Nginx - the duplicate "https" variable. What to do with it?

A

Aleks_ja2014-09-04 16:35:08

PHP

Aleks_ja, 2014-09-04 16:35:08

Good afternoon!
Faced such a problem - set up a load balancer on nginx.
On the old server - works + works on some servers identical in software (on which the php application is running). And on new load balancers, it throws the error "the duplicate "https" variable in /etc/nginx/sites-enabled/dc_proxy:56"
This is the configuration:

upstream dutybalancer {
    #ip_hash means - the same visitor goes to the same server
    ip_hash;
    #least_conn;
    server application1;
    server application2;
}
upstream dutybalancer_ssl {
    #ip_hash means - the same visitor goes to the same server
    ip_hash;
    #least_conn;
    server application1:443;
    server application2:443;
}

server {
    
    listen      *:443 ssl;    # port https
    listen      *:80;        # port http

if ($server_port = 443) { set $https on;}
if ($server_port = 80) { set $https off; }

... тут немного сертификатов

location / {
      if ($server_port = 443) { proxy_pass https://dutybalancer_ssl; }
      if ($server_port = 80)  { proxy_pass http://dutybalancer; }
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
        proxy_buffering off;
        proxy_set_header   Host  $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

nginx version: nginx/1.4.6 (Ubuntu) 14.04.1 We
tried to install identical configs from working servers - it still swears.
We also tried several solutions from the Internet - they swear at everything and write "not inserted in the right place"

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

L

Lynn "Coffee Man", 2014-09-04
@Aleks_ja

I don't understand why you are redefining the built-in variable?
nginx.org/en/docs/http/ngx_http_core_module.html#v... The
meaning of going to different balancers is also incomprehensible, usually they are limited to passing an HTTP header like
proxy_set_header X-HTTPS $https;

S

Sergey Senkevich, 2014-09-04
@ssenkevich

Try splitting the configuration into two servers:

server {
    listen      *:80;        # port http

    set $https off;

    location / {
        proxy_pass http://dutybalancer; 
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
        proxy_buffering off;
        proxy_set_header   Host  $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

server {
    listen      *:443 ssl;    # port https

    set $https on;

    ... тут немного сертификатов

    location / {
        proxy_pass https://dutybalancer_ssl;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;
        proxy_buffering off;
        proxy_set_header   Host  $host;
        proxy_set_header        X-Real-IP       $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

The problem is that nginx handles 'if' in the configuration in a peculiar way ( wiki.nginx.org/IfIsEvil).