Hi to everybody,
first of all I’m very sorry for my English…
This is my scenario:
Internet;
Firewall+nginx as load balancer: pfsense_1(active) + pfsense_2(passive)
in CARP;
Poos servers: 3 x nginx(PHP5-FPM HTTP+HTTPS);
Pfsense 1 and 2 CARP configured with virtual IP (pubblic). Nginx pool
servers’s ips are all private.
I want to load balance inbound HTTP and HTTPS connections between the 3
nginx web servers. An importat thing is that the HTTPS connections must
be “sticky connections”: in HTTPS connections, after login by username
and password, I setup a php session and therefore when a client starts a
HTTPS connection it will be always redirected to the same nginx server,
until it disconnects itself, it closes the page/browser or after a
timeout (30minutes?) without activity.
I would like to do that without decript ssl traffic in the load
balancer. Is it possible using the directive ip_hash?
The configuration will be something like this:
upstream poolservers_http { # HTTP (NO sticky connections…
server server1.example.com max_fails=1 fail_timeout=10s;
server server2.example.com max_fails=1 fail_timeout=10s;
server server3.example.com max_fails=1 fail_timeout=10s;
}
upstream poolservers_https { # HTTPS
ip_hash; # sticky connections
server server1.example.com max_fails=1 fail_timeout=10s;
server server2.example.com max_fails=1 fail_timeout=10s;
server server3.example.com max_fails=1 fail_timeout=10s;
}
server { # HTTP
listen public_ip:80;
server_name expample.com;
location / {
proxy_pass http://poolservers_http;
}
}
server { # HTTPS
listen public_ip:443;
server_name expample.com;
location / {
proxy_pass https://poolservers_https;
}
}
thank you very much…
Posted at Nginx Forum: