Welcome! Log In Create A New Profile

Advanced

Re: [PATCH] Added nonlocal to the listen directive

Previous Message Next Message
Forum List Message List New Topic Print View
Maxim Dounin
May 09, 2014 12:18AM
Hello!

On Thu, May 01, 2014 at 01:42:51PM +0200, info@kliemeck.de wrote:

> Hey,
>
> i thought that this is important but I have received no response. Any update
> on this?

Much like with ipv4, just bind on the ipv6 address you want _and_
[::].

>
> greets
> Hans-Joachim
>
> Quoting info@kliemeck.de:
>
> >Hey,
> >
> >but it is still not possible to work with IPv6, if you want to bind to a
> >specific address (not [::]) that is not a local address. The
> >"ip_nonlocal_bind-sysctl" use-case is not fulfilled with this and i think
> >it is a common use-case that nginx is used within a high availability
> >environment with a shared ip address. It is possible that this important
> >feature is integrated within 1.6, since it may be a reason not to use
> >IPv6?
> >
> >greets
> >Hans-Joachim Kliemeck
> >
> >Quoting mdounin@mdounin.ru:
> >
> >>Hello!
> >>
> >>On Fri, Mar 28, 2014 at 10:45:53AM +0100, Trygve Vea wrote:
> >>
> >>># HG changeset patch
> >>># User Trygve Vea <tv at redpill-linpro.com>
> >>># Date 1395999940 -3600
> >>># Fri Mar 28 10:45:40 2014 +0100
> >>># Node ID 16eacd8609c8362e9dd729c743ed7a869c2993fe
> >>># Parent 2411d4b5be2ca690a5a00a1d8ad96ff69a00317f
> >>>Added nonlocal to the listen directive
> >>>
> >>>The nonlocal option is used to set the needed socket options to be
> >>>able to bind
> >>>to an address not necessarily owned by the host.
> >>>
> >>>This patch currently implements this for Linux >= 2.4 IPv4/IPv6.
> >>>
> >>>The problem we solve by doing this, is in an environment where the
> >>>following
> >>>conditions are met:
> >>>
> >>>* HTTPS with multiple certificates, and a client base that are unable
> >>>to use
> >>> SNI - thus having the need to tie specific certificates to specific
> >>>ip/ports.
> >>>* Setting the ip_nonlocal_bind-sysctl is not an option (for example
> >>>for Linux
> >>> IPv6)
> >>>* Used in a failover-setup, where the service IP-addresses are moved
> >>>around by
> >>> a daemon like linux-ha or keepalived.
> >>
> >>As already explained, the patch is not needed for the use case
> >>claimed. Just a bind on INADDR_ANY/IN6ADDR_ANY will do the trick.
> >>
> >>--
> >>Maxim Dounin
> >>http://nginx.org/
> >
> >
> >
> >_______________________________________________
> >nginx-devel mailing list
> >nginx-devel@nginx.org
> >http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
>
>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel

--
Maxim Dounin
http://nginx.org/

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Reply Quote
RSS
Subject Author Views Posted

[PATCH] Added nonlocal to the listen directive

Trygve Vea 1062 March 28, 2014 09:42AM

Re: [PATCH] Added nonlocal to the listen directive

Anonymous User 357 April 27, 2014 04:12PM

Re: [PATCH] Added nonlocal to the listen directive

Anonymous User 359 May 01, 2014 07:44AM

Re: [PATCH] Added nonlocal to the listen directive

Maxim Dounin 494 May 09, 2014 12:18AM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 129
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready