nicolas
/
openwrt-feeds
mirror of https://github.com/nmasse-itix/openwrt-feeds.git
1
0
Fork 0
Code Issues Releases Wiki Activity
Browse Source

add sticky session and healthcheck support

master
Nicolas Massé 6 years ago
parent
a908f6c893
commit
0074204823
5 changed files with 372 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 17
      nginx-tls/Config.in
  2. 50
      nginx-tls/Makefile
  3. 14
      nginx-tls/patches-sticky/100-ssl-headers.patch
  4. 238
      nginx-tls/patches-upstream-check/100-check.patch
  5. 58
      nginx-tls/patches-upstream-check/101-sticky.patch

17
nginx-tls/Config.in
View File

@ -154,6 +154,21 @@ config NGINX_HTTP_BROWSER
prompt "Enable HTTP browser module" prompt "Enable HTTP browser module"
default y default y
config NGINX_HTTP_UPSTREAM_ZONE
bool
prompt "Enable zone directive in the upstream block"
default y
config NGINX_HTTP_UPSTREAM_STICKY
bool
prompt "Enable HTTP sticky session"
default y
config NGINX_HTTP_UPSTREAM_HEALTHCHECK
bool
prompt "Enable HTTP health check"
default y
config NGINX_HTTP_UPSTREAM_HASH config NGINX_HTTP_UPSTREAM_HASH
bool bool
prompt "Enable HTTP hash module" prompt "Enable HTTP hash module"
@ -202,7 +217,7 @@ config NGINX_LUA
config NGINX_HTTP_REAL_IP config NGINX_HTTP_REAL_IP
bool bool
prompt "Enable HTTP real ip module" prompt "Enable HTTP real ip module"
default n default y
config NGINX_HTTP_SECURE_LINK config NGINX_HTTP_SECURE_LINK
bool bool

50
nginx-tls/Makefile
View File

@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
PKG_NAME:=nginx-tls PKG_NAME:=nginx-tls
PKG_VERSION:=1.12.2 PKG_VERSION:=1.12.2
PKG_RELEASE:=1 PKG_RELEASE:=2
PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz PKG_SOURCE:=nginx-$(PKG_VERSION).tar.gz
PKG_SOURCE_URL:=http://nginx.org/download/ PKG_SOURCE_URL:=http://nginx.org/download/
@ -61,7 +61,9 @@ PKG_CONFIG_DEPENDS := \
CONFIG_NGINX_LUA \ CONFIG_NGINX_LUA \
CONFIG_NGINX_HTTP_REAL_IP \ CONFIG_NGINX_HTTP_REAL_IP \
CONFIG_NGINX_HTTP_SECURE_LINK \ CONFIG_NGINX_HTTP_SECURE_LINK \
CONFIG_NGINX_STREAM CONFIG_NGINX_STREAM \
CONFIG_NGINX_HTTP_UPSTREAM_STICKY \
CONFIG_NGINX_HTTP_UPSTREAM_HEALTHCHECK
include $(INCLUDE_DIR)/package.mk include $(INCLUDE_DIR)/package.mk
@ -71,7 +73,8 @@ define Package/nginx-tls
SUBMENU:=Web Servers/Proxies SUBMENU:=Web Servers/Proxies
TITLE:=Nginx web server TITLE:=Nginx web server
URL:=http://nginx.org/ URL:=http://nginx.org/
DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread +NGINX_STREAM:libatomicops DEPENDS:=+NGINX_PCRE:libpcre +(NGINX_SSL||NGINX_HTTP_CACHE||NGINX_HTTP_AUTH_BASIC):libopenssl +NGINX_HTTP_GZIP:zlib +NGINX_LUA:liblua +libpthread
PKG_BUILD_DEPENDS:=+NGINX_STREAM:libatomicops
MENU:=1 MENU:=1
endef endef
@ -200,6 +203,9 @@ endif
ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE),y) ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_KEEPALIVE),y)
ADDITIONAL_MODULES += --without-http_upstream_keepalive_module ADDITIONAL_MODULES += --without-http_upstream_keepalive_module
endif endif
ifneq ($(CONFIG_NGINX_HTTP_UPSTREAM_ZONE),y)
ADDITIONAL_MODULES += --without-http_upstream_zone_module
endif
ifeq ($(CONFIG_NGINX_HTTP_V2),y) ifeq ($(CONFIG_NGINX_HTTP_V2),y)
ADDITIONAL_MODULES += --with-http_v2_module ADDITIONAL_MODULES += --with-http_v2_module
endif endif
@ -217,6 +223,13 @@ ifeq ($(CONFIG_NGINX_SSL),y)
ADDITIONAL_MODULES += --with-stream_ssl_preread_module ADDITIONAL_MODULES += --with-stream_ssl_preread_module
endif endif
endif endif
ifeq ($(CONFIG_NGINX_HTTP_UPSTREAM_STICKY),y)
ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-sticky/
endif
ifeq ($(CONFIG_NGINX_HTTP_UPSTREAM_HEALTHCHECK),y)
ADDITIONAL_MODULES += --add-module=$(PKG_BUILD_DIR)/nginx-upstream-check/
TARGET_CFLAGS += -DNGX_HTTP_UPSTREAM_CHECK
endif
TARGET_CFLAGS += -fvisibility=hidden -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK TARGET_CFLAGS += -fvisibility=hidden -ffunction-sections -fdata-sections -DNGX_LUA_NO_BY_LUA_BLOCK
TARGET_LDFLAGS += -Wl,--gc-sections TARGET_LDFLAGS += -Wl,--gc-sections
@ -239,7 +252,6 @@ define Build/Configure
--with-cc="$(TARGET_CC)" \ --with-cc="$(TARGET_CC)" \
--with-cc-opt="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \ --with-cc-opt="$(TARGET_CPPFLAGS) $(TARGET_CFLAGS)" \
--with-ld-opt="$(TARGET_LDFLAGS)" \ --with-ld-opt="$(TARGET_LDFLAGS)" \
--without-http_upstream_zone_module \
) )
endef endef
@ -261,10 +273,40 @@ endef
define Build/Prepare define Build/Prepare
$(call Build/Prepare/Default) $(call Build/Prepare/Default)
$(if $(CONFIG_NGINX_HTTP_UPSTREAM_STICKY),$(call Prepare/nginx-sticky))
$(if $(CONFIG_NGINX_HTTP_UPSTREAM_HEALTHCHECK),$(call Prepare/nginx-upstream-check))
$(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi)) $(if $(CONFIG_NGINX_NAXSI),$(call Prepare/nginx-naxsi))
$(if $(CONFIG_NGINX_LUA),$(call Prepare/lua-nginx)) $(if $(CONFIG_NGINX_LUA),$(call Prepare/lua-nginx))
endef endef
define Download/nginx-upstream-check
VERSION:=v0.3.0
SUBDIR:=nginx-upstream-check
FILE:=nginx-upstream-check-module-$(PKG_VERSION)-$$(VERSION).tar.gz
URL:=https://github.com/yaoweibin/nginx_upstream_check_module.git
PROTO:=git
endef
define Prepare/nginx-upstream-check
$(eval $(call Download,nginx-upstream-check))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
$(call PatchDir,$(PKG_BUILD_DIR),./patches-upstream-check)
endef
define Download/nginx-sticky
VERSION:=1.2.6
SUBDIR:=nginx-sticky
FILE:=nginx-sticky-module-$(PKG_VERSION)-$$(VERSION).tar.gz
URL:=https://bitbucket.org/nginx-goodies/nginx-sticky-module-ng.git
PROTO:=git
endef
define Prepare/nginx-sticky
$(eval $(call Download,nginx-sticky))
gzip -dc $(DL_DIR)/$(FILE) | tar -C $(PKG_BUILD_DIR) $(TAR_OPTIONS)
$(call PatchDir,$(PKG_BUILD_DIR),./patches-sticky)
endef
define Download/nginx-naxsi define Download/nginx-naxsi
VERSION:=cf73f9c8664127252c2a4958d2e169516d3845a1 VERSION:=cf73f9c8664127252c2a4958d2e169516d3845a1
SUBDIR:=nginx-naxsi SUBDIR:=nginx-naxsi

14
nginx-tls/patches-sticky/100-ssl-headers.patch
View File

@ -0,0 +1,14 @@
--- a/nginx-sticky/ngx_http_sticky_misc.c 2015-08-06 12:43:01.000000000 +0200
+++ b/nginx-sticky/ngx_http_sticky_misc.c 2017-10-06 11:48:16.399988930 +0200
@@ -9,6 +9,12 @@
#include <ngx_http.h>
#include <ngx_md5.h>
#include <ngx_sha1.h>
+#ifndef MD5_DIGEST_LENGTH
+#include <openssl/md5.h>
+#endif
+#ifndef SHA_DIGEST_LENGTH
+#include <openssl/sha.h>
+#endif
#include "ngx_http_sticky_misc.h"

238
nginx-tls/patches-upstream-check/100-check.patch
View File

@ -0,0 +1,238 @@
diff -burN nginx-1.12.1_orig/src/http/modules/ngx_http_upstream_hash_module.c nginx-1.12.1/src/http/modules/ngx_http_upstream_hash_module.c
--- nginx-1.12.1_orig/src/http/modules/ngx_http_upstream_hash_module.c 2017-07-11 13:24:08.000000000 +0000
+++ nginx-1.12.1/src/http/modules/ngx_http_upstream_hash_module.c 2017-07-13 17:58:44.687213233 +0000
@@ -9,6 +9,9 @@
#include <ngx_core.h>
#include <ngx_http.h>
+#if (NGX_HTTP_UPSTREAM_CHECK)
+#include "ngx_http_upstream_check_module.h"
+#endif
typedef struct {
uint32_t hash;
@@ -235,6 +238,14 @@
goto next;
}
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get hash peer, check_index: %ui", peer->check_index);
+ if (ngx_http_upstream_check_peer_down(peer->check_index)) {
+ goto next;
+ }
+#endif
+
if (peer->max_fails
&& peer->fails >= peer->max_fails
&& now - peer->checked <= peer->fail_timeout)
@@ -538,6 +549,15 @@
continue;
}
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get consistent_hash peer, check_index: %ui",
+ peer->check_index);
+ if (ngx_http_upstream_check_peer_down(peer->check_index)) {
+ continue;
+ }
+#endif
+
if (peer->server.len != server->len
|| ngx_strncmp(peer->server.data, server->data, server->len)
!= 0)
diff -burN nginx-1.12.1_orig/src/http/modules/ngx_http_upstream_ip_hash_module.c nginx-1.12.1/src/http/modules/ngx_http_upstream_ip_hash_module.c
--- nginx-1.12.1_orig/src/http/modules/ngx_http_upstream_ip_hash_module.c 2017-07-11 13:24:08.000000000 +0000
+++ nginx-1.12.1/src/http/modules/ngx_http_upstream_ip_hash_module.c 2017-07-13 17:59:48.205692500 +0000
@@ -9,6 +9,9 @@
#include <ngx_core.h>
#include <ngx_http.h>
+#if (NGX_HTTP_UPSTREAM_CHECK)
+#include "ngx_http_upstream_check_module.h"
+#endif
typedef struct {
/* the round robin data must be first */
@@ -205,6 +208,15 @@
goto next;
}
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get ip_hash peer, check_index: %ui",
+ peer->check_index);
+ if (ngx_http_upstream_check_peer_down(peer->check_index)) {
+ goto next;
+ }
+#endif
+
if (peer->max_fails
&& peer->fails >= peer->max_fails
&& now - peer->checked <= peer->fail_timeout)
diff -burN nginx-1.12.1_orig/src/http/modules/ngx_http_upstream_least_conn_module.c nginx-1.12.1/src/http/modules/ngx_http_upstream_least_conn_module.c
--- nginx-1.12.1_orig/src/http/modules/ngx_http_upstream_least_conn_module.c 2017-07-11 13:24:08.000000000 +0000
+++ nginx-1.12.1/src/http/modules/ngx_http_upstream_least_conn_module.c 2017-07-13 18:05:34.417398156 +0000
@@ -9,6 +9,10 @@
#include <ngx_core.h>
#include <ngx_http.h>
+#if (NGX_HTTP_UPSTREAM_CHECK)
+#include "ngx_http_upstream_check_module.h"
+#endif
+
static ngx_int_t ngx_http_upstream_init_least_conn_peer(ngx_http_request_t *r,
ngx_http_upstream_srv_conf_t *us);
@@ -147,6 +151,16 @@
continue;
}
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get least_conn peer, check_index: %ui",
+ peer->check_index);
+
+ if (ngx_http_upstream_check_peer_down(peer->check_index)) {
+ continue;
+ }
+#endif
+
if (peer->max_fails
&& peer->fails >= peer->max_fails
&& now - peer->checked <= peer->fail_timeout)
@@ -202,6 +216,16 @@
continue;
}
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get least_conn peer, check_index: %ui",
+ peer->check_index);
+
+ if (ngx_http_upstream_check_peer_down(peer->check_index)) {
+ continue;
+ }
+#endif
+
if (peer->conns * best->weight != best->conns * peer->weight) {
continue;
}
diff -burN nginx-1.12.1_orig/src/http/ngx_http_upstream_round_robin.c nginx-1.12.1/src/http/ngx_http_upstream_round_robin.c
--- nginx-1.12.1_orig/src/http/ngx_http_upstream_round_robin.c 2017-07-11 13:24:09.000000000 +0000
+++ nginx-1.12.1/src/http/ngx_http_upstream_round_robin.c 2017-07-13 18:13:00.510764315 +0000
@@ -9,6 +9,10 @@
#include <ngx_core.h>
#include <ngx_http.h>
+#if (NGX_HTTP_UPSTREAM_CHECK)
+#include "ngx_http_upstream_check_module.h"
+#endif
+
#define ngx_http_upstream_tries(p) ((p)->number \
+ ((p)->next ? (p)->next->number : 0))
@@ -98,6 +102,15 @@
peer[n].down = server[i].down;
peer[n].server = server[i].name;
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ if (!server[i].down) {
+ peer[n].check_index =
+ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]);
+ } else {
+ peer[n].check_index = (ngx_uint_t) NGX_ERROR;
+ }
+#endif
+
*peerp = &peer[n];
peerp = &peer[n].next;
n++;
@@ -162,6 +175,16 @@
peer[n].down = server[i].down;
peer[n].server = server[i].name;
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ if (!server[i].down) {
+ peer[n].check_index =
+ ngx_http_upstream_check_add_peer(cf, us, &server[i].addrs[j]);
+ }
+ else {
+ peer[n].check_index = (ngx_uint_t) NGX_ERROR;
+ }
+#endif
+
*peerp = &peer[n];
peerp = &peer[n].next;
n++;
@@ -228,6 +251,9 @@
peer[i].max_conns = 0;
peer[i].max_fails = 1;
peer[i].fail_timeout = 10;
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ peer[i].check_index = (ngx_uint_t) NGX_ERROR;
+#endif
*peerp = &peer[i];
peerp = &peer[i].next;
}
@@ -344,6 +370,9 @@
peer[0].max_conns = 0;
peer[0].max_fails = 1;
peer[0].fail_timeout = 10;
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ peer[0].check_index = (ngx_uint_t) NGX_ERROR;
+#endif
peers->peer = peer;
} else {
@@ -378,6 +407,9 @@
peer[i].max_conns = 0;
peer[i].max_fails = 1;
peer[i].fail_timeout = 10;
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ peer[i].check_index = (ngx_uint_t) NGX_ERROR;
+#endif
*peerp = &peer[i];
peerp = &peer[i].next;
}
@@ -443,6 +475,12 @@
goto failed;
}
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ if (ngx_http_upstream_check_peer_down(peer->check_index)) {
+ goto failed;
+ }
+#endif
+
rrp->current = peer;
} else {
@@ -537,6 +575,12 @@
continue;
}
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ if (ngx_http_upstream_check_peer_down(peer->check_index)) {
+ continue;
+ }
+#endif
+
if (peer->max_fails
&& peer->fails >= peer->max_fails
&& now - peer->checked <= peer->fail_timeout)
diff -burN nginx-1.12.1_orig/src/http/ngx_http_upstream_round_robin.h nginx-1.12.1/src/http/ngx_http_upstream_round_robin.h
--- nginx-1.12.1_orig/src/http/ngx_http_upstream_round_robin.h 2017-07-11 13:24:09.000000000 +0000
+++ nginx-1.12.1/src/http/ngx_http_upstream_round_robin.h 2017-07-13 18:13:30.254055435 +0000
@@ -38,6 +38,10 @@
ngx_msec_t slow_start;
ngx_msec_t start_time;
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ ngx_uint_t check_index;
+#endif
+
ngx_uint_t down;
#if (NGX_HTTP_SSL || NGX_COMPAT)

58
nginx-tls/patches-upstream-check/101-sticky.patch
View File

@ -0,0 +1,58 @@
Index: ngx_http_sticky_module.c
===================================================================
--- a/nginx-sticky/ngx_http_sticky_module.c (revision 45)
+++ b/nginx-sticky/ngx_http_sticky_module.c (working copy)
@@ -10,6 +10,11 @@
#include "ngx_http_sticky_misc.h"
+#if (NGX_HTTP_UPSTREAM_CHECK)
+#include "ngx_http_upstream_check_module.h"
+#endif
+
+
/* define a peer */
typedef struct {
ngx_http_upstream_rr_peer_t *rr_peer;
@@ -287,6 +292,16 @@
return NGX_BUSY;
}
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get sticky peer, check_index: %ui",
+ peer->check_index);
+
+ if (ngx_http_upstream_check_peer_down(peer->check_index)) {
+ return NGX_BUSY;
+ }
+#endif
+
/* if it's been ignored for long enought (fail_timeout), reset timeout */
/* do this check before testing peer->fails ! :) */
if (now - peer->accessed > peer->fail_timeout) {
@@ -303,6 +318,14 @@
/* ensure the peer is not marked as down */
if (!peer->down) {
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ ngx_log_debug1(NGX_LOG_DEBUG_HTTP, pc->log, 0,
+ "get sticky peer, check_index: %ui",
+ peer->check_index);
+
+ if (!ngx_http_upstream_check_peer_down(peer->check_index)) {
+#endif
+
/* if it's not failedi, use it */
if (peer->max_fails == 0 || peer->fails < peer->max_fails) {
selected_peer = (ngx_int_t)n;
@@ -317,6 +340,9 @@
/* mark the peer as tried */
iphp->rrp.tried[n] |= m;
}
+#if (NGX_HTTP_UPSTREAM_CHECK)
+ }
+#endif
}
}
}
Write Preview
Loading…
Cancel
Save