Opened 4 years ago
Closed 4 years ago
#1912 closed defect (wontfix)
Ignore duplicate reuseport options
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-core | Version: | 1.16.x |
| Keywords: | Cc: | ||
| uname -a: | FreeBSD nginx.test.modirum.com 12.1-RELEASE-p1 FreeBSD 12.1-RELEASE-p1 GENERIC amd64 | ||
| nginx -V: |
nginx version: nginx/1.16.1
built with OpenSSL 1.1.1d-freebsd 10 Sep 2019 TLS SNI support enabled configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --with-file-aio --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_v2_module --with-http_addition_module --with-http_auth_request_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_realip_module --with-pcre --with-http_ssl_module --with-http_stub_status_module --without-mail_pop3_module --without-mail_smtp_module --with-mail_ssl_module --add-module=/wrkdirs/usr/ports/www/nginx/work/ModSecurity-nginx-71ede63 --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --add-module=/wrkdirs/usr/ports/www/nginx/work/nginx-module-vts-0.1.18 --with-mail=dynamic --with-stream=dynamic --add-dynamic-module=/wrkdirs/usr/ports/www/nginx/work/ngx_devel_kit-0.3.1 --add-dynamic-module=/wrkdirs/usr/ports/www/nginx/work/ngx_http_auth_pam_module-1.5.1 --add-dynamic-module=/wrkdirs/usr/ports/www/nginx/work/lua-nginx-module-0.10.15 --add-dynamic-module=/wrkdirs/usr/ports/www/nginx/work/set-misc-nginx-module-cda7e50 --add-dynamic-module=/wrkdirs/usr/ports/www/nginx/work/passenger-6.0.4/src/nginx_module |
||
Description
We use puppet for configuration management, automatically creating hundreds of virtual hosts on a single nginx instance and IP:PORT. Using reuseport greatly improves performance, but we cannot automate this since we can either specify "reuseport" on all listen directives, or none at all.
Since configuration parsing already detects duplicate reuseport options, it should be trivial to simply ignore any but the first for a given IP:PORT combination.
Though I am sure it makes sense on a code level, it does not make sense to a user that some options (ssl) can (must?) be specified for each listen directive, while others (reuseport) can not.
Note:
See TracTickets
for help on using tickets.
As of now, options of the "listen" directive related to the listening socket cannot be specified multiple times. This ensures that all options are set correctly and no conflicting configurations can be specified.
To simplify configurations and make them more user-friendly in 0.8.51 it was made possible to specify the "ssl" option (which is not related to listening socket options, but rather to the protocol used on connections to the listening socket) multiple times. So it become possible to use "listen 443 ssl;" in virtual servers, making it obvious that the socket in question uses SSL. Later this approach was extended to all newly added protocol-level options ("http2", "proxy_protocol"). This approach, however, causes a different issue: users try to enable a particular option only in a particular server block and don't understand why this breaks other servers using the same listening socket.
Given the above, there are no plans to make it possible to specify other listening options multiple times, including the "reuseport" option. Rather, we are considering making options checking more strict: in particular, checking that all protocol-specific options are either specified only once, like socket-related options, or the same set of options is used.
If have problems with your automatic configuration, consider extending it. It should be easy enough to make it possible to specify options only in the default server, and use no options (just
listen <address>;) in all other servers.