inheritance of proxy_http_version and proxy_set_header

Francis Daly francis at daoine.org
Tue May 15 21:11:17 UTC 2018


On Sat, May 12, 2018 at 11:18:23AM -0700, Joe Doe wrote:

Hi there,

> Here is the config with some info redacted. The only difference between the
> mirror that inherited the setting and the ones not is http vs https. For
> the time being, to get around the issue, the settings to use keep-alive for
> upstream servers are added to those mirrors.

It's good that you have a workaround that lets your production system
do what you want it to.

As I understand it, you want the mirror'ed upstreams to take advantage
of keep-alive. Your config uses two directives to set two specific things.

With those directives "inherited" into the https-mirror'ed location, things
do not work. With them explicit in that mirror'ed location, things do work.

I am unable to reproduce that problem report.

When I use the following config (port 8000 is the "front-end" web server;
the other ports and ssl are the "back-end" servers), I see the same http
version in $request and the same value of $http_connection for each of
the back-ends (in upstream.log), without needing to explicitly override
any config in the https-mirror'ed location.

How does this differ from what you see, can you see?

==
http {

    log_format connection '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status $body_bytes_sent '
                    '"$http_referer" "$http_user_agent" '
                    '"$http_connection" "$request"';

    proxy_http_version 1.1;
    proxy_set_header Connection "";

    server {
        listen 8000;
        server_name localhost;

        location / {
            mirror /a;
            mirror /b;
            mirror /c;
            proxy_pass http://127.0.0.1:8081;
        }
        location /a {
            internal;
            proxy_pass http://127.0.0.1:8082;
        }
        location /b {
            internal;
            proxy_pass http://127.0.0.1:8083;
        }
        location /c {
            internal;
            proxy_pass https://127.0.0.1:8443;
        }
    }

    server {
        listen 8443 ssl;
        listen 127.0.0.1:8081;
        listen 127.0.0.1:8082;
        listen 127.0.0.1:8083;
        server_name localhost;

        ssl_certificate cert.pem;
        ssl_certificate_key cert.key;

        access_log logs/upstream.log connection;

        location / {
          return 200 "request $request\nconnection $http_connection\n";
        }
    }
}
===

If I understand your report correctly, you would see something different
in the last two fields of the "GET /c" log line from what is in the
"GET /a" or "GET /b" log lines.

I don't see any difference there.

	f
-- 
Francis Daly        francis at daoine.org


More information about the nginx mailing list