A topology when nginx is in reverse-proxy mode? support?

Server NGINX
1

hi all:

please see the following topology in my test-bed, it always accesses the
first website in reverse-proxy.

  1. Topology

    Outside -------------------[ NAT Device] -----------------[nginx
    with
    reverse-proxy]----------------Web1 (1.1.1.1:80)
    [http://2.2.2.2:8000 |
    | |______Web2 (1.1.1.2:80)
    [http://2.2.2.2:8001 2.2.2.2
    1.1.1.255

  2. How to access

    (1) Access http://2.2.2.2:8000 from outside to access web1;
    Access http://2.2.2.2:8001 from outside to access web2;
    (2) NAT device translated 2.2.2.2 to different internal IP address
    according to port;
    http://2.2.2.2:8000 =====NAT===> http://1.1.1.1(web1);
    http://2.2.2.2:8001 =====NAT===> http://1.1.1.2(web2);
    (3) NGINX act as reverse proxy;

  3. issue
    We configure nginx as reverse proxy, but it always proxy
    (http://1.1.1.1and http:/
    1.1.1.2) to http://1.1.1.1;

    nginx configure is as following

    server {
    listen 80;
    server_name 2.2.2.2; // (try 2.2.2.2:8000, it failed)

         location / {
          proxy_pass http://1.1.1.1; # <==========Web1
          ....
     }

    }

    server {
    listen 80;
    server_name 2.2.2.2; # (try 2.2.2.2:8000, it failed)

     location / {
          proxy_pass http: #1.1.1.2;   # <==========Web2
          ....
     }

    }

  4. I try to change the configuration, it is failed.

    My configuration is good ? Is the topology supported?

thanks

George. Alex.

2

Hello!

On Sun, Feb 05, 2012 at 01:02:12PM +0800, Geoge.Q wrote:

| |______Web2 (1.1.1.2:80)
http://2.2.2.2:8001 =====NAT===> http://1.1.1.2(web2);
listen 80;
server_name 2.2.2.2; # (try 2.2.2.2:8000, it failed)
As long as hostnames in requests to different sites match exactly
(nginx doesn’t look at ports in Host headers, only at hostnames) -
you have to use distinct listen sockets on nginx (i.e. distinct
ports and/or ips).

That is, use something like this:

server {
    listen 1.1.1.1:80;
    server_name 2.2.2.2;
    ...
}

server {
    listen 1.1.1.2:80;
    server_name 2.2.2.2;
    ...
}

Maxim D.

3

Thanks Max and Francis.
I will try.

George.Alex.

4

On Sun, Feb 05, 2012 at 01:02:12PM +0800, Geoge.Q wrote:

Hi there,

I’m afraid I’m not able to understand the topology. So I’ll make some
guesses, and perhaps you can say where I have gone wrong.

  1. How to access

    (1) Access http://2.2.2.2:8000 from outside to access web1;
    Access http://2.2.2.2:8001 from outside to access web2;
    (2) NAT device translated 2.2.2.2 to different internal IP address
    according to port;
    http://2.2.2.2:8000 =====NAT===> http://1.1.1.1(web1);
    http://2.2.2.2:8001 =====NAT===> http://1.1.1.2(web2);
    (3) NGINX act as reverse proxy;

So 2.2.2.2 is the address of the NAT device, and it sends any inbound
traffic to port 8000, to internal web1:80; and it sends any inbound
traffic to port 8001, to internal web2:80?

That should just work, with no need for nginx anywhere.

So that’s presumably not what you want.

Perhaps you have nginx on some other internal server, that the NAT
device
sends the traffic to? Or perhaps nginx is running on the NAT device,
so NAT isn’t needed at all?

  1. issue
    We configure nginx as reverse proxy, but it always proxy
    (http://1.1.1.1and http:/
    1.1.1.2) to http://1.1.1.1;

    nginx configure is as following

    server {
    listen 80;

That is the port on the nginx server that nginx listens to, and is
the port that the traffic to nginx must be sent to. I suspect that it
should be 8000 or 8001; but when the network topology is clear, it will
be clear what that will be.

       server_name 2.2.2.2; // (try 2.2.2.2:8000, it failed)

That is the name in the Host: header that the client sends. If more than
one nginx server{} listens on the same ip:port, it is used to choose
which server{} is used.

   server {
       listen 80;
       server_name 2.2.2.2; # (try 2.2.2.2:8000, it failed)

This is the same listen/server_name as the first one, so will never
match.

  1. I try to change the configuration, it is failed.

    My configuration is good ? Is the topology supported?

Because of listen/server_name, your second server{} block will never be
used, so no traffic will go to web2.

So: have nginx listening on two different ports, or on two different
addresses, or use different Host: names in the requests.

(But since I don’t see where nginx fits in to the topology in the first
place, I guess I must have missed something.)

f

Francis D. [email protected]

5

Hello,

Is there a possibility to use the satisfy any option with NGINX as a
loadbalancer?

We normally use “satisfy any” on our apache webservers but for
authentication/caching reasons we want to put it in the NGINX LB config.

Is there a way to make the location directive accept and pass on the
“satisfy any” option to the webservers?

Just for your information, we use NGINX purely as a loadbalancer.

Thank you.

Regards,

Jaap van Arragon