How can I setup a UDP NGINX reverse proxy, and how does it work?
Solution 1:
Does NGINX need to be on both the proxy server, and the server that the proxy will forward to?
This is typically not necessary.
I am confused regarding the [listen directive.]
The listen directive defines "the IP address and/or port on which the server listens", as stated. "Listening" refers to monitoring incoming connections. The "server" is the computer hosting Nginx, so it refers to the IP and/or port of the computer receiving the proxy connection(s) (which that computer will then pass along).
ex. listen to IP 127.0.0.1 on port 8080
listen 127.0.0.1:8080;
ex. listen to all udp traffic on port 53 (DNS)
listen 53 udp;
I am unsure what this means: Include the proxy_pass directive to define the proxied server or an upstream group to which the server forwards traffic.
The proxy_pass directive defines the computers(s) to which the Nginx proxy "passes" data (the servers that actually respond to a given request). This can be a URL, an IP address or a group name.
ex. URL (proxy data is passed to example.com to complete the request)
proxy_pass http://example.com;
ex. IP (proxy data is passed to IP 127.0.0.1 to complete the request)
proxy_pass http://127.0.0.1;
ex. Group (proxy data is passed to a member of the defined group to complete the request)
upstream dns_servers {
server 192.168.136.130:53;
server 192.168.136.131:53;
}
#...
proxy_pass dns_servers;
Note the group above can contain URLs instead e.g. backend1.example.com:53;
.
Specify the proxy_bind directive and the IP address of the necessary network interface - is this the internal IP or the external IP that it will bind to?
The proxy_bind directive "makes outgoing connections to a proxied server originate from the specified local IP address with an optional port". So in most instances, it will be local (though binding to a remote IP is possible as detailed in the link). This option is likely only really useful if you have several network interfaces or need to choose a particular source IP address because a connection requires a specific IP to function correctly.
Possibly a simple configuration will help explain [things] to me.
This may or may not be appropriate for your situation but a very simple tcp/http example might look like:
server {
listen 2555;
#...
location /app1/ {
proxy_bind 5.0.0.0;
proxy_pass http://153.0.0.0:2555;
}
location /app2/ {
proxy_bind 6.0.0.0;
proxy_pass http://153.0.0.0:2555;
}
#...
}
As a simple example of a UDP proxy:
stream {
server {
listen 2555 udp;
proxy_pass receiving_servers;
proxy_responses: 0;
proxy_bind 5.0.0.0;
#...
}
upstream receiving_servers {
server 153.0.0.0:2555;
}
#...
}
My configuration will be my nginx udp proxy server with two ips (5.0.0.0, 6.0.0.0) that I would like to rotate which proxies to 153.0.0.0.
If I am not mistaken, if you want to truly rotate IPs, you may need a load balancer (perhaps another server with Nginx) in front of your proxy (I am not sure if this can be done purely internally).