ip based access behind nginx load balancer
r at roze.lv
Fri Jun 11 23:21:32 MSD 2010
For "transparent" mode you need a layer 4 load balancer where the balancing
is done on tcp level rather than http ( which is layer 7 and is done by
nginx ) - something like 'haproxy' ( http://haproxy.1wt.eu/ ) or squid (
In short - a simple http proxy can't do that.
You will also need either an old linux kernel (2.2 which can spoof the
client ips to backends) or afaik since 2.6.28 the tproxy support comes with
the kernel (older ones you would need to patch (
http://www.balabit.com/support/community/products/tproxy/ ) ).
Using the header method allows you to skip the need of doing all that.
Regarding apache read my previous mail - about mod_realip2 ( it can make the
webserver to see the request incomming from clients rather than proxy ip ).
While of course nginx _could_ maybe do this also on its own I don't really
see this happening as in nginx + ( nginx / apache / lighty etc )
combinations the realip modules of each webserver accomplish the task pretty
fine in more simple and controllable way. There might be even an easy
solution for IIS to do the same.. but as I havent touched it for 10 years
can't help there :)
From: "ahlatci" <nginx-forum at nginx.us>
Sent: Friday, June 11, 2010 8:36 PM
To: <nginx at nginx.org>
Subject: Re: ip based access behind nginx load balancer
> Thank you for your answers but it did not help me. Because I m using IIS,
> tomcat and Apache and I need to resolve for all http server.
> When I try to show client's ip on server , I can see by like this jsp
> code " out.print(request.getHeader("X-Real-IP"));"
> but ip based access rules on apache,tomcat and IIS are not
> working.Actually I need to not change client's ip. could ngnix work
> transparent mode ?
> Posted at Nginx Forum:
> nginx mailing list
> nginx at nginx.org
More information about the nginx