Need SSL state to be visible behind a double nginx proxy

Nick Pearson nick.pearson at gmail.com
Fri Oct 31 01:05:46 MSK 2008


Yes, and that's my plan exactly.  The only reason I need to listen on two
separate ports for each site is that each site caches its content
independently, which means that nginx has to be able to look for the cached
content and server that up without ever touching Rails.  So, for two sites
to be able to each have a cached index.html file (as well as static image
files), I have to have a site-specific path in each server directive.

For instance, consider the following:

    server {
      listen  80;
      server_name  site-a.com  *.site-a.com;  # needs to be site-specific
      root  /var/www/site-a;
      location / {
        # serve static files
        if (-f $document_root$uri.html) {
          rewrite (.*) $1.html break;
          break;
        }
        # serve cached pages directly
        if (-f
$document_root/../../../current/tmp/cache/content/site-a/$uri.html) {
          rewrite (.*)
$document_root/../../../current/tmp/cache/content/site-a/$1.html break;
        }
      }
    }

I realize I could set the root to "/var/www" (and drop the "/site-a"), then
use the $host or $http_host variable in my static/cache paths, but my CMS
supports *.domain.com-style vhosts, which can't be represented on the file
system.  If I drop the *.domain.com-style vhost support, then I could have
paths like /var/www/site-a.com with symlinks pointing to it (like /var/www/
www.site-a.com -> /var/www/site-a.com).

Even if I could figure out a good way to represent this on the file system,
the CMS (and my nginx config for serving static and cached content) supports
serving different files for a request to the same site based on the
requested host.  This is useful (and is actually being used) for a company
with multiple locations that wants a site tailored to each location.  For
instance, when you request site-a.com, you see the home page with the
address and phone number for the company's primary location in the header.
Requesting site-b.com shows the exact same home page except that the header
now has the address and phone number for the company's secondary location.
Similarly, a slightly different logo image can be served for site-b.com,
even though both images are at /images/logo.gif.  As such, simply symlinking
/var/www/site-b.com to point to /var/www/site-a.com would break this
functionality.

I still think the original solution will work -- I'll just have to have two
server directives on the back-end nginx for each site (one for http, and one
for https).  This isn't a problem, as this is how it works now -- only now,
the backend nginx uses server_name to choose the proper server directive
whereas with the new solution it will use an internal IP and port number to
do the same thing.

Nick


On Thu, Oct 30, 2008 at 4:40 PM, Rob Schultz <lists at ruby-forum.com> wrote:

> Well with this setup (which i thought you were looking for from the
> first article) you can put as many frontend slices as you need which can
> support 5 IP addresses each for 5 https sites. You only need the two
> listen directives on the back end nginx to allow it to manually set the
> X_FORWARDED_PROTO so your rails will know which type of connection it
> came from.
> --
> Posted via http://www.ruby-forum.com/.
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20081030/b4a7fede/attachment.html>


More information about the nginx mailing list