Welcome! Log In Create A New Profile

Advanced

proxy_bind with hostname from /etc/hosts possible?

Posted by larsg 
Hi!

is it possible to use an hostname from local /etc/hosts as proxy_bind
value?
In our current

Background:
We use nginx 1.8.1 as reverse proxy.
In order to overcome the "Overcoming Ephemeral Port Exhaustion" problem
(64k+ connections), we use proxy_bind to iterate over all loccally available
IP addresses and assign them as source IP (see
https://www.nginx.com/blog/overcoming-ephemeral-port-exhaustion-nginx-plus/)
In order to have an generic nginx configuration for all of our nginx
instances, we don't want to hard code server specific IPs in the nginx.conf
but use hostnames that are defined in the local /etc/hosts.

You can see our current configuration above.
Unfortunately nginx cannot resolve the hostname (localip0 etc.). There is an
error log "invalid local address "localip0"...).
We also tested the usage of upstream directive. Same result.
I'm worry that I only can use explicit IP addresses in this situation. Or do
you have an alternative solution?

/etc/host:
192.168.1.130 localip0
192.168.1.132 localip1
...

nginx.conf:

split_clients "${remote_addr}${remote_port}AAAA" $source_ip {
10% localip0;
10% localip1;
...
}

server {
listen 443;
proxy_bind $source_ip;
...

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,272918,272918#msg-272918

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Francis Daly
Re: proxy_bind with hostname from /etc/hosts possible?
March 17, 2017 04:00PM
On Mon, Mar 13, 2017 at 10:38:12AM -0400, larsg wrote:

Hi there,

> is it possible to use an hostname from local /etc/hosts as proxy_bind
> value?

http://nginx.org/r/proxy_bind says that its argument is an address. So
I'm going to say "no".

> You can see our current configuration above.
> Unfortunately nginx cannot resolve the hostname (localip0 etc.). There is an
> error log "invalid local address "localip0"...).

If you dive into the source code, you'll see that that error message
happens when a call to "ngx_parse_addr_port()" fails; and that function
does what its name suggests.

> I'm worry that I only can use explicit IP addresses in this situation. Or do
> you have an alternative solution?

I think you'll need to use IP addresses.

An option (untested) could be to put the split_clients call into an
external file which you "include" in your common nginx.conf, and let
*that* file be generated unique per host.

And another option could be to have a common nginx-conf-precursor
which is distributed to all hosts, and then run a pre-processor of your
choice against it to create the individual unique nginx.conf files.

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
thanks for the reply.
indeed, we are generating the split_clients directive on the host it's
running.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,272918,273009#msg-273009

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Sorry, only registered users may post in this forum.

Click here to login