<div dir="ltr"><div><div><div><div><div>Hi Maxim,<br><br></div>Thank you for your response! Our Mail backend system receives millions of SMTP connection requests every day and for each connection request, we need to establish new connection with auth server and then tear it down which is an overhead on CPU and network. So we are looking on ways to use HTTP1.1 persistent connection so that we can save on our resources by reusing connections. I think it will be a nice feature to have in nginx? By the way, is there a reason why nginx auth_http does not support http 1.1?<br></div><div><br></div>Based on your suggestion, I tried following configuration but this did not work. Nginx will not start complaining about unknown upstream and location directives.<br><br>upstream tss {<br> server host_name:port/smtp.php;<br> keepalive 32;<br>}<br> <br>location / {<br> proxy_http_version 1.1;<br> proxy_pass <a href="http://tss">http://tss</a>;<br>}<br> <br>mail {<br> # auth<br> auth_http tss;<br>}<br><br></div>Could you please share sample proxy config which could be used to enable keepalive for auth_http?<br><br></div>Thanks!<br></div>Prabhash Rathore<br><div><div><div><br></div></div></div></div><br><div class="gmail_quote"><div dir="ltr">On Tue, May 16, 2017 at 11:26 AM Maxim Dounin <<a href="mailto:mdounin@mdounin.ru">mdounin@mdounin.ru</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello!<br>
<br>
On Tue, May 16, 2017 at 06:18:27PM +0000, Prabhash Rathore wrote:<br>
<br>
> We are using nginx 1.7.3 as a reverse proxy for our Mail SMTP service. For<br>
> authentication of each SMTP connection, we have configured nginx to connect<br>
> with a http based service for authentication. Here is a snippet of our<br>
> nginx config:<br>
><br>
> mail {<br>
> # auth_server<br>
> auth_http auth_host:auth_port/authserver;<br>
><br>
> # mail server<br>
> server {<br>
> protocol smtp;<br>
> listen 25;<br>
> proxy on;<br>
> xclient on;<br>
> timeout 15;<br>
> starttls on;<br>
> ... other configs...<br>
> }<br>
> }<br>
><br>
> With above config, we notice that nginx closes the connection after every<br>
> auth request/response to Mail Authentication Server (auth_http<br>
> auth_host:auth_port/authserver;) based on tcpdump analysis. We would like<br>
> to make this connection persistent so that we could reuse connection for<br>
> multiple auth requests.<br>
><br>
> I looked at nginx mail auth module documentation (<br>
> <a href="http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#auth_http_header" rel="noreferrer" target="_blank">http://nginx.org/en/docs/mail/ngx_mail_auth_http_module.html#auth_http_header</a><br>
> ) but I don't see any directive to make mail auth connection persistent.<br>
<br>
The auth_http module uses HTTP/1.0 and has no keepalive<br>
connections support.<br>
<br>
If there are practical reasons why you want it to use keepalive, a<br>
simple http proxy within the same nginx server will likely help.<br>
<br>
--<br>
Maxim Dounin<br>
<a href="http://nginx.org/" rel="noreferrer" target="_blank">http://nginx.org/</a><br>
_______________________________________________<br>
nginx-devel mailing list<br>
<a href="mailto:nginx-devel@nginx.org" target="_blank">nginx-devel@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx-devel" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx-devel</a><br>
</blockquote></div>