How can I setup a UDP NGINX reverse proxy, and how does it work?

Solution 1:

Does NGINX need to be on both the proxy server, and the server that the proxy will forward to?

This is typically not necessary.

I am confused regarding the [listen directive.]

The listen directive defines "the IP address and/or port on which the server listens", as stated. "Listening" refers to monitoring incoming connections. The "server" is the computer hosting Nginx, so it refers to the IP and/or port of the computer receiving the proxy connection(s) (which that computer will then pass along).

ex. listen to IP 127.0.0.1 on port 8080

listen 127.0.0.1:8080;

ex. listen to all udp traffic on port 53 (DNS)

listen 53 udp;

I am unsure what this means: Include the proxy_pass directive to define the proxied server or an upstream group to which the server forwards traffic.

The proxy_pass directive defines the computers(s) to which the Nginx proxy "passes" data (the servers that actually respond to a given request). This can be a URL, an IP address or a group name.

ex. URL (proxy data is passed to example.com to complete the request)

proxy_pass http://example.com;

ex. IP (proxy data is passed to IP 127.0.0.1 to complete the request)

proxy_pass http://127.0.0.1;

ex. Group (proxy data is passed to a member of the defined group to complete the request)

upstream dns_servers {
    server 192.168.136.130:53;
    server 192.168.136.131:53;
}

#... 

proxy_pass dns_servers;

Note the group above can contain URLs instead e.g. backend1.example.com:53; .

Specify the proxy_bind directive and the IP address of the necessary network interface - is this the internal IP or the external IP that it will bind to?

The proxy_bind directive "makes outgoing connections to a proxied server originate from the specified local IP address with an optional port". So in most instances, it will be local (though binding to a remote IP is possible as detailed in the link). This option is likely only really useful if you have several network interfaces or need to choose a particular source IP address because a connection requires a specific IP to function correctly.

Possibly a simple configuration will help explain [things] to me.

This may or may not be appropriate for your situation but a very simple tcp/http example might look like:

server {

         listen 2555;
         #... 

         location /app1/ {
               proxy_bind 5.0.0.0;
               proxy_pass http://153.0.0.0:2555;
          }

          location /app2/ {
                proxy_bind 6.0.0.0;
                proxy_pass http://153.0.0.0:2555;
          }

         #... 
} 

As a simple example of a UDP proxy:

stream {
    server {
        listen 2555 udp;
        proxy_pass receiving_servers;
        proxy_responses: 0;
        proxy_bind 5.0.0.0;
        #... 
    }

    upstream receiving_servers {
        server 153.0.0.0:2555;
    }

    #... 
}

My configuration will be my nginx udp proxy server with two ips (5.0.0.0, 6.0.0.0) that I would like to rotate which proxies to 153.0.0.0.

If I am not mistaken, if you want to truly rotate IPs, you may need a load balancer (perhaps another server with Nginx) in front of your proxy (I am not sure if this can be done purely internally).