Nginx Reverse Proxy - Stale proxy_pass URL
Sergey A. Osokin
osa at freebsd.org.ru
Tue Mar 8 02:47:30 UTC 2022
Hi Ben,
hope you're doing well.
On Mon, Mar 07, 2022 at 07:53:04PM +0000, Ben Mills wrote:
> Greetings nginx,
>
> nginx version: nginx/1.18.0 running an AWS EC2 instance with an Amazon Linux 2 AMI.
I'd highly recommend to update the nginx OSS to the recent stable version, 1.20.2 [1].
[...]
> The nginx service has cached 1.2.3.4 at runtime and the fact that the https://upstream
> now resolves to different IPs has broken the proxy. Restarting the nginx service
> fixes the issue since it then resolves https://upstream to the new ELB IPs.
>
> Question-1
>
> Is there a directive to add to our nginx.conf server block that will force nginx to
> re-resolve its proxy_pass URL upon error? If not upon error, then perhaps at some
> configurable time interval?
It's a bit tricky, but it's possible to use the set directive [2] to set up a
variable with a backend name for dynamic resolvoing, i.e.:
set $backend http://dyn-backned.example.com:8080;
proxy_pass $backend;
Please note that the resolver directive [3] with a proper nameserver's IP address and
a valid parameter is a requirement and needs to be defined as well.
> I have my eye on proxy_cache_use_stale, but not sure if this is suited to our use
> case.
>
> Question-2
>
> The devices using this setup are specialized and testing is not easy. Is there a
> command line option that will allow a user with SSH access to the EC2 instance
> where nginx is running to verify what nginx currently has in its cache for
> https://upstream? (i.e. rather than having to wait for a real device to error).
> The access.log does not display this information, only the error.log does.
Sure, it's possible to use find(1) command line utility to walk through a file
hierarchy with nginx cache path, please follow the corresponding man page to get
more details.
References:
[1] http://nginx.org/en/linux_packages.html#Amazon-Linux
[2] https://nginx.org/en/docs/http/ngx_http_rewrite_module.html#set
[3] https://nginx.org/en/docs/http/ngx_http_core_module.html#resolver
--
Sergey A. Osokin
More information about the nginx
mailing list