SSL stream to HTTP2 server
Maxim Dounin
mdounin at mdounin.ru
Thu Sep 13 18:42:33 UTC 2018
Hello!
On Thu, Sep 13, 2018 at 09:26:31PM +0300, Danila Vershinin wrote:
> Hello,
>
> I’m trying to basically use nginx as replacement to hitch (for Varnish).
>
> Request goes like this: browser → nginx (stream SSL) → varnish (HTTP2 on) → backend HTTP
>
> stream {
> server {
> listen 443 ssl;
> ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
> ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
> proxy_pass 127.0.0.1:6081;
> proxy_protocol on;
> }
> }
>
> With the above, I’m getting HTTP/1.1 in browser.
> When I replace nginx with hitch, I get HTTP/2.
>
> From Hitch docs: "Hitch will transmit the selected protocol as part of its PROXY header” Does nginx have same capability?
>
> In general, is nginx capable of being SSL terminator for HTTP/2 backends using TCP streams? (while delivering HTTP/2 to supporting clients). I’m interested in using TCP streams since only those will allow use of PROXY protocol to upstream.
Currently no, as stream module in nginx cannot be configured to
choose a parituclar ALPN protocol when terminating SSL.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list