SSL stream to HTTP2 server

Danila Vershinin ciapnz at gmail.com
Thu Sep 13 18:44:35 UTC 2018 

Hi,

Are the any plans to add this feature?
If one has less software to run stuff, and if hitch can be avoided in some use cases, I think that would be a plus.

Thanks for you answer.

Best Regards,
Danila

> On 13 Sep 2018, at 21:42, Maxim Dounin <mdounin at mdounin.ru> wrote:
> 
> Hello!
> 
> On Thu, Sep 13, 2018 at 09:26:31PM +0300, Danila Vershinin wrote:
> 
>> Hello,
>> 
>> I’m trying to basically use nginx as replacement to hitch (for Varnish).
>> 
>> Request goes like this: browser → nginx (stream SSL) → varnish (HTTP2 on) → backend HTTP
>> 
>> stream {
>>    server {
>> 	listen 443 ssl;
>>        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
>>        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
>>        proxy_pass 127.0.0.1:6081;
>>        proxy_protocol on;
>>    }
>> }
>> 
>> With the above, I’m getting HTTP/1.1 in browser.
>> When I replace nginx with hitch, I get HTTP/2.
>> 
>> From Hitch docs: "Hitch will transmit the selected protocol as part of its PROXY header” Does nginx have same capability?
>> 
>> In general, is nginx capable of being SSL terminator for HTTP/2 backends using TCP streams? (while delivering HTTP/2 to supporting clients). I’m interested in using TCP streams since only those will allow use of PROXY protocol to upstream.
> 
> Currently no, as stream module in nginx cannot be configured to
> choose a parituclar ALPN protocol when terminating SSL.
> 
> --
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180913/ffef94b3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180913/ffef94b3/attachment.bin>

More information about the nginx mailing list