In Nginx can I set Keep-Alive dynamically depending on ssl connection?
5,124
I'm pretty sure you can use a map
:
map $scheme $myCustomTTL {
default 90;
http 90;
https 60;
}
add_header Keep-Alive timeout=$myCustomTTL;
Related videos on Youtube
Author by
ck_
Updated on September 18, 2022Comments
-
ck_ almost 2 years
I would like to avoid having to repeat all the virtualhost server {} blocks in nginx just to have custom ssl settings that vary slightly from plain http requests.
Most ssl directives can be placed right in the main block, except one hurdle I cannot find a workaround for: different keep-alive for
https
vshttp
Is there any way I can use $scheme to dynamically change the
keepalive_timeout
?I've even considered that I can use
more_set_input_headers -r 'Keep-Alive: timeout=60';
to conditionally replace the keep-alive timeout only if it already exists, but the problem is$scheme
cannot be used inlocation
ie. this is invalidlocation ^https {}
-
ck_ over 11 yearsOhh! Didn't know about that one, it's a very basic switch/case, thank you.
-
Mickaël Le Baillif over 11 yearsYou're right. I've just followed what @ck_ was suggesting with headers, without asking myself if it was a good practice.
keepalive_timeout
is the directive used by nginx to control the KeepAlive behavior. So what should be written is :keepalive_timeout ${myCustomTTL}s ${myCustomTTL}s
-
ck_ over 11 yearsActually:
keepalive_timeout" directive invalid value in /etc/nginx/nginx.conf
what I think is happening is how nginx cannot use variables during load time, only runtime. -
ck_ over 11 yearsCan nginx proxy_pass to another proxy_pass? ie. daisy chain the ssl to an apache reverse proxy?
-
Mickaël Le Baillif over 11 yearsThere's no reason you couldn't do that, since the plain-HTTP
nginx
server is quite independant from its SSL sibling.