Path: blob/main/xml/en/docs/stream/ngx_stream_realip_module.xml
1 views
<?xml version="1.0"?>12<!--3Copyright (C) Nginx, Inc.4-->56<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">78<module name="Module ngx_stream_realip_module"9link="/en/docs/stream/ngx_stream_realip_module.html"10lang="en"11rev="1">1213<section id="summary">1415<para>16The <literal>ngx_stream_realip_module</literal> module is used17to change the client address and port18to the ones sent in the PROXY protocol header (1.11.4).19The PROXY protocol must be previously enabled by setting the20<link doc="ngx_stream_core_module.xml" id="proxy_protocol"/> parameter21in the <literal>listen</literal> directive.22</para>2324<para>25This module is not built by default, it should be enabled with the26<literal>--with-stream_realip_module</literal>27configuration parameter.28</para>2930</section>313233<section id="example" name="Example Configuration">3435<para>36<example>37listen 12345 proxy_protocol;3839set_real_ip_from 192.168.1.0/24;40set_real_ip_from 192.168.2.1;41set_real_ip_from 2001:0db8::/32;42</example>43</para>4445</section>464748<section id="directives" name="Directives">4950<directive name="set_real_ip_from">51<syntax>52<value>address</value> |53<value>CIDR</value> |54<literal>unix:</literal></syntax>55<default/>56<context>stream</context>57<context>server</context>5859<para>60Defines trusted addresses that are known to send correct61replacement addresses.62If the special value <literal>unix:</literal> is specified,63all UNIX-domain sockets will be trusted.64</para>6566</directive>6768</section>697071<section id="variables" name="Embedded Variables">7273<para>74<list type="tag">7576<tag-name id="var_realip_remote_addr"><var>$realip_remote_addr</var></tag-name>77<tag-desc>78keeps the original client address79</tag-desc>8081<tag-name id="var_realip_remote_port"><var>$realip_remote_port</var></tag-name>82<tag-desc>83keeps the original client port84</tag-desc>8586</list>87</para>8889</section>9091</module>929394