[PATCH] Added nonlocal to the listen directive

Maxim Dounin mdounin at mdounin.ru
Fri Mar 28 12:25:28 UTC 2014


Hello!

On Fri, Mar 28, 2014 at 10:45:53AM +0100, Trygve Vea wrote:

> # HG changeset patch
> # User Trygve Vea <tv at redpill-linpro.com>
> # Date 1395999940 -3600
> #      Fri Mar 28 10:45:40 2014 +0100
> # Node ID 16eacd8609c8362e9dd729c743ed7a869c2993fe
> # Parent  2411d4b5be2ca690a5a00a1d8ad96ff69a00317f
> Added nonlocal to the listen directive
> 
> The nonlocal option is used to set the needed socket options to be able to bind
> to an address not necessarily owned by the host.
> 
> This patch currently implements this for Linux >= 2.4 IPv4/IPv6.
> 
> The problem we solve by doing this, is in an environment where the following
> conditions are met:
> 
> * HTTPS with multiple certificates, and a client base that are unable to use
>   SNI - thus having the need to tie specific certificates to specific ip/ports.
> * Setting the ip_nonlocal_bind-sysctl is not an option (for example for Linux
>   IPv6)
> * Used in a failover-setup, where the service IP-addresses are moved around by
>   a daemon like linux-ha or keepalived.

As already explained, the patch is not needed for the use case 
claimed.  Just a bind on INADDR_ANY/IN6ADDR_ANY will do the trick.

-- 
Maxim Dounin
http://nginx.org/



More information about the nginx-devel mailing list