New to nginx: ssl/sticky/conditional proxying

Good morning all,
it was long time i was around with some solution to help me supporting
something right now is really complex, but i need to do.
Nginx looks like me last solution, so i’ve started with preliminary
now , and i’m asking you a little help to validate first if it is
and how to accomplish. I would thanks in adavance whoever can be so kind
help me.

Scenario: a sinlge server (physical) with a lot of ram, near 96Gb that
should be used to run from a minimun of 3 to 6 or even more tomcat
with same configuration, apart listening port. The matter is that JVM
running on big heap max memory took a life to complete Gargage
so it is a reasonable solution to split up the jvm with lower memory and
in parallel tomcat. But this should be done smoothly with one only real
no subnet, no possibility to do L3 balance, so NGINX seems to be the

server NGINX+TOMCAT on the backend
NGINX on port 80
TOMCAT will run from 81 to 88 for example.

But, i have some constraints.

A) i have to use HTTP and HTTPS
B) sticky: who use tomcat1 should remain there for both HTTP/HTTPS
C) if incoming IP is x.x.x.x it shoudl go to tomcat 8
D) if one of the tomcat is down, it won’t be used anymore
E) if i have a peak of reqeustes, i should be able to add more instances
without stopping anything and/or use backup servers realtime.

I believe NGINX can do it, but it is a matter of starting to read right

Thank you for any help on this.


Posted at Nginx Forum:,248320,248320#msg-248320

Oh, well, thanks for the warm welcome! :slight_smile:
Just kidding, i’m going on reading documentantio and now i have a
semi-functional nginx.conf.
I miss something, so maybe someone coul help me on the “conditions”.

I need to send IP to specific BACKEND server.

worker_processes 4;
worker_priority -1;
worker_rlimit_nofile 8192;
worker_cpu_affinity 0001 0010 0100 1000;
user nginx;

error_log /var/log/nginx/error.log;
pid /var/run/;

events {
multi_accept on;
worker_connections 4096;

http {
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_certificate include/cert.pem;
ssl_certificate_key include/key.pem;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;

log_format apache
'$remote_addr - $remote_user [$time_local] ’
'"$request" $status $body_bytes_sent ’
'"$http_referer" “$http_user_agent” ’
access_log /var/log/nginx/access.log apache;


upstream apache{
server localhost:81;
server localhost:82;
server localhost:83;

server {
listen *:80;
listen *:443 ssl;
keepalive_timeout 70;


location / {
proxy_set_header Host $host;
proxy_pass http://apache; <-- do i send also HTTPS requestes?)
—> i see that connecting to nginx on port 443 redirect me to backend,
not sure if it is running on https there).

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
include /etc/nginx/mime.types;

Thank you.


Posted at Nginx Forum:,248320,248382#msg-248382