Opened 5 years ago
Closed 5 years ago
#1700 closed defect (wontfix)
UDP connections are terminated when updating Nginx executable file on-the-fly
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | major | Milestone: | nginx-1.15 |
| Component: | nginx-core | Version: | 1.15.x |
| Keywords: | UDP, stream, upgrade | Cc: | |
| uname -a: | Linux lb1.example.com 3.10.0-862.14.4.el7.x86_64 #1 SMP Wed Sep 26 15:12:11 UTC 2018 x86_64 x86_64 x86_64 GNU/Linux | ||
| nginx -V: |
nginx version: nginx/1.15.8
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-36) (GCC) built with OpenSSL 1.0.2k-fips 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie' |
||
Description
UDP handling allow to use it for OpenVPN balancing, but Nginx isn't remember about UDP connections during upgrade the Nginx binary file on-the-fly, so Nginx do full and fast binary upgrade, select different ports for proxied UDP packets and then connections are interrupted.
Proxied UDP connection isn't interrupt whet it's alone connection to first backend in upstream list )
For TCP streams on-the-fly upgrade is working correct - i see old and new binaries in process list, while the TCP connections to nginx are established.
Note:
See TracTickets
for help on using tickets.
This is expected. Since there is single UDP socket to handle all incoming packets, it is not possible to preserve packets related to old UDP sessions being routed to the old worker processes after a binary upgrade and/or configuration reload. Instead, sessions are re-established in the new processes once a new packet arrives.
From
it looks like in your case the problem is that re-established sessions are routed to different upstream servers, and your upstream servers cannot handle this. You may consider using hash $remote_addr balancing, it should help to preserve sessions on the same upstream servers regardless of binary upgrades and configuration reloads.