SSL load balancing
Marlon de Boer
marlon at hyves.nl
Thu Jul 3 01:50:08 MSD 2008
Max Sevenfold wrote:
> Hello,
>
> Is it possible to use nginx as load balancer for SSL traffic?
Yes, see example below
server {
listen 443 default;
ssl_verify_client off;
ssl on;
ssl_certificate /etc/nginx/nginx.cert;
ssl_certificate_key /etc/nginx/nginx.key;
ssl_session_cache shared:ssl:100m;
location / {
proxy_pass http://non-ssl-backend;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-HTTPS on;
proxy_set_header X-Real-IP
$remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
proxy_set_header X-Client-Verify SUCCESS;
proxy_set_header X-SSL-Subject
$ssl_client_s_dn;
proxy_set_header X-SSL-Issuer
$ssl_client_i_dn;
}
}
>
> Will connections from nginx to web servers be encrypted?
No the connection will be forwarded to the backend via clear http
>
> What are encryption options are available?
I think all ciphers from the openssl library.
>
> Is there some fast non SSL encryption available? (e.g. symmetric keys)
Not that I know off.
Regards,
Marlon de Boer
System administrator http://www.hyves.nl
More information about the nginx
mailing list