Forum: NGINX NGinx Load Balancing

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
Payam C. (Guest)
on 2009-04-30 22:43
(Received via mailing list)
Hey Guys,

Question, How can you create an nginx proxy server so it uses
x-forward-header to load balance connections to its downstream web
servers?
Im using a nginx load balancer and attaching x-forward-header down to
the load balaning farm which is using ipvs/keepalived which then load
balances the traffic locally to a iis / apache cluster

issue is that from my nginx proxy to the ipvs LB as i use SNAT and the
ipvs is only layer4. When a client re-establishes his connection
though the nginx proxy, the system will change its src ip at random
and if there was previously another connection using that
src_ip:dst_port, then the IPVS will assign it to the new user...
session jacking

I am thinking that the issue could be solved by placing an nginx load
balancer in front of the ipvs and allowing nginx to load balance
traffic based on the x-forward-header.. however, this is something
that I am not sure how to do.

any insight would greatly be appreciated
Payam C. (Guest)
on 2009-05-01 07:01
(Received via mailing list)
On Thu, Apr 30, 2009 at 11:29 AM, Payam C. 
<removed_email_address@domain.invalid>
wrote:
> ipvs is only layer4. When a client re-establishes his connection
> any insight would greatly be appreciated
>
> --
> Payam Tarverdyan Chychi
> Network Security Specialist / Network Engineer
>


Any ideas? I would greatly appreciate any insight

Thanks,
张立冰 (Guest)
on 2009-05-01 18:36
(Received via mailing list)
Attachment: 349.gif (0 Bytes)
Maybe this entry will give you some information. And it's in Chinese,
but I
think the source codes at this entry will enough for you to understand
it .
http://www.libing.name/2008/12/30/nginx-ip-hash.html[?]
This topic is locked and can not be replied to.