Tag Archives: Uncategorized

Nginx, reverse proxies and DNS resolution

13 Replies

Nginx is a pretty awesome high performance web server and reverse proxy. It’s often used in conjunction with other HTTP servers such as Java/Tomcat and Ruby/Unicorn, as it allows static content to be served directly from disk by Nginx and for connections from slow clients to be queued and buffered by Nginx, rather than taking up time of the expensive/scarce application server worker processes.

 

A typical Nginx reverse proxy configuration to a single backend using proxy_pass to a local HTTP server application on port 8080 would look something like this:

server {
    ...
    proxy_pass http://localhost:8080
    ...
}

Another popular approach is having a defined upstream group (which can be used for multiple servers, or a single one if desired), for example:

upstream upstream-localhost {
    server localhost:8080;
}

server {
    ...
    proxy_pass http://upstream-localhost;
    ...
}

Generally this configuration works fine for most of our use cases – we typically have a 1-to-1 mapping between a backend application server and Nginx, so the configuration is very simple and reliable – any issues are usually with the backend application, rather than Nginx itself.

 

However on occasion there are times when it’s desirable to have Nginx talking to a backend on another server.

I recently implemented an OAuth2 gateway using Nginx-Lua, with the Nginx gateway doing the OAuth2 authentication in a small Lua module before passing the request through to the backend application. This configuration ran on a pair of bastion servers, which reverse proxy the request through to an Amazon ELB which load balances a number of application servers.

This works perfectly 95% of the time, but Amazon ELBs (even internal) have a tendency to change their IP addresses. Normally this doesn’t matter, since you never reference ELBs via their IP address and use their DNS name instead, but the default behaviour of the Nginx upstream and proxy modules is to resolve DNS at startup, but not to re-resolve DNS during the operation of the application.

This leads to a situation where the Amazon ELB IP address changes, Amazon update the DNS record, but Nginx never re-resolves the DNS record and stays pointing at the old IP address. Subsequently requests to the backend start failing once Amazon drops services from the old IP address.

This lack of re-resolution of backends is a known limitation/issue with Nginx. Thankfully there is a workaround to force Nginx to re-resolve addresses, as per this mailing list post by setting proxy_pass to a variable, which then forces re-resolution of the DNS names as Nginx treats variables differently to static configuration.

server {
    ...
    resolver 127.0.0.1;
    set $backend_upstream "http://dynamic.example.com:80";
    proxy_pass $backend_upstream;
    ...
}

 

A resolver (DNS server address) also needs to be configured. When using parametrised backends, a resolver must be configured in Nginx (it is unable to use the local OS resolver) and must point directly to a name server IP address.

If your name servers aren’t predictable, you could install something like dnsmasq to provide a local resolver on 127.0.0.1 which then forwards to the dynamically assigned name server, or take the approach of pulling the name server details from the host using something like Puppet Facts and then writing it into the configuration file when it’s generated on the host.

Nginx >= 1.1.9 will re-resolve DNS records based on their TTL, but it’s possible to override this with any value desired. To verify correct behaviour, tcpdump will quickly show whether re-resolution is working.

# tcpdump -i eth0 port 53
15:26:00.338503 IP nginx.example.com.53933 > 8.8.8.8.domain: 15459+ A? dynamic.example.com. (54)
15:26:00.342765 IP 8.8.8.8.domain > nginx.example.com.53933: 15459 1/0/0 A 10.1.1.1 (70)
...
15:26:52.958614 IP nginx.example.com.48673 > 8.8.8.8.domain: 63771+ A? dynamic.example.com. (54)
15:26:52.959142 IP 8.8.8.8.domain > nginx.example.com.48673: 63771 1/0/0 A 10.1.1.2 (70)

It’s a bit of an annoyance in an otherwise fantastic application, but as long as you are aware of the limitation, it is not too difficult to resolve the issue by a bit of configuration adjustment.

NZ Easter Plans

3 Replies

For my friends/followers/stalkers in NZ, I’ll be coming home for Easter – here are the key dates:

Thu 28 March: Sydney -> Christchurch
Fri 29 March: Christchurch *
Sat 30 March: Christchurch -> Wellington
Sun 31 March: Wellington *
Mon 01 April: Wellington
Tue 02 April: Wellington -> Sydney

* == no drinking establishments unless dining due to archaic NZ laws around Easter

I’m keen for coffee in Christchurch on the 29th (Fri) or 30th (Sun), get in touch and we can make a time. :-)

I’m also keen to see everyone again in Wellington, I expect to be in the CBD evening of Sat 30th for a few drinks and in town and around at other times for coffee/drinks/etc. I expect to be around the CBD for most of Monday.

Feel free to drop me an email/IM if you’re up for a catch up in particular.

Pictures from the Sydney waterfront

1 Reply

This post is a collection of various pictures from around Sydney Harbour that I’ve been collecting as I’ve been here.In my opinion, the waterfront is the best feature of Sydney –  the city isn’t wildly exciting to me, it’s a somewhat generic large city, however the waterfront adds some uniqueness and difference to it and there’s always something different taking place on the water.

Sydney CBD and bridge in the hazy distance.

Sydney CBD and bridge in the hazy distance.

A water ferry cruises through Darling Harbour, near the maritime museum.

A water ferry cruises through Darling Harbour, near the maritime museum.

View out from Pyrmont towards the Harbour Bridge.

View out from Pyrmont towards the Harbour Bridge.

They put everything on barges here... I've seen party barges, crane barges, cement mixer barges even a soccer field barge (!!).

They put everything on barges here… I’ve seen party barges, crane barges, cement mixer barges, a soccer field barge and even a barge full of strippers and sleazy bankers. :-/

Sydney's military port - I really want to find out what they use that massively bulky crane to lift - tanks maybe?

Royal Australian Navy’s primary dock – I really want to find out what they use that massively bulky crane to lift – tanks maybe?

One of the smaller ferries comes in to dock at Circular Quay.

One of the smaller ferries comes in to dock at Circular Quay.

Pulling away from Circular Quay on the Manly Ferry

Pulling away from Circular Quay on the Manly Ferry

All hail duck kind!

Bow before Lord Carr and his mighty duck army!

Mysterious discharge from a mysterious pipe slung under a pier.

Mysterious discharge from a mysterious pipe slung under a pier.

Looking out towards Pyrmont as the sun sets.

Looking out towards Pyrmont as the sun sets.

Goodbye mighty steed

2 Replies

Sadly with my move to AU, I now have to make the painful decision to sell my 1997 Toyota Starlet, the mighty steed that has lead to many great travels with me.

I have a listing up on Trademe with all the details, if you’re interested in a great economical vehicle take a look, or flick it through to any friends whom are. ;-)

Car is currently in Wellington, but if you live anywhere in the North Island, it’s an easy trip to get it home.

Goodbye environmentally destructive, war-causing friend.

Welly Plans

Leave a reply

Drove down to Wellington from Auckland last night (8hr drive), unloaded all the stuff at parents place and will be here for a few weeks before flying out.

I’m in Wellington until the 15th of September, Lisa is here with me until the 31st August, we are doing a join catch up with friends at 17:00 on August 29th at Fork and Brewer, followed by food at a yet-to-be-determined location.

Would be awesome to see our Welly friends there before Lisa heads off. I’m also keen to do any 1-on-1 catch ups in the weeks before I leave, so drop me an email/IM/SMS/whatever to make some plans. :-)

Slowly clearing my stuff…

Leave a reply

Sorry for another marketing sales interruption, but I’ve listed the remaining items of furniture from my flat onto Trademe this evening.

It includes some good stuff like a great computer desk, chair, bed, dining table and other items, if you’re in Auckland or know somebody in Auckland who needs better furniture, please point them towards it. :-)

I’m trying to get rid of anything sizable before I head to Wellington, once down there I’ll be going through all my computer gear and having a final sell off of everything I no longer require.

Naturally selling the furniture is the number 1 priority. ;-)

You can view my listings here.

 

MOTAT Visit

2 Replies

Whilst I’ve been in Auckland for about 8 months now and driven past it a number of times, I had yet to visit the Auckland Museum Of Transport And Technology (MOTAT). However this month (June) there’s free entry for all visitors, which gave me a pretty compelling reason to head over there and check it out. :-)

Being a free weekend, it was pretty nuts with huge crowds there, but the staff did a great job and once we got in, as long as we avoided the major kids-focused attractions, the crowds weren’t an issue.

And wow, I’m glad I went. It’s actually one of the best things I’ve found in Auckland –  huge range of trams, from Wellington, Auckland and Melbourne, a massive aviation display and a solid number of trains, cars and other displays including Antarctic machines, Kiwiana display, old printing systems and a Victorian village.

Definitely the place to take geeky out-of-towners wanting something to see other than just traffic jams and the sky tower whilst in Auckland. ;-)

Motorised Auckland Fire Truck

Seeing how exposed drivers were on early cars are trucks is amazing, it must have been like driving whilst sitting on a park bench…. and no such thing as a seatbelt, or even doors to stop yourself from falling out sometimes :-/

I didn’t get many pictures of the other cars they have, although there’s a big selection of icon cars from the 20th century – quite surprising seeing how big some of the early models were, compared to the compact size of modern vehicles – some of their engines must have been at least 4 times the physical size of my modern 1.3l engine.

Mechanical printing press.

The mechanical printing press was pretty interesting to watch – the machine has an arm with various suction cups on it, which is used to pickup each sheet of paper and feed it into the print rollers.

The photo doesn’t really do it justice, so I’ve uploaded a youtube video of it in action here, you wouldn’t expect something that looks like such a crude mechanical machine to do such as accurate job of feeding and printing the pages.

Wonder how long until the news paper printing presses of the 2000s era end up in there as well, with the shift to digital it might not be that much longer…

Trams! And a Melbourne tram no less! :-D

Wellington Tram! (double <3)

Steam powered tram - it's effectively an engine only, designed to pull/push tram trailers.

Auckland Tram!

Double decker Wellington tram! I wonder how popular the upstairs was on a cold windy Wellington day. :-/

Map of Auckland's tram network - really wish they had kept it, Auckland needs all the public transport it can get. :-/

Trams on Queen Street.

It’s probably pretty clear that I love trams and MOTAT offers a great experience with a large number of them in excellent condition, as well as a number of ongoing restoration projects in the works, including an interesting sounding “freight tram”.

There’s at least a couple Melbourne trams and several trams from Wellington which are in good running condition, not sure about the Auckland ones, but they look pretty good so I presume they may also be in running condition,

What’s really cool is that since MOTAT is split into two sites, they run several trams regularly which you can ride between the two sites, with an in-between station at Auckland Zoo – you get a free return ticket with your MOTAT entrance fee.

Tram ride ticket :-D

Historical sandwich maker :-P (just kidding dear! don't hurt me!)

 

The mini from Goodbye Pork Pie

Retro buses!

Massive locomotives - would love to see that steam train when it was running!

Steam punk throne! m/

OMG OMG OMG steam train!!

I was fortunate in that I chose to come on the right weekend, as the steam train only runs on select Sundays. Whilst it’s not a long run of track, it’s always a treat to see steam locomotives when running – I took a video and uploaded to youtube of the train running. :-D

Standing on trams is great for holding cute females closely. Watch out Melbourne ladies! ;-)

Tank rides! I didn't get a chance to go on it myself, but looks quite fun. They move surprisingly quickly over the muddy field too

Quite neat seeing planes in various stages of assembly in the workshop.

Lots of planes outside in various conditions, many military options, some DC3s and some sea planes.

Massive sea plane - size becomes really noticeable when you see the people on the ground near it.... it amazes me that these things actually fly sometimes.

Avro Lancaster Bomber

Bombing bay... I wouldn't want to be anywhere near bombs that size when they drop....

The Avro Lancaster is one of the best pieces in the aviation hall – it’s got to be one of the most famous and well known aircraft of the war, but for all the pictures and videos, you don’t really realize how massive the aircraft really is until you get up close to it IRL.

Especially the massive tires, rather than modern designs with groups of numerous smaller tires, the Lancaster has two massive tractor-sized tires that retract up into the wing.

Apparently one of my great grandfathers was on these during WW2, although I’m unsure of his exact position/role onboard.

Ah, the NZ skyhawks.... the most action they ever got was firing a warning shot over the bow of an illegal fishing ship, then got to sit in plastic wrap for years until the government decided nobody wanted to buy them, so scrapped them.

Aerial Mapping Plane

Large number of interesting bombers like this around the hall.

Old NZ Air Force VIP transport.

NZ-build Gyrocopter :-D

"Flying Flea" kitset aircraft

Overall it was a pretty excellent trip – we spent about 3 hours there, but I could have spent maybe 5 or 6 even, if you stopped to do everything and took the time to watch more of the scheduled activities and events.

It’s actually one of the few touristy things that I’d be happy to pay the entrance fee for, at $14 per adult, it’s pretty cheap – especially when compared to other Auckland attractions like Kelly Tartons ($34 per adult, maybe 2hrs activity at most).

It’s easy to get to with a car, there’s an abundance of parking, and there’s also a bus stop right outside if you’re going to brave the Auckland public transport system. :-)

Process Monitor for Windows

4 Replies

From time to time I’m dragged into the murky world of Microsoft to debug a problem a customer is having, or to setup the occasional small business server.

My Windows skills are passable, but certainly nowhere near as good as my Linux capabilities – simple stuff like doing an strace on linux becomes a “ummmmm how?” on Windows.

Recently had an issue with an old Windows application refusing to launch on Windows Server 2008 due to a missing DLL file – found a very handy application published by Microsoft that works on XP SP2+ called “Process Monitor”.

It shows all calls being made by programs including what DLLs are being called and what registry values are being queried, along with the response from all these calls.

In my case, I was able to see what DLL file the problem was requesting and seeing that the OS was returning a NOT FOUND response – installed the require library, and fixed. :-)

Download from: http://technet.microsoft.com/en-us/sysinternals/bb896645

 

Busy Buffer Overflow

Leave a reply

It’s an insanely busy month – I’m up in Auckland again for a few days, before heading back to Wellington, then off to Melbourne & Brisbane for a few days, before returning to Wellington, then Auckland for a few days, then Wellington, then drive to Auckland and speed a week there, before returning to Wellington for a weekend….. as you can see, too much going on!

Really sick of hotels ATM, have spent 2+ weeks in different Auckland North Shore motels in the past week and none of them can seem to tick all the boxes – bad showers, bad beds, bad living space, over all just pretty disappointing.

Will be great once we’ve settled – Lisa will be moving into the new flat on the 26th and I’ll be following shortly on the 30th, I’m sure it will make us both feel a lot better – the inability to truly relax currently is getting very annoying.

Anyway, time to sleep, prob catch up on blogging in early/mid November!

LCA2011: Day 07

Leave a reply

OK, technically there is no LCA day 07, but seeing as it was the last day in Brisbane I figured I could get away with it, without needing to create a separate heading. ;-)

Firstly, I found an awesome pic of me by Andrew McMillian aka Karora on Flickr which clearly demonstrates my need for a haircut:

Me at the Professional Delegates Networking Session (pic by karora)

I spent the morning catching up on sleep and then after packing, I headed into Brisbane Times Square to attend a Fedora meeting at the library.

After that, I headed back to Urbanest by walking from the library, across a bridge and then along southbank back to the accommodation.

Hai Gais! (pic by @chrisjrn on a very awesome high quality lens)

Photoshop the bottle & caption if you dare ;-) (pic via @chrisjrn)

I then caught the AirTrain with @chrisjrn and another guy to the Brisbane Airport – I have to say, I love the AirTrain – it’s fast, easy, comfortable and cheap to get to/from the airport or any station along the gold coast.

I'm on a train!!! (pic by @chrisjrn)

Fast train is fast!

Travelling in style!

Brisbane Airport is pretty decent, didn’t take long to get through security, although I got explosive tested *again* which I find somewhat amusing, since they test for explosives far more often than drugs and I’d bet good money as to which one 20-something European males typically carry….

Flight was delayed a little, but made it to Melbourne with 30mins to spare to connect to the Melbourne-Hobart flight.

One oddity from arriving in Hobart was the way they advertise their seal touristy things:

Baggage seal watches you get security scanned!