Dear Phillip, I know Tailscale very well, I use it and like it a lot. But my final goal is finding a way to implement the ONVIF Uplink service, https://www.onvif.org/specs/srv/uplink/ONVIF-Uplink-Spec.pdf , where I can have several devices on the LAN that need to connect to a remote server, which will then send commands.
Therefore I need a way to start a connection from nginx (or an external program and then passing the fd through a unix socket domain) and make it act as if the fd were obtained from an accept. Nginx works with events and I find it very difficult to find a mechanism to pass this connection to it. Do you have other ideas? Thank you, Ottavio Il giorno ven 27 ago 2021 alle ore 13:10 Phillip Odam < [email protected]> ha scritto: > Hi Ottavio > > I get you now, you’re trying to find a way for the remote server to get > through your NAT router. Who controls the remote server? Because even if > you initiate the TCP connection to it unless it ‘knows’ to make an HTTP > request back nothings going to happen. > > The simplest approach for getting through your NAT would be to just setup > a port forward, any particular qualms with that? It can be shied away from > for security but managed properly it’s a perfectly acceptable approach. > > As an aside, these guys wrote up a brilliant piece on punching holes > through two NATs (the public sides each facing each other over the > internet) https://tailscale.com/blog/, at a quick glance I couldn’t spot > the particular post. > > Cheers > Phillip > > On Friday, August 27, 2021, Ottavio Campana <[email protected]> wrote: > >> Dear Phillip, >> >> I think it is not what I am trying to do (or I did not completely >> understand your solution). >> >> As far as I understand, when nginx dispatches a request it checks if it >> is a file or, among others, something that can be retrieved from an >> upstream. But upstreams act as clients, they do accept requests coming from >> the remote server. >> >> My goal is to have a connection to a remote server that is somehow >> started by the nginx, but then the connection is reversed, the "upstream" >> makes requests and nginx responds. >> >> Is there a way to achieve this with upstreams? >> >> Thank you, >> >> Ottavio >> >> Il giorno gio 26 ago 2021 alle ore 21:58 Phillip Odam < >> [email protected]> ha scritto: >> >>> Hi Ottavio >>> >>> I’m probably overlooking something in the description of what you want >>> but I think NGINX out of the box provides you with what you want. >>> >>> Here’s an example of one I’ve implemented. >>> >>> A software project I don’t develop retrieves dependencies from w3.org >>> (it’s a SOAP web service that retrieves a remote XSD) >>> >>> The trouble with depending on a file sourced from w3.org is that if the >>> file is requested too frequently w3.org will rate limit your requests. >>> >>> One solution would be to store the XSD in the web service but that’d >>> require changing the application. >>> >>> I chose to run an NGINX where it’s upstream was configured to point at >>> w3.org and to avoid needlessly retrieving the same content repeatedly a >>> cache was used. >>> >>> So the NGINX was listening on local host in this case and for the >>> backend it was connecting to whatever w3.org resolves to. And so no >>> changes were needed in the app I changed the servers hosts file to point >>> w3.org to localhost. This isn’t a problem for NGINX to connect to w3.org >>> as the w3.org IP was hard coded in the upstream. >>> >>> And NGINX’s built in connection counting works with this. >>> >>> Barring the cache is this what you’re describing you want? >>> >>> Phillip >>> >>> On Thursday, August 26, 2021, Ottavio Campana <[email protected]> >>> wrote: >>> >>>> Hello, >>>> >>>> I want to write a module for an nginx that runs on a device with a >>>> private IP address and behind NAT, connects to a remote server and adds the >>>> newly created connection to the list of connections handled by nginx. At >>>> this point the remote server will invert the connection and start making >>>> requests. >>>> >>>> I tried studying the documentation on nginx.org, but I am not able to >>>> get an idea about how to achieve this. >>>> >>>> Can you please give me a suggestion about how to do it? >>>> >>>> Thank you, >>>> >>>> Ottavio >>>> >>>> -- >>>> Non c'è più forza nella normalità, c'è solo monotonia >>>> >>> _______________________________________________ >>> nginx-devel mailing list >>> [email protected] >>> http://mailman.nginx.org/mailman/listinfo/nginx-devel >> >> >> >> -- >> Non c'è più forza nella normalità, c'è solo monotonia >> > _______________________________________________ > nginx-devel mailing list > [email protected] > http://mailman.nginx.org/mailman/listinfo/nginx-devel -- Non c'è più forza nella normalità, c'è solo monotonia
_______________________________________________ nginx-devel mailing list [email protected] http://mailman.nginx.org/mailman/listinfo/nginx-devel
