1

I need to deploy a handful of nginx (with docker). These instances need to share a in memory pool of session IDs so that TLS resumption can take place regardless which instance client connects to. Session tickets with shared key rotation would be great as well.

Ideal answer: docker compose file with nginx and memcache/redis

Igor Gatis
  • 119
  • 1
  • 5
  • You could try using [this](https://github.com/magro/memcached-session-manager/blob/master/samples/nginx.conf) module, which uses memcached as nginx sessions, this way you can have (N) nginx servers/ – Alin Andrei Oct 25 '17 at 08:25
  • @Alin Andrei That’s for Tomcat, not RFC5077. –  May 30 '18 at 22:48
  • Here’s how stud (deprecated) did it https://www.haproxy.com/blog/scaling-out-ssl/ –  May 30 '18 at 22:49
  • nghttp2’s nghttpx replicated it https://github.com/nghttp2/nghttp2 –  May 30 '18 at 22:53
  • Apache httpd also didn’t get it. https://journal.paul.querna.org/articles/2010/07/10/overclocking-mod_ssl/ –  May 30 '18 at 22:57

1 Answers1

0

It’s available as 3rd-party modules and Lua code as part of OpenResty

https://github.com/openresty/lua-resty-core/blob/master/lib/ngx/ssl/session.md