id,summary,reporter,owner,description,type,status,priority,milestone,component,version,resolution,keywords,cc,uname,nginx_version 915,"""Upgrade"" header should not be proxied over h2",Guillaume Rossolini,,"When proxying an HTTP/2-enabled webserver with nginx, nginx fetches resources using HTTP/1.1, which the backend server tries to upgrade to HTTP/2 by sending the ""Upgrade: h2"" header. In the default configuration, this header is then forwarded to the client, which is incorrect. In the case of nghttp, this is interpreted as an error: {{{ inflatehd: header emission: upgrade: h2 recv: proclen=10 recv: HTTP error: type=1, id=13, header upgrade: h2 [ 0.008] [INVALID; error=Invalid HTTP header field was received] recv HEADERS frame ; END_HEADERS (padlen=0) ; First response header recv: [IB_IGN_HEADER_BLOCK] }}} cf. https://github.com/curl/curl/issues/674 An example setup would be using httpd-2.4 as a backend. This is easily remedied with the following nginx proxy config: {{{ proxy_hide_header Upgrade; }}} But maybe the default behaviour could be improved?",enhancement,new,minor,,nginx-module,1.9.x,,,,Linux XYZ 3.2.0-4-amd64 #1 SMP Debian 3.2.57-3 x86_64 GNU/Linux,"nginx version: nginx/1.9.12 built by gcc 4.7.2 (Debian 4.7.2-5) built with OpenSSL 1.0.2f 28 Jan 2016 TLS SNI support enabled configure arguments: --with-cc-opt=-I/usr/local/include --with-ld-opt=-L/usr/local/lib --with-cpu-opt=amd64 --sbin-path=/usr/local/sbin --with-http_ssl_module --without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module --with-http_gunzip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_v2_module --add-module=/usr/local/src/ngx_brotli-557486 --conf-path=/etc/nginx/nginx.conf"