On 01/10/2018 07:58 PM, Maxim Dounin wrote:
Hello!
On Wed, Jan 10, 2018 at 07:18:36PM +0100, Adam Cecile wrote:
[...]
Ok, so you use multiple proxy layers to be able to combine
backends which support/need PROXY protocol and ones which do not,
right? This looks like a valid reason, as "proxy_protocol" is
either on or off in a particular server.
Yes exactly !
Aim of this setup is to do SNI routing to TCP endpoints (with failover)
or HTTPS virtual hosts.
If you want nginx to switch to a different backend while
maintaining two proxy layers, consider moving balancing to the
second layer instead. This way balancing will happen where
connection errors can be seen, and so nginx will be able to switch
to a different server on errors.
Could you be more specific and show me how to do this with my current
configuration ? I'm a bit lost...
At the first level, differentiate between hosts based on
$ssl_preread_server_name. Proxy to either "local_https" or to a
second-level server, say 8080. On the second level server, proxy
to an upstream group with servers you want to balance. Example
configuration (completely untested):
map $ssl_preread_server_name $name {
default local_https;
"" second;
pub.domain.com second;
}
upstream local_https {
server 127.0.0.1:8443;
}
upstream second {
server 127.0.0.1:8080;
}
upstream u {
server 10.0.0.1:443;
server 10.0.0.2:443;
}
server {
listen 443;
ssl_preread on;
proxy_pass $name;
proxy_protocol on;
}
server {
listen 127.0.0.1:8080 proxy_protocol;
proxy_pass u;
}
Logging and timeouts omitted for clarity.
Very nice !
I'll give a try tomorrow morning and let you know, thanks.
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
