nginx Digest, Vol 147, Issue 27
Devashi Tandon
devashi.tandon at appsentinels.ai
Wed Jan 26 07:14:31 UTC 2022
Hi Sergey,
I tried with clearing the connections header but NGINX is still sending the 5th response through a new source port. Let me give a more detailed configuration we have. Just to inform you, we have our own auth module instead of using the NGINX auth module. We call ngx_http_post_request to post subrequests and the code is almost the same as that of auth module. For the subrequest sent by auth module with the following configuration we expect NGINX to send requests through a new port for the first four connections and then reuse one of the ports for the fifth connection, especially when the requests are sequential.
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65s;
include /etc/nginx/conf.d/*.conf;
proxy_socket_keepalive on;
server {
listen 9000;
server_name front-service;
ext_auth_fail_allow on;
error_log /var/log/nginx/error.log debug;
location / {
ext_auth_request /auth;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-Ip $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8090;
location /auth {
internal;
proxy_set_header X-Req-Uri $request_uri;
proxy_set_header X-Method $request_method;
proxy_set_header X-Req-Host $host;
proxy_set_header X-Client-Addr $remote_addr:$remote_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_connect_timeout 5000ms;
proxy_read_timeout 5000ms;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_pass http://ext-authz-upstream-server;
}
}
upstream ext-authz-upstream-server {
server 172.20.10.6:9006;
keepalive 4;
}
}
Could you please help on what we are missing?
Thanks,
Devashi
Date: Mon, 24 Jan 2022 17:56:33 +0300
From: "Sergey A. Osokin" <osa at freebsd.org.ru>
Subject: Re: Using single persistent socket to send subrequests
To: nginx at nginx.org
Message-ID: <Ye6+Ie0SM9YCKGby at FreeBSD.org.ru>
Content-Type: text/plain; charset=utf-8
Hi Devashi,
On Mon, Jan 24, 2022 at 05:52:56AM +0000, Devashi Tandon wrote:
>
> We have the following configuration:
>
> location / {
> proxy_http_version 1.1;
> proxy_pass http://ext-authz-upstream-server;
> }
>
> upstream ext-authz-upstream-server {
> server 172.20.10.6:9006;
> keepalive 4;
> }
>
> Do I need to add any other configuration to reuse the first four socket connections besides keepalive 4?
You'd need to review and slightly update the `location /' configuration
block by adding the following directive:
proxy_set_header Connection "";
Please visit the following link to get more details:
https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
--
Sergey Osokin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20220126/14d209ea/attachment.htm>
More information about the nginx
mailing list