Routing based on ALPN

Wiktor Kwapisiewicz wiktor at metacode.biz
Wed Mar 7 11:38:51 UTC 2018 

> below is the initial version of patch that creates the
> "$ssl_preread_alpn_protocols" variable; the content is a comma-separated
> list of protocols, sent by client in ALPN extension, if present.
> 
> Any feedback is appretiated.
> 

I have just tested this patch and can confirm it's working perfectly fine.

The patch was applied against this commit: https://github.com/nginx/nginx/commit/83dceda8688fcba6da9fd12f6480606563d7b7a3
And I was using LibreSSL.

I've set up three upstream servers for tests, two using node.js (HTTPS) and one Prosody (XMPP server):

    map $ssl_preread_alpn_protocols $upstream {
        default node1;
        "h2,http/1.1" node2;
        "xmpp-client" prosody;
    }

Curling with no ALPN correctly returns answer from node1:

    > curl -k -i --no-alpn https://docker.local
    HTTP/1.1 200 OK
    Date: Wed, 07 Mar 2018 11:24:26 GMT
    Connection: keep-alive
    Content-Length: 23

    Everything works: node1

Curling with default configuration (ALPN: h2,http/1.1) also works:

    > curl -k -i https://docker.local
    HTTP/1.1 200 OK
    Date: Wed, 07 Mar 2018 11:24:43 GMT
    Connection: keep-alive
    Content-Length: 23

    Everything works: node2

Then I tested XMPP by adding an SRV record:

    > dig _xmpps-client._tcp.testing.metacode.biz SRV
    ;; ANSWER SECTION:
    _xmpps-client._tcp.testing.metacode.biz. 119 IN SRV 1 1 443 docker.local.

And using Gajim to connect to testing.metacode.biz. It worked.

Nginx (web_1) logs correctly show all connection attempts with ALPN values:

prosody_1  | c2s2564890                              info       Client connected
web_1      | 192.168.99.1 xmpp-client [07/Mar/2018:11:21:58 +0000] TCP 200 2335 871 1.566
web_1      | 192.168.99.1  [07/Mar/2018:11:24:26 +0000] TCP 200 1546 327 0.298
web_1      | 192.168.99.1 h2,http/1.1 [07/Mar/2018:11:24:35 +0000] TCP 200 1539 262 0.324
web_1      | 192.168.99.1 h2,http/1.1 [07/Mar/2018:11:24:43 +0000] TCP 200 1539 262 0.293
prosody_1  | c2s2564890                              info       Authenticated as wiktor at testing.metacode.biz

I've used log_format basic '$remote_addr $ssl_preread_alpn_protocols [$time_local] '
                 '$protocol $status $bytes_sent $bytes_received '
                 '$session_time';

This looks *very good*, thanks for your time!

Kind regards,
Wiktor

-- 
*/metacode/*

More information about the nginx mailing list