[PATCH] Added nonlocal to the listen directive
Maxim Dounin
mdounin at mdounin.ru
Fri Mar 28 12:25:28 UTC 2014
Hello!
On Fri, Mar 28, 2014 at 10:45:53AM +0100, Trygve Vea wrote:
> # HG changeset patch
> # User Trygve Vea <tv at redpill-linpro.com>
> # Date 1395999940 -3600
> # Fri Mar 28 10:45:40 2014 +0100
> # Node ID 16eacd8609c8362e9dd729c743ed7a869c2993fe
> # Parent 2411d4b5be2ca690a5a00a1d8ad96ff69a00317f
> Added nonlocal to the listen directive
>
> The nonlocal option is used to set the needed socket options to be able to bind
> to an address not necessarily owned by the host.
>
> This patch currently implements this for Linux >= 2.4 IPv4/IPv6.
>
> The problem we solve by doing this, is in an environment where the following
> conditions are met:
>
> * HTTPS with multiple certificates, and a client base that are unable to use
> SNI - thus having the need to tie specific certificates to specific ip/ports.
> * Setting the ip_nonlocal_bind-sysctl is not an option (for example for Linux
> IPv6)
> * Used in a failover-setup, where the service IP-addresses are moved around by
> a daemon like linux-ha or keepalived.
As already explained, the patch is not needed for the use case
claimed. Just a bind on INADDR_ANY/IN6ADDR_ANY will do the trick.
--
Maxim Dounin
http://nginx.org/
More information about the nginx-devel
mailing list