So my balancer looks like this:
upstream myapp1 { server 192.168.0.20; server 8.8.8.8 backup; } server { listen 80 default; location / { proxy_pass http://myapp1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }
And one of the many domain configurations in the cluster ( 192.168.0.20 ) looks like this:
server { listen 80; root /var/www/maximilian.xyz/public_html; index index.php index.html index.htm; server_name maximilian.xyz www.maximilian.xyz; ... }
Now for a bit you don't know!
I followed this tutorial using the stream {...} configuration to try and cover ssl / https / 443 similarly above
stream { upstream myapp1 { server 192.168.0.20:443; server 8.8.8.8:443 backup; } server { listen 443 ssl; proxy_pass myapp1; } }
And this time I added a cluster to 192.168.0.20 :
server { listen 443 ssl; ssl on; ssl_certificate /etc/letsencrypt/live/maximilian.xyz/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/maximilian.xyz/privkey.pem; server_name maximilian.xyz www.maximilian.xyz; root /NAS/maximilian.xyz/public_html; index index.php index.html index.htm; ... }
That when the DNS record points directly to 192.168.0.20 works fine (https).
But when I start the load balancer, it does not work at all. Everything works fine on nginx when running service nginx configtest .
I ran tcpdump port 443 and '(tcp-syn|tcp-ack)!=0' in the load balancer, which returns when accessing https://maximilian.xyz/ , but nothing happens in the cluster when it starts, which means that tcp packets are not transmitted, why?
Please let me know if this is a terrible alternative.
Is there a way to install SSL certificates on a load balancer and transfer these certificates to clusters? Is this the best method?