Stefan Eissing [Fri, 13 May 2022 11:03:51 +0000 (11:03 +0000)]
*) mod_md: the `MDCertificateAuthority` directive can take more than one URL/name of
an ACME CA. This gives a failover for renewals when several consecutive attempts
to get a certificate failed.
A new directive was added: `MDRetryDelay` sets the delay of retries.
A new directive was added: `MDRetryFailover` sets the number of errored
attempts before an alternate CA is selected for certificate renewals.
This allows for multiple CPUs to handle the load, the number of requests and
concurrency level asked are distributed over the configured number of workers,
allowing for as much parallelism.
On unixes (only for now), -W0 will use all the CPUs available on the system.
To avoid synchronization during runtime, the stats and requests times are
gathered per worker and consolidated at the end of the run before being
printed.
Connection closes, keepalives and errors are now handled in a single place,
namely cleanup_connection(), which takes care of the good/bad state of each
request based on the response fully received or not.
When multiple workers are running, SIGINT is handled by the main thread only
and masked in workers, workers are asked to stop and woken up if waiting in
poll().
A single worker is started first to determine the connectivity with the peer,
if that fails (10 tries) ab will stop early still without starting the other
workers, otherwise the first worker will signal the main thread to start the
others.
Stefan Eissing [Wed, 27 Apr 2022 11:53:04 +0000 (11:53 +0000)]
*) mod_md: implement full auto status ("key: value" type status output).
Especially not only status summary counts for certificates and
OCSP stapling but also lists. Auto status format is similar to
what was used for mod_proxy_balancer.
added change desription for code added in r1900313.
Stefan Eissing [Wed, 27 Apr 2022 11:48:36 +0000 (11:48 +0000)]
*) mod_md: added support for managing certificates via a
local tailscale demon for users of that secure networking.
This gives trusted certificates for tailscale assigned
domain names in the *.ts.net space.
Joe Orton [Wed, 27 Apr 2022 07:45:01 +0000 (07:45 +0000)]
* modules/ssl/ssl_engine_io.c:
Drop noop functions for BIO methods mod_ssl doesn't implement.
OpenSSL handles missing BIO methods internally in BIO_xxxx() wrappers.
Consistently log at TRACE4 unhandled _ctrl commands, but note
these are not a "BUG" as in the previous log message.
core: Disable TCP_NOPUSH optimization on OSX. BZ 66019.
OSX supports TCP_NOPUSH but does not release the data retained (in TCP stack)
when the option is unset. It seems that unsetting it before the last write
does not help either so just disable the optimization for OSX in the core
output filter to avoid uncontrollable transmission delays.
* server/core_filters.c():
Add the sock_nopush() helper that does nothing on OSX and platforms not
supporting TCP_NOPUSH or TCP_CORK.
* server/core_filters.c(send_brigade_nonblocking):
Use sock_nopush() instead of apr_socket_opt_set() for APR_TCP_NOPUSH option.
Stefan Eissing [Tue, 19 Apr 2022 14:11:39 +0000 (14:11 +0000)]
* Implement full auto status ("key: value" type status output).
Especially not only status summary counts for certificates and
OCSP stapling but also lists. Auto status format is similar to
what was used for mod_proxy_balancer.
[Rainer Jung]
Stefan Eissing [Tue, 19 Apr 2022 10:17:05 +0000 (10:17 +0000)]
*) mod_http2: use new ap_sb_get_child_thread() to get child_num
and create unique h2 session identifiers in logging that stay
unique among re-activations of the master connection.
*) mod_heartmonitor: Set the documented default value
"10" for HeartbeatMaxServers instead of "0". With "0"
no shared memory slotmem was initialized. [Rainer Jung]
Stefan Eissing [Sat, 16 Apr 2022 10:09:59 +0000 (10:09 +0000)]
*) core: improved checks in ap_escape_quotes() for
extra long strings (or resulting strings) that
exceed ptrdiff_t ranges.
[Yann Ylavic, Stefan Eissing]
If children processes get killed (SIGSEGV/SIGABRT/..) early after starting or
frequently enough then we never enter perform_idle_server_maintenance() to
try something.
Below three successive children killed restart them immediately, above three
let's sleep the usual 1s (to avoid fork()s flood) and do the idle maintenance.
Stefan Eissing [Thu, 14 Apr 2022 10:12:20 +0000 (10:12 +0000)]
*) mod_http: on seeing EOC buckets in ap_http_header_filter(), further
analysis of the brigade is stopped. This means a RESPONSE will not
be generated (if that had not already happened due to other buckets).
Also, improve the `header_only` handling to cope with brigades that
contain buckets like `RESPONSE DATA EOS` in one pass.
Stefan Eissing [Wed, 13 Apr 2022 08:38:12 +0000 (08:38 +0000)]
*) mod_http2: use the new REQUEST buckets to forward request
on secondary connections. Use the now generic
ap_process_connection() in h2 workers to process those.
Stefan Eissing [Wed, 13 Apr 2022 07:40:17 +0000 (07:40 +0000)]
Merge PR 311:
*) core/mod_http: use REQUEST meta buckets and a new HTTP/1.x specific
input filter to separate the handling for HTTP requests from the
handling of HTTP/1.x request parsing and checks.
A new HTTP1_REQUEST_IN filter installs itself on http/1.1 connections
before a request is being read. It generates either a REQUEST meta
bucket on success or an ERROR bucket with the proposed response status.
The core connection processing, relying on ap_read_request(), now expects
a REQUEST or ERROR bucket from the input filters and is agnostic to
specific HTTP versions and how they bring requests into the server.
Joe Orton [Tue, 12 Apr 2022 15:43:04 +0000 (15:43 +0000)]
Remove libsystemd dependency from main httpd binary
Until this change httpd was linking libsystemd to the main httpd binary. If you want to run lightweight version of httpd in container, sometimes you just want to install
httpd binary with as little dependencies as possible to make container small in size and do not pull uncencessary dependencies and libraries.
This change will move all systemd library calls from listen.c to mod_systemd module and remove systemd linking from the main httpd bin.
Fixed mixed declaration and wrongly declared variable.
mpm_event: Fix accounting of active/total processes on ungraceful restart.
Children processes terminated by ap_{reclaim,relieve}_child_processes() were
were not un-accounted for total_daemons and active_daemons, which was done in
server_main_loop() only. This led to perform_idle_server_maintenance() thinking
it was over the limit of children processes and never create new ones.
Have this accounting right in event_note_child_{started,stopped}() which is
called both at runtime and reload time.
* server/mpm/event/event.c(struct event_retained_data):
Rename field max_daemons_limit to max_daemon_used to better describe what
it's about and to align with AP_MPMQ_MAX_DAEMON_USED.
* server/mpm/event/event.c(event_note_child_stopped):
Renamed from event_note_child_killed() to clarify that it's not only called
when a child is killed (i.e. on restart) but whenever a child has stopped.
* server/mpm/event/event.c(event_note_child_stopped):
Move decrementing {active,total}_daemons and marking child's threads as
SERVER_DEAD from server_main_loop() so that it's done both at runtime and
reload time. Log the current number/state of daemons at APLOG_DEBUG level
for each child stopped.
* server/mpm/event/event.c(event_note_child_started):
Move incrementing {active,total}_daemons from make_child() for symmetry,
given that make_child() calls event_note_child_started(). Log the current
number/state of daemons at APLOG_DEBUG level for each child started.
* server/mpm/event/event.c(perform_idle_server_maintenance):
Fix possible miscounting of retained->max_daemon_used accross the multiple
calls to perform_idle_server_maintenance() if ListenCoresBucketsRatio > 0.
Pass an int *max_daemon_used which starts at zero and is bumped consistently
for all the buckets, while retained->max_daemon_used is updated only after
all the buckets have been maintained.
* server/mpm/event/event.c(perform_idle_server_maintenance):
Use event_note_child_stopped() to handle exited children processes.
Stefan Eissing [Thu, 7 Apr 2022 10:55:09 +0000 (10:55 +0000)]
*) mod_http2: use the new RESPONSE buckets introduced in r1899648.
This replaces the internal H2_HEADERS bucket, removing its
source file and also obsoletes any interim response parsing
needs.
Stefan Eissing [Thu, 7 Apr 2022 10:41:46 +0000 (10:41 +0000)]
*) core/mod_http: use RESPONSE meta buckets and a new HTTP/1.x specific
filter to send responses through the output filter chain.
Specifically: the HTTP_HEADER output filter and ap_send_interim_response()
create a RESPONSE bucket and no longer are concerned with HTTP/1.x
serialization.
A new HTTP1_RESPONSE_OUT transcode filter writes the proper HTTP/1.x
bytes when dealing with a RESPONSE bucket. That filter installs itself
on the pre_read_request hook when the connection has protocol 'http/1.1'.
Stefan Eissing [Wed, 6 Apr 2022 09:17:42 +0000 (09:17 +0000)]
*) core: make ap_escape_quotes() work correctly on strings
with more than MAX_INT/2 characters, counting quotes double.
Credit to <generalbugs@zippenhop.com> for finding this.
* Report a broken backend in case reading the response line failed on the
first request on this connection otherwise we assume we have just run
into a keepalive race and the backend is still healthy.
* We need to set r->status on each call after we noticed an EOC as
data bucket generators like ap_die might have changed the status
code. But we know better in this case and insist on the status
code that we have seen in the error bucket.
Stefan Eissing [Mon, 4 Apr 2022 08:24:09 +0000 (08:24 +0000)]
*) core/mod_http/mod_http2:
- adds new meta bucket types REQUEST, RESPONSE and HEADERS to the API.
- adds a new method for setting standard response headers Date and Server
- adds helper methods for formatting parts of HTTP/1.x, like headers and
end chunks for use in non-core parts of the server, e.g. mod_proxy
- splits the HTTP_IN filter into a "generic HTTP" and "specific HTTP/1.x"
filter. The latter one named HTTP1_BODY_IN.
- Uses HTTP1_BODY_IN only for requests with HTTP version <= 1.1
- Removes the chunked input simulation from mod_http2
- adds body_indeterminate flag to request_rec that indicates that a request
body may be present and needs to be read/discarded. This replaces logic
that thinks without Content-Length and Transfer-Encoding, no request
body can exist.
Ruediger Pluem [Thu, 31 Mar 2022 20:10:21 +0000 (20:10 +0000)]
* In case we see an EOC bucket and there was an error bucket before, use its
status as status for the request. This should ensure proper status logging
in the access log.
'interpolate' is a keyword, not a user-defined string.
So it should not be in <var></var> in <syntax> and <code> should be used instead of <var> in explanations.
While at it, fix some other style issues and missing links spotted here and there.
projects / thirdparty / apache / httpd.git / log
