After updating to nginx 1.10.0 + OpenSSL 1.0.2 (to take advantage of ALPN negotiation) an interesting issue has surfaced in Safari (v9, mobile and desktop) where the first HTTP POST request to the server fails. No request ever hits the server.
Safari returns this message in the Console: Failed to load resource: Could not connect to the server.
.
Subsequent POST requests (click the same button again) succeed.
nginx build details
nginx version: nginx/1.10.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC)
built with OpenSSL 1.0.2d 9 Jul 2015
TLS SNI support enabled
configure arguments: --user=nginx --group=nginx --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --with-http_gzip_static_module --with-http_stub_status_module --with-http_ssl_module --with-pcre --with-file-aio --with-http_realip_module --with-http_v2_module --with-http_gunzip_module --with-openssl=/usr/src/openssl-1.0.2d
nginx config
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
use epoll;
worker_connections 1024;
multi_accept on;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
access_log /var/log/nginx/access.log;
sendfile on;
proxy_buffer_size 256k;
proxy_buffers 4 512k;
proxy_busy_buffers_size 512k;
server_tokens off;
client_max_body_size 1G;
keepalive_disable safari msie6;
keepalive_timeout 0;
include /etc/nginx/conf.d/*.conf;
}
server {
listen 443 ssl http2;
server_name *.gingrapp.com;
root /var/www/html;
ssl on;
ssl_certificate ***.crt;
ssl_certificate_key ***.crt;
ssl_dhparam /etc/ssl/dhparams.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 2m;
add_header Strict-Transport-Security "max-age=420420420420;";
include /etc/nginx/default.d/*.conf;
gzip on;
gzip_static on;
gzip_proxied any;
gzip_types application/javascript application/json application/x-javascript application/xml text/css text/javascript text/plain text/x-component text/xml;
gzip_min_length 10240;
gzip_buffers 16 128k;
open_file_cache max=2000 inactive=60s;
open_file_cache_valid 90s;
open_file_cache_min_uses 5;
open_file_cache_errors off;
keepalive_disable safari msie6;
keepalive_timeout 0;
location /assets {
etag on;
access_log off;
keepalive_disable safari msie6;
keepalive_timeout 0;
}
location / {
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
}
error_page 404 /404.html;
location = /404.html {
root /usr/share/nginx/html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ [^/]\.php(/|$) {
include fastcgi_params;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
proxy_max_temp_file_size 512m;
fastcgi_buffer_size 256k;
fastcgi_buffers 4 512k;
fastcgi_busy_buffers_size 512k;
gzip on;
gzip_static on;
gzip_proxied any;
gzip_types application/javascript application/json application/x-javascript application/xml text/css text/javascript text/plain text/x-component text/xml;
gzip_min_length 10240;
gzip_buffers 16 128k;
keepalive_disable safari msie6;
keepalive_timeout 0;
}
}
This is a confirmed bug in nginx 1.9.15 and 1.10.0
-https://trac.nginx.org/nginx/ticket/979
-https://trac.nginx.org/nginx/ticket/959
I "solved" this issue by downgrading to nginx 1.9.12 + OpenSSL 1.0.2h.