upstream (tcp stream mode) doesn't detect connecton failure
Maxim Dounin
mdounin at mdounin.ru
Wed Jan 10 18:58:28 UTC 2018
Hello!
On Wed, Jan 10, 2018 at 07:18:36PM +0100, Adam Cecile wrote:
[...]
> > Ok, so you use multiple proxy layers to be able to combine
> > backends which support/need PROXY protocol and ones which do not,
> > right? This looks like a valid reason, as "proxy_protocol" is
> > either on or off in a particular server.
> Yes exactly !
>
> Aim of this setup is to do SNI routing to TCP endpoints (with failover)
> or HTTPS virtual hosts.
> >
> > If you want nginx to switch to a different backend while
> > maintaining two proxy layers, consider moving balancing to the
> > second layer instead. This way balancing will happen where
> > connection errors can be seen, and so nginx will be able to switch
> > to a different server on errors.
>
> Could you be more specific and show me how to do this with my current
> configuration ? I'm a bit lost...
At the first level, differentiate between hosts based on
$ssl_preread_server_name. Proxy to either "local_https" or to a
second-level server, say 8080. On the second level server, proxy
to an upstream group with servers you want to balance. Example
configuration (completely untested):
map $ssl_preread_server_name $name {
default local_https;
"" second;
pub.domain.com second;
}
upstream local_https {
server 127.0.0.1:8443;
}
upstream second {
server 127.0.0.1:8080;
}
upstream u {
server 10.0.0.1:443;
server 10.0.0.2:443;
}
server {
listen 443;
ssl_preread on;
proxy_pass $name;
proxy_protocol on;
}
server {
listen 127.0.0.1:8080 proxy_protocol;
proxy_pass u;
}
Logging and timeouts omitted for clarity.
--
Maxim Dounin
http://mdounin.ru/
More information about the nginx
mailing list