upstream (tcp stream mode) doesn't detect connecton failure
Adam Cecile
adam.cecile at hitec.lu
Wed Jan 10 19:02:59 UTC 2018
On 01/10/2018 07:58 PM, Maxim Dounin wrote:
> Hello!
>
> On Wed, Jan 10, 2018 at 07:18:36PM +0100, Adam Cecile wrote:
>
> [...]
>
>>> Ok, so you use multiple proxy layers to be able to combine
>>> backends which support/need PROXY protocol and ones which do not,
>>> right? This looks like a valid reason, as "proxy_protocol" is
>>> either on or off in a particular server.
>> Yes exactly !
>>
>> Aim of this setup is to do SNI routing to TCP endpoints (with failover)
>> or HTTPS virtual hosts.
>>> If you want nginx to switch to a different backend while
>>> maintaining two proxy layers, consider moving balancing to the
>>> second layer instead. This way balancing will happen where
>>> connection errors can be seen, and so nginx will be able to switch
>>> to a different server on errors.
>> Could you be more specific and show me how to do this with my current
>> configuration ? I'm a bit lost...
> At the first level, differentiate between hosts based on
> $ssl_preread_server_name. Proxy to either "local_https" or to a
> second-level server, say 8080. On the second level server, proxy
> to an upstream group with servers you want to balance. Example
> configuration (completely untested):
>
> map $ssl_preread_server_name $name {
> default local_https;
> "" second;
> pub.domain.com second;
> }
>
> upstream local_https {
> server 127.0.0.1:8443;
> }
>
> upstream second {
> server 127.0.0.1:8080;
> }
>
> upstream u {
> server 10.0.0.1:443;
> server 10.0.0.2:443;
> }
>
> server {
> listen 443;
> ssl_preread on;
> proxy_pass $name;
> proxy_protocol on;
> }
>
> server {
> listen 127.0.0.1:8080 proxy_protocol;
> proxy_pass u;
> }
>
> Logging and timeouts omitted for clarity.
>
Very nice !
I'll give a try tomorrow morning and let you know, thanks.
More information about the nginx
mailing list