Opened 4 days ago

Closed 29 hours ago

#2098 closed defect (invalid)

nginx is actively requesting VIP access, which causes mariadb to receive a large number of error logs

Reported by: yuioplv@… Owned by:
Priority: minor Milestone:
Component: documentation Version: 1.19.x
Keywords: Cc:
uname -a: Linux app 4.4.219-1.el7.elrepo.x86_64 #1 SMP Sun Apr 12 16:13:06 EDT 2020 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.14.1
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.0.2k-fips 26 Jan 2017
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf--error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -m64 -mtune=generic -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -pie'

Description

Hello, my nginx configuration is as follows:

stream {

log_format tcp_json escape=json '{'

'"time_local":"$time_local",'
'"remote_addr":"$remote_addr",'
'"protocol ":"$protocol ",'
'"status": "$status",'
'"bytes_sent":"$bytes_sent",'
'"bytes_received":"$bytes_received",'
'"session_time":"$session_time",'
'"upstream_addr":"$upstream_addr",'
'"upstream_session_time":"$upstream_session_time",'
'"upstream_bytes_sent": "$upstream_bytes_sent",'
'"upstream_bytes_received": "$upstream_bytes_received",'
'"upstream_connect_time": "$upstream_connect_time"'

'}';

access_log /var/log/nginx/tcp-access.log tcp_json buffer=32k flush=5s;

upstream mariadb {

server 192.168.1.151:3306 weight=1;
server 192.168.1.152:3306 weight=1 backup;
server 192.168.1.153:3306 weight=1 backup;

}
server {

listen 3306;
proxy_pass mariadb;
proxy_timeout 40m;

}

}

The corresponding nginx log is as follows:

{"time_local":"20/Nov/2020:17:03:14 +0800","remote_addr":"192.168.1.100","protocol ":"TCP ","status": "200","bytes_sent":"0","bytes_received":"0","session_time":"0.000","upstream_addr":"192.168.1.151:3306","upstream_session_time":"0.000","upstream_bytes_sent": "0","upstream_bytes_received": "0","upstream_connect_time": "0.000"}
{"time_local":"20/Nov/2020:17:03:44 +0800","remote_addr":"192.168.1.100","protocol ":"TCP ","status": "200","bytes_sent":"0","bytes_received":"0","session_time":"0.000","upstream_addr":"192.168.1.151:3306","upstream_session_time":"0.000","upstream_bytes_sent": "0","upstream_bytes_received": "0","upstream_connect_time": "0.000"}

192.168.1.100 is the IP address of the nginx host. Checking nginx, it feels that nginx is actively requesting VIP access, which causes mariadb to receive a large number of error logs.

Hope to get your feedback, thank you.

Change History (1)

comment:1 by Maxim Dounin, 29 hours ago

Resolution: invalid
Status: newclosed

The stream module does not request anything, but rather proxies connections to the server configured. That is, it simply passes anything it got from the client to the upstream server, and vice versa. If you observe some incorrect behaviour like "actively requesting VIP access", this is likely something your clients do, not nginx. If you think this might be related to your nginx configuration, consider using support options available.

Note: See TracTickets for help on using tickets.