Will this work, is it the best way?

addis_a · January 30, 2015, 12:58pm

Hi,

Slightly complicated setup with 2 nginx servers.

server1 has a public ipv4 address using proxy_pass to server2 over ipv6
which only has a public ipv6, this then has various upstreams for each
subdomain.

ipv6 capable browsers connect directly to server2, those with only ipv4
will connect via server1.

I’m currently considering something like the below config.

server1 - proxy all subdomain requests to upstream ipv6 server:

http {
server_name *.example.com;
location / {
proxy_pass http://fe80::1337;
}
}

server2:

http {
server_name ~^(?\w+).example.com$;
location / {
proxy_pass http://$subdomain
}

upstream subdomain1 {
server 127.0.0.1:1234;
}
}

The theory here is that each subdomain and upstream would match, meaning
that when adding another upstream it would just need the upstream{}
block configuring and automatically work.

I realise there’s dns stuff etc but that’s out of scope for this list
and I can deal with that.

Does this seem sound? It’s not going to see major usage but hopefully
this will reduce work when adding new upstreams.

If you’ve a better way to achieve this please let me know.

Steve.

interactivenyc · January 31, 2015, 5:22pm

Hello Steve,

• Best answer is try and see if it meets your expectations; thanks

• While reading your snippet, my initial questions are — Why 2 servers?
Why not simplify?

• In your proposal: server1, listen to ?? TCP port(s) on public IPv4,
and IPv6 to proxy_pass to server2, then server2 listen on public IPv6,
and
IPv4 to proxy_pass to subdomain, with upstream (perhaps for load
balance and/or failover?) — As you agree, this is slightly complicated

• Why not simplify? — Reconfigure DNS for cname-server1 to
server2, for IPv4 and IPv6

• In your snippet, server2 supports IPv4 and IPv6 if you expect it to
upstream via private IPv4 127.0.0.1:[…]

• I don’t fully understand why server2 upstream isn’t IPv6 ::1:[…]
considering your primary intent for server2 is IPv6 usage

• Perhaps you meant upstream localhost:[…] to try both IPv4 and IPv6?
Thanks

Cheers,
Lloyd

On Friday, January 30, 2015, Steve W. [email protected]

interactivenyc · February 1, 2015, 1:29am

To add a bit more information.

Server1 is hosted, has both IPv4 and 6.
Server2 is on the end of an adsl line within a RFC1918 network where the
external port 80 points to another server which cannot be changed.
Another complication is that internet access from some client locations
is heavily restricted, so using an alternative port may not work.
The LAN has full IPv6 capability and there’s some video streaming done
on server2 so direct LAN access is preferred.

I managed to get it working with the below config on server2.

    server {
            listen [::]:80;
            server_name ~^(?<subdomain>\w+)\.example\.com$;
            set $upstream "http://$subdomain";
            location / {
                    proxy_set_header Host       $host;
                    proxy_pass $upstream;
            }
    }
    upstream netflow {
            server 127.0.0.1:8080;
    }
    upstream ntop {
            server 127.0.0.1:3000;
    }
    upstream wifi {
            server 127.0.0.1:8443;
    }

I was initially tripped up by the proxy_pass line, I did not get the
desired effect when using ‘proxy_pass http://$subdomain;’

Steve.