Welcome! Log In Create A New Profile

Advanced

Help passing IP to nginx via a TCP stream (not a HTTP stream) of data

Posted by jgreyz 
Help passing IP to nginx via a TCP stream (not a HTTP stream) of data
November 10, 2022 12:06PM
Some background on what I'm asking for help with setting up is:

I have a customer's web server running nginx, which is functioning & behind a HAProxy server. The HAProxy server is setup using TCP, instead of HTTP, so nginx is handling its own SSL certificates, which it is currently doing. My current setup passes the internal HAProxy IP to nginx even when proxy_set_header X-Real-IP $remote_addr & proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for & proxy_set_header X-Forwarded-Proto $scheme are all set in the nginx config. I then learned on the HAProxy forum that nginx's "X-Forwarded-For is a HTTP header, it can't be inserted into a TCP stream." [source - https://discourse.haproxy.org/t/x-forwarded-for-in-tcp-mode/2969], so this method will not work with my setup.

This customer's requires the client's IP to be correctly passed thru to nginx, and not the internal IP which is currently being passed to nginx. After more digging, I discovered that HAProxy does have a means of passing the IP correctly to nginx called the PROXY protocol and that nginx can be configured to work with it. [source - https://www.haproxy.com/blog/use-the-proxy-protocol-to-preserve-a-clients-ip-address/] On this HAProxy page, it contained a link to the nginx documentation to set this up.

I am having trouble finding example nginx configurations to learn how to correctly configure this. There's a brief example in the nginx documentation about it here, https://docs.nginx.com/nginx/admin-guide/load-balancer/using-proxy-protocol/#proxy-protocol-for-a-tcp-connection-to-an-upstream, but that was not very helpful for me & I'm having trouble locating other nginx examples of this type of setup.

Does anyone here have any suggestions or has anyone here have experience setting up this type of configuration before? Thanks for your help as I'm having trouble finding what I'm looking for out on the sea we call the internet.
Re: Help passing IP to nginx via a TCP stream (not a HTTP stream) of data
November 10, 2022 12:11PM
Just came across this link, https://gist.github.com/0xdade/13bd0c0156a3a1979cac82221f137444, but not sure if this is relevant to what I'm seeking or not.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 162
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready