diff options
| author | Luka Perkov <luka@openwrt.org> | 2015-10-10 18:20:10 +0200 |
|---|---|---|
| committer | Luka Perkov <luka@openwrt.org> | 2015-10-31 20:41:12 +0100 |
| commit | 2cab2bb7bbc0d978374739540317bb433d0f0050 (patch) | |
| tree | 3a42e30ce6c0ff5630e0068cc336bd9c5fe61281 /net/nginx | |
| parent | ce0602189783e69c9fd0afdf46f92fa1b64dddb5 (diff) | |
nginx: bump to 1.9.6
In this bump as agreed with Thomas we are dropping out all the nginx 3rd party
addons. In case you would like to see your 3rd party addon included please send
a pull request and make sure it works with newest version.
Signed-off-by: Luka Perkov <luka@openwrt.org>
Diffstat (limited to 'net/nginx')
| -rw-r--r-- | net/nginx/Config.in | 77 | ||||
| -rw-r--r-- | net/nginx/Makefile | 193 | ||||
| -rw-r--r-- | net/nginx/files/nginx.init | 27 | ||||
| -rw-r--r-- | net/nginx/files/nginx.proxyprotocol.example | 40 | ||||
| -rw-r--r-- | net/nginx/files/nginx.syslog.example | 59 | ||||
| -rw-r--r-- | net/nginx/patches-lua-nginx/300-ldl.patch | 21 | ||||
| -rw-r--r-- | net/nginx/patches-nginx-upstream-check/check_1.2.6+.patch | 209 | ||||
| -rw-r--r-- | net/nginx/patches/100-musl-no-sysctl.patch | 35 | ||||
| -rw-r--r-- | net/nginx/patches/101-feature_test_fix.patch | 20 | ||||
| -rw-r--r-- | net/nginx/patches/300-crosscompile_ccflags.patch | 33 | ||||
| -rw-r--r-- | net/nginx/patches/400-nginx-1.4.x_proxy_protocol_patch_v2.patch | 1183 | ||||
| -rw-r--r-- | net/nginx/patches/401-nginx-1.4.0-syslog.patch | 698 |
12 files changed, 72 insertions, 2523 deletions
diff --git a/net/nginx/Config.in b/net/nginx/Config.in index 0ad36065f..a4cc4c8c8 100644 --- a/net/nginx/Config.in +++ b/net/nginx/Config.in @@ -8,54 +8,33 @@ menu "Configuration" depends on PACKAGE_nginx -config NGINX_STUB_STATUS - bool - prompt "Enable stub status module" - help - Enable the stub status module which gives some status from the server. - -config NGINX_FLV - bool - prompt "Enable FLV module" - help - Provides the ability to seek within FLV (Flash) files using time-based offsets. - config NGINX_SSL bool prompt "Enable SSL module" help Enable HTTPS/SSL support. + default n config NGINX_DAV bool prompt "Enable WebDAV module" help Enable the HTTP and WebDAV methods PUT, DELETE, MKCOL, COPY and MOVE. + default n -config NGINX_LUA +config NGINX_FLV bool - prompt "Enable LUA module" + prompt "Enable FLV module" help - Enable support for LUA scripts. + Provides the ability to seek within FLV (Flash) files using time-based offsets. + default n -config NGINX_SPNEGO +config NGINX_STUB_STATUS bool - prompt "Enable SPNEGO module" + prompt "Enable stub status module" help - Enable support for Kerberos authentication via GSSAPI. - - See https://github.com/stnoonan/spnego-http-auth-nginx-module - for specific instructions. Make sure the keytab file is - readable by user "nobody". - -config NGINX_PCRE - bool - prompt "Enable PCRE library usage" - default y - -config NGINX_HTTP_CACHE - bool - prompt "Enable HTTP cache" + Enable the stub status module which gives some status from the server. + default n config NGINX_HTTP_CHARSET bool @@ -163,40 +142,34 @@ config NGINX_HTTP_BROWSER prompt "Enable HTTP browser module" default y +config NGINX_HTTP_UPSTREAM_HASH + bool + prompt "Enable HTTP hash module" + default y + config NGINX_HTTP_UPSTREAM_IP_HASH bool prompt "Enable HTTP IP hash module" default y -config NGINX_NAXSI +config NGINX_HTTP_UPSTREAM_LEAST_CONN bool - prompt "Enable NAXSI module" - select PACKAGE_nginx-naxsi + prompt "Enable HTTP least conn module" default y - help - Enable support for NAXSI WAF. -config NGINX_PROXYPROTOCOL +config NGINX_HTTP_UPSTREAM_KEEPALIVE bool - prompt "Enable HAProxy proxyprotocol" - select PACKAGE_nginx-proxyprotocol - select NGINX_SSL - default n - help - Enable support for PROXY PROTOCOL + prompt "Enable HTTP keepalive module" + default y -config NGINX_SYSLOG +config NGINX_HTTP_CACHE bool - prompt "Enable Syslog module" - select PACKAGE_nginx-syslog + prompt "Enable HTTP cache" default y - help - Provides the ability log to a remote destination -config NGINX_HTTP_UPSTREAM_CHECK +config NGINX_PCRE bool - select NGINX_SSL - prompt "Enable HTTP upstream check module" - default n + prompt "Enable PCRE library usage" + default y endmenu diff --git a/net/nginx/Makefile b/net/nginx/Makefile index bea9a5e1a..cc5971577 100644 --- a/net/nginx/Makefile +++ b/net/nginx/Makefile @@ -8,27 +8,25 @@ include $(TOPDIR)/rules.mk PKG_NAME:=nginx -PKG_VERSION:=1.4.7 -PKG_RELEASE:=4 +PKG_VERSION:=1.9.6 +PKG_RELEASE:=1 -PKG_SOURCE:=$(PKG_NAME)-$(PKG_VERSION).tar.gz +PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://nginx.org/download/ -PKG_MD5SUM:=aee151d298dcbfeb88b3f7dd3e7a4d17 +PKG_MD5SUM:=f6899825e7a8deadba4948ff84515ad6 PKG_MAINTAINER:=Thomas Heil <heil@terminal-consulting.de> PKG_LICENSE:=2-clause BSD-like license +PKG_BUILD_DIR:=$(BUILD_DIR)/nginx-$(PKG_VERSION) + PKG_BUILD_PARALLEL:=1 PKG_INSTALL:=1 PKG_CONFIG_DEPENDS := \ - CONFIG_NGINX_STUB_STATUS \ - CONFIG_NGINX_FLV \ CONFIG_NGINX_SSL \ CONFIG_NGINX_DAV \ - CONFIG_NGINX_LUA \ - CONFIG_NGINX_SPNEGO \ - CONFIG_NGINX_PCRE \ - CONFIG_NGINX_HTTP_CACHE \ + CONFIG_NGINX_FLV \ + CONFIG_NGINX_STUB_STATUS \ CONFIG_NGINX_HTTP_CHARSET \ CONFIG_NGINX_HTTP_GZIP \ CONFIG_NGINX_HTTP_SSI \ @@ -50,7 +48,13 @@ PKG_CONFIG_DEPENDS := \ CONFIG_NGINX_HTTP_LIMIT_REQ \ CONFIG_NGINX_HTTP_EMPTY_GIF \ CONFIG_NGINX_HTTP_BROWSER \ - CONFIG_NGINX_HTTP_UPSTREAM_IP_HASH + CONFIG_NGINX_HTTP_UPSTREAM_HASH \ + CONFIG_NGINX_HTTP_UPSTREAM_IP_HASH \ + CONFIG_NGINX_HTTP_UPSTREAM_LEAST_CONN \ + CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE \ + CONFIG_NGINX_HTTP_UPSTREAM_ZONE \ + CONFIG_NGINX_HTTP_CACHE \ + CONFIG_NGINX_PCRE include $(INCLUDE_DIR)/package.mk @@ -60,7 +64,7 @@ define Package/nginx SUBMENU:=Web Servers/Proxies TITLE:=Nginx web server URL:=http://nginx.org/ - DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +libpthread +NGINX_LUA:liblua +NGINX_SPNEGO:krb5-libs + DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +libpthread MENU:=1 endef @@ -80,9 +84,6 @@ define Package/nginx/conffiles endef ADDITIONAL_MODULES:= -ifeq ($(CONFIG_NGINX_NAXSI),y) - ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-naxsi/naxsi_src -endif ifeq ($(CONFIG_IPV6),y) ADDITIONAL_MODULES += --with-ipv6 endif @@ -98,13 +99,6 @@ endif ifeq ($(CONFIG_NGINX_DAV),y) ADDITIONAL_MODULES += --with-http_dav_module endif -ifeq ($(CONFIG_NGINX_LUA),y) - ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/lua-nginx -endif -ifeq ($(CONFIG_NGINX_SPNEGO),y) - ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/spnego-http-auth-nginx-module - TARGET_CFLAGS += -I $(STAGING_DIR)/usr/include/krb5 -endif ifneq ($(CONFIG_NGINX_HTTP_CACHE),y) ADDITIONAL_MODULES += --without-http-cache endif @@ -174,23 +168,21 @@ endif ifneq ($(CONFIG_NGINX_HTTP_BROWSER),y) ADDITIONAL_MODULES += --without-http_browser_module endif +ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_HASH),y) + ADDITIONAL_MODULES += --without-http_upstream_hash_module +endif ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_IP_HASH),y) ADDITIONAL_MODULES += --without-http_upstream_ip_hash_module endif -ifeq ($(CONFIG_NGINX_PROXYPROTOCOL),y) - ADDITIONAL_MODULES += --with-proxy-protocol -endif -ifeq ($(CONFIG_NGINX_SYSLOG),y) - ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-syslog +ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_LEAST_CONN),y) + ADDITIONAL_MODULES += --without-http_upstream_least_conn_module endif -ifeq ($(CONFIG_NGINX_HTTP_UPSTREAM_CHECK),y) - ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-upstream-check +ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE),y) + ADDITIONAL_MODULES += --without-http_upstream_keepalive_module endif define Build/Configure - # TODO: fix --crossbuild - (cd $(PKG_BUILD_DIR) ;\ - $(if $(CONFIG_NGINX_LUA),LUA_INC=$(STAGING_DIR)/usr/include LUA_LIB=$(STAGING_DIR)/usr/lib) \ + ( cd $(PKG_BUILD_DIR) ; \ ./configure \ --crossbuild=Linux::$(ARCH) \ --prefix=/usr \ @@ -205,7 +197,9 @@ define Build/Configure --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \ --with-cc="$(TARGET_CC)" \ --with-cc-opt="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \ - --with-ld-opt="$(TARGET_LDFLAGS)" ) + --with-ld-opt="$(TARGET_LDFLAGS)" \ + --without-http_upstream_zone_module \ + ) endef define Package/nginx/install @@ -217,137 +211,4 @@ define Package/nginx/install $(INSTALL_BIN) ./files/nginx.init $(1)/etc/init.d/nginx endef -define Build/Prepare - $(call Build/Prepare/Default) - $(if $(CONFIG_NGINX_LUA),$(call Prepare/lua-nginx)) - $(if $(CONFIG_NGINX_SPNEGO),$(call Prepare/spnego-http-auth-nginx-module)) - $(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi)) - $(if $(CONFIG_NGINX_SYSLOG),$(call Prepare/nginx-syslog)) - $(if $(CONFIG_NGINX_HTTP_UPSTREAM_CHECK),$(call Prepare/nginx-upstream-check)) -endef - -define Download/lua-nginx - VERSION:=d3ab0edd45bffe1b9a36abdf5bff544de436ccee - SUBDIR:=lua-nginx - FILE:=lua-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz - URL:=https://github.com/chaoslawful/lua-nginx-module.git - PROTO:=git -endef - -define Prepare/lua-nginx - $(eval $(call Download,lua-nginx)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) - $(call PatchDir,$(PKG_BUILD_DIR),./patches-lua-nginx) -endef - -define Download/nginx-upstream-check - VERSION:=d40b9f956d9d978005bb15616d2f283d4e3d2031 - SUBDIR:=nginx-upstream-check - FILE:=nginx-upstream-check-$(PKG_VERSION)-$$(VERSION).tar.gz - URL:=https://github.com/yaoweibin/nginx_upstream_check_module.git - PROTO:=git -endef - -define Prepare/nginx-upstream-check - $(eval $(call Download,nginx-upstream-check)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) - $(call PatchDir,$(PKG_BUILD_DIR),./patches-nginx-upstream-check) -endef - - -define Package/nginx-naxsi - MENU:=1 - $(call Package/nginx) - TITLE:=nginx-naxsi - DEPENDS:=nginx @NGINX_NAXSI -endef - -define Package/nginx-naxsi/description - NGINX WAF NAXSI -endef - -define Package/nginx-proxyprotocol - MENU:=1 - $(call Package/nginx) - TITLE:=nginx - DEPENDS:=nginx @NGINX_PROXYPROTOCOL -endef - -define Package/nginx-proxyprotocol/description - IMPLEMENT Proxy Protocol -endef - -define Package/nginx-syslog - MENU:=1 - $(call Package/nginx) - TITLE:=nginx-syslog - DEPENDS:=nginx @NGINX_SYSLOG -endef - -define Package/nginx-syslog/description - IMPLEMENT Syslog Protocol -endef - -define Download/nginx-naxsi - VERSION:=34dcb45fe4fdcb144c5258d83672f8e1e1c8db2e - SUBDIR:=nginx-naxsi - FILE:=nginx-naxsi-module-$(PKG_VERSION)-$$(VERSION).tar.gz - URL:=https://github.com/nbs-system/naxsi.git - PROTO:=git -endef - -define Prepare/nginx-naxsi - $(eval $(call Download,nginx-naxsi)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) -endef - -define Package/nginx-naxsi/install - $(INSTALL_DIR) $(1)/etc/nginx - $(INSTALL_BIN) $(PKG_BUILD_DIR)/nginx-naxsi/naxsi_config/naxsi_core.rules $(1)/etc/nginx - chmod 0640 $(1)/etc/nginx/naxsi_core.rules -endef - -define Download/nginx-syslog - VERSION:=7abf48e52552c40a21463e1a8c608e0e575261cd - SUBDIR:=nginx-syslog - FILE:=nginx-syslog-module-$(PKG_VERSION)-$$(VERSION).tar.gz - URL:=https://github.com/splitice/nginx_syslog_patch.git - PROTO:=git -endef - -define Prepare/nginx-syslog - $(eval $(call Download,nginx-syslog)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) -endef - -define Package/nginx-proxyprotocol/install - $(INSTALL_DIR) $(1)/etc/nginx - $(INSTALL_BIN) ./files/nginx.proxyprotocol.example $(1)/etc/nginx/nginx.conf.proxyprotocol - chmod 0640 $(1)/etc/nginx/nginx.conf.proxyprotocol -endef - -define Package/nginx-syslog/install - $(INSTALL_DIR) $(1)/etc/nginx - $(INSTALL_BIN) ./files/nginx.syslog.example $(1)/etc/nginx/nginx.conf.syslog - chmod 0640 $(1)/etc/nginx/nginx.conf.syslog -endef - - -define Download/spnego-http-auth-nginx-module - VERSION:=c85a38c595 - SUBDIR:=spnego-http-auth-nginx-module - FILE:=spnego-http-auth-nginx-module-$(PKG_VERSION)-$$(VERSION).tar.gz - URL:=https://github.com/stnoonan/spnego-http-auth-nginx-module - PROTO:=git -endef - -define Prepare/spnego-http-auth-nginx-module - $(eval $(call Download,spnego-http-auth-nginx-module)) - gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS) -endef - $(eval $(call BuildPackage,nginx)) -$(eval $(call BuildPackage,nginx-naxsi)) -$(eval $(call BuildPackage,nginx-proxyprotocol)) -$(eval $(call BuildPackage,nginx-syslog)) - diff --git a/net/nginx/files/nginx.init b/net/nginx/files/nginx.init index adf36b442..d47d46f89 100644 --- a/net/nginx/files/nginx.init +++ b/net/nginx/files/nginx.init @@ -1,24 +1,17 @@ #!/bin/sh /etc/rc.common -# Copyright (C) 2009-2012 OpenWrt.org +# Copyright (C) 2015 OpenWrt.org START=50 -NGINX_BIN=/usr/sbin/nginx -start() { - mkdir -p /var/log/nginx - mkdir -p /var/lib/nginx - $NGINX_BIN -} +USE_PROCD=1 -stop() { - $NGINX_BIN -s stop -} +start_service() { + [ -d /var/log/nginx ] || mkdir -p /var/log/nginx + [ -d /var/lib/nginx ] || mkdir -p /var/lib/nginx -reload() { - $NGINX_BIN -s reload + procd_open_instance + procd_set_param command /usr/sbin/nginx -c /etc/nginx/nginx.conf -g 'daemon off;' + procd_set_param file /etc/nginx/nginx.conf + procd_set_param respawn + procd_close_instance } - -shutdown() { - $NGINX_BIN -s quit -} - diff --git a/net/nginx/files/nginx.proxyprotocol.example b/net/nginx/files/nginx.proxyprotocol.example deleted file mode 100644 index ab4bad625..000000000 --- a/net/nginx/files/nginx.proxyprotocol.example +++ /dev/null @@ -1,40 +0,0 @@ -worker_processes 1; -pid /tmp/nginx.pid; -daemon off; -master_process off; -error_log stderr debug_core; - -events { - debug_connection <YOUR IPv4>; - debug_connection <YOUR IPV6>; - worker_connections 1024; -} - -http { - default_type application/octet-stream; - client_body_temp_path /tmp/body 1; - - access_log /tmp/nginx_access.log; - - server { -# listen 8082 ssl; -# proxy protocol configuration for nginx 1.4.x: - listen 8082 accept_proxy_protocol=on; -# same with spdy enabled: -# listen 8082 spdy ssl accept_proxy_protocol=on; - listen [::]:8082 ipv6only=on; - ssl_certificate /your/certificate; - ssl_certificate_key /your/key; - server_name localhost; -# proxy protocol configuration for nginx 1.2.x: -# accept_proxy_protocol on; - - location / { - proxy_pass http://127.0.0.1:8084; - proxy_set_header X-Real-IP $remote_addr; - proxy_connect_timeout 10s; - proxy_read_timeout 10s; - send_proxy_protocol on; - } - } -} diff --git a/net/nginx/files/nginx.syslog.example b/net/nginx/files/nginx.syslog.example deleted file mode 100644 index 05943448d..000000000 --- a/net/nginx/files/nginx.syslog.example +++ /dev/null @@ -1,59 +0,0 @@ -worker_processes 1; - -syslog local6 nginx; - -events { - worker_connections 1024; -} - -http { - include mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] $request ' - '"$status" $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - server { - listen 80; - server_name localhost; - - #send the log to syslog and file. - access_log syslog:notice|logs/host1.access.log main; - - # pre 1.5.x - error_log syslog:notice|logs/host1.error.log; - - location / { - root html; - index index.html index.htm; - } - } - - server { - listen 80; - server_name www.example.com; - - access_log syslog:warn|logs/host2.access.log main; - error_log syslog:warn|logs/host2.error.log; - - location / { - root html; - index index.html index.htm; - } - } - - server { - listen 80; - server_name www.test.com; - - #send the log just to syslog. - access_log syslog:error main; - error_log syslog:error; - - location / { - root html; - index index.html index.htm; - } - } -} diff --git a/net/nginx/patches-lua-nginx/300-ldl.patch b/net/nginx/patches-lua-nginx/300-ldl.patch deleted file mode 100644 index d826bcf26..000000000 --- a/net/nginx/patches-lua-nginx/300-ldl.patch +++ /dev/null @@ -1,21 +0,0 @@ ---- a/lua-nginx/config -+++ b/lua-nginx/config -@@ -1,5 +1,5 @@ - ngx_feature="Lua library" --ngx_feature_libs="-llua -lm" -+ngx_feature_libs="-llua -lm -ldl" - ngx_feature_name= - ngx_feature_run=no - ngx_feature_incs="#include <lauxlib.h>" -@@ -47,9 +47,9 @@ else - ngx_feature="Lua library in $LUA_LIB and $LUA_INC (specified by the LUA_LIB and LUA_INC env)" - ngx_feature_path="$LUA_INC" - if [ $NGX_RPATH = YES ]; then -- ngx_feature_libs="-R$LUA_LIB -L$LUA_LIB -llua -lm" -+ ngx_feature_libs="-R$LUA_LIB -L$LUA_LIB -llua -lm -ldl" - else -- ngx_feature_libs="-L$LUA_LIB -llua -lm" -+ ngx_feature_libs="-L$LUA_LIB -llua -lm -ldl" - fi - - . auto/feature diff --git a/net/nginx/patches-nginx-upstream-check/check_1.2.6+.patch b/net/nginx/patches-nginx-upstream-check/check_1.2.6+.patch deleted file mode 100644 index 3ab913472..000000000 --- a/net/nginx/patches-nginx-upstream-check/check_1.2.6+.patch +++ /dev/null @@ -1,209 +0,0 @@ -diff --git a/src/http/modules/ngx_http_upstream_ip_hash_module.c b/src/http/modules/ngx_http_upstream_ip_hash_module.c -index 89ccc2b..a552044 100644 ---- a/src/http/modules/ngx_http_upstream_ip_hash_module.c -+++ b/src/http/modules/ngx_http_upstream_ip_hash_module.c -@@ -9,6 +9,10 @@ - #include <ngx_core.h> - #include <ngx_http.h> - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+#include "ngx_http_upstream_check_handler.h" -+#endif -+ - - typedef struct { - /* the round robin data must be first */ -@@ -208,6 +212,12 @@ ngx_http_upstream_get_ip_hash_peer(ngx_peer_connection_t *pc, void *data) - - if (!peer->down) { - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "get ip_hash peer, check_index: %ui", -+ peer->check_index); -+ if (!ngx_http_check_peer_down(peer->check_index)) { -+#endif - if (peer->max_fails == 0 || peer->fails < peer->max_fails) { - break; - } -@@ -216,6 +226,9 @@ ngx_http_upstream_get_ip_hash_peer(ngx_peer_connection_t *pc, void *data) - peer->checked = now; - break; - } -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ } -+#endif - } - - iphp->rrp.tried[n] |= m; -diff --git a/src/http/modules/ngx_http_upstream_least_conn_module.c b/src/http/modules/ngx_http_upstream_least_conn_module.c -index 21156ae..c57393d 100644 ---- a/src/http/modules/ngx_http_upstream_least_conn_module.c -+++ b/src/http/modules/ngx_http_upstream_least_conn_module.c -@@ -9,6 +9,10 @@ - #include <ngx_core.h> - #include <ngx_http.h> - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+#include "ngx_http_upstream_check_handler.h" -+#endif -+ - - typedef struct { - ngx_uint_t *conns; -@@ -203,6 +207,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data) - continue; - } - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "get least_conn peer, check_index: %ui", -+ peer->check_index); -+ -+ if (ngx_http_check_peer_down(peer->check_index)) { -+ continue; -+ } -+#endif -+ - if (peer->max_fails - && peer->fails >= peer->max_fails - && now - peer->checked <= peer->fail_timeout) -@@ -256,6 +270,16 @@ ngx_http_upstream_get_least_conn_peer(ngx_peer_connection_t *pc, void *data) - continue; - } - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0, -+ "get least_conn peer, check_index: %ui", -+ peer->check_index); -+ -+ if (ngx_http_check_peer_down(peer->check_index)) { -+ continue; -+ } -+#endif -+ - if (lcp->conns[i] * best->weight != lcp->conns[p] * peer->weight) { - continue; - } -diff --git a/src/http/ngx_http_upstream_round_robin.c b/src/http/ngx_http_upstream_round_robin.c -index 4b78cff..f077b46 100644 ---- a/src/http/ngx_http_upstream_round_robin.c -+++ b/src/http/ngx_http_upstream_round_robin.c -@@ -9,6 +9,9 @@ - #include <ngx_core.h> - #include <ngx_http.h> - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+#include "ngx_http_upstream_check_handler.h" -+#endif - - static ngx_int_t ngx_http_upstream_cmp_servers(const void *one, - const void *two); -@@ -87,7 +90,17 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf, - peers->peer[n].weight = server[i].weight; - peers->peer[n].effective_weight = server[i].weight; - peers->peer[n].current_weight = 0; -- n++; -+ -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ if (!server[i].down) { -+ peers->peer[n].check_index = -+ ngx_http_check_add_peer(cf, us, &server[i].addrs[j]); -+ } -+ else { -+ peers->peer[n].check_index = (ngx_uint_t) NGX_ERROR; -+ } -+#endif -+ n++; - } - } - -@@ -145,6 +158,17 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf, - backup->peer[n].max_fails = server[i].max_fails; - backup->peer[n].fail_timeout = server[i].fail_timeout; - backup->peer[n].down = server[i].down; -+ -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ if (!server[i].down) { -+ backup->peer[n].check_index = -+ ngx_http_check_add_peer(cf, us, &server[i].addrs[j]); -+ } -+ else { -+ backup->peer[n].check_index = (ngx_uint_t) NGX_ERROR; -+ } -+#endif -+ - n++; - } - } -@@ -206,6 +230,9 @@ ngx_http_upstream_init_round_robin(ngx_conf_t *cf, - peers->peer[i].current_weight = 0; - peers->peer[i].max_fails = 1; - peers->peer[i].fail_timeout = 10; -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR; -+#endif - } - - us->peer.data = peers; -@@ -323,6 +350,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t *r, - peers->peer[0].current_weight = 0; - peers->peer[0].max_fails = 1; - peers->peer[0].fail_timeout = 10; -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ peers->peer[0].check_index = (ngx_uint_t) NGX_ERROR; -+#endif - - } else { - -@@ -356,6 +386,9 @@ ngx_http_upstream_create_round_robin_peer(ngx_http_request_t *r, - peers->peer[i].current_weight = 0; - peers->peer[i].max_fails = 1; - peers->peer[i].fail_timeout = 10; -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ peers->peer[i].check_index = (ngx_uint_t) NGX_ERROR; -+#endif - } - } - -@@ -434,6 +467,12 @@ ngx_http_upstream_get_round_robin_peer(ngx_peer_connection_t *pc, void *data) - goto failed; - } - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ if (ngx_http_check_peer_down(peer->check_index)) { -+ goto failed; -+ } -+#endif -+ - } else { - - /* there are several peers */ -@@ -531,6 +570,12 @@ ngx_http_upstream_get_peer(ngx_http_upstream_rr_peer_data_t *rrp) - continue; - } - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ if (ngx_http_check_peer_down(peer->check_index)) { -+ continue; -+ } -+#endif -+ - if (peer->max_fails - && peer->fails >= peer->max_fails - && now - peer->checked <= peer->fail_timeout) -diff --git a/src/http/ngx_http_upstream_round_robin.h b/src/http/ngx_http_upstream_round_robin.h -index 3f8cbf8..1613168 100644 ---- a/src/http/ngx_http_upstream_round_robin.h -+++ b/src/http/ngx_http_upstream_round_robin.h -@@ -30,6 +30,10 @@ typedef struct { - ngx_uint_t max_fails; - time_t fail_timeout; - -+#if (NGX_UPSTREAM_CHECK_MODULE) -+ ngx_uint_t check_index; -+#endif -+ - ngx_uint_t down; /* unsigned down:1; */ - - #if (NGX_HTTP_SSL) diff --git a/net/nginx/patches/100-musl-no-sysctl.patch b/net/nginx/patches/100-musl-no-sysctl.patch deleted file mode 100644 index 4e35bf6ba..000000000 --- a/net/nginx/patches/100-musl-no-sysctl.patch +++ /dev/null @@ -1,35 +0,0 @@ -Index: nginx-1.4.7/src/os/unix/ngx_linux_config.h -=================================================================== ---- nginx-1.4.7.orig/src/os/unix/ngx_linux_config.h -+++ nginx-1.4.7/src/os/unix/ngx_linux_config.h -@@ -51,7 +51,6 @@ - #include <malloc.h> /* memalign() */ - #include <limits.h> /* IOV_MAX */ - #include <sys/ioctl.h> --#include <sys/sysctl.h> - #include <crypt.h> - #include <sys/utsname.h> /* uname() */ - ---- nginx-1.2.7/src/os/unix/ngx_user.c -+++ nginx-1.2.7-patched/src/os/unix/ngx_user.c -@@ -31,8 +31,6 @@ - struct crypt_data cd; - - cd.initialized = 0; -- /* work around the glibc bug */ -- cd.current_salt[0] = ~salt[0]; - - value = crypt_r((char *) key, (char *) salt, &cd); - -diff --git a/auto/lib/openssl/conf b/auto/lib/openssl/conf -index 528ee17..73ef359 100644 ---- a/auto/lib/openssl/conf -+++ b/auto/lib/openssl/conf -@@ -47,7 +47,7 @@ else - ngx_feature_run=no - ngx_feature_incs="#include <openssl/ssl.h>" - ngx_feature_path= -- ngx_feature_libs="-lssl -lcrypto" -+ ngx_feature_libs="-lssl -lcrypto -lz" - ngx_feature_test="SSL_library_init()" - . auto/feature diff --git a/net/nginx/patches/101-feature_test_fix.patch b/net/nginx/patches/101-feature_test_fix.patch index 8e15fe96e..a345c0e3c 100644 --- a/net/nginx/patches/101-feature_test_fix.patch +++ b/net/nginx/patches/101-feature_test_fix.patch @@ -11,7 +11,7 @@ ngx_feature_libs= --- a/auto/cc/conf +++ b/auto/cc/conf -@@ -155,7 +155,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then +@@ -178,7 +178,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then else ngx_feature="C99 variadic macros" ngx_feature_name="NGX_HAVE_C99_VARIADIC_MACROS" @@ -20,7 +20,7 @@ ngx_feature_incs="#include <stdio.h> #define var(dummy, ...) sprintf(__VA_ARGS__)" ngx_feature_path= -@@ -169,7 +169,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then +@@ -192,7 +192,7 @@ if [ "$NGX_PLATFORM" != win32 ]; then ngx_feature="gcc variadic macros" ngx_feature_name="NGX_HAVE_GCC_VARIADIC_MACROS" @@ -31,7 +31,7 @@ ngx_feature_path= --- a/auto/os/linux +++ b/auto/os/linux -@@ -48,7 +48,7 @@ fi +@@ -36,7 +36,7 @@ fi ngx_feature="epoll" ngx_feature_name="NGX_HAVE_EPOLL" @@ -40,7 +40,7 @@ ngx_feature_incs="#include <sys/epoll.h>" ngx_feature_path= ngx_feature_libs= -@@ -73,7 +73,7 @@ fi +@@ -93,7 +93,7 @@ ngx_feature_test="int fd; struct stat sb CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE" ngx_feature="sendfile()" ngx_feature_name="NGX_HAVE_SENDFILE" @@ -49,7 +49,7 @@ ngx_feature_incs="#include <sys/sendfile.h> #include <errno.h>" ngx_feature_path= -@@ -94,7 +94,7 @@ fi +@@ -114,7 +114,7 @@ fi CC_AUX_FLAGS="$cc_aux_flags -D_GNU_SOURCE -D_FILE_OFFSET_BITS=64" ngx_feature="sendfile64()" ngx_feature_name="NGX_HAVE_SENDFILE64" @@ -58,7 +58,7 @@ ngx_feature_incs="#include <sys/sendfile.h> #include <errno.h>" ngx_feature_path= -@@ -112,7 +112,7 @@ ngx_include="sys/prctl.h"; . auto/includ +@@ -132,7 +132,7 @@ ngx_include="sys/prctl.h"; . auto/includ ngx_feature="prctl(PR_SET_DUMPABLE)" ngx_feature_name="NGX_HAVE_PR_SET_DUMPABLE" @@ -69,7 +69,7 @@ ngx_feature_libs= --- a/auto/unix +++ b/auto/unix -@@ -618,7 +618,7 @@ ngx_feature_test="void *p; p = memalign( +@@ -678,7 +678,7 @@ ngx_feature_test="void *p; p = memalign( ngx_feature="mmap(MAP_ANON|MAP_SHARED)" ngx_feature_name="NGX_HAVE_MAP_ANON" @@ -78,7 +78,7 @@ ngx_feature_incs="#include <sys/mman.h>" ngx_feature_path= ngx_feature_libs= -@@ -631,7 +631,7 @@ ngx_feature_test="void *p; +@@ -691,7 +691,7 @@ ngx_feature_test="void *p; ngx_feature='mmap("/dev/zero", MAP_SHARED)' ngx_feature_name="NGX_HAVE_MAP_DEVZERO" @@ -87,7 +87,7 @@ ngx_feature_incs="#include <sys/mman.h> #include <sys/stat.h> #include <fcntl.h>" -@@ -646,7 +646,7 @@ ngx_feature_test='void *p; int fd; +@@ -706,7 +706,7 @@ ngx_feature_test='void *p; int fd; ngx_feature="System V shared memory" ngx_feature_name="NGX_HAVE_SYSVSHM" @@ -96,7 +96,7 @@ ngx_feature_incs="#include <sys/ipc.h> #include <sys/shm.h>" ngx_feature_path= -@@ -660,7 +660,7 @@ ngx_feature_test="int id; +@@ -720,7 +720,7 @@ ngx_feature_test="int id; ngx_feature="POSIX semaphores" ngx_feature_name="NGX_HAVE_POSIX_SEM" diff --git a/net/nginx/patches/300-crosscompile_ccflags.patch b/net/nginx/patches/300-crosscompile_ccflags.patch deleted file mode 100644 index 4a06a7696..000000000 --- a/net/nginx/patches/300-crosscompile_ccflags.patch +++ /dev/null @@ -1,33 +0,0 @@ ---- a/auto/endianness -+++ b/auto/endianness -@@ -21,7 +21,7 @@ int main() { - - END - --ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS \ -+ngx_test="$CC $NGX_CC_OPT $CC_TEST_FLAGS $CC_AUX_FLAGS \ - -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_LD_OPT $ngx_feature_libs" - - eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" ---- a/auto/feature -+++ b/auto/feature -@@ -39,7 +39,7 @@ int main() { - END - - --ngx_test="$CC $CC_TEST_FLAGS $CC_AUX_FLAGS $ngx_feature_inc_path \ -+ngx_test="$CC $NGX_CC_OPT $CC_TEST_FLAGS $CC_AUX_FLAGS $ngx_feature_inc_path \ - -o $NGX_AUTOTEST $NGX_AUTOTEST.c $NGX_TEST_LD_OPT $ngx_feature_libs" - - ngx_feature_inc_path= ---- a/auto/include -+++ b/auto/include -@@ -27,7 +27,7 @@ int main() { - END - - --ngx_test="$CC -o $NGX_AUTOTEST $NGX_AUTOTEST.c" -+ngx_test="$CC $NGX_CC_OPT -o $NGX_AUTOTEST $NGX_AUTOTEST.c" - - eval "$ngx_test >> $NGX_AUTOCONF_ERR 2>&1" - diff --git a/net/nginx/patches/400-nginx-1.4.x_proxy_protocol_patch_v2.patch b/net/nginx/patches/400-nginx-1.4.x_proxy_protocol_patch_v2.patch deleted file mode 100644 index ba63834e8..000000000 --- a/net/nginx/patches/400-nginx-1.4.x_proxy_protocol_patch_v2.patch +++ /dev/null @@ -1,1183 +0,0 @@ -Index: nginx-1.4.7/auto/modules -=================================================================== ---- nginx-1.4.7.orig/auto/modules -+++ nginx-1.4.7/auto/modules -@@ -297,6 +297,10 @@ if [ $HTTP_SSL = YES ]; then - HTTP_SRCS="$HTTP_SRCS $HTTP_SSL_SRCS" - fi - -+if [ $PROXY_PROTOCOL = YES ]; then -+ have=NGX_PROXY_PROTOCOL . auto/have -+fi -+ - if [ $HTTP_PROXY = YES ]; then - have=NGX_HTTP_X_FORWARDED_FOR . auto/have - #USE_MD5=YES -Index: nginx-1.4.7/auto/options -=================================================================== ---- nginx-1.4.7.orig/auto/options -+++ nginx-1.4.7/auto/options -@@ -47,6 +47,8 @@ USE_THREADS=NO - NGX_FILE_AIO=NO - NGX_IPV6=NO - -+PROXY_PROTOCOL=NO -+ - HTTP=YES - - NGX_HTTP_LOG_PATH= -@@ -192,6 +194,8 @@ do - --with-file-aio) NGX_FILE_AIO=YES ;; - --with-ipv6) NGX_IPV6=YES ;; - -+ --with-proxy-protocol) PROXY_PROTOCOL=YES ;; -+ - --without-http) HTTP=NO ;; - --without-http-cache) HTTP_CACHE=NO ;; - -@@ -350,6 +354,8 @@ cat << END - --with-file-aio enable file AIO support - --with-ipv6 enable IPv6 support - -+ --with-proxy-protocol enable proxy protocol support -+ - --with-http_ssl_module enable ngx_http_ssl_module - --with-http_spdy_module enable ngx_http_spdy_module - --with-http_realip_module enable ngx_http_realip_module -Index: nginx-1.4.7/auto/sources -=================================================================== ---- nginx-1.4.7.orig/auto/sources -+++ nginx-1.4.7/auto/sources -@@ -36,7 +36,8 @@ CORE_DEPS="src/core/nginx.h \ - src/core/ngx_conf_file.h \ - src/core/ngx_resolver.h \ - src/core/ngx_open_file_cache.h \ -- src/core/ngx_crypt.h" -+ src/core/ngx_crypt.h \ -+ src/core/ngx_proxy_protocol.h" - - - CORE_SRCS="src/core/nginx.c \ -@@ -67,7 +68,8 @@ CORE_SRCS="src/core/nginx.c \ - src/core/ngx_conf_file.c \ - src/core/ngx_resolver.c \ - src/core/ngx_open_file_cache.c \ -- src/core/ngx_crypt.c" -+ src/core/ngx_crypt.c \ -+ src/core/ngx_proxy_protocol.c" - - - REGEX_MODULE=ngx_regex_module -Index: nginx-1.4.7/src/core/ngx_connection.h -=================================================================== ---- nginx-1.4.7.orig/src/core/ngx_connection.h -+++ nginx-1.4.7/src/core/ngx_connection.h -@@ -63,6 +63,10 @@ struct ngx_listening_s { - unsigned shared:1; /* shared between threads or processes */ - unsigned addr_ntop:1; - -+#if (NGX_PROXY_PROTOCOL) -+ unsigned accept_proxy_protocol:2; /* proxy_protocol flag */ -+#endif -+ - #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY) - unsigned ipv6only:1; - #endif -@@ -148,6 +152,10 @@ struct ngx_connection_s { - - ngx_uint_t requests; - -+#if (NGX_PROXY_PROTOCOL) -+ ngx_uint_t proxy_protocol; -+#endif -+ - unsigned buffered:8; - - unsigned log_error:3; /* ngx_connection_log_error_e */ -Index: nginx-1.4.7/src/core/ngx_core.h -=================================================================== ---- nginx-1.4.7.orig/src/core/ngx_core.h -+++ nginx-1.4.7/src/core/ngx_core.h -@@ -77,6 +77,9 @@ typedef void (*ngx_connection_handler_pt - #include <ngx_open_file_cache.h> - #include <ngx_os.h> - #include <ngx_connection.h> -+#if (NGX_PROXY_PROTOCOL) -+#include <ngx_proxy_protocol.h> -+#endif - - - #define LF (u_char) 10 -Index: nginx-1.4.7/src/core/ngx_proxy_protocol.c -=================================================================== ---- /dev/null -+++ nginx-1.4.7/src/core/ngx_proxy_protocol.c -@@ -0,0 +1,430 @@ -+ -+/* -+ * Copyright (C) Baptiste Assmann -+ * Copyright (C) Exceliance -+ */ -+ -+ -+#include <ngx_config.h> -+#include <ngx_core.h> -+#include <ngx_event.h> -+ -+#if (NGX_PROXY_PROTOCOL) -+ -+int -+ngx_recv_proxy_protocol(ngx_connection_t *c, u_char *buf, ssize_t n) -+{ -+ u_char *end, *p, *t; -+ size_t len; -+ ssize_t s; -+ int step = 0; -+ ngx_proxy_protocol_t pp; -+ -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "processing proxy protocol"); -+ -+ /* 16 is the minimal length of the proxy protocol string */ -+ if (n < 18) { -+ step = 1; -+ goto fail; -+ } -+ -+ s = n; -+ end = memchr(buf, '\n', n); -+ if (end == NULL) { -+ step = 2; -+ goto fail; -+ } -+ -+ p = buf; -+ if (memcmp(p, "PROXY ", 6) != 0) { -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, -+ "incorrect proxy protocol header string"); -+ step = 3; -+ goto fail; -+ } -+ p += 6; -+ s -= 6; -+ if (s <= 0) { -+ step = 4; -+ goto fail; -+ } -+ -+ ngx_memzero(&pp, sizeof(ngx_proxy_protocol_t)); -+ -+ if (memcmp(p, "TCP4 ", 5) == 0) { -+ struct sockaddr_in *sin_src; -+ struct sockaddr_in *sin_dst; -+ -+ pp.pp_proto = NGX_PP_PROTO_TCP4; -+ pp.pp_src3.ss_family = AF_INET; -+ pp.pp_dst3.ss_family = AF_INET; -+ sin_src = (struct sockaddr_in *) &pp.pp_src3; -+ sin_dst = (struct sockaddr_in *) &pp.pp_dst3; -+ -+ p += 5; -+ s -= 5; -+ if (s <= 0) { -+ step = 5; -+ goto fail; -+ } -+ -+ /* l3 source address */ -+ if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) { -+ step = 6; -+ goto fail; -+ } -+ len = t - p; -+ if ((sin_src->sin_addr.s_addr = ngx_inet_addr(p, len)) == INADDR_NONE) { -+ step = 7; -+ goto fail; -+ } -+ pp.pp_src3_text.data = ngx_pcalloc(c->pool, len + 1); -+ ngx_memcpy(pp.pp_src3_text.data, p, len); -+ pp.pp_src3_text.len = len; -+ -+ p += (len + 1); -+ s -= (len + 1); -+ if (s <= 0) { -+ step = 8; -+ goto fail; -+ } -+ -+ /* l3 destination address */ -+ if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) { -+ step = 9; -+ goto fail; -+ } -+ len = t - p; -+ if ((sin_dst->sin_addr.s_addr = ngx_inet_addr(p, len)) == INADDR_NONE) { -+ step = 10; -+ goto fail; -+ } -+// FIXME pointer shift ??? -+ pp.pp_dst3_text.data = ngx_pcalloc(c->pool, len + 1); -+ ngx_memcpy(pp.pp_dst3_text.data, p, len); -+ pp.pp_dst3_text.len = len; -+ -+ p += (len + 1); -+ s -= (len + 1); -+ if (s <= 0) { -+ step = 11; -+ goto fail; -+ } -+ -+ /* l4 source port */ -+ if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) { -+ step = 12; -+ goto fail; -+ } -+ len = t - p; -+ pp.pp_src4 = ngx_atoi(p, len); -+ if ((pp.pp_src4 < 1024) -+ || (pp.pp_src4 > 65535)) { -+ step = 13; -+ goto fail; -+ } -+ sin_src->sin_port = htons(pp.pp_src4); -+ -+ p += (len + 1); -+ s -= (len + 1); -+ if (s <= 0) { -+ step = 14; -+ goto fail; -+ } -+ -+ /* l4 destination port */ -+ if ( (t = (u_char *)memchr(p, '\r', s)) == NULL ) { -+ step = 15; -+ goto fail; -+ } -+ len = t - p; -+ pp.pp_dst4 = ngx_atoi(p, len); -+ if (pp.pp_dst4 > 65535) { -+ step = 16; -+ goto fail; -+ } -+ sin_dst->sin_port = htons(pp.pp_dst4); -+ -+ if (p[len + 1] != '\n') { -+ step = 17; -+ goto fail; -+ } -+ -+ p += (len + 2); -+ s -= (len + 2); -+ -+ -+ /* if we managed to get there, then we can safely replace the -+ * information in the connection structure -+ */ -+ -+ /* updating connection with source information provided by proxy protocol */ -+ if (pp.pp_src3_text.len > c->addr_text.len) { -+ ngx_pfree(c->pool, c->addr_text.data); -+ c->addr_text.data = ngx_pcalloc(c->pool, pp.pp_src3_text.len); -+ } else { -+ ngx_memzero(c->addr_text.data, c->addr_text.len); -+ } -+ ngx_memcpy(c->addr_text.data, pp.pp_src3_text.data, pp.pp_src3_text.len); -+ c->addr_text.len = pp.pp_src3_text.len; -+ -+ ngx_pfree(c->pool, c->sockaddr); -+ c->socklen = NGX_SOCKADDRLEN; -+ c->sockaddr = ngx_pcalloc(c->pool, c->socklen); -+ ngx_memcpy(c->sockaddr, sin_src, c->socklen); -+ -+ if (c->sockaddr->sa_family != AF_INET) { -+ ngx_pfree(c->pool, c->sockaddr); -+ c->socklen = NGX_SOCKADDRLEN; -+ c->sockaddr = ngx_pcalloc(c->pool, c->socklen); -+ } else { -+ ngx_memzero(c->sockaddr, sizeof(struct sockaddr_in)); -+ c->socklen = NGX_SOCKADDRLEN; -+ } -+ ngx_memcpy(c->sockaddr, sin_src, c->socklen); -+ -+ /* updating connection with destination information provided by proxy protocol */ -+ ngx_pfree(c->pool, c->local_sockaddr); -+ c->local_sockaddr = ngx_pcalloc(c->pool, NGX_SOCKADDRLEN); -+ ngx_memcpy(c->local_sockaddr, sin_dst, NGX_SOCKADDRLEN); -+ -+ } -+ -+#if (NGX_HAVE_INET6) -+ -+ else if (memcmp(p, "TCP6 ", 5) == 0) { -+ -+ struct sockaddr_in6 *sin6_src; -+ struct sockaddr_in6 *sin6_dst; -+ -+ pp.pp_proto = NGX_PP_PROTO_TCP6; -+ pp.pp_src3.ss_family = AF_INET6; -+ pp.pp_dst3.ss_family = AF_INET6; -+ sin6_src = (struct sockaddr_in6 *) &pp.pp_src3; -+ sin6_dst = (struct sockaddr_in6 *) &pp.pp_dst3; -+ -+ p += 5; -+ s -= 5; -+ if (s <= 0) { -+ step = 18; -+ goto fail; -+ } -+ -+ /* l3 source address */ -+ if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) { -+ step = 19; -+ goto fail; -+ } -+ len = t - p; -+ if (ngx_inet6_addr(p, len, sin6_src->sin6_addr.s6_addr) != NGX_OK) { -+ step = 20; -+ goto fail; -+ } -+ pp.pp_src3_text.data = ngx_pcalloc(c->pool, len + 1); -+ ngx_memcpy(pp.pp_src3_text.data, p, len); -+ pp.pp_src3_text.len = len; -+ -+ p += (len + 1); -+ s -= (len + 1); -+ if (s <= 0) { -+ step = 21; -+ goto fail; -+ } -+ -+ /* l3 destination address */ -+ if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) { -+ step = 22; -+ goto fail; -+ } -+ len = t - p; -+ if (ngx_inet6_addr(p, len, sin6_dst->sin6_addr.s6_addr) != NGX_OK) { -+ step = 23; -+ goto fail; -+ } -+ pp.pp_dst3_text.data = ngx_pcalloc(c->pool, len + 1); -+ ngx_memcpy(pp.pp_dst3_text.data, p, len); -+ pp.pp_dst3_text.len = len; -+ -+ p += (len + 1); -+ s -= (len + 1); -+ if (s <= 0) { -+ step = 24; -+ goto fail; -+ } -+ -+ /* l4 source port */ -+ if ( (t = (u_char *)memchr(p, ' ', s)) == NULL ) { -+ step = 25; -+ goto fail; -+ } -+ len = t - p; -+ pp.pp_src4 = ngx_atoi(p, len); -+ if ((pp.pp_src4 < 1024) -+ || (pp.pp_src4 > 65535)) { -+ step = 26; -+ goto fail; -+ } -+ sin6_src->sin6_port = htons(pp.pp_src4); -+ -+ p += (len + 1); -+ s -= (len + 1); -+ if (s <= 0) { -+ step = 27; -+ goto fail; -+ } -+ -+ /* l4 destination port */ -+ if ( (t = (u_char *)memchr(p, '\r', s)) == NULL ) { -+ step = 28; -+ goto fail; -+ } -+ len = t - p; -+ pp.pp_dst4 = ngx_atoi(p, len); -+ if (pp.pp_dst4 > 65535) { -+ step = 29; -+ goto fail; -+ } -+ sin6_dst->sin6_port = htons(pp.pp_dst4); -+ -+ if (p[len + 1] != '\n') { -+ step = 30; -+ goto fail; -+ } -+ -+ p += (len + 2); -+ s -= (len + 2); -+ -+ /* if we managed to get there, then we can safely replace the -+ * information in the connection structure -+ */ -+ -+ /* updating connection with source provided by proxy protocol */ -+ if (pp.pp_src3_text.len > c->addr_text.len) { -+ ngx_pfree(c->pool, c->addr_text.data); -+ c->addr_text.data = ngx_pcalloc(c->pool, pp.pp_src3_text.len); -+ } else { -+ ngx_memzero(c->addr_text.data, c->addr_text.len); -+ } -+ ngx_memcpy(c->addr_text.data, pp.pp_src3_text.data, pp.pp_src3_text.len); -+ c->addr_text.len = pp.pp_src3_text.len; -+ -+ ngx_pfree(c->pool, c->sockaddr); -+ c->socklen = NGX_SOCKADDRLEN; -+ c->sockaddr = ngx_pcalloc(c->pool, c->socklen); -+ ngx_memcpy(c->sockaddr, sin6_src, c->socklen); -+ -+ /* updating connection with destination provided by proxy protocol */ -+ if (c->sockaddr->sa_family != AF_INET6) { -+ ngx_pfree(c->pool, c->local_sockaddr); -+ c->local_sockaddr = ngx_pcalloc(c->pool, NGX_SOCKADDRLEN); -+ } else { -+ ngx_memzero(c->sockaddr, sizeof(struct sockaddr_in6)); -+ c->socklen = NGX_SOCKADDRLEN; -+ } -+// ngx_memcpy(c->local_sockaddr, sin6_dst, NGX_SOCKADDRLEN); -+//FIXME must be finished here -+ -+ } -+ -+#endif -+ -+ else { -+ step = 31; -+ goto fail; -+ } -+ -+ ngx_print_proxy_protocol(&pp, c->log); -+ -+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, -+ "proxy_protocol, asking to remove %z chars", -+ end + 1 - buf); -+ -+ return (end + 1 - buf); -+ -+fail: -+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, c->log, 0, -+ "proxy_protocol error at step: %d", step); -+ -+ return 0; -+ -+} -+ -+ -+void -+ngx_print_proxy_protocol(ngx_proxy_protocol_t *p, ngx_log_t *log) -+{ -+ switch (p->pp_proto) { -+ case NGX_PP_PROTO_TCP4: -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, proto: TCP4"); -+ break; -+ case NGX_PP_PROTO_TCP6: -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, proto: TCP6"); -+ break; -+ } -+ -+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, string length: %d", ngx_proxy_protocol_string_length(p)); -+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, src3: %s, %d", p->pp_src3_text.data, p->pp_src3_text.len); -+ ngx_log_debug2(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, dst3: %s, %d", p->pp_dst3_text.data, p->pp_dst3_text.len); -+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, src4: %d", p->pp_src4); -+ ngx_log_debug1(NGX_LOG_DEBUG_EVENT, log, 0, -+ "proxy_protocol, dst4: %d", p->pp_dst4); -+} -+ -+ -+int -+ngx_proxy_protocol_string_length(ngx_proxy_protocol_t *p) -+{ -+ int len = 0; -+ -+ /* 'PROXY ' */ -+ len += (sizeof("PROXY ") - 1); -+ -+ /* protocol version (TCP4 or TCP6) + space */ -+ len += (sizeof("TCP0 ") - 1); -+ -+ /* src3 + space */ -+ len += p->pp_src3_text.len; -+ len += 1; -+ -+ /* dst3 + space */ -+ len += p->pp_dst3_text.len; -+ len += 1; -+ -+ /* src4 */ -+ if (p->pp_src4 < 10000) -+ /* 4 digits + 1 space */ -+ len += (sizeof("0000 ") - 1); -+ else -+ /* 5 digits + 1 space */ -+ len += (sizeof("00000 ") - 1); -+ -+ /* dst4 */ -+ if (p->pp_dst4 >= 10000) -+ /* 5 digits */ -+ len += (sizeof("00000 ") - 1); -+ else if (p->pp_dst4 >= 1000) -+ /* 4 digits */ -+ len += (sizeof("0000 ") - 1); -+ else if (p->pp_dst4 >= 100) -+ /* 3 digits */ -+ len += (sizeof("000 ") - 1); -+ else if (p->pp_dst4 >= 10) -+ /* 2 digits */ -+ len += (sizeof("00 ") - 1); -+ else -+ /* 1 digit */ -+ len += (sizeof("0 ") - 1); -+ -+ /* CRLF */ -+ len += (sizeof(CRLF) - 1); -+ -+ return len - 1; -+} -+ -+#endif -Index: nginx-1.4.7/src/core/ngx_proxy_protocol.h -=================================================================== ---- /dev/null -+++ nginx-1.4.7/src/core/ngx_proxy_protocol.h -@@ -0,0 +1,45 @@ -+ -+/* -+ * Copyright (C) Baptiste Assmann -+ * Copyright (C) Exceliance -+ */ -+ -+ -+#ifndef _NGX_PROXY_PROTOCOL_H_INCLUDED_ -+#define _NGX_PROXY_PROTOCOL_H_INCLUDED_ -+ -+ -+#include <ngx_config.h> -+#include <ngx_core.h> -+ -+ -+#if (NGX_PROXY_PROTOCOL) -+ -+typedef struct ngx_proxy_protocol_s ngx_proxy_protocol_t; -+ -+typedef enum { -+ NGX_PP_PROTO_TCP4 = 1, -+ NGX_PP_PROTO_TCP6 -+} ngx_pp_proto; -+ -+ -+struct ngx_proxy_protocol_s { -+ unsigned int pp_proto; /* proxy protocol related information */ -+ struct sockaddr_storage pp_src3; -+ ngx_str_t pp_src3_text; -+ struct sockaddr_storage pp_dst3; -+ ngx_str_t pp_dst3_text; -+ unsigned int pp_src4; -+ unsigned int pp_dst4; -+}; -+ -+ -+int ngx_recv_proxy_protocol(ngx_connection_t *, u_char *, ssize_t); -+void ngx_print_proxy_protocol(ngx_proxy_protocol_t *, ngx_log_t *); -+int ngx_proxy_protocol_string_length(ngx_proxy_protocol_t *); -+ -+ -+#endif -+ -+#endif /* _NGX_CONNECTION_H_INCLUDED_ */ -+ -Index: nginx-1.4.7/src/http/modules/ngx_http_proxy_module.c -=================================================================== ---- nginx-1.4.7.orig/src/http/modules/ngx_http_proxy_module.c -+++ nginx-1.4.7/src/http/modules/ngx_http_proxy_module.c -@@ -8,7 +8,9 @@ - #include <ngx_config.h> - #include <ngx_core.h> - #include <ngx_http.h> -- -+#if (NGX_PROXY_PROTOCOL) -+#include <ngx_proxy_protocol.h> -+#endif - - typedef struct ngx_http_proxy_rewrite_s ngx_http_proxy_rewrite_t; - -@@ -365,6 +367,17 @@ static ngx_command_t ngx_http_proxy_com - offsetof(ngx_http_proxy_loc_conf_t, upstream.busy_buffers_size_conf), - NULL }, - -+#if (NGX_PROXY_PROTOCOL) -+ -+ { ngx_string("send_proxy_protocol"), -+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_HTTP_LOC_CONF|NGX_CONF_FLAG, -+ ngx_conf_set_flag_slot, -+ NGX_HTTP_LOC_CONF_OFFSET, -+ offsetof(ngx_http_proxy_loc_conf_t, upstream.send_proxy_protocol), -+ NULL }, -+ -+#endif -+ - #if (NGX_HTTP_CACHE) - - { ngx_string("proxy_cache"), -@@ -2420,6 +2433,11 @@ ngx_http_proxy_create_loc_conf(ngx_conf_ - conf->upstream.pass_headers = NGX_CONF_UNSET_PTR; - - conf->upstream.intercept_errors = NGX_CONF_UNSET; -+ -+#if (NGX_PROXY_PROTOCOL) -+ conf->upstream.send_proxy_protocol = NGX_CONF_UNSET; -+#endif -+ - #if (NGX_HTTP_SSL) - conf->upstream.ssl_session_reuse = NGX_CONF_UNSET; - #endif -@@ -2695,6 +2713,11 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t - ngx_conf_merge_value(conf->upstream.intercept_errors, - prev->upstream.intercept_errors, 0); - -+#if (NGX_PROXY_PROTOCOL) -+ ngx_conf_merge_value(conf->upstream.send_proxy_protocol, -+ prev->upstream.send_proxy_protocol, 0); -+#endif -+ - #if (NGX_HTTP_SSL) - ngx_conf_merge_value(conf->upstream.ssl_session_reuse, - prev->upstream.ssl_session_reuse, 1); -Index: nginx-1.4.7/src/http/ngx_http.c -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http.c -+++ nginx-1.4.7/src/http/ngx_http.c -@@ -1228,6 +1228,9 @@ ngx_http_add_addresses(ngx_conf_t *cf, n - #if (NGX_HTTP_SPDY) - ngx_uint_t spdy; - #endif -+#if (NGX_PROXY_PROTOCOL) -+ ngx_uint_t accept_proxy_protocol; -+#endif - - /* - * we cannot compare whole sockaddr struct's as kernel -@@ -1283,6 +1286,10 @@ ngx_http_add_addresses(ngx_conf_t *cf, n - #if (NGX_HTTP_SPDY) - spdy = lsopt->spdy || addr[i].opt.spdy; - #endif -+#if (NGX_PROXY_PROTOCOL) -+ accept_proxy_protocol = lsopt->accept_proxy_protocol -+ || addr[i].opt.accept_proxy_protocol; -+#endif - - if (lsopt->set) { - -@@ -1316,6 +1323,9 @@ ngx_http_add_addresses(ngx_conf_t *cf, n - #if (NGX_HTTP_SPDY) - addr[i].opt.spdy = spdy; - #endif -+#if (NGX_PROXY_PROTOCOL) -+ addr[i].opt.accept_proxy_protocol = accept_proxy_protocol; -+#endif - - return NGX_OK; - } -@@ -1762,6 +1772,11 @@ ngx_http_add_listening(ngx_conf_t *cf, n - ls->pool_size = cscf->connection_pool_size; - ls->post_accept_timeout = cscf->client_header_timeout; - -+#if (NGX_PROXY_PROTOCOL) -+// CLEANUP: ls->accept_proxy_protocol = cscf->accept_proxy_protocol; -+ ls->accept_proxy_protocol = addr->opt.accept_proxy_protocol; -+#endif -+ - clcf = cscf->ctx->loc_conf[ngx_http_core_module.ctx_index]; - - ls->logp = clcf->error_log; -@@ -1840,6 +1855,9 @@ ngx_http_add_addrs(ngx_conf_t *cf, ngx_h - #if (NGX_HTTP_SPDY) - addrs[i].conf.spdy = addr[i].opt.spdy; - #endif -+#if (NGX_PROXY_PROTOCOL) -+ addrs[i].conf.accept_proxy_protocol = addr[i].opt.accept_proxy_protocol; -+#endif - - if (addr[i].hash.buckets == NULL - && (addr[i].wc_head == NULL -@@ -1904,6 +1922,9 @@ ngx_http_add_addrs6(ngx_conf_t *cf, ngx_ - #if (NGX_HTTP_SPDY) - addrs6[i].conf.spdy = addr[i].opt.spdy; - #endif -+#if (NGX_PROXY_PROTOCOL) -+ addrs6[i].conf.accept_proxy_protocol = addr[i].opt.accept_proxy_protocol; -+#endif - - if (addr[i].hash.buckets == NULL - && (addr[i].wc_head == NULL -Index: nginx-1.4.7/src/http/ngx_http_core_module.c -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_core_module.c -+++ nginx-1.4.7/src/http/ngx_http_core_module.c -@@ -4090,6 +4090,15 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx - continue; - } - -+#if (NGX_PROXY_PROTOCOL) -+ if (ngx_strncmp(value[n].data, "accept_proxy_protocol=on", 24) == 0) { -+ lsopt.accept_proxy_protocol = 1; -+ lsopt.set = 1; -+ lsopt.bind = 1; -+ continue; -+ } -+#endif -+ - if (ngx_strncmp(value[n].data, "ipv6only=o", 10) == 0) { - #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY) - struct sockaddr *sa; -Index: nginx-1.4.7/src/http/ngx_http_core_module.h -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_core_module.h -+++ nginx-1.4.7/src/http/ngx_http_core_module.h -@@ -78,6 +78,11 @@ typedef struct { - #if (NGX_HTTP_SPDY) - unsigned spdy:1; - #endif -+ -+#if (NGX_PROXY_PROTOCOL) -+ unsigned accept_proxy_protocol:2; -+#endif -+ - #if (NGX_HAVE_INET6 && defined IPV6_V6ONLY) - unsigned ipv6only:1; - #endif -@@ -234,6 +239,10 @@ struct ngx_http_addr_conf_s { - - ngx_http_virtual_names_t *virtual_names; - -+#if (NGX_PROXY_PROTOCOL) -+ ngx_flag_t accept_proxy_protocol; -+#endif -+ - #if (NGX_HTTP_SSL) - unsigned ssl:1; - #endif -Index: nginx-1.4.7/src/http/ngx_http_request.c -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_request.c -+++ nginx-1.4.7/src/http/ngx_http_request.c -@@ -63,6 +63,9 @@ static void ngx_http_ssl_handshake(ngx_e - static void ngx_http_ssl_handshake_handler(ngx_connection_t *c); - #endif - -+#if (NGX_PROXY_PROTOCOL) -+static void ngx_http_proxy_protocol(ngx_event_t *rev); -+#endif - - static char *ngx_http_client_errors[] = { - -@@ -343,6 +346,14 @@ ngx_http_init_connection(ngx_connection_ - } - #endif - -+#if (NGX_PROXY_PROTOCOL) -+ { -+ if (hc->addr_conf->accept_proxy_protocol) { -+ rev->handler = ngx_http_proxy_protocol; -+ } -+ } -+#endif -+ - if (rev->ready) { - /* the deferred accept(), rtsig, aio, iocp */ - -@@ -364,7 +375,6 @@ ngx_http_init_connection(ngx_connection_ - } - } - -- - static void - ngx_http_wait_request_handler(ngx_event_t *rev) - { -@@ -469,6 +479,12 @@ ngx_http_wait_request_handler(ngx_event_ - } - - rev->handler = ngx_http_process_request_line; -+ -+#if (NGX_PROXY_PROTOCOL) -+ if (hc->addr_conf->accept_proxy_protocol) -+ rev->handler = ngx_http_proxy_protocol; -+#endif -+ - ngx_http_process_request_line(rev); - } - -@@ -582,6 +598,67 @@ ngx_http_create_request(ngx_connection_t - return r; - } - -+#if (NGX_PROXY_PROTOCOL) -+ -+static void -+ngx_http_proxy_protocol(ngx_event_t *rev) -+{ -+ ssize_t n; -+ size_t size = 1024; -+ u_char tmpbuf[size]; -+ ngx_connection_t *c; -+ ngx_http_connection_t *hc; -+ -+ c = rev->data; -+ hc = c->data; -+ rev->handler = ngx_http_wait_request_handler; -+ -+#if (NGX_HTTP_SPDY) -+ { -+ if (hc->addr_conf->spdy) { -+ rev->handler = ngx_http_spdy_init; -+ } -+ } -+#endif -+ -+#if (NGX_HTTP_SSL) -+ { -+ if (hc->addr_conf->ssl) { -+ rev->handler = ngx_http_ssl_handshake; -+ } -+ } -+#endif -+ -+ n = recv(c->fd, tmpbuf, size, MSG_PEEK); -+ -+ if ((n <= 0) && (c->listening) -+ && (hc->addr_conf->accept_proxy_protocol) -+ && (!c->proxy_protocol)) { -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_http_proxy_protocol: pp required but not found"); -+ return; -+ } -+ if ((n > 0) && (c->listening) -+ && (hc->addr_conf->accept_proxy_protocol) -+ && (!c->proxy_protocol)) { -+ ssize_t m; -+ if (!(m = ngx_recv_proxy_protocol(c, tmpbuf, n))) { -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_http_proxy_protocol: pp required but not found"); -+ ngx_http_close_connection(c); -+ return; -+ } -+ ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, 0, "ngx_http_proxy_protocol: pp required and found"); -+ -+ c->proxy_protocol = 1; -+ -+ /* strip the proxy protocol string from the buffer */ -+ recv(c->fd, tmpbuf, m, 0); -+ } -+ -+ rev->handler(rev); -+} -+ -+#endif -+ - - #if (NGX_HTTP_SSL) - -Index: nginx-1.4.7/src/http/ngx_http_upstream.c -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_upstream.c -+++ nginx-1.4.7/src/http/ngx_http_upstream.c -@@ -31,6 +31,10 @@ static ngx_int_t ngx_http_upstream_reini - ngx_http_upstream_t *u); - static void ngx_http_upstream_send_request(ngx_http_request_t *r, - ngx_http_upstream_t *u); -+#if (NGX_PROXY_PROTOCOL) -+static void ngx_http_upstream_send_proxy_protocol(ngx_http_request_t *r, -+ ngx_http_upstream_t *u); -+#endif - static void ngx_http_upstream_send_request_handler(ngx_http_request_t *r, - ngx_http_upstream_t *u); - static void ngx_http_upstream_process_header(ngx_http_request_t *r, -@@ -1255,6 +1259,13 @@ ngx_http_upstream_connect(ngx_http_reque - - u->request_sent = 0; - -+#if (NGX_PROXY_PROTOCOL) -+ if (u->conf->send_proxy_protocol && !(u->ssl && c->ssl == NULL)) { -+ ngx_http_upstream_send_proxy_protocol(r, u); -+ return; -+ } -+#endif -+ - if (rc == NGX_AGAIN) { - ngx_add_timer(c->write, u->conf->connect_timeout); - return; -@@ -1498,6 +1509,228 @@ ngx_http_upstream_send_request(ngx_http_ - } - - -+#if (NGX_PROXY_PROTOCOL) -+ -+static void -+ngx_http_upstream_send_proxy_protocol(ngx_http_request_t *r, ngx_http_upstream_t *u) -+{ -+ size_t len; -+ ngx_int_t rc; -+ ngx_connection_t *uc; -+ ngx_connection_t *cc; -+ ngx_chain_t *pp_string; -+ ngx_proxy_protocol_t pp; -+ ngx_buf_t *b; -+ char port[6]; -+ u_char *addr; -+ struct sockaddr_storage sa_src; -+ struct sockaddr_storage sa_dst; -+ socklen_t addrlen = NGX_SOCKADDRLEN; -+ struct sockaddr_in *sin_src; -+ struct sockaddr_in *sin_dst; -+ -+#if (NGX_HAVE_INET6) -+ -+ struct sockaddr_in6 *sin6_src; -+ struct sockaddr_in6 *sin6_dst; -+ -+#endif -+ -+ -+ uc = u->peer.connection; -+ cc = r->connection; -+ -+ if ( !(u->conf->send_proxy_protocol) ) { -+ return; -+ } -+ -+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, uc->log, 0, -+ "http upstream send proxy protocol"); -+ -+ if (!u->request_sent && ngx_http_upstream_test_connect(uc) != NGX_OK) { -+ ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR); -+ return; -+ } -+ -+ uc->log->action = "sending proxy protocol to upstream"; -+ -+ len = 0; -+ -+ if (r->connection->proxy_protocol) { -+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, uc->log, 0, -+ "PP: got proxy-protocol from client connection"); -+ -+ switch (cc->sockaddr->sa_family) { -+ -+#if (NGX_HAVE_INET6) -+ -+ case AF_INET6: -+ -+ pp.pp_proto = NGX_PP_PROTO_TCP6; -+ sin6_dst = (struct sockaddr_in6 *) cc->local_sockaddr; -+ sin6_src = (struct sockaddr_in6 *) cc->sockaddr; -+ -+ break; -+ -+#endif -+ -+ default: -+ pp.pp_proto = NGX_PP_PROTO_TCP4; -+ sin_dst = (struct sockaddr_in *) cc->local_sockaddr; -+ sin_src = (struct sockaddr_in *) cc->sockaddr; -+ -+ } -+ -+ } else { -+ -+ ngx_log_debug0(NGX_LOG_DEBUG_HTTP, uc->log, 0, -+ "PP: collecting information from socket fd"); -+ -+ getsockname(cc->fd, (struct sockaddr *) &sa_dst, &addrlen); -+ -+ switch (sa_dst.ss_family) { -+ -+#if (NGX_HAVE_INET6) -+ -+ case AF_INET6: -+ -+ pp.pp_proto = NGX_PP_PROTO_TCP6; -+ sin6_dst = (struct sockaddr_in6 *) &sa_dst; -+ -+ getpeername(cc->fd, (struct sockaddr *) &sa_src, &addrlen); -+ sin6_src = (struct sockaddr_in6 *) &sa_src; -+ -+ break; -+ -+#endif -+ -+ default: -+ -+ pp.pp_proto = NGX_PP_PROTO_TCP4; -+ sin_dst = (struct sockaddr_in *) &sa_dst; -+ getpeername(cc->fd, (struct sockaddr *) &sa_src, &addrlen); -+ sin_src = (struct sockaddr_in *) &sa_src; -+ } -+ -+ -+ } -+ -+ switch (pp.pp_proto) { -+ -+#if (NGX_HAVE_INET6) -+ -+ case NGX_PP_PROTO_TCP6: -+ -+ /* dst3 and dst4 */ -+ addr = ngx_pcalloc(r->pool, NGX_INET6_ADDRSTRLEN); -+ ngx_inet_ntop(AF_INET6, &sin6_dst->sin6_addr, addr, NGX_INET6_ADDRSTRLEN); -+ pp.pp_dst3_text.data = ngx_pcalloc(r->pool, NGX_INET6_ADDRSTRLEN); -+ pp.pp_dst3_text.len = ngx_strlen(addr); -+ ngx_memcpy(pp.pp_dst3_text.data, addr, pp.pp_dst3_text.len); -+ pp.pp_dst4 = htons(sin6_dst->sin6_port); -+ -+ ngx_memzero(addr, NGX_INET6_ADDRSTRLEN); -+ -+ /* src3 and src4 */ -+ ngx_inet_ntop(AF_INET6, &sin6_src->sin6_addr, addr, NGX_INET6_ADDRSTRLEN); -+ pp.pp_src3_text.data = ngx_pcalloc(r->pool, NGX_INET6_ADDRSTRLEN); -+ pp.pp_src3_text.len = ngx_strlen(addr); -+ ngx_memcpy(pp.pp_src3_text.data, addr, pp.pp_src3_text.len); -+ pp.pp_src4 = htons(sin6_src->sin6_port); -+ -+ break; -+ -+#endif -+ -+ default: -+ -+ /* dst3 and dst4 */ -+ addr = ngx_pcalloc(r->pool, NGX_INET_ADDRSTRLEN); -+ ngx_inet_ntop(AF_INET, &sin_dst->sin_addr, addr, NGX_INET_ADDRSTRLEN); -+ pp.pp_dst3_text.data = ngx_pcalloc(r->pool, NGX_INET_ADDRSTRLEN); -+ pp.pp_dst3_text.len = ngx_strlen(addr); -+ ngx_memcpy(pp.pp_dst3_text.data, addr, pp.pp_dst3_text.len); -+ pp.pp_dst4 = htons(sin_dst->sin_port); -+ -+ ngx_memzero(addr, NGX_INET_ADDRSTRLEN); -+ -+ /* src3 and src4 */ -+ ngx_inet_ntop(AF_INET, &sin_src->sin_addr, addr, NGX_INET_ADDRSTRLEN); -+ pp.pp_src3_text.data = ngx_pcalloc(r->pool, NGX_INET_ADDRSTRLEN); -+ pp.pp_src3_text.len = ngx_strlen(addr); -+ ngx_memcpy(pp.pp_src3_text.data, addr, pp.pp_src3_text.len); -+ pp.pp_src4 = htons(sin_src->sin_port); -+ -+ } -+ -+ len += ngx_proxy_protocol_string_length(&pp); -+ -+ ngx_print_proxy_protocol(&pp, uc->log); -+ -+ b = ngx_create_temp_buf(uc->pool, len); -+ if (b == NULL) { -+ return; -+ } -+ -+ pp_string = ngx_alloc_chain_link(uc->pool); -+ if (pp_string == NULL) { -+ return; -+ } -+ -+ pp_string->buf = b; -+ pp_string->next = NULL; -+ -+ b->last = ngx_cpymem(b->last, "PROXY ", sizeof("PROXY ") - 1); -+ -+ switch (pp.pp_proto) { -+ case NGX_PP_PROTO_TCP4: -+ b->last = ngx_cpymem(b->last, "TCP4 ", sizeof("TCP4 ") - 1); -+ break; -+ case NGX_PP_PROTO_TCP6: -+ b->last = ngx_cpymem(b->last, "TCP6 ", sizeof("TCP6 ") - 1); -+ break; -+ } -+ -+ /* src3 */ -+ b->last = ngx_cpymem(b->last, pp.pp_src3_text.data, pp.pp_src3_text.len); -+ b->last = ngx_cpymem(b->last, " ", 1); -+ -+ /* dst3 */ -+ b->last = ngx_cpymem(b->last, pp.pp_dst3_text.data, pp.pp_dst3_text.len); -+ b->last = ngx_cpymem(b->last, " ", 1); -+ -+ /* src4 */ -+ ngx_memzero(port, 6); -+ sprintf(port,"%d", pp.pp_src4); -+ b->last = ngx_cpymem(b->last, port, strlen(port)); -+ b->last = ngx_cpymem(b->last, " ", 1); -+ -+ /* dst4 */ -+ ngx_memzero(port, 6); -+ sprintf(port,"%d", pp.pp_dst4); -+ b->last = ngx_cpymem(b->last, port, strlen(port)); -+ -+ /* CRLF */ -+ b->last = ngx_cpymem(b->last, CRLF, sizeof(CRLF) - 1); -+ -+ ngx_log_debug3(NGX_LOG_DEBUG_HTTP, uc->log, 0, -+ "http upstream send proxy protocol: %d -%*s-", -+ ngx_proxy_protocol_string_length(&pp), -+ ngx_proxy_protocol_string_length(&pp) - 2, -+ b->start); -+ -+ rc = ngx_output_chain(&u->output, pp_string); -+ -+ if (rc == NGX_ERROR) { -+ ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR); -+ return; -+ } -+ -+} -+ -+#endif -+ -+ - static void - ngx_http_upstream_send_request_handler(ngx_http_request_t *r, - ngx_http_upstream_t *u) -Index: nginx-1.4.7/src/http/ngx_http_upstream.h -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_upstream.h -+++ nginx-1.4.7/src/http/ngx_http_upstream.h -@@ -188,6 +188,10 @@ typedef struct { - unsigned intercept_404:1; - unsigned change_buffering:1; - -+#if (NGX_PROXY_PROTOCOL) -+ ngx_flag_t send_proxy_protocol; -+#endif -+ - #if (NGX_HTTP_SSL) - ngx_ssl_t *ssl; - ngx_flag_t ssl_session_reuse; -Index: nginx-1.4.7/auto/cc/gcc -=================================================================== ---- nginx-1.4.7.orig/auto/cc/gcc -+++ nginx-1.4.7/auto/cc/gcc -@@ -168,7 +168,7 @@ esac - - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+CFLAGS="$CFLAGS" - - # debug - CFLAGS="$CFLAGS -g" -Index: nginx-1.4.7/auto/cc/icc -=================================================================== ---- nginx-1.4.7.orig/auto/cc/icc -+++ nginx-1.4.7/auto/cc/icc -@@ -115,7 +115,7 @@ case "$NGX_ICC_VER" in - esac - - # stop on warning --CFLAGS="$CFLAGS -Werror" -+CFLAGS="$CFLAGS " - - # debug - CFLAGS="$CFLAGS -g" diff --git a/net/nginx/patches/401-nginx-1.4.0-syslog.patch b/net/nginx/patches/401-nginx-1.4.0-syslog.patch deleted file mode 100644 index 941c79aee..000000000 --- a/net/nginx/patches/401-nginx-1.4.0-syslog.patch +++ /dev/null @@ -1,698 +0,0 @@ -Index: nginx-1.4.7/src/core/ngx_cycle.c -=================================================================== ---- nginx-1.4.7.orig/src/core/ngx_cycle.c -+++ nginx-1.4.7/src/core/ngx_cycle.c -@@ -85,6 +85,12 @@ ngx_init_cycle(ngx_cycle_t *old_cycle) - cycle->pool = pool; - cycle->log = log; - cycle->new_log.log_level = NGX_LOG_ERR; -+#if (NGX_ENABLE_SYSLOG) -+ cycle->new_log.facility = SYSLOG_FACILITY; -+ cycle->new_log.facility = ERR_SYSLOG_PRIORITY; -+ cycle->new_log.syslog_on = 0; -+ cycle->new_log.syslog_set = 0; -+#endif - cycle->old_cycle = old_cycle; - - cycle->conf_prefix.len = old_cycle->conf_prefix.len; -Index: nginx-1.4.7/src/core/ngx_log.c -=================================================================== ---- nginx-1.4.7.orig/src/core/ngx_log.c -+++ nginx-1.4.7/src/core/ngx_log.c -@@ -10,6 +10,15 @@ - - - static char *ngx_error_log(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); -+#if (NGX_ENABLE_SYSLOG) -+static char *ngx_set_syslog(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); -+void log_exit(ngx_cycle_t *cycle); -+ -+typedef struct{ -+ ngx_str_t name; -+ ngx_int_t macro; -+} ngx_string_to_macro_t; -+#endif - - - static ngx_command_t ngx_errlog_commands[] = { -@@ -21,6 +30,15 @@ static ngx_command_t ngx_errlog_command - 0, - NULL}, - -+#if (NGX_ENABLE_SYSLOG) -+ {ngx_string("syslog"), -+ NGX_MAIN_CONF|NGX_CONF_TAKE12, -+ ngx_set_syslog, -+ 0, -+ 0, -+ NULL}, -+#endif -+ - ngx_null_command - }; - -@@ -43,7 +61,11 @@ ngx_module_t ngx_errlog_module = { - NULL, /* init thread */ - NULL, /* exit thread */ - NULL, /* exit process */ -- NULL, /* exit master */ -+#if (NGX_ENABLE_SYSLOG) -+ log_exit, /* exit master */ -+#else -+ NULL, -+#endif - NGX_MODULE_V1_PADDING - }; - -@@ -52,6 +74,48 @@ static ngx_log_t ngx_log; - static ngx_open_file_t ngx_log_file; - ngx_uint_t ngx_use_stderr = 1; - -+#if (NGX_ENABLE_SYSLOG) -+static ngx_string_to_macro_t ngx_syslog_facilities[] = { -+ {ngx_string("auth"), LOG_AUTH}, -+#if !(NGX_SOLARIS) -+ {ngx_string("authpriv"), LOG_AUTHPRIV}, -+#endif -+ {ngx_string("cron"), LOG_CRON}, -+ {ngx_string("daemon"), LOG_DAEMON}, -+#if !(NGX_SOLARIS) -+ {ngx_string("ftp"), LOG_FTP}, -+#endif -+ {ngx_string("kern"), LOG_KERN}, -+ {ngx_string("local0"), LOG_LOCAL0}, -+ {ngx_string("local1"), LOG_LOCAL1}, -+ {ngx_string("local2"), LOG_LOCAL2}, -+ {ngx_string("local3"), LOG_LOCAL3}, -+ {ngx_string("local4"), LOG_LOCAL4}, -+ {ngx_string("local5"), LOG_LOCAL5}, -+ {ngx_string("local6"), LOG_LOCAL6}, -+ {ngx_string("local7"), LOG_LOCAL7}, -+ {ngx_string("lpr"), LOG_LPR}, -+ {ngx_string("mail"), LOG_MAIL}, -+ {ngx_string("news"), LOG_NEWS}, -+ {ngx_string("syslog"), LOG_SYSLOG}, -+ {ngx_string("user"), LOG_USER}, -+ {ngx_string("uucp"), LOG_UUCP}, -+ { ngx_null_string, 0} -+}; -+ -+static ngx_string_to_macro_t ngx_syslog_priorities[] = { -+ {ngx_string("emerg"), LOG_EMERG}, -+ {ngx_string("alert"), LOG_ALERT}, -+ {ngx_string("crit"), LOG_CRIT}, -+ {ngx_string("error"), LOG_ERR}, -+ {ngx_string("err"), LOG_ERR}, -+ {ngx_string("warn"), LOG_WARNING}, -+ {ngx_string("notice"),LOG_NOTICE}, -+ {ngx_string("info"), LOG_INFO}, -+ {ngx_string("debug"), LOG_DEBUG}, -+ { ngx_null_string, 0} -+}; -+#endif - - static ngx_str_t err_levels[] = { - ngx_null_string, -@@ -89,11 +153,16 @@ ngx_log_error_core(ngx_uint_t level, ngx - va_list args; - #endif - u_char *p, *last, *msg; -+#if (NGX_ENABLE_SYSLOG) -+ u_char *errstr_syslog; -+#endif - u_char errstr[NGX_MAX_ERROR_STR]; - -+#if !(NGX_ENABLE_SYSLOG) - if (log->file->fd == NGX_INVALID_FILE) { - return; - } -+#endif - - last = errstr + NGX_MAX_ERROR_STR; - -@@ -102,6 +171,10 @@ ngx_log_error_core(ngx_uint_t level, ngx - - p = errstr + ngx_cached_err_log_time.len; - -+#if (NGX_ENABLE_SYSLOG) -+ errstr_syslog = p; -+#endif -+ - p = ngx_slprintf(p, last, " [%V] ", &err_levels[level]); - - /* pid#tid */ -@@ -140,11 +213,27 @@ ngx_log_error_core(ngx_uint_t level, ngx - - ngx_linefeed(p); - -+#if (NGX_ENABLE_SYSLOG) -+ if (log->file != NULL && log->file->name.len != 0) { - (void) ngx_write_fd(log->file->fd, errstr, p - errstr); -+ } -+ -+ /* Don't send the debug level info to syslog */ -+ if (log->syslog_on && level < NGX_LOG_DEBUG) { -+ /* write to syslog */ -+ syslog(log->priority, "%.*s", (int)(p - errstr_syslog), errstr_syslog); -+ } -+#else -+ (void) ngx_write_fd(log->file->fd, errstr, p - errstr); -+#endif - - if (!ngx_use_stderr - || level > NGX_LOG_WARN -+#if (NGX_ENABLE_SYSLOG) -+ || (log->file != NULL && log->file->fd == ngx_stderr)) -+#else - || log->file->fd == ngx_stderr) -+#endif - { - return; - } -@@ -367,6 +456,50 @@ ngx_log_create(ngx_cycle_t *cycle, ngx_s - } - - -+#if (NGX_ENABLE_SYSLOG) -+ngx_int_t -+ngx_log_get_priority(ngx_conf_t *cf, ngx_str_t *priority) -+{ -+ ngx_int_t p = 0; -+ ngx_uint_t n, match = 0; -+ -+ for (n = 0; ngx_syslog_priorities[n].name.len != 0; n++) { -+ if (ngx_strncmp(priority->data, ngx_syslog_priorities[n].name.data, -+ ngx_syslog_priorities[n].name.len) == 0) { -+ p = ngx_syslog_priorities[n].macro; -+ match = 1; -+ } -+ } -+ -+ if (!match) { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "invalid syslog priority \"%V\"", priority); -+ return -1; -+ } -+ -+ return p; -+} -+ -+ -+char * -+ngx_log_set_priority(ngx_conf_t *cf, ngx_str_t *priority, ngx_log_t *log) -+{ -+ log->priority = ERR_SYSLOG_PRIORITY; -+ -+ if (priority->len == 0) { -+ return NGX_CONF_OK; -+ } -+ -+ log->priority = ngx_log_get_priority(cf, priority); -+ if (log->priority == (-1)) { -+ return NGX_CONF_ERROR; -+ } -+ -+ return NGX_CONF_OK; -+} -+#endif -+ -+ - char * - ngx_log_set_levels(ngx_conf_t *cf, ngx_log_t *log) - { -@@ -429,6 +562,13 @@ static char * - ngx_error_log(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) - { - ngx_str_t *value, name; -+#if (NGX_ENABLE_SYSLOG) -+ u_char *off = NULL; -+ ngx_str_t priority; -+ -+ ngx_str_null(&name); -+ ngx_str_null(&priority); -+#endif - - if (cf->cycle->new_log.file) { - return "is duplicate"; -@@ -436,7 +576,44 @@ ngx_error_log(ngx_conf_t *cf, ngx_comman - - value = cf->args->elts; - -+#if (NGX_ENABLE_SYSLOG) -+ if (ngx_strncmp(value[1].data, "syslog", sizeof("syslog") - 1) == 0) { -+ if (!cf->cycle->new_log.syslog_set) { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "You must set the syslog directive and enable it first."); -+ return NGX_CONF_ERROR; -+ } -+ -+ cf->cycle->new_log.syslog_on = 1; -+ -+ if (value[1].data[sizeof("syslog") - 1] == ':') { -+ priority.len = value[1].len - sizeof("syslog"); -+ priority.data = value[1].data + sizeof("syslog"); -+ -+ off = (u_char *)ngx_strchr(priority.data, (int) '|'); -+ if (off != NULL) { -+ priority.len = off - priority.data; -+ -+ off++; -+ name.len = value[1].data + value[1].len - off; -+ name.data = off; -+ } -+ } -+ else { -+ if (value[1].len > sizeof("syslog")) { -+ name.len = value[1].len - sizeof("syslog"); -+ name.data = value[1].data + sizeof("syslog"); -+ } -+ } -+ -+ if (ngx_log_set_priority(cf, &priority, &cf->cycle->new_log) == NGX_CONF_ERROR) { -+ return NGX_CONF_ERROR; -+ } -+ } -+ else if (ngx_strcmp(value[1].data, "stderr") == 0) { -+#else - if (ngx_strcmp(value[1].data, "stderr") == 0) { -+#endif - ngx_str_null(&name); - - } else { -@@ -457,3 +634,63 @@ ngx_error_log(ngx_conf_t *cf, ngx_comman - - return ngx_log_set_levels(cf, &cf->cycle->new_log); - } -+ -+ -+#if (NGX_ENABLE_SYSLOG) -+ -+#define SYSLOG_IDENT_NAME "nginx" -+ -+static char * -+ngx_set_syslog(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) -+{ -+ char *program; -+ ngx_str_t *value; -+ ngx_int_t facility, match = 0; -+ ngx_uint_t n; -+ -+ value = cf->args->elts; -+ -+ if (cf->cycle->new_log.syslog_set) { -+ return "is duplicate"; -+ } -+ -+ cf->cycle->new_log.syslog_set = 1; -+ -+ for (n = 0; ngx_syslog_facilities[n].name.len != 0; n++) { -+ if (ngx_strncmp(value[1].data, ngx_syslog_facilities[n].name.data, -+ ngx_syslog_facilities[n].name.len) == 0) { -+ facility = ngx_syslog_facilities[n].macro; -+ match = 1; -+ break; -+ } -+ } -+ -+ if (match) { -+ cf->cycle->new_log.facility = facility; -+ cf->cycle->new_log.priority = ERR_SYSLOG_PRIORITY; -+ } -+ else { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "invalid syslog facility \"%V\"", &value[1]); -+ return NGX_CONF_ERROR; -+ } -+ -+ program = SYSLOG_IDENT_NAME; -+ if (cf->args->nelts > 2) { -+ program = (char *) value[2].data; -+ } -+ -+ openlog(program, LOG_ODELAY, facility); -+ -+ return NGX_CONF_OK; -+} -+ -+ -+void log_exit(ngx_cycle_t *cycle) -+{ -+ if (cycle->new_log.syslog_set) { -+ closelog(); -+ } -+} -+#endif -+ -Index: nginx-1.4.7/src/core/ngx_log.h -=================================================================== ---- nginx-1.4.7.orig/src/core/ngx_log.h -+++ nginx-1.4.7/src/core/ngx_log.h -@@ -12,6 +12,13 @@ - #include <ngx_config.h> - #include <ngx_core.h> - -+#if (NGX_ENABLE_SYSLOG) -+#include <syslog.h> -+ -+#define SYSLOG_FACILITY LOG_LOCAL5 -+#define ERR_SYSLOG_PRIORITY LOG_ERR -+#endif -+ - - #define NGX_LOG_STDERR 0 - #define NGX_LOG_EMERG 1 -@@ -61,6 +68,13 @@ struct ngx_log_s { - */ - - char *action; -+ -+#if (NGX_ENABLE_SYSLOG) -+ ngx_int_t priority; -+ ngx_int_t facility; -+ unsigned syslog_on:1; /* unsigned :1 syslog_on */ -+ unsigned syslog_set:1; /*unsigned :1 syslog_set */ -+#endif - }; - - -@@ -221,6 +235,10 @@ void ngx_cdecl ngx_log_debug_core(ngx_lo - - ngx_log_t *ngx_log_init(u_char *prefix); - ngx_log_t *ngx_log_create(ngx_cycle_t *cycle, ngx_str_t *name); -+#if (NGX_ENABLE_SYSLOG) -+ngx_int_t ngx_log_get_priority(ngx_conf_t *cf, ngx_str_t *priority); -+char * ngx_log_set_priority(ngx_conf_t *cf, ngx_str_t *priority, ngx_log_t *log); -+#endif - char *ngx_log_set_levels(ngx_conf_t *cf, ngx_log_t *log); - void ngx_cdecl ngx_log_abort(ngx_err_t err, const char *fmt, ...); - void ngx_cdecl ngx_log_stderr(ngx_err_t err, const char *fmt, ...); -Index: nginx-1.4.7/src/http/modules/ngx_http_log_module.c -=================================================================== ---- nginx-1.4.7.orig/src/http/modules/ngx_http_log_module.c -+++ nginx-1.4.7/src/http/modules/ngx_http_log_module.c -@@ -13,6 +13,11 @@ - #include <zlib.h> - #endif - -+#if (NGX_ENABLE_SYSLOG) -+#include <syslog.h> -+ -+#define HTTP_SYSLOG_PRIORITY LOG_NOTICE -+#endif - - typedef struct ngx_http_log_op_s ngx_http_log_op_t; - -@@ -67,6 +72,11 @@ typedef struct { - time_t disk_full_time; - time_t error_log_time; - ngx_http_log_fmt_t *format; -+ -+#if (NGX_ENABLE_SYSLOG) -+ ngx_int_t priority; -+ unsigned syslog_on:1; /* unsigned :1 syslog_on */ -+#endif - } ngx_http_log_t; - - -@@ -348,6 +358,14 @@ ngx_http_log_write(ngx_http_request_t *r - time_t now; - ssize_t n; - ngx_err_t err; -+ -+#if (NGX_ENABLE_SYSLOG) -+ n = 0; -+ if (log->syslog_on) { -+ syslog(log->priority, "%.*s", (int)len, buf); -+ } -+#endif -+ - #if (NGX_ZLIB) - ngx_http_log_buf_t *buffer; - #endif -@@ -355,6 +373,9 @@ ngx_http_log_write(ngx_http_request_t *r - if (log->script == NULL) { - name = log->file->name.data; - -+#if (NGX_ENABLE_SYSLOG) -+ if (name != NULL) { -+#endif - #if (NGX_ZLIB) - buffer = log->file->data; - -@@ -367,7 +388,11 @@ ngx_http_log_write(ngx_http_request_t *r - #else - n = ngx_write_fd(log->file->fd, buf, len); - #endif -- -+#if (NGX_ENABLE_SYSLOG) -+ } else { -+ n = len; -+ } -+#endif - } else { - name = NULL; - n = ngx_http_log_script_write(r, log->script, &name, buf, len); -@@ -1068,6 +1093,10 @@ ngx_http_log_merge_loc_conf(ngx_conf_t * - log->script = NULL; - log->disk_full_time = 0; - log->error_log_time = 0; -+#if (NGX_ENABLE_SYSLOG) -+ log->priority = HTTP_SYSLOG_PRIORITY; -+ log->syslog_on = 0; -+#endif - - lmcf = ngx_http_conf_get_module_main_conf(cf, ngx_http_log_module); - fmt = lmcf->formats.elts; -@@ -1096,6 +1125,13 @@ ngx_http_log_set_log(ngx_conf_t *cf, ngx - ngx_http_log_main_conf_t *lmcf; - ngx_http_script_compile_t sc; - -+#if (NGX_ENABLE_SYSLOG) -+ u_char *off; -+ ngx_str_t priority; -+ ngx_uint_t syslog_on = 0; -+ name = priority = (ngx_str_t)ngx_null_string; -+#endif -+ - value = cf->args->elts; - - if (ngx_strcmp(value[1].data, "off") == 0) { -@@ -1108,6 +1144,38 @@ ngx_http_log_set_log(ngx_conf_t *cf, ngx - "invalid parameter \"%V\"", &value[2]); - return NGX_CONF_ERROR; - } -+#if (NGX_ENABLE_SYSLOG) -+ else if (ngx_strncmp(value[1].data, "syslog", sizeof("syslog") - 1) == 0) { -+ if (!cf->cycle->new_log.syslog_set) { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "You must set the syslog directive and enable it first."); -+ return NGX_CONF_ERROR; -+ } -+ -+ syslog_on = 1; -+ if (value[1].data[sizeof("syslog") - 1] == ':') { -+ priority.len = value[1].len - sizeof("syslog"); -+ priority.data = value[1].data + sizeof("syslog"); -+ -+ off = (u_char*) ngx_strchr(priority.data, '|'); -+ if (off != NULL) { -+ priority.len = off - priority.data; -+ -+ off++; -+ name.len = value[1].data + value[1].len - off; -+ name.data = off; -+ } -+ } -+ else { -+ if (value[1].len > sizeof("syslog")) { -+ name.len = value[1].len - sizeof("syslog"); -+ name.data = value[1].data + sizeof("syslog"); -+ } -+ } -+ } else { -+ name = value[1]; -+ } -+#endif - - if (llcf->logs == NULL) { - llcf->logs = ngx_array_create(cf->pool, 2, sizeof(ngx_http_log_t)); -@@ -1125,6 +1193,52 @@ ngx_http_log_set_log(ngx_conf_t *cf, ngx - - ngx_memzero(log, sizeof(ngx_http_log_t)); - -+#if (NGX_ENABLE_SYSLOG) -+ log->syslog_on = syslog_on; -+ -+ if (priority.len == 0) { -+ log->priority = HTTP_SYSLOG_PRIORITY; -+ } -+ else { -+ log->priority = ngx_log_get_priority(cf, &priority); -+ } -+ -+ if (name.len != 0) { -+ n = ngx_http_script_variables_count(&name); -+ -+ if (n == 0) { -+ log->file = ngx_conf_open_file(cf->cycle, &name); -+ if (log->file == NULL) { -+ return NGX_CONF_ERROR; -+ } -+ } else { -+ if (ngx_conf_full_name(cf->cycle, &name, 0) != NGX_OK) { -+ return NGX_CONF_ERROR; -+ } -+ log->script = ngx_pcalloc(cf->pool, sizeof(ngx_http_log_script_t)); -+ if (log->script == NULL) { -+ return NGX_CONF_ERROR; -+ } -+ ngx_memzero(&sc, sizeof(ngx_http_script_compile_t)); -+ sc.cf = cf; -+ sc.source = &name; -+ sc.lengths = &log->script->lengths; -+ sc.values = &log->script->values; -+ sc.variables = n; -+ sc.complete_lengths = 1; -+ sc.complete_values = 1; -+ if (ngx_http_script_compile(&sc) != NGX_OK) { -+ return NGX_CONF_ERROR; -+ } -+ } -+ } -+ else { -+ log->file = ngx_conf_open_file(cf->cycle, &name); -+ if (log->file == NULL) { -+ return NGX_CONF_ERROR; -+ } -+ } -+#else - n = ngx_http_script_variables_count(&value[1]); - - if (n == 0) { -@@ -1157,6 +1271,7 @@ ngx_http_log_set_log(ngx_conf_t *cf, ngx - return NGX_CONF_ERROR; - } - } -+#endif - - if (cf->args->nelts >= 3) { - name = value[2]; -Index: nginx-1.4.7/src/http/ngx_http_core_module.c -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_core_module.c -+++ nginx-1.4.7/src/http/ngx_http_core_module.c -@@ -1462,6 +1462,9 @@ ngx_http_update_location_config(ngx_http - - if (r == r->main) { - ngx_http_set_connection_log(r->connection, clcf->error_log); -+#if (NGX_ENABLE_SYSLOG) -+ r->connection->log->priority = clcf->error_log->priority; -+#endif - } - - if ((ngx_io.flags & NGX_IO_SENDFILE) && clcf->sendfile) { -@@ -4901,6 +4904,15 @@ ngx_http_core_error_log(ngx_conf_t *cf, - - ngx_str_t *value, name; - -+#if (NGX_ENABLE_SYSLOG) -+ u_char *off = NULL; -+ ngx_int_t syslog_on = 0; -+ ngx_str_t priority; -+ -+ name = priority = (ngx_str_t) ngx_null_string; -+#endif -+ -+ - if (clcf->error_log) { - return "is duplicate"; - } -@@ -4910,6 +4922,36 @@ ngx_http_core_error_log(ngx_conf_t *cf, - if (ngx_strcmp(value[1].data, "stderr") == 0) { - ngx_str_null(&name); - -+#if (NGX_ENABLE_SYSLOG) -+ } else if (ngx_strncmp(value[1].data, "syslog", sizeof("syslog") - 1) == 0) { -+ if (!cf->cycle->new_log.syslog_set) { -+ ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, -+ "You must set the syslog directive and enable it first."); -+ return NGX_CONF_ERROR; -+ } -+ -+ syslog_on = 1; -+ -+ if (value[1].data[sizeof("syslog") - 1] == ':') { -+ priority.len = value[1].len - sizeof("syslog"); -+ priority.data = value[1].data + sizeof("syslog"); -+ -+ off = (u_char*) ngx_strchr(priority.data, '|'); -+ if (off != NULL) { -+ priority.len = off - priority.data; -+ -+ off++; -+ name.len = value[1].data + value[1].len - off; -+ name.data = off; -+ } -+ } -+ else { -+ if (value[1].len > sizeof("syslog")) { -+ name.len = value[1].len - sizeof("syslog"); -+ name.data = value[1].data + sizeof("syslog"); -+ } -+ } -+#endif - } else { - name = value[1]; - } -@@ -4919,6 +4961,17 @@ ngx_http_core_error_log(ngx_conf_t *cf, - return NGX_CONF_ERROR; - } - -+#if (NGX_ENABLE_SYSLOG) -+ if (syslog_on) { -+ clcf->error_log->syslog_on = 1; -+ if (ngx_log_set_priority(cf, &priority, clcf->error_log) == NGX_CONF_ERROR) { -+ return NGX_CONF_ERROR; -+ } -+ } -+ -+ clcf->error_log->log_level = 0; -+#endif -+ - if (cf->args->nelts == 2) { - clcf->error_log->log_level = NGX_LOG_ERR; - return NGX_CONF_OK; -Index: nginx-1.4.7/src/http/ngx_http_request.c -=================================================================== ---- nginx-1.4.7.orig/src/http/ngx_http_request.c -+++ nginx-1.4.7/src/http/ngx_http_request.c -@@ -533,6 +533,9 @@ ngx_http_create_request(ngx_connection_t - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - - ngx_http_set_connection_log(r->connection, clcf->error_log); -+#if (NGX_ENABLE_SYSLOG) -+ c->log->priority = clcf->error_log->priority; -+#endif - - r->header_in = hc->nbusy ? hc->busy[0] : c->buffer; - -@@ -872,6 +875,9 @@ ngx_http_ssl_servername(ngx_ssl_conn_t * - clcf = ngx_http_get_module_loc_conf(hc->conf_ctx, ngx_http_core_module); - - ngx_http_set_connection_log(c, clcf->error_log); -+#if (NGX_ENABLE_SYSLOG) -+ c->log->priority = clcf->error_log->priority; -+#endif - - sscf = ngx_http_get_module_srv_conf(hc->conf_ctx, ngx_http_ssl_module); - -@@ -2077,6 +2083,9 @@ ngx_http_set_virtual_server(ngx_http_req - clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); - - ngx_http_set_connection_log(r->connection, clcf->error_log); -+#if (NGX_ENABLE_SYSLOG) -+ r->connection->log->priority = clcf->error_log->priority; -+#endif - - return NGX_OK; - } |