nginx_tcp_proxy_module
nginx_tcp_proxy_module copied to clipboard
yaoweibin
Cant connect to services on the same machine running nginx
It is not possible to make connections (proxy_pass) to a service running on the same machine. Wireshark shows the following sequence: NGINX <--> Service SYN --> <-- SYN, ACK ACK --> FIN, ACK --> <-- DATA RST -->
The Nginx log shows multiple EINPROGRESS errors until timeout.
Forwarded Http-Connections, configured in the HTTP segment, are working fine. Also websocket connections with the tcp proxy module are not affected.
The tested nginx versions were 1.5.7 and 1.7.6, compiled with the master branch of the proxy module, running on AWS EC2 instances with CentOS 6.5.
A test with haproxy was successful.
I can’t quite catch your mean. Do you want to listen the same port with HTTP module? Or you could show me your config.
在 2014年10月31日,下午9:36,hbacbs [email protected] 写道:
It is not possible to make connections (proxy_pass) to a service running on the same machine. Wireshark shows the following sequence: NGINX <--> Service SYN --> <-- SYN, ACK ACK --> FIN, ACK --> <-- DATA RST -->
The Nginx log shows multiple EINPROGRESS errors until timeout.
Forwarded Http-Connections, configured in the HTTP segment, are working fine. Also websocket connections with the tcp proxy module are not affected.
The tested nginx versions were 1.5.7 and 1.7.6, compiled with the master branch of the proxy module, running on AWS EC2 instances with CentOS 6.5.
A test with haproxy was successful.
— Reply to this email directly or view it on GitHub https://github.com/yaoweibin/nginx_tcp_proxy_module/issues/106.
Let me explain:
For our customers the services are running on multiple instances with nginx as forward proxy; e.g. nginx is running on 172.16.10.20 listening on port 8008 and our service is running on a different instance 172.16.10.21 listening also on port 8008. This configuration is working fine.
For evaluation and demonstration I want to setup only one instance running all services. I configured our service to listen on port 8010 while nginx listens on 8008. In this case forwarding of tcp failed while http forwarding is working properly (SSL offloading on port 443 and forwarding to localhost:8080). I tried different configurations: our service listening only on localhost (interface lo = 127.0.0.1) and the tcp proxy on the ethernet interface, set the timeouts to 1d and other modifications but all failed.
I saw during my investigations that there were running configurations forwarding to localhost concerning websockets. So I tried a websocket configuration and this worked, but websockets are not suited for our application. To exclude other issues I tried haproxy, which also worked for my configuration, but I don't want to have two different proxy services.
Here is the tcp proxy configuration
tcp {
upstream video {
server localhost:8010;
check interval=3000 rise=2 fall=5 timeout=1000;
}
server {
listen 172.16.10.20:8008 ssl;
tcp_nodelay on;
access_log /var/log/nginx/tcp-video.log;
ssl_certificate /usr/local/nginx/conf/video.pem;
ssl_certificate_key /usr/local/nginx/conf/video.rsa;
ssl_prefer_server_ciphers on;
proxy_pass video;
proxy_read_timeout 86400s;
proxy_send_timeout 86400s;
}
}