nginx plus with ssl on TCP load balance not work
Roman Arutyunyan
arut at nginx.com
Thu Jun 11 08:43:10 UTC 2015
Stream proxy has no idea what the underlying protocol is.
It cannot change anything in it like http headers etc.
On 11 Jun 2015, at 11:34, smith <smith.hua at zoom.us> wrote:
> When I'm trying http ssl, I found need to set proxy_set_header X-Forwarded-Proto $scheme; in server block, or it will also encounter ERR_TOO_MANY_REDIRECTS.
>
> Is TCP has same kind of setting?
>
> -----邮件原件-----
> 发件人: smith [mailto:smith.hua at zoom.us]
> 发送时间: 2015年6月11日 8:28
> 收件人: nginx at nginx.org
> 主题: 答复: nginx plus with ssl on TCP load balance not work
>
> The 80 is normal, And I tried use http ssl, also works. Don't know Why TCP not work.
>
> -----邮件原件-----
> 发件人: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] 代表 Roman Arutyunyan
> 发送时间: 2015年6月11日 8:25
> 收件人: nginx at nginx.org
> 主题: Re: nginx plus with ssl on TCP load balance not work
>
> What about the 80 port of the stream balancer?
> Does it proxy the connection normally?
>
> PS: no access log is supported in the stream module.
> Connection information (addresses etc) is logged to error log with the info loglevel.
>
> On 11 Jun 2015, at 10:49, smith <smith.hua at zoom.us> wrote:
>
>> Nginx.conf:
>>
>> user nginx;
>> worker_processes auto;
>> worker_rlimit_nofile 65535;
>>
>> error_log /var/log/nginx/error.log warn;
>> pid /var/run/nginx.pid;
>>
>>
>> events {
>> use epoll;
>> worker_connections 65535;
>> }
>>
>>
>> http {
>> include /etc/nginx/mime.types;
>> default_type application/octet-stream;
>>
>> log_format main '$remote_addr - $remote_user [$time_local] "$request"
>> '
>> '$status $body_bytes_sent "$http_referer" '
>> '"$http_user_agent" "$http_x_forwarded_for"';
>>
>> access_log /var/log/nginx/access.log main;
>>
>> sendfile on;
>> #tcp_nopush on;
>>
>> keepalive_timeout 65;
>>
>> #gzip on;
>>
>> include /etc/nginx/conf.d/*.conf;
>> }
>>
>>
>> stream {
>>
>> include /etc/nginx/xxxx.d/*.conf;
>> }
>>
>> And the content in previous email is in xxxx.d/xxxx.conf
>>
>> There is no file under /etc/nginx/conf.d
>>
>>
>> Thanks.
>>
>>
>> -----邮件原件-----
>> 发件人: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] 代表
>> Roman
>> Arutyunyan
>> 发送时间: 2015年6月11日 7:45
>> 收件人: nginx at nginx.org
>> 主题: Re: nginx plus with ssl on TCP load balance not work
>>
>> Hi,
>>
>> Could you provide the full config of the nginx/stream balancer?
>>
>> On 11 Jun 2015, at 09:29, huakaibird <nginx-forum at nginx.us> wrote:
>>
>>> Hi,
>>>
>>> I’m using nginx plus with ssl on TCP load balance, Configured like
>>> the documentation, but it not work. (All the IP below is not
>>> real-ip) I have web servers behind, I want to use ssl offloading, and
>>> I choose TCP load balance. listen on 443 and proxy to web server's 80.
>>>
>>> Page access always report ERR_TOO_MANY_REDIRECTS.
>>>
>>> Error log
>>> 2015/06/11 03:00:32 [error] 8362#0: *361 upstream timed out (110:
>>> Connection timed out) while connecting to upstream, client: 10.0.0.1,
>> server:
>>> 0.0.0.0:443, upstream: "10.0.0.2:443", bytes from/to client:656/0,
>>> bytes from/to upstream:0/0
>>>
>>> 10.0.0.2 this ip is the nginx ip, while it is used as upstream?
>>>
>>> The configuration is like this, remove the real ip
>>>
>>> server {
>>> listen 80 so_keepalive=30m::10;
>>> proxy_pass backend;
>>> proxy_upstream_buffer 2048k;
>>> proxy_downstream_buffer 2048k;
>>>
>>> }
>>>
>>> server {
>>> listen 443 ssl;
>>> proxy_pass backend;
>>> #proxy_upstream_buffer 2048k;
>>> #proxy_downstream_buffer 2048k;
>>> ssl_certificate ssl/chained.crt;
>>> #ssl_certificate ssl/4582cfef411bb.crt;
>>> ssl_certificate_key ssl/zoomus20140410.key;
>>> #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
>>> #ssl_ciphers HIGH:!aNULL:!MD5;
>>> ssl_handshake_timeout 3s;
>>> #ssl_session_cache shared:SSL:20m;
>>> #ssl_session_timeout 4h;
>>>
>>> }
>>>
>>>
>>> upstream backend {
>>> server *.*.*.*:80;
>>> server *.*.*.*:80;
>>> }
>>>
>>>
>>>
>>> nginx -v
>>> nginx version: nginx/1.7.11 (nginx-plus-r6-p1)
>>>
>>> And I’m using amazon linux
>>> uname -a
>>> Linux ip-*.*.*.* 3.14.35-28.38.amzn1.x86_64 #1 SMP Wed Mar 11
>>> 22:50:37 UTC
>>> 2015 x86_64 x86_64 x86_64 GNU/Linux
>>>
>>>
>>> BTW, tcp how to set access log?
>>>
>>> Posted at Nginx Forum:
>>> http://forum.nginx.org/read.php?2,259522,259522#msg-259522
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>> --
>> Roman Arutyunyan
>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
> --
> Roman Arutyunyan
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
--
Roman Arutyunyan
More information about the nginx
mailing list