using nginx open source to tunnel https requests to backend set
Brendan Doyle
brendan.doyle at oracle.com
Wed Jan 8 22:55:54 UTC 2020
Hi,
So I want to use nginx open source as a load balancer to forward https
requests
to a backend set where the TLS is terminated by the application on the
backend
servers. i.e I want to tunnel the TLS traffic. And I'm wondering about
the best
approach.
What I'm thinking is that I use the streams module to load balance the TCP
traffic to the backend set.
But my concern is that I need session persistence, else the TLS handshake
might fall between two different backend hosts.
So I'm thinking that I need to use something like:
a)
upstream backend_hosts {
ip_hash ;
server host1.example.com;
server host2.example.com;
server host3.example.com;
}
b)
upstream backend_hosts {
hash $remote_addr$remote_port consistent;
server host1.example.com;
server host2.example.com;
server host3.example.com;
}
To ensure session persistence, the disadvantage of a) is that all
traffic from a given IP
will always go to the same server, so it is not load balancing per
session per say.
With b) I guess there is more chance of a unique tcp src port per TCP
session, so there
will be a better persistent spread.
Thoughts
Thanks
More information about the nginx
mailing list