NGINX TLS Behavior

[bhaktaonline]

Hello,


I have a question on NGINX's behavior during TLS.

I see that NGINX combines HTTP header and Data together into a SSL record. 
You can see from the logs below that 

<snip>

2018/12/26 14:10:34 [debug] 13248#0: *1 SSL buf copy: 244
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL buf copy: 16140
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL to write: 16384

<snip>


While the header gets generated earlier, its written to along with data. Is
there a way (i mean a configurable way) to tell NGINX to write just the
headers, so that header goes out in a single TLS record?

thank you for your time in looking at this.

-bhakta


Full logs, this is in response to a GET request of a 1mb file that I am
trying to server as part of this test.:


2018/12/26 14:10:34 [debug] 13248#0: *1 content phase: 12
2018/12/26 14:10:34 [debug] 13248#0: *1 content phase: 13
2018/12/26 14:10:34 [debug] 13248#0: *1 ngx_http_static_handler: http
filename: "/usr/local/nginx/html/protected/1mb.html"
2018/12/26 14:10:34 [debug] 13248#0: *1 add cleanup: 000055E9E8B9AFF0
2018/12/26 14:10:34 [debug] 13248#0: *1 http static fd: 11
2018/12/26 14:10:34 [debug] 13248#0: *1 http set discard body
2018/12/26 14:10:34 [debug] 13248#0: *1 HTTP/1.1 200 OK
Server: nginx/1.15.5
Date: Wed, 26 Dec 2018 08:40:34 GMT
Content-Type: text/html
Content-Length: 1000000
Last-Modified: Tue, 25 Dec 2018 09:02:16 GMT
Connection: keep-alive
ETag: "5c21f218-f4240"
Accept-Ranges: bytes

2018/12/26 14:10:34 [debug] 13248#0: *1 write new buf t:1 f:0
000055E9E8B9B1C8, pos 000055E9E8B9B1C8, size: 244 file: 0, size: 0
2018/12/26 14:10:34 [debug] 13248#0: *1 http write filter: l:0 f:0 s:244
2018/12/26 14:10:34 [debug] 13248#0: *1 http output filter "/1mb.html?"
2018/12/26 14:10:34 [debug] 13248#0: *1 http copy filter: "/1mb.html?"
2018/12/26 14:10:34 [debug] 13248#0: *1 malloc: 000055E9E8BD9110:32768
2018/12/26 14:10:34 [debug] 13248#0: *1 read: 11, 000055E9E8BD9110, 32768,
0
2018/12/26 14:10:34 [debug] 13248#0: *1 http postpone filter "/1mb.html?"
000055E9E8B9B3B8
2018/12/26 14:10:34 [debug] 13248#0: *1 write old buf t:1 f:0
000055E9E8B9B1C8, pos 000055E9E8B9B1C8, size: 244 file: 0, size: 0
2018/12/26 14:10:34 [debug] 13248#0: *1 write new buf t:1 f:0
000055E9E8BD9110, pos 000055E9E8BD9110, size: 32768 file: 0, size: 0
2018/12/26 14:10:34 [debug] 13248#0: *1 http write filter: l:0 f:1 s:33012
2018/12/26 14:10:34 [debug] 13248#0: *1 http write filter limit 0
2018/12/26 14:10:34 [debug] 13248#0: *1 posix_memalign: 000055E9E8B78950:512
@16
2018/12/26 14:10:34 [debug] 13248#0: *1 malloc: 000055E9E8BCD330:16384
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL buf copy: 244
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL buf copy: 16140
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL to write: 16384
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL_write: 16384
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL buf copy: 16384
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL to write: 16384
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL_write: 16384


My nginx.conf section related to https:

server {
        listen 8081 ssl;
        sendfile off;
        tcp_nopush off;
        #ssl        on;
        ssl_certificate         /etc/ssl/certs/server.crt;
        ssl_certificate_key     /etc/ssl/private/server.key;
        server_name server.com;
        ssl_prefer_server_ciphers on;
        ssl_ciphers AES128-GCM-SHA256;


        access_log     off;
        error_log      /var/log/nginx/nginx.server.https.error.log debug;

        location / {
            root /usr/local/nginx/html/protected;
        }
    }

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,282472,282472#msg-282472