SSL load balancing

Maxim Dounin mdounin at mdounin.ru
Thu Jul 3 02:56:38 MSD 2008


Hello!

On Wed, Jul 02, 2008 at 11:50:08PM +0200, Marlon de Boer wrote:

> Max Sevenfold wrote:
>> Hello,
>>
>> Is it possible to use nginx as load balancer for SSL traffic?
> Yes, see example below
>
> server {
>                listen                  443 default;
>                ssl_verify_client       off;
>
>                ssl on;
>                ssl_certificate         /etc/nginx/nginx.cert;
>                ssl_certificate_key     /etc/nginx/nginx.key;
>                ssl_session_cache       shared:ssl:100m;
>
>                location / {
>                        proxy_pass              http://non-ssl-backend;
>                        proxy_redirect          off;
>                        proxy_set_header        Host             $host;
>                        proxy_set_header        X-HTTPS          on;
>                        proxy_set_header        X-Real-IP         
> $remote_addr;
>                        proxy_set_header        X-Forwarded-For   
> $proxy_add_x_forwarded_for;
>                        proxy_set_header        X-Client-Verify  SUCCESS;
>                        proxy_set_header        X-SSL-Subject     
> $ssl_client_s_dn;
>                        proxy_set_header        X-SSL-Issuer      
> $ssl_client_i_dn;
>                }
> }
>
>>
>> Will connections from nginx to web servers be encrypted?
> No the connection will be forwarded to the backend via clear http

Actually, nginx supports https connections to backends, just use 

     proxy_pass https://...;

But usually it isn't required.

Maxim Dounin

>>
>> What are encryption options are available?
> I think all ciphers from the openssl library.
>>
>> Is there some fast non SSL encryption available? (e.g. symmetric keys)
> Not that I know off.
>
> Regards,
> Marlon de Boer
> System administrator http://www.hyves.nl
>





More information about the nginx mailing list