Listen to all, handle some

Björn Keil deephell at web.de
Wed May 21 17:57:44 MSD 2008


I found the answer myself already:
All I gotta do is to use a single one http { ... } instead of two in the
example below.

Am Mittwoch, den 21.05.2008, 15:22 +0200 schrieb Björn Keil:
> Hello,
> 
> I am trying to change our load balancing here from a quite unflexible
> DNS loadbalancing to something more sophisticated.
> 
> I tried pound but was absolutely not content with it. Now I am trying
> nginx, and even though the configuration seems to be a whole lot more
> flexible and the possibilities way beyond those of pound I have one
> problem again:
> 
> I need the server process to listen on all interfaces, but handle
> several IP addresses separately. The reason that I:
> 
> Firstly need to listen to all interfaces is that I need to be able to
> listen to dynamically assigned IP addresses which may or may not be at
> the host by the time nginx starts. The only way to listen to an
> interface that is not available is to listen to all interfaces.
> 
> Secondly need to handle different interfaces differently is that they
> stand for different domain names and need to show different SSL
> certificate. That cannot be handled name based, because the SSL
> connection needs to be negotiated BEFORE the header with the server name
> (or the GET statement) is transferred.
> 
> With Apache that's no problem.
> You say:
> 
> #The Apache will listen /only/ to *:443 but handle
> #still handle 127.0.0.1:443 and 127.0.0.2:443
> #completely different.
> Listen 443
> <VirtualHost 127.0.0.1:443>
>  #Show Certificate A
> </VirtualHost>
> <VirtualHost 127.0.0.2:443>
>  #Show Certificate B
> </VirtualHost>
> 
> Now I tried something similiar with nginx, but it fails, because because
> it tries to bind to the port 127.0.0.1:80 even though *:80 is already
> reserved by itsself.
> The "listen" statement has some quite sophisticated options. In
> particular the "bind" statement can be used to force an actual bind. But
> how can I prevent a "listen" statement from binding to that interface?
> 
> # nginx test config
> user www-data;
> 
> error_log  /var/log/nginx/error.log;
> pid        /var/run/nginx.pid;
> 
> http {
> 	# Dummy Server - Should never get a request,
> 	# unless someone manages to send a request over
> 	# an IP Address that is not ment to be handled
> 	# by nginx.
> 	server {
> 		listen 80;
> 		rewrite ^.* http://localhost/ permanent;
> 	}
> }
> 
> http{
> 	upstream backend {
> 		server 127.0.0.1:8080;
> 	}
> 	
> 	server {
> 		listen 127.0.0.1:80 default;
> 		server_name localhost;
> 		location / {
> 			proxy_pass http://backend;
> 		}
> 	}
> }
> # nginx test config end
> 
> 






More information about the nginx mailing list