forward proxy config is causing "upstream server temporarily disabled while connecting to upstream" error

Maxim Dounin mdounin at mdounin.ru
Mon Mar 1 14:17:11 UTC 2021 

Hello!

On Mon, Mar 01, 2021 at 11:35:47AM +0200, Señor J Onion wrote:

> I want to set up nginx as a forward proxy - much like Squid might work.

First of all, you probably already know it, but to clarify: nginx 
is not a forward proxy.  What you are trying to do is not 
supported and entirely at your own risk.

> This is my server block:
> 
>       server {
>          listen 3128;
>          server_name localhost;
> 
>          location / {
>             resolver 8.8.8.8;

A side note: nginx resolver is rudimentary and provided with the 
only goal to avoid using blocking system resolver.  As 
the documentation says (http://nginx.org/r/resolver), is is a good 
idea to use DNS servers in properly secured local network.

>             proxy_pass http://$http_host$uri$is_args$args;

A side note: consider just "proxy_pass http://$http_host;" instead.

>          }
>       }
> 
> This is the curl command I use to test, and it works the first time, maybe even the second time.
> 
>     curl -s -D - -o /dev/null -x "http://localhost:3128" http://storage.googleapis.com/my.appspot.com/test.jpeg
> 
> The corresponding nginx access log is
> 
>     172.23.0.1 - - [26/Feb/2021:12:38:59 +0000] "GET http://storage.googleapis.com/my.appspot.com/test.jpeg HTTP/1.1" 200 2296040 "-" "curl/7.64.1" "-"
> 
> However - on repeated requests, I start getting these errors in my nginx logs (after say the 2nd or 3rd attempt)
> 
>     2021/02/26 12:39:49 [crit] 31#31: *4 connect() to [2c0f:fb50:4002:804::2010]:80 failed (99: Address not available) while connecting to upstream, client: 172.23.0.1, server: localhost, request: "GET http://storage.googleapis.com/omgimg.appspot.com/test.jpeg HTTP/1.1", upstream: "http://[2c0f:fb50:4002:804::2010]:80/my.appspot.com/test.jpeg", host: "storage.googleapis.com"
>     2021/02/26 12:39:49 [warn] 31#31: *4 upstream server temporarily disabled while connecting to upstream, client: 172.23.0.1, server: localhost, request: "GET http://storage.googleapis.com/my.appspot.com/test.jpeg HTTP/1.1", upstream: "http://[2c0f:fb50:4002:804::2010]:80/my.appspot.com/test.jpeg", host: "storage.googleapis.com"
> 
> 
> What might be causing these issues after just a handful of requests? (curl still fetches the URL fine)

You are trying to connect to an upstream server with an IPv6 
address, yet your system has no IPv6 addresses configured, so 
the connection attempt fails.  This is not fatal, as nginx is able 
to switch to using other addresses of the same server, but 
probably a configuration error.

Most likely you want nginx to ignore IPv6 addresses.  To do this, 
consider using "resolver ... ipv6=off;".  This should prevent 
nginx from trying to connect to IPv6 addresses, and so 
corresponding errors will disappear from the error log.

Hope this helps.

-- 
Maxim Dounin
http://mdounin.ru/

More information about the nginx mailing list