Welcome! Log In Create A New Profile

Advanced

NGINX TLS Behavior

December 26, 2018 05:17AM
Hello,


I have a question on NGINX's behavior during TLS.

I see that NGINX combines HTTP header and Data together into a SSL record. You can see from the logs below that

<snip>

2018/12/26 14:10:34 [debug] 13248#0: *1 SSL buf copy: 244
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL buf copy: 16140
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL to write: 16384

<snip>


While the header gets generated earlier, its written to along with data. Is there a way (i mean a configurable way) to tell NGINX to write just the headers, so that header goes out in a single TLS record?

thank you for your time in looking at this.

-bhakta


Full logs, this is in response to a GET request of a 1mb file that I am trying to server as part of this test.:


2018/12/26 14:10:34 [debug] 13248#0: *1 content phase: 12
2018/12/26 14:10:34 [debug] 13248#0: *1 content phase: 13
2018/12/26 14:10:34 [debug] 13248#0: *1 ngx_http_static_handler: http filename: "/usr/local/nginx/html/protected/1mb.html"
2018/12/26 14:10:34 [debug] 13248#0: *1 add cleanup: 000055E9E8B9AFF0
2018/12/26 14:10:34 [debug] 13248#0: *1 http static fd: 11
2018/12/26 14:10:34 [debug] 13248#0: *1 http set discard body
2018/12/26 14:10:34 [debug] 13248#0: *1 HTTP/1.1 200 OK
Server: nginx/1.15.5
Date: Wed, 26 Dec 2018 08:40:34 GMT
Content-Type: text/html
Content-Length: 1000000
Last-Modified: Tue, 25 Dec 2018 09:02:16 GMT
Connection: keep-alive
ETag: "5c21f218-f4240"
Accept-Ranges: bytes

2018/12/26 14:10:34 [debug] 13248#0: *1 write new buf t:1 f:0 000055E9E8B9B1C8, pos 000055E9E8B9B1C8, size: 244 file: 0, size: 0
2018/12/26 14:10:34 [debug] 13248#0: *1 http write filter: l:0 f:0 s:244
2018/12/26 14:10:34 [debug] 13248#0: *1 http output filter "/1mb.html?"
2018/12/26 14:10:34 [debug] 13248#0: *1 http copy filter: "/1mb.html?"
2018/12/26 14:10:34 [debug] 13248#0: *1 malloc: 000055E9E8BD9110:32768
2018/12/26 14:10:34 [debug] 13248#0: *1 read: 11, 000055E9E8BD9110, 32768, 0
2018/12/26 14:10:34 [debug] 13248#0: *1 http postpone filter "/1mb.html?" 000055E9E8B9B3B8
2018/12/26 14:10:34 [debug] 13248#0: *1 write old buf t:1 f:0 000055E9E8B9B1C8, pos 000055E9E8B9B1C8, size: 244 file: 0, size: 0
2018/12/26 14:10:34 [debug] 13248#0: *1 write new buf t:1 f:0 000055E9E8BD9110, pos 000055E9E8BD9110, size: 32768 file: 0, size: 0
2018/12/26 14:10:34 [debug] 13248#0: *1 http write filter: l:0 f:1 s:33012
2018/12/26 14:10:34 [debug] 13248#0: *1 http write filter limit 0
2018/12/26 14:10:34 [debug] 13248#0: *1 posix_memalign: 000055E9E8B78950:512 @16
2018/12/26 14:10:34 [debug] 13248#0: *1 malloc: 000055E9E8BCD330:16384
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL buf copy: 244
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL buf copy: 16140
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL to write: 16384
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL_write: 16384
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL buf copy: 16384
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL to write: 16384
2018/12/26 14:10:34 [debug] 13248#0: *1 SSL_write: 16384


My nginx.conf section related to https:

server {
listen 8081 ssl;
sendfile off;
tcp_nopush off;
#ssl on;
ssl_certificate /etc/ssl/certs/server.crt;
ssl_certificate_key /etc/ssl/private/server.key;
server_name server.com;
ssl_prefer_server_ciphers on;
ssl_ciphers AES128-GCM-SHA256;


access_log off;
error_log /var/log/nginx/nginx.server.https.error.log debug;

location / {
root /usr/local/nginx/html/protected;
}
}
Subject Author Posted

NGINX TLS Behavior

bhaktaonline December 26, 2018 05:17AM

Re: NGINX TLS Behavior

Sergey Kandaurov December 26, 2018 05:42AM

Re: NGINX TLS Behavior

bhaktaonline December 26, 2018 06:56AM

Re: NGINX TLS Behavior

Sergey Kandaurov December 26, 2018 07:24AM

Re: NGINX TLS Behavior

bhaktaonline December 26, 2018 07:44AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 61
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready