Adding a fd that is not obtained through accept to the list the active connections

Ottavio Campana ottavio at
Fri Aug 27 11:59:03 UTC 2021

Dear Phillip,

I know Tailscale very well, I use it and like it a lot. But my final goal
is finding a way to implement the ONVIF Uplink service, , where I can
have several devices on the LAN that need to connect to a remote server,
which will then send commands.

Therefore I need a way to start a connection from nginx (or an external
program and then passing the fd through a unix socket domain) and make it
act as if the fd were obtained from an accept.

Nginx works with events and I find it very difficult to find a mechanism to
pass this connection to it.

Do you have other ideas?

Thank you,


Il giorno ven 27 ago 2021 alle ore 13:10 Phillip Odam <
phillip.odam at> ha scritto:

> Hi Ottavio
> I get you now, you’re trying to find a way for the remote server to get
> through your NAT router. Who controls the remote server? Because even if
> you initiate the TCP connection to it unless it ‘knows’ to make an HTTP
> request back nothings going to happen.
> The simplest approach for getting through your NAT would be to just setup
> a port forward, any particular qualms with that? It can be shied away from
> for security but managed properly it’s a perfectly acceptable approach.
> As an aside, these guys wrote up a brilliant piece on punching holes
> through two NATs (the public sides each facing each other over the
> internet), at a quick glance I couldn’t spot
> the particular post.
> Cheers
> Phillip
> On Friday, August 27, 2021, Ottavio Campana <ottavio at> wrote:
>> Dear Phillip,
>> I think it is not what I am trying to do (or I did not completely
>> understand your solution).
>> As far as I understand, when nginx dispatches a request it checks if it
>> is a file or, among others, something that can be retrieved from an
>> upstream. But upstreams act as clients, they do accept requests coming from
>> the remote server.
>> My goal is to have a connection to a remote server that is somehow
>> started by the nginx, but then the connection is reversed, the "upstream"
>> makes requests and nginx responds.
>> Is there a way to achieve this with upstreams?
>> Thank you,
>> Ottavio
>> Il giorno gio 26 ago 2021 alle ore 21:58 Phillip Odam <
>> phillip.odam at> ha scritto:
>>> Hi Ottavio
>>> I’m probably overlooking something in the description of what you want
>>> but I think NGINX out of the box provides you with what you want.
>>> Here’s an example of one I’ve implemented.
>>> A software project I don’t develop retrieves dependencies from
>>> (it’s a SOAP web service that retrieves a remote XSD)
>>> The trouble with depending on a file sourced from is that if the
>>> file is requested too frequently will rate limit your requests.
>>> One solution would be to store the XSD in the web service but that’d
>>> require changing the application.
>>> I chose to run an NGINX where it’s upstream was configured to point at
>>> and to avoid needlessly retrieving the same content repeatedly a
>>> cache was used.
>>> So the NGINX was listening on local host in this case and for the
>>> backend it was connecting to whatever resolves to. And so no
>>> changes were needed in the app I changed the servers hosts file to point
>>> to localhost. This isn’t a problem for NGINX to connect to
>>> as the IP was hard coded in the upstream.
>>> And NGINX’s built in connection counting works with this.
>>> Barring the cache is this what you’re describing you want?
>>> Phillip
>>> On Thursday, August 26, 2021, Ottavio Campana <ottavio at>
>>> wrote:
>>>> Hello,
>>>> I want to write a module for an nginx that runs on a device with a
>>>> private IP address and behind NAT, connects to a remote server and adds the
>>>> newly created connection to the list of connections handled by nginx. At
>>>> this point the remote server will invert the connection and start making
>>>> requests.
>>>> I tried studying the documentation on, but I am not able to
>>>> get an idea about how to achieve this.
>>>> Can you please give me a suggestion about how to do it?
>>>> Thank you,
>>>> Ottavio
>>>> --
>>>> Non c'è più forza nella normalità, c'è solo monotonia
>>> _______________________________________________
>>> nginx-devel mailing list
>>> nginx-devel at
>> --
>> Non c'è più forza nella normalità, c'è solo monotonia
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at

Non c'è più forza nella normalità, c'è solo monotonia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the nginx-devel mailing list