stream_realip
module#
The module is used to change the client address and port to the ones sent in the PROXY protocol header. The PROXY protocol must be previously enabled by setting the proxy_protocol parameter in the listen directive.
This module isn’t built by default;
it should be enabled with the
‑‑with‑stream_realip_module
configuration parameter.
Packages in our repositories have this module built.
Example Configuration#
listen 12345 proxy_protocol;
set_real_ip_from 192.168.1.0/24;
set_real_ip_from 192.168.2.1;
set_real_ip_from 2001:0db8::/32;
Directives#
set_real_ip_from#
- Syntax:
set_real_ip_from
address | CIDR | unix:;- Default:
—
- Context:
stream, server
Defines trusted addresses that are known to send correct replacement addresses. If the special value unix:
is specified, all UNIX domain sockets will be trusted.
Built-in Variables#
$realip_remote_addr
#
keeps the original client address
$realip_remote_port
#
keeps the original client port