[nginx] Stream: fixed proxy_connect_timeout with SSL proxying.

Maxim Dounin mdounin at mdounin.ru
Wed May 14 03:07:46 UTC 2025


details:   http://freenginx.org/hg/nginx/rev/b29b2f2ffdc3
branches:  
changeset: 9356:b29b2f2ffdc3
user:      Maxim Dounin <mdounin at mdounin.ru>
date:      Wed May 14 01:15:42 2025 +0300
description:
Stream: fixed proxy_connect_timeout with SSL proxying.

Connection establishment, including SSL handshake, is expected to complete
within the time set with the proxy_connect_timeout directive.  However,
previously corresponding timer was removed after TCP connect, and then
again added for SSL handshaking, resulting in 2x longer time allowed in
the worst case.

Fix is to remove the timer in ngx_stream_proxy_init_upstream() instead of
doing this in ngx_stream_proxy_connect_handler().

diffstat:

 src/stream/ngx_stream_proxy_module.c |  10 ++++------
 1 files changed, 4 insertions(+), 6 deletions(-)

diffs (34 lines):

diff --git a/src/stream/ngx_stream_proxy_module.c b/src/stream/ngx_stream_proxy_module.c
--- a/src/stream/ngx_stream_proxy_module.c
+++ b/src/stream/ngx_stream_proxy_module.c
@@ -929,6 +929,10 @@ ngx_stream_proxy_init_upstream(ngx_strea
     pc->read->handler = ngx_stream_proxy_upstream_handler;
     pc->write->handler = ngx_stream_proxy_upstream_handler;
 
+    if (pc->write->timer_set) {
+        ngx_del_timer(pc->write);
+    }
+
     if (pc->read->ready) {
         ngx_post_event(pc->read, &ngx_posted_events);
     }
@@ -1113,10 +1117,6 @@ ngx_stream_proxy_ssl_handshake(ngx_conne
             }
         }
 
-        if (pc->write->timer_set) {
-            ngx_del_timer(pc->write);
-        }
-
         ngx_stream_proxy_init_upstream(s);
 
         return;
@@ -1494,8 +1494,6 @@ ngx_stream_proxy_connect_handler(ngx_eve
         return;
     }
 
-    ngx_del_timer(c->write);
-
     ngx_log_debug0(NGX_LOG_DEBUG_STREAM, c->log, 0,
                    "stream proxy connect upstream");
 


More information about the nginx-devel mailing list