-
-
Notifications
You must be signed in to change notification settings - Fork 883
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bug in ipv6 template #30
Comments
Can you give me an example of this usage in how you intend to use it? There might be another way to model this in code. |
Hi! Do you mean the bug on ipv6 or the listen_options feature ? I'll explain both just in case.
Here I don't think there is any option, the template had the 'default' option for listen directive hardcoded, which forces nginx to believe each virtual host is the default for a request that does not match any other virtual host. Suppose you have the IPV6 "2001:0db8:85a3:0042:0000:8a2e:0370:7334" and three domains on that IP, then you create four virtual hosts, one for each domain and one to capture the traffic that does not match any virtualhost. Because template have 'default' option for listen directive hardcoded, every one of the virtualhost will have a listen like this: This will cause nginx to decide which of the sites will be the default based on the order it read the files. Can't remember right now if it choose the first or the last one but it won't do what user wants. 'default' option should be set only on 1 listen per IP.
The need for this is because nginx changed a lot in recent versions and added tens of options to listen directive for fine tunning of servers, in fact in latest version it's non longer 'default' but 'defaut_server', but many many more were added. From nginx manual, options for listen directive: [default_server] [setfib=number] [backlog=number] [rcvbuf=size] [sndbuf=size] [accept_filter=filter] [deferred] [bind] [ipv6only=on|off] [ssl] [so_keepalive=on|off|[keepidle]. I see only three options here:
From those three I discarded the first one because it will add a lot of options that likely most users won't ever set or need. Then discarded the second because most options are only for recent versions and it would need a lot of work to properly set default values according to which nginx version is running. At the end only the third was left and choosed it due to lack of options and simplicity. There is a fourth? Cheers! Guzman |
@guzmanbraso I know this is old, but this isn't an issue anymore (you can set
Would you consider closing? |
@jfryman while you're checking into issues, this can be closed. There are a couple of others that can be closed too, I'll ping you on those as well. |
solved since merge of #249
config generated by current code:
This is not caused by a duplicate Would it be reasonable to use the |
Turn off `default` on all vhosts but the default one. Disable `ip6only` for all vhosts, because it's now the default: http://trac.nginx.org/nginx/ticket/345 voxpupuli/puppet-nginx#30
This was refering to issue voxpupuli#30 which was closed by changing the behavior for *not* adding the default in the template. Instead, the default includes the setting. We do not mention the default here because it's visible in the generated `REFERENCE.md` file and is not mentioned in other parameter documentation anyways.
Hi James,
I'm working on a pull where I fix a missing $listen_port on templates and introduce a new $listen_options to be able to set directives like 'default' from resource call.
However, when checking ipv6 header it has a fixed default in the listen directive, this means that if you setup more than one vhost with the same listen ip in ipv6 you will have a broken config.
It's very easy to fix, but it's impossible to be backwards compatible on this. Except.... setting on IPV6 new $ipv6_listen_option = 'default', but if we go this way to be backwards compatible, we should warn users to always set listen_options to empty values in their arguments if working with more than one vhost on the same ipv6.
What do you suggest?
The text was updated successfully, but these errors were encountered: