您在這裡

Linode Nodebalancer with HTTPS

分類: 

Linode Nodebalancer is use Proxy to make balancer.

Before we can use HTTP (80 port) on it, but HTTPS (443 port) only can use TCP.
So we can't get real ip from remote user.

Now HTTPS is worked, but it use HTTP to callback, then nginx will block.
We need to fix https variable to make it work.

This is get real ip from remote for HTTP and HTTPS

http {
  real_ip_header X-Forwarded-For;
  set_real_ip_from 192.168.255.0/24;
}

Add map for HTTPS
Before we can map $http_x_forwarded_prote to $https, but on newer nginx, $https already defined when start. So we just create other variable.

http {
  map $http_x_forwarded_proto $fastcgi_https {
    default '';
    https on;
  }
  map $http_x_forwarded_proto $fastcgi_server_port {
    default $server_port;
    https 443;
  }
}

Change fastcgi_param

fastcgi_param SERVER_PORT $fastcgi_server_port;
fastcgi_param HTTPS $fastcgi_https;

Nginx rewrite use double check

# Check https status
set $use_https "";
if ($https) {
  set $use_https "on";
}
if ($fastcgi_https) {
  set $use_https "on";
}

# Rewrite
if ($use_https) {
  .......
}

That's worked!!

授權: 

回應

lista's 的頭像

I found if direct into server, the https will be incorrect. So I insert check before fastcgi_params temporarily.

if ($https = "on") {
  set $fastcgi_https "on";
}
fastcgi_param HTTPS     $fastcgi_https;

But......if it got problem.......why SERVER_PORT work.....= =a

奇蹟的公式等於萬千努力加上決不放棄 by 凱琳.賽拉菲姆

請問 nodebalance 是不要把把dns給linode託管?

lista's 的頭像

不用喔,他就只是單純的負載平衡而已,要把你的Domain指到Nodebalance,再從Nodebalance指定要處理的伺服器有那幾台。

奇蹟的公式等於萬千努力加上決不放棄 by 凱琳.賽拉菲姆