Nginx multiple upstream with different protocols
B.R.
reallfqq-nginx at yahoo.fr
Wed Feb 22 17:52:00 UTC 2017
I suggest you proxy traffic to an upstream group, and then use
failure/timeout parameters there with proper tuning to retry requests on
the second upstream in case the first in the list fails.
It will have an overhead if the 1st entry of the upstream group is invalid
on initial connection, but hopefully the 'down' status will help limiting
that overhead on average.
---
*B. R.*
On Wed, Feb 22, 2017 at 5:08 PM, Kilian Ries <mail at kilian-ries.de> wrote:
> No they cannot be the same (sadly) because i dont't know how the upstream
> is serving the content. Think of a situation where i am not in control of
> the upstream backends and they may change from http to https over time.
> ------------------------------
> *Von:* nginx <nginx-bounces at nginx.org> im Auftrag von Cox, Eric S <
> eric.cox at kroger.com>
> *Gesendet:* Mittwoch, 22. Februar 2017 15:58:26
> *An:* nginx at nginx.org
> *Betreff:* RE: Nginx multiple upstream with different protocols
>
>
> If you are SSL on the frontend (server directive) why would you want to
> proxy between ssl/non-ssl on the upstreams? Can they not be the same? I
> don’t get what you are trying to solve?
>
>
>
> *From:* nginx [mailto:nginx-bounces at nginx.org] *On Behalf Of *Kilian Ries
> *Sent:* Wednesday, February 22, 2017 9:55 AM
> *To:* nginx at nginx.org
> *Subject:* Nginx multiple upstream with different protocols
>
>
>
> Hi,
>
>
>
> i'm trying to setup two Nginx upstreams (one with HTTP and one with HTTPS)
> and the proxy_pass module should decide which of the upstreams is serving
> "valid" content.
>
>
>
> The config should look like this:
>
>
>
> upstream proxy_backend {
>
> server xxx.xx.188.53;
>
> server xxx.xx.188.53:443;
>
> }
>
>
>
> server {
>
> listen 443 ssl;
>
> ...
>
> location / {
>
> proxy_pass http://proxy_backend
> <https://urldefense.proofpoint.com/v2/url?u=http-3A__proxy-5Fbackend&d=DwMFAw&c=WUZzGzAb7_N4DvMsVhUlFrsw4WYzLoMP5bgx2U7ydPE&r=20GRp3QiDlDBgTH4mxQcOIMPCXcNvWGMx5Y0qmfF8VE&m=ggR0dMpbDQRqzdhj1Aoq_FUpo8iYplzYiTPyRlQMs9Y&s=wcDWb0xGOKhBVtan1kM5-AVvxNT0ZMnUT9r-yLbyjAQ&e=>
> ;
>
> #proxy_pass https://proxy_backend
> <https://urldefense.proofpoint.com/v2/url?u=https-3A__proxy-5Fbackend&d=DwMFAw&c=WUZzGzAb7_N4DvMsVhUlFrsw4WYzLoMP5bgx2U7ydPE&r=20GRp3QiDlDBgTH4mxQcOIMPCXcNvWGMx5Y0qmfF8VE&m=ggR0dMpbDQRqzdhj1Aoq_FUpo8iYplzYiTPyRlQMs9Y&s=ztdy1u_d7Ag0QPBnpk1R-LazdfexcrTnljKLZet4VFA&e=>
> ;
>
> }
>
> }
>
>
>
>
>
> The Problem is that i don't know if the upstream is serving the content
> via http or https. Is there any possibility to tell nginx to change the
> protocol from the proxy_pass directive? Because if i set proxy_pass to
> https, i get an error (502 / 400) if the upstream website is running on
> http and vice versa.
>
>
>
> So i'm searching for a way to let Nginx decide if he should proxy_pass via
> http or https. Can anybody help me with that configuration?
>
>
>
> Thanks
>
> Greets
>
> Kilian
>
> ------------------------------
>
> This e-mail message, including any attachments, is for the sole use of the
> intended recipient(s) and may contain information that is confidential and
> protected by law from unauthorized disclosure. Any unauthorized review,
> use, disclosure or distribution is prohibited. If you are not the intended
> recipient, please contact the sender by reply e-mail and destroy all copies
> of the original message.
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20170222/2ea2cf09/attachment.html>
More information about the nginx
mailing list