nginx and TPROXY

David Kostal david.kostal at gmail.com
Fri Jun 15 05:56:09 UTC 2012


Hi all,
I just run into the need to have nginx support the Linux TPROXY
feature: there is not REDIRECT target for IPv6. As there is no support
for TPROXY in nginx I created a small patch for core & http modules
against 1.2.1. It's enabled by recompiling nginx with --with-tproxy
and activating it by adding "tproxy" as an additional argument to
listen.

Unfortunately it is not possible to enable/disable tproxy behavior for
existing sockets during reload, only on startup or when reload adds
new listening sockets. This is due to fact that the setsockopt() call
must be done before bind().

Please have a look, so far it works for me but I did not do yet any
heavy testing and it's not production yet:)

david.kostal at gmail.com
----+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nginx-tproxy.patch
Type: application/octet-stream
Size: 5618 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120615/c0c31a4f/attachment.obj>


More information about the nginx mailing list