<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:Tahoma;
panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
{mso-style-priority:99;
color:purple;
text-decoration:underline;}
p
{mso-style-priority:99;
margin:0in;
margin-bottom:.0001pt;
font-size:12.0pt;
font-family:"Times New Roman","serif";}
span.EmailStyle18
{mso-style-type:personal-reply;
font-family:"Calibri","sans-serif";
color:#1F497D;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<style type="text/css" style="display:none;"><!-- P {margin-top:0;margin-bottom:0;} --></style>
<div id="divtagdefaultwrapper" style="font-size:12pt;color:#000000;font-family:Calibri,Arial,Helvetica,sans-serif;">
<p>No they cannot be the same (sadly) because i dont't know how the upstream is serving the content. Think of a situation where i am not in control of the upstream backends and they may change from http to https over time.</p>
</div>
<hr style="display:inline-block;width:98%" tabindex="-1">
<div id="divRplyFwdMsg" dir="ltr"><font face="Calibri, sans-serif" style="font-size:11pt" color="#000000"><b>Von:</b> nginx <nginx-bounces@nginx.org> im Auftrag von Cox, Eric S <eric.cox@kroger.com><br>
<b>Gesendet:</b> Mittwoch, 22. Februar 2017 15:58:26<br>
<b>An:</b> nginx@nginx.org<br>
<b>Betreff:</b> RE: Nginx multiple upstream with different protocols</font>
<div> </div>
</div>
<div>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">If you are SSL on the frontend (server directive) why would you want to proxy between ssl/non-ssl on the upstreams? Can they not be the same? I don’t get what
you are trying to solve?<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<div>
<div style="border:none;border-top:solid #B5C4DF 1.0pt;padding:3.0pt 0in 0in 0in">
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> nginx [mailto:nginx-bounces@nginx.org]
<b>On Behalf Of </b>Kilian Ries<br>
<b>Sent:</b> Wednesday, February 22, 2017 9:55 AM<br>
<b>To:</b> nginx@nginx.org<br>
<b>Subject:</b> Nginx multiple upstream with different protocols<o:p></o:p></span></p>
</div>
</div>
<p class="MsoNormal"><o:p> </o:p></p>
<div id="divtagdefaultwrapper">
<p><span style="font-family:"Calibri","sans-serif";color:black">Hi,<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black">i'm trying to setup two Nginx upstreams (one with HTTP and one with HTTPS) and the proxy_pass module should decide which of the upstreams is serving "valid" content.<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black">The config should look like this:<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black">upstream proxy_backend {<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"> server xxx.xx.188.53;<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"> server xxx.xx.188.53:443;<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black">}<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black">server {<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"> listen 443 ssl;<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"> ...<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"> location / {<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"> proxy_pass
<a href="https://urldefense.proofpoint.com/v2/url?u=http-3A__proxy-5Fbackend&d=DwMFAw&c=WUZzGzAb7_N4DvMsVhUlFrsw4WYzLoMP5bgx2U7ydPE&r=20GRp3QiDlDBgTH4mxQcOIMPCXcNvWGMx5Y0qmfF8VE&m=ggR0dMpbDQRqzdhj1Aoq_FUpo8iYplzYiTPyRlQMs9Y&s=wcDWb0xGOKhBVtan1kM5-AVvxNT0ZMnUT9r-yLbyjAQ&e=" id="LPlnk114613">
http://proxy_backend</a>;<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"> #proxy_pass
<a href="https://urldefense.proofpoint.com/v2/url?u=https-3A__proxy-5Fbackend&d=DwMFAw&c=WUZzGzAb7_N4DvMsVhUlFrsw4WYzLoMP5bgx2U7ydPE&r=20GRp3QiDlDBgTH4mxQcOIMPCXcNvWGMx5Y0qmfF8VE&m=ggR0dMpbDQRqzdhj1Aoq_FUpo8iYplzYiTPyRlQMs9Y&s=ztdy1u_d7Ag0QPBnpk1R-LazdfexcrTnljKLZet4VFA&e=" id="LPlnk248790">
https://proxy_backend</a>;<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"> }<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"> }<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black">The Problem is that i don't know if the upstream is serving the content via http or https. Is there any possibility to tell nginx to change the protocol from the proxy_pass directive? Because if
i set proxy_pass to https, i get an error (502 / 400) if the upstream website is running on http and vice versa.<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black">So i'm searching for a way to let Nginx decide if he should proxy_pass via http or https. Can anybody help me with that configuration?<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black"><o:p> </o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black">Thanks <o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black">Greets<o:p></o:p></span></p>
<p><span style="font-family:"Calibri","sans-serif";color:black">Kilian<o:p></o:p></span></p>
</div>
</div>
<br>
<hr>
<font face="Arial" color="Gray" size="2"><br>
This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain information that is confidential and protected by law from unauthorized disclosure. Any unauthorized review, use, disclosure or distribution is
prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message.<br>
</font></div>
</body>
</html>