NGINX load balancing - Proxy

Carlos Renato crenatovb at gmail.com
Tue Feb 15 13:29:50 UTC 2022


Hi Francis, Thanks for the reply.

My file is like this.

upstream webgateway {
   server 192.168.239.151:9090;
   server 192.168.239.152:9090;
   keepalive 10;
}

server {
   listen 9191;
   server_name proxy.lab.local;

   location / {

        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Request-URI $request_uri;
        proxy_redirect off;

        proxy_pass http://webgateway;
   }
}

I'm able to open HTTP requests in the client's browser.
The problem is being the HTTPS requests.
Is there any way for NGINX to receive the traffic and forward it (balanced)
to the proxy servers?
A simpler way. That way I could include the Web Gateway certificate in the
Windows client.

Thank You!

Em ter., 15 de fev. de 2022 às 10:05, Francis Daly <francis at daoine.org>
escreveu:

> On Tue, Feb 15, 2022 at 08:38:07AM -0300, Carlos Renato wrote:
>
> Hi there,
>
> > Hello, I would like to use NGINX to balance traffic between two McAfee
> > (standalone) proxy.
>
> nginx as a server will listen for http or https requests; it does not "do"
> http-proxy requests. (As in: it is not a http (forward) proxy server.)
>
> nginx as a client will make http or https requests of another server;
> it does not make http-proxy requests. (As in: it will not talk to a http
> proxy server.)
>
> There are some circumstances under which you can kind-of sort-of make
> it work maybe well enough sometimes; but you would be fighting the
> application and things will probably not be smooth.
>
> So, for http-proxy traffic, you are probably better off using nginx's
> "stream" feature instead of "http" feature, and just let nginx be a
> tcp-pass-through.
>
> http://nginx.org/r/stream and things like
> http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html and
> http://nginx.org/en/docs/stream/ngx_stream_upstream_module.html --
> it's conceptually similar to the http things that you already know,
> except there is nothing http-specific about it.
>
> > I've made some advances and I'm able to open an HTTP page.
> >
> > Now, I need the client to open an HTTPS request.
>
> If the client is configured to use a http proxy for a https request,
> it will probably issue a CONNECT request to the proxy, expecting that
> the proxy will open a connection to the external https server.
>
> If nginx is a tcp-pass-through, all of that will be done on your upstream
> McAfee servers, the way that you expect.
>
> Good luck with it,
>
>         f
> --
> Francis Daly        francis at daoine.org
> _______________________________________________
> nginx mailing list -- nginx at nginx.org
> To unsubscribe send an email to nginx-leave at nginx.org
>


--
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20220215/b6722a44/attachment.htm>


More information about the nginx mailing list