Mercurial > hg > nginx-site
comparison xml/en/docs/http/ngx_http_proxy_module.xml @ 2090:a9a9a052b5bd
Documented the "CAP_NET_RAW" capability for transparent proxying.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Tue, 26 Dec 2017 15:28:53 +0300 |
parents | fc3ba2e76974 |
children | ca7568f67dee |
comparison
equal
deleted
inserted
replaced
2089:70c1e798a5c2 | 2090:a9a9a052b5bd |
---|---|
8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 8 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
9 | 9 |
10 <module name="Module ngx_http_proxy_module" | 10 <module name="Module ngx_http_proxy_module" |
11 link="/en/docs/http/ngx_http_proxy_module.html" | 11 link="/en/docs/http/ngx_http_proxy_module.html" |
12 lang="en" | 12 lang="en" |
13 rev="63"> | 13 rev="64"> |
14 | 14 |
15 <section id="summary"> | 15 <section id="summary"> |
16 | 16 |
17 <para> | 17 <para> |
18 The <literal>ngx_http_proxy_module</literal> module allows passing | 18 The <literal>ngx_http_proxy_module</literal> module allows passing |
67 for example, from a real IP address of a client: | 67 for example, from a real IP address of a client: |
68 <example> | 68 <example> |
69 proxy_bind $remote_addr transparent; | 69 proxy_bind $remote_addr transparent; |
70 </example> | 70 </example> |
71 In order for this parameter to work, | 71 In order for this parameter to work, |
72 it is necessary to run nginx worker processes with the | 72 it is usually necessary to run nginx worker processes with the |
73 <link doc="../ngx_core_module.xml" id="user">superuser</link> privileges | 73 <link doc="../ngx_core_module.xml" id="user">superuser</link> privileges. |
74 and configure kernel routing table | 74 On Linux it is not required (1.13.8) as if |
75 the <literal>transparent</literal> parameter is specified, worker processes | |
76 inherit the <literal>CAP_NET_RAW</literal> capability from the master process. | |
77 It is also necessary to configure kernel routing table | |
75 to intercept network traffic from the proxied server. | 78 to intercept network traffic from the proxied server. |
76 </para> | 79 </para> |
77 | 80 |
78 </directive> | 81 </directive> |
79 | 82 |