diff --git a/www/nginx/Makefile.extmod b/www/nginx/Makefile.extmod index daaac6da544f..bf4bb53f8659 100644 --- a/www/nginx/Makefile.extmod +++ b/www/nginx/Makefile.extmod @@ -1,318 +1,316 @@ ### External modules AJP_GH_TUPLE= yaoweibin:nginx_ajp_module:a964a0b:ajp AJP_CONFIGURE_ON= --add-module=${WRKSRC_ajp} ARRAYVAR_IMPLIES= DEVEL_KIT ARRAYVAR_GH_TUPLE= openresty:array-var-nginx-module:v0.05:arrayvar ARRAYVAR_VARS= DSO_EXTMODS+=arrayvar AWS_AUTH_GH_TUPLE= anomalizer:ngx_aws_auth:21931b2:aws_auth AWS_AUTH_VARS= DSO_EXTMODS+=aws_auth BROTLI_LIB_DEPENDS= libbrotlicommon.so:archivers/brotli BROTLI_GH_TUPLE= google:ngx_brotli:9aec15e:brotli BROTLI_VARS= DSO_EXTMODS+=brotli CACHE_PURGE_GH_TUPLE= nginx-modules:ngx_cache_purge:23dc16a:cache_purge CACHE_PURGE_CONFIGURE_ON= --add-module=${WRKDIR}/ngx_cache_purge-23dc16a CLOJURE_CATEGORIES+= java CLOJURE_USE= JAVA=yes JAVA_OS=native JAVA_VERSION=1.8 \ JAVA_VENDOR=openjdk JAVA_BUILD=yes JAVA_RUN=yes CLOJURE_GH_TUPLE= nginx-clojure:nginx-clojure:v0.5.2:clojure CLOJURE_CONFIGURE_ENV= "JNI_INCS=-I${LOCALBASE}/openjdk8/include -I${LOCALBASE}/openjdk8/include/freebsd" CLOJURE_VARS= DSO_EXTMODS+=clojure CLOJURE_SUBDIR=/src/c CT_IMPLIES= HTTP_SSL CT_GH_TUPLE= grahamedgecombe:nginx-ct:v1.3.2:ct CT_VARS= DSO_EXTMODS+=ct CT_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-nginx-ct-LibreSSL DRIZZLE_LIB_DEPENDS= libdrizzle.so:databases/libdrizzle DRIZZLE_CONFIGURE_ENV= LIBDRIZZLE_INC=${LOCALBASE}/include \ LIBDRIZZLE_LIB=${LOCALBASE}/lib DRIZZLE_GH_TUPLE= openresty:drizzle-nginx-module:v0.1.11:drizzle DRIZZLE_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-openresty-drizzle-nginx-module-config DRIZZLE_VARS= DSO_EXTMODS+=drizzle -DYNAMIC_TLS_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-dynamic-tls - DYNAMIC_UPSTREAM_GH_TUPLE= ZigzagAK:ngx_dynamic_upstream:960eef2:dynamic_upstream DYNAMIC_UPSTREAM_VARS= DSO_EXTMODS+=dynamic_upstream DYNAMIC_HC_GH_TUPLE= ZigzagAK:ngx_dynamic_healthcheck:61acf02:dynamic_hc DYNAMIC_HC_VARS= DSO_EXTMODS+=dynamic_hc DYNAMIC_HC_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_dynamic_healthcheck-config DYNAMIC_HC_IMPLIES= DYNAMIC_UPSTREAM DEVEL_KIT_GH_TUPLE= simpl:ngx_devel_kit:v0.3.1:devel_kit DEVEL_KIT_VARS= FIRST_DSO_EXTMODS+=devel_kit ECHO_GH_TUPLE= openresty:echo-nginx-module:5a402aa:echo ECHO_VARS= DSO_EXTMODS+=echo ENCRYPTSESSION_IMPLIES= DEVEL_KIT ENCRYPTSESSION_GH_TUPLE= openresty:encrypted-session-nginx-module:v0.08:encryptsession ENCRYPTSESSION_VARS= DSO_EXTMODS+=encryptsession FORMINPUT_IMPLIES= DEVEL_KIT FORMINPUT_GH_TUPLE= calio:form-input-nginx-module:v0.12:forminput FORMINPUT_VARS= DSO_EXTMODS+=forminput GRIDFS_GH_TUPLE= technowledgy:nginx_http_gridfs_module:7970bab:gridfs \ 10gen-archive:mongo-c-driver-legacy:f06669b:mongo_c GRIDFS_VARS= DSO_EXTMODS+=gridfs HEADERS_MORE_GH_TUPLE= openresty:headers-more-nginx-module:d6d7eba:headers_more HEADERS_MORE_VARS= DSO_EXTMODS+=headers_more HTTP_ACCEPT_LANGUAGE_GH_TUPLE= dvershinin:nginx_accept_language_module:5683967:accept_language HTTP_ACCEPT_LANGUAGE_VARS= DSO_EXTMODS+=accept_language HTTP_AUTH_DIGEST_GH_TUPLE= atomx:nginx-http-auth-digest:cd86418:auth_digest HTTP_AUTH_DIGEST_VARS= DSO_EXTMODS+=auth_digest HTTP_AUTH_JWT_GH_TUPLE= TeslaGov:ngx-http-auth-jwt-module:80d89d9:http_auth_jwt HTTP_AUTH_JWT_VARS= DSO_EXTMODS+=http_auth_jwt HTTP_AUTH_JWT_LIB_DEPENDS= libjwt.so:www/libjwt libjansson.so:devel/jansson HTTP_AUTH_KRB5_GH_TUPLE= stnoonan:spnego-http-auth-nginx-module:72c8ee0:auth_krb5 HTTP_AUTH_KRB5_VARS= DSO_EXTMODS+=auth_krb5 HTTP_AUTH_KRB5_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-spnego-http-auth-nginx-module-config HTTP_AUTH_LDAP_GH_TUPLE= kvspb:nginx-auth-ldap:42d195d:http_auth_ldap HTTP_AUTH_LDAP_VARS= DSO_EXTMODS+=http_auth_ldap HTTP_AUTH_LDAP_USE= openldap=yes HTTP_AUTH_PAM_GH_TUPLE= sto:ngx_http_auth_pam_module:v1.5.1:auth_pam HTTP_AUTH_PAM_VARS= DSO_EXTMODS+=auth_pam HTTP_DAV_EXT_IMPLIES= HTTP_DAV HTTP_DAV_EXT_LIB_DEPENDS= libexpat.so:textproc/expat2 HTTP_DAV_EXT_GH_TUPLE= arut:nginx-dav-ext-module:v3.0.0:dav_ext HTTP_DAV_EXT_VARS= DSO_EXTMODS+=dav_ext HTTP_DAV_EXT_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_http_dav_ext_module.c HTTP_EVAL_GH_TUPLE= openresty:nginx-eval-module:582bd25:eval HTTP_EVAL_VARS= DSO_EXTMODS+=eval HTTP_FANCYINDEX_GH_TUPLE= aperezdc:ngx-fancyindex:v0.5.1:fancyindex HTTP_FANCYINDEX_VARS= DSO_EXTMODS+=fancyindex HTTP_FOOTER_GH_TUPLE= alibaba:nginx-http-footer-filter:1.2.2:footer HTTP_FOOTER_VARS= DSO_EXTMODS+=footer HTTP_FOOTER_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-nginx-http-footer-filter-config HTTP_GEOIP2_GH_TUPLE= leev:ngx_http_geoip2_module:3.3:geoip2 HTTP_GEOIP2_CFLAGS= -I${LOCALBASE}/include HTTP_GEOIP2_VARS= DSO_EXTMODS+=geoip2 HTTP_GEOIP2_LIB_DEPENDS= libmaxminddb.so:net/libmaxminddb HTTP_IP2LOCATION_GH_TUPLE= ip2location:ip2location-nginx:7aa49ce:ip2location HTTP_IP2LOCATION_LIB_DEPENDS= libIP2Location.so:net/ip2location HTTP_IP2LOCATION_VARS= DSO_EXTMODS+=ip2location HTTP_IP2PROXY_GH_TUPLE= ip2location:ip2proxy-nginx:f9815e3:ip2proxy HTTP_IP2PROXY_LIB_DEPENDS= libIP2Proxy.so:net/ip2proxy HTTP_IP2PROXY_VARS= DSO_EXTMODS+=ip2proxy HTTP_IP2PROXY_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ip2proxy HTTP_JSON_STATUS_GH_TUPLE= nginx-modules:ngx_http_json_status_module:1d2f303:json_status HTTP_JSON_STATUS_VARS= DSO_EXTMODS+=json_status HTTP_JSON_STATUS_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_http_json_status_module-config HTTP_MOGILEFS_MASTER_SITES= http://www.grid.net.ru/nginx/download/:mogilefs HTTP_MOGILEFS_DISTFILES= nginx_mogilefs_module-1.0.4.tar.gz:mogilefs HTTP_MOGILEFS_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_http_mogilefs_module.c \ ${PATCHDIR}/extra-patch-nginx_mogilefs_module-config HTTP_MOGILEFS_VARS= DSO_EXTDIRS+=nginx_mogilefs_module-1.0.4 HTTP_MP4_H264_MASTER_SITES= http://h264.code-shop.com/download/:mp4streaming HTTP_MP4_H264_CONFIGURE_ON= --with-cc-opt="-DLARGEFILE_SOURCE -DBUILDING_NGINX" HTTP_MP4_H264_DISTFILES= nginx_mod_h264_streaming-2.2.7.tar.gz:mp4streaming HTTP_MP4_H264_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_http_streaming_module.c \ ${PATCHDIR}/extra-patch-nginx_mod_h264_streaming-config HTTP_MP4_H264_VARS= DSO_EXTDIRS+=nginx_mod_h264_streaming-2.2.7 HTTP_NOTICE_GH_TUPLE= kr:nginx-notice:3c95966:notice HTTP_NOTICE_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_http_notice_module.c \ ${PATCHDIR}/extra-patch-nginx-notice-config HTTP_NOTICE_VARS= DSO_EXTMODS+=notice HTTP_PUSH_GH_TUPLE= slact:nchan:v1.2.7:push HTTP_PUSH_VARS= DSO_EXTMODS+=push HTTP_PUSH_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-nchan-store-private.h \ ${PATCHDIR}/extra-patch-nchan-store-redis-redis_lua_commands.h HTTP_PUSH_STREAM_GH_TUPLE= wandenberg:nginx-push-stream-module:0.5.4:pushstream HTTP_PUSH_STREAM_VARS= DSO_EXTMODS+=pushstream HTTP_REDIS_MASTER_SITES= LOCAL/osa:redis HTTP_REDIS_DISTFILES= ngx_http_redis-0.3.9.tar.gz:redis HTTP_REDIS_VARS= DSO_EXTDIRS+=ngx_http_redis-0.3.9 HTTP_RESPONSE_MASTER_SITES= http://catap.ru/downloads/nginx/:response HTTP_RESPONSE_DISTFILES= ngx_http_response-0.3.tar.gz:response HTTP_RESPONSE_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_http_response-config HTTP_RESPONSE_VARS= DSO_EXTDIRS+=ngx_http_response-0.3 HTTP_SLICE_AHEAD_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-src_http_modules_ngx__http__slice_read_ahead.c HTTP_SUBS_FILTER_GH_TUPLE= yaoweibin:ngx_http_substitutions_filter_module:b8a71ea:subs_filter HTTP_SUBS_FILTER_VARS= DSO_EXTMODS+=subs_filter HTTP_TARANTOOL_LIB_DEPENDS= libmsgpuck.so:devel/msgpuck \ libyajl.so:devel/yajl HTTP_TARANTOOL_GH_TUPLE= tarantool:nginx_upstream_module:1278ee5:nginx_tarantool HTTP_TARANTOOL_VARS= DSO_EXTMODS+=nginx_tarantool HTTP_TARANTOOL_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_http_tarantool-config \ ${PATCHDIR}/extra-patch-ngx_http_tarantool-src-tp_transcode.c HTTP_UPLOAD_GH_TUPLE= fdintino:nginx-upload-module:aa42509:upload HTTP_UPLOAD_VARS= DSO_EXTMODS+=upload HTTP_UPLOAD_PROGRESS_GH_TUPLE= masterzen:nginx-upload-progress-module:afb2d31:uploadprogress HTTP_UPLOAD_PROGRESS_VARS= DSO_EXTMODS+=uploadprogress HTTP_UPSTREAM_CHECK_GH_TUPLE= yaoweibin:nginx_upstream_check_module:9aecf15:upstreamcheck HTTP_UPSTREAM_CHECK_CONFIGURE_ON= --add-module=${WRKSRC_upstreamcheck} HTTP_UPSTREAM_CHECK_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-src-http-modules-ngx_http_upstream_hash_module.c \ ${PATCHDIR}/extra-patch-src-http-modules-ngx_http_upstream_ip_hash_module.c \ ${PATCHDIR}/extra-patch-src-http-modules-ngx_http_upstream_least_conn_module.c \ ${PATCHDIR}/extra-patch-src-http-ngx_http_upstream_round_robin.c \ ${PATCHDIR}/extra-patch-src-http-ngx_http_upstream_round_robin.h HTTP_UPSTREAM_FAIR_GH_TUPLE= jaygooby:nginx-upstream-fair:10ecdcf:upstreamfair HTTP_UPSTREAM_FAIR_VARS= DSO_EXTMODS+=upstreamfair HTTP_UPSTREAM_STICKY_IMPLIES= HTTP_SSL HTTP_UPSTREAM_STICKY_GH_TUPLE= ayty-adrianomartins:nginx-sticky-module-ng:c407e0d:upstreamsticky HTTP_UPSTREAM_STICKY_VARS= DSO_EXTMODS+=upstreamsticky HTTP_VIDEO_THUMBEXTRACTOR_LIB_DEPENDS= libavformat.so:multimedia/ffmpeg \ libavcodec.so:multimedia/ffmpeg \ libavutil.so:multimedia/ffmpeg \ libswscale.so:multimedia/ffmpeg HTTP_VIDEO_THUMBEXTRACTOR_USES= jpeg HTTP_VIDEO_THUMBEXTRACTOR_GH_TUPLE= Novetta:nginx-video-thumbextractor-module:f5b5bae:vte HTTP_VIDEO_THUMBEXTRACTOR_VARS= DSO_EXTMODS+=vte HTTP_ZIP_GH_TUPLE= rtm-ctrlz:mod_zip:cfd0be4:mod_zip HTTP_ZIP_VARS= DSO_EXTMODS+=mod_zip HTTPV2_AUTOTUNE_IMPLIES=HTTPV2 HTTPV2_AUTOTUNE_CONFIGURE_ON= --with-http_v2_autotune_upload HTTPV2_AUTOTUNE_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-h2-autotune ICONV_IMPLIES= DEVEL_KIT ICONV_USES= iconv ICONV_GH_TUPLE= calio:iconv-nginx-module:v0.14:iconv ICONV_VARS= DSO_EXTMODS+=iconv ICONV_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-calio-iconv-nginx-module-config LET_GH_TUPLE= baysao:nginx-let-module:c1f23aa:let LET_VARS= DSO_EXTMODS+=let LINK_GH_TUPLE= Taymindis:nginx-link-function:3.2.4:link LINK_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-nginx-link-function-config \ ${PATCHDIR}/extra-patch-ngx_link_func_module.c LINK_VARS= DSO_EXTMODS+=link LUA_IMPLIES= DEVEL_KIT LUA_LIB_DEPENDS= libluajit-5.1.so:lang/luajit-openresty LUA_RUN_DEPENDS= lua-resty-core>0:www/lua-resty-core LUA_CONFIGURE_ENV= LUAJIT_INC=${LOCALBASE}/include/luajit-2.1 \ LUAJIT_LIB=${LOCALBASE}/lib LUA_GH_TUPLE= openresty:lua-nginx-module:v0.10.19:lua LUA_VARS= DSO_EXTMODS+=lua MEMC_GH_TUPLE= openresty:memc-nginx-module:v0.19:memc MEMC_VARS= DSO_EXTMODS+=memc MODSECURITY3_IMPLIES= HTTP_ADDITION HTTP_IMAGE_FILTER HTTP_GUNZIP_FILTER HTTP_XSLT MODSECURITY3_LIB_DEPENDS= libmodsecurity.so:security/modsecurity3 MODSECURITY3_GH_TUPLE= SpiderLabs:ModSecurity-nginx:v1.0.1:modsec MODSECURITY3_VARS= DSO_EXTMODS+=modsec NAXSI_NGINX_VER= 1.3 NAXSI_GH_TUPLE= nbs-system:naxsi:${NAXSI_NGINX_VER}:naxsi NAXSI_VARS= DSO_EXTMODS+=naxsi NAXSI_SUBDIR=/naxsi_src NJS_GH_TUPLE= nginx:njs:0.5.2:njs NJS_VARS= DSO_EXTMODS+=njs NJS_SUBDIR=/nginx NJS_USES= libedit OPENTRACING_GH_TUPLE= opentracing-contrib:nginx-opentracing:2d81c29:opentracing OPENTRACING_LIB_DEPENDS= libopentracing.so:devel/libopentracing OPENTRACING_VARS= DSO_EXTMODS+=opentracing OPENTRACING_SUBDIR=/opentracing OPENTRACING_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-nginx-opentracing-opentracing-config PASSENGER_NGINX_VER= 6.0.8 PASSENGER_CATEGORIES= ruby PASSENGER_USE= ruby=yes PASSENGER_BUILD_DEPENDS=${LOCALBASE}/bin/rake:devel/rubygem-rake PASSENGER_RAKE_BIN= ${LOCALBASE}/bin/rake PASSENGER_MASTER_SITES= http://s3.amazonaws.com/phusion-passenger/releases/:passenger PASSENGER_DISTFILES= passenger-${PASSENGER_NGINX_VER}.tar.gz:passenger PASSENGER_VARS= WRKSRC_passenger=${WRKDIR}/passenger-${PASSENGER_NGINX_VER} \ DSO_EXTDIRS+=passenger-${PASSENGER_NGINX_VER}/src/nginx_module PASSENGER_EXTRA_PATCHES=${PATCHDIR}/extra-patch-passenger-build-nginx.rb \ ${PATCHDIR}/extra-patch-passenger-disable-telemetry POSTGRES_USES= pgsql POSTGRES_GH_TUPLE= konstruxi:ngx_postgres:8aa7359:postgres POSTGRES_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_postgres-config POSTGRES_VARS= DSO_EXTMODS+=postgres RDS_CSV_GH_TUPLE= openresty:rds-csv-nginx-module:v0.09:rdscsv RDS_CSV_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-rds-csv-nginx-module-config RDS_CSV_VARS= DSO_EXTMODS+=rdscsv RDS_JSON_GH_TUPLE= openresty:rds-json-nginx-module:v0.15:rdsjson RDS_JSON_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-rds-json-nginx-module-config RDS_JSON_VARS= DSO_EXTMODS+=rdsjson REDIS2_GH_TUPLE= openresty:redis2-nginx-module:v0.15:redis2 REDIS2_VARS= DSO_EXTMODS+=redis2 RTMP_GH_TUPLE= ut0mt8:nginx-rtmp-module:791b613:rtmp RTMP_VARS= DSO_EXTMODS+=rtmp SET_MISC_IMPLIES= DEVEL_KIT SET_MISC_GH_TUPLE= openresty:set-misc-nginx-module:4667684:setmisc SET_MISC_VARS= DSO_EXTMODS+=setmisc SFLOW_GH_TUPLE= sflow:nginx-sflow-module:543c72a:sflow SFLOW_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-ngx_http_sflow_config.c \ ${PATCHDIR}/extra-patch-ngx_http_sflow_config.h \ ${PATCHDIR}/extra-patch-ngx_http_sflow_module.c SHIBBOLETH_GH_TUPLE= nginx-shib:nginx-http-shibboleth:a386c18:shibboleth SHIBBOLETH_VARS= DSO_EXTMODS+=shibboleth SLOWFS_CACHE_GH_TUPLE= baysao:ngx_slowfs_cache:d011a18:slowfs_cache SLOWFS_CACHE_VARS= DSO_EXTMODS+=slowfs_cache SMALL_LIGHT_LIB_DEPENDS= libMagickWand-6.so:graphics/ImageMagick6 \ libpcre.so:devel/pcre SMALL_LIGHT_GH_TUPLE= cubicdaiya:ngx_small_light:v0.9.2:small_light SMALL_LIGHT_VARS= DSO_EXTMODS+=small_light SRCACHE_GH_TUPLE= openresty:srcache-nginx-module:v0.32:srcache SRCACHE_VARS= DSO_EXTMODS+=srcache VOD_GH_TUPLE= kaltura:nginx-vod-module:1.27:vod VOD_USE= GNOME=libxml2 VOD_USES= iconv VOD_VARS= DSO_EXTMODS+=vod VOD_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-nginx-vod-module-config VTS_GH_TUPLE= vozlt:nginx-module-vts:v0.1.18:vts VTS_CONFIGURE_ON= --add-module=${WRKSRC_vts} XSS_GH_TUPLE= openresty:xss-nginx-module:v0.06:xss XSS_VARS= DSO_EXTMODS+=xss XSS_EXTRA_PATCHES= ${PATCHDIR}/extra-patch-xss-nginx-module-config WEBSOCKIFY_GH_TUPLE= tg123:websockify-nginx-module:e82d254:websockify WEBSOCKIFY_CONFIGURE_ON= --add-module=${WRKSRC_websockify} diff --git a/www/nginx/files/extra-patch-dynamic-tls b/www/nginx/files/extra-patch-dynamic-tls deleted file mode 100644 index 86b617a55750..000000000000 --- a/www/nginx/files/extra-patch-dynamic-tls +++ /dev/null @@ -1,225 +0,0 @@ ---- src/event/ngx_event_openssl.c.orig 2021-04-20 13:35:47 UTC -+++ src/event/ngx_event_openssl.c -@@ -1616,6 +1616,7 @@ ngx_ssl_create_connection(ngx_ssl_t *ssl - - sc->buffer = ((flags & NGX_SSL_BUFFER) != 0); - sc->buffer_size = ssl->buffer_size; -+ sc->dyn_rec = ssl->dyn_rec; - - sc->session_ctx = ssl->ctx; - -@@ -2555,6 +2556,41 @@ ngx_ssl_send_chain(ngx_connection_t *c, - - for ( ;; ) { - -+ /* Dynamic record resizing: -+ We want the initial records to fit into one TCP segment -+ so we don't get TCP HoL blocking due to TCP Slow Start. -+ A connection always starts with small records, but after -+ a given amount of records sent, we make the records larger -+ to reduce header overhead. -+ After a connection has idled for a given timeout, begin -+ the process from the start. The actual parameters are -+ configurable. If dyn_rec_timeout is 0, we assume dyn_rec is off. */ -+ -+ if (c->ssl->dyn_rec.timeout > 0 ) { -+ -+ if (ngx_current_msec - c->ssl->dyn_rec_last_write > -+ c->ssl->dyn_rec.timeout) -+ { -+ buf->end = buf->start + c->ssl->dyn_rec.size_lo; -+ c->ssl->dyn_rec_records_sent = 0; -+ -+ } else { -+ if (c->ssl->dyn_rec_records_sent > -+ c->ssl->dyn_rec.threshold * 2) -+ { -+ buf->end = buf->start + c->ssl->buffer_size; -+ -+ } else if (c->ssl->dyn_rec_records_sent > -+ c->ssl->dyn_rec.threshold) -+ { -+ buf->end = buf->start + c->ssl->dyn_rec.size_hi; -+ -+ } else { -+ buf->end = buf->start + c->ssl->dyn_rec.size_lo; -+ } -+ } -+ } -+ - while (in && buf->last < buf->end && send < limit) { - if (in->buf->last_buf || in->buf->flush) { - flush = 1; -@@ -2662,6 +2698,9 @@ ngx_ssl_write(ngx_connection_t *c, u_cha - - if (n > 0) { - -+ c->ssl->dyn_rec_records_sent++; -+ c->ssl->dyn_rec_last_write = ngx_current_msec; -+ - if (c->ssl->saved_read_handler) { - - c->read->handler = c->ssl->saved_read_handler; ---- src/event/ngx_event_openssl.h.orig 2021-04-20 13:35:47 UTC -+++ src/event/ngx_event_openssl.h -@@ -66,11 +66,19 @@ - - typedef struct ngx_ssl_ocsp_s ngx_ssl_ocsp_t; - -+typedef struct { -+ ngx_msec_t timeout; -+ ngx_uint_t threshold; -+ size_t size_lo; -+ size_t size_hi; -+} ngx_ssl_dyn_rec_t; -+ - - struct ngx_ssl_s { - SSL_CTX *ctx; - ngx_log_t *log; - size_t buffer_size; -+ ngx_ssl_dyn_rec_t dyn_rec; - }; - - -@@ -106,6 +114,10 @@ struct ngx_ssl_connection_s { - unsigned in_ocsp:1; - unsigned early_preread:1; - unsigned write_blocked:1; -+ -+ ngx_ssl_dyn_rec_t dyn_rec; -+ ngx_msec_t dyn_rec_last_write; -+ ngx_uint_t dyn_rec_records_sent; - }; - - -@@ -115,7 +127,7 @@ struct ngx_ssl_connection_s { - #define NGX_SSL_DFLT_BUILTIN_SCACHE -5 - - --#define NGX_SSL_MAX_SESSION_SIZE 4096 -+#define NGX_SSL_MAX_SESSION_SIZE 16384 - - typedef struct ngx_ssl_sess_id_s ngx_ssl_sess_id_t; - ---- src/http/modules/ngx_http_ssl_module.c.orig 2021-04-20 13:35:47 UTC -+++ src/http/modules/ngx_http_ssl_module.c -@@ -301,6 +301,41 @@ static ngx_command_t ngx_http_ssl_comma - offsetof(ngx_http_ssl_srv_conf_t, reject_handshake), - NULL }, - -+ { ngx_string("ssl_dyn_rec_enable"), -+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, -+ ngx_conf_set_flag_slot, -+ NGX_HTTP_SRV_CONF_OFFSET, -+ offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_enable), -+ NULL }, -+ -+ { ngx_string("ssl_dyn_rec_timeout"), -+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, -+ ngx_conf_set_msec_slot, -+ NGX_HTTP_SRV_CONF_OFFSET, -+ offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_timeout), -+ NULL }, -+ -+ { ngx_string("ssl_dyn_rec_size_lo"), -+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, -+ ngx_conf_set_size_slot, -+ NGX_HTTP_SRV_CONF_OFFSET, -+ offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_size_lo), -+ NULL }, -+ -+ { ngx_string("ssl_dyn_rec_size_hi"), -+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, -+ ngx_conf_set_size_slot, -+ NGX_HTTP_SRV_CONF_OFFSET, -+ offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_size_hi), -+ NULL }, -+ -+ { ngx_string("ssl_dyn_rec_threshold"), -+ NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_FLAG, -+ ngx_conf_set_num_slot, -+ NGX_HTTP_SRV_CONF_OFFSET, -+ offsetof(ngx_http_ssl_srv_conf_t, dyn_rec_threshold), -+ NULL }, -+ - ngx_null_command - }; - -@@ -637,6 +672,11 @@ ngx_http_ssl_create_srv_conf(ngx_conf_t - sscf->ocsp_cache_zone = NGX_CONF_UNSET_PTR; - sscf->stapling = NGX_CONF_UNSET; - sscf->stapling_verify = NGX_CONF_UNSET; -+ sscf->dyn_rec_enable = NGX_CONF_UNSET; -+ sscf->dyn_rec_timeout = NGX_CONF_UNSET_MSEC; -+ sscf->dyn_rec_size_lo = NGX_CONF_UNSET_SIZE; -+ sscf->dyn_rec_size_hi = NGX_CONF_UNSET_SIZE; -+ sscf->dyn_rec_threshold = NGX_CONF_UNSET_UINT; - - return sscf; - } -@@ -712,6 +752,20 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t * - ngx_conf_merge_str_value(conf->stapling_responder, - prev->stapling_responder, ""); - -+ ngx_conf_merge_value(conf->dyn_rec_enable, prev->dyn_rec_enable, 0); -+ ngx_conf_merge_msec_value(conf->dyn_rec_timeout, prev->dyn_rec_timeout, -+ 1000); -+ /* Default sizes for the dynamic record sizes are defined to fit maximal -+ TLS + IPv6 overhead in a single TCP segment for lo and 3 segments for hi: -+ 1369 = 1500 - 40 (IP) - 20 (TCP) - 10 (Time) - 61 (Max TLS overhead) */ -+ ngx_conf_merge_size_value(conf->dyn_rec_size_lo, prev->dyn_rec_size_lo, -+ 1369); -+ /* 4229 = (1500 - 40 - 20 - 10) * 3 - 61 */ -+ ngx_conf_merge_size_value(conf->dyn_rec_size_hi, prev->dyn_rec_size_hi, -+ 4229); -+ ngx_conf_merge_uint_value(conf->dyn_rec_threshold, prev->dyn_rec_threshold, -+ 40); -+ - conf->ssl.log = cf->log; - - if (conf->enable) { -@@ -943,6 +997,28 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t * - return NGX_CONF_ERROR; - } - -+ if (conf->dyn_rec_enable) { -+ conf->ssl.dyn_rec.timeout = conf->dyn_rec_timeout; -+ conf->ssl.dyn_rec.threshold = conf->dyn_rec_threshold; -+ -+ if (conf->buffer_size > conf->dyn_rec_size_lo) { -+ conf->ssl.dyn_rec.size_lo = conf->dyn_rec_size_lo; -+ -+ } else { -+ conf->ssl.dyn_rec.size_lo = conf->buffer_size; -+ } -+ -+ if (conf->buffer_size > conf->dyn_rec_size_hi) { -+ conf->ssl.dyn_rec.size_hi = conf->dyn_rec_size_hi; -+ -+ } else { -+ conf->ssl.dyn_rec.size_hi = conf->buffer_size; -+ } -+ -+ } else { -+ conf->ssl.dyn_rec.timeout = 0; -+ } -+ - return NGX_CONF_OK; - } - ---- src/http/modules/ngx_http_ssl_module.h.orig 2021-04-20 13:35:47 UTC -+++ src/http/modules/ngx_http_ssl_module.h -@@ -67,6 +67,12 @@ typedef struct { - - u_char *file; - ngx_uint_t line; -+ -+ ngx_flag_t dyn_rec_enable; -+ ngx_msec_t dyn_rec_timeout; -+ size_t dyn_rec_size_lo; -+ size_t dyn_rec_size_hi; -+ ngx_uint_t dyn_rec_threshold; - } ngx_http_ssl_srv_conf_t; - -