 | Start a set with this search |
 | Include this search in one of my sets |
 | Exclude this search from one of my sets |
 | Permalink to these results Paste this link in email or IM: |
 | Atom feed for tracking future search results Paste this URL into your reader: |
9 messages in ru.sysoev.nginxRE: nginx + ip_nonlocal_bind| From | Sent On | Attachments |
|---|---|---|
| Tristan Griffiths | Apr 30, 2009 11:26 pm | |
| Michael Shadle | Apr 30, 2009 11:33 pm | |
| Igor Sysoev | Apr 30, 2009 11:50 pm | |
| Tristan Griffiths | May 1, 2009 12:00 am | |
| Michael Shadle | May 1, 2009 12:17 am | |
| Tristan Griffiths | May 1, 2009 12:26 am | |
| Igor Sysoev | May 1, 2009 12:37 am | |
| Tristan Griffiths | May 1, 2009 3:00 am | |
| Tristan Griffiths | May 1, 2009 4:00 am |
| Permalink for this message Paste this link in email or IM: |
| Permalink for this thread Paste this link in email or IM: |
| Atom feed for this thread Paste this URL into your reader: |
| Subject: | RE: nginx + ip_nonlocal_bind | Actions... |
|---|---|---|
| From: | Tristan Griffiths (tris...@stomp.com.au) | |
| Date: | May 1, 2009 4:00:46 am | |
| List: | ru.sysoev.nginx | |
-----Original Message----- From: owne...@sysoev.ru [mailto:owne...@sysoev.ru] On Behalf Of Tristan Griffiths Sent: Friday, 1 May 2009 8:00 PM To: ngi...@sysoev.ru Subject: RE: nginx + ip_nonlocal_bind
-----Original Message----- From: owne...@sysoev.ru [mailto:owne...@sysoev.ru] On Behalf Of Igor Sysoev Sent: Friday, 1 May 2009 5:38 PM To: ngi...@sysoev.ru Subject: Re: nginx + ip_nonlocal_bind
On Fri, May 01, 2009 at 05:27:10PM +1000, Tristan Griffiths wrote:
Behalf
Of
Igor Sysoev Sent: Friday, 1 May 2009 4:50 PM To: ngi...@sysoev.ru Subject: Re: nginx + ip_nonlocal_bind
On Fri, May 01, 2009 at 04:26:55PM +1000, Tristan Griffiths wrote:
Greetings.
We would like to setup our Nginx instances in a HA pair. Using Heartbeat, we have Nginx listening on virtual addresses on the active server.
On the passive server, we cannot get Nginx to start up because those virtual (or floating) address are not configured on the server until Heartbeat detects a failover condition.
Is Nginx able to bind to a non-local IP address? We've tried
setting
the
ip_nonlocal_bind kernel option with no luck.
Some important information:
# nginx -v nginx version: nginx/0.7.53
Starting nginx: [emerg]: bind() to 213.167.72.152:80 failed
(98:
Address
already in use)
This is because another process is laready listen on this address:port.
CentOS 5.3
<config> server { listen 213.167.72.152:80 default; </config>
Any other settings we should provide?
To listen on temporarily non configured addresses you may use something like this:
server { listen 80; }
server { listen 213.167.72.152:80 default; ... }
server { listen 213.167.72.1:80 default; ... }
nginx binds to *:80 only, but tests an address where a request comes to.
Hadn't tried that. Works a treat.
Hope this helps someone else in future.
OK, however, with ip_nonlocal_bind nginx should bind() successfully even to non existent addresses. You should look why bind() returned (98: Address already in use).
For SSL hosts, would we just "listen 443; ssl on;" (with a dummy certificate)?
Yes. Or you may combine SSL/non-SSL servers in one server:
server { listen 80; listen 443 default ssl;
This is what I have now done, although I was being tripped up by the "deferred" option defined in our virtual host listen directives. Setting:
server { listen 80 default deferred; ....
Seems to work.
Catch with combining SSL/non-SSL is that our backend app servers require the X-FORWARDED_PROTO header to know if the client is getting an encrypted connection. Is there a way around this?
Answered my own question...
proxy_set_header X-FORWARDED_PROTO $scheme;
Easy!
Thanks again Igor for fantastic software.