[PATCH] Keepalive: add new option "keepalive_ssl_respect_sni"

Maxim Dounin mdounin at mdounin.ru
Fri Mar 12 19:37:14 UTC 2021


Hello!

On Thu, Mar 11, 2021 at 09:28:49PM +0300, geniuss99 wrote:

>  src/http/modules/ngx_http_upstream_keepalive_module.c |  42 +++++++++++++++++++
>  1 files changed, 42 insertions(+), 0 deletions(-)
> 
> 
> # HG changeset patch
> # User geniuss99 <geniuss.dev at gmail.com>
> # Date 1615484979 -10800
> #      Thu Mar 11 20:49:39 2021 +0300
> # Node ID ed1348e8e25381b3b1a2540289effcf7ccec6fd6
> # Parent  0215ec9aaa8af6036c62e1db676c9b0cc1d5fca4
> Keepalive: add new option "keepalive_ssl_respect_sni".
> 
> This option allows handling the following usecase:
> 1. proxy https requests with different hostnames to server with same ip;
> 2. use cache of upstream connections via keepalive option in upstream module;
> 3. reuse connection from keepalive pool only if ip and servername used during
>    handshake with upstream match hostname from downstream request.
> 
> When this option is turned on not only the ip address of upstream server is
> taken into account upon connection search but also servername used during
> handshake procedure.

Thank you for the patch.  Please see the answer here:

http://mailman.nginx.org/pipermail/nginx-devel/2019-August/012583.html

-- 
Maxim Dounin
http://mdounin.ru/


More information about the nginx-devel mailing list