Hello Roman, * Roman Arutyunyan <a...@nginx.com> [2016-10-12 20:07]: > On Wed, Oct 12, 2016 at 07:50:06PM +0200, Thomas Glanzmann wrote: > > I would like to use ngx_stream_ssl_preread_module to multiplex a web > > server, openvpn, and squid to one ip address and port. However I would > > also like to keep the real client ip address in my http logs, is that > > possible, if so how?
> You can enable the PROXY protocol for upstream connections. > But your backends must support it. > http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_protocol thanks a lot for the hint. It works like a charm. For others want to do the same, I did the following: - configured nginx with --with-stream --with-stream_ssl_preread_module - For https listened on stream: stream { proxy_protocol on; upstream webserver { server 127.0.0.1:443; } map $ssl_preread_server_name $name { default webserver; } server { listen <ip>:443; proxy_pass $name; ssl_preread on; } } - In my http context, I added: set_real_ip_from 127.0.0.1; real_ip_header proxy_protocol; - And in my https listen directives I put: listen 127.0.0.1:443 ssl http2 proxy_protocol; I didn't even had to modify the access_log logformat because apparently 'real_ip_header proxy_protocol' takes care of that. Cheers, Thomas _______________________________________________ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
