CODEWITHSUNDEEP
nginxnginx-reverse-proxynginx-confighttp2
Kavitha Ramachandra
Kavitha Ramachandra

Reputation: 41

Does nginx support http2 over upstream servers?

I have been trying to configure http2 in nginx. I am trying to configure nginx as reverse proxy. I am sending http2 on front end to nginx server, it seems to be working fine, however when the request is proxied to the upstream server, nginx is not adding alpn extension during TLS handshake

Here is my proxy configuration

     location / {
             proxy_pass https://example.com/;
             proxy_ssl_certificate    "path_to_certificate";
             proxy_ssl_certificate_key     "path_to_key";
             proxy_ssl_protocols           TLSv1 TLSv1.1 TLSv1.2;
             proxy_ssl_ciphers             HIGH:!aNULL:!MD5;
             proxy_ssl_verify off;
    }

So I want to know does nginx support http2 on backend(upstream servers)? if yes from which version of nginx does it support?. Any help is much appreciated

I was trying to establish http2 connection to upstream servers from nginx. I expected nginx to negotiate http2 with the upstream servers

Upvotes: 4

Views: 8404

Answers (1)

Danila Vershinin
Danila Vershinin

Reputation: 9895

NGINX does not support "HTTP/2 to the backend". This is evident from documentation. The maximum HTTP version to the backend is 1.1.

There's actually little sense in adding such support. The primary feature of HTTP/2 is requests multiplexing. When you deal with HTTP proxying, the frontend NGINX routes a request to a matching location in backend. So when we talk about HTTP proxying, this level doest traffic inspection on the HTTP level in order to inspect headers, URIs to route requests appropriately. Thus it's always about inspecting a single request and routing it somewhere, multiplexing hardly applies here.

Even if you were to switch to a layer above that, which is TCP (and thus, stream module of NGINX), NGINX does not support this either. The stream module of NGINX can't negotiate ALPN protocol. (reference)

However, Angie, a fork of NGINX, is capable of HTTP/3 (not HTTP/2) to the backend servers. From its official page:

Supporting HTTP/3 for client connections, as well as for proxied server connections, with the ability to independently use different protocol versions (HTTP/1.x, HTTP/2, HTTP/3) on opposite sides.

Upvotes: 8

Related Questions