'Nginx pass params / arguments from HTTP module to STREAM module

I have the following setup:

  1. I have upstream STREAM services defined running in my environment (i.e., DNS-over-UDP nameservers)
  2. I use my NGINX to offload TLS from the those upstream services (i.e., I extend my system with DNS-over-HTTPS)
  3. Accordingly, the TLS endpoint created by NGINX reverse proxy is an HTTP service (e.g., DNS-over-HTTPS), however, after decapsulation, requests have to be sent to the STREAM service, i.e., to the DNS-over-UDP service (instead of an HTTP service as in typical NGINX reverse proxy configurations)
  4. To do this, I am using nginx-dns module as a "converter" module, which works fine for this purpose

The problem:

My issue is that I want to extend the "converter" module with additional information based on the incoming query or even TLS information. You can consider such information as HTTP headers or TLS certificate details - it does not really matter in this use case. The problem is that after I transition from HTTP module to STREAM module, I loose all HTTP header or URI args, since the STREAM module does not process/have them. Furthermore, since TLS endpoint is also done in the HTTP module, I don't have access to certificate information in the STREAM module either.

Is there any way to get this information in the HTTP module and somehow pass them as arguments/whatever to the STREAM module?

Can anyone suggest a good way to resolve this issue?

My http server-related block for DoH endpoint:

upstream dohloop {
    server  127.0.0.1:8053;
}
server {
    listen 443 ssl http2;
    #include ssl.conf;  # --> NOT NEEDED AS LOADED ALREADY BY NGINX.CONF

    ssl_certificate             /etc/ssl/private/server.crt;
    ssl_certificate_key         /etc/ssl/private/server.key;

    location /dns-query 
    {
        proxy_pass http://dohloop;
    }
}

The reverse proxy for the STREAM service (run by NGINX at 127.0.0.1:8053) is defined as a STREAM module as follows:

js_import nginx-dns/njs.d/dns/dns.js;

upstream dns_servers 
{
    # these are the pure DNS name servers over UDP
    server  172.30.1.2:53;
    server  172.30.1.3:53;
}

server 
{
    listen 127.0.0.1:8053;
    js_filter dns.filter_doh_request; # <-- this script (from nginx-dns) does the DNS-over-HTTP to DNS-over-UDP "conversion"
    proxy_pass dns_servers;
}

In the dns.filter_doh_request, I want to have access to any parameters that were available in the HTTP stream block. Is there any way to do so?

nginxssldnsparameter-passingnginx-reverse-proxy


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Max size of ScriptBlock / InitializationScript for Start-Job in PowerShell

Passing a parameter versus returning it from function

Creating a powershell function that will take on ONE parameter and outputs a concatenated string value (fname+lname)

Linux Bash to mysql: Select or delete record with external value

How to pass a function through the constructor of a class?

Mixed named and unnamed parameters in JavaScript?

Visual Studio Code: how to add arguments for g++ compiler?

Active nav item with custom html elements

python passing function variables to another function

problem with event parameters / arguments. (Roblox Studio)

Secure cookies flag always getting lost in first session after resetting IIS

Solving sslv3 alert handshake failure when trying to use a client certificate

Nginx the event was not signaled for 5s

Getting error "403 - Forbidden: Access is denied" on browser when user is NOT administrator

Disable SSLHandshakeException for a single connection