nginx plus with ssl on TCP load balance not work

Roman Arutyunyan arut at nginx.com
Thu Jun 11 08:43:10 UTC 2015


Stream proxy has no idea what the underlying protocol is.
It cannot change anything in it like http headers etc.

On 11 Jun 2015, at 11:34, smith <smith.hua at zoom.us> wrote:

> When I'm trying http ssl, I found need to set proxy_set_header X-Forwarded-Proto $scheme; in server block, or it will also encounter ERR_TOO_MANY_REDIRECTS.
> 
> Is TCP has same kind of setting?
> 
> -----邮件原件-----
> 发件人: smith [mailto:smith.hua at zoom.us] 
> 发送时间: 2015年6月11日 8:28
> 收件人: nginx at nginx.org
> 主题: 答复: nginx plus with ssl on TCP load balance not work
> 
> The 80 is normal, And I tried use http ssl, also works. Don't know Why TCP not work.
> 
> -----邮件原件-----
> 发件人: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] 代表 Roman Arutyunyan
> 发送时间: 2015年6月11日 8:25
> 收件人: nginx at nginx.org
> 主题: Re: nginx plus with ssl on TCP load balance not work
> 
> What about the 80 port of the stream balancer?
> Does it proxy the connection normally?
> 
> PS: no access log is supported in the stream module.
> Connection information (addresses etc) is logged to error log with the info loglevel.
> 
> On 11 Jun 2015, at 10:49, smith <smith.hua at zoom.us> wrote:
> 
>> Nginx.conf:
>> 
>> user  nginx;
>> worker_processes  auto;
>> worker_rlimit_nofile 65535;
>> 
>> error_log  /var/log/nginx/error.log warn;
>> pid        /var/run/nginx.pid;
>> 
>> 
>> events {
>>   use epoll;
>>   worker_connections  65535;
>> }
>> 
>> 
>> http {
>>   include       /etc/nginx/mime.types;
>>   default_type  application/octet-stream;
>> 
>>   log_format  main  '$remote_addr - $remote_user [$time_local] "$request"
>> '
>>                     '$status $body_bytes_sent "$http_referer" '
>>                     '"$http_user_agent" "$http_x_forwarded_for"';
>> 
>>   access_log  /var/log/nginx/access.log  main;
>> 
>>   sendfile        on;
>>   #tcp_nopush     on;
>> 
>>   keepalive_timeout  65;
>> 
>>   #gzip  on;
>> 
>>   include /etc/nginx/conf.d/*.conf;
>> }
>> 
>> 
>> stream {
>> 
>>   include /etc/nginx/xxxx.d/*.conf;
>> }
>> 
>> And the content in previous email is in xxxx.d/xxxx.conf
>> 
>> There is no file under /etc/nginx/conf.d
>> 
>> 
>> Thanks.
>> 
>> 
>> -----邮件原件-----
>> 发件人: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] 代表
>> Roman
>> Arutyunyan
>> 发送时间: 2015年6月11日 7:45
>> 收件人: nginx at nginx.org
>> 主题: Re: nginx plus with ssl on TCP load balance not work
>> 
>> Hi,
>> 
>> Could you provide the full config of the nginx/stream balancer?
>> 
>> On 11 Jun 2015, at 09:29, huakaibird <nginx-forum at nginx.us> wrote:
>> 
>>> Hi,
>>> 
>>> I’m using nginx plus with ssl on TCP load balance, Configured like 
>>> the documentation, but it not work.  (All the IP below is not
>>> real-ip) I have web servers behind, I want to use ssl offloading, and 
>>> I choose TCP load balance. listen on 443 and proxy to web server's 80.
>>> 
>>> Page access always report ERR_TOO_MANY_REDIRECTS.
>>> 
>>> Error log
>>> 2015/06/11 03:00:32 [error] 8362#0: *361 upstream timed out (110:
>>> Connection timed out) while connecting to upstream, client: 10.0.0.1,
>> server:
>>> 0.0.0.0:443, upstream: "10.0.0.2:443", bytes from/to client:656/0, 
>>> bytes from/to upstream:0/0
>>> 
>>> 10.0.0.2 this ip is the nginx ip, while it is used as upstream?
>>> 
>>> The configuration is like this, remove the real ip
>>> 
>>> server {
>>>      listen 80 so_keepalive=30m::10;
>>>      proxy_pass backend;
>>>      proxy_upstream_buffer 2048k;
>>>      proxy_downstream_buffer 2048k;
>>> 
>>>  }
>>> 
>>> server {
>>>      listen 443 ssl;
>>>      proxy_pass backend;
>>>      #proxy_upstream_buffer 2048k;
>>>      #proxy_downstream_buffer 2048k;
>>>      ssl_certificate     ssl/chained.crt;
>>>      #ssl_certificate     ssl/4582cfef411bb.crt;
>>>      ssl_certificate_key ssl/zoomus20140410.key;
>>>      #ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
>>>      #ssl_ciphers         HIGH:!aNULL:!MD5;
>>>      ssl_handshake_timeout 3s;
>>>      #ssl_session_cache   shared:SSL:20m;
>>>      #ssl_session_timeout 4h;
>>> 
>>>  }
>>> 
>>> 
>>>  upstream backend {
>>>      server *.*.*.*:80;
>>>      server *.*.*.*:80;
>>>  }
>>> 
>>> 
>>> 
>>> nginx -v
>>> nginx version: nginx/1.7.11 (nginx-plus-r6-p1)
>>> 
>>> And I’m using amazon linux
>>> uname -a
>>> Linux ip-*.*.*.* 3.14.35-28.38.amzn1.x86_64 #1 SMP Wed Mar 11
>>> 22:50:37 UTC
>>> 2015 x86_64 x86_64 x86_64 GNU/Linux
>>> 
>>> 
>>> BTW, tcp how to set access log?
>>> 
>>> Posted at Nginx Forum:
>>> http://forum.nginx.org/read.php?2,259522,259522#msg-259522
>>> 
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>> 
>> --
>> Roman Arutyunyan
>> 
>> 
>> 
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>> 
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
> 
> --
> Roman Arutyunyan
> 
> 
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

--
Roman Arutyunyan





More information about the nginx mailing list