Welcome! Log In Create A New Profile

Advanced

SPDY reverse proxy

Posted by mschipperheyn 
SPDY reverse proxy
May 26, 2014 08:45AM
Hi,

I have been experimenting with setting up nginx as a reverse proxy using SPDY SSL.
I'm using a self signed wildcard 2048 certificate in my test setup with an nginx 1.6 front end webserver and as backend webservers simple nginx setups serving plain http over port 80.

I use two nginx configurations, one for the HTML pages and one for the assets
https://test.site.com
https://assets.site.com

Everything seems to work fine until after a couple of reloads all assets from the asset server start returning empty responses. Loading these items in a separate tab always works fine. When I hit reload a couple of times, it returns to normal operation and this cycle continues.

When the assets are not being loaded successfully, cpu load on Firefox also goes through the roof. Seems some kind of infinite loop occurs.

I'm not sure if this could be configuration related or how I can avoid this. Any suggestions?

My configuration is basically:

server{
listen 443 ssl spdy;
server_name assets.site.com;
charset utf-8;
server_name_in_redirect off;
root /var/lib/tomcat7/webapps/site;
add_header Cache-Control public;

ssl_certificate /etc/ssl/site_com.crt;
ssl_certificate_key /etc/ssl/site_com.key;

ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_buffer_size 8k;




location / {
expires max;
try_files $uri @proxy;
}

location @proxy {
proxy_buffering on;
proxy_pass http://static;

proxy_cache STATIC;
proxy_cache_valid 200 90d;
proxy_cache_valid 404 5m;
proxy_cache_use_stale error timeout invalid_header updating
http_500 http_502 http_503 http_504;
proxy_cache_key $host$request_uri;
proxy_hide_header Set_Cookie;
proxy_ignore_headers "Set-Cookie";

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;

proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 30;


}
}

The spdy configuration for the other webserver is basically identical

Kind regards,
Marc



Edited 1 time(s). Last edit at 05/26/2014 08:46AM by mschipperheyn.
Re: SPDY reverse proxy
May 26, 2014 09:13AM
Try the latest mainline version or backport the spdy changes.
Re: SPDY reverse proxy
May 26, 2014 02:42PM
Ok, I understand that updating to mainline means upgrading to nginx 1.7. This suggests some kind of bug or limitation in older nginx versions. Could you point me to the relevant bug report(s)?

I don't quite understand the other option: backporting the SPDY changes.
Re: SPDY reverse proxy
May 26, 2014 03:25PM
Work on nginx and spdy is always ongoing so there bound to be changes between 1.6 and 1.7, see http://hg.nginx.org/nginx/log?rev=spdy

spdy comes down to a few files;
src\http\ngx_http_spdy.c
src\http\ngx_http_spdy.h
src\http\ngx_http_spdy_filter_module.c
src\http\ngx_http_spdy_module.c
src\http\ngx_http_spdy_module.h
You might be able to simply take only spdy from the 1.7 version if you don't want all of 1.7

---
nginx for Windows http://nginx-win.ecsds.eu/
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 52
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready