答复: nginx plus with ssl on TCP load balance not work

smith smith.hua at zoom.us
Thu Jun 11 08:58:34 UTC 2015 

So it's not supported? 

-----邮件原件-----
发件人: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] 代表 Roman Arutyunyan
发送时间: 2015年6月11日 8:43
收件人: nginx at nginx.org
主题: Re: nginx plus with ssl on TCP load balance not work

Stream proxy has no idea what the underlying protocol is.
It cannot change anything in it like http headers etc.

On 11 Jun 2015, at 11:34, smith <smith.hua at zoom.us> wrote:

> When I'm trying http ssl, I found need to set proxy_set_header X-Forwarded-Proto $scheme; in server block, or it will also encounter ERR_TOO_MANY_REDIRECTS.
> 
> Is TCP has same kind of setting?
> 
> -----邮件原件-----
> 发件人: smith [mailto:smith.hua at zoom.us]
> 发送时间: 2015年6月11日 8:28
> 收件人: nginx at nginx.org
> 主题: 答复: nginx plus with ssl on TCP load balance not work
> 
> The 80 is normal, And I tried use http ssl, also works. Don't know Why TCP not work.
> 
> -----邮件原件-----
> 发件人: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] 代表 Roman 
> Arutyunyan
> 发送时间: 2015年6月11日 8:25
> 收件人: nginx at nginx.org
> 主题: Re: nginx plus with ssl on TCP load balance not work
> 
> What about the 80 port of the stream balancer?
> Does it proxy the connection normally?
> 
> PS: no access log is supported in the stream module.
> Connection information (addresses etc) is logged to error log with the info loglevel.
> 
> On 11 Jun 2015, at 10:49, smith <smith.hua at zoom.us> wrote:
> 
>> Nginx.conf:
>> 
>> user  nginx;
>> worker_processes  auto;
>> worker_rlimit_nofile 65535;
>> 
>> error_log  /var/log/nginx/error.log warn;
>> pid        /var/run/nginx.pid;
>> 
>> 
>> events {
>>   use epoll;
>>   worker_connections  65535;
>> }
>> 
>> 
>> http {
>>   include       /etc/nginx/mime.types;
>>   default_type  application/octet-stream;
>> 
>>   log_format  main  '$remote_addr - $remote_user [$time_local] "$request"
>> '
>>                     '$status $body_bytes_sent "$http_referer" '
>>                     '"$http_user_agent" "$http_x_forwarded_for"';
>> 
>>   access_log  /var/log/nginx/access.log  main;
>> 
>>   sendfile        on;
>>   #tcp_nopush     on;
>> 
>>   keepalive_timeout  65;
>> 
>>   #gzip  on;
>> 
>>   include /etc/nginx/conf.d/*.conf;
>> }
>> 
>> 
>> stream {
>> 
>>   include /etc/nginx/xxxx.d/*.conf;
>> }
>> 
>> And the content in previous email is in xxxx.d/xxxx.conf
>> 
>> There is no file under /etc/nginx/conf.d
>> 
>> 
>> Thanks.
>> 
>> 
>> -----邮件原件-----
>> 发件人: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] 代表
>> Roman
>> Arutyunyan
>> 发送时间: 2015年6月11日 7:45
>> 收件人: nginx at nginx.org
>> 主题: Re: nginx plus with ssl on TCP load balance not work
>> 
>> Hi,
>> 
>> Could you provide the full config of the nginx/stream balancer?
>> 
>> On 11 Jun 2015, at 09:29, huakaibird <nginx-forum at nginx.us> wrote:
>> 
>>> Hi,
>>> 
>>> I’m using nginx plus with ssl on TCP load balance, Configured like 
>>> the documentation, but it not work.  (All the IP below is not
>>> real-ip) I have web servers behind, I want to use ssl offloading, 
>>> and I choose TCP load balance. listen on 443 and proxy to web server's 80.
>>> 
>>> Page access always report ERR_TOO_MANY_REDIRECTS.
>>> 
>>> Error log
>>> 2015/06/11 03:00:32 [error] 8362#0: *361 upstream timed out (110:
>>> Connection timed out) while connecting to upstream, client: 
>>> 10.0.0.1,
>> server:
>>> 0.0.0.0:443, upstream: "10.0.0.2:443", bytes from/to client:656/0, 
>>> bytes from/to upstream:0/0
>>> 
>>> 10.0.0.2 this ip is the nginx ip, while it is used as upstream?
>>> 
>>> The configuration is like this, remove the real ip
>>> 
>>> server {
>>>      listen 80 so_keepalive=30m::10;
>>>      proxy_pass backend;
>>>      proxy_upstream_buffer 2048k;
>>>      proxy_downstream_buffer 2048k;
>>> 
>>>  }
>>> 
>>> server {
>>>      listen 443 ssl;
>>>      proxy_pass backend;
>>>      #proxy_upstream_buffer 2048k;
>>>      #proxy_downstream_buffer 2048k;
>>>      ssl_certificate     ssl/chained.crt;
>>>      #ssl_certificate     ssl/4582cfef411bb.crt;
>>>      ssl_certificate_key ssl/zoomus20140410.key;
>>>      #ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
>>>      #ssl_ciphers         HIGH:!aNULL:!MD5;
>>>      ssl_handshake_timeout 3s;
>>>      #ssl_session_cache   shared:SSL:20m;
>>>      #ssl_session_timeout 4h;
>>> 
>>>  }
>>> 
>>> 
>>>  upstream backend {
>>>      server *.*.*.*:80;
>>>      server *.*.*.*:80;
>>>  }
>>> 
>>> 
>>> 
>>> nginx -v
>>> nginx version: nginx/1.7.11 (nginx-plus-r6-p1)
>>> 
>>> And I’m using amazon linux
>>> uname -a
>>> Linux ip-*.*.*.* 3.14.35-28.38.amzn1.x86_64 #1 SMP Wed Mar 11
>>> 22:50:37 UTC
>>> 2015 x86_64 x86_64 x86_64 GNU/Linux
>>> 
>>> 
>>> BTW, tcp how to set access log?
>>> 
>>> Posted at Nginx Forum:
>>> http://forum.nginx.org/read.php?2,259522,259522#msg-259522
>>> 
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>> 
>> --
>> Roman Arutyunyan
>> 
>> 
>> 
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>> 
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
> 
> --
> Roman Arutyunyan
> 
> 
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

--
Roman Arutyunyan



_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

More information about the nginx mailing list