Welcome! Log In Create A New Profile

Advanced

using nginx open source to tunnel https requests to backend set

Brendan Doyle
January 08, 2020 05:58PM
Hi,

So I want to use nginx open source as a load balancer to forward https
requests
to a backend set where the TLS is terminated by the application on the
backend
servers. i.e I want to tunnel the TLS traffic. And I'm wondering about
the best
approach.

What I'm thinking is that I use the streams module to load balance the TCP
traffic to the backend set.

But my concern is that I need session persistence, else the TLS handshake
might fall between two different backend hosts.

So I'm thinking that I need to use something like:

a)
 upstream backend_hosts {
    ip_hash ;
    server host1.example.com;
    server host2.example.com;
    server host3.example.com;
}

b)
 upstream backend_hosts {
    hash $remote_addr$remote_port consistent;
    server host1.example.com;
    server host2.example.com;
    server host3.example.com;
}


To ensure session persistence, the disadvantage of a) is that all
traffic from a given IP
will always go to the same server, so it is not load balancing per
session per say.

With b) I guess there is more chance of a unique tcp src port per TCP
session, so there
will be a better persistent spread.


Thoughts

Thanks


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

using nginx open source to tunnel https requests to backend set

Brendan Doyle January 08, 2020 05:58PM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 82
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready