nginx listen on specific interface
47,220
You can bind to the network address of the interface in question.
Based on your interface config, your listen config would look like:
listen 149.28.238.0:80;
I'm in the process of setting up an active/active HA cluster, and need this to work. My test config is below.
[root@b7311458cb35 nginx_plus]# cat /etc/nginx/sites-enabled/docker-test.local.conf
# MANAGED BY PUPPET
server {
listen 172.17.0.0:80;
server_name docker-test.local;
status_zone docker-test;
index index.html index.htm index.php;
access_log /var/log/nginx/docker-test.local.access.log combined;
error_log /var/log/nginx/docker-test.local.error.log;
location / {
proxy_pass http://docker-test;
proxy_read_timeout 90s;
proxy_connect_timeout 90s;
proxy_send_timeout 90s;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Proxy "";
}
}
My network details
[root@b7311458cb35 nginx_plus]# ip route
default via 172.17.0.1 dev eth0
172.17.0.0/16 dev eth0 proto kernel scope link src 172.17.0.4
Testing the config:
[root@b7311458cb35 nginx_plus]# curl http://172.17.0.4:80/ | head -5
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 612 100 612 0 0 101k 0 --:--:-- --:--:-- --:--:-- 119k
<!DOCTYPE html>
<html>
<head>
<title>Welcome to nginx!</title>
<style>
Author by
Ian Arman
Updated on September 18, 2022Comments
-
Ian Arman over 1 year
I'm running a Nginx as a proxy server, forwarding to 10.12.96.4.
I would like the NGINX server to listen on
ens3:
, and forward requests through `tun0Here is my
/etc/nginx/sites-available/default
:server { listen 149.28.239.231:80; server_name default_server; location / { proxy_pass http://45.77.185.160:80; # proxy_pass http://10.12.96.4:80; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } server { listen 443; server_name example.com; ssl_certificate /etc/letsencrypt/live/example.com/cert.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; location / { proxy_pass https://45.77.185.160:443; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
Here's my interface config
inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host inet 100.68.26.219/10 brd 100.127.255.255 scope global ens3 inet 149.28.239.231/23 brd 149.28.239.255 scope global ens3:1 inet6 2001:19f0:5:65d3:5400:1ff:fea6:9b5/64 scope global inet6 fe80::5400:1ff:fea6:9b5/64 scope link inet 10.8.0.3/24 brd 10.8.0.255 scope global tun0
-
Halfgaar over 5 yearsI'm unsure what the question is. You already know how to bind to IP addresses with the
listen
directive and how to proxy. Aren't you done?
-
-
MarkBarry about 5 yearsAfter reviewing my nginx configuration, I noticed that the default server was still listening on the 172.17.04 IP address, which allowed the curl to work. I'm now following the setup on hexadix.com/ha-proxy-using-vip-keepalived for getting the floating IP address to work. In regards to the outbound address, there is a proxy_bind attribute that can be used to specify an interface via IP address. docs.nginx.com/nginx/admin-guide/web-server/reverse-proxy/…