2011年2月24日星期四

FIN/ACK closes upstream connection for HTTP, but not for HTTPS

I'm running nginx as a reverse proxy to do SSL and load balancing. The upstream server behind nginx needs to know when the client closes the connection.

If I turn ssl off, the connection looks like:

1. client connects to nginx
2. nginx connects to upstream
3. ...
4. client sends FIN/ACK to nginx
5. nginx sends FIN/ACK to upstream, and to client


With ssl on:

1. client connects to nginx
2. nginx connects to upstream
3. ...
4. client sends FIN/ACK to nginx
5. nginx waits 60 seconds
6. nginx sends FIN/ACK to upstream



What's going on here? Why does nginx wait for a timeout to send the FIN/ACK upstream? Why does the behaviour change when I turn ssl on?


Thanks,
Jeremy

没有评论:

发表评论