So it's not supported?
-----邮件原件-----
发件人: nginx-bounces@nginx.org [mailto:nginx-bounces@nginx.org] 代表 Roman Arutyunyan
发送时间: 2015年6月11日 8:43
收件人: nginx@nginx.org
主题: Re: nginx plus with ssl on TCP load balance not work
Stream proxy has no idea what the underlying protocol is.
It cannot change anything in it like http headers etc.
On 11 Jun 2015, at 11:34, smith <smith.hua@zoom.us> wrote:
> When I'm trying http ssl, I found need to set proxy_set_header X-Forwarded-Proto $scheme; in server block, or it will also encounter ERR_TOO_MANY_REDIRECTS.
>
> Is TCP has same kind of setting?
>
> -----邮件原件-----
> 发件人: smith [mailto:smith.hua@zoom.us]
> 发送时间: 2015年6月11日 8:28
> 收件人: nginx@nginx.org
> 主题: 答复: nginx plus with ssl on TCP load balance not work
>
> The 80 is normal, And I tried use http ssl, also works. Don't know Why TCP not work.
>
> -----邮件原件-----
> 发件人: nginx-bounces@nginx.org [mailto:nginx-bounces@nginx.org] 代表 Roman
> Arutyunyan
> 发送时间: 2015年6月11日 8:25
> 收件人: nginx@nginx.org
> 主题: Re: nginx plus with ssl on TCP load balance not work
>
> What about the 80 port of the stream balancer?
> Does it proxy the connection normally?
>
> PS: no access log is supported in the stream module.
> Connection information (addresses etc) is logged to error log with the info loglevel.
>
> On 11 Jun 2015, at 10:49, smith <smith.hua@zoom.us> wrote:
>
>> Nginx.conf:
>>
>> user nginx;
>> worker_processes auto;
>> worker_rlimit_nofile 65535;
>>
>> error_log /var/log/nginx/error.log warn;
>> pid /var/run/nginx.pid;
>>
>>
>> events {
>> use epoll;
>> worker_connections 65535;
>> }
>>
>>
>> http {
>> include /etc/nginx/mime.types;
>> default_type application/octet-stream;
>>
>> log_format main '$remote_addr - $remote_user [$time_local] "$request"
>> '
>> '$status $body_bytes_sent "$http_referer" '
>> '"$http_user_agent" "$http_x_forwarded_for"';
>>
>> access_log /var/log/nginx/access.log main;
>>
>> sendfile on;
>> #tcp_nopush on;
>>
>> keepalive_timeout 65;
>>
>> #gzip on;
>>
>> include /etc/nginx/conf.d/*.conf;
>> }
>>
>>
>> stream {
>>
>> include /etc/nginx/xxxx.d/*.conf;
>> }
>>
>> And the content in previous email is in xxxx.d/xxxx.conf
>>
>> There is no file under /etc/nginx/conf.d
>>
>>
>> Thanks.
>>
>>
>> -----邮件原件-----
>> 发件人: nginx-bounces@nginx.org [mailto:nginx-bounces@nginx.org] 代表
>> Roman
>> Arutyunyan
>> 发送时间: 2015年6月11日 7:45
>> 收件人: nginx@nginx.org
>> 主题: Re: nginx plus with ssl on TCP load balance not work
>>
>> Hi,
>>
>> Could you provide the full config of the nginx/stream balancer?
>>
>> On 11 Jun 2015, at 09:29, huakaibird <nginx-forum@nginx.us> wrote:
>>
>>> Hi,
>>>
>>> I’m using nginx plus with ssl on TCP load balance, Configured like
>>> the documentation, but it not work. (All the IP below is not
>>> real-ip) I have web servers behind, I want to use ssl offloading,
>>> and I choose TCP load balance. listen on 443 and proxy to web server's 80.
>>>
>>> Page access always report ERR_TOO_MANY_REDIRECTS.
>>>
>>> Error log
>>> 2015/06/11 03:00:32 [error] 8362#0: *361 upstream timed out (110:
>>> Connection timed out) while connecting to upstream, client:
>>> 10.0.0.1,
>> server:
>>> 0.0.0.0:443, upstream: "10.0.0.2:443", bytes from/to client:656/0,
>>> bytes from/to upstream:0/0
>>>
>>> 10.0.0.2 this ip is the nginx ip, while it is used as upstream?
>>>
>>> The configuration is like this, remove the real ip
>>>
>>> server {
>>> listen 80 so_keepalive=30m::10;
>>> proxy_pass backend;
>>> proxy_upstream_buffer 2048k;
>>> proxy_downstream_buffer 2048k;
>>>
>>> }
>>>
>>> server {
>>> listen 443 ssl;
>>> proxy_pass backend;
>>> #proxy_upstream_buffer 2048k;
>>> #proxy_downstream_buffer 2048k;
>>> ssl_certificate ssl/chained.crt;
>>> #ssl_certificate ssl/4582cfef411bb.crt;
>>> ssl_certificate_key ssl/zoomus20140410.key;
>>> #ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
>>> #ssl_ciphers HIGH:!aNULL:!MD5;
>>> ssl_handshake_timeout 3s;
>>> #ssl_session_cache shared:SSL:20m;
>>> #ssl_session_timeout 4h;
>>>
>>> }
>>>
>>>
>>> upstream backend {
>>> server *.*.*.*:80;
>>> server *.*.*.*:80;
>>> }
>>>
>>>
>>>
>>> nginx -v
>>> nginx version: nginx/1.7.11 (nginx-plus-r6-p1)
>>>
>>> And I’m using amazon linux
>>> uname -a
>>> Linux ip-*.*.*.* 3.14.35-28.38.amzn1.x86_64 #1 SMP Wed Mar 11
>>> 22:50:37 UTC
>>> 2015 x86_64 x86_64 x86_64 GNU/Linux
>>>
>>>
>>> BTW, tcp how to set access log?
>>>
>>> Posted at Nginx Forum:
>>> http://forum.nginx.org/read.php?2,259522,259522#msg-259522
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx@nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>> --
>> Roman Arutyunyan
>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>> _______________________________________________
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
> --
> Roman Arutyunyan
>
>
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
--
Roman Arutyunyan
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx