Listen to all, handle some

Björn Keil deephell at web.de
Wed May 21 17:22:47 MSD 2008


Hello,

I am trying to change our load balancing here from a quite unflexible
DNS loadbalancing to something more sophisticated.

I tried pound but was absolutely not content with it. Now I am trying
nginx, and even though the configuration seems to be a whole lot more
flexible and the possibilities way beyond those of pound I have one
problem again:

I need the server process to listen on all interfaces, but handle
several IP addresses separately. The reason that I:

Firstly need to listen to all interfaces is that I need to be able to
listen to dynamically assigned IP addresses which may or may not be at
the host by the time nginx starts. The only way to listen to an
interface that is not available is to listen to all interfaces.

Secondly need to handle different interfaces differently is that they
stand for different domain names and need to show different SSL
certificate. That cannot be handled name based, because the SSL
connection needs to be negotiated BEFORE the header with the server name
(or the GET statement) is transferred.

With Apache that's no problem.
You say:

#The Apache will listen /only/ to *:443 but handle
#still handle 127.0.0.1:443 and 127.0.0.2:443
#completely different.
Listen 443
<VirtualHost 127.0.0.1:443>
 #Show Certificate A
</VirtualHost>
<VirtualHost 127.0.0.2:443>
 #Show Certificate B
</VirtualHost>

Now I tried something similiar with nginx, but it fails, because because
it tries to bind to the port 127.0.0.1:80 even though *:80 is already
reserved by itsself.
The "listen" statement has some quite sophisticated options. In
particular the "bind" statement can be used to force an actual bind. But
how can I prevent a "listen" statement from binding to that interface?

# nginx test config
user www-data;

error_log  /var/log/nginx/error.log;
pid        /var/run/nginx.pid;

http {
	# Dummy Server - Should never get a request,
	# unless someone manages to send a request over
	# an IP Address that is not ment to be handled
	# by nginx.
	server {
		listen 80;
		rewrite ^.* http://localhost/ permanent;
	}
}

http{
	upstream backend {
		server 127.0.0.1:8080;
	}
	
	server {
		listen 127.0.0.1:80 default;
		server_name localhost;
		location / {
			proxy_pass http://backend;
		}
	}
}
# nginx test config end






More information about the nginx mailing list