RealIP#

Allows changing the client address and port to those passed in the PROXY protocol header. The PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.

When building from the source code, this module isn't built by default; it should be enabled with the ‑‑with‑stream_realip_module build option.

In packages and images from our repos, the module is included in the build.

Configuration Example#

listen 12345 proxy_protocol;

set_real_ip_from  192.168.1.0/24;
set_real_ip_from  192.168.2.1;
set_real_ip_from  2001:0db8::/32;

Directives#

set_real_ip_from#

Syntax	`set_real_ip_from` address \| CIDR \| `unix:`;
Default	—
Context	stream, server

Defines trusted addresses that are known to send correct replacement addresses. If the special value unix: is specified, all UNIX domain sockets will be trusted.

Built-in Variables#

`$realip_remote_addr`#

keeps the original client address

`$realip_remote_port`#

keeps the original client port