nginx counterpart of haproxy's acl dst

Alexey S kvrico at gmail.com
Thu Mar 31 06:59:40 UTC 2016


Hi Aleks,

I think it's not the one.
AFAIU the closest match for HAProxy "dst" is $server_addr, but it doesn't
work as good with DNAT, because it hides original destination IP used by a
client, even though there is a way to retrieve this information [1].

My usecase is following:

a) I create iptables rules on the host:
      iptables -t nat -A OUTPUT -p tcp -d 192.168.170.1 --dport 7654 -j
DNAT --to-destination 127.0.0.1:11123
      iptables -t nat -A OUTPUT -p tcp -d 192.168.170.2 --dport 7654 -j
DNAT --to-destination 127.0.0.1:11123
b) Run load balancer on localhost port 11123
c) Use telnet to hit 192.168.170.1:7654 and 192.168.170.2:7654
d) I need load balancer to choose different upstreams depending on the
address I specified on step (c)

It works with HAProxy, but unfortunately I can't find how to make it work
with NGINX :(

WBR,
Alexey.

[1] https://github.com/haproxy/haproxy/blob/master/src/proto_tcp.c#L600

On Wed, Mar 30, 2016 at 3:50 AM, Aleksandar Lazic <al-nginx at none.at> wrote:

> Hi.
>
> Am 30-03-2016 10:24, schrieb Alexey S:
>
>> Hi,
>>
>> does nginx have a variable, that represents the destination IP address
>> and port, like it was seen/used by the client at the connection time?
>>
>
> Could you mean
>
>
> http://nginx.org/en/docs/http/ngx_http_upstream_module.html#var_upstream_addr
>
> Cheers Aleks
>
> Thank you.
>>
>> WBR,
>> Alexey
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20160330/bc05ba15/attachment.html>


More information about the nginx mailing list