diff --git a/.github/workflows/gm-cron.yaml b/.github/workflows/gm-cron.yaml.disabled similarity index 100% rename from .github/workflows/gm-cron.yaml rename to .github/workflows/gm-cron.yaml.disabled diff --git a/.github/workflows/gm.yml b/.github/workflows/gm.yml.disabled similarity index 100% rename from .github/workflows/gm.yml rename to .github/workflows/gm.yml.disabled diff --git a/.requirements b/.requirements index b5d22118a3c4..bbfa42c49801 100644 --- a/.requirements +++ b/.requirements @@ -17,4 +17,4 @@ APISIX_PACKAGE_NAME=apisix -APISIX_RUNTIME=1.1.1 +APISIX_RUNTIME=1.2.0 diff --git a/apisix/cli/ngx_tpl.lua b/apisix/cli/ngx_tpl.lua index d4d78a2197d8..121f39f0501f 100644 --- a/apisix/cli/ngx_tpl.lua +++ b/apisix/cli/ngx_tpl.lua @@ -628,12 +628,15 @@ http { {% end %} server { + {% if enable_http2 then %} + http2 on; + {% end %} {% for _, item in ipairs(node_listen) do %} - listen {* item.ip *}:{* item.port *} default_server {% if item.enable_http2 then %} http2 {% end %} {% if enable_reuseport then %} reuseport {% end %}; + listen {* item.ip *}:{* item.port *} default_server {% if enable_reuseport then %} reuseport {% end %}; {% end %} {% if ssl.enable then %} {% for _, item in ipairs(ssl.listen) do %} - listen {* item.ip *}:{* item.port *} ssl default_server {% if item.enable_http2 then %} http2 {% end %} {% if enable_reuseport then %} reuseport {% end %}; + listen {* item.ip *}:{* item.port *} ssl default_server {% if enable_reuseport then %} reuseport {% end %}; {% end %} {% end %} {% if proxy_protocol and proxy_protocol.listen_http_port then %} diff --git a/apisix/cli/ops.lua b/apisix/cli/ops.lua index 836c87bce521..918d1c81bdfb 100644 --- a/apisix/cli/ops.lua +++ b/apisix/cli/ops.lua @@ -413,6 +413,7 @@ Please modify "admin_key" in conf/config.yaml . end end + local enable_http2_global = false local node_listen = {} -- listen in http, support multiple ports and specific IP, compatible with the original style if type(yaml_conf.apisix.node_listen) == "number" then @@ -443,6 +444,9 @@ Please modify "admin_key" in conf/config.yaml . if enable_http2 == nil then enable_http2 = false end + if enable_http2 == true then + enable_http2_global = true + end listen_table_insert(node_listen, "http", ip, port, enable_http2, enable_ipv6) @@ -473,12 +477,16 @@ Please modify "admin_key" in conf/config.yaml . if enable_http2 == nil then enable_http2 = false end + if enable_http2 == true then + enable_http2_global = true + end listen_table_insert(ssl_listen, "https", ip, port, enable_http2, enable_ipv6) end yaml_conf.apisix.ssl.listen = ssl_listen + yaml_conf.apisix.enable_http2 = enable_http2_global if yaml_conf.apisix.ssl.ssl_trusted_certificate ~= nil then local cert_path = yaml_conf.apisix.ssl.ssl_trusted_certificate diff --git a/apisix/core/request.lua b/apisix/core/request.lua index aa9dd03bf7bc..0c614edf1b20 100644 --- a/apisix/core/request.lua +++ b/apisix/core/request.lua @@ -282,6 +282,15 @@ function _M.get_body(max_size, ctx) end end + -- check content-length header for http2/http3 + do + local var = ctx and ctx.var or ngx.var + local content_length = tonumber(var.http_content_length) + if (var.server_protocol == "HTTP/2.0" or var.server_protocol == "HTTP/3.0") + and not content_length then + return nil, "HTTP2/HTTP3 request without a Content-Length header" + end + end req_read_body() local req_body = req_get_body_data() diff --git a/apisix/plugins/ext-plugin/init.lua b/apisix/plugins/ext-plugin/init.lua index 424f29dc4f9b..2631afd36fb3 100644 --- a/apisix/plugins/ext-plugin/init.lua +++ b/apisix/plugins/ext-plugin/init.lua @@ -935,13 +935,14 @@ end local runner local function setup_runner(cmd) - runner = spawn_proc(cmd) ngx_timer_at(0, function(premature) if premature then return end + runner = spawn_proc(cmd) + while not exiting() do while true do -- drain output @@ -968,7 +969,6 @@ local function setup_runner(cmd) end runner = nil - local ok, err = events:post(events_list._source, events_list.runner_exit) if not ok then core.log.error("post event failure with ", events_list._source, ", error: ", err) diff --git a/ci/centos7-ci.sh b/ci/centos7-ci.sh index 344552e9f4ef..044c6239d3ce 100755 --- a/ci/centos7-ci.sh +++ b/ci/centos7-ci.sh @@ -44,10 +44,7 @@ install_dependencies() { yum install -y yum-utils && yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo yum install -y openresty-pcre-devel openresty-zlib-devel - export runtime_version=${APISIX_RUNTIME} - wget "https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/build-apisix-runtime.sh" - chmod +x build-apisix-runtime.sh - ./build-apisix-runtime.sh latest + install_apisix_runtime curl -o /usr/local/openresty/openssl3/ssl/openssl.cnf \ https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/conf/openssl3/openssl.cnf diff --git a/ci/common.sh b/ci/common.sh index 9aa132af1c06..7e9f65e385b6 100644 --- a/ci/common.sh +++ b/ci/common.sh @@ -75,6 +75,13 @@ install_curl () { curl -V } +install_apisix_runtime() { + export runtime_version=${APISIX_RUNTIME} + wget "https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/build-apisix-runtime.sh" + chmod +x build-apisix-runtime.sh + ./build-apisix-runtime.sh latest +} + install_grpcurl () { # For more versions, visit https://github.com/fullstorydev/grpcurl/releases GRPCURL_VERSION="1.8.5" diff --git a/ci/linux-install-openresty.sh b/ci/linux-install-openresty.sh index 8d24334173e9..f55bb114095f 100755 --- a/ci/linux-install-openresty.sh +++ b/ci/linux-install-openresty.sh @@ -51,10 +51,7 @@ if [ "$OPENRESTY_VERSION" == "source" ]; then fi fi -export runtime_version=${APISIX_RUNTIME} -wget "https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/build-apisix-runtime.sh" -chmod +x build-apisix-runtime.sh -./build-apisix-runtime.sh latest +install_apisix_runtime if [ ! "$ENABLE_FIPS" == "true" ]; then curl -o /usr/local/openresty/openssl3/ssl/openssl.cnf \ diff --git a/ci/redhat-ci.sh b/ci/redhat-ci.sh index c10e047d4a48..e6a50e2b6ebe 100755 --- a/ci/redhat-ci.sh +++ b/ci/redhat-ci.sh @@ -38,10 +38,7 @@ install_dependencies() { yum install -y yum-utils && yum-config-manager --add-repo https://openresty.org/package/centos/openresty.repo yum install -y openresty-pcre-devel openresty-zlib-devel - export runtime_version=${APISIX_RUNTIME} - wget "https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/build-apisix-runtime.sh" - chmod +x build-apisix-runtime.sh - ./build-apisix-runtime.sh latest + install_apisix_runtime curl -o /usr/local/openresty/openssl3/ssl/openssl.cnf \ https://raw.githubusercontent.com/api7/apisix-build-tools/apisix-runtime/${APISIX_RUNTIME}/conf/openssl3/openssl.cnf diff --git a/t/APISIX.pm b/t/APISIX.pm index 9a98176c36ec..be640c2bc98a 100644 --- a/t/APISIX.pm +++ b/t/APISIX.pm @@ -726,7 +726,8 @@ _EOC_ $config .= <<_EOC_; $ipv6_listen_conf - listen 1994 ssl http2; + listen 1994 ssl; + http2 on; ssl_certificate cert/apisix.crt; ssl_certificate_key cert/apisix.key; lua_ssl_trusted_certificate cert/apisix.crt; diff --git a/t/cli/test_main.sh b/t/cli/test_main.sh index 3b0cab766d59..1835ef5bbe27 100755 --- a/t/cli/test_main.sh +++ b/t/cli/test_main.sh @@ -152,7 +152,7 @@ if [ $count_http_specific_ip -ne 2 ]; then exit 1 fi -count_http_specific_ip_and_enable_http2=`grep -c "listen 127.0.0..:908. default_server http2" conf/nginx.conf || true` +count_http_specific_ip_and_enable_http2=`grep -c "http2 on" conf/nginx.conf || true` if [ $count_http_specific_ip_and_enable_http2 -ne 1 ]; then echo "failed: failed to support specific IP and enable http2 listen in http" exit 1 @@ -164,7 +164,7 @@ if [ $count_https_specific_ip -ne 2 ]; then exit 1 fi -count_https_specific_ip_and_enable_http2=`grep -c "listen 127.0.0..:944. ssl default_server http2" conf/nginx.conf || true` +count_https_specific_ip_and_enable_http2=`grep -c "http2 on" conf/nginx.conf || true` if [ $count_https_specific_ip_and_enable_http2 -ne 1 ]; then echo "failed: failed to support specific IP and enable http2 listen in https" exit 1 diff --git a/t/plugin/azure-functions.t b/t/plugin/azure-functions.t index 2ab2f91178cb..72f9bbc6b2f7 100644 --- a/t/plugin/azure-functions.t +++ b/t/plugin/azure-functions.t @@ -189,6 +189,8 @@ X-Extra-Header: MUST --- http2 --- request GET /azure +--- more_headers +Content-Length: 0 --- response_body faas invoked @@ -208,6 +210,8 @@ server: APISIX/2.10.2 --- http2 --- request HEAD /azure +--- more_headers +Content-Length: 0 --- response_headers Connection: Upgrade: @@ -456,3 +460,51 @@ invocation /api/http/trigger successful } --- response_body invocation /api successful + + + +=== TEST 14: create route with azure-function plugin enabled +--- config + location /t { + content_by_lua_block { + local t = require("lib.test_admin").test + + local code, body = t('/apisix/admin/routes/1', + ngx.HTTP_PUT, + [[{ + "plugins": { + "azure-functions": { + "function_uri": "http://localhost:8765/httptrigger" + } + }, + "upstream": { + "nodes": { + "127.0.0.1:1982": 1 + }, + "type": "roundrobin" + }, + "uri": "/azure" + }]] + ) + + if code >= 300 then + ngx.status = code + ngx.say("fail") + return + end + + ngx.say(body) + } + } +--- response_body +passed + + + +=== TEST 15: http2 failed to check response body and headers +--- http2 +--- request +GET /azure +--- error_code: 400 +--- error_log +HTTP2/HTTP3 request without a Content-Length header, diff --git a/t/plugin/proxy-rewrite2.t b/t/plugin/proxy-rewrite2.t index a519968ba7d1..7096e4aad249 100644 --- a/t/plugin/proxy-rewrite2.t +++ b/t/plugin/proxy-rewrite2.t @@ -202,7 +202,7 @@ GET /echo X-Forwarded-Proto: http X-Forwarded-Proto: grpc --- response_headers -X-Forwarded-Proto: http +X-Forwarded-Proto: http, grpc