msankhala/nginx-load-balancing-failover.conf

## nginx-load-balancing-failover.conf
http {
  upstream backend_uat {
    server <server 1 ip> max_fails=1 fail_timeout=5s;
    server <server 2 ip>;
  }

  server {
    listen               <nginx public ip>:443 ssl default_server;
    server_name         *.test.com www.*.test.com

    # SSL Settings
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ssl_certificate  /etc/ssl/common_certs/common-eu.crt;
    ssl_certificate_key /etc/ssl/common_certs/common-eu.key;
    ssl_client_certificate /etc/ssl/common_certs/test_apigee.crt;
    ssl_verify_depth 2;   #This allows an intermediate CA cert to be used
    ssl_verify_client on;
    ssl_ciphers         EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;

    location / {
      proxy_pass_header Authorization;
      proxy_pass http://backend_uat;
      proxy_next_upstream error timeout invalid_header http_502;
      proxy_connect_timeout 2s;
      proxy_next_upstream_timeout 0;
      proxy_next_upstream_tries 0;
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_http_version 1.1;
      proxy_set_header Connection "";
      proxy_buffering off;
      client_max_body_size 0;
      #proxy_read_timeout 36000s;
      proxy_redirect off;
      proxy_ssl_session_reuse off;
    }
  }
}
	http {
	upstream backend_uat {
	server <server 1 ip> max_fails=1 fail_timeout=5s;
	server <server 2 ip>;
	}

	server {
	listen <nginx public ip>:443 ssl default_server;
	server_name .test.com www..test.com

	# SSL Settings
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
	ssl_prefer_server_ciphers on;

	ssl_certificate /etc/ssl/common_certs/common-eu.crt;
	ssl_certificate_key /etc/ssl/common_certs/common-eu.key;
	ssl_client_certificate /etc/ssl/common_certs/test_apigee.crt;
	ssl_verify_depth 2; #This allows an intermediate CA cert to be used
	ssl_verify_client on;
	ssl_ciphers EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH;

	location / {
	proxy_pass_header Authorization;
	proxy_pass http://backend_uat;
	proxy_next_upstream error timeout invalid_header http_502;
	proxy_connect_timeout 2s;
	proxy_next_upstream_timeout 0;
	proxy_next_upstream_tries 0;
	proxy_set_header Host $host;
	proxy_set_header X-Real-IP $remote_addr;
	proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	proxy_http_version 1.1;
	proxy_set_header Connection "";
	proxy_buffering off;
	client_max_body_size 0;
	#proxy_read_timeout 36000s;
	proxy_redirect off;
	proxy_ssl_session_reuse off;
	}
	}
	}