Opened 7 years ago
Last modified 7 years ago
#1417 new enhancement
Nginx won't start if hostname isn't valid
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | other | Version: | 1.13.x |
| Keywords: | container | Cc: | |
| uname -a: | Linux 774956f05acf 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 Linux | ||
| nginx -V: |
nginx version: nginx/1.13.5
built by gcc 6.2.1 20160822 (Alpine 6.2.1) built with OpenSSL 1.0.2k 26 Jan 2017 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-threads --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream_realip_module --with-stream_geoip_module=dynamic --with-http_slice_module --with-mail --with-mail_ssl_module --with-compat --with-file-aio --with-http_v2_module |
||
Description
This is the exact same issue as described in #1040
We use nginx in a container to route web services to various internal container services. As nginx currently works, if a hostname is unknown for a proxy, nginx refuses to start.
nginx: [emerg] host not found in upstream "gerrit_cgit_1" in /etc/nginx/conf.d/cgit.conf:12
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name cgit.haiku-os.org git.haiku-os.org;
access_log off;
error_log off;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl ipv6only=on;
server_name cgit.haiku-os.org git.haiku-os.org;
client_max_body_size 100m;
ssl_certificate /etc/letsencrypt/live/cgit.haiku-os.org/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cgit.haiku-os.org/privkey.pem;
location / {
proxy_bind $server_addr;
proxy_pass http://gerrit_cgit_1:80;
}
}
In a container environment, if the gerrit_cgit_1 container isn't running, the host won't resolve.
Instead of "refusing to start" due to one vhost not working, ideally, nginx should offer up HTTP 503 for service unavailable.
There is a larger story around re-checking hostnames, but this change would mean that "some services are functional" (other vhosts that do resolve) vs "everything is broken until you modify your config files because a container is not running"
If nginx doesn't want this to be the standard configuration, maybe add a "proxy_unavailable warn" vs "proxy_unavailable error" or something?
Ticket retargeted after milestone closed