From 1ee0c09c5742557e037df5421ca62abddb90ae22 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 19 May 2021 14:33:38 +0200
Subject: Merging upstream version 1.31.0.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 web/server/README.md                |  2 +-
 web/server/static/static-threaded.c | 68 +++++++++++++++++++++----------------
 2 files changed, 40 insertions(+), 30 deletions(-)

(limited to 'web/server')

diff --git a/web/server/README.md b/web/server/README.md
index fbf3151ba..dc447118e 100644
--- a/web/server/README.md
+++ b/web/server/README.md
@@ -226,7 +226,7 @@ present that may match DNS FQDNs.
 |disconnect idle clients after seconds|`60`|The time in seconds to disconnect web clients after being totally idle.|
 |timeout for first request|`60`|How long to wait for a client to send a request before closing the socket. Prevents slow request attacks.|
 |accept a streaming request every seconds|`0`|Can be used to set a limit on how often a parent node will accept streaming requests from child nodes in a [streaming and replication setup](/streaming/README.md)|
-|respect do not track policy|`no`|If set to `yes`, will respect the client's browser preferences on storing cookies.|
+|respect do not track policy|`no`|If set to `yes`, Netdata will respect the user's browser preferences for [Do Not Track](https://www.eff.org/issues/do-not-track) (DNT) and storing cookies. If DNT is _enabled_ in the browser, and this option is set to `yes`, users will not be able to sign in to Netdata Cloud via their local Agent dashboard, and their node will not connect to any [registry](/registry/README.md). For certain browsers, users must disable DNT and change this option to `yes` for full functionality.|
 |x-frame-options response header||[Avoid clickjacking attacks, by ensuring that the content is not embedded into other sites](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options).|
 |enable gzip compression|`yes`|When set to `yes`, Netdata web responses will be GZIP compressed, if the web client accepts such responses.|
 |gzip compression strategy|`default`|Valid strategies are `default`, `filtered`, `huffman only`, `rle` and `fixed`|
diff --git a/web/server/static/static-threaded.c b/web/server/static/static-threaded.c
index 93e36def7..07aa3fa3d 100644
--- a/web/server/static/static-threaded.c
+++ b/web/server/static/static-threaded.c
@@ -141,7 +141,7 @@ static int web_server_file_write_callback(POLLINFO *pi, short int *events) {
 // web server clients
 
 static void *web_server_add_callback(POLLINFO *pi, short int *events, void *data) {
-    (void)data;         // Supress warning on unused argument
+    (void)data;         // Suppress warning on unused argument
 
     worker_private->connected++;
 
@@ -331,7 +331,7 @@ static void web_server_tmr_callback(void *timer_data) {
         char title[100 + 1];
 
         snprintfz(id, 100, "web_thread%d_cpu", worker_private->id + 1);
-        snprintfz(title, 100, "NetData web server thread No %d CPU usage", worker_private->id + 1);
+        snprintfz(title, 100, "Netdata web server thread No %d CPU usage", worker_private->id + 1);
 
         st = rrdset_create_localhost(
                 "netdata"
@@ -454,49 +454,59 @@ static void socket_listen_main_static_threaded_cleanup(void *ptr) {
 
 void *socket_listen_main_static_threaded(void *ptr) {
     netdata_thread_cleanup_push(socket_listen_main_static_threaded_cleanup, ptr);
-            web_server_mode = WEB_SERVER_MODE_STATIC_THREADED;
+    web_server_mode = WEB_SERVER_MODE_STATIC_THREADED;
 
-            if(!api_sockets.opened)
-                fatal("LISTENER: no listen sockets available.");
+    if(!api_sockets.opened)
+        fatal("LISTENER: no listen sockets available.");
 
 #ifdef ENABLE_HTTPS
-            security_start_ssl(NETDATA_SSL_CONTEXT_SERVER);
+    security_start_ssl(NETDATA_SSL_CONTEXT_SERVER);
 #endif
-            // 6 threads is the optimal value
-            // since 6 are the parallel connections browsers will do
-            // so, if the machine has more CPUs, avoid using resources unnecessarily
-            int def_thread_count = (processors > 6)?6:processors;
+    // 6 threads is the optimal value
+    // since 6 are the parallel connections browsers will do
+    // so, if the machine has more CPUs, avoid using resources unnecessarily
+    int def_thread_count = (processors > 6) ? 6 : processors;
 
-            if (!strcmp(config_get(CONFIG_SECTION_WEB, "mode", ""),"single-threaded")) {
+    if (!strcmp(config_get(CONFIG_SECTION_WEB, "mode", ""),"single-threaded")) {
                 info("Running web server with one thread, because mode is single-threaded");
                 config_set(CONFIG_SECTION_WEB, "mode", "static-threaded");
                 def_thread_count = 1;
-            }
-            static_threaded_workers_count = config_get_number(CONFIG_SECTION_WEB, "web server threads", def_thread_count);
+    }
+    static_threaded_workers_count = config_get_number(CONFIG_SECTION_WEB, "web server threads", def_thread_count);
 
-            if(static_threaded_workers_count < 1) static_threaded_workers_count = 1;
+    if (static_threaded_workers_count < 1) static_threaded_workers_count = 1;
+#ifdef ENABLE_HTTPS
+    // See https://github.com/netdata/netdata/issues/11081#issuecomment-831998240 for more details
+    if (OPENSSL_VERSION_NUMBER < OPENSSL_VERSION_110) {
+        static_threaded_workers_count = 1;
+        info("You are running an OpenSSL older than 1.1.0, web server will not enable multithreading.");
+    }
+#endif
 
-            size_t max_sockets = (size_t)config_get_number(CONFIG_SECTION_WEB, "web server max sockets", (long long int)(rlimit_nofile.rlim_cur / 4));
+    size_t max_sockets = (size_t)config_get_number(CONFIG_SECTION_WEB, "web server max sockets",
+                                                   (long long int)(rlimit_nofile.rlim_cur / 4));
 
-            static_workers_private_data = callocz((size_t)static_threaded_workers_count, sizeof(struct web_server_static_threaded_worker));
+    static_workers_private_data = callocz((size_t)static_threaded_workers_count,
+                                          sizeof(struct web_server_static_threaded_worker));
 
-            web_server_is_multithreaded = (static_threaded_workers_count > 1);
+    web_server_is_multithreaded = (static_threaded_workers_count > 1);
 
-            int i;
-            for(i = 1; i < static_threaded_workers_count; i++) {
-                static_workers_private_data[i].id = i;
-                static_workers_private_data[i].max_sockets = max_sockets / static_threaded_workers_count;
+    int i;
+    for (i = 1; i < static_threaded_workers_count; i++) {
+        static_workers_private_data[i].id = i;
+        static_workers_private_data[i].max_sockets = max_sockets / static_threaded_workers_count;
 
-                char tag[50 + 1];
-                snprintfz(tag, 50, "WEB_SERVER[static%d]", i+1);
+        char tag[50 + 1];
+        snprintfz(tag, 50, "WEB_SERVER[static%d]", i+1);
 
-                info("starting worker %d", i+1);
-                netdata_thread_create(&static_workers_private_data[i].thread, tag, NETDATA_THREAD_OPTION_DEFAULT, socket_listen_main_static_threaded_worker, (void *)&static_workers_private_data[i]);
-            }
+        info("starting worker %d", i+1);
+        netdata_thread_create(&static_workers_private_data[i].thread, tag, NETDATA_THREAD_OPTION_DEFAULT,
+                              socket_listen_main_static_threaded_worker, (void *)&static_workers_private_data[i]);
+    }
 
-            // and the main one
-            static_workers_private_data[0].max_sockets = max_sockets / static_threaded_workers_count;
-            socket_listen_main_static_threaded_worker((void *)&static_workers_private_data[0]);
+    // and the main one
+    static_workers_private_data[0].max_sockets = max_sockets / static_threaded_workers_count;
+    socket_listen_main_static_threaded_worker((void *)&static_workers_private_data[0]);
 
     netdata_thread_cleanup_pop(1);
     return NULL;
-- 
cgit v1.2.3