Hello!

On Mon, May 06, 2013 at 12:12:44PM -0400, mevans336 wrote:

> Hi Mex,
>
> We shut them down one-by-one, 45 minutes apart. The issue only seems to
> occur when the first server listed is blocked however. We don't see the read
> timeouts if I leave the iptables rules enabled on the second server. I think
> that may be a false symptom related to ip_hash binding clients to the first
> server.

Timeouts are expected to appear in logs once per fail_timeout=
specified (after fail_timeout expires, nginx will route one
request to a server in question to check if it's alive again).

As only certain ips are mapped to the server blocked with ip_hash,
it might nontrivial to test things with low traffic.

> Here are the iptables rules:
>
> Drop rule: iptables -I INPUT -s 192.168.1.0/24 -j DROP
> Allow rule: iptables -D INPUT -s 192.168.1.0/24 -j DROP

Using "-j REJECT" would make things a lot faster.

[...]

--
Maxim Dounin
http://nginx.org/en/donation.html

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx