[PATCH] Keepalive: add new option "keepalive_ssl_respect_sni"
Maxim Dounin
mdounin at mdounin.ru
Fri Mar 12 19:37:14 UTC 2021
Hello!
On Thu, Mar 11, 2021 at 09:28:49PM +0300, geniuss99 wrote:
> src/http/modules/ngx_http_upstream_keepalive_module.c | 42 +++++++++++++++++++
> 1 files changed, 42 insertions(+), 0 deletions(-)
>
>
> # HG changeset patch
> # User geniuss99 <geniuss.dev at gmail.com>
> # Date 1615484979 -10800
> # Thu Mar 11 20:49:39 2021 +0300
> # Node ID ed1348e8e25381b3b1a2540289effcf7ccec6fd6
> # Parent 0215ec9aaa8af6036c62e1db676c9b0cc1d5fca4
> Keepalive: add new option "keepalive_ssl_respect_sni".
>
> This option allows handling the following usecase:
> 1. proxy https requests with different hostnames to server with same ip;
> 2. use cache of upstream connections via keepalive option in upstream module;
> 3. reuse connection from keepalive pool only if ip and servername used during
> handshake with upstream match hostname from downstream request.
>
> When this option is turned on not only the ip address of upstream server is
> taken into account upon connection search but also servername used during
> handshake procedure.
Thank you for the patch. Please see the answer here:
http://mailman.nginx.org/pipermail/nginx-devel/2019-August/012583.html
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx-devel
mailing list