Use ngx_stream_ssl_preread_module but also log client ip in access.log for https requests

Thomas Glanzmann thomas at
Wed Oct 12 18:33:29 UTC 2016

Hello Roman,

* Roman Arutyunyan <arut at> [2016-10-12 20:07]:
> On Wed, Oct 12, 2016 at 07:50:06PM +0200, Thomas Glanzmann wrote:
> > I would like to use ngx_stream_ssl_preread_module to multiplex a web
> > server, openvpn, and squid to one ip address and port. However I would
> > also like to keep the real client ip address in my http logs, is that
> > possible, if so how?

> You can enable the PROXY protocol for upstream connections.
> But your backends must support it.


thanks a lot for the hint. It works like a charm. For others want to do
the same, I did the following:

        - configured nginx with --with-stream --with-stream_ssl_preread_module

        - For https listened on stream:

stream {
        proxy_protocol on;

        upstream webserver {

        map $ssl_preread_server_name $name {
                default webserver;

        server {
                listen <ip>:443;

                proxy_pass  $name;
                ssl_preread on;

        - In my http context, I added:

                real_ip_header proxy_protocol;

        - And in my https listen directives I put:

                listen ssl http2 proxy_protocol;

I didn't even had to modify the access_log logformat because apparently
'real_ip_header proxy_protocol' takes care of that.


More information about the nginx mailing list