[PATCH] Added nonlocal to the listen directive
info at kliemeck.de
info at kliemeck.de
Thu May 1 11:42:51 UTC 2014
i thought that this is important but I have received no response. Any
update on this?
Quoting info at kliemeck.de:
> but it is still not possible to work with IPv6, if you want to bind
> to a specific address (not [::]) that is not a local address. The
> "ip_nonlocal_bind-sysctl" use-case is not fulfilled with this and i
> think it is a common use-case that nginx is used within a high
> availability environment with a shared ip address. It is possible
> that this important feature is integrated within 1.6, since it may
> be a reason not to use IPv6?
> Hans-Joachim Kliemeck
> Quoting mdounin at mdounin.ru:
>> On Fri, Mar 28, 2014 at 10:45:53AM +0100, Trygve Vea wrote:
>>> # HG changeset patch
>>> # User Trygve Vea <tv at redpill-linpro.com>
>>> # Date 1395999940 -3600
>>> # Fri Mar 28 10:45:40 2014 +0100
>>> # Node ID 16eacd8609c8362e9dd729c743ed7a869c2993fe
>>> # Parent 2411d4b5be2ca690a5a00a1d8ad96ff69a00317f
>>> Added nonlocal to the listen directive
>>> The nonlocal option is used to set the needed socket options to be
>>> able to bind
>>> to an address not necessarily owned by the host.
>>> This patch currently implements this for Linux >= 2.4 IPv4/IPv6.
>>> The problem we solve by doing this, is in an environment where the
>>> conditions are met:
>>> * HTTPS with multiple certificates, and a client base that are
>>> unable to use
>>> SNI - thus having the need to tie specific certificates to
>>> specific ip/ports.
>>> * Setting the ip_nonlocal_bind-sysctl is not an option (for
>>> example for Linux
>>> * Used in a failover-setup, where the service IP-addresses are
>>> moved around by
>>> a daemon like linux-ha or keepalived.
>> As already explained, the patch is not needed for the use case
>> claimed. Just a bind on INADDR_ANY/IN6ADDR_ANY will do the trick.
>> Maxim Dounin
> nginx-devel mailing list
> nginx-devel at nginx.org
More information about the nginx-devel