I am trying to accomplish a similar if not same task. I am running nginx 1.12.0 and am trying to maintain the source IP for logging purposes so that fail2ban can block the nefarious characters trying to compromise my system. I have a single server where I am trying to host a vpn server and a web server. To prevent my VPN from being blocked/filtered I want to run it on port 443 in tandem with a secure website.
Based on the last post I have two servers listening, port 443 and 1443. port 443 will forward to my vpn or 1443 for web traffic. This supports OpenVPN and my web server, but I have lost the source IP. Am I missing something? Here is my current config:
stream {
log_format basic '$remote_addr [$time_local] '
'protocol: $protocol Status: $status bytes sent: bytes_sent bytes received: $bytes_received '
'session duration: $session_time';
map $ssl_preread_server_name $name {
www.example.com pre_www_server;
example.com pre_www_server;
default vpn_server;
}
upstream vpn_server {
hash $remote_addr consistent;
server localhost:1194;
}
upstream pre_www_server {
server localhost:1443;
}
upstream www_server {
server localhost:8443;
}
server {
listen 1443;
proxy_pass www_server;
proxy_protocol on;
}
server {
listen 443 so_keepalive=on;
access_log /var/log/nginx/stream-access.log basic buffer=32k;
proxy_connect_timeout 300s;
proxy_timeout 300s;
proxy_pass $name;
ssl_preread on;
}
}
Again the goal is to capture the source IP so that I can filter IPs that appear as a threat while hosting an https website and an OpenVPN server from port 443 on one IP.
Thanks,
Phil
Based on the last post I have two servers listening, port 443 and 1443. port 443 will forward to my vpn or 1443 for web traffic. This supports OpenVPN and my web server, but I have lost the source IP. Am I missing something? Here is my current config:
stream {
log_format basic '$remote_addr [$time_local] '
'protocol: $protocol Status: $status bytes sent: bytes_sent bytes received: $bytes_received '
'session duration: $session_time';
map $ssl_preread_server_name $name {
www.example.com pre_www_server;
example.com pre_www_server;
default vpn_server;
}
upstream vpn_server {
hash $remote_addr consistent;
server localhost:1194;
}
upstream pre_www_server {
server localhost:1443;
}
upstream www_server {
server localhost:8443;
}
server {
listen 1443;
proxy_pass www_server;
proxy_protocol on;
}
server {
listen 443 so_keepalive=on;
access_log /var/log/nginx/stream-access.log basic buffer=32k;
proxy_connect_timeout 300s;
proxy_timeout 300s;
proxy_pass $name;
ssl_preread on;
}
}
Again the goal is to capture the source IP so that I can filter IPs that appear as a threat while hosting an https website and an OpenVPN server from port 443 on one IP.
Thanks,
Phil