Offload TCP traffic to another process

[yoav.cohen]

Dear experts,

We are evaluating nginx as a platform for the product of our new startup
company.

Our use-case requires a TCP proxy that will terminate TLS, which nginx
handles very well. However, we need to be able to send all TCP traffic to
another process for offline processing.

Initially we thought we could write a NGX_STREAM_MODULE (call it tcp_mirror)
that will be able to read both the downstream bytes (client <--> nginx) and
upstream bytes (proxy <--> server) and send them to another process, but
after looking at a few module examples and trying out a few things we
understood that we can only use a single content handler for each stream
configuration. 

For example, we were hoping the following mock configuration would work for
us, but realized we can't have both proxy_pass and tcp_mirror under server
because there can be only one content handler:
stream {
    server {
        listen     12346;
        proxy_pass backend.example.com:12346;
        tcp_mirror processor.acme.com:6666;
    }
}

The above led us to the conclusion that in order to implement our use-case
we would have to write a new proxy_pass module, more specifically we would
have to re-write ngx_stream_proxy_module.c. The idea is that we would manage
two upstreams, the server and the processor. The configuration would look
something like this:
stream {
    server {
        listen     12346;
        proxy_pass_mirror backend.example.com:12346
processor.acme.com:6666;
    }
}

Before we begin implementation of this design, we wanted to consult with the
experts here and understand whether anyone has a better idea on how to
implement our use-case on top of nginx.

Thanks in advance,
Yoav Cohen.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,286360,286360#msg-286360