Hello! On Mon, May 06, 2013 at 12:12:44PM -0400, mevans336 wrote:
> Hi Mex, > > We shut them down one-by-one, 45 minutes apart. The issue only seems to > occur when the first server listed is blocked however. We don't see the read > timeouts if I leave the iptables rules enabled on the second server. I think > that may be a false symptom related to ip_hash binding clients to the first > server. Timeouts are expected to appear in logs once per fail_timeout= specified (after fail_timeout expires, nginx will route one request to a server in question to check if it's alive again). As only certain ips are mapped to the server blocked with ip_hash, it might nontrivial to test things with low traffic. > Here are the iptables rules: > > Drop rule: iptables -I INPUT -s 192.168.1.0/24 -j DROP > Allow rule: iptables -D INPUT -s 192.168.1.0/24 -j DROP Using "-j REJECT" would make things a lot faster. [...] -- Maxim Dounin http://nginx.org/en/donation.html _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
