<div>Hi, Aleks,<br><div><br><div>The result of nginx -V is as follow:<br>nginx version: nginx/1.11.1<br>built by gcc 4.9.2 (Debian 4.9.2-10)<br>built with OpenSSL 1.0.1t  3 May 2016<br>TLS SNI support enabled<br>configure arguments: --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_sub_module --with-http_v2_module --with-http_spdy_module --with-stream --with-stream_ssl_module --with-threads --with-file-aio --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --add-module=/tmp/build/ngx_devel_kit-0.3.0 --add-module=/tmp/build/set-misc-nginx-module-0.30 --add-module=/tmp/build/nginx-module-vts-0.1.9 --add-module=/tmp/build/lua-nginx-module-0.10.5 --add-module=/tmp/build/headers-more-nginx-module-0.30 --add-module=/tmp/build/nginx-goodies-nginx-sticky-module-ng-c78b7dd79d0d --add-module=/tmp/build/nginx-http-auth-digest-f85f5d6fdcc06002ff879f5cbce930999c287011 --add-module=/tmp/build/ngx_http_substitutions_filter_module-bc58cb11844bc42735bbaef7085ea86ace46d05b --add-module=/tmp/build/lua-upstream-nginx-module-0.05<br><div><br><div>The nginx conf is:<br><div><br><br>daemon off;<br><br>worker_processes 2;<br><br>pid /run/nginx.pid;<br><br>worker_rlimit_nofile 131072;<br><br>pcre_jit on;<br><br>events {<br>    multi_accept        on;<br>    worker_connections  16384;<br>    use                 epoll; <br>}<br><br>http {<br><br>    lua_shared_dict server_sessioncnt_dict 20k;<br>    lua_shared_dict server_dict 20k;<br>    lua_shared_dict server_acceptnewconn_dict 20k;<br>    lua_shared_dict sessionid_server_dict 100k;<br>    <br>    <br>    <br>    real_ip_header      X-Forwarded-For;<br>    set_real_ip_from    0.0.0.0/0;<br>    real_ip_recursive   on;<br><br>    <br>    <br>    <br>    geoip_country       /etc/nginx/GeoIP.dat;<br>    geoip_city          /etc/nginx/GeoLiteCity.dat;<br>    geoip_proxy_recursive on;<br>    vhost_traffic_status_zone shared:vhost_traffic_status:10m;<br>    vhost_traffic_status_filter_by_set_key $geoip_country_code country::*;<br>    # lua section to return proper error codes when custom pages are used<br>    lua_package_path '.?.lua;./etc/nginx/lua/?.lua;/etc/nginx/lua/vendor/lua-resty-http/lib/?.lua;/etc/nginx/lua/vendor/lua-resty-lrucache/lib/?.lua;/etc/nginx/lua/vendor/lua-resty-core/lib/?.lua;/etc/nginx/lua/vendor/lua-resty-balancer/lib/?.lua;';<br><br>    init_by_lua_file /etc/nginx/lua/init_by_lua.lua;<br><br>    sendfile            on;<br>    aio                 threads;<br>    tcp_nopush          on;<br>    tcp_nodelay         on;<br>    <br>    log_subrequest      on;<br><br>    reset_timedout_connection on;<br><br>    keepalive_timeout 75s;<br><br>    types_hash_max_size 2048;<br>    server_names_hash_max_size 512;<br>    server_names_hash_bucket_size 64;<br><br>    include /etc/nginx/mime.types;<br>    default_type text/html;<br>    gzip on;<br>    gzip_comp_level 5;<br>    gzip_http_version 1.1;<br>    gzip_min_length 256;<br>    gzip_types application/atom+xml application/javascript aplication/x-javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;    <br>    gzip_proxied any;<br><br>    client_max_body_size "64m";<br><br>    log_format upstreaminfo '$remote_addr - '<br>        '[$proxy_add_x_forwarded_for] - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" '<br>        '$request_length $request_time $upstream_addr $upstream_response_length $upstream_response_time $upstream_status';<br><br>    <br>    <br>    map $request $loggable {<br>        default 1;<br>    }<br><br>    access_log /var/log/nginx/access.log upstreaminfo if=$loggable;<br>    error_log  /var/log/nginx/error.log notice;<br><br>    <br><br>    map $http_upgrade $connection_upgrade {<br>        default upgrade;<br>        ''      close;<br>    }<br><br>    # trust http_x_forwarded_proto headers correctly indicate ssl offloading<br>    map $http_x_forwarded_proto $pass_access_scheme {<br>      default $http_x_forwarded_proto;<br>      ''      $scheme;<br>    }<br><br>    # Map a response error watching the header Content-Type<br>    map $http_accept $httpAccept {<br>        default          html;<br>        application/json json;<br>        application/xml  xml;<br>        text/plain       text;<br>    }<br><br>    map $httpAccept $httpReturnType {<br>        default          text/html;<br>        json             application/json;<br>        xml              application/xml;<br>        text             text/plain;<br>    }<br><br>    server_name_in_redirect off;<br>    port_in_redirect off;<br><br>    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br><br>    # turn on session caching to drastically improve performance<br>    <br>    ssl_session_cache builtin:1000 shared:SSL:10m;<br>    ssl_session_timeout 10m;<br>    <br><br>    # allow configuring ssl session tickets<br>    ssl_session_tickets on;<br><br>    # slightly reduce the time-to-first-byte<br>    ssl_buffer_size 4k;<br><br>    <br>    # allow configuring custom ssl ciphers<br>    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';<br>    ssl_prefer_server_ciphers on;<br>    <br><br>    <br><br>    # In case of errors try the next upstream server before returning an error<br>    proxy_next_upstream                     error timeout invalid_header http_502 http_503 http_504;<br><br>    upstream liupeng-sm-rte-svc-13080 {<br>        server 172.77.69.10:13080;<br>    server 172.77.87.9:13080;<br>    <br>        <br>        <br>        <br>        balancer_by_lua_file /etc/nginx/lua/balancer_by_lua.lua;<br>        <br>    }<br><br>    server {<br>        server_name _;<br>        listen 80;<br>        listen 443  ssl spdy http2;<br>        <br>        # PEM sha: aad58c371e57f3c243a7c8143c17762c67a0f18a        <br>        ssl_certificate /etc/nginx-ssl/system-snake-oil-certificate.pem;<br>        ssl_certificate_key /etc/nginx-ssl/system-snake-oil-certificate.pem;<br><br>        more_set_headers                            "Strict-Transport-Security: max-age=15724800; includeSubDomains; preload";<br><br>        vhost_traffic_status_filter_by_set_key $geoip_country_code country::$server_name;<br>        <br>        <br>        <br>        <br>        <br>        <br>        <br>        <br>        <br>        location /SM/ui {<br>            <br>            <br>            <br><br>            <br><br>            proxy_set_header Host                   $host;<br><br>            # Pass Real IP<br>            proxy_set_header X-Real-IP              $remote_addr;<br><br>            # Allow websocket connections<br>            proxy_set_header                        Upgrade           $http_upgrade;<br>            <br>            proxy_set_header                        Connection        "";<br>            <br><br>            proxy_set_header X-Forwarded-For        $proxy_add_x_forwarded_for;<br>            proxy_set_header X-Forwarded-Host       $host;<br>            proxy_set_header X-Forwarded-Port       $server_port;<br>            proxy_set_header X-Forwarded-Proto      $pass_access_scheme;<br><br>            # mitigate HTTPoxy Vulnerability<br>            # https://www.nginx.com/blog/mitigating-the-httpoxy-vulnerability-with-nginx/<br>            proxy_set_header Proxy                  "";<br><br>            proxy_connect_timeout                   5s;<br>            proxy_send_timeout                      60s;<br>            proxy_read_timeout                      60s;<br><br>            proxy_redirect                          off;<br>            <br>            proxy_buffering                         off;<br><br>            proxy_http_version                      1.1;<br><br>            <br>            proxy_pass http://liupeng-sm-rte-svc-13080;<br>            <br>            <br>            rewrite_by_lua_file /etc/nginx/lua/rewrite_by_lua.lua;<br><br>            header_filter_by_lua_file /etc/nginx/lua/header_filter_by_lua.lua;<br><br>            <br>        }<br>        <br><br>    }<br>}<br><br><br></div></div></div></div></div></div><div id="origbody"><div style="background: #f2f2f2;">----- 原始邮件 -----<br>发件人:Aleksandar Lazic <al-nginx@none.at><br>收件人:tjlp@sina.com<br>抄送人:nginx <nginx@nginx.org><br>主题:Re:_回复:Re:_回复:Re:_回复:Re:_Issue_about_nginx_removing_the_header_"Connection"_in_HTTP_response?<br>日期:2017年03月07日 15点39分<br></div><br><br>Hi Liu Peng.<br>We still don't know your nginx version nor your config!<br>Cite from below:<br>> So now the standard Questions from me:<br>> What's the output of nginx -V ?<br>> What's your config?<br>regards<br>aleks<br>Am 07-03-2017 02:37, schrieb tjlp@sina.com:<br>> Hi, Alexks,<br>> <br>> I try your proposal and it doesn't work. Actually my issue is the same <br>> as this one <br>> http://stackoverflow.com/questions/5100971/nginx-and-proxy-pass-send-connection-close-headers.<br>> <br>> 1. I add "keeplive_request 0". The result is that the "Connection: <br>> close" header is sent to client for every response. That does not match <br>> my requirement. Our application decides whether to finish the <br>> application session using this header.<br>> <br>> 2. I add "proxy_pass_header Connection". Nginx keeps sending  <br>> "Connection: keep-alive" header to client even the header is <br>> "Connection: close" from upstream server.<br>> <br>> Seems Nginx has some special handling for the Connection header in <br>> response. The openresty author suggests that the only way for changing <br>> response header change the nginx C code for this issue. See this issue: <br>> https://github.com/openresty/headers-more-nginx-module/issues/22#issuecomment-31585052.<br>> <br>> Thanks<br>> Liu Peng<br>> <br>> ----- 原始邮件 -----<br>> 发件人:Aleksandar Lazic <al-nginx@none.at><br>> 收件人:tjlp@sina.com<br>> 抄送人:nginx <nginx@nginx.org><br>> 主题:Re:_回复:Re:_回复:Re:_Issue_about_nginx_removing_the_header_"Connection"_in_HTTP_response?<br>> 日期:2017年03月04日 17点22分<br>> <br>> Hi Liu Peng.<br>> Am 04-03-2017 09:12, schrieb tjlp@sina.com:<br>>> <br>>> Hi, Alexks,<br>>> <br>>> I don't want to hide the header.<br>>> My problem is that Nginx change the "Connection: close" header in the<br>>> reponse from upstream server to "Connction: keep-alive" and send to<br>>> client. I want to keep the original "Connection: close" header.<br>> Ah that's a clear question.<br>> It took us only 3 rounds to get to this clear question ;-)<br>> So now the standard Questions from me:<br>> What's the output of nginx -V ?<br>> What's your config?<br>> Maybe you have set 'keepalive' in the upstream config<br>> http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive<br>> or<br>> 'proxy_http_version 1.1;'<br>> http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version<br>> as a last resort you can just pass the header with<br>> 'proxy_pass_header Connection;'.<br>> http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass_header<br>> Choose the solution which fit's to your demand.<br>> I can only guess due to the fact that we don't know your config.<br>> May I ask you to take a look into this document, which exists in <br>> several<br>> languages, thank you very much.<br>> http://www.catb.org/~esr/faqs/smart-questions.html<br>> Best regards<br>> Aleks<br>>> Thanks<br>>> Liu Peng<br>>> <br>>> ----- 原始邮件 -----<br>>> 发件人:Aleksandar Lazic <al-nginx@none.at><br>>> 收件人:tjlp@sina.com<br>>> 抄送人:nginx <nginx@nginx.org><br>>> 主题:Re:_回复:Re:_Issue_about_nginx_removing_the_header_"Connection"_in_HTTP_response?<br>>> 日期:2017年03月03日 16点19分<br>>> Hi.<br>>> <br>>> then one directive upward.<br>>> <br>>> http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header<br>>> <br>>> Cheers<br>>> <br>>> aleks<br>>> <br>>> Am 03-03-2017 06:00, schrieb tjlp@sina.com:<br>>> <br>>>> Hi,<br>>>> <br>>>> What I mention is the header in response from backend server. Your<br>>>> answer about proxy_set_header is the "Connection" header in request.<br>>>> <br>>>> Thanks<br>>>> Liu Peng<br>>>> <br>>>> ----- 原始邮件 -----<br>>>> 发件人:Aleksandar Lazic <al-nginx@none.at><br>>>> 收件人:nginx@nginx.org<br>>>> 抄送人:tjlp@sina.com<br>>>> 主题:Re: Issue about nginx removing the header "Connection" in HTTP<br>>>> response?<br>>>> 日期:2017年03月03日 06点25分<br>>>> <br>>>> Hi.<br>>>> Am 01-03-2017 08:29, schrieb tjlp@sina.com:<br>>>>> Hi, nginx guy,<br>>>>> <br>>>>> In our system, for some special requests, the upstream server will<br>>>>> return a response which the header includes "Connection: Close".<br>>>>> According to HTTP protocol, "Connection" is one-hop header.<br>>>>> So, nginx will remove this header and the client can't do the<br>>>>> business<br>>>>> logic correctly.<br>>>>> <br>>>>> How to handle this scenario?<br>>>> you mean something like this?<br>>>> http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header<br>>>> If the value of a header field is an empty string then this field <br>>>> will<br>>>> not be passed to a proxied server:<br>>>> proxy_set_header Connection "";<br>>>>> Thanks<br>>>>> Liu Peng<br>>>>> _______________________________________________<br>>>>> nginx mailing list<br>>>>> nginx@nginx.org<br>>>>> http://mailman.nginx.org/mailman/listinfo/nginx<br></div>