Dropped https client connection doesn't drop backend proxy_pass connection
mdounin at mdounin.ru
Sat Mar 16 23:49:01 UTC 2013
On Sat, Mar 16, 2013 at 09:32:27AM +1100, Robert Mueller wrote:
> > In case of https, in many (most) cases there are pending data -
> > due to various SSL packets send during connection close. This
> > means connection close detection with https doesn't work unless
> > you use kqueue.
> > Further reading:
> > http://mailman.nginx.org/pipermail/nginx/2011-June/027672.html
> > http://mailman.nginx.org/pipermail/nginx/2011-November/030630.html
> These reports appear to relate to SSL upstream connections (both refer
> to ngx_http_upstream_check_broken_connection). I'm talking about an SSL
> client connection, with a plain http upstream connection.
Both are about client connections. The
ngx_http_upstream_check_broken_connection() function is here to
check if client is disconnected or not.
> When an https client drops it's connection, the upstream http proxy
> connection is not dropped. If nginx can't detect an https client
> disconnect properly, that must mean it's leaking connection information
> internally doesn't it?
No. It just can't say if a connection was closed or not as there
are pending data in the connection, and it can't read data (there
may be a pipelined request). Therefore in this case, being on the
safe side, it assumes the connection isn't closed and doesn't try
to abort upstream request.
More information about the nginx