Mechanics of proxy_connect

A

Astar0t2019-07-05 17:30:53

Nginx

Astar0t, 2019-07-05 17:30:53

Mechanics of proxy_connect_timeout?

Hello everyone, I need help on a task
. I'm new to this and I want to figure it out.
It is necessary to make an accessible instruction from these examples, why in the first and second cases we chose a timeout of 60 seconds, and in the third 3 seconds.
example 1
we serve the website https://example.com, nginx is configured in reverse proxy mode, nginx sends requests to a single backend server1

upstream example-upstream {
    server server1:80;
}

server {
        listen       192.0.2.1 ssl http2;
        server_name example.com;
        ssl_certificate      /etc/ssl/nginx_certs/manual/example.pem;
        ssl_certificate_key  /etc/ssl/nginx_certs/manual/example_key.pem;

      location / {
            proxy_set_header Host $http_host;
            proxy_connect_timeout 60s;
            proxy_pass      http://example-upstream;
      }
}

example 2
we serve the website https://example.com, nginx is configured in reverse proxy mode, nginx sends requests to several backends server1, server2, server3, unequal backends, sticking the user to the backend is used

upstream example-upstream {
    server server1:80;
    server server2:80;
    server server3:80;
    sticky;
}

server {
        listen       192.0.2.1 ssl http2;
        server_name example.com;
        ssl_certificate      /etc/ssl/nginx_certs/manual/example.pem;
        ssl_certificate_key  /etc/ssl/nginx_certs/manual/example_key.pem;

      location / {
            proxy_set_header Host $http_host;
            proxy_connect_timeout 60s;
            proxy_pass      http://example-upstream;
      }
}

example 3
we serve the website https://example.com, nginx is configured in reverse proxy mode, nginx sends requests to several peer backends server1, server2, server3

upstream example-upstream {
    server server1:80;
    server server2:80;
    server server3:80;
}

server {
        listen       192.0.2.1 ssl http2;
        server_name example.com;
        ssl_certificate      /etc/ssl/nginx_certs/manual/example.pem;
        ssl_certificate_key  /etc/ssl/nginx_certs/manual/example_key.pem;

      location / {
            proxy_set_header Host $http_host;
            proxy_connect_timeout 3s;
            proxy_pass      http://example-upstream;
      }
}

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

V

Viktor Taran, 2019-07-05
@shambler81

60 is not enough, especially 3
The server response from that side will also enter the proxy connection timeout, and hence the request to msyql
If there is no response during this time, then you will see an error, and nginx will drop this call to 500
if you pull the cat for .. ..
then option 1 and the second can heavily load one of the backs, as a result of which 3 is clearly not enough, and in the latter case it is much harder to evenly load the backs for the timeout and if the server did not answer for 3, then go to the next one, as a result of this, when switching the client does not will notice drawdowns, since 3 is not 60
BUT, as I said, you must be 100% sure that for 60 and even more so 3 a heavy hit can be performed.
In your case, there is an option not to complete a heavy request in 3 seconds and it will run around the servers like a fool in the hope of getting at least something, as a result it will give 3 heavy hits to the servers and die.

D

Dimonchik, 2019-07-05
@dimonchik2013

what is unclear?

sticking the user to the backend is used

it's written