Mercurial > hg > nginx-site
diff xml/en/docs/http/ngx_http_proxy_module.xml @ 2090:a9a9a052b5bd
Documented the "CAP_NET_RAW" capability for transparent proxying.
author | Yaroslav Zhuravlev <yar@nginx.com> |
---|---|
date | Tue, 26 Dec 2017 15:28:53 +0300 |
parents | fc3ba2e76974 |
children | ca7568f67dee |
line wrap: on
line diff
--- a/xml/en/docs/http/ngx_http_proxy_module.xml +++ b/xml/en/docs/http/ngx_http_proxy_module.xml @@ -10,7 +10,7 @@ <module name="Module ngx_http_proxy_module" link="/en/docs/http/ngx_http_proxy_module.html" lang="en" - rev="63"> + rev="64"> <section id="summary"> @@ -69,9 +69,12 @@ for example, from a real IP address of a proxy_bind $remote_addr transparent; </example> In order for this parameter to work, -it is necessary to run nginx worker processes with the -<link doc="../ngx_core_module.xml" id="user">superuser</link> privileges -and configure kernel routing table +it is usually necessary to run nginx worker processes with the +<link doc="../ngx_core_module.xml" id="user">superuser</link> privileges. +On Linux it is not required (1.13.8) as if +the <literal>transparent</literal> parameter is specified, worker processes +inherit the <literal>CAP_NET_RAW</literal> capability from the master process. +It is also necessary to configure kernel routing table to intercept network traffic from the proxied server. </para>