NGINX reverse proxyのTCP通信の確認

NGINX reverse proxyの挙動を確認する。

こちらが検証用のリポジトリ。 https://github.com/urahiroshi/play-nginx

http://localhost:8080 に接続すると、reverse proxy経由でhttpサーバに接続し、 http://localhost:8081 に接続すると、直接httpサーバに接続することができるようにしている。 http://localhost:8082 では、keepaliveの設定を行なったreverse proxy経由でhttpサーバに接続できる。各コンテナには、TCP通信を確認するためのtcpdumpもインストールしている。

また、httpサーバ内のコンテンツは https://github.com/jakesgordon/javascript-tetris を利用している。 index.htmlと、それに参照されるjsファイル(stats.js)、jpegファイル(texture.jpg)が一つずつのみの構成である。

まず、 http://localhost:8081 にブラウザ(Chrome 68)からアクセスし、httpサーバに直接接続した場合の通信を確認する。 tcpdumpの出力に加えて、コメントを # に記載している。

# 3 way handshake
00:43:52.610289 IP 172.21.0.1.41734 > f7de9f74a370.http: Flags [S], seq 2038319000, win 29200, options [mss 1460,sackOK,TS val 9787176 ecr 0,nop,wscale 7], length 0
00:43:52.610341 IP f7de9f74a370.http > 172.21.0.1.41734: Flags [S.], seq 2099843645, ack 2038319001, win 28960, options [mss 1460,sackOK,TS val 9787176 ecr 9787176,nop,wscale 7], length 0
00:43:52.610391 IP 172.21.0.1.41734 > f7de9f74a370.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 9787176 ecr 9787176], length 0

# `GET /` リクエストを受け取り、その応答を返す
00:43:52.613742 IP 172.21.0.1.41734 > f7de9f74a370.http: Flags [P.], seq 1:411, ack 1, win 229, options [nop,nop,TS val 9787177 ecr 9787176], length 410: HTTP: GET / HTTP/1.1
00:43:52.613762 IP f7de9f74a370.http > 172.21.0.1.41734: Flags [.], ack 411, win 235, options [nop,nop,TS val 9787177 ecr 9787177], length 0
00:43:52.613893 IP f7de9f74a370.http > 172.21.0.1.41734: Flags [P.], seq 1:242, ack 411, win 235, options [nop,nop,TS val 9787177 ecr 9787177], length 241: HTTP: HTTP/1.1 200 OK
00:43:52.613925 IP 172.21.0.1.41734 > f7de9f74a370.http: Flags [.], ack 242, win 237, options [nop,nop,TS val 9787177 ecr 9787177], length 0
00:43:52.613969 IP f7de9f74a370.http > 172.21.0.1.41734: Flags [.], seq 242:7482, ack 411, win 235, options [nop,nop,TS val 9787177 ecr 9787177], length 7240: HTTP
00:43:52.614004 IP 172.21.0.1.41734 > f7de9f74a370.http: Flags [.], ack 7482, win 350, options [nop,nop,TS val 9787177 ecr 9787177], length 0
00:43:52.614016 IP f7de9f74a370.http > 172.21.0.1.41734: Flags [.], seq 7482:14722, ack 411, win 235, options [nop,nop,TS val 9787177 ecr 9787177], length 7240: HTTP
00:43:52.614025 IP 172.21.0.1.41734 > f7de9f74a370.http: Flags [.], ack 14722, win 463, options [nop,nop,TS val 9787177 ecr 9787177], length 0
00:43:52.614029 IP f7de9f74a370.http > 172.21.0.1.41734: Flags [.], seq 14722:16626, ack 411, win 235, options [nop,nop,TS val 9787177 ecr 9787177], length 1904: HTTP
00:43:52.614038 IP 172.21.0.1.41734 > f7de9f74a370.http: Flags [.], ack 16626, win 493, options [nop,nop,TS val 9787177 ecr 9787177], length 0
00:43:52.614055 IP f7de9f74a370.http > 172.21.0.1.41734: Flags [P.], seq 16626:18125, ack 411, win 235, options [nop,nop,TS val 9787177 ecr 9787177], length 1499: HTTP
00:43:52.614067 IP 172.21.0.1.41734 > f7de9f74a370.http: Flags [.], ack 18125, win 516, options [nop,nop,TS val 9787177 ecr 9787177], length 0

# `GET /stats.js` リクエストを受け取り、その応答を返す
00:43:52.674079 IP 172.21.0.1.41734 > f7de9f74a370.http: Flags [P.], seq 411:750, ack 18125, win 516, options [nop,nop,TS val 9787183 ecr 9787177], length 339: HTTP: GET /stats.js HTTP/1.1
00:43:52.674442 IP f7de9f74a370.http > 172.21.0.1.41734: Flags [P.], seq 18125:18378, ack 750, win 243, options [nop,nop,TS val 9787183 ecr 9787183], length 253: HTTP: HTTP/1.1 200 OK
00:43:52.674510 IP 172.21.0.1.41734 > f7de9f74a370.http: Flags [.], ack 18378, win 539, options [nop,nop,TS val 9787183 ecr 9787183], length 0
00:43:52.674551 IP f7de9f74a370.http > 172.21.0.1.41734: Flags [P.], seq 18378:22481, ack 750, win 243, options [nop,nop,TS val 9787183 ecr 9787183], length 4103: HTTP
00:43:52.674653 IP 172.21.0.1.41734 > f7de9f74a370.http: Flags [.], ack 22481, win 603, options [nop,nop,TS val 9787183 ecr 9787183], length 0
00:43:52.676882 IP 172.21.0.1.41736 > f7de9f74a370.http: Flags [S], seq 3284980702, win 29200, options [mss 1460,sackOK,TS val 9787183 ecr 0,nop,wscale 7], length 0
00:43:52.676936 IP f7de9f74a370.http > 172.21.0.1.41736: Flags [S.], seq 2052437592, ack 3284980703, win 28960, options [mss 1460,sackOK,TS val 9787183 ecr 9787183,nop,wscale 7], length 0
00:43:52.676969 IP 172.21.0.1.41736 > f7de9f74a370.http: Flags [.], ack 1, win 229, options [nop,nop,TS val 9787183 ecr 9787183], length 0

# `GET /texture.jpg` リクエストを受け取り、その応答を返す。なお、 `GET /stats.js` のときとは異なる送信元ポートが使われていることに注意。
00:43:52.677619 IP 172.21.0.1.41736 > f7de9f74a370.http: Flags [P.], seq 1:379, ack 1, win 229, options [nop,nop,TS val 9787183 ecr 9787183], length 378: HTTP: GET /texture.jpg HTTP/1.1
00:43:52.677642 IP f7de9f74a370.http > 172.21.0.1.41736: Flags [.], ack 379, win 235, options [nop,nop,TS val 9787183 ecr 9787183], length 0
00:43:52.677802 IP f7de9f74a370.http > 172.21.0.1.41736: Flags [P.], seq 1:243, ack 379, win 235, options [nop,nop,TS val 9787183 ecr 9787183], length 242: HTTP: HTTP/1.1 200 OK
00:43:52.677838 IP 172.21.0.1.41736 > f7de9f74a370.http: Flags [.], ack 243, win 237, options [nop,nop,TS val 9787183 ecr 9787183], length 0
00:43:52.677866 IP f7de9f74a370.http > 172.21.0.1.41736: Flags [.], seq 243:7483, ack 379, win 235, options [nop,nop,TS val 9787183 ecr 9787183], length 7240: HTTP
00:43:52.677880 IP 172.21.0.1.41736 > f7de9f74a370.http: Flags [.], ack 7483, win 350, options [nop,nop,TS val 9787183 ecr 9787183], length 0
00:43:52.677892 IP f7de9f74a370.http > 172.21.0.1.41736: Flags [.], seq 7483:14723, ack 379, win 235, options [nop,nop,TS val 9787183 ecr 9787183], length 7240: HTTP

GET / と GET /stats.js は、送信元ポートが同じ(41734)であるが、これは Connection: keep-alive ヘッダによりTCPコネクションが再利用されたためである。3 way handshakeが不要な分、早くレスポンスを返せるようになっている。 GET /texture.jpg では異なる送信元ポート(41736)が使用されている。これはChromeの挙動で、htmlが必要とする複数のassetsを並列で取得できるように、異なるポートを利用してリクエストを投げているのだろう。

次に、 http://localhost:8080 にアクセスし、revese proxy内の通信を確認してみる。なお、ブラウザのキャッシュは無視したいので、secret windowを用いる。

# 3 way handshake (client <> proxy)
02:04:27.062322 IP 172.21.0.1.53480 > b4f40c2642a2.80: Flags [S], seq 2771945777, win 29200, options [mss 1460,sackOK,TS val 11296929 ecr 0,nop,wscale 7], length 0
02:04:27.062525 IP b4f40c2642a2.80 > 172.21.0.1.53480: Flags [S.], seq 2890086300, ack 2771945778, win 28960, options [mss 1460,sackOK,TS val 11296929 ecr 11296929,nop,wscale 7], length 0
02:04:27.062567 IP 172.21.0.1.53480 > b4f40c2642a2.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 11296929 ecr 11296929], length 0

# `GET /` request (client -> proxy)
02:04:27.063173 IP 172.21.0.1.53480 > b4f40c2642a2.80: Flags [P.], seq 1:411, ack 1, win 229, options [nop,nop,TS val 11296929 ecr 11296929], length 410: HTTP: GET / HTTP/1.1
02:04:27.063227 IP b4f40c2642a2.80 > 172.21.0.1.53480: Flags [.], ack 411, win 235, options [nop,nop,TS val 11296929 ecr 11296929], length 0

# 3 way handshake (proxy <> server)
02:04:27.063973 IP b4f40c2642a2.54492 > play-nginx_http-server_1.play-nginx_default.80: Flags [S], seq 835116420, win 29200, options [mss 1460,sackOK,TS val 11296929 ecr 0,nop,wscale 7], length 0
02:04:27.064036 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54492: Flags [S.], seq 1521447049, ack 835116421, win 28960, options [mss 1460,sackOK,TS val 11296929 ecr 11296929,nop,wscale 7], length 0
02:04:27.064055 IP b4f40c2642a2.54492 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 11296929 ecr 11296929], length 0

# `GET /` request (proxy -> server)
02:04:27.064124 IP b4f40c2642a2.54492 > play-nginx_http-server_1.play-nginx_default.80: Flags [P.], seq 1:513, ack 1, win 229, options [nop,nop,TS val 11296929 ecr 11296929], length 512: HTTP: GET / HTTP/1.0
02:04:27.064140 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54492: Flags [.], ack 513, win 235, options [nop,nop,TS val 11296929 ecr 11296929], length 0

# `GET /` response (server -> proxy -> client)
02:04:27.099279 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54492: Flags [P.], seq 1:237, ack 513, win 235, options [nop,nop,TS val 11296933 ecr 11296929], length 236: HTTP: HTTP/1.1 200 OK
02:04:27.099295 IP b4f40c2642a2.54492 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 237, win 237, options [nop,nop,TS val 11296933 ecr 11296933], length 0
02:04:27.100057 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54492: Flags [.], seq 237:7477, ack 513, win 235, options [nop,nop,TS val 11296933 ecr 11296933], length 7240: HTTP
02:04:27.100091 IP b4f40c2642a2.54492 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 7477, win 350, options [nop,nop,TS val 11296933 ecr 11296933], length 0
02:04:27.100135 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54492: Flags [.], seq 7477:14717, ack 513, win 235, options [nop,nop,TS val 11296933 ecr 11296933], length 7240: HTTP
02:04:27.100145 IP b4f40c2642a2.54492 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 14717, win 463, options [nop,nop,TS val 11296933 ecr 11296933], length 0
02:04:27.100167 IP b4f40c2642a2.80 > 172.21.0.1.53480: Flags [P.], seq 1:4102, ack 411, win 235, options [nop,nop,TS val 11296933 ecr 11296929], length 4101: HTTP: HTTP/1.1 200 OK
02:04:27.100163 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54492: Flags [.], seq 14717:16621, ack 513, win 235, options [nop,nop,TS val 11296933 ecr 11296933], length 1904: HTTP
02:04:27.100167 IP b4f40c2642a2.54492 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 16621, win 493, options [nop,nop,TS val 11296933 ecr 11296933], length 0
02:04:27.100192 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54492: Flags [P.], seq 16621:18120, ack 513, win 235, options [nop,nop,TS val 11296933 ecr 11296933], length 1499: HTTP
02:04:27.100207 IP 172.21.0.1.53480 > b4f40c2642a2.80: Flags [.], ack 4102, win 293, options [nop,nop,TS val 11296933 ecr 11296933], length 0
02:04:27.100212 IP b4f40c2642a2.54492 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 18120, win 516, options [nop,nop,TS val 11296933 ecr 11296933], length 0
02:04:27.100263 IP b4f40c2642a2.80 > 172.21.0.1.53480: Flags [.], seq 4102:11342, ack 411, win 235, options [nop,nop,TS val 11296933 ecr 11296933], length 7240: HTTP
02:04:27.100291 IP 172.21.0.1.53480 > b4f40c2642a2.80: Flags [.], ack 11342, win 406, options [nop,nop,TS val 11296933 ecr 11296933], length 0
02:04:27.100300 IP b4f40c2642a2.80 > 172.21.0.1.53480: Flags [P.], seq 11342:18125, ack 411, win 235, options [nop,nop,TS val 11296933 ecr 11296933], length 6783: HTTP
02:04:27.100300 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54492: Flags [F.], seq 18120, ack 513, win 235, options [nop,nop,TS val 11296933 ecr 11296933], length 0
02:04:27.100313 IP 172.21.0.1.53480 > b4f40c2642a2.80: Flags [.], ack 18125, win 512, options [nop,nop,TS val 11296933 ecr 11296933], length 0
02:04:27.100338 IP b4f40c2642a2.54492 > play-nginx_http-server_1.play-nginx_default.80: Flags [F.], seq 513, ack 18121, win 516, options [nop,nop,TS val 11296933 ecr 11296933], length 0
02:04:27.100401 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54492: Flags [.], ack 514, win 235, options [nop,nop,TS val 11296933 ecr 11296933], length 0

# `GET /stats.js` request (client -> proxy)
02:04:27.364459 IP 172.21.0.1.53480 > b4f40c2642a2.80: Flags [P.], seq 411:750, ack 18125, win 512, options [nop,nop,TS val 11296959 ecr 11296933], length 339: HTTP: GET /stats.js HTTP/1.1
02:04:27.364491 IP b4f40c2642a2.80 > 172.21.0.1.53480: Flags [.], ack 750, win 243, options [nop,nop,TS val 11296959 ecr 11296959], length 0

# 3 way handshake (proxy <> server)
02:04:27.364645 IP b4f40c2642a2.54494 > play-nginx_http-server_1.play-nginx_default.80: Flags [S], seq 2056379865, win 29200, options [mss 1460,sackOK,TS val 11296959 ecr 0,nop,wscale 7], length 0
02:04:27.364695 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54494: Flags [S.], seq 3671721006, ack 2056379866, win 28960, options [mss 1460,sackOK,TS val 11296959 ecr 11296959,nop,wscale 7], length 0
02:04:27.364709 IP b4f40c2642a2.54494 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 11296959 ecr 11296959], length 0

# `GET /stats.js` request (proxy -> server)
02:04:27.364761 IP b4f40c2642a2.54494 > play-nginx_http-server_1.play-nginx_default.80: Flags [P.], seq 1:442, ack 1, win 229, options [nop,nop,TS val 11296959 ecr 11296959], length 441: HTTP: GET /stats.js HTTP/1.0
02:04:27.364775 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54494: Flags [.], ack 442, win 235, options [nop,nop,TS val 11296959 ecr 11296959], length 0

# `GET /stats.js` response (server -> proxy -> client)
02:04:27.364943 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54494: Flags [P.], seq 1:249, ack 442, win 235, options [nop,nop,TS val 11296959 ecr 11296959], length 248: HTTP: HTTP/1.1 200 OK
02:04:27.364996 IP b4f40c2642a2.54494 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 249, win 237, options [nop,nop,TS val 11296959 ecr 11296959], length 0
02:04:27.365823 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54494: Flags [P.], seq 249:4352, ack 442, win 235, options [nop,nop,TS val 11296960 ecr 11296959], length 4103: HTTP
02:04:27.365880 IP b4f40c2642a2.54494 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 4352, win 301, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.365969 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54494: Flags [F.], seq 4352, ack 442, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.365999 IP b4f40c2642a2.80 > 172.21.0.1.53480: Flags [P.], seq 18125:22481, ack 750, win 243, options [nop,nop,TS val 11296960 ecr 11296959], length 4356: HTTP: HTTP/1.1 200 OK
02:04:27.366038 IP 172.21.0.1.53480 > b4f40c2642a2.80: Flags [.], ack 22481, win 580, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.366067 IP b4f40c2642a2.54494 > play-nginx_http-server_1.play-nginx_default.80: Flags [F.], seq 442, ack 4353, win 301, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.366096 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54494: Flags [.], ack 443, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 0

# 3 way handshake (client <> proxy)
02:04:27.367508 IP 172.21.0.1.53486 > b4f40c2642a2.80: Flags [S], seq 1748261451, win 29200, options [mss 1460,sackOK,TS val 11296960 ecr 0,nop,wscale 7], length 0
02:04:27.367542 IP b4f40c2642a2.80 > 172.21.0.1.53486: Flags [S.], seq 997585658, ack 1748261452, win 28960, options [mss 1460,sackOK,TS val 11296960 ecr 11296960,nop,wscale 7], length 0
02:04:27.367573 IP 172.21.0.1.53486 > b4f40c2642a2.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 11296960 ecr 11296960], length 0

# `GET /texture.jpg` request (client -> proxy)
02:04:27.367836 IP 172.21.0.1.53486 > b4f40c2642a2.80: Flags [P.], seq 1:379, ack 1, win 229, options [nop,nop,TS val 11296960 ecr 11296960], length 378: HTTP: GET /texture.jpg HTTP/1.1
02:04:27.367875 IP b4f40c2642a2.80 > 172.21.0.1.53486: Flags [.], ack 379, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 0

# 3 way handshake (proxy <> server)
02:04:27.367957 IP b4f40c2642a2.54498 > play-nginx_http-server_1.play-nginx_default.80: Flags [S], seq 726545254, win 29200, options [mss 1460,sackOK,TS val 11296960 ecr 0,nop,wscale 7], length 0
02:04:27.368005 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54498: Flags [S.], seq 1146397801, ack 726545255, win 28960, options [mss 1460,sackOK,TS val 11296960 ecr 11296960,nop,wscale 7], length 0
02:04:27.368023 IP b4f40c2642a2.54498 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 11296960 ecr 11296960], length 0

# `GET /texture.jpg` request (proxy -> server)
02:04:27.368088 IP b4f40c2642a2.54498 > play-nginx_http-server_1.play-nginx_default.80: Flags [P.], seq 1:481, ack 1, win 229, options [nop,nop,TS val 11296960 ecr 11296960], length 480: HTTP: GET /texture.jpg HTTP/1.0
02:04:27.368138 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54498: Flags [.], ack 481, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 0

# `GET /texture.jpg` response (server -> proxy -> client)
02:04:27.368303 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54498: Flags [P.], seq 1:238, ack 481, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 237: HTTP: HTTP/1.1 200 OK
02:04:27.368355 IP b4f40c2642a2.54498 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 238, win 237, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.369831 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54498: Flags [.], seq 238:7478, ack 481, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 7240: HTTP
02:04:27.369893 IP b4f40c2642a2.54498 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 7478, win 350, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.369925 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54498: Flags [.], seq 7478:14718, ack 481, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 7240: HTTP
02:04:27.369933 IP b4f40c2642a2.54498 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 14718, win 463, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.369933 IP b4f40c2642a2.80 > 172.21.0.1.53486: Flags [P.], seq 1:4102, ack 379, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 4101: HTTP: HTTP/1.1 200 OK
02:04:27.369953 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54498: Flags [.], seq 14718:16622, ack 481, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 1904: HTTP
02:04:27.369953 IP 172.21.0.1.53486 > b4f40c2642a2.80: Flags [.], ack 4102, win 293, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.369964 IP b4f40c2642a2.54498 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 16622, win 493, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.369988 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54498: Flags [.], seq 16622:26758, ack 481, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 10136: HTTP
02:04:27.369988 IP b4f40c2642a2.80 > 172.21.0.1.53486: Flags [.], seq 4102:11342, ack 379, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 7240: HTTP
02:04:27.370002 IP b4f40c2642a2.54498 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 26758, win 651, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.370002 IP 172.21.0.1.53486 > b4f40c2642a2.80: Flags [.], ack 11342, win 406, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.370021 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54498: Flags [.], seq 26758:36894, ack 481, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 10136: HTTP
02:04:27.370029 IP b4f40c2642a2.54498 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 36894, win 810, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.370035 IP b4f40c2642a2.80 > 172.21.0.1.53486: Flags [P.], seq 11342:12294, ack 379, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 952: HTTP
02:04:27.370045 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54498: Flags [P.], seq 36894:45234, ack 481, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 8340: HTTP
02:04:27.370045 IP 172.21.0.1.53486 > b4f40c2642a2.80: Flags [.], ack 12294, win 428, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.370051 IP b4f40c2642a2.54498 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 45234, win 940, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.370060 IP b4f40c2642a2.80 > 172.21.0.1.53486: Flags [P.], seq 12294:16390, ack 379, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 4096: HTTP
02:04:27.370070 IP 172.21.0.1.53486 > b4f40c2642a2.80: Flags [.], ack 16390, win 492, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.370121 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54498: Flags [F.], seq 45234, ack 481, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.370142 IP b4f40c2642a2.80 > 172.21.0.1.53486: Flags [.], seq 16390:26526, ack 379, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 10136: HTTP
02:04:27.370156 IP 172.21.0.1.53486 > b4f40c2642a2.80: Flags [.], ack 26526, win 651, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.370164 IP b4f40c2642a2.80 > 172.21.0.1.53486: Flags [.], seq 26526:36662, ack 379, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 10136: HTTP
02:04:27.370175 IP 172.21.0.1.53486 > b4f40c2642a2.80: Flags [.], ack 36662, win 809, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.370184 IP b4f40c2642a2.80 > 172.21.0.1.53486: Flags [P.], seq 36662:45239, ack 379, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 8577: HTTP
02:04:27.370194 IP 172.21.0.1.53486 > b4f40c2642a2.80: Flags [.], ack 45239, win 943, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.370216 IP b4f40c2642a2.54498 > play-nginx_http-server_1.play-nginx_default.80: Flags [F.], seq 481, ack 45235, win 940, options [nop,nop,TS val 11296960 ecr 11296960], length 0
02:04:27.370240 IP play-nginx_http-server_1.play-nginx_default.80 > b4f40c2642a2.54498: Flags [.], ack 482, win 235, options [nop,nop,TS val 11296960 ecr 11296960], length 0

clientとproxy間の通信は前と同様だが、proxyとserver間の通信がTCPのコネクションを使いまわしておらず、HTTPの通信ごとにTCPを新規接続、切断していることに注意したい。

最後に、 http://localhost:8082 に接続し、keepaliveの設定を行なったreverse proxyの通信を確認する。

# 3 way handshake (client <> proxy)
20:34:23.210464 IP 172.21.0.1.44676 > e0433a29d961.80: Flags [S], seq 2333942496, win 29200, options [mss 1460,sackOK,TS val 12378507 ecr 0,nop,wscale 7], length 0
20:34:23.210523 IP e0433a29d961.80 > 172.21.0.1.44676: Flags [S.], seq 1686264532, ack 2333942497, win 28960, options [mss 1460,sackOK,TS val 12378507 ecr 12378507,nop,wscale 7], length 0
20:34:23.210550 IP 172.21.0.1.44676 > e0433a29d961.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 12378507 ecr 12378507], length 0

# `GET /` request (client -> proxy)
20:34:23.212127 IP 172.21.0.1.44676 > e0433a29d961.80: Flags [P.], seq 1:411, ack 1, win 229, options [nop,nop,TS val 12378507 ecr 12378507], length 410: HTTP: GET / HTTP/1.1
20:34:23.212150 IP e0433a29d961.80 > 172.21.0.1.44676: Flags [.], ack 411, win 235, options [nop,nop,TS val 12378507 ecr 12378507], length 0

# 3 way handshake (proxy <> server)
20:34:23.212569 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [S], seq 1304194196, win 29200, options [mss 1460,sackOK,TS val 12378507 ecr 0,nop,wscale 7], length 0
20:34:23.212610 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [S.], seq 149760532, ack 1304194197, win 28960, options [mss 1460,sackOK,TS val 12378507 ecr 12378507,nop,wscale 7], length 0
20:34:23.212632 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 12378507 ecr 12378507], length 0

# `GET /` request (proxy -> server)
20:34:23.212723 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [P.], seq 1:494, ack 1, win 229, options [nop,nop,TS val 12378507 ecr 12378507], length 493: HTTP: GET / HTTP/1.1
20:34:23.212749 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [.], ack 494, win 235, options [nop,nop,TS val 12378507 ecr 12378507], length 0

# `GET /` response (server -> proxy -> client)
20:34:23.213029 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [P.], seq 1:242, ack 494, win 235, options [nop,nop,TS val 12378507 ecr 12378507], length 241: HTTP: HTTP/1.1 200 OK
20:34:23.213041 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 242, win 237, options [nop,nop,TS val 12378507 ecr 12378507], length 0
20:34:23.213125 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [.], seq 242:7482, ack 494, win 235, options [nop,nop,TS val 12378507 ecr 12378507], length 7240: HTTP
20:34:23.213140 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 7482, win 350, options [nop,nop,TS val 12378507 ecr 12378507], length 0
20:34:23.213186 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [.], seq 7482:14722, ack 494, win 235, options [nop,nop,TS val 12378507 ecr 12378507], length 7240: HTTP
20:34:23.213194 IP e0433a29d961.80 > 172.21.0.1.44676: Flags [P.], seq 1:4097, ack 411, win 235, options [nop,nop,TS val 12378507 ecr 12378507], length 4096: HTTP: HTTP/1.1 200 OK
20:34:23.213199 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 14722, win 463, options [nop,nop,TS val 12378507 ecr 12378507], length 0
20:34:23.213218 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [.], seq 14722:16626, ack 494, win 235, options [nop,nop,TS val 12378507 ecr 12378507], length 1904: HTTP
20:34:23.213231 IP 172.21.0.1.44676 > e0433a29d961.80: Flags [.], ack 4097, win 293, options [nop,nop,TS val 12378507 ecr 12378507], length 0
20:34:23.213239 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 16626, win 493, options [nop,nop,TS val 12378507 ecr 12378507], length 0
20:34:23.213270 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [P.], seq 16626:18125, ack 494, win 235, options [nop,nop,TS val 12378507 ecr 12378507], length 1499: HTTP
20:34:23.213286 IP e0433a29d961.80 > 172.21.0.1.44676: Flags [.], seq 4097:11337, ack 411, win 235, options [nop,nop,TS val 12378507 ecr 12378507], length 7240: HTTP
20:34:23.213282 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 18125, win 516, options [nop,nop,TS val 12378507 ecr 12378507], length 0
20:34:23.213307 IP 172.21.0.1.44676 > e0433a29d961.80: Flags [.], ack 11337, win 406, options [nop,nop,TS val 12378507 ecr 12378507], length 0
20:34:23.213320 IP e0433a29d961.80 > 172.21.0.1.44676: Flags [P.], seq 11337:12289, ack 411, win 235, options [nop,nop,TS val 12378507 ecr 12378507], length 952: HTTP
20:34:23.213335 IP 172.21.0.1.44676 > e0433a29d961.80: Flags [.], ack 12289, win 428, options [nop,nop,TS val 12378507 ecr 12378507], length 0
20:34:23.213362 IP e0433a29d961.80 > 172.21.0.1.44676: Flags [P.], seq 12289:16385, ack 411, win 235, options [nop,nop,TS val 12378507 ecr 12378507], length 4096: HTTP
20:34:23.213377 IP 172.21.0.1.44676 > e0433a29d961.80: Flags [.], ack 16385, win 492, options [nop,nop,TS val 12378507 ecr 12378507], length 0
20:34:23.213410 IP e0433a29d961.80 > 172.21.0.1.44676: Flags [P.], seq 16385:18125, ack 411, win 235, options [nop,nop,TS val 12378507 ecr 12378507], length 1740: HTTP
20:34:23.213426 IP 172.21.0.1.44676 > e0433a29d961.80: Flags [.], ack 18125, win 520, options [nop,nop,TS val 12378507 ecr 12378507], length 0

# `GET /stats.js` request (client -> proxy)
20:34:23.269929 IP 172.21.0.1.44676 > e0433a29d961.80: Flags [P.], seq 411:750, ack 18125, win 520, options [nop,nop,TS val 12378513 ecr 12378507], length 339: HTTP: GET /stats.js HTTP/1.1

# `GET /stats.js` request (proxy -> server)
20:34:23.270248 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [P.], seq 494:916, ack 18125, win 516, options [nop,nop,TS val 12378513 ecr 12378507], length 422: HTTP: GET /stats.js HTTP/1.1

# `GET /stats.js` response (server -> proxy -> client)
20:34:23.270477 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [P.], seq 18125:18378, ack 916, win 243, options [nop,nop,TS val 12378513 ecr 12378513], length 253: HTTP: HTTP/1.1 200 OK
20:34:23.270518 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 18378, win 539, options [nop,nop,TS val 12378513 ecr 12378513], length 0
20:34:23.270580 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [P.], seq 18378:22481, ack 916, win 243, options [nop,nop,TS val 12378513 ecr 12378513], length 4103: HTTP
20:34:23.270595 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 22481, win 603, options [nop,nop,TS val 12378513 ecr 12378513], length 0
20:34:23.270733 IP e0433a29d961.80 > 172.21.0.1.44676: Flags [P.], seq 18125:22481, ack 750, win 243, options [nop,nop,TS val 12378513 ecr 12378513], length 4356: HTTP: HTTP/1.1 200 OK
20:34:23.270793 IP 172.21.0.1.44676 > e0433a29d961.80: Flags [.], ack 22481, win 588, options [nop,nop,TS val 12378513 ecr 12378513], length 0

# 3 way handshake (client <> proxy)
20:34:23.271120 IP 172.21.0.1.44680 > e0433a29d961.80: Flags [S], seq 3882359748, win 29200, options [mss 1460,sackOK,TS val 12378513 ecr 0,nop,wscale 7], length 0
20:34:23.271154 IP e0433a29d961.80 > 172.21.0.1.44680: Flags [S.], seq 3373201720, ack 3882359749, win 28960, options [mss 1460,sackOK,TS val 12378513 ecr 12378513,nop,wscale 7], length 0
20:34:23.271185 IP 172.21.0.1.44680 > e0433a29d961.80: Flags [.], ack 1, win 229, options [nop,nop,TS val 12378513 ecr 12378513], length 0

# `GET /texture.jpg` request (client -> proxy)
20:34:23.271364 IP 172.21.0.1.44680 > e0433a29d961.80: Flags [P.], seq 1:379, ack 1, win 229, options [nop,nop,TS val 12378513 ecr 12378513], length 378: HTTP: GET /texture.jpg HTTP/1.1
20:34:23.271380 IP e0433a29d961.80 > 172.21.0.1.44680: Flags [.], ack 379, win 235, options [nop,nop,TS val 12378513 ecr 12378513], length 0

# `GET /texture.jpg` request (proxy -> server)
20:34:23.271503 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [P.], seq 916:1377, ack 22481, win 603, options [nop,nop,TS val 12378513 ecr 12378513], length 461: HTTP: GET /texture.jpg HTTP/1.1

# `GET /texture.jpg` response (server -> proxy -> client)
20:34:23.271755 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [P.], seq 22481:22723, ack 1377, win 252, options [nop,nop,TS val 12378513 ecr 12378513], length 242: HTTP: HTTP/1.1 200 OK
20:34:23.271986 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [.], seq 22723:32859, ack 1377, win 252, options [nop,nop,TS val 12378513 ecr 12378513], length 10136: HTTP
20:34:23.272007 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 32859, win 784, options [nop,nop,TS val 12378513 ecr 12378513], length 0
20:34:23.272200 IP e0433a29d961.80 > 172.21.0.1.44680: Flags [.], seq 1:7241, ack 379, win 235, options [nop,nop,TS val 12378513 ecr 12378513], length 7240: HTTP: HTTP/1.1 200 OK
20:34:23.272275 IP 172.21.0.1.44680 > e0433a29d961.80: Flags [.], ack 7241, win 342, options [nop,nop,TS val 12378513 ecr 12378513], length 0
20:34:23.272295 IP e0433a29d961.80 > 172.21.0.1.44680: Flags [P.], seq 7241:8193, ack 379, win 235, options [nop,nop,TS val 12378513 ecr 12378513], length 952: HTTP
20:34:23.272413 IP 172.21.0.1.44680 > e0433a29d961.80: Flags [.], ack 8193, win 364, options [nop,nop,TS val 12378513 ecr 12378513], length 0
20:34:23.272613 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [.], seq 32859:48787, ack 1377, win 252, options [nop,nop,TS val 12378513 ecr 12378513], length 15928: HTTP
20:34:23.272655 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 48787, win 1033, options [nop,nop,TS val 12378513 ecr 12378513], length 0
20:34:23.272719 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [.], seq 48787:63683, ack 1377, win 252, options [nop,nop,TS val 12378513 ecr 12378513], length 14896: HTTP
20:34:23.272772 IP e0433a29d961.80 > 172.21.0.1.44680: Flags [P.], seq 8193:16385, ack 379, win 235, options [nop,nop,TS val 12378513 ecr 12378513], length 8192: HTTP
20:34:23.272735 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 63683, win 1266, options [nop,nop,TS val 12378513 ecr 12378513], length 0
20:34:23.272816 IP 172.21.0.1.44680 > e0433a29d961.80: Flags [.], ack 16385, win 492, options [nop,nop,TS val 12378513 ecr 12378513], length 0
20:34:23.272857 IP e0433a29d961.80 > 172.21.0.1.44680: Flags [P.], seq 16385:24577, ack 379, win 235, options [nop,nop,TS val 12378513 ecr 12378513], length 8192: HTTP
20:34:23.272857 IP play-nginx_http-server_1.play-nginx_default.80 > e0433a29d961.45688: Flags [P.], seq 63683:67719, ack 1377, win 252, options [nop,nop,TS val 12378513 ecr 12378513], length 4036: HTTP
20:34:23.272876 IP e0433a29d961.45688 > play-nginx_http-server_1.play-nginx_default.80: Flags [.], ack 67719, win 1329, options [nop,nop,TS val 12378513 ecr 12378513], length 0
20:34:23.272876 IP 172.21.0.1.44680 > e0433a29d961.80: Flags [.], ack 24577, win 620, options [nop,nop,TS val 12378513 ecr 12378513], length 0
20:34:23.272945 IP e0433a29d961.80 > 172.21.0.1.44680: Flags [.], seq 24577:34713, ack 379, win 235, options [nop,nop,TS val 12378513 ecr 12378513], length 10136: HTTP
20:34:23.272965 IP 172.21.0.1.44680 > e0433a29d961.80: Flags [.], ack 34713, win 779, options [nop,nop,TS val 12378513 ecr 12378513], length 0
20:34:23.272991 IP e0433a29d961.80 > 172.21.0.1.44680: Flags [.], seq 34713:44849, ack 379, win 235, options [nop,nop,TS val 12378513 ecr 12378513], length 10136: HTTP
20:34:23.273021 IP 172.21.0.1.44680 > e0433a29d961.80: Flags [.], ack 44849, win 937, options [nop,nop,TS val 12378513 ecr 12378513], length 0
20:34:23.273035 IP e0433a29d961.80 > 172.21.0.1.44680: Flags [P.], seq 44849:45239, ack 379, win 235, options [nop,nop,TS val 12378513 ecr 12378513], length 390: HTTP
20:34:23.273054 IP 172.21.0.1.44680 > e0433a29d961.80: Flags [.], ack 45239, win 960, options [nop,nop,TS val 12378513 ecr 12378513], length 0

proxyとserver間の通信が、一つのTCPコネクションだけを使って行われていることがわかる。また、 /texture.jpg のリクエストは、clientとproxy間では新たなコネクションを作ってリクエストしていたが、proxyとserver間ではコネクションを再利用していることに注意したい。