The "return" action can be used to immediately generate a simple HTTP response
with an arbitrary status:
{
"action": {
"return": 404
}
}
This is especially useful for denying access to specific resources.
To avoid closing the body fd prematurely, the fd value is moved from
the request struct to the app link. The body fd should not be closed
immediately after the request is sent to the application due to possible
request rescheduling.
If kqueue reported both the EVFILT_READ and the EVFILT_WRITE events
for the socket but only the former had the EV_EOF flag set, the flag
was silently ignored.
It allows proceeding to another action if a file isn't available.
An example:
{
"share": "/data/www/",
"fallback": {
"pass": "applications/php"
}
}
In the example above, an attempt is made first to serve a request with
a file from the "/data/www/" directory. If there's no such file, the
request is passed to the "php" application.
Fallback actions may be nested:
{
"share": "/data/www/",
"fallback": {
"share": "/data/cache/",
"fallback": {
"proxy": "http://127.0.0.1:9000"
}
}
}
For each request, the worker calls the php_execute_script function
from libphp that changes to the script directory before doing its
work and then restores the process directory before returning. The
chdir(2) calls it performs are unnecessary in Unit design. In simple
benchmarks, profiling shows that the chdir syscall code path (syscall,
FS walk, etc.) is where the CPU spends most of its time.
PHP SAPI semantics requires the script to be run from the script
directory. In Unit's PHP implementation, we have two use cases:
- script
- arbitrary path
The "script" configuration doesn't have much need for a working
directory change: it can be changed once at module initialization.
The module needs to chdir again only if the user's PHP script also
calls chdir to switch to another directory during execution.
If "script" is not used in Unit configuration, we must ensure the
script is run from its directory (thus calling chdir before exec),
but there's no need to restore the working directory later.
Our implementation disables mandatory chdir calls with the SAPI
option SAPI_OPTION_NO_CHDIR, instead calling chdir only when needed.
To detect the user's calls to chdir, a simple "unit" extension is
added that hooks the built-in chdir() PHP call.
Router built with debug may stop with assertion during stalled requests
re-schedule. This was caused by missing reference counting increment
before nxt_router_port_select() call.
Uninitialized ctx_impl field may cause crash in application process.
To reproduce the issue, need to trigger shared memory buffer send error on
application side. In our case, send error caused by router process crash.
This issue was introduced in 2c7f79bf0a1f.
Re-scheduled req_app_link structures should have use_count exactly equal
to the number of references from the application and port list. However,
there's one extra usage decrement that occurs after the req_app_link is
created because the use_count is initialised as 1.
This patch removes all excess instances of the usage decrement that caused
preliminary req_app_link release and router process crash.
To reproduce the issue need to cause request rescheduling between 2 app
processes.
This issue was introduced in 61e9f23a566d.
A check for the ".php" extension is added to prevent execution of files
with arbitrary extensions in cases where "index" and "script" options
aren't used.
For backward compatibility, the Linux capabilities macros exposes v1 semantics
(32-bit) by default. We probe the version at runtime (because of pre-compiled
binaries) but the kernel syscall API is conservative and it doesn't return a
64-bit capability version if the input version is v1.
This patch suppress the kernel > 5.0 dmesg log below:
capability: warning: 'unitd' uses 32-bit capabilities (legacy support in use)
ServerResponse.write() method tries to write data buffer using libunit
and stores buffers to write in a Server-wide output queue, which is
processed in response to SHM_ACK message from router.
As a side effect 'drain' event implemented and socket.writable flag
reflect current state.
- OOSM (out of shared memory). Sent by application process to router
when application reaches the limit of allocated shared memory and
needs more.
- SHM_ACK. Sent by router to application when the application's shared
memory is released and the OOSM flag is enabled for the segment.
This implements blocking mode (the library waits for SHM_ACK in case of
out of shared memory condition and retries allocating the required memory
amount) and non-blocking mode (the library notifies the application that
it's out of shared memory and returns control to the application module
that sets up the output queue and puts SHM_ACK in the main message loop).
