From 573a423e26b2dc84ea86c9b883617cbd3bae4a75 Mon Sep 17 00:00:00 2001 From: drawing Date: Fri, 15 Sep 2023 20:37:35 +0800 Subject: [PATCH] add feature https_allow_http: allow tcp port to support both http and https --- auto/modules | 1 + src/http/ngx_http.c | 15 +++++++++++++++ src/http/ngx_http_core_module.c | 14 ++++++++++++++ src/http/ngx_http_core_module.h | 6 ++++++ src/http/ngx_http_request.c | 5 +++++ 5 files changed, 41 insertions(+) diff --git a/auto/modules b/auto/modules index 26c2094c97..503cf05b05 100644 --- a/auto/modules +++ b/auto/modules @@ -1483,3 +1483,4 @@ have=T_NGX_SHOW_INFO . auto/have have=T_NGX_HTTP_IMAGE_FILTER . auto/have have=T_HTTP_HEADER . auto/have have=T_HTTP_UPSTREAM_TIMEOUT_VAR . auto/have +have=T_NGX_HTTPS_ALLOW_HTTP . auto/have diff --git a/src/http/ngx_http.c b/src/http/ngx_http.c index 065be828c5..237de21aee 100644 --- a/src/http/ngx_http.c +++ b/src/http/ngx_http.c @@ -1299,6 +1299,9 @@ ngx_http_add_addresses(ngx_conf_t *cf, ngx_http_core_srv_conf_t *cscf, #if (T_NGX_HAVE_XUDP) ngx_uint_t xudp; #endif +#if (T_NGX_HTTPS_ALLOW_HTTP) + ngx_uint_t https_allow_http; +#endif /* * we cannot compare whole sockaddr struct's as kernel @@ -1350,6 +1353,9 @@ ngx_http_add_addresses(ngx_conf_t *cf, ngx_http_core_srv_conf_t *cscf, protocols |= lsopt->xudp << 4; protocols_prev |= addr[i].opt.xudp << 4; #endif +#if (T_NGX_HTTPS_ALLOW_HTTP) + https_allow_http = lsopt->https_allow_http || addr[i].opt.https_allow_http; +#endif if (lsopt->set) { @@ -1443,6 +1449,9 @@ ngx_http_add_addresses(ngx_conf_t *cf, ngx_http_core_srv_conf_t *cscf, #if (T_NGX_HAVE_XUDP) addr[i].opt.xudp = xudp; #endif +#if (T_NGX_HTTPS_ALLOW_HTTP) + addr[i].opt.https_allow_http = https_allow_http; +#endif return NGX_OK; } @@ -2019,6 +2028,9 @@ ngx_http_add_addrs(ngx_conf_t *cf, ngx_http_port_t *hport, #endif #if (NGX_HTTP_V2) addrs[i].conf.http2 = addr[i].opt.http2; +#endif +#if (T_NGX_HTTPS_ALLOW_HTTP) + addrs[i].conf.https_allow_http = addr[i].opt.https_allow_http; #endif addrs[i].conf.proxy_protocol = addr[i].opt.proxy_protocol; #if (T_NGX_XQUIC) @@ -2089,6 +2101,9 @@ ngx_http_add_addrs6(ngx_conf_t *cf, ngx_http_port_t *hport, #endif #if (NGX_HTTP_V2) addrs6[i].conf.http2 = addr[i].opt.http2; +#endif +#if (T_NGX_HTTPS_ALLOW_HTTP) + addrs6[i].conf.https_allow_http = addr[i].opt.https_allow_http; #endif addrs6[i].conf.proxy_protocol = addr[i].opt.proxy_protocol; #if (T_NGX_XQUIC) diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c index 338a771fc4..e5612c06b2 100644 --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -4624,6 +4624,20 @@ ngx_http_core_listen(ngx_conf_t *cf, ngx_command_t *cmd, void *conf) continue; } +#if (T_NGX_HTTPS_ALLOW_HTTP) + if (ngx_strcmp(value[n].data, "https_allow_http") == 0) { +#if (NGX_HTTP_SSL) + lsopt.https_allow_http = 1; + continue; +#else + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, + "the \"https_allow_http\" parameter requires " + "ngx_http_ssl_module"); + return NGX_CONF_ERROR; +#endif + } +#endif + ngx_conf_log_error(NGX_LOG_EMERG, cf, 0, "invalid parameter \"%V\"", &value[n]); return NGX_CONF_ERROR; diff --git a/src/http/ngx_http_core_module.h b/src/http/ngx_http_core_module.h index e99a8c1331..da2a93b278 100644 --- a/src/http/ngx_http_core_module.h +++ b/src/http/ngx_http_core_module.h @@ -89,6 +89,9 @@ typedef struct { unsigned reuseport:1; unsigned so_keepalive:2; unsigned proxy_protocol:1; +#if (T_NGX_HTTPS_ALLOW_HTTP) + unsigned https_allow_http:1; +#endif #if (T_NGX_XQUIC) unsigned xquic:1; #endif @@ -259,6 +262,9 @@ struct ngx_http_addr_conf_s { unsigned ssl:1; unsigned http2:1; unsigned proxy_protocol:1; +#if (T_NGX_HTTPS_ALLOW_HTTP) + unsigned https_allow_http:1; +#endif }; diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c index 6d9fa29f6f..cffa9d44ee 100755 --- a/src/http/ngx_http_request.c +++ b/src/http/ngx_http_request.c @@ -852,6 +852,11 @@ ngx_http_ssl_handshake(ngx_event_t *rev) ngx_log_debug0(NGX_LOG_DEBUG_HTTP, rev->log, 0, "plain http"); c->log->action = "waiting for request"; +#if (T_NGX_HTTPS_ALLOW_HTTP) + if (hc->addr_conf->https_allow_http) { + hc->ssl = 0; + } +#endif rev->handler = ngx_http_wait_request_handler; ngx_http_wait_request_handler(rev);