Adding a fd that is not obtained through accept to the list the active connections

Ottavio Campana ottavio at campana.vi.it
Fri Aug 27 11:59:03 UTC 2021 

Dear Phillip,

I know Tailscale very well, I use it and like it a lot. But my final goal
is finding a way to implement the ONVIF Uplink service,
https://www.onvif.org/specs/srv/uplink/ONVIF-Uplink-Spec.pdf , where I can
have several devices on the LAN that need to connect to a remote server,
which will then send commands.

Therefore I need a way to start a connection from nginx (or an external
program and then passing the fd through a unix socket domain) and make it
act as if the fd were obtained from an accept.

Nginx works with events and I find it very difficult to find a mechanism to
pass this connection to it.

Do you have other ideas?

Thank you,

Ottavio


Il giorno ven 27 ago 2021 alle ore 13:10 Phillip Odam <
phillip.odam at nitorgroup.com> ha scritto:

> Hi Ottavio
>
> I get you now, you’re trying to find a way for the remote server to get
> through your NAT router. Who controls the remote server? Because even if
> you initiate the TCP connection to it unless it ‘knows’ to make an HTTP
> request back nothings going to happen.
>
> The simplest approach for getting through your NAT would be to just setup
> a port forward, any particular qualms with that? It can be shied away from
> for security but managed properly it’s a perfectly acceptable approach.
>
> As an aside, these guys wrote up a brilliant piece on punching holes
> through two NATs (the public sides each facing each other over the
> internet) https://tailscale.com/blog/, at a quick glance I couldn’t spot
> the particular post.
>
> Cheers
> Phillip
>
> On Friday, August 27, 2021, Ottavio Campana <ottavio at campana.vi.it> wrote:
>
>> Dear Phillip,
>>
>> I think it is not what I am trying to do (or I did not completely
>> understand your solution).
>>
>> As far as I understand, when nginx dispatches a request it checks if it
>> is a file or, among others, something that can be retrieved from an
>> upstream. But upstreams act as clients, they do accept requests coming from
>> the remote server.
>>
>> My goal is to have a connection to a remote server that is somehow
>> started by the nginx, but then the connection is reversed, the "upstream"
>> makes requests and nginx responds.
>>
>> Is there a way to achieve this with upstreams?
>>
>> Thank you,
>>
>> Ottavio
>>
>> Il giorno gio 26 ago 2021 alle ore 21:58 Phillip Odam <
>> phillip.odam at nitorgroup.com> ha scritto:
>>
>>> Hi Ottavio
>>>
>>> I’m probably overlooking something in the description of what you want
>>> but I think NGINX out of the box provides you with what you want.
>>>
>>> Here’s an example of one I’ve implemented.
>>>
>>> A software project I don’t develop retrieves dependencies from w3.org
>>> (it’s a SOAP web service that retrieves a remote XSD)
>>>
>>> The trouble with depending on a file sourced from w3.org is that if the
>>> file is requested too frequently w3.org will rate limit your requests.
>>>
>>> One solution would be to store the XSD in the web service but that’d
>>> require changing the application.
>>>
>>> I chose to run an NGINX where it’s upstream was configured to point at
>>> w3.org and to avoid needlessly retrieving the same content repeatedly a
>>> cache was used.
>>>
>>> So the NGINX was listening on local host in this case and for the
>>> backend it was connecting to whatever w3.org resolves to. And so no
>>> changes were needed in the app I changed the servers hosts file to point
>>> w3.org to localhost. This isn’t a problem for NGINX to connect to w3.org
>>> as the w3.org IP was hard coded in the upstream.
>>>
>>> And NGINX’s built in connection counting works with this.
>>>
>>> Barring the cache is this what you’re describing you want?
>>>
>>> Phillip
>>>
>>> On Thursday, August 26, 2021, Ottavio Campana <ottavio at campana.vi.it>
>>> wrote:
>>>
>>>> Hello,
>>>>
>>>> I want to write a module for an nginx that runs on a device with a
>>>> private IP address and behind NAT, connects to a remote server and adds the
>>>> newly created connection to the list of connections handled by nginx. At
>>>> this point the remote server will invert the connection and start making
>>>> requests.
>>>>
>>>> I tried studying the documentation on nginx.org, but I am not able to
>>>> get an idea about how to achieve this.
>>>>
>>>> Can you please give me a suggestion about how to do it?
>>>>
>>>> Thank you,
>>>>
>>>> Ottavio
>>>>
>>>> --
>>>> Non c'è più forza nella normalità, c'è solo monotonia
>>>>
>>> _______________________________________________
>>> nginx-devel mailing list
>>> nginx-devel at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>>
>>
>>
>> --
>> Non c'è più forza nella normalità, c'è solo monotonia
>>
> _______________________________________________
> nginx-devel mailing list
> nginx-devel at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel



-- 
Non c'è più forza nella normalità, c'è solo monotonia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx-devel/attachments/20210827/7bc91609/attachment.htm>

More information about the nginx-devel mailing list