<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<style type="text/css" style="display:none;"> P {margin-top:0;margin-bottom:0;} </style>
</head>
<body dir="ltr">
<div style="font-family: Calibri, Arial, Helvetica, sans-serif; font-size: 12pt; color: rgb(0, 0, 0);">
Resending with correct Subject. Sorry for the confusion.</div>
<div>
<div id="divRplyFwdMsg" dir="ltr">
<div> </div>
</div>
<div dir="ltr">
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
Hi Sergey,</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<br>
</div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
I tried with clearing the connections header but NGINX is still sending the 5<span><sup>th</sup> response through a new source port. Let me give a more detailed configuration we have. Just to inform you, we have our own auth module instead of using the NGINX
 auth module. We call ngx_http_post_request to post subrequests and the code is almost the same as that of auth module. For the subrequest sent by auth module with the following configuration we expect NGINX to send requests through a new port for the first
 four connections and then reuse one of the ports for the fifth connection, especially when the requests are sequential.</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span><br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>http {
<div>    include       /etc/nginx/mime.types;</div>
    default_type  application/octet-stream;<br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>    sendfile        on;<br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>    keepalive_timeout  65s;</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>    include /etc/nginx/conf.d/*.conf;</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>    proxy_socket_keepalive on;</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span><br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>    server {
<div>        listen       9000;</div>
        server_name  front-service;<br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>        ext_auth_fail_allow on;</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>        error_log  /var/log/nginx/error.log debug;</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>        location / {</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>                    ext_auth_request /auth;
<div>                    proxy_http_version 1.1;</div>
                    proxy_set_header Connection "";</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>                    proxy_set_header Upgrade $http_upgrade;
<div>                    proxy_set_header X-Real-Ip $remote_addr;</div>
<div>                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</div>
<div>                    proxy_set_header X-Forwarded-Proto $scheme;</div>
                    proxy_pass http://localhost:8090;<br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span><br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>        location /auth {
<div>                internal;</div>
<div>                proxy_set_header X-Req-Uri $request_uri;</div>
<div>                proxy_set_header X-Method $request_method;</div>
<div>                proxy_set_header X-Req-Host $host;</div>
<div>                proxy_set_header X-Client-Addr $remote_addr:$remote_port;</div>
<div>                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;</div>
<div>                proxy_set_header X-Forwarded-Proto $scheme;</div>
<div>                proxy_connect_timeout 5000ms;</div>
<div>                proxy_read_timeout    5000ms;</div>
<div>                proxy_http_version 1.1;</div>
<div>                proxy_set_header Connection "";</div>
<div>                proxy_pass http://ext-authz-upstream-server;</div>
<div>        }</div>
    }<br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>    upstream ext-authz-upstream-server {
<div>                server 172.20.10.6:9006;</div>
<div>                keepalive 4;</div>
    }<br>
</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>}</span></div>
<div style="font-family:Calibri,Arial,Helvetica,sans-serif; font-size:12pt; color:rgb(0,0,0)">
<span>Could you please help on what we are missing?</span></div>
<div class="x_BodyFragment"><font size="2"><span style="font-size:11pt">
<div class="x_PlainText"><br>
</div>
<div class="x_PlainText">Thanks,
<div>Devashi</div>
</div>
<div class="x_PlainText"><br>
Date: Mon, 24 Jan 2022 17:56:33 +0300<br>
From: "Sergey A. Osokin" <osa@freebsd.org.ru><br>
Subject: Re: Using single persistent socket to send subrequests<br>
To: nginx@nginx.org<br>
Message-ID: <Ye6+Ie0SM9YCKGby@FreeBSD.org.ru><br>
Content-Type: text/plain; charset=utf-8<br>
<br>
Hi Devashi,<br>
<br>
On Mon, Jan 24, 2022 at 05:52:56AM +0000, Devashi Tandon wrote:<br>
> <br>
> We have the following configuration:<br>
> <br>
> location / {<br>
>     proxy_http_version 1.1;<br>
>     proxy_pass <a href="http://ext-authz-upstream-server">http://ext-authz-upstream-server</a>;<br>
> }<br>
><br>
> upstream ext-authz-upstream-server {<br>
>     server 172.20.10.6:9006;<br>
>     keepalive 4;<br>
> }<br>
> <br>
> Do I need to add any other configuration to reuse the first four socket connections besides keepalive 4?<br>
<br>
You'd need to review and slightly update the `location /' configuration<br>
block by adding the following directive:<br>
<br>
    proxy_set_header Connection "";<br>
<br>
Please visit the following link to get more details:<br>
<a href="https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive">https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive</a><br>
<br>
-- <br>
Sergey Osokin<br>
</div>
</span></font></div>
</div>
</div>
</body>
</html>