Skip to content

docs: add ntlm_time/ntlm_requests directives and nginx ≥1.25 compatibility note #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
matthias-lay merged 1 commit into from
May 6, 2026
Merged

docs: add ntlm_time/ntlm_requests directives and nginx ≥1.25 compatibility note #5

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
20 changes: 20 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,18 @@ The connections parameter sets the maximum number of connections to the upstream

Sets the timeout during which an idle connection to an upstream server will stay open.

> Syntax: ntlm_time time;
> Default: ntlm_time 1h;
> Context: upstream

Sets the maximum wall-clock age of a cached upstream connection. Once the connection has been open for longer than this value it will not be reused, even if it is otherwise idle and healthy. This bounds the lifetime of a single NTLM authentication context.

> Syntax: ntlm_requests number;
> Default: ntlm_requests 1000;
> Context: upstream

Sets the maximum number of requests that may be made over a single cached upstream connection before it is closed and a new one is established. Limiting the number of requests per connection prevents a single long-lived connection from accumulating unbounded state.

## Build

Follow the instructions from [Building nginx from Sources](http://nginx.org/en/docs/configure.html) and add the following line to the configure command
Expand Down Expand Up @@ -70,6 +82,14 @@ prove -r t
```


## nginx Version Compatibility

| nginx version | Notes |
|---------------|-------|
| < 1.9.1 | Not supported — the upstream peer API used by this module was introduced in nginx 1.9.1. |
| 1.9.1 – 1.24.x | Supported. |
| ≥ 1.25.x | Supported. Versions in the 1.25/1.26/1.27/1.28 series (e.g. 1.28.3) changed internal assumptions about `ngx_connection_t->data` in the upstream event handler (`ngx_http_upstream_handler` now expects `c->data` to hold the request pointer). Earlier releases of this module reused `c->data` to store the NTLM cache item on idle connections, which caused segfaults with these nginx versions. This was fixed in the module — see [PR #4](https://github.com/Securepoint/nginx-ntlm-module/pull/4). Use a module build from the current `main` branch when running nginx ≥ 1.25. |

## Acknowledgments

- This module is using most of the code from the original nginx keepalive module.
Expand Down