Thanks for your quick response. Is there a way to delay the execution of limit_conn. Please suggest if there's a way forward on this.
thanks, raj -----Original Message----- From: nginx <nginx-boun...@nginx.org> On Behalf Of Roman Arutyunyan Sent: Tuesday, March 26, 2019 4:59 PM To: nginx@nginx.org Subject: Re: TCP connection limit on dynamic backend Hi, On Tue, Mar 26, 2019 at 09:13:44AM +0000, R, Rajkumar (Raj) wrote: > Hi, > > Using nginx in TCP/Stream mode and would like to limit the number of active > connection to my backend server whereas the backend is resolved dynamically > based on the SNI header ($ssl_preread_server_name). But this does not allow > any connections to the backend with below config. I see examples of limiting > backend connections if the backend server block is pre configured. > > Could you please confirm if this achievable or supported currently with > Stream mode? > > Below is the related config part. > > map $ssl_preread_server_name $backend_svr { > ~^(\w+).test.com $1-tcp.default.svc.cluster.local; > } > > limit_conn_zone $ssl_preread_server_name zone=perserver:10m; > > server { > listen 443 reuseport so_keepalive=30s:30s:3 backlog=64999; > proxy_pass $backend_svr:443; > limit_conn perserver 255; > ssl_preread on; > } The problem is limit_conn is executed at an earlier phase than ssl_preread. The $ssl_preread_server_name variable is just empty at that moment. You basically limit client connections by an empty variable. -- Roman Arutyunyan _______________________________________________ nginx mailing list nginx@nginx.org https://urldefense.proofpoint.com/v2/url?u=http-3A__mailman.nginx.org_mailman_listinfo_nginx&d=DwICAg&c=BFpWQw8bsuKpl1SgiZH64Q&r=LDE-f1bLxMPmcrsp8ONITcznNqEIlhe9ffKEZPeB7EI&m=unQV1WrV4FRI5jvKwIh6Zn5db3ZaY3WQha37LnjRjrE&s=tV5nHAXiBKw4H6XIbKfCKiSzzDoVF8aHoL95w2mgtbQ&e= _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx