Name		Name	Last commit message	Last commit date
parent directory ..
Cargo.toml		Cargo.toml
README.md		README.md
awssig.conf		awssig.conf
awssig.rs		awssig.rs
awssig_curl_combined.conf		awssig_curl_combined.conf
curl.conf		curl.conf
curl.rs		curl.rs
httporigdst.conf		httporigdst.conf
httporigdst.rs		httporigdst.rs

README.md

Examples

NGINX Destination IP recovery module for HTTP

This dynamic module recovers original IP address and port number of the destination packet. It is useful, for example, with container sidecars where all outgoing traffic is redirected to a separate container with iptables before reaching the target.

This module can only be built with the "linux" feature enabled, and will only successfully build on a Linux OS.

Dependencies

This modules uses the Rust crate libc and Linux getsockopt socket API.

Example Configuration

HTTP

load_module "modules/libhttporigdst.so";

http {
    server {
        # use iptables to capture all outgoing traffic and REDIRECT
        # to listening port 15501
        listen 15501;

        # binding variables provided by module will lazily activate it
        # and store a context
        # variables can be used in config
        location / {
            # Return if no backend is available or proxy_pass
            # return 200 "recv'd: $server_addr:$server_port\n\nproxy_pass http://$server_orig_addr:$server_orig_port\n";
            proxy_pass http://$server_orig_addr:$server_orig_port;
        }
    }
}

Embedded Variables

The following embedded variables are provided:

server_orig_addr
- Original IP address
server_orig_port
- Original port

Usage

Clone the git repository.

https://github.com/nginxinc/ngx-rust

Compile the module from the cloned repo.

cd ${CLONED_DIRECTORY}/ngx-rust
cargo build --package=examples --example=httporigdst --features=linux

Copy the shared object to the modules directory, /etc/nginx/modules.

cp ./target/debug/examples/libhttporigdst.so /etc/nginx/modules

Add the load_module directive to your configuration.

load_module "modules/libhttporigdst.so";

Reload NGINX.

nginx -t && nginx -s reload

Redirect traffic outbound.

iptables -t nat -N NGINX_REDIRECT && \
iptables -t nat -A NGINX_REDIRECT -p tcp -j REDIRECT --to-port 15501 --dport 15001 && \
iptables -t nat -N NGINX_OUTPUT && \
iptables -t nat -A OUTPUT -p tcp -j NGINX_OUTPUT && \
iptables -t nat -A NGINX_OUTPUT -j NGINX_REDIRECT

Redirect traffic inbound.

iptables -t nat -N NGINX_IN_REDIRECT && \
iptables -t nat -A NGINX_IN_REDIRECT -p tcp -j REDIRECT --to-port 15501 --dport 15001 && \
iptables -t nat -N NGINX_INBOUND && \
iptables -t nat -A PREROUTING -p tcp -j NGINX_INBOUND && \
iptables -t nat -A NGINX_INBOUND -p tcp -j NGINX_IN_REDIRECT

Test with curl (this step assumes you've uncommented the return directive).

curl --output - ${LISTEN_IP}:15001
recv'd: ${LISTEN_IP}:15501

proxy_pass http://${LISTEN_IP}:15001

Caveats

This module only supports IPv4.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

examples

examples

README.md

Examples

NGINX Destination IP recovery module for HTTP

Dependencies

Example Configuration

HTTP

Embedded Variables

Usage

Caveats

Files

examples

Directory actions

More options

Directory actions

More options

Latest commit

History

examples

Folders and files

parent directory

README.md

Examples

NGINX Destination IP recovery module for HTTP

Dependencies

Example Configuration

HTTP

Embedded Variables

Usage

Caveats