Re: upstream prematurely closes cnx => 502 Bad Gateway to client

@B.R. You're right, seemed my upstream tomcat instances were RESETing cnx as reply something. So far I improved it a lot my altering a http connector keepAliveTimeout value from mistakenly expressed as sec when in fact it should be msec ;) When heavy load it still occurs but far less frequently,

Re: Nginx 1.9.11 and OpenSSL 1.0.2G - HTTP2, but no ALPN negotiated.

Hi, This link was also shown to me today. I have contacted Google to ask them to reverse the decision to drop NPN HTTP/2. Kind Regards Andrew On 03/03/16 16:00, Alt wrote: Hello, "In most cases HTTP/2 with NPN in OpenSSL 1.0.1 will work for now.", yes, for now, sadly Google will remove the

Entire content is cached but when client pulls a byte range the entire file is sent

Can the client pull a subset of the content from the cached content? If it can pull a subset of the content via byte range requests can you point me to how to configure nginx to allow this...? This is what is stored in cache on the nginx server. [root@gemini-sled1 ac]# strings 81f71da53616b454

Re: Nginx 1.9.11 and OpenSSL 1.0.2G - HTTP2, but no ALPN negotiated.

Hello, Jim Ohlstein Wrote: --- > If you need http2 there is always the option to compile your own nginx > binary against a more modern version of OpenSSL than what your > operating system provides, or to change operating systems to one which > pr

Re: Nginx 1.9.11 and OpenSSL 1.0.2G - HTTP2, but no ALPN negotiated.

Hello, > On Mar 3, 2016, at 11:00 AM, Alt wrote: > > Hello, > > "In most cases HTTP/2 with NPN in OpenSSL 1.0.1 will work for now.", yes, > for now, sadly Google will remove the NPN support in Chrome "soon": "We plan > to remove support for SPDY in early 2016, and to also remove support for the

Re: nginx ssl performance

ApacheBench doesn't do TLS resumption, so you're forcing a new TLS handshake with each request. This will kill your performance. ab is a pretty weak tool ;) On Thu, Mar 3, 2016 at 7:55 AM, huakaibird wrote: > Hi, > > I want to test the nginx server performance with different server > configurati

Re: Nginx 1.9.11 and OpenSSL 1.0.2G - HTTP2, but no ALPN negotiated.

Hello, "In most cases HTTP/2 with NPN in OpenSSL 1.0.1 will work for now.", yes, for now, sadly Google will remove the NPN support in Chrome "soon": "We plan to remove support for SPDY in early 2016, and to also remove support for the TLS extension named NPN in favor of ALPN in Chrome at the same

nginx ssl performance

Hi, I want to test the nginx server performance with different server configuration (CPU and RAM etc) I first use apache ab as testing tool, nginx server with 2 CPU and 4G RAM, http test could handle 7000 requests/s, cpu usage reach to 30%-40%. But https' performace drop dramatically to only 300-

Re: TLS session resumption (identifier)

On 03 Mar 2016, at 18:42, B.R. wrote: > Thanks, Maxim. > > You were right: I did my tests improperly... > > What is the use of the 'none' value then? Should not there be only the 'off' > one? > There must be some benefit to it, but I fail to catch it. Initially it has been implemented for ma

Re: TLS session resumption (identifier)

Thanks, Maxim. You were right: I did my tests improperly... What is the use of the 'none' value then? Should not there be only the 'off' one? There must be some benefit to it, but I fail to catch it. --- *B. R.* On Thu, Mar 3, 2016 at 2:29 PM, Maxim Dounin wrote: > Hello! > > On Thu, Mar 03, 2

Re: TLS session resumption (identifier)

Hello! On Thu, Mar 03, 2016 at 12:42:55PM +0100, B.R. wrote: > Based on the default value of ssl_session_cache > , > nginx does not store any session parameter, but allows client with the > right Master Key to reuse their I

Re: Nginx 1.9.11 and OpenSSL 1.0.2G - HTTP2, but no ALPN negotiated.

Hi, On Ubuntu 14.04 NGINX is built with OpenSSL 1.0.1 so is not built with ALPN support. If you have installed OpenSSL 1.0.2 you can recompile NGINX to use this and gain the ALPN support. In most cases HTTP/2 with NPN in OpenSSL 1.0.1 will work for now. Kind Regards Andrew On 03/03/16 12:32

Nginx 1.9.11 and OpenSSL 1.0.2G - HTTP2, but no ALPN negotiated.

I have Ubuntu 14.04 with OpenSSL 1.0.2G, Upgraded to Nginx 1.9.11 mainline (PPA) from 1.8.1 stable, because Chrome will drop SPDY in a few months. Better be prepared. Everything went fine, but when I test HTTP2 I notice that ALPN doesn't work: No ALPN negotiated Since I have the latest version

Re: upstream prematurely closes cnx => 502 Bad Gateway to client

The HTTP specification states every request shall receive a response. Your backend closes the connection while nginx is awaiting/reading the headers. The problem definitely comes from your backend. You could use tcpdump between nginx and your backend to record what they say to each other. ​Try to

TLS session resumption (identifier)

Hello, Based on the default value of ssl_session_cache , nginx does not store any session parameter, but allows client with the right Master Key to reuse their ID (and the parameters they got). Since nginx, does not cache a

How can nginx login and access swift storage node automatically?

Hi, everybody. I am looking for a way to make my nginx server to login swift proxy server automatically, nginx is a web server ,and swift is a cache proxy for nginx ,which can store static file. What operation I hope the machine to do was like this : 1. client send a request(10.67.247.21/test) vi

Re: upstream prematurely closes cnx => 502 Bad Gateway to client

My config btw: user imail; worker_processes auto; daemon on; master_process on; error_log logs/mos_error.tcp debug_tcp; error_log logs/mos_error.log; pid/opt/imail/nginx/logs/mos_nginx.pid; worker_rlimit_nofile 20; worker_rlimit_core 500M; working_directory /opt/imail/nginx; e

upstream prematurely closes cnx => 502 Bad Gateway to client

Nginx’ers, I trying to figure out why I'm randomly are seeing requests having issues with a nginx 1.7.4 when proxying to an upstream pool like: 2016/03/03 10:24:21 [error] 15905#0: *3252814 upstream prematurely closed connection while reading response header from upstream, client: 10.45.69.25,

Re: Request processing rate and reverse proxy

Hello Maxim, You are completely right. I must have been completely tired to miss it. Thank you, Guillaume On Wed, Mar 2, 2016 at 1:28 PM, Maxim Dounin wrote: > Hello! > > On Mon, Feb 29, 2016 at 05:05:16PM +0100, Guillaume Charhon wrote: > > > I have setup nginx 1.9.3 as a reverse proxy [1] wi