Re: [PATCH] Added nonlocal to the listen directive

Thu, 01 May 2014 04:43:23 -0700 

Hey,
i thought that this is important but I have received no response. Any update on this? 

greets
Hans-Joachim

Quoting i...@kliemeck.de:


Hey,


but it is still not possible to work with IPv6, if you want to bind  
to a specific address (not [::]) that is not a local address. The  
"ip_nonlocal_bind-sysctl" use-case is not fulfilled with this and i  
think it is a common use-case that nginx is used within a high  
availability environment with a shared ip address. It is possible  
that this important feature is integrated within 1.6, since it may  
be a reason not to use IPv6?


greets
Hans-Joachim Kliemeck

Quoting mdou...@mdounin.ru:


Hello!

On Fri, Mar 28, 2014 at 10:45:53AM +0100, Trygve Vea wrote:


# HG changeset patch
# User Trygve Vea <tv at redpill-linpro.com>
# Date 1395999940 -3600
#      Fri Mar 28 10:45:40 2014 +0100
# Node ID 16eacd8609c8362e9dd729c743ed7a869c2993fe
# Parent  2411d4b5be2ca690a5a00a1d8ad96ff69a00317f
Added nonlocal to the listen directive


The nonlocal option is used to set the needed socket options to be  
able to bind

to an address not necessarily owned by the host.

This patch currently implements this for Linux >= 2.4 IPv4/IPv6.


The problem we solve by doing this, is in an environment where the  
following

conditions are met:


* HTTPS with multiple certificates, and a client base that are  
unable to use
 SNI - thus having the need to tie specific certificates to  
specific ip/ports.
* Setting the ip_nonlocal_bind-sysctl is not an option (for  
example for Linux

 IPv6)

* Used in a failover-setup, where the service IP-addresses are  
moved around by

 a daemon like linux-ha or keepalived.


As already explained, the patch is not needed for the use case
claimed.  Just a bind on INADDR_ANY/IN6ADDR_ANY will do the trick.

--
Maxim Dounin
http://nginx.org/




_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel




_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel






















					Reply via email to