Hello! On Fri, Nov 23, 2018 at 04:33:33PM +0100, Jack Henschel wrote:
> On 11/23/18 3:11 PM, Maxim Dounin wrote: > > Hello! > > > > On Fri, Nov 23, 2018 at 09:23:01AM +0100, Jack Henschel wrote: > > > >> Hi Maxim, > >> > >> thanks for the quick confirmation! > >> > >>> The Host header is set to what you wrote in the "proxy_pass" > >>> by default. That is, it will be "backend" with the above > >>> configuration. > >> > >> Wouldn't it make more sense to use the hostname from the > >> particular upstream server? > >> I see two scenarios where this is required: > >> > >> 1. TLS secured upstream servers. TLS verification requires the > >> correct Host header to be set (i.e. "a.example.com" instead of > >> "backend"). Though I know there is the possibility of doing this > >> (additionally) with TLS client certificates. > >> > >> 2. Upstream vhosts. Consider the scenario where multiple domains > >> point to the same IP address, where the requests are split apart > >> based on the Host header (I.e. virtual hosts) > >> > >> What do you think? > > > > All servers listed in an upstream block are expected to be equal, > > and expected to be able to process identical requests. You can > > think of it as multiple A records in DNS, with slightly more > > control on nginx side. > > > Alright, makes sense. > > > Moreover, nginx doesn't even know which particular server it will > > use when it creates a request. And the same request can be sent > > to multiple servers, as per proxy_next_upstream. > > > > This does not preclude you from neither using TLS, nor vhosts on > > upstream servers. But you shouldn't expect that names as written > > within server directives in upstream blocks means anything and > > will be used for anything but resolving these names to IP addresses. > > Thanks for the clarification! > Would you mind adding this implicit (reasonable) behavior of Nginx to > the documentation? > In particular clarify that when using an upstream block for the > proxy_pass argument, the $proxy_host variable will contain the name of > the host specified on the proxy_pass line and NOT the hostnames of the > servers specified in the upstream block. > > The behavior may be totally obvious to you, but it surely wasn't for me. :-) I don't think I've seen anyone else who assumed that $proxy_host should contain anything not written in the "proxy_pass" directive. I've, however, seen people who tried to implement/asked for something working on a per-peer basis, such as sending a request with different Host headers to different servers in a single upstream block. While it may worth explaining that this is not something possible, I don't think I know a good place in the documentation to do this. May be adding the DNS analogy to the upstream directive documentation may help, not sure. > BTW: Is there a "public" method for contributing to the docs? (Git, etc.) Much like with nginx itself, sending patches into nginx-devel@ mailing list is the best method, see here: http://nginx.org/en/docs/contributing_changes.html Repository with docs is here: http://hg.nginx.org/nginx.org/ -- Maxim Dounin http://mdounin.ru/ _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
