Valentin, thank you for your insight, I am upset at myself for not noticing some obvious errors, but that's the result of my stupid schedule, which I am personally responsible for at the end. So yes, it was supposed to be 10.1.1.10 and 10.1.1.11.

At this point the balancing works, I am balancing 2 Tomcat instances, having session replication between them and using ip_hash to force the same session to go to the same instance. I guess I just have to specify conditions under which the balancer will assume that an instance is down and force all requests to just one live instance. Also working out the details of https connectivity. This is on OpenBSD and since there were new OpenSSL security issues fixed on the 5th of June, this means patching first. Nginx configuration for SSL looks simple enough on the surface, I will soon find out how it goes in reality :)

Thank you,
Roman