<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
<div style="margin:0px;font-size:14px;font-family:"Segoe UI", "Segoe UI Web (West European)", "Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;color:rgb(50, 49, 48);background-color:rgb(250, 249, 248)">
<div class="wide-content-host" style="margin:0px">
<div tabindex="-1" class="_3BL964mseejjC_nzEeda9o NN4ve7-zXI11J6Er51ULd" style="margin:0px 20px 8px 8px;padding:0px 12px 12px;border:1px solid var(--readingPaneCardFocusBorder);color:var(--black);display:table;table-layout:fixed;border-radius:2px;background:var(--white)">
<div tabindex="-1" class="_2Qk4AbDuWwkuLB005ds2jm QMubUjbS-BOly_BTHEZj7 allowTextSelection" style="margin:12px 16px 0px 52px;padding:0px 0px 2px;font-size:15px;color:var(--neutralDark);user-select:text;overflow-y:auto;outline:0px">
<div style="margin:0px">
<div style="margin:0px">
<div dir="ltr" style="margin:0px">
<div style="margin:0px">
<div dir="ltr" style="margin:0px"><span style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">Hi,</span></div>
<div dir="ltr" style="margin:0px"><span style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black"><br>
</span></div>
<div dir="ltr" style="margin:0px"><span style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">Was wondering if this question is more suited for the development forum, since I didn't receive any response on the user
forum. Repeating the question below:</span></div>
<div dir="ltr" style="margin:0px"><span style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black"><br>
</span></div>
<div dir="ltr" style="margin:0px"><span style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">I tried with clearing the connections header but NGINX is still sending the 5<span style="margin:0px"><sup>th</sup> response
through a new source port. Let me give a more detailed configuration we have. Just to inform you, we have our own auth module instead of using the NGINX auth module. We call ngx_http_post_request to post subrequests and the code is almost the same as that
of auth module. For the subrequest sent by auth module with the following configuration we expect NGINX to send requests through a new port for the first four connections and then reuse one of the ports for the fifth connection, especially when the requests
are sequential.</span></span></div>
<div dir="ltr" style="margin:0px">
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"><br>
</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px">http {
<div style="margin:0px"> include /etc/nginx/mime.types;</div>
default_type application/octet-stream;<br>
</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"> sendfile on;<br>
</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"> keepalive_timeout 65s;</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"> include /etc/nginx/conf.d/*.conf;</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"> proxy_socket_keepalive on;</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"><br>
</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"> server {
<div style="margin:0px"> listen 9000;</div>
server_name front-service;<br>
</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"> ext_auth_fail_allow on;</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"> error_log /var/log/nginx/error.log debug;</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"> location / {</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"> ext_auth_request /auth;
<div style="margin:0px"> proxy_http_version 1.1;</div>
proxy_set_header Connection "";</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"> proxy_set_header Upgrade $http_upgrade;
<div style="margin:0px"> proxy_set_header X-Real-Ip $remote_addr;</div>
<div style="margin:0px"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</div>
<div style="margin:0px"> proxy_set_header X-Forwarded-Proto $scheme;</div>
proxy_pass http://localhost:8090;<br>
</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"><br>
</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"> location /auth {
<div style="margin:0px"> internal;</div>
<div style="margin:0px"> proxy_set_header X-Req-Uri $request_uri;</div>
<div style="margin:0px"> proxy_set_header X-Method $request_method;</div>
<div style="margin:0px"> proxy_set_header X-Req-Host $host;</div>
<div style="margin:0px"> proxy_set_header X-Client-Addr $remote_addr:$remote_port;</div>
<div style="margin:0px"> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</div>
<div style="margin:0px"> proxy_set_header X-Forwarded-Proto $scheme;</div>
<div style="margin:0px"> proxy_connect_timeout 5000ms;</div>
<div style="margin:0px"> proxy_read_timeout 5000ms;</div>
<div style="margin:0px"> proxy_http_version 1.1;</div>
<div style="margin:0px"> proxy_set_header Connection "";</div>
<div style="margin:0px"> proxy_pass http://ext-authz-upstream-server;</div>
<div style="margin:0px"> }</div>
}<br>
</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px"> upstream ext-authz-upstream-server {
<div style="margin:0px"> server 172.20.10.6:9006;</div>
<div style="margin:0px"> keepalive 4;</div>
}<br>
</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px">}</span></div>
<div style="margin:0px;font-size:12pt;font-family:Calibri, Arial, Helvetica, sans-serif;color:black">
<span style="margin:0px">Could you please help on what we are missing?</span></div>
<div style="margin:0px"><font size="2"><span style="margin:0px;font-size:11pt">
<div style="margin:0px"><br>
</div>
<div style="margin:0px">Thanks,
<div style="margin:0px">Devashi</div>
</div>
<div style="margin:0px"><br>
Date: Mon, 24 Jan 2022 17:56:33 +0300<br>
From: "Sergey A. Osokin" <osa@freebsd.org.ru><br>
Subject: Re: Using single persistent socket to send subrequests<br>
To: nginx@nginx.org<br>
Message-ID: <Ye6+Ie0SM9YCKGby@FreeBSD.org.ru><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
Hi Devashi,<br>
</div>
</span></font></div>
</div>
</div>
</div>
</div>
</div>
</div>
<div class="_1SgEp1U4PIR58Iv0wG1X4P" style="margin:0px;clear:both"></div>
<div tabindex="-1" class="_2mB7lFfEzBQWZ9-LeNcOqT" style="margin:12px 16px 0px 44px;display:flex;align-items:center">
<div class="body-154" style="margin:0px;color:var(--neutralPrimary);background:var(--white)">
<button type="button" class="ms-Button ms-Button--action ms-Button--command _1ZX62iM9tZculzHA923LTX _2chG84UH2p0sPKQFmGzGLL _2OxEVNDx97U3ApfyQr67hP root-299" data-is-focusable="true" style="margin:0px;padding:0px 4px;border:0px solid transparent;font-weight:600;color:var(--themePrimary);outline:transparent;box-sizing:border-box;display:inline-block;text-align:center;cursor:pointer;border-radius:2px;height:32px;background:transparent;user-select:none;min-width:0px;width:fit-content">
<span class="ms-Button-flexContainer flexContainer-204" data-automationid="splitbuttonprimary" style="margin:0px;display:flex;height:32px;flex-wrap:nowrap;justify-content:flex-start;align-items:center"><span class="ms-Button-textContainer textContainer-205" style="margin:0px;flex-grow:0;display:block"><span class="ms-Button-label label-161" style="margin:0px 4px;line-height:14px;display:block">Reply</span></span></span>
</button></div>
<div class="_2vk93UbLnFCsFCnqQblqTp" style="margin:0px 8px 0px 0px;padding:0px 0px 0px 8px;border-right:1px solid var(--neutralTertiaryAlt);height:18px">
</div>
<div class="body-154" style="margin:0px;color:var(--neutralPrimary);background:var(--white)">
<button type="button" class="ms-Button ms-Button--action ms-Button--command _1ZX62iM9tZculzHA923LTX _2chG84UH2p0sPKQFmGzGLL _2OxEVNDx97U3ApfyQr67hP root-299" data-is-focusable="true" style="margin:0px;padding:0px 4px;border:0px solid transparent;font-weight:600;color:var(--themePrimary);outline:transparent;box-sizing:border-box;display:inline-block;text-align:center;cursor:pointer;border-radius:2px;height:32px;background:transparent;user-select:none;min-width:0px;width:fit-content">
<span class="ms-Button-flexContainer flexContainer-204" data-automationid="splitbuttonprimary" style="margin:0px;display:flex;height:32px;flex-wrap:nowrap;justify-content:flex-start;align-items:center"><span class="ms-Button-textContainer textContainer-205" style="margin:0px;flex-grow:0;display:block"><span class="ms-Button-label label-161" style="margin:0px 4px;line-height:14px;display:block">Forward</span></span></span>
</button></div>
</div>
</div>
</div>
</div>
<div style="margin:0px;font-size:14px;font-family:"Segoe UI", "Segoe UI Web (West European)", "Segoe UI", -apple-system, BlinkMacSystemFont, Roboto, "Helvetica Neue", sans-serif;color:rgb(50, 49, 48);background-color:rgb(250, 249, 248)">
<div class="wide-content-host" style="margin:0px">
<div class="_21M_FM9urAtm5RbICf8Mdj" style="margin:0px;display:table;table-layout:fixed">
<div class="aIkJiKjTQYvMBiVlJyTdA NHVyVxjTc1SMUQJ5j-pQV" style="margin:-9px 20px 0px 8px;padding:0px 0px 0px 31px;font-size:15px;background:var(--white);border-radius:2px">
<div class="Bh_OsPfV898o_el926-5_" style="margin:0px 0px 16px 17px;border-bottom:1px solid var(--neutralLight)">
</div>
<div class="_1fG9aln2t00SwqnHn0RMRt" style="margin:0px">
<div tabindex="-1" class="_3QCsM9-LPIxe1EDTYYKDn0 QMubUjbS-BOly_BTHEZj7 allowTextSelection" style="margin:0px;padding:0px 16px;border-left:1px solid var(--neutralTertiaryAlt);user-select:text;overflow-y:auto">
<div style="margin:0px">
<div style="margin:0px">
<div dir="ltr" style="margin:0px">
<div style="margin:0px">
<div dir="ltr" style="margin:0px">
<div style="margin:0px"><font size="2"><span style="margin:0px;font-size:11pt">
<div style="margin:0px">On Mon, Jan 24, 2022 at 05:52:56AM +0000, Devashi Tandon wrote:<br>
><br>
> We have the following configuration:<br>
><br>
> location / {<br>
> proxy_http_version 1.1;<br>
> proxy_pass<span> </span><a href="http://ext-authz-upstream-server/" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="0" style="margin:0px">http://ext-authz-upstream-server</a>;<br>
> }<br>
><br>
> upstream ext-authz-upstream-server {<br>
> server 172.20.10.6:9006;<br>
> keepalive 4;<br>
> }<br>
><br>
> Do I need to add any other configuration to reuse the first four socket connections besides keepalive 4?<br>
<br>
You'd need to review and slightly update the `location /' configuration<br>
block by adding the following directive:<br>
<br>
proxy_set_header Connection "";<br>
<br>
Please visit the following link to get more details:<br>
<a href="https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive" target="_blank" rel="noopener noreferrer" data-auth="NotApplicable" data-linkindex="1" style="margin:0px">https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive</a><br>
<br>
--<br>
Sergey Osokin</div>
</span></font></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
</body>
</html>