Opened 8 years ago
Last modified 8 years ago
#1059 new defect
syntax check error when an upstream is used in proxy_pass using both http and https and is defined after
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.11.x |
Keywords: | Cc: | ||
uname -a: | Linux TEST_VPNA 2.6.32-573.26.1.el6.x86_64 #1 SMP Wed May 4 00:57:44 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux | ||
nginx -V: |
[root@TEST_VPNA conf.d]# nginx -V
nginx version: nginx/1.10.1 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-16) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_perl_module=dynamic --add-dynamic-module=njs-1c50334fbea6/nginx --with-threads --with-stream --with-stream_ssl_module --with-http_slice_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_v2_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' |
Description
First case, upstream is defined before (alphabetically) its usage in proxy_pass, both in http and https:
[root@TEST_VPNA conf.d]# cat a_1.conf
upstream backend {
server 10.3.1.110:8443;
}
[root@TEST_VPNA conf.d]# cat a_2.conf
server {
listen 443 ssl;
server_name TRUC.domain.com;
location /one {
proxy_pass http://backend;
}
location /two {
proxy_pass https://backend;
}
}
[root@TEST_VPNA conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
Now if the upstream definition is read after, nginx tries to resolve the upstream name:
[root@TEST_VPNA conf.d]# mv a_1.conf a_3.conf
[root@TEST_VPNA conf.d]# nginx -t
nginx: [emerg] host not found in upstream "backend" in /etc/nginx/conf.d/a_2.conf:9
nginx: configuration file /etc/nginx/nginx.conf test failed
Note that there is no problem if upstream is used only in https (or http):
[root@TEST_VPNA conf.d]# cat a_2.conf
server {
listen 443 ssl;
server_name TRUC.domain.com;
location /one {
proxy_pass https://backend;
}
location /two {
proxy_pass https://backend;
}
}
[root@TEST_VPNA conf.d]# cat a_3.conf
upstream backend {
server 10.3.1.110:8443;
}
[root@TEST_VPNA conf.d]# nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
There is no use case using the same upstream in both http and https but it can prevent nginx to run in case of configuration mistake.
In 6787:640e1e778de6/nginx: