Skip to Content.
Sympa Menu

discuss - Re: [opennic-discuss] [UPDATE] Nearest Server Drama

discuss AT lists.opennicproject.org

Subject: Discuss mailing list

List archive

Re: [opennic-discuss] [UPDATE] Nearest Server Drama


Chronological Thread 
  • From: max bellasys <info AT bellasys.com>
  • To: Members OpenNIC <discuss AT lists.opennicproject.org>
  • Subject: Re: [opennic-discuss] [UPDATE] Nearest Server Drama
  • Date: Tue, 9 Jun 2015 18:22:32 -0700

@Fusl - yes I accidentally explained first and gave the headline last. "seems
like my code won’t work for that.” If Nginx was involved in the capacity I
hoped, it does allow SNI, so yes perhaps my question was unnecessary.
However, I have learned to throw all assumptions out the door, because I’ve
pretty much seen and heard it all, from “oh we didn’t configure that module.
Our admin kills that process on startup… blah, blah.” So I thought asking a
direct and simple question was the best way to get the feedback I was looking
for- to understand if/whether Nginx is used in some capacity.

If I could have helped by simply providing code, that was of course on the
table, but understanding a little more about the components could also lead
to a solution that hasn’t been thought of yet since I have recently solved
this several times over for network setups with DigitalOcean and Now Vultr.

On Jun 9, 2015, at 5:53 PM, Julian De Marchi <julian AT jdcomputers.com.au>
wrote:

> On 10/06/15 10:28, Fusl Dash wrote:
>> No, this is a different case here. As Julian already explained, the Linode
>> loadbalancer does not act like nginx and therefore does not add an
>> additional HTTP-Header (e.g. X-Forwarded-For/X-Real-IP/...), but instead
>> just passes the raw TCP connection to the server itself...
>>
>> ... at least from what I understood from his email.
>
> I'll explain a bit more. There are a few options with the nodebalancer,
> http, https, tcp.
>
> HTTP mode passes on the x-forwarded-for header. HTTPS does to. However
> HTTPS does not perform SSL re-negotiation, so we are stuck if using that
> option to one SSL site per nodebalancer only.
>
> This is an issue with most "cloud" load-balancers, including AWS. I'm
> unsure of cloudfare though.
>
> A work around for this is to use the nodebalancer for our main site only
> and then for the other SSL sites LB at the node to the pool of
> webservers we have.
>
> --julian
>
>
> --------
> You are a member of the OpenNIC Discuss list.
> You may unsubscribe by emailing discuss-unsubscribe AT lists.opennicproject.org




Archive powered by MHonArc 2.6.19.

Top of Page