Hi WANJUNE.
Am 06-12-2015 07:14, schrieb WANJUNE:
In NginX reverse mode,
There is a problem that can't get real client's Ip address.
[snipp]
I don't want to use http ssl listen becase of SSL handshaking burden on
NginX.
I decided to use stream codec like below.
stream {
upstream aa34 {
zone first_row 64k;
server google.com fail_timeout=5s;
}
server {
listen 127.0.0.1:8081;
location / {
proxy_pass https://aa34;
}
}
In this case, I think I can't specify any http related parameters like
'X-forwarded-for'.
Is there any way to change source ip address of TCP/IP Protocol
header(Ip
Header) to client's real Ip ?
How about to use the proxy protocol?
http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt
This option was introduced in 1.9.2
##############
http://nginx.org/en/CHANGES
Changes with nginx 1.9.2 16 Jun
2015
*) Feature: the "proxy_protocol" directive in the stream module.
##############
It's not yet in the documentation but in the code ;-)
http://nginx.org/en/docs/stream/ngx_stream_core_module.html
I would suggest to use the following line
server <YOUR_SERVER> fail_timeout=5s proxy_protocol;
and on the origin server, in case it is nginx, this.
http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
listen ..... proxy_protocol ....;
If your destiation server is not able to read the proxy protocol then
you only DSR (direct Server Return) is able to show you the client IP.
Cheers Aleks
_______________________________________________
nginx mailing list
[email protected]
http://mailman.nginx.org/mailman/listinfo/nginx
