nginx upgrade fails due bind error on 127.0.0.1 in a FreeBSD jail

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

nginx upgrade fails due bind error on 127.0.0.1 in a FreeBSD jail

Steven Hartland
We've used nginx for years and never had an issue with nginx upgrade until today where the upgrade command ran but almost instantly after the new process exited.

/usr/local/etc/rc.d/nginx upgrade
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Upgrading nginx binary:
Stopping old binary:

In the default nginx log we had:
2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: Address already in use)
nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: Address already in use)
nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: Address already in use)
nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: Address already in use)
nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: Address already in use)
nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
2016/12/04 21:18:22 [emerg] 25435#0: still could not bind()
nginx: [emerg] still could not bind()

Running the start just after resulted in a running version but is obviously unexpected to have upgrade result in a failure.

I believe the change to add a localhost bind to the server in question was relatively recent so I suspect it has something to do with that.

The config for this is simply:
server {
    listen 127.0.0.1:81;
    server_name localhost;

    location /status {
        stub_status;
    }
}

The upgrade in this case was:
nginx: 1.10.1_1,2 -> 1.10.2_2,2

Now this server is running under FreeBSD in a jail (10.2-RELEASE) and it has 127.0.0.1 available yet it seems nginx has incorrectly bound the address:
netstat -na | grep LIST | grep 81
tcp4       0      0 10.10.96.146.81        *.*                    LISTEN

sockstat | grep :81
www      nginx      25666 25 tcp4   10.10.96.146:81       *:*
www      nginx      25665 25 tcp4   10.10.96.146:81       *:*
www      nginx      25664 25 tcp4   10.10.96.146:81       *:*
www      nginx      25663 25 tcp4   10.10.96.146:81       *:*
www      nginx      25662 25 tcp4   10.10.96.146:81       *:*
www      nginx      25661 25 tcp4   10.10.96.146:81       *:*
www      nginx      25660 25 tcp4   10.10.96.146:81       *:*
www      nginx      25659 25 tcp4   10.10.96.146:81       *:*
www      nginx      25658 25 tcp4   10.10.96.146:81       *:*
www      nginx      25657 25 tcp4   10.10.96.146:81       *:*
www      nginx      25656 25 tcp4   10.10.96.146:81       *:*
www      nginx      25655 25 tcp4   10.10.96.146:81       *:*
www      nginx      25654 25 tcp4   10.10.96.146:81       *:*
www      nginx      25653 25 tcp4   10.10.96.146:81       *:*
www      nginx      25652 25 tcp4   10.10.96.146:81       *:*
www      nginx      25651 25 tcp4   10.10.96.146:81       *:*
root     nginx      25650 25 tcp4   10.10.96.146:81       *:*

ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 0xffffffff

So it looks like nginx is incorrectly binding which is resulting in the issue with upgrade.

Anyone seen this before?

I've confirmed nginx is responding correctly on 127.0.0.1:
lwp-request http://127.0.0.1:81/status        
Active connections: 1077
server accepts handled requests
 31516 31516 90387
Reading: 0 Writing: 5 Waiting: 1071

    Regards
    Steve

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: nginx upgrade fails due bind error on 127.0.0.1 in a FreeBSD jail

Maxim Dounin
Hello!

On Sun, Dec 04, 2016 at 09:39:59PM +0000, Steven Hartland wrote:

> We've used nginx for years and never had an issue with nginx upgrade
> until today where the upgrade command ran but almost instantly after the
> new process exited.
>
> /usr/local/etc/rc.d/nginx upgrade
> Performing sanity check on nginx configuration:
> nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
> nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
> Upgrading nginx binary:
> Stopping old binary:
>
> In the default nginx log we had:
> 2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48:
> Address already in use)
> nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
> 2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48:
> Address already in use)
> nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
> 2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48:
> Address already in use)
> nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
> 2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48:
> Address already in use)
> nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
> 2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48:
> Address already in use)
> nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
> 2016/12/04 21:18:22 [emerg] 25435#0: still could not bind()
> nginx: [emerg] still could not bind()
>
> Running the start just after resulted in a running version but is
> obviously unexpected to have upgrade result in a failure.
>
> I believe the change to add a localhost bind to the server in question
> was relatively recent so I suspect it has something to do with that.
>
> The config for this is simply:
> server {
>      listen 127.0.0.1:81;
>      server_name localhost;
>
>      location /status {
>          stub_status;
>      }
> }
>
> The upgrade in this case was:
> nginx: 1.10.1_1,2 -> 1.10.2_2,2
>
> Now this server is running under FreeBSD in a jail (10.2-RELEASE) and it
> has 127.0.0.1 available yet it seems nginx has incorrectly bound the
> address:
> netstat -na | grep LIST | grep 81
> tcp4       0      0 10.10.96.146.81        *.* LISTEN

In a FreeBSD jail with a single IP address any listening address
is implicitly converted to the jail address.  As a result, if you
write in config "127.0.0.1" - upgrade won't work, as it will see
inherited socket listening on the jail address (10.10.96.146 in
your case) and will try to create a new listening socket with the
address from the configuration and this will fail.

There are two possible solutions for this problem:

- configure listening on the jail IP address to avoid this
  implicit conversion;
- configure listening on "*" and use multiple addresses in the jail.

In both cases there will be no implicit conversion and as a result
everything will work correctly.

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: nginx upgrade fails due bind error on 127.0.0.1 in a FreeBSD jail

Steven Hartland
On 05/12/2016 13:27, Maxim Dounin wrote:
Hello!

On Sun, Dec 04, 2016 at 09:39:59PM +0000, Steven Hartland wrote:

We've used nginx for years and never had an issue with nginx upgrade 
until today where the upgrade command ran but almost instantly after the 
new process exited.

/usr/local/etc/rc.d/nginx upgrade
Performing sanity check on nginx configuration:
nginx: the configuration file /usr/local/etc/nginx/nginx.conf syntax is ok
nginx: configuration file /usr/local/etc/nginx/nginx.conf test is successful
Upgrading nginx binary:
Stopping old binary:

In the default nginx log we had:
2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: 
Address already in use)
nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: 
Address already in use)
nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: 
Address already in use)
nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: 
Address already in use)
nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
2016/12/04 21:18:22 [emerg] 25435#0: bind() to 127.0.0.1:81 failed (48: 
Address already in use)
nginx: [emerg] bind() to 127.0.0.1:81 failed (48: Address already in use)
2016/12/04 21:18:22 [emerg] 25435#0: still could not bind()
nginx: [emerg] still could not bind()

Running the start just after resulted in a running version but is 
obviously unexpected to have upgrade result in a failure.

I believe the change to add a localhost bind to the server in question 
was relatively recent so I suspect it has something to do with that.

The config for this is simply:
server {
     listen 127.0.0.1:81;
     server_name localhost;

     location /status {
         stub_status;
     }
}

The upgrade in this case was:
nginx: 1.10.1_1,2 -> 1.10.2_2,2

Now this server is running under FreeBSD in a jail (10.2-RELEASE) and it 
has 127.0.0.1 available yet it seems nginx has incorrectly bound the 
address:
netstat -na | grep LIST | grep 81
tcp4       0      0 10.10.96.146.81        *.* LISTEN
In a FreeBSD jail with a single IP address any listening address 
is implicitly converted to the jail address.  As a result, if you 
write in config "127.0.0.1" - upgrade won't work, as it will see 
inherited socket listening on the jail address (10.10.96.146 in 
your case) and will try to create a new listening socket with the 
address from the configuration and this will fail.

Thanks for the response Maxim.

In our case we don't have a single IP in the jail we have 4 addresses:
1 x localhost address (127.0.0.1)
2 x external
1 x private address (10.10.96.146)

We have a number of binds the externals are just port binds the internal a localhost e.g.
listen 443 default_server accept_filter=httpready ssl;
listen 80 default_server accept_filter=httpready;
...
listen 80;
listen 443 ssl;
...
listen 127.0.0.1:81;

We're expecting the none IP specified listens to bind to * (this is what happens)

But the "listen 127.0.0.1:81" results in "10.10.96.146:81" instead.

Given your description I would only expect this 127.0.0.1 wasn't present in the jail and 10.10.96.146 was the only IP available.

Did I miss-understand your description?
There are two possible solutions for this problem:

- configure listening on the jail IP address to avoid this 
  implicit conversion;
As above I'm not sure I follow you correctly as 127.0.0.1 is one of the IP's available in the jail.
- configure listening on "*" and use multiple addresses in the jail.
Unfortunately this is something we want to explicitly prevent with this bind, its an internal service only.
In both cases there will be no implicit conversion and as a result 
everything will work correctly.
    Regards
    Steve

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: nginx upgrade fails due bind error on 127.0.0.1 in a FreeBSD jail

Maxim Dounin
Hello!

On Mon, Dec 05, 2016 at 02:40:27PM +0000, Steven Hartland wrote:

> On 05/12/2016 13:27, Maxim Dounin wrote:
> > Hello!
> >
> > On Sun, Dec 04, 2016 at 09:39:59PM +0000, Steven Hartland wrote:

[...]

> >> I believe the change to add a localhost bind to the server in question
> >> was relatively recent so I suspect it has something to do with that.
> >>
> >> The config for this is simply:
> >> server {
> >>       listen 127.0.0.1:81;
> >>       server_name localhost;
> >>
> >>       location /status {
> >>           stub_status;
> >>       }
> >> }
> >>
> >> The upgrade in this case was:
> >> nginx: 1.10.1_1,2 -> 1.10.2_2,2
> >>
> >> Now this server is running under FreeBSD in a jail (10.2-RELEASE) and it
> >> has 127.0.0.1 available yet it seems nginx has incorrectly bound the
> >> address:
> >> netstat -na | grep LIST | grep 81
> >> tcp4       0      0 10.10.96.146.81        *.* LISTEN
> > In a FreeBSD jail with a single IP address any listening address
> > is implicitly converted to the jail address.  As a result, if you
> > write in config "127.0.0.1" - upgrade won't work, as it will see
> > inherited socket listening on the jail address (10.10.96.146 in
> > your case) and will try to create a new listening socket with the
> > address from the configuration and this will fail.
>
> Thanks for the response Maxim.
>
> In our case we don't have a single IP in the jail we have 4 addresses:
> 1 x localhost address (127.0.0.1)
> 2 x external
> 1 x private address (10.10.96.146)
>
> We have a number of binds the externals are just port binds the internal
> a localhost e.g.
> listen 443 default_server accept_filter=httpready ssl;
> listen 80 default_server accept_filter=httpready;
> ...
> listen 80;
> listen 443 ssl;
> ...
> listen 127.0.0.1:81;
>
> We're expecting the none IP specified listens to bind to * (this is what
> happens)
>
> But the "listen 127.0.0.1:81" results in "10.10.96.146:81" instead.
>
> Given your description I would only expect this 127.0.0.1 wasn't present
> in the jail and 10.10.96.146 was the only IP available.
>
> Did I miss-understand your description?

Given that the real local address of the listening socket as shown
by netstat is 10.10.96.146, it means that the socket was created
when there were no explicit 127.0.0.1 in the jail.

And, given that you are able to connect to it via "lwp-request
http://127.0.0.1:81/status", it looks like that 127.0.0.1 is still
not in the jail, but mapped to 10.10.96.146 instead.

Note that the fact that you can use 127.0.0.1 in a jail doesn't
mean that it is a real address available.  Normally, 127.0.0.1
will be implicitly converted to the main IP of the jail, and most
utilities won't notice.

(Note well that since there is no real 127.0.0.1 in the jail, it
doesn't provide any additional isolation compared to the jail IP
address.  That is, a service which is listening on 127.0.0.1 is in
fact listening on 10.10.96.146, and it is reachable from anywhere,
not just the jail itself.)

> > There are two possible solutions for this problem:
> >
> > - configure listening on the jail IP address to avoid this
> >    implicit conversion;
> As above I'm not sure I follow you correctly as 127.0.0.1 is one of the
> IP's available in the jail.

See above, looks like it's not, and it is implicitly converted to
10.10.96.146 instead.

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: nginx upgrade fails due bind error on 127.0.0.1 in a FreeBSD jail

Steven Hartland
On 05/12/2016 17:12, Maxim Dounin wrote:
Hello!

On Mon, Dec 05, 2016 at 02:40:27PM +0000, Steven Hartland wrote:
snip...
Given that the real local address of the listening socket as shown 
by netstat is 10.10.96.146, it means that the socket was created 
when there were no explicit 127.0.0.1 in the jail.

This didn't appear to be the case as nginx was restarted after the failure of upgrade and currently shows:
netstat -na | grep LIST
tcp4       0      0 10.10.96.146.81        *.*                    LISTEN

The jail does indeed have an explicit 127.0.0.1 as reported by ifconfig from within said jail.
ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.0.1 netmask 0xffffffff

/etc/jail.conf includes:
jailXYZ {
    path = "/data/jails/XYZ";
    ip4.addr = "10.10.96.146";
    ip4.addr += "vlan96|A.B.C.D";
    ip4.addr += "lo0|127.0.0.1";
}

This is what we see when 127.0.0.1 is not exposed to the jail, which is where I would expect the behaviour you describe:
ifconfig lo0
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        groups: lo

Digging into to source of jails I found the offending code:
        ia0.s_addr = ntohl(ia->s_addr);
        if (ia0.s_addr == INADDR_LOOPBACK) {
                ia->s_addr = pr->pr_ip4[0].s_addr;
                mtx_unlock(&pr->pr_mtx);
                return (0);
        }
...
        if (ntohl(ia->s_addr) == INADDR_LOOPBACK) {
                ia->s_addr = pr->pr_ip4[0].s_addr;
                mtx_unlock(&pr->pr_mtx);
                return (0);
        }

This uses the first IP of the jail as loopback even if there is an address which explicitly matches.

So the workaround would be to change the order of the IP's in our jail config making 127.0.0.1 the first IP.

However this doesn't seem to be documented in jail man page so quite possibly needs fixing.

Thanks for pointing me in the right direction.

I'll talk to the jail / net guys and get that fixed. At the very least it should be clearly documented in JAIL(8) but ideally it should do the right thing when the jail has an address which matches INADDR_LOOPBACK.

    Regards
    Steve


_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: nginx upgrade fails due bind error on 127.0.0.1 in a FreeBSD jail

anish10dec
In reply to this post by Steven Hartland
Hello !

steveh Wrote:
-------------------------------------------------------

> listen 443 default_server accept_filter=httpready ssl;
> listen 80 default_server accept_filter=httpready;

Not related to your problem: I think you'll want "accept_filter=dataready"
for your SSL configuration.

Best Regards.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,271346,271496#msg-271496

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: nginx upgrade fails due bind error on 127.0.0.1 in a FreeBSD jail

Maxim Dounin
Hello!

On Wed, Dec 14, 2016 at 06:36:14AM -0500, Alt wrote:

> steveh Wrote:
> -------------------------------------------------------
>
> > listen 443 default_server accept_filter=httpready ssl;
> > listen 80 default_server accept_filter=httpready;
>
> Not related to your problem: I think you'll want "accept_filter=dataready"
> for your SSL configuration.

Yes, but there isn't much difference: as long as httpready sees
something different from a HTTP request, it just passes the
connection to nginx.

Quoting accf_http(9):

     If something other than a HTTP/1.0 or HTTP/1.1 HEAD or GET request is
     received the kernel will allow the application to receive the connection
     descriptor via accept().

So the only difference is an additional check in the kernel.

--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: nginx upgrade fails due bind error on 127.0.0.1 in a FreeBSD jail

anish10dec
Hello :-)

Maxim Dounin Wrote:
-------------------------------------------------------

> Yes, but there isn't much difference: as long as httpready sees
> something different from a HTTP request, it just passes the
> connection to nginx.
>
> Quoting accf_http(9):
>
>      If something other than a HTTP/1.0 or HTTP/1.1 HEAD or GET
> request is
>      received the kernel will allow the application to receive the
> connection
>      descriptor via accept().
>
> So the only difference is an additional check in the kernel.

Thanks Maxim!

Best Regards.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,271346,271548#msg-271548

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: nginx upgrade fails due bind error on 127.0.0.1 in a FreeBSD jail

Steven Hartland
In reply to this post by Maxim Dounin
On 05/12/2016 17:12, Maxim Dounin wrote:
Hello!

On Mon, Dec 05, 2016 at 02:40:27PM +0000, Steven Hartland wrote:

On 05/12/2016 13:27, Maxim Dounin wrote:
Hello!

On Sun, Dec 04, 2016 at 09:39:59PM +0000, Steven Hartland wrote:
[...]

I believe the change to add a localhost bind to the server in question
was relatively recent so I suspect it has something to do with that.

The config for this is simply:
server {
      listen 127.0.0.1:81;
      server_name localhost;

      location /status {
          stub_status;
      }
}

The upgrade in this case was:
nginx: 1.10.1_1,2 -> 1.10.2_2,2

Now this server is running under FreeBSD in a jail (10.2-RELEASE) and it
has 127.0.0.1 available yet it seems nginx has incorrectly bound the
address:
netstat -na | grep LIST | grep 81
tcp4       0      0 10.10.96.146.81        *.* LISTEN
In a FreeBSD jail with a single IP address any listening address
is implicitly converted to the jail address.  As a result, if you
write in config "127.0.0.1" - upgrade won't work, as it will see
inherited socket listening on the jail address (10.10.96.146 in
your case) and will try to create a new listening socket with the
address from the configuration and this will fail.
Thanks for the response Maxim.

In our case we don't have a single IP in the jail we have 4 addresses:
1 x localhost address (127.0.0.1)
2 x external
1 x private address (10.10.96.146)

We have a number of binds the externals are just port binds the internal 
a localhost e.g.
listen 443 default_server accept_filter=httpready ssl;
listen 80 default_server accept_filter=httpready;
...
listen 80;
listen 443 ssl;
...
listen 127.0.0.1:81;

We're expecting the none IP specified listens to bind to * (this is what 
happens)

But the "listen 127.0.0.1:81" results in "10.10.96.146:81" instead.

Given your description I would only expect this 127.0.0.1 wasn't present 
in the jail and 10.10.96.146 was the only IP available.

Did I miss-understand your description?
Given that the real local address of the listening socket as shown 
by netstat is 10.10.96.146, it means that the socket was created 
when there were no explicit 127.0.0.1 in the jail.

And, given that you are able to connect to it via "lwp-request 
http://127.0.0.1:81/status", it looks like that 127.0.0.1 is still 
not in the jail, but mapped to 10.10.96.146 instead.

Note that the fact that you can use 127.0.0.1 in a jail doesn't 
mean that it is a real address available.  Normally, 127.0.0.1 
will be implicitly converted to the main IP of the jail, and most 
utilities won't notice.

(Note well that since there is no real 127.0.0.1 in the jail, it 
doesn't provide any additional isolation compared to the jail IP 
address.  That is, a service which is listening on 127.0.0.1 is in 
fact listening on 10.10.96.146, and it is reachable from anywhere, 
not just the jail itself.)

There are two possible solutions for this problem:

- configure listening on the jail IP address to avoid this
   implicit conversion;
As above I'm not sure I follow you correctly as 127.0.0.1 is one of the 
IP's available in the jail.
See above, looks like it's not, and it is implicitly converted to 
10.10.96.146 instead.

Sorry its taken a while, but for those that are interested I committed the fixes for localhost binding in FreeBSD jails today:
https://svnweb.freebsd.org/changeset/base/316313 - IPv4 fix
https://svnweb.freebsd.org/changeset/base/316328 - IPv6 fix

With these fixes "nginx upgrade" will work for configurations which use explicit localhost bindings e.g. (127.0.0.1) if said IP is also added to the jail.

    Regards
    Steve

_______________________________________________
nginx mailing list
[hidden email]
http://mailman.nginx.org/mailman/listinfo/nginx
Loading...