forward proxy config is causing "upstream server temporarily disabled while connecting to upstream" error
Maxim Dounin
mdounin at mdounin.ru
Mon Mar 1 14:17:11 UTC 2021
Hello!
On Mon, Mar 01, 2021 at 11:35:47AM +0200, Señor J Onion wrote:
> I want to set up nginx as a forward proxy - much like Squid might work.
First of all, you probably already know it, but to clarify: nginx
is not a forward proxy. What you are trying to do is not
supported and entirely at your own risk.
> This is my server block:
>
> server {
> listen 3128;
> server_name localhost;
>
> location / {
> resolver 8.8.8.8;
A side note: nginx resolver is rudimentary and provided with the
only goal to avoid using blocking system resolver. As
the documentation says (http://nginx.org/r/resolver), is is a good
idea to use DNS servers in properly secured local network.
> proxy_pass http://$http_host$uri$is_args$args;
A side note: consider just "proxy_pass http://$http_host;" instead.
> }
> }
>
> This is the curl command I use to test, and it works the first time, maybe even the second time.
>
> curl -s -D - -o /dev/null -x "http://localhost:3128" http://storage.googleapis.com/my.appspot.com/test.jpeg
>
> The corresponding nginx access log is
>
> 172.23.0.1 - - [26/Feb/2021:12:38:59 +0000] "GET http://storage.googleapis.com/my.appspot.com/test.jpeg HTTP/1.1" 200 2296040 "-" "curl/7.64.1" "-"
>
> However - on repeated requests, I start getting these errors in my nginx logs (after say the 2nd or 3rd attempt)
>
> 2021/02/26 12:39:49 [crit] 31#31: *4 connect() to [2c0f:fb50:4002:804::2010]:80 failed (99: Address not available) while connecting to upstream, client: 172.23.0.1, server: localhost, request: "GET http://storage.googleapis.com/omgimg.appspot.com/test.jpeg HTTP/1.1", upstream: "http://[2c0f:fb50:4002:804::2010]:80/my.appspot.com/test.jpeg", host: "storage.googleapis.com"
> 2021/02/26 12:39:49 [warn] 31#31: *4 upstream server temporarily disabled while connecting to upstream, client: 172.23.0.1, server: localhost, request: "GET http://storage.googleapis.com/my.appspot.com/test.jpeg HTTP/1.1", upstream: "http://[2c0f:fb50:4002:804::2010]:80/my.appspot.com/test.jpeg", host: "storage.googleapis.com"
>
>
> What might be causing these issues after just a handful of requests? (curl still fetches the URL fine)
You are trying to connect to an upstream server with an IPv6
address, yet your system has no IPv6 addresses configured, so
the connection attempt fails. This is not fatal, as nginx is able
to switch to using other addresses of the same server, but
probably a configuration error.
Most likely you want nginx to ignore IPv6 addresses. To do this,
consider using "resolver ... ipv6=off;". This should prevent
nginx from trying to connect to IPv6 addresses, and so
corresponding errors will disappear from the error log.
Hope this helps.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list