Tproxy support for IP transparency
Francis Daly
francis at daoine.org
Sat Jun 5 14:38:25 UTC 2021
On Sat, Jun 05, 2021 at 12:36:47AM -0400, bouvierh wrote:
Hi there,
I don't have a tested answer to your question, but...
> When my application connects to a sever, I am intercepting the request and
> routing it to a nginx process located on the same host (listening to
> 127.0.0.1:8883).
> The interception need to be transparent, so IP tables does that well. Now
> the issue is restoring the original destination. This would be trivial with
> HTTP, however MQTT or AMQP can also be used.
does
https://www.nginx.com/blog/ip-transparency-direct-server-return-nginx-plus-transparent-proxy/
describe what you want to do?
The current version (I think) expects that nginx and the upstream are on
different servers; there is mention in the comments of a tproxy config
that looks like it could work if they are on the same server.
> I have looked at Tproxy protocol, it looks promising, but I have not found
> any way to use it with Nginx. It seems it is used for IP transparency for
> upstream server, not for transparently intercepting client messages.
>
> Can I still implement a transparent interception of requests with Nginx?
The nginx-side of the config seems to be "proxy_bind" with the
"transparent" argument; pretty much all of the rest seems to be
configuring the networking around the server that nginx is running on
and the server that the upstream service is running on, to make sure
that the upstream service does not have to know that the nginx service
is involved in the communication.
Good luck with it,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list