_shared_memory_add(cf, &value[1], 0, - &ngx_http_scgi_module); + &ngx_http_scgi_module); if (slcf->upstream.cache_zone == NULL) { return NGX_CONF_ERROR; } @@ -904,7 +832,7 @@ ngx_http_scgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { # else slcf->upstream.cache = ngx_shared_memory_add(cf, &value[1], 0, - &ngx_http_scgi_module); + &ngx_http_scgi_module); if (slcf->upstream.cache == NULL) { return NGX_CONF_ERROR; } @@ -926,20 +854,19 @@ ngx_http_scgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); cplcf->scgi.enable = 0; - cplcf->conf = &cplcf->scgi; clcf->handler = ngx_http_scgi_cache_purge_handler; return NGX_CONF_OK; } ngx_int_t -ngx_http_scgi_cache_purge_handler(ngx_http_request_t *r) { - ngx_http_file_cache_t *cache; - ngx_http_scgi_loc_conf_t *slcf; - ngx_http_cache_purge_loc_conf_t *cplcf; +ngx_http_scgi_cache_purge_handler(ngx_http_request_t *r) +{ + ngx_http_file_cache_t *cache; + ngx_http_scgi_loc_conf_t *slcf; # if (nginx_version >= 1007009) - ngx_http_scgi_main_conf_t *smcf; - ngx_int_t rc; + ngx_http_scgi_main_conf_t *smcf; + ngx_int_t rc; # endif /* nginx_version >= 1007009 */ if (ngx_http_upstream_create(r) != NGX_OK) { @@ -971,19 +898,6 @@ ngx_http_scgi_cache_purge_handler(ngx_http_request_t *r) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } - /* Purge-all option */ - cplcf = ngx_http_get_module_loc_conf(r, ngx_http_cache_purge_module); - if (cplcf->conf->purge_all) { - ngx_http_cache_purge_all(r, cache); - } else { - if (ngx_http_cache_purge_is_partial(r)) { - ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "http file cache purge with partial enabled"); - - ngx_http_cache_purge_partial(r, cache); - } - } - # if (nginx_version >= 8011) r->main->count++; # endif @@ -1055,19 +969,17 @@ typedef struct { ngx_str_t ssl_trusted_certificate; ngx_str_t ssl_crl; # endif /* nginx_version >= 1007000 */ -# if ((nginx_version >= 1007008) && (nginx_version < 1021000)) +# if (nginx_version >= 1007008) ngx_str_t ssl_certificate; ngx_str_t ssl_certificate_key; ngx_array_t *ssl_passwords; -# endif /* nginx_version >= 1007008 && nginx_version < 1021000 */ -# if (nginx_version >= 1019004) - ngx_array_t *ssl_conf_commands; -# endif /*nginx_version >= 1019004 */ +# endif /* nginx_version >= 1007008 */ # endif } ngx_http_uwsgi_loc_conf_t; char * -ngx_http_uwsgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) { +ngx_http_uwsgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ ngx_http_compile_complex_value_t ccv; ngx_http_cache_purge_loc_conf_t *cplcf; ngx_http_core_loc_conf_t *clcf; @@ -1098,7 +1010,7 @@ ngx_http_uwsgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) if (ulcf->upstream.cache > 0) # else if (ulcf->upstream.cache != NGX_CONF_UNSET_PTR - && ulcf->upstream.cache != NULL) + && ulcf->upstream.cache != NULL) # endif /* nginx_version >= 1007009 */ { return "is incompatible with \"uwsgi_cache\""; @@ -1110,9 +1022,10 @@ ngx_http_uwsgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) if (ulcf->upstream.store > 0 # if (nginx_version < 1007009) - || ulcf->upstream.store_lengths + || ulcf->upstream.store_lengths # endif /* nginx_version >= 1007009 */ - ) { + ) + { return "is incompatible with \"uwsgi_store\""; } @@ -1136,7 +1049,7 @@ ngx_http_uwsgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) if (cv.lengths != NULL) { ulcf->upstream.cache_value = ngx_palloc(cf->pool, - sizeof(ngx_http_complex_value_t)); + sizeof(ngx_http_complex_value_t)); if (ulcf->upstream.cache_value == NULL) { return NGX_CONF_ERROR; } @@ -1146,7 +1059,7 @@ ngx_http_uwsgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) } else { ulcf->upstream.cache_zone = ngx_shared_memory_add(cf, &value[1], 0, - &ngx_http_uwsgi_module); + &ngx_http_uwsgi_module); if (ulcf->upstream.cache_zone == NULL) { return NGX_CONF_ERROR; } @@ -1155,7 +1068,7 @@ ngx_http_uwsgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) # else ulcf->upstream.cache = ngx_shared_memory_add(cf, &value[1], 0, - &ngx_http_uwsgi_module); + &ngx_http_uwsgi_module); if (ulcf->upstream.cache == NULL) { return NGX_CONF_ERROR; } @@ -1177,21 +1090,19 @@ ngx_http_uwsgi_cache_purge_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); cplcf->uwsgi.enable = 0; - cplcf->conf = &cplcf->uwsgi; clcf->handler = ngx_http_uwsgi_cache_purge_handler; return NGX_CONF_OK; } - ngx_int_t -ngx_http_uwsgi_cache_purge_handler(ngx_http_request_t *r) { - ngx_http_file_cache_t *cache; - ngx_http_uwsgi_loc_conf_t *ulcf; - ngx_http_cache_purge_loc_conf_t *cplcf; +ngx_http_uwsgi_cache_purge_handler(ngx_http_request_t *r) +{ + ngx_http_file_cache_t *cache; + ngx_http_uwsgi_loc_conf_t *ulcf; # if (nginx_version >= 1007009) - ngx_http_uwsgi_main_conf_t *umcf; - ngx_int_t rc; + ngx_http_uwsgi_main_conf_t *umcf; + ngx_int_t rc; # endif /* nginx_version >= 1007009 */ if (ngx_http_upstream_create(r) != NGX_OK) { @@ -1223,19 +1134,6 @@ ngx_http_uwsgi_cache_purge_handler(ngx_http_request_t *r) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } - /* Purge-all option */ - cplcf = ngx_http_get_module_loc_conf(r, ngx_http_cache_purge_module); - if (cplcf->conf->purge_all) { - ngx_http_cache_purge_all(r, cache); - } else { - if (ngx_http_cache_purge_is_partial(r)) { - ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "http file cache purge with partial enabled"); - - ngx_http_cache_purge_partial(r, cache); - } - } - # if (nginx_version >= 8011) r->main->count++; # endif @@ -1246,149 +1144,25 @@ ngx_http_uwsgi_cache_purge_handler(ngx_http_request_t *r) { } # endif /* NGX_HTTP_UWSGI */ - -char * -ngx_http_cache_purge_response_type_conf(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) -{ - ngx_http_cache_purge_loc_conf_t *cplcf; - ngx_str_t *value; - - cplcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_cache_purge_module); - - /* check for duplicates / collisions */ - if (cplcf->resptype != NGX_CONF_UNSET_UINT && cf->cmd_type == NGX_HTTP_LOC_CONF ) { - return "is duplicate"; - } - - /* sanity check */ - if (cf->args->nelts < 2) { - return "is invalid paramter, ex) cache_purge_response_type (html|json|xml|text)"; - } - - if (cf->args->nelts > 2 ) { - return "is required only 1 option, ex) cache_purge_response_type (html|json|xml|text)"; - } - - value = cf->args->elts; - - if (ngx_strcmp(value[1].data, "html") != 0 && ngx_strcmp(value[1].data, "json") != 0 - && ngx_strcmp(value[1].data, "xml") != 0 && ngx_strcmp(value[1].data, "text") != 0) { - ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, - "invalid parameter \"%V\", expected" - " \"(html|json|xml|text)\" keyword", &value[1]); - return NGX_CONF_ERROR; - } - - if (cf->cmd_type == NGX_HTTP_MODULE) { - return "(separate server or location syntax) is not allowed here"; - } - - if (ngx_strcmp(value[1].data, "html") == 0) { - cplcf->resptype = NGX_REPONSE_TYPE_HTML; - } else if (ngx_strcmp(value[1].data, "xml") == 0) { - cplcf->resptype = NGX_REPONSE_TYPE_XML; - } else if (ngx_strcmp(value[1].data, "json") == 0) { - cplcf->resptype = NGX_REPONSE_TYPE_JSON; - } else if (ngx_strcmp(value[1].data, "text") == 0) { - cplcf->resptype = NGX_REPONSE_TYPE_TEXT; - } - - return NGX_CONF_OK; -} - -static ngx_int_t -ngx_http_purge_file_cache_noop(ngx_tree_ctx_t *ctx, ngx_str_t *path) { - return NGX_OK; -} - -static ngx_int_t -ngx_http_purge_file_cache_delete_file(ngx_tree_ctx_t *ctx, ngx_str_t *path) { - ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ctx->log, 0, - "http file cache delete: \"%s\"", path->data); - - if (ngx_delete_file(path->data) == NGX_FILE_ERROR) { - ngx_log_error(NGX_LOG_CRIT, ctx->log, ngx_errno, - ngx_delete_file_n " \"%s\" failed", path->data); - } - - return NGX_OK; -} - - -static ngx_int_t -ngx_http_purge_file_cache_delete_partial_file(ngx_tree_ctx_t *ctx, ngx_str_t *path) { - u_char *key_partial; - u_char *key_in_file; - ngx_uint_t len; - ngx_flag_t remove_file = 0; - - key_partial = ctx->data; - len = ngx_strlen(key_partial); - - /* if key_partial is empty always match, because is a '*' */ - if (len == 0) { - ngx_log_debug(NGX_LOG_DEBUG_HTTP, ctx->log, 0, - "empty key_partial, forcing deletion"); - remove_file = 1; - } else { - ngx_file_t file; - - ngx_memzero(&file, sizeof(ngx_file_t)); - file.offset = file.sys_offset = 0; - file.fd = ngx_open_file(path->data, NGX_FILE_RDONLY, NGX_FILE_OPEN, - NGX_FILE_DEFAULT_ACCESS); - if (file.fd == -1) { - return NGX_OK; - } - file.log = ctx->log; - - /* I don't know if it's a good idea to use the ngx_cycle pool for this, - but the request is not available here */ - key_in_file = ngx_pcalloc(ngx_cycle->pool, sizeof(u_char) * (len + 1)); - - /* KEY: /proxy/passwd */ - /* since we don't need the "KEY: " ignore 5 + 1 extra u_char from last - intro */ - /* Optimization: we don't need to read the full key only the n chars - included in key_partial */ - ngx_read_file(&file, key_in_file, sizeof(u_char) * len, - sizeof(ngx_http_file_cache_header_t) + sizeof(u_char) * 6); - ngx_close_file(file.fd); - - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, ctx->log, 0, - "http cache file \"%s\" key read: \"%s\"", path->data, key_in_file); - - if (ngx_strncasecmp(key_in_file, key_partial, len) == 0) { - ngx_log_debug(NGX_LOG_DEBUG_HTTP, ctx->log, 0, - "match found, deleting file \"%s\"", path->data); - remove_file = 1; - } - } - - if (remove_file && ngx_delete_file(path->data) == NGX_FILE_ERROR) { - ngx_log_error(NGX_LOG_CRIT, ctx->log, ngx_errno, - ngx_delete_file_n " \"%s\" failed", path->data); - } - - return NGX_OK; -} - ngx_int_t -ngx_http_cache_purge_access_handler(ngx_http_request_t *r) { +ngx_http_cache_purge_access_handler(ngx_http_request_t *r) +{ ngx_http_cache_purge_loc_conf_t *cplcf; cplcf = ngx_http_get_module_loc_conf(r, ngx_http_cache_purge_module); if (r->method_name.len != cplcf->conf->method.len - || (ngx_strncmp(r->method_name.data, cplcf->conf->method.data, - r->method_name.len))) { + || (ngx_strncmp(r->method_name.data, cplcf->conf->method.data, + r->method_name.len))) + { return cplcf->original_handler(r); } if ((cplcf->conf->access || cplcf->conf->access6) - && ngx_http_cache_purge_access(cplcf->conf->access, - cplcf->conf->access6, - r->connection->sockaddr) != NGX_OK) { + && ngx_http_cache_purge_access(cplcf->conf->access, + cplcf->conf->access6, + r->connection->sockaddr) != NGX_OK) + { return NGX_HTTP_FORBIDDEN; } @@ -1401,7 +1175,8 @@ ngx_http_cache_purge_access_handler(ngx_http_request_t *r) { ngx_int_t ngx_http_cache_purge_access(ngx_array_t *access, ngx_array_t *access6, - struct sockaddr *s) { + struct sockaddr *s) +{ in_addr_t inaddr; ngx_in_cidr_t *a; ngx_uint_t i; @@ -1421,7 +1196,7 @@ ngx_http_cache_purge_access(ngx_array_t *access, ngx_array_t *access6, inaddr = ((struct sockaddr_in *) s)->sin_addr.s_addr; # if (NGX_HAVE_INET6) -ipv4: + ipv4: # endif /* NGX_HAVE_INET6 */ a = access->elts; @@ -1462,7 +1237,7 @@ ipv4: return NGX_OK; -next: + next: continue; } @@ -1474,88 +1249,23 @@ next: } ngx_int_t -ngx_http_cache_purge_send_response(ngx_http_request_t *r) { +ngx_http_cache_purge_send_response(ngx_http_request_t *r) +{ ngx_chain_t out; ngx_buf_t *b; ngx_str_t *key; ngx_int_t rc; size_t len; - - size_t body_len; - size_t resp_tmpl_len; - u_char *buf; - u_char *buf_keydata; - u_char *p; - const char *resp_ct; - size_t resp_ct_size; - const char *resp_body; - size_t resp_body_size; - - ngx_http_cache_purge_loc_conf_t *cplcf; - cplcf = ngx_http_get_module_loc_conf(r, ngx_http_cache_purge_module); key = r->cache->keys.elts; - buf_keydata = ngx_pcalloc(r->pool, key[0].len+1); - if (buf_keydata == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } - - p = ngx_cpymem(buf_keydata, key[0].data, key[0].len); - if (p == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } - - switch(cplcf->resptype) { - - case NGX_REPONSE_TYPE_JSON: - resp_ct = ngx_http_cache_purge_content_type_json; - resp_ct_size = ngx_http_cache_purge_content_type_json_size; - resp_body = ngx_http_cache_purge_body_templ_json; - resp_body_size = ngx_http_cache_purge_body_templ_json_size; - break; - - case NGX_REPONSE_TYPE_XML: - resp_ct = ngx_http_cache_purge_content_type_xml; - resp_ct_size = ngx_http_cache_purge_content_type_xml_size; - resp_body = ngx_http_cache_purge_body_templ_xml; - resp_body_size = ngx_http_cache_purge_body_templ_xml_size; - break; - - case NGX_REPONSE_TYPE_TEXT: - resp_ct = ngx_http_cache_purge_content_type_text; - resp_ct_size = ngx_http_cache_purge_content_type_text_size; - resp_body = ngx_http_cache_purge_body_templ_text; - resp_body_size = ngx_http_cache_purge_body_templ_text_size; - break; - - default: - case NGX_REPONSE_TYPE_HTML: - resp_ct = ngx_http_cache_purge_content_type_html; - resp_ct_size = ngx_http_cache_purge_content_type_html_size; - resp_body = ngx_http_cache_purge_body_templ_html; - resp_body_size = ngx_http_cache_purge_body_templ_html_size; - break; - } - - body_len = resp_body_size - 2 - 1; - r->headers_out.content_type.len = resp_ct_size - 1; - r->headers_out.content_type.data = (u_char *) resp_ct; - - resp_tmpl_len = body_len + key[0].len ; - - buf = ngx_pcalloc(r->pool, resp_tmpl_len); - if (buf == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } - - p = ngx_snprintf(buf, resp_tmpl_len, resp_body , buf_keydata); - if (p == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } - - len = body_len + key[0].len; + len = sizeof(ngx_http_cache_purge_success_page_top) - 1 + + sizeof(ngx_http_cache_purge_success_page_tail) - 1 + + sizeof("
Key : ") - 1 + sizeof(CRLF "
Path: ") - 1 + + key[0].len + r->cache->file.name.len; + r->headers_out.content_type.len = sizeof("text/html") - 1; + r->headers_out.content_type.data = (u_char *) "text/html"; r->headers_out.status = NGX_HTTP_OK; r->headers_out.content_length_n = len; @@ -1570,17 +1280,25 @@ ngx_http_cache_purge_send_response(ngx_http_request_t *r) { if (b == NULL) { return NGX_HTTP_INTERNAL_SERVER_ERROR; } - out.buf = b; out.next = NULL; - b->last = ngx_cpymem(b->last, buf, resp_tmpl_len); + b->last = ngx_cpymem(b->last, ngx_http_cache_purge_success_page_top, + sizeof(ngx_http_cache_purge_success_page_top) - 1); + b->last = ngx_cpymem(b->last, "
Key : ", sizeof("
Key : ") - 1); + b->last = ngx_cpymem(b->last, key[0].data, key[0].len); + b->last = ngx_cpymem(b->last, CRLF "
Path: ", + sizeof(CRLF "
Path: ") - 1); + b->last = ngx_cpymem(b->last, r->cache->file.name.data, + r->cache->file.name.len); + b->last = ngx_cpymem(b->last, ngx_http_cache_purge_success_page_tail, + sizeof(ngx_http_cache_purge_success_page_tail) - 1); b->last_buf = 1; rc = ngx_http_send_header(r); if (rc == NGX_ERROR || rc > NGX_OK || r->header_only) { - return rc; + return rc; } return ngx_http_output_filter(r, &out); @@ -1595,7 +1313,8 @@ ngx_http_cache_purge_send_response(ngx_http_request_t *r) { */ ngx_int_t ngx_http_cache_purge_cache_get(ngx_http_request_t *r, ngx_http_upstream_t *u, - ngx_http_file_cache_t **cache) { + ngx_http_file_cache_t **cache) +{ ngx_str_t *name, val; ngx_uint_t i; ngx_http_file_cache_t **caches; @@ -1610,7 +1329,8 @@ ngx_http_cache_purge_cache_get(ngx_http_request_t *r, ngx_http_upstream_t *u, } if (val.len == 0 - || (val.len == 3 && ngx_strncmp(val.data, "off", 3) == 0)) { + || (val.len == 3 && ngx_strncmp(val.data, "off", 3) == 0)) + { return NGX_DECLINED; } @@ -1620,7 +1340,8 @@ ngx_http_cache_purge_cache_get(ngx_http_request_t *r, ngx_http_upstream_t *u, name = &caches[i]->shm_zone->shm.name; if (name->len == val.len - && ngx_strncmp(name->data, val.data, val.len) == 0) { + && ngx_strncmp(name->data, val.data, val.len) == 0) + { *cache = caches[i]; return NGX_OK; } @@ -1636,7 +1357,8 @@ ngx_http_cache_purge_cache_get(ngx_http_request_t *r, ngx_http_upstream_t *u, ngx_int_t ngx_http_cache_purge_init(ngx_http_request_t *r, ngx_http_file_cache_t *cache, - ngx_http_complex_value_t *cache_key) { + ngx_http_complex_value_t *cache_key) +{ ngx_http_cache_t *c; ngx_str_t *key; ngx_int_t rc; @@ -1677,8 +1399,8 @@ ngx_http_cache_purge_init(ngx_http_request_t *r, ngx_http_file_cache_t *cache, } void -ngx_http_cache_purge_handler(ngx_http_request_t *r) { - ngx_http_cache_purge_loc_conf_t *cplcf; +ngx_http_cache_purge_handler(ngx_http_request_t *r) +{ ngx_int_t rc; # if (NGX_HAVE_FILE_AIO) @@ -1687,15 +1409,11 @@ ngx_http_cache_purge_handler(ngx_http_request_t *r) { } # endif - cplcf = ngx_http_get_module_loc_conf(r, ngx_http_cache_purge_module); - rc = NGX_OK; - if (!cplcf->conf->purge_all && !ngx_http_cache_purge_is_partial(r)) { - rc = ngx_http_file_cache_purge(r); + rc = ngx_http_file_cache_purge(r); - ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "http file cache purge: %i, \"%s\"", - rc, r->cache->file.name.data); - } + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http file cache purge: %i, \"%s\"", + rc, r->cache->file.name.data); switch (rc) { case NGX_OK: @@ -1703,7 +1421,7 @@ ngx_http_cache_purge_handler(ngx_http_request_t *r) { ngx_http_finalize_request(r, ngx_http_cache_purge_send_response(r)); return; case NGX_DECLINED: - ngx_http_finalize_request(r, NGX_HTTP_PRECONDITION_FAILED); + ngx_http_finalize_request(r, NGX_HTTP_NOT_FOUND); return; # if (NGX_HAVE_FILE_AIO) case NGX_AGAIN: @@ -1716,7 +1434,8 @@ ngx_http_cache_purge_handler(ngx_http_request_t *r) { } ngx_int_t -ngx_http_file_cache_purge(ngx_http_request_t *r) { +ngx_http_file_cache_purge(ngx_http_request_t *r) +{ ngx_http_file_cache_t *cache; ngx_http_cache_t *c; @@ -1780,76 +1499,9 @@ ngx_http_file_cache_purge(ngx_http_request_t *r) { return NGX_OK; } - -void -ngx_http_cache_purge_all(ngx_http_request_t *r, ngx_http_file_cache_t *cache) { - ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "purge_all http in %s", - cache->path->name.data); - - /* Walk the tree and remove all the files */ - ngx_tree_ctx_t tree; - tree.init_handler = NULL; - tree.file_handler = ngx_http_purge_file_cache_delete_file; - tree.pre_tree_handler = ngx_http_purge_file_cache_noop; - tree.post_tree_handler = ngx_http_purge_file_cache_noop; - tree.spec_handler = ngx_http_purge_file_cache_noop; - tree.data = NULL; - tree.alloc = 0; - tree.log = ngx_cycle->log; - - ngx_walk_tree(&tree, &cache->path->name); -} - -void -ngx_http_cache_purge_partial(ngx_http_request_t *r, ngx_http_file_cache_t *cache) { - ngx_log_debug(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, - "purge_partial http in %s", - cache->path->name.data); - - u_char *key_partial; - ngx_str_t *key; - ngx_http_cache_t *c; - ngx_uint_t len; - - c = r->cache; - key = c->keys.elts; - len = key[0].len; - - /* Only check the first key */ - key_partial = ngx_pcalloc(r->pool, sizeof(u_char) * len); - ngx_memcpy(key_partial, key[0].data, sizeof(u_char) * (len - 1)); - - /* Walk the tree and remove all the files matching key_partial */ - ngx_tree_ctx_t tree; - tree.init_handler = NULL; - tree.file_handler = ngx_http_purge_file_cache_delete_partial_file; - tree.pre_tree_handler = ngx_http_purge_file_cache_noop; - tree.post_tree_handler = ngx_http_purge_file_cache_noop; - tree.spec_handler = ngx_http_purge_file_cache_noop; - tree.data = key_partial; - tree.alloc = 0; - tree.log = ngx_cycle->log; - - ngx_walk_tree(&tree, &cache->path->name); -} - -ngx_int_t -ngx_http_cache_purge_is_partial(ngx_http_request_t *r) { - ngx_str_t *key; - ngx_http_cache_t *c; - - c = r->cache; - key = c->keys.elts; - - /* Only check the first key */ - return c->keys.nelts > 0 // number of array elements - && key[0].len > 0 // char length of the key - && key[0].data[key[0].len - 1] == '*'; // is the last char an asterix char? -} - char * -ngx_http_cache_purge_conf(ngx_conf_t *cf, ngx_http_cache_purge_conf_t *cpcf) { +ngx_http_cache_purge_conf(ngx_conf_t *cf, ngx_http_cache_purge_conf_t *cpcf) +{ ngx_cidr_t cidr; ngx_in_cidr_t *access; # if (NGX_HAVE_INET6) @@ -1858,11 +1510,7 @@ ngx_http_cache_purge_conf(ngx_conf_t *cf, ngx_http_cache_purge_conf_t *cpcf) { ngx_str_t *value; ngx_int_t rc; ngx_uint_t i; - ngx_uint_t from_position; - from_position = 2; - - /* xxx_cache_purge on|off| [purge_all] [from all| [.. ]] */ value = cf->args->elts; if (ngx_strcmp(value[1].data, "off") == 0) { @@ -1881,27 +1529,20 @@ ngx_http_cache_purge_conf(ngx_conf_t *cf, ngx_http_cache_purge_conf_t *cpcf) { return NGX_CONF_OK; } - /* We will purge all the keys */ - if (ngx_strcmp(value[from_position].data, "purge_all") == 0) { - cpcf->purge_all = 1; - from_position++; - } - - /* sanity check */ - if (ngx_strcmp(value[from_position].data, "from") != 0) { + if (ngx_strcmp(value[2].data, "from") != 0) { ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\", expected" - " \"from\" keyword", &value[from_position]); + " \"from\" keyword", &value[2]); return NGX_CONF_ERROR; } - if (ngx_strcmp(value[from_position + 1].data, "all") == 0) { + if (ngx_strcmp(value[3].data, "all") == 0) { cpcf->enable = 1; return NGX_CONF_OK; } - for (i = (from_position + 1); i < cf->args->nelts; i++) { + for (i = 3; i < cf->args->nelts; i++) { rc = ngx_ptocidr(&value[i], &cidr); if (rc == NGX_ERROR) { @@ -1919,7 +1560,7 @@ ngx_http_cache_purge_conf(ngx_conf_t *cf, ngx_http_cache_purge_conf_t *cpcf) { switch (cidr.family) { case AF_INET: if (cpcf->access == NULL) { - cpcf->access = ngx_array_create(cf->pool, cf->args->nelts - (from_position + 1), + cpcf->access = ngx_array_create(cf->pool, cf->args->nelts - 3, sizeof(ngx_in_cidr_t)); if (cpcf->access == NULL) { return NGX_CONF_ERROR; @@ -1939,7 +1580,7 @@ ngx_http_cache_purge_conf(ngx_conf_t *cf, ngx_http_cache_purge_conf_t *cpcf) { # if (NGX_HAVE_INET6) case AF_INET6: if (cpcf->access6 == NULL) { - cpcf->access6 = ngx_array_create(cf->pool, cf->args->nelts - (from_position + 1), + cpcf->access6 = ngx_array_create(cf->pool, cf->args->nelts - 3, sizeof(ngx_in6_cidr_t)); if (cpcf->access6 == NULL) { return NGX_CONF_ERROR; @@ -1966,14 +1607,15 @@ ngx_http_cache_purge_conf(ngx_conf_t *cf, ngx_http_cache_purge_conf_t *cpcf) { void ngx_http_cache_purge_merge_conf(ngx_http_cache_purge_conf_t *conf, - ngx_http_cache_purge_conf_t *prev) { + ngx_http_cache_purge_conf_t *prev) +{ if (conf->enable == NGX_CONF_UNSET) { if (prev->enable == 1) { conf->enable = prev->enable; conf->method = prev->method; - conf->purge_all = prev->purge_all; conf->access = prev->access; conf->access6 = prev->access6; + } else { conf->enable = 0; } @@ -1981,7 +1623,8 @@ ngx_http_cache_purge_merge_conf(ngx_http_cache_purge_conf_t *conf, } void * -ngx_http_cache_purge_create_loc_conf(ngx_conf_t *cf) { +ngx_http_cache_purge_create_loc_conf(ngx_conf_t *cf) +{ ngx_http_cache_purge_loc_conf_t *conf; conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_cache_purge_loc_conf_t)); @@ -2012,15 +1655,14 @@ ngx_http_cache_purge_create_loc_conf(ngx_conf_t *cf) { conf->uwsgi.enable = NGX_CONF_UNSET; # endif /* NGX_HTTP_UWSGI */ - conf->resptype = NGX_CONF_UNSET_UINT; - conf->conf = NGX_CONF_UNSET_PTR; return conf; } char * -ngx_http_cache_purge_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) { +ngx_http_cache_purge_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) +{ ngx_http_cache_purge_loc_conf_t *prev = parent; ngx_http_cache_purge_loc_conf_t *conf = child; ngx_http_core_loc_conf_t *clcf; @@ -2039,8 +1681,6 @@ ngx_http_cache_purge_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) { clcf = ngx_http_conf_get_module_loc_conf(cf, ngx_http_core_module); - ngx_conf_merge_uint_value(conf->resptype, prev->resptype, NGX_REPONSE_TYPE_HTML); - # if (NGX_HTTP_FASTCGI) ngx_http_cache_purge_merge_conf(&conf->fastcgi, &prev->fastcgi); @@ -2050,7 +1690,7 @@ ngx_http_cache_purge_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) { if (flcf->upstream.upstream || flcf->fastcgi_lengths) { conf->conf = &conf->fastcgi; conf->handler = flcf->upstream.cache - ? ngx_http_fastcgi_cache_purge_handler : NULL; + ? ngx_http_fastcgi_cache_purge_handler : NULL; conf->original_handler = clcf->handler; clcf->handler = ngx_http_cache_purge_access_handler; @@ -2069,7 +1709,7 @@ ngx_http_cache_purge_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) { if (plcf->upstream.upstream || plcf->proxy_lengths) { conf->conf = &conf->proxy; conf->handler = plcf->upstream.cache - ? ngx_http_proxy_cache_purge_handler : NULL; + ? ngx_http_proxy_cache_purge_handler : NULL; conf->original_handler = clcf->handler; clcf->handler = ngx_http_cache_purge_access_handler; @@ -2088,7 +1728,7 @@ ngx_http_cache_purge_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) { if (slcf->upstream.upstream || slcf->scgi_lengths) { conf->conf = &conf->scgi; conf->handler = slcf->upstream.cache - ? ngx_http_scgi_cache_purge_handler : NULL; + ? ngx_http_scgi_cache_purge_handler : NULL; conf->original_handler = clcf->handler; clcf->handler = ngx_http_cache_purge_access_handler; @@ -2106,7 +1746,7 @@ ngx_http_cache_purge_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) { if (ulcf->upstream.upstream || ulcf->uwsgi_lengths) { conf->conf = &conf->uwsgi; conf->handler = ulcf->upstream.cache - ? ngx_http_uwsgi_cache_purge_handler : NULL; + ? ngx_http_uwsgi_cache_purge_handler : NULL; conf->original_handler = clcf->handler; clcf->handler = ngx_http_cache_purge_access_handler; diff --git a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/t/proxy1.t b/debian/modules/http-cache-purge/t/proxy1.t similarity index 97% rename from modules_deb/libnginx-mod-http-cache-purge-2.5.3/t/proxy1.t rename to debian/modules/http-cache-purge/t/proxy1.t index fefe9b8..e5c0054 100644 --- a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/t/proxy1.t +++ b/debian/modules/http-cache-purge/t/proxy1.t @@ -92,10 +92,10 @@ qr/\[(warn|error|crit|alert|emerg)\]/ --- config eval: $::config --- request PURGE /purge/proxy/passwd ---- error_code: 412 +--- error_code: 404 --- response_headers Content-Type: text/html ---- response_body_like: 412 Precondition Failed +--- response_body_like: 404 Not Found --- timeout: 10 --- no_error_log eval qr/\[(warn|error|crit|alert|emerg)\]/ diff --git a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/t/proxy1_vars.t b/debian/modules/http-cache-purge/t/proxy1_vars.t similarity index 97% rename from modules_deb/libnginx-mod-http-cache-purge-2.5.3/t/proxy1_vars.t rename to debian/modules/http-cache-purge/t/proxy1_vars.t index b9da04b..af3553d 100644 --- a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/t/proxy1_vars.t +++ b/debian/modules/http-cache-purge/t/proxy1_vars.t @@ -94,10 +94,10 @@ qr/\[(warn|error|crit|alert|emerg)\]/ --- config eval: $::config --- request PURGE /purge/proxy/passwd ---- error_code: 412 +--- error_code: 404 --- response_headers Content-Type: text/html ---- response_body_like: 412 Precondition Failed +--- response_body_like: 404 Not Found --- timeout: 10 --- no_error_log eval qr/\[(warn|error|crit|alert|emerg)\]/ diff --git a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/t/proxy2.t b/debian/modules/http-cache-purge/t/proxy2.t similarity index 98% rename from modules_deb/libnginx-mod-http-cache-purge-2.5.3/t/proxy2.t rename to debian/modules/http-cache-purge/t/proxy2.t index 4c7e19f..c07b042 100644 --- a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/t/proxy2.t +++ b/debian/modules/http-cache-purge/t/proxy2.t @@ -124,10 +124,10 @@ qr/\[(warn|error|crit|alert|emerg)\]/ --- config eval: $::config --- request PURGE /proxy/passwd ---- error_code: 412 +--- error_code: 404 --- response_headers Content-Type: text/html ---- response_body_like: 412 Precondition Failed +--- response_body_like: 404 Not Found --- timeout: 10 --- no_error_log eval qr/\[(warn|error|crit|alert|emerg)\]/ @@ -190,10 +190,10 @@ qr/\[(warn|error|crit|alert|emerg)\]/ --- config eval: $::config_allowed --- request PURGE /proxy/passwd ---- error_code: 412 +--- error_code: 404 --- response_headers Content-Type: text/html ---- response_body_like: 412 Precondition Failed +--- response_body_like: 404 Not Found --- timeout: 10 --- no_error_log eval qr/\[(warn|error|crit|alert|emerg)\]/ diff --git a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/t/proxy2_vars.t b/debian/modules/http-cache-purge/t/proxy2_vars.t similarity index 98% rename from modules_deb/libnginx-mod-http-cache-purge-2.5.3/t/proxy2_vars.t rename to debian/modules/http-cache-purge/t/proxy2_vars.t index 08e3e1e..d09c08e 100644 --- a/modules_deb/libnginx-mod-http-cache-purge-2.5.3/t/proxy2_vars.t +++ b/debian/modules/http-cache-purge/t/proxy2_vars.t @@ -127,10 +127,10 @@ qr/\[(warn|error|crit|alert|emerg)\]/ --- config eval: $::config --- request PURGE /proxy/passwd ---- error_code: 412 +--- error_code: 404 --- response_headers Content-Type: text/html ---- response_body_like: 412 Precondition Failed +--- response_body_like: 404 Not Found --- timeout: 10 --- no_error_log eval qr/\[(warn|error|crit|alert|emerg)\]/ @@ -193,10 +193,10 @@ qr/\[(warn|error|crit|alert|emerg)\]/ --- config eval: $::config_allowed --- request PURGE /proxy/passwd ---- error_code: 412 +--- error_code: 404 --- response_headers Content-Type: text/html ---- response_body_like: 412 Precondition Failed +--- response_body_like: 404 Not Found --- timeout: 10 --- no_error_log eval qr/\[(warn|error|crit|alert|emerg)\]/ diff --git a/modules_deb/libnginx-mod-nchan-1.3.7+dfsg/src/store/redis/hiredis/COPYING b/debian/modules/http-dav-ext/LICENSE similarity index 52% rename from modules_deb/libnginx-mod-nchan-1.3.7+dfsg/src/store/redis/hiredis/COPYING rename to debian/modules/http-dav-ext/LICENSE index a5fc973..c68a7d4 100644 --- a/modules_deb/libnginx-mod-nchan-1.3.7+dfsg/src/store/redis/hiredis/COPYING +++ b/debian/modules/http-dav-ext/LICENSE @@ -1,21 +1,14 @@ -Copyright (c) 2009-2011, Salvatore Sanfilippo -Copyright (c) 2010-2011, Pieter Noordhuis - +Copyright (C) 2012-2018 Roman Arutyunyan All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: -* Redistributions of source code must retain the above copyright notice, - this list of conditions and the following disclaimer. - -* Redistributions in binary form must reproduce the above copyright notice, - this list of conditions and the following disclaimer in the documentation - and/or other materials provided with the distribution. - -* Neither the name of Redis nor the names of its contributors may be used - to endorse or promote products derived from this software without specific - prior written permission. +1. Redistributions of source code must retain the above copyright notice, this + list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright notice, + this list of conditions and the following disclaimer in the documentation + and/or other materials provided with the distribution. THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED @@ -23,7 +16,7 @@ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. diff --git a/debian/modules/http-dav-ext/README.rst b/debian/modules/http-dav-ext/README.rst new file mode 100644 index 0000000..092056e --- /dev/null +++ b/debian/modules/http-dav-ext/README.rst @@ -0,0 +1,188 @@ +******************** +nginx-dav-ext-module +******************** + +nginx_ WebDAV_ PROPFIND,OPTIONS,LOCK,UNLOCK support. + +.. contents:: + + +About +===== + +The standard ngx_http_dav_module_ provides partial WebDAV_ implementation and +only supports GET,HEAD,PUT,DELETE,MKCOL,COPY,MOVE methods. + +For full WebDAV_ support in nginx_ you need to enable the standard +ngx_http_dav_module_ as well as this module for the missing methods. + + +Build +===== + +Building nginx_ with the module: + +.. code-block:: bash + + # static module + $ ./configure --with-http_dav_module --add-module=/path/to/nginx-dav-ext-module + + # dynamic module + $ ./configure --with-http_dav_module --add-dynamic-module=/path/to/nginx-dav-ext-module + +Trying to compile nginx_ with this module but without ngx_http_dav_module_ will +result in compilation error. + + +Requirements +============ + +- nginx_ version >= 1.13.4 +- ``libxml2`` + ``libxslt`` + +The ``libxslt`` library is technically redundant and is only required since this +combination is supported by nginx_ for the xslt module. +Using builtin nginx mechanisms for linking against third-party libraries +brings certain compatibility benefits. +However this redundancy can be easily eliminated in the ``config`` file. + + +Testing +======= + +The module tests require standard nginx-tests_ and Perl ``HTTP::DAV`` library. + +.. code-block:: bash + + $ export PERL5LIB=/path/to/nginx-tests/lib + $ export TEST_NGINX_BINARY=/path/to/nginx + $ prove t + + +Locking +======= + +- Only the exclusive write locks are supported, which is the only type of locks + described in the WebDAV_ specification. + +- All currently held locks are kept in a list. + Checking if an object is constrained by a lock requires O(n) operations. + A huge number of simultaneously held locks may degrade performance. + Thus it is not recommended to have a large lock timeout which would increase + the number of locks. + + +Directives +========== + +dav_ext_methods +--------------- + +========== ==== +*Syntax:* ``dav_ext_methods [PROPFIND] [OPTIONS] [LOCK] [UNLOCK]`` +*Context:* http, server, location +========== ==== + +Enables support for the specified WebDAV methods in the current scope. + +dav_ext_lock_zone +----------------- + +========== ==== +*Syntax:* ``dav_ext_lock_zone zone=NAME:SIZE [timeout=TIMEOUT]`` +*Context:* http +========== ==== + +Defines a shared zone for WebDAV locks with specified NAME and SIZE. +Also, defines a lock expiration TIMEOUT. +Default lock timeout value is 1 minute. + + +dav_ext_lock +------------ + +========== ==== +*Syntax:* ``dav_ext_lock zone=NAME`` +*Context:* http, server, location +========== ==== + +Enables WebDAV locking in the specified scope. +Locks are stored in the shared zone specified by NAME. +This zone must be defined with the ``dav_ext_lock_zone`` directive. + +Note that even though this directive enables locking capabilities in the +current scope, HTTP methods LOCK and UNLOCK should also be explicitly specified +in the ``dav_ext_methods``. + + +Example 1 +========= + +Simple lockless example:: + + location / { + root /data/www; + + dav_methods PUT DELETE MKCOL COPY MOVE; + dav_ext_methods PROPFIND OPTIONS; + } + + +Example 2 +========= + +WebDAV with locking:: + + http { + dav_ext_lock_zone zone=foo:10m; + + ... + + server { + ... + + location / { + root /data/www; + + dav_methods PUT DELETE MKCOL COPY MOVE; + dav_ext_methods PROPFIND OPTIONS LOCK UNLOCK; + dav_ext_lock zone=foo; + } + } + } + + +Example 3 +========= + +WebDAV with locking which works with MacOS client:: + + http { + dav_ext_lock_zone zone=foo:10m; + + ... + + server { + ... + + location / { + root /data/www; + + # enable creating directories without trailing slash + set $x $uri$request_method; + if ($x ~ [^/]MKCOL$) { + rewrite ^(.*)$ $1/; + } + + dav_methods PUT DELETE MKCOL COPY MOVE; + dav_ext_methods PROPFIND OPTIONS LOCK UNLOCK; + dav_ext_lock zone=foo; + } + } + } + +.. _ngx_http_dav_module: http://nginx.org/en/docs/http/ngx_http_dav_module.html +.. _nginx-tests: http://hg.nginx.org/nginx-tests +.. _nginx: http://nginx.org +.. _WebDAV: https://tools.ietf.org/html/rfc4918 +.. _`RFC4918 If Header`: https://tools.ietf.org/html/rfc4918#section-10.4 diff --git a/debian/modules/http-dav-ext/config b/debian/modules/http-dav-ext/config new file mode 100644 index 0000000..91ae1b3 --- /dev/null +++ b/debian/modules/http-dav-ext/config @@ -0,0 +1,17 @@ +ngx_addon_name=ngx_http_dav_ext_module + +ngx_module_type=HTTP +ngx_module_name=ngx_http_dav_ext_module + +# nginx has robust builtin support for linking against +# libxml2+libxslt. This is definitelty the right way to go if +# building nginx with the xslt module, in which case libxslt will +# be linked anyway. In other cases libxslt is just redundant. +# If that's a big deal, libxml2 can be linked directly: +# ngx_module_libs=-lxml2 + +ngx_module_libs=LIBXSLT + +ngx_module_srcs="$ngx_addon_dir/ngx_http_dav_ext_module.c" + +. auto/module diff --git a/debian/modules/http-dav-ext/ngx_http_dav_ext_module.c b/debian/modules/http-dav-ext/ngx_http_dav_ext_module.c new file mode 100644 index 0000000..0d6d067 --- /dev/null +++ b/debian/modules/http-dav-ext/ngx_http_dav_ext_module.c @@ -0,0 +1,2181 @@ + +/* + * Copyright (C) Roman Arutyunyan + */ + + +#include +#include +#include +#include + + +#define NGX_HTTP_DAV_EXT_OFF 2 + +#define NGX_HTTP_DAV_EXT_PREALLOCATE 50 + +#define NGX_HTTP_DAV_EXT_NODE_PROPFIND 0x01 +#define NGX_HTTP_DAV_EXT_NODE_PROP 0x02 +#define NGX_HTTP_DAV_EXT_NODE_PROPNAME 0x04 +#define NGX_HTTP_DAV_EXT_NODE_ALLPROP 0x08 + +#define NGX_HTTP_DAV_EXT_PROP_DISPLAYNAME 0x01 +#define NGX_HTTP_DAV_EXT_PROP_GETCONTENTLENGTH 0x02 +#define NGX_HTTP_DAV_EXT_PROP_GETLASTMODIFIED 0x04 +#define NGX_HTTP_DAV_EXT_PROP_RESOURCETYPE 0x08 +#define NGX_HTTP_DAV_EXT_PROP_LOCKDISCOVERY 0x10 +#define NGX_HTTP_DAV_EXT_PROP_SUPPORTEDLOCK 0x20 + +#define NGX_HTTP_DAV_EXT_PROP_ALL 0x7f +#define NGX_HTTP_DAV_EXT_PROP_NAMES 0x80 + + +typedef struct { + ngx_str_t uri; + ngx_str_t name; + time_t mtime; + off_t size; + + time_t lock_expire; + ngx_str_t lock_root; + uint32_t lock_token; + + unsigned dir:1; + unsigned lock_supported:1; + unsigned lock_infinite:1; +} ngx_http_dav_ext_entry_t; + + +typedef struct { + ngx_uint_t nodes; + ngx_uint_t props; +} ngx_http_dav_ext_xml_ctx_t; + + +typedef struct { + ngx_uint_t methods; + ngx_shm_zone_t *shm_zone; +} ngx_http_dav_ext_loc_conf_t; + + +typedef struct { + ngx_queue_t queue; + uint32_t token; + time_t expire; + ngx_uint_t infinite; /* unsigned infinite:1; */ + size_t len; + u_char data[1]; +} ngx_http_dav_ext_node_t; + + +typedef struct { + ngx_queue_t queue; +} ngx_http_dav_ext_lock_sh_t; + + +typedef struct { + time_t timeout; + ngx_slab_pool_t *shpool; + ngx_http_dav_ext_lock_sh_t *sh; +} ngx_http_dav_ext_lock_t; + + +static ngx_int_t ngx_http_dav_ext_precontent_handler(ngx_http_request_t *r); +static ngx_int_t ngx_http_dav_ext_strip_uri(ngx_http_request_t *r, + ngx_str_t *uri); +static ngx_int_t ngx_http_dav_ext_verify_lock(ngx_http_request_t *r, + ngx_str_t *uri, ngx_uint_t delete_lock); +static ngx_http_dav_ext_node_t *ngx_http_dav_ext_lock_lookup( + ngx_http_request_t *r, ngx_http_dav_ext_lock_t *lock, ngx_str_t *uri, + ngx_int_t depth); + +static ngx_int_t ngx_http_dav_ext_content_handler(ngx_http_request_t *r); +static void ngx_http_dav_ext_propfind_handler(ngx_http_request_t *r); +static void ngx_http_dav_ext_propfind_xml_start(void *data, + const xmlChar *localname, const xmlChar *prefix, const xmlChar *uri, + int nb_namespaces, const xmlChar **namespaces, int nb_attributes, + int nb_defaulted, const xmlChar **attributes); +static void ngx_http_dav_ext_propfind_xml_end(void *data, + const xmlChar *localname, const xmlChar *prefix, const xmlChar *uri); +static ngx_int_t ngx_http_dav_ext_propfind(ngx_http_request_t *r, + ngx_uint_t props); +static ngx_int_t ngx_http_dav_ext_set_locks(ngx_http_request_t *r, + ngx_http_dav_ext_entry_t *entry); +static ngx_int_t ngx_http_dav_ext_propfind_response(ngx_http_request_t *r, + ngx_array_t *entries, ngx_uint_t props); +static ngx_int_t ngx_http_dav_ext_lock_handler(ngx_http_request_t *r); +static ngx_int_t ngx_http_dav_ext_lock_response(ngx_http_request_t *r, + ngx_uint_t status, time_t timeout, ngx_uint_t depth, uint32_t token); +static ngx_int_t ngx_http_dav_ext_unlock_handler(ngx_http_request_t *r); + +static ngx_int_t ngx_http_dav_ext_depth(ngx_http_request_t *r, + ngx_int_t default_depth); +static uint32_t ngx_http_dav_ext_lock_token(ngx_http_request_t *r); +static uint32_t ngx_http_dav_ext_if(ngx_http_request_t *r, ngx_str_t *uri); +static uintptr_t ngx_http_dav_ext_format_propfind(ngx_http_request_t *r, + u_char *dst, ngx_http_dav_ext_entry_t *entry, ngx_uint_t props); +static uintptr_t ngx_http_dav_ext_format_lockdiscovery(ngx_http_request_t *r, + u_char *dst, ngx_http_dav_ext_entry_t *entry); +static uintptr_t ngx_http_dav_ext_format_token(u_char *dst, uint32_t token, + ngx_uint_t brackets); + +static ngx_int_t ngx_http_dav_ext_init_zone(ngx_shm_zone_t *shm_zone, + void *data); +static void *ngx_http_dav_ext_create_loc_conf(ngx_conf_t *cf); +static char *ngx_http_dav_ext_merge_loc_conf(ngx_conf_t *cf, void *parent, + void *child); +static char *ngx_http_dav_ext_lock_zone(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); +static char *ngx_http_dav_ext_lock(ngx_conf_t *cf, ngx_command_t *cmd, + void *conf); +static ngx_int_t ngx_http_dav_ext_init(ngx_conf_t *cf); + + +static ngx_conf_bitmask_t ngx_http_dav_ext_methods_mask[] = { + { ngx_string("off"), NGX_HTTP_DAV_EXT_OFF }, + { ngx_string("propfind"), NGX_HTTP_PROPFIND }, + { ngx_string("options"), NGX_HTTP_OPTIONS }, + { ngx_string("lock"), NGX_HTTP_LOCK }, + { ngx_string("unlock"), NGX_HTTP_UNLOCK }, + { ngx_null_string, 0 } +}; + + +static ngx_command_t ngx_http_dav_ext_commands[] = { + + { ngx_string("dav_ext_methods"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE, + ngx_conf_set_bitmask_slot, + NGX_HTTP_LOC_CONF_OFFSET, + offsetof(ngx_http_dav_ext_loc_conf_t, methods), + &ngx_http_dav_ext_methods_mask }, + + { ngx_string("dav_ext_lock_zone"), + NGX_HTTP_MAIN_CONF|NGX_CONF_TAKE12, + ngx_http_dav_ext_lock_zone, + 0, + 0, + NULL }, + + { ngx_string("dav_ext_lock"), + NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1, + ngx_http_dav_ext_lock, + NGX_HTTP_LOC_CONF_OFFSET, + 0, + NULL }, + + ngx_null_command +}; + + +static ngx_http_module_t ngx_http_dav_ext_module_ctx = { + NULL, /* preconfiguration */ + ngx_http_dav_ext_init, /* postconfiguration */ + + NULL, /* create main configuration */ + NULL, /* init main configuration */ + + NULL, /* create server configuration */ + NULL, /* merge server configuration */ + + ngx_http_dav_ext_create_loc_conf, /* create location configuration */ + ngx_http_dav_ext_merge_loc_conf, /* merge location configuration */ +}; + + +ngx_module_t ngx_http_dav_ext_module = { + NGX_MODULE_V1, + &ngx_http_dav_ext_module_ctx, /* module context */ + ngx_http_dav_ext_commands, /* module directives */ + NGX_HTTP_MODULE, /* module type */ + NULL, /* init master */ + NULL, /* init module */ + NULL, /* init process */ + NULL, /* init thread */ + NULL, /* exit thread */ + NULL, /* exit process */ + NULL, /* exit master */ + NGX_MODULE_V1_PADDING +}; + + +static ngx_int_t +ngx_http_dav_ext_precontent_handler(ngx_http_request_t *r) +{ + ngx_str_t uri; + ngx_int_t rc; + ngx_uint_t delete_lock; + ngx_table_elt_t *dest; + ngx_http_dav_ext_loc_conf_t *dlcf; + + dlcf = ngx_http_get_module_loc_conf(r, ngx_http_dav_ext_module); + + if (dlcf->shm_zone == NULL) { + return NGX_DECLINED; + } + + if (r->method & (NGX_HTTP_PUT|NGX_HTTP_DELETE|NGX_HTTP_MKCOL|NGX_HTTP_MOVE)) + { + delete_lock = (r->method & (NGX_HTTP_DELETE|NGX_HTTP_MOVE)) ? 1 : 0; + + rc = ngx_http_dav_ext_verify_lock(r, &r->uri, delete_lock); + if (rc != NGX_OK) { + return rc; + } + } + + if (r->method & (NGX_HTTP_MOVE|NGX_HTTP_COPY)) { + dest = r->headers_in.destination; + if (dest == NULL) { + return NGX_DECLINED; + } + + uri.data = dest->value.data; + uri.len = dest->value.len; + + if (ngx_http_dav_ext_strip_uri(r, &uri) != NGX_OK) { + return NGX_DECLINED; + } + + rc = ngx_http_dav_ext_verify_lock(r, &uri, 0); + if (rc != NGX_OK) { + return rc; + } + } + + return NGX_DECLINED; +} + + +static ngx_int_t +ngx_http_dav_ext_strip_uri(ngx_http_request_t *r, ngx_str_t *uri) +{ + u_char *p, *last, *host; + size_t len; + + if (uri->data[0] == '/') { + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext strip uri:\"%V\" unchanged", uri); + return NGX_OK; + } + + len = r->headers_in.server.len; + + if (len == 0) { + goto failed; + } + +#if (NGX_HTTP_SSL) + + if (r->connection->ssl) { + if (ngx_strncmp(uri->data, "https://", sizeof("https://") - 1) != 0) { + goto failed; + } + + host = uri->data + sizeof("https://") - 1; + + } else +#endif + { + if (ngx_strncmp(uri->data, "http://", sizeof("http://") - 1) != 0) { + goto failed; + } + + host = uri->data + sizeof("http://") - 1; + } + + if (ngx_strncmp(host, r->headers_in.server.data, len) != 0) { + goto failed; + } + + last = uri->data + uri->len; + + for (p = host + len; p != last; p++) { + if (*p == '/') { + ngx_log_debug3(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext strip uri \"%V\" \"%*s\"", + uri, last - p, p); + + uri->data = p; + uri->len = last - p; + + return NGX_OK; + } + } + +failed: + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext strip uri \"%V\" failed", uri); + + return NGX_DECLINED; +} + + +static ngx_int_t +ngx_http_dav_ext_verify_lock(ngx_http_request_t *r, ngx_str_t *uri, + ngx_uint_t delete_lock) +{ + uint32_t token; + ngx_http_dav_ext_node_t *node; + ngx_http_dav_ext_lock_t *lock; + ngx_http_dav_ext_loc_conf_t *dlcf; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext verify lock \"%V\"", uri); + + token = ngx_http_dav_ext_if(r, uri); + + dlcf = ngx_http_get_module_loc_conf(r, ngx_http_dav_ext_module); + lock = dlcf->shm_zone->data; + + ngx_shmtx_lock(&lock->shpool->mutex); + + node = ngx_http_dav_ext_lock_lookup(r, lock, uri, -1); + if (node == NULL) { + ngx_shmtx_unlock(&lock->shpool->mutex); + return NGX_OK; + } + + if (token == 0) { + ngx_shmtx_unlock(&lock->shpool->mutex); + return 423; /* Locked */ + } + + if (token != node->token) { + ngx_shmtx_unlock(&lock->shpool->mutex); + return NGX_HTTP_PRECONDITION_FAILED; + } + + /* + * RFC4918: + * If a request causes the lock-root of any lock to become an + * unmapped URL, then the lock MUST also be deleted by that request. + */ + + if (delete_lock && node->len == uri->len) { + ngx_queue_remove(&node->queue); + ngx_slab_free_locked(lock->shpool, node); + } + + ngx_shmtx_unlock(&lock->shpool->mutex); + + return NGX_OK; +} + + +static ngx_http_dav_ext_node_t * +ngx_http_dav_ext_lock_lookup(ngx_http_request_t *r, + ngx_http_dav_ext_lock_t *lock, ngx_str_t *uri, ngx_int_t depth) +{ + time_t now; + ngx_queue_t *q; + ngx_http_dav_ext_node_t *node; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext lock lookup \"%V\"", uri); + + if (uri->len == 0) { + return NULL; + } + + now = ngx_time(); + + while (!ngx_queue_empty(&lock->sh->queue)) { + q = ngx_queue_head(&lock->sh->queue); + node = (ngx_http_dav_ext_node_t *) q; + + if (node->expire >= now) { + break; + } + + ngx_queue_remove(q); + ngx_slab_free_locked(lock->shpool, node); + } + + for (q = ngx_queue_head(&lock->sh->queue); + q != ngx_queue_sentinel(&lock->sh->queue); + q = ngx_queue_next(q)) + { + node = (ngx_http_dav_ext_node_t *) q; + + if (uri->len >= node->len) { + if (ngx_memcmp(uri->data, node->data, node->len)) { + continue; + } + + if (uri->len > node->len) { + if (node->data[node->len - 1] != '/') { + continue; + } + + if (!node->infinite + && ngx_strlchr(uri->data + node->len, + uri->data + uri->len - 1, '/')) + { + continue; + } + } + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext lock found \"%*s\"", + node->len, node->data); + + return node; + } + + /* uri->len < node->len */ + + if (depth >= 0) { + if (ngx_memcmp(node->data, uri->data, uri->len)) { + continue; + } + + if (uri->data[uri->len - 1] != '/') { + continue; + } + + if (depth == 0 + && ngx_strlchr(node->data + uri->len, + node->data + node->len - 1, '/')) + { + continue; + } + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext lock found \"%*s\"", + node->len, node->data); + + return node; + } + } + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext lock not found"); + + return NULL; +} + + +static ngx_int_t +ngx_http_dav_ext_content_handler(ngx_http_request_t *r) +{ + ngx_int_t rc; + ngx_table_elt_t *h; + ngx_http_dav_ext_loc_conf_t *dlcf; + + dlcf = ngx_http_get_module_loc_conf(r, ngx_http_dav_ext_module); + + if (!(r->method & dlcf->methods)) { + return NGX_DECLINED; + } + + switch (r->method) { + + case NGX_HTTP_PROPFIND: + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext propfind"); + + rc = ngx_http_read_client_request_body(r, + ngx_http_dav_ext_propfind_handler); + if (rc >= NGX_HTTP_SPECIAL_RESPONSE) { + return rc; + } + + return NGX_DONE; + + case NGX_HTTP_OPTIONS: + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext options"); + + rc = ngx_http_discard_request_body(r); + + if (rc != NGX_OK) { + return rc; + } + + h = ngx_list_push(&r->headers_out.headers); + if (h == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + ngx_str_set(&h->key, "DAV"); + h->value.len = 1; + h->value.data = (u_char *) (dlcf->shm_zone ? "2" : "1"); + h->hash = 1; + + h = ngx_list_push(&r->headers_out.headers); + if (h == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + /* XXX */ + ngx_str_set(&h->key, "Allow"); + ngx_str_set(&h->value, + "GET,HEAD,PUT,DELETE,MKCOL,COPY,MOVE,PROPFIND,OPTIONS,LOCK,UNLOCK"); + h->hash = 1; + + r->headers_out.status = NGX_HTTP_OK; + r->headers_out.content_length_n = 0; + + rc = ngx_http_send_header(r); + + if (rc == NGX_ERROR || rc > NGX_OK || r->header_only) { + return rc; + } + + return ngx_http_send_special(r, NGX_HTTP_LAST); + + case NGX_HTTP_LOCK: + + if (dlcf->shm_zone == NULL) { + return NGX_HTTP_NOT_ALLOWED; + } + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext lock"); + + /* + * Body is expected to carry the requested lock type, but + * since we only support write/exclusive locks, we ignore it. + * Ideally we could throw an error if a lock of another type + * is requested, but the amount of work required for that is + * not worth it. + */ + + rc = ngx_http_discard_request_body(r); + + if (rc != NGX_OK) { + return rc; + } + + return ngx_http_dav_ext_lock_handler(r); + + case NGX_HTTP_UNLOCK: + + if (dlcf->shm_zone == NULL) { + return NGX_HTTP_NOT_ALLOWED; + } + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext unlock"); + + rc = ngx_http_discard_request_body(r); + + if (rc != NGX_OK) { + return rc; + } + + return ngx_http_dav_ext_unlock_handler(r); + } + + return NGX_DECLINED; +} + + +static void +ngx_http_dav_ext_propfind_handler(ngx_http_request_t *r) +{ + off_t len; + ngx_buf_t *b; + ngx_chain_t *cl; + xmlSAXHandler sax; + xmlParserCtxtPtr pctx; + ngx_http_dav_ext_xml_ctx_t xctx; + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext propfind handler"); + + ngx_memzero(&xctx, sizeof(ngx_http_dav_ext_xml_ctx_t)); + ngx_memzero(&sax, sizeof(xmlSAXHandler)); + + sax.initialized = XML_SAX2_MAGIC; + sax.startElementNs = ngx_http_dav_ext_propfind_xml_start; + sax.endElementNs = ngx_http_dav_ext_propfind_xml_end; + + pctx = xmlCreatePushParserCtxt(&sax, &xctx, NULL, 0, NULL); + if (pctx == NULL) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "xmlCreatePushParserCtxt() failed"); + ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } + + len = 0; + + for (cl = r->request_body->bufs; cl; cl = cl->next) { + b = cl->buf; + + if (b->in_file) { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "PROPFIND client body is in file, " + "you may want to increase client_body_buffer_size"); + xmlFreeParserCtxt(pctx); + ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); + return; + } + + if (ngx_buf_special(b)) { + continue; + } + + len += b->last - b->pos; + + if (xmlParseChunk(pctx, (const char *) b->pos, b->last - b->pos, + b->last_buf)) + { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "xmlParseChunk() failed"); + xmlFreeParserCtxt(pctx); + ngx_http_finalize_request(r, NGX_HTTP_BAD_REQUEST); + return; + } + } + + xmlFreeParserCtxt(pctx); + + if (len == 0) { + + /* + * For easier debugging treat bodiless requests + * as if they expect all properties. + */ + + xctx.props = NGX_HTTP_DAV_EXT_PROP_ALL; + } + + ngx_http_finalize_request(r, ngx_http_dav_ext_propfind(r, xctx.props)); +} + + +static void +ngx_http_dav_ext_propfind_xml_start(void *data, const xmlChar *localname, + const xmlChar *prefix, const xmlChar *uri, int nb_namespaces, + const xmlChar **namespaces, int nb_attributes, int nb_defaulted, + const xmlChar **attributes) +{ + ngx_http_dav_ext_xml_ctx_t *xctx = data; + + if (ngx_strcmp(localname, "propfind") == 0) { + xctx->nodes ^= NGX_HTTP_DAV_EXT_NODE_PROPFIND; + } + + if (ngx_strcmp(localname, "prop") == 0) { + xctx->nodes ^= NGX_HTTP_DAV_EXT_NODE_PROP; + } + + if (ngx_strcmp(localname, "propname") == 0) { + xctx->nodes ^= NGX_HTTP_DAV_EXT_NODE_PROPNAME; + } + + if (ngx_strcmp(localname, "allprop") == 0) { + xctx->nodes ^= NGX_HTTP_DAV_EXT_NODE_ALLPROP; + } +} + + +static void +ngx_http_dav_ext_propfind_xml_end(void *data, const xmlChar *localname, + const xmlChar *prefix, const xmlChar *uri) +{ + ngx_http_dav_ext_xml_ctx_t *xctx = data; + + if (xctx->nodes & NGX_HTTP_DAV_EXT_NODE_PROPFIND) { + + if (xctx->nodes & NGX_HTTP_DAV_EXT_NODE_PROP) { + if (ngx_strcmp(localname, "displayname") == 0) { + xctx->props |= NGX_HTTP_DAV_EXT_PROP_DISPLAYNAME; + } + + if (ngx_strcmp(localname, "getcontentlength") == 0) { + xctx->props |= NGX_HTTP_DAV_EXT_PROP_GETCONTENTLENGTH; + } + + if (ngx_strcmp(localname, "getlastmodified") == 0) { + xctx->props |= NGX_HTTP_DAV_EXT_PROP_GETLASTMODIFIED; + } + + if (ngx_strcmp(localname, "resourcetype") == 0) { + xctx->props |= NGX_HTTP_DAV_EXT_PROP_RESOURCETYPE; + } + + if (ngx_strcmp(localname, "lockdiscovery") == 0) { + xctx->props |= NGX_HTTP_DAV_EXT_PROP_LOCKDISCOVERY; + } + + if (ngx_strcmp(localname, "supportedlock") == 0) { + xctx->props |= NGX_HTTP_DAV_EXT_PROP_SUPPORTEDLOCK; + } + } + + if (xctx->nodes & NGX_HTTP_DAV_EXT_NODE_PROPNAME) { + xctx->props |= NGX_HTTP_DAV_EXT_PROP_NAMES; + } + + if (xctx->nodes & NGX_HTTP_DAV_EXT_NODE_ALLPROP) { + xctx->props = NGX_HTTP_DAV_EXT_PROP_ALL; + } + } + + ngx_http_dav_ext_propfind_xml_start(data, localname, prefix, uri, + 0, NULL, 0, 0, NULL); +} + + +static ngx_int_t +ngx_http_dav_ext_propfind(ngx_http_request_t *r, ngx_uint_t props) +{ + size_t root, allocated; + u_char *p, *last, *filename; + ngx_int_t rc; + ngx_err_t err; + ngx_str_t path, name; + ngx_dir_t dir; + ngx_uint_t depth; + ngx_array_t entries; + ngx_file_info_t fi; + ngx_http_dav_ext_entry_t *entry; + + if (ngx_array_init(&entries, r->pool, 40, sizeof(ngx_http_dav_ext_entry_t)) + != NGX_OK) + { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + rc = ngx_http_dav_ext_depth(r, 0); + + if (rc == NGX_ERROR) { + return NGX_HTTP_BAD_REQUEST; + } + + if (rc == NGX_MAX_INT_T_VALUE) { + + /* + * RFC4918: + * 403 Forbidden - A server MAY reject PROPFIND requests on + * collections with depth header of "Infinity", in which case + * it SHOULD use this error with the precondition code + * 'propfind-finite-depth' inside the error body. + */ + + return NGX_HTTP_FORBIDDEN; + } + + depth = rc; + + last = ngx_http_map_uri_to_path(r, &path, &root, + NGX_HTTP_DAV_EXT_PREALLOCATE); + if (last == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + allocated = path.len; + path.len = last - path.data; + + if (path.len > 1 && path.data[path.len - 1] == '/') { + path.len--; + + } else { + last++; + } + + path.data[path.len] = '\0'; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext propfind path: \"%s\"", path.data); + + if (ngx_file_info(path.data, &fi) == NGX_FILE_ERROR) { + return NGX_HTTP_NOT_FOUND; + } + + if (r->uri.len < 2) { + name = r->uri; + + } else { + name.data = &r->uri.data[r->uri.len - 1]; + name.len = (name.data[0] == '/') ? 0 : 1; + + while (name.data != r->uri.data) { + p = name.data - 1; + if (*p == '/') { + break; + } + + name.data--; + name.len++; + } + } + + entry = ngx_array_push(&entries); + if (entry == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + ngx_memzero(entry, sizeof(ngx_http_dav_ext_entry_t)); + + entry->uri = r->uri; + entry->name = name; + entry->dir = ngx_is_dir(&fi); + entry->mtime = ngx_file_mtime(&fi); + entry->size = ngx_file_size(&fi); + + if (ngx_http_dav_ext_set_locks(r, entry) != NGX_OK) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext propfind name:\"%V\", uri:\"%V\"", + &entry->name, &entry->uri); + + if (depth == 0 || !entry->dir) { + return ngx_http_dav_ext_propfind_response(r, &entries, props); + } + + if (ngx_open_dir(&path, &dir) == NGX_ERROR) { + ngx_log_error(NGX_LOG_CRIT, r->connection->log, ngx_errno, + ngx_open_dir_n " \"%s\" failed", path.data); + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + rc = NGX_OK; + + filename = path.data; + filename[path.len] = '/'; + + for ( ;; ) { + ngx_set_errno(0); + + if (ngx_read_dir(&dir) == NGX_ERROR) { + err = ngx_errno; + + if (err != NGX_ENOMOREFILES) { + ngx_log_error(NGX_LOG_CRIT, r->connection->log, err, + ngx_read_dir_n " \"%V\" failed", &path); + rc = NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + break; + } + + name.len = ngx_de_namelen(&dir); + name.data = ngx_de_name(&dir); + + if (name.data[0] == '.') { + continue; + } + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext propfind child path: \"%s\"", name.data); + + entry = ngx_array_push(&entries); + if (entry == NULL) { + rc = NGX_HTTP_INTERNAL_SERVER_ERROR; + break; + } + + ngx_memzero(entry, sizeof(ngx_http_dav_ext_entry_t)); + + if (!dir.valid_info) { + + if (path.len + 1 + name.len + 1 > allocated) { + allocated = path.len + 1 + name.len + 1 + + NGX_HTTP_DAV_EXT_PREALLOCATE; + + filename = ngx_pnalloc(r->pool, allocated); + if (filename == NULL) { + rc = NGX_HTTP_INTERNAL_SERVER_ERROR; + break; + } + + last = ngx_cpystrn(filename, path.data, path.len + 1); + *last++ = '/'; + } + + ngx_cpystrn(last, name.data, name.len + 1); + + if (ngx_de_info(filename, &dir) == NGX_FILE_ERROR) { + ngx_log_error(NGX_LOG_CRIT, r->connection->log, ngx_errno, + ngx_de_info_n " \"%s\" failed", filename); + rc = NGX_HTTP_INTERNAL_SERVER_ERROR; + break; + } + } + + p = ngx_pnalloc(r->pool, name.len); + if (p == NULL) { + rc = NGX_HTTP_INTERNAL_SERVER_ERROR; + break; + } + + ngx_memcpy(p, name.data, name.len); + entry->name.data = p; + entry->name.len = name.len; + + p = ngx_pnalloc(r->pool, r->uri.len + 1 + name.len + 1); + if (p == NULL) { + rc = NGX_HTTP_INTERNAL_SERVER_ERROR; + break; + } + + entry->uri.data = p; + + p = ngx_cpymem(p, r->uri.data, r->uri.len); + if (r->uri.len && r->uri.data[r->uri.len - 1] != '/') { + *p++ = '/'; + } + + p = ngx_cpymem(p, name.data, name.len); + if (ngx_de_is_dir(&dir)) { + *p++ = '/'; + } + + entry->uri.len = p - entry->uri.data; + entry->dir = ngx_de_is_dir(&dir); + entry->mtime = ngx_de_mtime(&dir); + entry->size = ngx_de_size(&dir); + + if (ngx_http_dav_ext_set_locks(r, entry) != NGX_OK) { + rc = NGX_HTTP_INTERNAL_SERVER_ERROR; + break; + } + + ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext propfind child name:\"%V\", uri:\"%V\"", + &entry->name, &entry->uri); + } + + if (ngx_close_dir(&dir) == NGX_ERROR) { + ngx_log_error(NGX_LOG_ALERT, r->connection->log, ngx_errno, + ngx_close_dir_n " \"%V\" failed", &path); + } + + if (rc != NGX_OK) { + return rc; + } + + return ngx_http_dav_ext_propfind_response(r, &entries, props); +} + + +static ngx_int_t +ngx_http_dav_ext_set_locks(ngx_http_request_t *r, + ngx_http_dav_ext_entry_t *entry) +{ + ngx_http_dav_ext_node_t *node; + ngx_http_dav_ext_lock_t *lock; + ngx_http_dav_ext_loc_conf_t *dlcf; + + dlcf = ngx_http_get_module_loc_conf(r, ngx_http_dav_ext_module); + + if (dlcf->shm_zone == NULL) { + entry->lock_supported = 0; + return NGX_OK; + } + + entry->lock_supported = 1; + + lock = dlcf->shm_zone->data; + + ngx_shmtx_lock(&lock->shpool->mutex); + + node = ngx_http_dav_ext_lock_lookup(r, lock, &entry->uri, -1); + if (node == NULL) { + ngx_shmtx_unlock(&lock->shpool->mutex); + return NGX_OK; + } + + entry->lock_infinite = node->infinite ? 1 : 0; + entry->lock_expire = node->expire; + entry->lock_token = node->token; + + entry->lock_root.data = ngx_pnalloc(r->pool, node->len); + if (entry->lock_root.data == NULL) { + ngx_shmtx_unlock(&lock->shpool->mutex); + return NGX_ERROR; + } + + ngx_memcpy(entry->lock_root.data, node->data, node->len); + entry->lock_root.len = node->len; + + ngx_shmtx_unlock(&lock->shpool->mutex); + + return NGX_OK; +} + + +static ngx_int_t +ngx_http_dav_ext_propfind_response(ngx_http_request_t *r, ngx_array_t *entries, + ngx_uint_t props) +{ + size_t len; + u_char *p; + uintptr_t escape; + ngx_buf_t *b; + ngx_int_t rc; + ngx_uint_t n; + ngx_chain_t cl; + ngx_http_dav_ext_entry_t *entry; + + static u_char head[] = + "\n" + "\n"; + + static u_char tail[] = + "\n"; + + entry = entries->elts; + + for (n = 0; n < entries->nelts; n++) { + escape = 2 * ngx_escape_uri(NULL, entry[n].uri.data, entry[n].uri.len, + NGX_ESCAPE_URI); + if (escape == 0) { + continue; + } + + p = ngx_pnalloc(r->pool, entry[n].uri.len + escape); + if (p == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + entry[n].uri.len = (u_char *) ngx_escape_uri(p, entry[n].uri.data, + entry[n].uri.len, + NGX_ESCAPE_URI) + - p; + entry[n].uri.data = p; + } + + len = sizeof(head) - 1 + sizeof(tail) - 1; + + for (n = 0; n < entries->nelts; n++) { + len += ngx_http_dav_ext_format_propfind(r, NULL, &entry[n], props); + } + + b = ngx_create_temp_buf(r->pool, len); + if (b == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + b->last = ngx_cpymem(b->last, head, sizeof(head) - 1); + + for (n = 0; n < entries->nelts; n++) { + b->last = (u_char *) ngx_http_dav_ext_format_propfind(r, b->last, + &entry[n], props); + } + + b->last = ngx_cpymem(b->last, tail, sizeof(tail) - 1); + + b->last_buf = (r == r->main) ? 1 : 0; + b->last_in_chain = 1; + + cl.buf = b; + cl.next = NULL; + + r->headers_out.status = 207; + ngx_str_set(&r->headers_out.status_line, "207 Multi-Status"); + + r->headers_out.content_length_n = b->last - b->pos; + + r->headers_out.content_type_len = sizeof("text/xml") - 1; + ngx_str_set(&r->headers_out.content_type, "text/xml"); + r->headers_out.content_type_lowcase = NULL; + + ngx_str_set(&r->headers_out.charset, "utf-8"); + + rc = ngx_http_send_header(r); + + if (rc == NGX_ERROR || rc > NGX_OK || r->header_only) { + return rc; + } + + return ngx_http_output_filter(r, &cl); +} + + +static ngx_int_t +ngx_http_dav_ext_lock_handler(ngx_http_request_t *r) +{ + u_char *last; + size_t n, root; + time_t now; + uint32_t token, new_token; + ngx_fd_t fd; + ngx_int_t rc, depth; + ngx_str_t path; + ngx_uint_t status; + ngx_file_info_t fi; + ngx_http_dav_ext_lock_t *lock; + ngx_http_dav_ext_node_t *node; + ngx_http_dav_ext_loc_conf_t *dlcf; + + if (r->uri.len == 0) { + return NGX_HTTP_BAD_REQUEST; + } + + dlcf = ngx_http_get_module_loc_conf(r, ngx_http_dav_ext_module); + lock = dlcf->shm_zone->data; + + /* + * RFC4918: + * If no Depth header is submitted on a LOCK request, then the request + * MUST act as if a "Depth:infinity" had been submitted. + */ + + rc = ngx_http_dav_ext_depth(r, NGX_MAX_INT_T_VALUE); + + if (rc == NGX_ERROR || rc == 1) { + + /* + * RFC4918: + * Values other than 0 or infinity MUST NOT be used with the Depth + * header on a LOCK method. + */ + + return NGX_HTTP_BAD_REQUEST; + } + + depth = rc; + + token = ngx_http_dav_ext_if(r, &r->uri); + + do { + new_token = ngx_random(); + } while (new_token == 0); + + now = ngx_time(); + + ngx_shmtx_lock(&lock->shpool->mutex); + + node = ngx_http_dav_ext_lock_lookup(r, lock, &r->uri, depth); + + if (node) { + if (token == 0) { + ngx_shmtx_unlock(&lock->shpool->mutex); + return 423; /* Locked */ + } + + if (node->token != token) { + ngx_shmtx_unlock(&lock->shpool->mutex); + return NGX_HTTP_PRECONDITION_FAILED; + } + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext refresh lock"); + + node->expire = now + lock->timeout; + + ngx_queue_remove(&node->queue); + ngx_queue_insert_tail(&lock->sh->queue, &node->queue); + + ngx_shmtx_unlock(&lock->shpool->mutex); + + return ngx_http_dav_ext_lock_response(r, NGX_HTTP_OK, lock->timeout, + depth, token); + } + + n = sizeof(ngx_http_dav_ext_node_t) + r->uri.len - 1; + + node = ngx_slab_alloc_locked(lock->shpool, n); + if (node == NULL) { + ngx_shmtx_unlock(&lock->shpool->mutex); + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + ngx_memzero(node, sizeof(ngx_http_dav_ext_node_t)); + + ngx_memcpy(&node->data, r->uri.data, r->uri.len); + + node->len = r->uri.len; + node->token = new_token; + node->expire = now + lock->timeout; + node->infinite = (depth ? 1 : 0); + + ngx_queue_insert_tail(&lock->sh->queue, &node->queue); + + ngx_shmtx_unlock(&lock->shpool->mutex); + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext add lock"); + + last = ngx_http_map_uri_to_path(r, &path, &root, 0); + if (last == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + *last = '\0'; + + status = NGX_HTTP_OK; + + if (ngx_file_info(path.data, &fi) == NGX_FILE_ERROR) { + + /* + * RFC4918: + * A successful lock request to an unmapped URL MUST result in the + * creation of a locked (non-collection) resource with empty content. + */ + + fd = ngx_open_file(path.data, NGX_FILE_RDONLY, NGX_FILE_CREATE_OR_OPEN, + NGX_FILE_DEFAULT_ACCESS); + + if (fd == NGX_INVALID_FILE) { + + /* + * RFC4918: + * 409 (Conflict) - A resource cannot be created at the destination + * until one or more intermediate collections have been created. + * The server MUST NOT create those intermediate collections + * automatically. + */ + + ngx_log_error(NGX_LOG_ERR, r->connection->log, ngx_errno, + ngx_open_file_n " \"%s\" failed", path.data); + return NGX_HTTP_CONFLICT; + } + + if (ngx_close_file(fd) == NGX_FILE_ERROR) { + ngx_log_error(NGX_LOG_ALERT, r->connection->log, ngx_errno, + ngx_close_file_n " \"%s\" failed", path.data); + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + status = NGX_HTTP_CREATED; + } + + return ngx_http_dav_ext_lock_response(r, status, lock->timeout, depth, + new_token); +} + + +static ngx_int_t +ngx_http_dav_ext_lock_response(ngx_http_request_t *r, ngx_uint_t status, + time_t timeout, ngx_uint_t depth, uint32_t token) +{ + size_t len; + time_t now; + u_char *p; + ngx_int_t rc; + ngx_buf_t *b; + ngx_chain_t cl; + ngx_table_elt_t *h; + ngx_http_dav_ext_entry_t entry; + + static u_char head[] = + "\n" + "\n"; + + static u_char tail[] = + "\n"; + + now = ngx_time(); + + ngx_memzero(&entry, sizeof(ngx_http_dav_ext_entry_t)); + + entry.lock_expire = now + timeout; + entry.lock_root = r->uri; + entry.lock_infinite = depth ? 1 : 0; + entry.lock_token = token; + + len = sizeof(head) - 1 + + ngx_http_dav_ext_format_lockdiscovery(r, NULL, &entry) + + sizeof(tail) - 1; + + b = ngx_create_temp_buf(r->pool, len); + if (b == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + b->last = ngx_cpymem(b->last, head, sizeof(head) - 1); + b->last = (u_char *) ngx_http_dav_ext_format_lockdiscovery(r, b->last, + &entry); + b->last = ngx_cpymem(b->last, tail, sizeof(tail) - 1); + + b->last_buf = (r == r->main) ? 1 : 0; + b->last_in_chain = 1; + + cl.buf = b; + cl.next = NULL; + + r->headers_out.status = status; + r->headers_out.content_length_n = b->last - b->pos; + + r->headers_out.content_type_len = sizeof("text/xml") - 1; + ngx_str_set(&r->headers_out.content_type, "text/xml"); + r->headers_out.content_type_lowcase = NULL; + + ngx_str_set(&r->headers_out.charset, "utf-8"); + + h = ngx_list_push(&r->headers_out.headers); + if (h == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + ngx_str_set(&h->key, "Lock-Token"); + + p = ngx_pnalloc(r->pool, ngx_http_dav_ext_format_token(NULL, token, 1)); + if (p == NULL) { + return NGX_HTTP_INTERNAL_SERVER_ERROR; + } + + h->value.data = p; + h->value.len = (u_char *) ngx_http_dav_ext_format_token(p, token, 1) - p; + h->hash = 1; + + rc = ngx_http_send_header(r); + + if (rc == NGX_ERROR || rc > NGX_OK || r->header_only) { + return rc; + } + + return ngx_http_output_filter(r, &cl); +} + + +static ngx_int_t +ngx_http_dav_ext_unlock_handler(ngx_http_request_t *r) +{ + uint32_t token; + ngx_http_dav_ext_lock_t *lock; + ngx_http_dav_ext_node_t *node; + ngx_http_dav_ext_loc_conf_t *dlcf; + + token = ngx_http_dav_ext_lock_token(r); + + dlcf = ngx_http_get_module_loc_conf(r, ngx_http_dav_ext_module); + lock = dlcf->shm_zone->data; + + ngx_shmtx_lock(&lock->shpool->mutex); + + node = ngx_http_dav_ext_lock_lookup(r, lock, &r->uri, -1); + + if (node == NULL || node->token != token) { + ngx_shmtx_unlock(&lock->shpool->mutex); + return NGX_HTTP_NO_CONTENT; + } + + ngx_queue_remove(&node->queue); + ngx_slab_free_locked(lock->shpool, node); + + ngx_shmtx_unlock(&lock->shpool->mutex); + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext delete lock"); + + return NGX_HTTP_NO_CONTENT; +} + + +static ngx_int_t +ngx_http_dav_ext_depth(ngx_http_request_t *r, ngx_int_t default_depth) +{ + ngx_table_elt_t *depth; + + depth = r->headers_in.depth; + + if (depth == NULL) { + return default_depth; + } + + if (depth->value.len == 1) { + + if (depth->value.data[0] == '0') { + return 0; + } + + if (depth->value.data[0] == '1') { + return 1; + } + + } else { + + if (depth->value.len == sizeof("infinity") - 1 + && ngx_strcmp(depth->value.data, "infinity") == 0) + { + return NGX_MAX_INT_T_VALUE; + } + } + + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "client sent invalid \"Depth\" header: \"%V\"", + &depth->value); + + return NGX_ERROR; +} + + +static uint32_t +ngx_http_dav_ext_lock_token(ngx_http_request_t *r) +{ + u_char *p, ch; + uint32_t token; + ngx_uint_t i, n; + ngx_list_part_t *part; + ngx_table_elt_t *header; + + static u_char name[] = "lock-token"; + + part = &r->headers_in.headers.part; + header = part->elts; + + for (i = 0; /* void */ ; i++) { + + if (i >= part->nelts) { + if (part->next == NULL) { + break; + } + + part = part->next; + header = part->elts; + i = 0; + } + + for (n = 0; n < sizeof(name) - 1 && n < header[i].key.len; n++) { + ch = header[i].key.data[n]; + + if (ch >= 'A' && ch <= 'Z') { + ch |= 0x20; + } + + if (name[n] != ch) { + break; + } + } + + if (n == sizeof(name) - 1 && n == header[i].key.len) { + p = header[i].value.data; + + if (ngx_strncmp(p, "= '0' && ch <= '9') { + token = token * 16 + (ch - '0'); + continue; + } + + ch = (u_char) (ch | 0x20); + + if (ch >= 'a' && ch <= 'f') { + token = token * 16 + (ch - 'a' + 10); + continue; + } + + return 0; + } + + if (*p != '>') { + return 0; + } + + return token; + } + } + + return 0; +} + + +static uint32_t +ngx_http_dav_ext_if(ngx_http_request_t *r, ngx_str_t *uri) +{ + u_char *p, ch; + uint32_t token; + ngx_str_t tag; + ngx_uint_t i, n; + ngx_list_part_t *part; + ngx_table_elt_t *header; + + static u_char name[] = "if"; + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext if \"%V\"", uri); + + part = &r->headers_in.headers.part; + header = part->elts; + + for (i = 0; /* void */ ; i++) { + + if (i >= part->nelts) { + if (part->next == NULL) { + break; + } + + part = part->next; + header = part->elts; + i = 0; + } + + for (n = 0; n < sizeof(name) - 1 && n < header[i].key.len; n++) { + ch = header[i].key.data[n]; + + if (ch >= 'A' && ch <= 'Z') { + ch |= 0x20; + } + + if (name[n] != ch) { + break; + } + } + + if (n == sizeof(name) - 1 && n == header[i].key.len) { + p = header[i].value.data; + tag = r->uri; + + while (*p != '\0') { + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext if list \"%s\"", p); + + while (*p == ' ') { p++; } + + if (*p == '<') { + tag.data = ++p; + + while (*p != '\0' && *p != '>') { p++; } + + if (*p == '\0') { + break; + } + + tag.len = p++ - tag.data; + + (void) ngx_http_dav_ext_strip_uri(r, &tag); + + while (*p == ' ') { p++; } + } + + if (*p != '(') { + break; + } + + p++; + + if (tag.len == 0 + || tag.len > uri->len + || (tag.len < uri->len && tag.data[tag.len - 1] != '/') + || ngx_memcmp(tag.data, uri->data, tag.len)) + { + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext if tag mismatch \"%V\"", &tag); + + while (*p != '\0' && *p != ')') { p++; } + + if (*p == ')') { + p++; + } + + continue; + } + + while (*p != '\0') { + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext if condition \"%s\"", p); + + while (*p == ' ') { p++; } + + if (ngx_strncmp(p, "Not", 3) == 0) { + p += 3; + while (*p == ' ') { p++; } + goto next; + } + + if (*p == '[') { + p++; + while (*p != '\0' && *p != ']') { p++; } + goto next; + } + + if (ngx_strncmp(p, "= '0' && ch <= '9') { + token = token * 16 + (ch - '0'); + continue; + } + + ch = (u_char) (ch | 0x20); + + if (ch >= 'a' && ch <= 'f') { + token = token * 16 + (ch - 'a' + 10); + continue; + } + + goto next; + } + + if (*p != '>') { + goto next; + } + + ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext if token: %uxD", token); + + return token; + + next: + + while (*p != '\0' && *p != ' ' && *p != ')') { p++; } + + if (*p == ')') { + p++; + break; + } + } + } + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, + "http dav_ext if header mismatch"); + } + } + + return 0; +} + + +static uintptr_t +ngx_http_dav_ext_format_propfind(ngx_http_request_t *r, u_char *dst, + ngx_http_dav_ext_entry_t *entry, ngx_uint_t props) +{ + size_t len; + + static u_char head[] = + "\n" + ""; + + /* uri */ + + static u_char prop[] = + "\n" + "\n" + "\n"; + + /* properties */ + + static u_char tail[] = + "\n" + "HTTP/1.1 200 OK\n" + "\n" + "\n"; + + static u_char names[] = + "\n" + "\n" + "\n" + "\n" + "\n" + "\n"; + + static u_char supportedlock[] = + "\n" + "\n" + "\n" + "\n"; + + if (dst == NULL) { + len = sizeof(head) - 1 + + sizeof(prop) - 1 + + sizeof(tail) - 1; + + len += entry->uri.len + ngx_escape_html(NULL, entry->uri.data, + entry->uri.len); + + if (props & NGX_HTTP_DAV_EXT_PROP_NAMES) { + len += sizeof(names) - 1; + + } else { + len += sizeof("" + "\n" + + "" + "\n" + + "" + "Mon, 28 Sep 1970 06:00:00 GMT" + "\n" + + "" + "" + "\n" + + "\n" + "\n") - 1; + + /* displayname */ + len += entry->name.len + + ngx_escape_html(NULL, entry->name.data, entry->name.len); + + /* getcontentlength */ + len += NGX_OFF_T_LEN; + + /* lockdiscovery */ + len += ngx_http_dav_ext_format_lockdiscovery(r, NULL, entry); + + /* supportedlock */ + if (entry->lock_supported) { + len += sizeof(supportedlock) - 1; + } + } + + return len; + } + + dst = ngx_cpymem(dst, head, sizeof(head) - 1); + dst = (u_char *) ngx_escape_html(dst, entry->uri.data, entry->uri.len); + dst = ngx_cpymem(dst, prop, sizeof(prop) - 1); + + if (props & NGX_HTTP_DAV_EXT_PROP_NAMES) { + dst = ngx_cpymem(dst, names, sizeof(names) - 1); + + } else { + if (props & NGX_HTTP_DAV_EXT_PROP_DISPLAYNAME) { + dst = ngx_cpymem(dst, "", + sizeof("") - 1); + dst = (u_char *) ngx_escape_html(dst, entry->name.data, + entry->name.len); + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + } + + if (props & NGX_HTTP_DAV_EXT_PROP_GETCONTENTLENGTH) { + if (!entry->dir) { + dst = ngx_sprintf(dst, "%O" + "\n", entry->size); + } + } + + if (props & NGX_HTTP_DAV_EXT_PROP_GETLASTMODIFIED) { + dst = ngx_cpymem(dst, "", + sizeof("") - 1); + dst = ngx_http_time(dst, entry->mtime); + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + } + + if (props & NGX_HTTP_DAV_EXT_PROP_RESOURCETYPE) { + dst = ngx_cpymem(dst, "", + sizeof("") - 1); + + if (entry->dir) { + dst = ngx_cpymem(dst, "", + sizeof("") - 1); + } + + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + } + + if (props & NGX_HTTP_DAV_EXT_PROP_LOCKDISCOVERY) { + dst = (u_char *) ngx_http_dav_ext_format_lockdiscovery(r, dst, + entry); + } + + if (props & NGX_HTTP_DAV_EXT_PROP_SUPPORTEDLOCK) { + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + + if (entry->lock_supported) { + dst = ngx_cpymem(dst, supportedlock, sizeof(supportedlock) - 1); + } + + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + } + } + + dst = ngx_cpymem(dst, tail, sizeof(tail) - 1); + + return (uintptr_t) dst; +} + + +static uintptr_t +ngx_http_dav_ext_format_lockdiscovery(ngx_http_request_t *r, u_char *dst, + ngx_http_dav_ext_entry_t *entry) +{ + size_t len; + time_t now; + + if (dst == NULL) { + if (entry->lock_token == 0) { + return sizeof("\n") - 1; + } + + len = sizeof("\n" + "\n" + "\n" + "\n" + "infinity\n" + "Second-\n" + "\n" + "\n" + "\n" + "\n") - 1; + + /* timeout */ + len += NGX_TIME_T_LEN; + + /* token */ + len += ngx_http_dav_ext_format_token(NULL, entry->lock_token, 0); + + /* lockroot */ + len += entry->lock_root.len + ngx_escape_html(NULL, + entry->lock_root.data, + entry->lock_root.len); + return len; + } + + if (entry->lock_token == 0) { + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + return (uintptr_t) dst; + } + + now = ngx_time(); + + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + + dst = ngx_sprintf(dst, "%s\n", + entry->lock_infinite ? "infinity" : "0"); + + dst = ngx_sprintf(dst, "Second-%T\n", + entry->lock_expire - now); + + dst = ngx_cpymem(dst, "", + sizeof("") - 1); + dst = (u_char *) ngx_http_dav_ext_format_token(dst, entry->lock_token, 0); + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + + dst = ngx_cpymem(dst, "", + sizeof("") - 1); + dst = (u_char *) ngx_escape_html(dst, entry->lock_root.data, + entry->lock_root.len); + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + + dst = ngx_cpymem(dst, "\n", + sizeof("\n") - 1); + + return (uintptr_t) dst; +} + + +static uintptr_t +ngx_http_dav_ext_format_token(u_char *dst, uint32_t token, ngx_uint_t brackets) +{ + ngx_uint_t n; + + static u_char hex[] = "0123456789abcdef"; + + if (dst == NULL) { + return sizeof("") - 1 + (brackets ? 2 : 0); + } + + if (brackets) { + *dst++ = '<'; + } + + dst = ngx_cpymem(dst, "urn:", 4); + + for (n = 0; n < 4; n++) { + *dst++ = hex[token >> 28]; + *dst++ = hex[(token >> 24) & 0xf]; + token <<= 8; + } + + if (brackets) { + *dst++ = '>'; + } + + return (uintptr_t) dst; +} + + +static ngx_int_t +ngx_http_dav_ext_init_zone(ngx_shm_zone_t *shm_zone, void *data) +{ + ngx_http_dav_ext_lock_t *olock = data; + + size_t len; + ngx_http_dav_ext_lock_t *lock; + + lock = shm_zone->data; + + if (olock) { + lock->sh = olock->sh; + lock->shpool = olock->shpool; + return NGX_OK; + } + + lock->shpool = (ngx_slab_pool_t *) shm_zone->shm.addr; + + if (shm_zone->shm.exists) { + lock->sh = lock->shpool->data; + return NGX_OK; + } + + lock->sh = ngx_slab_alloc(lock->shpool, sizeof(ngx_http_dav_ext_lock_sh_t)); + if (lock->sh == NULL) { + return NGX_ERROR; + } + + lock->shpool->data = lock->sh; + + ngx_queue_init(&lock->sh->queue); + + len = sizeof(" in dav_ext zone \"\"") + shm_zone->shm.name.len; + + lock->shpool->log_ctx = ngx_slab_alloc(lock->shpool, len); + if (lock->shpool->log_ctx == NULL) { + return NGX_ERROR; + } + + ngx_sprintf(lock->shpool->log_ctx, " in dav_ext zone \"%V\"%Z", + &shm_zone->shm.name); + + return NGX_OK; +} + + +static void * +ngx_http_dav_ext_create_loc_conf(ngx_conf_t *cf) +{ + ngx_http_dav_ext_loc_conf_t *conf; + + conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_dav_ext_loc_conf_t)); + if (conf == NULL) { + return NULL; + } + + /* + * set by ngx_pcalloc(): + * + * conf->shm_zone = NULL; + */ + + return conf; +} + + +static char * +ngx_http_dav_ext_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child) +{ + ngx_http_dav_ext_loc_conf_t *prev = parent; + ngx_http_dav_ext_loc_conf_t *conf = child; + + ngx_conf_merge_bitmask_value(conf->methods, prev->methods, + (NGX_CONF_BITMASK_SET|NGX_HTTP_DAV_EXT_OFF)); + + if (conf->shm_zone == NULL) { + conf->shm_zone = prev->shm_zone; + } + + return NGX_CONF_OK; +} + + +static char * +ngx_http_dav_ext_lock_zone(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + u_char *p; + time_t timeout; + ssize_t size; + ngx_str_t *value, name, s; + ngx_uint_t i; + ngx_shm_zone_t *shm_zone; + ngx_http_dav_ext_lock_t *lock; + + value = cf->args->elts; + + name.len = 0; + size = 0; + timeout = 60; + + for (i = 1; i < cf->args->nelts; i++) { + + if (ngx_strncmp(value[i].data, "zone=", 5) == 0) { + + name.data = value[i].data + 5; + + p = (u_char *) ngx_strchr(name.data, ':'); + + if (p == NULL) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid zone size \"%V\"", &value[i]); + return NGX_CONF_ERROR; + } + + name.len = p - name.data; + + s.data = p + 1; + s.len = value[i].data + value[i].len - s.data; + + size = ngx_parse_size(&s); + + if (size == NGX_ERROR) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid zone size \"%V\"", &value[i]); + return NGX_CONF_ERROR; + } + + if (size < (ssize_t) (8 * ngx_pagesize)) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "zone \"%V\" is too small", &value[i]); + return NGX_CONF_ERROR; + } + + continue; + } + + if (ngx_strncmp(value[i].data, "timeout=", 8) == 0) { + + s.len = value[i].len - 8; + s.data = value[i].data + 8; + + timeout = ngx_parse_time(&s, 1); + if (timeout == (time_t) NGX_ERROR || timeout == 0) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid timeout value \"%V\"", &value[i]); + return NGX_CONF_ERROR; + } + + continue; + } + + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid parameter \"%V\"", &value[i]); + return NGX_CONF_ERROR; + } + + if (name.len == 0) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "\"%V\" must have \"zone\" parameter", + &cmd->name); + return NGX_CONF_ERROR; + } + + lock = ngx_pcalloc(cf->pool, sizeof(ngx_http_dav_ext_lock_t)); + if (lock == NULL) { + return NGX_CONF_ERROR; + } + + lock->timeout = timeout; + + shm_zone = ngx_shared_memory_add(cf, &name, size, + &ngx_http_dav_ext_module); + if (shm_zone == NULL) { + return NGX_CONF_ERROR; + } + + if (shm_zone->data) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "duplicate zone \"%V\"", &name); + return NGX_CONF_ERROR; + } + + shm_zone->init = ngx_http_dav_ext_init_zone; + shm_zone->data = lock; + + return NGX_CONF_OK; +} + + +static char * +ngx_http_dav_ext_lock(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) +{ + ngx_http_dav_ext_loc_conf_t *dlcf = conf; + + ngx_str_t *value, s; + ngx_uint_t i; + ngx_shm_zone_t *shm_zone; + + if (dlcf->shm_zone) { + return "is duplicate"; + } + + value = cf->args->elts; + + shm_zone = NULL; + + for (i = 1; i < cf->args->nelts; i++) { + + if (ngx_strncmp(value[i].data, "zone=", 5) == 0) { + + s.len = value[i].len - 5; + s.data = value[i].data + 5; + + shm_zone = ngx_shared_memory_add(cf, &s, 0, + &ngx_http_dav_ext_module); + if (shm_zone == NULL) { + return NGX_CONF_ERROR; + } + + continue; + } + + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "invalid parameter \"%V\"", &value[i]); + return NGX_CONF_ERROR; + } + + if (shm_zone == NULL) { + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "\"%V\" must have \"zone\" parameter", &cmd->name); + return NGX_CONF_ERROR; + } + + dlcf->shm_zone = shm_zone; + + return NGX_CONF_OK; +} + + +static ngx_int_t +ngx_http_dav_ext_init(ngx_conf_t *cf) +{ + ngx_http_handler_pt *h; + ngx_http_core_main_conf_t *cmcf; + + cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module); + + h = ngx_array_push(&cmcf->phases[NGX_HTTP_PRECONTENT_PHASE].handlers); + if (h == NULL) { + return NGX_ERROR; + } + + *h = ngx_http_dav_ext_precontent_handler; + + h = ngx_array_push(&cmcf->phases[NGX_HTTP_CONTENT_PHASE].handlers); + if (h == NULL) { + return NGX_ERROR; + } + + *h = ngx_http_dav_ext_content_handler; + + return NGX_OK; +} diff --git a/debian/modules/http-dav-ext/t/dav_ext.t b/debian/modules/http-dav-ext/t/dav_ext.t new file mode 100644 index 0000000..00327e2 --- /dev/null +++ b/debian/modules/http-dav-ext/t/dav_ext.t @@ -0,0 +1,141 @@ +#!/usr/bin/perl + +# (C) Roman Arutyunyan + +# Tests for nginx-dav-ext-module. + +############################################################################### + +use warnings; +use strict; + +use Test::More; + +BEGIN { use FindBin; chdir($FindBin::Bin); } + +use lib 'lib'; +use Test::Nginx; +use HTTP::DAV + +############################################################################### + +select STDERR; $| = 1; +select STDOUT; $| = 1; + +my $t = Test::Nginx->new()->has(qw/http dav/)->plan(20); + +$t->write_file_expand('nginx.conf', <<'EOF'); + +%%TEST_GLOBALS%% + +daemon off; + +events { +} + +http { + %%TEST_GLOBALS_HTTP%% + + dav_ext_lock_zone zone=foo:10m timeout=10s; + + server { + listen 127.0.0.1:8080; + server_name localhost; + + location / { + dav_methods PUT DELETE MKCOL COPY MOVE; + dav_ext_methods PROPFIND OPTIONS LOCK UNLOCK; + dav_ext_lock zone=foo; + } + } +} + +EOF + +$t->write_file('foo', 'foo'); + +$t->run(); + +############################################################################### + +my $url = "http://127.0.0.1:8080"; + +my $content; + +my $d = HTTP::DAV->new(); +$d->open($url); + +my $d2 = HTTP::DAV->new(); +$d2->open($url); + +#debug: +#$d->DebugLevel(3); +#see /tmp/perldav_debug.txt. + +my $p = $d->propfind('/', 1); +is($p->is_collection, 1, 'propfind dir collection'); +is($p->get_property('displayname'), '/', 'propfind dir displayname'); +is($p->get_uri(), 'http://127.0.0.1:8080/', 'propfind dir uri'); + +$p = $d->propfind('/foo'); +is($p->is_collection, 0, 'propfind file collection'); +is($p->get_property('displayname'), 'foo', 'propfind file displayname'); +is($p->get_uri(), 'http://127.0.0.1:8080/foo', 'propfind file uri'); +is($p->get_property('getcontentlength'), '3', 'propfind file size'); + +$d->lock('/foo'); +is($d->lock('/foo'), 0, 'prevent double lock'); + +$d->unlock('/foo'); +is($d->lock('/foo'), 1, 'relock'); + +$d->lock('/bar'); +$p = $d->propfind('/bar'); +is($p->get_property('displayname'), 'bar', 'lock creates a file'); + +$d->get('/bar', \$content) or $content = 'none'; +is($content, '', 'lock creates an empty file'); + +$content = "bar"; +$d->put(\$content, '/bar'); +$d->get('/bar', \$content) or $content = ''; +is($content, 'bar', 'put lock'); + +$content = "qux"; +$d2->put(\$content, '/bar'); +$d2->get('/bar', \$content) or $content = ''; +isnt($content, 'qux', 'prevent put lock'); + +$d->mkcol('/d/'); +$d->lock('/d/'); +$d->copy('/bar', '/d/bar'); +$d->get('/d/bar', \$content) or $content = ''; +is($content, 'bar', 'copy lock'); + +$d2->copy('/bar', '/d/qux'); +$d2->get('/d/qux', \$content) or $content = ''; +isnt($content, 'bar', 'prevent copy lock'); + +$d2->delete('/d/bar'); +$d2->get('/d/bar', \$content) or $content = ''; +is($content, 'bar', 'prevent delete lock'); + +$d->delete('/d/bar'); +$d->get('/d/bar', \$content) or $content = ''; +is($content, '', 'delete lock'); + +$d->mkcol('/d/c/'); +$p = $d->propfind('/d/c/'); +is($p->is_collection, 1, 'mkcol lock'); + +$d2->mkcol('/d/e/'); +is($d2->propfind('/d/e/'), 0, 'prevent mkcol lock'); + +$d->unlock('/d/'); +$d->lock('/d/', -depth=>"0"); +$content = 'qux'; +$d2->put(\$content, '/d/c/qux'); +$d2->get('/d/c/qux', \$content) or $content = ''; +is($content, 'qux', 'put to a depth-0-locked subdirectory'); + +############################################################################### diff --git a/modules_deb/libnginx-mod-http-echo-0.63/LICENSE b/debian/modules/http-echo/LICENSE similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/LICENSE rename to debian/modules/http-echo/LICENSE diff --git a/modules_deb/libnginx-mod-http-echo-0.63/README.markdown b/debian/modules/http-echo/README.markdown similarity index 99% rename from modules_deb/libnginx-mod-http-echo-0.63/README.markdown rename to debian/modules/http-echo/README.markdown index a6b25e3..71ac080 100644 --- a/modules_deb/libnginx-mod-http-echo-0.63/README.markdown +++ b/debian/modules/http-echo/README.markdown @@ -68,7 +68,7 @@ This module is production ready. Version ======= -This document describes ngx_echo [v0.62](https://github.com/openresty/echo-nginx-module/tags) released on 2 July, 2020. +This document describes ngx_echo [v0.61](https://github.com/openresty/echo-nginx-module/tags) released on 8 August 2017. Synopsis ======== @@ -1606,11 +1606,6 @@ Compatibility The following versions of Nginx should work with this module: -* **1.16.x** -* **1.15.x** (last tested: 1.15.8) -* **1.14.x** -* **1.13.x** (last tested: 1.13.6) -* **1.12.x** * **1.11.x** (last tested: 1.11.2) * **1.10.x** * **1.9.x** (last tested: 1.9.15) @@ -1814,7 +1809,7 @@ This wiki page is also maintained by the author himself, and everybody is encour Copyright & License =================== -Copyright (c) 2009-2018, Yichun "agentzh" Zhang (章亦春) , OpenResty Inc. +Copyright (c) 2009-2017, Yichun "agentzh" Zhang (章亦春) , OpenResty Inc. This module is licensed under the terms of the BSD license. diff --git a/modules_deb/libnginx-mod-http-echo-0.63/config b/debian/modules/http-echo/config similarity index 77% rename from modules_deb/libnginx-mod-http-echo-0.63/config rename to debian/modules/http-echo/config index 4bf0f00..32b54bf 100644 --- a/modules_deb/libnginx-mod-http-echo-0.63/config +++ b/debian/modules/http-echo/config @@ -30,24 +30,21 @@ ECHO_DEPS=" \ $ngx_addon_dir/src/ngx_http_echo_foreach.h \ " -# nginx 1.17.0+ unconditionally enables the postpone filter -if [ ! -z "$HTTP_POSTPONE" ]; then - # nginx won't have HTTP_POSTPONE_FILTER_MODULE & HTTP_POSTPONE_FILTER_SRCS - # defined since 1.9.11 - if [ -z "$HTTP_POSTPONE_FILTER_MODULE" ]; then - HTTP_POSTPONE_FILTER_MODULE=ngx_http_postpone_filter_module - HTTP_POSTPONE_FILTER_SRCS=src/http/ngx_http_postpone_filter_module.c - fi - - # This module depends upon the postpone filter being activated - if [ "$HTTP_POSTPONE" != YES ]; then - HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_POSTPONE_FILTER_MODULE" - HTTP_SRCS="$HTTP_SRCS $HTTP_POSTPONE_FILTER_SRCS" - HTTP_POSTPONE=YES - fi +# nginx won't have HTTP_POSTPONE_FILTER_MODULE & HTTP_POSTPONE_FILTER_SRCS +# defined since 1.9.11 +if test -z "$HTTP_POSTPONE_FILTER_MODULE"; then + HTTP_POSTPONE_FILTER_MODULE=ngx_http_postpone_filter_module + HTTP_POSTPONE_FILTER_SRCS=src/http/ngx_http_postpone_filter_module.c fi -if [ -n "$ngx_module_link" ]; then +# This module depends upon the postpone filter being activated +if [ $HTTP_POSTPONE != YES ]; then + HTTP_FILTER_MODULES="$HTTP_FILTER_MODULES $HTTP_POSTPONE_FILTER_MODULE" + HTTP_SRCS="$HTTP_SRCS $HTTP_POSTPONE_FILTER_SRCS" + HTTP_POSTPONE=YES +fi + +if test -n "$ngx_module_link"; then ngx_module_type=HTTP_AUX_FILTER ngx_module_name=$ngx_addon_name ngx_module_incs= diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ddebug.h b/debian/modules/http-echo/src/ddebug.h similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ddebug.h rename to debian/modules/http-echo/src/ddebug.h diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_echo.c b/debian/modules/http-echo/src/ngx_http_echo_echo.c similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_echo.c rename to debian/modules/http-echo/src/ngx_http_echo_echo.c diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_echo.h b/debian/modules/http-echo/src/ngx_http_echo_echo.h similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_echo.h rename to debian/modules/http-echo/src/ngx_http_echo_echo.h diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_filter.c b/debian/modules/http-echo/src/ngx_http_echo_filter.c similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_filter.c rename to debian/modules/http-echo/src/ngx_http_echo_filter.c diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_filter.h b/debian/modules/http-echo/src/ngx_http_echo_filter.h similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_filter.h rename to debian/modules/http-echo/src/ngx_http_echo_filter.h diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_foreach.c b/debian/modules/http-echo/src/ngx_http_echo_foreach.c similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_foreach.c rename to debian/modules/http-echo/src/ngx_http_echo_foreach.c diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_foreach.h b/debian/modules/http-echo/src/ngx_http_echo_foreach.h similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_foreach.h rename to debian/modules/http-echo/src/ngx_http_echo_foreach.h diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_handler.c b/debian/modules/http-echo/src/ngx_http_echo_handler.c similarity index 99% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_handler.c rename to debian/modules/http-echo/src/ngx_http_echo_handler.c index 120c8b0..00933a4 100644 --- a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_handler.c +++ b/debian/modules/http-echo/src/ngx_http_echo_handler.c @@ -213,10 +213,6 @@ ngx_http_echo_run_cmds(ngx_http_request_t *r) } } - if (computed_args == NULL) { - return NGX_HTTP_INTERNAL_SERVER_ERROR; - } - /* do command dispatch based on the opcode */ switch (cmd->opcode) { diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_handler.h b/debian/modules/http-echo/src/ngx_http_echo_handler.h similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_handler.h rename to debian/modules/http-echo/src/ngx_http_echo_handler.h diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_location.c b/debian/modules/http-echo/src/ngx_http_echo_location.c similarity index 98% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_location.c rename to debian/modules/http-echo/src/ngx_http_echo_location.c index 820e504..bfabb5e 100644 --- a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_location.c +++ b/debian/modules/http-echo/src/ngx_http_echo_location.c @@ -89,10 +89,6 @@ ngx_http_echo_exec_echo_location(ngx_http_request_t *r, ngx_uint_t flags = 0; ngx_http_echo_ctx_t *sr_ctx; - if (computed_args == NULL) { - return NGX_ERROR; - } - computed_arg_elts = computed_args->elts; location = computed_arg_elts[0]; diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_location.h b/debian/modules/http-echo/src/ngx_http_echo_location.h similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_location.h rename to debian/modules/http-echo/src/ngx_http_echo_location.h diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_module.c b/debian/modules/http-echo/src/ngx_http_echo_module.c similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_module.c rename to debian/modules/http-echo/src/ngx_http_echo_module.c diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_module.h b/debian/modules/http-echo/src/ngx_http_echo_module.h similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_module.h rename to debian/modules/http-echo/src/ngx_http_echo_module.h diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_request_info.c b/debian/modules/http-echo/src/ngx_http_echo_request_info.c similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_request_info.c rename to debian/modules/http-echo/src/ngx_http_echo_request_info.c diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_request_info.h b/debian/modules/http-echo/src/ngx_http_echo_request_info.h similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_request_info.h rename to debian/modules/http-echo/src/ngx_http_echo_request_info.h diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_sleep.c b/debian/modules/http-echo/src/ngx_http_echo_sleep.c similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_sleep.c rename to debian/modules/http-echo/src/ngx_http_echo_sleep.c diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_sleep.h b/debian/modules/http-echo/src/ngx_http_echo_sleep.h similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_sleep.h rename to debian/modules/http-echo/src/ngx_http_echo_sleep.h diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_subrequest.c b/debian/modules/http-echo/src/ngx_http_echo_subrequest.c similarity index 99% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_subrequest.c rename to debian/modules/http-echo/src/ngx_http_echo_subrequest.c index 0980d58..8644d7f 100644 --- a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_subrequest.c +++ b/debian/modules/http-echo/src/ngx_http_echo_subrequest.c @@ -640,7 +640,7 @@ ngx_http_echo_exec_exec(ngx_http_request_t *r, ngx_str_t *uri; ngx_str_t *user_args; ngx_str_t args; - ngx_uint_t flags = 0; + ngx_uint_t flags; ngx_str_t *computed_arg; computed_arg = computed_args->elts; diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_subrequest.h b/debian/modules/http-echo/src/ngx_http_echo_subrequest.h similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_subrequest.h rename to debian/modules/http-echo/src/ngx_http_echo_subrequest.h diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_timer.c b/debian/modules/http-echo/src/ngx_http_echo_timer.c similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_timer.c rename to debian/modules/http-echo/src/ngx_http_echo_timer.c diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_timer.h b/debian/modules/http-echo/src/ngx_http_echo_timer.h similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_timer.h rename to debian/modules/http-echo/src/ngx_http_echo_timer.h diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_util.c b/debian/modules/http-echo/src/ngx_http_echo_util.c similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_util.c rename to debian/modules/http-echo/src/ngx_http_echo_util.c diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_util.h b/debian/modules/http-echo/src/ngx_http_echo_util.h similarity index 94% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_util.h rename to debian/modules/http-echo/src/ngx_http_echo_util.h index d620d09..24b3e15 100644 --- a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_util.h +++ b/debian/modules/http-echo/src/ngx_http_echo_util.h @@ -11,7 +11,7 @@ #include "ngx_http_echo_module.h" -#define ngx_http_echo_strcmp_const(a, b) \ +#define ngx_http_echo_strcmp_const(a, b) \ ngx_strncmp(a, b, sizeof(b) - 1) diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_var.c b/debian/modules/http-echo/src/ngx_http_echo_var.c similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_var.c rename to debian/modules/http-echo/src/ngx_http_echo_var.c diff --git a/modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_var.h b/debian/modules/http-echo/src/ngx_http_echo_var.h similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/src/ngx_http_echo_var.h rename to debian/modules/http-echo/src/ngx_http_echo_var.h diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/abort-parent.t b/debian/modules/http-echo/t/abort-parent.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/abort-parent.t rename to debian/modules/http-echo/t/abort-parent.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/blocking-sleep.t b/debian/modules/http-echo/t/blocking-sleep.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/blocking-sleep.t rename to debian/modules/http-echo/t/blocking-sleep.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/echo-after-body.t b/debian/modules/http-echo/t/echo-after-body.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/echo-after-body.t rename to debian/modules/http-echo/t/echo-after-body.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/echo-before-body.t b/debian/modules/http-echo/t/echo-before-body.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/echo-before-body.t rename to debian/modules/http-echo/t/echo-before-body.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/echo-duplicate.t b/debian/modules/http-echo/t/echo-duplicate.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/echo-duplicate.t rename to debian/modules/http-echo/t/echo-duplicate.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/echo-timer.t b/debian/modules/http-echo/t/echo-timer.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/echo-timer.t rename to debian/modules/http-echo/t/echo-timer.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/echo.t b/debian/modules/http-echo/t/echo.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/echo.t rename to debian/modules/http-echo/t/echo.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/exec.t b/debian/modules/http-echo/t/exec.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/exec.t rename to debian/modules/http-echo/t/exec.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/filter-used.t b/debian/modules/http-echo/t/filter-used.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/filter-used.t rename to debian/modules/http-echo/t/filter-used.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/foreach-split.t b/debian/modules/http-echo/t/foreach-split.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/foreach-split.t rename to debian/modules/http-echo/t/foreach-split.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/gzip.t b/debian/modules/http-echo/t/gzip.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/gzip.t rename to debian/modules/http-echo/t/gzip.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/if.t b/debian/modules/http-echo/t/if.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/if.t rename to debian/modules/http-echo/t/if.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/incr.t b/debian/modules/http-echo/t/incr.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/incr.t rename to debian/modules/http-echo/t/incr.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/location-async.t b/debian/modules/http-echo/t/location-async.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/location-async.t rename to debian/modules/http-echo/t/location-async.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/location.t b/debian/modules/http-echo/t/location.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/location.t rename to debian/modules/http-echo/t/location.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/mixed.t b/debian/modules/http-echo/t/mixed.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/mixed.t rename to debian/modules/http-echo/t/mixed.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/request-body.t b/debian/modules/http-echo/t/request-body.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/request-body.t rename to debian/modules/http-echo/t/request-body.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/request-info.t b/debian/modules/http-echo/t/request-info.t similarity index 95% rename from modules_deb/libnginx-mod-http-echo-0.63/t/request-info.t rename to debian/modules/http-echo/t/request-info.t index dd34da4..8fd015e 100644 --- a/modules_deb/libnginx-mod-http-echo-0.63/t/request-info.t +++ b/debian/modules/http-echo/t/request-info.t @@ -5,7 +5,7 @@ use Test::Nginx::Socket; repeat_each(2); -plan tests => repeat_each() * (3 * blocks() + 14); +plan tests => repeat_each() * (3 * blocks() + 15); run_tests(); @@ -353,7 +353,6 @@ $headers}] === TEST 17: small header, multi-line header -multi-line header is not supported since 1.21 --- config location /t { echo -n $echo_client_request_headers; @@ -376,13 +375,10 @@ Foo: bar baz\r } --- no_error_log [error] ---- skip_nginx -3: >= 1.21.1 === TEST 18: large header, multi-line header -multi-line header is not supported since 1.21 --- config client_header_buffer_size 10; large_client_header_buffers 50 567; @@ -407,8 +403,6 @@ Connection: close\r --- no_error_log [error] ---- skip_nginx -3: >= 1.21.1 @@ -845,26 +839,3 @@ Foo: bar\r [error] --- timeout: 5 - - -=== TEST 34: invalid header line started with whitespace since nginx 1.21.1 ---- config - client_header_buffer_size 10; - large_client_header_buffers 50 567; - location /t { - echo -n $echo_client_request_headers; - } - ---- raw_request eval -my $headers = (CORE::join "\r\n", map { "Header$_: value-$_\r\n hello $_ world blah blah" } 1..512) . "\r\n\r\n"; - -qq{GET /t HTTP/1.1\r -Host: localhost\r -Connection: close\r -$headers} - ---- error_code: 400 ---- no_error_log -[error] ---- skip_nginx -2: < 1.21.1 diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/sleep.t b/debian/modules/http-echo/t/sleep.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/sleep.t rename to debian/modules/http-echo/t/sleep.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/status.t b/debian/modules/http-echo/t/status.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/status.t rename to debian/modules/http-echo/t/status.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/subrequest-async.t b/debian/modules/http-echo/t/subrequest-async.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/subrequest-async.t rename to debian/modules/http-echo/t/subrequest-async.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/subrequest.t b/debian/modules/http-echo/t/subrequest.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/subrequest.t rename to debian/modules/http-echo/t/subrequest.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/t/unused.t b/debian/modules/http-echo/t/unused.t similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/t/unused.t rename to debian/modules/http-echo/t/unused.t diff --git a/modules_deb/libnginx-mod-http-echo-0.63/util/build.sh b/debian/modules/http-echo/util/build.sh similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/util/build.sh rename to debian/modules/http-echo/util/build.sh diff --git a/debian/modules/http-echo/util/releng b/debian/modules/http-echo/util/releng new file mode 100755 index 0000000..b3ad9f2 --- /dev/null +++ b/debian/modules/http-echo/util/releng @@ -0,0 +1,8 @@ +#!/bin/bash + +./update-readme +ack '.{81}' src/ngx_http_*.[ch] +ack '(?<=\#define)\s*DDEBUG\s*[12]' src +echo ======================================= +ack '(?<=This document describes echo-nginx-module v)\d+\.\d+' README + diff --git a/modules_deb/libnginx-mod-http-echo-0.63/util/wiki2pod.pl b/debian/modules/http-echo/util/wiki2pod.pl similarity index 100% rename from modules_deb/libnginx-mod-http-echo-0.63/util/wiki2pod.pl rename to debian/modules/http-echo/util/wiki2pod.pl diff --git a/modules_deb/libnginx-mod-http-echo-0.63/valgrind.suppress b/debian/modules/http-echo/valgrind.suppress similarity index 69% rename from modules_deb/libnginx-mod-http-echo-0.63/valgrind.suppress rename to debian/modules/http-echo/valgrind.suppress index 975415e..d4bfe63 100644 --- a/modules_deb/libnginx-mod-http-echo-0.63/valgrind.suppress +++ b/debian/modules/http-echo/valgrind.suppress @@ -1,3 +1,17 @@ +{ + + Memcheck:Addr4 + fun:lj_str_new + fun:lua_setfield + fun:ngx_http_lua_cache_store_code +} +{ + + Memcheck:Addr4 + fun:lj_str_new + fun:lua_getfield + fun:ngx_http_lua_cache_load_code +} { Memcheck:Param @@ -32,22 +46,3 @@ fun:ngx_single_process_cycle fun:main } -{ - - Memcheck:Leak - match-leak-kinds: definite - fun:malloc - fun:ngx_alloc - fun:ngx_set_environment - fun:ngx_single_process_cycle -} -{ - - Memcheck:Leak - match-leak-kinds: definite - fun:malloc - fun:ngx_alloc - fun:ngx_set_environment - fun:ngx_worker_process_init - fun:ngx_worker_process_cycle -} diff --git a/debian/modules/http-fancyindex/CHANGELOG.md b/debian/modules/http-fancyindex/CHANGELOG.md new file mode 100644 index 0000000..580ec92 --- /dev/null +++ b/debian/modules/http-fancyindex/CHANGELOG.md @@ -0,0 +1,143 @@ +# Change Log +All notable changes to this project will be documented in this file. + +## [Unreleased] + +## [0.4.3] - 2018-07-03 +### Added +- Table cells now have class names, which allows for better CSS styling. + (Patch by qjqqyy <>.) +- The test suite now can parse and check elements from the HTML returned + by the module, thanks to the [pup](https://github.com/EricChiang/pup) + tool. + +### Fixed +- Sorting by file size now works correctly. + (Patch by qjqqyy <>.) + +## [0.4.2] - 2017-08-19 +### Changed +- Generated HTML from the default template is now proper HTML5, and it should + pass validation (#52). +- File sizes now have decimal positions when using `fancyindex_exact_size off`. + (Patch by Anders Trier <>.) +- Multiple updates to `README.rst` (Patches by Danila Vershinin + <>, Iulian Onofrei, Lilian Besson, and Nick Geoghegan + <>.) + +### Fixed +- Sorting by file size now also works correctly for directories which contain + files of sizes bigger than `INT_MAX`. (#74, fix suggestion by Chris Young.) +- Custom headers which fail to declare an UTF-8 encoding no longer cause table + header arrows to be rendered incorrectly by browsers (#50). +- Fix segmentation fault when opening directories with empty files (#61, patch + by Catgirl <>.) + +## [0.4.1] - 2016-08-18 +### Added +- New `fancyindex_directories_first` configuration directive (enabled by + default), which allows setting whether directories are sorted before other + files. (Patch by Luke Zapart <>.) + +### Fixed +- Fix index files not working when the fancyindex module is in use (#46). + + +## [0.4.0] - 2016-06-08 +### Added +- The module can now be built as a [dynamic + module](https://www.nginx.com/resources/wiki/extending/converting/). + (Patch by Róbert Nagy <>.) +- New configuration directive `fancyindex_show_path`, which allows hiding the + `

` header which contains the current path. + (Patch by Thomas P. <>.) + +### Changed +- Directory and file links in listings now have a title="..." attribute. + (Patch by `@janglapuk` <>.) + +### Fixed +- Fix for hung requests when the module is used along with `ngx_pagespeed`. + (Patch by Otto van der Schaaf <>.) + + +## [0.3.6] - 2016-01-26 +### Added +- New feature: Allow filtering out symbolic links using the + `fancyindex_hide_symlinks` configuration directive. (Idea and prototype + patch by Thomas Wemm.) +- New feature: Allow specifying the format of timestamps using the + `fancyindex_time_format` configuration directive. (Idea suggested by Xiao + Meng <>). + +### Changed +- Listings in top-level directories will not generate a "Parent Directory" + link as first element of the listing. (Patch by Thomas P.) + +### Fixed +- Fix propagation and overriding of the `fancyindex_css_href` setting inside + nested locations. +- Minor changes in the code to allow building cleanly under Windows with + Visual Studio 2013. (Patch by Y. Yuan <>). + + +## [0.3.5] - 2015-02-19 +### Added +- New feature: Allow setting the default sort criterion using the + `fancyindex_default_sort` configuration directive. (Patch by + Алексей Урбанский). +- New feature: Allow changing the maximum length of file names, using + the `fancyindex_name_length` configuration directive. (Patch by + Martin Herkt). + +### Changed +- Renames `NEWS.rst` to `CHANGELOG.md`, which follows the recommendations + from [Keep a Change Log](http://keepachangelog.com/). +- Configuring Nginx without the `http_addition_module` will generate a + warning during configuration, as it is needed for the `fancyindex_footer` + and `fancyindex_header` directives. + + +## [0.3.4] - 2014-09-03 + +### Added +- Viewport is now defined in the generated HTML, which works better + for mobile devices. + +### Changed +- Even-odd row styling moved to the CSS using :nth-child(). This + makes the HTML served to clients smaller. + + +## [0.3.3] - 2013-10-25 + +### Added +- New feature: table headers in the default template are now clickable + to set the sorting criteria and direction of the index entries. + (https://github.com/aperezdc/ngx-fancyindex/issues/7) + + +## [0.3.2] - 2013-06-05 + +### Fixed +- Solved a bug that would leave certain clients stalled forever. +- Improved handling of subrequests for non-builtin headers/footers. + + +## [0.3.1] - 2011-04-04 + +### Added +- `NEWS.rst` file, to act as change log. + + +[Unreleased]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.4.3...HEAD +[0.4.3]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.4.2...v0.4.3 +[0.4.2]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.4.1...v0.4.2 +[0.4.1]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.4.0...v0.4.1 +[0.4.0]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.3.6...v0.4.0 +[0.3.6]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.3.5...v0.3.6 +[0.3.5]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.3.4...v0.3.5 +[0.3.4]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.3.3...v0.3.4 +[0.3.3]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.3.2...v0.3.3 +[0.3.2]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.3.1...v0.3.2 +[0.3.1]: https://github.com/aperezdc/ngx-fancyindex/compare/v0.3...v0.3.1 diff --git a/debian/modules/http-fancyindex/HACKING.md b/debian/modules/http-fancyindex/HACKING.md new file mode 100644 index 0000000..0748517 --- /dev/null +++ b/debian/modules/http-fancyindex/HACKING.md @@ -0,0 +1,24 @@ +# Fancy Index module Hacking HOW-TO + +## How to modify the template + +The template is in the `template.html` file. Note that comment markers are +used to control how the `template.awk` Awk script generates the C header +which gets ultimately included in the compiled object code. Comment markers +have the `` format. Here `identifier` must be +a valid C identifier. All the text following the marker until the next +marker will be flattened into a C string. + +If the identifier is `NONE` (capitalized) the text from that marker up to +the next marker will be discarded. + + +## Regenerating the C header + +You will need Awk. I hope any decent implementation will do, but the GNU one +is known to work flawlessly. Just do: + + $ awk -f template.awk template.html > template.h + +If your copy of `awk` is not the GNU implementation, you will need to +install it and use `gawk` instead in the command line above. diff --git a/debian/modules/http-fancyindex/LICENSE b/debian/modules/http-fancyindex/LICENSE new file mode 100644 index 0000000..9fd66ee --- /dev/null +++ b/debian/modules/http-fancyindex/LICENSE @@ -0,0 +1,20 @@ +Redistribution and use in source and binary forms, with or without +modification, are permitted provided that the following conditions +are met: +1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. +2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in the + documentation and/or other materials provided with the distribution. + +THIS SOFTWARE IS PROVIDED BY AUTHOR AND CONTRIBUTORS ``AS IS'' AND +ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +ARE DISCLAIMED. IN NO EVENT SHALL AUTHOR OR CONTRIBUTORS BE LIABLE +FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +SUCH DAMAGE. diff --git a/debian/modules/http-fancyindex/README.rst b/debian/modules/http-fancyindex/README.rst new file mode 100644 index 0000000..b282b8b --- /dev/null +++ b/debian/modules/http-fancyindex/README.rst @@ -0,0 +1,300 @@ +======================== +Nginx Fancy Index module +======================== + +.. image:: https://travis-ci.org/aperezdc/ngx-fancyindex.svg?branch=master + :target: https://travis-ci.org/aperezdc/ngx-fancyindex + :alt: Build Status + +.. contents:: + +The Fancy Index module makes possible the generation of file listings, like +the built-in `autoindex `__ +module does, but adding a touch of style. This is possible because the module +module allows a certain degree of customization of the generated content: + +* Custom headers. Either local or stored remotely. +* Custom footers. Either local or stored remotely. +* Add you own CSS style rules. +* Allow choosing to sort elements by name (default), modification time, or + size; both ascending (default), or descending. + +This module is designed to work with Nginx_, a high performance open source web +server written by `Igor Sysoev `__. + + +Requirements +============ + +CentOS 7 +~~~~~~~~ + +For users of the `official stable `__ Nginx repository, `extra packages repository with dynamic modules `__ is available and fancyindex is included. + +Install directly:: + + yum install https://extras.getpagespeed.com/redhat/7/x86_64/RPMS/nginx-module-fancyindex-1.12.0.0.4.1-1.el7.gps.x86_64.rpm + +Alternatively, add extras repository first (for future updates) and install the module:: + + yum install nginx-module-fancyindex + +Then load the module in `/etc/nginx/nginx.conf` using:: + + load_module "modules/ngx_http_fancyindex_module.so"; + +Other platforms +~~~~~~~~~~~~~~~ + +In most other cases you will need the sources for Nginx_. Any version starting from the 0.7 +series onwards will work. Note that the modules *might* compile with +versions in the 0.6 series by applying ``nginx-0.6-support.patch``, but this +is unsupported (YMMV). + +In order to use the ``fancyindex_header_`` and ``fancyindex_footer_`` directives +you will also need the `ngx_http_addition_module `_ +built into Nginx. + + +Building +======== + +1. Unpack the Nginx_ sources:: + + $ gunzip -c nginx-?.?.?.tar.gz | tar -xvf - + +2. Unpack the sources for the fancy indexing module:: + + $ gunzip -c nginx-fancyindex-?.?.?.tar.gz | tar -xvf - + +3. Change to the directory which contains the Nginx_ sources, run the + configuration script with the desired options and be sure to put an + ``--add-module`` flag pointing to the directory which contains the source + of the fancy indexing module:: + + $ cd nginx-?.?.? + $ ./configure --add-module=../nginx-fancyindex-?.?.? \ + [--with-http_addition_module] [extra desired options] + + Since version 0.4.0, the module can also be built as a + `dynamic module `_, + using ``--add-dynamic-module=…`` instead and + ``load_module "modules/ngx_http_fancyindex_module.so";`` + in the configuration file + +4. Build and install the software:: + + $ make + + And then, as ``root``:: + + # make install + +5. Configure Nginx_ by using the modules' configuration directives_. + + +Example +======= + +You can test the default built-in style by adding the following lines into +a ``server`` section in your Nginx_ configuration file:: + + location / { + fancyindex on; # Enable fancy indexes. + fancyindex_exact_size off; # Output human-readable file sizes. + } + + +Themes +~~~~~~ + +The following themes demonstrate the level of customization which can be +achieved using the module: + +* `Theme `__ by + `@TheInsomniac `__. Uses custom header and + footer. +* `Theme `__ by + `@Naereen `__. Uses custom header and footer, the + header includes search field to filter by filename using JavaScript. +* `Theme `__ by + `@fraoustin `__. Responsive theme using + Material Design elements. +* `Theme `__ by + `@alehaa `__. Simple, flat theme based on + Bootstrap 4 and FontAwesome. + + +Directives +========== + +fancyindex +~~~~~~~~~~ +:Syntax: *fancyindex* [*on* | *off*] +:Default: fancyindex off +:Context: http, server, location +:Description: + Enables or disables fancy directory indexes. + +fancyindex_default_sort +~~~~~~~~~~~~~~~~~~~~~~~ +:Syntax: *fancyindex_default_sort* [*name* | *size* | *date* | *name_desc* | *size_desc* | *date_desc*] +:Default: fancyindex_default_sort name +:Context: http, server, location +:Description: + Defines sorting criterion by default. + +fancyindex_directories_first +~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +:Syntax: *fancyindex_directories_first* [*on* | *off*] +:Default: fancyindex_directories_first on +:Context: http, server, location +:Description: + If enabled (default setting), groups directories together and sorts them + before all regular files. If disabled, directories are sorted together with files. + +fancyindex_css_href +~~~~~~~~~~~~~~~~~~~ +:Syntax: *fancyindex_css_href uri* +:Default: fancyindex_css_href "" +:Context: http, server, location +:Description: + Allows inserting a link to a CSS style sheet in generated listings. The + provided *uri* parameter will be inserted as-is in a ```` HTML tag. + The link is inserted after the built-in CSS rules, so you can override the + default styles. + +fancyindex_exact_size +~~~~~~~~~~~~~~~~~~~~~ +:Syntax: *fancyindex_exact_size* [*on* | *off*] +:Default: fancyindex_exact_size on +:Context: http, server, location +:Description: + Defines how to represent file sizes in the directory listing; either + accurately, or rounding off to the kilobyte, the megabyte and the + gigabyte. + +fancyindex_name_length +~~~~~~~~~~~~~~~~~~~~~~ +:Syntax: *fancyindex_name_length length* +:Default: fancyindex_name_length 50 +:Context: http, server, location +:Description: + Defines the maximum file name length limit in bytes. + +fancyindex_footer +~~~~~~~~~~~~~~~~~ +:Syntax: *fancyindex_footer path* +:Default: fancyindex_footer "" +:Context: http, server, location +:Description: + Specifies which file should be inserted at the foot of directory listings. + If set to an empty string, the default footer supplied by the module will + be sent. + +.. note:: Using this directive needs the ngx_http_addition_module_ built + into Nginx. + +.. warning:: When inserting custom header/footer a subrequest will be + issued so potentially any URL can be used as source for them. Although it + will work with external URLs, only using internal ones is supported. + External URLs are totally untested and using them will make Nginx_ block + while waiting for the subrequest to complete. If you feel like external + header/footer is a must-have for you, please + `let me know `__. + +fancyindex_header +~~~~~~~~~~~~~~~~~ +:Syntax: *fancyindex_header path* +:Default: fancyindex_header "" +:Context: http, server, location +:Description: + Specifies which file should be inserted at the head of directory listings. + If set to an empty string, the default header supplied by the module will + be sent. + +.. note:: Using this directive needs the ngx_http_addition_module_ built + into Nginx. + +fancyindex_show_path +~~~~~~~~~~~~~~~~~ +:Syntax: *fancyindex_show_path* [*on* | *off*] +:Default: fancyindex_show_path on +:Context: http, server, location +:Description: + Whether to output or not the path and the closing

tag after the header. + This is useful when you want to handle the path displaying with a PHP script + for example. + +.. warning:: This directive can be turned off only if a custom header is provided + using fancyindex_header. + +fancyindex_ignore +~~~~~~~~~~~~~~~~~ +:Syntax: *fancyindex_ignore string1 [string2 [... stringN]]* +:Default: No default. +:Context: http, server, location +:Description: + Specifies a list of file names which will be not be shown in generated + listings. If Nginx was built with PCRE support strings are interpreted as + regular expressions. + +fancyindex_hide_symlinks +~~~~~~~~~~~~~~~~~~~~~~~~ +:Syntax: *fancyindex_hide_symlinks* [*on* | *off*] +:Default: fancyindex_hide_symlinks off +:Context: http, server, location +:Description: + When enabled, generated listings will not contain symbolic links. + +fancyindex_localtime +~~~~~~~~~~~~~~~~~~~~ +:Syntax: *fancyindex_localtime* [*on* | *off*] +:Default: fancyindex_localtime off +:Context: http, server, location +:Description: + Enables showing file times as local time. Default is “off” (GMT time). + +fancyindex_time_format +~~~~~~~~~~~~~~~~~~~~~~ +:Syntax: *fancyindex_time_format* string +:Default: fancyindex_time_format "%Y-%b-%d %H:%M" +:Context: http, server, location +:Description: + Format string used for timestamps. The format specifiers are a subset of + those supported by the `strftime `_ + function, and the behavior is locale-independent (for example, day and month + names are always in English). The supported formats are: + + * ``%a``: Abbreviated name of the day of the week. + * ``%A``: Full name of the day of the week. + * ``%b``: Abbreviated month name. + * ``%B``: Full month name. + * ``%d``: Day of the month as a decimal number (range 01 to 31). + * ``%e``: Like ``%d``, the day of the month as a decimal number, but a + leading zero is replaced by a space. + * ``%F``: Equivalent to ``%Y-%m-%d`` (the ISO 8601 date format). + * ``%H``: Hour as a decimal number using a 24-hour clock (range 00 + to 23). + * ``%I``: Hour as a decimal number using a 12-hour clock (range 01 to 12). + * ``%k``: Hour (24-hour clock) as a decimal number (range 0 to 23); + single digits are preceded by a blank. + * ``%l``: Hour (12-hour clock) as a decimal number (range 1 to 12); single + digits are preceded by a blank. + * ``%m``: Month as a decimal number (range 01 to 12). + * ``%M``: Minute as a decimal number (range 00 to 59). + * ``%p``: Either "AM" or "PM" according to the given time value. + * ``%P``: Like ``%p`` but in lowercase: "am" or "pm". + * ``%r``: Time in a.m. or p.m. notation. Equivalent to ``%I:%M:%S %p``. + * ``%R``: Time in 24-hour notation (``%H:%M``). + * ``%S``: Second as a decimal number (range 00 to 60). + * ``%T``: Time in 24-hour notation (``%H:%M:%S``). + * ``%u``: Day of the week as a decimal, range 1 to 7, Monday being 1. + * ``%w``: Day of the week as a decimal, range 0 to 6, Monday being 0. + * ``%y``: Year as a decimal number without a century (range 00 to 99). + * ``%Y``: Year as a decimal number including the century. + + +.. _nginx: http://nginx.net + +.. vim:ft=rst:spell:spelllang=en: diff --git a/debian/modules/http-fancyindex/config b/debian/modules/http-fancyindex/config new file mode 100644 index 0000000..4ef3809 --- /dev/null +++ b/debian/modules/http-fancyindex/config @@ -0,0 +1,20 @@ +# vim:ft=sh: +ngx_addon_name=ngx_http_fancyindex_module + +if [ "$ngx_module_link" = DYNAMIC ] ; then + ngx_module_type=HTTP + ngx_module_name=ngx_http_fancyindex_module + ngx_module_srcs="$ngx_addon_dir/ngx_http_fancyindex_module.c" + ngx_module_deps="$ngx_addon_dir/template.h" + ngx_module_order="$ngx_module_name ngx_http_autoindex_module" + . auto/module +else + # XXX: Insert fancyindex module *after* index module! + # + HTTP_MODULES=`echo "${HTTP_MODULES}" | sed -e \ + 's/ngx_http_index_module/ngx_http_fancyindex_module ngx_http_index_module/'` + NGX_ADDON_SRCS="$NGX_ADDON_SRCS $ngx_addon_dir/ngx_http_fancyindex_module.c" + if [ $HTTP_ADDITION != YES ] ; then + echo " - The 'addition' filter is needed for fancyindex_{header,footer}, but it was disabled" + fi +fi diff --git a/debian/modules/http-fancyindex/nginx-0.6-support.patch b/debian/modules/http-fancyindex/nginx-0.6-support.patch new file mode 100644 index 0000000..e79e0b3 --- /dev/null +++ b/debian/modules/http-fancyindex/nginx-0.6-support.patch @@ -0,0 +1,23 @@ +=== modified file 'ngx_http_fancyindex_module.c' +--- ngx_http_fancyindex_module.c 2008-09-11 17:55:52 +0000 ++++ ngx_http_fancyindex_module.c 2008-12-10 01:33:43 +0000 +@@ -383,7 +383,7 @@ + entry->mtime = ngx_de_mtime(&dir); + entry->size = ngx_de_size(&dir); + entry->utf_len = (r->utf8) +- ? ngx_utf8_length(entry->name.data, entry->name.len) ++ ? ngx_utf_length(entry->name.data, entry->name.len) + : len; + } + +@@ -478,8 +478,7 @@ + copy = NGX_HTTP_FANCYINDEX_NAME_LEN + 1; + } + +- b->last = ngx_utf8_cpystrn(b->last, entry[i].name.data, +- copy, entry[i].name.len); ++ b->last = ngx_utf_cpystrn(b->last, entry[i].name.data, copy); + last = b->last; + + } else { + diff --git a/debian/modules/http-fancyindex/ngx_http_fancyindex_module.c b/debian/modules/http-fancyindex/ngx_http_fancyindex_module.c new file mode 100644 index 0000000..64f98a1 --- /dev/null +++ b/debian/modules/http-fancyindex/ngx_http_fancyindex_module.c @@ -0,0 +1,1454 @@ +/* + * ngx_http_fancyindex_module.c + * Copyright © 2007-2016 Adrian Perez + * + * Module used for fancy indexing of directories. Features and differences + * with the stock nginx autoindex module: + * + * - Output is a table instead of a 
 element with embedded  links.
+ *  - Header and footer may be added to every generated directory listing.
+ *  - Default header and/or footer are generated if custom ones are not
+ *    configured. Files used for header and footer can only be local path
+ *    names (i.e. you cannot insert the result of a subrequest.)
+ *  - Proper HTML is generated: it should validate both as XHTML 1.0 Strict
+ *    and HTML 4.01.
+ *
+ * Base functionality heavy based upon the stock nginx autoindex module,
+ * which in turn was made by Igor Sysoev, like the majority of nginx.
+ *
+ * Distributed under terms of the BSD license.
+ */
+
+#include 
+#include 
+#include 
+#include 
+
+#include "template.h"
+
+#if defined(__GNUC__) && (__GNUC__ >= 3)
+# define ngx_force_inline __attribute__((__always_inline__))
+#else /* !__GNUC__ */
+# define ngx_force_inline
+#endif /* __GNUC__ */
+
+
+static const char *short_weekday[] = {
+    "Mon", "Tue", "Wed", "Thu", "Fri", "Sat", "Sun",
+};
+static const char *long_weekday[] = {
+    "Monday", "Tuesday", "Wednesday", "Thursday", "Friday", "Sunday",
+};
+static const char *short_month[] = {
+    "Jan", "Feb", "Mar", "Apr", "May", "Jun",
+    "Jul", "Aug", "Sep", "Oct", "Nov", "Dec",
+};
+static const char *long_month[] = {
+    "January", "February", "March", "April", "May", "June", "July",
+    "August", "September", "October", "November", "December",
+};
+
+
+#define DATETIME_FORMATS(F_, t) \
+    F_ ('a',  3, "%3s",  short_weekday[((t)->ngx_tm_wday + 6) % 7]) \
+    F_ ('A',  9, "%s",   long_weekday [((t)->ngx_tm_wday + 6) % 7]) \
+    F_ ('b',  3, "%3s",  short_month[(t)->ngx_tm_mon - 1]         ) \
+    F_ ('B',  9, "%s",   long_month [(t)->ngx_tm_mon - 1]         ) \
+    F_ ('d',  2, "%02d", (t)->ngx_tm_mday                         ) \
+    F_ ('e',  2, "%2d",  (t)->ngx_tm_mday                         ) \
+    F_ ('F', 10, "%d-%02d-%02d",                                    \
+                  (t)->ngx_tm_year,                                 \
+                  (t)->ngx_tm_mon,                                  \
+                  (t)->ngx_tm_mday                                ) \
+    F_ ('H',  2, "%02d", (t)->ngx_tm_hour                         ) \
+    F_ ('I',  2, "%02d", ((t)->ngx_tm_hour % 12) + 1              ) \
+    F_ ('k',  2, "%2d",  (t)->ngx_tm_hour                         ) \
+    F_ ('l',  2, "%2d",  ((t)->ngx_tm_hour % 12) + 1              ) \
+    F_ ('m',  2, "%02d", (t)->ngx_tm_mon                          ) \
+    F_ ('M',  2, "%02d", (t)->ngx_tm_min                          ) \
+    F_ ('p',  2, "%2s",  (((t)->ngx_tm_hour < 12) ? "AM" : "PM")  ) \
+    F_ ('P',  2, "%2s",  (((t)->ngx_tm_hour < 12) ? "am" : "pm")  ) \
+    F_ ('r', 11, "%02d:%02d:%02d %2s",                              \
+                 ((t)->ngx_tm_hour % 12) + 1,                       \
+                 (t)->ngx_tm_min,                                   \
+                 (t)->ngx_tm_sec,                                   \
+                 (((t)->ngx_tm_hour < 12) ? "AM" : "PM")          ) \
+    F_ ('R',  5, "%02d:%02d", (t)->ngx_tm_hour, (t)->ngx_tm_min   ) \
+    F_ ('S',  2, "%02d", (t)->ngx_tm_sec                          ) \
+    F_ ('T',  8, "%02d:%02d:%02d",                                  \
+                 (t)->ngx_tm_hour,                                  \
+                 (t)->ngx_tm_min,                                   \
+                 (t)->ngx_tm_sec                                  ) \
+    F_ ('u',  1, "%1d", (((t)->ngx_tm_wday + 6) % 7) + 1          ) \
+    F_ ('w',  1, "%1d", ((t)->ngx_tm_wday + 6) % 7                ) \
+    F_ ('y',  2, "%02d", (t)->ngx_tm_year % 100                   ) \
+    F_ ('Y',  4, "%04d", (t)->ngx_tm_year                         )
+
+
+static size_t
+ngx_fancyindex_timefmt_calc_size (const ngx_str_t *fmt)
+{
+#define DATETIME_CASE(letter, fmtlen, fmt, ...) \
+        case letter: result += (fmtlen); break;
+
+    size_t i, result = 0;
+    for (i = 0; i < fmt->len; i++) {
+        if (fmt->data[i] == '%') {
+            if (++i >= fmt->len) {
+                result++;
+                break;
+            }
+            switch (fmt->data[i]) {
+                DATETIME_FORMATS(DATETIME_CASE,)
+                default:
+                    result++;
+            }
+        } else {
+            result++;
+        }
+    }
+    return result;
+
+#undef DATETIME_CASE
+}
+
+
+static u_char*
+ngx_fancyindex_timefmt (u_char *buffer, const ngx_str_t *fmt, const ngx_tm_t *tm)
+{
+#define DATETIME_CASE(letter, fmtlen, fmt, ...) \
+        case letter: buffer = ngx_snprintf(buffer, fmtlen, fmt, ##__VA_ARGS__); break;
+
+    size_t i;
+    for (i = 0; i < fmt->len; i++) {
+        if (fmt->data[i] == '%') {
+            if (++i >= fmt->len) {
+                *buffer++ = '%';
+                break;
+            }
+            switch (fmt->data[i]) {
+                DATETIME_FORMATS(DATETIME_CASE, tm)
+                default:
+                    *buffer++ = fmt->data[i];
+            }
+        } else {
+            *buffer++ = fmt->data[i];
+        }
+    }
+    return buffer;
+
+#undef DATETIME_CASE
+}
+
+
+/**
+ * Configuration structure for the fancyindex module. The configuration
+ * commands defined in the module do fill in the members of this structure.
+ */
+typedef struct {
+    ngx_flag_t enable;       /**< Module is enabled. */
+    ngx_uint_t default_sort; /**< Default sort criterion. */
+    ngx_flag_t dirs_first;   /**< Group directories together first when sorting */
+    ngx_flag_t localtime;    /**< File mtime dates are sent in local time. */
+    ngx_flag_t exact_size;   /**< Sizes are sent always in bytes. */
+    ngx_uint_t name_length;  /**< Maximum length of file names in bytes. */
+    ngx_flag_t hide_symlinks;/**< Hide symbolic links in listings. */
+    ngx_flag_t show_path;    /**< Whether to display or not the path + '' after the header */
+
+    ngx_str_t  header;       /**< File name for header, or empty if none. */
+    ngx_str_t  footer;       /**< File name for footer, or empty if none. */
+    ngx_str_t  css_href;     /**< Link to a CSS stylesheet, or empty if none. */
+    ngx_str_t  time_format;  /**< Format used for file timestamps. */
+
+    ngx_array_t *ignore;     /**< List of files to ignore in listings. */
+} ngx_http_fancyindex_loc_conf_t;
+
+#define NGX_HTTP_FANCYINDEX_SORT_CRITERION_NAME       0
+#define NGX_HTTP_FANCYINDEX_SORT_CRITERION_SIZE       1
+#define NGX_HTTP_FANCYINDEX_SORT_CRITERION_DATE       2
+#define NGX_HTTP_FANCYINDEX_SORT_CRITERION_NAME_DESC  3
+#define NGX_HTTP_FANCYINDEX_SORT_CRITERION_SIZE_DESC  4
+#define NGX_HTTP_FANCYINDEX_SORT_CRITERION_DATE_DESC  5
+
+static ngx_conf_enum_t ngx_http_fancyindex_sort_criteria[] = {
+    { ngx_string("name"), NGX_HTTP_FANCYINDEX_SORT_CRITERION_NAME },
+    { ngx_string("size"), NGX_HTTP_FANCYINDEX_SORT_CRITERION_SIZE },
+    { ngx_string("date"), NGX_HTTP_FANCYINDEX_SORT_CRITERION_DATE },
+    { ngx_string("name_desc"), NGX_HTTP_FANCYINDEX_SORT_CRITERION_NAME_DESC },
+    { ngx_string("size_desc"), NGX_HTTP_FANCYINDEX_SORT_CRITERION_SIZE_DESC },
+    { ngx_string("date_desc"), NGX_HTTP_FANCYINDEX_SORT_CRITERION_DATE_DESC },
+    { ngx_null_string, 0 }
+};
+
+
+#define NGX_HTTP_FANCYINDEX_PREALLOCATE  50
+
+
+/**
+ * Calculates the length of a NULL-terminated string. It is ugly having to
+ * remember to substract 1 from the sizeof result.
+ */
+#define ngx_sizeof_ssz(_s)  (sizeof(_s) - 1)
+
+/**
+ * Compute the length of a statically allocated array
+ */
+#define DIM(x) (sizeof(x)/sizeof(*(x)))
+
+/**
+ * Copy a static zero-terminated string. Useful to output template
+ * string pieces into a temporary buffer.
+ */
+#define ngx_cpymem_ssz(_p, _t) \
+	(ngx_cpymem((_p), (_t), sizeof(_t) - 1))
+
+/**
+ * Copy a ngx_str_t.
+ */
+#define ngx_cpymem_str(_p, _s) \
+	(ngx_cpymem((_p), (_s).data, (_s).len))
+
+/**
+ * Check whether a particular bit is set in a particular value.
+ */
+#define ngx_has_flag(_where, _what) \
+	(((_where) & (_what)) == (_what))
+
+
+
+
+typedef struct {
+    ngx_str_t      name;
+    size_t         utf_len;
+    ngx_uint_t     escape;
+    ngx_uint_t     dir;
+    time_t         mtime;
+    off_t          size;
+} ngx_http_fancyindex_entry_t;
+
+
+
+static ngx_int_t ngx_libc_cdecl
+    ngx_http_fancyindex_cmp_entries_dirs_first(const void *one, const void *two);
+static ngx_int_t ngx_libc_cdecl
+    ngx_http_fancyindex_cmp_entries_name_desc(const void *one, const void *two);
+static ngx_int_t ngx_libc_cdecl
+    ngx_http_fancyindex_cmp_entries_size_desc(const void *one, const void *two);
+static ngx_int_t ngx_libc_cdecl
+    ngx_http_fancyindex_cmp_entries_mtime_desc(const void *one, const void *two);
+static ngx_int_t ngx_libc_cdecl
+    ngx_http_fancyindex_cmp_entries_name_asc(const void *one, const void *two);
+static ngx_int_t ngx_libc_cdecl
+    ngx_http_fancyindex_cmp_entries_size_asc(const void *one, const void *two);
+static ngx_int_t ngx_libc_cdecl
+    ngx_http_fancyindex_cmp_entries_mtime_asc(const void *one, const void *two);
+
+static ngx_int_t ngx_http_fancyindex_error(ngx_http_request_t *r,
+    ngx_dir_t *dir, ngx_str_t *name);
+
+static ngx_int_t ngx_http_fancyindex_init(ngx_conf_t *cf);
+
+static void *ngx_http_fancyindex_create_loc_conf(ngx_conf_t *cf);
+
+static char *ngx_http_fancyindex_merge_loc_conf(ngx_conf_t *cf,
+    void *parent, void *child);
+
+static char *ngx_http_fancyindex_ignore(ngx_conf_t    *cf,
+                                        ngx_command_t *cmd,
+                                        void          *conf);
+
+static uintptr_t
+    ngx_fancyindex_escape_uri(u_char *dst, u_char*src, size_t size);
+
+/*
+ * These are used only once per handler invocation. We can tell GCC to
+ * inline them always, if possible (see how ngx_force_inline is defined
+ * above).
+ */
+static ngx_inline ngx_buf_t*
+    make_header_buf(ngx_http_request_t *r, const ngx_str_t css_href)
+    ngx_force_inline;
+
+static ngx_inline ngx_buf_t*
+    make_footer_buf(ngx_http_request_t *r)
+    ngx_force_inline;
+
+
+
+static ngx_command_t  ngx_http_fancyindex_commands[] = {
+
+    { ngx_string("fancyindex"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_fancyindex_loc_conf_t, enable),
+      NULL },
+
+    { ngx_string("fancyindex_default_sort"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_enum_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_fancyindex_loc_conf_t, default_sort),
+      &ngx_http_fancyindex_sort_criteria },
+
+    { ngx_string("fancyindex_directories_first"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_fancyindex_loc_conf_t, dirs_first),
+      NULL },
+
+    { ngx_string("fancyindex_localtime"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_fancyindex_loc_conf_t, localtime),
+      NULL },
+
+    { ngx_string("fancyindex_exact_size"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_fancyindex_loc_conf_t, exact_size),
+      NULL },
+
+    { ngx_string("fancyindex_name_length"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_num_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_fancyindex_loc_conf_t, name_length),
+      NULL },
+
+    { ngx_string("fancyindex_header"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_str_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_fancyindex_loc_conf_t, header),
+      NULL },
+
+    { ngx_string("fancyindex_footer"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_str_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_fancyindex_loc_conf_t, footer),
+      NULL },
+
+    { ngx_string("fancyindex_css_href"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_str_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_fancyindex_loc_conf_t, css_href),
+      NULL },
+
+    { ngx_string("fancyindex_ignore"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_1MORE,
+      ngx_http_fancyindex_ignore,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      0,
+      NULL },
+
+    { ngx_string("fancyindex_hide_symlinks"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_fancyindex_loc_conf_t, hide_symlinks),
+      NULL },
+
+    { ngx_string("fancyindex_show_path"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_flag_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_fancyindex_loc_conf_t, show_path),
+      NULL },
+
+    { ngx_string("fancyindex_time_format"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG,
+      ngx_conf_set_str_slot,
+      NGX_HTTP_LOC_CONF_OFFSET,
+      offsetof(ngx_http_fancyindex_loc_conf_t, time_format),
+      NULL },
+
+    ngx_null_command
+};
+
+
+static ngx_http_module_t  ngx_http_fancyindex_module_ctx = {
+    NULL,                                  /* preconfiguration */
+    ngx_http_fancyindex_init,              /* postconfiguration */
+
+    NULL,                                  /* create main configuration */
+    NULL,                                  /* init main configuration */
+
+    NULL,                                  /* create server configuration */
+    NULL,                                  /* merge server configuration */
+
+    ngx_http_fancyindex_create_loc_conf,   /* create location configration */
+    ngx_http_fancyindex_merge_loc_conf     /* merge location configration */
+};
+
+
+ngx_module_t  ngx_http_fancyindex_module = {
+    NGX_MODULE_V1,
+    &ngx_http_fancyindex_module_ctx,       /* module context */
+    ngx_http_fancyindex_commands,          /* module directives */
+    NGX_HTTP_MODULE,                       /* module type */
+    NULL,                                  /* init master */
+    NULL,                                  /* init module */
+    NULL,                                  /* init process */
+    NULL,                                  /* init thread */
+    NULL,                                  /* exit thread */
+    NULL,                                  /* exit process */
+    NULL,                                  /* exit master */
+    NGX_MODULE_V1_PADDING
+};
+
+
+
+static const ngx_str_t css_href_pre =
+    ngx_string("\n");
+
+
+static uintptr_t
+ngx_fancyindex_escape_uri(u_char *dst, u_char *src, size_t size)
+{
+    /*
+     * The ngx_escape_uri() function will not escape colons or the
+     * ? character, which signals the beginning of the query string.
+     * So we handle those characters ourselves.
+     *
+     * TODO: Get rid of this once ngx_escape_uri() works as expected!
+     */
+
+    u_int escapes = 0;
+    u_char *psrc = src;
+    size_t psize = size;
+
+    while (psize--) {
+        switch (*psrc++) {
+            case ':':
+            case '?':
+                escapes++;
+                break;
+        }
+    }
+
+    if (dst == NULL) {
+        return escapes + ngx_escape_uri(NULL, src, size, NGX_ESCAPE_HTML);
+    }
+    else if (escapes == 0) {
+        /* No need to do extra escaping, avoid the temporary buffer */
+        return ngx_escape_uri(dst, src, size, NGX_ESCAPE_HTML);
+    }
+    else {
+        uintptr_t uescapes = ngx_escape_uri(NULL, src, size, NGX_ESCAPE_HTML);
+        size_t bufsz = size + 2 * uescapes;
+
+        /*
+         * GCC and CLANG both support stack-allocated variable length
+         * arrays. Take advantage of that to avoid a malloc-free cycle.
+         */
+#if defined(__GNUC__) || defined(__clang__)
+        u_char cbuf[bufsz];
+        u_char *buf = cbuf;
+#else  /* __GNUC__ || __clang__ */
+        u_char *buf = (u_char*) malloc(sizeof(u_char) * bufsz);
+#endif /* __GNUC__ || __clang__ */
+
+        ngx_escape_uri(buf, src, size, NGX_ESCAPE_HTML);
+
+        while (bufsz--) {
+            switch (*buf) {
+                case ':':
+                    *dst++ = '%';
+                    *dst++ = '3';
+                    *dst++ = 'A';
+                    break;
+                case '?':
+                    *dst++ = '%';
+                    *dst++ = '3';
+                    *dst++ = 'F';
+                    break;
+                default:
+                    *dst++ = *buf;
+            }
+            buf++;
+        }
+
+#if !defined(__GNUC__) && !defined(__clang__)
+        free(buf);
+#endif /* !__GNUC__ && !__clang__ */
+
+        return escapes + uescapes;
+    }
+}
+
+
+static ngx_inline ngx_buf_t*
+make_header_buf(ngx_http_request_t *r, const ngx_str_t css_href)
+{
+    size_t blen = r->uri.len
+        + ngx_sizeof_ssz(t01_head1)
+        + ngx_sizeof_ssz(t02_head2)
+        + ngx_sizeof_ssz(t03_head3)
+        + ngx_sizeof_ssz(t04_body1)
+        ;
+
+    if (css_href.len) {
+        blen += css_href_pre.len \
+              + css_href.len \
+              + css_href_post.len
+              ;
+    }
+
+    ngx_buf_t *b = ngx_create_temp_buf(r->pool, blen);
+
+    if (b == NULL) goto bailout;
+
+    b->last = ngx_cpymem_ssz(b->last, t01_head1);
+
+    if (css_href.len) {
+        b->last = ngx_cpymem_str(b->last, css_href_pre);
+        b->last = ngx_cpymem_str(b->last, css_href);
+        b->last = ngx_cpymem_str(b->last, css_href_post);
+    }
+
+    b->last = ngx_cpymem_ssz(b->last, t02_head2);
+    b->last = ngx_cpymem_str(b->last, r->uri);
+    b->last = ngx_cpymem_ssz(b->last, t03_head3);
+    b->last = ngx_cpymem_ssz(b->last, t04_body1);
+
+bailout:
+    return b;
+}
+
+
+
+static ngx_inline ngx_buf_t*
+make_footer_buf(ngx_http_request_t *r)
+{
+    /*
+     * TODO: Make this buffer static (i.e. readonly and reusable from
+     * one request to another.
+     */
+    ngx_buf_t *b = ngx_create_temp_buf(r->pool, ngx_sizeof_ssz(t08_foot1));
+
+    if (b == NULL) goto bailout;
+
+    b->last = ngx_cpymem_ssz(b->last, t08_foot1);
+
+bailout:
+    return b;
+}
+
+
+
+static ngx_inline ngx_int_t
+make_content_buf(
+        ngx_http_request_t *r, ngx_buf_t **pb,
+        ngx_http_fancyindex_loc_conf_t *alcf)
+{
+    ngx_http_fancyindex_entry_t *entry;
+
+    ngx_int_t (*sort_cmp_func) (const void*, const void*);
+    const char  *sort_url_args = "";
+
+    off_t        length;
+    size_t       len, root, copy, allocated;
+    int64_t      multiplier;
+    u_char      *filename, *last;
+    ngx_tm_t     tm;
+    ngx_array_t  entries;
+    ngx_time_t  *tp;
+    ngx_uint_t   i, j;
+    ngx_str_t    path;
+    ngx_dir_t    dir;
+    ngx_buf_t   *b;
+
+    static const char    *sizes[]  = { "EiB", "PiB", "TiB", "GiB", "MiB", "KiB", "B" };
+    static const int64_t  exbibyte = 1024LL * 1024LL * 1024LL *
+                                     1024LL * 1024LL * 1024LL;
+
+    /*
+     * NGX_DIR_MASK_LEN is lesser than NGX_HTTP_FANCYINDEX_PREALLOCATE
+     */
+    if ((last = ngx_http_map_uri_to_path(r, &path, &root,
+                    NGX_HTTP_FANCYINDEX_PREALLOCATE)) == NULL)
+        return NGX_HTTP_INTERNAL_SERVER_ERROR;
+
+    allocated = path.len;
+    path.len  = last - path.data - 1;
+    path.data[path.len] = '\0';
+
+    ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                   "http fancyindex: \"%s\"", path.data);
+
+    if (ngx_open_dir(&path, &dir) == NGX_ERROR) {
+        ngx_int_t rc, err = ngx_errno;
+        ngx_uint_t level;
+
+        if (err == NGX_ENOENT || err == NGX_ENOTDIR || err == NGX_ENAMETOOLONG) {
+            level = NGX_LOG_ERR;
+            rc = NGX_HTTP_NOT_FOUND;
+        } else if (err == NGX_EACCES) {
+            level = NGX_LOG_ERR;
+            rc = NGX_HTTP_FORBIDDEN;
+        } else {
+            level = NGX_LOG_CRIT;
+            rc = NGX_HTTP_INTERNAL_SERVER_ERROR;
+        }
+
+        ngx_log_error(level, r->connection->log, err,
+                ngx_open_dir_n " \"%s\" failed", path.data);
+
+        return rc;
+    }
+
+#if (NGX_SUPPRESS_WARN)
+    /* MSVC thinks 'entries' may be used without having been initialized */
+    ngx_memzero(&entries, sizeof(ngx_array_t));
+#endif /* NGX_SUPPRESS_WARN */
+
+
+    if (ngx_array_init(&entries, r->pool, 40,
+                sizeof(ngx_http_fancyindex_entry_t)) != NGX_OK)
+        return ngx_http_fancyindex_error(r, &dir, &path);
+
+    filename = path.data;
+    filename[path.len] = '/';
+
+    /* Read directory entries and their associated information. */
+    for (;;) {
+        ngx_set_errno(0);
+
+        if (ngx_read_dir(&dir) == NGX_ERROR) {
+            ngx_int_t err = ngx_errno;
+
+            if (err != NGX_ENOMOREFILES) {
+                ngx_log_error(NGX_LOG_CRIT, r->connection->log, err,
+                        ngx_read_dir_n " \"%V\" failed", &path);
+                return ngx_http_fancyindex_error(r, &dir, &path);
+            }
+            break;
+        }
+
+        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                       "http fancyindex file: \"%s\"", ngx_de_name(&dir));
+
+        len = ngx_de_namelen(&dir);
+
+        if (ngx_de_name(&dir)[0] == '.')
+            continue;
+
+        if (alcf->hide_symlinks && ngx_de_is_link (&dir))
+            continue;
+
+#if NGX_PCRE
+        {
+            ngx_str_t str;
+            str.len = len;
+            str.data = ngx_de_name(&dir);
+
+            if (alcf->ignore && ngx_regex_exec_array(alcf->ignore, &str,
+                                                     r->connection->log)
+                != NGX_DECLINED)
+            {
+                continue;
+            }
+        }
+#else /* !NGX_PCRE */
+        if (alcf->ignore) {
+            u_int match_found = 0;
+            ngx_str_t *s = alcf->ignore->elts;
+
+            for (i = 0; i < alcf->ignore->nelts; i++, s++) {
+                if (ngx_strcmp(ngx_de_name(&dir), s->data) == 0) {
+                    match_found = 1;
+                    break;
+                }
+            }
+
+            if (match_found) {
+                continue;
+            }
+        }
+#endif /* NGX_PCRE */
+
+        if (!dir.valid_info) {
+            /* 1 byte for '/' and 1 byte for terminating '\0' */
+            if (path.len + 1 + len + 1 > allocated) {
+                allocated = path.len + 1 + len + 1
+                          + NGX_HTTP_FANCYINDEX_PREALLOCATE;
+
+                if ((filename = ngx_palloc(r->pool, allocated)) == NULL)
+                    return ngx_http_fancyindex_error(r, &dir, &path);
+
+                last = ngx_cpystrn(filename, path.data, path.len + 1);
+                *last++ = '/';
+            }
+
+            ngx_cpystrn(last, ngx_de_name(&dir), len + 1);
+
+            if (ngx_de_info(filename, &dir) == NGX_FILE_ERROR) {
+                ngx_int_t err = ngx_errno;
+
+                if (err != NGX_ENOENT) {
+                    ngx_log_error(NGX_LOG_ERR, r->connection->log, err,
+                            ngx_de_info_n " \"%s\" failed", filename);
+                    continue;
+                }
+
+                if (ngx_de_link_info(filename, &dir) == NGX_FILE_ERROR) {
+                    ngx_log_error(NGX_LOG_CRIT, r->connection->log, ngx_errno,
+                            ngx_de_link_info_n " \"%s\" failed", filename);
+                    return ngx_http_fancyindex_error(r, &dir, &path);
+                }
+            }
+        }
+
+        if ((entry = ngx_array_push(&entries)) == NULL)
+            return ngx_http_fancyindex_error(r, &dir, &path);
+
+        entry->name.len  = len;
+        entry->name.data = ngx_palloc(r->pool, len + 1);
+        if (entry->name.data == NULL)
+            return ngx_http_fancyindex_error(r, &dir, &path);
+
+        ngx_cpystrn(entry->name.data, ngx_de_name(&dir), len + 1);
+        entry->escape = 2 * ngx_fancyindex_escape_uri(NULL,
+                                                      ngx_de_name(&dir),
+                                                      len);
+
+        entry->dir     = ngx_de_is_dir(&dir);
+        entry->mtime   = ngx_de_mtime(&dir);
+        entry->size    = ngx_de_size(&dir);
+        entry->utf_len = (r->headers_out.charset.len == 5 &&
+                ngx_strncasecmp(r->headers_out.charset.data, (u_char*) "utf-8", 5) == 0)
+            ?  ngx_utf8_length(entry->name.data, entry->name.len)
+            : len;
+    }
+
+    if (ngx_close_dir(&dir) == NGX_ERROR) {
+        ngx_log_error(NGX_LOG_ALERT, r->connection->log, ngx_errno,
+                ngx_close_dir_n " \"%s\" failed", &path);
+    }
+
+    /*
+     * Calculate needed buffer length.
+     */
+    if (alcf->show_path)
+        len = r->uri.len
+          + ngx_sizeof_ssz(t05_body2)
+          + ngx_sizeof_ssz(t06_list1)
+          + ngx_sizeof_ssz(t_parentdir_entry)
+          + ngx_sizeof_ssz(t07_list2)
+          + ngx_fancyindex_timefmt_calc_size (&alcf->time_format) * entries.nelts
+          ;
+   else
+        len = r->uri.len
+          + ngx_sizeof_ssz(t06_list1)
+          + ngx_sizeof_ssz(t_parentdir_entry)
+          + ngx_sizeof_ssz(t07_list2)
+          + ngx_fancyindex_timefmt_calc_size (&alcf->time_format) * entries.nelts
+          ;
+
+    /*
+     * If we are a the root of the webserver (URI =  "/" --> length of 1),
+     * do not display the "Parent Directory" link.
+     */
+    if (r->uri.len == 1) {
+        len -= ngx_sizeof_ssz(t_parentdir_entry);
+    }
+
+    entry = entries.elts;
+    for (i = 0; i < entries.nelts; i++) {
+        /*
+         * Genearated table rows are as follows, unneeded whitespace
+         * is stripped out:
+         *
+         *   
+         *     fname
+         *     sizedate
+         *   
+         */
+        len += ngx_sizeof_ssz("")
+            + entry[i].name.len + entry[i].utf_len
+            + alcf->name_length + ngx_sizeof_ssz(">")
+            + ngx_sizeof_ssz("")
+            + 20 /* File size */
+            + ngx_sizeof_ssz("")    /* Date prefix */
+            + ngx_sizeof_ssz("\n") /* Date suffix */
+            + 2 /* CR LF */
+            ;
+    }
+
+    if ((b = ngx_create_temp_buf(r->pool, len)) == NULL)
+        return NGX_HTTP_INTERNAL_SERVER_ERROR;
+
+    /*
+     * Determine the sorting criteria. URL arguments look like:
+     *
+     *    C=x[&O=y]
+     *
+     * Where x={M,S,N} and y={A,D}
+     */
+    if ((r->args.len == 3 || (r->args.len == 7 && r->args.data[3] == '&')) &&
+        r->args.data[0] == 'C' && r->args.data[1] == '=')
+    {
+        /* Determine whether the direction of the sorting */
+        ngx_int_t sort_descending = r->args.len == 7
+                                 && r->args.data[4] == 'O'
+                                 && r->args.data[5] == '='
+                                 && r->args.data[6] == 'D';
+
+        /* Pick the sorting criteria */
+        switch (r->args.data[2]) {
+            case 'M': /* Sort by mtime */
+                if (sort_descending) {
+                    sort_cmp_func = ngx_http_fancyindex_cmp_entries_mtime_desc;
+                    if (alcf->default_sort != NGX_HTTP_FANCYINDEX_SORT_CRITERION_DATE_DESC)
+                        sort_url_args = "?C=M&O=D";
+                }
+                else {
+                    sort_cmp_func = ngx_http_fancyindex_cmp_entries_mtime_asc;
+                    if (alcf->default_sort != NGX_HTTP_FANCYINDEX_SORT_CRITERION_DATE)
+                        sort_url_args = "?C=M&O=A";
+                }
+                break;
+            case 'S': /* Sort by size */
+                if (sort_descending) {
+                    sort_cmp_func = ngx_http_fancyindex_cmp_entries_size_desc;
+                    if (alcf->default_sort != NGX_HTTP_FANCYINDEX_SORT_CRITERION_SIZE_DESC)
+                        sort_url_args = "?C=S&O=D";
+                }
+                else {
+                    sort_cmp_func = ngx_http_fancyindex_cmp_entries_size_asc;
+                        if (alcf->default_sort != NGX_HTTP_FANCYINDEX_SORT_CRITERION_SIZE)
+                    sort_url_args = "?C=S&O=A";
+                }
+                break;
+            case 'N': /* Sort by name */
+            default:
+                if (sort_descending) {
+                    sort_cmp_func = ngx_http_fancyindex_cmp_entries_name_desc;
+                    if (alcf->default_sort != NGX_HTTP_FANCYINDEX_SORT_CRITERION_NAME_DESC)
+                        sort_url_args = "?C=N&O=D";
+                }
+                else {
+                    sort_cmp_func = ngx_http_fancyindex_cmp_entries_name_asc;
+                    if (alcf->default_sort != NGX_HTTP_FANCYINDEX_SORT_CRITERION_NAME)
+                        sort_url_args = "?C=N&O=A";
+                }
+                break;
+        }
+    }
+    else {
+        switch (alcf->default_sort) {
+            case NGX_HTTP_FANCYINDEX_SORT_CRITERION_DATE_DESC:
+                sort_cmp_func = ngx_http_fancyindex_cmp_entries_mtime_desc;
+                break;
+            case NGX_HTTP_FANCYINDEX_SORT_CRITERION_DATE:
+                sort_cmp_func = ngx_http_fancyindex_cmp_entries_mtime_asc;
+                break;
+            case NGX_HTTP_FANCYINDEX_SORT_CRITERION_SIZE_DESC:
+                sort_cmp_func = ngx_http_fancyindex_cmp_entries_size_desc;
+                break;
+            case NGX_HTTP_FANCYINDEX_SORT_CRITERION_SIZE:
+                sort_cmp_func = ngx_http_fancyindex_cmp_entries_size_asc;
+                break;
+            case NGX_HTTP_FANCYINDEX_SORT_CRITERION_NAME_DESC:
+                sort_cmp_func = ngx_http_fancyindex_cmp_entries_name_desc;
+                break;
+            case NGX_HTTP_FANCYINDEX_SORT_CRITERION_NAME:
+            default:
+                sort_cmp_func = ngx_http_fancyindex_cmp_entries_name_asc;
+                break;
+        }
+    }
+
+    /* Sort entries, if needed */
+    if (entries.nelts > 1) {
+        /* Use ngx_sort for stability */ 
+        ngx_sort(entry, (size_t) entries.nelts,
+                  sizeof(ngx_http_fancyindex_entry_t),
+                  sort_cmp_func);
+
+        if (alcf->dirs_first)
+        {
+            /* Sort directories first */
+            ngx_sort(entry, (size_t) entries.nelts,
+                      sizeof(ngx_http_fancyindex_entry_t),
+                      ngx_http_fancyindex_cmp_entries_dirs_first);
+        }
+
+    }
+
+    /* Display the path, if needed */
+    if (alcf->show_path){
+        b->last = ngx_cpymem_str(b->last, r->uri);
+        b->last = ngx_cpymem_ssz(b->last, t05_body2);
+    }
+
+    /* Open the  tag */
+    b->last = ngx_cpymem_ssz(b->last, t06_list1);
+
+    tp = ngx_timeofday();
+
+    /* "Parent dir" entry, always first if displayed */
+    if (r->uri.len > 1) {
+        b->last = ngx_cpymem_ssz(b->last,
+                                 ""
+                                 ""
+                                 ""
+                                 ""
+                                 "");
+    }
+
+    /* Entries for directories and files */
+    for (i = 0; i < entries.nelts; i++) {
+        b->last = ngx_cpymem_ssz(b->last, "");
+
+        *b->last++ = CR;
+        *b->last++ = LF;
+    }
+
+    /* Output table bottom */
+    b->last = ngx_cpymem_ssz(b->last, t07_list2);
+
+    *pb = b;
+    return NGX_OK;
+}
+
+
+
+static ngx_int_t
+ngx_http_fancyindex_handler(ngx_http_request_t *r)
+{
+    ngx_http_request_t             *sr;
+    ngx_str_t                      *sr_uri;
+    ngx_str_t                       rel_uri;
+    ngx_int_t                       rc;
+    ngx_http_fancyindex_loc_conf_t *alcf;
+    ngx_chain_t                     out[3] = {
+        { NULL, NULL }, { NULL, NULL}, { NULL, NULL }};
+
+
+    if (r->uri.data[r->uri.len - 1] != '/') {
+        return NGX_DECLINED;
+    }
+
+    /* TODO: Win32 */
+#if defined(nginx_version) \
+    && ((nginx_version < 7066) \
+        || ((nginx_version > 8000) && (nginx_version < 8038)))
+    if (r->zero_in_uri) {
+        return NGX_DECLINED;
+    }
+#endif
+
+    if (!(r->method & (NGX_HTTP_GET|NGX_HTTP_HEAD))) {
+        return NGX_DECLINED;
+    }
+
+    alcf = ngx_http_get_module_loc_conf(r, ngx_http_fancyindex_module);
+
+    if (!alcf->enable) {
+        return NGX_DECLINED;
+    }
+
+    if ((rc = make_content_buf(r, &out[0].buf, alcf)) != NGX_OK)
+        return rc;
+
+    out[0].buf->last_in_chain = 1;
+
+    r->headers_out.status = NGX_HTTP_OK;
+    r->headers_out.content_type_len  = ngx_sizeof_ssz("text/html");
+    r->headers_out.content_type.len  = ngx_sizeof_ssz("text/html");
+    r->headers_out.content_type.data = (u_char *) "text/html";
+
+    rc = ngx_http_send_header(r);
+    if (rc == NGX_ERROR || rc > NGX_OK || r->header_only)
+        return rc;
+
+    if (alcf->header.len > 0) {
+        /* URI is configured, make Nginx take care of with a subrequest. */
+        sr_uri = &alcf->header;
+
+        if (*sr_uri->data != '/') {
+            /* Relative path */
+            rel_uri.len  = r->uri.len + alcf->header.len;
+            rel_uri.data = ngx_palloc(r->pool, rel_uri.len);
+            if (rel_uri.data == NULL) {
+                return NGX_HTTP_INTERNAL_SERVER_ERROR;
+            }
+            ngx_memcpy(ngx_cpymem(rel_uri.data, r->uri.data, r->uri.len),
+                    alcf->header.data, alcf->header.len);
+            sr_uri = &rel_uri;
+        }
+
+        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                "http fancyindex: header subrequest \"%V\"", sr_uri);
+
+        rc = ngx_http_subrequest(r, sr_uri, NULL, &sr, NULL, 0);
+        if (rc == NGX_ERROR || rc == NGX_DONE) {
+            ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                    "http fancyindex: header subrequest for \"%V\" failed", sr_uri);
+            return rc;
+        }
+
+        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                "http fancyindex: header subrequest status = %i",
+                sr->headers_out.status);
+        /* ngx_http_subrequest returns NGX_OK(0), not NGX_HTTP_OK(200) */
+        if (sr->headers_out.status != NGX_OK) {
+            /*
+             * XXX: Should we write a message to the error log just in case
+             * we get something different from a 404?
+             */
+            goto add_builtin_header;
+        }
+    }
+    else {
+add_builtin_header:
+        ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                "http fancyindex: adding built-in header");
+        /* Make space before */
+        out[1].next = out[0].next;
+        out[1].buf  = out[0].buf;
+        /* Chain header buffer */
+        out[0].next = &out[1];
+        out[0].buf  = make_header_buf(r, alcf->css_href);
+    }
+
+    /* If footer is disabled, chain up footer buffer. */
+    if (alcf->footer.len == 0) {
+        ngx_uint_t last  = (alcf->header.len == 0) ? 2 : 1;
+
+        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                "http fancyindex: adding built-in footer at %i", last);
+
+        out[last-1].next = &out[last];
+        out[last].buf    = make_footer_buf(r);
+
+        out[last-1].buf->last_in_chain = 0;
+        out[last].buf->last_in_chain   = 1;
+        out[last].buf->last_buf        = 1;
+        /* Send everything with a single call :D */
+        return ngx_http_output_filter(r, &out[0]);
+    }
+
+    /*
+     * If we reach here, we were asked to send a custom footer. We need to:
+     * partially send whatever is referenced from out[0] and then send the
+     * footer as a subrequest. If the subrequest fails, we should send the
+     * standard footer as well.
+     */
+    rc = ngx_http_output_filter(r, &out[0]);
+
+    if (rc != NGX_OK && rc != NGX_AGAIN)
+        return NGX_HTTP_INTERNAL_SERVER_ERROR;
+
+    /* URI is configured, make Nginx take care of with a subrequest. */
+    sr_uri = &alcf->footer;
+
+    if (*sr_uri->data != '/') {
+        /* Relative path */
+        rel_uri.len  = r->uri.len + alcf->footer.len;
+        rel_uri.data = ngx_palloc(r->pool, rel_uri.len);
+        if (rel_uri.data == NULL) {
+            return NGX_HTTP_INTERNAL_SERVER_ERROR;
+        }
+        ngx_memcpy(ngx_cpymem(rel_uri.data, r->uri.data, r->uri.len),
+                alcf->footer.data, alcf->footer.len);
+        sr_uri = &rel_uri;
+    }
+
+    ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+            "http fancyindex: footer subrequest \"%V\"", sr_uri);
+
+    rc = ngx_http_subrequest(r, sr_uri, NULL, &sr, NULL, 0);
+    if (rc == NGX_ERROR || rc == NGX_DONE) {
+        ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                "http fancyindex: footer subrequest for \"%V\" failed", sr_uri);
+        return rc;
+    }
+
+    ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+            "http fancyindex: header subrequest status = %i",
+            sr->headers_out.status);
+
+    /* see above: ngx_http_subrequest resturns NGX_OK (0) not NGX_HTTP_OK (200) */
+    if (sr->headers_out.status != NGX_OK) {
+        /*
+         * XXX: Should we write a message to the error log just in case
+         * we get something different from a 404?
+         */
+        out[0].next = NULL;
+        out[0].buf  = make_footer_buf(r);
+        out[0].buf->last_in_chain = 1;
+        out[0].buf->last_buf = 1;
+        /* Directly send out the builtin footer */
+        return ngx_http_output_filter(r, &out[0]);
+    }
+
+    return (r != r->main) ? rc : ngx_http_send_special(r, NGX_HTTP_LAST);
+}
+
+static ngx_int_t ngx_libc_cdecl
+ngx_http_fancyindex_cmp_entries_dirs_first(const void *one, const void *two)
+{
+    ngx_http_fancyindex_entry_t *first = (ngx_http_fancyindex_entry_t *) one;
+    ngx_http_fancyindex_entry_t *second = (ngx_http_fancyindex_entry_t *) two;
+
+    /* move the directories to the start */
+    if (first->dir && !second->dir) {
+        return -1;
+    }
+    if (!first->dir && second->dir) {
+        return 1;
+    }
+
+    return 0;
+}
+
+
+static ngx_int_t ngx_libc_cdecl
+ngx_http_fancyindex_cmp_entries_name_desc(const void *one, const void *two)
+{
+    ngx_http_fancyindex_entry_t *first = (ngx_http_fancyindex_entry_t *) one;
+    ngx_http_fancyindex_entry_t *second = (ngx_http_fancyindex_entry_t *) two;
+
+    return (int) ngx_strcmp(second->name.data, first->name.data);
+}
+
+
+static ngx_int_t ngx_libc_cdecl
+ngx_http_fancyindex_cmp_entries_size_desc(const void *one, const void *two)
+{
+    ngx_http_fancyindex_entry_t *first = (ngx_http_fancyindex_entry_t *) one;
+    ngx_http_fancyindex_entry_t *second = (ngx_http_fancyindex_entry_t *) two;
+
+    return (first->size < second->size) - (first->size > second->size);
+}
+
+
+static ngx_int_t ngx_libc_cdecl
+ngx_http_fancyindex_cmp_entries_mtime_desc(const void *one, const void *two)
+{
+    ngx_http_fancyindex_entry_t *first = (ngx_http_fancyindex_entry_t *) one;
+    ngx_http_fancyindex_entry_t *second = (ngx_http_fancyindex_entry_t *) two;
+
+    return (int) (second->mtime - first->mtime);
+}
+
+
+static ngx_int_t ngx_libc_cdecl
+ngx_http_fancyindex_cmp_entries_name_asc(const void *one, const void *two)
+{
+    ngx_http_fancyindex_entry_t *first = (ngx_http_fancyindex_entry_t *) one;
+    ngx_http_fancyindex_entry_t *second = (ngx_http_fancyindex_entry_t *) two;
+
+    return (int) ngx_strcmp(first->name.data, second->name.data);
+}
+
+
+static ngx_int_t ngx_libc_cdecl
+ngx_http_fancyindex_cmp_entries_size_asc(const void *one, const void *two)
+{
+    ngx_http_fancyindex_entry_t *first = (ngx_http_fancyindex_entry_t *) one;
+    ngx_http_fancyindex_entry_t *second = (ngx_http_fancyindex_entry_t *) two;
+
+    return (first->size > second->size) - (first->size < second->size);
+}
+
+
+static ngx_int_t ngx_libc_cdecl
+ngx_http_fancyindex_cmp_entries_mtime_asc(const void *one, const void *two)
+{
+    ngx_http_fancyindex_entry_t *first = (ngx_http_fancyindex_entry_t *) one;
+    ngx_http_fancyindex_entry_t *second = (ngx_http_fancyindex_entry_t *) two;
+
+    return (int) (first->mtime - second->mtime);
+}
+
+
+static ngx_int_t
+ngx_http_fancyindex_error(ngx_http_request_t *r, ngx_dir_t *dir, ngx_str_t *name)
+{
+    if (ngx_close_dir(dir) == NGX_ERROR) {
+        ngx_log_error(NGX_LOG_ALERT, r->connection->log, ngx_errno,
+                      ngx_close_dir_n " \"%V\" failed", name);
+    }
+
+    return NGX_HTTP_INTERNAL_SERVER_ERROR;
+}
+
+
+static void *
+ngx_http_fancyindex_create_loc_conf(ngx_conf_t *cf)
+{
+    ngx_http_fancyindex_loc_conf_t  *conf;
+
+    conf = ngx_pcalloc(cf->pool, sizeof(ngx_http_fancyindex_loc_conf_t));
+    if (conf == NULL) {
+        return NGX_CONF_ERROR;
+    }
+
+    /*
+     * Set by ngx_pcalloc:
+     *    conf->header.len       = 0
+     *    conf->header.data      = NULL
+     *    conf->footer.len       = 0
+     *    conf->footer.data      = NULL
+     *    conf->css_href.len     = 0
+     *    conf->css_href.data    = NULL
+     *    conf->time_format.len  = 0
+     *    conf->time_format.data = NULL
+     */
+    conf->enable        = NGX_CONF_UNSET;
+    conf->default_sort  = NGX_CONF_UNSET_UINT;
+    conf->dirs_first    = NGX_CONF_UNSET;
+    conf->localtime     = NGX_CONF_UNSET;
+    conf->name_length   = NGX_CONF_UNSET_UINT;
+    conf->exact_size    = NGX_CONF_UNSET;
+    conf->ignore        = NGX_CONF_UNSET_PTR;
+    conf->hide_symlinks = NGX_CONF_UNSET;
+    conf->show_path     = NGX_CONF_UNSET;
+
+    return conf;
+}
+
+
+static char *
+ngx_http_fancyindex_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
+{
+    ngx_http_fancyindex_loc_conf_t *prev = parent;
+    ngx_http_fancyindex_loc_conf_t *conf = child;
+
+    (void) cf; /* unused */
+
+    ngx_conf_merge_value(conf->enable, prev->enable, 0);
+    ngx_conf_merge_uint_value(conf->default_sort, prev->default_sort, NGX_HTTP_FANCYINDEX_SORT_CRITERION_NAME);
+    ngx_conf_merge_value(conf->dirs_first, prev->dirs_first, 1);
+    ngx_conf_merge_value(conf->localtime, prev->localtime, 0);
+    ngx_conf_merge_value(conf->exact_size, prev->exact_size, 1);
+    ngx_conf_merge_value(conf->show_path, prev->show_path, 1);
+    ngx_conf_merge_uint_value(conf->name_length, prev->name_length, 50);
+
+    ngx_conf_merge_str_value(conf->header, prev->header, "");
+    ngx_conf_merge_str_value(conf->footer, prev->footer, "");
+    ngx_conf_merge_str_value(conf->css_href, prev->css_href, "");
+    ngx_conf_merge_str_value(conf->time_format, prev->time_format, "%Y-%b-%d %H:%M");
+
+    ngx_conf_merge_ptr_value(conf->ignore, prev->ignore, NULL);
+    ngx_conf_merge_value(conf->hide_symlinks, prev->hide_symlinks, 0);
+
+    /* Just make sure we haven't disabled the show_path directive without providing a custom header */
+    if (conf->show_path == 0 && conf->header.len == 0)
+    {
+        ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "FancyIndex : cannot set show_path to off without providing a custom header !");
+        return NGX_CONF_ERROR;
+    }
+
+    return NGX_CONF_OK;
+}
+
+
+static char*
+ngx_http_fancyindex_ignore(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
+{
+    ngx_http_fancyindex_loc_conf_t *alcf = conf;
+    ngx_str_t *value;
+
+    (void) cmd; /* unused */
+
+#if (NGX_PCRE)
+    ngx_uint_t          i;
+    ngx_regex_elt_t    *re;
+    ngx_regex_compile_t rc;
+    u_char              errstr[NGX_MAX_CONF_ERRSTR];
+
+    if (alcf->ignore == NGX_CONF_UNSET_PTR) {
+        alcf->ignore = ngx_array_create(cf->pool, 2, sizeof(ngx_regex_elt_t));
+        if (alcf->ignore == NULL) {
+            return NGX_CONF_ERROR;
+        }
+    }
+
+    value = cf->args->elts;
+
+    ngx_memzero(&rc, sizeof(ngx_regex_compile_t));
+
+    rc.err.data = errstr;
+    rc.err.len  = NGX_MAX_CONF_ERRSTR;
+    rc.pool     = cf->pool;
+
+    for (i = 1; i < cf->args->nelts; i++) {
+        re = ngx_array_push(alcf->ignore);
+        if (re == NULL) {
+            return NGX_CONF_ERROR;
+        }
+
+        rc.pattern = value[i];
+        rc.options = NGX_REGEX_CASELESS;
+
+        if (ngx_regex_compile(&rc) != NGX_OK) {
+            ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "%V", &rc.err);
+            return NGX_CONF_ERROR;
+        }
+
+        re->name  = value[i].data;
+        re->regex = rc.regex;
+    }
+
+    return NGX_CONF_OK;
+#else /* !NGX_PCRE */
+    ngx_uint_t i;
+    ngx_str_t *str;
+
+    if (alcf->ignore == NGX_CONF_UNSET_PTR) {
+        alcf->ignore = ngx_array_create(cf->pool, 2, sizeof(ngx_str_t));
+        if (alcf->ignore == NULL) {
+            return NGX_CONF_ERROR;
+        }
+    }
+
+    value = cf->args->elts;
+
+    for (i = 1; i < cf->args->nelts; i++) {
+        str = ngx_array_push(alcf->ignore);
+        if (str == NULL) {
+            return NGX_CONF_ERROR;
+        }
+
+        str->data = value[i].data;
+        str->len  = value[i].len;
+    }
+
+    return NGX_CONF_OK;
+#endif /* NGX_PCRE */
+
+}
+
+
+static ngx_int_t
+ngx_http_fancyindex_init(ngx_conf_t *cf)
+{
+    ngx_http_handler_pt        *h;
+    ngx_http_core_main_conf_t  *cmcf;
+
+    cmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_core_module);
+
+    h = ngx_array_push(&cmcf->phases[NGX_HTTP_CONTENT_PHASE].handlers);
+    if (h == NULL) {
+        return NGX_ERROR;
+    }
+
+    *h = ngx_http_fancyindex_handler;
+
+    return NGX_OK;
+}
+
+/* vim:et:sw=4:ts=4:
+ */
diff --git a/debian/modules/http-fancyindex/t/00-build-artifacts.test b/debian/modules/http-fancyindex/t/00-build-artifacts.test
new file mode 100644
index 0000000..b9bc1ac
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/00-build-artifacts.test
@@ -0,0 +1,22 @@
+#! /bin/bash
+cat <<---
+This test checks that the built Nginx either has the dynamic fancyindex
+module available, or that it's not there (for static builds).
+--
+
+readonly nginx_path="${PREFIX}/sbin/nginx"
+readonly so_path="${PREFIX}/modules/ngx_http_fancyindex_module.so"
+
+if [[ ! -x ${nginx_path} ]] ; then
+	fail "executable binary not found at '%s'\n" "${nginx_path}"
+fi
+
+if ${DYNAMIC} ; then
+	if [[ ! -r ${so_path} ]] ; then
+		fail "module not found at '%s'\n" "${so_path}"
+	fi
+else
+	if [[ -r ${so_path} ]] ; then
+		fail "module should not exist at '%s'\n" "${so_path}"
+	fi
+fi
diff --git a/debian/modules/http-fancyindex/t/01-smoke-hasindex.test b/debian/modules/http-fancyindex/t/01-smoke-hasindex.test
new file mode 100644
index 0000000..19706a4
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/01-smoke-hasindex.test
@@ -0,0 +1,7 @@
+#! /bin/bash
+cat <<---
+This test fetches the root directory served by Nginx, which has no index file,
+and checks that the output contains something that resembles a directory index.
+--
+nginx_start
+grep 'Index of' <( fetch )
diff --git a/debian/modules/http-fancyindex/t/02-smoke-indexisfancy.test b/debian/modules/http-fancyindex/t/02-smoke-indexisfancy.test
new file mode 100644
index 0000000..10cc403
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/02-smoke-indexisfancy.test
@@ -0,0 +1,11 @@
+#! /bin/bash
+cat <<---
+This test fetches the root directory served by Nginx, which has no index file,
+and checks that the output contains something that resembles the output from
+the fancyindex module.
+--
+nginx_start
+content=$(fetch --with-headers)
+grep 'Index of /' <<< "${content}"  # It is an index
+grep '\'  <<< "${content}"  # It contains a table
+grep '^  Content-Type:[[:space:]]*text/html' <<< "${content}"
diff --git a/debian/modules/http-fancyindex/t/03-exact_size_off.test b/debian/modules/http-fancyindex/t/03-exact_size_off.test
new file mode 100644
index 0000000..cdc61ec
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/03-exact_size_off.test
@@ -0,0 +1,8 @@
+#! /bin/bash
+cat <<---
+We test if the output from using "fancyindex_exact_size off" looks sane
+--
+nginx_start 'fancyindex_exact_size off;'
+content=$(fetch)
+grep -e '[1-9]\.[0-9] KiB'  <<< "${content}"
+grep -E '[0-9]+ B'  <<< "${content}"
diff --git a/debian/modules/http-fancyindex/t/04-hasindex-html.test b/debian/modules/http-fancyindex/t/04-hasindex-html.test
new file mode 100644
index 0000000..69ac222
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/04-hasindex-html.test
@@ -0,0 +1,24 @@
+#! /bin/bash
+cat <<---
+This test fetches the root directory served by Nginx, which has no index
+file, and checks the output contains a few HTML elements know to exist in
+a directory index.
+--
+use pup
+nginx_start
+
+content=$( fetch )
+
+# Check page title
+[[ $(pup -p title text{} <<< "${content}") = 'Index of /' ]]
+
+# Check table headers
+[[ $(pup -n body table thead th a:first-child <<< "${content}") -eq 3 ]]
+{
+	read -r name_label
+	read -r size_label
+	read -r date_label
+} < <(  pup -p body table thead th a:first-child text{} <<< "${content}" )
+[[ ${name_label} = File\ Name ]]
+[[ ${size_label} = File\ Size ]]
+[[ ${date_label} = Date ]]
diff --git a/debian/modules/http-fancyindex/t/05-sort-by-size.test b/debian/modules/http-fancyindex/t/05-sort-by-size.test
new file mode 100644
index 0000000..23fade9
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/05-sort-by-size.test
@@ -0,0 +1,36 @@
+#! /bin/bash
+cat <<---
+This test validates that the sorting by file size works.
+--
+use pup
+nginx_start
+
+# Ascending sort.
+previous=''
+while read -r size ; do
+	if [[ ${size} = - ]] ; then
+		continue
+	fi
+	if [[ -z ${previous} ]] ; then
+		previous=${size}
+		continue
+	fi
+	[[ ${previous} -le ${size} ]] || fail \
+		'Size %d should be smaller than %d\n' "${previous}" "${size}"
+done < <( fetch '/?C=S&O=A' \
+	    | pup -p body table tbody 'td:nth-child(2)' text{} )
+
+# Descending sort.
+previous=''
+while read -r size ; do
+	if [[ ${size} = - ]] ; then
+		continue
+	fi
+	if [[ -z ${previous} ]] ; then
+		previous=${size}
+		continue
+	fi
+	[[ ${previous} -ge ${size} ]] || fail \
+		'Size %d should be greater than %d\n' "${previous}" "${size}"
+done < <( fetch '/?C=S&O=D' \
+	    | pup -p body table tbody 'td:nth-child(2)' text{} )
diff --git a/debian/modules/http-fancyindex/t/bug61-empty-file-segfault.test b/debian/modules/http-fancyindex/t/bug61-empty-file-segfault.test
new file mode 100644
index 0000000..d9c5a40
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/bug61-empty-file-segfault.test
@@ -0,0 +1,16 @@
+#! /bin/bash
+cat <<---
+Bug #61: Listing a directory with an empty file crashes Nginx
+https://github.com/aperezdc/ngx-fancyindex/issues/61
+--
+
+# Prepare an empty directory with an empty file
+mkdir -p "${TESTDIR}/bug61"
+touch "${TESTDIR}/bug61/bug61.txt"
+
+nginx_start 'fancyindex_exact_size off;'
+content=$(fetch /bug61/)
+test -n "${content}" || fail "Empty response"
+echo "Response:"
+echo "${content}"
+nginx_is_running || fail "Nginx died"
diff --git a/debian/modules/http-fancyindex/t/build-and-run b/debian/modules/http-fancyindex/t/build-and-run
new file mode 100755
index 0000000..68584b7
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/build-and-run
@@ -0,0 +1,25 @@
+#! /bin/bash
+set -e
+
+if [[ $# -lt 1 || $# -gt 2 ]] ; then
+	echo "Usage: $0  [1]" 1>&2
+	exit 1
+fi
+
+readonly NGINX=$1
+
+if [[ $2 -eq 1 ]] ; then
+	readonly DYNAMIC=$2
+fi
+
+cd "$(dirname "$0")/.."
+wget -O - http://nginx.org/download/nginx-${NGINX}.tar.gz | tar -xzf -
+rm -rf prefix/
+cd nginx-${NGINX}
+./configure \
+	--add-${DYNAMIC:+dynamic-}module=.. \
+	--with-http_addition_module \
+	--prefix="$(pwd)/../prefix"
+make install
+cd ..
+exec ./t/run prefix ${DYNAMIC}
diff --git a/debian/modules/http-fancyindex/t/get-pup b/debian/modules/http-fancyindex/t/get-pup
new file mode 100755
index 0000000..613dac7
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/get-pup
@@ -0,0 +1,81 @@
+#! /bin/bash
+set -e
+
+declare -r VERSION='0.4.0'
+declare -r SHASUMS='\
+75c27caa0008a9cc639beb7506077ad9f32facbffcc4e815e999eaf9588a527e  pup_v0.4.0_darwin_386.zip
+c539a697efee2f8e56614a54cb3b215338e00de1f6a7c2fa93144ab6e1db8ebe  pup_v0.4.0_darwin_amd64.zip
+259eee82c7d7d766f1b8f93a382be21dcfefebc855a9ce8124fd78717f9df439  pup_v0.4.0_dragonfly_amd64.zip
+ba0fe5e87a24cab818e5d2efdd7540714ddfb1b7246600135915c666fdf1a601  pup_v0.4.0_freebsd_386.zip
+1838ef84ec1f961e8009d19a4d1e6a23b926ee315da3d60c08878f3d69af5692  pup_v0.4.0_freebsd_amd64.zip
+6886a9c60a912a810d012610bc3f784f0417999ff7d7df833a0695b9af60395b  pup_v0.4.0_freebsd_arm.zip
+e486b32ca07552cd3aa713cbf2f9d1b6e210ddb51d34b3090c7643f465828057  pup_v0.4.0_linux_386.zip
+ec3d29e9fb375b87ac492c8b546ad6be84b0c0b49dab7ff4c6b582eac71ba01c  pup_v0.4.0_linux_amd64.zip
+c09b669fa8240f4f869dee7d34ee3c7ea620a0280cee1ea7d559593bcdd062c9  pup_v0.4.0_linux_arm64.zip
+ebf70b3c76c02e0202c94af7ef06dcb3ecc866d1b9b84453d43fe01fa5dd5870  pup_v0.4.0_linux_arm.zip
+a98a4d1f3c3a103e8ebe1a7aba9cb9d3cb045003208ca6f5f3d54889a225f267  pup_v0.4.0_linux_mips64le.zip
+8e471cf6cfa118b2497bb3f42a7a48c52d0096107f748f37216855c8ab94f8e5  pup_v0.4.0_linux_mips64.zip
+cfda9375eba65f710e052b1b59893c228c3fc92b0510756bb3f02c25938eee30  pup_v0.4.0_linux_ppc64le.zip
+91a1e07ffb2c373d6053252e4de732f5db78c8eace49c6e1a0ef52402ecdf56c  pup_v0.4.0_linux_ppc64.zip
+fdc9b28a3daac5ad096023e1647292a7eccea6d9b1686f871307dae9f3bd064f  pup_v0.4.0_nacl_386.zip
+c8d3c9b56783bd5a55446f4580e1835606b2b945da2d1417ed509c5927a5f8bc  pup_v0.4.0_nacl_amd64p32.zip
+48c068c4353672528c8c3447a536208b0719f1e6d0f8fab8416b38b63ad0c1d9  pup_v0.4.0_nacl_arm.zip
+7a27497b2f0be95c51bb2cbc25da12efba682c4f766bc5abc5742e9fc8d1eeb0  pup_v0.4.0_netbsd_386.zip
+71a1808eb1b6442aa45d1de9e1c4fca543b2754c1aff5ba3d62b3456f9519691  pup_v0.4.0_netbsd_amd64.zip
+928e6691b11c68ae3f28826848a13dc5c1c9673848fe7cf7f80dd76c9fb6e8a6  pup_v0.4.0_netbsd_arm.zip
+5aca20a9b3264d2fde5a8d32f213c434edf9570ee6fae18953b8fff09d2976e2  pup_v0.4.0_openbsd_386.zip
+e965c6f04b897240d84c60e2c18226deb231a657c5583680f58a61051ff5a100  pup_v0.4.0_openbsd_amd64.zip
+30bc88a1e06606f4f3449af9fbf586f97c2e958677460a72bb1a168f67c4911c  pup_v0.4.0_openbsd_arm.zip
+9d50decf4572292f187cfec84660648d648336bc6109e1f032b1699ba1d28549  pup_v0.4.0_plan9_386.zip
+1b2a6bd2388ddd691ca429497d88b2b047ec8dfb7bce9436925cb2f30632bf8e  pup_v0.4.0_plan9_amd64.zip
+0835de9c10a9e2b3b958b82d148da49eaafc695fe4a018cbaf7bb861b455583f  pup_v0.4.0_solaris_amd64.zip
+01acae220b69fb1ba8477d0e7f4d7669ef5de147966dc819cf75a845af74c5f3  pup_v0.4.0_windows_386.zip
+6755cbd43e94eaf173689e93e914c7056a2249c2977e5b90024fb397f9b45ba4  pup_v0.4.0_windows_amd64.zip
+'
+
+declare -r BASEURL="https://github.com/ericchiang/pup/releases/download/v${VERSION}"
+declare -r TDIR=$(dirname "$0")
+ARCH=''
+OS=''
+
+case $(uname -m) in
+	x86_64 | amd64 ) ARCH=amd64 ;;
+	i[3456]86 ) ARCH=386 ;;
+esac
+
+OS=$(uname -s | tr 'A-Z' 'a-z')
+case ${OS} in
+	linux | freebsd | openbsd | netbsd | darwin ) ;;
+	* ) OS=''
+esac
+
+if [[ -z ${ARCH} || -z ${OS} ]] ; then
+	echo "pup ${VERSION} is not available for $(uname -s) on $(uname -m)" 1>&2
+	exit 1
+fi
+
+declare -r ZIPFILE="pup_v${VERSION}_${OS}_${ARCH}.zip"
+EXPECT_SHA=''
+
+while read sum fname ; do
+	if [[ ${fname} = ${ZIPFILE} ]] ; then
+		EXPECT_SHA=${sum}
+		break
+	fi
+done <<< "${SHASUMS}"
+
+wget -cO "${TDIR}/${ZIPFILE}" "${BASEURL}/${ZIPFILE}"
+
+read -r GOT_SHA _ < <( sha256sum "${TDIR}/${ZIPFILE}" )
+if [[ ${EXPECT_SHA} = ${GOT_SHA} ]] ; then
+	echo "Checksum for ${ZIPFILE} verified :-)"
+else
+	rm -f "${TDIR}/${ZIPFILE}" "${TDIR}/pup"
+	echo "Checksum for ${ZIPFILE} does not match :-("
+	echo "   Expected: ${EXPECT_SHA}"
+	echo "        Got: ${GOT_SHA}"
+	exit 2
+fi 1>&2
+
+rm -f "${TDIR}/pup"
+unzip "${TDIR}/${ZIPFILE}" pup -d "${TDIR}"
diff --git a/debian/modules/http-fancyindex/t/has-index.test b/debian/modules/http-fancyindex/t/has-index.test
new file mode 100644
index 0000000..cf34207
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/has-index.test
@@ -0,0 +1,7 @@
+#! /bin/bash
+cat <<---
+This test ensures that the "index.html" is returned instead of a directory
+listing when fetching a directory which contains an index file.
+--
+nginx_start
+diff -u "${TESTDIR}/has-index/index.html" <( fetch /has-index/ ) 1>&2
diff --git a/debian/modules/http-fancyindex/t/has-index/index.html b/debian/modules/http-fancyindex/t/has-index/index.html
new file mode 100644
index 0000000..419ae86
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/has-index/index.html
@@ -0,0 +1,10 @@
+
+
+	
+        
+		Index file test
+	
+	
+		This is index.html.
+	
+
diff --git a/debian/modules/http-fancyindex/t/nginx.conf b/debian/modules/http-fancyindex/t/nginx.conf
new file mode 100644
index 0000000..2b99a3d
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/nginx.conf
@@ -0,0 +1,25 @@
+worker_processes  1;
+
+
+events {
+    worker_connections  1024;
+}
+
+http {
+    include       mime.types;
+    default_type  application/octet-stream;
+    sendfile        on;
+    keepalive_timeout  65;
+    server {
+        listen       80;
+        server_name  localhost;
+        location / {
+            root   html;
+            index  index.html index.htm;
+        }
+        error_page   500 502 503 504  /50x.html;
+        location = /50x.html {
+            root   html;
+        }
+    }
+}
diff --git a/debian/modules/http-fancyindex/t/preamble b/debian/modules/http-fancyindex/t/preamble
new file mode 100644
index 0000000..d3e4e30
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/preamble
@@ -0,0 +1,106 @@
+#! /bin/bash
+#
+# preamble
+# Copyright (C) 2016 Adrian Perez 
+#
+# Distributed under terms of the MIT license.
+#
+
+function nginx_conf_generate () {
+	if ${DYNAMIC} ; then
+		echo 'load_module modules/ngx_http_fancyindex_module.so;'
+	fi
+	cat <<-EOF
+	worker_processes 1;
+	events { worker_connections 1024; }
+	http {
+		include mime.types;
+		default_type application/octet-stream;
+		sendfile on;
+		keepalive_timeout 65;
+		server {
+			server_name localhost;
+			listen 127.0.0.1:8888;
+			root ${TESTDIR};
+			error_page 500 502 503 504 /50x.html;
+			location = /50x.html { root html; }
+			location / {
+				index index.html;
+				fancyindex on;
+				$*
+			}
+		}
+	}
+	EOF
+}
+
+readonly NGINX_CONF="${PREFIX}/conf/nginx.conf"
+readonly NGINX_PID="${PREFIX}/logs/nginx.pid"
+rm -f "${NGINX_CONF}" "${NGINX_PID}"
+mkdir -p "${PREFIX}/logs"
+
+function pup () {
+	if [[ -x ${TESTDIR}/pup ]] ; then
+		"${TESTDIR}/pup" "$@"
+	else
+		skip 'Test uses "pup", which is not available'
+	fi
+}
+
+function use () {
+	case $1 in
+		pup ) [[ -x ${TESTDIR}/pup ]] \
+			|| skip 'Test uses "pup", which is unavailable\n' ;;
+		* ) warn "Invalid 'use' flag: '%s'\n'" "$1" ;;
+	esac
+}
+
+function nginx () {
+	env - PATH="${PATH}" "${PREFIX}/sbin/nginx" "$@"
+}
+
+function nginx_conf () {
+	nginx_conf_generate "$@" > "${NGINX_CONF}"
+}
+
+function nginx_is_running () {
+	[[ -r ${NGINX_PID} ]] && kill -0 $(< "${NGINX_PID}")
+}
+
+function nginx_stop () {
+	if nginx_is_running ; then nginx -s stop ; fi
+	rm -f "${NGINX_PID}"
+}
+trap nginx_stop EXIT
+
+function nginx_start () {
+	if [[ $# -gt 0 || ! -r ${NGINX_CONF} ]] ; then nginx_conf "$@" ; fi
+	nginx_stop  # Ensure that it is not running.
+	nginx
+}
+
+function fetch () {
+	local -a opts=( -q )
+	if [[ $1 = --with-headers ]] ; then
+		opts+=( -S )
+		shift
+	fi
+	wget "${opts[@]}" -O- "http://localhost:8888${1:-/}" 2>&1
+}
+
+function skip () {
+	printf '(--) '
+	printf "$@"
+	exit 111
+} 1>&2
+
+function fail () {
+	printf '(FF) '
+	printf "$@"
+	exit 1
+} 1>&2
+
+function warn () {
+	printf '(WW) '
+	printf "$@"
+} 1>&2
diff --git a/debian/modules/http-fancyindex/t/run b/debian/modules/http-fancyindex/t/run
new file mode 100755
index 0000000..06cc3db
--- /dev/null
+++ b/debian/modules/http-fancyindex/t/run
@@ -0,0 +1,86 @@
+#! /bin/bash
+set -e
+
+if [[ $# -lt 1 || $# -gt 2 ]] ; then
+	echo "Usage: $0  [1]" 1>&2
+	exit 1
+fi
+
+# Obtain the absolute path to the tests directory
+pushd "$(dirname "$0")" &> /dev/null
+readonly T=$(pwd)
+popd &> /dev/null
+export T
+
+# Same for the nginx prefix directory
+pushd "$1" &> /dev/null
+readonly prefix=$(pwd)
+popd &> /dev/null
+
+dynamic=false
+if [[ $# -gt 1 && $2 -eq 1 ]] ; then
+	dynamic=true
+fi
+readonly dynamic
+
+declare -a t_pass=( )
+declare -a t_fail=( )
+declare -a t_skip=( )
+
+for t in `ls "$T"/*.test | sort -R` ; do
+	name="t/${t##*/}"
+	name=${name%.test}
+	printf "${name} ... "
+	errfile="${name}.err"
+	outfile="${name}.out"
+	shfile="${name}.sh"
+	cat > "${shfile}" <<-EOF
+	readonly DYNAMIC=${dynamic}
+	readonly TESTDIR='$T'
+	readonly PREFIX='${prefix}'
+	$(< "$T/preamble")
+	$(< "$t")
+	EOF
+	if bash -e "${shfile}" > "${outfile}" 2> "${errfile}" ; then
+		t_pass+=( "${name}" )
+		printf 'passed\n'
+	elif [[ $? -eq 111 ]] ; then
+		t_skip+=( "${name}" )
+		printf 'skipped\n'
+	else
+		t_fail+=( "${name}" )
+		printf 'failed\n'
+	fi
+done
+
+for name in "${t_fail[@]}" ; do
+	echo
+	printf '=== %s.out\n' "${name}"
+	cat "${name}.out"
+	echo
+	printf '=== %s.err\n' "${name}"
+	cat "${name}.err"
+	echo
+done
+
+if [[ ${#t_skip[@]} -gt 0 ]] ; then
+	echo
+	printf 'Skipped tests:\n'
+	for name in "${t_skip[@]}" ; do
+		reason=$(grep '^(\-\-) ' "${name}.err" | head -1)
+		if [[ -z ${reason} ]] ; then
+			reason='No reason given'
+		else
+			reason=${reason:5}
+		fi
+		printf ' - %s: %s\n' "${name}" "${reason:-No reason given}"
+	done
+	echo
+fi
+
+printf '=== passed/skipped/failed/total: %d/%d/%d/%d\n' \
+	${#t_pass[@]} ${#t_skip[@]} ${#t_fail[@]} $(( ${#t_pass[@]} + ${#t_fail[@]} ))
+
+if [[ ${#t_fail[@]} -gt 0 ]] ; then
+	exit 1
+fi
diff --git a/debian/modules/http-fancyindex/template.awk b/debian/modules/http-fancyindex/template.awk
new file mode 100755
index 0000000..f9ec4a6
--- /dev/null
+++ b/debian/modules/http-fancyindex/template.awk
@@ -0,0 +1,52 @@
+#! /usr/bin/awk -f
+#
+# Copyright © Adrian Perez 
+#
+# Converts an HTML template into a C header suitable for inclusion.
+# Take a look at the HACKING.rst file to know how to use it :-)
+#
+# This code is placed in the public domain.
+
+BEGIN {
+	varname = 0;
+	print "/* Automagically generated, do not edit! */"
+	vars_count = 0;
+}
+
+/^$/ {
+	if (varname) print ";";
+	if ($3 == "NONE") {
+		varname = 0;
+		next;
+	}
+	varname = $3;
+	vars[vars_count++] = varname;
+	print "static const u_char " varname "[] = \"\"";
+	next;
+}
+
+/^$/ {
+	if (!varname) next;
+	print "\"\\n\"";
+	next;
+}
+
+{
+	if (!varname) next;
+	# Order matters
+	gsub(/[\t\v\n\r\f]+/, "");
+	gsub(/\\/, "\\\\");
+	gsub(/"/, "\\\"");
+	print "\"" $0 "\""
+}
+
+
+END {
+	if (varname) print ";";
+	print "#define NFI_TEMPLATE_SIZE (0 \\";
+	for (var in vars) {
+		print "\t+ nfi_sizeof_ssz(" vars[var] ") \\";
+	}
+	print "\t)"
+}
+
diff --git a/debian/modules/http-fancyindex/template.h b/debian/modules/http-fancyindex/template.h
new file mode 100644
index 0000000..27b9500
--- /dev/null
+++ b/debian/modules/http-fancyindex/template.h
@@ -0,0 +1,94 @@
+/* Automagically generated, do not edit! */
+static const u_char t01_head1[] = ""
+""
+""
+""
+""
+""
+""
+"\n"
+;
+static const u_char t02_head2[] = ""
+"\n"
+"Index of "
+;
+static const u_char t03_head3[] = ""
+""
+"\n"
+""
+;
+static const u_char t04_body1[] = ""
+""
+"
Index of "
+;
+static const u_char t05_body2[] = ""
+"
"
+"\n"
+;
+static const u_char t06_list1[] = ""
+"
last = ngx_cpymem(b->last,
+                                 sort_url_args,
+                                 ngx_sizeof_ssz("?C=N&O=A"));
+        }
+        b->last = ngx_cpymem_ssz(b->last,
+                                 "\">Parent directory/--
last,
+                                      entry[i].name.data,
+                                      entry[i].name.len);
+
+            b->last += entry[i].name.len + entry[i].escape;
+
+        } else {
+            b->last = ngx_cpymem_str(b->last, entry[i].name);
+        }
+
+        if (entry[i].dir) {
+            *b->last++ = '/';
+            if (*sort_url_args) {
+                b->last = ngx_cpymem(b->last,
+                                     sort_url_args,
+                                     ngx_sizeof_ssz("?C=x&O=y"));
+            }
+        }
+
+        *b->last++ = '"';
+        b->last = ngx_cpymem_ssz(b->last, " title=\"");
+        b->last = ngx_cpymem_str(b->last, entry[i].name);
+        *b->last++ = '"';
+        *b->last++ = '>';
+
+        len = entry[i].utf_len;
+
+        if (entry[i].name.len - len) {
+            if (len > alcf->name_length) {
+                copy = alcf->name_length - 3 + 1;
+            } else {
+                copy = alcf->name_length + 1;
+            }
+
+            b->last = ngx_utf8_cpystrn(b->last, entry[i].name.data,
+                                          copy, entry[i].name.len);
+            last = b->last;
+
+        } else {
+            b->last = ngx_cpystrn(b->last, entry[i].name.data,
+                                  alcf->name_length + 1);
+            last = b->last - 3;
+        }
+
+        if (len > alcf->name_length) {
+            b->last = ngx_cpymem_ssz(last, "..>");
+
+        } else {
+            if (entry[i].dir && alcf->name_length - len > 0) {
+                *b->last++ = '/';
+                len++;
+            }
+
+            b->last = ngx_cpymem_ssz(b->last, "");
+        }
+
+        if (alcf->exact_size) {
+            if (entry[i].dir) {
+                *b->last++ = '-';
+            } else {
+                b->last = ngx_sprintf(b->last, "%19O", entry[i].size);
+            }
+
+        } else {
+            if (entry[i].dir) {
+                *b->last++ = '-';
+            } else {
+                length = entry[i].size;
+                multiplier = exbibyte;
+
+                for (j = 0; j < DIM(sizes) - 1 && length < multiplier; j++)
+                    multiplier /= 1024;
+
+                /* If we are showing the filesize in bytes, do not show a decimal */
+                if (j == DIM(sizes) - 1)
+                    b->last = ngx_sprintf(b->last, "%O %s", length, sizes[j]);
+                else
+                    b->last = ngx_sprintf(b->last, "%.1f %s", 
+                                          (float) length / multiplier, sizes[j]);
+            }
+        }
+
+        ngx_gmtime(entry[i].mtime + tp->gmtoff * 60 * alcf->localtime, &tm);
+        b->last = ngx_cpymem_ssz(b->last, "");
+        b->last = ngx_fancyindex_timefmt(b->last, &alcf->time_format, &tm);
+        b->last = ngx_cpymem_ssz(b->last, "
"
+""
+""
+""
+""
+""
+""
+""
+"\n"
+""
+;
+static const u_char t_parentdir_entry[] = ""
+""
+""
+""
+""
+""
+"\n"
+;
+static const u_char t07_list2[] = ""
+""
+"
File Name  ↓ File Size  ↓ Date  ↓ 
Parent directory/--
"
+;
+static const u_char t08_foot1[] = ""
+""
+""
+;
+#define NFI_TEMPLATE_SIZE (0 \
+	+ nfi_sizeof_ssz(t01_head1) \
+	+ nfi_sizeof_ssz(t02_head2) \
+	+ nfi_sizeof_ssz(t03_head3) \
+	+ nfi_sizeof_ssz(t04_body1) \
+	+ nfi_sizeof_ssz(t05_body2) \
+	+ nfi_sizeof_ssz(t06_list1) \
+	+ nfi_sizeof_ssz(t_parentdir_entry) \
+	+ nfi_sizeof_ssz(t07_list2) \
+	+ nfi_sizeof_ssz(t08_foot1) \
+	)
diff --git a/debian/modules/http-fancyindex/template.html b/debian/modules/http-fancyindex/template.html
new file mode 100644
index 0000000..8e478f8
--- /dev/null
+++ b/debian/modules/http-fancyindex/template.html
@@ -0,0 +1,93 @@
+
+
+
+	
+		
+		
+		
+
+
+
+		Index of 
+<!-- var NONE -->
+			/path/to/somewhere
+<!-- var t03_head3 -->
+		
+
+	
+
+	
+		
Index of 
+
+			/path/to/somewhere
+
+		

+
+
+		
+			
+				
+					
+					
+					
+				
+			
+
+			
+
+				
+					
+					
+					
+				
+
+
+				
+					
+					
+					
+				
+				
+					
+					
+					
+				
+				
+					
+					
+					
+				
+
+			
+		
File Name  ↓ File Size  ↓ Date  ↓ 
Parent directory/--
test file 1123kBdate
test file 2321MBdate
test file 3666date

+
+	
+
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/README.markdown b/debian/modules/http-headers-more-filter/README.markdown
similarity index 90%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/README.markdown
rename to debian/modules/http-headers-more-filter/README.markdown
index 6baea91..452ef1f 100644
--- a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/README.markdown
+++ b/debian/modules/http-headers-more-filter/README.markdown
@@ -36,7 +36,7 @@ Table of Contents
 Version
 =======
 
-This document describes headers-more-nginx-module [v0.34](https://github.com/openresty/headers-more-nginx-module/tags) released on 17 July 2022.
+This document describes headers-more-nginx-module [v0.33](https://github.com/openresty/headers-more-nginx-module/tags) released on 3 November 2017.
 
 Synopsis
 ========
@@ -104,7 +104,7 @@ For example,
 more_set_headers -t 'text/html text/plain' 'X-Foo: Bar';
 ```
 
-Never use other parameters like `charset=utf-8` in the `-t` option values; they will not
+Never use other paramemters like `charset=utf-8` in the `-t` option values; they will not
 work as you would expect.
 
 Input headers can be modified as well. For example
@@ -134,7 +134,7 @@ Directives
 
 more_set_headers
 ----------------
-**syntax:** *more_set_headers [-t <content-type list>]... [-s <status-code list>]... [-a] <new-header>...*
+**syntax:** *more_set_headers [-t <content-type list>]... [-s <status-code list>]... <new-header>...*
 
 **default:** *no*
 
@@ -144,8 +144,6 @@ more_set_headers
 
 Replaces (if any) or adds (if not any) the specified output headers when the response status code matches the codes specified by the `-s` option *AND* the response content type matches the types specified by the `-t` option.
 
-If the "-a" option is specified, the specified output headers can be appended directly without clearing the old fields. The behavior of builtin headers such as "Content-Type", "Content-Length", "Server", etc. cannot be changed.
-
 If either `-s` or `-t` is not specified or has an empty list value, then no match is required. Therefore, the following directive set the `Server` output header to the custom value for *any* status code and *any* content type:
 
 ```nginx
@@ -349,13 +347,13 @@ Installation
 ============
 
 Grab the nginx source code from [nginx.org](http://nginx.org/), for example,
-the version 1.17.8 (see [nginx compatibility](#compatibility)), and then build the source with this module:
+the version 1.13.6 (see [nginx compatibility](#compatibility)), and then build the source with this module:
 
 ```bash
 
- wget 'http://nginx.org/download/nginx-1.17.8.tar.gz'
- tar -xzvf nginx-1.17.8.tar.gz
- cd nginx-1.17.8/
+ wget 'http://nginx.org/download/nginx-1.13.6.tar.gz'
+ tar -xzvf nginx-1.13.6.tar.gz
+ cd nginx-1.13.6/
 
  # Here we assume you would install you nginx under /opt/nginx/.
  ./configure --prefix=/opt/nginx \
@@ -384,12 +382,6 @@ Compatibility
 
 The following versions of Nginx should work with this module:
 
-* **1.21.x**                      (last tested: 1.21.4)
-* **1.19.x**                      (last tested: 1.19.9)
-* **1.17.x**                      (last tested: 1.17.8)
-* **1.16.x**
-* **1.15.x**                      (last tested: 1.15.8)
-* **1.14.x**
 * **1.13.x**                      (last tested: 1.13.6)
 * **1.12.x**
 * **1.11.x**                      (last tested: 1.11.2)
@@ -521,7 +513,26 @@ Copyright (c) 2009-2017, Yichun "agentzh" Zhang (章亦春) ,
 
 Copyright (c) 2010-2013, Bernd Dorn.
 
-The license text is available in the [LICENSE](LICENSE) file located in the root directory of the project.
+This module is licensed under the terms of the BSD license.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 
 [Back to TOC](#table-of-contents)
 
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/config b/debian/modules/http-headers-more-filter/config
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/config
rename to debian/modules/http-headers-more-filter/config
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ddebug.h b/debian/modules/http-headers-more-filter/src/ddebug.h
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ddebug.h
rename to debian/modules/http-headers-more-filter/src/ddebug.h
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_filter_module.c b/debian/modules/http-headers-more-filter/src/ngx_http_headers_more_filter_module.c
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_filter_module.c
rename to debian/modules/http-headers-more-filter/src/ngx_http_headers_more_filter_module.c
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_filter_module.h b/debian/modules/http-headers-more-filter/src/ngx_http_headers_more_filter_module.h
similarity index 92%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_filter_module.h
rename to debian/modules/http-headers-more-filter/src/ngx_http_headers_more_filter_module.h
index 5f31ab4..72a5317 100644
--- a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_filter_module.h
+++ b/debian/modules/http-headers-more-filter/src/ngx_http_headers_more_filter_module.h
@@ -60,9 +60,8 @@ struct ngx_http_headers_more_header_val_s {
     ngx_str_t                               key;
     ngx_http_headers_more_set_header_pt     handler;
     ngx_uint_t                              offset;
-    unsigned                                replace:1;
-    unsigned                                wildcard:1;
-    unsigned                                append:1;
+    ngx_flag_t                              replace;
+    ngx_flag_t                              wildcard;
 };
 
 
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_headers_in.c b/debian/modules/http-headers-more-filter/src/ngx_http_headers_more_headers_in.c
similarity index 94%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_headers_in.c
rename to debian/modules/http-headers-more-filter/src/ngx_http_headers_more_headers_in.c
index 983be5b..c3eb8f7 100644
--- a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_headers_in.c
+++ b/debian/modules/http-headers-more-filter/src/ngx_http_headers_more_headers_in.c
@@ -158,15 +158,9 @@ static ngx_http_headers_more_set_header_t ngx_http_headers_more_set_handlers[]
                  ngx_http_set_builtin_header },
 #endif
 
-#if defined(nginx_version) && nginx_version >= 1023000
-    { ngx_string("Cookie"),
-                 offsetof(ngx_http_headers_in_t, cookie),
-                 ngx_http_set_builtin_multi_header },
-#else
     { ngx_string("Cookie"),
                  offsetof(ngx_http_headers_in_t, cookies),
                  ngx_http_set_builtin_multi_header },
-#endif
 
     { ngx_null_string, 0, ngx_http_set_header }
 };
@@ -335,9 +329,6 @@ matched:
 
     h->key = hv->key;
     h->value = *value;
-#if defined(nginx_version) && nginx_version >= 1023000
-    h->next = NULL;
-#endif
 
     h->lowcase_key = ngx_pnalloc(r->pool, h->key.len);
     if (h->lowcase_key == NULL) {
@@ -748,7 +739,6 @@ ngx_http_set_connection_header(ngx_http_request_t *r,
     if (ngx_strcasestrn(value->data, "close", 5 - 1)) {
         r->headers_in.connection_type = NGX_HTTP_CONNECTION_CLOSE;
         r->headers_in.keep_alive_n = -1;
-        r->keepalive = 0;
 
     } else if (ngx_strcasestrn(value->data, "keep-alive", 10 - 1)) {
         r->headers_in.connection_type = NGX_HTTP_CONNECTION_KEEP_ALIVE;
@@ -762,54 +752,6 @@ static ngx_int_t
 ngx_http_set_builtin_multi_header(ngx_http_request_t *r,
     ngx_http_headers_more_header_val_t *hv, ngx_str_t *value)
 {
-#if defined(nginx_version) && nginx_version >= 1023000
-    ngx_table_elt_t  **headers, **ph, *h;
-#if (DDEBUG)
-    int                nelts;
-#endif
-
-    if (r->headers_out.status == 400 || r->headers_in.headers.last == NULL) {
-        /* must be a 400 Bad Request */
-        return NGX_OK;
-    }
-
-    headers = (ngx_table_elt_t **) ((char *) &r->headers_in + hv->offset);
-
-    if (*headers) {
-#if (DDEBUG)
-        nelts = 0;
-        for (h = *headers; h; h = h->next) {
-            nelts++;
-        }
-
-        dd("clear multi-value headers: %d", nelts);
-#endif
-        
-        *headers = NULL;
-    }
-
-    if (ngx_http_set_header_helper(r, hv, value, &h) == NGX_ERROR) {
-        return NGX_ERROR;
-    }
-
-    if (value->len == 0) {
-        return NGX_OK;
-    }
-
-    dd("new multi-value header: %p", h);
-
-    if (*headers) {
-        for (ph = headers; *ph; ph = &(*ph)->next) { /* void */ }
-        *ph = h;
-
-    } else {
-        *headers = h;
-    }
-
-    h->next = NULL;
-
-    return NGX_OK;
-#else
     ngx_array_t       *headers;
     ngx_table_elt_t  **v, *h;
 
@@ -862,7 +804,6 @@ ngx_http_set_builtin_multi_header(ngx_http_request_t *r,
 
     *v = h;
     return NGX_OK;
-#endif
 }
 
 
@@ -895,7 +836,6 @@ ngx_http_headers_more_validate_host(ngx_str_t *host, ngx_pool_t *pool,
             if (dot_pos == i - 1) {
                 return NGX_DECLINED;
             }
-
             dot_pos = i;
             break;
 
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_headers_in.h b/debian/modules/http-headers-more-filter/src/ngx_http_headers_more_headers_in.h
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_headers_in.h
rename to debian/modules/http-headers-more-filter/src/ngx_http_headers_more_headers_in.h
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_headers_out.c b/debian/modules/http-headers-more-filter/src/ngx_http_headers_more_headers_out.c
similarity index 85%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_headers_out.c
rename to debian/modules/http-headers-more-filter/src/ngx_http_headers_more_headers_out.c
index 2a95b5f..0f9bc87 100644
--- a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_headers_out.c
+++ b/debian/modules/http-headers-more-filter/src/ngx_http_headers_more_headers_out.c
@@ -184,10 +184,6 @@ ngx_http_set_header_helper(ngx_http_request_t *r,
     }
 #endif
 
-    if (hv->append) {
-        goto append;
-    }
-
     part = &r->headers_out.headers.part;
     h = part->elts;
 
@@ -259,8 +255,6 @@ matched:
      * is empty because some builtin headers like Last-Modified
      * relies on this to get cleared */
 
-append:
-
     h = ngx_list_push(&r->headers_out.headers);
     if (h == NULL) {
         return NGX_ERROR;
@@ -333,46 +327,6 @@ static ngx_int_t
 ngx_http_set_builtin_multi_header(ngx_http_request_t *r,
     ngx_http_headers_more_header_val_t *hv, ngx_str_t *value)
 {
-#if defined(nginx_version) && nginx_version >= 1023000
-    ngx_table_elt_t  **headers, *h, *ho, **ph;
-
-    headers = (ngx_table_elt_t **) ((char *) &r->headers_out + hv->offset);
-
-    if (*headers) {
-        for (h = (*headers)->next; h; h = h->next) {
-            h->hash = 0;
-            h->value.len = 0;
-        }
-
-        h = *headers;
-
-        h->value = *value;
-
-        if (value->len == 0) {
-            h->hash = 0;
-
-        } else {
-            h->hash = hv->hash;
-        }
-
-        return NGX_OK;
-    }
-
-    for (ph = headers; *ph; ph = &(*ph)->next) { /* void */ }
-
-    ho = ngx_list_push(&r->headers_out.headers);
-    if (ho == NULL) {
-        return NGX_ERROR;
-    }
-
-    ho->value = *value;
-    ho->hash = hv->hash;
-    ngx_str_set(&ho->key, "Cache-Control");
-    ho->next = NULL;
-    *ph = ho;
-
-    return NGX_OK;
-#else
     ngx_array_t      *pa;
     ngx_table_elt_t  *ho, **ph;
     ngx_uint_t        i;
@@ -424,7 +378,6 @@ ngx_http_set_builtin_multi_header(ngx_http_request_t *r,
     *ph = ho;
 
     return NGX_OK;
-#endif
 }
 
 
@@ -612,18 +565,14 @@ static char *
 ngx_http_headers_more_parse_directive(ngx_conf_t *cf, ngx_command_t *ngx_cmd,
     void *conf, ngx_http_headers_more_opcode_t opcode)
 {
-    ngx_http_headers_more_loc_conf_t   *hlcf = conf;
+    ngx_http_headers_more_loc_conf_t  *hlcf = conf;
 
-    ngx_uint_t                          i, j;
-    ngx_http_headers_more_cmd_t        *cmd;
-    ngx_str_t                          *arg;
-    ngx_flag_t                          ignore_next_arg;
-    ngx_str_t                          *cmd_name;
-    ngx_int_t                           rc;
-    ngx_flag_t                          append = 0;
-    ngx_flag_t                          is_builtin_header = 0;
-    ngx_http_headers_more_header_val_t *h;
-    ngx_http_headers_more_set_header_t *handlers;
+    ngx_uint_t                         i;
+    ngx_http_headers_more_cmd_t       *cmd;
+    ngx_str_t                         *arg;
+    ngx_flag_t                         ignore_next_arg;
+    ngx_str_t                         *cmd_name;
+    ngx_int_t                          rc;
 
     ngx_http_headers_more_main_conf_t  *hmcf;
 
@@ -731,22 +680,6 @@ ngx_http_headers_more_parse_directive(ngx_conf_t *cf, ngx_command_t *ngx_cmd,
                 ignore_next_arg = 1;
 
                 continue;
-
-            } else if (arg[i].data[1] == 'a') {
-
-                if (ngx_strncasecmp((u_char *) "more_set_headers",
-                                    cmd_name->data, cmd_name->len) != 0)
-                {
-                    ngx_log_error(NGX_LOG_ERR, cf->log, 0,
-                                  "%V: invalid option name: \"%V\"",
-                                  cmd_name, &arg[i]);
-
-                    return NGX_CONF_ERROR;
-                }
-
-                dd("Found append flag");
-                append = 1;
-                continue;
             }
         }
 
@@ -762,37 +695,6 @@ ngx_http_headers_more_parse_directive(ngx_conf_t *cf, ngx_command_t *ngx_cmd,
 
     if (cmd->headers->nelts == 0) {
         cmd->headers = NULL;
-
-    } else {
-
-        h = cmd->headers->elts;
-        for (i = 0; i < cmd->headers->nelts; i++) {
-            h[i].append = 0;
-
-            handlers = ngx_http_headers_more_set_handlers;
-
-            for (j = 0; handlers[j].name.len; j++) {
-                if (h[i].key.len == handlers[j].name.len
-                    && ngx_strncasecmp(h[i].key.data, handlers[j].name.data,
-                                       h[i].key.len) == 0)
-                {
-                    is_builtin_header = 1;
-                    break;
-                }
-            }
-
-            if (is_builtin_header && append) {
-                ngx_log_error(NGX_LOG_ERR, cf->log, 0,
-                              "%V: can not append builtin headers \"%V\"",
-                              cmd_name, &h[i].key);
-
-                return NGX_CONF_ERROR;
-            }
-
-            if (!is_builtin_header) {
-                h[i].append = append;
-            }
-        }
     }
 
     if (cmd->types->nelts == 0) {
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_headers_out.h b/debian/modules/http-headers-more-filter/src/ngx_http_headers_more_headers_out.h
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_headers_out.h
rename to debian/modules/http-headers-more-filter/src/ngx_http_headers_more_headers_out.h
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_util.c b/debian/modules/http-headers-more-filter/src/ngx_http_headers_more_util.c
similarity index 99%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_util.c
rename to debian/modules/http-headers-more-filter/src/ngx_http_headers_more_util.c
index e1f3636..caf372e 100644
--- a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_util.c
+++ b/debian/modules/http-headers-more-filter/src/ngx_http_headers_more_util.c
@@ -295,7 +295,6 @@ ngx_http_headers_more_rm_header_helper(ngx_list_t *l, ngx_list_part_t *cur,
                         if (part->next == NULL) {
                             return NGX_ERROR;
                         }
-
                         part = part->next;
                     }
 
@@ -339,7 +338,6 @@ ngx_http_headers_more_rm_header_helper(ngx_list_t *l, ngx_list_part_t *cur,
                     if (part->next == NULL) {
                         return NGX_ERROR;
                     }
-
                     part = part->next;
                 }
 
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_util.h b/debian/modules/http-headers-more-filter/src/ngx_http_headers_more_util.h
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/src/ngx_http_headers_more_util.h
rename to debian/modules/http-headers-more-filter/src/ngx_http_headers_more_util.h
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/bug.t b/debian/modules/http-headers-more-filter/t/bug.t
similarity index 92%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/bug.t
rename to debian/modules/http-headers-more-filter/t/bug.t
index 2339401..88cfa09 100644
--- a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/bug.t
+++ b/debian/modules/http-headers-more-filter/t/bug.t
@@ -4,7 +4,7 @@ use Test::Nginx::Socket; # 'no_plan';
 
 repeat_each(2);
 
-plan tests => 56 * repeat_each();
+plan tests => 53 * repeat_each();
 
 no_diff;
 
@@ -391,26 +391,3 @@ GET x HTTP/1.1
 --- response_body
 ok
 --- no_check_leak
-
-
-
-=== TEST 21: override Cache-Control header sent by proxy module
---- config
-    location = /back {
-        content_by_lua_block {
-            ngx.header['Cache-Control'] = 'max-age=0, no-cache'
-            ngx.send_headers()
-            ngx.say("Cache-Control: ", ngx.var.sent_http_cache_control)
-        }
-    }
-
-    location = /t {
-        more_set_headers "Cache-Control: max-age=1800";
-        proxy_pass http://127.0.0.1:$server_port/back;
-    }
---- request
-    GET /t
---- response_headers
-Cache-Control: max-age=1800
---- response_body
-Cache-Control: max-age=0, no-cache
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/builtin.t b/debian/modules/http-headers-more-filter/t/builtin.t
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/builtin.t
rename to debian/modules/http-headers-more-filter/t/builtin.t
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/eval.t b/debian/modules/http-headers-more-filter/t/eval.t
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/eval.t
rename to debian/modules/http-headers-more-filter/t/eval.t
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/input-conn.t b/debian/modules/http-headers-more-filter/t/input-conn.t
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/input-conn.t
rename to debian/modules/http-headers-more-filter/t/input-conn.t
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/input-cookie.t b/debian/modules/http-headers-more-filter/t/input-cookie.t
similarity index 99%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/input-cookie.t
rename to debian/modules/http-headers-more-filter/t/input-cookie.t
index 3e5257b..68db4d0 100644
--- a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/input-cookie.t
+++ b/debian/modules/http-headers-more-filter/t/input-cookie.t
@@ -178,6 +178,6 @@ GeT / HTTP/1.1
 --- response_body
 ok
 --- no_error_log
-[warn]
 [error]
+[alert]
 --- no_check_leak
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/input-ua.t b/debian/modules/http-headers-more-filter/t/input-ua.t
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/input-ua.t
rename to debian/modules/http-headers-more-filter/t/input-ua.t
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/input.t b/debian/modules/http-headers-more-filter/t/input.t
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/input.t
rename to debian/modules/http-headers-more-filter/t/input.t
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/phase.t b/debian/modules/http-headers-more-filter/t/phase.t
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/phase.t
rename to debian/modules/http-headers-more-filter/t/phase.t
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/sanity.t b/debian/modules/http-headers-more-filter/t/sanity.t
similarity index 89%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/sanity.t
rename to debian/modules/http-headers-more-filter/t/sanity.t
index 47d65e3..d06f5dc 100644
--- a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/sanity.t
+++ b/debian/modules/http-headers-more-filter/t/sanity.t
@@ -5,7 +5,7 @@ use Test::Nginx::Socket;
 
 repeat_each(2);
 
-plan tests => repeat_each() * 123;
+plan tests => repeat_each() * 113;
 
 #master_on();
 #workers(2);
@@ -565,64 +565,3 @@ hi
 --- response_body
 ok
 --- http09
-
-
-
-=== TEST 34: use the -a option to append the cookie field
---- config
-    location /cookie {
-        more_set_headers -a 'Set-Cookie: name=lynch';
-        echo ok;
-    }
---- request
-    GET /cookie
---- response_headers
-Set-Cookie: name=lynch
---- response_body
-ok
-
-
-
-=== TEST 35: the original Set-Cookie fields will not be overwritten, when using the -a option
---- config
-    location /cookie {
-        more_set_headers 'Set-Cookie: name=lynch';
-        more_set_headers -a 'Set-Cookie: born=1981';
-        echo ok;
-    }
---- request
-    GET /cookie
---- raw_response_headers_like eval
-"Set-Cookie: name=lynch\r\nSet-Cookie: born=1981\r\n"
---- response_body
-ok
-
-
-
-=== TEST 36: The behavior of builtin headers can not be changed
---- config
-    location /foo {
-        more_set_headers -a "Server: myServer";
-        echo ok;
-    }
---- request
-    GET /foo
---- must_die
---- error_log chomp
-can not append builtin headers
---- suppress_stderr
-
-
-
-=== TEST 37: can not use -a option with more_clear_headers
---- config
-    location /foo {
-        more_clear_headers -a 'Content-Type';
-        echo ok;
-    }
---- request
-    GET /foo
---- must_die
---- error_log chomp
-invalid option name: "-a"
---- suppress_stderr
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/subrequest.t b/debian/modules/http-headers-more-filter/t/subrequest.t
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/subrequest.t
rename to debian/modules/http-headers-more-filter/t/subrequest.t
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/unused.t b/debian/modules/http-headers-more-filter/t/unused.t
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/unused.t
rename to debian/modules/http-headers-more-filter/t/unused.t
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/vars.t b/debian/modules/http-headers-more-filter/t/vars.t
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/t/vars.t
rename to debian/modules/http-headers-more-filter/t/vars.t
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/util/build.sh b/debian/modules/http-headers-more-filter/util/build.sh
similarity index 91%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/util/build.sh
rename to debian/modules/http-headers-more-filter/util/build.sh
index 00a191f..007194d 100755
--- a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/util/build.sh
+++ b/debian/modules/http-headers-more-filter/util/build.sh
@@ -6,10 +6,6 @@ root=`pwd`
 version=$1
 home=~
 force=$2
-pcre2_opt=""
-if [ "$WITHOUT_PCRE2" = "1" ]; then
-    pcre2_opt="--without-pcre2"
-fi
 
         #--with-cc=gcc46 \
 
@@ -25,7 +21,6 @@ ngx-build $force $version \
         --without-http_autoindex_module \
         --without-http_auth_basic_module \
         --without-http_userid_module \
-        $pcre2_opt \
         --with-http_realip_module \
         --with-http_dav_module \
       --add-module=$root/../eval-nginx-module \
diff --git a/modules_deb/libnginx-mod-http-headers-more-filter-0.38/valgrind.suppress b/debian/modules/http-headers-more-filter/valgrind.suppress
similarity index 100%
rename from modules_deb/libnginx-mod-http-headers-more-filter-0.38/valgrind.suppress
rename to debian/modules/http-headers-more-filter/valgrind.suppress
diff --git a/debian/modules/http-lua/README.markdown b/debian/modules/http-lua/README.markdown
new file mode 100644
index 0000000..15ad00e
--- /dev/null
+++ b/debian/modules/http-lua/README.markdown
@@ -0,0 +1,8332 @@
+
+
+Name
+====
+
+ngx_http_lua_module - Embed the power of Lua into Nginx HTTP Servers.
+
+*This module is not distributed with the Nginx source.* See [the installation instructions](#installation).
+
+Table of Contents
+=================
+
+* [Name](#name)
+* [Status](#status)
+* [Version](#version)
+* [Synopsis](#synopsis)
+* [Description](#description)
+* [Typical Uses](#typical-uses)
+* [Nginx Compatibility](#nginx-compatibility)
+* [Installation](#installation)
+    * [Building as a dynamic module](#building-as-a-dynamic-module)
+    * [C Macro Configurations](#c-macro-configurations)
+    * [Installation on Ubuntu 11.10](#installation-on-ubuntu-1110)
+* [Community](#community)
+    * [English Mailing List](#english-mailing-list)
+    * [Chinese Mailing List](#chinese-mailing-list)
+* [Code Repository](#code-repository)
+* [Bugs and Patches](#bugs-and-patches)
+* [Lua/LuaJIT bytecode support](#lualuajit-bytecode-support)
+* [System Environment Variable Support](#system-environment-variable-support)
+* [HTTP 1.0 support](#http-10-support)
+* [Statically Linking Pure Lua Modules](#statically-linking-pure-lua-modules)
+* [Data Sharing within an Nginx Worker](#data-sharing-within-an-nginx-worker)
+* [Known Issues](#known-issues)
+    * [TCP socket connect operation issues](#tcp-socket-connect-operation-issues)
+    * [Lua Coroutine Yielding/Resuming](#lua-coroutine-yieldingresuming)
+    * [Lua Variable Scope](#lua-variable-scope)
+    * [Locations Configured by Subrequest Directives of Other Modules](#locations-configured-by-subrequest-directives-of-other-modules)
+    * [Cosockets Not Available Everywhere](#cosockets-not-available-everywhere)
+    * [Special Escaping Sequences](#special-escaping-sequences)
+    * [Mixing with SSI Not Supported](#mixing-with-ssi-not-supported)
+    * [SPDY Mode Not Fully Supported](#spdy-mode-not-fully-supported)
+    * [Missing data on short circuited requests](#missing-data-on-short-circuited-requests)
+* [TODO](#todo)
+* [Changes](#changes)
+* [Test Suite](#test-suite)
+* [Copyright and License](#copyright-and-license)
+* [See Also](#see-also)
+* [Directives](#directives)
+* [Nginx API for Lua](#nginx-api-for-lua)
+* [Obsolete Sections](#obsolete-sections)
+    * [Special PCRE Sequences](#special-pcre-sequences)
+
+Status
+======
+
+Production ready.
+
+Version
+=======
+
+This document describes ngx_lua [v0.10.13](https://github.com/openresty/lua-nginx-module/tags) released on 22 April 2018.
+
+Synopsis
+========
+```nginx
+
+ # set search paths for pure Lua external libraries (';;' is the default path):
+ lua_package_path '/foo/bar/?.lua;/blah/?.lua;;';
+
+ # set search paths for Lua external libraries written in C (can also use ';;'):
+ lua_package_cpath '/bar/baz/?.so;/blah/blah/?.so;;';
+
+ server {
+     location /lua_content {
+         # MIME type determined by default_type:
+         default_type 'text/plain';
+
+         content_by_lua_block {
+             ngx.say('Hello,world!')
+         }
+     }
+
+     location /nginx_var {
+         # MIME type determined by default_type:
+         default_type 'text/plain';
+
+         # try access /nginx_var?a=hello,world
+         content_by_lua_block {
+             ngx.say(ngx.var.arg_a)
+         }
+     }
+
+     location = /request_body {
+         client_max_body_size 50k;
+         client_body_buffer_size 50k;
+
+         content_by_lua_block {
+             ngx.req.read_body()  -- explicitly read the req body
+             local data = ngx.req.get_body_data()
+             if data then
+                 ngx.say("body data:")
+                 ngx.print(data)
+                 return
+             end
+
+             -- body may get buffered in a temp file:
+             local file = ngx.req.get_body_file()
+             if file then
+                 ngx.say("body is in file ", file)
+             else
+                 ngx.say("no body found")
+             end
+         }
+     }
+
+     # transparent non-blocking I/O in Lua via subrequests
+     # (well, a better way is to use cosockets)
+     location = /lua {
+         # MIME type determined by default_type:
+         default_type 'text/plain';
+
+         content_by_lua_block {
+             local res = ngx.location.capture("/some_other_location")
+             if res then
+                 ngx.say("status: ", res.status)
+                 ngx.say("body:")
+                 ngx.print(res.body)
+             end
+         }
+     }
+
+     location = /foo {
+         rewrite_by_lua_block {
+             res = ngx.location.capture("/memc",
+                 { args = { cmd = "incr", key = ngx.var.uri } }
+             )
+         }
+
+         proxy_pass http://blah.blah.com;
+     }
+
+     location = /mixed {
+         rewrite_by_lua_file /path/to/rewrite.lua;
+         access_by_lua_file /path/to/access.lua;
+         content_by_lua_file /path/to/content.lua;
+     }
+
+     # use nginx var in code path
+     # CAUTION: contents in nginx var must be carefully filtered,
+     # otherwise there'll be great security risk!
+     location ~ ^/app/([-_a-zA-Z0-9/]+) {
+         set $path $1;
+         content_by_lua_file /path/to/lua/app/root/$path.lua;
+     }
+
+     location / {
+        client_max_body_size 100k;
+        client_body_buffer_size 100k;
+
+        access_by_lua_block {
+            -- check the client IP address is in our black list
+            if ngx.var.remote_addr == "132.5.72.3" then
+                ngx.exit(ngx.HTTP_FORBIDDEN)
+            end
+
+            -- check if the URI contains bad words
+            if ngx.var.uri and
+                   string.match(ngx.var.request_body, "evil")
+            then
+                return ngx.redirect("/terms_of_use.html")
+            end
+
+            -- tests passed
+        }
+
+        # proxy_pass/fastcgi_pass/etc settings
+     }
+ }
+```
+
+[Back to TOC](#table-of-contents)
+
+Description
+===========
+
+This module embeds Lua, via the standard Lua 5.1 interpreter or [LuaJIT 2.0/2.1](http://luajit.org/luajit.html), into Nginx and by leveraging Nginx's subrequests, allows the integration of the powerful Lua threads (Lua coroutines) into the Nginx event model.
+
+Unlike [Apache's mod_lua](https://httpd.apache.org/docs/trunk/mod/mod_lua.html) and [Lighttpd's mod_magnet](http://redmine.lighttpd.net/wiki/1/Docs:ModMagnet), Lua code executed using this module can be *100% non-blocking* on network traffic as long as the [Nginx API for Lua](#nginx-api-for-lua) provided by this module is used to handle
+requests to upstream services such as MySQL, PostgreSQL, Memcached, Redis, or upstream HTTP web services.
+
+At least the following Lua libraries and Nginx modules can be used with this ngx_lua module:
+
+* [lua-resty-memcached](https://github.com/openresty/lua-resty-memcached)
+* [lua-resty-mysql](https://github.com/openresty/lua-resty-mysql)
+* [lua-resty-redis](https://github.com/openresty/lua-resty-redis)
+* [lua-resty-dns](https://github.com/openresty/lua-resty-dns)
+* [lua-resty-upload](https://github.com/openresty/lua-resty-upload)
+* [lua-resty-websocket](https://github.com/openresty/lua-resty-websocket)
+* [lua-resty-lock](https://github.com/openresty/lua-resty-lock)
+* [lua-resty-logger-socket](https://github.com/cloudflare/lua-resty-logger-socket)
+* [lua-resty-lrucache](https://github.com/openresty/lua-resty-lrucache)
+* [lua-resty-string](https://github.com/openresty/lua-resty-string)
+* [ngx_memc](http://github.com/openresty/memc-nginx-module)
+* [ngx_postgres](https://github.com/FRiCKLE/ngx_postgres)
+* [ngx_redis2](http://github.com/openresty/redis2-nginx-module)
+* [ngx_redis](http://wiki.nginx.org/HttpRedisModule)
+* [ngx_proxy](http://nginx.org/en/docs/http/ngx_http_proxy_module.html)
+* [ngx_fastcgi](http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html)
+
+Almost all the Nginx modules can be used with this ngx_lua module by means of [ngx.location.capture](#ngxlocationcapture) or [ngx.location.capture_multi](#ngxlocationcapture_multi) but it is recommended to use those `lua-resty-*` libraries instead of creating subrequests to access the Nginx upstream modules because the former is usually much more flexible and memory-efficient.
+
+The Lua interpreter or LuaJIT instance is shared across all the requests in a single nginx worker process but request contexts are segregated using lightweight Lua coroutines.
+
+Loaded Lua modules persist in the nginx worker process level resulting in a small memory footprint in Lua even when under heavy loads.
+
+This module is plugged into NGINX's "http" subsystem so it can only speaks downstream communication protocols in the HTTP family (HTTP 0.9/1.0/1.1/2.0, WebSockets, and etc).
+If you want to do generic TCP communications with the downstream clients, then you should use the [ngx_stream_lua](https://github.com/openresty/stream-lua-nginx-module#readme) module instead
+which has a compatible Lua API.
+
+[Back to TOC](#table-of-contents)
+
+Typical Uses
+============
+
+Just to name a few:
+
+* Mashup'ing and processing outputs of various nginx upstream outputs (proxy, drizzle, postgres, redis, memcached, and etc) in Lua,
+* doing arbitrarily complex access control and security checks in Lua before requests actually reach the upstream backends,
+* manipulating response headers in an arbitrary way (by Lua)
+* fetching backend information from external storage backends (like redis, memcached, mysql, postgresql) and use that information to choose which upstream backend to access on-the-fly,
+* coding up arbitrarily complex web applications in a content handler using synchronous but still non-blocking access to the database backends and other storage,
+* doing very complex URL dispatch in Lua at rewrite phase,
+* using Lua to implement advanced caching mechanism for Nginx's subrequests and arbitrary locations.
+
+The possibilities are unlimited as the module allows bringing together various elements within Nginx as well as exposing the power of the Lua language to the user. The module provides the full flexibility of scripting while offering performance levels comparable with native C language programs both in terms of CPU time as well as memory footprint. This is particularly the case when LuaJIT 2.x is enabled.
+
+Other scripting language implementations typically struggle to match this performance level.
+
+The Lua state (Lua VM instance) is shared across all the requests handled by a single nginx worker process to minimize memory use.
+
+[Back to TOC](#table-of-contents)
+
+Nginx Compatibility
+===================
+
+The latest version of this module is compatible with the following versions of Nginx:
+
+* 1.13.x  (last tested: 1.13.6)
+* 1.12.x
+* 1.11.x  (last tested: 1.11.2)
+* 1.10.x
+* 1.9.x (last tested: 1.9.15)
+* 1.8.x
+* 1.7.x (last tested: 1.7.10)
+* 1.6.x
+
+Nginx cores older than 1.6.0 (exclusive) are *not* supported.
+
+[Back to TOC](#table-of-contents)
+
+Installation
+============
+
+It is *highly* recommended to use [OpenResty releases](http://openresty.org) which integrate Nginx, ngx_lua, LuaJIT 2.1, as well as other powerful companion Nginx modules and Lua libraries. It is discouraged to build this module with nginx yourself since it is tricky to set up exactly right. Also, the stock nginx cores have various limitations and long standing bugs that can make some of this modules' features become disabled, not work properly, or run slower. The same applies to LuaJIT as well. OpenResty includes its own version of LuaJIT which gets specifically optimized and enhanced for the OpenResty environment.
+
+Alternatively, ngx_lua can be manually compiled into Nginx:
+
+1. Install LuaJIT 2.0 or 2.1 (recommended) or Lua 5.1 (Lua 5.2 is *not* supported yet). LuaJIT can be downloaded from the [LuaJIT project website](http://luajit.org/download.html) and Lua 5.1, from the [Lua project website](http://www.lua.org/).  Some distribution package managers also distribute LuaJIT and/or Lua.
+1. Download the latest version of the ngx_devel_kit (NDK) module [HERE](https://github.com/simplresty/ngx_devel_kit/tags).
+1. Download the latest version of ngx_lua [HERE](https://github.com/openresty/lua-nginx-module/tags).
+1. Download the latest version of Nginx [HERE](http://nginx.org/) (See [Nginx Compatibility](#nginx-compatibility))
+
+Build the source with this module:
+
+```bash
+
+ wget 'http://nginx.org/download/nginx-1.13.6.tar.gz'
+ tar -xzvf nginx-1.13.6.tar.gz
+ cd nginx-1.13.6/
+
+ # tell nginx's build system where to find LuaJIT 2.0:
+ export LUAJIT_LIB=/path/to/luajit/lib
+ export LUAJIT_INC=/path/to/luajit/include/luajit-2.0
+
+ # tell nginx's build system where to find LuaJIT 2.1:
+ export LUAJIT_LIB=/path/to/luajit/lib
+ export LUAJIT_INC=/path/to/luajit/include/luajit-2.1
+
+ # or tell where to find Lua if using Lua instead:
+ #export LUA_LIB=/path/to/lua/lib
+ #export LUA_INC=/path/to/lua/include
+
+ # Here we assume Nginx is to be installed under /opt/nginx/.
+ ./configure --prefix=/opt/nginx \
+         --with-ld-opt="-Wl,-rpath,/path/to/luajit-or-lua/lib" \
+         --add-module=/path/to/ngx_devel_kit \
+         --add-module=/path/to/lua-nginx-module
+
+ # Note that you may also want to add `./configure` options which are used in your
+ # current nginx build.
+ # You can get usually those options using command nginx -V
+
+ # you can change the parallism number 2 below to fit the number of spare CPU cores in your
+ # machine.
+ make -j2
+ make install
+```
+
+[Back to TOC](#table-of-contents)
+
+Building as a dynamic module
+----------------------------
+
+Starting from NGINX 1.9.11, you can also compile this module as a dynamic module, by using the `--add-dynamic-module=PATH` option instead of `--add-module=PATH` on the
+`./configure` command line above. And then you can explicitly load the module in your `nginx.conf` via the [load_module](http://nginx.org/en/docs/ngx_core_module.html#load_module)
+directive, for example,
+
+```nginx
+
+ load_module /path/to/modules/ndk_http_module.so;  # assuming NDK is built as a dynamic module too
+ load_module /path/to/modules/ngx_http_lua_module.so;
+```
+
+[Back to TOC](#table-of-contents)
+
+C Macro Configurations
+----------------------
+
+While building this module either via OpenResty or with the NGINX core, you can define the following C macros via the C compiler options:
+
+* `NGX_LUA_USE_ASSERT`
+	When defined, will enable assertions in the ngx_lua C code base. Recommended for debugging or testing builds. It can introduce some (small) runtime overhead when enabled. This macro was first introduced in the `v0.9.10` release.
+* `NGX_LUA_ABORT_AT_PANIC`
+	When the Lua/LuaJIT VM panics, ngx_lua will instruct the current nginx worker process to quit gracefully by default. By specifying this C macro, ngx_lua will abort the current nginx worker process (which usually result in a core dump file) immediately. This option is useful for debugging VM panics. This option was first introduced in the `v0.9.8` release.
+* `NGX_LUA_NO_FFI_API`
+	Excludes pure C API functions for FFI-based Lua API for NGINX (as required by [lua-resty-core](https://github.com/openresty/lua-resty-core#readme), for example). Enabling this macro can make the resulting binary code size smaller.
+
+To enable one or more of these macros, just pass extra C compiler options to the `./configure` script of either NGINX or OpenResty. For instance,
+
+
+    ./configure --with-cc-opt="-DNGX_LUA_USE_ASSERT -DNGX_LUA_ABORT_AT_PANIC"
+
+
+[Back to TOC](#table-of-contents)
+
+Installation on Ubuntu 11.10
+----------------------------
+
+Note that it is recommended to use LuaJIT 2.0 or LuaJIT 2.1 instead of the standard Lua 5.1 interpreter wherever possible.
+
+If the standard Lua 5.1 interpreter is required however, run the following command to install it from the Ubuntu repository:
+
+```bash
+
+ apt-get install -y lua5.1 liblua5.1-0 liblua5.1-0-dev
+```
+
+Everything should be installed correctly, except for one small tweak.
+
+Library name `liblua.so` has been changed in liblua5.1 package, it only comes with `liblua5.1.so`, which needs to be symlinked to `/usr/lib` so it could be found during the configuration process.
+
+```bash
+
+ ln -s /usr/lib/x86_64-linux-gnu/liblua5.1.so /usr/lib/liblua.so
+```
+
+[Back to TOC](#table-of-contents)
+
+Community
+=========
+
+[Back to TOC](#table-of-contents)
+
+English Mailing List
+--------------------
+
+The [openresty-en](https://groups.google.com/group/openresty-en) mailing list is for English speakers.
+
+[Back to TOC](#table-of-contents)
+
+Chinese Mailing List
+--------------------
+
+The [openresty](https://groups.google.com/group/openresty) mailing list is for Chinese speakers.
+
+[Back to TOC](#table-of-contents)
+
+Code Repository
+===============
+
+The code repository of this project is hosted on github at [openresty/lua-nginx-module](https://github.com/openresty/lua-nginx-module).
+
+[Back to TOC](#table-of-contents)
+
+Bugs and Patches
+================
+
+Please submit bug reports, wishlists, or patches by
+
+1. creating a ticket on the [GitHub Issue Tracker](https://github.com/openresty/lua-nginx-module/issues),
+1. or posting to the [OpenResty community](#community).
+
+[Back to TOC](#table-of-contents)
+
+Lua/LuaJIT bytecode support
+===========================
+
+As from the `v0.5.0rc32` release, all `*_by_lua_file` configure directives (such as [content_by_lua_file](#content_by_lua_file)) support loading Lua 5.1 and LuaJIT 2.0/2.1 raw bytecode files directly.
+
+Please note that the bytecode format used by LuaJIT 2.0/2.1 is not compatible with that used by the standard Lua 5.1 interpreter. So if using LuaJIT 2.0/2.1 with ngx_lua, LuaJIT compatible bytecode files must be generated as shown:
+
+```bash
+
+ /path/to/luajit/bin/luajit -b /path/to/input_file.lua /path/to/output_file.ljbc
+```
+
+The `-bg` option can be used to include debug information in the LuaJIT bytecode file:
+
+```bash
+
+ /path/to/luajit/bin/luajit -bg /path/to/input_file.lua /path/to/output_file.ljbc
+```
+
+Please refer to the official LuaJIT documentation on the `-b` option for more details:
+
+
+
+Also, the bytecode files generated by LuaJIT 2.1 is *not* compatible with LuaJIT 2.0, and vice versa. The support for LuaJIT 2.1 bytecode was first added in ngx_lua v0.9.3.
+
+Similarly, if using the standard Lua 5.1 interpreter with ngx_lua, Lua compatible bytecode files must be generated using the `luac` commandline utility as shown:
+
+```bash
+
+ luac -o /path/to/output_file.luac /path/to/input_file.lua
+```
+
+Unlike as with LuaJIT, debug information is included in standard Lua 5.1 bytecode files by default. This can be striped out by specifying the `-s` option as shown:
+
+```bash
+
+ luac -s -o /path/to/output_file.luac /path/to/input_file.lua
+```
+
+Attempts to load standard Lua 5.1 bytecode files into ngx_lua instances linked to LuaJIT 2.0/2.1 or vice versa, will result in an error message, such as that below, being logged into the Nginx `error.log` file:
+
+
+    [error] 13909#0: *1 failed to load Lua inlined code: bad byte-code header in /path/to/test_file.luac
+
+
+Loading bytecode files via the Lua primitives like `require` and `dofile` should always work as expected.
+
+[Back to TOC](#table-of-contents)
+
+System Environment Variable Support
+===================================
+
+If you want to access the system environment variable, say, `foo`, in Lua via the standard Lua API [os.getenv](http://www.lua.org/manual/5.1/manual.html#pdf-os.getenv), then you should also list this environment variable name in your `nginx.conf` file via the [env directive](http://nginx.org/en/docs/ngx_core_module.html#env). For example,
+
+```nginx
+
+ env foo;
+```
+
+[Back to TOC](#table-of-contents)
+
+HTTP 1.0 support
+================
+
+The HTTP 1.0 protocol does not support chunked output and requires an explicit `Content-Length` header when the response body is not empty in order to support the HTTP 1.0 keep-alive.
+So when a HTTP 1.0 request is made and the [lua_http10_buffering](#lua_http10_buffering) directive is turned `on`, ngx_lua will buffer the
+output of [ngx.say](#ngxsay) and [ngx.print](#ngxprint) calls and also postpone sending response headers until all the response body output is received.
+At that time ngx_lua can calculate the total length of the body and construct a proper `Content-Length` header to return to the HTTP 1.0 client.
+If the `Content-Length` response header is set in the running Lua code, however, this buffering will be disabled even if the [lua_http10_buffering](#lua_http10_buffering) directive is turned `on`.
+
+For large streaming output responses, it is important to disable the [lua_http10_buffering](#lua_http10_buffering) directive to minimise memory usage.
+
+Note that common HTTP benchmark tools such as `ab` and `http_load` issue HTTP 1.0 requests by default.
+To force `curl` to send HTTP 1.0 requests, use the `-0` option.
+
+[Back to TOC](#table-of-contents)
+
+Statically Linking Pure Lua Modules
+===================================
+
+When LuaJIT 2.x is used, it is possible to statically link the bytecode of pure Lua modules into the Nginx executable.
+
+Basically you use the `luajit` executable to compile `.lua` Lua module files to `.o` object files containing the exported bytecode data, and then link the `.o` files directly in your Nginx build.
+
+Below is a trivial example to demonstrate this. Consider that we have the following `.lua` file named `foo.lua`:
+
+```lua
+
+ -- foo.lua
+ local _M = {}
+
+ function _M.go()
+     print("Hello from foo")
+ end
+
+ return _M
+```
+
+And then we compile this `.lua` file to `foo.o` file:
+
+    /path/to/luajit/bin/luajit -bg foo.lua foo.o
+
+What matters here is the name of the `.lua` file, which determines how you use this module later on the Lua land. The file name `foo.o` does not matter at all except the `.o` file extension (which tells `luajit` what output format is used). If you want to strip the Lua debug information from the resulting bytecode, you can just specify the `-b` option above instead of `-bg`.
+
+Then when building Nginx or OpenResty, pass the `--with-ld-opt="foo.o"` option to the `./configure` script:
+
+```bash
+
+ ./configure --with-ld-opt="/path/to/foo.o" ...
+```
+
+Finally, you can just do the following in any Lua code run by ngx_lua:
+
+```lua
+
+ local foo = require "foo"
+ foo.go()
+```
+
+And this piece of code no longer depends on the external `foo.lua` file any more because it has already been compiled into the `nginx` executable.
+
+If you want to use dot in the Lua module name when calling `require`, as in
+
+```lua
+
+ local foo = require "resty.foo"
+```
+
+then you need to rename the `foo.lua` file to `resty_foo.lua` before compiling it down to a `.o` file with the `luajit` command-line utility.
+
+It is important to use exactly the same version of LuaJIT when compiling `.lua` files to `.o` files as building nginx + ngx_lua. This is because the LuaJIT bytecode format may be incompatible between different LuaJIT versions. When the bytecode format is incompatible, you will see a Lua runtime error saying that the Lua module is not found.
+
+When you have multiple `.lua` files to compile and link, then just specify their `.o` files at the same time in the value of the `--with-ld-opt` option. For instance,
+
+```bash
+
+ ./configure --with-ld-opt="/path/to/foo.o /path/to/bar.o" ...
+```
+
+If you have just too many `.o` files, then it might not be feasible to name them all in a single command. In this case, you can build a static library (or archive) for your `.o` files, as in
+
+```bash
+
+ ar rcus libmyluafiles.a *.o
+```
+
+then you can link the `myluafiles` archive as a whole to your nginx executable:
+
+```bash
+
+ ./configure \
+     --with-ld-opt="-L/path/to/lib -Wl,--whole-archive -lmyluafiles -Wl,--no-whole-archive"
+```
+
+where `/path/to/lib` is the path of the directory containing the `libmyluafiles.a` file. It should be noted that the linker option `--whole-archive` is required here because otherwise our archive will be skipped because no symbols in our archive are mentioned in the main parts of the nginx executable.
+
+[Back to TOC](#table-of-contents)
+
+Data Sharing within an Nginx Worker
+===================================
+
+To globally share data among all the requests handled by the same nginx worker process, encapsulate the shared data into a Lua module, use the Lua `require` builtin to import the module, and then manipulate the shared data in Lua. This works because required Lua modules are loaded only once and all coroutines will share the same copy of the module (both its code and data). Note however that Lua global variables (note, not module-level variables) WILL NOT persist between requests because of the one-coroutine-per-request isolation design.
+
+Here is a complete small example:
+
+```lua
+
+ -- mydata.lua
+ local _M = {}
+
+ local data = {
+     dog = 3,
+     cat = 4,
+     pig = 5,
+ }
+
+ function _M.get_age(name)
+     return data[name]
+ end
+
+ return _M
+```
+
+and then accessing it from `nginx.conf`:
+
+```nginx
+
+ location /lua {
+     content_by_lua_block {
+         local mydata = require "mydata"
+         ngx.say(mydata.get_age("dog"))
+     }
+ }
+```
+
+The `mydata` module in this example will only be loaded and run on the first request to the location `/lua`,
+and all subsequent requests to the same nginx worker process will use the reloaded instance of the
+module as well as the same copy of the data in it, until a `HUP` signal is sent to the Nginx master process to force a reload.
+This data sharing technique is essential for high performance Lua applications based on this module.
+
+Note that this data sharing is on a *per-worker* basis and not on a *per-server* basis. That is, when there are multiple nginx worker processes under an Nginx master, data sharing cannot cross the process boundary between these workers.
+
+It is usually recommended to share read-only data this way. You can also share changeable data among all the concurrent requests of each nginx worker process as
+long as there is *no* nonblocking I/O operations (including [ngx.sleep](#ngxsleep))
+in the middle of your calculations. As long as you do not give the
+control back to the nginx event loop and ngx_lua's light thread
+scheduler (even implicitly), there can never be any race conditions in
+between. For this reason, always be very careful when you want to share changeable data on the
+worker level. Buggy optimizations can easily lead to hard-to-debug
+race conditions under load.
+
+If server-wide data sharing is required, then use one or more of the following approaches:
+
+1. Use the [ngx.shared.DICT](#ngxshareddict) API provided by this module.
+1. Use only a single nginx worker and a single server (this is however not recommended when there is a multi core CPU or multiple CPUs in a single machine).
+1. Use data storage mechanisms such as `memcached`, `redis`, `MySQL` or `PostgreSQL`. [The OpenResty bundle](http://openresty.org) associated with this module comes with a set of companion Nginx modules and Lua libraries that provide interfaces with these data storage mechanisms.
+
+[Back to TOC](#table-of-contents)
+
+Known Issues
+============
+
+[Back to TOC](#table-of-contents)
+
+TCP socket connect operation issues
+-----------------------------------
+The [tcpsock:connect](#tcpsockconnect) method may indicate `success` despite connection failures such as with `Connection Refused` errors.
+
+However, later attempts to manipulate the cosocket object will fail and return the actual error status message generated by the failed connect operation.
+
+This issue is due to limitations in the Nginx event model and only appears to affect Mac OS X.
+
+[Back to TOC](#table-of-contents)
+
+Lua Coroutine Yielding/Resuming
+-------------------------------
+* Because Lua's `dofile` and `require` builtins are currently implemented as C functions in both Lua 5.1 and LuaJIT 2.0/2.1, if the Lua file being loaded by `dofile` or `require` invokes [ngx.location.capture*](#ngxlocationcapture), [ngx.exec](#ngxexec), [ngx.exit](#ngxexit), or other API functions requiring yielding in the *top-level* scope of the Lua file, then the Lua error "attempt to yield across C-call boundary" will be raised. To avoid this, put these calls requiring yielding into your own Lua functions in the Lua file instead of the top-level scope of the file.
+* As the standard Lua 5.1 interpreter's VM is not fully resumable, the methods [ngx.location.capture](#ngxlocationcapture), [ngx.location.capture_multi](#ngxlocationcapture_multi), [ngx.redirect](#ngxredirect), [ngx.exec](#ngxexec), and [ngx.exit](#ngxexit) cannot be used within the context of a Lua [pcall()](http://www.lua.org/manual/5.1/manual.html#pdf-pcall) or [xpcall()](http://www.lua.org/manual/5.1/manual.html#pdf-xpcall) or even the first line of the `for ... in ...` statement when the standard Lua 5.1 interpreter is used and the `attempt to yield across metamethod/C-call boundary` error will be produced. Please use LuaJIT 2.x, which supports a fully resumable VM, to avoid this.
+
+[Back to TOC](#table-of-contents)
+
+Lua Variable Scope
+------------------
+Care must be taken when importing modules and this form should be used:
+
+```lua
+
+ local xxx = require('xxx')
+```
+
+instead of the old deprecated form:
+
+```lua
+
+ require('xxx')
+```
+
+Here is the reason: by design, the global environment has exactly the same lifetime as the Nginx request handler associated with it. Each request handler has its own set of Lua global variables and that is the idea of request isolation. The Lua module is actually loaded by the first Nginx request handler and is cached by the `require()` built-in in the `package.loaded` table for later reference, and the `module()` builtin used by some Lua modules has the side effect of setting a global variable to the loaded module table. But this global variable will be cleared at the end of the request handler,  and every subsequent request handler all has its own (clean) global environment. So one will get Lua exception for accessing the `nil` value.
+
+The use of Lua global variables is a generally inadvisable in the ngx_lua context as:
+
+1. the misuse of Lua globals has detrimental side effects on concurrent requests when such variables should instead be local in scope,
+1. Lua global variables require Lua table look-ups in the global environment which is computationally expensive, and
+1. some Lua global variable references may include typing errors which make such difficult to debug.
+
+It is therefore *highly* recommended to always declare such within an appropriate local scope instead.
+
+```lua
+
+ -- Avoid
+ foo = 123
+ -- Recommended
+ local foo = 123
+
+ -- Avoid
+ function foo() return 123 end
+ -- Recommended
+ local function foo() return 123 end
+```
+
+
+To find all instances of Lua global variables in your Lua code, run the [lua-releng tool](https://github.com/openresty/nginx-devel-utils/blob/master/lua-releng) across all `.lua` source files:
+
+    $ lua-releng
+    Checking use of Lua global variables in file lib/foo/bar.lua ...
+            1       [1489]  SETGLOBAL       7 -1    ; contains
+            55      [1506]  GETGLOBAL       7 -3    ; setvar
+            3       [1545]  GETGLOBAL       3 -4    ; varexpand
+
+The output says that the line 1489 of file `lib/foo/bar.lua` writes to a global variable named `contains`, the line 1506 reads from the global variable `setvar`, and line 1545 reads the global `varexpand`.
+
+This tool will guarantee that local variables in the Lua module functions are all declared with the `local` keyword, otherwise a runtime exception will be thrown. It prevents undesirable race conditions while accessing such variables. See [Data Sharing within an Nginx Worker](#data-sharing-within-an-nginx-worker) for the reasons behind this.
+
+[Back to TOC](#table-of-contents)
+
+Locations Configured by Subrequest Directives of Other Modules
+--------------------------------------------------------------
+The [ngx.location.capture](#ngxlocationcapture) and [ngx.location.capture_multi](#ngxlocationcapture_multi) directives cannot capture locations that include the [add_before_body](http://nginx.org/en/docs/http/ngx_http_addition_module.html#add_before_body), [add_after_body](http://nginx.org/en/docs/http/ngx_http_addition_module.html#add_after_body), [auth_request](http://nginx.org/en/docs/http/ngx_http_auth_request_module.html#auth_request), [echo_location](http://github.com/openresty/echo-nginx-module#echo_location), [echo_location_async](http://github.com/openresty/echo-nginx-module#echo_location_async), [echo_subrequest](http://github.com/openresty/echo-nginx-module#echo_subrequest), or [echo_subrequest_async](http://github.com/openresty/echo-nginx-module#echo_subrequest_async) directives.
+
+```nginx
+
+ location /foo {
+     content_by_lua_block {
+         res = ngx.location.capture("/bar")
+     }
+ }
+ location /bar {
+     echo_location /blah;
+ }
+ location /blah {
+     echo "Success!";
+ }
+```
+
+```nginx
+
+ $ curl -i http://example.com/foo
+```
+
+will not work as expected.
+
+[Back to TOC](#table-of-contents)
+
+Cosockets Not Available Everywhere
+----------------------------------
+
+Due to internal limitations in the nginx core, the cosocket API is disabled in the following contexts: [set_by_lua*](#set_by_lua), [log_by_lua*](#log_by_lua), [header_filter_by_lua*](#header_filter_by_lua), and [body_filter_by_lua](#body_filter_by_lua).
+
+The cosockets are currently also disabled in the [init_by_lua*](#init_by_lua) and [init_worker_by_lua*](#init_worker_by_lua) directive contexts but we may add support for these contexts in the future because there is no limitation in the nginx core (or the limitation might be worked around).
+
+There exists a work-around, however, when the original context does *not* need to wait for the cosocket results. That is, creating a zero-delay timer via the [ngx.timer.at](#ngxtimerat) API and do the cosocket results in the timer handler, which runs asynchronously as to the original context creating the timer.
+
+[Back to TOC](#table-of-contents)
+
+Special Escaping Sequences
+--------------------------
+
+**NOTE** Following the `v0.9.17` release, this pitfall can be avoided by using the `*_by_lua_block {}` configuration directives.
+
+PCRE sequences such as `\d`, `\s`, or `\w`, require special attention because in string literals, the backslash character, `\`, is stripped out by both the Lua language parser and by the nginx config file parser before processing if not within a `*_by_lua_block {}` directive. So the following snippet will not work as expected:
+
+```nginx
+
+ # nginx.conf
+ ? location /test {
+ ?     content_by_lua '
+ ?         local regex = "\d+"  -- THIS IS WRONG OUTSIDE OF A *_by_lua_block DIRECTIVE
+ ?         local m = ngx.re.match("hello, 1234", regex)
+ ?         if m then ngx.say(m[0]) else ngx.say("not matched!") end
+ ?     ';
+ ? }
+ # evaluates to "not matched!"
+```
+
+To avoid this, *double* escape the backslash:
+
+```nginx
+
+ # nginx.conf
+ location /test {
+     content_by_lua '
+         local regex = "\\\\d+"
+         local m = ngx.re.match("hello, 1234", regex)
+         if m then ngx.say(m[0]) else ngx.say("not matched!") end
+     ';
+ }
+ # evaluates to "1234"
+```
+
+Here, `\\\\d+` is stripped down to `\\d+` by the Nginx config file parser and this is further stripped down to `\d+` by the Lua language parser before running.
+
+Alternatively, the regex pattern can be presented as a long-bracketed Lua string literal by encasing it in "long brackets", `[[...]]`, in which case backslashes have to only be escaped once for the Nginx config file parser.
+
+```nginx
+
+ # nginx.conf
+ location /test {
+     content_by_lua '
+         local regex = [[\\d+]]
+         local m = ngx.re.match("hello, 1234", regex)
+         if m then ngx.say(m[0]) else ngx.say("not matched!") end
+     ';
+ }
+ # evaluates to "1234"
+```
+
+Here, `[[\\d+]]` is stripped down to `[[\d+]]` by the Nginx config file parser and this is processed correctly.
+
+Note that a longer from of the long bracket, `[=[...]=]`, may be required if the regex pattern contains `[...]` sequences.
+The `[=[...]=]` form may be used as the default form if desired.
+
+```nginx
+
+ # nginx.conf
+ location /test {
+     content_by_lua '
+         local regex = [=[[0-9]+]=]
+         local m = ngx.re.match("hello, 1234", regex)
+         if m then ngx.say(m[0]) else ngx.say("not matched!") end
+     ';
+ }
+ # evaluates to "1234"
+```
+
+An alternative approach to escaping PCRE sequences is to ensure that Lua code is placed in external script files and executed using the various `*_by_lua_file` directives.
+With this approach, the backslashes are only stripped by the Lua language parser and therefore only need to be escaped once each.
+
+```lua
+
+ -- test.lua
+ local regex = "\\d+"
+ local m = ngx.re.match("hello, 1234", regex)
+ if m then ngx.say(m[0]) else ngx.say("not matched!") end
+ -- evaluates to "1234"
+```
+
+Within external script files, PCRE sequences presented as long-bracketed Lua string literals do not require modification.
+
+```lua
+
+ -- test.lua
+ local regex = [[\d+]]
+ local m = ngx.re.match("hello, 1234", regex)
+ if m then ngx.say(m[0]) else ngx.say("not matched!") end
+ -- evaluates to "1234"
+```
+
+As noted earlier, PCRE sequences presented within `*_by_lua_block {}` directives (available following the `v0.9.17` release) do not require modification.
+
+```nginx
+
+ # nginx.conf
+ location /test {
+     content_by_lua_block {
+         local regex = [[\d+]]
+         local m = ngx.re.match("hello, 1234", regex)
+         if m then ngx.say(m[0]) else ngx.say("not matched!") end
+     }
+ }
+ # evaluates to "1234"
+```
+
+
+[Back to TOC](#table-of-contents)
+
+Mixing with SSI Not Supported
+-----------------------------
+
+Mixing SSI with ngx_lua in the same Nginx request is not supported at all. Just use ngx_lua exclusively. Everything you can do with SSI can be done atop ngx_lua anyway and it can be more efficient when using ngx_lua.
+
+[Back to TOC](#table-of-contents)
+
+SPDY Mode Not Fully Supported
+-----------------------------
+
+Certain Lua APIs provided by ngx_lua do not work in Nginx's SPDY mode yet: [ngx.location.capture](#ngxlocationcapture), [ngx.location.capture_multi](#ngxlocationcapture_multi), and [ngx.req.socket](#ngxreqsocket).
+
+[Back to TOC](#table-of-contents)
+
+Missing data on short circuited requests
+----------------------------------------
+
+Nginx may terminate a request early with (at least):
+
+* 400 (Bad Request)
+* 405 (Not Allowed)
+* 408 (Request Timeout)
+* 413 (Request Entity Too Large)
+* 414 (Request URI Too Large)
+* 494 (Request Headers Too Large)
+* 499 (Client Closed Request)
+* 500 (Internal Server Error)
+* 501 (Not Implemented)
+
+This means that phases that normally run are skipped, such as the rewrite or
+access phase. This also means that later phases that are run regardless, e.g.
+[log_by_lua](#log_by_lua), will not have access to information that is normally set in those
+phases.
+
+[Back to TOC](#table-of-contents)
+
+TODO
+====
+
+* cosocket: implement LuaSocket's unconnected UDP API.
+* port this module to the "datagram" subsystem of NGINX for implementing general UDP servers instead of HTTP
+servers in Lua. For example,
+```lua
+
+ datagram {
+     server {
+         listen 1953;
+         handler_by_lua_block {
+             -- custom Lua code implementing the special UDP server...
+         }
+     }
+ }
+```
+* shm: implement a "shared queue API" to complement the existing [shared dict](#lua_shared_dict) API.
+* cosocket: add support in the context of [init_by_lua*](#init_by_lua).
+* cosocket: implement the `bind()` method for stream-typed cosockets.
+* cosocket: pool-based backend concurrency level control: implement automatic `connect` queueing when the backend concurrency exceeds its connection pool limit.
+* cosocket: review and merge aviramc's [patch](https://github.com/openresty/lua-nginx-module/pull/290) for adding the `bsdrecv` method.
+* add new API function `ngx.resp.add_header` to emulate the standard `add_header` config directive.
+* review and apply vadim-pavlov's patch for [ngx.location.capture](#ngxlocationcapture)'s `extra_headers` option
+* use `ngx_hash_t` to optimize the built-in header look-up process for [ngx.req.set_header](#ngxreqset_header), [ngx.header.HEADER](#ngxheaderheader), and etc.
+* add configure options for different strategies of handling the cosocket connection exceeding in the pools.
+* add directives to run Lua codes when nginx stops.
+* add `ignore_resp_headers`, `ignore_resp_body`, and `ignore_resp` options to [ngx.location.capture](#ngxlocationcapture) and [ngx.location.capture_multi](#ngxlocationcapture_multi) methods, to allow micro performance tuning on the user side.
+* add automatic Lua code time slicing support by yielding and resuming the Lua VM actively via Lua's debug hooks.
+* add `stat` mode similar to [mod_lua](https://httpd.apache.org/docs/trunk/mod/mod_lua.html).
+* cosocket: add client SSL certificate support.
+
+[Back to TOC](#table-of-contents)
+
+Changes
+=======
+
+The changes made in every release of this module are listed in the change logs of the OpenResty bundle:
+
+
+
+[Back to TOC](#table-of-contents)
+
+Test Suite
+==========
+
+The following dependencies are required to run the test suite:
+
+* Nginx version >= 1.4.2
+
+* Perl modules:
+	* Test::Nginx: 
+
+* Nginx modules:
+	* [ngx_devel_kit](https://github.com/simplresty/ngx_devel_kit)
+	* [ngx_set_misc](https://github.com/openresty/set-misc-nginx-module)
+	* [ngx_auth_request](http://mdounin.ru/files/ngx_http_auth_request_module-0.2.tar.gz) (this is not needed if you're using Nginx 1.5.4+.
+	* [ngx_echo](https://github.com/openresty/echo-nginx-module)
+	* [ngx_memc](https://github.com/openresty/memc-nginx-module)
+	* [ngx_srcache](https://github.com/openresty/srcache-nginx-module)
+	* ngx_lua (i.e., this module)
+	* [ngx_lua_upstream](https://github.com/openresty/lua-upstream-nginx-module)
+	* [ngx_headers_more](https://github.com/openresty/headers-more-nginx-module)
+	* [ngx_drizzle](https://github.com/openresty/drizzle-nginx-module)
+	* [ngx_rds_json](https://github.com/openresty/rds-json-nginx-module)
+	* [ngx_coolkit](https://github.com/FRiCKLE/ngx_coolkit)
+	* [ngx_redis2](https://github.com/openresty/redis2-nginx-module)
+
+The order in which these modules are added during configuration is important because the position of any filter module in the
+filtering chain determines the final output, for example. The correct adding order is shown above.
+
+* 3rd-party Lua libraries:
+	* [lua-cjson](http://www.kyne.com.au/~mark/software/lua-cjson.php)
+
+* Applications:
+	* mysql: create database 'ngx_test', grant all privileges to user 'ngx_test', password is 'ngx_test'
+	* memcached: listening on the default port, 11211.
+	* redis: listening on the default port, 6379.
+
+See also the [developer build script](https://github.com/openresty/lua-nginx-module/blob/master/util/build.sh) for more details on setting up the testing environment.
+
+To run the whole test suite in the default testing mode:
+
+    cd /path/to/lua-nginx-module
+    export PATH=/path/to/your/nginx/sbin:$PATH
+    prove -I/path/to/test-nginx/lib -r t
+
+
+To run specific test files:
+
+    cd /path/to/lua-nginx-module
+    export PATH=/path/to/your/nginx/sbin:$PATH
+    prove -I/path/to/test-nginx/lib t/002-content.t t/003-errors.t
+
+
+To run a specific test block in a particular test file, add the line `--- ONLY` to the test block you want to run, and then use the `prove` utility to run that `.t` file.
+
+There are also various testing modes based on mockeagain, valgrind, and etc. Refer to the [Test::Nginx documentation](http://search.cpan.org/perldoc?Test::Nginx) for more details for various advanced testing modes. See also the test reports for the Nginx test cluster running on Amazon EC2: .
+
+[Back to TOC](#table-of-contents)
+
+Copyright and License
+=====================
+
+This module is licensed under the BSD license.
+
+Copyright (C) 2009-2017, by Xiaozhe Wang (chaoslawful) .
+
+Copyright (C) 2009-2018, by Yichun "agentzh" Zhang (章亦春) , OpenResty Inc.
+
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
+
+* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
+
+* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+[Back to TOC](#table-of-contents)
+
+See Also
+========
+
+* [ngx_stream_lua_module](https://github.com/openresty/stream-lua-nginx-module#readme) for an official port of this module for the NGINX "stream" subsystem (doing generic downstream TCP communications).
+* [lua-resty-memcached](https://github.com/openresty/lua-resty-memcached) library based on ngx_lua cosocket.
+* [lua-resty-redis](https://github.com/openresty/lua-resty-redis) library based on ngx_lua cosocket.
+* [lua-resty-mysql](https://github.com/openresty/lua-resty-mysql) library based on ngx_lua cosocket.
+* [lua-resty-upload](https://github.com/openresty/lua-resty-upload) library based on ngx_lua cosocket.
+* [lua-resty-dns](https://github.com/openresty/lua-resty-dns) library based on ngx_lua cosocket.
+* [lua-resty-websocket](https://github.com/openresty/lua-resty-websocket) library for both WebSocket server and client, based on ngx_lua cosocket.
+* [lua-resty-string](https://github.com/openresty/lua-resty-string) library based on [LuaJIT FFI](http://luajit.org/ext_ffi.html).
+* [lua-resty-lock](https://github.com/openresty/lua-resty-lock) library for a nonblocking simple lock API.
+* [lua-resty-cookie](https://github.com/cloudflare/lua-resty-cookie) library for HTTP cookie manipulation.
+* [Routing requests to different MySQL queries based on URI arguments](http://openresty.org/#RoutingMySQLQueriesBasedOnURIArgs)
+* [Dynamic Routing Based on Redis and Lua](http://openresty.org/#DynamicRoutingBasedOnRedis)
+* [Using LuaRocks with ngx_lua](http://openresty.org/#UsingLuaRocks)
+* [Introduction to ngx_lua](https://github.com/openresty/lua-nginx-module/wiki/Introduction)
+* [ngx_devel_kit](https://github.com/simplresty/ngx_devel_kit)
+* [echo-nginx-module](http://github.com/openresty/echo-nginx-module)
+* [drizzle-nginx-module](http://github.com/openresty/drizzle-nginx-module)
+* [postgres-nginx-module](https://github.com/FRiCKLE/ngx_postgres)
+* [memc-nginx-module](http://github.com/openresty/memc-nginx-module)
+* [The OpenResty bundle](http://openresty.org)
+* [Nginx Systemtap Toolkit](https://github.com/openresty/nginx-systemtap-toolkit)
+
+[Back to TOC](#table-of-contents)
+
+Directives
+==========
+
+* [lua_capture_error_log](#lua_capture_error_log)
+* [lua_use_default_type](#lua_use_default_type)
+* [lua_malloc_trim](#lua_malloc_trim)
+* [lua_code_cache](#lua_code_cache)
+* [lua_regex_cache_max_entries](#lua_regex_cache_max_entries)
+* [lua_regex_match_limit](#lua_regex_match_limit)
+* [lua_package_path](#lua_package_path)
+* [lua_package_cpath](#lua_package_cpath)
+* [init_by_lua](#init_by_lua)
+* [init_by_lua_block](#init_by_lua_block)
+* [init_by_lua_file](#init_by_lua_file)
+* [init_worker_by_lua](#init_worker_by_lua)
+* [init_worker_by_lua_block](#init_worker_by_lua_block)
+* [init_worker_by_lua_file](#init_worker_by_lua_file)
+* [set_by_lua](#set_by_lua)
+* [set_by_lua_block](#set_by_lua_block)
+* [set_by_lua_file](#set_by_lua_file)
+* [content_by_lua](#content_by_lua)
+* [content_by_lua_block](#content_by_lua_block)
+* [content_by_lua_file](#content_by_lua_file)
+* [rewrite_by_lua](#rewrite_by_lua)
+* [rewrite_by_lua_block](#rewrite_by_lua_block)
+* [rewrite_by_lua_file](#rewrite_by_lua_file)
+* [access_by_lua](#access_by_lua)
+* [access_by_lua_block](#access_by_lua_block)
+* [access_by_lua_file](#access_by_lua_file)
+* [header_filter_by_lua](#header_filter_by_lua)
+* [header_filter_by_lua_block](#header_filter_by_lua_block)
+* [header_filter_by_lua_file](#header_filter_by_lua_file)
+* [body_filter_by_lua](#body_filter_by_lua)
+* [body_filter_by_lua_block](#body_filter_by_lua_block)
+* [body_filter_by_lua_file](#body_filter_by_lua_file)
+* [log_by_lua](#log_by_lua)
+* [log_by_lua_block](#log_by_lua_block)
+* [log_by_lua_file](#log_by_lua_file)
+* [balancer_by_lua_block](#balancer_by_lua_block)
+* [balancer_by_lua_file](#balancer_by_lua_file)
+* [lua_need_request_body](#lua_need_request_body)
+* [ssl_certificate_by_lua_block](#ssl_certificate_by_lua_block)
+* [ssl_certificate_by_lua_file](#ssl_certificate_by_lua_file)
+* [ssl_session_fetch_by_lua_block](#ssl_session_fetch_by_lua_block)
+* [ssl_session_fetch_by_lua_file](#ssl_session_fetch_by_lua_file)
+* [ssl_session_store_by_lua_block](#ssl_session_store_by_lua_block)
+* [ssl_session_store_by_lua_file](#ssl_session_store_by_lua_file)
+* [lua_shared_dict](#lua_shared_dict)
+* [lua_socket_connect_timeout](#lua_socket_connect_timeout)
+* [lua_socket_send_timeout](#lua_socket_send_timeout)
+* [lua_socket_send_lowat](#lua_socket_send_lowat)
+* [lua_socket_read_timeout](#lua_socket_read_timeout)
+* [lua_socket_buffer_size](#lua_socket_buffer_size)
+* [lua_socket_pool_size](#lua_socket_pool_size)
+* [lua_socket_keepalive_timeout](#lua_socket_keepalive_timeout)
+* [lua_socket_log_errors](#lua_socket_log_errors)
+* [lua_ssl_ciphers](#lua_ssl_ciphers)
+* [lua_ssl_crl](#lua_ssl_crl)
+* [lua_ssl_protocols](#lua_ssl_protocols)
+* [lua_ssl_trusted_certificate](#lua_ssl_trusted_certificate)
+* [lua_ssl_verify_depth](#lua_ssl_verify_depth)
+* [lua_http10_buffering](#lua_http10_buffering)
+* [rewrite_by_lua_no_postpone](#rewrite_by_lua_no_postpone)
+* [access_by_lua_no_postpone](#access_by_lua_no_postpone)
+* [lua_transform_underscores_in_response_headers](#lua_transform_underscores_in_response_headers)
+* [lua_check_client_abort](#lua_check_client_abort)
+* [lua_max_pending_timers](#lua_max_pending_timers)
+* [lua_max_running_timers](#lua_max_running_timers)
+
+
+The basic building blocks of scripting Nginx with Lua are directives. Directives are used to specify when the user Lua code is run and
+how the result will be used. Below is a diagram showing the order in which directives are executed.
+
+![Lua Nginx Modules Directives](https://cloud.githubusercontent.com/assets/2137369/15272097/77d1c09e-1a37-11e6-97ef-d9767035fc3e.png)
+
+[Back to TOC](#table-of-contents)
+
+lua_capture_error_log
+---------------------
+**syntax:** *lua_capture_error_log size*
+
+**default:** *none*
+
+**context:** *http*
+
+Enables a buffer of the specified `size` for capturing all the nginx error log message data (not just those produced
+by this module or the nginx http subsystem, but everything) without touching files or disks.
+
+You can use units like `k` and `m` in the `size` value, as in
+
+```nginx
+
+ lua_capture_error_log 100k;
+```
+
+As a rule of thumb, a 4KB buffer can usually hold about 20 typical error log messages. So do the maths!
+
+This buffer never grows. If it is full, new error log messages will replace the oldest ones in the buffer.
+
+The size of the buffer must be bigger than the maximum length of a single error log message (which is 4K in OpenResty and 2K in stock NGINX).
+
+You can read the messages in the buffer on the Lua land via the
+[get_logs()](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/errlog.md#get_logs)
+function of the
+[ngx.errlog](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/errlog.md#readme)
+module of the [lua-resty-core](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/errlog.md#readme)
+library. This Lua API function will return the captured error log messages and
+also remove these already read from the global capturing buffer, making room
+for any new error log data. For this reason, the user should not configure this
+buffer to be too big if the user read the buffered error log data fast enough.
+
+Note that the log level specified in the standard [error_log](http://nginx.org/r/error_log) directive
+*does* have effect on this capturing facility. It only captures log
+messages of a level no lower than the specified log level in the [error_log](http://nginx.org/r/error_log) directive.
+The user can still choose to set an even higher filtering log level on the fly via the Lua API function
+[errlog.set_filter_level](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/errlog.md#set_filter_level).
+So it is more flexible than the static [error_log](http://nginx.org/r/error_log) directive.
+
+It is worth noting that there is no way to capture the debugging logs
+without building OpenResty or NGINX with the `./configure`
+option `--with-debug`. And enabling debugging logs is
+strongly discouraged in production builds due to high overhead.
+
+This directive was first introduced in the `v0.10.9` release.
+
+[Back to TOC](#directives)
+
+lua_use_default_type
+--------------------
+**syntax:** *lua_use_default_type on | off*
+
+**default:** *lua_use_default_type on*
+
+**context:** *http, server, location, location if*
+
+Specifies whether to use the MIME type specified by the [default_type](http://nginx.org/en/docs/http/ngx_http_core_module.html#default_type) directive for the default value of the `Content-Type` response header. Deactivate this directive if a default `Content-Type` response header for Lua request handlers is not desired.
+
+This directive is turned on by default.
+
+This directive was first introduced in the `v0.9.1` release.
+
+[Back to TOC](#directives)
+
+lua_malloc_trim
+---------------
+**syntax:** *lua_malloc_trim <request-count>*
+
+**default:** *lua_malloc_trim 1000*
+
+**context:** *http*
+
+Asks the underlying `libc` runtime library to release its cached free memory back to the operating system every
+`N` requests processed by the NGINX core. By default, `N` is 1000. You can configure the request count
+by using your own numbers. Smaller numbers mean more frequent releases, which may introduce higher CPU time consumption and
+smaller memory footprint while larger numbers usually lead to less CPU time overhead and relatively larger memory footprint.
+Just tune the number for your own use cases.
+
+Configuring the argument to `0` essentially turns off the periodical memory trimming altogether.
+
+```nginx
+
+ lua_malloc_trim 0;  # turn off trimming completely
+```
+
+The current implementation uses an NGINX log phase handler to do the request counting. So the appearance of the
+[log_subrequest on](http://nginx.org/en/docs/http/ngx_http_core_module.html#log_subrequest) directives in `nginx.conf`
+may make the counting faster when subrequests are involved. By default, only "main requests" count.
+
+Note that this directive does *not* affect the memory allocated by LuaJIT's own allocator based on the `mmap`
+system call.
+
+This directive was first introduced in the `v0.10.7` release.
+
+[Back to TOC](#directives)
+
+lua_code_cache
+--------------
+**syntax:** *lua_code_cache on | off*
+
+**default:** *lua_code_cache on*
+
+**context:** *http, server, location, location if*
+
+Enables or disables the Lua code cache for Lua code in `*_by_lua_file` directives (like [set_by_lua_file](#set_by_lua_file) and
+[content_by_lua_file](#content_by_lua_file)) and Lua modules.
+
+When turning off, every request served by ngx_lua will run in a separate Lua VM instance, starting from the `0.9.3` release. So the Lua files referenced in [set_by_lua_file](#set_by_lua_file),
+[content_by_lua_file](#content_by_lua_file), [access_by_lua_file](#access_by_lua_file),
+and etc will not be cached
+and all Lua modules used will be loaded from scratch. With this in place, developers can adopt an edit-and-refresh approach.
+
+Please note however, that Lua code written inlined within nginx.conf
+such as those specified by [set_by_lua](#set_by_lua), [content_by_lua](#content_by_lua),
+[access_by_lua](#access_by_lua), and [rewrite_by_lua](#rewrite_by_lua) will not be updated when you edit the inlined Lua code in your `nginx.conf` file because only the Nginx config file parser can correctly parse the `nginx.conf`
+file and the only way is to reload the config file
+by sending a `HUP` signal or just to restart Nginx.
+
+Even when the code cache is enabled, Lua files which are loaded by `dofile` or `loadfile`
+in *_by_lua_file cannot be cached (unless you cache the results yourself). Usually you can either use the [init_by_lua](#init_by_lua)
+or [init_by_lua_file](#init-by_lua_file) directives to load all such files or just make these Lua files true Lua modules
+and load them via `require`.
+
+The ngx_lua module does not support the `stat` mode available with the
+Apache `mod_lua` module (yet).
+
+Disabling the Lua code cache is strongly
+discouraged for production use and should only be used during
+development as it has a significant negative impact on overall performance. For example, the performance of a "hello world" Lua example can drop by an order of magnitude after disabling the Lua code cache.
+
+[Back to TOC](#directives)
+
+lua_regex_cache_max_entries
+---------------------------
+**syntax:** *lua_regex_cache_max_entries <num>*
+
+**default:** *lua_regex_cache_max_entries 1024*
+
+**context:** *http*
+
+Specifies the maximum number of entries allowed in the worker process level compiled regex cache.
+
+The regular expressions used in [ngx.re.match](#ngxrematch), [ngx.re.gmatch](#ngxregmatch), [ngx.re.sub](#ngxresub), and [ngx.re.gsub](#ngxregsub) will be cached within this cache if the regex option `o` (i.e., compile-once flag) is specified.
+
+The default number of entries allowed is 1024 and when this limit is reached, new regular expressions will not be cached (as if the `o` option was not specified) and there will be one, and only one, warning in the `error.log` file:
+
+
+    2011/08/27 23:18:26 [warn] 31997#0: *1 lua exceeding regex cache max entries (1024), ...
+
+
+If you are using the `ngx.re.*` implementation of [lua-resty-core](https://github.com/openresty/lua-resty-core) by loading the `resty.core.regex` module (or just the `resty.core` module), then an LRU cache is used for the regex cache being used here.
+
+Do not activate the `o` option for regular expressions (and/or `replace` string arguments for [ngx.re.sub](#ngxresub) and [ngx.re.gsub](#ngxregsub)) that are generated *on the fly* and give rise to infinite variations to avoid hitting the specified limit.
+
+[Back to TOC](#directives)
+
+lua_regex_match_limit
+---------------------
+**syntax:** *lua_regex_match_limit <num>*
+
+**default:** *lua_regex_match_limit 0*
+
+**context:** *http*
+
+Specifies the "match limit" used by the PCRE library when executing the [ngx.re API](#ngxrematch). To quote the PCRE manpage, "the limit ... has the effect of limiting the amount of backtracking that can take place."
+
+When the limit is hit, the error string "pcre_exec() failed: -8" will be returned by the [ngx.re API](#ngxrematch) functions on the Lua land.
+
+When setting the limit to 0, the default "match limit" when compiling the PCRE library is used. And this is the default value of this directive.
+
+This directive was first introduced in the `v0.8.5` release.
+
+[Back to TOC](#directives)
+
+lua_package_path
+----------------
+
+**syntax:** *lua_package_path <lua-style-path-str>*
+
+**default:** *The content of LUA_PATH environment variable or Lua's compiled-in defaults.*
+
+**context:** *http*
+
+Sets the Lua module search path used by scripts specified by [set_by_lua](#set_by_lua),
+[content_by_lua](#content_by_lua) and others. The path string is in standard Lua path form, and `;;`
+can be used to stand for the original search paths.
+
+As from the `v0.5.0rc29` release, the special notation `$prefix` or `${prefix}` can be used in the search path string to indicate the path of the `server prefix` usually determined by the `-p PATH` command-line option while starting the Nginx server.
+
+[Back to TOC](#directives)
+
+lua_package_cpath
+-----------------
+
+**syntax:** *lua_package_cpath <lua-style-cpath-str>*
+
+**default:** *The content of LUA_CPATH environment variable or Lua's compiled-in defaults.*
+
+**context:** *http*
+
+Sets the Lua C-module search path used by scripts specified by [set_by_lua](#set_by_lua),
+[content_by_lua](#content_by_lua) and others. The cpath string is in standard Lua cpath form, and `;;`
+can be used to stand for the original cpath.
+
+As from the `v0.5.0rc29` release, the special notation `$prefix` or `${prefix}` can be used in the search path string to indicate the path of the `server prefix` usually determined by the `-p PATH` command-line option while starting the Nginx server.
+
+[Back to TOC](#directives)
+
+init_by_lua
+-----------
+
+**syntax:** *init_by_lua <lua-script-str>*
+
+**context:** *http*
+
+**phase:** *loading-config*
+
+**NOTE** Use of this directive is *discouraged* following the `v0.9.17` release. Use the [init_by_lua_block](#init_by_lua_block) directive instead.
+
+Runs the Lua code specified by the argument `` on the global Lua VM level when the Nginx master process (if any) is loading the Nginx config file.
+
+When Nginx receives the `HUP` signal and starts reloading the config file, the Lua VM will also be re-created and `init_by_lua` will run again on the new Lua VM. In case that the [lua_code_cache](#lua_code_cache) directive is turned off (default on), the `init_by_lua` handler will run upon every request because in this special mode a standalone Lua VM is always created for each request.
+
+Usually you can pre-load Lua modules at server start-up by means of this hook and take advantage of modern operating systems' copy-on-write (COW) optimization. Here is an example for pre-loading Lua modules:
+
+```nginx
+
+ # this runs before forking out nginx worker processes:
+ init_by_lua_block { require "cjson" }
+
+ server {
+     location = /api {
+         content_by_lua_block {
+             -- the following require() will just  return
+             -- the alrady loaded module from package.loaded:
+             ngx.say(require "cjson".encode{dog = 5, cat = 6})
+         }
+     }
+ }
+```
+
+You can also initialize the [lua_shared_dict](#lua_shared_dict) shm storage at this phase. Here is an example for this:
+
+```nginx
+
+ lua_shared_dict dogs 1m;
+
+ init_by_lua_block {
+     local dogs = ngx.shared.dogs;
+     dogs:set("Tom", 56)
+ }
+
+ server {
+     location = /api {
+         content_by_lua_block {
+             local dogs = ngx.shared.dogs;
+             ngx.say(dogs:get("Tom"))
+         }
+     }
+ }
+```
+
+But note that, the [lua_shared_dict](#lua_shared_dict)'s shm storage will not be cleared through a config reload (via the `HUP` signal, for example). So if you do *not* want to re-initialize the shm storage in your `init_by_lua` code in this case, then you just need to set a custom flag in the shm storage and always check the flag in your `init_by_lua` code.
+
+Because the Lua code in this context runs before Nginx forks its worker processes (if any), data or code loaded here will enjoy the [Copy-on-write (COW)](http://en.wikipedia.org/wiki/Copy-on-write) feature provided by many operating systems among all the worker processes, thus saving a lot of memory.
+
+Do *not* initialize your own Lua global variables in this context because use of Lua global variables have performance penalties and can lead to global namespace pollution (see the [Lua Variable Scope](#lua-variable-scope) section for more details). The recommended way is to use proper [Lua module](http://www.lua.org/manual/5.1/manual.html#5.3) files (but do not use the standard Lua function [module()](http://www.lua.org/manual/5.1/manual.html#pdf-module) to define Lua modules because it pollutes the global namespace as well) and call [require()](http://www.lua.org/manual/5.1/manual.html#pdf-require) to load your own module files in `init_by_lua` or other contexts ([require()](http://www.lua.org/manual/5.1/manual.html#pdf-require) does cache the loaded Lua modules in the global `package.loaded` table in the Lua registry so your modules will only loaded once for the whole Lua VM instance).
+
+Only a small set of the [Nginx API for Lua](#nginx-api-for-lua) is supported in this context:
+
+* Logging APIs: [ngx.log](#ngxlog) and [print](#print),
+* Shared Dictionary API: [ngx.shared.DICT](#ngxshareddict).
+
+More Nginx APIs for Lua may be supported in this context upon future user requests.
+
+Basically you can safely use Lua libraries that do blocking I/O in this very context because blocking the master process during server start-up is completely okay. Even the Nginx core does blocking I/O (at least on resolving upstream's host names) at the configure-loading phase.
+
+You should be very careful about potential security vulnerabilities in your Lua code registered in this context because the Nginx master process is often run under the `root` account.
+
+This directive was first introduced in the `v0.5.5` release.
+
+[Back to TOC](#directives)
+
+init_by_lua_block
+-----------------
+
+**syntax:** *init_by_lua_block { lua-script }*
+
+**context:** *http*
+
+**phase:** *loading-config*
+
+Similar to the [init_by_lua](#init_by_lua) directive except that this directive inlines
+the Lua source directly
+inside a pair of curly braces (`{}`) instead of in an NGINX string literal (which requires
+special character escaping).
+
+For instance,
+
+```nginx
+
+ init_by_lua_block {
+     print("I need no extra escaping here, for example: \r\nblah")
+ }
+```
+
+This directive was first introduced in the `v0.9.17` release.
+
+[Back to TOC](#directives)
+
+init_by_lua_file
+----------------
+
+**syntax:** *init_by_lua_file <path-to-lua-script-file>*
+
+**context:** *http*
+
+**phase:** *loading-config*
+
+Equivalent to [init_by_lua](#init_by_lua), except that the file specified by `` contains the Lua code or [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
+
+When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
+
+This directive was first introduced in the `v0.5.5` release.
+
+[Back to TOC](#directives)
+
+init_worker_by_lua
+------------------
+
+**syntax:** *init_worker_by_lua <lua-script-str>*
+
+**context:** *http*
+
+**phase:** *starting-worker*
+
+**NOTE** Use of this directive is *discouraged* following the `v0.9.17` release. Use the [init_worker_by_lua_block](#init_worker_by_lua_block) directive instead.
+
+Runs the specified Lua code upon every Nginx worker process's startup when the master process is enabled. When the master process is disabled, this hook will just run after [init_by_lua*](#init_by_lua).
+
+This hook is often used to create per-worker reoccurring timers (via the [ngx.timer.at](#ngxtimerat) Lua API), either for backend health-check or other timed routine work. Below is an example,
+
+```nginx
+
+ init_worker_by_lua '
+     local delay = 3  -- in seconds
+     local new_timer = ngx.timer.at
+     local log = ngx.log
+     local ERR = ngx.ERR
+     local check
+
+     check = function(premature)
+         if not premature then
+             -- do the health check or other routine work
+             local ok, err = new_timer(delay, check)
+             if not ok then
+                 log(ERR, "failed to create timer: ", err)
+                 return
+             end
+         end
+     end
+
+     local hdl, err = new_timer(delay, check)
+     if not hdl then
+         log(ERR, "failed to create timer: ", err)
+         return
+     end
+ ';
+```
+
+This directive was first introduced in the `v0.9.5` release.
+
+This hook no longer runs in the cache manager and cache loader processes since the `v0.10.12` release.
+
+[Back to TOC](#directives)
+
+init_worker_by_lua_block
+------------------------
+
+**syntax:** *init_worker_by_lua_block { lua-script }*
+
+**context:** *http*
+
+**phase:** *starting-worker*
+
+Similar to the [init_worker_by_lua](#init_worker_by_lua) directive except that this directive inlines
+the Lua source directly
+inside a pair of curly braces (`{}`) instead of in an NGINX string literal (which requires
+special character escaping).
+
+For instance,
+
+```nginx
+
+ init_worker_by_lua_block {
+     print("I need no extra escaping here, for example: \r\nblah")
+ }
+```
+
+This directive was first introduced in the `v0.9.17` release.
+
+This hook no longer runs in the cache manager and cache loader processes since the `v0.10.12` release.
+
+[Back to TOC](#directives)
+
+init_worker_by_lua_file
+-----------------------
+
+**syntax:** *init_worker_by_lua_file <lua-file-path>*
+
+**context:** *http*
+
+**phase:** *starting-worker*
+
+Similar to [init_worker_by_lua](#init_worker_by_lua), but accepts the file path to a Lua source file or Lua bytecode file.
+
+This directive was first introduced in the `v0.9.5` release.
+
+This hook no longer runs in the cache manager and cache loader processes since the `v0.10.12` release.
+
+[Back to TOC](#directives)
+
+set_by_lua
+----------
+
+**syntax:** *set_by_lua $res <lua-script-str> [$arg1 $arg2 ...]*
+
+**context:** *server, server if, location, location if*
+
+**phase:** *rewrite*
+
+**NOTE** Use of this directive is *discouraged* following the `v0.9.17` release. Use the [set_by_lua_block](#set_by_lua_block) directive instead.
+
+Executes code specified in `` with optional input arguments `$arg1 $arg2 ...`, and returns string output to `$res`.
+The code in `` can make [API calls](#nginx-api-for-lua) and can retrieve input arguments from the `ngx.arg` table (index starts from `1` and increases sequentially).
+
+This directive is designed to execute short, fast running code blocks as the Nginx event loop is blocked during code execution. Time consuming code sequences should therefore be avoided.
+
+This directive is implemented by injecting custom commands into the standard [ngx_http_rewrite_module](http://nginx.org/en/docs/http/ngx_http_rewrite_module.html)'s command list. Because [ngx_http_rewrite_module](http://nginx.org/en/docs/http/ngx_http_rewrite_module.html) does not support nonblocking I/O in its commands, Lua APIs requiring yielding the current Lua "light thread" cannot work in this directive.
+
+At least the following API functions are currently disabled within the context of `set_by_lua`:
+
+* Output API functions (e.g., [ngx.say](#ngxsay) and [ngx.send_headers](#ngxsend_headers))
+* Control API functions (e.g., [ngx.exit](#ngxexit))
+* Subrequest API functions (e.g., [ngx.location.capture](#ngxlocationcapture) and [ngx.location.capture_multi](#ngxlocationcapture_multi))
+* Cosocket API functions (e.g., [ngx.socket.tcp](#ngxsockettcp) and [ngx.req.socket](#ngxreqsocket)).
+* Sleeping API function [ngx.sleep](#ngxsleep).
+
+In addition, note that this directive can only write out a value to a single Nginx variable at
+a time. However, a workaround is possible using the [ngx.var.VARIABLE](#ngxvarvariable) interface.
+
+```nginx
+
+ location /foo {
+     set $diff ''; # we have to predefine the $diff variable here
+
+     set_by_lua $sum '
+         local a = 32
+         local b = 56
+
+         ngx.var.diff = a - b;  -- write to $diff directly
+         return a + b;          -- return the $sum value normally
+     ';
+
+     echo "sum = $sum, diff = $diff";
+ }
+```
+
+This directive can be freely mixed with all directives of the [ngx_http_rewrite_module](http://nginx.org/en/docs/http/ngx_http_rewrite_module.html), [set-misc-nginx-module](http://github.com/openresty/set-misc-nginx-module), and [array-var-nginx-module](http://github.com/openresty/array-var-nginx-module) modules. All of these directives will run in the same order as they appear in the config file.
+
+```nginx
+
+ set $foo 32;
+ set_by_lua $bar 'return tonumber(ngx.var.foo) + 1';
+ set $baz "bar: $bar";  # $baz == "bar: 33"
+```
+
+As from the `v0.5.0rc29` release, Nginx variable interpolation is disabled in the `` argument of this directive and therefore, the dollar sign character (`$`) can be used directly.
+
+This directive requires the [ngx_devel_kit](https://github.com/simplresty/ngx_devel_kit) module.
+
+[Back to TOC](#directives)
+
+set_by_lua_block
+----------------
+
+**syntax:** *set_by_lua_block $res { lua-script }*
+
+**context:** *server, server if, location, location if*
+
+**phase:** *rewrite*
+
+Similar to the [set_by_lua](#set_by_lua) directive except that
+
+1. this directive inlines the Lua source directly
+inside a pair of curly braces (`{}`) instead of in an NGINX string literal (which requires
+special character escaping), and
+1. this directive does not support extra arguments after the Lua script as in [set_by_lua](#set_by_lua).
+
+For example,
+
+```nginx
+
+ set_by_lua_block $res { return 32 + math.cos(32) }
+ # $res now has the value "32.834223360507" or alike.
+```
+
+No special escaping is required in the Lua code block.
+
+This directive was first introduced in the `v0.9.17` release.
+
+[Back to TOC](#directives)
+
+set_by_lua_file
+---------------
+**syntax:** *set_by_lua_file $res <path-to-lua-script-file> [$arg1 $arg2 ...]*
+
+**context:** *server, server if, location, location if*
+
+**phase:** *rewrite*
+
+Equivalent to [set_by_lua](#set_by_lua), except that the file specified by `` contains the Lua code, or, as from the `v0.5.0rc32` release, the [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
+
+Nginx variable interpolation is supported in the `` argument string of this directive. But special care must be taken for injection attacks.
+
+When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
+
+When the Lua code cache is turned on (by default), the user code is loaded once at the first request and cached
+and the Nginx config must be reloaded each time the Lua source file is modified.
+The Lua code cache can be temporarily disabled during development by
+switching [lua_code_cache](#lua_code_cache) `off` in `nginx.conf` to avoid reloading Nginx.
+
+This directive requires the [ngx_devel_kit](https://github.com/simplresty/ngx_devel_kit) module.
+
+[Back to TOC](#directives)
+
+content_by_lua
+--------------
+
+**syntax:** *content_by_lua <lua-script-str>*
+
+**context:** *location, location if*
+
+**phase:** *content*
+
+**NOTE** Use of this directive is *discouraged* following the `v0.9.17` release. Use the [content_by_lua_block](#content_by_lua_block) directive instead.
+
+Acts as a "content handler" and executes Lua code string specified in `` for every request.
+The Lua code may make [API calls](#nginx-api-for-lua) and is executed as a new spawned coroutine in an independent global environment (i.e. a sandbox).
+
+Do not use this directive and other content handler directives in the same location. For example, this directive and the [proxy_pass](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass) directive should not be used in the same location.
+
+[Back to TOC](#directives)
+
+content_by_lua_block
+--------------------
+
+**syntax:** *content_by_lua_block { lua-script }*
+
+**context:** *location, location if*
+
+**phase:** *content*
+
+Similar to the [content_by_lua](#content_by_lua) directive except that this directive inlines
+the Lua source directly
+inside a pair of curly braces (`{}`) instead of in an NGINX string literal (which requires
+special character escaping).
+
+For instance,
+
+```nginx
+
+ content_by_lua_block {
+     ngx.say("I need no extra escaping here, for example: \r\nblah")
+ }
+```
+
+This directive was first introduced in the `v0.9.17` release.
+
+[Back to TOC](#directives)
+
+content_by_lua_file
+-------------------
+
+**syntax:** *content_by_lua_file <path-to-lua-script-file>*
+
+**context:** *location, location if*
+
+**phase:** *content*
+
+Equivalent to [content_by_lua](#content_by_lua), except that the file specified by `` contains the Lua code, or, as from the `v0.5.0rc32` release, the [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
+
+Nginx variables can be used in the `` string to provide flexibility. This however carries some risks and is not ordinarily recommended.
+
+When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
+
+When the Lua code cache is turned on (by default), the user code is loaded once at the first request and cached
+and the Nginx config must be reloaded each time the Lua source file is modified.
+The Lua code cache can be temporarily disabled during development by
+switching [lua_code_cache](#lua_code_cache) `off` in `nginx.conf` to avoid reloading Nginx.
+
+Nginx variables are supported in the file path for dynamic dispatch, for example:
+
+```nginx
+
+ # CAUTION: contents in nginx var must be carefully filtered,
+ # otherwise there'll be great security risk!
+ location ~ ^/app/([-_a-zA-Z0-9/]+) {
+     set $path $1;
+     content_by_lua_file /path/to/lua/app/root/$path.lua;
+ }
+```
+
+But be very careful about malicious user inputs and always carefully validate or filter out the user-supplied path components.
+
+[Back to TOC](#directives)
+
+rewrite_by_lua
+--------------
+
+**syntax:** *rewrite_by_lua <lua-script-str>*
+
+**context:** *http, server, location, location if*
+
+**phase:** *rewrite tail*
+
+**NOTE** Use of this directive is *discouraged* following the `v0.9.17` release. Use the [rewrite_by_lua_block](#rewrite_by_lua_block) directive instead.
+
+Acts as a rewrite phase handler and executes Lua code string specified in `` for every request.
+The Lua code may make [API calls](#nginx-api-for-lua) and is executed as a new spawned coroutine in an independent global environment (i.e. a sandbox).
+
+Note that this handler always runs *after* the standard [ngx_http_rewrite_module](http://nginx.org/en/docs/http/ngx_http_rewrite_module.html). So the following will work as expected:
+
+```nginx
+
+ location /foo {
+     set $a 12; # create and initialize $a
+     set $b ""; # create and initialize $b
+     rewrite_by_lua 'ngx.var.b = tonumber(ngx.var.a) + 1';
+     echo "res = $b";
+ }
+```
+
+because `set $a 12` and `set $b ""` run *before* [rewrite_by_lua](#rewrite_by_lua).
+
+On the other hand, the following will not work as expected:
+
+```nginx
+
+ ?  location /foo {
+ ?      set $a 12; # create and initialize $a
+ ?      set $b ''; # create and initialize $b
+ ?      rewrite_by_lua 'ngx.var.b = tonumber(ngx.var.a) + 1';
+ ?      if ($b = '13') {
+ ?         rewrite ^ /bar redirect;
+ ?         break;
+ ?      }
+ ?
+ ?      echo "res = $b";
+ ?  }
+```
+
+because `if` runs *before* [rewrite_by_lua](#rewrite_by_lua) even if it is placed after [rewrite_by_lua](#rewrite_by_lua) in the config.
+
+The right way of doing this is as follows:
+
+```nginx
+
+ location /foo {
+     set $a 12; # create and initialize $a
+     set $b ''; # create and initialize $b
+     rewrite_by_lua '
+         ngx.var.b = tonumber(ngx.var.a) + 1
+         if tonumber(ngx.var.b) == 13 then
+             return ngx.redirect("/bar");
+         end
+     ';
+
+     echo "res = $b";
+ }
+```
+
+Note that the [ngx_eval](http://www.grid.net.ru/nginx/eval.en.html) module can be approximated by using [rewrite_by_lua](#rewrite_by_lua). For example,
+
+```nginx
+
+ location / {
+     eval $res {
+         proxy_pass http://foo.com/check-spam;
+     }
+
+     if ($res = 'spam') {
+         rewrite ^ /terms-of-use.html redirect;
+     }
+
+     fastcgi_pass ...;
+ }
+```
+
+can be implemented in ngx_lua as:
+
+```nginx
+
+ location = /check-spam {
+     internal;
+     proxy_pass http://foo.com/check-spam;
+ }
+
+ location / {
+     rewrite_by_lua '
+         local res = ngx.location.capture("/check-spam")
+         if res.body == "spam" then
+             return ngx.redirect("/terms-of-use.html")
+         end
+     ';
+
+     fastcgi_pass ...;
+ }
+```
+
+Just as any other rewrite phase handlers, [rewrite_by_lua](#rewrite_by_lua) also runs in subrequests.
+
+Note that when calling `ngx.exit(ngx.OK)` within a [rewrite_by_lua](#rewrite_by_lua) handler, the nginx request processing control flow will still continue to the content handler. To terminate the current request from within a [rewrite_by_lua](#rewrite_by_lua) handler, calling [ngx.exit](#ngxexit) with status >= 200 (`ngx.HTTP_OK`) and status < 300 (`ngx.HTTP_SPECIAL_RESPONSE`) for successful quits and `ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)` (or its friends) for failures.
+
+If the [ngx_http_rewrite_module](http://nginx.org/en/docs/http/ngx_http_rewrite_module.html)'s [rewrite](http://nginx.org/en/docs/http/ngx_http_rewrite_module.html#rewrite) directive is used to change the URI and initiate location re-lookups (internal redirections), then any [rewrite_by_lua](#rewrite_by_lua) or [rewrite_by_lua_file](#rewrite_by_lua_file) code sequences within the current location will not be executed. For example,
+
+```nginx
+
+ location /foo {
+     rewrite ^ /bar;
+     rewrite_by_lua 'ngx.exit(503)';
+ }
+ location /bar {
+     ...
+ }
+```
+
+Here the Lua code `ngx.exit(503)` will never run. This will be the case if `rewrite ^ /bar last` is used as this will similarly initiate an internal redirection. If the `break` modifier is used instead, there will be no internal redirection and the `rewrite_by_lua` code will be executed.
+
+The `rewrite_by_lua` code will always run at the end of the `rewrite` request-processing phase unless [rewrite_by_lua_no_postpone](#rewrite_by_lua_no_postpone) is turned on.
+
+[Back to TOC](#directives)
+
+rewrite_by_lua_block
+--------------------
+
+**syntax:** *rewrite_by_lua_block { lua-script }*
+
+**context:** *http, server, location, location if*
+
+**phase:** *rewrite tail*
+
+Similar to the [rewrite_by_lua](#rewrite_by_lua) directive except that this directive inlines
+the Lua source directly
+inside a pair of curly braces (`{}`) instead of in an NGINX string literal (which requires
+special character escaping).
+
+For instance,
+
+```nginx
+
+ rewrite_by_lua_block {
+     do_something("hello, world!\nhiya\n")
+ }
+```
+
+This directive was first introduced in the `v0.9.17` release.
+
+[Back to TOC](#directives)
+
+rewrite_by_lua_file
+-------------------
+
+**syntax:** *rewrite_by_lua_file <path-to-lua-script-file>*
+
+**context:** *http, server, location, location if*
+
+**phase:** *rewrite tail*
+
+Equivalent to [rewrite_by_lua](#rewrite_by_lua), except that the file specified by `` contains the Lua code, or, as from the `v0.5.0rc32` release, the [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
+
+Nginx variables can be used in the `` string to provide flexibility. This however carries some risks and is not ordinarily recommended.
+
+When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
+
+When the Lua code cache is turned on (by default), the user code is loaded once at the first request and cached and the Nginx config must be reloaded each time the Lua source file is modified. The Lua code cache can be temporarily disabled during development by switching [lua_code_cache](#lua_code_cache) `off` in `nginx.conf` to avoid reloading Nginx.
+
+The `rewrite_by_lua_file` code will always run at the end of the `rewrite` request-processing phase unless [rewrite_by_lua_no_postpone](#rewrite_by_lua_no_postpone) is turned on.
+
+Nginx variables are supported in the file path for dynamic dispatch just as in [content_by_lua_file](#content_by_lua_file).
+
+[Back to TOC](#directives)
+
+access_by_lua
+-------------
+
+**syntax:** *access_by_lua <lua-script-str>*
+
+**context:** *http, server, location, location if*
+
+**phase:** *access tail*
+
+**NOTE** Use of this directive is *discouraged* following the `v0.9.17` release. Use the [access_by_lua_block](#access_by_lua_block) directive instead.
+
+Acts as an access phase handler and executes Lua code string specified in `` for every request.
+The Lua code may make [API calls](#nginx-api-for-lua) and is executed as a new spawned coroutine in an independent global environment (i.e. a sandbox).
+
+Note that this handler always runs *after* the standard [ngx_http_access_module](http://nginx.org/en/docs/http/ngx_http_access_module.html). So the following will work as expected:
+
+```nginx
+
+ location / {
+     deny    192.168.1.1;
+     allow   192.168.1.0/24;
+     allow   10.1.1.0/16;
+     deny    all;
+
+     access_by_lua '
+         local res = ngx.location.capture("/mysql", { ... })
+         ...
+     ';
+
+     # proxy_pass/fastcgi_pass/...
+ }
+```
+
+That is, if a client IP address is in the blacklist, it will be denied before the MySQL query for more complex authentication is executed by [access_by_lua](#access_by_lua).
+
+Note that the [ngx_auth_request](http://mdounin.ru/hg/ngx_http_auth_request_module/) module can be approximated by using [access_by_lua](#access_by_lua):
+
+```nginx
+
+ location / {
+     auth_request /auth;
+
+     # proxy_pass/fastcgi_pass/postgres_pass/...
+ }
+```
+
+can be implemented in ngx_lua as:
+
+```nginx
+
+ location / {
+     access_by_lua '
+         local res = ngx.location.capture("/auth")
+
+         if res.status == ngx.HTTP_OK then
+             return
+         end
+
+         if res.status == ngx.HTTP_FORBIDDEN then
+             ngx.exit(res.status)
+         end
+
+         ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)
+     ';
+
+     # proxy_pass/fastcgi_pass/postgres_pass/...
+ }
+```
+
+As with other access phase handlers, [access_by_lua](#access_by_lua) will *not* run in subrequests.
+
+Note that when calling `ngx.exit(ngx.OK)` within a [access_by_lua](#access_by_lua) handler, the nginx request processing control flow will still continue to the content handler. To terminate the current request from within a [access_by_lua](#access_by_lua) handler, calling [ngx.exit](#ngxexit) with status >= 200 (`ngx.HTTP_OK`) and status < 300 (`ngx.HTTP_SPECIAL_RESPONSE`) for successful quits and `ngx.exit(ngx.HTTP_INTERNAL_SERVER_ERROR)` (or its friends) for failures.
+
+Starting from the `v0.9.20` release, you can use the [access_by_lua_no_postpone](#access_by_lua_no_postpone)
+directive to control when to run this handler inside the "access" request-processing phase
+of NGINX.
+
+[Back to TOC](#directives)
+
+access_by_lua_block
+-------------------
+
+**syntax:** *access_by_lua_block { lua-script }*
+
+**context:** *http, server, location, location if*
+
+**phase:** *access tail*
+
+Similar to the [access_by_lua](#access_by_lua) directive except that this directive inlines
+the Lua source directly
+inside a pair of curly braces (`{}`) instead of in an NGINX string literal (which requires
+special character escaping).
+
+For instance,
+
+```nginx
+
+ access_by_lua_block {
+     do_something("hello, world!\nhiya\n")
+ }
+```
+
+This directive was first introduced in the `v0.9.17` release.
+
+[Back to TOC](#directives)
+
+access_by_lua_file
+------------------
+
+**syntax:** *access_by_lua_file <path-to-lua-script-file>*
+
+**context:** *http, server, location, location if*
+
+**phase:** *access tail*
+
+Equivalent to [access_by_lua](#access_by_lua), except that the file specified by `` contains the Lua code, or, as from the `v0.5.0rc32` release, the [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
+
+Nginx variables can be used in the `` string to provide flexibility. This however carries some risks and is not ordinarily recommended.
+
+When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
+
+When the Lua code cache is turned on (by default), the user code is loaded once at the first request and cached
+and the Nginx config must be reloaded each time the Lua source file is modified.
+The Lua code cache can be temporarily disabled during development by switching [lua_code_cache](#lua_code_cache) `off` in `nginx.conf` to avoid repeatedly reloading Nginx.
+
+Nginx variables are supported in the file path for dynamic dispatch just as in [content_by_lua_file](#content_by_lua_file).
+
+[Back to TOC](#directives)
+
+header_filter_by_lua
+--------------------
+
+**syntax:** *header_filter_by_lua <lua-script-str>*
+
+**context:** *http, server, location, location if*
+
+**phase:** *output-header-filter*
+
+**NOTE** Use of this directive is *discouraged* following the `v0.9.17` release. Use the [header_filter_by_lua_block](#header_filter_by_lua_block) directive instead.
+
+Uses Lua code specified in `` to define an output header filter.
+
+Note that the following API functions are currently disabled within this context:
+
+* Output API functions (e.g., [ngx.say](#ngxsay) and [ngx.send_headers](#ngxsend_headers))
+* Control API functions (e.g., [ngx.redirect](#ngxredirect) and [ngx.exec](#ngxexec))
+* Subrequest API functions (e.g., [ngx.location.capture](#ngxlocationcapture) and [ngx.location.capture_multi](#ngxlocationcapture_multi))
+* Cosocket API functions (e.g., [ngx.socket.tcp](#ngxsockettcp) and [ngx.req.socket](#ngxreqsocket)).
+
+Here is an example of overriding a response header (or adding one if absent) in our Lua header filter:
+
+```nginx
+
+ location / {
+     proxy_pass http://mybackend;
+     header_filter_by_lua 'ngx.header.Foo = "blah"';
+ }
+```
+
+This directive was first introduced in the `v0.2.1rc20` release.
+
+[Back to TOC](#directives)
+
+header_filter_by_lua_block
+--------------------------
+
+**syntax:** *header_filter_by_lua_block { lua-script }*
+
+**context:** *http, server, location, location if*
+
+**phase:** *output-header-filter*
+
+Similar to the [header_filter_by_lua](#header_filter_by_lua) directive except that this directive inlines
+the Lua source directly
+inside a pair of curly braces (`{}`) instead of in an NGINX string literal (which requires
+special character escaping).
+
+For instance,
+
+```nginx
+
+ header_filter_by_lua_block {
+     ngx.header["content-length"] = nil
+ }
+```
+
+This directive was first introduced in the `v0.9.17` release.
+
+[Back to TOC](#directives)
+
+header_filter_by_lua_file
+-------------------------
+
+**syntax:** *header_filter_by_lua_file <path-to-lua-script-file>*
+
+**context:** *http, server, location, location if*
+
+**phase:** *output-header-filter*
+
+Equivalent to [header_filter_by_lua](#header_filter_by_lua), except that the file specified by `` contains the Lua code, or as from the `v0.5.0rc32` release, the [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
+
+When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
+
+This directive was first introduced in the `v0.2.1rc20` release.
+
+[Back to TOC](#directives)
+
+body_filter_by_lua
+------------------
+
+**syntax:** *body_filter_by_lua <lua-script-str>*
+
+**context:** *http, server, location, location if*
+
+**phase:** *output-body-filter*
+
+**NOTE** Use of this directive is *discouraged* following the `v0.9.17` release. Use the [body_filter_by_lua_block](#body_filter_by_lua_block) directive instead.
+
+Uses Lua code specified in `` to define an output body filter.
+
+The input data chunk is passed via [ngx.arg](#ngxarg)\[1\] (as a Lua string value) and the "eof" flag indicating the end of the response body data stream is passed via [ngx.arg](#ngxarg)\[2\] (as a Lua boolean value).
+
+Behind the scene, the "eof" flag is just the `last_buf` (for main requests) or `last_in_chain` (for subrequests) flag of the Nginx chain link buffers. (Before the `v0.7.14` release, the "eof" flag does not work at all in subrequests.)
+
+The output data stream can be aborted immediately by running the following Lua statement:
+
+```lua
+
+ return ngx.ERROR
+```
+
+This will truncate the response body and usually result in incomplete and also invalid responses.
+
+The Lua code can pass its own modified version of the input data chunk to the downstream Nginx output body filters by overriding [ngx.arg](#ngxarg)\[1\] with a Lua string or a Lua table of strings. For example, to transform all the lowercase letters in the response body, we can just write:
+
+```nginx
+
+ location / {
+     proxy_pass http://mybackend;
+     body_filter_by_lua 'ngx.arg[1] = string.upper(ngx.arg[1])';
+ }
+```
+
+When setting `nil` or an empty Lua string value to `ngx.arg[1]`, no data chunk will be passed to the downstream Nginx output filters at all.
+
+Likewise, new "eof" flag can also be specified by setting a boolean value to [ngx.arg](#ngxarg)\[2\]. For example,
+
+```nginx
+
+ location /t {
+     echo hello world;
+     echo hiya globe;
+
+     body_filter_by_lua '
+         local chunk = ngx.arg[1]
+         if string.match(chunk, "hello") then
+             ngx.arg[2] = true  -- new eof
+             return
+         end
+
+         -- just throw away any remaining chunk data
+         ngx.arg[1] = nil
+     ';
+ }
+```
+
+Then `GET /t` will just return the output
+
+
+    hello world
+
+
+That is, when the body filter sees a chunk containing the word "hello", then it will set the "eof" flag to true immediately, resulting in truncated but still valid responses.
+
+When the Lua code may change the length of the response body, then it is required to always clear out the `Content-Length` response header (if any) in a header filter to enforce streaming output, as in
+
+```nginx
+
+ location /foo {
+     # fastcgi_pass/proxy_pass/...
+
+     header_filter_by_lua_block { ngx.header.content_length = nil }
+     body_filter_by_lua 'ngx.arg[1] = string.len(ngx.arg[1]) .. "\\n"';
+ }
+```
+
+Note that the following API functions are currently disabled within this context due to the limitations in NGINX output filter's current implementation:
+
+* Output API functions (e.g., [ngx.say](#ngxsay) and [ngx.send_headers](#ngxsend_headers))
+* Control API functions (e.g., [ngx.exit](#ngxexit) and [ngx.exec](#ngxexec))
+* Subrequest API functions (e.g., [ngx.location.capture](#ngxlocationcapture) and [ngx.location.capture_multi](#ngxlocationcapture_multi))
+* Cosocket API functions (e.g., [ngx.socket.tcp](#ngxsockettcp) and [ngx.req.socket](#ngxreqsocket)).
+
+Nginx output filters may be called multiple times for a single request because response body may be delivered in chunks. Thus, the Lua code specified by in this directive may also run multiple times in the lifetime of a single HTTP request.
+
+This directive was first introduced in the `v0.5.0rc32` release.
+
+[Back to TOC](#directives)
+
+body_filter_by_lua_block
+------------------------
+
+**syntax:** *body_filter_by_lua_block { lua-script-str }*
+
+**context:** *http, server, location, location if*
+
+**phase:** *output-body-filter*
+
+Similar to the [body_filter_by_lua](#body_filter_by_lua) directive except that this directive inlines
+the Lua source directly
+inside a pair of curly braces (`{}`) instead of in an NGINX string literal (which requires
+special character escaping).
+
+For instance,
+
+```nginx
+
+ body_filter_by_lua_block {
+     local data, eof = ngx.arg[1], ngx.arg[2]
+ }
+```
+
+This directive was first introduced in the `v0.9.17` release.
+
+[Back to TOC](#directives)
+
+body_filter_by_lua_file
+-----------------------
+
+**syntax:** *body_filter_by_lua_file <path-to-lua-script-file>*
+
+**context:** *http, server, location, location if*
+
+**phase:** *output-body-filter*
+
+Equivalent to [body_filter_by_lua](#body_filter_by_lua), except that the file specified by `` contains the Lua code, or, as from the `v0.5.0rc32` release, the [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
+
+When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
+
+This directive was first introduced in the `v0.5.0rc32` release.
+
+[Back to TOC](#directives)
+
+log_by_lua
+----------
+
+**syntax:** *log_by_lua <lua-script-str>*
+
+**context:** *http, server, location, location if*
+
+**phase:** *log*
+
+**NOTE** Use of this directive is *discouraged* following the `v0.9.17` release. Use the [log_by_lua_block](#log_by_lua_block) directive instead.
+
+Runs the Lua source code inlined as the `` at the `log` request processing phase. This does not replace the current access logs, but runs before.
+
+Note that the following API functions are currently disabled within this context:
+
+* Output API functions (e.g., [ngx.say](#ngxsay) and [ngx.send_headers](#ngxsend_headers))
+* Control API functions (e.g., [ngx.exit](#ngxexit))
+* Subrequest API functions (e.g., [ngx.location.capture](#ngxlocationcapture) and [ngx.location.capture_multi](#ngxlocationcapture_multi))
+* Cosocket API functions (e.g., [ngx.socket.tcp](#ngxsockettcp) and [ngx.req.socket](#ngxreqsocket)).
+
+Here is an example of gathering average data for [$upstream_response_time](http://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_response_time):
+
+```nginx
+
+ lua_shared_dict log_dict 5M;
+
+ server {
+     location / {
+         proxy_pass http://mybackend;
+
+         log_by_lua '
+             local log_dict = ngx.shared.log_dict
+             local upstream_time = tonumber(ngx.var.upstream_response_time)
+
+             local sum = log_dict:get("upstream_time-sum") or 0
+             sum = sum + upstream_time
+             log_dict:set("upstream_time-sum", sum)
+
+             local newval, err = log_dict:incr("upstream_time-nb", 1)
+             if not newval and err == "not found" then
+                 log_dict:add("upstream_time-nb", 0)
+                 log_dict:incr("upstream_time-nb", 1)
+             end
+         ';
+     }
+
+     location = /status {
+         content_by_lua_block {
+             local log_dict = ngx.shared.log_dict
+             local sum = log_dict:get("upstream_time-sum")
+             local nb = log_dict:get("upstream_time-nb")
+
+             if nb and sum then
+                 ngx.say("average upstream response time: ", sum / nb,
+                         " (", nb, " reqs)")
+             else
+                 ngx.say("no data yet")
+             end
+         }
+     }
+ }
+```
+
+This directive was first introduced in the `v0.5.0rc31` release.
+
+[Back to TOC](#directives)
+
+log_by_lua_block
+----------------
+
+**syntax:** *log_by_lua_block { lua-script }*
+
+**context:** *http, server, location, location if*
+
+**phase:** *log*
+
+Similar to the [log_by_lua](#log_by_lua) directive except that this directive inlines
+the Lua source directly
+inside a pair of curly braces (`{}`) instead of in an NGINX string literal (which requires
+special character escaping).
+
+For instance,
+
+```nginx
+
+ log_by_lua_block {
+     print("I need no extra escaping here, for example: \r\nblah")
+ }
+```
+
+This directive was first introduced in the `v0.9.17` release.
+
+[Back to TOC](#directives)
+
+log_by_lua_file
+---------------
+
+**syntax:** *log_by_lua_file <path-to-lua-script-file>*
+
+**context:** *http, server, location, location if*
+
+**phase:** *log*
+
+Equivalent to [log_by_lua](#log_by_lua), except that the file specified by `` contains the Lua code, or, as from the `v0.5.0rc32` release, the [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
+
+When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
+
+This directive was first introduced in the `v0.5.0rc31` release.
+
+[Back to TOC](#directives)
+
+balancer_by_lua_block
+---------------------
+
+**syntax:** *balancer_by_lua_block { lua-script }*
+
+**context:** *upstream*
+
+**phase:** *content*
+
+This directive runs Lua code as an upstream balancer for any upstream entities defined
+by the `upstream {}` configuration block.
+
+For instance,
+
+```nginx
+
+ upstream foo {
+     server 127.0.0.1;
+     balancer_by_lua_block {
+         -- use Lua to do something interesting here
+         -- as a dynamic balancer
+     }
+ }
+
+ server {
+     location / {
+         proxy_pass http://foo;
+     }
+ }
+```
+
+The resulting Lua load balancer can work with any existing nginx upstream modules
+like [ngx_proxy](http://nginx.org/en/docs/http/ngx_http_proxy_module.html) and
+[ngx_fastcgi](http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html).
+
+Also, the Lua load balancer can work with the standard upstream connection pool mechanism,
+i.e., the standard [keepalive](http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) directive.
+Just ensure that the [keepalive](http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive) directive
+is used *after* this `balancer_by_lua_block` directive in a single `upstream {}` configuration block.
+
+The Lua load balancer can totally ignore the list of servers defined in the `upstream {}` block
+and select peer from a completely dynamic server list (even changing per request) via the
+[ngx.balancer](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/balancer.md) module
+from the [lua-resty-core](https://github.com/openresty/lua-resty-core) library.
+
+The Lua code handler registered by this directive might get called more than once in a single
+downstream request when the nginx upstream mechanism retries the request on conditions
+specified by directives like the [proxy_next_upstream](http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream)
+directive.
+
+This Lua code execution context does not support yielding, so Lua APIs that may yield
+(like cosockets and "light threads") are disabled in this context. One can usually work
+around this limitation by doing such operations in an earlier phase handler (like
+[access_by_lua*](#access_by_lua)) and passing along the result into this context
+via the [ngx.ctx](#ngxctx) table.
+
+This directive was first introduced in the `v0.10.0` release.
+
+[Back to TOC](#directives)
+
+balancer_by_lua_file
+--------------------
+
+**syntax:** *balancer_by_lua_file <path-to-lua-script-file>*
+
+**context:** *upstream*
+
+**phase:** *content*
+
+Equivalent to [balancer_by_lua_block](#balancer_by_lua_block), except that the file specified by `` contains the Lua code, or, as from the `v0.5.0rc32` release, the [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
+
+When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
+
+This directive was first introduced in the `v0.10.0` release.
+
+[Back to TOC](#directives)
+
+lua_need_request_body
+---------------------
+
+**syntax:** *lua_need_request_body <on|off>*
+
+**default:** *off*
+
+**context:** *http, server, location, location if*
+
+**phase:** *depends on usage*
+
+Determines whether to force the request body data to be read before running rewrite/access/access_by_lua* or not. The Nginx core does not read the client request body by default and if request body data is required, then this directive should be turned `on` or the [ngx.req.read_body](#ngxreqread_body) function should be called within the Lua code.
+
+To read the request body data within the [$request_body](http://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_body) variable,
+[client_body_buffer_size](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size) must have the same value as [client_max_body_size](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size). Because when the content length exceeds [client_body_buffer_size](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_buffer_size) but less than [client_max_body_size](http://nginx.org/en/docs/http/ngx_http_core_module.html#client_max_body_size), Nginx will buffer the data into a temporary file on the disk, which will lead to empty value in the [$request_body](http://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_body) variable.
+
+If the current location includes [rewrite_by_lua*](#rewrite_by_lua) directives,
+then the request body will be read just before the [rewrite_by_lua*](#rewrite_by_lua) code is run (and also at the
+`rewrite` phase). Similarly, if only [content_by_lua](#content_by_lua) is specified,
+the request body will not be read until the content handler's Lua code is
+about to run (i.e., the request body will be read during the content phase).
+
+It is recommended however, to use the [ngx.req.read_body](#ngxreqread_body) and [ngx.req.discard_body](#ngxreqdiscard_body) functions for finer control over the request body reading process instead.
+
+This also applies to [access_by_lua*](#access_by_lua).
+
+[Back to TOC](#directives)
+
+ssl_certificate_by_lua_block
+----------------------------
+
+**syntax:** *ssl_certificate_by_lua_block { lua-script }*
+
+**context:** *server*
+
+**phase:** *right-before-SSL-handshake*
+
+This directive runs user Lua code when NGINX is about to start the SSL handshake for the downstream
+SSL (https) connections.
+
+It is particularly useful for setting the SSL certificate chain and the corresponding private key on a per-request
+basis. It is also useful to load such handshake configurations nonblockingly from the remote (for example,
+with the [cosocket](#ngxsockettcp) API). And one can also do per-request OCSP stapling handling in pure
+Lua here as well.
+
+Another typical use case is to do SSL handshake traffic control nonblockingly in this context,
+with the help of the [lua-resty-limit-traffic#readme](https://github.com/openresty/lua-resty-limit-traffic)
+library, for example.
+
+One can also do interesting things with the SSL handshake requests from the client side, like
+rejecting old SSL clients using the SSLv3 protocol or even below selectively.
+
+The [ngx.ssl](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl.md)
+and [ngx.ocsp](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ocsp.md) Lua modules
+provided by the [lua-resty-core](https://github.com/openresty/lua-resty-core/#readme)
+library are particularly useful in this context. You can use the Lua API offered by these two Lua modules
+to manipulate the SSL certificate chain and private key for the current SSL connection
+being initiated.
+
+This Lua handler does not run at all, however, when NGINX/OpenSSL successfully resumes
+the SSL session via SSL session IDs or TLS session tickets for the current SSL connection. In
+other words, this Lua handler only runs when NGINX has to initiate a full SSL handshake.
+
+Below is a trivial example using the
+[ngx.ssl](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl.md) module
+at the same time:
+
+```nginx
+
+ server {
+     listen 443 ssl;
+     server_name   test.com;
+
+     ssl_certificate_by_lua_block {
+         print("About to initiate a new SSL handshake!")
+     }
+
+     location / {
+         root html;
+     }
+ }
+```
+
+See more complicated examples in the [ngx.ssl](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl.md)
+and [ngx.ocsp](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ocsp.md)
+Lua modules' official documentation.
+
+Uncaught Lua exceptions in the user Lua code immediately abort the current SSL session, so does the
+[ngx.exit](#ngxexit) call with an error code like `ngx.ERROR`.
+
+This Lua code execution context *does* support yielding, so Lua APIs that may yield
+(like cosockets, sleeping, and "light threads")
+are enabled in this context.
+
+Note, however, you still need to configure the [ssl_certificate](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate) and
+[ssl_certificate_key](http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_certificate_key)
+directives even though you will not use this static certificate and private key at all. This is
+because the NGINX core requires their appearance otherwise you are seeing the following error
+while starting NGINX:
+
+
+    nginx: [emerg] no ssl configured for the server
+
+
+This directive currently requires the following NGINX core patch to work correctly:
+
+
+
+The bundled version of the NGINX core in OpenResty 1.9.7.2 (or above) already has this
+patch applied.
+
+Furthermore, one needs at least OpenSSL 1.0.2e for this directive to work.
+
+This directive was first introduced in the `v0.10.0` release.
+
+[Back to TOC](#directives)
+
+ssl_certificate_by_lua_file
+---------------------------
+
+**syntax:** *ssl_certificate_by_lua_file <path-to-lua-script-file>*
+
+**context:** *server*
+
+**phase:** *right-before-SSL-handshake*
+
+Equivalent to [ssl_certificate_by_lua_block](#ssl_certificate_by_lua_block), except that the file specified by `` contains the Lua code, or, as from the `v0.5.0rc32` release, the [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
+
+When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
+
+This directive was first introduced in the `v0.10.0` release.
+
+[Back to TOC](#directives)
+
+ssl_session_fetch_by_lua_block
+------------------------------
+
+**syntax:** *ssl_session_fetch_by_lua_block { lua-script }*
+
+**context:** *http*
+
+**phase:** *right-before-SSL-handshake*
+
+This directive runs Lua code to look up and load the SSL session (if any) according to the session ID
+provided by the current SSL handshake request for the downstream.
+
+The Lua API for obtaining the current session ID and loading a cached SSL session data
+is provided in the [ngx.ssl.session](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl/session.md)
+Lua module shipped with the [lua-resty-core](https://github.com/openresty/lua-resty-core#readme)
+library.
+
+Lua APIs that may yield, like [ngx.sleep](#ngxsleep) and [cosockets](#ngxsockettcp),
+are enabled in this context.
+
+This hook, together with the [ssl_session_store_by_lua*](#ssl_session_store_by_lua_block) hook,
+can be used to implement distributed caching mechanisms in pure Lua (based
+on the [cosocket](#ngxsockettcp) API, for example). If a cached SSL session is found
+and loaded into the current SSL connection context,
+SSL session resumption can then get immediately initiated and bypass the full SSL handshake process which is very expensive in terms of CPU time.
+
+Please note that TLS session tickets are very different and it is the clients' responsibility
+to cache the SSL session state when session tickets are used. SSL session resumptions based on
+TLS session tickets would happen automatically without going through this hook (nor the
+[ssl_session_store_by_lua_block](#ssl_session_store_by_lua) hook). This hook is mainly
+for older or less capable SSL clients that can only do SSL sessions by session IDs.
+
+When [ssl_certificate_by_lua*](#ssl_certificate_by_lua_block) is specified at the same time,
+this hook usually runs before [ssl_certificate_by_lua*](#ssl_certificate_by_lua_block).
+When the SSL session is found and successfully loaded for the current SSL connection,
+SSL session resumption will happen and thus bypass the [ssl_certificate_by_lua*](#ssl_certificate_by_lua_block)
+hook completely. In this case, NGINX also bypasses the [ssl_session_store_by_lua_block](#ssl_session_store_by_lua)
+hook, for obvious reasons.
+
+To easily test this hook locally with a modern web browser, you can temporarily put the following line
+in your https server block to disable the TLS session ticket support:
+
+    ssl_session_tickets off;
+
+But do not forget to comment this line out before publishing your site to the world.
+
+If you are using the [official pre-built packages](http://openresty.org/en/linux-packages.html) for [OpenResty](https://openresty.org/)
+1.11.2.1 or later, then everything should work out of the box.
+
+If you are using OpenSSL libraries not provided by [OpenResty](https://openresty.org),
+then you need to apply the following patch for OpenSSL 1.0.2h or later:
+
+
+
+If you are not using the NGINX core shipped with [OpenResty](https://openresty.org) 1.11.2.1 or later, then you need to
+apply the following patch to the standard NGINX core 1.11.2 or later:
+
+
+
+This directive was first introduced in the `v0.10.6` release.
+
+Note that: this directive is only allowed to used in **http context** from the `v0.10.7` release
+(because SSL session resumption happens before server name dispatch).
+
+[Back to TOC](#directives)
+
+ssl_session_fetch_by_lua_file
+-----------------------------
+
+**syntax:** *ssl_session_fetch_by_lua_file <path-to-lua-script-file>*
+
+**context:** *http*
+
+**phase:** *right-before-SSL-handshake*
+
+Equivalent to [ssl_session_fetch_by_lua_block](#ssl_session_fetch_by_lua_block), except that the file specified by `` contains the Lua code, or rather, the [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
+
+When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
+
+This directive was first introduced in the `v0.10.6` release.
+
+Note that: this directive is only allowed to used in **http context** from the `v0.10.7` release
+(because SSL session resumption happens before server name dispatch).
+
+[Back to TOC](#directives)
+
+ssl_session_store_by_lua_block
+------------------------------
+
+**syntax:** *ssl_session_store_by_lua_block { lua-script }*
+
+**context:** *http*
+
+**phase:** *right-after-SSL-handshake*
+
+This directive runs Lua code to fetch and save the SSL session (if any) according to the session ID
+provided by the current SSL handshake request for the downstream. The saved or cached SSL
+session data can be used for future SSL connections to resume SSL sessions without going
+through the full SSL handshake process (which is very expensive in terms of CPU time).
+
+Lua APIs that may yield, like [ngx.sleep](#ngxsleep) and [cosockets](#ngxsockettcp),
+are *disabled* in this context. You can still, however, use the [ngx.timer.at](#ngxtimerat) API
+to create 0-delay timers to save the SSL session data asynchronously to external services (like `redis` or `memcached`).
+
+The Lua API for obtaining the current session ID and the associated session state data
+is provided in the [ngx.ssl.session](https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl/session.md#readme)
+Lua module shipped with the [lua-resty-core](https://github.com/openresty/lua-resty-core#readme)
+library.
+
+To easily test this hook locally with a modern web browser, you can temporarily put the following line
+in your https server block to disable the TLS session ticket support:
+
+    ssl_session_tickets off;
+
+But do not forget to comment this line out before publishing your site to the world.
+
+This directive was first introduced in the `v0.10.6` release.
+
+Note that: this directive is only allowed to used in **http context** from the `v0.10.7` release
+(because SSL session resumption happens before server name dispatch).
+
+[Back to TOC](#directives)
+
+ssl_session_store_by_lua_file
+-----------------------------
+
+**syntax:** *ssl_session_store_by_lua_file <path-to-lua-script-file>*
+
+**context:** *http*
+
+**phase:** *right-after-SSL-handshake*
+
+Equivalent to [ssl_session_store_by_lua_block](#ssl_session_store_by_lua_block), except that the file specified by `` contains the Lua code, or rather, the [Lua/LuaJIT bytecode](#lualuajit-bytecode-support) to be executed.
+
+When a relative path like `foo/bar.lua` is given, they will be turned into the absolute path relative to the `server prefix` path determined by the `-p PATH` command-line option while starting the Nginx server.
+
+This directive was first introduced in the `v0.10.6` release.
+
+Note that: this directive is only allowed to used in **http context** from the `v0.10.7` release
+(because SSL session resumption happens before server name dispatch).
+
+[Back to TOC](#directives)
+
+lua_shared_dict
+---------------
+
+**syntax:** *lua_shared_dict <name> <size>*
+
+**default:** *no*
+
+**context:** *http*
+
+**phase:** *depends on usage*
+
+Declares a shared memory zone, ``, to serve as storage for the shm based Lua dictionary `ngx.shared.`.
+
+Shared memory zones are always shared by all the nginx worker processes in the current nginx server instance.
+
+The `` argument accepts size units such as `k` and `m`:
+
+```nginx
+
+ http {
+     lua_shared_dict dogs 10m;
+     ...
+ }
+```
+
+The hard-coded minimum size is 8KB while the practical minimum size depends
+on actual user data set (some people start with 12KB).
+
+See [ngx.shared.DICT](#ngxshareddict) for details.
+
+This directive was first introduced in the `v0.3.1rc22` release.
+
+[Back to TOC](#directives)
+
+lua_socket_connect_timeout
+--------------------------
+
+**syntax:** *lua_socket_connect_timeout <time>*
+
+**default:** *lua_socket_connect_timeout 60s*
+
+**context:** *http, server, location*
+
+This directive controls the default timeout value used in TCP/unix-domain socket object's [connect](#tcpsockconnect) method and can be overridden by the [settimeout](#tcpsocksettimeout) or [settimeouts](#tcpsocksettimeouts) methods.
+
+The `