Opened 17 months ago

Last modified 17 months ago

#1552 new enhancement

No way to use http2 with stream-section

Reported by: FAUSheppy@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.13.x
Keywords: stream, http2 Cc: sheppy@…
uname -a: Linux HOSTNAME 4.9.0-6-amd64 #1 SMP Debian 4.9.82-1+deb9u3 (2018-03-02) x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.13.12 built by gcc 6.3.0 20170516 (Debian 6.3.0-18+deb9u1) built with OpenSSL 1.1.0f 25 May 2017 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -fdebug-prefix-map=/data/builder/debuild/nginx-1.13.12/debian/debuild-base/nginx-1.13.12=. -specs=/usr/share/dpkg/no-pie-compile.specs -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-specs=/usr/share/dpkg/no-pie-link.specs -Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie'

Description

I have a server in a stream section that multiplexes connections to upstreams based on a map-construct:

stream{

map $something $map_name{

defaul upstream1;
"somevalue" upstream2;

}
upstream1{

server unix:/samepath;

}
...
server{

listen 443 ssl;
proxy_protocol on;
proxy_pass $map_name;

}
server{

listen unix:/samepath;
proxy_pass 127.0.0.1:8001;

}

}

and a server in an http-block:

http{

...
server{

listen 127.0.0.1:8001;
...

}

}

I cannot enable http2, in the stream section the directive is not allowed (so I can't write it to my top level server listening on 443 as I would intend to, and if i write it to the server in the http-section, I only get a cryptic file that downloads every time i access the website.

Change History (2)

comment:1 Changed 17 months ago by FAUSheppy@…

It appears to work, if I move the ssl away from the server-block in stream, to the server in http and place an http2 after it but I cannot do that because I need the tls certificate in the map.

comment:2 Changed 17 months ago by mdounin

  • Type changed from defect to enhancement

The stream module is a generic TCP proxy module, it doesn't talk neither HTTP nor HTTP/2, hence there is no "http2" option.

If you want to select a backend depending on whether client announces HTTP/2 support via the ALPN extension, consider using the $ssl_preread_alpn_protocols variable as available in the SSL preread module.

It is not currently possible to configure ALPN protocols for the stream module to negotiate during an SSL handshake. This might be a feature worth adding, so leaving this open as an enahancement for now.

Note: See TracTickets for help on using tickets.