Opened 7 years ago
Closed 7 years ago
#1260 closed defect (invalid)
Regex Location fails resolver DNS lookup
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-module | Version: | 1.11.x |
| Keywords: | resolver | Cc: | |
| uname -a: | Linux bb-analytics-auth-proxy-3860146928-2v0v4 4.4.0-72-generic #93-Ubuntu SMP Fri Mar 31 14:07:41 UTC 2017 x86_64 Linux | ||
| nginx -V: |
nginx version: openresty/1.11.2.3
built by gcc 6.2.1 20160822 (Alpine 6.2.1) built with OpenSSL 1.0.2k 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/usr/local/openresty/nginx --with-cc-opt=-O2 --add-module=../ngx_devel_kit-0.3.0 --add-module=../echo-nginx-module-0.60 --add-module=../xss-nginx-module-0.05 --add-module=../ngx_coolkit-0.2rc3 --add-module=../set-misc-nginx-module-0.31 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.06 --add-module=../srcache-nginx-module-0.31 --add-module=../ngx_lua-0.10.8 --add-module=../ngx_lua_upstream-0.06 --add-module=../headers-more-nginx-module-0.32 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.18 --add-module=../redis2-nginx-module-0.14 --add-module=../redis-nginx-module-0.3.7 --add-module=../rds-json-nginx-module-0.14 --add-module=../rds-csv-nginx-module-0.07 --with-ld-opt=-Wl,-rpath,/usr/local/openresty/luajit/lib --with-openssl=/tmp/openssl-1.0.2k --with-pcre=/tmp/pcre-8.39 --with-file-aio --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_xslt_module=dynamic --with-ipv6 --with-mail --with-mail_ssl_module --with-md5-asm --with-pcre-jit --with-sha1-asm --with-stream --with-stream_ssl_module --with-threads |
||
Description
We are developing with Kubernetes and came across an interesting issue where the resolver directive would not be applied properly when a DNS service name was inside a regex location. If we converted the DNS service to an IP then it would work. If we changed the regex location to a static location the resolver would work and find the DNS service IP correctly.
The following examples are what we had in the config for the location:
Did not work -
resolver 10.0.0.10 valid=10s ipv6=off;
resolver_timeout 10s;
location ~* ^/esauth/($1) {
internal;
proxy_pass http://bb-application/api/v1/proxy/$1
}
Worked -
resolver 10.0.0.10 valid=10s ipv6=off;
resolver_timeout 10s;
location /esauth {
internal;
proxy_pass http://bb-application/api/v1/proxy
}
Log from failed attempt:
2017-04-27T20:07:42.72470006Z 2017/04/27 20:07:42 [error] 7#7: *5 bb-application could not be resolved (3: Host not found),...
Change History (2)
comment:2 by , 7 years ago
| Resolution: | → invalid |
|---|---|
| Status: | new → closed |
Hostname in proxy_pass without variables is resolved on start-up using the resolver from libc, which has a notion of "short names relative to the local domain", or the search path.
Hostname in proxy_pass with variables uses nginx's resolver which needs full domain names.
Sorry, the location that did not work has an error in it from our actual config.
It should read
location ~* ^/esauth/(.*) {