if enable rule
iptables -t nat -a prerouting -p tcp --dport 80 -j redirect --to 8080 then connections coming server port 80 redirected localhost:8080. if want restart service, can start service on port? port 8081 , re route firewalling to
iptables -t nat -a prerouting -p tcp --dport 80 -j redirect --to 8081 # apparently -a won't work. have replace rule, not add it. don't know how yet however, established tcp socket connections on nat-ed port 8080? dropped after firewall changes? alternatively, keep working until normal tcp socket close?
if so, works restart of application no disruption having old instance on port 8080 on graceful shutdown , new 1 on port 8081 new features.
is reasoning correct?
yes, can start additional java process on new port 8081 , change firewall rule port. whether connections dropped in case of restart determined option iptables_modules_unload. if option set yes (default) - dropped, if no - should not. suggest using reverse proxy (nginx example) instead of firewall balancing.
Comments
Post a Comment