SPDY: nginx/1.6.2: proxy_pass does not work when https is used

Yury Kirpichev ykirpichev at gmail.com
Tue Dec 16 08:48:37 UTC 2014 

Hi,

Here is full config, I tried to make it as small as possible.

worker_processes  12;

events {
    worker_connections  8192;
    use epoll;
}

http {
    server {
        listen [::]:6121 spdy;
        listen [::]:80;

        client_body_buffer_size 100k;
        client_max_body_size 100k;

        server_name *.maps.dev.yandex.net;

        location /https/test {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header Host $host;
            proxy_pass https://www.google.com/test;
        }
    }
}

Also, I've found that if I comment out line with worker_processes then
problem will disappear.

Here is output from /usr/sbin/nginx  -V
nginx version: nginx/1.6.2
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-log-path=/var/log/nginx/access.log
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi
--lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-debug
--with-http_addition_module --with-http_flv_module --with-http_dav_module
--with-http_geoip_module --with-http_gzip_static_module
--with-http_gunzip_module --with-http_image_filter_module
--with-http_perl_module --with-http_realip_module
--with-http_stub_status_module --with-http_ssl_module
--with-http_spdy_module --with-http_sub_module --with-http_xslt_module
--with-ipv6 --with-sha1=/usr/include/openssl
--with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module
--add-module=/home/buildfarm/teamcity/projects/nginx-stable/debian/modules/nginx-echo
--add-module=/home/buildfarm/teamcity/projects/nginx-stable/debian/modules/nginx-headers-more
--add-module=/home/buildfarm/teamcity/projects/nginx-stable/debian/modules/nginx-development-kit
--add-module=/home/buildfarm/teamcity/projects/nginx-stable/debian/modules/nginx-lua
--add-module=/home/buildfarm/teamcity/projects/nginx-stable/debian/modules/nginx-upstream-fair
--add-module=/home/buildfarm/teamcity/projects/nginx-stable/debian/modules/nginx-flv-filter
--add-module=/home/buildfarm/teamcity/projects/nginx-stable/debian/modules/nginx-ip-tos-filter
--add-module=/home/buildfarm/teamcity/projects/nginx-stable/debian/modules/nginx-addtag-exe
--add-module=/home/buildfarm/teamcity/projects/nginx-stable/debian/modules/nginx-speedtest
--add-module=/home/buildfarm/teamcity/projects/nginx-stable/debian/modules/nginx-eblob
--add-module=/home/buildfarm/teamcity/projects/nginx-stable/debian/modules/nginx-request-id
--add-module=/home/buildfarm/teamcity/projects/nginx-stable/debian/modules/nginx-favicon
--add-module=/home/buildfarm/teamcity/projects/nginx-stable/debian/modules/nginx-auth-sign

Unfortunately, I can not collect debug logs right now.
However, I did captured tcpdump on server with nginx and was able to see
that nginx established SSL connection with google.com, however, after that
it got stuck somewhere (can provide logs if you need it)

BR/ Yury

2014-12-16 3:18 GMT+03:00 Valentin V. Bartenev <vbart at nginx.com>:
>
> On Tuesday 16 December 2014 00:05:03 Yury Kirpichev wrote:
> > Hi,
> >
> > I've got a problem when tried to proxy spdy traffic to host via https
> > protocol.
> >
> > My config is simple like that:
> >
> >
> > location /https/test {
> >
> >     proxy_set_header X-Real-IP $remote_addr;
> >
> >     proxy_set_header Host $host;
> >
> >     proxy_pass https://www.something.com/test;
> >
> > }
> >
> >
> > When request is performed through HTTP protocol, everything works fine
> > without any problem.
> >
> > However, when incoming request is done through SPDY, there is no response
> > from remote peer in about 10 seconds and connection is closed after that
> by
> > client.
> [..]
>
> I can't reproduce the problem with your simple config.
> It just works in both cases with or w/o SPDY.
>
> Could you please provide more information like "nginx -V" output
> and debug log: http://nginx.org/en/docs/debugging_log.html
>
>   wbr, Valentin V. Bartenev
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20141216/b82edbba/attachment.html>

More information about the nginx mailing list