static char *
ngx_tcp_lua_process_by_lua_file(ngx_conf_t *cf,
ngx_command_t *cmd, void *conf)
{
char *p = conf;
ngx_str_t *field, *value;
ngx_tcp_core_srv_conf_t *cscf;
cscf = ngx_tcp_conf_get_module_srv_conf(cf, ngx_tcp_core_module);
if (cscf->protocol == NULL) {
cscf->protocol = &ngx_tcp_lua_protocol;
}
field = (ngx_str_t *) (p + cmd->offset);
if (field->data) {
return "is duplicate";
}
value = cf->args->elts;
*field = value[1];
return NGX_CONF_OK;
}
static char *
ngx_tcp_upstream_ip_hash(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_tcp_upstream_srv_conf_t *uscf;
uscf = ngx_tcp_conf_get_module_srv_conf(cf, ngx_tcp_upstream_module);
uscf->peer.init_upstream = ngx_tcp_upstream_init_ip_hash;
uscf->flags = NGX_TCP_UPSTREAM_CREATE
|NGX_TCP_UPSTREAM_MAX_FAILS
|NGX_TCP_UPSTREAM_FAIL_TIMEOUT
|NGX_TCP_UPSTREAM_DOWN;
return NGX_CONF_OK;
}
static char *
ngx_tcp_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_tcp_proxy_conf_t *pcf = conf;
u_short port = 80;
ngx_str_t *value, *url = &pcf->url;
ngx_url_t u;
ngx_tcp_core_srv_conf_t *cscf;
cscf = ngx_tcp_conf_get_module_srv_conf(cf, ngx_tcp_core_module);
if (cscf->protocol && ngx_strncmp(cscf->protocol->name.data,
(u_char *)"tcp_generic",
sizeof("tcp_generic") - 1) != 0) {
return "the protocol should be tcp_generic";
}
if (cscf->protocol == NULL) {
cscf->protocol = &ngx_tcp_generic_protocol;
}
if (pcf->upstream.upstream) {
return "is duplicate";
}
value = cf->args->elts;
url = &value[1];
ngx_memzero(&u, sizeof(u));
u.url.len = url->len;
u.url.data = url->data;
u.default_port = port;
u.uri_part = 1;
u.no_resolve = 1;
pcf->upstream.upstream = ngx_tcp_upstream_add(cf, &u, 0);
if (pcf->upstream.upstream == NULL) {
return NGX_CONF_ERROR;
}
return NGX_CONF_OK;
}
static char *
ngx_tcp_websocket_merge_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_tcp_path_upstream_t *pu;
ngx_tcp_websocket_conf_t *prev = parent;
ngx_tcp_websocket_conf_t *conf = child;
ngx_tcp_core_srv_conf_t *cscf;
ngx_conf_merge_size_value(conf->buffer_size, prev->buffer_size, (size_t) ngx_pagesize);
ngx_conf_merge_msec_value(conf->upstream.connect_timeout,
prev->upstream.connect_timeout, 60000);
ngx_conf_merge_msec_value(conf->upstream.send_timeout,
prev->upstream.send_timeout, 60000);
ngx_conf_merge_msec_value(conf->upstream.read_timeout,
prev->upstream.read_timeout, 60000);
if (conf->upstream.upstream == NULL) {
if (conf->path_upstreams.nelts) {
pu = conf->path_upstreams.elts;
conf->upstream.upstream = pu[0].upstream;
} else {
cscf = ngx_tcp_conf_get_module_srv_conf(cf, ngx_tcp_core_module);
if (cscf->protocol && ngx_strncmp(cscf->protocol->name.data,
(u_char *)"tcp_websocket",
sizeof("tcp_websocket") - 1) == 0) {
ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
"You must add at least one websocket_pass "
"directive in the server block.");
return NGX_CONF_ERROR;
}
}
}
return NGX_CONF_OK;
}
char *
ngx_tcp_lua_process_by_lua(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
u_char *p;
ngx_str_t *value;
ngx_tcp_lua_srv_conf_t *lscf = conf;
ngx_tcp_core_srv_conf_t *cscf;
cscf = ngx_tcp_conf_get_module_srv_conf(cf, ngx_tcp_core_module);
if (cscf->protocol == NULL) {
cscf->protocol = &ngx_tcp_lua_protocol;
}
value = cf->args->elts;
if (value[1].len == 0) {
/* Oops...Invalid location conf */
ngx_conf_log_error(NGX_LOG_ERR, cf, 0,
"Invalid location config: no runnable Lua code");
return NGX_CONF_ERROR;
}
lscf->lua_src = value[1];
/* Don't eval nginx variables for inline lua code */
p = ngx_palloc(cf->pool, NGX_TCP_LUA_INLINE_KEY_LEN + 1);
if (p == NULL) {
return NGX_CONF_ERROR;
}
lscf->lua_src_key = p;
p = ngx_copy(p, NGX_TCP_LUA_INLINE_TAG, NGX_TCP_LUA_INLINE_TAG_LEN);
p = ngx_tcp_lua_digest_hex(p, value[1].data, value[1].len);
*p = '\0';
lscf->lua_src_inline = 1;
return NGX_CONF_OK;
}
static char *
ngx_tcp_websocket_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
{
ngx_tcp_websocket_conf_t *wcf = conf;
size_t add = 0;
u_short port = 80;
ngx_str_t *value, *url = &wcf->url;
ngx_url_t u;
ngx_tcp_core_srv_conf_t *cscf;
ngx_tcp_path_upstream_t *pu;
cscf = ngx_tcp_conf_get_module_srv_conf(cf, ngx_tcp_core_module);
if (cscf->protocol && ngx_strncmp(cscf->protocol->name.data,
(u_char *)"tcp_websocket",
sizeof("tcp_websocket") - 1) != 0) {
return "the protocol should be tcp_websocket";
}
if (cscf->protocol == NULL) {
cscf->protocol = &ngx_tcp_websocket_protocol;
}
value = cf->args->elts;
if (cf->args->nelts == 3) {
url = &value[2];
}
else {
url = &value[1];
}
if (ngx_strncasecmp(url->data, (u_char *)"ws://", 5) == 0) {
add = 5;
port = 80;
}
else if (ngx_strncasecmp(url->data, (u_char *)"wss://", 6) == 0) {
add = 6;
port = 443;
}
if (add) {
wcf->scheme.data = url->data;
wcf->scheme.len = add;
}
else {
wcf->scheme.data = (u_char *)"ws://";
wcf->scheme.len = 5;
}
url->data += add;
url->len -= add;
ngx_memzero(&u, sizeof(u));
u.url.len = url->len;
u.url.data = url->data;
u.default_port = port;
u.uri_part = 1;
u.no_resolve = 1;
if (cf->args->nelts == 3) {
pu = ngx_array_push(&wcf->path_upstreams);
if (pu == NULL) {
return NGX_CONF_ERROR;
}
pu->path = value[1];
pu->upstream = ngx_tcp_upstream_add(cf, &u, 0);
}
else {
if (wcf->upstream.upstream) {
return "is duplicate default upstream";
}
wcf->upstream.upstream = ngx_tcp_upstream_add(cf, &u, 0);
if (wcf->upstream.upstream == NULL) {
return NGX_CONF_ERROR;
}
}
return NGX_CONF_OK;
}
static char *
ngx_tcp_ssl_merge_srv_conf(ngx_conf_t *cf, void *parent, void *child)
{
ngx_tcp_ssl_srv_conf_t *prev = parent;
ngx_tcp_ssl_srv_conf_t *conf = child;
ngx_pool_cleanup_t *cln;
ngx_conf_merge_value(conf->enable, prev->enable, 0);
ngx_conf_merge_value(conf->session_timeout,
prev->session_timeout, 300);
ngx_conf_merge_value(conf->prefer_server_ciphers,
prev->prefer_server_ciphers, 0);
ngx_conf_merge_bitmask_value(conf->protocols, prev->protocols,
(NGX_CONF_BITMASK_SET|NGX_SSL_SSLv3|NGX_SSL_TLSv1
#if defined(nginx_version) && nginx_version >= 1000012
|NGX_SSL_TLSv1_1|NGX_SSL_TLSv1_2
#endif
));
ngx_conf_merge_uint_value(conf->verify, prev->verify, 0);
ngx_conf_merge_uint_value(conf->verify_depth, prev->verify_depth, 1);
ngx_conf_merge_str_value(conf->certificate, prev->certificate, "");
ngx_conf_merge_str_value(conf->certificate_key, prev->certificate_key, "");
ngx_conf_merge_str_value(conf->dhparam, prev->dhparam, "");
#if defined(nginx_version) && nginx_version >= 1000006
ngx_conf_merge_str_value(conf->ecdh_curve, prev->ecdh_curve,
NGX_DEFAULT_ECDH_CURVE);
#endif
ngx_conf_merge_str_value(conf->client_certificate, prev->client_certificate,
"");
ngx_conf_merge_str_value(conf->crl, prev->crl, "");
ngx_conf_merge_str_value(conf->ciphers, prev->ciphers, NGX_DEFAULT_CIPHERS);
conf->ssl.log = cf->log;
if (conf->enable) {
if (conf->certificate.len == 0) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"ssl_certificate\" is defined for "
"the \"ssl\" directive in %s:%ui",
conf->file, conf->line);
return NGX_CONF_ERROR;
}
if (conf->certificate_key.len == 0) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"ssl_certificate_key\" is defined for "
"the \"ssl\" directive in %s:%ui",
conf->file, conf->line);
return NGX_CONF_ERROR;
}
} else {
if (conf->certificate.len == 0) {
return NGX_CONF_OK;
}
if (conf->certificate_key.len == 0) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no \"ssl_certificate_key\" is defined "
"for certificate \"%V\"", &conf->certificate);
return NGX_CONF_ERROR;
}
}
if (ngx_ssl_create(&conf->ssl, conf->protocols, conf) != NGX_OK) {
return NGX_CONF_ERROR;
}
cln = ngx_pool_cleanup_add(cf->pool, 0);
if (cln == NULL) {
return NGX_CONF_ERROR;
}
cln->handler = ngx_ssl_cleanup_ctx;
cln->data = &conf->ssl;
#if defined(tengine_version)
ngx_str_t pass_phrase_dialog = ngx_string("builtin");
ngx_str_t ngx_tcp_ssl_unknown_server_name = ngx_string("unknown");
ngx_tcp_core_srv_conf_t *cscf;
ngx_http_ssl_pphrase_dialog_conf_t dialog;
cscf = ngx_tcp_conf_get_module_srv_conf(cf, ngx_tcp_core_module);
dialog.ssl = &conf->ssl;
dialog.type = &pass_phrase_dialog;
if (cscf->server_name.len != 0) {
dialog.server_name = &cscf->server_name;
} else {
dialog.server_name = &ngx_tcp_ssl_unknown_server_name;
}
if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
&conf->certificate_key, &dialog)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
#else
if (ngx_ssl_certificate(cf, &conf->ssl, &conf->certificate,
&conf->certificate_key, NULL)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
#endif
if (SSL_CTX_set_cipher_list(conf->ssl.ctx,
(const char *) conf->ciphers.data)
== 0)
{
ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
"SSL_CTX_set_cipher_list(\"%V\") failed",
&conf->ciphers);
}
if (conf->verify) {
if (conf->client_certificate.len == 0) {
ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
"no ssl_client_certificate for ssl_client_verify");
return NGX_CONF_ERROR;
}
if (ngx_ssl_client_certificate(cf, &conf->ssl,
&conf->client_certificate,
conf->verify_depth)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
if (ngx_ssl_crl(cf, &conf->ssl, &conf->crl) != NGX_OK) {
return NGX_CONF_ERROR;
}
}
if (conf->prefer_server_ciphers) {
SSL_CTX_set_options(conf->ssl.ctx, SSL_OP_CIPHER_SERVER_PREFERENCE);
}
/* a temporary 512-bit RSA key is required for export versions of MSIE */
#if defined(nginx_version) && nginx_version >= 1000006
SSL_CTX_set_tmp_rsa_callback(conf->ssl.ctx, ngx_ssl_rsa512_key_callback);
#else
if (ngx_ssl_generate_rsa512_key(&conf->ssl) != NGX_OK) {
return NGX_CONF_ERROR;
}
#endif
if (ngx_ssl_dhparam(cf, &conf->ssl, &conf->dhparam) != NGX_OK) {
return NGX_CONF_ERROR;
}
ngx_conf_merge_value(conf->builtin_session_cache,
prev->builtin_session_cache, NGX_SSL_NONE_SCACHE);
if (conf->shm_zone == NULL) {
conf->shm_zone = prev->shm_zone;
}
if (ngx_ssl_session_cache(&conf->ssl, &ngx_tcp_ssl_sess_id_ctx,
conf->builtin_session_cache,
conf->shm_zone, conf->session_timeout)
!= NGX_OK)
{
return NGX_CONF_ERROR;
}
return NGX_CONF_OK;
}
