Sfrgttk

Bacteria contamination inside a thermos bottle

"Words were different when they (lived / were living) inside of you"

What exactly is this small puffer fish doing and how did it manage to accomplish such a feat?

Are Roman Catholic priests ever addressed as pastor

Custom alignment for GeoMarkers

Why do passenger jet manufacturers design their planes with stall prevention systems?

Do the common programs (for example: "ls", "cat") in Linux and BSD come from the same source code?

Simplify an interface for flexibly applying rules to periods of time

Adventure Game (text based) in C++

Could the Saturn V actually have launched astronauts around Venus?

Professor being mistaken for a grad student

Is there a symmetric-key algorithm which we can use for creating a signature?

How could a scammer know the apps on my phone / iTunes account?

et qui - how do you really understand that kind of phraseology?

How to explain that I do not want to visit a country due to personal safety concern?

Can I use USB data pins as a power source?

While on vacation my taxi took a longer route, possibly to scam me out of money. How can I deal with this?

What is the adequate fee for a reveal operation?

As a new Ubuntu desktop 18.04 LTS user, do I need to use ufw for a firewall or is iptables sufficient?

Examples of transfinite towers

This word with a lot of past tenses

What is a ^ b and (a & b) << 1?

How difficult is it to simply disable/disengage the MCAS on Boeing 737 Max 8 & 9 Aircraft?

Meme-controlled people

Is it possible to configure Nginx to accept requests both with and without proxy protocol to the same URL?

phpbb behind a reverse proxyProtocol switching with reverse proxy and application server with static linksHow to use nginx as reverse proxy with multiple IPs and SSL?Can I run Apache2 and Nginx on the same server with only 1 IPDoes NGINX allow for switching load to another server without losing the requests?How to let nginx simply pass a request to a forwarding proxy server?How to proxy multiple node apps on the same SSL domain with nginxnginx reverse stream proxy with multiple ports to the same serverNginx configuration with HAproxy proxy protocol and internal redirectionNGINX reverse-proxy exposing backend server IP address and protocol

1

I have a set of applications behind a proxy server which forwards request appropriately and uses the proxy protocol to preserve the request's origin data. The apps also make requests amongst each other so I want them to accept requests with and without the proxy protocol. Is it possible to configure Nginx to do this in some way without using a different server_name or port?

nginx reverse-proxy

share|improve this question

asked 6 hours ago

Calum HalpinCalum Halpin

154

add a comment | 

1

I have a set of applications behind a proxy server which forwards request appropriately and uses the proxy protocol to preserve the request's origin data. The apps also make requests amongst each other so I want them to accept requests with and without the proxy protocol. Is it possible to configure Nginx to do this in some way without using a different server_name or port?

nginx reverse-proxy

share|improve this question

asked 6 hours ago

Calum HalpinCalum Halpin

154

add a comment | 

I have a set of applications behind a proxy server which forwards request appropriately and uses the proxy protocol to preserve the request's origin data. The apps also make requests amongst each other so I want them to accept requests with and without the proxy protocol. Is it possible to configure Nginx to do this in some way without using a different server_name or port?

nginx reverse-proxy

share|improve this question

asked 6 hours ago

Calum HalpinCalum Halpin

154

share|improve this question

asked 6 hours ago

Calum HalpinCalum Halpin

154

share|improve this question

asked 6 hours ago

Calum HalpinCalum Halpin

154

asked 6 hours ago

Calum HalpinCalum Halpin

154

asked 6 hours ago

Calum HalpinCalum Halpin

154

1 Answer
1

active

oldest

votes

2

Without using a different server block, the only way to do this is with different listen directives. This means the server running nginx must have different IP addresses for connecting to the server from the external proxy and from the internal server farm.

For example, you might have an internal network 10.87.239.0/24 for your internal apps, and the server running nginx is on 10.87.239.3. Then you have an external network 10.87.238.0/24 which your external proxy server uses to reach nginx, and the server has address 10.87.238.3. In this case you can configure nginx as:

server {

    # PROXY protocol connections

    listen 10.87.238.3:443 ssl http2 proxy_protocol;

    set_real_ip_from 10.87.238.2;  # The address(es) of the proxies

    real_ip_header proxy_protocol;



    # Direct connections

    listen 10.87.239.3:443 ssl http2;

    listen [::]:443 ssl http2;



    # everything else for this block

}

On a related note, you should have already deployed IPv6 within your organization, even without global IPv6 connectivity. You can use that for your internal communications if you haven't got a separate internal IPv4 network.

share|improve this answer

answered 4 hours ago

Michael Hampton♦Michael Hampton

172k27315642

add a comment | 

Your Answer

StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "2"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name

Email

Required, but never shown

StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f958608%2fis-it-possible-to-configure-nginx-to-accept-requests-both-with-and-without-proxy%23new-answer', 'question_page');
}
);

Post as a guest

Name

Email

Required, but never shown

2

Without using a different server block, the only way to do this is with different listen directives. This means the server running nginx must have different IP addresses for connecting to the server from the external proxy and from the internal server farm.

For example, you might have an internal network 10.87.239.0/24 for your internal apps, and the server running nginx is on 10.87.239.3. Then you have an external network 10.87.238.0/24 which your external proxy server uses to reach nginx, and the server has address 10.87.238.3. In this case you can configure nginx as:

server {

    # PROXY protocol connections

    listen 10.87.238.3:443 ssl http2 proxy_protocol;

    set_real_ip_from 10.87.238.2;  # The address(es) of the proxies

    real_ip_header proxy_protocol;



    # Direct connections

    listen 10.87.239.3:443 ssl http2;

    listen [::]:443 ssl http2;



    # everything else for this block

}

On a related note, you should have already deployed IPv6 within your organization, even without global IPv6 connectivity. You can use that for your internal communications if you haven't got a separate internal IPv4 network.

share|improve this answer

answered 4 hours ago

Michael Hampton♦Michael Hampton

172k27315642

add a comment | 

2

Without using a different server block, the only way to do this is with different listen directives. This means the server running nginx must have different IP addresses for connecting to the server from the external proxy and from the internal server farm.

For example, you might have an internal network 10.87.239.0/24 for your internal apps, and the server running nginx is on 10.87.239.3. Then you have an external network 10.87.238.0/24 which your external proxy server uses to reach nginx, and the server has address 10.87.238.3. In this case you can configure nginx as:

server {

    # PROXY protocol connections

    listen 10.87.238.3:443 ssl http2 proxy_protocol;

    set_real_ip_from 10.87.238.2;  # The address(es) of the proxies

    real_ip_header proxy_protocol;



    # Direct connections

    listen 10.87.239.3:443 ssl http2;

    listen [::]:443 ssl http2;



    # everything else for this block

}

On a related note, you should have already deployed IPv6 within your organization, even without global IPv6 connectivity. You can use that for your internal communications if you haven't got a separate internal IPv4 network.

share|improve this answer

answered 4 hours ago

Michael Hampton♦Michael Hampton

172k27315642

add a comment | 

Without using a different server block, the only way to do this is with different listen directives. This means the server running nginx must have different IP addresses for connecting to the server from the external proxy and from the internal server farm.

For example, you might have an internal network 10.87.239.0/24 for your internal apps, and the server running nginx is on 10.87.239.3. Then you have an external network 10.87.238.0/24 which your external proxy server uses to reach nginx, and the server has address 10.87.238.3. In this case you can configure nginx as:

server {

    # PROXY protocol connections

    listen 10.87.238.3:443 ssl http2 proxy_protocol;

    set_real_ip_from 10.87.238.2;  # The address(es) of the proxies

    real_ip_header proxy_protocol;



    # Direct connections

    listen 10.87.239.3:443 ssl http2;

    listen [::]:443 ssl http2;



    # everything else for this block

}

On a related note, you should have already deployed IPv6 within your organization, even without global IPv6 connectivity. You can use that for your internal communications if you haven't got a separate internal IPv4 network.

share|improve this answer

answered 4 hours ago

Michael Hampton♦Michael Hampton

172k27315642

server {

    # PROXY protocol connections

    listen 10.87.238.3:443 ssl http2 proxy_protocol;

    set_real_ip_from 10.87.238.2;  # The address(es) of the proxies

    real_ip_header proxy_protocol;



    # Direct connections

    listen 10.87.239.3:443 ssl http2;

    listen [::]:443 ssl http2;



    # everything else for this block

}

share|improve this answer

answered 4 hours ago

Michael Hampton♦Michael Hampton

172k27315642

answered 4 hours ago

Michael Hampton♦Michael Hampton

172k27315642

answered 4 hours ago

Michael Hampton♦Michael Hampton

172k27315642