HTTP2 in Nginx as a proxy (proxy_pass + upstream)

Question

HTTP2 in Nginx as a proxy (proxy_pass + upstream)

Navigation

#1 by (0 votes)

0

I have several Nginx servers that proxy to other servers while converting the connection to HTTPS. The problem is that the connection between these servers and the client is made through http / 1.1 and even though I look and try I can not make it HTTP2.

The connection between the proxy server and the backend is through HTTP and has no connection limit (besides being fast), so in this case I do not worry that it is not HTTP2 (in addition to the Nginx I have read that it does not support it.)

The configuration that I use is the same one that I am using on other servers that serve the files from local instead of being proxy and it works correctly, and I've been searching in google to see if I could find something and I have not been able to.

This is my configuration:

upstream 00_httpS_proxy {

    server 192.168.0.25:80 ;
}

server {
    server_name _;
    listen *:443 http2 ssl;

  # HTTPS
  ssl_certificate     /server/keys/cert.crt;
  ssl_certificate_key /server/keys/cert.key;

  ssl on;
  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_session_timeout  10m;
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128:AES256:AES:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!3DES';
  ssl_prefer_server_ciphers on;

  ssl_stapling off;
  ssl_stapling_verify off;

    location / {
        proxy_pass http://00_httpS_proxy;
        proxy_connect_timeout   30s;
        proxy_send_timeout      30s;
        proxy_read_timeout      30s;
        send_timeout            30s;

        proxy_http_version      1.1;
        proxy_redirect off;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        proxy_set_header X-Forwarded-Host $host:$server_port;
    }
}

Does anyone know anything about this?

Greetings and thank you very much.

nginx proxy

asked by Daniel Carrasco Marín 07.11.2017 в 11:38

source

1 answer

error flask: no moduled named 'markupsafe._compat' ado.net stored procedures asp.net mvc 4

score 0 · Accepted Answer

In the end the problem is the version of openssl. Nginx asks for version 1.0.2 at least to use http2, and Debian 8 uses version 1.0.1. Download 1.0.2 from jessie-backports and nginx used it, but being compiled with 1.0.1 still did not work. Upgrading the OS to Debian 9 solves the problem, since this version uses openssl 1.1.0.

Greetings