Opened 5 years ago

Closed 4 years ago

#892 closed enhancement (fixed)

'proxy_request_buffering' does not work with 'http2'

Reported by: doppelbauer.markus@… Owned by:
Priority: minor Milestone:
Component: documentation Version: 1.9.x
Keywords: Cc:
uname -a: CentOS 7, 3.10.0-327.4.4.el7.x86_64
nginx -V: nginx version: nginx/1.9.10
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/local/nginx --user=nginx --group=nginx --with-pcre --with-threads --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_gunzip_module --without-http_charset_module --without-http_ssi_module --without-http_userid_module --without-http_autoindex_module --without-http_geo_module --without-http_referer_module --without-http_memcached_module --without-http_empty_gif_module --without-http_browser_module --without-http_upstream_ip_hash_module --without-http_scgi_module --without-http_split_clients_module --without-http_uwsgi_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module

Description

If a client connects to a 'http2' server - and the server should ask a backend via 'proxy_request_buffering' => the POST request is buffered to disk.

Change History (7)

comment:1 by Valentin V. Bartenev, 5 years ago

Status: newaccepted
Type: defectenhancement

comment:2 by Valentin V. Bartenev, 5 years ago

The patches for this feature are provided for testing in the nginx-devel mailing list: http://mailman.nginx.org/pipermail/nginx-devel/2016-February/007955.html

comment:3 by Valentin V. Bartenev, 4 years ago

Resolution: fixed
Status: acceptedclosed

Support for unbuffered upload was implemented in 9d66d7ed2abb (nginx 1.9.14).

comment:4 by Constantin Irimia, 4 years ago

Resolution: fixed
Status: closedreopened

It seems that the proxy_request_buffering still not working on nginx 1.9.14 and http2

nginx -V
nginx version: nginx/1.9.14
built with OpenSSL 1.0.2g 1 Mar 2016
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --modules-path=/usr/local/etc/nginx/modules --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-debug --with-file-aio --with-ipv6 --with-google_perftools_module --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_addition_module --with-http_auth_request_module --add-module=/usr/ports/www/nginx-devel/work/ngx_cache_purge-2.3 --with-http_dav_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gzip_static_module --with-http_gunzip_module --with-http_image_filter_module=dynamic --with-http_perl_module=dynamic --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_stub_status_module --with-http_sub_module --with-http_xslt_module=dynamic --add-module=/usr/ports/www/nginx-devel/work/mod_zip-1.1.6 --add-module=/usr/ports/www/nginx-devel/work/ngx_devel_kit-0.2.19 --add-module=/usr/ports/www/nginx-devel/work/encrypted-session-nginx-module-0.03 --with-pcre --with-http_v2_module --add-dynamic-module=/usr/ports/www/nginx-devel/work/njs-b9a54be/nginx --with-stream=dynamic --with-stream_ssl_module --with-threads --with-mail=dynamic --with-mail_ssl_module --with-http_ssl_module --add-module=/usr/ports/www/nginx-devel/work/iconv-nginx-module-0.10

uname -a
FreeBSD cristi-03.myhost.com 10.2-STABLE FreeBSD 10.2-STABLE #0 r289827: Fri Oct 23 20:27:20 UTC 2015 root@…:/usr/obj/usr/src/sys/GENERIC amd64

2016/04/15 02:06:13 [warn] 56862#100830: *76 a client request body is buffered to a temporary file /var/tmp/nginx/client_body_temp/0000000001, client: 79.112.xxx.xxx, server: mydomain.com, request: "POST /temp/upload.php HTTP/2.0", host: "www.mydomain.com", referrer: "https://www.mydomain.com/temp/upload.php"

Last edited 4 years ago by Constantin Irimia (previous) (diff)

comment:5 by Constantin Irimia, 4 years ago

worker_processes 12;

error_log /data/www/nginx/logs/error-info.log info;

events {

worker_connections 1024;

}

http {

include mime.types;
default_type application/octet-stream;
include fastcgi_microcache_zone.conf;
include proxy_microcache_zone.conf;

log_format main '$remote_addr - $remote_user [$upstream_cache_status] [$time_local] "$request" '

'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$gzip_ratio" "$http_x_forwarded_for"';

access_log /data/www/nginx/logs/access.log main;

sendfile on;

keepalive_timeout 128;

gzip on;
gzip_static on;
gzip_proxied any; #expired no-cache no-store private auth;
gzip_comp_level 3;
gzip_types text/plain application/xml text/css text/javascript application/javascript application/json;

server_tokens off;

client_body_buffer_size 256k;
client_max_body_size 1G;
client_body_timeout 600s;
client_header_buffer_size 64k;
proxy_connect_timeout 7200s;
proxy_send_timeout 7200s;
proxy_read_timeout 7200s;
send_timeout 7200s;
fastcgi_send_timeout 7200s;
fastcgi_read_timeout 7200s;

proxy_request_buffering off;
proxy_buffering on;
proxy_buffer_size 64k;
proxy_buffers 8 64k;
proxy_busy_buffers_size 256k;

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_dhparam /usr/local/etc/nginx/certificates/dhparam.pem;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";

server {

listen 443 ssl http2;
server_name mydomain.com www.mydomain.com;

error_log /data/www/data/customer0001/vhosts/mydomain.com/logs/nginx_error.log warn;
access_log /data/www/data/customer0001/vhosts/mydomain.com/logs/nginx_access.log main;

location / {

proxy_request_buffering off;
proxy_pass http://0.0.0.0:81;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Authorization $http_authorization;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_header Authorization;

}

ssl on;
ssl_certificate /fullchain.pem;
ssl_certificate_key /privkey.pem;

add_header Alternate-Protocol 443:npn-spdy/3;
add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
add_header X-Forwarded-Authorization $http_authorization;

}

}

comment:6 by Maxim Dounin, 4 years ago

Closing this again. The feature was implemented and works as per various tests. Ticket #951 was created for the "still not working on nginx 1.9.14 and http2" report.

comment:7 by Maxim Dounin, 4 years ago

Resolution: fixed
Status: reopenedclosed
Note: See TracTickets for help on using tickets.