In Nginx can I set Keep-Alive dynamically depending on ssl connection?

nginx keepalive keep-alive

5,124

I'm pretty sure you can use a map :

map $scheme $myCustomTTL {
   default     90;
   http        90;
   https       60;
}

add_header Keep-Alive timeout=$myCustomTTL;

5,124

ck_

Updated on September 18, 2022

Comments

ck_ almost 2 years

I would like to avoid having to repeat all the virtualhost server {} blocks in nginx just to have custom ssl settings that vary slightly from plain http requests.

Most ssl directives can be placed right in the main block, except one hurdle I cannot find a workaround for: different keep-alive for https vs http

Is there any way I can use $scheme to dynamically change the keepalive_timeout ?

I've even considered that I can use more_set_input_headers -r 'Keep-Alive: timeout=60'; to conditionally replace the keep-alive timeout only if it already exists, but the problem is $scheme cannot be used in location ie. this is invalid location ^https {}
ck_ over 11 years

Ohh! Didn't know about that one, it's a very basic switch/case, thank you.
Mickaël Le Baillif over 11 years

You're right. I've just followed what @ck_ was suggesting with headers, without asking myself if it was a good practice. keepalive_timeout is the directive used by nginx to control the KeepAlive behavior. So what should be written is : keepalive_timeout ${myCustomTTL}s ${myCustomTTL}s
ck_ over 11 years

Actually: keepalive_timeout" directive invalid value in /etc/nginx/nginx.conf what I think is happening is how nginx cannot use variables during load time, only runtime.
ck_ over 11 years

Can nginx proxy_pass to another proxy_pass? ie. daisy chain the ssl to an apache reverse proxy?
Mickaël Le Baillif over 11 years

There's no reason you couldn't do that, since the plain-HTTP nginx server is quite independant from its SSL sibling.