1

Suppose I want to proxy some portion of my traffic to a remote backend instead of the local listener on the server. For example:

upstream backends {
    server 127.0.0.1:8080 weight=20;  # local process (HTTP)
    server other-remote-backend.company-internal.com:443;  # remote server (HTTPS)
}


location / {
    # ...other stuff...
    proxy_pass http://backends;
}

In the above configuration, every 20 or so requests NGINX will try to route to http://other-remote-backend.company-internal.com:443 which is only listening for SSL.

Is there a way for the upstream to define its own protocol scheme? Right now this seems undoable without changing the local listener process to be SSL as well (which is a less than desirable change to make).

Thanks

Alex Urcioli
  • 2,883
  • 3
  • 11
  • 17

1 Answers1

3

As is the usual case, I've figured out my own problem and its quite obvious. If you're trying to accomplish the above the trick is quite simple.

  1. First create a new NGINX Virtual Host that listens on HTTP and proxy_passes to your remote HTTPS backend like so:

/etc/nginx/sites-available/remote_proxy

upstream remote {
        server other-remote-backend.company-internal.com:443;
}

server {

        # other-remote-backend.company-internal.com:443;

        listen 8181;

        server_name my_original_server_name;

        location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $remote_addr;
            proxy_pass https://remote;
        }

}
  1. You can now use just http for your upstreams in the original configuration listening on 443:

/etc/nginx/sites-available/default

upstream backends {
    server 127.0.0.1:8080 weight=20;  # local process (HTTP)
    server 127.0.0.1:8181 # local nginx proxying to HTTPS remote
}


location / {
    # ...other stuff...
    proxy_pass http://backends;
}

Now just enable your new site and restart $ ln -s /etc/nginx/sites-available/remote_proxy /etc/nginx/sites-enabled/ && systemctl restart nginx

Alex Urcioli
  • 2,883
  • 3
  • 11
  • 17