Mercurial > hg > nginx-site

diff xml/en/docs/http/ngx_http_proxy_module.xml @ 2090:a9a9a052b5bd

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Documented the "CAP_NET_RAW" capability for transparent proxying.
author Yaroslav Zhuravlev <yar@nginx.com>
date Tue, 26 Dec 2017 15:28:53 +0300
parents fc3ba2e76974
children ca7568f67dee
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_proxy_module.xml
+++ b/xml/en/docs/http/ngx_http_proxy_module.xml
@@ -10,7 +10,7 @@
 <module name="Module ngx_http_proxy_module"
         link="/en/docs/http/ngx_http_proxy_module.html"
         lang="en"
-        rev="63">
+        rev="64">
 
 <section id="summary">
 
@@ -69,9 +69,12 @@ for example, from a real IP address of a
 proxy_bind $remote_addr transparent;
 </example>
 In order for this parameter to work,
-it is necessary to run nginx worker processes with the
-<link doc="../ngx_core_module.xml" id="user">superuser</link> privileges
-and configure kernel routing table
+it is usually necessary to run nginx worker processes with the
+<link doc="../ngx_core_module.xml" id="user">superuser</link> privileges.
+On Linux it is not required (1.13.8) as if
+the <literal>transparent</literal> parameter is specified, worker processes
+inherit the <literal>CAP_NET_RAW</literal> capability from the master process.
+It is also necessary to configure kernel routing table
 to intercept network traffic from the proxied server.
 </para>