HTTP/1.1 support for reverse proxy

[ghost]

Nginx uses HTTP/1.0 by default when reverse proxying. Would there be any benefit/downside to using HTTP/1.1 via proxy_http_version 1.1;?

[justincarter]

The nginx docs has the following recommendation for using HTTP/1.1 for reverse proxying; http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version

By default, version 1.0 is used. Version 1.1 is recommended for use with keepalive connections and NTLM authentication.

I don't know if switching provides any downsides or benefits to Lucee + nginx users out of the box / without any other changes.

It possibly would be a benefit if we also switch to using the upstream module with a keepalive directive, instead of only using proxy_pass to an IP:port; http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive

Keepalives to the upstream maybe reduce network and CPU overheads in dealing with opening/closing connections; https://www.nginx.com/blog/tuning-nginx/#keepalive

I can definitely look at making this change (or accept PRs) if there's some interest in it. Does it look useful to you / anything else related you think we should consider?

[justincarter]

It also looks like Tomcat 9.x fully supports HTTP/1.1 with default configuration values (keep alive enabled, max 100 connections, keepalive timeout defaults to the connection timeout); https://tomcat.apache.org/tomcat-9.0-doc/config/http.html#HTTP/1.1_and_HTTP/1.0_Support

[ghost]

I don't use the bundled nginx server (and personally think it goes against the spirit of containers to offer an image with nginx+init daemon), so my testing would be limited to a separated container. HTTP/1.1 seems useful but I didn't know if there were any reasons for it not to be included. I'll dedicate some time to test out, though.

[justincarter]

Ahh ok, so if you have your own nginx reverse proxy then yes you should be able to use HTTP/1.1 to talk to Tomcat 9.0 in the Lucee Docker images, assuming what I'm reading from the Tomcat docs is correct (linked above). If you have any issues getting that to work please let us know and I'll look at fixing it (or happy to accept PRs).

[justincarter]

I've done some testing and so far it looks good.

Added an upstream block above the server block with a keepalive of 32 connections (well below Tomcat 9.x default of 100 connections);

upstream tomcat_backend {
  server 127.0.0.1:8888;

  keepalive 32;
}

Used the upstream name in the proxy_pass directive and added the HTTP version and set the Connection header as recommended in the docs;

      proxy_pass http://tomcat_backend;
      proxy_http_version 1.1;
      proxy_set_header Connection "";

From there I can see the cgi.server_protocol has changed from 1.0 to 1.1;

I might make this the new default after I've done some more testing.

[justincarter]

HTTP/1.1 and keepalive is now supported, thanks for the nudge :)

https://github.com/lucee/lucee-dockerfiles/commit/0b3a2d81ff3d46343677a143a1a8ce3b3d7ce873