Opened 4 years ago
Closed 4 years ago
#1741 closed enhancement (worksforme)
|Reported by:||Owned by:|
|uname -a:||Linux arstotzka 4.15.0-45-generic #48-Ubuntu SMP Tue Jan 29 16:28:13 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux|
nginx version: nginx/1.14.0 (Ubuntu)
built with OpenSSL 1.1.0g 2 Nov 2017
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fdebug-prefix-map=/build/nginx-FIJPpj/nginx-1.14.0=. -fstack-protector-strong -Wformat -Werror=format-security -fPIC -Wdate-time -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now -fPIC' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-http_slice_module --with-threads --with-http_addition_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_sub_module --with-http_xslt_module=dynamic --with-stream=dynamic --with-stream_ssl_module --with-mail=dynamic --with-mail_ssl_module
Over the past several years, there have been multiple requests regarding IPv6 or IPv4 binding before addresses are assigned; and many suggestions have been made to use IP_FREEBIND to permit binding before the IP address(es) are actually on-interface, or for HA cases.
Is there any particular reason why IP_FREEBIND is not included to solve these binding issues? If there is no specific reason, can you consider adding it?
Maxim made suggestions via the lists to bind to [::] AND the IPv6 that's sought to be bound to, however this doesn't appear to work anymore and gives you an emerg crit failure during startup.
(NOTE: While nginx -V points at Ubuntu, this is ultimately still a question that should be considered for NGINX at-large.)
Change History (1)
comment:1 by , 4 years ago
|Status:||new → closed|
If it doesn't work for you, you may want to check the reasons. For example, the following configuration opens a single listening socket on
[::]:8080and does not depend on
2001:db8::1being present on the host in question:
Basic things to check are:
bind()which would fail.
While supporting Linux-specific
IP_FREEBINDis certainly possible, it is not clear why this can be needed except may be in some complex configurations when one do not want to configure listening on the wildcard address for some reason (and in such configurations it is always possible to use
/proc/sys/net/ipv?/ip_nonlocal_bindto allow non-local binds system-wide). All requests seen so far indicate no reasons to introduce
IP_FREEBINDsupport, but rather indicate that people don't know how to use existing nginx features to bind on wildcard addresses.