SSL load balancing
Maxim Dounin
mdounin at mdounin.ru
Thu Jul 3 02:56:38 MSD 2008
Hello!
On Wed, Jul 02, 2008 at 11:50:08PM +0200, Marlon de Boer wrote:
> Max Sevenfold wrote:
>> Hello,
>>
>> Is it possible to use nginx as load balancer for SSL traffic?
> Yes, see example below
>
> server {
> listen 443 default;
> ssl_verify_client off;
>
> ssl on;
> ssl_certificate /etc/nginx/nginx.cert;
> ssl_certificate_key /etc/nginx/nginx.key;
> ssl_session_cache shared:ssl:100m;
>
> location / {
> proxy_pass http://non-ssl-backend;
> proxy_redirect off;
> proxy_set_header Host $host;
> proxy_set_header X-HTTPS on;
> proxy_set_header X-Real-IP
> $remote_addr;
> proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
> proxy_set_header X-Client-Verify SUCCESS;
> proxy_set_header X-SSL-Subject
> $ssl_client_s_dn;
> proxy_set_header X-SSL-Issuer
> $ssl_client_i_dn;
> }
> }
>
>>
>> Will connections from nginx to web servers be encrypted?
> No the connection will be forwarded to the backend via clear http
Actually, nginx supports https connections to backends, just use
proxy_pass https://...;
But usually it isn't required.
Maxim Dounin
>>
>> What are encryption options are available?
> I think all ciphers from the openssl library.
>>
>> Is there some fast non SSL encryption available? (e.g. symmetric keys)
> Not that I know off.
>
> Regards,
> Marlon de Boer
> System administrator http://www.hyves.nl
>
More information about the nginx
mailing list