nginx as SSL terminating server
W. Andrew Loe III
andrew at andrewloe.com
Thu Jul 29 02:05:50 MSD 2010
Quite simply: no.
You cannot stop the first nginx from buffering requests. You can (and
should!) stop it from buffering responses with the proxy_buffering
directive:
proxy_buffering off;
I have a similar setup (minus the haproxy layer,
passenger_global_queue is good enough) and would also like to do this.
I've tried messing with the proxy buffer sizes but it doesn't seem to
make any significant difference with large uploads and opens up DoS
opportunities.
On Tue, Jul 27, 2010 at 12:11 PM, joshua <nginx-forum at nginx.us> wrote:
> We have the following setup:
>
> firewall --> single nginx instance (SSL termination) --> haproxy -->
> multiple nginx/unicorn instances (via unix socket)
>
> Is it recommendable to turn request buffering off at the first nginx?
> Ideally things like uploads would be buffered at the final nginx
> instances. The first one is only there to terminate SSL and pass
> requests on to haproxy.
>
> Thanks,
> Joshua Sierles
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,113599,113599#msg-113599
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>
More information about the nginx
mailing list