summaryrefslogtreecommitdiffstats
path: root/web/server
diff options
context:
space:
mode:
Diffstat (limited to 'web/server')
-rw-r--r--web/server/README.md2
-rw-r--r--web/server/static/static-threaded.c68
2 files changed, 40 insertions, 30 deletions
diff --git a/web/server/README.md b/web/server/README.md
index fbf3151ba..dc447118e 100644
--- a/web/server/README.md
+++ b/web/server/README.md
@@ -226,7 +226,7 @@ present that may match DNS FQDNs.
|disconnect idle clients after seconds|`60`|The time in seconds to disconnect web clients after being totally idle.|
|timeout for first request|`60`|How long to wait for a client to send a request before closing the socket. Prevents slow request attacks.|
|accept a streaming request every seconds|`0`|Can be used to set a limit on how often a parent node will accept streaming requests from child nodes in a [streaming and replication setup](/streaming/README.md)|
-|respect do not track policy|`no`|If set to `yes`, will respect the client's browser preferences on storing cookies.|
+|respect do not track policy|`no`|If set to `yes`, Netdata will respect the user's browser preferences for [Do Not Track](https://www.eff.org/issues/do-not-track) (DNT) and storing cookies. If DNT is _enabled_ in the browser, and this option is set to `yes`, users will not be able to sign in to Netdata Cloud via their local Agent dashboard, and their node will not connect to any [registry](/registry/README.md). For certain browsers, users must disable DNT and change this option to `yes` for full functionality.|
|x-frame-options response header||[Avoid clickjacking attacks, by ensuring that the content is not embedded into other sites](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options).|
|enable gzip compression|`yes`|When set to `yes`, Netdata web responses will be GZIP compressed, if the web client accepts such responses.|
|gzip compression strategy|`default`|Valid strategies are `default`, `filtered`, `huffman only`, `rle` and `fixed`|
diff --git a/web/server/static/static-threaded.c b/web/server/static/static-threaded.c
index 93e36def7..07aa3fa3d 100644
--- a/web/server/static/static-threaded.c
+++ b/web/server/static/static-threaded.c
@@ -141,7 +141,7 @@ static int web_server_file_write_callback(POLLINFO *pi, short int *events) {
// web server clients
static void *web_server_add_callback(POLLINFO *pi, short int *events, void *data) {
- (void)data; // Supress warning on unused argument
+ (void)data; // Suppress warning on unused argument
worker_private->connected++;
@@ -331,7 +331,7 @@ static void web_server_tmr_callback(void *timer_data) {
char title[100 + 1];
snprintfz(id, 100, "web_thread%d_cpu", worker_private->id + 1);
- snprintfz(title, 100, "NetData web server thread No %d CPU usage", worker_private->id + 1);
+ snprintfz(title, 100, "Netdata web server thread No %d CPU usage", worker_private->id + 1);
st = rrdset_create_localhost(
"netdata"
@@ -454,49 +454,59 @@ static void socket_listen_main_static_threaded_cleanup(void *ptr) {
void *socket_listen_main_static_threaded(void *ptr) {
netdata_thread_cleanup_push(socket_listen_main_static_threaded_cleanup, ptr);
- web_server_mode = WEB_SERVER_MODE_STATIC_THREADED;
+ web_server_mode = WEB_SERVER_MODE_STATIC_THREADED;
- if(!api_sockets.opened)
- fatal("LISTENER: no listen sockets available.");
+ if(!api_sockets.opened)
+ fatal("LISTENER: no listen sockets available.");
#ifdef ENABLE_HTTPS
- security_start_ssl(NETDATA_SSL_CONTEXT_SERVER);
+ security_start_ssl(NETDATA_SSL_CONTEXT_SERVER);
#endif
- // 6 threads is the optimal value
- // since 6 are the parallel connections browsers will do
- // so, if the machine has more CPUs, avoid using resources unnecessarily
- int def_thread_count = (processors > 6)?6:processors;
+ // 6 threads is the optimal value
+ // since 6 are the parallel connections browsers will do
+ // so, if the machine has more CPUs, avoid using resources unnecessarily
+ int def_thread_count = (processors > 6) ? 6 : processors;
- if (!strcmp(config_get(CONFIG_SECTION_WEB, "mode", ""),"single-threaded")) {
+ if (!strcmp(config_get(CONFIG_SECTION_WEB, "mode", ""),"single-threaded")) {
info("Running web server with one thread, because mode is single-threaded");
config_set(CONFIG_SECTION_WEB, "mode", "static-threaded");
def_thread_count = 1;
- }
- static_threaded_workers_count = config_get_number(CONFIG_SECTION_WEB, "web server threads", def_thread_count);
+ }
+ static_threaded_workers_count = config_get_number(CONFIG_SECTION_WEB, "web server threads", def_thread_count);
- if(static_threaded_workers_count < 1) static_threaded_workers_count = 1;
+ if (static_threaded_workers_count < 1) static_threaded_workers_count = 1;
+#ifdef ENABLE_HTTPS
+ // See https://github.com/netdata/netdata/issues/11081#issuecomment-831998240 for more details
+ if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110) {
+ static_threaded_workers_count = 1;
+ info("You are running an OpenSSL older than 1.1.0, web server will not enable multithreading.");
+ }
+#endif
- size_t max_sockets = (size_t)config_get_number(CONFIG_SECTION_WEB, "web server max sockets", (long long int)(rlimit_nofile.rlim_cur / 4));
+ size_t max_sockets = (size_t)config_get_number(CONFIG_SECTION_WEB, "web server max sockets",
+ (long long int)(rlimit_nofile.rlim_cur / 4));
- static_workers_private_data = callocz((size_t)static_threaded_workers_count, sizeof(struct web_server_static_threaded_worker));
+ static_workers_private_data = callocz((size_t)static_threaded_workers_count,
+ sizeof(struct web_server_static_threaded_worker));
- web_server_is_multithreaded = (static_threaded_workers_count > 1);
+ web_server_is_multithreaded = (static_threaded_workers_count > 1);
- int i;
- for(i = 1; i < static_threaded_workers_count; i++) {
- static_workers_private_data[i].id = i;
- static_workers_private_data[i].max_sockets = max_sockets / static_threaded_workers_count;
+ int i;
+ for (i = 1; i < static_threaded_workers_count; i++) {
+ static_workers_private_data[i].id = i;
+ static_workers_private_data[i].max_sockets = max_sockets / static_threaded_workers_count;
- char tag[50 + 1];
- snprintfz(tag, 50, "WEB_SERVER[static%d]", i+1);
+ char tag[50 + 1];
+ snprintfz(tag, 50, "WEB_SERVER[static%d]", i+1);
- info("starting worker %d", i+1);
- netdata_thread_create(&static_workers_private_data[i].thread, tag, NETDATA_THREAD_OPTION_DEFAULT, socket_listen_main_static_threaded_worker, (void *)&static_workers_private_data[i]);
- }
+ info("starting worker %d", i+1);
+ netdata_thread_create(&static_workers_private_data[i].thread, tag, NETDATA_THREAD_OPTION_DEFAULT,
+ socket_listen_main_static_threaded_worker, (void *)&static_workers_private_data[i]);
+ }
- // and the main one
- static_workers_private_data[0].max_sockets = max_sockets / static_threaded_workers_count;
- socket_listen_main_static_threaded_worker((void *)&static_workers_private_data[0]);
+ // and the main one
+ static_workers_private_data[0].max_sockets = max_sockets / static_threaded_workers_count;
+ socket_listen_main_static_threaded_worker((void *)&static_workers_private_data[0]);
netdata_thread_cleanup_pop(1);
return NULL;