Hello all
Ive been assigned a task to set up an ipv6 to ipv4 reverse proxy for my
company. I decided to use nginx to do the job. I found the following
article
online which describes how to configure nginx as a reverse proxy :
So this is how i set up my reverse proxy. First off I installed RHEL 6.5
on
a VM and installed nginx on it. Second off I set up an AAAA record in
our
DNS as a test FQDN so that I could use that FQDN to connect through the
proxy to an IPV4 website. For example, the FQDN is ipv6.mycoolsite.com
and
the IPv4 website is www.yourcoolsite.com. I set up the default.conf file
as
such:
server {
listen [::]:80 default ipv6only=on;
server_name ipv6.mycoolsite.com;
#charset koi8-r;
access_log /var/log/nginx/log/ipv6.mycoolsite.com.access.log main;
error_log /var/log/nginx/log/ipv6.mycoolsite.com.error.log;
location / {
# root /usr/share/nginx/html;
# index index.html index.htm;
proxy_pass http://www.yourcoolsite.com;
proxy_redirect default;
proxy_set_header X-Real-Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_read_timeout 120;
}
}
Here are the issues that I am currently having:
When I run the nginx service and I test the FQDN on an ipv6 enabled
computer, I am able to access the IPV4 website www.yourcoolsite.com. But
when I change the proxy_pass FQDN to a different IPV4 website in the
config
file and reload the service, ipv6.mycoolsite.com still connects to
www.yourcoolsite.com and not to the new IPV4 FQDN. I think its loading a
cached copy of www.yourcoolsite.com instead of loading the new IPV4
FQDN.
When it finallly does load the new site, it does so REALLY slowly. I
think
this is due to reverse DNS lookup occuring!
Now what I am trying to figure out here is what is causing the caching
to
occur and the slow loading times? How do I go about disabling DNS
caching as
well as the reverse DNS lookup? I want to be able to connect the IPV4
website specified in the default.conf file when ever I change the file
and
reload the service. I dont want to connect to a cached copy of the
previous
IPV4 entry !
any help will be greatly appreciated!!
Oh and when I check the access logs after I test the proxy, this is what
I
see:
Why am I getting a 404 response in the log entry?
Also here is the error log
2013/12/27 13:13:01 [error] 6138#0: *248 upstream timed out (110:
Connection
timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx,
server: ipv6.mycoolsite.com, request: “GET
/commonspot/javascript/lightbox/lightbox.js HTTP/1.1”, upstream:
“http://[2001:1900:2302:2000::ff]:80/commonspot/javascript/lightbox/lightbox.js”,
host: “ipv6.mycoolsite.com”, referrer:
“http://ipv6.mycoolsite.com/index.htm”
2013/12/27 13:43:08 [error] 6138#0: *276 upstream timed out (110:
Connection
timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx,
server: ipv6.mycoolsite.com, request: “GET /index.htm HTTP/1.1”,
upstream:
“http://[2001:1900:2302:2000::ff]:80/index.htm”, host:
“ipv6.mycoolsite.com”
2013/12/29 01:14:03 [error] 13140#0: *402 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: “GET
/global/js/libs/validation-engine.css HTTP/1.1”, upstream:
“http://[2001:1900:2300:1::ff]:80/global/js/libs/validation-engine.css”,
host: “ipv6.mycoolsite.com”, referrer: “http://ipv6.mycoolsite.com/”
2013/12/29 01:14:03 [error] 13140#0: *406 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: “GET
/global/js/jquery.scrollTo-min.js HTTP/1.1”, upstream:
“http://[2001:1900:2300:1::ff]:80/global/js/jquery.scrollTo-min.js”,
host:
“ipv6.mycoolsite.com”, referrer: “http://ipv6.mycoolsite.com/”
2013/12/29 01:14:03 [error] 13140#0: *410 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: “GET
/global/js/libs/always-include-ie.js HTTP/1.1”, upstream:
“http://[2001:1900:2300:1::ff]:80/global/js/libs/always-include-ie.js”,
host: “ipv6.mycoolsite.com”, referrer: “http://ipv6.mycoolsite.com/”
2013/12/29 01:14:04 [error] 13140#0: *404 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: “GET
/images/2013Dec2.jpg HTTP/1.1”, upstream:
“http://[2001:1900:2300:1::ff]:80/images/2013Dec2.jpg”, host:
“ipv6.mycoolsite.com”, referrer: “http://ipv6.mycoolsite.com/”
2013/12/29 01:14:04 [error] 13140#0: *408 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: “GET
/images/2013Dec4.jpg HTTP/1.1”, upstream:
“http://[2001:1900:2300:1::ff]:80/images/2013Dec4.jpg”, host:
“ipv6.mycoolsite.com”, referrer: “http://ipv6.mycoolsite.com/”
2013/12/29 01:15:34 [error] 13140#0: *410 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: “GET
/global/css/colorbox.css HTTP/1.1”, upstream:
“http://[2001:1900:2300:1::ff]:80/global/css/colorbox.css”, host:
“ipv6.mycoolsite.com”, referrer: “http://ipv6.mycoolsite.com/”
2013/12/29 01:25:57 [error] 13140#0: *472 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: “GET
/global/js/libs/intercept-include.js HTTP/1.1”, upstream:
“http://[2001:1900:2300:1::ff]:80/global/js/libs/intercept-include.js”,
host: “ipv6.mycoolsite.com”, referrer: “http://ipv6.mycoolsite.com/”
2013/12/29 01:32:07 [error] 13140#0: *510 upstream timed out (110:
Connection timed out) while connecting to upstream, client:
xxxx:xxxx:x:xxxx::xxx:xxxx, server: ipv6.mycoolsite.com, request: “GET
/images/2013Dec3.jpg HTTP/1.1”, upstream:
“http://[2001:1900:2300:1::ff]:80/images/2013Dec3.jpg”, host:
“ipv6.mycoolsite.com”, referrer: “http://ipv6.mycoolsite.com/”
I had to blank out the IPV6 address for privacy’s sake. Also i have no
idea
how to paste code properly in mailing lists! lol
Sorry I am a bit new web servers so any help will be greatly
appreciated!
Posted at Nginx Forum: