Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#2315 closed defect (invalid)

set environment in nginx configuration does not work

Reported by: duttab49@… Owned by:
Priority: blocker Milestone:
Component: documentation Version: 1.19.x
Keywords: Cc:
uname -a: Linux ip-xxx-xx-xxx-xx.AWS_REGION.compute.internal 4.14.252-195.483.amzn2.x86_64 #1 SMP Mon Nov 1 20:58:46 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.20.0
built by gcc 7.3.1 20180712 (Red Hat 7.3.1-13) (GCC)
built with OpenSSL 1.1.1g FIPS 21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-compat --with-debug --with-file-aio --with-google_perftools_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'

Description (last modified by duttab49@…)

Hello,

We have production deployment in AWS EKS where traffic from public Load balancer is routed to internal load balancer using nginx - using proxy_pass.
However, due to nginx caching of old load balancer IP addresses, nginx forward traffic to an IP address which does not exists as load balancer IP address is changed.
To address this issue, we have used following approach in nginx configuration - https://www.nginx.com/blog/dns-service-discovery-nginx-plus/#:~:text=resolver%2010.0.0.2%20valid%3D10s%3B%0A%0Aserver%20%7B%0A%20%20%20%20location%20/%20%7B%0A%20%20%20%20%20%20%20%20set%20%24backend_servers%20backends.example.com%3B%0A%20%20%20%20%20%20%20%20proxy_pass%20http%3A//%24backend_servers%3A8080%3B%0A%20%20%20%20%7D%0A%7D

resolver 10.0.0.2 valid=10s;

server {

location / {

set $backend_servers backends.example.com;
proxy_pass http://$backend_servers:8080;

}

}

But the above solution did not work. With set $env, nginx returns 404 error.

Please suggest.
We are seeing performance issue with Nginx caching the Load balancer IP address in production deployment. This is with nginx 1.20 running in AWS EC2 instance.

Attachments (2)

user-config.txt (525 bytes ) - added by duttab49@… 2 years ago.
user config files
nginx-defaul.conf (2.9 KB ) - added by duttab49@… 2 years ago.
default nginx config

Download all attachments as: .zip

Change History (5)

by duttab49@…, 2 years ago

Attachment: user-config.txt added

user config files

by duttab49@…, 2 years ago

Attachment: nginx-defaul.conf added

default nginx config

comment:1 by duttab49@…, 2 years ago

Description: modified (diff)

comment:2 by Maxim Dounin, 2 years ago

Resolution: invalid
Status: newclosed

Your configuration does not seem to include any attempts to configure name resolution by using variables in the proxy_pass directive, but given the following snippet in your config:

location /abc {
        proxy_pass http://1234.web-svc.domain.com:80/abc;
...

My best guess is that you've tried to use something like proxy_pass http://$backend:80/abc;. Note that when variables are used in proxy_pass and URI is specified in the directive, it is passed to the server as is, replacing the original request URI, see docs. Using proxy_pass http://$backend:80;, without an URI, should work.

If you need further help with configuring nginx, please use support options available.

comment:3 by duttab49@…, 2 years ago

Hello Maxim Dounin,

Thanks for your suggestion. With proxy_pass http://$backend:80 worked for us as shown below:

resolver DNS_IP_ADDR
server {

listen 8080;
server_name <ROUTE-53-PUBLIC-DNS>;

# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;

location /abc {
set $web_service 1234.web-svc.domain.com
proxy_pass http://$web_service:80;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}

}

Note: See TracTickets for help on using tickets.