proxy_pass and weird behaviour

Michael Grimm trashcan at
Sat Mar 11 08:07:54 UTC 2017

Hi —

(This is nginx 1.11.10 and up to date FreeBSD STABLE-11)

I recently implemented LE certificates for my virtual domains, which will be served at two hosts, accessed by round-robin DNS, aka two IP addresses. In order to get the acme challenges running, I did implement the following configuration:

Host A and Host B:

	# port 80
	server {
		include			include/IPs-80;
		location / {
			# redirect letsencrypt ACME challenge requests to local-at-host-A.lan
			location /.well-known/acme-challenge/ {
			proxy_pass http://local-at-host-A.lan;
			# all other requests are redirect to https, permanently
			return 301 https://$server_name$request_uri;

	# port 443

Server local-at-host-A.lan (LE acme) finally serves the acme challenge directory:

	server {
		include		include/IPs-80;
		server_name	local-at-host-A.lan;
		# redirect all letsencrypt ACME challenges to one global directory
		location /.well-known/acme-challenge/ {
			root	/var/www/acme/;

Well, that is working, somehow, except: If the LE server addresses Host A, the challenge file is going to be retrieved instantaneously. If the LE server addresses Host B, only every *other* request is being served instantaneously:

	1. access: immediately download
	2. access: 60 s wait, then download
	3. access: immediately download
	4. access: 60 s wait, then download

Hmm, default proxy_connect_timeout is 60s, I know. But why every other connect?

Every feedback on how to solve/debug that issue is highly welcome.

Thanks and regards,

More information about the nginx mailing list