Opened 2 years ago

Last modified 2 years ago

#2315 closed defect

set environment in nginx configuration does not work — at Initial Version

Reported by: duttab49@… Owned by:
Priority: blocker Milestone:
Component: documentation Version: 1.19.x
Keywords: Cc:
uname -a: Linux ip-xxx-xx-xxx-xx.AWS_REGION.compute.internal 4.14.252-195.483.amzn2.x86_64 #1 SMP Mon Nov 1 20:58:46 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.20.0
built by gcc 7.3.1 20180712 (Red Hat 7.3.1-13) (GCC)
built with OpenSSL 1.1.1g FIPS 21 Apr 2020
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/run/nginx.pid --lock-path=/run/lock/subsys/nginx --user=nginx --group=nginx --with-compat --with-debug --with-file-aio --with-google_perftools_module --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_degradation_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-stream_ssl_preread_module --with-threads --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=generic' --with-ld-opt='-Wl,-z,relro -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,-E'

Description

Hello,

We have production deployment in AWS EKS where traffic from public Load balancer is routed to internal load balancer using nginx - using proxy_pass.
However, due to nginx caching of old load balancer IP addresses, nginx forward traffic to an IP address which does not exists as load balancer IP address is changed.
To address this issue, we have used following approach in ngixn configuration - https://www.nginx.com/blog/dns-service-discovery-nginx-plus/#:~:text=resolver%2010.0.0.2%20valid%3D10s%3B%0A%0Aserver%20%7B%0A%20%20%20%20location%20/%20%7B%0A%20%20%20%20%20%20%20%20set%20%24backend_servers%20backends.example.com%3B%0A%20%20%20%20%20%20%20%20proxy_pass%20http%3A//%24backend_servers%3A8080%3B%0A%20%20%20%20%7D%0A%7D

resolver 10.0.0.2 valid=10s;

server {

location / {

set $backend_servers backends.example.com;
proxy_pass http://$backend_servers:8080;

}

}

But the above solution did not work. With set $env, nginx returns 404 error.

Please suggest.
We are seeing performance issue with Nginx caching the Load balancer IP address in production deployment. This is with nginx 1.20 running in AWS EC2 instance.

Change History (2)

by duttab49@…, 2 years ago

Attachment: user-config.txt added

user config files

by duttab49@…, 2 years ago

Attachment: nginx-defaul.conf added

default nginx config

Note: See TracTickets for help on using tickets.