ip based access behind nginx load balancer

Reinis Rozitis r at roze.lv
Fri Jun 11 23:21:32 MSD 2010

For "transparent" mode you need a layer 4 load balancer where the balancing 
is done on tcp level rather than http ( which is layer 7 and is done by 
nginx ) - something like 'haproxy' ( http://haproxy.1wt.eu/ ) or squid ( 
http://wiki.squid-cache.org/Features/Tproxy4 ).

In short - a simple http proxy can't do that.

You will also need either an old linux kernel (2.2 which can spoof the 
client ips to backends) or afaik since 2.6.28 the tproxy support comes with 
the kernel (older ones you would need to patch  ( 
http://www.balabit.com/support/community/products/tproxy/ )  ).

Using the header method allows you to skip the need of doing all that.

Regarding apache read my previous mail - about mod_realip2 ( it can make the 
webserver to see the request incomming from clients rather than proxy ip ).

While of course nginx _could_ maybe do this also on its own I don't really 
see this happening as in nginx + ( nginx / apache / lighty etc ) 
combinations the realip modules of each webserver accomplish the task pretty 
fine in more simple and controllable way. There might be even an easy 
solution for IIS to do the same.. but as I havent touched it for 10 years 
can't help there :)


From: "ahlatci" <nginx-forum at nginx.us>
Sent: Friday, June 11, 2010 8:36 PM
To: <nginx at nginx.org>
Subject: Re: ip based access behind nginx load balancer

> Thank you for your answers but it did not help  me. Because I m using IIS, 
> tomcat and Apache and I need to resolve for all http server.
> When I try to show client's ip on server , I can see  by like this jsp 
> code " out.print(request.getHeader("X-Real-IP"));"
> but ip based access rules on apache,tomcat and IIS  are not 
> working.Actually I need to not change client's ip. could ngnix work 
> transparent mode ?
> Posted at Nginx Forum: 
> http://forum.nginx.org/read.php?2,97154,97237#msg-97237
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://nginx.org/mailman/listinfo/nginx

More information about the nginx mailing list