Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#723 closed defect (invalid)

resolver ipv6=off doesn't work with https upstreams

Reported by: arrixzhou@… Owned by:
Priority: minor Milestone:
Component: nginx-core Version: 1.6.x
Keywords: Cc:
uname -a: Linux ip-172-31-4-219 3.14.33-26.47.amzn1.x86_64 #1 SMP Wed Feb 11 22:39:25 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux
nginx -V: nginx version: nginx/1.6.2 built by gcc 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) TLS SNI support enabled configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_spdy_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module --with-http_image_filter_module --with-http_geoip_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_stub_status_module --with-http_perl_module --with-mail --with-mail_ssl_module --with-pcre --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-ld-opt=' -Wl,-E'

Description

    location ^~ /xxx {
        resolver 8.8.8.8 ipv6=off;

        proxy_set_header   Host www.mydomain.com;
        proxy_pass https://www.mydomain.com;
    }

Even with ipv6=off, error log reports failure to connect to IPv6 address.

2015/02/19 05:16:06 [error] 30169#0: *69 connect() to [2001:4860:400b:c01::79]:443 failed (101: Network is unreachable) while connecting to upstream, client: xxx, server: www.moov.cc, request: "GET /xxx HTTP/1.1", upstream: "https://[2001:4860:400b:c01::79]:443/xxx", host: "xxx"

It works if I change https to http.

Change History (2)

comment:1 Changed 5 years ago by pluknet

  • Resolution set to invalid
  • Status changed from new to closed

Internal resolver is only used for proxy_pass with variables.

comment:2 Changed 5 years ago by pluknet

More specifically, in your case (i.e., without variables)
it is resolved only once on start up with the system resolver.

See also:
http://nginx.org/r/resolver
http://nginx.org/r/proxy_pass

Note: See TracTickets for help on using tickets.