diff options
Diffstat (limited to 'web/server')
| -rw-r--r-- | web/server/README.md | 2 | ||||
| -rw-r--r-- | web/server/static/static-threaded.c | 68 |
2 files changed, 40 insertions, 30 deletions
diff --git a/web/server/README.md b/web/server/README.md index fbf3151ba..dc447118e 100644 --- a/web/server/README.md +++ b/web/server/README.md @@ -226,7 +226,7 @@ present that may match DNS FQDNs. |disconnect idle clients after seconds|`60`|The time in seconds to disconnect web clients after being totally idle.| |timeout for first request|`60`|How long to wait for a client to send a request before closing the socket. Prevents slow request attacks.| |accept a streaming request every seconds|`0`|Can be used to set a limit on how often a parent node will accept streaming requests from child nodes in a [streaming and replication setup](/streaming/README.md)| -|respect do not track policy|`no`|If set to `yes`, will respect the client's browser preferences on storing cookies.| +|respect do not track policy|`no`|If set to `yes`, Netdata will respect the user's browser preferences for [Do Not Track](https://www.eff.org/issues/do-not-track) (DNT) and storing cookies. If DNT is _enabled_ in the browser, and this option is set to `yes`, users will not be able to sign in to Netdata Cloud via their local Agent dashboard, and their node will not connect to any [registry](/registry/README.md). For certain browsers, users must disable DNT and change this option to `yes` for full functionality.| |x-frame-options response header||[Avoid clickjacking attacks, by ensuring that the content is not embedded into other sites](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options).| |enable gzip compression|`yes`|When set to `yes`, Netdata web responses will be GZIP compressed, if the web client accepts such responses.| |gzip compression strategy|`default`|Valid strategies are `default`, `filtered`, `huffman only`, `rle` and `fixed`| diff --git a/web/server/static/static-threaded.c b/web/server/static/static-threaded.c index 93e36def7..07aa3fa3d 100644 --- a/web/server/static/static-threaded.c +++ b/web/server/static/static-threaded.c @@ -141,7 +141,7 @@ static int web_server_file_write_callback(POLLINFO *pi, short int *events) { // web server clients static void *web_server_add_callback(POLLINFO *pi, short int *events, void *data) { - (void)data; // Supress warning on unused argument + (void)data; // Suppress warning on unused argument worker_private->connected++; @@ -331,7 +331,7 @@ static void web_server_tmr_callback(void *timer_data) { char title[100 + 1]; snprintfz(id, 100, "web_thread%d_cpu", worker_private->id + 1); - snprintfz(title, 100, "NetData web server thread No %d CPU usage", worker_private->id + 1); + snprintfz(title, 100, "Netdata web server thread No %d CPU usage", worker_private->id + 1); st = rrdset_create_localhost( "netdata" @@ -454,49 +454,59 @@ static void socket_listen_main_static_threaded_cleanup(void *ptr) { void *socket_listen_main_static_threaded(void *ptr) { netdata_thread_cleanup_push(socket_listen_main_static_threaded_cleanup, ptr); - web_server_mode = WEB_SERVER_MODE_STATIC_THREADED; + web_server_mode = WEB_SERVER_MODE_STATIC_THREADED; - if(!api_sockets.opened) - fatal("LISTENER: no listen sockets available."); + if(!api_sockets.opened) + fatal("LISTENER: no listen sockets available."); #ifdef ENABLE_HTTPS - security_start_ssl(NETDATA_SSL_CONTEXT_SERVER); + security_start_ssl(NETDATA_SSL_CONTEXT_SERVER); #endif - // 6 threads is the optimal value - // since 6 are the parallel connections browsers will do - // so, if the machine has more CPUs, avoid using resources unnecessarily - int def_thread_count = (processors > 6)?6:processors; + // 6 threads is the optimal value + // since 6 are the parallel connections browsers will do + // so, if the machine has more CPUs, avoid using resources unnecessarily + int def_thread_count = (processors > 6) ? 6 : processors; - if (!strcmp(config_get(CONFIG_SECTION_WEB, "mode", ""),"single-threaded")) { + if (!strcmp(config_get(CONFIG_SECTION_WEB, "mode", ""),"single-threaded")) { info("Running web server with one thread, because mode is single-threaded"); config_set(CONFIG_SECTION_WEB, "mode", "static-threaded"); def_thread_count = 1; - } - static_threaded_workers_count = config_get_number(CONFIG_SECTION_WEB, "web server threads", def_thread_count); + } + static_threaded_workers_count = config_get_number(CONFIG_SECTION_WEB, "web server threads", def_thread_count); - if(static_threaded_workers_count < 1) static_threaded_workers_count = 1; + if (static_threaded_workers_count < 1) static_threaded_workers_count = 1; +#ifdef ENABLE_HTTPS + // See https://github.com/netdata/netdata/issues/11081#issuecomment-831998240 for more details + if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110) { + static_threaded_workers_count = 1; + info("You are running an OpenSSL older than 1.1.0, web server will not enable multithreading."); + } +#endif - size_t max_sockets = (size_t)config_get_number(CONFIG_SECTION_WEB, "web server max sockets", (long long int)(rlimit_nofile.rlim_cur / 4)); + size_t max_sockets = (size_t)config_get_number(CONFIG_SECTION_WEB, "web server max sockets", + (long long int)(rlimit_nofile.rlim_cur / 4)); - static_workers_private_data = callocz((size_t)static_threaded_workers_count, sizeof(struct web_server_static_threaded_worker)); + static_workers_private_data = callocz((size_t)static_threaded_workers_count, + sizeof(struct web_server_static_threaded_worker)); - web_server_is_multithreaded = (static_threaded_workers_count > 1); + web_server_is_multithreaded = (static_threaded_workers_count > 1); - int i; - for(i = 1; i < static_threaded_workers_count; i++) { - static_workers_private_data[i].id = i; - static_workers_private_data[i].max_sockets = max_sockets / static_threaded_workers_count; + int i; + for (i = 1; i < static_threaded_workers_count; i++) { + static_workers_private_data[i].id = i; + static_workers_private_data[i].max_sockets = max_sockets / static_threaded_workers_count; - char tag[50 + 1]; - snprintfz(tag, 50, "WEB_SERVER[static%d]", i+1); + char tag[50 + 1]; + snprintfz(tag, 50, "WEB_SERVER[static%d]", i+1); - info("starting worker %d", i+1); - netdata_thread_create(&static_workers_private_data[i].thread, tag, NETDATA_THREAD_OPTION_DEFAULT, socket_listen_main_static_threaded_worker, (void *)&static_workers_private_data[i]); - } + info("starting worker %d", i+1); + netdata_thread_create(&static_workers_private_data[i].thread, tag, NETDATA_THREAD_OPTION_DEFAULT, + socket_listen_main_static_threaded_worker, (void *)&static_workers_private_data[i]); + } - // and the main one - static_workers_private_data[0].max_sockets = max_sockets / static_threaded_workers_count; - socket_listen_main_static_threaded_worker((void *)&static_workers_private_data[0]); + // and the main one + static_workers_private_data[0].max_sockets = max_sockets / static_threaded_workers_count; + socket_listen_main_static_threaded_worker((void *)&static_workers_private_data[0]); netdata_thread_cleanup_pop(1); return NULL; |