id summary reporter owner description type status priority milestone component version resolution keywords cc uname nginx_version 1372 Nginx not respecting the TTL for the resolver at the Location block with 418 http response kianyang@… "Hi team, We recently notice an issue with our Nginx configuration where we attempt to perform redirections using the error_page directive to redirect some requests to our legacy application. Following the guide in https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/ we have implemented the below rules. {{{ user www-data; worker_processes auto; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; include /usr/share/nginx/modules/*.conf; http { access_log /var/log/nginx/access.log keyvalue; server { listen 80; server_name localhost; # rewrite ^(.*[^/])$ $1/ permanent; proxy_buffering off; proxy_set_header HOST $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; # RULE for /shared-end-point/ that's shared with legacy and new site # NOTE: This rule is known to cause issues on HP returning 503 status when ELB IP addresses are updated. location = /shared-end-point/ { error_page 418 = @legacy_site; recursive_error_pages on; if ($request_uri ~ ((legacy_querystring1|legacy_querystring2)=)) { return 418; } proxy_pass_request_headers on; resolver 10.90.32.2 valid=10s; set $upstream_endpoint aws-ec2-new-site.com; proxy_pass http://$upstream_endpoint$request_uri; if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } } ######## Homepage location = / { proxy_pass_request_headers on; resolver 10.90.32.2 valid=10s; set $upstream_endpoint aws-ec2-new-site.com; proxy_pass http://$upstream_endpoint; if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } } ######## Legacy site location @legacy_site { proxy_pass_request_headers on; resolver 10.90.32.2 valid=10s; set $upstream_endpoint legacy-site.com; proxy_pass https://$upstream_endpoint; if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } } } } }}} We realized that when our ELB refreshes the IP addresses, the aws-ec2-new-site.com is still resolving to the old IP and does not respect the TTL until we reloaded the configuration. Once we remove the 418 redirection rules, it behaves as expected and resolves the hosts based on the TTL. This is observed via a tcp dump where no request to the amazon resolver. This does not appear to be a consistent behaviour or is this a bug to be addressed in future versions. " defect closed minor nginx-core 1.10.x invalid proxy_pass Linux 933322741cf2 4.9.43-17.38.amzn1.x86_64 #1 SMP Thu Aug 17 00:20:39 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux nginx version: nginx/1.10.1 (Ubuntu)