`stream_realip` module#

The module is used to change the client address and port to the ones sent in the PROXY protocol header. The PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.

When building from the source code, this module isn’t built by default; it should be enabled with the ‑‑with‑stream_realip_module build option.

In packages and images from our repos, the module is included in the build.

Example Configuration#

listen 12345 proxy_protocol;

set_real_ip_from  192.168.1.0/24;
set_real_ip_from  192.168.2.1;
set_real_ip_from  2001:0db8::/32;

Directives#

set_real_ip_from#

Syntax:: set_real_ip_from address | CIDR | unix:;
Default:: —
Context:: stream, server

Defines trusted addresses that are known to send correct replacement addresses. If the special value unix: is specified, all UNIX domain sockets will be trusted.

Built-in Variables#

`$realip_remote_addr`#

keeps the original client address

`$realip_remote_port`#

keeps the original client port

stream_realip module

Contents

`stream_realip` module#

Example Configuration#

Directives#

set_real_ip_from#

Built-in Variables#

`$realip_remote_addr`#

`$realip_remote_port`#

stream_realip module

Contents

stream_realip module#

Example Configuration#

Directives#

set_real_ip_from#

Built-in Variables#

$realip_remote_addr#

$realip_remote_port#

`stream_realip` module#

`$realip_remote_addr`#

`$realip_remote_port`#