Nginx proxy_bind failing
Peter Booth
peter_booth at me.com
Sat Oct 31 08:09:02 UTC 2020
Gary,
This was interesting to read. There was one thing that wasn’t obvious to me however.
What was the high level problem that you were solving with this specific configuration?
Curiously
Peter
Sent from my iPhone
> On Oct 30, 2020, at 3:16 PM, garycnew at yahoo.com <nginx-forum at forum.nginx.org> wrote:
>
> All:
>
> After reviewing the iptables chains workflow, I discovered that the Nginx
> Worker (100.64.8.236:12345) outside interface was associated with the OUTPUT
> chain.
>
>
> (192.168.0.2:12345) OUTPUT ==>
> (192.168.0.154:$port) PREROUTING ==>
> (100.64.8.236:12345) POSTROUTING ==>
> Windows Client (192.168.0.154:$port) ==> Nginx Master (192.168.0.2:443) |
> Nginx Worker (100.64.8.236:12345) ==> Upstream Desination Server
> (104.27.161.206:443)
> <== POSTROUTING (192.168.0.2:443)
> <== PREROUTING (104.27.161.206:443)
>
> Once adding the appropriate iptables OUTPUT rule, using the correct
> interface (vlan2), the packets leaving the Nginx Worker (100.64.8.236:12345)
> were then appropriately MARKed and routed to the OpenVPN Tunnel.
>
> # iptables -t mangle -I OUTPUT -o vlan2 -p tcp -m multiport --sport 12345 -j
> MARK --set-mark 0x2000/0x2000
> Now, I just need to figure out the Nginx SSL Client CA Trust configuration
> and we should be in business.
>
> Hope this helps someone in the future.
>
> Respectfully,
>
> Gary
>
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,289823,289847#msg-289847
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
More information about the nginx
mailing list