I am using NGINX as a reverse proxy for TCP streams. The server listens to 6680 TCP ports (not a typo) and pushes them on to upstream server(s) on port 5000. In the filter phase there is a njs script involved that injects the original destination port to the payload of the packet so that my application knows it.
It appears that when I uncomment the line that enables the njs script to run,
js_filter injectPort;
the NGINX memory usage steadily increases to the point that the system is exhausted.
My NGINX configuration:
user nginx;
worker_processes auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
load_module modules/ngx_stream_js_module.so;
events {
worker_connections 65535;
}
stream {
js_include inject_filter.js;
server {
include listen_tcp.conf;
js_filter injectPort;
proxy_pass backends ;
}
upstream backends {
server 0.0.0.0:5000;
}
}
inject_filter.js script
function injectPort(s){
s.on('upload', function(data,flags){
s.send(s.variables.server_port + data, flags);
return;
});
}
I have tried directly inserting the content of: include listen_tcp.conf; inside the nginx.conf with no changes. Also I substituted my application with a dummy TCP listening server nc -l -k -vv -w 30 -m 999999 5000 without luck as well.
Any help is appreciated.
Feel free to suggest (production ready) alternatives for injecting the port in the packet's payload. Can iptables do this?
