Hi Sergey, Liam! Thank you for your answers, they are really helpful! I did not think of such kinds of solutions, they should both work fine for my use case.
Have a great day Sébastien Le mer. 23 avr. 2025 à 15:44, Liam Crilly via nginx <nginx@nginx.org> a écrit : > Alternative approach would be to use error_page to catch the 5xx response > (502 I think) > when there are no available upstream servers and then, from a named > location, proxy_pass > with HTTPS to the same upstream group. > > Modifying the original sample config below. > There is a blog post for similar use case here[1] but it is quite old ;) > > Cheers, > Liam. > > [1] https://blog.nginx.org/blog/capturing-5xx-errors-debug-server > > --- > > upstream main_upstream { > server <ip here>:80 > server <ip here>:80 > <etc> > } > > upstream secondary_upstream { > server <ip here>:443 > server <ip here>:443 > <etc> > } > > location / { > proxy_pass http://main_upstream; > error_page 502 @try_secondary; > <etc> > } > > location @try_secondary { > proxy_pass https://secondary_upstream; > <etc> > } > > ________________________________________ > From: nginx <nginx-boun...@nginx.org> on behalf of Sergey A. Osokin < > o...@freebsd.org.ru> > Sent: 23 April 2025 14:26 > To: Sébastien Rebecchi <srebec...@kameleoon.com> > Cc: nginx mailing list <nginx@nginx.org> > Subject: Re: use a secondary upstream as backup > > CAUTION: This email has been sent from an external source. Do not click > links, open attachments, or provide sensitive business information unless > you can verify the sender’s legitimacy. > > > Hi Sébastien, > hope you're doing well. > > Thanks for the question. > > On Wed, Apr 23, 2025 at 12:07:21PM +0200, Sébastien Rebecchi via nginx > wrote: > > backup, meaning NGINX will only use them if all primary servers fail. > > > > In my case, I have some servers running over HTTP and would like to > > configure HTTPS servers as backups. However, since an upstream can only > use > > one protocol, this setup isn't currently possible. > > [...] > > The solution you may help and you may want to try to implement is "double" > proxy, where: > - at first, nginx is proxy to the loopback upstream, i.e. to itself > - on the second step nginx proxies from loopback to an original upstream > > So, the original upstream block will look like this: > > upstream insecure { > server A.B.C.D:80; # http server > server 127.0.0.1:8999; > > <other directives here> > } > > upstream secure { > server E.F.G.H:443; # https > > <other directives here> > } > > <other servers here> > > server { > listen 127.0.0.1:8999; > > location / { > proxy_pass https://secure; > > <other directives here> > } > } > > > Is there a feature like this planned, or one that could be considered for > > future development? > > I don't think such feature is planned at the moment, just because all > servers defined in the same upstream should be configured equally. > > Hope that helps. > Thank you. > > -- > Sergey A. Osokin > _______________________________________________ > nginx mailing list > nginx@nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ > nginx mailing list > nginx@nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx >
_______________________________________________ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx
