Vjylku

Brexit - No Deal Rejection

What is a ^ b and (a & b) << 1?

Why do newer 737s use two different styles of split winglets?

Why does overlay work only on the first tcolorbox?

Happy pi day, everyone!

Relationship between sampajanna definitions in SN 47.2 and SN 47.35

Is it insecure to send a password in a `curl` command?

Is it true that good novels will automatically sell themselves on Amazon (and so on) and there is no need for one to waste time promoting?

Non-trivial topology where only open sets are closed

How do I hide Chekhov's Gun?

Is there a place to find the pricing for things not mentioned in the PHB? (non-magical)

What is the significance behind "40 days" that often appears in the Bible?

Instead of a Universal Basic Income program, why not implement a "Universal Basic Needs" program?

When to use a slotted vs. solid turner?

Python if-else code style for reduced code for rounding floats

What is the adequate fee for a reveal operation?

What does 高層ビルに何車線もの道路。mean?

Simplify an interface for flexibly applying rules to periods of time

Print a physical multiplication table

Custom alignment for GeoMarkers

The German vowel “a” changes to the English “i”

Why is a white electrical wire connected to 2 black wires?

Is honey really a supersaturated solution? Does heating to un-crystalize redissolve it or melt it?

ERC721: How to get the owned tokens of an address

Is it possible to configure Nginx to accept requests both with and without proxy protocol to the same URL?

phpbb behind a reverse proxyProtocol switching with reverse proxy and application server with static linksHow to use nginx as reverse proxy with multiple IPs and SSL?Can I run Apache2 and Nginx on the same server with only 1 IPDoes NGINX allow for switching load to another server without losing the requests?How to let nginx simply pass a request to a forwarding proxy server?How to proxy multiple node apps on the same SSL domain with nginxnginx reverse stream proxy with multiple ports to the same serverNginx configuration with HAproxy proxy protocol and internal redirectionNGINX reverse-proxy exposing backend server IP address and protocol

1

I have a set of applications behind a proxy server which forwards request appropriately and uses the proxy protocol to preserve the request's origin data. The apps also make requests amongst each other so I want them to accept requests with and without the proxy protocol. Is it possible to configure Nginx to do this in some way without using a different server_name or port?

nginx reverse-proxy

share|improve this question

asked 6 hours ago

Calum HalpinCalum Halpin

154

add a comment | 

1

I have a set of applications behind a proxy server which forwards request appropriately and uses the proxy protocol to preserve the request's origin data. The apps also make requests amongst each other so I want them to accept requests with and without the proxy protocol. Is it possible to configure Nginx to do this in some way without using a different server_name or port?

nginx reverse-proxy

share|improve this question

asked 6 hours ago

Calum HalpinCalum Halpin

154

add a comment | 

I have a set of applications behind a proxy server which forwards request appropriately and uses the proxy protocol to preserve the request's origin data. The apps also make requests amongst each other so I want them to accept requests with and without the proxy protocol. Is it possible to configure Nginx to do this in some way without using a different server_name or port?

nginx reverse-proxy

share|improve this question

asked 6 hours ago

Calum HalpinCalum Halpin

154

share|improve this question

asked 6 hours ago

Calum HalpinCalum Halpin

154

share|improve this question

asked 6 hours ago

Calum HalpinCalum Halpin

154

asked 6 hours ago

Calum HalpinCalum Halpin

154

asked 6 hours ago

Calum HalpinCalum Halpin

154

1 Answer
1

active

oldest

votes

2

Without using a different server block, the only way to do this is with different listen directives. This means the server running nginx must have different IP addresses for connecting to the server from the external proxy and from the internal server farm.

For example, you might have an internal network 10.87.239.0/24 for your internal apps, and the server running nginx is on 10.87.239.3. Then you have an external network 10.87.238.0/24 which your external proxy server uses to reach nginx, and the server has address 10.87.238.3. In this case you can configure nginx as:

server {

    # PROXY protocol connections

    listen 10.87.238.3:443 ssl http2 proxy_protocol;

    set_real_ip_from 10.87.238.2;  # The address(es) of the proxies

    real_ip_header proxy_protocol;



    # Direct connections

    listen 10.87.239.3:443 ssl http2;

    listen [::]:443 ssl http2;



    # everything else for this block

}

On a related note, you should have already deployed IPv6 within your organization, even without global IPv6 connectivity. You can use that for your internal communications if you haven't got a separate internal IPv4 network.

share|improve this answer

answered 3 hours ago

Michael Hampton♦Michael Hampton

172k27315642

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f958608%2fis-it-possible-to-configure-nginx-to-accept-requests-both-with-and-without-proxy%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

2

Without using a different server block, the only way to do this is with different listen directives. This means the server running nginx must have different IP addresses for connecting to the server from the external proxy and from the internal server farm.

For example, you might have an internal network 10.87.239.0/24 for your internal apps, and the server running nginx is on 10.87.239.3. Then you have an external network 10.87.238.0/24 which your external proxy server uses to reach nginx, and the server has address 10.87.238.3. In this case you can configure nginx as:

server {

    # PROXY protocol connections

    listen 10.87.238.3:443 ssl http2 proxy_protocol;

    set_real_ip_from 10.87.238.2;  # The address(es) of the proxies

    real_ip_header proxy_protocol;



    # Direct connections

    listen 10.87.239.3:443 ssl http2;

    listen [::]:443 ssl http2;



    # everything else for this block

}

On a related note, you should have already deployed IPv6 within your organization, even without global IPv6 connectivity. You can use that for your internal communications if you haven't got a separate internal IPv4 network.

share|improve this answer

answered 3 hours ago

Michael Hampton♦Michael Hampton

172k27315642

add a comment | 

2

Without using a different server block, the only way to do this is with different listen directives. This means the server running nginx must have different IP addresses for connecting to the server from the external proxy and from the internal server farm.

For example, you might have an internal network 10.87.239.0/24 for your internal apps, and the server running nginx is on 10.87.239.3. Then you have an external network 10.87.238.0/24 which your external proxy server uses to reach nginx, and the server has address 10.87.238.3. In this case you can configure nginx as:

server {

    # PROXY protocol connections

    listen 10.87.238.3:443 ssl http2 proxy_protocol;

    set_real_ip_from 10.87.238.2;  # The address(es) of the proxies

    real_ip_header proxy_protocol;



    # Direct connections

    listen 10.87.239.3:443 ssl http2;

    listen [::]:443 ssl http2;



    # everything else for this block

}

On a related note, you should have already deployed IPv6 within your organization, even without global IPv6 connectivity. You can use that for your internal communications if you haven't got a separate internal IPv4 network.

share|improve this answer

answered 3 hours ago

Michael Hampton♦Michael Hampton

172k27315642

add a comment | 

Without using a different server block, the only way to do this is with different listen directives. This means the server running nginx must have different IP addresses for connecting to the server from the external proxy and from the internal server farm.

For example, you might have an internal network 10.87.239.0/24 for your internal apps, and the server running nginx is on 10.87.239.3. Then you have an external network 10.87.238.0/24 which your external proxy server uses to reach nginx, and the server has address 10.87.238.3. In this case you can configure nginx as:

server {

    # PROXY protocol connections

    listen 10.87.238.3:443 ssl http2 proxy_protocol;

    set_real_ip_from 10.87.238.2;  # The address(es) of the proxies

    real_ip_header proxy_protocol;



    # Direct connections

    listen 10.87.239.3:443 ssl http2;

    listen [::]:443 ssl http2;



    # everything else for this block

}

On a related note, you should have already deployed IPv6 within your organization, even without global IPv6 connectivity. You can use that for your internal communications if you haven't got a separate internal IPv4 network.

share|improve this answer

answered 3 hours ago

Michael Hampton♦Michael Hampton

172k27315642

server {

    # PROXY protocol connections

    listen 10.87.238.3:443 ssl http2 proxy_protocol;

    set_real_ip_from 10.87.238.2;  # The address(es) of the proxies

    real_ip_header proxy_protocol;



    # Direct connections

    listen 10.87.239.3:443 ssl http2;

    listen [::]:443 ssl http2;



    # everything else for this block

}

share|improve this answer

answered 3 hours ago

Michael Hampton♦Michael Hampton

172k27315642

answered 3 hours ago

Michael Hampton♦Michael Hampton

172k27315642

answered 3 hours ago

Michael Hampton♦Michael Hampton

172k27315642