HTTP/2: ngx_http_v2_proxy_module.

hongzhidao · hongzhidao · commit 8e79530be208 · 2025-07-08T22:19:12.000Z
The module allows to use HTTP/2 protocol for proxying. HTTP/2 proxying is enabled by specifying "proxy_http_version 2.0". Example: server { listen 8000; location / { proxy_http_version 2.0; proxy_pass https://127.0.0.1:8443; } } server { listen 8443 ssl http2; ssl_certificate certs/example.com.crt; ssl_certificate_key certs/example.com.key; location / { return 200 foo; } }
diff --git a/auto/modules b/auto/modules
@@ -782,6 +782,17 @@ if [ $HTTP = YES ]; then
         . auto/module
     fi
 
+    if [ $HTTP_V2 = YES ]; then
+        ngx_module_name=ngx_http_v2_proxy_module
+        ngx_module_incs=
+        ngx_module_deps=
+        ngx_module_srcs=src/http/v2/ngx_http_v2_proxy_module.c
+        ngx_module_libs=
+        ngx_module_link=$HTTP_V2
+
+        . auto/module
+    fi
+
     if [ $HTTP_PERL != NO ]; then
         ngx_module_name=ngx_http_perl_module
         ngx_module_incs=src/http/modules/perl
diff --git a/src/http/modules/ngx_http_proxy_module.c b/src/http/modules/ngx_http_proxy_module.c
@@ -161,6 +161,9 @@ static ngx_conf_post_t  ngx_http_proxy_ssl_conf_command_post =
 static ngx_conf_enum_t  ngx_http_proxy_http_version[] = {
     { ngx_string("1.0"), NGX_HTTP_VERSION_10 },
     { ngx_string("1.1"), NGX_HTTP_VERSION_11 },
+#if (NGX_HTTP_V2)
+    { ngx_string("2.0"), NGX_HTTP_VERSION_20 },
+#endif
     { ngx_null_string, 0 }
 };
 
@@ -830,6 +833,14 @@ ngx_http_proxy_handler(ngx_http_request_t *r)
     ngx_http_proxy_main_conf_t  *pmcf;
 #endif
 
+    plcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_module);
+
+#if (NGX_HTTP_V2)
+    if (plcf->http_version == NGX_HTTP_VERSION_20) {
+        return ngx_http_v2_proxy_handler(r);
+    }
+#endif
+
     if (ngx_http_upstream_create(r) != NGX_OK) {
         return NGX_HTTP_INTERNAL_SERVER_ERROR;
     }
@@ -841,8 +852,6 @@ ngx_http_proxy_handler(ngx_http_request_t *r)
 
     ngx_http_set_ctx(r, ctx, ngx_http_proxy_module);
 
-    plcf = ngx_http_get_module_loc_conf(r, ngx_http_proxy_module);
-
     u = r->upstream;
 
     if (plcf->proxy_lengths == NULL) {
@@ -3456,6 +3465,8 @@ ngx_http_proxy_create_loc_conf(ngx_conf_t *cf)
      *     conf->ssl_ciphers = { 0, NULL };
      *     conf->ssl_trusted_certificate = { 0, NULL };
      *     conf->ssl_crl = { 0, NULL };
+     *     conf->host = { 0, NULL };
+     *     conf->host_set = 0;
      */
 
     conf->upstream.store = NGX_CONF_UNSET;
@@ -3980,6 +3991,9 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
 
 #if (NGX_HTTP_SSL)
         conf->ssl = prev->ssl;
+#endif
+#if (NGX_HTTP_SSL)
+        conf->host = prev->host;
 #endif
     }
 
@@ -4019,6 +4033,9 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
         conf->headers = prev->headers;
 #if (NGX_HTTP_CACHE)
         conf->headers_cache = prev->headers_cache;
+#endif
+#if (NGX_HTTP_V2)
+        conf->host_set = prev->host_set;
 #endif
     }
 
@@ -4051,6 +4068,9 @@ ngx_http_proxy_merge_loc_conf(ngx_conf_t *cf, void *parent, void *child)
         prev->headers = conf->headers;
 #if (NGX_HTTP_CACHE)
         prev->headers_cache = conf->headers_cache;
+#endif
+#if (NGX_HTTP_V2)
+        conf->host_set = prev->host_set;
 #endif
     }
 
@@ -4104,6 +4124,14 @@ ngx_http_proxy_init_headers(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *conf,
         src = conf->headers_source->elts;
         for (i = 0; i < conf->headers_source->nelts; i++) {
 
+#if (NGX_HTTP_V2)
+            if (src[i].key.len == 4
+                && ngx_strncasecmp(src[i].key.data, (u_char *) "Host", 4) == 0)
+            {
+                conf->host_set = 1;
+            }
+#endif
+
             s = ngx_array_push(&headers_merged);
             if (s == NULL) {
                 return NGX_ERROR;
@@ -4343,6 +4371,27 @@ ngx_http_proxy_pass(ngx_conf_t *cf, ngx_command_t *cmd, void *conf)
 
     plcf->url = *url;
 
+#if (NGX_HTTP_V2)
+
+    if (plcf->http_version == NGX_HTTP_VERSION_20) {
+
+        if (u.family != AF_UNIX) {
+
+            if (u.no_port) {
+                plcf->host = u.host;
+
+            } else {
+                plcf->host.len = u.host.len + 1 + u.port_text.len;
+                plcf->host.data = u.host.data;
+            }
+
+        } else {
+            ngx_str_set(&plcf->host, "localhost");
+        }
+    }
+
+#endif
+
     return NGX_CONF_OK;
 }
 
@@ -5274,6 +5323,21 @@ ngx_http_proxy_set_ssl(ngx_conf_t *cf, ngx_http_proxy_loc_conf_t *plcf)
         return NGX_ERROR;
     }
 
+#ifdef TLSEXT_TYPE_application_layer_protocol_negotiation
+
+    if (plcf->http_version == NGX_HTTP_VERSION_20) {
+        if (SSL_CTX_set_alpn_protos(plcf->upstream.ssl->ctx,
+                                    (u_char *) "\x02h2", 3)
+            != 0)
+        {
+            ngx_ssl_error(NGX_LOG_EMERG, cf->log, 0,
+                          "SSL_CTX_set_alpn_protos() failed");
+            return NGX_ERROR;
+        }
+    }
+
+#endif
+
     if (ngx_ssl_conf_commands(cf, plcf->upstream.ssl, plcf->ssl_conf_commands)
         != NGX_OK)
     {
diff --git a/src/http/modules/ngx_http_proxy_module.h b/src/http/modules/ngx_http_proxy_module.h
@@ -117,6 +117,11 @@ typedef struct {
     ngx_str_t                      ssl_crl;
     ngx_array_t                   *ssl_conf_commands;
 #endif
+
+#if (NGX_HTTP_V2)
+    ngx_str_t                      host;
+    ngx_uint_t                     host_set;
+#endif
 } ngx_http_proxy_loc_conf_t;
 
 
diff --git a/src/http/v2/ngx_http_v2.h b/src/http/v2/ngx_http_v2.h
@@ -416,6 +416,8 @@ ngx_int_t ngx_http_v2_table_size(ngx_http_v2_connection_t *h2c, size_t size);
 u_char *ngx_http_v2_string_encode(u_char *dst, u_char *src, size_t len,
     u_char *tmp, ngx_uint_t lower);
 
+ngx_int_t ngx_http_v2_proxy_handler(ngx_http_request_t *r);
+
 
 extern ngx_module_t  ngx_http_v2_module;
 
diff --git a/src/http/v2/ngx_http_v2_proxy_module.c b/src/http/v2/ngx_http_v2_proxy_module.c
