Module ngx_stream_realip_module

The ngx_stream_realip_module module is used to change the client address and port to the ones sent in the PROXY protocol header (1.11.4). The PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.

This module is not built by default, it should be enabled with the --with-stream_realip_module configuration parameter.

Example Configuration

listen 12345 proxy_protocol;

set_real_ip_from  192.168.1.0/24;
set_real_ip_from  192.168.2.1;
set_real_ip_from  2001:0db8::/32;

Directives

Syntax: set_real_ip_from address | CIDR | unix:;
Default:
Context: stream, server

Defines trusted addresses that are known to send correct replacement addresses. If the special value unix: is specified, all UNIX-domain sockets will be trusted.

Embedded Variables

$realip_remote_addr
keeps the original client address
$realip_remote_port
keeps the original client port

© 2002-2021 Igor Sysoev
© 2011-2021 Nginx, Inc.
Licensed under the BSD License.
https://nginx.org/en/docs/stream/ngx_stream_realip_module.html