id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 1472 Downloads stop after 1GB depending of network nudgegoonies@… "Hi, we tried nginx version 1.6.2 till version 1.12.2 and have a problem when used as proxy before artifactory. Downloads get interrupted at 1GB. This behavior depends on the internal VLAN. On one VLAN this always happens. On an other VLAN it never happens. This is size limited, not time limited. From some network it stops after 30 seconds and from one other slow network it stops after 13 minutes. We made a minimal proxy setup with apache and this works with all VLANs. This is why we expect it has something to do with nginx or the combination of nginx and TCP/IP stack of linux. In wireshark we see ""TCP Dup ACK"" on the client side sent to the nginx server. Wget fails with connection closed at byte 1083793011 but continues download with partial content. docker can't handle this and our customers can't download docker images with layers greater 1 GB. The following text shows two anonymized minimal configs. The nginx config that is problematic and the apache config that works: {{{ NGINX config: server { listen *:80; server_name NAME; client_max_body_size 3G; access_log /var/log/nginx/NAME.access.log; error_log /var/log/nginx/NAME.error.log; if ($request_uri !~ /artifactory/) { rewrite ^ $scheme://NAME/artifactory/ permanent; } location /artifactory { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://ARTIFACTORY:PORT; proxy_pass_header Server; proxy_read_timeout 90s; } } APACHE config: ServerName NAME ServerAdmin NAME ErrorLog ${APACHE_LOG_DIR}/error.log LogLevel warn ProxyRequests Off Order allow,deny Allow from All ProxyPass / http://ARTIFACTORY:PORT/ ProxyPassReverse / http://ARTIFACTORY:PORT/ }}} " enhancement accepted minor nginx-module proxy Linux NAME 4.9.0-0.bpo.5-amd64 #1 SMP Debian 4.9.65-3+deb9u2~bpo8+1 (2017-01-05) x86_64 GNU/Linux "nginx version: nginx/1.12.2 built by gcc 4.9.2 (Debian 4.9.2-10) built with OpenSSL 1.0.1t 3 May 2016 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' "