Hello,<br><br><div class="gmail_quote">On Sun, Apr 17, 2011 at 5:24 AM, Maxim Dounin <span dir="ltr"><<a href="mailto:mdounin@mdounin.ru" target="_blank">mdounin@mdounin.ru</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hello!<br>
<div><br>
On Sun, Apr 17, 2011 at 03:24:57AM -0400, speedfirst wrote:<br>
<br>
> I have this requirement. I want to use nginx as the reverse proxy, which<br>
> listen on address A and forward the request to the backend server with<br>
> address B. However, if B is down, I want the request to be sent to<br>
> address C. The question is, address B is https and address C is http.<br>
> But for the argument of proxy_pass module, I can only write one prefix<br>
> (either "http" or "https").<br>
><br>
> upstream backend {<br>
> server <addr B ip>:<addr B port>;<br>
> server <addr C ip>:<addr C port> backup;<br>
> }<br>
><br>
> location / {<br>
> proxy_pass <a href="http://backend" target="_blank">http://backend</a>; #here, only one prefix is allowed<br>
> }<br>
><br>
> So how to config to meet my requirements? Or here I shouldn't use<br>
> upstream but other approach?<br>
<br>
</div> location / {<br>
proxy_pass <a href="https://B" target="_blank">https://B</a>;<br>
error_page 502 504 = @fallback;<br>
}<br>
<br>
location @fallback {<br>
proxy_pass <a href="http://C" target="_blank">http://C</a>;<br>
}<br>
<font color="#888888"><br>
Maxim Dounin<br>
</font><div><div></div><div><br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://nginx.org/mailman/listinfo/nginx" target="_blank">http://nginx.org/mailman/listinfo/nginx</a><br>
</div></div></blockquote></div><br>So we would like to be able to have one set of common definitions for locations that work under SSL and non-SSL where we "pass along" the SSL nature of the connection (let's not get into the discussion of whether or if that is a good idea or not).<br>
<br>Today we have:<br><br><span style="font-family: courier new,monospace;">upstream backend_ssl {</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> server <addr A ip>:<SSL port>;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> server <addr B ip>:<SSL port>;</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">}</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">upstream backend {</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> server <addr A ip>:<non-SSL port>;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> server <addr B ip>:<non-SSL port>;</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">}</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">server {</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> listen 443 ssl;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> .</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> .</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> .</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> location / {</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> proxy_pass <a href="https://backed_ssl">https://backed_ssl</a></span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> }</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">}</span><br style="font-family: courier new,monospace;"><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">server {</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> listen 80;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> .</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> .</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> .</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> location / {</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;"> proxy_pass <a href="https://backend">https://backend</a></span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> }</span><br style="font-family: courier new,monospace;"><span style="font-family: courier new,monospace;">}</span><br><br>We'd like to have something like:<br><br>
<span style="font-family: courier new,monospace;"></span><span style="font-family: courier new,monospace;">upstream backend {</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> server <addr A ip>:<SSL or non-SSL port as appropriate>;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> server <addr B ip>:<SSL or non-SSL port as appropriate>;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">}</span><br style="font-family: courier new,monospace;">
<br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">server {<br> listen 8080;<br style="font-family: courier new,monospace;"></span>
<span style="font-family: courier new,monospace;"> listen 8443 ssl;</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> .</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> .</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> .</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> location / {</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> proxy_pass $scheme://backend</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;"> }</span><br style="font-family: courier new,monospace;">
<span style="font-family: courier new,monospace;">}</span><br><br>Where the upstream servers don't listen on 8080 or 8443, but some other set of ports (like 7080 & 7443).<br><br>Doable?<br><br>Thanks, -peter<br>