Welcome! Log In Create A New Profile

Advanced

Using nginx as ssl terminator in front of load balancer

March 10, 2011 10:30PM
Hi all,
We have an existing load balancer with haproxy, and we'd like to use Nginx to act as our SSL decryption service. We use chose haproxy over nginx for load balancing because we need more TCP load balancing than http balancing for our application. I'm attempting to set up the following request path through our systems.


HTTP --> haproxy --> jetty

HTTPS --> NGINX --> haproxy --> jetty.


Our application requires sticky session, and I'm using cookie entries in the haproxy layer to "stick" the client to a back end system. This is working well with HTTP. However, when using HTTPS, I find that we seem to be getting randomly redirected to a new server. I'm unsure if this is due to nginx passing something incorrectly to haproxy due to my configuration, or if haproxy is missing the cookie. Here is my nginx configuration file for ssl.

server {
listen 443;

ssl on;
ssl_certificate /etc/ssl/nginx.crt;
ssl_certificate_key /etc/ssl/nginx.key;

server_name <%= node[:hostname] %>;

access_log <%= node[:nginx][:log_dir] %>/ssl.access.log;

location / {

proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}

I'm using version nginx/0.7.67 on Ubuntu 10.10 server and configuring it with chef. Obviously the ruby variables are replaced with real paths.

Whenever a client connects to nginx it correctly connects to haproxy and my request is forwarded to a Jetty node. My cookie is returned with both my JSESSIONID and the node I'm attached to. However, we use AJAX validation. As soon as a user exits a field, it's validated. This sends an AJAX http post to the server.

Instead of getting a response from the post, I seem to be constantly getting a redirect with a new JSESSIONID. I'm by no means a guru with ningx or haproxy, so I may have missed something obvious. For clarity I've also included my haproxy config. Any ideas what what could be causing this? Firefox seems to work fine, however Chrome is always redirecting the user.

haproxyconfig

listen logbookapp 0.0.0.0:80
balance leastconn
#Make sure the aviator app has been loaded
option httpchk /aviator/home
option httplog
option forwardfor
log global
cookie SERVERID insert nocache indirect
server ip-10-160-90-137 10.160.90.137:8080 cookie ip-10-160-90-137 weight 1 maxconn 300 check
server ip-10-168-126-182 10.168.126.182:8080 cookie ip-10-168-126-182 weight 1 maxconn 300 check
server ip-10-167-9-170 10.167.9.170:8080 cookie ip-10-167-9-170 weight 1 maxconn 300 check
server deadbug 10.160.90.137:81 backup



Thanks,
Todd
Subject Author Posted

Using nginx as ssl terminator in front of load balancer

tnine March 10, 2011 10:30PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 90
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready