Adding a fd that is not obtained through accept to the list the active connections

Phillip Odam phillip.odam at
Fri Aug 27 11:10:20 UTC 2021

Hi Ottavio

I get you now, you’re trying to find a way for the remote server to get
through your NAT router. Who controls the remote server? Because even if
you initiate the TCP connection to it unless it ‘knows’ to make an HTTP
request back nothings going to happen.

The simplest approach for getting through your NAT would be to just setup a
port forward, any particular qualms with that? It can be shied away from
for security but managed properly it’s a perfectly acceptable approach.

As an aside, these guys wrote up a brilliant piece on punching holes
through two NATs (the public sides each facing each other over the
internet), at a quick glance I couldn’t spot
the particular post.


On Friday, August 27, 2021, Ottavio Campana <ottavio at> wrote:

> Dear Phillip,
> I think it is not what I am trying to do (or I did not completely
> understand your solution).
> As far as I understand, when nginx dispatches a request it checks if it is
> a file or, among others, something that can be retrieved from an upstream.
> But upstreams act as clients, they do accept requests coming from the
> remote server.
> My goal is to have a connection to a remote server that is somehow started
> by the nginx, but then the connection is reversed, the "upstream" makes
> requests and nginx responds.
> Is there a way to achieve this with upstreams?
> Thank you,
> Ottavio
> Il giorno gio 26 ago 2021 alle ore 21:58 Phillip Odam <
> phillip.odam at> ha scritto:
>> Hi Ottavio
>> I’m probably overlooking something in the description of what you want
>> but I think NGINX out of the box provides you with what you want.
>> Here’s an example of one I’ve implemented.
>> A software project I don’t develop retrieves dependencies from
>> (it’s a SOAP web service that retrieves a remote XSD)
>> The trouble with depending on a file sourced from is that if the
>> file is requested too frequently will rate limit your requests.
>> One solution would be to store the XSD in the web service but that’d
>> require changing the application.
>> I chose to run an NGINX where it’s upstream was configured to point at
>> and to avoid needlessly retrieving the same content repeatedly a
>> cache was used.
>> So the NGINX was listening on local host in this case and for the backend
>> it was connecting to whatever resolves to. And so no changes were
>> needed in the app I changed the servers hosts file to point to
>> localhost. This isn’t a problem for NGINX to connect to as the
>> IP was hard coded in the upstream.
>> And NGINX’s built in connection counting works with this.
>> Barring the cache is this what you’re describing you want?
>> Phillip
>> On Thursday, August 26, 2021, Ottavio Campana <ottavio at>
>> wrote:
>>> Hello,
>>> I want to write a module for an nginx that runs on a device with a
>>> private IP address and behind NAT, connects to a remote server and adds the
>>> newly created connection to the list of connections handled by nginx. At
>>> this point the remote server will invert the connection and start making
>>> requests.
>>> I tried studying the documentation on, but I am not able to
>>> get an idea about how to achieve this.
>>> Can you please give me a suggestion about how to do it?
>>> Thank you,
>>> Ottavio
>>> --
>>> Non c'è più forza nella normalità, c'è solo monotonia
>> _______________________________________________
>> nginx-devel mailing list
>> nginx-devel at
> --
> Non c'è più forza nella normalità, c'è solo monotonia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx-devel mailing list