Port Exhaustion - SQL

Brandon Mallory brandonm at medent.com
Thu May 16 14:11:20 UTC 2019 

That is what I was thinking, I am having an issue with the listen directive, what should I use since the local port is "random" also for 

split_clients "$remote_addr$remote_port" $split_ip 

I cant use remote address since its a local address ?? same with port ? 

This is what I have been trying and have not had any luck 

upstream backend { 
server 192.168.99.19:3306; 
} 
server { 
listen 3306 
proxy_pass backend; 
proxy_bind $split_ip; 
} 

split_clients "$remote_addr$remote_port" $split_ip { 
50% 192.168.99.17; 
50% 192.169.99.21; 
} 



Best Regards, 
Brandon Mallory 
Network & Systems Engineer 
MEDENT EMR/EHR 
15 Hulbert Street 
Auburn, NY 13021 
Phone: [ callto:(315)-255-0900 | (315)-255-0900 ] 
Fax: [ callto:(315)-255-3539 | (315)-255-3539 ] 
Web: [ http://www.medent.com/ | www.medent.com ] 



This message and any attachments may contain information that is protected by law as privileged and confidential, and is transmitted for the sole use of the intended recipient(s). If you are not the intended recipient, you are hereby notified that any use, dissemination, copying or retention of this e-mail or the information contained herein is strictly prohibited. If you received this e-mail in error, please immediately notify the sender by e-mail, and permanently delete this e-mail. 




From: "Maxim Konovalov" <maxim at nginx.com> 
To: "nginx" <nginx at nginx.org> 
Cc: "brandonm" <brandonm at medent.com> 
Sent: Thursday, May 16, 2019 9:51:06 AM 
Subject: Re: Port Exhaustion - SQL 

Hi, 

On 16/05/2019 16:46, Brandon Mallory wrote: 
> This is a very busy server and tried to push our programming 
> department to move to persistent connections, they feel that it 
> could be a security issue if dealing with sensitive information 
> since that connection could be hijacked. We do not have an issue on 
> the mysql server side with Port Exhaustion, just on the "Frontend 
> webserver". We have made a lot of changes, and are currently 
> managing but I fear that we will reach the 65k limit again. If I 
> could get something to load balance LAN interfaces I could double 
> the port limitation. I see that haproxy has an article on this, I 
> love nginx and use it for other applications but maybe its the wrong 
> product for this senerio. I was thinking there might be a way using 
> proxy_bind. 
> 
> https://www.haproxy.com/blog/haproxy-high-mysql-request-rate-and-tcp-source-port-exhaustion/ 
> * 

Nothing wrong with nginx in this scenario: 

https://www.nginx.com/blog/overcoming-ephemeral-port-exhaustion-nginx-plus/ 

-- 
Maxim Konovalov 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20190516/c822b0cc/attachment.html>

More information about the nginx mailing list