ssl_protocols TLSv1.2 TLSv1.3;
server {
listen 443 ssl default_server;
ssl_reject_handshake on;
}
This does not allow ANY other server to be reached with TLSv1.3
server {
listen 443 ssl default_server;
ssl_certificate ssl/cert.pem;
return 444;
}
This allow ANY server to be
# cat /var/log/nginx/error.log
2021/12/25 03:27:20 [alert] 3509876#3509876: ignore long locked inactive
cache entry 896ea4afe7d75fae51aada8fb6643347, count:1
2021/12/25 07:57:02 [alert] 3509876#3509876: ignore long locked inactive
cache entry c4008f632b145d701271b37180818fb8, count:2
2021/12/25 11:
Got it!
Thanks.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,292491,292502#msg-292502
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
You are right, those lines are logged (i've forced upstreams to fail by
stopping them).
But i can't see such problem using "proxy_pass http://127.0.0.1:81"; instead
of "proxy_pass http://http_backend"; (no more 502 errors).
Strange...
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,29
Well, I was just assuming that no live upstreams were availbale, but this is
not the case. At least, this is not logged (access or error).
Here are the lines from access_log i'm talking about (see the difference on
$upstream_addr):
log_format main '$remote_addr - $remote_user [$time_local]
Here is my config:
-
upstream http_backend {
server 127.0.0.1:81;
server 10.1.1.2 backup;
}
server {
...
location /http/ {
proxy_pass http://http_backend;
...
}
}
-
As long as everything is working, $upstream_addr returns the IP
(127.0.0.1:81). But wh
