Opened 5 years ago
#1809 new enhancement
Allow stream with `ssl_preread on` to forward to http without leaving nginx
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | other | Version: | 1.15.x |
| Keywords: | Cc: | ||
| uname -a: | Linux urist.lubar.me 5.0.0-20-generic #21-Ubuntu SMP Mon Jun 24 09:32:09 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.15.9 (Ubuntu)
built with OpenSSL 1.1.1b 26 Feb 2019 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-o86Ds8/nginx-1.15.9=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-compat --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --add-dynamic-module=/build/nginx-o86Ds8/nginx-1.15.9/debian/modules/http-headers-more-filter --add-dynamic-module=/build/nginx-o86Ds8/nginx-1.15.9/debian/modules/http-auth-pam --add-dynamic-module=/build/nginx-o86Ds8/nginx-1.15.9/debian/modules/http-cache-purge --add-dynamic-module=/build/nginx-o86Ds8/nginx-1.15.9/debian/modules/http-dav-ext --add-dynamic-module=/build/nginx-o86Ds8/nginx-1.15.9/debian/modules/http-ndk --add-dynamic-module=/build/nginx-o86Ds8/nginx-1.15.9/debian/modules/http-echo --add-dynamic-module=/build/nginx-o86Ds8/nginx-1.15.9/debian/modules/http-fancyindex --add-dynamic-module=/build/nginx-o86Ds8/nginx-1.15.9/debian/modules/nchan --add-dynamic-module=/build/nginx-o86Ds8/nginx-1.15.9/debian/modules/http-lua --add-dynamic-module=/build/nginx-o86Ds8/nginx-1.15.9/debian/modules/rtmp --add-dynamic-module=/build/nginx-o86Ds8/nginx-1.15.9/debian/modules/http-uploadprogress --add-dynamic-module=/build/nginx-o86Ds8/nginx-1.15.9/debian/modules/http-upstream-fair --add-dynamic-module=/build/nginx-o86Ds8/nginx-1.15.9/debian/modules/http-subs-filter |
||
Description
Currently, having multiple services on the same port that depend on ALPN means that every incoming connection creates another internal TCP connection, which means sockets get used up faster than they need to and every packet gets sent a second time through the kernel.
Instead, if nginx could transfer ownership of the socket from the stream module to the http module without proxying, this would speed up this use case and reduce its resource usage.
Note:
See TracTickets
for help on using tickets.
