13

I have some problem about nginx with http and https bypass, In upstream block

upstream block:

upstream bypass{
      server 192.168.99.1:80; #http
      server 192.168.99.2:443 backup; #https
}

When http 80 have a problem (server down, etc), I want to redirect to https 443,

This block does not work for me.

location block:

location / {
      proxy_pass https://bypass;
      proxy_redirect off;
}

How can I resolve this?

Improve this question
2
  • You should be more specific about what "doesn't work" for you. What errors or behavior are you getting, and what do you want to happen? Commented Dec 27, 2017 at 17:40
  • @dpnz I have a similar usecase, did you find a suitable solution? Commented Apr 19, 2022 at 10:04

2 Answers 2

Reset to default
3

This works well: Create server config section for each backend on different port and forward to both ports internally without ssl.

In this example, you can see how the first server acts as main server with cached content (available via https) and if cache content is not available, use the second server (via http).

(using nginx 1.19.6, just for reference)

upstream backends {
    server 127.0.0.1:8082;
    server 127.0.0.1:8081 backup;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name example.com;

    # ssl certs etc here

    location / {
        proxy_pass http://backends;
        proxy_next_upstream error timeout http_404 http_403;
    }

    access_log  /var/log/nginx/access.log upstreamlog;
}

server {
    listen 8081;
    location / {
        add_header X-Cache MISS;
        proxy_pass http://server1;
        proxy_set_header Host server1;
    }
}


server {
    listen 8082;
    location / {
        add_header X-Cache HIT;
        proxy_pass https://server2;
        proxy_set_header Host server2;
    }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Taking a shot in the dark. Assuming you were having issues mixing HTTP and HTTPS in the upstream, you could try this in the location block:

location {
    try_files @bypass-http @bypass-https =404;

    location @bypass-http {
        proxy_pass http://bypass;
        proxy_redirect off;
    }

    location @bypass-https {
        proxy_pass https://bypass;
        proxy_redirect off;
    }
}

And if that didn't work, split the bypass upstream block into bypass1 and bypass2 and reference them accordingly in their corresponding location blocks:

upstream bypass1{
      server 192.168.99.1:80; #http
}

upstream bypass2{
      server 192.168.99.2:443; #https
}

location {
    try_files @bypass-http @bypass-https =404;

    location @bypass-http {
        proxy_pass http://bypass1;
        proxy_redirect off;
    }

    location @bypass-https {
        proxy_pass https://bypass2;
        proxy_redirect off;
    }
}

A third option would be reference them both on port 80, and ensure the second upstream server redirects HTTP requests to HTTPS.

Improve this answer

1 Comment

Unfortunately "try_files" accepts only single named location and only as the last parameter.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.