<div dir="ltr"><div style="font-family:verdana,sans-serif" class="gmail_default">​​</div><div class="gmail_default" style="font-family:verdana,sans-serif">Привет всем, столкнулся с непонятным поведением</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif"># nginx -v<br>nginx version: nginx/1.12.1<br></div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif"># nginx -V<br>nginx version: nginx/1.12.1<br>built by gcc 4.8.5 20150623 (Red Hat 4.8.5-11) (GCC) <br>built with OpenSSL 1.0.2k-fips  26 Jan 2017<br>TLS SNI support enabled<br>configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_image_filter_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-http_auth_request_module --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-google_perftools_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-ld-opt=' -Wl,-E'</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Это амазоновская сборка, если это имеет значение</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif"># rpm -qa | grep nginx<br>nginx-1.12.1-1.33.amzn1.x86_64</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Есть простой конфиг для проксирование запросов на elk</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">server {<br>    listen 443 ssl;<br>    server_name <a href="http://elk.example.com">elk.example.com</a>;<br><br>    ssl_certificate /etc/ssl/nginx/server.crt<br>    ssl_certificate_key /etc/ssl/nginx/server.key;<br>    ssl_dhparam /etc/ssl/nginx/dhparams.pem;<br><br>    ssl_session_timeout 5m;<br>    ssl_prefer_server_ciphers on;<br>    ssl_session_cache shared:SSL:1m;<br>    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br>    ssl_ciphers '..:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK';<br><br>    location / {<br>        auth_basic "Authorization required!";<br>        auth_basic_user_file /etc/nginx/.htpasswd;<br><br>        proxy_set_header Authorization "";<br>        proxy_http_version 1.1;<br>        proxy_set_header Connection "Keep-Alive";<br>        proxy_set_header Proxy-Connection "Keep-Alive";<br><br>        proxy_pass <a href="https://elk.us-west-1.es.amazonaws.com">https://elk.us-west-1.es.amazonaws.com</a>;<br>        proxy_set_header Host $host;<br>        proxy_set_header X-Real-IP $remote_addr;<br>        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>        proxy_set_header X-Forwarded-Proto $scheme;<br>        proxy_set_header X-Forwarded-Host $host;<br>        proxy_set_header X-Forwarded-Port $server_port;<br>    }</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">с этой частью никаких проблем нет, она работает как и проложено. Но в этом же сервере есть один тестовый локейшен</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">   location /test/ {<br>        resolver 172.23.16.2 valid=10s;<br>        resolver_timeout 10s;<br>        proxy_pass <a href="http://fake-upstream.example.com/">http://fake-upstream.example.com/</a>;<br><br>        error_log /var/log/nginx/debug.log debug;<br><br>        proxy_set_header Authorization "";<br>        proxy_http_version 1.1;<br>        proxy_set_header Connection "Keep-Alive";<br>        proxy_set_header Proxy-Connection "Keep-Alive";<br><br>        proxy_set_header Host "<a href="http://sys-adm.org.ua">sys-adm.org.ua</a>";<br>        proxy_set_header X-Real-IP $remote_addr;<br>        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;<br>        proxy_set_header X-Forwarded-Proto $scheme;<br>        proxy_set_header X-Forwarded-Host $host;<br>        proxy_set_header X-Forwarded-Port $server_port;<br>    }<br></div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">Создаю временную запись <a href="http://fake-upstream.example.com">fake-upstream.example.com</a> с ttl 60s и указываю на свой домен <a href="http://sys-adm.org.ua">sys-adm.org.ua</a>. Все работает, потом удаляю запись, проверяю что на сервере с nginx она тоже не видится</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif"># host <a href="http://fake-upstream.example.com">fake-upstream.example.com</a> 172.23.16.2<br>Using domain server:<br>Name: 172.23.16.2<br>Address: 172.23.16.2#53<br>Aliases: <br><br>Host <a href="http://fake-upstream.example.com">fake-upstream.example.com</a> not found: 3(NXDOMAIN)</div><div class="gmail_default" style="font-family:verdana,sans-serif"><br></div><div class="gmail_default" style="font-family:verdana,sans-serif">но при этом nginx все так же проксирует запросы, которые попадают в этот location. Это так и задумано? <br></div></div>