nginx load balance TLS elasticsearch
borys_85
nginx-forum at forum.nginx.org
Mon Mar 14 17:55:23 UTC 2022
Hi
I'm a new on nginx configuration, I've tried today to up load balancer for
my elasticsearch service instances
I don't know what's wrong?
"/docker-entrypoint.sh: Configuration complete; ready for start up
2022/03/14 17:46:54 [emerg] 1#1: "server" directive is not allowed here in
/etc/nginx/nginx.conf:42
nginx: [emerg] "server" directive is not allowed here in
/etc/nginx/nginx.conf:42
"
Below You can find my configuration:
docker compose:
version: "3.3"
services:
nginx_load_balancer:
image: nginx
volumes:
-
/home/elasticsearch/kickstart_elk_cluster/nginx_1.conf:/etc/nginx/nginx.conf
-
/home/elasticsearch/certificates/es_coordination_3/es_coordination_3.crt:/etc/ssl/certs/coordination_3.crt
-
/home/elasticsearch/certificates/es_coordination_3/es_coordination_3.key:/etc/ssl/certs/coordination_3.key
-
/home/elasticsearch/certificates/es_coordination_2/es_coordination_2.crt:/etc/ssl/certs/coordination_2.crt
-
/home/elasticsearch/certificates/es_coordination_2/es_coordination_2.key:/etc/ssl/certs/coordination_2.key
-
/home/elasticsearch/certificates/es_coordination_1/es_coordination_1.key:/etc/ssl/certs/coordination_1.key
-
/home/elasticsearch/certificates/es_coordination_1/es_coordination_1.key:/etc/ssl/certs/coordination_1.key
- /home/elasticsearch/certificates/ca/ca.crt:/etc/ssl/certs/ca.crt
ports:
- "9200:80"
networks:
- kickstartelkcluster_elastic
networks:
kickstartelkcluster_elastic:
external: true
=========
and nginx_1.conf
more nginx_1.conf
http {
#...
upstream elasticsearch_servers {
zone elasticsearch_servers 64K;
server 10.210.12.10:9201;
server 10.210.12.11:9238;
server 10.210.12.12:9219;
}
server {
listen 9200;
server_name 10.210.12.10;
#...
location /upstream {
proxy_pass https://elasticsearch_servers;
proxy_ssl_certificate /etc/nginx/coordination_1.crt;
proxy_ssl_certificate_key /etc/nginx/coordination_1.key;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
}
}
server {
listen 9201 ssl;
server_name 10.210.12.10;
ssl_certificate /etc/ssl/certs/coordination_1.crt;
ssl_certificate_key /etc/ssl/certs/coordination_1.key;
ssl_client_certificate /etc/ssl/certs/ca.crt;
ssl_verify_client optional;
location /yourapp {
proxy_pass http://10.210.12.10;
#...
}
server {
listen 9238 ssl;
server_name 10.210.12.11;
ssl_certificate /etc/ssl/certs/coordination_2.crt;
ssl_certificate_key /etc/ssl/certs/coordination_2.key;
ssl_client_certificate /etc/ssl/certs/ca.crt;
ssl_verify_client optional;
location /yourapp {
proxy_pass http://10.210.12.10;
#...
}
}
server {
listen 9219 ssl;
server_name 10.210.12.12;
ssl_certificate /etc/ssl/certs/coordination_3.crt;
ssl_certificate_key /etc/ssl/certs/coordination_3.key;
ssl_client_certificate /etc/ssl/certs/ca.crt;
ssl_verify_client optional;
location /yourapp {
proxy_pass http://10.210.12.10;
#...
}
}
}
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,293831,293831#msg-293831
More information about the nginx
mailing list