openshift-nginx-cartridge icon indicating copy to clipboard operation
openshift-nginx-cartridge copied to clipboard

Published 20 hours ago verified publisher icon gsterjov

NGINX Forward Proxy

Open tvvocold opened this issue 10 years ago • 4 comments

hi there, why i got send() failed (1: Operation not permitted) while resolving, resolver: 8.8.8.8:53

  server {
    listen <%= ENV['OPENSHIFT_NGINX_IP'] %>:<%= ENV['OPENSHIFT_NGINX_PORT'] %>;
    server_name gist.domain.com;
    access_log off;


    location / {
        resolver 8.8.8.8;
        proxy_pass https://gist.github.com$request_uri;

        proxy_connect_timeout 6s;
        proxy_set_header Accept-Encoding "";
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

tvvocold avatar Jan 19 '15 06:01 tvvocold

i submit it to openshift and here is what they said:

The problem you're facing relates to one of the weaknesses of nginx server. Unfortunately using proxy_pass directive requires using resolver, which is needed by the nginx server to get the destination whenever the proxy_pass line contains dynamic content (if static, then it'll resolve it only once on startup, using gethostbyname, and cache it for further usage). Within OpenShift the entire UDP traffic is limited, thus your problems. I'd suggest using our internal DNS for that, but since they may change as everything else, I'd suggest either using nginx lua module to parse that IP from /etc/resolv.conf [1] or using tool like dnsmasq [2].

[1] https://github.com/openresty/lua-nginx-module [2] http://stackoverflow.com/questions/8305015/when-using-proxy-pass-can-etc-hosts-be-used-to-resolve-domain-names-instead-of/8559797#8559797

tvvocold avatar Jan 29 '15 14:01 tvvocold

my question is how to add lua-nginx-module with it? and how to parse that IP from /etc/resolv.conf? ( without sudo ,can i just vim the resolv.conf?)

tvvocold avatar Jan 29 '15 14:01 tvvocold

Install lua-nginx module as explained in https://github.com/openresty/lua-nginx-module#installation

Then create a perl file in $OPENSHIFT_DATA_DIR/sbin/get_host_ip.pl with following code

use strict; use warnings; use Socket; use Data::Dumper;

my @addresses = gethostbyname('YOUR_DYM_DOMAIN.dtdns.net');

my $myip = inet_ntoa($addresses[4]);

print $myip."\n"

in nginx.conf rewrite your "location"

location / {

    set $upstream "";
    rewrite_by_lua '    

    os.execute("perl /var/lib/openshift/XXXXXXXXXX/app-root/data/sbin/get_host_ip.pl > /tmp/ip.out")
    io.input("/tmp/ip.out")
    local route = io.read("*line")

    ngx.log(ngx.ALERT, route)
    ngx.var.upstream = route
    route[ngx.var.http_host] = route

    ';
    proxy_buffering             off;
    proxy_set_header            Host $host;
    #proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header            X-Forwarded-For http://YOUR_DYM_DOMAIN.dtdns.net;
    #proxy_redirect              off;
    #proxy_connect_timeout       10;
    #proxy_send_timeout          30;
    #proxy_read_timeout          30;
    proxy_pass                  http://$upstream;
    }

ENJOY!

khalidmammadov avatar Jun 16 '15 22:06 khalidmammadov

@feorean Thx very mush! :)

tvvocold avatar Jun 17 '15 01:06 tvvocold