Hi WANJUNE.

Am 06-12-2015 07:14, schrieb WANJUNE:
> In NginX reverse mode,
>
> There is a problem that can't get real client's Ip address.

[snipp]

> I don't want to use http ssl listen becase of SSL handshaking burden on
> NginX.
>
> I decided to use stream codec like below.
>
> stream {
> upstream aa34 {
> zone first_row 64k;
> server google.com fail_timeout=5s;
> }
> server {
> listen 127.0.0.1:8081;
> location / {
> proxy_pass https://aa34;
> }
> }
> In this case, I think I can't specify any http related parameters like
> 'X-forwarded-for'.
> Is there any way to change source ip address of TCP/IP Protocol
> header(Ip
> Header) to client's real Ip ?

How about to use the proxy protocol?
http://www.haproxy.org/download/1.6/doc/proxy-protocol.txt

This option was introduced in 1.9.2

##############
http://nginx.org/en/CHANGES
Changes with nginx 1.9.2 16 Jun
2015

*) Feature: the "proxy_protocol" directive in the stream module.
##############

It's not yet in the documentation but in the code ;-)

http://nginx.org/en/docs/stream/ngx_stream_core_module.html

I would suggest to use the following line

server <YOUR_SERVER> fail_timeout=5s proxy_protocol;

and on the origin server, in case it is nginx, this.

http://nginx.org/en/docs/http/ngx_http_core_module.html#listen

listen ..... proxy_protocol ....;

If your destiation server is not able to read the proxy protocol then
you only DSR (direct Server Return) is able to show you the client IP.

Cheers Aleks

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx