Upstream to both https or http

Peter Portante peter.a.portante at gmail.com
Mon Apr 18 01:26:04 MSD 2011


Hello,

On Sun, Apr 17, 2011 at 5:24 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
>
> On Sun, Apr 17, 2011 at 03:24:57AM -0400, speedfirst wrote:
>
> > I have this requirement. I want to use nginx as the reverse proxy, which
> > listen on address A and forward the request to the backend server with
> > address B. However, if B is down, I want the request to be sent to
> > address C. The question is, address B is https and address C is http.
> > But for the argument of proxy_pass module, I can only write one prefix
> > (either "http" or "https").
> >
> > upstream backend {
> >       server <addr B ip>:<addr B port>;
> >       server <addr C ip>:<addr C port> backup;
> > }
> >
> > location / {
> >      proxy_pass  http://backend;   #here, only one prefix is allowed
> > }
> >
> > So how to config to meet my requirements? Or here I shouldn't use
> > upstream but other approach?
>
>     location / {
>        proxy_pass https://B;
>        error_page 502 504 = @fallback;
>    }
>
>    location @fallback {
>        proxy_pass http://C;
>    }
>
> Maxim Dounin
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx
>

So we would like to be able to have one set of common definitions for
locations that work under SSL and non-SSL where we "pass along" the SSL
nature of the connection (let's not get into the discussion of whether or if
that is a good idea or not).

Today we have:

upstream backend_ssl {
  server <addr A ip>:<SSL port>;
  server <addr B ip>:<SSL port>;
}

upstream backend {
  server <addr A ip>:<non-SSL port>;
  server <addr B ip>:<non-SSL port>;
}

server {
  listen 443 ssl;
  .
  .
  .
  location / {
    proxy_pass https://backed_ssl
  }
}

server {
  listen 80;
  .
  .
  .
  location / {
    proxy_pass https://backend
  }
}

We'd like to have something like:

upstream backend {
  server <addr A ip>:<SSL or non-SSL port as appropriate>;
  server <addr B ip>:<SSL or non-SSL port as appropriate>;
}

server {
  listen 8080;
  listen 8443 ssl;
  .
  .
  .
  location / {
    proxy_pass $scheme://backend
  }
}

Where the upstream servers don't listen on 8080 or 8443, but some other set
of ports (like 7080 & 7443).

Doable?

Thanks, -peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nginx.org/pipermail/nginx/attachments/20110417/9b526b99/attachment-0001.html>


More information about the nginx mailing list