Offload TCP traffic to another process

yoav.cohen nginx-forum at
Thu Nov 28 20:33:01 UTC 2019

Dear experts,

We are evaluating nginx as a platform for the product of our new startup

Our use-case requires a TCP proxy that will terminate TLS, which nginx
handles very well. However, we need to be able to send all TCP traffic to
another process for offline processing.

Initially we thought we could write a NGX_STREAM_MODULE (call it tcp_mirror)
that will be able to read both the downstream bytes (client <--> nginx) and
upstream bytes (proxy <--> server) and send them to another process, but
after looking at a few module examples and trying out a few things we
understood that we can only use a single content handler for each stream

For example, we were hoping the following mock configuration would work for
us, but realized we can't have both proxy_pass and tcp_mirror under server
because there can be only one content handler:
stream {
    server {
        listen     12346;

The above led us to the conclusion that in order to implement our use-case
we would have to write a new proxy_pass module, more specifically we would
have to re-write ngx_stream_proxy_module.c. The idea is that we would manage
two upstreams, the server and the processor. The configuration would look
something like this:
stream {
    server {
        listen     12346;

Before we begin implementation of this design, we wanted to consult with the
experts here and understand whether anyone has a better idea on how to
implement our use-case on top of nginx.

Thanks in advance,
Yoav Cohen.

Posted at Nginx Forum:,286360,286360#msg-286360

More information about the nginx mailing list