Welcome! Log In Create A New Profile

Advanced

Re: Adding a fd that is not obtained through accept to the list the active connections

Ottavio Campana
August 27, 2021 08:00AM
Dear Phillip,

I know Tailscale very well, I use it and like it a lot. But my final goal
is finding a way to implement the ONVIF Uplink service,
https://www.onvif.org/specs/srv/uplink/ONVIF-Uplink-Spec.pdf , where I can
have several devices on the LAN that need to connect to a remote server,
which will then send commands.

Therefore I need a way to start a connection from nginx (or an external
program and then passing the fd through a unix socket domain) and make it
act as if the fd were obtained from an accept.

Nginx works with events and I find it very difficult to find a mechanism to
pass this connection to it.

Do you have other ideas?

Thank you,

Ottavio


Il giorno ven 27 ago 2021 alle ore 13:10 Phillip Odam <
phillip.odam@nitorgroup.com> ha scritto:

> Hi Ottavio
>
> I get you now, you’re trying to find a way for the remote server to get
> through your NAT router. Who controls the remote server? Because even if
> you initiate the TCP connection to it unless it ‘knows’ to make an HTTP
> request back nothings going to happen.
>
> The simplest approach for getting through your NAT would be to just setup
> a port forward, any particular qualms with that? It can be shied away from
> for security but managed properly it’s a perfectly acceptable approach.
>
> As an aside, these guys wrote up a brilliant piece on punching holes
> through two NATs (the public sides each facing each other over the
> internet) https://tailscale.com/blog/, at a quick glance I couldn’t spot
> the particular post.
>
> Cheers
> Phillip
>
> On Friday, August 27, 2021, Ottavio Campana <ottavio@campana.vi.it> wrote:
>
>> Dear Phillip,
>>
>> I think it is not what I am trying to do (or I did not completely
>> understand your solution).
>>
>> As far as I understand, when nginx dispatches a request it checks if it
>> is a file or, among others, something that can be retrieved from an
>> upstream. But upstreams act as clients, they do accept requests coming from
>> the remote server.
>>
>> My goal is to have a connection to a remote server that is somehow
>> started by the nginx, but then the connection is reversed, the "upstream"
>> makes requests and nginx responds.
>>
>> Is there a way to achieve this with upstreams?
>>
>> Thank you,
>>
>> Ottavio
>>
>> Il giorno gio 26 ago 2021 alle ore 21:58 Phillip Odam <
>> phillip.odam@nitorgroup.com> ha scritto:
>>
>>> Hi Ottavio
>>>
>>> I’m probably overlooking something in the description of what you want
>>> but I think NGINX out of the box provides you with what you want.
>>>
>>> Here’s an example of one I’ve implemented.
>>>
>>> A software project I don’t develop retrieves dependencies from w3.org
>>> (it’s a SOAP web service that retrieves a remote XSD)
>>>
>>> The trouble with depending on a file sourced from w3.org is that if the
>>> file is requested too frequently w3.org will rate limit your requests.
>>>
>>> One solution would be to store the XSD in the web service but that’d
>>> require changing the application.
>>>
>>> I chose to run an NGINX where it’s upstream was configured to point at
>>> w3.org and to avoid needlessly retrieving the same content repeatedly a
>>> cache was used.
>>>
>>> So the NGINX was listening on local host in this case and for the
>>> backend it was connecting to whatever w3.org resolves to. And so no
>>> changes were needed in the app I changed the servers hosts file to point
>>> w3.org to localhost. This isn’t a problem for NGINX to connect to w3.org
>>> as the w3.org IP was hard coded in the upstream.
>>>
>>> And NGINX’s built in connection counting works with this.
>>>
>>> Barring the cache is this what you’re describing you want?
>>>
>>> Phillip
>>>
>>> On Thursday, August 26, 2021, Ottavio Campana <ottavio@campana.vi.it>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> I want to write a module for an nginx that runs on a device with a
>>>> private IP address and behind NAT, connects to a remote server and adds the
>>>> newly created connection to the list of connections handled by nginx. At
>>>> this point the remote server will invert the connection and start making
>>>> requests.
>>>>
>>>> I tried studying the documentation on nginx.org, but I am not able to
>>>> get an idea about how to achieve this.
>>>>
>>>> Can you please give me a suggestion about how to do it?
>>>>
>>>> Thank you,
>>>>
>>>> Ottavio
>>>>
>>>> --
>>>> Non c'è più forza nella normalità, c'è solo monotonia
>>>>
>>> _______________________________________________
>>> nginx-devel mailing list
>>> nginx-devel@nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>
>>
>>
>> --
>> Non c'è più forza nella normalità, c'è solo monotonia
>>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel



--
Non c'è più forza nella normalità, c'è solo monotonia
_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel
Subject Author Views Posted

Adding a fd that is not obtained through accept to the list the active connections

Ottavio Campana 192 August 26, 2021 09:14AM

Re: Adding a fd that is not obtained through accept to the list the active connections

Phillip Odam 27 August 26, 2021 04:00PM

Re: Adding a fd that is not obtained through accept to the list the active connections

Ottavio Campana 34 August 27, 2021 05:48AM

Re: Adding a fd that is not obtained through accept to the list the active connections

Phillip Odam 34 August 27, 2021 07:12AM

Re: Adding a fd that is not obtained through accept to the list the active connections

Ottavio Campana 28 August 27, 2021 08:00AM

Re: Adding a fd that is not obtained through accept to the list the active connections

Maxim Dounin 38 August 27, 2021 11:42AM

Adding a fd that is not obtained through accept to the list the active connections

Phillip Odam 34 August 30, 2021 07:26AM

Re: Adding a fd that is not obtained through accept to the list the active connections

Ottavio Campana 47 August 31, 2021 03:20PM



Sorry, you do not have permission to post/reply in this forum.

Online Users

Guests: 70
Record Number of Users: 6 on February 13, 2018
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready