Trying to setup Nginx as load balancer for https servers. The upstream serves over port 443 with SSL certificates configured. How to configure Nginx, so that the SSL certificate configuration is handled only on the upstream servers and not in the Nginx server?
It is possible to use nginx as a very efficient HTTP load balancer to distribute traffic to several application servers and to improve performance, scalability and reliability of web applications with nginx.
nginx can perform both layer 4 load balancing for TCP and UDP, as well as layer 7 HTTP load balancing.
Upstream Domain Resolve¶ Its buffer has the latest IPs of the backend domain name and it integrates with the configured load balancing algorithm (least_conn, hash, etc) or the built in round robin if none is explicitly defined. At every interval (one second by default), it resolves the domain name.
You need to use Upstream module, and Reverse Proxy module. To reverse proxy to the https upstream, use this
proxy_pass https://backend;
where backend is an uptream block.
However, if I were doing this, I'd terminate ssl on the nginx server, and make upstream app servers doing what they are good at: serving the content, instead of worrying about ssl encryption/decryption overhead. Setting up ssl termination on nginx is also very simple using the SSL module. A very good case study is also given here.
seems now possible according to https://www.nginx.com/resources/admin-guide/nginx-tcp-ssl-upstreams/ (1.9.4+)
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With