Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#363 closed defect (invalid)

SPDY configuration inheritance issue

Reported by: Rune Sørensen Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.3.x
Keywords: spdy Cc:
uname -a: Linux ip-10-150-131-78 3.5.0-23-generic #35-Ubuntu SMP Thu Jan 24 13:15:40 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.4.1
built by gcc 4.7.2 (Ubuntu/Linaro 4.7.2-2ubuntu1)
TLS SNI support enabled
configure arguments: --with-http_spdy_module --with-http_ssl_module

Description

There appears to be a configuration inheritance issue when configuring the new spdy option on listen directives. Enabling spdy on one server's listen directive will enable spdy on other servers as well, without the spdy option on those server's listen directives.

We've reproduced the issue with a very simple configuration. In the below sample, bar.com will start using spdy even though it's actually only configured on the server with the foo.com server name.

Let me know if you need any more information or if we can help test a patch. It might also be misconfigured, but it seems like this is a violation of the usual nginx configuration inheritance model.

This was tested on Ubuntu 12.10 with OpenSSL 1.0.1c on an AWS instance with a single IP address.

Minimal nginx.conf to reproduce the issue:

user www-data;
worker_processes 1;

events {

worker_connections 512;

}

pid /var/run/nginx.pid;

http {

server {

listen 443 ssl;
server_name bar.com;
ssl_certificate /var/www/certificates/foo.crt;
ssl_certificate_key /var/www/certificates/foo.key;

location / {

root /var/www/foo/;

}

}

server {

listen 443 ssl spdy;
server_name foo.com;
ssl_certificate /var/www/certificates/bar.crt;
ssl_certificate_key /var/www/certificates/bar.key;

location / {

root /var/www/bar/;

}

}

}

Change History (4)

comment:1 by Rune Sørensen, 7 years ago

I mislabeled this as a version 1.3.x bug - it should have been been 1.4.1 (and I can't change it now it seems).

comment:2 by Valentin V. Bartenev, 7 years ago

Resolution: invalid
Status: newclosed

It's expected behaviour. See the documentation:

The spdy parameter (1.3.15) allows to accept SPDY connections on this port.

Almost all listen options work that way. You can omit ssl as well.

comment:3 by Rune Sørensen, 7 years ago

Thanks for the clarification. Seems fairly clear from the documentation. Correct me if I'm wrong, but I take it that there's no way to achieve what I'd like then (configure multiple servers listening on the same port with different SPDY settings).

comment:4 by Valentin V. Bartenev, 7 years ago

Correct me if I'm wrong, but I take it that there's no way to achieve what I'd like then

Yes, currently you can't enable spdy on a per virtual server basis on the same port.

Note: See TracTickets for help on using tickets.