Dear experts,
We are evaluating nginx as a platform for the product of our new startup company.
Our use-case requires a TCP proxy that will terminate TLS, which nginx handles very well. However, we need to be able to send all TCP traffic to another process for offline processing.
Initially we thought we could write a NGX_STREAM_MODULE (call it tcp_mirror) that will be able to read both the downstream bytes (client <--> nginx) and upstream bytes (proxy <--> server) and send them to another process, but after looking at a few module examples and trying out a few things we understood that we can only use a single content handler for each stream configuration.
For example, we were hoping the following mock configuration would work for us, but realized we can't have both proxy_pass and tcp_mirror under server because there can be only one content handler:
stream {
server {
listen 12346;
proxy_pass backend.example.com:12346;
tcp_mirror processor.acme.com:6666;
}
}
The above led us to the conclusion that in order to implement our use-case we would have to write a new proxy_pass module, more specifically we would have to re-write ngx_stream_proxy_module.c. The idea is that we would manage two upstreams, the server and the processor. The configuration would look something like this:
stream {
server {
listen 12346;
proxy_pass_mirror backend.example.com:12346 processor.acme.com:6666;
}
}
Before we begin implementation of this design, we wanted to consult with the experts here and understand whether anyone has a better idea on how to implement our use-case on top of nginx.
Thanks in advance,
Yoav Cohen.
We are evaluating nginx as a platform for the product of our new startup company.
Our use-case requires a TCP proxy that will terminate TLS, which nginx handles very well. However, we need to be able to send all TCP traffic to another process for offline processing.
Initially we thought we could write a NGX_STREAM_MODULE (call it tcp_mirror) that will be able to read both the downstream bytes (client <--> nginx) and upstream bytes (proxy <--> server) and send them to another process, but after looking at a few module examples and trying out a few things we understood that we can only use a single content handler for each stream configuration.
For example, we were hoping the following mock configuration would work for us, but realized we can't have both proxy_pass and tcp_mirror under server because there can be only one content handler:
stream {
server {
listen 12346;
proxy_pass backend.example.com:12346;
tcp_mirror processor.acme.com:6666;
}
}
The above led us to the conclusion that in order to implement our use-case we would have to write a new proxy_pass module, more specifically we would have to re-write ngx_stream_proxy_module.c. The idea is that we would manage two upstreams, the server and the processor. The configuration would look something like this:
stream {
server {
listen 12346;
proxy_pass_mirror backend.example.com:12346 processor.acme.com:6666;
}
}
Before we begin implementation of this design, we wanted to consult with the experts here and understand whether anyone has a better idea on how to implement our use-case on top of nginx.
Thanks in advance,
Yoav Cohen.