Dns name for upstream

Server NGINX
1

Hi,

I saw this example at serverfault.com:

server {

resolver 127.0.0.1;
set $backend “http://dynamic.example.com:80”;
proxy_pass $backend;

}

I have a few questions:

  1. If the resolver DNS becomes unavailable (say connection timeout),
    what
    will nginx do? Will it keep using the old IPs or will it flush the DNS
    since TTL expires? If later, the proxy will stop working.
  2. In the upstream block, I could define “keepalive #”, but with this
    example, how can I do that?
  3. This page
    Module ngx_stream_core_module
    says
    “This directive is available as part of our commercial subscription.”.
    Is
    that still up to date? Can “resolver”, “resolver_timeout” be used in
    free
    edition now?

Thanks!
Frank

2

nginx1.94 ssl use TLS1.0.
server {
listen 443;
server_name a.com;

    ssi on;
    ssi_silent_errors on;
    ssi_types text/shtml;

    ssl                  on;
 ssl_certificate

ssl_certificate_key
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
…}
but nginx1.6.2 ssl use TLS1.2

[email protected]

From: Frank L.
Date: 2016-03-11 06:55
To: nginx
Subject: dns name for upstream
Hi,

I saw this example at serverfault.com:

server {

resolver 127.0.0.1;
set $backend “http://dynamic.example.com:80”;
proxy_pass $backend;

}

I have a few questions:

  1. If the resolver DNS becomes unavailable (say connection timeout),
    what will nginx do? Will it keep using the old IPs or will it flush the
    DNS since TTL expires? If later, the proxy will stop working.
  2. In the upstream block, I could define “keepalive #”, but with this
    example, how can I do that?
  3. This page
    Module ngx_stream_core_module
    says “This directive is available as part of our commercial
    subscription.”. Is that still up to date? Can “resolver”,
    “resolver_timeout” be used in free edition now?

Thanks!
Frank

3

On Thu, Mar 10, 2016 at 11:55 PM, Frank L. [email protected] wrote:

will nginx do? Will it keep using the old IPs or will it flush the DNS
since TTL expires? If later, the proxy will stop working.

​I suppose you will get a 504 ‘Gateway Timeout’?

  1. In the upstream block, I could define “keepalive #”, but with this
    example, how can I do that?

​The keepalive directive is only valid in the upstream block and there
does
not see​m to be any equivalent.
You could use an upstream name in your variable to dynamically choose an
upstream group in which everything is configured as you wish.

  1. This page

Module ngx_stream_core_module says
“This directive is available as part of our commercial subscription.”. Is
that still up to date? Can “resolver”, “resolver_timeout” be used in free
edition now?

​nginx Inc. seems to be very conservative about keeping the incentives
to
their product as part of their business model. No movement on that side
since the dawn of times.

B. R.

4

On Thursday 10 March 2016 14:55:06 Frank L. wrote:

}
that still up to date? Can “resolver”, “resolver_timeout” be used in free
edition now?

It’s unclear about what module you are asking. Note that the “set” and
“keepalive” directives are part of the “http” modules, while in 3-rd
question you’re asking about the “resolver” directive in the “stream”
module.

There are also “resolver” and “resolver_timeout” directives in the
“http” module, and they are available in free edition:
http://nginx.org/en/docs/http/ngx_http_core_module.html#resolver

wbr, Valentin V. Bartenev

5

On 3/11/16 12:47 PM, B.R. wrote:
[…]

3) This
page http://nginx.org/en/docs/stream/ngx_stream_core_module.html#resolver
says "This directive is available as part of our commercial
subscription.". Is that still up to date? Can "resolver",
"resolver_timeout" be used in free edition now?

​ nginx Inc. seems to be very conservative about keeping the
incentives to their product as part of their business model. No
movement on that side since the dawn of times.

Can you elaborate your point please?


Maxim K.

6

Hello!

On Fri, Mar 11, 2016 at 11:32:13AM +0800, [email protected] wrote:

 ssl_certificate

ssl_certificate_key
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
…}
but nginx1.6.2 ssl use TLS1.2

Please do not hijack unrelated threads. Thank you.


Maxim D.
http://nginx.org/

7

On Friday 11 March 2016 07:01:49 Frank L. wrote:

Hi Valentin,
Thanks for clearing up . I was looking at the wrong module.
Do you have any comments to the other two questions?

  1. That will result in “502 Bad Gateway” response, and corresponding
    message will be written to error_log.

  2. There’s the “resolve” parameter of the “server” directive in
    upstream,
    but it’s available in commercial version only.

    See the docs:
    Module ngx_http_upstream_module

    Back to your first question, this parameter has different behavior,
    it will preserve the old IPs in case of resolving error.

wbr, Valentin V. Bartenev

8

You can try to use this module to resolve the DNS :wink:

On Wed, Mar 16, 2016 at 1:34 PM, Valentin V. Bartenev [email protected]

9

Hi Valentin,
Thanks for clearing up . I was looking at the wrong module.
Do you have any comments to the other two questions?
Frank