nginx Digest, Vol 147, Issue 27

Devashi Tandon devashi.tandon at appsentinels.ai
Wed Jan 26 07:14:31 UTC 2022 

Hi Sergey,

I tried with clearing the connections header but NGINX is still sending the 5th response through a new source port. Let me give a more detailed configuration we have. Just to inform you, we have our own auth module instead of using the NGINX auth module. We call ngx_http_post_request to post subrequests and the code is almost the same as that of auth module. For the subrequest sent by auth module with the following configuration we expect NGINX to send requests through a new port for the first four connections and then reuse one of the ports for the fifth connection, especially when the requests are sequential.

http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65s;
    include /etc/nginx/conf.d/*.conf;
    proxy_socket_keepalive on;

    server {
        listen       9000;
        server_name  front-service;
        ext_auth_fail_allow on;
        error_log  /var/log/nginx/error.log debug;
        location / {
                    ext_auth_request /auth;
                    proxy_http_version 1.1;
                    proxy_set_header Connection "";
                    proxy_set_header Upgrade $http_upgrade;
                    proxy_set_header X-Real-Ip $remote_addr;
                    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                    proxy_set_header X-Forwarded-Proto $scheme;
                    proxy_pass http://localhost:8090;

        location /auth {
                internal;
                proxy_set_header X-Req-Uri $request_uri;
                proxy_set_header X-Method $request_method;
                proxy_set_header X-Req-Host $host;
                proxy_set_header X-Client-Addr $remote_addr:$remote_port;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_connect_timeout 5000ms;
                proxy_read_timeout    5000ms;
                proxy_http_version 1.1;
                proxy_set_header Connection "";
                proxy_pass http://ext-authz-upstream-server;
        }
    }
    upstream ext-authz-upstream-server {
                server 172.20.10.6:9006;
                keepalive 4;
    }
}
Could you please help on what we are missing?

Thanks,
Devashi

Date: Mon, 24 Jan 2022 17:56:33 +0300
From: "Sergey A. Osokin" <osa at freebsd.org.ru>
Subject: Re: Using single persistent socket to send subrequests
To: nginx at nginx.org
Message-ID: <Ye6+Ie0SM9YCKGby at FreeBSD.org.ru>
Content-Type: text/plain; charset=utf-8

Hi Devashi,

On Mon, Jan 24, 2022 at 05:52:56AM +0000, Devashi Tandon wrote:
>
> We have the following configuration:
>
> location / {
>     proxy_http_version 1.1;
>     proxy_pass http://ext-authz-upstream-server;
> }
>
> upstream ext-authz-upstream-server {
>     server 172.20.10.6:9006;
>     keepalive 4;
> }
>
> Do I need to add any other configuration to reuse the first four socket connections besides keepalive 4?

You'd need to review and slightly update the `location /' configuration
block by adding the following directive:

    proxy_set_header Connection "";

Please visit the following link to get more details:
https://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive

--
Sergey Osokin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20220126/14d209ea/attachment.htm>

More information about the nginx mailing list