We are using Nginx community edition for ip_hash load balancing. Everything is working fine except for one remote client office, which, we suspect from observing the access logs, is sending different IP addresses for subsequent requests coming from the same PC client. Basically it is not letting the client PC maintain a session on a single upstream server. Maybe they are having two public IPs. We have two web application servers running the same Spring monolith application. How to work around this? Is there any other load balancing strategy that can work in our scenario using the community edition? The config file is as following:
upstream backend {
ip_hash;
server localhost:8080;
server 10.10.1.208:80;
}
server {
client_max_body_size 0;
client_body_buffer_size 1200m;
client_header_buffer_size 1200m;
client_body_timeout 86400s;
client_header_timeout 86400s;
proxy_send_timeout 86400s;
proxy_read_timeout 86400s;
proxy_buffers 16 16k;
proxy_buffer_size 16k;
listen 80;
listen 443 ssl;
server_name xyz.pqr.com;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_certificate /etc/nginx/ssl/my.crt;
ssl_certificate_key /etc/nginx/ssl/my.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
location / {
return 301 /xyz;
}
location /xyz{
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_header X-XSRF-TOKEN;
proxy_set_header Origin http://backend;
proxy_pass http://backend;
}
}
