IPv6 upstream problem
Dewangga Bachrul Alam
dewanggaba at xtremenitro.org
Tue Feb 28 17:24:34 UTC 2017
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Hello!
On 03/01/2017 12:15 AM, Maxim Dounin wrote:
> Hello!
>
> On Tue, Feb 28, 2017 at 10:57:01PM +0700, Dewangga Bachrul Alam
> wrote:
>
>> Currently I have problem with upstream with IPv6. For example I
>> have an origin with subdomain
>> dual-stack-ipv4-ipv6.xtremenitro.org.
>>
>> dual-stack-ipv4-ipv6.xtremenitro.org IN A 192.168.1.1
>> dual-stack-ipv4-ipv6.xtremenitro.org IN AAAA 2001:xx:xx::1;
>
> [...]
>
>> resolver 103.52.3.72 ipv6=off;
>>
>> upstream cf { server dual-stack-ipv4-ipv6.xtremenitro.org;
>
> [...]
>
>> I see on error log, all error was came from IPv6 upstream.
>>
>> 2017/02/28 22:13:15 [error] 24079#24079: *429979 upstream timed
>> out (110: Connection timed out) while connecting to upstream,
>> client: 114.120.233.8, server:
>> dual-stack-ipv4-ipv6.xtremenitro.org, request: "GET
>> /2015-09/thumbnail_360/wd/d7d63419f8ac6b6981cec72c8a6644ea.jpg
>> HTTP/2.0", subrequest:
>> "/2015-09/thumbnail_360/wd/d7d63419f8ac6b6981cec72c8a6644ea.jpg",
>>
>>
upstream:
>> "http://[2600:9000:2031:4000:6:24ba:3100:93a1]:80/2015-09/thumbnail_3
60/
>>
>>
wd/d7d63419f8ac6b6981cec72c8a6644ea.jpg?of=webp&q=50",
>> host: "dual-stack-ipv4-ipv6.xtremenitro.org", referrer:
>> "[REMOVED]"
>
[..]
> It looks like you assume that "resolver ... ipv6=off" is expected
> to prevent nginx from using IPv6 addresses of all names written in
> the configuration. This is not how it works though.
Yes
>
> The "resolver" directive is only used for dynamic resolution of
> names not known during configuration parsing. Most notably, it is
> used to resolve names in proxy_pass with variables.
>
[..]
> The name in the "server dual-stack-ipv4-ipv6.xtremenitro.org;" is
> known while configuration parsing, and nginx will simply use the
> getaddrinfo() function to resolve it. You have to tune your OS
> name resolution settings if you want it to return IPv4 addresses
> only.
>
Ah! I was thought nginx can handle whether the upstream using fqdn
could be forced only IPv4 and/or IPv6.
Thanks for the hints, Maxim.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2
iQI4BAEBCAAiBQJYtbJNGxxkZXdhbmdnYWJhQHh0cmVtZW5pdHJvLm9yZwAKCRDl
f9IgoCjNcG2AD/wKBQ27TVpnShX3/FFzNT0BH1EzvbthVc05KDsc8wRI8LnA+zLG
nrtvnoCGW3mL/9z85uU78soYpPzewlIo12k75NQnaxkk99lb6wq2UrQI+X6ZEZuE
dT6y/ILKnY/VpawKj/6V14WKmv/1MYTY08/yv9RpcK4VvabGBwF6E1b6hiiM+tUn
9BXBYomBJTI6B6HCbMPQBI/5haPrWHg952w0BqbcrinrXJ3670pZfDxt1Q3zCyTn
KvTw/sVnMGHpf5yE8zh+CkgQWiyTBegC7BdLH6uPEjJQ4x/6Zt1P3K8LzlBjwwd/
Jb0FdlK+CgYilZ1n8JSi56gwxaDgUl+Cxf0PCliMCPr1Gn7JOxumvJes6VDBSTZu
J2wNVLJC+JOnWYVKgtCMc4DHB8s8M7JXqHhsL0tET7Q+G/cl1Fg76aSVhutu5mKu
v9tBFyyKYu6gLtODw3ust7K3Jt0NS/sldXN1ZVXfZEdmeBCT4TRB22Q0CO0a8/Uv
5IdjXE7mx7PDEzzryZuIztEzKhUl7KD3HijRZbKZzS3UUOAIHalhp2MnGrHqjLdA
OKXv8coW9b0hY1POe34eVKgfK0cz2y3QlHZzIhARZExIzRsmPCBB6Pi2U+TzWYcV
qQNEFzIjZGbOKYtzw6ummf5uFBPTUIyQqPgB8wUI7fANXLcG9pHs+MoUiw==
=Bw12
-----END PGP SIGNATURE-----
More information about the nginx
mailing list