Please if anyone could help. I am trying to setup an OpenVPN server running on 443 tcp behind an Nginx 1.11.13 proxy while preserving the source IP.
I have searched long and far and my nginx.conf is currently as follows:
stream {
map $ssl_preread_server_name $name {
mydomain.com backend;
default default-backend;
}
upstream backend {
server 10.100.0.102:443; <-- Backend nginx server
}
upstream default-backend {
server 192.168.1.154:443; <-- OpenVPN server
}
proxy_protocol on;
server {
listen 443;
proxy_pass $name;
ssl_preread on;
}
Leaving proxy_protocol off (or commented out) I am able to connect to my OpenVPN server on 443 without any issues. Only problem is all forwarded requests show the IP address of this nginx server 10.100.0.102. I am unable to filter or deny requests based on IP since its all from myself.
Upon turning proxy_protocol on I can now see all requests from source IP using real_ip_header proxy_protocol. Only problem is now OpenVPN is unable to connect due to TRANSPORT_ERROR "NETWORK_EOF_ERROR".
Does anybody know a way to allow connections to an OpenVPN server behind an Nginx proxy while preserving source IP?
Please help.
I have searched long and far and my nginx.conf is currently as follows:
stream {
map $ssl_preread_server_name $name {
mydomain.com backend;
default default-backend;
}
upstream backend {
server 10.100.0.102:443; <-- Backend nginx server
}
upstream default-backend {
server 192.168.1.154:443; <-- OpenVPN server
}
proxy_protocol on;
server {
listen 443;
proxy_pass $name;
ssl_preread on;
}
Leaving proxy_protocol off (or commented out) I am able to connect to my OpenVPN server on 443 without any issues. Only problem is all forwarded requests show the IP address of this nginx server 10.100.0.102. I am unable to filter or deny requests based on IP since its all from myself.
Upon turning proxy_protocol on I can now see all requests from source IP using real_ip_header proxy_protocol. Only problem is now OpenVPN is unable to connect due to TRANSPORT_ERROR "NETWORK_EOF_ERROR".
Does anybody know a way to allow connections to an OpenVPN server behind an Nginx proxy while preserving source IP?
Please help.