New to nginx: ssl/sticky/conditional proxying

musicdenotation · March 13, 2014, 1:06pm

Good morning all,
it was long time i was around with some solution to help me supporting
something right now is really complex, but i need to do.
Nginx looks like me last solution, so i’ve started with preliminary
test,
now , and i’m asking you a little help to validate first if it is
possible
and how to accomplish. I would thanks in adavance whoever can be so kind
to
help me.

Scenario: a sinlge server (physical) with a lot of ram, near 96Gb that
should be used to run from a minimun of 3 to 6 or even more tomcat
istances
with same configuration, apart listening port. The matter is that JVM
running on big heap max memory took a life to complete Gargage
collections,
so it is a reasonable solution to split up the jvm with lower memory and
run
in parallel tomcat. But this should be done smoothly with one only real
IP
no subnet, no possibility to do L3 balance, so NGINX seems to be the
only
solution.

server NGINX+TOMCAT on the backend
NGINX on port 80
TOMCAT will run from 81 to 88 for example.

But, i have some constraints.

A) i have to use HTTP and HTTPS
B) sticky: who use tomcat1 should remain there for both HTTP/HTTPS
protocol
C) if incoming IP is x.x.x.x it shoudl go to tomcat 8
D) if one of the tomcat is down, it won’t be used anymore
E) if i have a peak of reqeustes, i should be able to add more instances
without stopping anything and/or use backup servers realtime.

I believe NGINX can do it, but it is a matter of starting to read right
documentantion.

Thank you for any help on this.

Michele

Posted at Nginx Forum:

emarginated · March 14, 2014, 4:51pm

Oh, well, thanks for the warm welcome!
Just kidding, i’m going on reading documentantio and now i have a
semi-functional nginx.conf.
I miss something, so maybe someone coul help me on the “conditions”.

I need to send IP to specific BACKEND server.

worker_processes 4;
worker_priority -1;
worker_rlimit_nofile 8192;
worker_cpu_affinity 0001 0010 0100 1000;
user nginx;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
multi_accept on;
worker_connections 4096;
}

http {
####SSL
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_certificate include/cert.pem;
ssl_certificate_key include/key.pem;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

###LOG
log_format apache
'$remote_addr - $remote_user [$time_local] ’
'“$request” $status $body_bytes_sent ’
'“$http_referer” “$http_user_agent” ’
‘“$http_cookie”’;
access_log /var/log/nginx/access.log apache;

UPSTREAM

upstream apache{
sticky;
server localhost:81;
server localhost:82;
server localhost:83;
}

####CORE
server {
listen *:80;
listen *:443 ssl;
keepalive_timeout 70;

REVERSE PRXYING

location / {
proxy_set_header Host $host;
proxy_pass http://apache; ← do i send also HTTPS requestes?)
—> i see that connecting to nginx on port 443 redirect me to backend,
but
not sure if it is running on https there).

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
include /etc/nginx/mime.types;
}
}
}

Thank you.

Regards,

Posted at Nginx Forum: