use shared memory #13
Open
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Issue was that different worker processes had different value of
"nonce", thus producing different ipscrub value for same IP.
Consider this nginx.conf:
load_module modules/ngx_ipscrub_module.so;
events {
accept_mutex on;
}
worker_processes 2;
daemon off;
http {
server {
listen 8000 default_server reuseport;
location / { return 200 "hello from $pid $remote_addr_ipscrub\n"; }
}
}
interesting parts here are `accept_mutex on` and `worker_processes 2` - these
two options mean that nginx will start two worker processes, and they will
accept connections by turn. For some reason, I also had to add `reuseport` to
`listen` for this to work, too.
If you run nginx with above config and run curl in a loop, you would get output
like this:
$ while true; do curl localhost:8000/; done
hello from 533073 1xGVi2
hello from 533072 +G8Qbi
hello from 533073 1xGVi2
hello from 533072 +G8Qbi
hello from 533072 +G8Qbi
hello from 533072 +G8Qbi
hello from 533073 1xGVi2
hello from 533072 +G8Qbi
^C
Probably that's not what you wanted :)
This commit fixes it by using shared memory.
As another benefit, nonce now also "survives" nginx reconfiguration events.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Issue was that different worker processes had different value of "nonce", thus producing different ipscrub value for same IP.
Consider this nginx.conf:
interesting parts here are
accept_mutex onandworker_processes 2- these two options mean that nginx will start two worker processes, and they will accept connections by turn. For some reason, I also had to addreuseporttolistenfor this to work, too.If you run nginx with above config and run curl in a loop, you would get output like this:
Probably that's not what you wanted :)
This commit fixes it by using shared memory.
As another benefit, nonce now also "survives" nginx reconfiguration events.