Opened 4 years ago
Closed 4 years ago
#1887 closed enhancement (wontfix)
Add option to enable passthrough of HTTP/2 ping with grpc_pass
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | major | Milestone: | |
| Component: | nginx-module | Version: | 1.17.x |
| Keywords: | grpc_pass http_v2 http_grpc gRPC | Cc: | |
| uname -a: | Linux srv-hyperv-centos7 3.10.0-1062.1.2.el7.x86_64 #1 SMP Mon Sep 30 14:19:46 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.16.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-39) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-stream_ssl_preread_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-http_auth_request_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E' |
||
Description
gRPC has multiple options for keepalive, which are especially relevant for streaming messages:
https://github.com/grpc/grpc/blob/master/doc/keepalive.md
With these you are able to track disappearing clients and narrow connection latency. gRPC uses HTTP/2 ping messages for keepalives. When proxying through nginx, nginx does not passthrough ping messages to the client.
When using nginx with gRPC you currently have to implement a form of keepalive yourself. Send and receive timeouts from nginx are not helpful, as we use gRPC with long-lived streaming connections.
Possible solutions:
- Add an option to passthrough HTTP/2 ping messages to the gRPC backend:
grpc_ping_passthrough yes/no. - Add ability to send keepalive pings from nginx. In this case nginx would need additional options and nginx would have to terminate the connection if there is no response to the ping messages, similar to what gRPC does.
Note:
See TracTickets
for help on using tickets.
In case of proxying, the same connection to the backend can be used for requests from different clients. Further, in theory (assuming nginx will support multiplexing at some point) it can be used for requests from different clients at the same time. Passing pings to a particular clients somewhat contradicts this.
Also, there is no connection between the client and a backend as long as there is no active request. And if there are more than one active request from the client, there will be more than one client-server connection.
That is, HTTP/2 pings are good to check peer-to-peer connections, but cannot be effectively used to check end-to-end connectivity for proxied connections.
If you want to track disappearing clients with nginx, a better option might be to use TCP keepalives, which are supported for all connections, not just HTTP/2. See
so_keepalive=parameter of the listen directive.