← 返回首页
fix: ipv4-only for internal traffic (#10800) · ietf-tools/datatracker@7e9883d · GitHub
Skip to content

Navigation Menu

Toggle navigation
Sign in
Appearance settings
Search or jump to...

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted
Cancel Submit feedback

Saved searches

Use saved searches to filter your results more quickly

Cancel Create saved search
Appearance settings
Resetting focus

Commit 7e9883d

Browse files
jennifer-richards
authored
fix: ipv4-only for internal traffic (#10800)
Listening on ipv6 interfaces may have contributed to increased CPU usage during heavy traffic. This switches back to ipv4 only and configures nginx to use 127.0.0.1 instead of localhost for proxying. Does not affect external access, this is purely internal to the k8s cluster.
1 parent 3fe1327 commit 7e9883d

3 files changed

Lines changed: 12 additions & 5 deletions

File tree

‎dev/build/gunicorn.conf.py‎

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -12,9 +12,8 @@
1212
from opentelemetry.instrumentation.pymemcache import PymemcacheInstrumentor
1313
from opentelemetry.instrumentation.requests import RequestsInstrumentor
1414

15-
# Bind all ipv4 interfaces and ipv6 loopback interface. Would prefer to bind all
16-
# ipv6 as well, but something conflicts with [::]:8000.
17-
bind = ["0.0.0.0:8000", "[::1]:8000"]
15+
# Bind all ipv4 interfaces (nginx uses loopback, but k8s health checks don't)
16+
bind = ["0.0.0.0:8001"]
1817

1918
# Disable control socket
2019
control_socket_disable = True

‎docker/configs/nginx-proxy.conf‎

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
upstream datatracker_backend {
2+
server 127.0.0.1:8001;
3+
}
4+
15
server {
26
listen 8000 default_server;
37
listen [::]:8000 default_server;
@@ -24,7 +28,7 @@ server {
2428

2529
location / {
2630
error_page 502 /502.html;
27-
proxy_pass http://localhost:8001/;
31+
proxy_pass http://datatracker_backend/;
2832
proxy_set_header Host localhost:8000;
2933
}
3034

‎k8s/nginx-datatracker.conf‎

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,7 @@
1+
upstream datatracker_backend {
2+
server 127.0.0.1:8000;
3+
}
4+
15
server {
26
listen 8080 default_server;
37
server_name _;
@@ -22,7 +26,7 @@ server {
2226
proxy_set_header X-Request-Start "t=$${keepempty}msec";
2327
proxy_set_header X-Forwarded-For $${keepempty}proxy_add_x_forwarded_for;
2428
proxy_hide_header X-Datatracker-Is-Authenticated; # hide this from the outside world
25-
proxy_pass http://localhost:8000;
29+
proxy_pass http://datatracker_backend;
2630
# Set timeouts longer than Cloudflare proxy limits
2731
proxy_connect_timeout 60; # nginx default (Cf = 15)
2832
proxy_read_timeout 120; # nginx default = 60 (Cf = 100)

0 commit comments

Comments
 (0)

Footer

© 2026 GitHub, Inc.