Opened 2 years ago

Last modified 18 months ago

#1417 new enhancement

Nginx won't start if hostname isn't valid

Reported by: kallisti5@… Owned by:
Priority: minor Milestone:
Component: other Version: 1.13.x
Keywords: container Cc:
uname -a: Linux 774956f05acf 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 Linux
nginx -V: nginx version: nginx/1.13.5 built by gcc 6.2.1 20160822 (Alpine 6.2.1) built with OpenSSL 1.0.2k 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-compat --with-file-aio --with-http_v2_module

Description

This is the exact same issue as described in #1040

We use nginx in a container to route web services to various internal container services. As nginx currently works, if a hostname is unknown for a proxy, nginx refuses to start.

nginx: [emerg] host not found in upstream "gerrit_cgit_1" in /etc/nginx/conf.d/cgit.conf:12

server {
    listen 80;
    listen [::]:80 ipv6only=on;

    server_name cgit.haiku-os.org git.haiku-os.org;
    access_log off;
    error_log off;
    return      301 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    listen [::]:443 ssl ipv6only=on;

    server_name cgit.haiku-os.org git.haiku-os.org;
    client_max_body_size 100m;
    ssl_certificate /etc/letsencrypt/live/cgit.haiku-os.org/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/cgit.haiku-os.org/privkey.pem;
    location / {
        proxy_bind $server_addr;
        proxy_pass http://gerrit_cgit_1:80;
    }
}

In a container environment, if the gerrit_cgit_1 container isn't running, the host won't resolve.

Instead of "refusing to start" due to one vhost not working, ideally, nginx should offer up HTTP 503 for service unavailable.

There is a larger story around re-checking hostnames, but this change would mean that "some services are functional" (other vhosts that do resolve) vs "everything is broken until you modify your config files because a container is not running"

If nginx doesn't want this to be the standard configuration, maybe add a "proxy_unavailable warn" vs "proxy_unavailable error" or something?

Change History (1)

comment:1 Changed 18 months ago by maxim

  • Milestone 1.13 deleted

Ticket retargeted after milestone closed

Note: See TracTickets for help on using tickets.