preserve client source address when proxying to upstream
mdounin at mdounin.ru
Wed Dec 16 16:56:05 UTC 2015
On Wed, Dec 16, 2015 at 06:56:02PM +0300, Vsevolod Petrov wrote:
> proxy_bind directive allows to specify source IP address for proxied
> This directive can be set to local IP address.
> I'm wondering if there's a way to set $remote_addr as proxy_bind address?
> Or any other non-local IP address?
> The idea is to see original client source IP address at the server site.
> While it's not http traffic I cannot use XFF header.
> Destination MAC address in the response packet from the server is set to
> nginx server interface address. So, there's no problem at layer 2
> Can nginx listen for responses coming to non-local destination address?
In theory this is possible with appropriate OS-level support, and
as long as you are able to route packets properly. In particular,
this should be possible on OpenBSD using SO_BINDANY, on FreeBSD
using IP_BINDANY, and on Linux using IP_TRANSPARENT/IP_FREEBIND.
An erlier attempt to make it work on nginx can be found here
As far as I understand, doing proper support should be mostly
trivial now with variables support in proxy_bind.
More information about the nginx