Need SSL state to be visible behind a double nginx proxy

Nick Pearson nick.pearson at
Fri Oct 31 01:05:46 MSK 2008

Yes, and that's my plan exactly.  The only reason I need to listen on two
separate ports for each site is that each site caches its content
independently, which means that nginx has to be able to look for the cached
content and server that up without ever touching Rails.  So, for two sites
to be able to each have a cached index.html file (as well as static image
files), I have to have a site-specific path in each server directive.

For instance, consider the following:

    server {
      listen  80;
      server_name  *;  # needs to be site-specific
      root  /var/www/site-a;
      location / {
        # serve static files
        if (-f $document_root$uri.html) {
          rewrite (.*) $1.html break;
        # serve cached pages directly
        if (-f
$document_root/../../../current/tmp/cache/content/site-a/$uri.html) {
          rewrite (.*)
$document_root/../../../current/tmp/cache/content/site-a/$1.html break;

I realize I could set the root to "/var/www" (and drop the "/site-a"), then
use the $host or $http_host variable in my static/cache paths, but my CMS
supports * vhosts, which can't be represented on the file
system.  If I drop the * vhost support, then I could have
paths like /var/www/ with symlinks pointing to it (like /var/www/ -> /var/www/

Even if I could figure out a good way to represent this on the file system,
the CMS (and my nginx config for serving static and cached content) supports
serving different files for a request to the same site based on the
requested host.  This is useful (and is actually being used) for a company
with multiple locations that wants a site tailored to each location.  For
instance, when you request, you see the home page with the
address and phone number for the company's primary location in the header.
Requesting shows the exact same home page except that the header
now has the address and phone number for the company's secondary location.
Similarly, a slightly different logo image can be served for,
even though both images are at /images/logo.gif.  As such, simply symlinking
/var/www/ to point to /var/www/ would break this

I still think the original solution will work -- I'll just have to have two
server directives on the back-end nginx for each site (one for http, and one
for https).  This isn't a problem, as this is how it works now -- only now,
the backend nginx uses server_name to choose the proper server directive
whereas with the new solution it will use an internal IP and port number to
do the same thing.


On Thu, Oct 30, 2008 at 4:40 PM, Rob Schultz <lists at> wrote:

> Well with this setup (which i thought you were looking for from the
> first article) you can put as many frontend slices as you need which can
> support 5 IP addresses each for 5 https sites. You only need the two
> listen directives on the back end nginx to allow it to manually set the
> X_FORWARDED_PROTO so your rails will know which type of connection it
> came from.
> --
> Posted via
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx mailing list