内容简介:, which allows processes to bind() to non-local IP addresses, which can be quite useful for application such as load balancer such as Nginx, HAProxy, keepalived and others. This page explains how to bind IP address that doesn’t exist with net.ipv4.ip_nonlo
H ow do I allow Linux processes to bind to IP address that doesn’t exist yet on my Linux systems or server?
You need to set up net.ipv4.ip_nonlocal_bind, which allows processes to bind() to non-local IP addresses, which can be quite useful for application such as load balancer such as Nginx, HAProxy, keepalived and others. This page explains how to bind IP address that doesn’t exist with net.ipv4.ip_nonlocal_bind Linux kernel option.
Why use net.ipv4.ip_nonlocal_bind under Linux operating systems?
HAProxy acts as a load balancer (LB) and a proxy server for TCP and HTTP-based applications. Similarly, Keepalived software provides High-Availability (HA) and Load Balancing features for Linux using VRRP protocol. It acts as an IP failover (Virtual IP) software to route traffic to the correct backend. We can combine HAProxy (or Nginx) along with Keepalived to build a two-node high availability cluster for our applications.
However, LB in HAPorxy, Nginx, and Keepalived need the ability to bind to a non-local IP address. The problem is we can have an IP (Virtual IP) address assigned to one node at a time. So other nodes running Nginx/HAProxy will refuse to start. You will often see an error that as follows:
Nginx: cannot bind socket.
We want to allows a running LB instance to bind to an IP that is not local for failover.
Linux bind IP that doesn’t exist with net.ipv4.ip_nonlocal_bind
Use the sysctl command to find the current value of net.ipv4.ip_nonlocal_bind:
# sysctl net.ipv4.ip_nonlocal_bind # sysctl net.ipv6.ip_nonlocal_bind
We can use thecat command as follows too:
cat /proc/sys/net/ipv4/ip_nonlocal_bind
To bind IP that doesn’t exist yet under Linux, run:
sudo sysctl -w net.ipv4.ip_nonlocal_bind=1
Linux bind IP net.ipv4.ip_nonlocal_bind
We can use the following syntax too:
echo 1 > /proc/sys/net/ipv4/ip_nonlocal_bind
For IPv6:
sudo sysctl -w net.ipv6.ip_nonlocal_bind=1
Binding to Non-local IP addresses in Linux permanently
Edit the /etc/sysctl.conf or /etc/sysctl.d/99-custom.conf
sudo vi /etc/sysctl.d/99-custom.conf
Append the following line:
## allow Nginx to start and bind to non local IP ## net.ipv4.ip_nonlocal_bind=1
Save and close the file. To load changes, run:
sudo sysctl -f /etc/sysctl.d/99-custom.conf
Understanding sysctl command options
The -w option enable writing a value to Linux kernel variable. The -a option show all variables. For more info type the following man command:
man sysctl
OR
sysctl --help
Sample outputs:
Options:
-a, --all display all variables
-A alias of -a
-X alias of -a
--deprecated include deprecated parameters to listing
-b, --binary print value without new line
-e, --ignore ignore unknown variables errors
-N, --names print variable names without values
-n, --values print only values of a variables
-p, --load[=<file>] read values from file
-f alias of -p
--system read values from all system directories
-r, --pattern <expression>
select setting that match expression
-q, --quiet do not echo variable set
-w, --write enable writing a value to variable
-o does nothing
-x does nothing
-d alias of -h
-h, --help display this help and exit
-V, --version output version information and exit
Conclusion
You learned how to set net.ipv4.ip_nonlocal_bind to 1 to configure a high available load-balancer (LB) under Linux. See “ Handling nginx Failover With KeepAlived ” and Linux kernel docs here for more info.
以上就是本文的全部内容,希望本文的内容对大家的学习或者工作能带来一定的帮助,也希望大家多多支持 码农网
本站部分资源来源于网络,本站转载出于传递更多信息之目的,版权归原作者或者来源机构所有,如转载稿涉及版权问题,请联系我们。
白帽子讲浏览器安全
钱文祥 / 电子工业出版社 / 2016-3 / 79.00元
浏览器是重要的互联网入口,一旦受到漏洞攻击,将直接影响到用户的信息安全。作为攻击者有哪些攻击思路,作为用户有哪些应对手段?在《白帽子讲浏览器安全》中我们将给出解答,带你了解浏览器安全的方方面面。《白帽子讲浏览器安全》兼顾攻击者、研究者和使用者三个场景,对大部分攻击都提供了分析思路和防御方案。《白帽子讲浏览器安全》从攻击者常用技巧的“表象”深入介绍浏览器的具体实现方式,让你在知其然的情况下也知其所以......一起来看看 《白帽子讲浏览器安全》 这本书的介绍吧!
Base64 编码/解码
Base64 编码/解码
MD5 加密
MD5 加密工具