July 15

simple Nginx proxy with backup connection to backend

proxy-side config:

upstream itday.org.ua {
# main server, we are receiving requests here when it is alive
server your_awesome_IP1_here:8891 max_fails=3 fail_timeout=30s;

# backup server, we will forward traffic to it, when the first one is died
server your_awesome_IP2_here:8891 backup;
}

server {
listen your_awesome_PROXY_ip:80;
server_name itday.org.ua www.itday.org.ua;

# fix to make possible handle letsencrypt for this domain
location /.well-known/acme-challenge/ {
root /var/www/letsencrypt; # Certbot store challenge files here
}

location / {
proxy_pass https://itday.org.ua;

# basic headers
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# timeouts
proxy_connect_timeout 5s;
proxy_send_timeout 30s;
proxy_read_timeout 30s;

# Keepalive
proxy_http_version 1.1;
proxy_set_header Connection "";
}
}

 

I am using Nginx to Nginx connection, so I need to tell my backend the proxy IP, in order to see the real IPs in the logs, I did it via a simple file include inside the http section:

include /etc/nginx/backend_real_ips.conf;

The backend_real_ips.conf file content:

#
set_real_ip_from your_awesome_PROXY_ip; # Our super proxy
real_ip_header X-Real-IP; # We will take IP from this header
real_ip_recursive on; # We can handle a few IPs, if we see some chain here, why not
Post Views: 3


Copyright 2021. All rights reserved.

Posted 15 July 2025 by admin in category "simple memo

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.