diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 87a56d3..a63750a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,8 +11,7 @@ jobs: strategy: matrix: op_version: - - "1.21.4.1" - - "1.21.4.2" + - "1.25.3.1" runs-on: "ubuntu-20.04" @@ -29,17 +28,17 @@ jobs: - name: Get dependencies run: | - sudo apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl luarocks + sudo apt install -y cpanminus build-essential libncurses5-dev libreadline-dev libssl-dev perl luarocks libpcre3 libpcre3-dev zlib1g-dev sudo luarocks install lua-resty-http > build.log 2>&1 || (cat build.log && exit 1) - name: Before install run: | sudo cpanm --notest Test::Nginx > build.log 2>&1 || (cat build.log && exit 1) - git clone https://github.com/iresty/test-nginx.git test-nginx + git clone https://github.com/openresty/test-nginx.git test-nginx - name: Install run: | - wget https://raw.githubusercontent.com/api7/apisix-build-tools/master/build-apisix-base.sh + wget https://raw.githubusercontent.com/zll600/apisix-build-tools/upgrade_openresty-1.25.3.1/build-apisix-base.sh chmod +x build-apisix-base.sh OR_PREFIX=$OPENRESTY_PREFIX CC="clang -fsanitize=address -fcolor-diagnostics -Qunused-arguments" \ cc_opt="-Werror" ./build-apisix-base.sh latest diff --git a/patch/1.25.3.1/lua-resty-core-enable_keepalive.patch b/patch/1.25.3.1/lua-resty-core-enable_keepalive.patch new file mode 100644 index 0000000..4a0df12 --- /dev/null +++ b/patch/1.25.3.1/lua-resty-core-enable_keepalive.patch @@ -0,0 +1,219 @@ +diff --git lib/ngx/balancer.lua lib/ngx/balancer.lua +index 7d64d63..781cbd1 100644 +--- lib/ngx/balancer.lua ++++ lib/ngx/balancer.lua +@@ -3,6 +3,7 @@ + + local base = require "resty.core.base" + base.allows_subsystem('http', 'stream') ++require "resty.core.hash" + + + local ffi = require "ffi" +@@ -17,8 +18,10 @@ local error = error + local type = type + local tonumber = tonumber + local max = math.max ++local ngx_crc32_long = ngx.crc32_long + local subsystem = ngx.config.subsystem + local ngx_lua_ffi_balancer_set_current_peer ++local ngx_lua_ffi_balancer_enable_keepalive + local ngx_lua_ffi_balancer_set_more_tries + local ngx_lua_ffi_balancer_get_last_failure + local ngx_lua_ffi_balancer_set_timeouts -- used by both stream and http +@@ -27,7 +30,11 @@ local ngx_lua_ffi_balancer_set_timeouts -- used by both stream and http + if subsystem == 'http' then + ffi.cdef[[ + int ngx_http_lua_ffi_balancer_set_current_peer(ngx_http_request_t *r, +- const unsigned char *addr, size_t addr_len, int port, char **err); ++ const unsigned char *addr, size_t addr_len, int port, ++ unsigned int cpool_crc32, unsigned int cpool_size, char **err); ++ ++ int ngx_http_lua_ffi_balancer_enable_keepalive(ngx_http_request_t *r, ++ unsigned long timeout, unsigned int max_requests, char **err); + + int ngx_http_lua_ffi_balancer_set_more_tries(ngx_http_request_t *r, + int count, char **err); +@@ -46,6 +53,9 @@ if subsystem == 'http' then + ngx_lua_ffi_balancer_set_current_peer = + C.ngx_http_lua_ffi_balancer_set_current_peer + ++ ngx_lua_ffi_balancer_enable_keepalive = ++ C.ngx_http_lua_ffi_balancer_enable_keepalive ++ + ngx_lua_ffi_balancer_set_more_tries = + C.ngx_http_lua_ffi_balancer_set_more_tries + +@@ -96,6 +106,11 @@ else + end + + ++local DEFAULT_KEEPALIVE_POOL_SIZE = 30 ++local DEFAULT_KEEPALIVE_IDLE_TIMEOUT = 60000 ++local DEFAULT_KEEPALIVE_MAX_REQUESTS = 100 ++ ++ + local peer_state_names = { + [1] = "keepalive", + [2] = "next", +@@ -106,25 +121,147 @@ local peer_state_names = { + local _M = { version = base.version } + + +-function _M.set_current_peer(addr, port) +- local r = get_request() +- if not r then +- error("no request found") ++if subsystem == "http" then ++ function _M.set_current_peer(addr, port, opts) ++ local r = get_request() ++ if not r then ++ error("no request found") ++ end ++ ++ local pool_crc32 ++ local pool_size ++ ++ if opts then ++ if type(opts) ~= "table" then ++ error("bad argument #3 to 'set_current_peer' " .. ++ "(table expected, got " .. type(opts) .. ")", 2) ++ end ++ ++ local pool = opts.pool ++ pool_size = opts.pool_size ++ ++ if pool then ++ if type(pool) ~= "string" then ++ error("bad option 'pool' to 'set_current_peer' " .. ++ "(string expected, got " .. type(pool) .. ")", 2) ++ end ++ ++ pool_crc32 = ngx_crc32_long(pool) ++ end ++ ++ if pool_size then ++ if type(pool_size) ~= "number" then ++ error("bad option 'pool_size' to 'set_current_peer' " .. ++ "(number expected, got " .. type(pool_size) .. ")", 2) ++ ++ elseif pool_size < 1 then ++ error("bad option 'pool_size' to 'set_current_peer' " .. ++ "(expected > 0)", 2) ++ end ++ end ++ end ++ ++ if not port then ++ port = 0 ++ ++ elseif type(port) ~= "number" then ++ port = tonumber(port) ++ end ++ ++ if not pool_crc32 then ++ pool_crc32 = 0 ++ end ++ ++ if not pool_size then ++ pool_size = DEFAULT_KEEPALIVE_POOL_SIZE ++ end ++ ++ local rc = ngx_lua_ffi_balancer_set_current_peer(r, addr, #addr, port, ++ pool_crc32, pool_size, ++ errmsg) ++ if rc == FFI_OK then ++ return true ++ end ++ ++ return nil, ffi_str(errmsg[0]) + end + +- if not port then +- port = 0 +- elseif type(port) ~= "number" then +- port = tonumber(port) ++else ++ function _M.set_current_peer(addr, port, opts) ++ local r = get_request() ++ if not r then ++ error("no request found") ++ end ++ ++ if opts then ++ error("bad argument #3 to 'set_current_peer' ('opts' not yet " .. ++ "implemented in " .. subsystem .. " subsystem)", 2) ++ end ++ ++ if not port then ++ port = 0 ++ ++ elseif type(port) ~= "number" then ++ port = tonumber(port) ++ end ++ ++ local rc = ngx_lua_ffi_balancer_set_current_peer(r, addr, #addr, ++ port, errmsg) ++ if rc == FFI_OK then ++ return true ++ end ++ ++ return nil, ffi_str(errmsg[0]) + end ++end + +- local rc = ngx_lua_ffi_balancer_set_current_peer(r, addr, #addr, +- port, errmsg) +- if rc == FFI_OK then +- return true ++ ++if subsystem == "http" then ++ function _M.enable_keepalive(idle_timeout, max_requests) ++ local r = get_request() ++ if not r then ++ error("no request found") ++ end ++ ++ if not idle_timeout then ++ idle_timeout = DEFAULT_KEEPALIVE_IDLE_TIMEOUT ++ ++ elseif type(idle_timeout) ~= "number" then ++ error("bad argument #1 to 'enable_keepalive' " .. ++ "(number expected, got " .. type(idle_timeout) .. ")", 2) ++ ++ elseif idle_timeout < 0 then ++ error("bad argument #1 to 'enable_keepalive' (expected >= 0)", 2) ++ ++ else ++ idle_timeout = idle_timeout * 1000 ++ end ++ ++ if not max_requests then ++ max_requests = DEFAULT_KEEPALIVE_MAX_REQUESTS ++ ++ elseif type(max_requests) ~= "number" then ++ error("bad argument #2 to 'enable_keepalive' " .. ++ "(number expected, got " .. type(max_requests) .. ")", 2) ++ ++ elseif max_requests < 0 then ++ error("bad argument #2 to 'enable_keepalive' (expected >= 0)", 2) ++ end ++ ++ local rc = ngx_lua_ffi_balancer_enable_keepalive(r, idle_timeout, ++ max_requests, errmsg) ++ if rc == FFI_OK then ++ return true ++ end ++ ++ return nil, ffi_str(errmsg[0]) + end + +- return nil, ffi_str(errmsg[0]) ++else ++ function _M.enable_keepalive() ++ error("'enable_keepalive' not yet implemented in " .. subsystem .. ++ " subsystem", 2) ++ end + end + + diff --git a/patch/1.25.3.1/lua-resty-core-reject-in-handshake.patch b/patch/1.25.3.1/lua-resty-core-reject-in-handshake.patch new file mode 100644 index 0000000..97cfbc7 --- /dev/null +++ b/patch/1.25.3.1/lua-resty-core-reject-in-handshake.patch @@ -0,0 +1,48 @@ +diff --git lib/ngx/ssl.lua lib/ngx/ssl.lua +index 8792be0..c4afc80 100644 +--- lib/ngx/ssl.lua ++++ lib/ngx/ssl.lua +@@ -86,7 +86,7 @@ if subsystem == 'http' then + void ngx_http_lua_ffi_free_priv_key(void *cdata); + + int ngx_http_lua_ffi_ssl_verify_client(void *r, +- void *cdata, int depth, char **err); ++ void *cdata, int depth, int reject_in_handshake, char **err); + ]] + + ngx_lua_ffi_ssl_set_der_certificate = +@@ -157,7 +157,7 @@ elseif subsystem == 'stream' then + void ngx_stream_lua_ffi_free_priv_key(void *cdata); + + int ngx_stream_lua_ffi_ssl_verify_client(void *r, +- void *cdata, int depth, char **err); ++ void *cdata, int depth, int reject_in_handshake, char **err); + ]] + + ngx_lua_ffi_ssl_set_der_certificate = +@@ -417,7 +417,7 @@ function _M.set_priv_key(priv_key) + end + + +-function _M.verify_client(ca_certs, depth) ++function _M.verify_client(ca_certs, depth, reject_in_handshake) + local r = get_request() + if not r then + error("no request found") +@@ -427,7 +427,15 @@ function _M.verify_client(ca_certs, depth) + depth = -1 + end + +- local rc = ngx_lua_ffi_ssl_verify_client(r, ca_certs, depth, errmsg) ++ if reject_in_handshake == nil then ++ -- reject by default so we can migrate to the new behavior ++ -- without modifying Lua code ++ reject_in_handshake = true ++ end ++ ++ local reject_in_handshake_int = reject_in_handshake and 1 or 0 ++ local rc = ngx_lua_ffi_ssl_verify_client(r, ca_certs, depth, ++ reject_in_handshake_int, errmsg) + if rc == FFI_OK then + return true + end diff --git a/patch/1.25.3.1/lua-resty-core-shared_shdict.patch b/patch/1.25.3.1/lua-resty-core-shared_shdict.patch new file mode 100644 index 0000000..fe516de --- /dev/null +++ b/patch/1.25.3.1/lua-resty-core-shared_shdict.patch @@ -0,0 +1,400 @@ +diff --git lib/resty/core/shdict.lua lib/resty/core/shdict.lua +index 8d60d16..7537e7b 100644 +--- lib/resty/core/shdict.lua ++++ lib/resty/core/shdict.lua +@@ -28,7 +28,6 @@ local type = type + local error = error + local getmetatable = getmetatable + local FFI_DECLINED = base.FFI_DECLINED +-local subsystem = ngx.config.subsystem + + + local ngx_lua_ffi_shdict_get +@@ -42,181 +41,60 @@ local ngx_lua_ffi_shdict_free_space + local ngx_lua_ffi_shdict_udata_to_zone + + +-if subsystem == 'http' then +- ffi.cdef[[ +-int ngx_http_lua_ffi_shdict_get(void *zone, const unsigned char *key, ++ffi.cdef[[ ++int ngx_meta_lua_ffi_shdict_get(void *zone, const unsigned char *key, + size_t key_len, int *value_type, unsigned char **str_value_buf, + size_t *str_value_len, double *num_value, int *user_flags, + int get_stale, int *is_stale, char **errmsg); + +-int ngx_http_lua_ffi_shdict_incr(void *zone, const unsigned char *key, ++int ngx_meta_lua_ffi_shdict_incr(void *zone, const unsigned char *key, + size_t key_len, double *value, char **err, int has_init, + double init, long init_ttl, int *forcible); + +-int ngx_http_lua_ffi_shdict_store(void *zone, int op, ++int ngx_meta_lua_ffi_shdict_store(void *zone, int op, + const unsigned char *key, size_t key_len, int value_type, + const unsigned char *str_value_buf, size_t str_value_len, + double num_value, long exptime, int user_flags, char **errmsg, + int *forcible); + +-int ngx_http_lua_ffi_shdict_flush_all(void *zone); ++int ngx_meta_lua_ffi_shdict_flush_all(void *zone); + +-long ngx_http_lua_ffi_shdict_get_ttl(void *zone, ++long ngx_meta_lua_ffi_shdict_get_ttl(void *zone, + const unsigned char *key, size_t key_len); + +-int ngx_http_lua_ffi_shdict_set_expire(void *zone, ++int ngx_meta_lua_ffi_shdict_set_expire(void *zone, + const unsigned char *key, size_t key_len, long exptime); + +-size_t ngx_http_lua_ffi_shdict_capacity(void *zone); +- +-void *ngx_http_lua_ffi_shdict_udata_to_zone(void *zone_udata); +- ]] +- +- ngx_lua_ffi_shdict_get = function(zone, key, key_len, value_type, +- str_value_buf, value_len, +- num_value, user_flags, +- get_stale, is_stale, errmsg) +- +- return C.ngx_http_lua_ffi_shdict_get(zone, key, key_len, value_type, +- str_value_buf, value_len, +- num_value, user_flags, +- get_stale, is_stale, errmsg) +- end +- +- ngx_lua_ffi_shdict_incr = function(zone, key, +- key_len, value, err, has_init, +- init, init_ttl, forcible) ++size_t ngx_meta_lua_ffi_shdict_capacity(void *zone); + +- return C.ngx_http_lua_ffi_shdict_incr(zone, key, +- key_len, value, err, has_init, +- init, init_ttl, forcible) +- end +- +- ngx_lua_ffi_shdict_store = function(zone, op, +- key, key_len, value_type, +- str_value_buf, str_value_len, +- num_value, exptime, user_flags, +- errmsg, forcible) +- +- return C.ngx_http_lua_ffi_shdict_store(zone, op, +- key, key_len, value_type, +- str_value_buf, str_value_len, +- num_value, exptime, user_flags, +- errmsg, forcible) +- end +- +- ngx_lua_ffi_shdict_flush_all = C.ngx_http_lua_ffi_shdict_flush_all +- ngx_lua_ffi_shdict_get_ttl = C.ngx_http_lua_ffi_shdict_get_ttl +- ngx_lua_ffi_shdict_set_expire = C.ngx_http_lua_ffi_shdict_set_expire +- ngx_lua_ffi_shdict_capacity = C.ngx_http_lua_ffi_shdict_capacity +- ngx_lua_ffi_shdict_udata_to_zone = +- C.ngx_http_lua_ffi_shdict_udata_to_zone +- +- if not pcall(function () +- return C.ngx_http_lua_ffi_shdict_free_space +- end) +- then +- ffi.cdef[[ +-size_t ngx_http_lua_ffi_shdict_free_space(void *zone); +- ]] +- end +- +- pcall(function () +- ngx_lua_ffi_shdict_free_space = C.ngx_http_lua_ffi_shdict_free_space +- end) +- +-elseif subsystem == 'stream' then ++void *ngx_meta_lua_ffi_shdict_udata_to_zone(void *zone_udata); ++]] + ++if not pcall(function () ++ return C.ngx_meta_lua_ffi_shdict_free_space ++end) ++then + ffi.cdef[[ +-int ngx_stream_lua_ffi_shdict_get(void *zone, const unsigned char *key, +- size_t key_len, int *value_type, unsigned char **str_value_buf, +- size_t *str_value_len, double *num_value, int *user_flags, +- int get_stale, int *is_stale, char **errmsg); +- +-int ngx_stream_lua_ffi_shdict_incr(void *zone, const unsigned char *key, +- size_t key_len, double *value, char **err, int has_init, +- double init, long init_ttl, int *forcible); +- +-int ngx_stream_lua_ffi_shdict_store(void *zone, int op, +- const unsigned char *key, size_t key_len, int value_type, +- const unsigned char *str_value_buf, size_t str_value_len, +- double num_value, long exptime, int user_flags, char **errmsg, +- int *forcible); +- +-int ngx_stream_lua_ffi_shdict_flush_all(void *zone); +- +-long ngx_stream_lua_ffi_shdict_get_ttl(void *zone, +- const unsigned char *key, size_t key_len); +- +-int ngx_stream_lua_ffi_shdict_set_expire(void *zone, +- const unsigned char *key, size_t key_len, long exptime); +- +-size_t ngx_stream_lua_ffi_shdict_capacity(void *zone); +- +-void *ngx_stream_lua_ffi_shdict_udata_to_zone(void *zone_udata); ++size_t ngx_meta_lua_ffi_shdict_free_space(void *zone); + ]] +- +- ngx_lua_ffi_shdict_get = function(zone, key, key_len, value_type, +- str_value_buf, value_len, +- num_value, user_flags, +- get_stale, is_stale, errmsg) +- +- return C.ngx_stream_lua_ffi_shdict_get(zone, key, key_len, value_type, +- str_value_buf, value_len, +- num_value, user_flags, +- get_stale, is_stale, errmsg) +- end +- +- ngx_lua_ffi_shdict_incr = function(zone, key, +- key_len, value, err, has_init, +- init, init_ttl, forcible) +- +- return C.ngx_stream_lua_ffi_shdict_incr(zone, key, +- key_len, value, err, has_init, +- init, init_ttl, forcible) +- end +- +- ngx_lua_ffi_shdict_store = function(zone, op, +- key, key_len, value_type, +- str_value_buf, str_value_len, +- num_value, exptime, user_flags, +- errmsg, forcible) +- +- return C.ngx_stream_lua_ffi_shdict_store(zone, op, +- key, key_len, value_type, +- str_value_buf, str_value_len, +- num_value, exptime, user_flags, +- errmsg, forcible) +- end +- +- ngx_lua_ffi_shdict_flush_all = C.ngx_stream_lua_ffi_shdict_flush_all +- ngx_lua_ffi_shdict_get_ttl = C.ngx_stream_lua_ffi_shdict_get_ttl +- ngx_lua_ffi_shdict_set_expire = C.ngx_stream_lua_ffi_shdict_set_expire +- ngx_lua_ffi_shdict_capacity = C.ngx_stream_lua_ffi_shdict_capacity +- ngx_lua_ffi_shdict_udata_to_zone = +- C.ngx_stream_lua_ffi_shdict_udata_to_zone +- +- if not pcall(function () +- return C.ngx_stream_lua_ffi_shdict_free_space +- end) +- then +- ffi.cdef[[ +-size_t ngx_stream_lua_ffi_shdict_free_space(void *zone); +- ]] +- end +- +- -- ngx_stream_lua is only compatible with NGINX >= 1.13.6, meaning it +- -- cannot lack support for ngx_stream_lua_ffi_shdict_free_space. +- ngx_lua_ffi_shdict_free_space = C.ngx_stream_lua_ffi_shdict_free_space +- +-else +- error("unknown subsystem: " .. subsystem) + end + ++pcall(function () ++ ngx_lua_ffi_shdict_get = C.ngx_meta_lua_ffi_shdict_get ++ ngx_lua_ffi_shdict_incr = C.ngx_meta_lua_ffi_shdict_incr ++ ngx_lua_ffi_shdict_store = C.ngx_meta_lua_ffi_shdict_store ++ ngx_lua_ffi_shdict_flush_all = C.ngx_meta_lua_ffi_shdict_flush_all ++ ngx_lua_ffi_shdict_get_ttl = C.ngx_meta_lua_ffi_shdict_get_ttl ++ ngx_lua_ffi_shdict_set_expire = C.ngx_meta_lua_ffi_shdict_set_expire ++ ngx_lua_ffi_shdict_capacity = C.ngx_meta_lua_ffi_shdict_capacity ++ ngx_lua_ffi_shdict_free_space = C.ngx_meta_lua_ffi_shdict_free_space ++ ngx_lua_ffi_shdict_udata_to_zone = C.ngx_meta_lua_ffi_shdict_udata_to_zone ++end) ++ + + local MACOS = jit and jit.os == "OSX" + +-if MACOS and subsystem == 'http' then ++if MACOS then + ffi.cdef[[ + typedef struct { + void *zone; +@@ -230,7 +108,7 @@ typedef struct { + int get_stale; + int *is_stale; + char **errmsg; +-} ngx_http_lua_shdict_get_params_t; ++} ngx_meta_lua_shdict_get_params_t; + + typedef struct { + void *zone; +@@ -257,134 +135,19 @@ typedef struct { + double init; + long init_ttl; + int *forcible; +-} ngx_http_lua_shdict_incr_params_t; ++} ngx_meta_lua_shdict_incr_params_t; + +-int ngx_http_lua_ffi_shdict_get_macos( ++int ngx_meta_lua_ffi_shdict_get_macos( + ngx_http_lua_shdict_get_params_t *p); +-int ngx_http_lua_ffi_shdict_store_macos( ++int ngx_meta_lua_ffi_shdict_store_macos( + ngx_http_lua_shdict_store_params_t *p); +-int ngx_http_lua_ffi_shdict_incr_macos( ++int ngx_meta_lua_ffi_shdict_incr_macos( + ngx_http_lua_shdict_incr_params_t *p); + ]] + +- local get_params = ffi_new("ngx_http_lua_shdict_get_params_t") +- local incr_params = ffi_new("ngx_http_lua_shdict_incr_params_t") +- local store_params = ffi_new("ngx_http_lua_shdict_store_params_t") +- +- ngx_lua_ffi_shdict_get = function(zone, key, key_len, value_type, +- str_value_buf, value_len, +- num_value, user_flags, +- get_stale, is_stale, errmsg) +- +- get_params.zone = zone +- get_params.key = key +- get_params.key_len = key_len +- get_params.value_type = value_type +- get_params.str_value_buf = str_value_buf +- get_params.str_value_len = value_len +- get_params.num_value = num_value +- get_params.user_flags = user_flags +- get_params.get_stale = get_stale +- get_params.is_stale = is_stale +- get_params.errmsg = errmsg +- +- return C.ngx_http_lua_ffi_shdict_get_macos(get_params) +- end +- +- ngx_lua_ffi_shdict_incr = function(zone, key, +- key_len, value, err, has_init, +- init, init_ttl, forcible) +- +- incr_params.zone = zone +- incr_params.key = key +- incr_params.key_len = key_len +- incr_params.num_value = value +- incr_params.errmsg = err +- incr_params.has_init = has_init +- incr_params.init = init +- incr_params.init_ttl = init_ttl +- incr_params.forcible = forcible +- +- return C.ngx_http_lua_ffi_shdict_incr_macos(incr_params) +- end +- +- ngx_lua_ffi_shdict_store = function(zone, op, +- key, key_len, value_type, +- str_value_buf, str_value_len, +- num_value, exptime, user_flags, +- errmsg, forcible) +- +- store_params.zone = zone +- store_params.op = op +- store_params.key = key +- store_params.key_len = key_len +- store_params.value_type = value_type +- store_params.str_value_buf = str_value_buf +- store_params.str_value_len = str_value_len +- store_params.num_value = num_value +- store_params.exptime = exptime +- store_params.user_flags = user_flags +- store_params.errmsg = errmsg +- store_params.forcible = forcible +- +- return C.ngx_http_lua_ffi_shdict_store_macos(store_params) +- end +-end +- +-if MACOS and subsystem == 'stream' then +- ffi.cdef[[ +-typedef struct { +- void *zone; +- const unsigned char *key; +- size_t key_len; +- int *value_type; +- unsigned char **str_value_buf; +- size_t *str_value_len; +- double *num_value; +- int *user_flags; +- int get_stale; +- int *is_stale; +- char **errmsg; +-} ngx_stream_lua_shdict_get_params_t; +- +-typedef struct { +- void *zone; +- int op; +- const unsigned char *key; +- size_t key_len; +- int value_type; +- const unsigned char *str_value_buf; +- size_t str_value_len; +- double num_value; +- long exptime; +- int user_flags; +- char **errmsg; +- int *forcible; +-} ngx_stream_lua_shdict_store_params_t; +- +-typedef struct { +- void *zone; +- const unsigned char *key; +- size_t key_len; +- double *num_value; +- char **errmsg; +- int has_init; +- double init; +- long init_ttl; +- int *forcible; +-} ngx_stream_lua_shdict_incr_params_t; +- +-int ngx_stream_lua_ffi_shdict_get_macos( +- ngx_stream_lua_shdict_get_params_t *p); +-int ngx_stream_lua_ffi_shdict_store_macos( +- ngx_stream_lua_shdict_store_params_t *p); +-int ngx_stream_lua_ffi_shdict_incr_macos( +- ngx_stream_lua_shdict_incr_params_t *p); +- ]] +- +- local get_params = ffi_new("ngx_stream_lua_shdict_get_params_t") +- local store_params = ffi_new("ngx_stream_lua_shdict_store_params_t") +- local incr_params = ffi_new("ngx_stream_lua_shdict_incr_params_t") ++ local get_params = ffi_new("ngx_meta_lua_shdict_get_params_t") ++ local incr_params = ffi_new("ngx_meta_lua_shdict_incr_params_t") ++ local store_params = ffi_new("ngx_meta_lua_shdict_store_params_t") + + ngx_lua_ffi_shdict_get = function(zone, key, key_len, value_type, + str_value_buf, value_len, +@@ -403,7 +166,7 @@ int ngx_stream_lua_ffi_shdict_incr_macos( + get_params.is_stale = is_stale + get_params.errmsg = errmsg + +- return C.ngx_stream_lua_ffi_shdict_get_macos(get_params) ++ return C.ngx_meta_lua_ffi_shdict_get_macos(get_params) + end + + ngx_lua_ffi_shdict_incr = function(zone, key, +@@ -420,7 +183,7 @@ int ngx_stream_lua_ffi_shdict_incr_macos( + incr_params.init_ttl = init_ttl + incr_params.forcible = forcible + +- return C.ngx_stream_lua_ffi_shdict_incr_macos(incr_params) ++ return C.ngx_meta_lua_ffi_shdict_incr_macos(incr_params) + end + + ngx_lua_ffi_shdict_store = function(zone, op, +@@ -442,7 +205,7 @@ int ngx_stream_lua_ffi_shdict_incr_macos( + store_params.errmsg = errmsg + store_params.forcible = forcible + +- return C.ngx_stream_lua_ffi_shdict_store_macos(store_params) ++ return C.ngx_meta_lua_ffi_shdict_store_macos(store_params) + end + end + diff --git a/patch/1.25.3.1/lua-resty-core-tlshandshake.patch b/patch/1.25.3.1/lua-resty-core-tlshandshake.patch new file mode 100644 index 0000000..c8483d2 --- /dev/null +++ b/patch/1.25.3.1/lua-resty-core-tlshandshake.patch @@ -0,0 +1,340 @@ +diff --git Makefile Makefile +index 3caabe2..6361a23 100644 +--- Makefile ++++ Makefile +@@ -12,10 +12,12 @@ all: ; + + install: all + $(INSTALL) -d $(DESTDIR)$(LUA_LIB_DIR)/resty/core/ ++ $(INSTALL) -d $(DESTDIR)$(LUA_LIB_DIR)/resty/core/socket + $(INSTALL) -d $(DESTDIR)$(LUA_LIB_DIR)/ngx/ + $(INSTALL) -d $(DESTDIR)$(LUA_LIB_DIR)/ngx/ssl + $(INSTALL) lib/resty/*.lua $(DESTDIR)$(LUA_LIB_DIR)/resty/ + $(INSTALL) lib/resty/core/*.lua $(DESTDIR)$(LUA_LIB_DIR)/resty/core/ ++ $(INSTALL) lib/resty/core/socket/*.lua $(DESTDIR)$(LUA_LIB_DIR)/resty/core/socket + $(INSTALL) lib/ngx/*.lua $(DESTDIR)$(LUA_LIB_DIR)/ngx/ + $(INSTALL) lib/ngx/ssl/*.lua $(DESTDIR)$(LUA_LIB_DIR)/ngx/ssl/ + +diff --git lib/resty/core.lua lib/resty/core.lua +index e92084c..fd823ce 100644 +--- lib/resty/core.lua ++++ lib/resty/core.lua +@@ -25,6 +25,7 @@ if subsystem == 'http' then + end + + ++require "resty.core.socket.tcp" + require "resty.core.misc" + require "resty.core.ctx" + +diff --git lib/resty/core/socket/tcp.lua lib/resty/core/socket/tcp.lua +new file mode 100644 +index 0000000..b6e009c +--- /dev/null ++++ lib/resty/core/socket/tcp.lua +@@ -0,0 +1,305 @@ ++-- Copyright (C) by OpenResty Inc. ++ ++ ++local base = require "resty.core.base" ++local ffi = require "ffi" ++local ssl = require "ngx.ssl" ++ ++ ++local C = ffi.C ++local ffi_str = ffi.string ++local ffi_gc = ffi.gc ++local FFI_ERROR = base.FFI_ERROR ++local FFI_DONE = base.FFI_DONE ++local FFI_OK = base.FFI_OK ++local FFI_AGAIN = base.FFI_AGAIN ++local FFI_NO_REQ_CTX = base.FFI_NO_REQ_CTX ++local get_request = base.get_request ++local new_tab = base.new_tab ++local clear_tab = base.clear_tab ++local error = error ++local assert = assert ++local type = type ++local pcall = pcall ++local select = select ++local co_yield = coroutine._yield ++local io_open = io.open ++local subsystem = ngx.config.subsystem ++ ++ ++local ngx_lua_ffi_socket_tcp_tlshandshake ++local ngx_lua_ffi_socket_tcp_get_tlshandshake_result ++local ngx_lua_ffi_tls_free_session ++ ++if subsystem == 'http' then ++ ffi.cdef[[ ++typedef struct ngx_http_lua_socket_tcp_upstream_s ++ ngx_http_lua_socket_tcp_upstream_t; ++ ++int ngx_http_lua_ffi_socket_tcp_tlshandshake(ngx_http_request_t *r, ++ ngx_http_lua_socket_tcp_upstream_t *u, void *sess, ++ int enable_session_reuse, ngx_str_t *server_name, int verify, ++ int ocsp_status_req, void *chain, void *pkey, char **errmsg); ++ ++int ngx_http_lua_ffi_socket_tcp_get_tlshandshake_result(ngx_http_request_t *r, ++ ngx_http_lua_socket_tcp_upstream_t *u, void **sess, char **errmsg, ++ int *openssl_error_code); ++ ++void ngx_http_lua_ffi_tls_free_session(void *sess); ++]] ++ ++ ngx_lua_ffi_socket_tcp_tlshandshake = ++ C.ngx_http_lua_ffi_socket_tcp_tlshandshake ++ ngx_lua_ffi_socket_tcp_get_tlshandshake_result = ++ C.ngx_http_lua_ffi_socket_tcp_get_tlshandshake_result ++ ngx_lua_ffi_tls_free_session = C.ngx_http_lua_ffi_tls_free_session ++ ++elseif subsystem == 'stream' then ++ ffi.cdef[[ ++typedef struct ngx_stream_lua_socket_tcp_upstream_s ++ ngx_stream_lua_socket_tcp_upstream_t; ++ ++int ngx_stream_lua_ffi_socket_tcp_tlshandshake(ngx_stream_lua_request_t *r, ++ ngx_stream_lua_socket_tcp_upstream_t *u, void *sess, ++ int enable_session_reuse, ngx_str_t *server_name, int verify, ++ int ocsp_status_req, void *chain, void *pkey, char **errmsg); ++ ++int ngx_stream_lua_ffi_socket_tcp_get_tlshandshake_result( ++ ngx_stream_lua_request_t *r, ++ ngx_stream_lua_socket_tcp_upstream_t *u, void **sess, char **errmsg, ++ int *openssl_error_code); ++ ++void ngx_stream_lua_ffi_tls_free_session(void *sess); ++]] ++ ++ ngx_lua_ffi_socket_tcp_tlshandshake = ++ C.ngx_stream_lua_ffi_socket_tcp_tlshandshake ++ ngx_lua_ffi_socket_tcp_get_tlshandshake_result = ++ C.ngx_stream_lua_ffi_socket_tcp_get_tlshandshake_result ++ ngx_lua_ffi_tls_free_session = C.ngx_stream_lua_ffi_tls_free_session ++end ++ ++ ++local SOCKET_CTX_INDEX = 1 ++ ++ ++local errmsg = base.get_errmsg_ptr() ++local session_ptr = ffi.new("void *[1]") ++local server_name_str = ffi.new("ngx_str_t[1]") ++local openssl_error_code = ffi.new("int[1]") ++local cached_options = new_tab(0, 4) ++ ++ ++local function read_file(path) ++ local f, err = io_open(path) ++ if not f then ++ return nil, err ++ end ++ ++ local txt, err = f:read("*a") ++ f:close() ++ if not txt then ++ return nil, err ++ end ++ ++ return txt ++end ++ ++ ++local function report_handshake_error(errmsg, openssl_error_code) ++ if openssl_error_code[0] ~= 0 then ++ return nil, openssl_error_code[0] .. ": " .. ffi_str(errmsg[0]) ++ end ++ ++ return nil, ffi_str(errmsg[0]) ++end ++ ++ ++local function tlshandshake(self, options) ++ if not options then ++ clear_tab(cached_options) ++ options = cached_options ++ ++ elseif type(options) ~= "table" then ++ error("bad options arg: table expected", 2) ++ end ++ ++ local r = get_request() ++ if not r then ++ error("no request found", 2) ++ end ++ ++ local reused_session = options.reused_session ++ session_ptr[0] = type(reused_session) == "cdata" and reused_session or nil ++ ++ if options.server_name then ++ server_name_str[0].data = options.server_name ++ server_name_str[0].len = #options.server_name ++ ++ else ++ server_name_str[0].data = nil ++ server_name_str[0].len = 0 ++ end ++ ++ local client_cert, client_pkey ++ ++ if options.client_cert_path or options.client_cert then ++ if options.client_cert_path and options.client_cert then ++ error("client client_cert_path and client_cert both setting ", 2) ++ end ++ ++ if not options.client_priv_key_path and not options.client_priv_key then ++ error("client certificate supplied without corresponding " .. ++ "private key", 2) ++ end ++ ++ if options.client_priv_key_path and options.client_priv_key then ++ error("client certificate private key supplied with " .. ++ "client_priv_key and client_priv_key_path", 2) ++ end ++ ++ if options.client_cert then ++ if type(options.client_cert) ~= "string" then ++ error("bad client_cert option type", 2) ++ end ++ else ++ if type(options.client_cert_path) ~= "string" then ++ error("bad client_cert option type", 2) ++ end ++ ++ local txt, err = read_file(options.client_cert_path) ++ if not txt then ++ return nil, err ++ end ++ ++ options.client_cert = txt ++ end ++ ++ if options.client_priv_key then ++ if type(options.client_priv_key) ~= "string" then ++ error("bad client_priv_key option type", 2) ++ end ++ else ++ if type(options.client_priv_key_path) ~= "string" then ++ error("bad client_priv_key_path option type", 2) ++ end ++ ++ local txt, err = read_file(options.client_priv_key_path) ++ if not txt then ++ return nil, err ++ end ++ ++ options.client_priv_key = txt ++ end ++ ++ local cert, err = ssl.parse_pem_cert(options.client_cert) ++ if not cert then ++ return nil, err ++ end ++ client_cert = cert ++ ++ local pkey, err = ssl.parse_pem_priv_key(options.client_priv_key) ++ if not pkey then ++ return nil, err ++ end ++ client_pkey = pkey ++ end ++ ++ local u = self[SOCKET_CTX_INDEX] ++ ++ local rc = ngx_lua_ffi_socket_tcp_tlshandshake(r, u, ++ session_ptr[0], ++ reused_session ~= false, ++ server_name_str, ++ options.verify and 1 or 0, ++ options.ocsp_status_req and 1 or 0, ++ client_cert, client_pkey, errmsg) ++ ++ if rc == FFI_NO_REQ_CTX then ++ error("no request ctx found", 2) ++ end ++ ++ if rc == FFI_ERROR then ++ return nil, ffi_str(errmsg[0]) ++ end ++ ++ if rc == FFI_DONE then ++ return reused_session ++ end ++ ++ while true do ++ if rc == FFI_OK then ++ if reused_session == false then ++ return true ++ end ++ ++ rc = ngx_lua_ffi_socket_tcp_get_tlshandshake_result(r, u, ++ session_ptr, errmsg, openssl_error_code) ++ ++ if rc == FFI_ERROR then ++ return report_handshake_error(errmsg, openssl_error_code) ++ end ++ ++ if session_ptr[0] == nil then ++ return nil ++ end ++ ++ return ffi_gc(session_ptr[0], ngx_lua_ffi_tls_free_session) ++ end ++ ++ assert(rc == FFI_AGAIN) ++ ++ co_yield() ++ ++ rc = ngx_lua_ffi_socket_tcp_get_tlshandshake_result(r, u, ++ session_ptr, errmsg, openssl_error_code) ++ ++ if rc == FFI_ERROR then ++ return report_handshake_error(errmsg, openssl_error_code) ++ end ++ end ++end ++ ++ ++local function sslhandshake(self, reused_session, server_name, ssl_verify, ++ send_status_req, ...) ++ ++ local n = select("#", ...) ++ if not self or n > 1 then ++ error("ngx.socket sslhandshake: expecting 1 ~ 5 arguments " .. ++ "(including the object), but seen " .. (self and 5 + n or 0)) ++ end ++ ++ cached_options.reused_session = reused_session ++ cached_options.server_name = server_name ++ cached_options.verify = ssl_verify ++ cached_options.ocsp_status_req = send_status_req ++ ++ local res, err = tlshandshake(self, cached_options) ++ ++ clear_tab(cached_options) ++ ++ return res, err ++end ++ ++ ++do ++ local old_socket_tcp = ngx.socket.tcp ++ ++ function ngx.socket.tcp() ++ local ok, sock = pcall(old_socket_tcp) ++ if not ok then ++ error(sock, 2) ++ end ++ ++ sock.tlshandshake = tlshandshake ++ sock.sslhandshake = sslhandshake ++ ++ return sock ++ end ++end ++ ++ ++return { ++ version = base.version ++} diff --git a/patch/1.25.3.1/nginx-client_max_body_size.patch b/patch/1.25.3.1/nginx-client_max_body_size.patch new file mode 100644 index 0000000..4b9e984 --- /dev/null +++ b/patch/1.25.3.1/nginx-client_max_body_size.patch @@ -0,0 +1,127 @@ +diff --git src/http/ngx_http_core_module.c src/http/ngx_http_core_module.c +index 7845f8f..e1e1b77 100644 +--- src/http/ngx_http_core_module.c ++++ src/http/ngx_http_core_module.c +@@ -8,6 +8,9 @@ + #include + #include + #include ++#if (NGX_HTTP_APISIX) ++#include ++#endif + + + typedef struct { +@@ -992,7 +995,12 @@ ngx_http_core_find_config_phase(ngx_http_request_t *r, + "http cl:%O max:%O", + r->headers_in.content_length_n, clcf->client_max_body_size); + ++#if (NGX_HTTP_APISIX) ++ if (!ngx_http_apisix_delay_client_max_body_check(r) ++ && r->headers_in.content_length_n != -1 ++#else + if (r->headers_in.content_length_n != -1 ++#endif + && !r->discard_body + && clcf->client_max_body_size + && clcf->client_max_body_size < r->headers_in.content_length_n) +diff --git src/http/ngx_http_request_body.c src/http/ngx_http_request_body.c +index afb0423..6faa09e 100644 +--- src/http/ngx_http_request_body.c ++++ src/http/ngx_http_request_body.c +@@ -8,6 +8,9 @@ + #include + #include + #include ++#if (NGX_HTTP_APISIX) ++#include ++#endif + + + static void ngx_http_read_client_request_body_handler(ngx_http_request_t *r); +@@ -48,6 +51,25 @@ ngx_http_read_client_request_body(ngx_http_request_t *r, + return NGX_OK; + } + ++#if (NGX_HTTP_APISIX) ++ if (ngx_http_apisix_delay_client_max_body_check(r)) { ++ off_t max_body_size = ngx_http_apisix_client_max_body_size(r); ++ ++ if (r->headers_in.content_length_n != -1 ++ && max_body_size ++ && max_body_size < r->headers_in.content_length_n) ++ { ++ ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, ++ "client intended to send too large body: %O bytes", ++ r->headers_in.content_length_n); ++ ++ r->expect_tested = 1; ++ rc = NGX_HTTP_REQUEST_ENTITY_TOO_LARGE; ++ goto done; ++ } ++ } ++#endif ++ + if (ngx_http_test_expect(r) != NGX_OK) { + rc = NGX_HTTP_INTERNAL_SERVER_ERROR; + goto done; +@@ -1100,6 +1122,10 @@ ngx_http_request_body_chunked_filter(ngx_http_request_t *r, ngx_chain_t *in) + out = NULL; + ll = &out; + ++#if (NGX_HTTP_APISIX) ++ off_t max_body_size = ngx_http_apisix_client_max_body_size(r); ++#endif ++ + if (rb->rest == -1) { + + ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, +@@ -1139,8 +1165,15 @@ ngx_http_request_body_chunked_filter(ngx_http_request_t *r, ngx_chain_t *in) + + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + ++#if (NGX_HTTP_APISIX) ++ (void) clcf; /* unused */ ++ ++ if (max_body_size ++ && max_body_size ++#else + if (clcf->client_max_body_size + && clcf->client_max_body_size ++#endif + - r->headers_in.content_length_n < rb->chunked->size) + { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, +diff --git src/http/v2/ngx_http_v2.c src/http/v2/ngx_http_v2.c +index 0f5bd3d..d343fe7 100644 +--- src/http/v2/ngx_http_v2.c ++++ src/http/v2/ngx_http_v2.c +@@ -9,6 +9,9 @@ + #include + #include + #include ++#if (NGX_HTTP_APISIX) ++#include ++#endif + + + /* errors */ +@@ -4107,10 +4110,18 @@ ngx_http_v2_filter_request_body(ngx_http_request_t *r) + } + + } else { ++#if (NGX_HTTP_APISIX) ++ off_t max_body_size = ngx_http_apisix_client_max_body_size(r); ++ ++ (void) clcf; /* unused */ ++ ++ if (max_body_size && rb->received > max_body_size) ++#else + clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); + + if (clcf->client_max_body_size + && rb->received > clcf->client_max_body_size) ++#endif + { + ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, + "client intended to send too large chunked body: " diff --git a/patch/1.25.3.1/nginx-connection-original-dst.patch b/patch/1.25.3.1/nginx-connection-original-dst.patch new file mode 100644 index 0000000..75d0579 --- /dev/null +++ b/patch/1.25.3.1/nginx-connection-original-dst.patch @@ -0,0 +1,112 @@ +diff --git auto/os/linux auto/os/linux +index 02dcaf2..790bc80 100644 +--- auto/os/linux ++++ auto/os/linux +@@ -215,6 +215,21 @@ ngx_feature_test="struct __user_cap_data_struct data; + (void) SYS_capset" + . auto/feature + ++# netfilter_ipv4 ++ ++ngx_feature="netfilter_ipv4" ++ngx_feature_name="NGX_HAVE_NETFILTER_IPV4" ++ngx_feature_run=no ++ngx_feature_incs="#include " ++ngx_feature_path= ++ngx_feature_libs= ++ngx_feature_test="int so_original_dst; ++ ++ so_original_dst = SO_ORIGINAL_DST; ++ ++ (void) so_original_dst;" ++. auto/feature ++ + + # crypt_r() + +diff --git src/http/ngx_http_variables.c src/http/ngx_http_variables.c +index 4f0bd0e..218668b 100644 +--- src/http/ngx_http_variables.c ++++ src/http/ngx_http_variables.c +@@ -132,6 +132,11 @@ static ngx_int_t ngx_http_variable_connection_requests(ngx_http_request_t *r, + static ngx_int_t ngx_http_variable_connection_time(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); + ++#if (NGX_HAVE_NETFILTER_IPV4) ++static ngx_int_t ngx_http_variable_connection_dst(ngx_http_request_t *r, ++ ngx_http_variable_value_t *v, uintptr_t data); ++#endif ++ + static ngx_int_t ngx_http_variable_nginx_version(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data); + static ngx_int_t ngx_http_variable_hostname(ngx_http_request_t *r, +@@ -351,6 +356,11 @@ static ngx_http_variable_t ngx_http_core_variables[] = { + { ngx_string("connection_time"), NULL, ngx_http_variable_connection_time, + 0, NGX_HTTP_VAR_NOCACHEABLE, 0 }, + ++#if (NGX_HAVE_NETFILTER_IPV4) ++ { ngx_string("connection_original_dst"), NULL, ++ ngx_http_variable_connection_dst, 0, 0, 0 }, ++#endif ++ + { ngx_string("nginx_version"), NULL, ngx_http_variable_nginx_version, + 0, 0, 0 }, + +@@ -2347,6 +2357,43 @@ ngx_http_variable_connection_time(ngx_http_request_t *r, + } + + ++#if (NGX_HAVE_NETFILTER_IPV4) ++static ngx_int_t ++ngx_http_variable_connection_dst(ngx_http_request_t *r, ++ ngx_http_variable_value_t *v, uintptr_t data) ++{ ++ struct sockaddr_in dst; ++ socklen_t socklen; ++ int rn; ++ u_char *p; ++ ++ socklen = sizeof(struct sockaddr_in); ++ ++ rn = getsockopt(r->connection->fd, SOL_IP, SO_ORIGINAL_DST, (void *) &dst, ++ &socklen); ++ if (rn < 0) { ++ ngx_log_error(NGX_LOG_CRIT, r->connection->log, ngx_socket_errno, ++ "getsockopt(SO_ORIGINAL_DST) failed"); ++ return NGX_ERROR; ++ } ++ ++ p = ngx_pnalloc(r->pool, NGX_SOCKADDR_STRLEN); ++ if (p == NULL) { ++ return NGX_ERROR; ++ } ++ ++ v->len = ngx_sock_ntop((struct sockaddr *) &dst, socklen, p, ++ NGX_SOCKADDR_STRLEN, dst.sin_port); ++ v->valid = 1; ++ v->no_cacheable = 0; ++ v->not_found = 0; ++ v->data = p; ++ ++ return NGX_OK; ++} ++#endif ++ ++ + static ngx_int_t + ngx_http_variable_nginx_version(ngx_http_request_t *r, + ngx_http_variable_value_t *v, uintptr_t data) +diff --git src/os/unix/ngx_linux_config.h src/os/unix/ngx_linux_config.h +index 88fef47..1d0d54b 100644 +--- src/os/unix/ngx_linux_config.h ++++ src/os/unix/ngx_linux_config.h +@@ -107,6 +107,9 @@ typedef struct iocb ngx_aiocb_t; + #include + #endif + ++#if (NGX_HAVE_NETFILTER_IPV4) ++#include ++#endif + + #define NGX_LISTEN_BACKLOG 511 + diff --git a/patch/1.25.3.1/nginx-enable_ntls.patch b/patch/1.25.3.1/nginx-enable_ntls.patch new file mode 100644 index 0000000..6cfac49 --- /dev/null +++ b/patch/1.25.3.1/nginx-enable_ntls.patch @@ -0,0 +1,27 @@ +diff --git src/http/ngx_http_request.c src/http/ngx_http_request.c +index bd2be5e..f073b2a 100644 +--- src/http/ngx_http_request.c ++++ src/http/ngx_http_request.c +@@ -8,6 +8,9 @@ + #include + #include + #include ++#if (NGX_HTTP_APISIX) ++#include ++#endif + + + static void ngx_http_wait_request_handler(ngx_event_t *ev); +@@ -774,6 +777,12 @@ ngx_http_ssl_handshake(ngx_event_t *rev) + return; + } + ++#if (TONGSUO_VERSION_NUMBER && NGX_HTTP_APISIX) ++ if (ngx_http_apisix_is_ntls_enabled(hc->conf_ctx)) { ++ SSL_enable_ntls(c->ssl->connection); ++ } ++#endif ++ + ngx_reusable_connection(c, 0); + + rc = ngx_ssl_handshake(c); diff --git a/patch/1.25.3.1/nginx-error_page_contains_apisix.patch b/patch/1.25.3.1/nginx-error_page_contains_apisix.patch new file mode 100644 index 0000000..f3affb1 --- /dev/null +++ b/patch/1.25.3.1/nginx-error_page_contains_apisix.patch @@ -0,0 +1,44 @@ +diff --git docs/html/50x.html docs/html/50x.html +index 0680bcb..bcf7a65 100644 +--- docs/html/50x.html ++++ docs/html/50x.html +@@ -75,9 +75,8 @@ + +
+

An error occurred.

+-

Sorry, the page you are looking for is currently unavailable. Please try again later.

+-

If you are the system administrator of this resource then you should check the error log for details.

+-

Commercial support is available at openresty.com.

++

You can report issue to APISIX

++

Faithfully yours, APISIX.

+
+