I'm going to try tonight to get this working as you have suggested. I'm hoping that I'll be able to do it without using too many IPs, because then I'll run into my original problem (the IP limit imposed by my hosting provider). I believe your solution of listening on the same IP on multiple ports should work, though. I'll just assign two listen ports on the back-end nginx for each site -- one for http and one for https. I imagine it'll look something like this when I'm finished:<br>
<br> ### front-end nginx ###<br><br> # main nginx config<br> http {<br> upstream backend_server_http {<br> server <a href="http://10.10.1.1:2000">10.10.1.1:2000</a>;<br> }<br> upstream backend_server_https {<br>
server <a href="http://10.10.1.1:2001">10.10.1.1:2001</a>;<br> }<br> }<br><br> # front-end server (http) for <a href="http://domain.com">domain.com</a><br> server {<br> listen 80;<br> server_name <a href="http://domain.com">domain.com</a>;<br>
location / {<br> proxy_pass <a href="http://backend_server_http">http://backend_server_http</a>;<br> }<br> }<br> # front-end server (https) for <a href="http://domain.com">domain.com</a><br> server {<br>
listen <a href="http://209.20.2.2:443">209.20.2.2:443</a>;<br> server_name <a href="http://domain.com">domain.com</a>;<br> ssl on;<br> location / {<br> proxy_pass <a href="http://backend_server_https">http://backend_server_https</a>;<br>
}<br> }<br><br> ### back-end nginx ###<br><br> # main nginx config<br>
http {<br>
upstream app_servers {<br>
server <a href="http://0.0.0.0:3000">0.0.0.0:3000</a>;<br>
server <a href="http://0.0.0.0:3001">0.0.0.0:3001</a>;<br>
}<br>
}<br><br> # back-end server (http) for <a href="http://domain.com">domain.com</a><br> server {<br> listen <a href="http://10.10.1.1:2000">10.10.1.1:2000</a>;<br> server_name <a href="http://domain.com">domain.com</a>;<br>
location / {<br> proxy_pass <a href="http://app_servers">http://app_servers</a>;<br> }<br> }<br> # back-end server (https) for <a href="http://domain.com">domain.com</a><br> server {<br> listen <a href="http://10.10.1.1:2001">10.10.1.1:2001</a>;<br>
server_name <a href="http://domain.com">domain.com</a>;<br> location / {<br> proxy_set_header X_FORWARDED_PROTO https;<br> proxy_pass <a href="http://app_servers">http://app_servers</a>;<br> }<br>
}<br><br>I believe this is what you've described, and I also believe that it will work. Requests for <a href="http://domain.com">http://domain.com</a> will be proxied upstream to backend_server_http (at <a href="http://10.10.1.1:2000">10.10.1.1:2000</a>), which will proxy to the Rails app servers with no X_FORWARDED_PROTO being set explicitly. Requests for <a href="https://domain.com">https://domain.com</a> will be proxied upstream to backend_server_https (at <a href="http://10.10.1.1:2001">10.10.1.1:2001</a>), which will proxy to the Rails app servers with the X_FORWARDED_PROTO header being set explicitly to https.<br>
<br>Thanks again for the suggestion. I'll send an e-mail back to this list once I've given this a try.<br><br>Nick<br><br><br><div class="gmail_quote">On Thu, Oct 30, 2008 at 2:05 PM, Rob Schultz <span dir="ltr"><<a href="mailto:lists@ruby-forum.com">lists@ruby-forum.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi,<br>
I am not sure if you can use the port in the server_name directive. I<br>
think you need to add listen directives.<br>
<br>
Note i could be totally off on this but this is a very very simplistic<br>
view of what i was trying to accomplish<br>
<a href="http://pastie.org/private/xufufgttegqe9pc5qgea" target="_blank">http://pastie.org/private/xufufgttegqe9pc5qgea</a><br>
<br>
Basically demo'ing 3 different server configs with 2 being your<br>
"frontend" server's for doing SSL and then having 1 server listening on<br>
two ports and manually setting the protocal no the second when it is<br>
passed onto rails.<br>
<br>
V/r<br>
Rob</blockquote></div><br>