Mercurial > hg > nginx-site
comparison xml/en/docs/stream/ngx_stream_proxy_module.xml @ 2090:a9a9a052b5bd
Documented the "CAP_NET_RAW" capability for transparent proxying.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Tue, 26 Dec 2017 15:28:53 +0300 |
parents | 8f1a568a8bbf |
children | ca7568f67dee |
comparison
equal
deleted
inserted
replaced
2089:70c1e798a5c2 | 2090:a9a9a052b5bd |
---|---|
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | 7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> |
8 | 8 |
9 <module name="Module ngx_stream_proxy_module" | 9 <module name="Module ngx_stream_proxy_module" |
10 link="/en/docs/stream/ngx_stream_proxy_module.html" | 10 link="/en/docs/stream/ngx_stream_proxy_module.html" |
11 lang="en" | 11 lang="en" |
12 rev="18"> | 12 rev="19"> |
13 | 13 |
14 <section id="summary"> | 14 <section id="summary"> |
15 | 15 |
16 <para> | 16 <para> |
17 The <literal>ngx_stream_proxy_module</literal> module (1.9.0) allows proxying | 17 The <literal>ngx_stream_proxy_module</literal> module (1.9.0) allows proxying |
83 for example, from a real IP address of a client: | 83 for example, from a real IP address of a client: |
84 <example> | 84 <example> |
85 proxy_bind $remote_addr transparent; | 85 proxy_bind $remote_addr transparent; |
86 </example> | 86 </example> |
87 In order for this parameter to work, | 87 In order for this parameter to work, |
88 it is necessary to run nginx worker processes with the | 88 it is usually necessary to run nginx worker processes with the |
89 <link doc="../ngx_core_module.xml" id="user">superuser</link> privileges | 89 <link doc="../ngx_core_module.xml" id="user">superuser</link> privileges. |
90 and configure kernel routing table | 90 On Linux it is not required (1.13.8) as if |
91 the <literal>transparent</literal> parameter is specified, worker processes | |
92 inherit the <literal>CAP_NET_RAW</literal> capability from the master process. | |
93 It is also necessary to configure kernel routing table | |
91 to intercept network traffic from the proxied server. | 94 to intercept network traffic from the proxied server. |
92 </para> | 95 </para> |
93 | 96 |
94 </directive> | 97 </directive> |
95 | 98 |