nginx_tcp_proxy_module icon indicating copy to clipboard operation
nginx_tcp_proxy_module copied to clipboard

Published 20 hours ago verified publisher icon yaoweibin

server_name ignored

Open IronSight87 opened this issue 13 years ago • 12 comments

Hey guys,

Is it possible that the server_name directive in the server directive is be ignored?

If I write something like:

tcp { upstream cluster { server 127.0.0.1:8000;

    check interval=3000 rise=2 fall=5 timeout=1000;
}   

server {
    listen 9000;
    server_name test.example.com;

    tcp_nodelay on;
    proxy_pass cluster;
}

}

The server is reachable by test.example.com:9000, test2.example.com:9000 and all other subdomains and the main domain.

IronSight87 avatar Feb 12 '12 10:02 IronSight87

Yes, It should be ignored with latest code in the master branch. Is it?

On 2012-2-12 18:13, TheRock1987 wrote:

Hey guys,

Is it possible that the server_name directive in the server directive is be ignored?

If I write something like:

tcp { upstream cluster { server 127.0.0.1:8000;

     check interval=3000 rise=2 fall=5 timeout=1000;
 }

 server {
     listen 9000;
     server_name test.example.com;

     tcp_nodelay on;
     proxy_pass cluster;
 }

}

The server is reachable by test.example.com:9000, test2.example.com:9000 and all other subdomains and the main domain.

Reply to this email directly or view it on GitHub: https://github.com/yaoweibin/nginx_tcp_proxy_module/issues/25

yaoweibin avatar Feb 12 '12 10:02 yaoweibin

I checked out the latest code. But how can I now respond to a specific host (server_name)?

IronSight87 avatar Feb 12 '12 11:02 IronSight87

You can change your host file, add the custom host name mapping to your server ip.

Or use tool like wget:

wget --header="Host: your_server_name" http://your_server_ip:your_server_port/

On 2012-2-12 19:56, TheRock1987 wrote:

I checked out the latest code. But how can I now respond to a specific host (server_name)?

Reply to this email directly or view it on GitHub: https://github.com/yaoweibin/nginx_tcp_proxy_module/issues/25#issuecomment-3927320

yaoweibin avatar Feb 12 '12 14:02 yaoweibin

Hi, I'm getting the same problem here, you refer that it is ignored in the master version, right? Is there any version with it working? Thanks in advance

pmarques avatar Mar 01 '12 14:03 pmarques

Yes, you can use the develop branch:https://github.com/yaoweibin/nginx_tcp_proxy_module/tree/develop. The 'server_name' is meaningful.

yaoweibin avatar Mar 01 '12 14:03 yaoweibin

On the develop branch, is server_name in the server section supposed to be honored? I want to proxy multiple tcp services on the same port and have nginx choose the upstream server based on the server_name the same way that http proxying works.

something like this: tcp { access_log /var/log/nginx/tcp-proxy-access.log upstream test-postgres { server testdb.remotehost.net:5432;

check interval=3000 rise=2 fall=5 timeout=1000;

} server { server_name db-test; listen 5431; proxy_pass test-postgres; } upstream local-postgres { server localhost:5432;

check interval=3000 rise=2 fall=5 timeout=1000;

} server { server_name db-local; listen 5431; proxy_pass local-postgres; } }

Am I trying to use server_name incorrectly, or is this a bug?

currently, with this configuration, the first upstream server is always chosen.

jreedy avatar May 31 '12 16:05 jreedy

Hi, Jreedy,

Is the request HTTP protocol? If it is, you can use the websocket module: https://github.com/yaoweibin/nginx_tcp_proxy_module/wiki/websocket.

This module is also in the develop branch.

On 2012/6/1 0:58, jreedy wrote:

On the develop branch, is server_name in the server section supposed to be honored? I want to proxy multiple tcp services on the same port and have nginx choose the upstream server based on the server_name the same way that http proxying works.

something like this: tcp { access_log /var/log/nginx/tcp-proxy-access.log upstream test-postgres { server testdb.remotehost.net:5432;

 check interval=3000 rise=2 fall=5 timeout=1000;

} server { server_name db-test; listen 5431; proxy_pass test-postgres; } upstream local-postgres { server localhost:5432;

 check interval=3000 rise=2 fall=5 timeout=1000;

} server { server_name db-local; listen 5431; proxy_pass local-postgres; } }

Am I trying to use server_name incorrectly, or is this a bug?

currently, with this configuration, the first upstream server is always chosen.

Reply to this email directly or view it on GitHub: https://github.com/yaoweibin/nginx_tcp_proxy_module/issues/25#issuecomment-6041423

yaoweibin avatar Jun 01 '12 02:06 yaoweibin

No, I'm trying to proxy tcp traffic. Specifically, I'd like to be able to proxy multiple database connections, and I don't want to have to use different ports. Is this not currently possible with non-http traffic?

jreedy avatar Jun 01 '12 18:06 jreedy

On 2012-6-2 2:29, jreedy wrote:

No, I'm trying to proxy tcp traffic. Specifically, I'd like to be able to proxy multiple database connections, and I don't want to have to use different ports. Is this not currently possible with non-http traffic?

Reply to this email directly or view it on GitHub: https://github.com/yaoweibin/nginx_tcp_proxy_module/issues/25#issuecomment-6067228 No, This module can't parse the data except HTTP protocol. If you use a special DB procotol, how do I know which DB would yo want to connect?

yaoweibin avatar Jun 03 '12 03:06 yaoweibin

This may be related.

I am using server_name in both my http {} blocks, and tcp {} for two different server_names, both using 443, and am getting bind errors on startup.

I'm using the develop branch.

Note that I do have the two different host names defined in DNS.

$ sudo service nginx start
Starting nginx: nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:443 failed (98: Address already in use)
nginx: [emerg] still could not bind()
                                                           [FAILED]

$ nginx -V
nginx: nginx version: nginx/1.0.5
nginx: built by gcc 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC) 
nginx: TLS SNI support enabled
nginx: configure arguments: --with-http_ssl_module --with-http_realip_module --with-http_gzip_static_module --with-cc-opt=-Wno-error --add-module=/tmp/nginx_tcp_proxy_module --add-module=/opt/ruby/lib/ruby/gems/1.9.1/gems/passenger-3.0.8/ext/nginx --prefix=/opt/nginx --user=nobody

Conf (this is a puppet template - that's what the <%= %> stuff is):

http {
  passenger_root /opt/ruby/lib/ruby/gems/1.9.1/gems/passenger-3.0.8;
  passenger_ruby /opt/ruby/bin/ruby;
  passenger_max_pool_size  6;
  passenger_min_instances  6;
  passenger_pool_idle_time 0;

  include mime.types;
  default_type application/octet-stream;
  sendfile on;

  client_max_body_size 4M;

  keepalive_timeout  65;

  server {
    server_name <%= rails_environment %>.someapp.com;
    listen 80;
    root /home/deployer/apps/icis/<%= rails_environment %>/current/public;
    access_log /var/www/<%= rails_environment %>.someapp.com/logs/access.log;
    passenger_enabled on;
    rails_env <%= rails_environment %>;
  }

  server {
    server_name <%= rails_environment %>.someapp.com;
    listen 443;
    root /home/deployer/apps/icis/<%= rails_environment %>/current/public;
    access_log /var/www/<%= rails_environment %>.someapp.com/logs/access.log;
    passenger_enabled on;
    rails_env <%= rails_environment %>;

    if (-f $document_root/system/maintenance.html) {
      rewrite ^(.*)$ /system/maintenance.html break;
    }

    ssl on;
    ssl_certificate     /etc/ssl/certs/STAR_someapp_com.crt;
    ssl_certificate_key /etc/ssl/certs/STAR_someapp_com.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv2 SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;
  }
}

tcp {
  upstream websockets {
    server 127.0.0.1:<%= faye_port %>;
    check interval=3000 rise=2 fall=5 timeout=1000;
  }   

  server {
    server_name faye<%= rails_environment %>.someapp.com;
    listen 443;

    so_keepalive on;
    tcp_nodelay on;

    proxy_pass websockets;

    ssl on;
    ssl_certificate     /etc/ssl/certs/STAR_someapp_com.crt;
    ssl_certificate_key /etc/ssl/certs/STAR_someapp_com.key;

    ssl_session_timeout 5m;

    ssl_protocols SSLv2 SSLv3 TLSv1;
    ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
    ssl_prefer_server_ciphers on;
  }
}

http {
  server {
    listen 9000;

    location /websocket_status {
      check_status;
    }
  }
}

jgn avatar Jun 03 '12 09:06 jgn

On 2012/6/3 17:22, John Norman wrote:

tcp { upstream websockets { server 127.0.0.1:<%= faye_port %>; check interval=3000 rise=2 fall=5 timeout=1000; }

server { server_name faye<%= rails_environment %>.someapp.com; listen 443; You can't use the same IP and the same port with HTTP and TCP block. Maybe you should use a different IP with the TCP block? Nginx can't distinguish two different server name before entering the HTTP block.

 so_keepalive on;
 tcp_nodelay on;

 proxy_pass websockets;

 ssl on;
 ssl_certificate     /etc/ssl/certs/STAR_someapp_com.crt;
 ssl_certificate_key /etc/ssl/certs/STAR_someapp_com.key;

 ssl_session_timeout 5m;

 ssl_protocols SSLv2 SSLv3 TLSv1;
 ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
 ssl_prefer_server_ciphers on;

} }

http { server { listen 9000;

 location /websocket_status {
   check_status;
 }

} }


---
Reply to this email directly or view it on GitHub:
https://github.com/yaoweibin/nginx_tcp_proxy_module/issues/25#issuecomment-6084121

yaoweibin avatar Jun 04 '12 02:06 yaoweibin

Thanks! I discovered that on my own about an hour after posting my question -- by reading the documentation!

(I missed: "You can't use the same listening port with HTTP modules.")

jgn avatar Jun 06 '12 07:06 jgn