From 54b1cee9503af6d3e68284e48df78660037508e7 Mon Sep 17 00:00:00 2001 From: Erich Blume Date: Fri, 17 Apr 2026 15:27:40 -0700 Subject: [PATCH] Fix Connection header: only send 'upgrade' for WebSocket requests Was sending Connection: upgrade on every proxied request, which is semantically wrong for normal HTTP traffic. Use a map to conditionally send 'upgrade' only when the client requests a WebSocket switch, 'close' otherwise. Co-Authored-By: Claude Opus 4.6 (1M context) --- fly/nginx.conf | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/fly/nginx.conf b/fly/nginx.conf index 9af2509..db02a21 100644 --- a/fly/nginx.conf +++ b/fly/nginx.conf @@ -52,6 +52,14 @@ http { resolver 100.100.100.100 valid=30s; resolver_timeout 5s; + # WebSocket-aware Connection header. Only send "upgrade" when the client + # actually requests a protocol switch; otherwise "close" (the HTTP/1.1 + # default when keepalive pooling is not available). + map $http_upgrade $connection_upgrade { + default close; + websocket upgrade; + } + # --- docs.eblu.me (static site) --- server { listen 8080; @@ -192,7 +200,7 @@ http { proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + proxy_set_header Connection $connection_upgrade; } # Cache release artifact downloads — immutable files keyed by tag+filename. @@ -248,7 +256,7 @@ http { # WebSocket support (Forgejo uses it for live updates) proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection "upgrade"; + proxy_set_header Connection $connection_upgrade; add_header X-Clacks-Overhead "GNU Terry Pratchett" always; }