Welcome! Log In Create A New Profile

Advanced

Re: Routing based on ALPN

Wiktor Kwapisiewicz via nginx
March 07, 2018 06:40AM
> below is the initial version of patch that creates the
> "$ssl_preread_alpn_protocols" variable; the content is a comma-separated
> list of protocols, sent by client in ALPN extension, if present.
>
> Any feedback is appretiated.
>

I have just tested this patch and can confirm it's working perfectly fine.

The patch was applied against this commit: https://github.com/nginx/nginx/commit/83dceda8688fcba6da9fd12f6480606563d7b7a3
And I was using LibreSSL.

I've set up three upstream servers for tests, two using node.js (HTTPS) and one Prosody (XMPP server):

map $ssl_preread_alpn_protocols $upstream {
default node1;
"h2,http/1.1" node2;
"xmpp-client" prosody;
}

Curling with no ALPN correctly returns answer from node1:

> curl -k -i --no-alpn https://docker.local
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 11:24:26 GMT
Connection: keep-alive
Content-Length: 23

Everything works: node1

Curling with default configuration (ALPN: h2,http/1.1) also works:

> curl -k -i https://docker.local
HTTP/1.1 200 OK
Date: Wed, 07 Mar 2018 11:24:43 GMT
Connection: keep-alive
Content-Length: 23

Everything works: node2

Then I tested XMPP by adding an SRV record:

> dig _xmpps-client._tcp.testing.metacode.biz SRV
;; ANSWER SECTION:
_xmpps-client._tcp.testing.metacode.biz. 119 IN SRV 1 1 443 docker.local.

And using Gajim to connect to testing.metacode.biz. It worked.

Nginx (web_1) logs correctly show all connection attempts with ALPN values:

prosody_1 | c2s2564890 info Client connected
web_1 | 192.168.99.1 xmpp-client [07/Mar/2018:11:21:58 +0000] TCP 200 2335 871 1.566
web_1 | 192.168.99.1 [07/Mar/2018:11:24:26 +0000] TCP 200 1546 327 0.298
web_1 | 192.168.99.1 h2,http/1.1 [07/Mar/2018:11:24:35 +0000] TCP 200 1539 262 0.324
web_1 | 192.168.99.1 h2,http/1.1 [07/Mar/2018:11:24:43 +0000] TCP 200 1539 262 0.293
prosody_1 | c2s2564890 info Authenticated as wiktor@testing.metacode.biz

I've used log_format basic '$remote_addr $ssl_preread_alpn_protocols [$time_local] '
'$protocol $status $bytes_sent $bytes_received '
'$session_time';

This looks *very good*, thanks for your time!

Kind regards,
Wiktor

--
*/metacode/*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

Routing based on ALPN

Wiktor Kwapisiewicz via nginx February 19, 2018 06:04AM

Re: Routing based on ALPN

Vladimir Homutov February 19, 2018 06:46AM

Re: Routing based on ALPN

Konstantin Pavlov February 19, 2018 08:16AM

Re: Routing based on ALPN

Wiktor Kwapisiewicz via nginx February 25, 2018 02:18PM

Re: Routing based on ALPN

Vladimir Homutov March 06, 2018 09:46AM

Re: Routing based on ALPN

Wiktor Kwapisiewicz via nginx March 07, 2018 06:40AM

Re: Routing based on ALPN

Maxim Konovalov March 07, 2018 06:48AM

Re: Routing based on ALPN

Roman Arutyunyan March 13, 2018 08:10AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 105
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready