Reputation: 251
nginx udp proxy pass ip
Looking for some guidance on NGINX and passing the source IP address to backend servers. So far I have found config on how to do this for http/s requests but not for TCP/UDP load balancing to non http/s ports.
I have an UDP proxy setup and working with NGINX but the source IP in my application (syslog server) is showing as that of NGINX and not the devices passing syslog messages to it.
Below is my config - so far I am coming up empty handed on how to pass the source IP from the originating servers.
stream {
server {
listen 514 udp;
proxy_pass syslog_standard;
}
upstream syslog_standard {
server syslog1.ars.com:10514 max_fails=1 fail_timeout=10s;
server syslog2.ars.com:10514 max_fails=1 fail_timeout=10s;
}
}
Any input would be appreciated!
Upvotes: 4
Views: 17953
Answers (3)
Reputation: 1
In case you need to keep the sorce port the directive to use is
proxy_bind $remote_addr:$remote_port transparent;
Upvotes: 0
Reputation: 65
For anyone else looking to accomplish this -- attached is my template configuration I used to get this working to load balance syslog without modifying source information.
The important bits are :
1. Make sure you run as root if using transparent, or modify selinux policies accordingly.
2. This configuration was built to allow multiple listening interfaces on multiple subnets. If you're only using a single interface, delete the second server stanza.
Cheers.
user root;
worker_processes 8;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
stream {
log_format basic '$time_iso8601 $remote_addr '
'$protocol $status $bytes_sent $bytes_received '
'$session_time $upstream_addr '
'"$upstream_bytes_sent" "$upstream_bytes_received" "$upstream_connect_time"';
# Enable access_log statements for debugging
access_log /var/log/nginx/stream.log basic;
upstream syslog_servers {
least_conn;
server 1.2.3.4:10514;
server 1.2.3.5:10514;
server 1.2.3.6:10514;
}
server {
listen 10.11.12.13:514;
listen 10.11.12.13:514 udp;
proxy_responses 0;
proxy_pass syslog_servers;
proxy_buffer_size 4096k;
proxy_bind $remote_addr transparent;
# access_log /var/log/nginx/stream.log basic;
}
server {
listen 11.12.13.14:514;
listen 11.12.13.14:514 udp;
proxy_responses 0;
proxy_pass syslog_servers;
proxy_buffer_size 4096k;
proxy_bind $remote_addr transparent;
# access_log /var/log/nginx/stream.log basic;
}
Upvotes: 2
Reputation: 251
Much appreciated to Alexey above. Late night and I passed over this setting / documentation.
Very simple fix here by adding the following to the server block
proxy_bind $remote_addr transparent;
Upvotes: 10
Related Questions
- How to implement a UDP proxy for debugging network packet loss?
- Nginx UDP load balance transparent proxy source IP
- Proxy TCP and UDP traffic to multiple servers in backend at the same time
- load balance UDP syslog with custom health check
- UDP forwarding with nginx
- Nginx Direct Server Return for UDP
- Nginx load balancer not passing original IP address
- Load-balancing UDP on localhost by source IP
- Nginx proxy pass source ip
- Intercepting Syslog log Traffic to a Custom UDP Server