Thanks for your quick response.
Is there a way to delay the execution of limit_conn. Please suggest if there's
a way forward on this.
thanks,
raj
-----Original Message-----
From: nginx <nginx-boun...@nginx.org> On Behalf Of Roman Arutyunyan
Sent: Tuesday, March 26, 2019 4:59 PM
To: nginx@nginx.org
Subject: Re: TCP connection limit on dynamic backend
Hi,
On Tue, Mar 26, 2019 at 09:13:44AM +0000, R, Rajkumar (Raj) wrote:
> Hi,
>
> Using nginx in TCP/Stream mode and would like to limit the number of active
> connection to my backend server whereas the backend is resolved dynamically
> based on the SNI header ($ssl_preread_server_name). But this does not allow
> any connections to the backend with below config. I see examples of limiting
> backend connections if the backend server block is pre configured.
>
> Could you please confirm if this achievable or supported currently with
> Stream mode?
>
> Below is the related config part.
>
> map $ssl_preread_server_name $backend_svr {
> ~^(\w+).test.com $1-tcp.default.svc.cluster.local;
> }
>
> limit_conn_zone $ssl_preread_server_name zone=perserver:10m;
>
> server {
> listen 443 reuseport so_keepalive=30s:30s:3 backlog=64999;
> proxy_pass $backend_svr:443;
> limit_conn perserver 255;
> ssl_preread on;
> }
The problem is limit_conn is executed at an earlier phase than ssl_preread.
The $ssl_preread_server_name variable is just empty at that moment.
You basically limit client connections by an empty variable.
--
Roman Arutyunyan
_______________________________________________
nginx mailing list
nginx@nginx.org
https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=LDE-f1bLxMPmcrsp8ONITcznNqEIlhe9ffKEZPeB7EI&m=unQV1WrV4FRI5jvKwIh6Zn5db3ZaY3WQha37LnjRjrE&s=tV5nHAXiBKw4H6XIbKfCKiSzzDoVF8aHoL95w2mgtbQ&e=
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
