subject:"Use ngx_stream_ssl_preread_module but also log client ip in access.log for https requests"

Re: Use ngx_stream_ssl_preread_module but also log client ip in access.log for https requests

2016-10-12 Thread Thomas Glanzmann

Hello Roman,

* Roman Arutyunyan  [2016-10-12 20:07]:
> On Wed, Oct 12, 2016 at 07:50:06PM +0200, Thomas Glanzmann wrote:
> > I would like to use ngx_stream_ssl_preread_module to multiplex a web
> > server, openvpn, and squid to one ip address and port. However I would
> > also like to keep the real client ip address in my http logs, is that
> > possible, if so how?

> You can enable the PROXY protocol for upstream connections.
> But your backends must support it.

> http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_protocol

thanks a lot for the hint. It works like a charm. For others want to do
the same, I did the following:

- configured nginx with --with-stream --with-stream_ssl_preread_module

- For https listened on stream:

stream {
proxy_protocol on;

upstream webserver {
server 127.0.0.1:443;
}

map $ssl_preread_server_name $name {
default webserver;
}

server {
listen :443;

proxy_pass  $name;
ssl_preread on;
}
}

- In my http context, I added:

set_real_ip_from 127.0.0.1;
real_ip_header proxy_protocol;

- And in my https listen directives I put:

listen 127.0.0.1:443 ssl http2 proxy_protocol;

I didn't even had to modify the access_log logformat because apparently
'real_ip_header proxy_protocol' takes care of that.

Cheers,
Thomas

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Use ngx_stream_ssl_preread_module but also log client ip in access.log for https requests

2016-10-12 Thread Roman Arutyunyan

Hi Thomas,

On Wed, Oct 12, 2016 at 07:50:06PM +0200, Thomas Glanzmann wrote:
> Hello,
> I would like to use ngx_stream_ssl_preread_module to multiplex a web
> server, openvpn, and squid to one ip address and port. However I would
> also like to keep the real client ip address in my http logs, is that
> possible, if so how?

You can enable the PROXY protocol for upstream connections.
But your backends must support it.

http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html#proxy_protocol

-- 
Roman Arutyunyan

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Use ngx_stream_ssl_preread_module but also log client ip in access.log for https requests

2016-10-12 Thread Thomas Glanzmann

Hello,
I would like to use ngx_stream_ssl_preread_module to multiplex a web
server, openvpn, and squid to one ip address and port. However I would
also like to keep the real client ip address in my http logs, is that
possible, if so how?

Cheers,
Thomas

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Use ngx_stream_ssl_preread_module but also log client ip in access.log for https requests

Re: Use ngx_stream_ssl_preread_module but also log client ip in access.log for https requests

Use ngx_stream_ssl_preread_module but also log client ip in access.log for https requests

3 matches

Site Navigation

Mail list logo

Footer information