Nginx – How to pass Apache SSL traffic trough nginx proxy

load balancingnginxssl

I want to setup nginx 0.6.33 on Fedora 8 as a load balancer for backends running Apache. I had no problems to configure it for default http port 80, but I don't know how to do it for SSL (443). I don't want to install the SSL certificates on the nginx box, I'd like it to pass the whole traffic through to the Apache servers which have the certificates already installed.

My configuration looks like this:

http {
  upstream backend{
    server 192.168.0.1;
    server 192.168.0.2;
  }

  upstream secure{
    server 192.168.0.1:443;
    server 192.168.0.2:443;
  }

  server{
    listen 80;
    server_name www.my-server.net;
    location / {
      proxy_pass http://backend;
      proxy_set_header Host $http_host;
      proxy_redirect false;
    }
  }

  server{
    listen 443;
    server_name www.my-server.net;
    location / {
      proxy_pass https://secure;
      proxy_set_header Host $http_host;
      proxy_redirect false;
    }
  }
}

Best Answer

Don't use nginx as a load balancer; it isn't designed for that sort of thing. Specifically, in your case, it doesn't support transparently passing TCP connections to a backend, so you'll need to have your SSL certs setup in nginx and pass back to Apache as regular HTTP.

You want either a true L3 load balancer like LVS, or else a TCP proxy like haproxy, that will allow the SSL connections to just flow straight through to Apache.