Welcome! Log In Create A New Profile

Advanced

pass the port to use to an upstream definition

Posted by cschne 
Forum List Message List New Topic
cschne
pass the port to use to an upstream definition
January 27, 2012 04:16PM
Hi, first off, fantastic work, I'm really happy using Nginx. Also, sorry for the long examples here, I just want to be thorough in explaining the situation.

I would like to be able to dynamically pass the upstream port to connect to in a proxy_pass directive. This would greatly reduce the number of upstream configurations that a user would need to maintain when proxying a large number of distinct sites to an upstream system over SSL. I think it would also address an issue I've seen while using the sticky module which may send requests to different upstream systems instead of sticking them all to a single system. For example:

upstream php {
sticky;
server 01-prod:80;
server 02-prod:80;
}

upstream php-ssl {
sticky;
server 01-prod:443;
server 02-prod:443;
}

upstream static-ssl {
sticky;
server 01-prod:4433;
server 02-prod:4433;
}

server {
listen x.x.x.x:80;
location /insecure { proxy_pass http://php; }
}

server {
listen x.x.x.x:443;
ssl on;
location /secure { proxy_pass https://php-ssl; }
}

server {
listen y.y.y.y:443;
ssl on;
location /secure { proxy_pass https://static-ssl; }
}


Requests for an http connection might be stuck to 01-prod:80, but when they need a secure connection, there is a 50/50 chance they will bounce to 02-prod:443 on the HTTPS side. I was thinking that the way to correct this would be to allow passing the port to an upstream definition, reducing the number of upstream definitions to 1 (in this example at least), while preserving the session stickiness as well. For example:

upstream php-and-static{
sticky;
server 01-prod;
server 02-prod;
}

server {
listen x.x.x.x:80;
location /insecure { proxy_pass_upstream http://php-and-static:80; }
}

server {
listen x.x.x.x:443;
ssl on;
location /secure { proxy_pass_upstream https://php-and-static:443; }
}

server {
listen y.y.y.y:443;
ssl on;
location /secure { proxy_pass_upstream https://php-and-static:4433; }
}

The number of upstream directives required to maintain a large number of SSL enabled sites would be greatly reduced and this I think would solve the other problem I am seeing with requests that go from http to https potentially ending up on different upstream systems, breaking any session stored data that uses local file storage. It would also reduce the number of places a system would have to be removed or added from 3 to one in using this example. Extend that to 200+ sites with their corresponding SSL upstream definitions and the advantages become even more important.

Anyway, thanks in advance.

-Chris
Reply Quote
Newer Topic Older Topic
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 181
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready