On Fri, May 01, 2009 at 05:27:10PM +1000, Tristan Griffiths wrote:
> > -----Original Message-----
> > From: owner-nginx@sysoev.ru [mailto:owner-nginx@sysoev.ru] On Behalf
> Of
> > Igor Sysoev
> > Sent: Friday, 1 May 2009 4:50 PM
> > To: nginx@sysoev.ru
> > Subject: Re: nginx + ip_nonlocal_bind
> >
> > On Fri, May 01, 2009 at 04:26:55PM +1000, Tristan Griffiths wrote:
> >
> > > Greetings.
> > >
> > > We would like to setup our Nginx instances in a HA pair. Using
> > > Heartbeat, we have Nginx listening on virtual addresses on the
> active
> > > server.
> > >
> > > On the passive server, we cannot get Nginx to start up because those
> > > virtual (or floating) address are not configured on the server until
> > > Heartbeat detects a failover condition.
> > >
> > > Is Nginx able to bind to a non-local IP address? We've tried setting
> > the
> > > ip_nonlocal_bind kernel option with no luck.
> > >
> > > Some important information:
> > >
> > > # nginx -v
> > > nginx version: nginx/0.7.53
> > >
> > > Starting nginx: [emerg]: bind() to 213.167.72.152:80 failed (98:
> > Address
> > > already in use)
> >
> > This is because another process is laready listen on this
> address:port.
> >
> > > CentOS 5.3
> > >
> > > <config>
> > > server {
> > > listen 213.167.72.152:80 default;
> > > </config>
> > >
> > > Any other settings we should provide?
> >
> > To listen on temporarily non configured addresses you may use
> something
> > like this:
> >
> > server {
> > listen 80;
> > }
> >
> > server {
> > listen 213.167.72.152:80 default;
> > ...
> > }
> >
> > server {
> > listen 213.167.72.1:80 default;
> > ...
> > }
> >
> > nginx binds to *:80 only, but tests an address where a request comes
> > to.
>
> Hadn't tried that. Works a treat.
>
> Hope this helps someone else in future.
OK, however, with ip_nonlocal_bind nginx should bind() successfully
even to non existent addresses. You should look why bind() returned
(98: Address already in use).
> For SSL hosts, would we just "listen 443; ssl on;" (with a dummy
> certificate)?
Yes. Or you may combine SSL/non-SSL servers in one server:
server {
listen 80;
listen 443 default ssl;
--
Igor Sysoev
http://sysoev.ru/en/