Discover Centmin Mod today
Register Now

Nginx Listen directive with 'reuseport' parameter when running nginx 1.25.3

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by iaTa, Oct 26, 2023.

  1. iaTa

    iaTa Member

    41
    7
    8
    Mar 26, 2018
    Ratings:
    +8
    Local Time:
    8:57 PM
    • CentOS Version: CentOS 7 64bit
    • Centmin Mod Version Installed: 130.00beta01
    • Nginx Version Installed: 1.25.3
    • PHP Version Installed: 7.4.33
    • MariaDB MySQL Version Installed: 10.6.15
    • When was last time updated Centmin Mod code base ? : Today
    • Persistent Config:
      Code (Text):
      ZSTD_LOGROTATE_NGINX='y'
      ZSTD_LOGROTATE_PHPFPM='y'
      NGINX_LIBBROTLI='y'
      NGXDYNAMIC_BROTLI='y'
      PHP_PGO_ALWAYS='y'
      PHP_PGO='y'
      ENABLE_MARIADBTENFIVEUPGRADE='y'
      ENABLE_MARIADBTENSIXUPGRADE='y'
      PHP_BROTLI='y'
      PHP_LZFOUR='y'
      PHP_LZF='y'
      PHP_ZSTD='y'
      PHPFINFO='y'
      NGXDYNAMIC_NGXPAGESPEED='n'
      NGINX_PAGESPEED='n'
      LETSENCRYPT_DETECT='y'
      NGINX_DYNAMICTLS='y'
      NGINX_HPACK='y'
      CLOUDFLARE_ZLIBPHP='y'
      CLOUDFLARE_PATCHSSL='y'
      VHOSTCTRL_CLOUDFLAREINC='y'
      OPENSSLECDSA_PATCH='y'
      OPENSSLECDHX_PATCH='y'
      WP_AUTOPTIMIZE_GZIP='y'
      MARCH_TARGETNATIVE='n'
      

    I notice that one of my WordPress sites is configured with the below and when upgrading from nginx 1.23.4 to 1.25.3 this line was not changed to the new separated directives:


    Code (Text):
    listen 443 ssl http2 reuseport;


    All of my sites sit behind CloudFlare so I'm not sure why only this one has the reuseport parameter. My server kernel supports SO_REUSEPORT sockets.

    Are there other reasons for using reuseport and what is the ideal nginx 1.25.3 listen directive configuration considering I'm using CloudFlare on all my sites?

    Many thx in advance.
     
  2. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,075
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,602
    Local Time:
    5:57 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Centmin Mod auto adds reuseport to a single HTTPS vhost only which is intended for performance.
     
  3. iaTa

    iaTa Member

    41
    7
    8
    Mar 26, 2018
    Ratings:
    +8
    Local Time:
    8:57 PM
    Understood, thanks.

    Do you know if there's an equivalent config for nginx 1.25.1+ to avoid the warning?

    Code (Text):
    nginx: [warn] the "listen ... http2" directive is deprecated, use the "http2" directive instead

    I assume it will be quite a while until they actually remove the http2 parameter though.
     
    Last edited: Oct 26, 2023
  4. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,075
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,602
    Local Time:
    5:57 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
  5. iaTa

    iaTa Member

    41
    7
    8
    Mar 26, 2018
    Ratings:
    +8
    Local Time:
    8:57 PM
    Yeah I read that earlier.

    Could I configure the vhost in question as follows rather than leave as is with the warning:

    Code (Text):
    listen 443 ssl reuseport;
    http2 on;
     
  6. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,075
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,602
    Local Time:
    5:57 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    You can either ignore warning as it's just cosmetic now or manually update or if using Centmin Mod 130.00beta01, let a centmin.sh menu option 4 nginx upgrade/recompile run auto convert all your nginx vhosts https://community.centminmod.com/th...http2-directive-change-in-130-00beta01.23888/
     
  7. iaTa

    iaTa Member

    41
    7
    8
    Mar 26, 2018
    Ratings:
    +8
    Local Time:
    8:57 PM
    That's the point of the thread.

    I did upgrade using Centmin Mod 130.00beta01 and the process auto converted all of my nginx vhosts apart from the one which has the reuseport parameter. It left that one as is, I assume because it has the reuseport parameter.
     
  8. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,075
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,602
    Local Time:
    5:57 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Ah I see. Going to have to look into the auto conversion routine then :)
     
  9. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,075
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,602
    Local Time:
    5:57 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    FYI, updated 130.00beta01 to check for reuseport listen directives the next time you run cmupdate to update local Centmin Mod code + run centmin.sh menu option 4 to recompile/update to Nginx 1.25 branch i.e. 1.25.3
     
  10. iaTa

    iaTa Member

    41
    7
    8
    Mar 26, 2018
    Ratings:
    +8
    Local Time:
    8:57 PM
    Cheers!

    Apologies if I wasn't more explicit earlier, I had two queries in one.

    Can I ask if reuseport applies to only the vhost it is set or does it apply and improve all vhosts on the server?
     
  11. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,075
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,602
    Local Time:
    5:57 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    reuseport applies to all uniquie IP address port pairs, so generally only needs to be listed once in one HTTPS based nginx vhost listen directive and once in one non-HTTPS based nginx vhost. Centmin Mod attempts to determine this automatically at Nginx vhost creation time via centmin.sh menu option 2, 22 or nv command line.

    So if you only have 1x public IPv4 address and listen directive refers to port 80 or 443, then each instance can use reuseport once and it applies to all Nginx vhosts using same public Ipv4 + port 80 or 443 pair.
     
  12. fablab

    fablab New Member

    20
    2
    3
    May 23, 2020
    Ratings:
    +6
    Local Time:
    10:57 PM
    1.25.3
    MariaDB-server-10.4.31-1.el7.centos.x86_64
    greetings,
    on a side note...
    I had not seen this thread when I ran my upgrade yesterday.
    I got worried that the reuseport could cause problems. so I took a precaution by duplicating the line, commenting it, and I removed the reuseport from the config line...
    So I ended up with
    Code (Text):
    #listen 443 ssl reuseport;
    listen 443 ssl;
    

    ran the upgrade and it failed.
    it seems that the conversion routine ALSO converted the comment and generated two
    Code (Text):
    http2 on;
    

    lines.
    removing the duplicate fixed it, but i guess the conversion routine should probably skip commented lines....
    ( I added back the reuseport at the end)[/CODE]
     
  13. eva2000

    eva2000 Administrator Staff Member

    52,729
    12,075
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,602
    Local Time:
    5:57 AM
    Nginx 1.27.x
    MariaDB 10.x/11.4+
    Thanks for the bug report. So you were using Nginx 1.25.3 already converted listen directive but manually edited it to
    Code (Text):
    #listen 443 ssl reuseport;
    listen 443 ssl;
    http2 on;
    

    ? and then next centmin.sh menu option 4 run, incorrectly modified this?
     
  14. fablab

    fablab New Member

    20
    2
    3
    May 23, 2020
    Ratings:
    +6
    Local Time:
    10:57 PM
    1.25.3
    MariaDB-server-10.4.31-1.el7.centos.x86_64
    My bad... sorry for confusing everyone. I was on 1.23.x and I had
    Code (Text):
    #listen 443 ssl http2 reuseport;
    listen 443 ssl http2;
    

    and ended up with
    Code (Text):
    #listen 443 ssl reuseport;
    http2 on;
    listen 443 ssl;
    http2 on;