Welcome! Log In Create A New Profile

Re: proxy_pass behavior

Forum List Message List New Topic Print View

Jim Popovitch

March 27, 2014 08:20PM

On Thu, Mar 27, 2014 at 1:50 PM, Jim Popovitch <jimpop@gmail.com> wrote:
> On Thu, Mar 27, 2014 at 1:27 PM, Maxim Dounin <mdounin@mdounin.ru> wrote:
>> Hello!
>>
>> On Thu, Mar 27, 2014 at 01:12:18PM -0400, Jim Popovitch wrote:
>>
>>> On Thu, Mar 27, 2014 at 12:59 PM, Maxim Dounin <mdounin@mdounin.ru> wrote:
>>> > Hello!
>>> >
>>> > On Thu, Mar 27, 2014 at 12:29:03PM -0400, Jim Popovitch wrote:
>>> >
>>> >> Should proxy_pass retry ipv4 if ipv6 fails? Currently (1.5.12), it
>>> >> does not, and there is no way to force proxy_pass to always use ipv4.
>>> >
>>> > In no particular order:
>>> >
>>> > - The proxy_next_upstream is expected to retry by default.
>>>
>>> Yes, that works if the host name has 2 or more A OR 2 or more AAAA
>>> records. proxy_next_upstream does not appear to transition to the
>>> next protocol (i.e. from ipv4 to ipv6)
>>
>> It doesn't care about address family. As long as connect() to
>> one address fails, it will try next one.
>
> I will have to do some more tests, but so far 1.5.12 (debian wheezy)
> does not appear to try the next one if the next one is a different
> protocol family.

So here is what happens:

Nginx 1.5.12 on Debian Wheezy 7.4

~$ host www.acadiau.ca
www.acadiau.ca has address 131.162.201.18
www.acadiau.ca has IPv6 address 2620:21:c000:c8:0:aca:d1a:18

~$ grep proxy_pass /etc/nginx/sites-available/proxy
proxy_pass https://www.acadiau.ca;

When an IPv6 client connects to the proxy, proxy_pass logs the error as

2014/03/27 21:28:28 [alert] 24862#0: *158336 connect() failed (13:
Permission denied) while connecting to upstream, client:
2604:180::82c6:fe9, server: proxy-service.tld, request: "GET /
HTTP/1.1", upstream: "https://[2620:21:c000:c8:0:aca:d1a:18]:443/",
host: "proxy-service.tld"

It will next try the ipv4 addr and succeed, however the reason for the
"Permission denied" error appears to be the format of the URL (raw
ipv6 addr, not hostname). Why is it using the ipv6 addr instead of
the hostname?

-Jim P.

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
proxy_pass behavior	Jim Popovitch	1003	March 27, 2014 12:30PM
Re: proxy_pass behavior	Maxim Dounin	456	March 27, 2014 01:00PM
Re: proxy_pass behavior	Jim Popovitch	370	March 27, 2014 01:14PM
Re: proxy_pass behavior	Maxim Dounin	365	March 27, 2014 01:28PM
Re: proxy_pass behavior	Jim Popovitch	2372	March 27, 2014 01:52PM
Re: proxy_pass behavior	Jim Popovitch	725	March 27, 2014 08:20PM
Re: proxy_pass behavior	Jim Popovitch	603	March 28, 2014 01:58PM
Re: proxy_pass behavior	Maxim Dounin	522	March 28, 2014 02:38PM
Re: proxy_pass behavior	Jim Popovitch	859	March 28, 2014 02:42PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

apostrofix

Guests: 164

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018