Mercurial > hg > nginx-site
comparison xml/en/docs/stream/ngx_stream_realip_module.xml @ 1779:ee56773d44e8
Documented ngx_stream_realip_module.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Tue, 13 Sep 2016 16:14:00 +0300 |
parents | xml/en/docs/http/ngx_http_realip_module.xml@f855acbd0a94 |
children |
comparison
equal
deleted
inserted
replaced
1778:1626f1bf164c | 1779:ee56773d44e8 |
---|---|
1 <?xml version="1.0"?> | |
2 | |
3 <!-- | |
4 Copyright (C) Nginx, Inc. | |
5 --> | |
6 | |
7 <!DOCTYPE module SYSTEM "../../../../dtd/module.dtd"> | |
8 | |
9 <module name="Module ngx_stream_realip_module" | |
10 link="/en/docs/stream/ngx_stream_realip_module.html" | |
11 lang="en" | |
12 rev="1"> | |
13 | |
14 <section id="summary"> | |
15 | |
16 <para> | |
17 The <literal>ngx_stream_realip_module</literal> module is used | |
18 to change the client address and port | |
19 to the ones sent in the PROXY protocol header (1.11.4). | |
20 The PROXY protocol must be previously enabled by setting the | |
21 <link doc="ngx_stream_core_module.xml" id="proxy_protocol"/> parameter | |
22 in the <literal>listen</literal> directive. | |
23 </para> | |
24 | |
25 <para> | |
26 This module is not built by default, it should be enabled with the | |
27 <literal>--with-stream_realip_module</literal> | |
28 configuration parameter. | |
29 </para> | |
30 | |
31 </section> | |
32 | |
33 | |
34 <section id="example" name="Example Configuration"> | |
35 | |
36 <para> | |
37 <example> | |
38 listen 12345 proxy_protocol; | |
39 | |
40 set_real_ip_from 192.168.1.0/24; | |
41 set_real_ip_from 192.168.2.1; | |
42 set_real_ip_from 2001:0db8::/32; | |
43 </example> | |
44 </para> | |
45 | |
46 </section> | |
47 | |
48 | |
49 <section id="directives" name="Directives"> | |
50 | |
51 <directive name="set_real_ip_from"> | |
52 <syntax> | |
53 <value>address</value> | | |
54 <value>CIDR</value> | | |
55 <literal>unix:</literal></syntax> | |
56 <default/> | |
57 <context>stream</context> | |
58 <context>server</context> | |
59 | |
60 <para> | |
61 Defines trusted addresses that are known to send correct | |
62 replacement addresses. | |
63 If the special value <literal>unix:</literal> is specified, | |
64 all UNIX-domain sockets will be trusted. | |
65 </para> | |
66 | |
67 </directive> | |
68 | |
69 </section> | |
70 | |
71 | |
72 <section id="variables" name="Embedded Variables"> | |
73 | |
74 <para> | |
75 <list type="tag"> | |
76 | |
77 <tag-name id="var_realip_remote_addr"><var>$realip_remote_addr</var></tag-name> | |
78 <tag-desc> | |
79 keeps the original client address | |
80 </tag-desc> | |
81 | |
82 <tag-name id="var_realip_remote_port"><var>$realip_remote_port</var></tag-name> | |
83 <tag-desc> | |
84 keeps the original client port | |
85 </tag-desc> | |
86 | |
87 </list> | |
88 </para> | |
89 | |
90 </section> | |
91 | |
92 </module> |