Welcome! Log In Create A New Profile

Advanced

inheritance of proxy_http_version and proxy_set_header

Posted by Joe Doe 
I have many multiple mirrors for incoming request. To keep the config
clean, I set:
proxy_http_version 1.1;
proxy_set_header "";

in the http context. This worked for us (verified keep-alive is working),
and it will inherit to all the mirror proxy_pass.

However, I recently added a mirror that used https, and I notice these
settings no longer inherit to this mirror. At least keep-alive was not
working. To address this, I had to add these 2 settings into the location
specific to the mirror. (adding to the server context didn't work either)

According to the documentation, these 2 settings can be in http, server and
location context. And I assume if it's in http context, it would inherit to
all the sub-blocks (and it did work for all the other http mirrors). Is
this assumption incorrect and I should add these 2 settings to all the
locations where I want to use keep-alive?
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
On Wed, May 09, 2018 at 04:32:51AM -0700, Joe Doe wrote:

Hi there,

> I have many multiple mirrors for incoming request. To keep the config
> clean, I set:
> proxy_http_version 1.1;
> proxy_set_header "";
>
> in the http context. This worked for us (verified keep-alive is working),
> and it will inherit to all the mirror proxy_pass.

Those config directives (corrected) will inherit to any "location" which
does not have a "proxy_http_version" directive or a "proxy_set_header"
directive, respectively. (Assuming that neither are set at "server"
level either.)

> However, I recently added a mirror that used https, and I notice these
> settings no longer inherit to this mirror. At least keep-alive was not
> working. To address this, I had to add these 2 settings into the location
> specific to the mirror. (adding to the server context didn't work either)

Can you show the config that does not react the way that you want it to?

If you get the upstream (proxy_pass) server to "echo" the incoming
request, can you see what http version and http headers are sent by nginx?

> According to the documentation, these 2 settings can be in http, server and
> location context. And I assume if it's in http context, it would inherit to
> all the sub-blocks (and it did work for all the other http mirrors). Is
> this assumption incorrect and I should add these 2 settings to all the
> locations where I want to use keep-alive?

Directive inheritance follows the rules, or there is a bug. If these two
settings mean that keep-alive works for you, then you must make sure
that these two settings are in, or inherited into, each location that
you care about.

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Here is the config with some info redacted. The only difference between the
mirror that inherited the setting and the ones not is http vs https. For
the time being, to get around the issue, the settings to use keep-alive for
upstream servers are added to those mirrors.

nginx.conf:


user nginx;

worker_processes auto;

worker_rlimit_nofile 65535;


error_log /app/logs/nginx/error.log warn;

pid /var/run/nginx.pid;


events {

worker_connections 65535;

}


http {

include /etc/nginx/conf.d/backend*.conf;


client_body_buffer_size 8k;


resolver x.x.x.x;


# Use connenction pool

proxy_http_version 1.1;

proxy_set_header Connection "";



keepalive_requests 2000;

keepalive_timeout 65;



include /etc/nginx/conf.d/reports.conf;

}



reports.conf:


server {

listen 80;

server_name servername.com;


location / {

mirror /a;

mirror /b;

mirror /c;

mirror /d;

mirror /e;

mirror /f;

proxy_pass http://primary;

}


location /a {

internal;

proxy_pass http://backend-a;

}

location /b {

internal;

proxy_pass http://backend-b;

}


location /c {

internal;

proxy_pass http://c;

}


location /d {

internal;

proxy_pass http://backend-d;

}



location /e {

internal;

proxy_http_version 1.1;

proxy_set_header Connection "";

proxy_pass https://backend-e;

}


location /f {

internal;

proxy_http_version 1.1;

proxy_set_header Connection "";

proxy_pass https://backend-f;

}

}


On Wed, May 9, 2018 at 1:25 PM, Francis Daly <[email protected]> wrote:

> On Wed, May 09, 2018 at 04:32:51AM -0700, Joe Doe wrote:
>
> Hi there,
>
> > I have many multiple mirrors for incoming request. To keep the config
> > clean, I set:
> > proxy_http_version 1.1;
> > proxy_set_header "";
> >
> > in the http context. This worked for us (verified keep-alive is working),
> > and it will inherit to all the mirror proxy_pass.
>
> Those config directives (corrected) will inherit to any "location" which
> does not have a "proxy_http_version" directive or a "proxy_set_header"
> directive, respectively. (Assuming that neither are set at "server"
> level either.)
>
> > However, I recently added a mirror that used https, and I notice these
> > settings no longer inherit to this mirror. At least keep-alive was not
> > working. To address this, I had to add these 2 settings into the location
> > specific to the mirror. (adding to the server context didn't work either)
>
> Can you show the config that does not react the way that you want it to?
>
> If you get the upstream (proxy_pass) server to "echo" the incoming
> request, can you see what http version and http headers are sent by nginx?
>
> > According to the documentation, these 2 settings can be in http, server
> and
> > location context. And I assume if it's in http context, it would inherit
> to
> > all the sub-blocks (and it did work for all the other http mirrors). Is
> > this assumption incorrect and I should add these 2 settings to all the
> > locations where I want to use keep-alive?
>
> Directive inheritance follows the rules, or there is a bug. If these two
> settings mean that keep-alive works for you, then you must make sure
> that these two settings are in, or inherited into, each location that
> you care about.
>
> f
> --
> Francis Daly francis@daoine.org
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
On Sat, May 12, 2018 at 11:18:23AM -0700, Joe Doe wrote:

Hi there,

> Here is the config with some info redacted. The only difference between the
> mirror that inherited the setting and the ones not is http vs https. For
> the time being, to get around the issue, the settings to use keep-alive for
> upstream servers are added to those mirrors.

It's good that you have a workaround that lets your production system
do what you want it to.

As I understand it, you want the mirror'ed upstreams to take advantage
of keep-alive. Your config uses two directives to set two specific things.

With those directives "inherited" into the https-mirror'ed location, things
do not work. With them explicit in that mirror'ed location, things do work.

I am unable to reproduce that problem report.

When I use the following config (port 8000 is the "front-end" web server;
the other ports and ssl are the "back-end" servers), I see the same http
version in $request and the same value of $http_connection for each of
the back-ends (in upstream.log), without needing to explicitly override
any config in the https-mirror'ed location.

How does this differ from what you see, can you see?

==
http {

log_format connection '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$http_connection" "$request"';

proxy_http_version 1.1;
proxy_set_header Connection "";

server {
listen 8000;
server_name localhost;

location / {
mirror /a;
mirror /b;
mirror /c;
proxy_pass http://127.0.0.1:8081;
}
location /a {
internal;
proxy_pass http://127.0.0.1:8082;
}
location /b {
internal;
proxy_pass http://127.0.0.1:8083;
}
location /c {
internal;
proxy_pass https://127.0.0.1:8443;
}
}

server {
listen 8443 ssl;
listen 127.0.0.1:8081;
listen 127.0.0.1:8082;
listen 127.0.0.1:8083;
server_name localhost;

ssl_certificate cert.pem;
ssl_certificate_key cert.key;

access_log logs/upstream.log connection;

location / {
return 200 "request $request\nconnection $http_connection\n";
}
}
}
===

If I understand your report correctly, you would see something different
in the last two fields of the "GET /c" log line from what is in the
"GET /a" or "GET /b" log lines.

I don't see any difference there.

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login