Hello! On Fri, Mar 28, 2014 at 10:45:53AM +0100, Trygve Vea wrote:
> # HG changeset patch > # User Trygve Vea <t...@redpill-linpro.com> > # Date 1395999940 -3600 > # Fri Mar 28 10:45:40 2014 +0100 > # Node ID 16eacd8609c8362e9dd729c743ed7a869c2993fe > # Parent 2411d4b5be2ca690a5a00a1d8ad96ff69a00317f > Added nonlocal to the listen directive > > The nonlocal option is used to set the needed socket options to be able to > bind > to an address not necessarily owned by the host. > > This patch currently implements this for Linux >= 2.4 IPv4/IPv6. > > The problem we solve by doing this, is in an environment where the following > conditions are met: > > * HTTPS with multiple certificates, and a client base that are unable to use > SNI - thus having the need to tie specific certificates to specific > ip/ports. > * Setting the ip_nonlocal_bind-sysctl is not an option (for example for Linux > IPv6) > * Used in a failover-setup, where the service IP-addresses are moved around by > a daemon like linux-ha or keepalived. As already explained, the patch is not needed for the use case claimed. Just a bind on INADDR_ANY/IN6ADDR_ANY will do the trick. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
