Forum Discussion

  • It looks to me like the nginx stream proxy functionality is an F5 Standard virtual server.

     

    How about you describe how you are using the nginx and we can explain how the F5 can do the task?

     

  • I don't have much experience on nginx but our developer using it and now we want to move it in production and question is continue with nginx or use F5?

    Config file look like this, It has stream module loaded and i don't know what it does.

        load_module "/usr/lib64/nginx/modules/ngx_stream_module.so";
    
    events {
        worker_connections 1024;
    }
    
    http {
        upstream backend.foo.8088 {
            server app-foo-1:8088;
            keepalive 20;
        }
    
        server {
            listen 202.116.12.101:8088;
            location / {
                proxy_pass http://backend.foo.8088;
                proxy_http_version 1.1;
                proxy_set_header Connection "";
            }
        }
    
    }
    
    stream {
    
    
        upstream stream_backend.foo.5222 {
            server app-foo-1:5222;
        }
    
        server {
            listen 202.116.12.101:5223 ssl;
            proxy_pass stream_backend.foo.5222;
             terminate TLS
             See also https://www.nginx.com/resources/admin-guide/nginx-tcp-ssl-termination/
            ssl_certificate /etc/nginx/example-wildcard-bundle.pem;
            ssl_certificate_key /etc/nginx/example-wildcard.key;
            ssl_handshake_timeout 10s;
            ssl_session_cache shared:SSL:1m;  1MB = ~4k connections
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_ciphers   DEFAULT:!EXPORT:!LOW:!SSLv2;
        }
    
        server {
            listen 202.116.12.101:5222;
            proxy_pass stream_backend.foo.5222;
        }
    }
    
  • I don't know nginx, but it looks like you have

     

    a virtual server on port 8088 passing http with a reverse proxy and a pool member (app-foo-1) on port 8088

     

    a virtual server on port 5223 that terminates TLS and then passes the decrypted data via stream to a pool member (stream_backend.foo) on port 5222.

     

    a virtual server on port 5222 that passes connections to the pool member (stream_backend.foo) on port 5222.

     

    All of this can be easily handled by an F5 LTM. Try the F5 free online training to see how ...