Upstream to both https or http

I have this requirement. I want to use nginx as the reverse proxy, which
listen on address A and forward the request to the backend server with
address B. However, if B is down, I want the request to be sent to
address C. The question is, address B is https and address C is http.
But for the argument of proxy_pass module, I can only write one prefix
(either “http” or “https”).

upstream backend {
server :;
server : backup;
}

location / {
proxy_pass http://backend; #here, only one prefix is allowed
}

So how to config to meet my requirements? Or here I shouldn’t use
upstream but other approach?

Thanks.

Posted at Nginx Forum:

On Sun, Apr 17, 2011 at 2:24 PM, speedfirst [email protected]
wrote:

I have this requirement. I want to use nginx as the reverse proxy, which
listen on address A and forward the request to the backend server with
address B. However, if B is down, I want the request to be sent to
address C. The question is, address B is https and address C is http.
But for the argument of proxy_pass module, I can only write one prefix
(either “http” or “https”).

you’re not supposed to proxy to https backend. And I don’t know how
mixed environment like that would work anyway. If the client isn’t
using SSL then what’s the point. But then if it’s SSL then who
supposed to give out the certificate.

Hello!

On Sun, Apr 17, 2011 at 03:24:57AM -0400, speedfirst wrote:

}

location / {
proxy_pass http://backend; #here, only one prefix is allowed
}

So how to config to meet my requirements? Or here I shouldn’t use
upstream but other approach?

location / {
    proxy_pass https://B;
    error_page 502 504 = @fallback;
}

location @fallback {
    proxy_pass http://C;
}

Maxim D.

huge overhead in the handshaking and encryption to the backend.

On Sun, Apr 17, 2011 at 10:17 PM, Peter Portante
<[email protected]

Can somebody explain more about why you are “not supposed to” proxy to
https
backend?

Are you saying because it does not buy you anything since Nginx
terminates
the SSL protocol?

Hello,

On Sun, Apr 17, 2011 at 5:24 AM, Maxim D. [email protected]
wrote:

upstream but other approach?
Maxim D.


nginx mailing list
[email protected]
nginx Info Page

So we would like to be able to have one set of common definitions for
locations that work under SSL and non-SSL where we “pass along” the SSL
nature of the connection (let’s not get into the discussion of whether
or if
that is a good idea or not).

Today we have:

upstream backend_ssl {
server :;
server :;
}

upstream backend {
server :;
server :;
}

server {
listen 443 ssl;
.
.
.
location / {
proxy_pass https://backed_ssl
}
}

server {
listen 80;
.
.
.
location / {
proxy_pass https://backend
}
}

We’d like to have something like:

upstream backend {
server :;
server :;
}

server {
listen 8080;
listen 8443 ssl;
.
.
.
location / {
proxy_pass $scheme://backend
}
}

Where the upstream servers don’t listen on 8080 or 8443, but some other
set
of ports (like 7080 & 7443).

Doable?

Thanks, -peter