You might find that you get most traction with open resty its an nginx bundle project that includes ngx_lua, HttpHeadersMoreModule and a bunch of other mopdules that are great for transforming requests and implementing F5-like logic. I have been using it for six months and its saved me a bunch of time and helped me get weird stuff done. The openresty mailing list is very responsive.
On 3/19/13 10:42 AM, "wbr...@e1b.org" <wbr...@e1b.org> wrote: > Peter Booth wrote on 03/19/2013 10:43:12 AM: > >> > The code does the following: >> > >> > 1. remove an HTTP header named "SWSSLHDR" >> > 2. replaces it with SWSSLHDR: port, where the port is the local port of >> > the "current context's TCP connection", presumably the port that your F5 >> > virtual server is listening on. > > I had somewhat figured that out. It isn't clear from the notes I got from > vender as to what the current context is. I'm guessing the client side, > but I can test that. > >> > This is presumably to separate SSL and non SSL traffic , or to allow for >> > load balancing across websites that are hosted on ports 8080, 8000 or >> > other nonstandard ports. >> > >> > One thought- are you configuring the nginx server to terminate SSL and >> > then proxy to a single upstream endpoint? Is this the same topology as >> > the F5 one? Is the entire site SSL or just the login portions? > > Presently, we are using an Centos box with Piranha for load balancing, but > we wish to implement SSL. There are about 50 sites hosted with three > upstream servers. I don't want to tie up 150 IP addresses for SSL on > them, so I want to terminate the SSL connection at the nginx server and > use HTTP on port 80 to connect from nginx to IIS. > > The F5 information is just what the IIS application vendor says they use > in their configuration. We may be buying an F5 in the future, but I need > SSL in the short term. > > Would I add to the location section something like this: > > more_set_input_headers -r SWSSLHDR $server_port > > If $server_port isn't correct, I could try $remote_port. Are there any > other port variables that I've missed? > > From my reading of the F5 docs, the "when HTTP_REQUEST" indicates this is > only processed on requests received from clients. Since they are always > removing the SWSSLHDR from incoming requests, then adding it again, I > think using the -r option is sensible and only adding it if it exists. > > Now I'm off to rebuild nginx with HttpHeadersMoreModule. > > > > > Confidentiality Notice: > This electronic message and any attachments may contain confidential or > privileged information, and is intended only for the individual or entity > identified above as the addressee. If you are not the addressee (or the > employee or agent responsible to deliver it to the addressee), or if this > message has been addressed to you in error, you are hereby notified that > you may not copy, forward, disclose or use any part of this message or any > attachments. Please notify the sender immediately by return e-mail or > telephone and delete this message from your system. > > _______________________________________________ > nginx mailing list > nginx@nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
