Skip to main content

NGINX stream module with dynamic upstreams

NGINX has had support for dynamic upstream modules for a while in the community distribution and examples abund. I think this is probably one of the clearest I could find.

Finding a similar config for stream proxies turned out to be surprisingly hard, so here I'm sharing my solution in the hope that it can be useful to somebody. Or someone more experienced can point out a better alternative.
In my case my upstream is an ELB which can and will change ip address often so using the static DNS name was not an option.


Without further ado, here is the fully formed solution:

stream {
    resolver 8.8.8.8;

    map $remote_addr $upstream {
        default your-elb.eu-west-1.elb.amazonaws.com;
    }

    server {
        listen 443;
        proxy_pass $upstream:443;
    }
}

Explanation

Apparently using set is not allowed in the stream module (set is an http directive) so I had to introduce the odd $upstream map as a workaround.
The map tricks nginx into resolving the default value with the configured resolver. I ran a few tests and it appears nginx refreshes the DNS lookup consistently with the TTL set by Amazon (60 seconds). Success!

Comments

Popular posts from this blog

Indexing Apache access logs with ELK (Elasticsearch+Logstash+Kibana)

Who said that grepping Apache logs has to be boring?

The truth is that, as Enteprise applications move to the browser too, Apache access logs are a gold mine, it does not matter what your role is: developer, support or sysadmin. If you are not mining them you are most likely missing out a ton of information and, probably, making the wrong decisions.
ELK (Elasticsearch, Logstash, Kibana) is a terrific, Open Source stack for visually analyzing Apache (or nginx) logs (but also any other timestamped data).

From 0 to ZFS replication in 5m with syncoid

The ZFS filesystem has many features that once you try them you can never go back. One of the lesser known is probably the support for replicating a zfs filesystem by sending the changes over the network with zfs send/receive.
Technically the filesystem changes don't even need to be sent over a network: you could as well dump them on a removable disk, then receive  from the same removable disk.

RUNDECK job maintenance

Learn more about Rundeck.

Now that I have a fair number of jobs scheduled by Rundeck, how do I periodically prune the job execution history and keep only the last, say, 30 executions for each job?