id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,uname,nginx_version 1875,allow configuring upstreams as HTTP2 to prevent high latency for SSL connects,artheus@…,,"TL;DR; While configuring upstreams, one should be able to configure them as HTTP2. This way a connection to the upstream should be kept alive, and allowing a high rate of requests to pass through e.g. a reverse proxy. Allowing this would greatly decrease the resources (CPU and RAM) usage of e.g. backends with SSL termination. This is due to the SSL handshake will be done when connecting, and all other requests should be ""multiplexed"" in the long-lasting connections to the backend upstreams. Configuring upstreams like this would prevent e.g. plaintext data from being sent between sites (e.g. data-centers) example configuration: {{{ upstream h2backend { server backend1.example.com:443 http2; server backend2.example.com:443 http2; } server { location / { proxy_pass http://h2backend; } } }}} There might be a better/alternative solution to this, which would not confuse users to think that this would allow ""http2 push"". This suggested solution is only meant for preventing high latency and high resource usage for SSL connections (handshakes) to backend upstreams, strictly configured with SSL. ",enhancement,closed,minor,nginx-1.17,nginx-module,1.17.x,duplicate,proxy upstream http2,,Linux t-lb-int01-l 3.10.0-1062.1.1.el7.x86_64 #1 SMP Fri Sep 13 22:55:44 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux,"nginx version: nginx/1.16.1 built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'"