I need a little help sorting out how to configure a reverse proxying load balancer in nginx. Basically, I have two web applications that live under subdirectories on Apache servers, /flavors/Chocolate and /flavors/Vanilla for example. This app runs on multiple servers for failover, so my list of upstream servers for Chocolate looks like this:
upstream Chocolate {
ip_hash;
server 192.168.10.100;
server 192.168.10.101;
server 192.168.10.102;
}
Now, what I want to do is be able to take requests at the load balancer, 192.168.10.99, for https://chocolate.company.com and proxy pass them to the upstream servers on port 80 (http) to their actual locations at 192.168.10.xxx/flavors/Chocolate without rewriting the URI for the site from https://chocolate.company.com.
Here is what I have (that shoots out errors on me left and right):
upstream Chocolate {
ip_hash;
server 192.168.10.100;
server 192.168.10.101;
server 192.168.10.102;
}
server {
listen 80;
return 301 https://$host$request_uri;
}
server {
### server port and name ###
listen chocolate.company.com:443;
ssl on;
server_name chocolate.company.com;
### SSL log files ###
access_log logs/ssl-access.log;
error_log logs/ssl-error.log;
### SSL cert files ###
ssl_certificate /.pki/chocolate.company.com.crt;
ssl_certificate_key /.pki/chocolate.company.com.key;
### Add SSL specific settings here ###
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
### We want full access to SSL via backend ###
location / {
rewrite ^(.*)$ /flavors/Chocolate break;
proxy_pass http://chocolate.company.com;
### force timeouts if one of backend is died ##
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_50$
### Set headers ####
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
### Most PHP, Python, Rails, Java App can use this header ###
#proxy_set_header X-Forwarded-Proto https;##
#This is better##
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
### By default we don't want to redirect it ####
proxy_redirect off;
}
Can anyone help me out here? I feel like I'm missing something really stupid and just not having that "eureka!" moment that I get after stewing on something a few and figured there's a chance one of y'all are quite a bit more accomplished with Nginx than me (which is just about not accomplished at all). Thanks in advance!