proxy_pass to backend (varnish): delivered ip?
nginx-forum at nginx.us
Thu Jan 31 07:13:39 UTC 2013
> If it connects *to* 127.0.0.1, it will connect *from* 127.0.0.1 (which
> is one of the nginx server's addresses).
> If it connects *to* 192.168.0.1, it will connect *from* 192.168.0.1
> (which is one of the nginx server's addresses).
Hm, the said nginx vhost doesn't use 127.0.0.1 or a lan address in
combination with port 80 - varnish listens on *.80. the nginx ssl vhost
listens on an "real" ip and passes the requets to varnish on 127.0.0.1:80.
Or is there a misunderstanding on my side?
> No, it is the address that the connection to varnish comes *from*.
> of your specific setup, that happens to match the address that nginx
> connects to. But try connecting to varnish from some other machine and
> you'll see the difference.
Well, it's not that special, i think.
http: request -> varnish on real ip -> nginx backend on 127.0.0.1:81
https: request -> nginx on real ip:443 -> proxy_pass to varnish on
127.0.01.80 -> nginx backend on 127.0.0.1:81
(If necessary i could draw a small picture)
> It's usually considered a feature that the source address of a
> is logged. There is nothing nginx can do to hide its source address.
> What you want is something non-standard. Possibly there's a varnish
> configuration to allow it.
Ok, so what your're trying to tell me is:
if i proxy_pass to varnish with "proxy_pass http://127.0.0.1:80;" nginx uses
some localhost address (although it can't be 127.0.0.1:80, which is used by
varnish) to connect to varnish, and varnish sees this localhost address
if i proxy_pass to varnish with "proxy_pass http://192.168.0.1:80;" nginx
uses some lan address (although it can't be 192.168.0.1:80, which is used by
varnish) to connect to varnish, and varnish sees this lan address
if i proxy_pass to varnish with "proxy_pass http://real_ip:80;" nginx uses
the real ip (although it can't be real_ip:80, which is used by varnish) to
connect to varnish, and varnish sees this real_ip address
If so, there's nothing i can do within nginx config, as it's simply not
possible. And varnish config or log is the (only) place where i can achieve
thx a lot
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,235737,235762#msg-235762
More information about the nginx