Opened 7 years ago
Closed 7 years ago
#1457 closed defect (invalid)
nginx reload doen't support listen interface changes
Reported by: | Owned by: | ||
---|---|---|---|
Priority: | minor | Milestone: | |
Component: | nginx-core | Version: | 1.12.x |
Keywords: | Cc: | ||
uname -a: | Linux CyanCircinus 4.9.28-1.tls.x86_64 #1 SMP Tue Aug 22 09:14:03 EDT 2017 x86_64 x86_64 x86_64 GNU/Linux | ||
nginx -V: |
nginx version: nginx/1.12.2
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-18) (GCC) built with OpenSSL 1.0.2l 25 May 2017 TLS SNI support enabled configure arguments: --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/run/nginx.pid --lock-path=/run/nginx.lock --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-debug --add-module=./scauth --add-module=./nginx_substitution_filter --with-ld-opt=-L/root/rpmbuild/BUILD/build_tree.Continent-tls/out |
Description
I have a configuration directive
listen *:443 ssl;
netstat showing
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 18013/nginx
if i change it to
listen 172.16.160.44:443 ssl;
then run nginx -s reload
nothing chanes in netstat
buf if i restarat nginx
all is ok
tcp 0 0 172.16.160.44:443 0.0.0.0:* LISTEN 18013/nginx
BTW if i change port or port and interface all works properly
but if interface only ngxin still holding port:(
Note:
See TracTickets
for help on using tickets.
There should be something like this in the error log:
The problem is that Linux (in contrast to other operating systems) does not allows binds on both "*:443" and "<ip>:443" at the same time for "security" reasons. Due to this restriction opening listening sockets for the new configuration fails, and nginx falls back to the old configuration.
As a result, to switch from listening on "*" to listening on an IP address on Linux you have to restart nginx.