Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Wrong nginx upstream configuration on IPv4-only daemons #15021

Open
5 of 11 tasks
a-haurylau opened this issue Mar 22, 2024 · 1 comment
Open
5 of 11 tasks

Wrong nginx upstream configuration on IPv4-only daemons #15021

a-haurylau opened this issue Mar 22, 2024 · 1 comment
Labels
community component:api type:bug

Comments

@a-haurylau
Copy link

Please confirm the following

  • I agree to follow this project's code of conduct.
  • I have checked the current issues for duplicates.
  • I understand that AWX is open source software provided for free and that I might not receive a timely response.
  • I am NOT reporting a (potential) security vulnerability. (These should be emailed to security@ansible.com instead.)

Bug Summary

In default configuration we have following nginx.conf in tools/docker-compose/_sources/nginx.conf:

    upstream uwsgi {
        server localhost:8050;
    }

    upstream runserver {
        server localhost:8052;
    }

    upstream daphne {
        server localhost:8051;
    }

inside container following /etc/hosts is used:

bash-5.1# cat /etc/hosts
127.0.0.1       localhost
::1     localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
172.28.0.5      awx_1

So localhost is resolved on IPv4/IPv6 dual stack.
But daphne and uwsgi endpoint listening only on IPv4:

 nsenter -t 257902 -n netstat -nlep
tcp        0      0 127.0.0.1:8051          0.0.0.0:*               LISTEN      0          3429118    258362/python3.9
tcp        0      0 127.0.0.1:8050          0.0.0.0:*               LISTEN      0          3432861    258395/uwsgi

So all connection to them fails with following in /var/log/nginx/error.log inside tools_awx_1:

2024/03/22 10:58:46 [error] 405#405: *9070 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.5.194, server: _, request: "GET /websocket/ HTTP/1.1", upstream: "http://[::1]:8051/websocket/", host: "****"
2024/03/22 10:58:44 [error] 405#405: *9067 connect() failed (111: Connection refused) while connecting to upstream, client: 192.168.5.194, server: _, request: "GET /api/v2/dashboard/graphs/jobs/?job_type=all&period=month HTTP/1.1", upstream: "uwsgi://[::1]:8050", host: "***", referrer: "https://***/"

After replacing localhost with 127.0.0.1 no error in nginx.

AWX version

24.0.0

Select the relevant components

  • UI
  • UI (tech preview)
  • API
  • Docs
  • Collection
  • CLI
  • Other

Installation method

docker development environment

Modifications

no

Ansible version

No response

Operating system

Ubuntu 22.04.4

Web browser

No response

Steps to reproduce

Just perform clean install and look through container nginx error.log file

Expected results

No errors

Actual results

Tons of errors

Additional information

No response
@dmzoneill
Copy link
Member

Disabling ipv6 for the docker network would be a quick fix, if we don't have an ipv6 requirement.

Something along the lines of

docker network create --ipv6=false disable_ipv6
docker run --network disable_ipv6
docker build --network disable_ipv6

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
community component:api type:bug
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@fosterseth @dmzoneill @a-haurylau