Load Balancing https with sticky connection

zeux nginx-forum at nginx.us
Mon Apr 23 16:17:40 UTC 2012


Hi to everybody,

first of all I'm very sorry for my English...

This is my scenario:

Internet;

Firewall+nginx as load balancer: pfsense_1(active) + pfsense_2(passive)
in CARP; 
                                                                  
Poos servers: 3 x nginx(PHP5-FPM HTTP+HTTPS);


Pfsense 1 and 2 CARP configured with virtual IP (pubblic). Nginx pool
servers's ips are all private.

I want to load balance inbound HTTP and HTTPS connections between the 3
nginx web servers. An importat thing is that the HTTPS connections must
be "sticky connections": in HTTPS connections, after login by username
and password, I setup a php session and therefore when a client starts a
HTTPS connection it will be always redirected to the same nginx server,
until it disconnects itself, it closes the page/browser or after a
timeout (30minutes?) without activity.
I would like to do that without decript ssl traffic in the load
balancer. Is it possible using the directive ip_hash?
The configuration will be something like this:

upstream poolservers_http { # HTTP (NO sticky connections...
  server   server1.example.com   max_fails=1   fail_timeout=10s;
  server   server2.example.com   max_fails=1   fail_timeout=10s;
  server   server3.example.com   max_fails=1   fail_timeout=10s;
}

upstream poolservers_https { # HTTPS
  ip_hash; # sticky connections
  server   server1.example.com   max_fails=1   fail_timeout=10s;
  server   server2.example.com   max_fails=1   fail_timeout=10s;
  server   server3.example.com   max_fails=1   fail_timeout=10s;
}

server { # HTTP
   listen public_ip:80;
   server_name expample.com;
   location / {
      proxy_pass http://poolservers_http;
   }
}

server { # HTTPS
   listen public_ip:443;
   server_name expample.com;
   location / {
      proxy_pass https://poolservers_https;
   }
}

thank you very much....

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225682,225682#msg-225682



More information about the nginx mailing list