<div dir="ltr">Look at sticky session, a routing code in a cookie that helps you decide where to send the packet. So on the 443 set the cookie and on the udp use the cookie in the header to route on the back end<div><br></div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On 20 June 2018 at 17:16, nov1ce <span dir="ltr"><<a href="mailto:nginx-forum@forum.nginx.org" target="_blank">nginx-forum@forum.nginx.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hello,<br>
<br>
1.14.0-1 running on Debian Stretch:<br>
<br>
# dpkg -l | grep nginx<br>
ii nginx 1.14.0-1~stretch amd64 <br>
high performance web server<br>
<br>
I'm trying to load balance between two VMware View Connection servers<br>
(10.7.18.121 and 10.7.18.122) listening on 443/tcp, 4172/tcp and 4172/udp. <br>
The way the application works is: first, the connecting client hits 443/tcp<br>
where authentication takes place, then the client gets connected to 4172/tcp<br>
(or 4172/udp).<br>
<br>
I have no problems when the connection is handled by the same upstream<br>
server, such as: remote_client > nginx_vip > <a href="http://10.7.18.121:443" rel="noreferrer" target="_blank">10.7.18.121:443</a> ><br>
<a href="http://10.7.18.121:4172" rel="noreferrer" target="_blank">10.7.18.121:4172</a> or remote_client > nginx_vip > <a href="http://10.7.18.122:443" rel="noreferrer" target="_blank">10.7.18.122:443</a> ><br>
<a href="http://10.7.18.122:4172" rel="noreferrer" target="_blank">10.7.18.122:4172</a>. However, I get application errors if 443/tcp is handled by<br>
one server and 4172/tcp/udp by another.<br>
<br>
Therefore, I was wondering whether it'd be possible to configure Nginx in a<br>
such way that the upstream server is retained through the whole session? I<br>
mean, if a client gets served by <a href="http://10.7.18.121:443" rel="noreferrer" target="_blank">10.7.18.121:443</a> Nginx will use the same<br>
upstream to deliver 4172/tcp/udp?<br>
<br>
I can probably switch to active-backup model, but I was hoping to benefit<br>
from the load distribution.<br>
<br>
Many thanks.<br>
<br>
stream {<br>
<br>
log_format basic '$time_iso8601 $remote_addr '<br>
'$protocol $status $bytes_sent $bytes_received '<br>
'$session_time $upstream_addr '<br>
'"$upstream_bytes_sent" "$upstream_bytes_received"<br>
"$upstream_connect_time"';<br>
access_log /var/log/nginx/stream_access.<wbr>log basic;<br>
<br>
upstream test_horizon_4172_tcp {<br>
hash $remote_addr consistent;<br>
server <a href="http://10.7.18.121:4172" rel="noreferrer" target="_blank">10.7.18.121:4172</a>;<br>
server <a href="http://10.7.18.122:4172" rel="noreferrer" target="_blank">10.7.18.122:4172</a>;<br>
}<br>
<br>
upstream test_horizon_4172_udp {<br>
hash $remote_addr consistent;<br>
server <a href="http://10.7.18.121:4172" rel="noreferrer" target="_blank">10.7.18.121:4172</a>;<br>
server <a href="http://10.7.18.122:4172" rel="noreferrer" target="_blank">10.7.18.122:4172</a>;<br>
}<br>
<br>
upstream test_horizon_https {<br>
hash $remote_addr consistent;<br>
server <a href="http://10.7.18.121:443" rel="noreferrer" target="_blank">10.7.18.121:443</a>;<br>
server <a href="http://10.7.18.122:443" rel="noreferrer" target="_blank">10.7.18.122:443</a>;<br>
}<br>
<br>
server {<br>
listen 4172;<br>
proxy_pass test_horizon_4172_tcp;<br>
}<br>
<br>
server {<br>
listen 4172 udp;<br>
proxy_pass test_horizon_4172_udp;<br>
}<br>
<br>
server {<br>
listen 443;<br>
proxy_pass test_horizon_https;<br>
}<br>
<br>
}<br>
<br>
Posted at Nginx Forum: <a href="https://forum.nginx.org/read.php?2,280183,280183#msg-280183" rel="noreferrer" target="_blank">https://forum.nginx.org/read.<wbr>php?2,280183,280183#msg-280183</a><br>
<br>
______________________________<wbr>_________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/<wbr>mailman/listinfo/nginx</a><br>
</blockquote></div><br></div>