From ebc73c9f056058d9469c788962a4ed62ea682f32 Mon Sep 17 00:00:00 2001 From: ChandonPierre Date: Tue, 30 Jan 2024 09:49:14 -0500 Subject: [PATCH] force upstream http 1.1 --- Dockerfile | 3 +++ entrypoint.sh | 14 ++++++++++++++ nginx.conf | 3 +++ 3 files changed, 20 insertions(+) diff --git a/Dockerfile b/Dockerfile index 2ce3a18..871c08e 100644 --- a/Dockerfile +++ b/Dockerfile @@ -114,6 +114,9 @@ ENV ALLOW_PUSH="false" # Default is true to not change default behavior. ENV PROXY_REQUEST_BUFFERING="true" +# Force HTTP/1.1 upstream connections, for http2 upstream that returns 426 Upgrade Required +ENV FORCE_UPSTREAM_HTTP_1_1="false" + # Stream data; reduce TTFB # Effectively disables caching # Default is true to not change default behavior. diff --git a/entrypoint.sh b/entrypoint.sh index 306b576..e14aa9f 100644 --- a/entrypoint.sh +++ b/entrypoint.sh @@ -362,6 +362,20 @@ echo -e "\nRequest buffering: ---" cat /etc/nginx/proxy.request.buffering.conf echo -e "---\n" +# force upstream to use http 1.1 +echo "" > /etc/nginx/http1.1.upstream.conf +if [[ "a${FORCE_UPSTREAM_HTTP_1_1}" == "atrue" ]]; then + cat << EOD > /etc/nginx/http1.1.upstream.conf + proxy_http_version 1.1; + proxy_set_header Upgrade \$http_upgrade; + proxy_set_header Connection "upgrade"; +EOD +fi + +echo -e "\nConfigure upstream http version support: ---" +cat /etc/nginx/http1.1.upstream.conf +echo -e "---\n" + # Upstream SSL verification. echo "" > /etc/nginx/docker.verify.ssl.conf if [[ "a${VERIFY_SSL}" == "atrue" ]]; then diff --git a/nginx.conf b/nginx.conf index 2128bbb..e12c514 100644 --- a/nginx.conf +++ b/nginx.conf @@ -266,6 +266,9 @@ echo "Docker configured with HTTPS_PROXY=$scheme://$http_host/" # Use SNI during the TLS handshake with the upstream. proxy_ssl_server_name on; + # force upstream to use http 1.1 + include /etc/nginx/http1.1.upstream.conf; + # This comes from a include file generated by the entrypoint. include /etc/nginx/docker.verify.ssl.conf;