Opened 4 years ago

Closed 4 years ago

#951 closed defect (worksforme)

'proxy_request_buffering' does not work with 'http2' on nginx 1.9.14

Reported by: Constantin Irimia Owned by:
Priority: minor Milestone:
Component: documentation Version: 1.9.x
Keywords: proxy_request_buffering, ngx_http_v2_module Cc:
uname -a: FreeBSD myserver1.com 10.2-STABLE FreeBSD 10.2-STABLE #0 r289827: Fri Oct 23 20:27:20 UTC 2015 root@releng1.nyi.freebsd.org:/usr/obj/usr/src/sys/GENERIC amd64
nginx -V: nginx version: nginx/1.9.14
built with OpenSSL 1.0.2g 1 Mar 2016
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --modules-path=/usr/local/etc/nginx/modules --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-debug --with-file-aio --with-ipv6 --with-google_perftools_module --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_addition_module --with-http_auth_request_module --add-module=/usr/ports/www/nginx-devel/work/ngx_cache_purge-2.3 --with-http_dav_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gzip_static_module --with-http_gunzip_module --with-http_image_filter_module=dynamic --with-http_perl_module=dynamic --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_stub_status_module --with-http_sub_module --with-http_xslt_module=dynamic --add-module=/usr/ports/www/nginx-devel/work/mod_zip-1.1.6 --add-module=/usr/ports/www/nginx-devel/work/ngx_devel_kit-0.2.19 --add-module=/usr/ports/www/nginx-devel/work/encrypted-session-nginx-module-0.03 --with-pcre --with-http_v2_module --add-dynamic-module=/usr/ports/www/nginx-devel/work/njs-b9a54be/nginx --with-stream=dynamic --with-stream_ssl_module --with-threads --with-mail=dynamic --with-mail_ssl_module --with-http_ssl_module --add-module=/usr/ports/www/nginx-devel/work/iconv-nginx-module-0.10

Description

The proxy_request_buffering can't be turned off for HTTP2 requests.
I use following config:


worker_processes 12;

error_log /data/www/nginx/logs/error-info.log info;

events {

    worker_connections 1024;

}

http {

    include mime.types;
    default_type application/octet-stream;
    include fastcgi_microcache_zone.conf;
    include proxy_microcache_zone.conf;

    log_format main '$remote_addr - $remote_user [$upstream_cache_status] [$time_local] "$request" '

        '$status $body_bytes_sent "$http_referer" '
        '"$http_user_agent" "$gzip_ratio" "$http_x_forwarded_for"';

    access_log /data/www/nginx/logs/access.log main;

    sendfile on;

    keepalive_timeout 128;

    gzip on;
    gzip_static on;
    gzip_proxied any; #expired no-cache no-store private auth;
    gzip_comp_level 3;
    gzip_types text/plain application/xml text/css text/javascript application/javascript application/json;

    server_tokens off;

    client_body_buffer_size 256k;
    client_max_body_size 1G;
    client_body_timeout 600s;
    client_header_buffer_size 64k;
    proxy_connect_timeout 7200s;
    proxy_send_timeout 7200s;
    proxy_read_timeout 7200s;
    send_timeout 7200s;
    fastcgi_send_timeout 7200s;
    fastcgi_read_timeout 7200s;

    proxy_request_buffering off;
    proxy_buffering on;
    proxy_buffer_size 64k;
    proxy_buffers 8 64k;
    proxy_busy_buffers_size 256k;

    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_dhparam /usr/local/etc/nginx/certificates/dhparam.pem;
    ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS !RC4";

    server {

        listen 443 ssl http2;
        server_name mydomain.com www.mydomain.com;

        error_log /data/www/data/customer0001/vhosts/mydomain.com/logs/nginx_error.log warn;
        access_log /data/www/data/customer0001/vhosts/mydomain.com/logs/nginx_access.log main;

        location / {

            proxy_request_buffering off;
            proxy_pass ​http://0.0.0.0:81;
            proxy_redirect off;
            proxy_http_version 1.1;
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Authorization $http_authorization;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_pass_header Authorization;

        }

        ssl on;
        ssl_certificate /fullchain.pem;
        ssl_certificate_key /privkey.pem;

        add_header Alternate-Protocol 443:npn-spdy/3;
        add_header Strict-Transport-Security "max-age=31536000; includeSubdomains";
        add_header X-Forwarded-Authorization $http_authorization;

    }

}

Change History (3)

comment:1 by Ruslan Ermilov, 4 years ago

How do you conclude that "proxy_request_buffering off" does not work for you when use use HTTP/2? Supplying a debug log will help investigate this.

comment:2 by Maxim Dounin, 4 years ago

First of all, I would recommend to check if the nginx version running is actually 1.9.14. The server_tokens off in the configuration snippet provided suggests it's not something that was checked.

Note well that nginx binary on disk may not be the same as nginx binary running, and checking version in nginx -V is not enough.

comment:3 by Maxim Dounin, 4 years ago

Resolution: worksforme
Status: newclosed

Feedback timeout.

Note: See TracTickets for help on using tickets.