Hello! On Wed, Feb 26, 2014 at 11:39:31AM -0500, mastercan wrote:
> Hello, > > I've encountered a problem with nginx 1.5.10. > I'm running nginx on a highly available system (2 cluster node). > > When node1 fails, node2 is automatically coming into play. A few days ago > the internet connection was bad - on both nodes. They could ping the gateway > only sporadically. > Node2 became the active one and tried to start nginx. Nginx did not even > come up. > > I replayed the whole scenario (switchover) with a working internet > connection. Everything is running perfect then. > But with a broken internet connection nginx does not start up. It's > hanging. > > The reason is ssl_stapling I found out. Even when I set resolver_timeout to > 5 seconds, nginx won't come up within 5 seconds with an internet connection > with high packet loss. On startup, nginx does name resolution of various names in a configuration files, using system resolver. This includes initial resolution of OCSP responders if stapling is used. If your system resolver doesn't have internet access and blocks trying to resolve names - so nginx will do. Traditional approach to the problem is to use local caching DNS server (which is less likely to fail than external services), and to use IP addresses or /etc/hosts for critical things. It's also a good idea to have nginx _running_ instead of trying to start it in an emergency conditions. While nginx usually starts just fine, it is designed to keep things running by all means, not to start by all means. Startup may fail, e.g., due to failed DNS resolution or a listen socket grabbed by some other process. In contrast, if nginx was already started - it will keep running by all means. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx
