Welcome! Log In Create A New Profile

Advanced

Re: proxy_pass to backend (varnish): delivered ip?

January 31, 2013 02:13AM
Good Morning,

> If it connects *to* 127.0.0.1, it will connect *from* 127.0.0.1 (which
> is one of the nginx server's addresses).
>
> If it connects *to* 192.168.0.1, it will connect *from* 192.168.0.1
> (which is one of the nginx server's addresses).

Hm, the said nginx vhost doesn't use 127.0.0.1 or a lan address in combination with port 80 - varnish listens on *.80. the nginx ssl vhost listens on an "real" ip and passes the requets to varnish on 127.0.0.1:80. Or is there a misunderstanding on my side?

> No, it is the address that the connection to varnish comes *from*.
> Because
> of your specific setup, that happens to match the address that nginx
> connects to. But try connecting to varnish from some other machine and
> you'll see the difference.

Well, it's not that special, i think.
http: request -> varnish on real ip -> nginx backend on 127.0.0.1:81
https: request -> nginx on real ip:443 -> proxy_pass to varnish on 127.0.01.80 -> nginx backend on 127.0.0.1:81
(If necessary i could draw a small picture)

> It's usually considered a feature that the source address of a
> connection
> is logged. There is nothing nginx can do to hide its source address.
>
> What you want is something non-standard. Possibly there's a varnish
> configuration to allow it.

Ok, so what your're trying to tell me is:
if i proxy_pass to varnish with "proxy_pass http://127.0.0.1:80;" nginx uses some localhost address (although it can't be 127.0.0.1:80, which is used by varnish) to connect to varnish, and varnish sees this localhost address

if i proxy_pass to varnish with "proxy_pass http://192.168.0.1:80;" nginx uses some lan address (although it can't be 192.168.0.1:80, which is used by varnish) to connect to varnish, and varnish sees this lan address

if i proxy_pass to varnish with "proxy_pass http://real_ip:80;" nginx uses the real ip (although it can't be real_ip:80, which is used by varnish) to connect to varnish, and varnish sees this real_ip address

If so, there's nothing i can do within nginx config, as it's simply not possible. And varnish config or log is the (only) place where i can achieve this.

thx a lot
revirii
SubjectAuthorPosted

proxy_pass to backend (varnish): delivered ip?

reviriiJanuary 30, 2013 10:33AM

Re: proxy_pass to backend (varnish): delivered ip?

Francis DalyJanuary 30, 2013 10:54AM

Re: proxy_pass to backend (varnish): delivered ip?

reviriiJanuary 30, 2013 11:13AM

Re: proxy_pass to backend (varnish): delivered ip?

Francis DalyJanuary 30, 2013 11:22AM

Re: proxy_pass to backend (varnish): delivered ip?

reviriiJanuary 31, 2013 02:13AM

Re: proxy_pass to backend (varnish): delivered ip?

Francis DalyJanuary 31, 2013 06:48AM

Re: proxy_pass to backend (varnish): delivered ip?

AxelJanuary 30, 2013 11:24AM

Re: proxy_pass to backend (varnish): delivered ip?

reviriiJanuary 31, 2013 01:40AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 112
Record Number of Users: 3 on November 23, 2014
Record Number of Guests: 377 on November 23, 2014
Powered by nginx    Powered by FreeBSD    PHP Powered    Powered by Percona     ipv6 ready