Adding a fd that is not obtained through accept to the list the active connections
phillip.odam at nitorgroup.com
Fri Aug 27 11:10:20 UTC 2021
I get you now, you’re trying to find a way for the remote server to get
through your NAT router. Who controls the remote server? Because even if
you initiate the TCP connection to it unless it ‘knows’ to make an HTTP
request back nothings going to happen.
The simplest approach for getting through your NAT would be to just setup a
port forward, any particular qualms with that? It can be shied away from
for security but managed properly it’s a perfectly acceptable approach.
As an aside, these guys wrote up a brilliant piece on punching holes
through two NATs (the public sides each facing each other over the
internet) https://tailscale.com/blog/, at a quick glance I couldn’t spot
the particular post.
On Friday, August 27, 2021, Ottavio Campana <ottavio at campana.vi.it> wrote:
> Dear Phillip,
> I think it is not what I am trying to do (or I did not completely
> understand your solution).
> As far as I understand, when nginx dispatches a request it checks if it is
> a file or, among others, something that can be retrieved from an upstream.
> But upstreams act as clients, they do accept requests coming from the
> remote server.
> My goal is to have a connection to a remote server that is somehow started
> by the nginx, but then the connection is reversed, the "upstream" makes
> requests and nginx responds.
> Is there a way to achieve this with upstreams?
> Thank you,
> Il giorno gio 26 ago 2021 alle ore 21:58 Phillip Odam <
> phillip.odam at nitorgroup.com> ha scritto:
>> Hi Ottavio
>> I’m probably overlooking something in the description of what you want
>> but I think NGINX out of the box provides you with what you want.
>> Here’s an example of one I’ve implemented.
>> A software project I don’t develop retrieves dependencies from w3.org
>> (it’s a SOAP web service that retrieves a remote XSD)
>> The trouble with depending on a file sourced from w3.org is that if the
>> file is requested too frequently w3.org will rate limit your requests.
>> One solution would be to store the XSD in the web service but that’d
>> require changing the application.
>> I chose to run an NGINX where it’s upstream was configured to point at
>> w3.org and to avoid needlessly retrieving the same content repeatedly a
>> cache was used.
>> So the NGINX was listening on local host in this case and for the backend
>> it was connecting to whatever w3.org resolves to. And so no changes were
>> needed in the app I changed the servers hosts file to point w3.org to
>> localhost. This isn’t a problem for NGINX to connect to w3.org as the
>> w3.org IP was hard coded in the upstream.
>> And NGINX’s built in connection counting works with this.
>> Barring the cache is this what you’re describing you want?
>> On Thursday, August 26, 2021, Ottavio Campana <ottavio at campana.vi.it>
>>> I want to write a module for an nginx that runs on a device with a
>>> private IP address and behind NAT, connects to a remote server and adds the
>>> newly created connection to the list of connections handled by nginx. At
>>> this point the remote server will invert the connection and start making
>>> I tried studying the documentation on nginx.org, but I am not able to
>>> get an idea about how to achieve this.
>>> Can you please give me a suggestion about how to do it?
>>> Thank you,
>>> Non c'è più forza nella normalità, c'è solo monotonia
>> nginx-devel mailing list
>> nginx-devel at nginx.org
> Non c'è più forza nella normalità, c'è solo monotonia
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the nginx-devel