Commit Graph

153 Commits (26dce93086ba46a3d9ead391b33b8a02515416ae)

Author SHA1 Message Date
Glenn Strauss 45b970e69b [core] shared code for socket backends
common codebase for socket backends, based off mod_fastcgi with
some features added for mod_proxy

(mostly intended to reduce code duplication and enhance code isolation)

mod_fastcgi and mod_scgi can now use fastcgi.balance and scgi.balance
  for similar behavior as proxy.balance, but the balancing is per-host
  and not per-proc.  proxy.balance is also per-host and not per-proc.

mod_proxy and mod_scgi can now use and, similar to

mod_fastcgi behavior change (affects only mod_status):
- statistics tags have been renamed from "fastcgi.*" to "gw.*"
  "fastcgi.backend.*"       -> "gw.backend.*"
  "" -> ""
  ("fastcgi.requests" remains "fastcgi.requests")
  ("proxy.requests" is new)
  ("scgi.requests" is new)

mod_scgi behavior change (likely minor):
- removed scgi_proclist_sort_down() and scgi_proclist_sort_up().
  procs now chosen based on load as measured by num socket connnections

modules using gw_backend.[ch] are currently still independent modules.
If it had been written as a single module with fastcgi, scgi, proxy
implementations, then there would have been a chance of breaking some
existing user configurations where module ordering made a difference
for which module handled a given request, though for most people, this
would have made no difference.

Details about mod_fastcgi code transformations:
unsigned int debug -> int debug
fastcgi_env member removed from plugin_config
renamed "fcgi" and "fastcgi" to "gw", and "FCGI" to "GW"
reorganize routines for high-level and lower-level interfaces
some lower-level internal interfaces changed to use host,proc,debug
  args rather than knowing about higher-level (app) hctx and plugin_data
tabs->spaces and reformatting
6 years ago
Glenn Strauss 81b8fffd31 [mod_fastcgi,mod_scgi] use temp buffer for cgi_env 6 years ago
Glenn Strauss 6e1c02f386 [mod_fastcgi,mod_scgi] parse bin_path at startup 6 years ago
Glenn Strauss 35c4bf5857 [mod_fastcgi,mod_scgi] struct member consistency 6 years ago
Glenn Strauss 3ae7fb1bdd [mod_scgi] remove unused parse_response member 6 years ago
Glenn Strauss c0a9020935 [mod_fastcgi,mod_scgi] consistent connect() error
more consistent connect() error handling

NOTE: behavior change in mod_scgi:
  "disable-time" default is now 1 second (was 60 seconds)
  The new behavior matches the default in mod_fastcgi
  (and is a much saner default disable time).
6 years ago
Glenn Strauss 91d14acfc3 [core] fdevent_connect_status() shared code 6 years ago
Glenn Strauss 1002574692 [core] continue collecting use of netdb.h
continue collecting use of netdb.h into inet_ntop_cache.[ch]
6 years ago
Glenn Strauss a9970fec23 [core] consolidate fork()/execve() code (#1393)
(refactoring work to address issue #1393)

  "access log pipe writer should restart child process if it exits"
6 years ago
Gaël PORTAY e8498bbfcc [core] silence compiler warnings if !HAVE_FORK
silence compiler warnings if HAVE_FORK is not set

However, if HAVE_FORK is not set, then -Werror was probably passed to
./configure, which is currently a mistake.  lighttpd can successfully
compiles src/ with -Werror on many platforms, but ./configure tests
should not be run with -Werror. [gstrauss]

github: closes #81

   "Fix warnings"
6 years ago
Glenn Strauss 7a27d5eff5 [core] buffer to disk streaming to slow backends
buffer input to disk when streaming request body to slow backends
6 years ago
Glenn Strauss 86bb8be2c8 [core] perf: skip redundant strlen() if len known
performance: skip redundant strlen() if length is already known

introduce array_get_element_klen() to take key and klen params
6 years ago
Glenn Strauss 316e959b4d [core] prep mod transitions to transparent proxy
prep mod_proxy,mod_fastcgi,mod_scgi for transition to transparent proxy
6 years ago
Glenn Strauss a48d65c8a5 [core] remove redundant resets of fde_ndx
after initialization, value of fde_ndx should be managed by fdevent.c
6 years ago
Glenn Strauss c66e826978 [mod_proxy,mod_scgi] fix truncated error trace 6 years ago
Glenn Strauss 1465cf80f9 [core] calloc plugin_config for consistent init 6 years ago
Glenn Strauss 8641d1b03f [core] no SOCK_CLOEXEC on Linux kernel < 2.6.27
Linux kernels < 2.6.27 (old!) might return EINVAL if SOCK_CLOEXEC used

6 years ago
Glenn Strauss 4796313efc [core] collect ioctl FIONREAD code
include <sys/ioctl.h> in files which use ioctl()
  instead of exposing header in local header "sys-socket.h"
6 years ago
Glenn Strauss a53f662a30 [core] remove some unused header includes
remove exposure of stdio.h in buffer.h for print_backtrace(), now static
6 years ago
Glenn Strauss aa14493e47 [tests] reduce time waiting for backends to start
reduce time spent waiting for backends to start

tests check for active listening port before proceeding

test runs now complete in about 2/3 the time
6 years ago
Glenn Strauss 1804ccbd6d [mod_scgi] do not reconnect after connect succeeds
apply diff from commit:2eaf42d0 made to mod_fastcgi.c back in 2009

(change is being made for (a bit more) consistency between the modules
 as mod_scgi.c was forked from mod_fastcgi.c a very long time ago, as
 well as to remove call to sleep for 10ms (usleep(10000) from mod_scgi)

  "fastcgi incomplete header might crash lighty"
6 years ago
Glenn Strauss 0a635fc8be [core] consolidate dynamic handler response parse
- consolidate dynamic handler HTTP response parsing code
- reduce string copies for CGI, FastCGI, SCGI, proxy response headers
- let read() signal EOF or EAGAIN instead of ioctl FIONREAD 0-data-ready
6 years ago
Glenn Strauss e4bb56222f [mod_cgi,fastcgi,scgi,proxy] fix streaming response (fixes #2796)
fix streaming response when = 2
and client catches up to stream from backend

(thx horgh)

  "mod_fastcgi can fail to read entire response from server"
6 years ago
Glenn Strauss bd77abe0f8 [config] more specific checks for array lists
More specific checks on contents of array lists.  Each module using
lists now does better checking on the types of values in the list
(strings, integers, arrays/lists)

This helps prevent misconfiguration of things like cgi.assign,
fastcgi.server, and scgi.server, where source code might be
served as static files if parenthesis are misplaced.

6 years ago
Glenn Strauss 1dd5cce3bc [mod_fastcgi,mod_scgi] consolidate backend process accounting (#2788)
consolidate backend process accounting for consistency

  "FreeBSD/1.4.45/SSL: requests getting stuck in handle-req state occasionally"
6 years ago
Glenn Strauss 23c3535efc [mod_scgi] fix potential repeated use of proc->id
host->max_id is now number of procs allocated
proc->id is used when generated unix socket name or port for proc
6 years ago
Glenn Strauss 317b7e5fc6 [mod_scgi] fix unused_procs bidirectional-links 6 years ago
Glenn Strauss fb6b4027c8 [mod_fastcgi,mod_scgi] consistent waitpid handling (fixes #2791)
more consistent waitpid() handling, consolidate similar code

If ECHILD received for a given pid, do not retry waitpid() for that pid

  "mod_fastcgi : pid {pid} 1 not found: No child processes"
6 years ago
Glenn Strauss aa923e05f6 [mod_fastcgi,mod_scgi] backend spawn EINTR retry (#2788)
When spawning backends, retry blocking connect() to backend if EINTR
received when attempting to see if backend is already running.  EINTR
might be received if a HUP or USR1 signal is received while connecting
(or SIGCHLD on systems without SA_RESTART)

(expected to occur extremely rarely, but simple to handle properly)

  "FreeBSD/1.4.45/SSL: requests getting stuck in handle-req state occasionally"
6 years ago
Glenn Strauss 3209f30d11 [core] handle if backend sends Transfer-Encoding (#2786)
It is still not a good idea for backend to send Transfer-Encoding unless
backend is mod_proxy, and mod_proxy should not currently receive chunked
response since mod_proxy sends HTTP/1.0 request.

If mod_proxy is changed to sent HTTP/1.1 request, then lighttpd would
need to check if client is HTTP/1.0 and would need to de-chunk and
remove any other transfer-codings if not supported by next-hop.

  "error 500 (mod_cgi.c.601) cgi died"
6 years ago
Glenn Strauss 7f9209c6d4 [mod_cgi] do not send "Status" back to client
"Status" from CGI/1.1 environment should not be sent back to client.

Also, do not send "Status" back to client in mod_scgi
and more precisely parse for "Status" in mod_fastcgi
6 years ago
Glenn Strauss b1405360fe apply debian/patches/spelling.patch
description: fix upstream spelling errors
author: Michael Gilbert <>
6 years ago
Glenn Strauss 8981ca0467 [core] use getaddrinfo,inet_pton vs gethostbyname (fixes #2783)
when available, use getaddrinfo(),inet_pton() instead of gethostbyname()

NOTE: behavior change: mod_scgi now listens to INADDR_LOOPBACK if "host"
      is not specified.  (Prior behavior was INADDR_ANY.)  Backends
      should not listen on potentially public IPs unless explicitly
      configured to do so.  This change matches a change to mod_fastcgi
      made in 2008.

  "gethostbyname deprecated, should use getaddrinfo"
6 years ago
Glenn Strauss 1adf1df285 remove redundant calls to end-of-request hooks
The (misnamed) connection_reset hook is always called after a request,
whether request completes or is aborted, and whether keep-alive or not,
so no needed to repeat the same function in the handle_connection_close
6 years ago
Glenn Strauss be520a8058 [mod_scgi] detect child exit, restart proactively
(instead of detecting upon a subsequent HTTP request)

(for backends spawned by mod_scgi)
6 years ago
Glenn Strauss 4d7f5737f1 [core] support Transfer-Encoding: chunked req body (fixes #2156)
support Transfer-Encoding: chunked request body in conjunction with = 0

dynamic handlers will still return 411 Length Required if = 1 or 2 (!= 0)
  since CGI-like env requires CONTENT_LENGTH be set
  (and mod_proxy currently sends HTTP/1.0 requests to backends,
   and Content-Length recommended for robust interaction with backend)

  "request: support Chunked Transfer Coding for HTTP PUT"
6 years ago
Glenn Strauss f9737e50a6 [mod_fastcgi,mod_scgi] warn if invalid "bin-path"
e.g. if /usr/bin/php-cgi does not exist

A distribution package might need to be installed:
'php-cli' Fedora package; 'php7.0-cgi' or 'php5-cgi' Debian package
6 years ago
Glenn Strauss 5bf5e1adcc fix race in dynamic handler configs (reentrancy) (fixes #2774)
(thx tobbe303)

  "CGI request not handled"
6 years ago
Stefan Bühler 5e3653dc5d [mod_scgi] fix segfault (fixes #2762) 7 years ago
Glenn Strauss b29e69e5b7 [mod_scgi] fix prefix matching to always match url
Fix mod_scgi prefix matching: match the prefix always against url,
not the absolute filepath (regardless of check-local)

(apply fix similar to commit:fe8b7e57 applied to mod_fastcgi in 2008)
7 years ago
Glenn Strauss fa67918d3e fix FastCGI, SCGI, proxy reconnect on failure
factor modules for consistent code flow for reconnect on failure
7 years ago
Glenn Strauss 1e129cce45 ignore return value from fcntl() FD_CLOEXEC
setting or removing FD_CLOEXEC flag does not fail

Also the use in mod_fastcgi and mod_scgi is in child after fork().
If the fd already happens to be 0 (should not happen in current code)
and removing the FD_CLOEXEC flag fails, then the backend will fail
to start.
7 years ago
Glenn Strauss 7fa5bfc938 consistent, shared code to create CGI env
consolidated from CGI, FastCGI, SCGI, SSI

Note: due to prior inconsistencies between the code in mod_cgi,
mod_fastcgi, mod_scgi, and mod_ssi, there are some minor behavior

CONTENT_LENGTH is now always set, even if 0
  (though CONTENT_LENGTH is never set for FASTCGI_AUTHORIZER)
PATH_INFO is created only if present, not if empty.
  (mod_fastcgi and mod_ssi previously set PATH_INFO="" (blank value))
PATH_TRANSLATED is now set if PATH_INFO is present
  (previously missing from mod_cgi and mod_ssi)

mod_ssi now sets DOCUMENT_ROOT to con->physical.basedir, like others
  (previously, mod_ssi set DOCUMENT_ROOT to con->physical.doc_root,
   which matched con->physical.basedir unless mod_alias changed basedir)
mod_ssi now sets REQUEST_URI to con->request.orig_uri, like others
  (previously, mod_ssi set REQUEST_URI to con->request.uri, which
   matched con->request.orig_uri except after redirects, error docs)
7 years ago
Glenn Strauss a661944d7e [mod_scgi] add uwsgi protocol support
Configuring the protocol is controlled with new lighttpd.conf directive:
  scgi.protocol = "scgi"   # default
  scgi.protocol = "uwsgi"

The uwsgi protocol differs from the SCGI protocol only in how the
request is encoded.  The response from the backend is handled the
same way for both SCGI and uwsgi protocols.

7 years ago
Glenn Strauss 93afda9c8e performance: use Linux extended syscalls and flags
reduce syscalls on Linux using extended syscalls and flags,
e.g. accept4(), pipe2(), O_CLOEXEC, SOCK_CLOEXEC, SOCK_NONBLOCK

github: closes #2
7 years ago
Glenn Strauss dc91e40657 dynamic handlers store debug flag in handler_ctx
(for persistence across multiple re-entries into routines upon
 receiving fdevent)

(setting module debug flag in global scope is still recommended
 since there are places where p->conf.debug is checked since
 handler_ctx might not be available at all points)
7 years ago
Glenn Strauss 40f16d52db [core] fix crash if ready events on abandoned fd (fixes #2748)
  "1.4.40/1.4.41 uploads to CGI may cause crash (SIGABRT)"
7 years ago
Glenn Strauss 27f85dbdf4 [core] proxy,scgi omit shutdown() to backend (fixes #2743)
Due to the POLLHUP behavior triggered on *BSD/Darwin, the shutdown()
had previously been limited to local connections.  If interested in
squeezing the last bits of performance out of a machine, an admin
should configure local connections to be AF_UNIX instead of AF_INET
or AF_INET6 to localhost.  The reason the shutdown() was originally
added in mod_proxy and mod_scgi was to aggressively reduce the number
of potential sockets in TIME_WAIT held by lighttpd.
(See commit:923688d2 "drain backend socket/pipe bufs upon FDEVENT_HUP",
 done for reliability given the aforementioned *BSD/Darwin behavior.)
When using AF_UNIX, the TIME_WAIT issue does not exist, ergo, the
recommendation is to use AF_UNIX for local sockets, when available.
Using AF_UNIX sockets is a better solution to eliminate TIME_WAIT
than is TCP shutdown() half-close which, as we have seen, might not
be handled well by frameworks which are more complex than basic read
request, send response, and close.

  "1.4.40/41 mod_proxy, mod_scgi may trigger POLLHUP on *BSD,Darwin"
7 years ago
Glenn Strauss 666b9fd726 [core] enforce wait for POLLWR after EINPROGRESS (fixes #2744)
mod_fastcgi, mod_scgi, and mod_proxy must enforce wait for POLLWR
after EINPROGRESS or else getsockopt(fd, SOL_SOCKET, SO_ERROR, ...)
may succeed even though socket connection is not yet established,
and subsequent writev() will fail ENOTCONN.

(thx pkubaj)

 "1.4.40/41 writev failed: Socket is not connected (fastcgi,scgi,proxy)"
7 years ago
Glenn Strauss 1de652f40b [mod_proxy,mod_scgi] shutdown remote only if local (#2743)
shutdown(fd, SHUT_WR) after sending request to proxy or SCGI
only if remote is local and platform is not *BSD or Darwin.

The reason this fix is special-casing *BSD and Darwin is that the Single
Unix Specification and POSIX.1-2013 clearly specify that POLLHUP event
should be returned by poll only when the stream is no longer writable.
A half-closed socket that is still writable clearly does not match that
condition, yet that is what I am seeing on Darwin (El Capitan), and
presumably what others are seeing on *BSD, from which Apple originally
inherited the Darwin TCP stack.

Single Unix Specification (SUSv2) from 1997
(yes, that is nearly 20 years ago):

    The device has been disconnected. This event and POLLOUT are
    mutually exclusive; a stream can never be writable if a hangup has
    occurred. However, this event and POLLIN, POLLRDNORM, POLLRDBAND or
    POLLPRI are not mutually exclusive. This flag is only valid in the
    revents bitmask; it is ignored in the events member.

Updated version of The Open Group Base Specifications Issue 7
(published in 2013):

    A device has been disconnected, or a pipe or FIFO has been closed
    by the last process that had it open for writing. Once set, the
    hangup state of a FIFO shall persist until some process opens the
    FIFO for writing or until all read-only file descriptors for the
    FIFO are closed.  This event and POLLOUT are mutually-exclusive;
    a stream can never be writable if a hangup has occurred. However,
    this event and POLLIN, POLLRDNORM, POLLRDBAND, or POLLPRI are not
    mutually-exclusive. This flag is only valid in the revents bitmask;
    it shall be ignored in the events member.

  "1.4.40/41 mod_proxy, mod_scgi may trigger POLLHUP on *BSD,Darwin"
7 years ago