From nginx-forum at nginx.us Thu Dec 1 04:26:08 2011 From: nginx-forum at nginx.us (mfouwaaz) Date: Wed, 30 Nov 2011 23:26:08 -0500 Subject: 404 Not Found -- nginx/1.0.10 Message-ID: <51cc82b2926976f43edefa52dccee5cd.NginxMailingListEnglish@forum.nginx.org> Hello First of all thank you for this forum which I have just joined. I have set up nginx and have it working very well for the past month or so. However I have faced this problem for the second time now. The last time it happened I had to power down and re-start the machine and it was ok. I am running Nginx and PHP-FastCGI connecting to Oracle 10g on Ubuntu Lucid Lynx (10.04 LTS) installed on VirtualBox 4.1.6. It works well and like it better than Apache. Except for the two times that it has died on me, I have had no issues. And I think that happened (not sure), when I made a mistake in PHP and tried to browse it. I make tons of mistakes and it is ok all the time -- except of course for these two comparatively rare occurences. The error takes the form of a blank white screen with '404 Not Found' in bold across the top. Then there is a dividing line running from left to right and just below that in small font 'nginx/1.0.10'. Restarting Nginx does not help. Nor does replacing the index.php page with a simple call. Any idea what this is or what I maybe doing wrong? Thank you very much! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219405,219405#msg-219405 From nginx-forum at nginx.us Thu Dec 1 08:20:12 2011 From: nginx-forum at nginx.us (lsdillard) Date: Thu, 01 Dec 2011 03:20:12 -0500 Subject: 499 error Message-ID: <3bc5050bf8525e16e09c3a58997f102e.NginxMailingListEnglish@forum.nginx.org> I have a configuration that uses nginx + unicorn + rails 3.1. I have a load balancer in front of this, and the health checks are failing because nginx is sending a 499 response when I try to use a rails page for the health check. I can see that the rails response was a 200 from the logs, but nginx turns this into a 499. I understand that this means the client closed the connection, but its idle timeout is 60 seconds, and the rails log shows consistent sub-1 second response times. There's a second, more frequent health check that just opens a TCP connection on port 80 and only validates that the connection was opened. When I use a static page (either from rails public directory or from another directory), everything's fine. I cannot figure out why nginx is sending this 499 response -- one page indicated it was because of not having the host in the request (http://www.docunext.com/blog/2009/09/nginx-499-error.html), but I set the host in my nginx config to a hardcoded hostname, and still no luck. I am very confused. I can paste config files if that helps. Here's a look at the logs, both from rails and from nginx: Rails (the Host: X.X.X.X line is added from the controller for debug purposes and is actually the IP address of the server): Started GET "/health_check" for 127.0.0.1 at Thu Dec 01 08:11:05 +0000 2011 Processing by HealthChecksController#do_health_check as */* ^[[1m^[[35mHealthCheck Load (0.1ms)^[[0m SELECT "health_checks".* FROM "health_checks" LIMIT 1 ^[[1m^[[36m (0.2ms)^[[0m ^[[1mUPDATE "health_checks" SET "curr" = '2011-12-01 08:11:06.000000', "prev" = '2011-12-01 08:10:35.000000', "updated_at" = '2011-12-01 08:11:06.019519', "check_count" = 157 WHERE "health_checks"."id" = 2^[[0m Host: X.X.X.X Rendered health_checks/do_health_check.html.erb within layouts/application (0.4ms) Completed 200 OK in 70ms (Views: 25.9ms | ActiveRecord: 0.7ms) Started GET "/health_check" for 127.0.0.1 at Thu Dec 01 08:11:35 +0000 2011 Processing by HealthChecksController#do_health_check as */* ^[[1m^[[35mHealthCheck Load (0.1ms)^[[0m SELECT "health_checks".* FROM "health_checks" LIMIT 1 ^[[1m^[[36m (0.2ms)^[[0m ^[[1mUPDATE "health_checks" SET "prev" = '2011-12-01 08:11:06.000000', "check_count" = 158, "curr" = '2011-12-01 08:11:35.000000', "updated_at" = '2011-12-01 08:11:35.926096' WHERE "health_checks"."id" = 2^[[0m Host: X.X.X.X Rendered health_checks/do_health_check.html.erb within layouts/application (0.4ms) Completed 200 OK in 36ms (Views: 12.9ms | ActiveRecord: 0.6ms) nginx: X.X.X.X - - [01/Dec/2011:07:57:05 +0000] "GET /health_check HTTP/1.1" 499 0 "-" "HealthChecker/1.0" X.X.X.X - - [01/Dec/2011:07:57:15 +0000] "-" 400 0 "-" "-" X.X.X.X - - [01/Dec/2011:07:57:25 +0000] "-" 400 0 "-" "-" X.X.X.X - - [01/Dec/2011:07:57:35 +0000] "-" 400 0 "-" "-" X.X.X.X - - [01/Dec/2011:07:57:35 +0000] "GET /health_check HTTP/1.1" 499 0 "-" "HealthChecker/1.0" Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219411,219411#msg-219411 From mdounin at mdounin.ru Thu Dec 1 10:13:44 2011 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 1 Dec 2011 14:13:44 +0400 Subject: 499 error In-Reply-To: <3bc5050bf8525e16e09c3a58997f102e.NginxMailingListEnglish@forum.nginx.org> References: <3bc5050bf8525e16e09c3a58997f102e.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20111201101344.GX67687@mdounin.ru> Hello! On Thu, Dec 01, 2011 at 03:20:12AM -0500, lsdillard wrote: > I have a configuration that uses nginx + unicorn + rails 3.1. I have a > load balancer in front of this, and the health checks are failing > because nginx is sending a 499 response when I try to use a rails page > for the health check. I can see that the rails response was a 200 from > the logs, but nginx turns this into a 499. I understand that this means > the client closed the connection, but its idle timeout is 60 seconds, > and the rails log shows consistent sub-1 second response times. There's > a second, more frequent health check that just opens a TCP connection on > port 80 and only validates that the connection was opened. When I use a > static page (either from rails public directory or from another > directory), everything's fine. I cannot figure out why nginx is sending > this 499 response -- one page indicated it was because of not having the > host in the request The 499 response is never send, it's just as status for logs to show that client closed connection before nginx was able to reply anything. You description suggests that load balancer uses half-closed tcp connection for health checks (i.e. shuts down it's part of a tcp connection after sending request). This will result in 499 for proxied requests, as nginx will detect connection close from client and will terminate request. You may use proxy_ignore_client_abort on; # or fastcgi_ignore_client_abort, whatever you use to prevent nginx from doing connection close checks. It will stop it from detecting connection close from clients as well though, so you may want to limit this setting to health checks only by adding separate location for health checks. Alternatively, you may want to fix your load balancer to keep connection open, not half-closed. Maxim Dounin From sb at waeme.net Thu Dec 1 11:17:26 2011 From: sb at waeme.net (Sergey Budnevitch) Date: Thu, 1 Dec 2011 15:17:26 +0400 Subject: nginx rpm for aix Message-ID: Hi We got temporary access to the AIX box and built nginx rpm for that platform (rpm and tools from AIX Toolbox for Linux Applications ). If anybody wish to test, rpms are available at http://nginx.org/packages/aix/ They are neither supported nor will be build regularly, but we will appreciate any feedback. From kworthington at gmail.com Thu Dec 1 11:19:53 2011 From: kworthington at gmail.com (Kevin Worthington) Date: Thu, 1 Dec 2011 06:19:53 -0500 Subject: nginx-1.1.10 In-Reply-To: <20111130105123.GR67687@mdounin.ru> References: <20111130105123.GR67687@mdounin.ru> Message-ID: Hello Nginx Users, Just released: Nginx 1.1.10 For Windows http://goo.gl/Fn5GG (32-bit and 64-bit versions) These versions are to support legacy users who are already using Cygwin based builds of Nginx. Official Windows binaries are at nginx.org Thank you, Kevin -- Kevin Worthington kworthington ~at} gmail [dot)C0M- http://www.kevinworthington.com/ On Wed, Nov 30, 2011 at 5:51 AM, Maxim Dounin wrote: > Changes with nginx 1.1.10 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?30 Nov 2011 > > ? ?*) Bugfix: a segmentation fault occured in a worker process if AIO was > ? ? ? used on Linux; the bug had appeared in 1.1.9. > > > Maxim Dounin > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From hamano at osstech.co.jp Thu Dec 1 11:28:26 2011 From: hamano at osstech.co.jp (Tsukasa Hamano) Date: Thu, 01 Dec 2011 20:28:26 +0900 Subject: Nginx DSO(dynamic loadable module) In-Reply-To: <20111130102221.GN67687@mdounin.ru> References: <877h2ikwzw.wl%hamano@osstech.co.jp> <20111130102221.GN67687@mdounin.ru> Message-ID: <871usoedk5.wl%hamano@osstech.co.jp> Hi, Thank you for your response. At Wed, 30 Nov 2011 14:22:21 +0400, Maxim Dounin wrote: > > Unfortunately, this won't work even if implemented properly. Most > serious issue is that there should be ABI compatibility maintained > and checked, this is not currently the case even within single > unmodified nginx release: there are configure arguments which > change layout of various internal structures. > I understand how hard it is ABI compatibility maintain. So, How about just conforming nginx version and nginx version was compiled with the module. Look at the Makefile of example module. https://github.com/hamano/nginx-mod-so/blob/master/example/Makefile Now, Nginx version numbber embedded in the dso module. It ensure sameness of nginx version by the mod_so and shared module. > Other problems include e.g. proper handling of reloads. > I'll fix it, Please tell me if there is another problems. Thank you. > Maxim Dounin > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -- Open Source Solution Technology Corporation Tsukasa Hamano fingerprint = 2285 2111 6D34 3816 3C2E A5B9 16BE D101 6069 BE55 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 197 bytes Desc: OpenPGP Digital Signature URL: From alabdelouahab at gmail.com Thu Dec 1 14:54:07 2011 From: alabdelouahab at gmail.com (aliane abdelouahab) Date: Thu, 1 Dec 2011 15:54:07 +0100 Subject: nginx-1.1.10 In-Reply-To: References: <20111130105123.GR67687@mdounin.ru> Message-ID: hi, thank you for the realse, but why there is no "proper" windows build (without cygwin)? 2011/12/1 Kevin Worthington > Hello Nginx Users, > > Just released: Nginx 1.1.10 For Windows http://goo.gl/Fn5GG (32-bit > and 64-bit versions) > > These versions are to support legacy users who are already using > Cygwin based builds of Nginx. Official Windows binaries are at > nginx.org > > Thank you, > Kevin > -- > Kevin Worthington > kworthington ~at} gmail [dot)C0M- > http://www.kevinworthington.com/ > > > > On Wed, Nov 30, 2011 at 5:51 AM, Maxim Dounin wrote: > > Changes with nginx 1.1.10 30 Nov > 2011 > > > > *) Bugfix: a segmentation fault occured in a worker process if AIO was > > used on Linux; the bug had appeared in 1.1.9. > > > > > > Maxim Dounin > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kworthington at gmail.com Thu Dec 1 15:19:53 2011 From: kworthington at gmail.com (Kevin Worthington) Date: Thu, 1 Dec 2011 10:19:53 -0500 Subject: nginx-1.1.10 In-Reply-To: References: <20111130105123.GR67687@mdounin.ru> Message-ID: <63BA9875-EE48-4C59-A136-961D62B73984@gmail.com> There are native Windows builds at nginx.org -- Kevin Worthington www.kworthington.com On Dec 1, 2011, at 9:54 AM, aliane abdelouahab wrote: > hi, > thank you for the realse, but why there is no "proper" windows build (without cygwin)? > > 2011/12/1 Kevin Worthington > Hello Nginx Users, > > Just released: Nginx 1.1.10 For Windows http://goo.gl/Fn5GG (32-bit > and 64-bit versions) > > These versions are to support legacy users who are already using > Cygwin based builds of Nginx. Official Windows binaries are at > nginx.org > > Thank you, > Kevin > -- > Kevin Worthington > kworthington ~at} gmail [dot)C0M- > http://www.kevinworthington.com/ > > > > On Wed, Nov 30, 2011 at 5:51 AM, Maxim Dounin wrote: > > Changes with nginx 1.1.10 30 Nov 2011 > > > > *) Bugfix: a segmentation fault occured in a worker process if AIO was > > used on Linux; the bug had appeared in 1.1.9. > > > > > > Maxim Dounin > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From alabdelouahab at gmail.com Thu Dec 1 20:38:48 2011 From: alabdelouahab at gmail.com (aliane abdelouahab) Date: Thu, 1 Dec 2011 21:38:48 +0100 Subject: nginx-1.1.10 In-Reply-To: <63BA9875-EE48-4C59-A136-961D62B73984@gmail.com> References: <20111130105123.GR67687@mdounin.ru> <63BA9875-EE48-4C59-A136-961D62B73984@gmail.com> Message-ID: oups! sorry, till now that i've figured why some times i found the cygwin libraries and sometimes no, i thought it was just the files that i've to replace, dident know that they ARE DIFFERENT RELEASES! thank you :) and by the way; what is the difference between the cygwin build and the windows build? 2011/12/1 Kevin Worthington > There are native Windows builds at nginx.org > > -- > Kevin Worthington > www.kworthington.com > > On Dec 1, 2011, at 9:54 AM, aliane abdelouahab > wrote: > > hi, > thank you for the realse, but why there is no "proper" windows build > (without cygwin)? > > 2011/12/1 Kevin Worthington > >> Hello Nginx Users, >> >> Just released: Nginx 1.1.10 For Windows http://goo.gl/Fn5GG (32-bit >> and 64-bit versions) >> >> These versions are to support legacy users who are already using >> Cygwin based builds of Nginx. Official Windows binaries are at >> nginx.org >> >> Thank you, >> Kevin >> -- >> Kevin Worthington >> kworthington ~at} gmail [dot)C0M- >> http://www.kevinworthington.com/ >> >> >> >> On Wed, Nov 30, 2011 at 5:51 AM, Maxim Dounin wrote: >> > Changes with nginx 1.1.10 30 Nov >> 2011 >> > >> > *) Bugfix: a segmentation fault occured in a worker process if AIO >> was >> > used on Linux; the bug had appeared in 1.1.9. >> > >> > >> > Maxim Dounin >> > >> > _______________________________________________ >> > nginx mailing list >> > nginx at nginx.org >> > http://mailman.nginx.org/mailman/listinfo/nginx >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kworthington at gmail.com Thu Dec 1 20:48:37 2011 From: kworthington at gmail.com (Kevin Worthington) Date: Thu, 1 Dec 2011 15:48:37 -0500 Subject: nginx-1.1.10 In-Reply-To: References: <20111130105123.GR67687@mdounin.ru> <63BA9875-EE48-4C59-A136-961D62B73984@gmail.com> Message-ID: The native builds are official builds by nginx.org, built with native windows tools, and the Cygwin builds are unofficial (built by me) using Cygwin, Best regards, Kevin -- Kevin Worthington www.kworthington.com On Thu, Dec 1, 2011 at 3:38 PM, aliane abdelouahab wrote: > > oups! sorry, till now that i've figured why some times i found the cygwin > libraries and sometimes no, i thought it was just the files that i've to > replace, dident know that they ARE DIFFERENT RELEASES! > thank you :) > and by the way; what is the difference between the cygwin build and the > windows build? > > 2011/12/1 Kevin Worthington >> >> There are native Windows builds at nginx.org >> >> -- >> Kevin Worthington >> www.kworthington.com >> >> On Dec 1, 2011, at 9:54 AM, aliane abdelouahab >> wrote: >> >> hi, >> thank you for the realse, but why there is no "proper" windows build >> (without cygwin)? >> >> 2011/12/1 Kevin Worthington >>> >>> Hello Nginx Users, >>> >>> Just released: Nginx 1.1.10 For Windows http://goo.gl/Fn5GG (32-bit >>> and 64-bit versions) >>> >>> These versions are to support legacy users who are already using >>> Cygwin based builds of Nginx. Official Windows binaries are at >>> nginx.org >>> >>> Thank you, >>> Kevin >>> -- >>> Kevin Worthington >>> kworthington ~at} gmail [dot)C0M- >>> http://www.kevinworthington.com/ >>> >>> >>> >>> On Wed, Nov 30, 2011 at 5:51 AM, Maxim Dounin wrote: >>> > Changes with nginx 1.1.10 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?30 Nov >>> > 2011 >>> > >>> > ? ?*) Bugfix: a segmentation fault occured in a worker process if AIO >>> > was >>> > ? ? ? used on Linux; the bug had appeared in 1.1.9. >>> > >>> > >>> > Maxim Dounin >>> > >>> > _______________________________________________ >>> > nginx mailing list >>> > nginx at nginx.org >>> > http://mailman.nginx.org/mailman/listinfo/nginx >>> >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From terry at cnysupport.com Thu Dec 1 22:21:13 2011 From: terry at cnysupport.com (Terry Carmen) Date: Thu, 01 Dec 2011 17:21:13 -0500 Subject: Really simple IMAP Proxy Message-ID: <20111201172113.Horde._ifxIleGiNBO1-3ZNtGgdYA@www.cnysupport.com> I'm sure this has been asked before, but I Googled the list archives and only came up with some old stuff that involved a patch. I'd like to use Nginx as an IMAP proxy between the internet and an Exchange 2000 server, on port 143, using TLS, There is only one Exchange server. Does anybody have a config that they would be willing to share? Thanks! Terry From ian at ianhobson.co.uk Thu Dec 1 23:28:03 2011 From: ian at ianhobson.co.uk (Ian Hobson) Date: Thu, 01 Dec 2011 23:28:03 +0000 Subject: Strange "long polling" problem. Message-ID: <4ED80D83.2010103@ianhobson.co.uk> Hi All, I am having a problem with my Chatroom, that uses the long polling module linked with nginx version 1.0.6 First the structure. There are two http conversations going on with each client. GETs, created by "on-load" and receiving the previous message, are issued to the long polling "activity" address. When the data arrives, it updates the screen, as well as triggering the next "GET". Note - there is a small time gap between one message being sent and the next being requested. POSTS are triggered by user events. These send a separate XMLHTTPRequest to a php program - handlechat.php handlechat.php writes the relevant stuff to the database, and then issues a "curl" to write data to the "publish" address, and replies with an empty "200" reply. It works 99.9% of the time. Which is not quite 100%. :( When it fails The client's GET is outstanding (reported by chrome) The database has the missed message The curl write to the publish address replies with first queued messages: 1 last requested: 12 sec. ago (-1=never) active subscribers: 2 then queued messages: 1 last requested: 13 sec. ago (-1=never) active subscribers: 2 I know both CURLs worked. The "missing" message is received by the other user. It just is not received by the failing user. If the failing user refreshes the screen, thus re-initialising everything he getst the missing message twice, once from the log and once from the stalled message. As part of my testing, I tried INCREASING the delay between getting an update and requesting the next. This made the problems much much worse. It appears that messages posted after a reply is sent, and before the next request is received are not being sent on. Note - I return the etag in the header, so I think they should be. What is the correct method to over-come this problem? Regards Ian -- Ian Hobson 31 Sheerwater, Northampton NN3 5HU, Tel: 01604 513875 Preparing eBooks for Kindle and ePub to give the best reader experience. From nginx-forum at nginx.us Fri Dec 2 01:45:10 2011 From: nginx-forum at nginx.us (dannynoonan) Date: Thu, 01 Dec 2011 20:45:10 -0500 Subject: compile ngx_resty to statically link some libs? In-Reply-To: References: Message-ID: To close out the thread, here's some shell snippets that produce an nginx binary with libdrizzle statically liniked in: curl http://agentzh.org/misc/nginx/ngx_openresty-1.0.9.10.tar.gz | tar -zxvf - cd ngx_openresty-1.0.9.10 curl http://agentzh.org/misc/nginx/drizzle7-2011.07.21.tar.gz | tar -zxvf - # build librizzle statically (cd drizzle7-2011.07.21 && ./configure --without-server --enable-static && make libdrizzle-1.0) find . -name libdrizzle.a -exec cp {} . \; export LIBDRIZZLE_INC=`pwd`/drizzle7-2011.07.21/libdrizzle-1.0/ export LIBDRIZZLE_LIB=`pwd` ./configure --prefix=/data/local/nginx-resty-1.0.9.10 --with-http_drizzle_module --add-module=$HOME/src/third-party/nginx-gridfs --add-module=$HOME/src/third-party/nginx_upload_module-2.2.0 --with-ld-opt="-Bstatic" gmake [david at dev-3 ngx_openresty-1.0.9.10]$ ldd build/nginx-1.0.9/objs/nginx | grep drizzle [david at dev-3 ngx_openresty-1.0.9.10]$ Huzzah! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,218343,219452#msg-219452 From nginx-forum at nginx.us Fri Dec 2 05:55:45 2011 From: nginx-forum at nginx.us (etrader) Date: Fri, 02 Dec 2011 00:55:45 -0500 Subject: Nginx without access log Message-ID: Obviously nginx needs a time (even very short) to write access and error logs upon every request. Thus, theoretically, removing access and error logs from nginx configuration should speed up the web server. Surprisingly, when I did so, the load of my website became slower. Is it normal? NOTE: I know that logs are useful and needed for real experiences; I just try to better understand nginx as my beloved web server :) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219454,219454#msg-219454 From nginx-forum at nginx.us Fri Dec 2 06:48:21 2011 From: nginx-forum at nginx.us (etrader) Date: Fri, 02 Dec 2011 01:48:21 -0500 Subject: Nginx without access log In-Reply-To: References: Message-ID: <8ed79370861964412d302f384847437c.NginxMailingListEnglish@forum.nginx.org> As I explored, simply removing access_log and error_log from nginx configuration makes the process for nginx more complicated; thus, it takes more time to complete the request. Instead, error_log should be turned off by error_log /dev/null crit; but how to turn off the access log? And what is the best configuration to force nginx to conduct the main requests without dealing with side process (like creating logs). I want to compare the very basic action of nginx. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219454,219455#msg-219455 From ru at nginx.com Fri Dec 2 07:09:01 2011 From: ru at nginx.com (Ruslan Ermilov) Date: Fri, 2 Dec 2011 11:09:01 +0400 Subject: Nginx without access log In-Reply-To: <8ed79370861964412d302f384847437c.NginxMailingListEnglish@forum.nginx.org> References: <8ed79370861964412d302f384847437c.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20111202070901.GA89437@lo0.su> On Fri, Dec 02, 2011 at 01:48:21AM -0500, etrader wrote: > As I explored, simply removing access_log and error_log from nginx > configuration makes the process for nginx more complicated; thus, it > takes more time to complete the request. Instead, error_log should be > turned off by > error_log /dev/null crit; > > but how to turn off the access log? access_log off; From delta.yeh at gmail.com Fri Dec 2 08:05:40 2011 From: delta.yeh at gmail.com (Delta Yeh) Date: Fri, 2 Dec 2011 16:05:40 +0800 Subject: can subrequest be used in log phase Message-ID: Hi, I want to know whether subrequest can be used in log phase. I want to store some info in redis only for the requests with response code of 200. I'm planning to develop a c module which work in log phase . Thanks in advance. BR, DeltaY From agentzh at gmail.com Fri Dec 2 08:20:07 2011 From: agentzh at gmail.com (agentzh) Date: Fri, 2 Dec 2011 16:20:07 +0800 Subject: can subrequest be used in log phase In-Reply-To: References: Message-ID: On Fri, Dec 2, 2011 at 4:05 PM, Delta Yeh wrote: > Hi, > > ?I want to know whether subrequest ?can be used in log phase. > Nope :) According to the source, log phase handlers can only do CPU-wise computations. But if anyone has managed to work around it, feel free to prove me wrong :) Regards, -agentzh From nginx at nginxuser.net Fri Dec 2 09:21:04 2011 From: nginx at nginxuser.net (Nginx User) Date: Fri, 2 Dec 2011 12:21:04 +0300 Subject: Missing directives in English docs Message-ID: Just noticed that the "merge_slashes" core directive according to the Russian docs is not present in the English docs. I notice that there are always links to "original documentation" in the english language section. 1. Are the Russian docs the actual official ones? I.E., the English ones are just there as a convenience provision to help out those of us that do not speak Russian but are on a "use at your own risk" basis? 2. Should I start learning Russian? ??????? From mdounin at mdounin.ru Fri Dec 2 09:32:04 2011 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 2 Dec 2011 13:32:04 +0400 Subject: Missing directives in English docs In-Reply-To: References: Message-ID: <20111202093204.GB67687@mdounin.ru> Hello! On Fri, Dec 02, 2011 at 12:21:04PM +0300, Nginx User wrote: > Just noticed that the "merge_slashes" core directive according to the > Russian docs is not present in the English docs. Both Russian and English docs have merge_slashes directive description: http://nginx.org/en/docs/http/ngx_http_core_module.html#merge_slashes http://nginx.org/ru/docs/http/ngx_http_core_module.html#merge_slashes > I notice that there are always links to "original documentation" in > the english language section. You are probably talking about wiki, not docs. > 1. Are the Russian docs the actual official ones? I.E., the English We are currently working on official English translation. Already translated parts are at nginx.org/en/docs/. > ones are just there as a convenience provision to help out those of us > that do not speak Russian but are on a "use at your own risk" basis? It's a wiki. > 2. Should I start learning Russian? It's not something required, but you may want to. :) > ??????? ??????????. Maxim Dounin From nginx-forum at nginx.us Fri Dec 2 09:37:40 2011 From: nginx-forum at nginx.us (anagio) Date: Fri, 02 Dec 2011 04:37:40 -0500 Subject: Allow CNAME records to connect to point to my server? Message-ID: Our web app gives each user a sub-domain. I'd like to offer some larger plans CNAME's so they can point one of their own domain names with a CNAME to their sub-domain on our server ie; username.ourwebapp.com customersdomain.com => CNAME username.ourwebapp.com Our NGINX server is configured with wild card sub-domains, but uses a perl conf to read valid sub-domains from a file. If the sub-domain doesn't exist they get a 404. So I am guess to allow users to create CNAME's to their sub-domain on our server we will need to create a name based virtual host and a new config file in sites-available include their subdomain on our server, as well as an alias of the customers own domain? Is that how it should be done or is there another way? Thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219463,219463#msg-219463 From nginx-forum at nginx.us Fri Dec 2 10:24:47 2011 From: nginx-forum at nginx.us (nfn) Date: Fri, 02 Dec 2011 05:24:47 -0500 Subject: Does this configuration have impact in performance? Message-ID: <8576f377ed22050218cf9333fe74db0b.NginxMailingListEnglish@forum.nginx.org> Hello, I have two small bits in my configuration that I'm worried about. One it to redirect users based in their country to a specific page. The other is to choose the upstream based in a cookie. 'm am worried about performance and would like to know if this small bits are evil to my site. ================================ ### Map Member ID Cookie map $cookie_memberid $prxy { default upstream-1; ~^[1-9]\d*$ upstream-2; } ### / Map Member ID Cookie ### Map Country Code map "$geoip_country_code.$arg_section" $registo { default 0; AAA.register 1; BBB.register 1; } map "$geoip_country_code.$arg_serviceClick" $registo { default 0; AAA.facebook 1; BBB.facebook 1; } ### / Map Country Code server { # Main location location / { # GeoIP if ($registo) { return 301 /pages/registo; } proxy_pass http://$prxy; } ============================== Thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219466,219466#msg-219466 From zhuzhaoyuan at gmail.com Fri Dec 2 11:02:01 2011 From: zhuzhaoyuan at gmail.com (Joshua Zhu) Date: Fri, 2 Dec 2011 19:02:01 +0800 Subject: Tengine, a customized Nginx, goes to open source Message-ID: Hi guys, We're glad to announce that Tengine (http://tengine.taobao.org), our home-baked Nginx at Taobao now becomes an open source project. Taobao (http://www.taobao.com) is the largest e-commerce website in Asia and ranked #12 on Alexa?s top global sites list. Our website serves billions of page views per day. For busy website as us, Nginx is obviously the best choice. Thanks to Nginx's high performance, small footprint and flexibility, we have done more with less. We first learned the Nginx internals by using it as a traditional web server and developing dozens of modules. Then from June of this year we started hacking the Nginx core to expand its capabilities. As some of the features we have developed may also benefit other Nginx users and websites, so why not open source them? We do not want to be just open source software users, but also open source contributors. That's why the Tengine open source project came out. Tengine is based on the latest stable version of Nginx (Nginx-1.0.10). Here are a few features and bug fixes you may be interested in Tengine: 1) Logging enhancement. It supports syslog (local and remote) and pipe logging. You can also do log sampling, i.e. not all requests have to be written. 2) Protects the server when the system load and memory use goes high. 3) Combines multiple CSS or JavasScript requests into one request to reduce the downloading time. 4) Sets the worker process number and CPU affinities automatically. Setting Nginx's worker_cpu_affinity is not a pain any more. 5) Enhanced limit_req module with whitelist support and more limit_req directives in one location. 6) More operations engineer friendly server information, so host can be located easily when error happens. 7) More command lines support. You can list all modules compiled in and the directives supported, even the content of configuration file itself. 8) Set expiration for files according to specific content type. 9) Error pages can be set back to 'default'. 10) ... Basically, Tengine can be considered as a better or superset of Nginx. You can download the tar ball here: http://tengine.taobao.org/download/tengine-1.2.0.tar.gz We want to say thank you to the Nginx team, especially to Igor. Thank you very much for your great work! We would love to donate the patches against the Nginx-1.1 branch later if you think the patches are okay. Frankly, I'm not sure whether the features in Tengine right now can impress you guys or not. It's the first step we moving towards open source after all. We have built a team working on Tengine and have quite a long to-do list. I promise you more enhancements are coming out. Regards, -- Joshua Zhu Senior Software Engineer Server Platforms Team at Taobao -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Dec 2 11:48:52 2011 From: nginx-forum at nginx.us (locojohn) Date: Fri, 02 Dec 2011 06:48:52 -0500 Subject: Tengine, a customized Nginx, goes to open source In-Reply-To: References: Message-ID: <247f35e98f119cce22cc8bdfe4f8e61e.NginxMailingListEnglish@forum.nginx.org> This is good news. > 3) Combines multiple CSS or JavasScript requests into one request to reduce > the downloading time. This feature would impress me for sure. Right now I am glueing javascript/css files using the PHP script, but I'd love to have internal server-support for this. Also, features like 2) and 4) are very interesting, too. I wonder what nginx authors think of this. Andrejs Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219471,219472#msg-219472 From amoiz.shine at gmail.com Fri Dec 2 11:49:33 2011 From: amoiz.shine at gmail.com (Sharl.Jimh.Tsin) Date: Fri, 02 Dec 2011 19:49:33 +0800 Subject: Tengine, a customized Nginx, goes to open source In-Reply-To: References: Message-ID: <1322826573.2639.1.camel@sharl-desktop> ? 2011-12-02?? 19:02 +0800?Joshua Zhu??? > Hi guys, > > We're glad to announce that Tengine (http://tengine.taobao.org), our > home-baked Nginx at Taobao now becomes an open source project. > > Taobao (http://www.taobao.com) is the largest e-commerce website in > Asia and ranked #12 on Alexa?s top global sites list. Our website > serves billions of page views per day. For busy website as us, Nginx > is obviously the best choice. Thanks to Nginx's high performance, > small footprint and flexibility, we have done more with less. > > We first learned the Nginx internals by using it as a traditional web > server and developing dozens of modules. Then from June of this year > we started hacking the Nginx core to expand its capabilities. As some > of the features we have developed may also benefit other Nginx users > and websites, so why not open source them? We do not want to be just > open source software users, but also open source contributors. That's > why the Tengine open source project came out. > > Tengine is based on the latest stable version of Nginx (Nginx-1.0.10). > Here are a few features and bug fixes you may be interested in > Tengine: > 1) Logging enhancement. It supports syslog (local and remote) and pipe > logging. You can also do log sampling, i.e. not all requests have to > be written. > 2) Protects the server when the system load and memory use goes high. > 3) Combines multiple CSS or JavasScript requests into one request to > reduce the downloading time. > 4) Sets the worker process number and CPU affinities automatically. > Setting Nginx's worker_cpu_affinity is not a pain any more. > 5) Enhanced limit_req module with whitelist support and more limit_req > directives in one location. > 6) More operations engineer friendly server information, so host can > be located easily when error happens. > 7) More command lines support. You can list all modules compiled in > and the directives supported, even the content of configuration file > itself. > 8) Set expiration for files according to specific content type. > 9) Error pages can be set back to 'default'. > 10) ... > > Basically, Tengine can be considered as a better or superset of Nginx. > You can download the tar ball here: > http://tengine.taobao.org/download/tengine-1.2.0.tar.gz > > We want to say thank you to the Nginx team, especially to Igor. Thank > you very much for your great work! We would love to donate the patches > against the Nginx-1.1 branch later if you think the patches are okay. > > Frankly, I'm not sure whether the features in Tengine right now can > impress you guys or not. It's the first step we moving towards open > source after all. We have built a team working on Tengine and have > quite a long to-do list. I promise you more enhancements are coming > out. > > Regards, > > -- > Joshua Zhu > Senior Software Engineer > Server Platforms Team at Taobao > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx sounds great!thanks for hard working for open source. i will try it later. -- Best regards, Sharl.Jimh.Tsin (From China **Obviously Taiwan INCLUDED**) Using Gmail? Please read this important notice: http://www.fsf.org/campaigns/jstrap/gmail?10073. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: This is a digitally signed message part URL: From piotr.sikora at frickle.com Fri Dec 2 11:51:26 2011 From: piotr.sikora at frickle.com (Piotr Sikora) Date: Fri, 2 Dec 2011 12:51:26 +0100 Subject: Tengine, a customized Nginx, goes to open source In-Reply-To: References: Message-ID: Hey, > Basically, Tengine can be considered as a better or superset of Nginx. You > can download the tar ball here: > http://tengine.taobao.org/download/tengine-1.2.0.tar.gz No, you can't :P The requested URL /download/tengine-1.2.0.tar.gz was not found on this server. SVN checkout works though ;) The one complain I have to make about your release is that you're simply "dumping" lots of code without using version control system properly (one commit per change), which makes cherry-picking impossible and code review much less fun than it should be. Best regards, Piotr Sikora < piotr.sikora at frickle.com > From vk at jasystem.net Fri Dec 2 12:16:56 2011 From: vk at jasystem.net (=?koi8-r?B?68nSwNvLyc4g98zBxMnNydI=?=) Date: Fri, 02 Dec 2011 16:16:56 +0400 Subject: Tengine, a customized Nginx, goes to open source In-Reply-To: <247f35e98f119cce22cc8bdfe4f8e61e.NginxMailingListEnglish@forum.nginx.org> References: <247f35e98f119cce22cc8bdfe4f8e61e.NginxMailingListEnglish@forum.nginx.org> Message-ID: <563491322828216@web146.yandex.ru> > This feature would impress me for sure. ?Right now I am glueing > javascript/css files using the PHP script, but I'd love to have internal > server-support for this. ?Also, features like 2) and 4) are very > interesting, too. ?I wonder what nginx authors think of this. i'd like to see such feature in "original" nginx too. Cheers, Vladimir From zhuzhaoyuan at gmail.com Fri Dec 2 12:26:41 2011 From: zhuzhaoyuan at gmail.com (Joshua Zhu) Date: Fri, 2 Dec 2011 20:26:41 +0800 Subject: Tengine, a customized Nginx, goes to open source In-Reply-To: References: Message-ID: Hi Piotr, On Fri, Dec 2, 2011 at 7:51 PM, Piotr Sikora wrote: > Hey, > > > Basically, Tengine can be considered as a better or superset of Nginx. You >> can download the tar ball here: >> http://tengine.taobao.org/**download/tengine-1.2.0.tar.gz >> > > No, you can't :P > > The requested URL /download/tengine-1.2.0.tar.gz was not found on this > server. > > Thank you, the link is OK now. > SVN checkout works though ;) > > The one complain I have to make about your release is that you're simply > "dumping" lots of code without using version control system properly (one > commit per change), which makes cherry-picking impossible and code review > much less fun than it should be. > Good point and I agree. We all post the changes to this maillist patch by patch. Thanks. Regards, Joshua -------------- next part -------------- An HTML attachment was scrubbed... URL: From smallfish.xy at gmail.com Fri Dec 2 12:34:29 2011 From: smallfish.xy at gmail.com (smallfish) Date: Fri, 2 Dec 2011 20:34:29 +0800 Subject: Tengine, a customized Nginx, goes to open source In-Reply-To: References: Message-ID: great ~~ -- blog: http://chenxiaoyu.org On Fri, Dec 2, 2011 at 8:26 PM, Joshua Zhu wrote: > Hi Piotr, > > On Fri, Dec 2, 2011 at 7:51 PM, Piotr Sikora wrote: > >> Hey, >> >> >> Basically, Tengine can be considered as a better or superset of Nginx. >>> You can download the tar ball here: >>> http://tengine.taobao.org/**download/tengine-1.2.0.tar.gz >>> >> >> No, you can't :P >> >> The requested URL /download/tengine-1.2.0.tar.gz was not found on this >> server. >> >> > Thank you, the link is OK now. > > >> SVN checkout works though ;) >> >> The one complain I have to make about your release is that you're simply >> "dumping" lots of code without using version control system properly (one >> commit per change), which makes cherry-picking impossible and code review >> much less fun than it should be. >> > Good point and I agree. We all post the changes to this maillist patch by > patch. Thanks. > > Regards, > Joshua > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Dec 2 13:43:20 2011 From: nginx-forum at nginx.us (etrader) Date: Fri, 02 Dec 2011 08:43:20 -0500 Subject: Legacy versions prior to 0.5 Message-ID: <4510063702a23c483521da468aca1381.NginxMailingListEnglish@forum.nginx.org> I've tried most of lightweight web servers, and nginx is truly amazing and my beloved webserver. Thus, I decided to profoundly study nginx to better understand it. The oldest version available for download is 0.5 I wonder if there is a repository to download earlier versions of nginx? And is there a version working without installation? I mean very basic version that works just by running nginx in the terminal (I am looking for a very basic version with least features). Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219480,219480#msg-219480 From nginx-forum at nginx.us Fri Dec 2 13:46:49 2011 From: nginx-forum at nginx.us (CGIMan) Date: Fri, 02 Dec 2011 08:46:49 -0500 Subject: gitweb Message-ID: <2e2e49f771b95a7ba6d68484d9baed90.NginxMailingListEnglish@forum.nginx.org> Hy, I am having a hard time getting cgi (gitweb) to work. That's the relefvant part of my config: location ~ /git(/.*) { include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/fcgiwrap.socket; fastcgi_index gitweb.cgi; fastcgi_param GITWEB_CONFIG /etc/gitweb.conf; fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/gitweb.cgi; } That's nginx output: 2011/12/02 13:40:37 [error] 6046#0: *1 FastCGI sent in stderr: "Cannot get script name, is DOCUMENT_ROOT and SCRIPT_NAME set and is the script executable?" while reading response header from upstream, I am using debian squeeze. Any idea what I am doing wrong? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219481,219481#msg-219481 From ne at vbart.ru Fri Dec 2 13:47:49 2011 From: ne at vbart.ru (Valentin V. Bartenev) Date: Fri, 2 Dec 2011 17:47:49 +0400 Subject: Legacy versions prior to 0.5 In-Reply-To: <4510063702a23c483521da468aca1381.NginxMailingListEnglish@forum.nginx.org> References: <4510063702a23c483521da468aca1381.NginxMailingListEnglish@forum.nginx.org> Message-ID: <201112021747.49393.ne@vbart.ru> On Friday 02 December 2011 17:43:20 etrader wrote: > I've tried most of lightweight web servers, and nginx is truly amazing > and my beloved webserver. Thus, I decided to profoundly study nginx to > better understand it. The oldest version available for download is 0.5 > > I wonder if there is a repository to download earlier versions of > nginx? > [...] svn://svn.nginx.org/nginx http://trac.nginx.org/nginx/browser/nginx/tags wbr, Valentin V. Bartenev From nginx-forum at nginx.us Fri Dec 2 13:55:42 2011 From: nginx-forum at nginx.us (pokrface) Date: Fri, 02 Dec 2011 08:55:42 -0500 Subject: X-Accel-Redirect and "access forbidden by rule" Message-ID: I'm having an issue with turning on support for the X-Accel-Redirect header in DokuWiki, a php-based wiki application. The server in question is an Ubuntu 11.10 box with Nginx 1.0.10 and PHP-FPM 5.3.6-13. I posted a request for assistance on the DokuWiki forums, since obviously they're the best suited to help if the problem is with their application, but I wanted to also try the mailing list and see if the Nginx community could suggest a direction I could go in. DokuWiki has a configuration option to enable serving static content using either X-Sendfile or X-Accel-Redirect, and since the site has more than a few images, I wanted to toggle it on. When I do this and reload a page, I get a page without any CSS or images, and the nginx error.log file shows lots of "access forbidden by rule" errors, both for the CSS file and for the various image files, like this: ---------- 2011/11/08 21:01:23 [error] 6693#0: *12 access forbidden by rule, client: 10.10.10.110, server: www.bigdinosaur.org, request: "GET /mcwiki/lib/exe/css.php?t=vector&tseed=1320807658 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.soc:", host: "www.bigdinosaur.org", referrer: "http://www.bigdinosaur.org/mcwiki/wiki:genesis_base" ... 2011/11/08 21:01:23 [error] 6693#0: *12 access forbidden by rule, client: 10.10.10.110, server: www.bigdinosaur.org, request: "GET /mcwiki/_media/wiki:gb:gb-entrance.jpg?w=500 HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.soc:", host: "www.bigdinosaur.org", referrer: "http://www.bigdinosaur.org/mcwiki/wiki:genesis_base" ---------- When I look at the headers being sent by the server for each request, I don't see anything about X-Accel-Redirect, but that might be because the content isn't being served in the first place. Here's what the headers for each request look like: ---------- GET /mcwiki/_media/wiki:gb:gb-entry.jpg?w=300 HTTP/1.1 Host: www.bigdinosaur.org User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20100101 Firefox/7.0.1 Accept: image/png,image/*;q=0.8,*/*;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 DNT: 1 Connection: keep-alive Referer: http://www.bigdinosaur.org/mcwiki/wiki:genesis_base Cookie: (redacted) Pragma: no-cache Cache-Control: no-cache HTTP/1.1 200 OK Server: nginx Date: Wed, 09 Nov 2011 03:04:26 GMT Content-Type: text/html Last-Modified: Mon, 07 Nov 2011 23:50:45 GMT Transfer-Encoding: chunked Connection: keep-alive Expires: Thu, 10 Nov 2011 03:04:26 GMT Cache-Control: public, proxy-revalidate, no-transform, max-age=86400 Content-Disposition: inline; filename="1d2bb3508bcd870b387232726c81cd22.media.300x169.jpg"; Content-Encoding: gzip ---------- I've read through the X-Accel docs as best as I can, and I think that the problem might be that I have no explicitly defined "location" setting for the specific directories that the images and css files are stored in, since they are in subdirectories underneath the main Dokuwiki root (which does have a location definition). I also can't understand from the docs if X-Accel can only be used on files whose location is explicitly marked "internal"--the page on the nginx wiki says they "should" be, and various other pages on the web offer contradictory advice. Making the issue more complex: one of the URIs referenced in the two requests above, "/mcwiki/_media/", is being rewritten to make it look prettier. Here's the relevant rewrite rule: ---------- rewrite ^/mcwiki/_media/(.*) /mcwiki/lib/exe/fetch.php?media=$1 last; ---------- Dokuwiki resizes and caches images in a cache directory, and the "fetch.php" file includes some logic to tell Dokuwiki if the image it's being asked to serve needs to be sent from the main images directory, or from the cache directory. That's why in the header traffic I pasted above the filename looks nothing like what's being asked for in the GET request. My first thought was that the rewrite rules were somehow screwing things up, so I removed all of them. However, the "access forbidden" problem remained, with the error messages simply changing to show the non-rewritten URI instead of the prettier one: ---------- 2011/11/08 17:11:57 [error] 5124#0: *130 access forbidden by rule, client: 10.10.10.110, server: www.bigdinosaur.org, request: "GET /mcwiki/lib/exe/fetch.php?w=300&media=wiki:gb:gb-sublevel.png HTTP/1.1", upstream: "fastcgi://unix:/var/run/php5-fpm.soc:", host: "www.bigdinosaur.org", referrer: "http://www.bigdinosaur.org/mcwiki/doku.php?id=wiki:grande_grinder" ---------- I then thought that perhaps the problem is that there's no explicit location definition for the "/mcwiki/lib/exe" directory or for the "/mcwiki/_media" rewritten location, so I added them into the site config along with a "root" entry for each, and flagged them as "internal" in case X-Accel-Redirect requires that. However, this just caused every request to return a 404 response. Removing the "internal" flag led to more 404s, so I removed the definitions. Sorry for the long-winded message, but I wanted to get as much info in as possible. Things are working just fine without X-Accel turned on, so worst case I could just leave it off and continue on. However, I'd like to enable it, as there are quite a few images on the wiki and serving them directly out rather than making php-fpm do it could speed things up. Any assistance would be appreciated! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219485,219485#msg-219485 From mdounin at mdounin.ru Fri Dec 2 14:10:12 2011 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 2 Dec 2011 18:10:12 +0400 Subject: Legacy versions prior to 0.5 In-Reply-To: <4510063702a23c483521da468aca1381.NginxMailingListEnglish@forum.nginx.org> References: <4510063702a23c483521da468aca1381.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20111202141011.GG67687@mdounin.ru> Hello! On Fri, Dec 02, 2011 at 08:43:20AM -0500, etrader wrote: > I've tried most of lightweight web servers, and nginx is truly amazing > and my beloved webserver. Thus, I decided to profoundly study nginx to > better understand it. The oldest version available for download is 0.5 The http://nginx.org/download/ contains all tarballs ever released. Maxim Dounin From dennisml at conversis.de Fri Dec 2 14:40:35 2011 From: dennisml at conversis.de (Dennis Jacobfeuerborn) Date: Fri, 02 Dec 2011 15:40:35 +0100 Subject: Tengine, a customized Nginx, goes to open source In-Reply-To: References: Message-ID: <4ED8E363.9010306@conversis.de> On 12/02/2011 12:02 PM, Joshua Zhu wrote: > Hi guys, > > We're glad to announce that Tengine (http://tengine.taobao.org), our > home-baked Nginx at Taobao now becomes an open source project. Thanks for releasing this! I'll probably play around with it over the weekend if I find the time. > 1) Logging enhancement. It supports syslog (local and remote) and pipe > logging. You can also do log sampling, i.e. not all requests have to be > written. This sound very interesting. The "documentation" link on the site doesn't work so is there any description how to configure these new logging features available somewhere? I'm specifically interested in the remote syslogging and the log sampling which is useful for statistical analysis on high traffic web sites. Regards, Dennis From nginx-forum at nginx.us Fri Dec 2 14:44:38 2011 From: nginx-forum at nginx.us (etrader) Date: Fri, 02 Dec 2011 09:44:38 -0500 Subject: Legacy versions prior to 0.5 In-Reply-To: <4510063702a23c483521da468aca1381.NginxMailingListEnglish@forum.nginx.org> References: <4510063702a23c483521da468aca1381.NginxMailingListEnglish@forum.nginx.org> Message-ID: <2506854c300f067465b11170902e58e4.NginxMailingListEnglish@forum.nginx.org> Thanks fellas. This is exactly what I was looking for :) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219480,219488#msg-219488 From usirsiwal at verivue.com Fri Dec 2 16:13:15 2011 From: usirsiwal at verivue.com (Umesh Sirsiwal) Date: Fri, 2 Dec 2011 11:13:15 -0500 Subject: Dealing with buffered data with upstream generated response In-Reply-To: <4ED5302E.9030709@verivue.com> References: <4ED3BC56.4000200@verivue.com> <20111129183031.GM67687@mdounin.ru> <4ED5302E.9030709@verivue.com> Message-ID: <4ED8F91B.1000303@verivue.com> Hey Maxim, I spent some time yesterday and today trying to reproduce this issue with standard gzip module. But, unfortunately I could not. May be I am doing something wrong in my module. My configuration looked like the following. I was using nginx version 1.1.10. -Umesh ------ worker_processes 1; daemon off; http { default_type application/octet-stream; sendfile on; keepalive_timeout 65; upstream http_backend { server 127.0.0.1:8080; keepalive 1; } server { listen 8080 sndbuf=10k; server_name localhost; proxy_buffering on; proxy_buffers 10000 4k; gzip on; gzip_proxied any; location / { proxy_pass http://http_backend/local/; proxy_http_version 1.1; proxy_set_header Connection ""; #limit_rate 100K; } location /local/ { alias /tmp/nginx-test-dL3kfZazKJ/; } } } ----- On 11/29/2011 02:19 PM, Umesh Sirsiwal wrote: > Thanks Maxim, > >>> I am developing a body filter which transforms outgoing stream. As >>> part of the function, the incoming stream is copied in new buffer >>> and sent. This in some cases results in a condition where my filter >>> has busy buffers but the upper layers don't have any busy buffer. In >>> our case the data is generated by upstream module. Since upstream >>> module does not pay attention to connection->buffered, the >>> output_filter is never called again to flush my busy buffers and the >>> transfer just hangs. >>> >>> Adding r->connection->buffered to the or condition solves the hang. >>> >>> if (u->out_bufs || u->busy_bufs) { >>> rc = ngx_http_output_filter(r, u->out_bufs); >>> >>> if (rc == NGX_ERROR) { >>> ngx_http_upstream_finalize_request(r, u, 0); >>> return; >>> } >>> >>> ngx_chain_update_chains(&u->free_bufs,&u->busy_bufs, >>> &u->out_bufs, u->output.tag); >>> } >>> >>> Is this nginx bug or am I missing something? >> I tend to think this is a bug, and it should probably manifest >> itself with e.g. gzip filter as well. >> >> (Well, as far as I see transfer shouldn't hang completely, but it >> will be only resumed as soon as upstream sends some more data or >> closes connection.) > In our application we use Upstream KeepAlive module to keep the upstream > connection open. So if this happens towards the end of the last > subrequest response, the connection hangs. >> It would be superb if you'll be able to provide test case which >> catches this for our test suite (http://mdounin.ru/hg/nginx-tests). > I will try to see if I can reproduce it with gzip filter. I should be > able to reproduce it with > limit-rate+gzip-filter+proxy+upstream-keepalive module combination. But, > I am not sure if the nginx-test test-suite includes upstream-keepalive. > >> I'll look into this more closely as time permits. >> >> Maxim Dounin >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Fri Dec 2 17:02:51 2011 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 2 Dec 2011 21:02:51 +0400 Subject: Dealing with buffered data with upstream generated response In-Reply-To: <4ED8F91B.1000303@verivue.com> References: <4ED3BC56.4000200@verivue.com> <20111129183031.GM67687@mdounin.ru> <4ED5302E.9030709@verivue.com> <4ED8F91B.1000303@verivue.com> Message-ID: <20111202170251.GH67687@mdounin.ru> Hello! On Fri, Dec 02, 2011 at 11:13:15AM -0500, Umesh Sirsiwal wrote: > Hey Maxim, > I spent some time yesterday and today trying to reproduce this issue > with standard gzip module. But, unfortunately I could not. May be I > am doing something wrong in my module. > > My configuration looked like the following. I was using nginx > version 1.1.10. [...] > proxy_buffering on; The code in question isn't executed with proxy_buffering set to on, it's only in "proxy_buffering off" codepath. Maxim Dounin From usirsiwal at verivue.com Fri Dec 2 18:39:15 2011 From: usirsiwal at verivue.com (Umesh Sirsiwal) Date: Fri, 2 Dec 2011 13:39:15 -0500 Subject: Dealing with buffered data with upstream generated response In-Reply-To: <20111202170251.GH67687@mdounin.ru> References: <4ED3BC56.4000200@verivue.com> <20111129183031.GM67687@mdounin.ru> <4ED5302E.9030709@verivue.com> <4ED8F91B.1000303@verivue.com> <20111202170251.GH67687@mdounin.ru> Message-ID: <4ED91B53.9040109@verivue.com> On 12/02/2011 12:02 PM, Maxim Dounin wrote: > Hello! > > On Fri, Dec 02, 2011 at 11:13:15AM -0500, Umesh Sirsiwal wrote: > >> Hey Maxim, >> I spent some time yesterday and today trying to reproduce this issue >> with standard gzip module. But, unfortunately I could not. May be I >> am doing something wrong in my module. >> >> My configuration looked like the following. I was using nginx >> version 1.1.10. > [...] > >> proxy_buffering on; > The code in question isn't executed with proxy_buffering set to > on, it's only in "proxy_buffering off" codepath. Ouch! I changed it to "proxy_buffering off" and retrieved 10MB file in a loop over and over again. Still can't reproduce it. Looking at netstat output I can see lots of data sitting in the socket buffer. I did notice that the limit_rate directive does not work with proxy_buffering off. -Umesh From alabdelouahab at gmail.com Fri Dec 2 20:05:32 2011 From: alabdelouahab at gmail.com (aliane abdelouahab) Date: Fri, 2 Dec 2011 21:05:32 +0100 Subject: nginx-1.1.10 In-Reply-To: References: <20111130105123.GR67687@mdounin.ru> <63BA9875-EE48-4C59-A136-961D62B73984@gmail.com> Message-ID: ah ok :) but the problem i've found when running the cygwin version is that when trying to change the directory it raises a bug, because it considers that the root is cygdrive, am sorry, because i've never used cygwin, so my apologies for this question :) 2011/12/1 Kevin Worthington > The native builds are official builds by nginx.org, built with native > windows tools, and the Cygwin builds are unofficial (built by me) > using Cygwin, > > Best regards, > Kevin > -- > Kevin Worthington > www.kworthington.com > > > On Thu, Dec 1, 2011 at 3:38 PM, aliane abdelouahab > wrote: > > > > oups! sorry, till now that i've figured why some times i found the cygwin > > libraries and sometimes no, i thought it was just the files that i've to > > replace, dident know that they ARE DIFFERENT RELEASES! > > thank you :) > > and by the way; what is the difference between the cygwin build and the > > windows build? > > > > 2011/12/1 Kevin Worthington > >> > >> There are native Windows builds at nginx.org > >> > >> -- > >> Kevin Worthington > >> www.kworthington.com > >> > >> On Dec 1, 2011, at 9:54 AM, aliane abdelouahab > > >> wrote: > >> > >> hi, > >> thank you for the realse, but why there is no "proper" windows build > >> (without cygwin)? > >> > >> 2011/12/1 Kevin Worthington > >>> > >>> Hello Nginx Users, > >>> > >>> Just released: Nginx 1.1.10 For Windows http://goo.gl/Fn5GG (32-bit > >>> and 64-bit versions) > >>> > >>> These versions are to support legacy users who are already using > >>> Cygwin based builds of Nginx. Official Windows binaries are at > >>> nginx.org > >>> > >>> Thank you, > >>> Kevin > >>> -- > >>> Kevin Worthington > >>> kworthington ~at} gmail [dot)C0M- > >>> http://www.kevinworthington.com/ > >>> > >>> > >>> > >>> On Wed, Nov 30, 2011 at 5:51 AM, Maxim Dounin > wrote: > >>> > Changes with nginx 1.1.10 30 > Nov > >>> > 2011 > >>> > > >>> > *) Bugfix: a segmentation fault occured in a worker process if AIO > >>> > was > >>> > used on Linux; the bug had appeared in 1.1.9. > >>> > > >>> > > >>> > Maxim Dounin > >>> > > >>> > _______________________________________________ > >>> > nginx mailing list > >>> > nginx at nginx.org > >>> > http://mailman.nginx.org/mailman/listinfo/nginx > >>> > >>> _______________________________________________ > >>> nginx mailing list > >>> nginx at nginx.org > >>> http://mailman.nginx.org/mailman/listinfo/nginx > >> > >> > >> _______________________________________________ > >> nginx mailing list > >> nginx at nginx.org > >> http://mailman.nginx.org/mailman/listinfo/nginx > >> > >> > >> _______________________________________________ > >> nginx mailing list > >> nginx at nginx.org > >> http://mailman.nginx.org/mailman/listinfo/nginx > > > > > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kworthington at gmail.com Fri Dec 2 21:05:52 2011 From: kworthington at gmail.com (Kevin Worthington) Date: Fri, 2 Dec 2011 16:05:52 -0500 Subject: nginx-1.1.10 In-Reply-To: References: <20111130105123.GR67687@mdounin.ru> <63BA9875-EE48-4C59-A136-961D62B73984@gmail.com> Message-ID: If given the choice, use the official native Windows builds. The builds I provide are to support legacy (existing) Cygwin based Nginx users. Best regards, Kevin -- Kevin Worthington www.kevinworthington.com On Fri, Dec 2, 2011 at 3:05 PM, aliane abdelouahab wrote: > ah ok :) > but the problem i've found when running the cygwin version is that when > trying to change the directory it raises a bug, because it considers that > the root is cygdrive, am sorry, because i've never used cygwin, so my > apologies for this question :) > > 2011/12/1 Kevin Worthington >> >> The native builds are official builds by nginx.org, built with native >> windows tools, and the Cygwin builds are unofficial (built by me) >> using Cygwin, >> >> Best regards, >> Kevin >> -- >> Kevin Worthington >> www.kworthington.com >> >> >> On Thu, Dec 1, 2011 at 3:38 PM, aliane abdelouahab >> wrote: >> > >> > oups! sorry, till now that i've figured why some times i found the >> > cygwin >> > libraries and sometimes no, i thought it was just the files that i've to >> > replace, dident know that they ARE DIFFERENT RELEASES! >> > thank you :) >> > and by the way; what is the difference between the cygwin build and the >> > windows build? >> > >> > 2011/12/1 Kevin Worthington >> >> >> >> There are native Windows builds at nginx.org >> >> >> >> -- >> >> Kevin Worthington >> >> www.kworthington.com >> >> >> >> On Dec 1, 2011, at 9:54 AM, aliane abdelouahab >> >> >> >> wrote: >> >> >> >> hi, >> >> thank you for the realse, but why there is no "proper" windows build >> >> (without cygwin)? >> >> >> >> 2011/12/1 Kevin Worthington >> >>> >> >>> Hello Nginx Users, >> >>> >> >>> Just released: Nginx 1.1.10 For Windows http://goo.gl/Fn5GG (32-bit >> >>> and 64-bit versions) >> >>> >> >>> These versions are to support legacy users who are already using >> >>> Cygwin based builds of Nginx. Official Windows binaries are at >> >>> nginx.org >> >>> >> >>> Thank you, >> >>> Kevin >> >>> -- >> >>> Kevin Worthington >> >>> kworthington ~at} gmail [dot)C0M- >> >>> http://www.kevinworthington.com/ >> >>> >> >>> >> >>> >> >>> On Wed, Nov 30, 2011 at 5:51 AM, Maxim Dounin >> >>> wrote: >> >>> > Changes with nginx 1.1.10 ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?30 >> >>> > Nov >> >>> > 2011 >> >>> > >> >>> > ? ?*) Bugfix: a segmentation fault occured in a worker process if >> >>> > AIO >> >>> > was >> >>> > ? ? ? used on Linux; the bug had appeared in 1.1.9. >> >>> > >> >>> > >> >>> > Maxim Dounin >> >>> > >> >>> > _______________________________________________ >> >>> > nginx mailing list >> >>> > nginx at nginx.org >> >>> > http://mailman.nginx.org/mailman/listinfo/nginx >> >>> >> >>> _______________________________________________ >> >>> nginx mailing list >> >>> nginx at nginx.org >> >>> http://mailman.nginx.org/mailman/listinfo/nginx >> >> >> >> >> >> _______________________________________________ >> >> nginx mailing list >> >> nginx at nginx.org >> >> http://mailman.nginx.org/mailman/listinfo/nginx >> >> >> >> >> >> _______________________________________________ >> >> nginx mailing list >> >> nginx at nginx.org >> >> http://mailman.nginx.org/mailman/listinfo/nginx >> > >> > >> > >> > _______________________________________________ >> > nginx mailing list >> > nginx at nginx.org >> > http://mailman.nginx.org/mailman/listinfo/nginx >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From francis at daoine.org Fri Dec 2 21:29:25 2011 From: francis at daoine.org (Francis Daly) Date: Fri, 2 Dec 2011 21:29:25 +0000 Subject: gitweb In-Reply-To: <2e2e49f771b95a7ba6d68484d9baed90.NginxMailingListEnglish@forum.nginx.org> References: <2e2e49f771b95a7ba6d68484d9baed90.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20111202212925.GI27443@craic.sysops.org> On Fri, Dec 02, 2011 at 08:46:49AM -0500, CGIMan wrote: Hi there, > I am having a hard time getting cgi (gitweb) to work. > That's the relefvant part of my config: nginx doesn't "do" cgi, but it does do fastcgi. So you are using a separate program to map between the two... > fastcgi_pass unix:/var/run/fcgiwrap.socket; > fastcgi_param SCRIPT_FILENAME /usr/lib/cgi-bin/gitweb.cgi; > That's nginx output: > > 2011/12/02 13:40:37 [error] 6046#0: *1 FastCGI sent in stderr: "Cannot > get script name, is DOCUMENT_ROOT and SCRIPT_NAME set and is the script > executable?" while reading response header from upstream, ...and it looks like that program cares about SCRIPT_NAME and DOCUMENT_ROOT, and presumably not about SCRIPT_FILENAME. So I'd guess that you want to remove the SCRIPT_FILENAME line, and replace it with fastcgi_param SCRIPT_NAME gitweb.cgi; fastcgi_param DOCUMENT_ROOT /usr/lib/cgi-bin; Your fcgiwrap program may have more documentation on precisely what parameters it expects and needs. Possibly there should be an extra "/", either at the end of one param or at the start of the other. Good luck, f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Fri Dec 2 22:05:44 2011 From: nginx-forum at nginx.us (jkleban) Date: Fri, 02 Dec 2011 17:05:44 -0500 Subject: Setting document root with module Message-ID: <3dd8db847c16d56f5944ad905bea9665.NginxMailingListEnglish@forum.nginx.org> Hi, I'm investigating the prospects of setting $document_root based of a value sitting in a text file. Not believing that I could just have the configuration file read from a .txt, my initial thought was to create a module, calling the directive in nginx.conf and passing the path to the txt file there, and using the module to set $document_root according to the contents of the text file. Unsure how to accomplish this at the moment. Anyone have any advice/solutions for this problem? Thanks! Jason Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219511,219511#msg-219511 From francis at daoine.org Fri Dec 2 22:18:37 2011 From: francis at daoine.org (Francis Daly) Date: Fri, 2 Dec 2011 22:18:37 +0000 Subject: Allow CNAME records to connect to point to my server? In-Reply-To: References: Message-ID: <20111202221837.GJ27443@craic.sysops.org> On Fri, Dec 02, 2011 at 04:37:40AM -0500, anagio wrote: Hi there, > Our web app gives each user a sub-domain. I'd like to offer some larger > plans CNAME's so they can point one of their own domain names with a > CNAME to their sub-domain on our server > > ie; username.ourwebapp.com > > customersdomain.com => CNAME username.ourwebapp.com > > Our NGINX server is configured with wild card sub-domains, but uses a > perl conf to read valid sub-domains from a file. If the sub-domain > doesn't exist they get a 404. CNAME is just a way to get the web traffic to your IP address. The request will still include the original name in the Host: header. nginx cares about the Host: header and the server_name configuration directive -- see for example http://nginx.org/en/docs/http/server_names.html for how things work. If you're not doing anything clever within nginx, then where you currently have "server_name username.ourwebapp.com", you make it "server_name username.ourwebapp.com customersdomain.com", and it should Just Work. It sounds like you *are* doing something clever, where nginx accepts all Host: names and your extra system decides how to proceed. In that case, you'll want your extra system to treat customersdomain.com in the same way it treats username.ourwebapp.com. > we will need to create a name based virtual host and a new > config file in sites-available include their subdomain on our server, as > well as an alias of the customers own domain? You'll need to ensure that one server{} block handles the customer's domain, and one server{} block handles your subdomain, and that they each do the Right Thing. They can be the same server{} block. The implementation details really depend on what your perl conf and your web app do. Good luck, f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Fri Dec 2 22:33:11 2011 From: nginx-forum at nginx.us (rateitstar) Date: Fri, 02 Dec 2011 17:33:11 -0500 Subject: Hi, i have a question, Im currently got a caching system in place but it use php to utilize it... In-Reply-To: <79395dd25a806e2d1701f88bdd3c399d.NginxMailingListEnglish@forum.nginx.org> References: <79395dd25a806e2d1701f88bdd3c399d.NginxMailingListEnglish@forum.nginx.org> Message-ID: its okay its alright, keep ur advice to urselfs respect Posted at Nginx Forum: http://forum.nginx.org/read.php?2,218877,219516#msg-219516 From ian at ianhobson.co.uk Fri Dec 2 22:48:33 2011 From: ian at ianhobson.co.uk (Ian Hobson) Date: Fri, 02 Dec 2011 22:48:33 +0000 Subject: Strange "long polling" problem. In-Reply-To: <4ED80D83.2010103@ianhobson.co.uk> References: <4ED80D83.2010103@ianhobson.co.uk> Message-ID: <4ED955C1.5030404@ianhobson.co.uk> Hi all, Can someone who is using the long polling module (either version .69 or .692) please respond and at least confirm that it does or does not work? Thanks Ian -- Ian Hobson 31 Sheerwater, Northampton NN3 5HU, Tel: 01604 513875 Preparing eBooks for Kindle and ePub to give the best reader experience. From nginx-forum at nginx.us Sat Dec 3 00:05:42 2011 From: nginx-forum at nginx.us (brianmercer) Date: Fri, 02 Dec 2011 19:05:42 -0500 Subject: Priority of cache-control, expires, x-accel-expires Message-ID: How does nginx caching handle multiple cache control headers sent from a backend? I had a situation where I was sending both expires and cache-control and it seemed that the order in which they were sent controlled. I solved that problem by ignoring the expires header. I thought I recalled that x-accel-expires would override any other headers regardless of order, but that doesn't seem to be the case. Is there a priority, or does order control? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219520,219520#msg-219520 From nginx-forum at nginx.us Sat Dec 3 01:37:03 2011 From: nginx-forum at nginx.us (anagio) Date: Fri, 02 Dec 2011 20:37:03 -0500 Subject: Allow CNAME records to connect to point to my server? In-Reply-To: References: Message-ID: Thanks, the only thing the perl conf is doing is reading a list of sub-domains and placing them into the config file where server_name is no different than if I entered them manually. So before a customer creates a CNAME we'll need to add their domain into the list of server_names. Thanks I'll test this with a few of my own domains Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219463,219521#msg-219521 From nginx-forum at nginx.us Sat Dec 3 01:58:54 2011 From: nginx-forum at nginx.us (mfouwaaz) Date: Fri, 02 Dec 2011 20:58:54 -0500 Subject: 404 Not Found -- nginx/1.0.10 In-Reply-To: <51cc82b2926976f43edefa52dccee5cd.NginxMailingListEnglish@forum.nginx.org> References: <51cc82b2926976f43edefa52dccee5cd.NginxMailingListEnglish@forum.nginx.org> Message-ID: <89310bb57f2183f9f8765b0cfb73d788.NginxMailingListEnglish@forum.nginx.org> ... and it happened again. Any clues please? I am very new to Nginx. Thanks! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219405,219522#msg-219522 From nginx-forum at nginx.us Sat Dec 3 04:48:01 2011 From: nginx-forum at nginx.us (escavern) Date: Fri, 02 Dec 2011 23:48:01 -0500 Subject: Help! Nginx Vulnerable Remote file inclusion Message-ID: I really need help here :( my forum got hacked 3 times, and i detected the hacker use RFI(Remote file inclusion) after i found an avatar image contain Phpshell code inside it. and the weird thing is when i tried to use RFI on Apache it will not run the phpshell, You can see here: http://www.ceriwis.org/rfi.php?hal=ass.jpg <------------ using NGINX and phpshell executed and http://ceri.ws/rfi.php?hal=ass.jpg <---------------- using Apace and phpshell unable to executed im using Nginx 0.8.53 and php-fpm I really need solution to solve my problem guys. i want to stop the image to get executed like Apache does.. Please give me solution. thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219523,219523#msg-219523 From nginx-forum at nginx.us Sat Dec 3 04:49:43 2011 From: nginx-forum at nginx.us (escavern) Date: Fri, 02 Dec 2011 23:49:43 -0500 Subject: Help! Nginx Vulnerable Remote file inclusion In-Reply-To: References: Message-ID: the image file is JPEG you can see the image file here: http://www.ceriwis.org/ass.jpg http://ceri.ws/ass.jpg Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219523,219524#msg-219524 From tim-nginx at bitgems.com Sat Dec 3 05:11:35 2011 From: tim-nginx at bitgems.com (Tim Mensch) Date: Fri, 02 Dec 2011 22:11:35 -0700 Subject: Help! Nginx Vulnerable Remote file inclusion In-Reply-To: References: Message-ID: <4ED9AF87.5010202@bitgems.com> Check out this thread and see if it answers your question: http://mailman.nginx.org/pipermail/nginx/2011-November/030503.html It's not precisely the same, since you have rfi.php?hal=ass.jpg and not rfi.php/ass.jpg, but it feels like the same bug, and you're only a rewrite rule away from having exactly the problem command line. The short answer is to add this: try_files $uri =404; or this: if (!-f $request_filename) { return 404; } to your PHP configuration in the PHP fastcgi configuration block. Tim On 12/2/2011 9:49 PM, escavern wrote: > the image file is JPEG > you can see the image file here: > > > http://www.ceriwis.org/ass.jpg > > http://ceri.ws/ass.jpg > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219523,219524#msg-219524 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Sat Dec 3 05:47:43 2011 From: nginx-forum at nginx.us (escavern) Date: Sat, 03 Dec 2011 00:47:43 -0500 Subject: Help! Nginx Vulnerable Remote file inclusion In-Reply-To: References: Message-ID: <19ad55e1ab2ff6e5019aa7844489d2e5.NginxMailingListEnglish@forum.nginx.org> its not working man.. i added the line you gave and i think you can still access it Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219523,219526#msg-219526 From tim-nginx at bitgems.com Sat Dec 3 05:50:18 2011 From: tim-nginx at bitgems.com (Tim Mensch) Date: Fri, 02 Dec 2011 22:50:18 -0700 Subject: Help! Nginx Vulnerable Remote file inclusion In-Reply-To: <19ad55e1ab2ff6e5019aa7844489d2e5.NginxMailingListEnglish@forum.nginx.org> References: <19ad55e1ab2ff6e5019aa7844489d2e5.NginxMailingListEnglish@forum.nginx.org> Message-ID: <4ED9B89A.4000608@bitgems.com> On 12/2/2011 10:47 PM, escavern wrote: > its not working man.. i added the line you gave and i think you can > still access it Don't know, then, sorry. Maybe post your log and the php configuration that you're using? Someone else will likely need to help from this point. My post was a shot in the dark because your issue looked so much like the php fastcgi issue that I linked to. Tim From nginx-forum at nginx.us Sat Dec 3 06:34:52 2011 From: nginx-forum at nginx.us (drvirens) Date: Sat, 03 Dec 2011 01:34:52 -0500 Subject: Attention Valery Kholodkov :) Upload Module query Message-ID: Hello Folks and hello Valery, I want to run the example.php that comes alongwith Valery's upload module. However, I'm having problems trying to set it up correctly. (Sorry I have never worked on php before so please please pardon my query here, but I wanna make a good progress this weekend for my hobbyist project :) So, after compiling nginx code and creating nginx.config, where exactly should I put the example.php and upload.html files? Another side query is, would it matter if I use Apple's LLVM GCC compiler for compiling the nginx code? I have Lion on my Mac (10.7). Thanks a lot in advance and happy weekend!! Kind regards, ~Viren Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219528,219528#msg-219528 From nginx-forum at nginx.us Sat Dec 3 06:36:10 2011 From: nginx-forum at nginx.us (escavern) Date: Sat, 03 Dec 2011 01:36:10 -0500 Subject: Help! Nginx Vulnerable Remote file inclusion In-Reply-To: <4ED9B89A.4000608@bitgems.com> References: <4ED9B89A.4000608@bitgems.com> Message-ID: This is my PHP configuration : ------------------------------------------------------------------------------------------------------- server { listen 80; server_name www.ceriwis.org; #rewrite ^/(.*) http://ceriwis.us/$1 permanent; client_max_body_size 50M; #access_log logs/host.access.log main; location / { root /home/ceriorg/public_html; index index.php index.html; location /crwscp { auth_basic "Administrator Login"; auth_basic_user_file /home/htpasswd.txt; } location ~ \..*/.*\.php { return 403; } if ($http_user_agent ~* "^.*(sharp).*") { return 403; } } error_page 404 /404.html; location = /404.html { root /usr/share/nginx/html; } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { root public_html; include fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param HTTPS on; fastcgi_param SCRIPT_FILENAME /home/ceriorg/public_html$fastcgi_script_name; #fastcgi_intercept_errors on; } } ------------------------------------------------------------------------------------------------------- i hope you can help me Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219523,219529#msg-219529 From osa at FreeBSD.org.ru Sat Dec 3 07:27:19 2011 From: osa at FreeBSD.org.ru (Sergey A. Osokin) Date: Sat, 3 Dec 2011 11:27:19 +0400 Subject: Attention Valery Kholodkov :) Upload Module query In-Reply-To: References: Message-ID: <20111203072719.GB14806@FreeBSD.org.ru> On Sat, Dec 03, 2011 at 01:34:52AM -0500, drvirens wrote: > Hello Folks and hello Valery, > > I want to run the example.php that comes alongwith Valery's upload > module. However, I'm having problems trying to set it up correctly. > (Sorry I have never worked on php before so please please pardon my > query here, but I wanna make a good progress this weekend for my > hobbyist project :) > > So, after compiling nginx code and creating nginx.config, where exactly > should I put the example.php and upload.html files? > > Another side query is, would it matter if I use Apple's LLVM GCC > compiler for compiling the nginx code? I have Lion on my Mac (10.7). I'm working with FreeBSD ports tree on FreeBSD9 with clang. I'd like to tell that www/nginx and www/nginx-devel compiles well with clang, as well as with gcc. -- Sergey A. Osokin osa at FreeBSD.ORG.ru osa at FreeBSD.ORG From nginx-forum at nginx.us Sat Dec 3 07:38:30 2011 From: nginx-forum at nginx.us (etrader) Date: Sat, 03 Dec 2011 02:38:30 -0500 Subject: How to use C as a scripting language? Message-ID: I am using php in nginx. I wonder how can I modify nginx configuration to work with C too. Considered a simple c file (hello.c and compiled as a.out) with printf of printf("Content-type: text/html\r\nStatus: 200 OK\r\n\r\n"); printf("Hello World"); how can I display Hello World by browsing the compiled version on localhost/a.out Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219531,219531#msg-219531 From nginx-forum at nginx.us Sat Dec 3 08:26:31 2011 From: nginx-forum at nginx.us (escavern) Date: Sat, 03 Dec 2011 03:26:31 -0500 Subject: Nginx+Php-fpm Dangerous Bug Message-ID: This is very dangerous Remote File Inclusion Bug in Nginx+php-fpm The Nginx+php-fpm shows dangerous bug because its allowed the PhpShell hidden in Image to Running, if you have php script like this: ------------------------------------------------------------------------------------------------------------ --------------------------------------------------------------------------------------------------------- and the Php-shell formed in image(jpg/gif) can be executed to running with command like this http://www.your-domain.com/script.php?call=phpshell.jpg but it doesnt affect when i tried on Apache as an example you can see here: http://www.ceriwis.org/rfi.php?hal=ass.jpg <------------ using NGINX and phpshell executed and http://ceri.ws/rfi.php?hal=ass.jpg <---------------- using Apace and phpshell unable to executed someone told me i should use: 1.try_files $uri =404; or this: 2.if (!-f $request_filename) { return 404; } or this 3.cgi.fix_pathinfo=0 4.http://cnedelcu.blogspot.com/2010/05/nginx-php-via-fastcgi-important.html 5.Igor sysoev tips : http://forum.nginx.org/read.php?2,88845,88858#msg-88858 but all of them won't work, i still can access http://www.ceriwis.org/rfi.php?hal=ass.jpg and the phpshell still appear. im using Nginx 0.8.53 and php-fpm i got my website hacked 3 times by this bug i hope someone knows what to do with this situation because i think this is serious bug and there will be many victims if this thing not solved. thanks Please give me solution. thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219532,219532#msg-219532 From appa at perusio.net Sat Dec 3 08:44:38 2011 From: appa at perusio.net (=?UTF-8?B?QW50w7NuaW8=?= P. P. Almeida) Date: Sat, 03 Dec 2011 08:44:38 +0000 Subject: Nginx+Php-fpm Dangerous Bug In-Reply-To: References: Message-ID: <87wraehwnd.wl%appa@perusio.net> On 3 Dez 2011 08h26 WET, nginx-forum at nginx.us wrote: > This is very dangerous Remote File Inclusion Bug in Nginx+php-fpm > The Nginx+php-fpm shows dangerous bug because its allowed the > PhpShell hidden in Image to Running, > > if you have php script like this: > ------------------------------------------------------------------------------------------------------------ > > $rfi = $_GET['call']; > include($rfi); > ?> > --------------------------------------------------------------------------------------------------------- > > and the Php-shell formed in image(jpg/gif) can be executed to > running with command like this > http://www.your-domain.com/script.php?call=phpshell.jpg but it > doesnt affect when i tried on Apache > > as an example you can see here: > > http://www.ceriwis.org/rfi.php?hal=ass.jpg <------------ using NGINX > and phpshell executed > > and > > http://ceri.ws/rfi.php?hal=ass.jpg <---------------- using Apace and > phpshell unable to executed > > someone told me i should use: 1.try_files $uri =404; or this: 2.if > (!-f $request_filename) { return 404; } or this 3.cgi.fix_pathinfo=0 > 4.http://cnedelcu.blogspot.com/2010/05/nginx-php-via-fastcgi-important.html > 5.Igor sysoev tips : > http://forum.nginx.org/read.php?2,88845,88858#msg-88858 but all of > them won't work, i still can access > http://www.ceriwis.org/rfi.php?hal=ass.jpg and the phpshell still > appear. The try_files $uri =404 is not very smart since it involves making a spurious stat() call AFAIK. Instead you should enumerate all your php files with exact '=' locations and place something like this at the end of your config. location ~* \.php { return 404; } Or if relying on PATH_INFO you should do something like this: ## Regular PHP processing. location ~ ^(?