proxy_ssl_session_reuse not working with dynamic proxy_pass

gchiesa nginx-forum at forum.nginx.org
Fri Jan 25 15:21:55 UTC 2019 

Hi, 

I'm trying to enable the proxy_ssl_session_reuse with dynamic proxy_pass as
per the following config.
---
server {
    listen       80;
    server_name  localhost;

    ssl_session_cache   shared:SSL:20m;
    ssl_session_timeout 4h;
    proxy_ssl_session_reuse     on;
    proxy_ssl_protocols         TLSv1.2;
    proxy_ssl_ciphers          
EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
    proxy_ssl_server_name       on;
    proxy_socket_keepalive      on;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    set $upstream_server https://myupstream.com;
    location /test/ {
            # forward the request id received in the headers to the
upstream
            proxy_set_header X-Request-Id $http_x_request_id;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_set_header Host "myupstream.com";

            resolver 8.8.8.8;
            rewrite ^/test/(.*) /$1 break;
            proxy_pass $upstream_server;

            # completely disable proxy cache
            expires off;
            sendfile off;

    }

}
---

but the proxy module does not honor proxy_ssl_session_reuse. 

Instead if in the case of NOT DYNAMIC resolution it works fine. Example:
---
server {
    listen       80;
    server_name  localhost;

    ssl_session_cache   shared:SSL:20m;
    ssl_session_timeout 4h;
    proxy_ssl_session_reuse     on;
    proxy_ssl_protocols         TLSv1.2;
    proxy_ssl_ciphers          
EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;
    proxy_ssl_server_name       on;
    proxy_socket_keepalive      on;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }

    location /test/ {
            # forward the request id received in the headers to the
upstream
            proxy_set_header X-Request-Id $http_x_request_id;
            proxy_http_version 1.1;
            proxy_set_header Connection "";
            proxy_set_header Host "myupstream.com";

            resolver 8.8.8.8;
            rewrite ^/test/(.*) /$1 break;
            proxy_pass https://myupstream.com;

            # completely disable proxy cache
            expires off;
            sendfile off;

    }

}
---


Does anybody have any idea how (if possible) to make the
proxy_ssl_session_reuse work with dynamic resolution? 

Thanks
Peppe

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282830,282830#msg-282830

More information about the nginx mailing list