Forum: NGINX NGinx Load Balancing

Announcement (2017-05-07): www.ruby-forum.com is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see rubyonrails.org/community and ruby-lang.org/en/community for other Rails- und Ruby-related community platforms.
D0a98f6304ff122ac9b487ff8275d8bb?d=identicon&s=25 Payam Chychi (Guest)
on 2009-04-30 20:43
(Received via mailing list)
Hey Guys,

Question, How can you create an nginx proxy server so it uses
x-forward-header to load balance connections to its downstream web
servers?
Im using a nginx load balancer and attaching x-forward-header down to
the load balaning farm which is using ipvs/keepalived which then load
balances the traffic locally to a iis / apache cluster

issue is that from my nginx proxy to the ipvs LB as i use SNAT and the
ipvs is only layer4. When a client re-establishes his connection
though the nginx proxy, the system will change its src ip at random
and if there was previously another connection using that
src_ip:dst_port, then the IPVS will assign it to the new user...
session jacking

I am thinking that the issue could be solved by placing an nginx load
balancer in front of the ipvs and allowing nginx to load balance
traffic based on the x-forward-header.. however, this is something
that I am not sure how to do.

any insight would greatly be appreciated
D0a98f6304ff122ac9b487ff8275d8bb?d=identicon&s=25 Payam Chychi (Guest)
on 2009-05-01 05:01
(Received via mailing list)
On Thu, Apr 30, 2009 at 11:29 AM, Payam Chychi <pchychi@gmail.com>
wrote:
> ipvs is only layer4. When a client re-establishes his connection
> any insight would greatly be appreciated
>
> --
> Payam Tarverdyan Chychi
> Network Security Specialist / Network Engineer
>


Any ideas? I would greatly appreciate any insight

Thanks,
73ad028341c045f423691da9dae1be53?d=identicon&s=25 张立冰 (Guest)
on 2009-05-01 16:36
(Received via mailing list)
Attachment: 349.gif (912 Bytes)
Maybe this entry will give you some information. And it's in Chinese,
but I
think the source codes at this entry will enough for you to understand
it .
http://www.libing.name/2008/12/30/nginx-ip-hash.html[?]
This topic is locked and can not be replied to.