search

gsterjov / openshift-nginx-cartridge

An Nginx Cartridge for OpenShift
44 stars 49 forks source link

NGINX Forward Proxy #9

Open tvvocold opened 9 years ago

tvvocold commented 9 years ago

hi there, why i got send() failed (1: Operation not permitted) while resolving, resolver: 8.8.8.8:53

  server {
    listen <%= ENV['OPENSHIFT_NGINX_IP'] %>:<%= ENV['OPENSHIFT_NGINX_PORT'] %>;
    server_name gist.domain.com;
    access_log off;

    location / {
        resolver 8.8.8.8;
        proxy_pass https://gist.github.com$request_uri;

        proxy_connect_timeout 6s;
        proxy_set_header Accept-Encoding "";
        proxy_set_header User-Agent $http_user_agent;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}
tvvocold commented 9 years ago

i submit it to openshift and here is what they said:

The problem you're facing relates to one of the weaknesses of nginx server. Unfortunately using proxy_pass directive requires using resolver, which is needed by the nginx server to get the destination whenever the proxy_pass line contains dynamic content (if static, then it'll resolve it only once on startup, using gethostbyname, and cache it for further usage). Within OpenShift the entire UDP traffic is limited, thus your problems. I'd suggest using our internal DNS for that, but since they may change as everything else, I'd suggest either using nginx lua module to parse that IP from /etc/resolv.conf [1] or using tool like dnsmasq [2].

[1] https://github.com/openresty/lua-nginx-module [2] http://stackoverflow.com/questions/8305015/when-using-proxy-pass-can-etc-hosts-be-used-to-resolve-domain-names-instead-of/8559797#8559797

tvvocold commented 9 years ago

my question is how to add lua-nginx-module with it? and how to parse that IP from /etc/resolv.conf? ( without sudo ,can i just vim the resolv.conf?)

khalidmammadov commented 9 years ago

Install lua-nginx module as explained in https://github.com/openresty/lua-nginx-module#installation

Then create a perl file in $OPENSHIFT_DATA_DIR/sbin/get_host_ip.pl with following code

use strict; use warnings; use Socket; use Data::Dumper;

my @addresses = gethostbyname('YOUR_DYM_DOMAIN.dtdns.net');

my $myip = inet_ntoa($addresses[4]);

print $myip."\n"

in nginx.conf rewrite your "location"

location / {

    set $upstream "";
    rewrite_by_lua '    

    os.execute("perl /var/lib/openshift/XXXXXXXXXX/app-root/data/sbin/get_host_ip.pl > /tmp/ip.out")
    io.input("/tmp/ip.out")
    local route = io.read("*line")

    ngx.log(ngx.ALERT, route)
    ngx.var.upstream = route
    route[ngx.var.http_host] = route

    ';
    proxy_buffering             off;
    proxy_set_header            Host $host;
    #proxy_set_header            X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header            X-Forwarded-For http://YOUR_DYM_DOMAIN.dtdns.net;
    #proxy_redirect              off;
    #proxy_connect_timeout       10;
    #proxy_send_timeout          30;
    #proxy_read_timeout          30;
    proxy_pass                  http://$upstream;
    }

ENJOY!

tvvocold commented 9 years ago

@feorean Thx very mush! :)