Opened 2 years ago
Last modified 2 years ago
#2440 closed enhancement
Log new connections immediately when established — at Version 1
| Reported by: | Owned by: | ||
|---|---|---|---|
| Priority: | minor | Milestone: | |
| Component: | nginx-module | Version: | 1.23.x |
| Keywords: | log, stream, connection, proxy | Cc: | pgassmann@… |
| uname -a: | Linux c27b84e2b483 5.4.0-136-generic #153-Ubuntu SMP Thu Nov 24 15:56:58 UTC 2022 x86_64 Linux | ||
| nginx -V: |
nginx version: nginx/1.23.3
built by gcc 12.2.1 20220924 (Alpine 12.2.1_git20220924-r4) built with OpenSSL 3.0.7 1 Nov 2022 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --with-perl_modules_path=/usr/lib/perl5/vendor_perl --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-Os -fomit-frame-pointer -g' --with-ld-opt=-Wl,--as-needed,-O1,--sort-common |
||
Description (last modified by )
We use nginx stream for tcp TLS termination.
The connections are long running.
nginx logs only once a connection is closed. (when a request is completed).
For our purposes it would be useful if a new connection is immediately logged with the client ip, server, port. so we can correlate that to other events on the backend where we cannot see the client ip.
How can we do that with nginx?
The only workaround I found would be to use proxy protocol and log new connections on the backend.
Implementing a proxy protocol wrapper on the backend just to log the client ip is complicated and also not always possible.
Change History (2)
by , 2 years ago
| Attachment: | nginx.conf added |
|---|
comment:1 by , 2 years ago
| Description: | modified (diff) |
|---|
Note:
See TracTickets
for help on using tickets.
nginx.conf for stream tls termination