`stream_realip` module#

The module is used to change the client address and port to the ones sent in the PROXY protocol header. The PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.

This module isn’t built by default; it should be enabled with the ‑‑with‑stream_realip_module configuration parameter.

Packages in our repositories have this module built.

Example Configuration#

listen 12345 proxy_protocol;

set_real_ip_from  192.168.1.0/24;
set_real_ip_from  192.168.2.1;
set_real_ip_from  2001:0db8::/32;

Directives#

set_real_ip_from#

Syntax:: set_real_ip_from address | CIDR | unix:;
Default:: —
Context:: stream, server

Defines trusted addresses that are known to send correct replacement addresses. If the special value unix: is specified, all UNIX domain sockets will be trusted.

Built-in Variables#

`$realip_remote_addr`#

keeps the original client address

`$realip_remote_port`#

keeps the original client port

stream_realip module

Contents

`stream_realip` module#

Example Configuration#

Directives#

set_real_ip_from#

Built-in Variables#

`$realip_remote_addr`#

`$realip_remote_port`#

stream_realip module

Contents

stream_realip module#

Example Configuration#

Directives#

set_real_ip_from#

Built-in Variables#

$realip_remote_addr#

$realip_remote_port#

`stream_realip` module#

`$realip_remote_addr`#

`$realip_remote_port`#