Forum: NGINX NGinx Load Balancing

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
D0a98f6304ff122ac9b487ff8275d8bb?d=identicon&s=25 Payam Chychi (Guest)
on 2009-04-30 20:43
(Received via mailing list)
Hey Guys,

Question, How can you create an nginx proxy server so it uses
x-forward-header to load balance connections to its downstream web
Im using a nginx load balancer and attaching x-forward-header down to
the load balaning farm which is using ipvs/keepalived which then load
balances the traffic locally to a iis / apache cluster

issue is that from my nginx proxy to the ipvs LB as i use SNAT and the
ipvs is only layer4. When a client re-establishes his connection
though the nginx proxy, the system will change its src ip at random
and if there was previously another connection using that
src_ip:dst_port, then the IPVS will assign it to the new user...
session jacking

I am thinking that the issue could be solved by placing an nginx load
balancer in front of the ipvs and allowing nginx to load balance
traffic based on the x-forward-header.. however, this is something
that I am not sure how to do.

any insight would greatly be appreciated
D0a98f6304ff122ac9b487ff8275d8bb?d=identicon&s=25 Payam Chychi (Guest)
on 2009-05-01 05:01
(Received via mailing list)
On Thu, Apr 30, 2009 at 11:29 AM, Payam Chychi <>
> ipvs is only layer4. When a client re-establishes his connection
> any insight would greatly be appreciated
> --
> Payam Tarverdyan Chychi
> Network Security Specialist / Network Engineer

Any ideas? I would greatly appreciate any insight

73ad028341c045f423691da9dae1be53?d=identicon&s=25 张立冰 (Guest)
on 2009-05-01 16:36
(Received via mailing list)
Attachment: 349.gif (912 Bytes)
Maybe this entry will give you some information. And it's in Chinese,
but I
think the source codes at this entry will enough for you to understand
it .[?]
This topic is locked and can not be replied to.