The original post: /r/nginx by /u/NotAVirignISwear on 2024-08-02 07:03:43.
I’m hoping that someone here can help me out, because I’ve been banging my head against a wall for hours with no luck. The breakdown is below:
Remote Server: Ubuntu 24.04
Remote Server LAN IP: 10.0.1.252
Remote Server WAN IP: xxx.xxx.xxx.xxx
VPS: Oracle Linux 7.9
VPS WAN IP: yyy.yyy.yyy.yyy
VPS is running nginx with this config:
user nginx;
stream {
upstream minecraft {
server ;
}
server {
listen 25565;
proxy_pass minecraft;
}
server {
listen 25565 udp;
proxy_pass minecraft;
}
}xxx.xxx.xxx.xxx:25565
All traffic received on port 25565 (TCP or UDP) is sent through the reverse proxy, pointed to the remote server.
This currently works, but the remote server loses the original client IP address and instead, all packets show as being from yyy.yyy.yyy.yyy. If I use
user root;
stream {
upstream minecraft {
server ;
}
server {
listen 25565;
proxy_pass minecraft;
proxy_bind $remote_addr transparent;
}
server {
listen 25565 udp;
proxy_pass minecraft;
proxy_bind $remote_addr transparent;
}
}xxx.xxx.xxx.xxx:25565
I can no longer connect to the application on the remote host due to timeouts. Nothing appears in /var/log/nginx/error.log, so I’m not sure what the issue is. ChatGPT hasn’t been super helpful, but I did read online here that iptables rules were needed to ensure packets returned from the remote server were sent to the reverse proxy. My issue is this part:
On each upstream server, remove any pre‑existing default route and configure the default route to be the IP address of the NGINX Plus load balancer/reverse proxy. Note that this IP address must be on the same subnet as one of the upstream server’s interfaces.
(at least I assume) because my remote server is on a different network than the reverse proxy.
Any ideas on what I’m trying to do is even possible? I’m new to nginx so I’m just trying whatever I can find hoping something works.
Edit: If I connect the VPS to the remote server via a VPN and then change the nginx upstream server to the internal IP address of the remote server, would that solve the issue with the default route between the VPS and remote server not being on the same subnet?