Nginx proxy_pass HTTPS/SSL/HTTP2 keepalive

Sat Feb 25 23:32:13 UTC 2017

Hello!

On Fri, Feb 24, 2017 at 05:07:22AM -0500, c0nw0nk wrote:

> So the Nginx documentation says this
> http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
> 
> For HTTP, the proxy_http_version directive should be set to “1.1” and the
> “Connection” header field should be cleared:
> 
>     upstream http_backend {
>         server 127.0.0.1:8080;
> 
>         keepalive 16;
>     }
> 
>     server {
>         ...
> 
>         location /http/ {
>             proxy_pass http://http_backend;
>             proxy_http_version 1.1;
>             proxy_set_header Connection "";
>             ...
>         }
>     }
> 
> 
> But does it also apply for HTTPS/HTTP2 because proxy_http_version gets set
> to 1.1 ?

The HTTPS isn't really a separate protocol, but rather a HTTP 
inside a SSL/TLS connection.  In this context, anything about HTTP 
applies to HTTPS as well.

The HTTP/2 is a separate protocol (again, normally used inside a 
SSL/TLS connection).  And this protocol is not supported by the 
proxy module.  All connections with backends using proxy_pass use 
HTTP/1.0 or HTTP/1.1 depending on proxy_http_version.

> Example :
> 
> upstream https_backend {
>         server 127.0.0.1:443;
> 
>         keepalive 16;
>     }
> 
>     server {
>         listen 443 ssl http2;
> 
>         location /https/ {
>             proxy_pass https://https_backend;
>             proxy_http_version 1.1;
>             proxy_set_header Connection "";

In this example, nginx will accept connections on the port 443 
using SSL, with either HTTP/0.9, HTTP/1.0, HTTP/1.1, or HTTP/2 
inside an SSL connection.  Requests under the "/https/" prefix 
will be forwarded to 127.0.0.1:443 using SSL and HTTP/1.1.

-- 
Maxim Dounin
http://nginx.org/