add feature https_allow_http: allow tcp port to support both http and…

… https

auto/modules

@@ -1483,3 +1483,4 @@ have=T_NGX_SHOW_INFO . auto/have
 have=T_NGX_HTTP_IMAGE_FILTER . auto/have
 have=T_HTTP_HEADER . auto/have
 have=T_HTTP_UPSTREAM_TIMEOUT_VAR . auto/have
+have=T_NGX_HTTPS_ALLOW_HTTP . auto/have

src/http/ngx_http.c

@@ -1299,6 +1299,9 @@ ngx_http_add_addresses(ngx_conf_t *cf, ngx_http_core_srv_conf_t *cscf,
 #if (T_NGX_HAVE_XUDP)
     ngx_uint_t             xudp;
 #endif
+#if (T_NGX_HTTPS_ALLOW_HTTP)
+    ngx_uint_t             https_allow_http;
+#endif
 
     /*
      * we cannot compare whole sockaddr struct's as kernel
@@ -1350,6 +1353,9 @@ ngx_http_add_addresses(ngx_conf_t *cf, ngx_http_core_srv_conf_t *cscf,
         protocols |= lsopt->xudp << 4;
         protocols_prev |= addr[i].opt.xudp << 4;
 #endif
+#if (T_NGX_HTTPS_ALLOW_HTTP)
+        https_allow_http = lsopt->https_allow_http || addr[i].opt.https_allow_http;
+#endif
 
         if (lsopt->set) {
 
@@ -1443,6 +1449,9 @@ ngx_http_add_addresses(ngx_conf_t *cf, ngx_http_core_srv_conf_t *cscf,
 #if (T_NGX_HAVE_XUDP)
         addr[i].opt.xudp = xudp;
 #endif
+#if (T_NGX_HTTPS_ALLOW_HTTP)
+        addr[i].opt.https_allow_http = https_allow_http;
+#endif
 
         return NGX_OK;
     }
@@ -2019,6 +2028,9 @@ ngx_http_add_addrs(ngx_conf_t *cf, ngx_http_port_t *hport,
 #endif
 #if (NGX_HTTP_V2)
         addrs[i].conf.http2 = addr[i].opt.http2;
+#endif
+#if (T_NGX_HTTPS_ALLOW_HTTP)
+        addrs[i].conf.https_allow_http = addr[i].opt.https_allow_http;
 #endif
         addrs[i].conf.proxy_protocol = addr[i].opt.proxy_protocol;
 #if (T_NGX_XQUIC)
@@ -2089,6 +2101,9 @@ ngx_http_add_addrs6(ngx_conf_t *cf, ngx_http_port_t *hport,
 #endif
 #if (NGX_HTTP_V2)
         addrs6[i].conf.http2 = addr[i].opt.http2;
+#endif
+#if (T_NGX_HTTPS_ALLOW_HTTP)
+        addrs6[i].conf.https_allow_http = addr[i].opt.https_allow_http;
 #endif
         addrs6[i].conf.proxy_protocol = addr[i].opt.proxy_protocol;
 #if (T_NGX_XQUIC)

src/http/ngx_http_core_module.c

@@ -4624,6 +4624,20 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
             continue;
         }
 
+#if (T_NGX_HTTPS_ALLOW_HTTP)
+        if (ngx_strcmp(value[n].data, "https_allow_http") == 0) {
+#if (NGX_HTTP_SSL)
+            lsopt.https_allow_http = 1;
+            continue;
+#else
+            ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
+                               "the \"https_allow_http\" parameter requires "
+                               "ngx_http_ssl_module");
+            return NGX_CONF_ERROR;
+#endif
+        }
+#endif
+
         ngx_conf_log_error(NGX_LOG_EMERG, cf, 0,
                            "invalid parameter \"%V\"", &value[n]);
         return NGX_CONF_ERROR;

src/http/ngx_http_core_module.h

@@ -89,6 +89,9 @@ typedef struct {
     unsigned                   reuseport:1;
     unsigned                   so_keepalive:2;
     unsigned                   proxy_protocol:1;
+#if (T_NGX_HTTPS_ALLOW_HTTP)
+    unsigned                   https_allow_http:1;
+#endif
 #if (T_NGX_XQUIC)
     unsigned                   xquic:1;
 #endif
@@ -259,6 +262,9 @@ struct ngx_http_addr_conf_s {
     unsigned                   ssl:1;
     unsigned                   http2:1;
     unsigned                   proxy_protocol:1;
+#if (T_NGX_HTTPS_ALLOW_HTTP)
+    unsigned                   https_allow_http:1;
+#endif
 };
 
 

src/http/ngx_http_request.c

@@ -852,6 +852,11 @@ ngx_http_ssl_handshake(ngx_event_t *rev)
         ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, "plain http");
 
         c->log->action = "waiting for request";
+#if (T_NGX_HTTPS_ALLOW_HTTP)
+        if (hc->addr_conf->https_allow_http) {
+            hc->ssl = 0;
+        }
+#endif
 
         rev->handler = ngx_http_wait_request_handler;
         ngx_http_wait_request_handler(rev);