Nginx as SSL terminating server

We have the following setup:

firewall --> single nginx instance (SSL termination) --> haproxy -->
multiple nginx/unicorn instances (via unix socket)

Is it recommendable to turn request buffering off at the first nginx?
Ideally things like uploads would be buffered at the final nginx
instances. The first one is only there to terminate SSL and pass
requests on to haproxy.

Thanks,
Joshua Sierles

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,113599,113599#msg-113599

Quite simply: no.

You cannot stop the first nginx from buffering requests. You can (and
should!) stop it from buffering responses with the proxy_buffering
directive:

proxy_buffering off;

I have a similar setup (minus the haproxy layer,
passenger_global_queue is good enough) and would also like to do this.
I’ve tried messing with the proxy buffer sizes but it doesn’t seem to
make any significant difference with large uploads and opens up DoS
opportunities.

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs