> below is the initial version of patch that creates the
> "$ssl_preread_alpn_protocols" variable; the content is a comma-separated
> list of protocols, sent by client in ALPN extension, if present.
>
> Any feedback is appretiated.
>
I have just tested this patch and can confirm it's working perfectly fine.
The patch was applied against this commit: https://github.com/nginx/nginx/commit/83dceda8688fcba6da9fd12f6480606563d7b7a3
And I was using LibreSSL.
I've set up three upstream servers for tests, two using node.js (HTTPS) and one Prosody (XMPP server):
map $ssl_preread_alpn_protocols $upstream {
default node1;
"h2,http/1.1" node2;
"xmpp-client" prosody;
}
Curling with no ALPN correctly returns answer from node1:
> curl -k -i --no-alpn https://docker.local
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 11:24:26 GMT
Connection: keep-alive
Content-Length: 23
Everything works: node1
Curling with default configuration (ALPN: h2,http/1.1) also works:
> curl -k -i https://docker.local
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 11:24:43 GMT
Connection: keep-alive
Content-Length: 23
Everything works: node2
Then I tested XMPP by adding an SRV record:
> dig _xmpps-client._tcp.testing.metacode.biz SRV
;; ANSWER SECTION:
_xmpps-client._tcp.testing.metacode.biz. 119 IN SRV 1 1 443 docker.local.
And using Gajim to connect to testing.metacode.biz. It worked.
Nginx (web_1) logs correctly show all connection attempts with ALPN values:
prosody_1 | c2s2564890 info Client connected
web_1 | 192.168.99.1 xmpp-client [07/Mar/2018:11:21:58 +0000] TCP 200 2335 871 1.566
web_1 | 192.168.99.1 [07/Mar/2018:11:24:26 +0000] TCP 200 1546 327 0.298
web_1 | 192.168.99.1 h2,http/1.1 [07/Mar/2018:11:24:35 +0000] TCP 200 1539 262 0.324
web_1 | 192.168.99.1 h2,http/1.1 [07/Mar/2018:11:24:43 +0000] TCP 200 1539 262 0.293
prosody_1 | c2s2564890 info Authenticated as wiktor@testing.metacode.biz
I've used log_format basic '$remote_addr $ssl_preread_alpn_protocols [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';
This looks *very good*, thanks for your time!
Kind regards,
Wiktor
--
*/metacode/*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx