#363 closed defect (invalid)
SPDY configuration inheritance issue
Reported by: | Rune Sørensen | Owned by: | |
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-module | Version: | 1.3.x |
Keywords: | spdy | Cc: | |
uname -a: | Linux ip-10-150-131-78 3.5.0-23-generic #35-Ubuntu SMP Thu Jan 24 13:15:40 UTC 2013 x86_64 x86_64 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.4.1
built by gcc 4.7.2 (Ubuntu/Linaro 4.7.2-2ubuntu1) TLS SNI support enabled configure arguments: --with-http_spdy_module --with-http_ssl_module |
Description
There appears to be a configuration inheritance issue when configuring the new spdy
option on listen
directives. Enabling spdy on one server's listen directive will enable spdy on other servers as well, without the spdy
option on those server's listen directives.
We've reproduced the issue with a very simple configuration. In the below sample, bar.com
will start using spdy even though it's actually only configured on the server with the foo.com
server name.
Let me know if you need any more information or if we can help test a patch. It might also be misconfigured, but it seems like this is a violation of the usual nginx configuration inheritance model.
This was tested on Ubuntu 12.10 with OpenSSL 1.0.1c on an AWS instance with a single IP address.
Minimal nginx.conf to reproduce the issue:
user www-data;
worker_processes 1;
events {
worker_connections 512;
}
pid /var/run/nginx.pid;
http {
server {
listen 443 ssl;
server_name bar.com;
ssl_certificate /var/www/certificates/foo.crt;
ssl_certificate_key /var/www/certificates/foo.key;
location / {
root /var/www/foo/;
}
}
server {
listen 443 ssl spdy;
server_name foo.com;
ssl_certificate /var/www/certificates/bar.crt;
ssl_certificate_key /var/www/certificates/bar.key;
location / {
root /var/www/bar/;
}
}
}
Change History (4)
comment:1 by , 11 years ago
comment:2 by , 11 years ago
Resolution: | → invalid |
---|---|
Status: | new → closed |
It's expected behaviour. See the documentation:
The spdy parameter (1.3.15) allows to accept SPDY connections on this port.
Almost all listen
options work that way. You can omit ssl
as well.
comment:3 by , 11 years ago
Thanks for the clarification. Seems fairly clear from the documentation. Correct me if I'm wrong, but I take it that there's no way to achieve what I'd like then (configure multiple servers listening on the same port with different SPDY settings).
comment:4 by , 11 years ago
Correct me if I'm wrong, but I take it that there's no way to achieve what I'd like then
Yes, currently you can't enable spdy on a per virtual server basis on the same port.
I mislabeled this as a version 1.3.x bug - it should have been been 1.4.1 (and I can't change it now it seems).