Opened 2 years ago

Closed 8 months ago

#1039 closed defect (invalid)

fastopen with SSL in multiple server declaration causes duplicate listen options for 0.0.0.0:443

Reported by: mikeg.de.googlemail.com@… Owned by:
Priority: minor Milestone:
Component: nginx-module Version: 1.11.x
Keywords: tcp fastopen ssl Cc:
uname -a: Linux ip-172-31-11-0 3.13.0-48-generic #80-Ubuntu SMP Thu Mar 12 11:16:15 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: --user=www-data --group=www-data --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-debug --with-threads --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --with-http_degradation_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-stream --with-stream_ssl_module --add-module=/home/ubuntu/nginx_accept_language_module-master --add-module=/home/ubuntu/ngx_cache_purge-master

Description

Hi,

I have a multiple server setup with SSL and tried to add fastopen. But on nginx -t it throws duplicate listen options for 0.0.0.0:443

1st server: listen 443 ssl http2 fastopen=256 default_server;
2nd server: listen 443 ssl fastopen=256;

And there is undoubtedly no duplicated listen directive.

Kind regards
Mike

Change History (4)

comment:1 Changed 2 years ago by mdounin

  • Resolution set to invalid
  • Status changed from new to closed

You are using fastopen=256 in both listen directives, this is not allowed. You have to specify listening options only in one listen directive in the configuration.

comment:2 Changed 8 months ago by mikeg-de@…

Hi,

totally lost track of my request … the issue is that the listen directive is only valid in the server context which won't allow to use TFO for multiple vhosts. What would you recommend to enable usage of TFO for all vhosts then?

Kind regards
Mike

comment:3 Changed 8 months ago by mikeg-de@…

  • Resolution invalid deleted
  • Status changed from closed to reopened

comment:4 Changed 8 months ago by mdounin

  • Resolution set to invalid
  • Status changed from reopened to closed

Quoting docs:

The listen directive can have several additional parameters specific to socket-related system calls. These parameters can be specified in any listen directive, but only once for a given address:port pair.

If you have further questions, please consider using support options available.

Note: See TracTickets for help on using tickets.