From lyninx at gmail.com Sun Apr 1 06:05:48 2012 From: lyninx at gmail.com (guo rong zhang) Date: Sun, 1 Apr 2012 14:05:48 +0800 Subject: post Message-ID: -------------- next part -------------- An HTML attachment was scrubbed... URL: From amoiz.shine at gmail.com Sun Apr 1 13:33:23 2012 From: amoiz.shine at gmail.com (Sharl.Jimh.Tsin) Date: Sun, 1 Apr 2012 21:33:23 +0800 Subject: [ANNOUNCE] Tengine-1.2.4 In-Reply-To: References: Message-ID: are you sure that NOT a joke of April Fools' Day, like taolinux (http://code.taobao.org/p/taobao_linux_server/src/trunk/taolinux/) ? Best regards, Sharl.Jimh.Tsin (From China **Obviously Taiwan INCLUDED**) Using Gmail? Please read this important notice: http://www.fsf.org/campaigns/jstrap/gmail?10073. 2012/3/31 Joshua Zhu : > Hi folks! > > We're pleased to announce that Tengine-1.2.4 has been released. You can > either download the tar ball > from?http://tengine.taobao.org/download/tengine-1.2.4.tar.gz ,?or checkout > the code from https://github.com/taobao/tengine > > As this release, Tengine is based on Nginx-1.0.14. The highlight is a brand > new 'user_agent' module which would be a good replacement for the 'browser' > module in standard Nginx.?It's more efficient and flexible?than the > 'browser' module. Other changes include: > * Feature: added the 'log_escape' directive. > * Bugfix: fixed a bug in the limit_req module. > * Bugfix: fixed a bug in subrequest. > > Regards, > > -- > Joshua Zhu > Senior Software Engineer > Server Platforms Team at Taobao > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From smallfish.xy at gmail.com Sun Apr 1 13:58:46 2012 From: smallfish.xy at gmail.com (smallfish) Date: Sun, 1 Apr 2012 21:58:46 +0800 Subject: [ANNOUNCE] Tengine-1.2.4 In-Reply-To: References: Message-ID: hah, perhaps just a joke. but nothing is impossable. :) -- blog: http://chenxiaoyu.org ? 2012?4?1? ??9:33?Sharl.Jimh.Tsin ??? > are you sure that NOT a joke of April Fools' Day, like taolinux > (http://code.taobao.org/p/taobao_linux_server/src/trunk/taolinux/) ? > > Best regards, > Sharl.Jimh.Tsin (From China **Obviously Taiwan INCLUDED**) > > Using Gmail? Please read this important notice: > http://www.fsf.org/campaigns/jstrap/gmail?10073. > > > > 2012/3/31 Joshua Zhu : > > Hi folks! > > > > We're pleased to announce that Tengine-1.2.4 has been released. You can > > either download the tar ball > > from http://tengine.taobao.org/download/tengine-1.2.4.tar.gz , or > checkout > > the code from https://github.com/taobao/tengine > > > > As this release, Tengine is based on Nginx-1.0.14. The highlight is a > brand > > new 'user_agent' module which would be a good replacement for the > 'browser' > > module in standard Nginx. It's more efficient and flexible than the > > 'browser' module. Other changes include: > > * Feature: added the 'log_escape' directive. > > * Bugfix: fixed a bug in the limit_req module. > > * Bugfix: fixed a bug in subrequest. > > > > Regards, > > > > -- > > Joshua Zhu > > Senior Software Engineer > > Server Platforms Team at Taobao > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From varia at e-healthexpert.org Sun Apr 1 19:32:14 2012 From: varia at e-healthexpert.org (Mark Alan) Date: Sun, 1 Apr 2012 20:32:14 +0100 Subject: proxmox: how to use nginx instead of apache Message-ID: <20120401203214.1899b7c7@e-healthexpert.org> Hello list, I wonder if anybody in this list was successful at (completely) replacing apache for nginx as the web server for the proxmox VE management system . As for simply proxying it, I know that the following has beeen used to simply proxy clients to apache: server { listen 80 default_server; server_name ~^(www\.)?(?.+)$; return 302 https://$domain$request_uri; } server { listen 443 default_server ssl; server_name _; ssl_certificate /etc/pve/local/pve-ssl.pem; ssl_certificate_key /etc/pve/local/pve-ssl.key; location / { proxy_pass https://127.0.0.1:8006 ; } } Thank you, M. From kevanstannard at gmail.com Mon Apr 2 00:19:12 2012 From: kevanstannard at gmail.com (Kevan Stannard) Date: Mon, 2 Apr 2012 10:19:12 +1000 Subject: Understanding host value in nginx error log files Message-ID: I typically see entries in my error.log files of hack attempts where the host entry is the IP address of my server, but I also see some entries with host values that are domain names I don't recognise. Example 1: 012/04/01 06:12:49 [error] 644#0: *882 "/var/www/nginx-default/ab1e27867d53d8f4942095a891183ce0cacd3dbf/0d4fc9bfe7c5f26b02522d088dd98da95a9ed8d7/074977cbb342d6ffa7743ae477a5c0054fef5512/index.html" is not found (2: No such file or directory), client: 150.70.75.37, server: localhost, request: "GET /ab1e27867d53d8f4942095a891183ce0cacd3dbf/0d4fc9bfe7c5f26b02522d088dd98da95a9ed8d7/074977cbb342d6ffa7743ae477a5c0054fef5512/ HTTP/1.0", host: "deepspacer.com" Example 2: 2012/02/03 01:38:41 [error] 592#0: *14019 open() "/var/www/nginx-default/home.php" failed (2: No such file or directory), client: 216.104.15.130, server: localhost, request: "GET /home.php?SES=517a4bfc0137889f05d67314df2715a1&from_diary=1&cpl=1&from=102_4 HTTP/1.0", host: "www.au.mytelecomsurvey.com" Example 3: 2012/02/03 11:57:56 [error] 592#0: *18075 open() "/var/www/nginx-default/sites/default/files/js/js_b3ffc00633d66887fcb4ecdfc2d1c13a.jsmin.js" failed (2: No such file or directory), client: 150.70.64.197, server: localhost, request: "GET /sites/default/files/js/js_b3ffc00633d66887fcb4ecdfc2d1c13a.jsmin.js HTTP/1.0", host: "www.formalites-juridiques.net" I was hoping someone could explain what it means if I'm seeing these domain names as host values and if it's something I need to be concerned about. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From tdgh2323 at hotmail.com Mon Apr 2 01:31:42 2012 From: tdgh2323 at hotmail.com (Micheal Wolfskill) Date: Mon, 2 Apr 2012 01:31:42 +0000 Subject: How to limit_req depending if the requests has a REFERER or not. Message-ID: Hello. I have something like this... I need to be able to apply three different limit_req depending: a.) If the referer to click.php is domain.com ... apply zone1 b.) If there is some other referer apply zone2 on click.php c.) If there is no referer apply zone3 on click.php location /click.php { limit_req zone=one nodelay; proxy_pass http://22.136.1.121:80/; } Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From tdgh2323 at hotmail.com Mon Apr 2 04:09:14 2012 From: tdgh2323 at hotmail.com (Micheal Wolfskill) Date: Mon, 2 Apr 2012 04:09:14 +0000 Subject: Anyway to assign # of workers per server {} ? Message-ID: Hello, Id like to isolate the resources each one of my server {} consumes... in case any of my sites gets DoSed .. id like to try to contain possible effects related to used worker processes within its respective site. Is there anyway to achieve this? Regards, Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Mon Apr 2 04:56:56 2012 From: nginx-forum at nginx.us (niraj) Date: Mon, 2 Apr 2012 00:56:56 -0400 (EDT) Subject: Not easy replacement of Apache with Ngnix due to error log Message-ID: <69aa2109190fe2d487f2667e9bfb1765.NginxMailingListEnglish@forum.nginx.org> Hi All I having the html files and cgi files for that I was using the apache, Its running fine. I heard about the Nginx and I was trying to setup the same in locally first. but during that I was getting the error the error of Nginx not reflect the exact issue with the application. the error of Nginx is not system admin friendly at all. from the below error we are not able to conclude anything. how to solve the such kind of issue by checking the error log ?????? 2012/03/30 09:58:05 [error] 29619#0: *1 upstream closed prematurely FastCGI stdout while reading response header from upstream, client: 192.168.1.44, server: localhost, request: "GET /cgi-bin/baybuy_vendx/index.cgi?vendx_action=myoffice_commonuser&userid=53616c7465645f5f1fed4bcaa10a7da569ecb5a53e5a718a&page=1b662ecc4610f940ec530e3bc8762169&BusinessGrID=1 HTTP/1.1", upstream: "fastcgi://unix:/var/run/fcgiwrap.socket:", host: "192.168.1.225:90", referrer: "http://192.168.1.225:90/cgi-bin/baybuy_vendx/index.cgi?vendx_action=validate_both2" Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224747,224747#msg-224747 From ru at nginx.com Mon Apr 2 06:16:10 2012 From: ru at nginx.com (Ruslan Ermilov) Date: Mon, 2 Apr 2012 10:16:10 +0400 Subject: Anyway to assign # of workers per server {} ? In-Reply-To: References: Message-ID: <20120402061610.GA56549@lo0.su> On Mon, Apr 02, 2012 at 04:09:14AM +0000, Micheal Wolfskill wrote: > Id like to isolate the resources each one of my server {} consumes... in > case any of my sites gets DoSed .. id like to try to contain possible > effects related to used worker processes within its respective site. Is > there anyway to achieve this? If your servers use different address/port pairs, an obvious solution would be to run several instances of nginx, one per address/port. From ru at nginx.com Mon Apr 2 06:28:11 2012 From: ru at nginx.com (Ruslan Ermilov) Date: Mon, 2 Apr 2012 10:28:11 +0400 Subject: Understanding host value in nginx error log files In-Reply-To: References: Message-ID: <20120402062811.GB56549@lo0.su> On Mon, Apr 02, 2012 at 10:19:12AM +1000, Kevan Stannard wrote: > I typically see entries in my error.log files of hack attempts where the > host entry is the IP address of my server, but I also see some entries with > host values that are domain names I don't recognise. > > Example 1: > > 012/04/01 06:12:49 [error] 644#0: *882 > "/var/www/nginx-default/ab1e27867d53d8f4942095a891183ce0cacd3dbf/0d4fc9bfe7c5f26b02522d088dd98da95a9ed8d7/074977cbb342d6ffa7743ae477a5c0054fef5512/index.html" > is not found (2: No such file or directory), client: 150.70.75.37, server: > localhost, request: "GET > /ab1e27867d53d8f4942095a891183ce0cacd3dbf/0d4fc9bfe7c5f26b02522d088dd98da95a9ed8d7/074977cbb342d6ffa7743ae477a5c0054fef5512/ > HTTP/1.0", host: "deepspacer.com" > > Example 2: > > 2012/02/03 01:38:41 [error] 592#0: *14019 open() > "/var/www/nginx-default/home.php" failed (2: No such file or directory), > client: 216.104.15.130, server: localhost, request: "GET > /home.php?SES=517a4bfc0137889f05d67314df2715a1&from_diary=1&cpl=1&from=102_4 > HTTP/1.0", host: "www.au.mytelecomsurvey.com" > > Example 3: > > 2012/02/03 11:57:56 [error] 592#0: *18075 open() > "/var/www/nginx-default/sites/default/files/js/js_b3ffc00633d66887fcb4ecdfc2d1c13a.jsmin.js" > failed (2: No such file or directory), client: 150.70.64.197, server: > localhost, request: "GET > /sites/default/files/js/js_b3ffc00633d66887fcb4ecdfc2d1c13a.jsmin.js > HTTP/1.0", host: "www.formalites-juridiques.net" > > I was hoping someone could explain what it means if I'm seeing these domain > names as host values and if it's something I need to be concerned about. It is just a value of the Host request header field. This could happen due to client's DNS misconfiguration. This could equally be a sign of malicious entity probing your site. From mansab.uppal at gmail.com Mon Apr 2 06:33:17 2012 From: mansab.uppal at gmail.com (Mansab Uppal) Date: Mon, 2 Apr 2012 12:03:17 +0530 Subject: Encountered '403 Forbidden Error' Message-ID: After configuring the nginx on windows, received '403 Frobidden Error' while opening the web page for the web site's 'index.php' page placed at the document root of the web server: html/v4/index.php' Any suggestions ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Mon Apr 2 07:50:38 2012 From: nginx-forum at nginx.us (mscheel) Date: Mon, 2 Apr 2012 03:50:38 -0400 (EDT) Subject: $https with SSL proxy Message-ID: <7050ef8172d12a965c73c428d3950776.NginxMailingListEnglish@forum.nginx.org> Dear all, starting with version 1.1.11 the $https variable is activated by default. This is good as many applications rely on them because apache is using this header. However, now i cannot set or map this variable (nginx: [emerg] the duplicate "https" variable). We have a load balancer in front of the web servers which does all SSL traffic. The nginx servers can only differ between http and https via a header sent by the load balancer, the nginx port is the same. That hasn't been a problem in < 1.1.11. Many plugins, codings in applications use this $https header so it would be nice if i could assign it manually. Any ideas? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224756,224756#msg-224756 From appa at perusio.net Mon Apr 2 08:00:09 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Mon, 2 Apr 2012 10:00:09 +0200 Subject: $https with SSL proxy In-Reply-To: <7050ef8172d12a965c73c428d3950776.NginxMailingListEnglish@forum.nginx.org> References: <7050ef8172d12a965c73c428d3950776.NginxMailingListEnglish@forum.nginx.org> Message-ID: <8211b4188417939839a07dd6e1b9b56f.squirrel@damiao.org> > Dear all, > > starting with version 1.1.11 the $https variable is activated by > default. This is good as many applications rely on them because apache > is using this header. > However, now i cannot set or map this variable (nginx: [emerg] the > duplicate "https" variable). We have a load balancer in front of the web > servers which does all SSL traffic. The nginx servers can only differ > between http and https via a header sent by the load balancer, the nginx > port is the same. That hasn't been a problem in < 1.1.11. Many plugins, > codings in applications use this $https header so it would be nice if i > could assign it manually. Have you tried explicitly setting the fastcgi_param, like in: fastcgi_param HTTPS $my_https; where $my_https is a variable that you set as you want it? --appa From nginx-forum at nginx.us Mon Apr 2 08:05:16 2012 From: nginx-forum at nginx.us (mscheel) Date: Mon, 2 Apr 2012 04:05:16 -0400 (EDT) Subject: $https with SSL proxy In-Reply-To: <8211b4188417939839a07dd6e1b9b56f.squirrel@damiao.org> References: <8211b4188417939839a07dd6e1b9b56f.squirrel@damiao.org> Message-ID: Antonio P.P. Almeida Wrote: ------------------------------------------------------- > > Dear all, > > > > starting with version 1.1.11 the $https variable > is activated by > > default. This is good as many applications rely > on them because apache > > is using this header. > > However, now i cannot set or map this variable > (nginx: [emerg] the > > duplicate "https" variable). We have a load > balancer in front of the web > > servers which does all SSL traffic. The nginx > servers can only differ > > between http and https via a header sent by the > load balancer, the nginx > > port is the same. That hasn't been a problem in > < 1.1.11. Many plugins, > > codings in applications use this $https header > so it would be nice if i > > could assign it manually. > > Have you tried explicitly setting the > fastcgi_param, like in: > > fastcgi_param HTTPS $my_https; > > where $my_https is a variable that you set as you > want it? > > --appa > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx The problem is that all applications rely on this "https" header, changing the code of all applications makes no sense to me. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224756,224758#msg-224758 From appa at perusio.net Mon Apr 2 08:10:52 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Mon, 2 Apr 2012 10:10:52 +0200 Subject: $https with SSL proxy In-Reply-To: References: <8211b4188417939839a07dd6e1b9b56f.squirrel@damiao.org> Message-ID: > The problem is that all applications rely on this "https" header, > changing the code of all applications makes no sense to me. AFAIK it's not a header but rather a parameter that is passed through CGI and in PHP, for example, you recover via $_SERVER['HTTPS']. This has nothing to do with headers. Of course you can set a header based on it. X-Forwarded-Proto $https; or X-Forwarded-Proto $my_https; ---appa From appa at perusio.net Mon Apr 2 08:35:35 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Mon, 2 Apr 2012 10:35:35 +0200 Subject: $https with SSL proxy In-Reply-To: References: <8211b4188417939839a07dd6e1b9b56f.squirrel@damiao.org> Message-ID: >> The problem is that all applications rely on this "https" header, >> changing the code of all applications makes no sense to me. > > AFAIK it's not a header but rather a parameter that is passed through CGI > and in PHP, for example, you recover via $_SERVER['HTTPS']. This has > nothing to do with headers. Of course you can set a header based on it. > > X-Forwarded-Proto $https; > > or > > X-Forwarded-Proto $my_https; Oops. My bad. I meant: X-Forwarded-Proto $scheme; --appa From nginx-forum at nginx.us Mon Apr 2 08:39:55 2012 From: nginx-forum at nginx.us (mscheel) Date: Mon, 2 Apr 2012 04:39:55 -0400 (EDT) Subject: $https with SSL proxy In-Reply-To: <7050ef8172d12a965c73c428d3950776.NginxMailingListEnglish@forum.nginx.org> References: <7050ef8172d12a965c73c428d3950776.NginxMailingListEnglish@forum.nginx.org> Message-ID: Your right, setting it for fastcgi as param works fine. I had a problem in the past setting variables in the fastcgi_params, they've just been ignored. This seems to be gone. Then i have to rewrite the nginx internal logic of my substitions/mappings based on this variable. I still think allowing a manual override of this variable should be allowed. If any other plugin relies on this header users with SSL Accelerators will definately have a problem. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224756,224761#msg-224761 From nginx-forum at nginx.us Mon Apr 2 09:23:30 2012 From: nginx-forum at nginx.us (shrinath.m) Date: Mon, 2 Apr 2012 05:23:30 -0400 (EDT) Subject: if proxy_read_timeout - then do something? Message-ID: <8d456b14891f54100a6c46111ad2eba9.NginxMailingListEnglish@forum.nginx.org> Hi, I would like to put a proxy_read_timeout and if it times out, I want to do a specific action in php and return some response to the user. Is this possible? How? Thanks, Shrinath Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224764,224764#msg-224764 From john at jmsd.co.uk Mon Apr 2 09:50:35 2012 From: john at jmsd.co.uk (John Moore) Date: Mon, 02 Apr 2012 10:50:35 +0100 Subject: nginx as remote proxy - limit number of concurrent connections? Message-ID: <4F79766B.2070909@jmsd.co.uk> I'm using nginx as a remote proxy server in front of a bunch of Tomcat instances, and occasionally I'm running into a situation where all available threads are used up in the Tomcat instances, which causes various problems. Rather than trying to deal with these problems in that layer, I was wondering about preventing the situation from arising by limiting the number of concurrent connections to the upstream servers in nginx. I'm not entirely sure how to do this, but I have no doubt it's doable. Suggestions, please! From appa at perusio.net Mon Apr 2 09:54:04 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Mon, 2 Apr 2012 11:54:04 +0200 Subject: nginx as remote proxy - limit number of concurrent connections? In-Reply-To: <4F79766B.2070909@jmsd.co.uk> References: <4F79766B.2070909@jmsd.co.uk> Message-ID: > I'm using nginx as a remote proxy server in front of a bunch of Tomcat > instances, and occasionally I'm running into a situation where all > available threads are used up in the Tomcat instances, which causes > various problems. Rather than trying to deal with these problems in that > layer, I was wondering about preventing the situation from arising by > limiting the number of concurrent connections to the upstream servers in > nginx. I'm not entirely sure how to do this, but I have no doubt it's > doable. Suggestions, please! Try this: http://nginx.localdomain.pl/wiki/UpstreamFair with the weight_mode=peak option. --appa From mdounin at mdounin.ru Mon Apr 2 10:57:08 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 2 Apr 2012 14:57:08 +0400 Subject: if proxy_read_timeout - then do something? In-Reply-To: <8d456b14891f54100a6c46111ad2eba9.NginxMailingListEnglish@forum.nginx.org> References: <8d456b14891f54100a6c46111ad2eba9.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20120402105708.GB13466@mdounin.ru> Hello! On Mon, Apr 02, 2012 at 05:23:30AM -0400, shrinath.m wrote: > Hi, > > I would like to put a proxy_read_timeout and if it times out, I want to > do a specific action in php and return some response to the user. Is > this possible? How? http://nginx.org/r/error_page You have to handle 504 (Gateway Timeout) errors. Maxim Dounin From mdounin at mdounin.ru Mon Apr 2 11:17:54 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 2 Apr 2012 15:17:54 +0400 Subject: Socket leaks., pread and [crit] SSL_Write() in 1.0.14 In-Reply-To: References: <3b3f2c2eddfdd3e59d242463275e502e.NginxMailingListEnglish@forum.nginx.org> <00cd479fdbb8bdf2f9f844e88607f8bd.NginxMailingListEnglish@forum.nginx.org> <20120326164754.GL13466@mdounin.ru> Message-ID: <20120402111754.GD13466@mdounin.ru> Hello! On Sat, Mar 31, 2012 at 06:39:37PM -0400, Floren Munteanu wrote: > Hi Maxim, > > On 3/26/2012 12:47 PM, Maxim Dounin wrote: > >As already suggested - you may build nginx with any particular > >openssl version statically, by using --with-openssl= configure > >argument. > > I followed your advice and built a backlevel RPM for libcripto.so6 > and libssl.so6 so none of the deps are broken in CentOS 5. Then, I > built the OpenSSL 1.0.1 RPM's and rebuilt Nginx against the latest > libs: > # yum list openssl* nginx > Loaded plugins: fastestmirror > Loading mirror speeds from cached hostfile > * base: mirrors.manchester.icecolo.com > * extras: mirrors.manchester.icecolo.com > * updates: mirrors.manchester.icecolo.com > Installed Packages > nginx.x86_64 1.0.14-1.el5 installed > openssl.x86_64 1.0.1-1.el5 installed > openssl-libs.x86_64 1.0.1-1.el5 installed > openssl098e.x86_64 0.9.8e-1.el5 installed > > # nginx -V > nginx version: nginx/1.0.14 > built by gcc 4.1.2 20080704 (Red Hat 4.1.2-52) > TLS SNI support enabled > configure arguments: --user=nginx --group=nginx > --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx > --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid > --error-log-path=/var/log/nginx/error.log > --http-log-path=/var/log/nginx/access.log > --http-client-body-temp-path=/var/lib/nginx/client > --http-fastcgi-temp-path=/var/lib/nginx/fastcgi > --http-proxy-temp-path=/var/lib/nginx/proxy > --http-scgi-temp-path=/var/lib/nginx/scgi > --http-uwsgi-temp-path=/var/lib/nginx/uwsgi > --lock-path=/var/lock/subsys/nginx --with-cc-opt='-O3 -g -m64 > -mtune=nocona -m128bit-long-double -mmmx -msse3 -mfpmath=sse' > --with-file-aio --with-http_addition_module --with-http_dav_module > --with-http_degradation_module --with-http_flv_module > --with-http_geoip_module --with-http_gzip_static_module > --with-http_image_filter_module --with-http_mp4_module > --with-http_perl_module --with-http_random_index_module > --with-http_realip_module --with-http_secure_link_module > --with-http_ssl_module --with-http_stub_status_module > --with-http_sub_module --with-http_xslt_module --with-mail > --with-mail_ssl_module --with-poll_module --with-rtsig_module > --with-select_module Please also check if nginx actually uses new openssl library, ldd should be helpful here. > > http { > ... > ssl_prefer_server_ciphers on; > ssl_ciphers RC4:HIGH:!aNULL:!MD5; > ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; > ssl_session_cache shared:SSL:5m; > ssl_session_timeout 10m; > ... > > server { > listen 192.168.1.3:443 ssl default_server; > server_name www.domain.com; > access_log off; > error_log /var/log/nginx/localhost.error.log error; > root /var/www/domain.com; > index index.php index.html; > ssl_certificate domain.com.crt; > ssl_certificate_key domain.com.key; > ... > } > } > > Even if I eliminated the OpenSSL version issues, I still have random > [crit] SSL_write() failures at the same frequency as before. They > are also accompanied by open socket alerts, of this format: > [alert] 2380#0: open socket #34 left in connection 12 > > I'm looking forward to your suggestions. As already suggested, it whould be cool to check if you see the same problem in 1.1.x. And to proceed further we need debug log, see here: http://wiki.nginx.org/Debugging Note you'll need to recompile nginx with "--with-debug" configure argument to obtain one. Maxim Dounin From nginx-forum at nginx.us Mon Apr 2 13:28:54 2012 From: nginx-forum at nginx.us (shrinath.m) Date: Mon, 2 Apr 2012 09:28:54 -0400 (EDT) Subject: if proxy_read_timeout - then do something? In-Reply-To: <8d456b14891f54100a6c46111ad2eba9.NginxMailingListEnglish@forum.nginx.org> References: <8d456b14891f54100a6c46111ad2eba9.NginxMailingListEnglish@forum.nginx.org> Message-ID: <98a3cd9dbeb8fda659db0536b7fca9e7.NginxMailingListEnglish@forum.nginx.org> I tried to catch 504, not working. Anything wrong in the following? error_page 504 =200 @checkstatus; location @checkstatus { rewrite ^(.*)$ /k/binarystatus/check?original_uri=$1 break; proxy_pass https://shrinath.blah.com; proxy_hide_header Last-Modified; proxy_read_timeout 10s; proxy_intercept_errors on; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224764,224776#msg-224776 From nginx-forum at nginx.us Mon Apr 2 13:37:01 2012 From: nginx-forum at nginx.us (shrinath.m) Date: Mon, 2 Apr 2012 09:37:01 -0400 (EDT) Subject: if proxy_read_timeout - then do something? In-Reply-To: <98a3cd9dbeb8fda659db0536b7fca9e7.NginxMailingListEnglish@forum.nginx.org> References: <8d456b14891f54100a6c46111ad2eba9.NginxMailingListEnglish@forum.nginx.org> <98a3cd9dbeb8fda659db0536b7fca9e7.NginxMailingListEnglish@forum.nginx.org> Message-ID: <10e88af288d55ad5b2e0a390b613fd47.NginxMailingListEnglish@forum.nginx.org> Oops... I take it back, it works... Ignorant me had one more line few lines above the said code: error_page 500 504 =500 @error50x; Solved now... Thanks :) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224764,224777#msg-224777 From admin at yqed.com Mon Apr 2 16:15:10 2012 From: admin at yqed.com (Floren Munteanu) Date: Mon, 02 Apr 2012 12:15:10 -0400 Subject: Socket leaks., pread and [crit] SSL_Write() in 1.0.14 In-Reply-To: <20120402111754.GD13466@mdounin.ru> References: <3b3f2c2eddfdd3e59d242463275e502e.NginxMailingListEnglish@forum.nginx.org> <00cd479fdbb8bdf2f9f844e88607f8bd.NginxMailingListEnglish@forum.nginx.org> <20120326164754.GL13466@mdounin.ru> <20120402111754.GD13466@mdounin.ru> Message-ID: Hi Maxim, On 4/2/2012 7:17 AM, Maxim Dounin wrote: > As already suggested, it whould be cool to check if you see the > same problem in 1.1.x. > > And to proceed further we need debug log, see here: > > http://wiki.nginx.org/Debugging > > Note you'll need to recompile nginx with "--with-debug" configure > argument to obtain one. How safe is to put in production a debug built of Nginx? I could easily compile a different built, but I'm concerned of running this on a live environment as this is where the errors occur. Regards, Floren Munteanu From mdounin at mdounin.ru Mon Apr 2 17:06:37 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 2 Apr 2012 21:06:37 +0400 Subject: Socket leaks., pread and [crit] SSL_Write() in 1.0.14 In-Reply-To: References: <3b3f2c2eddfdd3e59d242463275e502e.NginxMailingListEnglish@forum.nginx.org> <00cd479fdbb8bdf2f9f844e88607f8bd.NginxMailingListEnglish@forum.nginx.org> <20120326164754.GL13466@mdounin.ru> <20120402111754.GD13466@mdounin.ru> Message-ID: <20120402170637.GJ13466@mdounin.ru> Hello! On Mon, Apr 02, 2012 at 12:15:10PM -0400, Floren Munteanu wrote: > Hi Maxim, > > On 4/2/2012 7:17 AM, Maxim Dounin wrote: > >As already suggested, it whould be cool to check if you see the > >same problem in 1.1.x. > > > >And to proceed further we need debug log, see here: > > > >http://wiki.nginx.org/Debugging > > > >Note you'll need to recompile nginx with "--with-debug" configure > >argument to obtain one. > > How safe is to put in production a debug built of Nginx? > I could easily compile a different built, but I'm concerned of > running this on a live environment as this is where the errors > occur. It's safe and only adds minimal overhead on logging level checks as long as debug log isn't enabled. Note though that writing debug logs consume extra resources, and it may be noticeable under high load. The debug_connection directive allows to enable debug logging only for selected ip addresses to minimize impact. Maxim Dounin From citrin at citrin.ru Mon Apr 2 17:22:39 2012 From: citrin at citrin.ru (Anton Yuzhaninov) Date: Mon, 02 Apr 2012 21:22:39 +0400 Subject: Not easy replacement of Apache with Ngnix due to error log In-Reply-To: <69aa2109190fe2d487f2667e9bfb1765.NginxMailingListEnglish@forum.nginx.org> References: <69aa2109190fe2d487f2667e9bfb1765.NginxMailingListEnglish@forum.nginx.org> Message-ID: <4F79E05F.1040302@citrin.ru> On 04/02/12 08:56, niraj wrote: > the error of Nginx is not system admin friendly at all. from the below > error we are not able to conclude anything. nginx error logs is very friendly and useful. > how to solve the such kind of issue by checking the error log ?????? > > > 2012/03/30 09:58:05 [error] 29619#0: *1 upstream closed prematurely > FastCGI stdout while reading response header from upstream, client: > 192.168.1.44, server: localhost, request: "GET > /cgi-bin/baybuy_vendx/index.cgi?vendx_action=myoffice_commonuser&userid=53616c7465645f5f1fed4bcaa10a7da569ecb5a53e5a718a&page=1b662ecc4610f940ec530e3bc8762169&BusinessGrID=1 > HTTP/1.1", upstream: "fastcgi://unix:/var/run/fcgiwrap.socket:", host: > "192.168.1.225:90", referrer: > "http://192.168.1.225:90/cgi-bin/baybuy_vendx/index.cgi?vendx_action=validate_both2" words "upstream closed prematurely FastCGI stdout" show, that problem is probably in FastCGI server. See FastCGI manager error logs, and OS logs (one of usual problem is segfault in FastCGI process). -- Anton Yuzhaninov From nginx-forum at nginx.us Mon Apr 2 21:21:39 2012 From: nginx-forum at nginx.us (Nginx_User777) Date: Mon, 2 Apr 2012 17:21:39 -0400 (EDT) Subject: memc_flags_to_last_modified and srcache , no 304 possible ? Message-ID: <6e2bc7fac8512842fa34ca858100f61b.NginxMailingListEnglish@forum.nginx.org> Hello All, Is it possible to use the memc_flags_to_last_modified directive with srcache ? It doesn't work for me. When a browser request nginx with a "If-Modified-Since" header, I would like that nginx lookup in memcached to verify if the "Last Modified" is the same and honor the 304 request without hit the proxied server (in another country). Impossible to get a 304, so no bandwith saved ... But my provider is happy :) Thanks for your help ! I working on for several days, i'll really go mad :) My config: #user nobody; worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 0; server_tokens off; upstream memc1 { server XX.XX.XX.XX:11211; server unix:/tmp/memcached.sock backup; keepalive 1024; } upstream memc2 { server XX.XX.XX.XX:11211; keepalive 1024; } upstream_list MemCluster memc1 memc2; access_log /var/log/nginx/access.log; server { listen 80; server_name localhost; location = /memc { internal; set $memc_key $query_string; set $memc_exptime 0; set_hashed_upstream $backend MemCluster $memc_key; memc_pass $backend; memc_flags_to_last_modified on; } location / { set $key $uri; srcache_fetch GET /memc $key; srcache_store PUT /memc $key; proxy_pass http://the-far-far-away-server; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } } Regards Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224793,224793#msg-224793 From siefke_listen at web.de Mon Apr 2 22:13:23 2012 From: siefke_listen at web.de (Silvio Siefke) Date: Tue, 3 Apr 2012 00:13:23 +0200 Subject: PHP with FPM on Gentoo Message-ID: <20120403001323.c03997dd.siefke_listen@web.de> Hello, i try run Nginx with PHP-FPM under Gentoo. Under my FreeBSD Rootserver it run without any problems but under Gentoo want not run. nginx.conf > http://nopaste.info/72a40e9c5e.html php-fpm.conf > http://nopaste.info/94a9de62d5.html emerge --info php nginx > http://nopaste.info/225b12e106.html The last change in config is: server { listen 80 default; server_name localhost; access_log /var/log/nginx/localhost.access_log main; error_log /var/log/nginx/localhost.error_log debug; root /var/www/localhost/htdocs; location ~ (.*)\.php$ { include fastcgi.conf; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/localhost/htdocs$fastcgi_script_name; } } The last Logs which i has: 192.168.0.20 - - [02/Apr/2012:17:59:05 +0200] "GET / HTTP/1.1" 200 633 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19" "-" 192.168.0.20 - - [02/Apr/2012:17:59:05 +0200] "GET /favicon.ico HTTP/1.1" 200 1650 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19" "-" 192.168.0.20 - - [02/Apr/2012:17:59:21 +0200] "GET /info.php HTTP/1.1" 200 289 "-" "Mozilla/5.0 (Windows NT 5.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.142 Safari/535.19" "0.47" 192.168.0.20 - - [02/Apr/2012:17:59:24 +0200] "-" 400 0 "-" "-" "-" 2012/04/02 17:59:24 [info] 21288#0: *4 client closed prematurely connection while reading client request line, client: 192.168.0.20, server: localhost I really not understand where is my mistake. Has someone a idea? Regards Silvio From kevanstannard at gmail.com Mon Apr 2 23:15:25 2012 From: kevanstannard at gmail.com (Kevan Stannard) Date: Tue, 3 Apr 2012 09:15:25 +1000 Subject: Understanding host value in nginx error log files In-Reply-To: <20120402062811.GB56549@lo0.su> References: <20120402062811.GB56549@lo0.su> Message-ID: Thanks Ruslan On 2 April 2012 16:28, Ruslan Ermilov wrote: > On Mon, Apr 02, 2012 at 10:19:12AM +1000, Kevan Stannard wrote: > > I typically see entries in my error.log files of hack attempts where the > > host entry is the IP address of my server, but I also see some entries > with > > host values that are domain names I don't recognise. > > > > Example 1: > > > > 012/04/01 06:12:49 [error] 644#0: *882 > > > "/var/www/nginx-default/ab1e27867d53d8f4942095a891183ce0cacd3dbf/0d4fc9bfe7c5f26b02522d088dd98da95a9ed8d7/074977cbb342d6ffa7743ae477a5c0054fef5512/index.html" > > is not found (2: No such file or directory), client: 150.70.75.37, > server: > > localhost, request: "GET > > > /ab1e27867d53d8f4942095a891183ce0cacd3dbf/0d4fc9bfe7c5f26b02522d088dd98da95a9ed8d7/074977cbb342d6ffa7743ae477a5c0054fef5512/ > > HTTP/1.0", host: "deepspacer.com" > > > > Example 2: > > > > 2012/02/03 01:38:41 [error] 592#0: *14019 open() > > "/var/www/nginx-default/home.php" failed (2: No such file or directory), > > client: 216.104.15.130, server: localhost, request: "GET > > > /home.php?SES=517a4bfc0137889f05d67314df2715a1&from_diary=1&cpl=1&from=102_4 > > HTTP/1.0", host: "www.au.mytelecomsurvey.com" > > > > Example 3: > > > > 2012/02/03 11:57:56 [error] 592#0: *18075 open() > > > "/var/www/nginx-default/sites/default/files/js/js_b3ffc00633d66887fcb4ecdfc2d1c13a.jsmin.js" > > failed (2: No such file or directory), client: 150.70.64.197, server: > > localhost, request: "GET > > /sites/default/files/js/js_b3ffc00633d66887fcb4ecdfc2d1c13a.jsmin.js > > HTTP/1.0", host: "www.formalites-juridiques.net" > > > > I was hoping someone could explain what it means if I'm seeing these > domain > > names as host values and if it's something I need to be concerned about. > > It is just a value of the Host request header field. This could happen > due to client's DNS misconfiguration. This could equally be a sign of > malicious entity probing your site. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Kevan Stannard Mob: 0411 757 433 -------------- next part -------------- An HTML attachment was scrubbed... URL: From admin at yqed.com Tue Apr 3 01:08:47 2012 From: admin at yqed.com (Floren Munteanu) Date: Mon, 02 Apr 2012 21:08:47 -0400 Subject: Socket leaks., pread and [crit] SSL_Write() in 1.0.14 In-Reply-To: <20120402170637.GJ13466@mdounin.ru> References: <3b3f2c2eddfdd3e59d242463275e502e.NginxMailingListEnglish@forum.nginx.org> <00cd479fdbb8bdf2f9f844e88607f8bd.NginxMailingListEnglish@forum.nginx.org> <20120326164754.GL13466@mdounin.ru> <20120402111754.GD13466@mdounin.ru> <20120402170637.GJ13466@mdounin.ru> Message-ID: Hi Maxim, On 4/2/2012 1:06 PM, Maxim Dounin wrote: > It's safe and only adds minimal overhead on logging level checks > as long as debug log isn't enabled. > > Note though that writing debug logs consume extra resources, and > it may be noticeable under high load. The debug_connection > directive allows to enable debug logging only for selected ip > addresses to minimize impact. I've built a nginx-debug RPM but I'm tempted to try 1.1.18 now. :) I will use instead 1.0.14, just in case is a nasty bug hidden somewhere in Nginx. In this way, we fix both versions. These are the compile cflags I used: gcc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Wunused-function -Wunused-variable -Wunused-value -Werror -g -O3 -g -m64 -mtune=nocona -m128bit-long-double -mmmx -msse3 -mfpmath=sse I'm going to leave the error_log set on error and give it a 256k buffer so it should not affect the performance. Since we only deal [crit], I don't think we need to debug anything lower than error. I'll add the following settings into http: debug_points abort; worker_rlimit_core 512M; working_directory /var/lib/nginx/; Let me know please if I should do anything extra. Regards, Floren From tdgh2323 at hotmail.com Tue Apr 3 04:56:20 2012 From: tdgh2323 at hotmail.com (Micheal Wolfskill) Date: Tue, 3 Apr 2012 04:56:20 +0000 Subject: Possible trigger actio of clearing cache within location /clearcache { } Message-ID: Is it possible to somehow (and without installing PHP) invoking the action of clearing the nginx cache (rm -fr /var/www/cache/*) by simply visiting a location {} of the server {} ? Obviously I would allow only specific IPs to that location. Regards, Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Apr 3 05:47:53 2012 From: nginx-forum at nginx.us (niraj) Date: Tue, 3 Apr 2012 01:47:53 -0400 (EDT) Subject: Not easy replacement of Apache with Ngnix due to error log In-Reply-To: <4F79E05F.1040302@citrin.ru> References: <4F79E05F.1040302@citrin.ru> Message-ID: Hi Anton As u suggested, words "upstream closed prematurely FastCGI stdout" show, that problem is probably in FastCGI server. This is what I am telling u that Nginx error log misguide us. Actually Problem was one perl module was not installed in that so I was getting the above error. Earlier I used apache so if any module related error then it was reflect in apache's error log .............. that actually not happening with Nginx , this create a problem for system admin. If any idea to get details error logs for nginx then please sugeest. how to set fcgiwraper error log ?????? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224747,224814#msg-224814 From quintinpar at gmail.com Tue Apr 3 06:43:35 2012 From: quintinpar at gmail.com (Quintin Par) Date: Tue, 3 Apr 2012 12:13:35 +0530 Subject: Serve from cache but fire request to upstream server to increment page view counter Message-ID: Hi all, I have a strange case, not sure if this is addressed by nginx yet My site is cached as follows. location = / { proxy_pass http://localhost:82; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Accept-Encoding ""; proxy_ignore_headers Set-Cookie; proxy_ignore_headers Cache-Control; proxy_ignore_headers Expires; proxy_ignore_headers X-Accel-Expires; add_header X-Cache-Status $upstream_cache_status; proxy_cache cache; proxy_cache_key $scheme$host$request_uri$cookie_site_sessionid; proxy_cache_valid 200 302 30s; proxy_cache_use_stale updating; } One issue I encounter with this is that I can?t increment the page view counter that I maintain in redis. Is there is way nginx can fire a request to the backend web ? to some URI so that I can take the request and increment the associated counter? I know I can achieve this with SSI, but I wanted to check if there is a better pattern. -Quintin -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Apr 3 08:02:14 2012 From: nginx-forum at nginx.us (locojohn) Date: Tue, 3 Apr 2012 04:02:14 -0400 (EDT) Subject: PHP with FPM on Gentoo In-Reply-To: <20120403001323.c03997dd.siefke_listen@web.de> References: <20120403001323.c03997dd.siefke_listen@web.de> Message-ID: <728e86fdb5c831482000d8acc06540fb.NginxMailingListEnglish@forum.nginx.org> Hi, Do you actually get any content, apart from errors in nginx error_log? The message "client closed prematurely connection while reading client request line, client: ..." shouldn't be a problem itself. "Some modern browsers tend to open 2 tcp connections to server from start, and if you are loading a single static file - one of them remains unused. The browser eventually closes it without sending any request, and this causes the above message in logs." - Maxim Dounin. I can see from your access_log that requests are processed normally and responses are OK (code 200) for all your files including PHP files (request: /info.php). You can also use sockets for fastcgi connections, but that's a matter of preference and probably won't solve your issue, which I do not fully understand yet. shell: mkdir -p /var/run/fastcgi/php-fpm.sock php-fpm.conf: ;listen = 127.0.0.1:9000 ;listen.allowed_clients = 127.0.0.1 listen = /var/run/fastcgi/php-fpm.sock listen.owner = nginx listen.group = nginx nginx.conf: location \.php$ { include fastcgi_params; fastcgi_pass unix:/var/run/fastcgi/php-fpm.sock; } Andrejs Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224804,224821#msg-224821 From gpakosz at yahoo.fr Tue Apr 3 08:49:40 2012 From: gpakosz at yahoo.fr (=?ISO-8859-1?Q?Gr=E9gory_Pakosz?=) Date: Tue, 3 Apr 2012 10:49:40 +0200 Subject: nginx + php-fpm "modern configuration way" Message-ID: Hello, Everyone knows there are many nginx tutorials out there and I would like to know what's the "modern way" when writing a php location block, I'm doing (nginx 1.1.: location ~ \.php$ { try_files $uri =404; include fastcgi_params; fastcgi_pass unix:/var/run/php5-fpm/www-data.sock; } And it works pretty well. I quick tested phpinfo, drupal, joomla, wordpress and they all run correctly with SEF urls etc. However, I often see the following directives being used, how important/useful are they? fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; Regards, Gregory -------------- next part -------------- An HTML attachment was scrubbed... URL: From edho at myconan.net Tue Apr 3 08:51:30 2012 From: edho at myconan.net (Edho Arief) Date: Tue, 3 Apr 2012 15:51:30 +0700 Subject: nginx + php-fpm "modern configuration way" In-Reply-To: References: Message-ID: 2012/4/3 Gr?gory Pakosz : > However, I often see the following directives being used, how > important/useful are they? > > fastcgi_split_path_info ^(.+\.php)(/.+)$; > fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; > fastcgi_param SCRIPT_NAME $fastcgi_script_name; > Those are to handle urls like www.example.com/index.php/some/para/meters. From gpakosz at yahoo.fr Tue Apr 3 09:02:07 2012 From: gpakosz at yahoo.fr (=?ISO-8859-1?Q?Gr=E9gory_Pakosz?=) Date: Tue, 3 Apr 2012 11:02:07 +0200 Subject: nginx + php-fpm "modern configuration way" In-Reply-To: References:

Message-ID: > > > > > fastcgi_split_path_info ^(.+\.php)(/.+)$; > > fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; > > fastcgi_param SCRIPT_NAME $fastcgi_script_name; > > > > Those are to handle urls like www.example.com/index.php/some/para/meters. > > Well then Wordpress, Drupal and Joomla can do without them. From your remark, I deduce some other PHP scripts can't Regards, Gregory -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Apr 3 09:05:55 2012 From: nginx-forum at nginx.us (locojohn) Date: Tue, 3 Apr 2012 05:05:55 -0400 (EDT) Subject: nginx + php-fpm "modern configuration way" In-Reply-To: References: Message-ID: <27b4608086c25028f86c8e29d09e102e.NginxMailingListEnglish@forum.nginx.org> Edho Arief Wrote: ------------------------------------------------------- > Those are to handle urls like > www.example.com/index.php/some/para/meters. > Or, in other words, where PHP scripts require PATH_INFO / PATH_TRANSLATED environment variables to be set appropriately to the request, such as shown above. It isn't a popular practice these days, though, because URLs can be something like: /index.php/path/to/another/index.php/path... Andrejs Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224829,224834#msg-224834 From appa at perusio.net Tue Apr 3 09:07:16 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Tue, 3 Apr 2012 11:07:16 +0200 Subject: nginx + php-fpm "modern configuration way" In-Reply-To: References: Message-ID: <74a27dfa34e47e04723227174f0a1acc.squirrel@damiao.org> > Hello, > > Everyone knows there are many nginx tutorials out there and I would like > to > know what's the "modern way" when writing a php location block, I'm doing > (nginx 1.1.: > > location ~ \.php$ { > try_files $uri =404; > > include fastcgi_params; > fastcgi_pass unix:/var/run/php5-fpm/www-data.sock; > } This is a "generic" way. This way you don't enumerate all the PHP scripts that are to be executed. The above is just the Nginx translation of "default" Apache way. There are better ways IMHO. But they require more effort to put in place. Also there's no need to use fcgi_split_pathinfo even if your app uses PATHINFO, like Chive for example. You can get the same employing named captures with regex based locations. --appa From appa at perusio.net Tue Apr 3 10:18:00 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Tue, 3 Apr 2012 12:18:00 +0200 Subject: Possible trigger actio of clearing cache within location /clearcache { } In-Reply-To: References: Message-ID: > Is it possible to somehow (and without installing PHP) invoking the action > of clearing the nginx cache (rm -fr /var/www/cache/*) by simply visiting a > location {} of the server {} ? Obviously I would allow only specific IPs > to that location. Yes with Lua. Try: location = /clearcache { allow 127.0.0.1; allow ::1; deny all; content_by_lua 'local status = os.execute("rm -fr /var/www/cache/*") if status == 0 then ngx.say("Cache cleared") else ngx.say("Cache not cleared") end'; } --appa From adrianhayter at gmail.com Tue Apr 3 10:19:52 2012 From: adrianhayter at gmail.com (Adrian Hayter) Date: Tue, 3 Apr 2012 11:19:52 +0100 Subject: nginx + php-fpm "modern configuration way" In-Reply-To: References:

Message-ID: A lot of forums use it for their "archive mode". Look at vBulletin / MyBB for examples. 2012/4/3 Gr?gory Pakosz > > >> > fastcgi_split_path_info ^(.+\.php)(/.+)$; >> > fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; >> > fastcgi_param SCRIPT_NAME $fastcgi_script_name; >> > >> >> Those are to handle urls like www.example.com/index.php/some/para/meters. >> >> > Well then Wordpress, Drupal and Joomla can do without them. From your > remark, I deduce some other PHP scripts can't > > Regards, > Gregory > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Adrian Hayter -------------- next part -------------- An HTML attachment was scrubbed... URL: From siefke_listen at web.de Tue Apr 3 10:48:21 2012 From: siefke_listen at web.de (Silvio Siefke) Date: Tue, 3 Apr 2012 12:48:21 +0200 Subject: PHP with FPM on Gentoo In-Reply-To: <728e86fdb5c831482000d8acc06540fb.NginxMailingListEnglish@forum.nginx.org> References: <20120403001323.c03997dd.siefke_listen@web.de> <728e86fdb5c831482000d8acc06540fb.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20120403124821.a25db2e3.siefke_listen@web.de> Hello, On Tue, 3 Apr 2012 04:02:14 -0400 (EDT) "locojohn" wrote: > mkdir -p /var/run/fastcgi/php-fpm.sock > > php-fpm.conf: > > ;listen = 127.0.0.1:9000 > ;listen.allowed_clients = 127.0.0.1 > listen = /var/run/fastcgi/php-fpm.sock > listen.owner = nginx > listen.group = nginx > > nginx.conf: > > location \.php$ { > include fastcgi_params; > fastcgi_pass unix:/var/run/fastcgi/php-fpm.sock; > } Thx for advice. But will not run. When i start nginx it come only gentoo-desk ~ # /etc/init.d/nginx start * Checking nginx' configuration ... nginx: [emerg] invalid host in upstream "/var/run/fastcgi/php-fpm.sock" in /etc/nginx/nginx.conf:35 nginx: configuration file /etc/nginx/nginx.conf test failed nginx: [emerg] invalid host in upstream "/var/run/fastcgi/php-fpm.sock" in /etc/nginx/nginx.conf:35 nginx: configuration file /etc/nginx/nginx.conf test failed * failed, please correct errors above [ !! ] * ERROR: nginx failed to start 2012/04/03 12:44:52 [emerg] 2062#0: invalid host in upstream "/var/run/fastcgi/php-fpm.sock" in /etc/nginx/nginx.conf:35 2012/04/03 12:44:52 [emerg] 2063#0: invalid host in upstream "/var/run/fastcgi/php-fpm.sock" in /etc/nginx/nginx.conf:35 2012/04/03 12:45:02 [emerg] 2073#0: invalid host in upstream "/var/run/fastcgi/php-fpm.sock" in /etc/nginx/nginx.conf:35 2012/04/03 12:45:02 [emerg] 2074#0: invalid host in upstream "/var/run/fastcgi/php-fpm.sock" in /etc/nginx/nginx.conf:35 Mmh can it be that nginx and / or php not right build with emerge? Regards Silvio From rainer at ultra-secure.de Tue Apr 3 10:56:02 2012 From: rainer at ultra-secure.de (Rainer Duffner) Date: Tue, 3 Apr 2012 12:56:02 +0200 Subject: PHP with FPM on Gentoo In-Reply-To: <20120403124821.a25db2e3.siefke_listen@web.de> References: <20120403001323.c03997dd.siefke_listen@web.de> <728e86fdb5c831482000d8acc06540fb.NginxMailingListEnglish@forum.nginx.org> <20120403124821.a25db2e3.siefke_listen@web.de> Message-ID: <20120403125602.21849408@suse2.iptech.internal> Am Tue, 3 Apr 2012 12:48:21 +0200 schrieb Silvio Siefke : > Hello, > > On Tue, 3 Apr 2012 04:02:14 -0400 (EDT) > "locojohn" wrote: > > > mkdir -p /var/run/fastcgi/php-fpm.sock Shouldn't that only be: mkdir -p /var/run/fastcgi/ though, on FreeBSD, I think this is created automatically. Remove the php-fpm.sock directory. Rainer From nginx-forum at nginx.us Tue Apr 3 10:59:24 2012 From: nginx-forum at nginx.us (locojohn) Date: Tue, 3 Apr 2012 06:59:24 -0400 (EDT) Subject: PHP with FPM on Gentoo In-Reply-To: <20120403125602.21849408@suse2.iptech.internal> References: <20120403125602.21849408@suse2.iptech.internal> Message-ID: <18bfc0e6a8380be7be9f6eaf2e7120a6.NginxMailingListEnglish@forum.nginx.org> Rainer Duffner Wrote: ------------------------------------------------------- > Am Tue, 3 Apr 2012 12:48:21 +0200 > schrieb Silvio Siefke : > > > > mkdir -p /var/run/fastcgi/php-fpm.sock > > > > Shouldn't that only be: > > mkdir -p /var/run/fastcgi/ Right, of course! My stupid mistake. Andrejs Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224804,224850#msg-224850 From siefke_listen at web.de Tue Apr 3 11:02:41 2012 From: siefke_listen at web.de (Silvio Siefke) Date: Tue, 3 Apr 2012 13:02:41 +0200 Subject: PHP with FPM on Gentoo In-Reply-To: <20120403125602.21849408@suse2.iptech.internal> References: <20120403001323.c03997dd.siefke_listen@web.de> <728e86fdb5c831482000d8acc06540fb.NginxMailingListEnglish@forum.nginx.org> <20120403124821.a25db2e3.siefke_listen@web.de> <20120403125602.21849408@suse2.iptech.internal> Message-ID: <20120403130241.e672847b.siefke_listen@web.de> Hello, On Tue, 3 Apr 2012 12:56:02 +0200 Rainer Duffner wrote: > Shouldn't that only be: > > mkdir -p /var/run/fastcgi/ > > though, on FreeBSD, I think this is created automatically. > > > Remove the php-fpm.sock directory. > > > Rainer > Thank u, yes thats right i have only run mkdir -p /var/run/fastcgi, that i know from freebsd. But it wont not run. When i run complete mkdir -p /var/run/fastcgi/php-fpm.sock it give mistakes have try both ways. Regards Silvio From osa at FreeBSD.org.ru Tue Apr 3 11:03:15 2012 From: osa at FreeBSD.org.ru (Sergey A. Osokin) Date: Tue, 3 Apr 2012 15:03:15 +0400 Subject: [ANN] ngx_http_redis-0.3.6 released Message-ID: <20120403110314.GC52498@FreeBSD.org.ru> ngx_http_redis module version 0.3.6 released, available for immediate download at http://people.freebsd.org/~osa/ngx_http_redis-0.3.6.tar.gz SHA256 (ngx_http_redis-0.3.6.tar.gz) = 9e5d8c0f1317a6910710c94d27f9aca4968c48ee1de271e5034525a1e9b6c70e SIZE (ngx_http_redis-0.3.6.tar.gz) = 12099 *) Feature: redis_gzip_flag. Usefull if you are prefer to store data compressed in redis. Works with ngx_http_gunzip_filter module. Thanks to Maxim Dounin. *) Bugfix: ngx_http_redis_module might issue the error message "redis sent invalid trailer". Thanks to agentzh. -- Sergey A. Osokin osa at FreeBSD.ORG.ru osa at FreeBSD.ORG From nginx-forum at nginx.us Tue Apr 3 11:07:04 2012 From: nginx-forum at nginx.us (tikonen) Date: Tue, 3 Apr 2012 07:07:04 -0400 (EDT) Subject: Possible HTTP response read bug in Nginx 1.0.12 Message-ID: Hi, I've nginx server setup that terminates SSL connections from clients and forwards plain HTTP requests to backend servers. Some of these requests can last pretty long (up to 1 minute) and usually get very short 15 byte reply. (Ajax polling) However, we see often these kind of errors that indicate that backend servers would have disconnected socket while writing reply. 2012/03/03 06:46:38 [error] 13394#0: *2100 upstream prematurely closed connection while reading response header from upstream, client: XX.XX.XX.XX, server: secure.example.com, request: "GET /url/example?par=12345 HTTP/1.1", upstream: "http://127.0.0.1:8082/url/example?par=12345", host: "secure.example.com", referrer: "https://secure.example.com/" Strangely I can see correponding 200 OK responses from our server logs at the same timestamp, so at least backend server is trying to respond correctly. Then we captured the traffic between nginx and backend server with wireshark and noticed that when this happens the response from server is actually sent in two TCP packets. The first packet has headers and the second packet has small 15 byte HTTP body. I suspect that nginx fails to read the second packet in some conditions and thinks backend server disconnected prematurely. Any insights? Thanks! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224853,224853#msg-224853 From contact at jpluscplusm.com Tue Apr 3 11:13:25 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Tue, 3 Apr 2012 12:13:25 +0100 Subject: Not easy replacement of Apache with Ngnix due to error log In-Reply-To: References: <4F79E05F.1040302@citrin.ru> Message-ID: On 3 April 2012 06:47, niraj wrote: > Hi ?Anton > > ? ? ? ? ? ? ? As u suggested, It's "you", not "u". We're not teenagers swapping text messages here. > ? ? ? ? ? ? ? words "upstream closed prematurely FastCGI stdout" show, > that problem is > probably in FastCGI server. > > ? ? ? ? ? ? ? ? ?This is what I am telling u that Nginx error log > misguide us. No, it told you exactly where to aim your troubleshooting lens. At the FCGI process. > ? ? ? ? ? ? ?Actually Problem was one perl module was not installed in > that so I was getting the above error. > > ? ? Earlier I used apache so if any module related error then it was > reflect in apache's error log .............. That's because of an architectural decision for Apache to host the perl process, and for nginx to outsource it. Each has their advantages and disadvantages and both are valid approaches. Learn to use the tools in your toolkit. > that actually not happening with Nginx , this create a problem for > system admin. If your system administrator is unable to configure a debug log from your perl process or its FCGI wrapper, after being given the earlier information that the problem is *inside* the FCGI process, then your problem is not with nginx: it is with your incompetent system administrator. > If any idea to get details error logs for nginx ?then please sugeest. > > how to set ?fcgiwraper error log ?????? I don't know if this thread is useful: http://www.ruby-forum.com/topic/180064 You may have to search for other people's solutions to getting the verbose logs into nginx logs. It appears people have achieved this. I don't have any pertinent information other than what I found searching for the problem. Jonathan -- Jonathan Matthews London, Oxford, UK http://www.jpluscplusm.com/contact.html From nginx-forum at nginx.us Tue Apr 3 12:32:42 2012 From: nginx-forum at nginx.us (niraj) Date: Tue, 3 Apr 2012 08:32:42 -0400 (EDT) Subject: Not easy replacement of Apache with Ngnix due to error log In-Reply-To: References: Message-ID: <0f7940628730140292547d241360dd5c.NginxMailingListEnglish@forum.nginx.org> Hi First of all sorry for ''u". I am the system admin. I was stuck when I was getting the above error. I will try to find for the informative error log in Nginx. I just shared the thing that was happened with me. If error log was informative like apache then It could be the solved earlier. I totally agree with Each has their advantages and disadvantages and both are valid approaches. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224747,224858#msg-224858 From nginx-forum at nginx.us Tue Apr 3 12:35:02 2012 From: nginx-forum at nginx.us (double) Date: Tue, 3 Apr 2012 08:35:02 -0400 (EDT) Subject: if( variable exists ) Message-ID: <2a3eaa6476032378a1a7e1be4c005723.NginxMailingListEnglish@forum.nginx.org> Hello, Is there a chance to test if a "$arg_variable" (empty value) exists? The problem: "if" condition returns "false". URL: http://example.com/?variable nginx.conf: location / { if( $arg_variable ) { rewrite ^.*$ /other-location; } } Thanks a lot Marcus Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224860,224860#msg-224860 From contact at jpluscplusm.com Tue Apr 3 13:13:57 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Tue, 3 Apr 2012 14:13:57 +0100 Subject: Config variable inheritance: docs and rules Message-ID: Hi all - http://www.ruby-forum.com/topic/188742 seems to contain some information I've not found explicitly stated anywhere else: that config variable inheritance is an all or nothing mechanism. Have I missed some docs somewhere? Following on from this, I'd like to understand if there's anything I can reliably determine from a variable's name about the impact that defining it will have on *other* variables inheritance. Can I, for instance, assume that defining an xyx_ prefixed variable in a sub-scope will affect *only* the inheritance of other xyz_ prefixed variables? Or can there be inheritance side-effects between, say $abc and $def that I can't possibly determine without documentation or trial and error? Equally, can I assume that *all* xyz_ prefixed variables will have their inheritance affected by the sub-scope definition of *any* other xyz_ prefixed variable? Or are there examples where defining $xyz_foo does *not* invalidate the inheritance of $xyz_bar ? Thanks, Jonathan -- Jonathan Matthews London, Oxford, UK http://www.jpluscplusm.com/contact.html From adrianhayter at gmail.com Tue Apr 3 13:21:21 2012 From: adrianhayter at gmail.com (Adrian Hayter) Date: Tue, 3 Apr 2012 14:21:21 +0100 Subject: Not easy replacement of Apache with Ngnix due to error log In-Reply-To: <0f7940628730140292547d241360dd5c.NginxMailingListEnglish@forum.nginx.org> References: <0f7940628730140292547d241360dd5c.NginxMailingListEnglish@forum.nginx.org> Message-ID: > > I just shared the thing that was happened with me. If error log was > informative like apache then It could be the solved earlier. > It was informative. It told you which process was actually having the error (FastCGI). Nginx should be expected to handle it's own error messages well, but if the error is in another process, it only has what that process gives back to it. -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at ruby-forum.com Tue Apr 3 14:56:31 2012 From: lists at ruby-forum.com (Ton Hoekstra) Date: Tue, 03 Apr 2012 16:56:31 +0200 Subject: Rewrite URL's Glype Message-ID: Hi all, I've a Glype proxy and I want to rewrite the URL's. All URLs on the page are automatically converted to: http://proxy.com/browse.php?u=URL HERE Example: If I go to /browse on The Pirate Bay on my proxy I want to convert the URL from this: http://proxy.com/tpb/browse.php?u=http%3A%2F%2Fthepiratebay.se%2Fbrowse&b=0 To this: http://proxy.com/tpb/browse Also if i go to: http://proxy.com/tpb/browse.php?u=http%3A%2F%2Fthepiratebay.se%2Ftop&b=0 Then I want to convert to: http://proxy.com/tpb/top As you can see, the whole part: browse.php?u=http%3A%2F%2Fthepiratebay.se%2F Is gone (and the `&b=0` what is behind the URL). And it has the same domain structure as The Pirate Bay. I've tried something like this, in the .htaccess file: location /tpb/ { rewrite ^/browse.php?u=(.*)$ /$1? last; break; } But it is not working. Somebody has an answer? An other function is also welcome. (Such as `fastcgi_split_path_info` or something else what is compatible with nginx) (If you want see a example go to tpb.piratenpartij.nl but I'm not sure if they are using Glype) -- Posted via http://www.ruby-forum.com/. From francis at daoine.org Tue Apr 3 15:52:03 2012 From: francis at daoine.org (Francis Daly) Date: Tue, 3 Apr 2012 16:52:03 +0100 Subject: Config variable inheritance: docs and rules In-Reply-To: References: Message-ID: <20120403155203.GA26052@craic.sysops.org> On Tue, Apr 03, 2012 at 02:13:57PM +0100, Jonathan Matthews wrote: Hi there, > http://www.ruby-forum.com/topic/188742 seems to contain some > information I've not found explicitly stated anywhere else: that > config variable inheritance is an all or nothing mechanism. Have I > missed some docs somewhere? That thread refers to configuration directives, not variables. The difference might not matter, but for clarity it's worth making sure that we all understand the same thing. In the above thread, the (wrong) expectation was that "fastcgi_param" at one level would add to "fastcgi_param" from an enclosing level. In fact, nginx doesn't add between levels. That is how nginx configuration works. Each request is handled by exactly one location. Only the configuration in that location, and inherited into that location, matters. Inheritance is global > http > server > location. If a directive is used in that location, it overrides any might-have-been-inherited values for that directive. This is as true for single-valued directives like "root" as it is for multi-valued directives like "fastcgi_param". Whether a particular directive can be inherited depends on the module that processes it -- which means "depends on the documentation". But if it *can* be inherited, it should follow the above rules. (Or it's a bug.) The rest of your mail talks specifically about defining variables; I'm talking about directives. Someone else may be able to explain the variable rules; if you do mean "directives", then the above should make it clear what the answer in each case is. There are some subtleties about what exactly is "a request"; and what locations are involved when "if" is used; and how nested locations work. But for trying to find what configuration applies to a particular incoming http request, the "inherit or replace, but never add" rule makes it straightforward to understand. f -- Francis Daly francis at daoine.org From mdounin at mdounin.ru Tue Apr 3 16:15:30 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 3 Apr 2012 20:15:30 +0400 Subject: Possible HTTP response read bug in Nginx 1.0.12 In-Reply-To: References: Message-ID: <20120403161530.GS13466@mdounin.ru> Hello! On Tue, Apr 03, 2012 at 07:07:04AM -0400, tikonen wrote: > Hi, > > I've nginx server setup that terminates SSL connections from clients and > forwards plain HTTP requests to backend servers. Some of these requests > can last pretty long (up to 1 minute) and usually get very short 15 byte > reply. (Ajax polling) > > However, we see often these kind of errors that indicate that backend > servers would have disconnected socket while writing reply. > > 2012/03/03 06:46:38 [error] 13394#0: *2100 upstream prematurely closed > connection while reading response header from upstream, client: > XX.XX.XX.XX, server: secure.example.com, request: "GET > /url/example?par=12345 HTTP/1.1", upstream: > "http://127.0.0.1:8082/url/example?par=12345", host: > "secure.example.com", referrer: "https://secure.example.com/" > > Strangely I can see correponding 200 OK responses from our server logs > at the same timestamp, so at least backend server is trying to respond > correctly. > Then we captured the traffic between nginx and backend server with > wireshark and noticed that when this happens the response from server is > actually sent in two TCP packets. > > The first packet has headers and the second packet has small 15 byte > HTTP body. I suspect that nginx fails to read the second packet in some > conditions and thinks backend server disconnected prematurely. > > Any insights? Thanks! Please try 1.1.x to see if this is already resolved. If not, please provide traffic capture and corresponding debug log, see http://wiki.nginx.org/Debugging Maxim Dounin From mdounin at mdounin.ru Tue Apr 3 16:32:13 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 3 Apr 2012 20:32:13 +0400 Subject: Socket leaks., pread and [crit] SSL_Write() in 1.0.14 In-Reply-To: References: <3b3f2c2eddfdd3e59d242463275e502e.NginxMailingListEnglish@forum.nginx.org> <00cd479fdbb8bdf2f9f844e88607f8bd.NginxMailingListEnglish@forum.nginx.org> <20120326164754.GL13466@mdounin.ru> <20120402111754.GD13466@mdounin.ru> <20120402170637.GJ13466@mdounin.ru> Message-ID: <20120403163212.GU13466@mdounin.ru> Hello! On Mon, Apr 02, 2012 at 09:08:47PM -0400, Floren Munteanu wrote: > Hi Maxim, > > On 4/2/2012 1:06 PM, Maxim Dounin wrote: > >It's safe and only adds minimal overhead on logging level checks > >as long as debug log isn't enabled. > > > >Note though that writing debug logs consume extra resources, and > >it may be noticeable under high load. The debug_connection > >directive allows to enable debug logging only for selected ip > >addresses to minimize impact. > > I've built a nginx-debug RPM but I'm tempted to try 1.1.18 now. :) > I will use instead 1.0.14, just in case is a nasty bug hidden > somewhere in Nginx. In this way, we fix both versions. These are the I'm afraid we aren't going to fix 1.0.x anyway. The 1.1.x branch will become stable in serveral weeks, and 1.0.x is expected to get only security fixes. > compile cflags I used: > gcc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter > -Wunused-function -Wunused-variable -Wunused-value -Werror -g -O3 -g > -m64 -mtune=nocona -m128bit-long-double -mmmx -msse3 -mfpmath=sse > > I'm going to leave the error_log set on error and give it a 256k > buffer so it should not affect the performance. Since we only deal The error log doesn't support buffering. > [crit], I don't think we need to debug anything lower than error. I need complete request debug log to understand what's going on during request processing (and what's going wrong). > I'll add the following settings into http: > debug_points abort; > worker_rlimit_core 512M; > working_directory /var/lib/nginx/; > > Let me know please if I should do anything extra. For now, please capture debug log. Anything else (including gdb dump of the request in question) isn't that important, but if you are going to obtain one it might be good idea to recompile nginx without -O3 as it might produce undesired side-effects in gdb output. The -O used by default is good enough. Maxim Dounin From cliff at develix.com Tue Apr 3 16:54:47 2012 From: cliff at develix.com (Cliff Wells) Date: Tue, 03 Apr 2012 09:54:47 -0700 Subject: proxmox: how to use nginx instead of apache In-Reply-To: <20120401203214.1899b7c7@e-healthexpert.org> References: <20120401203214.1899b7c7@e-healthexpert.org> Message-ID: <1333472087.2428.15.camel@portable-evil> On Sun, 2012-04-01 at 20:32 +0100, Mark Alan wrote: > Hello list, > > I wonder if anybody in this list was successful at (completely) > replacing apache for nginx as the web server for the proxmox VE > management system . AFAIK, Proxmox is implemented in mod_perl and uses mod_perl specific features. It's tied to Apache. Cliff From ne at vbart.ru Tue Apr 3 16:56:30 2012 From: ne at vbart.ru (Valentin V. Bartenev) Date: Tue, 3 Apr 2012 20:56:30 +0400 Subject: if( variable exists ) In-Reply-To: <2a3eaa6476032378a1a7e1be4c005723.NginxMailingListEnglish@forum.nginx.org> References: <2a3eaa6476032378a1a7e1be4c005723.NginxMailingListEnglish@forum.nginx.org> Message-ID: <201204032056.30563.ne@vbart.ru> On Tuesday 03 April 2012 16:35:02 double wrote: > Hello, > > Is there a chance to test if a "$arg_variable" (empty value) exists? > The problem: "if" condition returns "false". > > URL: > http://example.com/?variable > if ($args ~ variable) { ... } wbr, Valentin V. Bartenev From contact at jpluscplusm.com Tue Apr 3 17:07:13 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Tue, 3 Apr 2012 18:07:13 +0100 Subject: Config variable inheritance: docs and rules In-Reply-To: <20120403155203.GA26052@craic.sysops.org> References: <20120403155203.GA26052@craic.sysops.org> Message-ID: On 3 April 2012 16:52, Francis Daly wrote: > On Tue, Apr 03, 2012 at 02:13:57PM +0100, Jonathan Matthews wrote: > > Hi there, > >> http://www.ruby-forum.com/topic/188742 seems to contain some >> information I've not found explicitly stated anywhere else: that >> config variable inheritance is an all or nothing mechanism. Have I >> missed some docs somewhere? > > That thread refers to configuration directives, not variables. > > The difference might not matter, but for clarity it's worth making sure > that we all understand the same thing. You're absolutely correct; I'm referring to config directives, but was thinking too hard about the question to notice I'd mixed my terminologies. I'll correct it, and resend the email in a new thread for list archive niceness. It'd be great if you could cherry pick the stuff you feel is relevant from your reply and resend it. If only for those who come after ... :-) Jonathan -- Jonathan Matthews London, Oxford, UK http://www.jpluscplusm.com/contact.html From contact at jpluscplusm.com Tue Apr 3 17:20:13 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Tue, 3 Apr 2012 18:20:13 +0100 Subject: Config directive inheritance: docs and rules (was: Config variable inheritance) Message-ID: Hi all - http://www.ruby-forum.com/topic/188742 seems to contain some information I've not found explicitly stated anywhere else: that config directive inheritance is an all or nothing mechanism. Have I missed some docs somewhere? Following on from this, I'd like to understand if there's anything I can reliably determine from a directive's name about the impact that defining it will have on *other* directives' inheritability. Can I, for instance, assume that defining an xyx_ prefixed directive in a sub-scope will affect *only* the inheritance of other xyz_ prefixed directives? Or can there be inheritance side-effects between, say, directive "abc" and "def" that I can't possibly determine without documentation or trial and error? Equally, can I assume that *all* xyz_ prefixed directives will have their inheritance affected by the sub-scope definition of any *other* xyz_ prefixed directive? Or are there examples where defining "xyz_foo" does *not* impact the inheritance of "xyz_bar"? I'm thinking specifically of proxy_* directives, whereas the thread I link to above is talking about multiple fastcgi_param directives. Here, I'm interested in how, say, proxy_set_header affects the inheritance of higher scope's proxy_pass directive - i.e. where the prefix matches but they're *not* the same directive. Does nginx (core) derive or imply anything relating to the name-spacing of directives before (in my example) the proxy module sees the config, or is it entirely down to how each module implements the configuration aggregation/inheritance? Many thanks, Jonathan -- Jonathan Matthews London, Oxford, UK http://www.jpluscplusm.com/contact.html From varia at e-healthexpert.org Tue Apr 3 18:52:15 2012 From: varia at e-healthexpert.org (Mark Alan) Date: Tue, 3 Apr 2012 19:52:15 +0100 Subject: proxmox: how to use nginx instead of apache In-Reply-To: <1333472087.2428.15.camel@portable-evil> References: <20120401203214.1899b7c7@e-healthexpert.org> <1333472087.2428.15.camel@portable-evil> Message-ID: <20120403195215.65c4882b@e-healthexpert.org> On Tue, 03 Apr 2012 09:54:47 -0700, Cliff Wells wrote: > > I wonder if anybody in this list was successful at (completely) > > replacing apache for nginx as the web server for the proxmox VE > > management system . > > AFAIK, Proxmox is implemented in mod_perl and uses mod_perl specific > features. It's tied to Apache. > > Cliff Thank you Cliff, I was hoping that someone had already start some work (based on from http://wiki.nginx.org/NginxEmbeddedPerlModule ?). It would be much more light, secure and would, perhaps, avoid loading a full perl instance for each apache child process. Well, I won't give up on it yet. M. From gpakosz at yahoo.fr Tue Apr 3 18:56:12 2012 From: gpakosz at yahoo.fr (=?ISO-8859-1?Q?Gr=E9gory_Pakosz?=) Date: Tue, 3 Apr 2012 20:56:12 +0200 Subject: nginx + php-fpm "modern configuration way" In-Reply-To: References:

Message-ID: Thank you all for your reply So, adding fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; doesn't really hurt. The box I'm running does shared hosting for a couple of users and I don't really know in advance what they want to install on their account. I'm going to keep those 3 lines in hope it helps some php scripts out there to run correctly. Gregory -------------- next part -------------- An HTML attachment was scrubbed... URL: From baishen.lists at gmail.com Tue Apr 3 20:13:08 2012 From: baishen.lists at gmail.com (Bai Shen) Date: Tue, 3 Apr 2012 16:13:08 -0400 Subject: Custom error pages In-Reply-To: <20120328211619.GB3899@craic.sysops.org> References: <20120313234023.GJ18773@craic.sysops.org> <20120315192409.GM18773@craic.sysops.org> <20120316151856.GP18773@craic.sysops.org> <20120328211619.GB3899@craic.sysops.org> Message-ID: My conf looks like this. server { listen 192.168.1.1:80; server_name example.com; error_page 503 /maint/503.html; location /maint/503.html { internal; } location /maint/ { root /etc/nginx/html; } server { listen 192.168.1.1:80; server_name example.com; location / { proxy_pass http://192.168.1.2; } } To show the 503 page instead of my site, I uncomment the top server block. When I want to bring the site back, I comment the top block out. The /maint/ location was what I changed to get the css and images to work. However, I'm not sure that it's the best solution. Also, I'm assuming that there's a better way to show/hide the 503 page than commenting out the whole server block. On Wed, Mar 28, 2012 at 5:16 PM, Francis Daly wrote: > On Wed, Mar 28, 2012 at 03:42:45PM -0400, Bai Shen wrote: > > Hi there, > > > I got my error page to show up. However, the css and image files don't > > load. I tried changing the location, but that doesn't seem to work. > > > > Any suggestions? > > Try changing the location again. Maybe it will work this time. > > > Or alternatively: > > Please fill in the details: > > > > what did you do? > > That will be something like "curl -i http://myserver/myfile.css" > > > > what did you see? > > That will be whatever you got back -- the content of /var/tmp/myfile.css, > or the content of another file, or some error message. There might be > more details available in log files. > > > > what did you expect to see? > > That will be something like "http 200 and the content of > /usr/local/nginx/html/myfile.css". > > > > and the more specific you are, the easier it will be for someone else > to > > > reproduce the problem you are reporting. > > Provide the relevant part of nginx.conf from a machine where you saw > the problem. If you don't know what is the relevant part, provide the > whole thing. > > It doesn't have to be your "live" config, but it should be a config that > you ran on a test machine. The smaller the config, the better. > > If you make it easy for someone to run the same server config as you, > and run the same client commands as you, and see the same error output > as you; then you make it easy for that person to try to help resolve the > problem you saw. > > If you don't, you don't. > > f > -- > Francis Daly francis at daoine.org > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From yvldwt at gmail.com Tue Apr 3 20:30:39 2012 From: yvldwt at gmail.com (=?UTF-8?B?RMW+ZW4=?=) Date: Tue, 03 Apr 2012 22:30:39 +0200 Subject: try_files ignored in combination with error_page and named locations Message-ID: <4F7B5DEF.8030107@gmail.com> Hello, For some reason the following nginx configuration snippet doesn't work as expected, try_files seems to be ignored. When / is requested (or any other URI which points to a file which doesn't exist), nginx's default 503 page is returned instead of the existing index.html. Requesting /index.html works correctly. location @maintenance { root /var/nginx/$hostid-maintenance; index index.html; try_files $uri $uri/ / =500; } error_page 503 @maintenance; if ( -d $document_root/$hostid-maintenance ) { return 503; } Any thoughts? Running nginx version 1.0.12 here. Kind regards -- D?en From caldcv at gmail.com Tue Apr 3 20:59:09 2012 From: caldcv at gmail.com (Chris) Date: Tue, 3 Apr 2012 16:59:09 -0400 Subject: proxmox: how to use nginx instead of apache In-Reply-To: <20120403195215.65c4882b@e-healthexpert.org> References: <20120401203214.1899b7c7@e-healthexpert.org> <1333472087.2428.15.camel@portable-evil> <20120403195215.65c4882b@e-healthexpert.org> Message-ID: You mean for the Proxmox VE Web GUI? From nginx-forum at nginx.us Tue Apr 3 21:12:33 2012 From: nginx-forum at nginx.us (locojohn) Date: Tue, 3 Apr 2012 17:12:33 -0400 (EDT) Subject: nginx + php-fpm "modern configuration way" In-Reply-To: References: Message-ID: Well, in that case you may as well support SCRIPT_URL / SCRIPT_URI, as there are some [old] PHP scripts that rely on these variables set normally by Apache. nginx.conf: http { ... map $uri $script_url { ~^(?.+\.(php|html))(?.+)$ $path_info; ~^(?.+\.(php|html))$ $script_filename; } ... } fastcgi_php.conf: include fastcgi_params; fastcgi_split_path_info ^((?U).+\.php)(/?.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; fastcgi_param SCRIPT_URL $script_url; fastcgi_param SCRIPT_URI $scheme://$http_host$script_url; try_files $fastcgi_script_name = 404; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224829,224900#msg-224900 From siefke_listen at web.de Tue Apr 3 21:39:16 2012 From: siefke_listen at web.de (Silvio Siefke) Date: Tue, 3 Apr 2012 23:39:16 +0200 Subject: PHP with FPM on Gentoo In-Reply-To: <20120403001323.c03997dd.siefke_listen@web.de> References: <20120403001323.c03997dd.siefke_listen@web.de> Message-ID: <20120403233916.d0943f2e.siefke_listen@web.de> Hello, Could someone possibly provide me the USE flags available if someone has run Nginx, PHP and Fpm. It were nice. Regards Silvio From tdgh2323 at hotmail.com Tue Apr 3 22:09:29 2012 From: tdgh2323 at hotmail.com (Micheal Wolfskill) Date: Tue, 3 Apr 2012 22:09:29 +0000 Subject: How to limit_req depending if the requests has a REFERER or not. In-Reply-To: References: Message-ID: Hello. I have something like this... I need to be able to apply three different limit_req depending: a.) If the referer to click.php is domain.com ... apply zone1 b.) If there is some other referer apply zone2 on click.php c.) If there is no referer apply zone3 on click.php location /click.php { limit_req zone=one nodelay; proxy_pass http://22.136.1.121:80/; } Mike -------------- next part -------------- An HTML attachment was scrubbed... URL: From jdorfman at netdna.com Tue Apr 3 22:10:07 2012 From: jdorfman at netdna.com (Justin Dorfman) Date: Tue, 3 Apr 2012 15:10:07 -0700 Subject: Location URI Wildcard Message-ID: Hello, I am trying to find a way to redirect a bunch of jpg files to an html page. This way is not working: location = /attach/201204*.jpg { root /usr/local/nginx/html; index suspend.html; } Here is a real world file name: 201204031012088721.jpg Thanks! Regards, Justin Dorfman -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Tue Apr 3 22:20:40 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 4 Apr 2012 02:20:40 +0400 Subject: Location URI Wildcard In-Reply-To: References: Message-ID: <20120403222039.GV13466@mdounin.ru> Hello! On Tue, Apr 03, 2012 at 03:10:07PM -0700, Justin Dorfman wrote: > Hello, > > I am trying to find a way to redirect a bunch of jpg files to an html page. > > This way is not working: > > location = /attach/201204*.jpg { > root /usr/local/nginx/html; > index suspend.html; > } > > Here is a real world file name: 201204031012088721.jpg location ~ ^/attach/201204.*\.jpg$ { alias /usr/local/nginx/html/suspend.html; } Maxim Dounin From jdorfman at netdna.com Tue Apr 3 22:26:57 2012 From: jdorfman at netdna.com (Justin Dorfman) Date: Tue, 3 Apr 2012 15:26:57 -0700 Subject: Location URI Wildcard In-Reply-To: <20120403222039.GV13466@mdounin.ru> References: <20120403222039.GV13466@mdounin.ru> Message-ID: Perfect thanks Maxim! Regards, Justin Dorfman NetDNA ? The Science of Acceleration? Email / gtalk: jdorfman at netdna.com P: 1.323.301.1400 x 272 Skype: netdna-justind Twitter: @jdorfman www.NetDNA.com | www.MaxCDN.com @NetDNA | @MaxCDN On Tue, Apr 3, 2012 at 3:20 PM, Maxim Dounin wrote: > Hello! > > On Tue, Apr 03, 2012 at 03:10:07PM -0700, Justin Dorfman wrote: > > > Hello, > > > > I am trying to find a way to redirect a bunch of jpg files to an html > page. > > > > This way is not working: > > > > location = /attach/201204*.jpg { > > root /usr/local/nginx/html; > > index suspend.html; > > } > > > > Here is a real world file name: 201204031012088721.jpg > > location ~ ^/attach/201204.*\.jpg$ { > alias /usr/local/nginx/html/suspend.html; > } > > Maxim Dounin > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Wed Apr 4 01:06:12 2012 From: nginx-forum at nginx.us (tikonen) Date: Tue, 3 Apr 2012 21:06:12 -0400 (EDT) Subject: Possible HTTP response read bug in Nginx 1.0.12 In-Reply-To: <20120403161530.GS13466@mdounin.ru> References: <20120403161530.GS13466@mdounin.ru> Message-ID: <0897eea6bf171e32cb305273ccc3d6a2.NginxMailingListEnglish@forum.nginx.org> Hi, Thanks for advice, I'll try next with 1.1.X and see if that helps. In case 1.1.X does not solve the problem. Server load is pretty big and only minor % of requests have the error so the debug log and capture dump would be Huge to catch even one case. (Still these errors are frequent enough to cause ip_hash to flag node failed and cause havoc in the cluster). To narrow down needed data, can you recommend proper debugging settings, should I start server or global level? Also, should I make debug log againts 1.1.X or 1.0.12 ? Thanks, Teemu Maxim Dounin Wrote: ------------------------------------------------------- > Please try 1.1.x to see if this is already > resolved. If not, > please provide traffic capture and corresponding > debug log, see > http://wiki.nginx.org/Debugging Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224853,224907#msg-224907 From agentzh at gmail.com Wed Apr 4 03:23:12 2012 From: agentzh at gmail.com (agentzh) Date: Wed, 4 Apr 2012 11:23:12 +0800 Subject: memc_flags_to_last_modified and srcache , no 304 possible ? In-Reply-To: <6e2bc7fac8512842fa34ca858100f61b.NginxMailingListEnglish@forum.nginx.org> References: <6e2bc7fac8512842fa34ca858100f61b.NginxMailingListEnglish@forum.nginx.org> Message-ID: On Tue, Apr 3, 2012 at 5:21 AM, Nginx_User777 wrote: > Is it possible to use the memc_flags_to_last_modified directive with > srcache ? > It doesn't work for me. > > When a browser request nginx with a "If-Modified-Since" header, I would > like that nginx lookup in memcached to verify if the "Last Modified" is > the same and honor the 304 request without hit the proxied server (in > another country). > > Impossible to get a 304, so no bandwith saved ... But my provider is > happy :) > > Thanks for your help ! > I working on for several days, i'll really go mad :) > This is a TODO item for ngx_srcache. I'll look into this in the near future. Thanks for reminding me of this :) Best regards, -agentzh From quintinpar at gmail.com Wed Apr 4 04:08:25 2012 From: quintinpar at gmail.com (Quintin Par) Date: Wed, 4 Apr 2012 09:38:25 +0530 Subject: Serve from cache but fire request to upstream server to increment page view counter In-Reply-To: References: Message-ID: Hi all, Can someone please help me on this? The pattern is similar to proxy_cache_use_stale updating but just that the backend request is a fire-and-forget. If I am to do this in SSI I?ll end up spending time to service the code path in SSI whereas there is no much need to that urgently. The next cache bypass will update it and that?s good enough for me. -Quintin On Tue, Apr 3, 2012 at 12:13 PM, Quintin Par wrote: > Hi all, > > I have a strange case, not sure if this is addressed by nginx yet > > My site is cached as follows. > > location = / { > > proxy_pass http://localhost:82; > > proxy_set_header Host $host; > > proxy_set_header X-Real-IP $remote_addr; > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > proxy_set_header Accept-Encoding ""; > > proxy_ignore_headers Set-Cookie; > > proxy_ignore_headers Cache-Control; > > proxy_ignore_headers Expires; > > proxy_ignore_headers X-Accel-Expires; > > add_header X-Cache-Status $upstream_cache_status; > > proxy_cache cache; > > proxy_cache_key > $scheme$host$request_uri$cookie_site_sessionid; > > proxy_cache_valid 200 302 30s; > > proxy_cache_use_stale updating; > > } > > One issue I encounter with this is that I can?t increment the page view > counter that I maintain in redis. > > Is there is way nginx can fire a request to the backend web ? to some URI > so that I can take the request and increment the associated counter? > > I know I can achieve this with SSI, but I wanted to check if there is a > better pattern. > > -Quintin > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Wed Apr 4 06:14:41 2012 From: nginx-forum at nginx.us (niraj) Date: Wed, 4 Apr 2012 02:14:41 -0400 (EDT) Subject: Not easy replacement of Apache with Ngnix due to error log In-Reply-To: References: Message-ID: Hi My view is that only if Nginx error log more informative then it will be very userful for system admin who wants to switch from apache to Nginx. Its need to be more informative. "As I am system admin and I was face that issue and at that time there were no error log which guide me to solve the issue. who are new to switch with Nginx this logs not that much informative." My personal view if Nginx having more informative error log then anybody can easily adopt the Nginx. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224747,224911#msg-224911 From varia at e-healthexpert.org Wed Apr 4 08:01:03 2012 From: varia at e-healthexpert.org (Mark Alan) Date: Wed, 4 Apr 2012 09:01:03 +0100 Subject: proxmox: how to use nginx instead of apache In-Reply-To: References: <20120401203214.1899b7c7@e-healthexpert.org> <1333472087.2428.15.camel@portable-evil> <20120403195215.65c4882b@e-healthexpert.org> Message-ID: <20120404090103.40a30405@e-healthexpert.org> On Tue, 3 Apr 2012 16:59:09 -0400, Chris wrote: > You mean for the Proxmox VE Web GUI? Yes. The idea is to use Nginx Instead of Apache to serve the Proxmox VE Web GUI. M. From appa at perusio.net Wed Apr 4 08:09:43 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Wed, 4 Apr 2012 10:09:43 +0200 Subject: Serve from cache but fire request to upstream server to increment page view counter In-Reply-To: References:

Message-ID: <77590aa60cbf956e5fa84ac68220edca.squirrel@damiao.org> There's the post_action directive. But AFAIK is not that reliable. I would use Lua with the "new" cosocket API and do an HTTP request. Here's an example of a library built around it that talks with a Redis backend: https://github.com/agentzh/lua-resty-redis As stated post_action is another option: http://wiki.nginx.org/HttpCoreModule#post_action --appa From nginx-forum at nginx.us Wed Apr 4 08:12:49 2012 From: nginx-forum at nginx.us (tikonen) Date: Wed, 4 Apr 2012 04:12:49 -0400 (EDT) Subject: Possible HTTP response read bug in Nginx 1.0.12 In-Reply-To: References: Message-ID: <5f12ff38be70c57ffc2353ffac5ea907.NginxMailingListEnglish@forum.nginx.org> I can confirm that problem exisits also with Nginx 1.1.18. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224853,224917#msg-224917 From ru at nginx.com Wed Apr 4 08:16:10 2012 From: ru at nginx.com (Ruslan Ermilov) Date: Wed, 4 Apr 2012 12:16:10 +0400 Subject: try_files ignored in combination with error_page and named locations In-Reply-To: <4F7B5DEF.8030107@gmail.com> References: <4F7B5DEF.8030107@gmail.com> Message-ID: <20120404081610.GA44137@lo0.su> On Tue, Apr 03, 2012 at 10:30:39PM +0200, D?en wrote: > For some reason the following nginx configuration snippet doesn't work > as expected, try_files seems to be ignored. When / is requested (or any > other URI which points to a file which doesn't exist), nginx's default > 503 page is returned instead of the existing index.html. Requesting > /index.html works correctly. > > location @maintenance { > root /var/nginx/$hostid-maintenance; > index index.html; > try_files $uri $uri/ / =500; > } > > error_page 503 @maintenance; > > if ( -d $document_root/$hostid-maintenance ) { > return 503; > } > > Any thoughts? Running nginx version 1.0.12 here. First, this is a wacky config, and I don't quite understand what you're trying to achieve with it. :) Here's what happens with the request of "/", assuming that "if" condition holds true. The status code is set to 503, and further processing happends in the named location @maintenance. It tries "$uri", find that directory, but because argument does not end with a slash (i.e., we're testing a file, not directory), this variant is ignored. It then tries "$uri/", and succeeds. $uri is set to "/$hostid-maintenance/". As documentation of "try_files" says, the further processing is done in thi same (named) location. What happens next is since a request now ends with a slash, the static module handler ignores it, and a request is processed by the index module. The index module then verifies that the "/var/nginx/$hostid-maintenance/index.html" file exists and does an internal redirect to a new $uri. (The fact that it does an internal redirect is also documented.) This in turn gets processed by the server's default location which is configured to return 503. Because "recursive_error_pages" aren't enabled, the server ends up returning status code 503 with the standard content. (What happens when you enable is left as an excercise to a reader.) When OTOH you request "/index.html", try_files checks that the _file_ exists, and the processing is performed by the static module in the context of location @maintenance. There are no more internal redirects involved, so the server ends up sending you the status code 503 with the contents of index.html. I agree that this might not be obvious, but this is how it works. The important bit here is that requests that end up with "/", and get processed by the index module, do an internal redirect. This is quite logical if you think about it, because they *usually* get processed by the static module, as if a request ended up with "/" followed by the name of index file. From arissirajawali at gmail.com Wed Apr 4 08:29:19 2012 From: arissirajawali at gmail.com (aris) Date: Wed, 4 Apr 2012 15:29:19 +0700 Subject: install nginx dan php debian In-Reply-To: <1215987271.1017595069@informatik.hu> References: <4F756EE7.401@esiee.fr> <1215987271.1017595069@informatik.hu> Message-ID: hi all, after I finished install nginx with apt-get install nginx, what steps should I do so nginxcan walk? ----------------------------- On Fri, Mar 30, 2012 at 10:17 PM, Vuki wrote: > Hi! > > Check file permissions and the index directive, and index files! > > Vukii > > ------- Original message ------- > >> From: aris >> To: surfchen at gmail.com >> Cc: nginx at nginx.org >> Sent: '12-03-30, 15:28 >> >> >> dear all, >> why is my nginx 403 Forbidden? >> Where such errors >> please help me, thank you >> >> >> On Fri, Mar 30, 2012 at 4:01 PM, Chen Ze wrote: >> >>> Google and RTFM >>> >>> On Fri, Mar 30, 2012 at 4:29 PM, Frank Bonnet wrote: >>> >>>> On 03/30/2012 06:19 AM, aris wrote: >>>> >>>> please help me, I just wanted to start >>>> the install nginx and php on **debian linux, >>>> that I question is: how to install nginx and php on **debian, please send >>>> it >>>> to me once in the tutorial how to install nginx and php. >>>> Thank you so much before >>>> >>>> ______________________________**_________________ >>>> nginx mailing list >>>> nginx at nginx.org >>>> http://mailman.nginx.org/**mailman/listinfo/nginx >>>> >>>> >>>> http://www.howtoforge.com/**installing-php-5.3-nginx-and-** >>>> php-fpm-on-ubuntu-debian >>>> >>>> >>>> ______________________________**_________________ >>>> nginx mailing list >>>> nginx at nginx.org >>>> http://mailman.nginx.org/**mailman/listinfo/nginx >>>> >>> >>> > ______________________________**_________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/**mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From yvldwt at gmail.com Wed Apr 4 08:48:01 2012 From: yvldwt at gmail.com (=?utf-8?B?RMW+ZW4=?=) Date: Wed, 4 Apr 2012 10:48:01 +0200 Subject: try_files ignored in combination with error_page and named locations In-Reply-To: <20120404081610.GA44137@lo0.su> References: <4F7B5DEF.8030107@gmail.com> <20120404081610.GA44137@lo0.su> Message-ID: <20120404084801.GA11638@azarath.acceleris.ch> Thank you very much for your clarifying explanation. Seems like the only thing missing was "recursive_error_pages on" for it to work like I wanted it to have. On 04/04/12 12:16pm, Ruslan Ermilov wrote: > [...] > > First, this is a wacky config, and I don't quite understand what > you're trying to achieve with it. :) Just to make you understand what I was trying to achieve with this config: my maintenance page contains img tags pointing to images located in $document_root. I used to add a simple try_files /$hostid-maintenance/ @backend; to my configuration, but as expected a request to /foo.png returns the contents of /$hostid-maintenance/index.html instead. Thus I was looking for a solution to use a whole directory as an error page (being able to request other files which are located inside the maintenance $document_root). > Here's what happens with the request of "/", assuming that "if" > condition holds true. > > The status code is set to 503, and further processing happends in > the named location @maintenance. > > It tries "$uri", find that directory, but because argument does > not end with a slash (i.e., we're testing a file, not directory), > this variant is ignored. That's OK in my case, since the maintenance "environment" might contain other directories. > It then tries "$uri/", and succeeds. $uri is set to > "/$hostid-maintenance/". As documentation of "try_files" says, > the further processing is done in thi same (named) location. I'm not really sure whether $uri is set to "/$hostid-maintenance/" if "$uri/" is tried (since root is set to /var/nginx/$hostid-maintenance/ already). That works as expected and a request to / will actually just try / relative to $document_root. > What happens next is since a request now ends with a slash, the > static module handler ignores it, and a request is processed by > the index module. The index module then verifies that the > "/var/nginx/$hostid-maintenance/index.html" file exists and does > an internal redirect to a new $uri. (The fact that it does an > internal redirect is also documented.) > > This in turn gets processed by the server's default location > which is configured to return 503. Because > "recursive_error_pages" aren't enabled, the server ends up > returning status code 503 with the standard content. Thanks, that's what I forgot about. > (What happens when you enable is left as an excercise to a > reader.) > > When OTOH you request "/index.html", try_files checks that the > _file_ exists, and the processing is performed by the static > module in the context of location @maintenance. There are no > more internal redirects involved, so the server ends up sending > you the status code 503 with the contents of index.html. > > I agree that this might not be obvious, but this is how it works. > > The important bit here is that requests that end up with "/", and > get processed by the index module, do an internal redirect. This > is quite logical if you think about it, because they *usually* > get processed by the static module, as if a request ended up with > "/" followed by the name of index file. Thanks again and kind regards -- D?en From edho at myconan.net Wed Apr 4 09:03:30 2012 From: edho at myconan.net (Edho Arief) Date: Wed, 4 Apr 2012 16:03:30 +0700 Subject: try_files ignored in combination with error_page and named locations In-Reply-To: <20120404084801.GA11638@azarath.acceleris.ch> References: <4F7B5DEF.8030107@gmail.com> <20120404081610.GA44137@lo0.su> <20120404084801.GA11638@azarath.acceleris.ch> Message-ID: 2012/4/4 D?en : > Thank you very much for your clarifying explanation. Seems like the only > thing missing was "recursive_error_pages on" for it to work like I > wanted it to have. > > On 04/04/12 12:16pm, Ruslan Ermilov wrote: >> [...] >> >> First, this is a wacky config, and I don't quite understand what >> you're trying to achieve with it. ?:) > > Just to make you understand what I was trying to achieve with this > config: my maintenance page contains img tags pointing to images located > in $document_root. I used to add a simple > > ? ? ? ?try_files /$hostid-maintenance/ @backend; > > to my configuration, but as expected a request to /foo.png returns the > contents of /$hostid-maintenance/index.html instead. Thus I was looking > for a solution to use a whole directory as an error page (being able to > request other files which are located inside the maintenance > $document_root). > location /maintenance-static/ { } location / { try_files /$hostid-maintenance/ @backend; } From nginx-forum at nginx.us Wed Apr 4 09:33:47 2012 From: nginx-forum at nginx.us (Nginx_User777) Date: Wed, 4 Apr 2012 05:33:47 -0400 (EDT) Subject: memc_flags_to_last_modified and srcache , no 304 possible ? In-Reply-To: References: Message-ID: <94dbd74a50f2b2281a62e87e00228e32.NginxMailingListEnglish@forum.nginx.org> Hi Agentzh, Thanks for your answer. I'll continue to work with a srcache_fetch_skip to honor 304. And a really big thanks for these excellent modules, it's great !!!! Best Regards. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224793,224923#msg-224923 From siefke_listen at web.de Wed Apr 4 09:44:33 2012 From: siefke_listen at web.de (Silvio Siefke) Date: Wed, 4 Apr 2012 11:44:33 +0200 Subject: PHP with FPM on Gentoo In-Reply-To: <4F7BEA7A.8060304@gentoo.org> References: <20120403001323.c03997dd.siefke_listen@web.de> <20120403233916.d0943f2e.siefke_listen@web.de> <4F7BEA7A.8060304@gentoo.org> Message-ID: <20120404114433.49d17c07.siefke_listen@web.de> Hello, On Wed, 04 Apr 2012 08:30:18 +0200 Ole Markus With wrote: > Did you see the Gentoo install instructions [1]? Yes i have read. > You only need the fpm USE flag enabled for php. > Nginx require NGINX_MODULES_HTTP="fastcgi" In PHP is activated and Nginx i have reinstalled yesterdays with fastcgi Flag. I use Google normaly before. > With those set, fpm + nginx should work pretty much out of the box after > adding the fastcgi_pass line to nginx.conf. No work not pretty. On FreeBSD yes, on Gentoo nothing. > TCP sockets are the easiest to configure. If you want to use unix > sockets, you have to make sure the file permissions are correct etc. Has set again the IPs, which permissions must habe Unix sockets? Owner is normal, nginx but chmod? Regards Silvio From ol.morel at linkbynet.com Wed Apr 4 09:58:49 2012 From: ol.morel at linkbynet.com (morel) Date: Wed, 4 Apr 2012 11:58:49 +0200 Subject: Question about Vhost Message-ID: <4F7C1B59.2060209@linkbynet.com> hy i have installed nginx on my web server, i can run the configtest on nginx.conf but i would want also check the configuration of my vhost . When i try diverse handling like this /usr/local/nginx/sbin/nginx -c -t /etc/nginx/conf/vhosts-available/Site1.conf all the time i get the same error * nginx: [emerg] unknown directive "server" in /usr/local/nginx/vhosts-available/Site1.conf * nginx: configuration file /usr/local/nginx/vhosts-available/rSite1.conf test failed My question is do you know theyre is possibility to test vhost conf ? Cordially Oliver -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at jpluscplusm.com Wed Apr 4 10:41:50 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Wed, 4 Apr 2012 11:41:50 +0100 Subject: Question about Vhost In-Reply-To: <4F7C1B59.2060209@linkbynet.com> References: <4F7C1B59.2060209@linkbynet.com> Message-ID: On 4 April 2012 10:58, morel wrote: > i have installed nginx on my web server, i can run the configtest on > nginx.conf but i would want also check the configuration of my vhost . By testing your main config, you're automatically testing all included files as well. Jonathan -- Jonathan Matthews London, Oxford, UK http://www.jpluscplusm.com/contact.html From mdounin at mdounin.ru Wed Apr 4 11:09:58 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 4 Apr 2012 15:09:58 +0400 Subject: Possible HTTP response read bug in Nginx 1.0.12 In-Reply-To: <0897eea6bf171e32cb305273ccc3d6a2.NginxMailingListEnglish@forum.nginx.org> References: <20120403161530.GS13466@mdounin.ru> <0897eea6bf171e32cb305273ccc3d6a2.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20120404110958.GW13466@mdounin.ru> Hello! On Tue, Apr 03, 2012 at 09:06:12PM -0400, tikonen wrote: > Hi, > > Thanks for advice, I'll try next with 1.1.X and see if that helps. > > In case 1.1.X does not solve the problem. Server load is pretty big and > only minor % of requests have the error so the debug log and capture > dump would be Huge to catch even one case. (Still these errors are > frequent enough to cause ip_hash to flag node failed and cause havoc in > the cluster). > > To narrow down needed data, can you recommend proper debugging settings, > should I start server or global level? It's better to have debugging activated at global level to be able to see events reported by the kernel. > Also, should I make debug log againts 1.1.X or 1.0.12 ? The 1.1.x would be better. Maxim Dounin From nginx-forum at nginx.us Wed Apr 4 11:46:05 2012 From: nginx-forum at nginx.us (locojohn) Date: Wed, 4 Apr 2012 07:46:05 -0400 (EDT) Subject: PHP with FPM on Gentoo In-Reply-To: <20120403233916.d0943f2e.siefke_listen@web.de> References: <20120403233916.d0943f2e.siefke_listen@web.de> Message-ID: Silvio Siefke Wrote: ------------------------------------------------------- > Hello, > > > Could someone possibly provide me the USE flags > available > if someone has run Nginx, PHP and Fpm. /etc/make.conf: NGINX_MODULES_HTTP="access autoindex browser charset \ empty_gif fastcgi flv geoip gzip limit_zone \ map proxy rewrite stub_status upstream_ip_hash \ upload_progress" /etc/portage/package.use: www-servers/nginx aio dev-lang/php -* fpm cli bcmath ssl ctype curl fileinfo filter ftp gd hash iconv json mysqlnd mysql mysqli nls pcntl pcre posix readline reflection session simplexml sharedmem spl sysvipc tokenizer truetype unicode xml zlib xmlreader xmlwriter --- www-servers/nginx-1.1.18::x-portage USE="aio http http-cache pcre ssl -debug -ipv6 -libatomic -pcre-jit -vim-syntax" NGINX_MODULES_HTTP="access autoindex browser charset empty_gif fastcgi flv geoip gzip limit_zone map proxy rewrite stub_status upload_progress upstream_ip_hash -addition -auth_basic -cache_purge -dav -degradation -geo -gzip_static -headers_more -image_filter -limit_req -memcached -mp4 -passenger -perl -push -random_index -realip -referer -scgi -secure_link -slowfs_cache -split_clients -ssi -sub -upload -userid -uwsgi -xslt" NGINX_MODULES_MAIL="-imap -pop3 -smtp" 0 kB dev-lang/php-5.3.10-r2 USE="bcmath cli ctype curl fileinfo filter fpm ftp gd hash iconv json mysql mysqli mysqlnd nls pcntl posix readline session sharedmem simplexml ssl sysvipc tokenizer truetype unicode xml xmlreader xmlwriter zlib -apache2 -berkdb -bzip2 -calendar -cdb -cgi -cjk -crypt -curlwrappers -debug -doc -embed -enchant -exif -firebird -flatfile (-frontbase) -gdbm -gmp -imap -inifile -intl -iodbc -ipv6 -kerberos -kolab -ldap -ldap-sasl -libedit -mhash -mssql -oci8-instant-client -odbc -pdo -phar -pic -postgres -qdbm -recode -snmp -soap -sockets -spell -sqlite -sqlite3 -suhosin (-sybase-ct) -threads -tidy -wddx -xmlrpc -xpm -xsl -zip" 0 kB > Has set again the IPs, which permissions must habe Unix sockets? Owner > is normal, nginx but chmod? The socket file configured in php-fpm.conf should be readable and writeable by nginx. Naturally, if socket owner/group in php-fpm are set to nginx:nginx, nginx should work with php fpm over socket connection just fine. One question: do you use selinux? Any specific Gentoo installation? Please send me your /etc/make.conf file. Andrejs Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224804,224931#msg-224931 From quintinpar at gmail.com Wed Apr 4 12:17:22 2012 From: quintinpar at gmail.com (Quintin Par) Date: Wed, 4 Apr 2012 17:47:22 +0530 Subject: Serve from cache but fire request to upstream server to increment page view counter In-Reply-To: <77590aa60cbf956e5fa84ac68220edca.squirrel@damiao.org> References:

<77590aa60cbf956e5fa84ac68220edca.squirrel@damiao.org> Message-ID: Thanks Appa. Why would you say this is not reliable? Is there data or experience to suggest? The semantic is awesome. Precisely what I?ve been looking for. -Cherian On Wed, Apr 4, 2012 at 1:39 PM, Antonio P.P. Almeida wrote: > There's the post_action directive. But AFAIK is not that reliable. > > I would use Lua with the "new" cosocket API and do an HTTP request. > > Here's an example of a library built around it that talks with a Redis > backend: https://github.com/agentzh/lua-resty-redis > > As stated post_action is another option: > > http://wiki.nginx.org/HttpCoreModule#post_action > > > --appa > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From appa at perusio.net Wed Apr 4 12:21:49 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Wed, 4 Apr 2012 14:21:49 +0200 Subject: Serve from cache but fire request to upstream server to increment page view counter In-Reply-To: References:

<77590aa60cbf956e5fa84ac68220edca.squirrel@damiao.org> Message-ID: <0b0d1d41b7b059cd1add3ed5f8755d1b.squirrel@damiao.org> > Thanks Appa. > > Why would you say this is not reliable? Is there data or experience to > suggest? The semantic is awesome. Precisely what I've been looking for. > > -Cherian Well from remarks that core devs of Nginx have posted here before, referring to it as "hack" (SIC). In fact it's not even documented in the official docs. I'm not sure if that's an overlook or has deeper meanings related to the quality of the said directive concept/code. --appa From contact at jpluscplusm.com Wed Apr 4 12:27:32 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Wed, 4 Apr 2012 13:27:32 +0100 Subject: Serve from cache but fire request to upstream server to increment page view counter In-Reply-To: References:

<77590aa60cbf956e5fa84ac68220edca.squirrel@damiao.org> Message-ID: On 4 April 2012 13:17, Quintin Par wrote: > Thanks Appa. > > Why would you say this is not reliable? Is there data or experience to > suggest? The semantic is awesome. Precisely what I?ve been looking for. I'd also be interested in discovering any unreliability of this mechanism, as I'm planning to use it for some real-time logging shortly. The weaknesses that I've discovered thus far, which I think should all be fixed -- or at least modified as indicated below -- are * The client connection is held open until the post_action call completes * The response code returned to the client is the post_action's response code * The access.log entry logged reflects the post_action's URI, response code and (possibly; I forget) content length All of these render it difficult to use post_action as its name implies - to be competed *after* the client request is completely dealt with. I hope that at some point in the future, we'll be able to use post_action in a way which is invisible to the client, and to the logs. Perhaps with a post_action directive flag, indicating that any calls to this specific post_action URI should stay out of the logs and the client's view. J > On Wed, Apr 4, 2012 at 1:39 PM, Antonio P.P. Almeida > wrote: >> >> There's the post_action directive. But AFAIK is not that reliable. >> >> I would use Lua with the "new" cosocket API and do an HTTP request. >> >> Here's an example of a library built around it that talks with a Redis >> backend: https://github.com/agentzh/lua-resty-redis >> >> As stated post_action is another option: >> >> http://wiki.nginx.org/HttpCoreModule#post_action >> >> >> --appa >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -- Jonathan Matthews London, Oxford, UK http://www.jpluscplusm.com/contact.html From francis at daoine.org Wed Apr 4 12:40:40 2012 From: francis at daoine.org (Francis Daly) Date: Wed, 4 Apr 2012 13:40:40 +0100 Subject: Config directive inheritance: docs and rules (was: Config variable inheritance) In-Reply-To: References: Message-ID: <20120404124040.GB26052@craic.sysops.org> On Tue, Apr 03, 2012 at 06:20:13PM +0100, Jonathan Matthews wrote: Hi there, > http://www.ruby-forum.com/topic/188742 seems to contain some > information I've not found explicitly stated anywhere else: that > config directive inheritance is an all or nothing mechanism. Have I > missed some docs somewhere? That refers to inheritance of a *single* directive. > Following on from this, I'd like to understand if there's anything I > can reliably determine from a directive's name about the impact that > defining it will have on *other* directives' inheritability. Yes: it will have no impact on other directives. > Can I, for instance, assume that defining an xyx_ prefixed directive in > a sub-scope will affect *only* the inheritance of other xyz_ prefixed > directives? No. It will affect no other xyz_ prefixed directives. It may make a difference to the *applicability* of other directives -- for example, if fastcgi_pass is not set, then it doesn't really matter whether fastcgi_param is inherited or not, because it's not going to be used. But fastcgi_pass does not affect whether fastcgi_param is inherited. > Or can there be inheritance side-effects between, say, > directive "abc" and "def" that I can't possibly determine without > documentation or trial and error? No, it will have no impact on other directives. > Equally, can I assume that *all* xyz_ prefixed directives will have > their inheritance affected by the sub-scope definition of any *other* > xyz_ prefixed directive? No: it will have no impact on other directives. > Or are there examples where defining > "xyz_foo" does *not* impact the inheritance of "xyz_bar"? Yes: every example. > I'm thinking specifically of proxy_* directives, whereas the thread I > link to above is talking about multiple fastcgi_param directives. Using a directive sets the value of that directive. It does not set the value of different directives. "Not using" a directive means the value of that directive is either unset/default, or is the same value as the upper level. > Here, I'm interested in how, say, proxy_set_header affects the > inheritance of higher scope's proxy_pass directive - i.e. where the > prefix matches but they're *not* the same directive. No impact at all. > Does nginx (core) > derive or imply anything relating to the name-spacing of directives > before (in my example) the proxy module sees the config, or is it > entirely down to how each module implements the configuration > aggregation/inheritance? It's entirely down to how each module implements it. But if a module implements inheritance of a directive as something other than "replace" or "no inheritance", then that should probably be considered a bug. f -- Francis Daly francis at daoine.org From mdounin at mdounin.ru Wed Apr 4 13:58:46 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 4 Apr 2012 17:58:46 +0400 Subject: Config directive inheritance: docs and rules (was: Config variable inheritance) In-Reply-To: <20120404124040.GB26052@craic.sysops.org> References: <20120404124040.GB26052@craic.sysops.org> Message-ID: <20120404135846.GX13466@mdounin.ru> Hello! On Wed, Apr 04, 2012 at 01:40:40PM +0100, Francis Daly wrote: > On Tue, Apr 03, 2012 at 06:20:13PM +0100, Jonathan Matthews wrote: > > Hi there, > > > http://www.ruby-forum.com/topic/188742 seems to contain some > > information I've not found explicitly stated anywhere else: that > > config directive inheritance is an all or nothing mechanism. Have I > > missed some docs somewhere? > > That refers to inheritance of a *single* directive. > > > Following on from this, I'd like to understand if there's anything I > > can reliably determine from a directive's name about the impact that > > defining it will have on *other* directives' inheritability. > > Yes: it will have no impact on other directives. > > > Can I, for instance, assume that defining an xyx_ prefixed directive in > > a sub-scope will affect *only* the inheritance of other xyz_ prefixed > > directives? > > No. It will affect no other xyz_ prefixed directives. Not really, there are cases where it will. Examples include (not sure if there are others): 1) allow and deny directives of access module create an array of allow/deny rules, and this array is inherited as a whole; 2) recently introduced xslt_param and xslt_string_param do the same thing with xslt parameters. All such cases are more or less obvious though. [...] Maxim Dounin From francis at daoine.org Wed Apr 4 16:54:44 2012 From: francis at daoine.org (Francis Daly) Date: Wed, 4 Apr 2012 17:54:44 +0100 Subject: Config directive inheritance: docs and rules (was: Config variable inheritance) In-Reply-To: <20120404135846.GX13466@mdounin.ru> References: <20120404124040.GB26052@craic.sysops.org> <20120404135846.GX13466@mdounin.ru> Message-ID: <20120404165444.GA12819@craic.sysops.org> On Wed, Apr 04, 2012 at 05:58:46PM +0400, Maxim Dounin wrote: > On Wed, Apr 04, 2012 at 01:40:40PM +0100, Francis Daly wrote: > > On Tue, Apr 03, 2012 at 06:20:13PM +0100, Jonathan Matthews wrote: Hi there, > > > Can I, for instance, assume that defining an xyx_ prefixed directive in > > > a sub-scope will affect *only* the inheritance of other xyz_ prefixed > > > directives? > > > > No. It will affect no other xyz_ prefixed directives. > > Not really, there are cases where it will. Examples include (not > sure if there are others): > > 1) allow and deny directives of access module create an array of > allow/deny rules, and this array is inherited as a whole; > > 2) recently introduced xslt_param and xslt_string_param do the > same thing with xslt parameters. Ah, thank you for the correction. For the original poster: I was wrong, you *do* need to check or test each time. So read "never" and "always" as "almost never" and "almost always". Sorry about that. I've done a quick analysis of the 1.1.18 codebase, to see if I can find the current complete list (excluding 3rd party modules, of course). The configuration directives are stored in a struct: struct ngx_command_s { ngx_str_t name; ngx_uint_t type; char *(*set)(ngx_conf_t *cf, ngx_command_t *cmd, void *conf); ngx_uint_t conf; ngx_uint_t offset; void *post; }; "name" is the directive name; "*set" is the function to set the value of the directive, and "offset" is the position relative to "conf" where the value is stored. I see 67 arrays of that struct (grep for "static ngx_command_t"). I see 449 "ngx_string" within those arrays. 110 have unique *set values. Of the ones with non-unique *set values, the few that have the same "offset" value are: ngx_event_connections - worker_connections, connections; one deprecated ngx_mail_block - mail, imap; one deprecated ngx_conf_set_sec_slot - open_file_cache_valid, open_file_cache_retest; one deprecated ngx_http_core_root - root, alias: single-valued, only one at a level ngx_http_access_rule - allow, deny; both are valid ngx_http_xslt_param - xslt_param, xslt_string_param; both are valid. And separate from that, the directives which have a duplicate "offset" value of "offsetof(something)" (as in, not-0 or a predefined constant), are: open_file_cache_valid, open_file_cache_retest - one deprecated satisfy, satisfy_any - one deprecated optimize_server_names, server_name_in_redirect - one deprecated If that's an adequate analysis, it suggests that allow/deny and xslt_param/xslt_string_param are the only distributed directives which don't follow the replace-or-inherit-this-directive-only method. > All such cases are more or less obvious though. I wonder, is it worth having a note in the documentation for these exceptions to the common case? I see that there is such a note at http://nginx.org/en/docs/http/ngx_http_xslt_module.html#xslt_param, but not (yet) at http://nginx.org/en/docs/http/ngx_http_access_module.html#allow Thanks, f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Wed Apr 4 17:21:27 2012 From: nginx-forum at nginx.us (fiyah2011) Date: Wed, 4 Apr 2012 13:21:27 -0400 (EDT) Subject: POST DATA in cache_key Message-ID: is it possible to use a value found within POST DATA as part of the cache key? for example, the value of variable called 'username' to be part of the cache key. so i basically want the cache to key to simply hash against the connecting IP and the 'username' POST variable. proxy_cache_key "$remote_addr$POST[username]" thanks in advance Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224945,224945#msg-224945 From yvldwt at gmail.com Wed Apr 4 17:27:35 2012 From: yvldwt at gmail.com (=?UTF-8?B?RMW+ZW4=?=) Date: Wed, 04 Apr 2012 19:27:35 +0200 Subject: try_files ignored in combination with error_page and named locations In-Reply-To: References: <4F7B5DEF.8030107@gmail.com> <20120404081610.GA44137@lo0.su> <20120404084801.GA11638@azarath.acceleris.ch> Message-ID: <4F7C8487.4030506@gmail.com> On 04/04/2012 11:03, Edho Arief wrote: [...] > location /maintenance-static/ { > > } > > location / { > try_files /$hostid-maintenance/ @backend; > } Right, this would work just fine. However, requests to /maintenance-static/ would still be possible even if /$hostid-maintenance/ doesn't exist (minor problem, but maybe the backend uses /maintenance-static/ for some reason). Unfortunately, I still haven't found a solution which pleases me. Just to clarify, this is how I want the request to be processed (el-cheapo pseudo code): if the directory /maintenance/ exists, then set root to /maintenance/ if the file $uri exists, then serve $uri with errcode 503 otherwise serve index.html with errcode 503 otherwise proxy_pass http://backend My new attempt: recursive_error_pages on; error_page 599 @maintenance; if ( -d $document_root/$hostid-maintenance ) { return 599; } location @maintenance { root /var/nginx/$hostid-maintenance; index index.html; try_files $uri $uri/ /index.html /; } I used error code 599 because I noticed that for some reason the backend might raise an 503 error although $document_root/$hostid-maintenance doesn't exist. The result in such a situation would be unexpected (an infinite redirect loop?). By using an unused error code like 599, nginx's default 503 error page will be displayed instead, if the backend raises 503. This configuration seems to work, but the 599 error code in the HTTP header isn't that nice. Unfortunately, something like error_page 599 =503 @maintenance; doesn't result in what I expected (it will again just return nginx's default 503 error page, although error 503 is correctly set in the HTTP header). I still think that I misunderstood something, am I right? Kind regards -- D?en From nginx-forum at nginx.us Wed Apr 4 17:41:45 2012 From: nginx-forum at nginx.us (fiyah2011) Date: Wed, 4 Apr 2012 13:41:45 -0400 (EDT) Subject: POST DATA in cache_key In-Reply-To: References: Message-ID: this looks like the solution i am looking for. https://github.com/calio/form-input-nginx-module/blob/master/README Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224945,224947#msg-224947 From mdounin at mdounin.ru Wed Apr 4 18:18:42 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 4 Apr 2012 22:18:42 +0400 Subject: Config directive inheritance: docs and rules (was: Config variable inheritance) In-Reply-To: <20120404165444.GA12819@craic.sysops.org> References: <20120404124040.GB26052@craic.sysops.org> <20120404135846.GX13466@mdounin.ru> <20120404165444.GA12819@craic.sysops.org> Message-ID: <20120404181842.GY13466@mdounin.ru> Hello! On Wed, Apr 04, 2012 at 05:54:44PM +0100, Francis Daly wrote: [...] > If that's an adequate analysis, it suggests that > > allow/deny and xslt_param/xslt_string_param > > are the only distributed directives which don't follow the > replace-or-inherit-this-directive-only method. Mechanical analisys of the codebase might miss some cases with custom directive handlers used. But I suppose the result is correct as it matches one from my memory. :) > > All such cases are more or less obvious though. > > I wonder, is it worth having a note in the documentation for these > exceptions to the common case? > > I see that there is such a note at > > http://nginx.org/en/docs/http/ngx_http_xslt_module.html#xslt_param, > > but not (yet) at > > http://nginx.org/en/docs/http/ngx_http_access_module.html#allow Yes, this surely deserves a note. Maxim Dounin From siefke_listen at web.de Wed Apr 4 20:19:45 2012 From: siefke_listen at web.de (Silvio Siefke) Date: Wed, 4 Apr 2012 22:19:45 +0200 Subject: PHP with FPM on Gentoo In-Reply-To: <20120403001323.c03997dd.siefke_listen@web.de> References: <20120403001323.c03997dd.siefke_listen@web.de> Message-ID: <20120404221945.265d10b0.siefke_listen@web.de> Hello, now i have build php and nginx from source direct, emerge --unmerge, have downloaded the sourcecode and compile it and same it run not. Thats really crazy, what is this? Is this maybe with eselect profile list option? Because i use gentoo-desk imap # eselect profile list Available profile symlink targets: [1] default/linux/x86/10.0 [2] default/linux/x86/10.0/selinux [3] default/linux/x86/10.0/desktop * [4] default/linux/x86/10.0/desktop/gnome [5] default/linux/x86/10.0/desktop/kde [6] default/linux/x86/10.0/developer [7] default/linux/x86/10.0/server [8] hardened/linux/x86 [9] hardened/linux/x86/selinux Is this maybe the mistake or where can be the error? Regards Silvio From nginx-forum at nginx.us Wed Apr 4 20:40:04 2012 From: nginx-forum at nginx.us (shoshomiga) Date: Wed, 4 Apr 2012 16:40:04 -0400 (EDT) Subject: limit_rate dynamically using $arg - security Message-ID: <6421426a61f0bd2e0f8071c6705b87cd.NginxMailingListEnglish@forum.nginx.org> I've been looking for a way to limit videos to their bitrate to save bandwidth and I've come up with this code if ($arg_LIMITSPEED) { set $limit_rate $arg_LIMITSPEED; } It works but I would like to know if this code would be secure to use on a production server. I am not worried about users setting their LIMITSPEED high on their own because I am limiting speeds at the network level as well. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224950,224950#msg-224950 From contact at jpluscplusm.com Wed Apr 4 21:32:49 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Wed, 4 Apr 2012 22:32:49 +0100 Subject: limit_rate dynamically using $arg - security In-Reply-To: <6421426a61f0bd2e0f8071c6705b87cd.NginxMailingListEnglish@forum.nginx.org> References: <6421426a61f0bd2e0f8071c6705b87cd.NginxMailingListEnglish@forum.nginx.org> Message-ID: On 4 April 2012 21:40, shoshomiga wrote: > I've been looking for a way to limit videos to their bitrate to save > bandwidth and I've come up with this code > > ? ? ? ? ? ?if ($arg_LIMITSPEED) { > ? ? ? ? ? ? ?set $limit_rate $arg_LIMITSPEED; > ? ? ? ? ? ?} > > It works but I would like to know if this code would be secure to use on > a production server. > > I am not worried about users setting their LIMITSPEED high on their own > because I am limiting speeds at the network level as well. To be honest, I'm not sure what definition of "insecure" you could be thinking of that *isn't* "the user can override it trivially" :-) If you're doing the rate limiting at the network level properly, then why duplicate the effort? It's just one more place you have to change when you upgrade the speed limits. Personally, I'm prototyping a streaming service at the moment using http://wiki.nginx.org/X-accel#X-Accel-Limit-Rate and a double proxy_pass (via X-Accel-Redirect to an internal storage proxy_pass). It all looks like it works nicely, and allows the dumb storage backend to throw data at the nginx router as fast as nginx accepts it, and for the first (intelligent) proxy_pass backend to *decide* the bitrate via X-Accel-Limit-Rate. I'll blog it soonish :-) Jonathan -- Jonathan Matthews London, Oxford, UK http://www.jpluscplusm.com/contact.html From albert at nn.iij4u.or.jp Thu Apr 5 00:25:44 2012 From: albert at nn.iij4u.or.jp (shin fukuda) Date: Thu, 5 Apr 2012 09:25:44 +0900 Subject: no response nginx Message-ID: <20120405092544.f6c3c2cdd6d87bb9a320da8a@nn.iij4u.or.jp> Hi. I have a problem with nginx-1.1.16 uses proxy_cache_lock on. When high load or many request to nginx, Suddenly nginx seems hang, no response at all. In netstat "SYN_RECV","CLOSE_WAIT" too many. This problem needs restarting nginx, and "CLOSE_WAIT" clear. There is no problem in front-end nginx servers, but backends one. Any clue? -- shin fukuda From quintinpar at gmail.com Thu Apr 5 03:50:50 2012 From: quintinpar at gmail.com (Quintin Par) Date: Thu, 5 Apr 2012 09:20:50 +0530 Subject: Serve from cache but fire request to upstream server to increment page view counter In-Reply-To: References:

<77590aa60cbf956e5fa84ac68220edca.squirrel@damiao.org> Message-ID: This seems to very risky. One more question: The whole reason why I?d use post action is to take the time off from doing a SSI. i.e. serve a page from cache in light speed and then let post action take its own sweet time to complete. But from Jonathan?s response I infer that a post actions response code is passed to the client. Which means the client is made to wait till the post action is complete. Right? If yes, that defeats the purpose. On Wed, Apr 4, 2012 at 5:57 PM, Jonathan Matthews wrote: > On 4 April 2012 13:17, Quintin Par wrote: > > Thanks Appa. > > > > Why would you say this is not reliable? Is there data or experience to > > suggest? The semantic is awesome. Precisely what I?ve been looking for. > > I'd also be interested in discovering any unreliability of this > mechanism, as I'm planning to use it for some real-time logging > shortly. > > The weaknesses that I've discovered thus far, which I think should all > be fixed -- or at least modified as indicated below -- are > > * The client connection is held open until the post_action call completes > * The response code returned to the client is the post_action's response > code > * The access.log entry logged reflects the post_action's URI, response > code and (possibly; I forget) content length > > All of these render it difficult to use post_action as its name > implies - to be competed *after* the client request is completely > dealt with. > > I hope that at some point in the future, we'll be able to use > post_action in a way which is invisible to the client, and to the > logs. Perhaps with a post_action directive flag, indicating that any > calls to this specific post_action URI should stay out of the logs and > the client's view. > > J > > > On Wed, Apr 4, 2012 at 1:39 PM, Antonio P.P. Almeida > > wrote: > >> > >> There's the post_action directive. But AFAIK is not that reliable. > >> > >> I would use Lua with the "new" cosocket API and do an HTTP request. > >> > >> Here's an example of a library built around it that talks with a Redis > >> backend: https://github.com/agentzh/lua-resty-redis > >> > >> As stated post_action is another option: > >> > >> http://wiki.nginx.org/HttpCoreModule#post_action > >> > >> > >> --appa > >> > >> _______________________________________________ > >> nginx mailing list > >> nginx at nginx.org > >> http://mailman.nginx.org/mailman/listinfo/nginx > > > > > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > > > -- > Jonathan Matthews > London, Oxford, UK > http://www.jpluscplusm.com/contact.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From arissirajawali at gmail.com Thu Apr 5 04:18:19 2012 From: arissirajawali at gmail.com (aris) Date: Thu, 5 Apr 2012 11:18:19 +0700 Subject: nginx conf Message-ID: Hi all, how to configure nginx.conf, sites-available and sites-enabled I get 403 Forbidden nginx/0.7.67 please check out where my configuration errors *I nginx.conf following:* user www-data; worker_processes 1; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; events { worker_connections 1024; # multi_accept on; } http { include /etc/nginx/mime.types; access_log /var/log/nginx/access.log; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; tcp_nodelay on; gzip on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } # mail { # # See sample authentication script at: # # http://wiki.nginx.org/NginxImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } # } *The following sites-available I have :* # You may add here your # server { # ... # } # statements for each of your virtual hosts server { listen 80; ## listen for ipv4 server_name localhost; access_log /var/log/nginx/localhost.access.log; location / { root /var/www; index index.php; } location /doc { root /usr/share; autoindex on; allow 127.0.0.1; deny all; } location /images { root /usr/share; autoindex on; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # #error_page 500 502 503 504 /50x.html; #location = /50x.html { # root /var/www/nginx-default; #} # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { #proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { #fastcgi_pass 127.0.0.1:9000; #fastcgi_index index.php; #fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; #includefastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { #deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { #listen 8000; #listen somename:8080; #server_name somename alias another.alias; #location / { #root html; #index index.html index.htm; #} #} # HTTPS server # #server { #listen 443; #server_name localhost; #ssl on; #ssl_certificate cert.pem; #ssl_certificate_key cert.key; #ssl_session_timeout 5m; #ssl_protocols SSLv3 TLSv1; #ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; #ssl_prefer_server_ciphers on; #location / { #root html; #index index.html index.htm; #} #} *The following sites-enabled I have :* # You may add here your # server { # ... # } # statements for each of your virtual hosts server { listen 80; ## listen for ipv4 server_name localhost; access_log /var/log/nginx/localhost.access.log; location / { root /var/www; index index.php; } location /doc { root /usr/share; autoindex on; allow 127.0.0.1; deny all; } location /images { root /usr/share; autoindex on; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # #error_page 500 502 503 504 /50x.html; #location = /50x.html { # root /var/www/nginx-default; #} # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { #proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { #fastcgi_pass 127.0.0.1:9000; #fastcgi_index index.php; #fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; #includefastcgi_params; #fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; #includefastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { #deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { #listen 8000; #listen somename:8080; #server_name somename alias another.alias; #location / { #root html; #index index.html index.htm; #} #} # HTTPS server # #server { #listen 443; #server_name localhost; #ssl on; #ssl_certificate cert.pem; #ssl_certificate_key cert.key; #ssl_session_timeout 5m; #ssl_protocols SSLv3 TLSv1; #ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; #ssl_prefer_server_ciphers on; #location / { #root html; #index index.html index.htm; #} #} -------------- next part -------------- An HTML attachment was scrubbed... URL: From loco at d0pefish.de Thu Apr 5 07:56:07 2012 From: loco at d0pefish.de (Peter Hinse) Date: Thu, 05 Apr 2012 09:56:07 +0200 Subject: Testing the HttpLimitReqModule without blocking Message-ID: <4F7D5017.5080808@d0pefish.de> Hi all, I want to implement the HttpLimitReqModule within our setup to get rid of people scraping the content of our page. However, since some of our bigger clients are using the same proxy IP to connect to our page, I need to adjust the limit before really blocking users. Any chance to log the attempts without delivering a 503 page? If some of the proxy users would fit into the blocking scheme, is there a chance to define a whitelist? Regards, Peter. From nginx-forum at nginx.us Thu Apr 5 08:56:32 2012 From: nginx-forum at nginx.us (nenad) Date: Thu, 5 Apr 2012 04:56:32 -0400 (EDT) Subject: HttpSecureLinkModule timestamp inside uri Message-ID: I would like to use HttpSecureLinkModule to restrict access to some member photos. Now I would like to have the timestamp inside the path but I'm not sure how to implement that. The timestamp I could get with \/t(\d+)\/ from uri, must I do a rewrite and if yes how? Or exist a "single" operation way? Photo-URL: www.example.aaa/260/7/4/3/4255/4543535/t1331894408/1234_x.jpg?a=1234567888 location ~ _x\.(jpg|jpeg|gif|png)$ { secure_link $arg_a,$???; secure_link_md5 mysecretword$uri$???; root /media/photos ... } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224960,224960#msg-224960 From nginx-forum at nginx.us Thu Apr 5 11:26:06 2012 From: nginx-forum at nginx.us (shoshomiga) Date: Thu, 5 Apr 2012 07:26:06 -0400 (EDT) Subject: limit_rate dynamically using $arg - security In-Reply-To: References: Message-ID: <89fab4a3b8787ce2b1daf91159f681b5.NginxMailingListEnglish@forum.nginx.org> Jonathan Matthews Wrote: ------------------------------------------------------- > On 4 April 2012 21:40, shoshomiga > wrote: > > I've been looking for a way to limit videos to > their bitrate to save > > bandwidth and I've come up with this code > > > > ? ? ? ? ? ?if ($arg_LIMITSPEED) { > > ? ? ? ? ? ? ?set $limit_rate > $arg_LIMITSPEED; > > ? ? ? ? ? ?} > > > > It works but I would like to know if this code > would be secure to use on > > a production server. > > > > I am not worried about users setting their > LIMITSPEED high on their own > > because I am limiting speeds at the network > level as well. > > To be honest, I'm not sure what definition of > "insecure" you could be > thinking of that *isn't* "the user can override it > trivially" :-) > > If you're doing the rate limiting at the network > level properly, then > why duplicate the effort? It's just one more place > you have to change > when you upgrade the speed limits. > > Personally, I'm prototyping a streaming service at > the moment using > http://wiki.nginx.org/X-accel#X-Accel-Limit-Rate > and a double > proxy_pass (via X-Accel-Redirect to an internal > storage proxy_pass). > It all looks like it works nicely, and allows the > dumb storage backend > to throw data at the nginx router as fast as nginx > accepts it, and for > the first (intelligent) proxy_pass backend to > *decide* the bitrate via > X-Accel-Limit-Rate. I'll blog it soonish :-) > > Jonathan > -- > Jonathan Matthews > London, Oxford, UK > http://www.jpluscplusm.com/contact.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx By security I meant vulnerability to buffer overflows and other exploits since limit_rate is probably not meant to recieve that kind of unsanitized input. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224950,224967#msg-224967 From ne at vbart.ru Thu Apr 5 12:04:08 2012 From: ne at vbart.ru (Valentin V. Bartenev) Date: Thu, 5 Apr 2012 16:04:08 +0400 Subject: HttpSecureLinkModule timestamp inside uri In-Reply-To: References: Message-ID: <201204051604.08712.ne@vbart.ru> On Thursday 05 April 2012 12:56:32 nenad wrote: > I would like to use HttpSecureLinkModule to restrict access to some > member photos. Now I would like to have the timestamp inside the path > but I'm not sure how to implement that. > > The timestamp I could get with \/t(\d+)\/ from uri, must I do a rewrite > and if yes how? Or exist a "single" operation way? > > Photo-URL: > www.example.aaa/260/7/4/3/4255/4543535/t1331894408/1234_x.jpg?a=1234567888 > > location ~ _x\.(jpg|jpeg|gif|png)$ { > > secure_link $arg_a,$???; > secure_link_md5 mysecretword$uri$???; > > root /media/photos > ... > } > location ~ t(?P\d+)/\d+_x\.(?:jpe?g|gif|png)$ { secure_link $arg_a,$t; secure_link_md5 mysecretword$uri$t; root /media/photos ... } wbr, Valentin V. Bartenev From loco at d0pefish.de Thu Apr 5 14:30:35 2012 From: loco at d0pefish.de (Peter Hinse) Date: Thu, 05 Apr 2012 16:30:35 +0200 Subject: Combine if clauses for denial Message-ID: <4F7DAC8B.3040304@d0pefish.de> Hi all, I know how to block requests with an empty user-agent or with an empty referrer - is it possible to combine these two criteria and deny access when a request has no referrer AND no user-agent? Regards, Peter From mdounin at mdounin.ru Thu Apr 5 14:44:04 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 5 Apr 2012 18:44:04 +0400 Subject: limit_rate dynamically using $arg - security In-Reply-To: <89fab4a3b8787ce2b1daf91159f681b5.NginxMailingListEnglish@forum.nginx.org> References: <89fab4a3b8787ce2b1daf91159f681b5.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20120405144404.GC13466@mdounin.ru> Hello! On Thu, Apr 05, 2012 at 07:26:06AM -0400, shoshomiga wrote: > Jonathan Matthews Wrote: > ------------------------------------------------------- > > On 4 April 2012 21:40, shoshomiga > > wrote: > > > I've been looking for a way to limit videos to > > their bitrate to save > > > bandwidth and I've come up with this code > > > > > > ? ? ? ? ? ?if ($arg_LIMITSPEED) { > > > ? ? ? ? ? ? ?set $limit_rate > > $arg_LIMITSPEED; > > > ? ? ? ? ? ?} > > > > > > It works but I would like to know if this code > > would be secure to use on > > > a production server. [...] > By security I meant vulnerability to buffer overflows and other exploits > since limit_rate is probably not meant to recieve that kind of > unsanitized input. It should be safe. Note though that it will log error if there are invalid values passed, which may in turn be used as a DoS vector. To be on safe side, I would recommend sanitizing the input, e.g. with map{}. Something like this should work: map $arg_speed $speed { default 64k; 64k 64k; 128k 128k; 256k 256k; } ... set $limit_rate $speed; Maxim Dounin From mdounin at mdounin.ru Thu Apr 5 14:56:11 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 5 Apr 2012 18:56:11 +0400 Subject: no response nginx In-Reply-To: <20120405092544.f6c3c2cdd6d87bb9a320da8a@nn.iij4u.or.jp> References: <20120405092544.f6c3c2cdd6d87bb9a320da8a@nn.iij4u.or.jp> Message-ID: <20120405145610.GD13466@mdounin.ru> Hello! On Thu, Apr 05, 2012 at 09:25:44AM +0900, shin fukuda wrote: > Hi. > > I have a problem with nginx-1.1.16 uses proxy_cache_lock on. > When high load or many request to nginx, Suddenly nginx seems hang, > no response at all. > In netstat "SYN_RECV","CLOSE_WAIT" too many. This problem needs > restarting nginx, and "CLOSE_WAIT" clear. > > There is no problem in front-end nginx servers, but backends one. > > Any clue? I would suggest you are hitting some system limits. Check nginx and system logs, as well as various system stats. Check the state of nginx worker processes, most importantly wait channel (wchan, "ps -alx" should show one at least on FreeBSD and Linux). Maxim Dounin From nginx-forum at nginx.us Thu Apr 5 15:06:32 2012 From: nginx-forum at nginx.us (shoshomiga) Date: Thu, 5 Apr 2012 11:06:32 -0400 (EDT) Subject: limit_rate dynamically using $arg - security In-Reply-To: <20120405144404.GC13466@mdounin.ru> References: <20120405144404.GC13466@mdounin.ru> Message-ID: Maxim Dounin Wrote: ------------------------------------------------------- > Hello! > > On Thu, Apr 05, 2012 at 07:26:06AM -0400, > shoshomiga wrote: > > > Jonathan Matthews Wrote: > > > -------------------------------------------------- > ----- > > > On 4 April 2012 21:40, shoshomiga > > > wrote: > > > > I've been looking for a way to limit videos > to > > > their bitrate to save > > > > bandwidth and I've come up with this code > > > > > > > > ? ? ? ? ? ?if ($arg_LIMITSPEED) { > > > > ? ? ? ? ? ? ?set $limit_rate > > > $arg_LIMITSPEED; > > > > ? ? ? ? ? ?} > > > > > > > > It works but I would like to know if this > code > > > would be secure to use on > > > > a production server. > > [...] > > > By security I meant vulnerability to buffer > overflows and other exploits > > since limit_rate is probably not meant to > recieve that kind of > > unsanitized input. > > It should be safe. Note though that it will log > error if there > are invalid values passed, which may in turn be > used as a DoS > vector. > > To be on safe side, I would recommend sanitizing > the input, e.g. > with map{}. Something like this should work: > > map $arg_speed $speed { > default 64k; > 64k 64k; > 128k 128k; > 256k 256k; > } > > ... > > set $limit_rate $speed; Is there a way to typecast to int instead? map{} won't give me enough flexibility and it would probably be slower than a typecast. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224950,224974#msg-224974 From ft at falkotimme.com Thu Apr 5 15:11:41 2012 From: ft at falkotimme.com (Falko Timme) Date: Thu, 5 Apr 2012 17:11:41 +0200 Subject: Combine if clauses for denial References: <4F7DAC8B.3040304@d0pefish.de> Message-ID: <6CE56A81A763433C8B10A87FEFC97F7E@notebook> This should give you the idea: http://rosslawley.co.uk/2010/01/nginx-how-to-multiple-if-statements.html ----- Original Message ----- From: "Peter Hinse" To: Sent: Thursday, April 05, 2012 4:30 PM Subject: Combine if clauses for denial > Hi all, > > I know how to block requests with an empty user-agent or with an empty > referrer - is it possible to combine these two criteria and deny access > when a request has no referrer AND no user-agent? > > Regards, > > Peter > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From admin at yqed.com Thu Apr 5 15:17:20 2012 From: admin at yqed.com (Floren Munteanu) Date: Thu, 05 Apr 2012 11:17:20 -0400 Subject: Socket leaks., pread and [crit] SSL_Write() in 1.0.14 In-Reply-To: <20120403163212.GU13466@mdounin.ru> References: <3b3f2c2eddfdd3e59d242463275e502e.NginxMailingListEnglish@forum.nginx.org> <00cd479fdbb8bdf2f9f844e88607f8bd.NginxMailingListEnglish@forum.nginx.org> <20120326164754.GL13466@mdounin.ru> <20120402111754.GD13466@mdounin.ru> <20120402170637.GJ13466@mdounin.ru> <20120403163212.GU13466@mdounin.ru> Message-ID: Hi Maxim, On 4/3/2012 12:32 PM, Maxim Dounin wrote: > I'm afraid we aren't going to fix 1.0.x anyway. The 1.1.x branch > will become stable in serveral weeks, and 1.0.x is expected to get > only security fixes. Thanks, I will install a debug version of 1.1.18 into live server. > For now, please capture debug log. Anything else (including gdb > dump of the request in question) isn't that important, but if you > are going to obtain one it might be good idea to recompile nginx > without -O3 as it might produce undesired side-effects in gdb > output. The -O used by default is good enough. I'm afraid I will have to keep the -O3 for sake of compile consistency with other RPM's. I will do a debug capture on latest devel version, the [crit] errors still occur with 1.1.18 version and OpenSSL 1.0.1. Regards, Floren From loco at d0pefish.de Thu Apr 5 15:21:30 2012 From: loco at d0pefish.de (Peter Hinse) Date: Thu, 05 Apr 2012 17:21:30 +0200 Subject: Combine if clauses for denial In-Reply-To: <6CE56A81A763433C8B10A87FEFC97F7E@notebook> References: <4F7DAC8B.3040304@d0pefish.de> <6CE56A81A763433C8B10A87FEFC97F7E@notebook> Message-ID: <4F7DB87A.6010604@d0pefish.de> Am 05.04.2012 17:11, schrieb Falko Timme: > http://rosslawley.co.uk/2010/01/nginx-how-to-multiple-if-statements.html Thanks, that will do it I guess. From amoiz.shine at gmail.com Thu Apr 5 15:26:37 2012 From: amoiz.shine at gmail.com (Sharl.Jimh.Tsin) Date: Thu, 5 Apr 2012 23:26:37 +0800 Subject: [ANNOUNCE] Tengine-1.2.4 In-Reply-To: References: Message-ID: from your profile in LinkedIn website,i found that you are a student of HuaiYin Normal University.right? Best regards, Sharl.Jimh.Tsin (From China **Obviously Taiwan INCLUDED**) Using Gmail? Please read this important notice: http://www.fsf.org/campaigns/jstrap/gmail?10073. ? 2012?4?1? ??9:58?smallfish ??? > hah, perhaps just a joke. but?nothing is impossable. :) > -- > blog: http://chenxiaoyu.org > > > > ? 2012?4?1? ??9:33?Sharl.Jimh.Tsin ??? >> >> are you sure that NOT a joke of April Fools' Day, like taolinux >> (http://code.taobao.org/p/taobao_linux_server/src/trunk/taolinux/) ? >> >> Best regards, >> Sharl.Jimh.Tsin (From China **Obviously Taiwan INCLUDED**) >> >> Using Gmail? Please read this important notice: >> http://www.fsf.org/campaigns/jstrap/gmail?10073. >> >> >> >> 2012/3/31 Joshua Zhu : >> > Hi folks! >> > >> > We're pleased to announce that Tengine-1.2.4 has been released. You can >> > either download the tar ball >> > from?http://tengine.taobao.org/download/tengine-1.2.4.tar.gz ,?or >> > checkout >> > the code from https://github.com/taobao/tengine >> > >> > As this release, Tengine is based on Nginx-1.0.14. The highlight is a >> > brand >> > new 'user_agent' module which would be a good replacement for the >> > 'browser' >> > module in standard Nginx.?It's more efficient and flexible?than the >> > 'browser' module. Other changes include: >> > * Feature: added the 'log_escape' directive. >> > * Bugfix: fixed a bug in the limit_req module. >> > * Bugfix: fixed a bug in subrequest. >> > >> > Regards, >> > >> > -- >> > Joshua Zhu >> > Senior Software Engineer >> > Server Platforms Team at Taobao >> > >> > _______________________________________________ >> > nginx mailing list >> > nginx at nginx.org >> > http://mailman.nginx.org/mailman/listinfo/nginx >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From jdorfman at netdna.com Thu Apr 5 18:55:43 2012 From: jdorfman at netdna.com (Justin Dorfman) Date: Thu, 5 Apr 2012 11:55:43 -0700 Subject: nginx conf In-Reply-To: References: Message-ID: Hello, What are the permissions on /etc/nginx/sites-enabled/? You might need to give nginx rwx rights. Regards, Justin Dorfman NetDNA ? The Science of Acceleration? Email / gtalk: jdorfman at netdna.com P: 1.323.301.1400 x 272 Skype: netdna-justind Twitter: @jdorfman www.NetDNA.com | www.MaxCDN.com @NetDNA | @MaxCDN On Wed, Apr 4, 2012 at 9:18 PM, aris wrote: > Hi all, > how to configure nginx.conf, sites-available and sites-enabled > I get 403 Forbidden nginx/0.7.67 > please check out where my configuration errors > > *I nginx.conf following:* > > user www-data; > worker_processes 1; > > error_log /var/log/nginx/error.log; > pid /var/run/nginx.pid; > > events { > worker_connections 1024; > # multi_accept on; > } > > http { > include /etc/nginx/mime.types; > > access_log /var/log/nginx/access.log; > > sendfile on; > #tcp_nopush on; > > #keepalive_timeout 0; > keepalive_timeout 65; > tcp_nodelay on; > > gzip on; > gzip_disable "MSIE [1-6]\.(?!.*SV1)"; > > include /etc/nginx/conf.d/*.conf; > include /etc/nginx/sites-enabled/*; > } > > # mail { > # # See sample authentication script at: > # # http://wiki.nginx.org/NginxImapAuthenticateWithApachePhpScript > # > # # auth_http localhost/auth.php; > # # pop3_capabilities "TOP" "USER"; > # # imap_capabilities "IMAP4rev1" "UIDPLUS"; > # > # server { > # listen localhost:110; > # protocol pop3; > # proxy on; > # } > # > # server { > # listen localhost:143; > # protocol imap; > # proxy on; > # } > # } > > > *The following sites-available I have :* > # You may add here your > # server { > # ... > # } > # statements for each of your virtual hosts > > server { > > listen 80; ## listen for ipv4 > server_name localhost; > access_log /var/log/nginx/localhost.access.log; > > location / { > root /var/www; > index index.php; > } > > location /doc { > root /usr/share; > autoindex on; > allow 127.0.0.1; > deny all; > } > > location /images { > root /usr/share; > autoindex on; > } > > > > #error_page 404 /404.html; > > # redirect server error pages to the static page /50x.html > # > #error_page 500 502 503 504 /50x.html; > #location = /50x.html { > # root /var/www/nginx-default; > #} > > # proxy the PHP scripts to Apache listening on 127.0.0.1:80 > # > #location ~ \.php$ { > #proxy_pass http://127.0.0.1; > #} > > # pass the PHP scripts to FastCGI server listening on > 127.0.0.1:9000 > # > #location ~ \.php$ { > #fastcgi_pass 127.0.0.1:9000; > #fastcgi_index index.php; > #fastcgi_param SCRIPT_FILENAME > /scripts$fastcgi_script_name; > #includefastcgi_params; > #} > > # deny access to .htaccess files, if Apache's document root > # concurs with nginx's one > # > #location ~ /\.ht { > #deny all; > #} > } > > > # another virtual host using mix of IP-, name-, and port-based > configuration > # > #server { > #listen 8000; > #listen somename:8080; > #server_name somename alias another.alias; > > #location / { > #root html; > #index index.html index.htm; > #} > #} > > > # HTTPS server > # > #server { > #listen 443; > #server_name localhost; > > #ssl on; > #ssl_certificate cert.pem; > #ssl_certificate_key cert.key; > > #ssl_session_timeout 5m; > > #ssl_protocols SSLv3 TLSv1; > #ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; > #ssl_prefer_server_ciphers on; > > #location / { > #root html; > #index index.html index.htm; > #} > #} > > *The following sites-enabled I have :* > # You may add here your > # server { > # ... > # } > # statements for each of your virtual hosts > > server { > > listen 80; ## listen for ipv4 > server_name localhost; > access_log /var/log/nginx/localhost.access.log; > > location / { > root /var/www; > index index.php; > } > > location /doc { > root /usr/share; > autoindex on; > allow 127.0.0.1; > deny all; > } > > location /images { > root /usr/share; > autoindex on; > } > > > > #error_page 404 /404.html; > > # redirect server error pages to the static page /50x.html > # > #error_page 500 502 503 504 /50x.html; > #location = /50x.html { > # root /var/www/nginx-default; > #} > > # proxy the PHP scripts to Apache listening on 127.0.0.1:80 > # > #location ~ \.php$ { > #proxy_pass http://127.0.0.1; > #} > > # pass the PHP scripts to FastCGI server listening on > 127.0.0.1:9000 > # > #location ~ \.php$ { > #fastcgi_pass 127.0.0.1:9000; > #fastcgi_index index.php; > #fastcgi_param SCRIPT_FILENAME > /scripts$fastcgi_script_name; > #includefastcgi_params; > #fastcgi_param SCRIPT_FILENAME > /scripts$fastcgi_script_name; > #includefastcgi_params; > #} > > # deny access to .htaccess files, if Apache's document root > # concurs with nginx's one > # > #location ~ /\.ht { > #deny all; > #} > } > > > # another virtual host using mix of IP-, name-, and port-based > configuration > # > #server { > #listen 8000; > #listen somename:8080; > #server_name somename alias another.alias; > > #location / { > #root html; > #index index.html index.htm; > #} > #} > > > # HTTPS server > # > #server { > #listen 443; > #server_name localhost; > > #ssl on; > #ssl_certificate cert.pem; > #ssl_certificate_key cert.key; > > #ssl_session_timeout 5m; > > #ssl_protocols SSLv3 TLSv1; > #ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; > #ssl_prefer_server_ciphers on; > > #location / { > #root html; > #index index.html index.htm; > #} > #} > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ashishs.dev at gmail.com Thu Apr 5 23:33:31 2012 From: ashishs.dev at gmail.com (Ashish S) Date: Thu, 5 Apr 2012 16:33:31 -0700 Subject: multiget support in memcache/memc nginx modules Message-ID: Hi, It looks like neither the nginx memc module, nor the memcache standard module supports multi-get out of the box. Is there an implementation openly available, that supports the same? How about support for larger keys? (If implementation is based on text protocol, key-length seems limited to 250 chars vs 65K in binary protocol) Thanks, Ashish From albert at nn.iij4u.or.jp Fri Apr 6 01:47:03 2012 From: albert at nn.iij4u.or.jp (shin fukuda) Date: Fri, 6 Apr 2012 10:47:03 +0900 Subject: no response nginx In-Reply-To: <20120405145610.GD13466@mdounin.ru> References: <20120405092544.f6c3c2cdd6d87bb9a320da8a@nn.iij4u.or.jp> <20120405145610.GD13466@mdounin.ru> Message-ID: <20120406104703.8d8a5d9d04229d835c791b0b@nn.iij4u.or.jp> Hello, Maxim. On Thu, 5 Apr 2012 18:56:11 +0400 Maxim Dounin wrote: > Hello! > > On Thu, Apr 05, 2012 at 09:25:44AM +0900, shin fukuda wrote: > > > Hi. > > > > I have a problem with nginx-1.1.16 uses proxy_cache_lock on. > > When high load or many request to nginx, Suddenly nginx seems hang, > > no response at all. > > In netstat "SYN_RECV","CLOSE_WAIT" too many. This problem needs > > restarting nginx, and "CLOSE_WAIT" clear. > > > > There is no problem in front-end nginx servers, but backends one. > > > > Any clue? > > I would suggest you are hitting some system limits. Check nginx > and system logs, as well as various system stats. Check the state > of nginx worker processes, most importantly wait channel (wchan, > "ps -alx" should show one at least on FreeBSD and Linux). Set kernel parameter like ... net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_reuse = 1 net.ipv4.tcp_max_syn_backlog = 8192 net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_tw_recycle = 1 net.ipv4.tcp_fin_timeout = 15 net.ipv4.tcp_keepalive_time = 300 But, no good result so far. Anyway, I check workers details, and find this, 15832 write(4, "2012/04/04 19:56:10 [info] 15832#0: sigtimedwait() failed (4: Interrupted system"..., 87) = 87 15832 rt_sigtimedwait([ALRM IO RT_12 RT_13], 0x691220) = -1 EAGAIN (Resource temporarily unavailable) 15832 rt_sigtimedwait([ALRM IO RT_12 RT_13], 0x691220) = -1 EAGAIN (Resource temporarily unavailable) .... .... Is this normal status ? > Maxim Dounin > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -- shin fukuda From lists at ruby-forum.com Fri Apr 6 01:48:30 2012 From: lists at ruby-forum.com (MOHAMMED A.) Date: Fri, 06 Apr 2012 03:48:30 +0200 Subject: I need the best nginx configuration please Message-ID: <4f38466f869baed03ed613553a19acf0@ruby-forum.com> Hello, Please, I need the best nginx configuration for my servers My servers for images hosting In any server, From 2 to 5 million images The problem is that images do not appear quickly, a long time, Slow Please help me in this, I need the best nginx configuration Thanks. The configuration now user nobody; # no need for more workers in the proxy mode worker_processes 2; error_log /var/log/nginx/error.log info; worker_rlimit_nofile 20480; events { worker_connections 5120; # increase for busier servers use epoll; # you should use epoll here for Linux kernels 2.6.x } http { upload_progress_header id; upload_progress uploads 5m; server_name_in_redirect off; server_names_hash_max_size 10240; server_names_hash_bucket_size 1024; include mime.types; default_type application/octet-stream; server_tokens off; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 5; gzip on; gzip_vary on; gzip_disable "MSIE [1-6]\."; gzip_proxied any; gzip_http_version 1.1; gzip_min_length 1000; gzip_comp_level 6; gzip_buffers 16 8k; # You can remove image/png image/x-icon image/gif image/jpeg if you have slow CPU gzip_types text/plain text/xml text/css application/x-javascript application/xml image/png image/x-icon image/gif image/jpeg application/xml+rss text/javascript application/atom+xml; ignore_invalid_headers on; client_header_timeout 360m; client_body_timeout 360m; send_timeout 360m; reset_timedout_connection on; connection_pool_size 256; client_header_buffer_size 256k; large_client_header_buffers 4 256k; client_max_body_size 2048M; client_body_buffer_size 1024k; request_pool_size 32k; output_buffers 4 32k; postpone_output 1460; proxy_temp_path /home/matarNginx/nginx_proxy/; client_body_in_file_only on; log_format bytes_log "$msec $bytes_sent ."; include "/etc/nginx/vhosts/*"; } -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Fri Apr 6 09:15:23 2012 From: nginx-forum at nginx.us (haonhien) Date: Fri, 6 Apr 2012 05:15:23 -0400 (EDT) Subject: Problem add http_400 for module upstream Message-ID: Hello every body! I want to add http_400 in directive proxy_next_upstream of module upstream: 1. Add code below in file src/http/ngx_http_upstream.h: #define NGX_HTTP_UPSTREAM_FT_HTTP_502 0x00000020 #define NGX_HTTP_UPSTREAM_FT_HTTP_503 0x00000040 #define NGX_HTTP_UPSTREAM_FT_HTTP_504 0x00000080 #define NGX_HTTP_UPSTREAM_FT_HTTP_404 0x00000100 #define NGX_HTTP_UPSTREAM_FT_HTTP_400 0x00000120 //---> not right 2.Add code below in file ngx_http_upstream.c: { 500, NGX_HTTP_UPSTREAM_FT_HTTP_500 }, { 502, NGX_HTTP_UPSTREAM_FT_HTTP_502 }, { 503, NGX_HTTP_UPSTREAM_FT_HTTP_503 }, { 504, NGX_HTTP_UPSTREAM_FT_HTTP_504 }, { 404, NGX_HTTP_UPSTREAM_FT_HTTP_404 }, { 400, NGX_HTTP_UPSTREAM_FT_HTTP_400 }, //add code here 3.Add code below in file src/http/modules/ngx_http_proxy_module.c: { ngx_string("http_500"), NGX_HTTP_UPSTREAM_FT_HTTP_500 }, { ngx_string("http_502"), NGX_HTTP_UPSTREAM_FT_HTTP_502 }, { ngx_string("http_503"), NGX_HTTP_UPSTREAM_FT_HTTP_503 }, { ngx_string("http_504"), NGX_HTTP_UPSTREAM_FT_HTTP_504 }, { ngx_string("http_404"), NGX_HTTP_UPSTREAM_FT_HTTP_404 }, { ngx_string("http_400"), NGX_HTTP_UPSTREAM_FT_HTTP_400 }, // add code here Plz help me Thank you so much. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225010,225010#msg-225010 From c.kworr at gmail.com Fri Apr 6 08:06:54 2012 From: c.kworr at gmail.com (Volodymyr Kostyrko) Date: Fri, 06 Apr 2012 11:06:54 +0300 Subject: I need the best nginx configuration please In-Reply-To: <4f38466f869baed03ed613553a19acf0@ruby-forum.com> References: <4f38466f869baed03ed613553a19acf0@ruby-forum.com> Message-ID: <4F7EA41E.3090504@gmail.com> MOHAMMED A. wrote: > Hello, > > Please, I need the best nginx configuration for my servers > My servers for images hosting > In any server, From 2 to 5 million images > The problem is that images do not appear quickly, a long time, Slow > Please help me in this, I need the best nginx configuration > > Thanks. > > The configuration now > > user nobody; > # no need for more workers in the proxy mode > worker_processes 2; > error_log /var/log/nginx/error.log info; > worker_rlimit_nofile 20480; > events { > worker_connections 5120; # increase for busier servers > use epoll; # you should use epoll here for Linux kernels 2.6.x > } > http { > upload_progress_header id; > upload_progress uploads 5m; > server_name_in_redirect off; > server_names_hash_max_size 10240; > server_names_hash_bucket_size 1024; > include mime.types; > default_type application/octet-stream; > server_tokens off; > sendfile on; > tcp_nopush on; > tcp_nodelay on; > keepalive_timeout 5; > gzip on; > gzip_vary on; > gzip_disable "MSIE [1-6]\."; > gzip_proxied any; > gzip_http_version 1.1; > gzip_min_length 1000; > gzip_comp_level 6; > gzip_buffers 16 8k; > # You can remove image/png image/x-icon image/gif image/jpeg if you have > slow CPU > gzip_types text/plain text/xml text/css application/x-javascript > application/xml image/png image/x-icon image/gif image/jpeg > application/xml+rss text/javascript application/atom+xml; > ignore_invalid_headers on; > client_header_timeout 360m; > client_body_timeout 360m; > send_timeout 360m; > reset_timedout_connection on; > connection_pool_size 256; > client_header_buffer_size 256k; > large_client_header_buffers 4 256k; > client_max_body_size 2048M; > client_body_buffer_size 1024k; > request_pool_size 32k; > output_buffers 4 32k; > postpone_output 1460; > proxy_temp_path /home/matarNginx/nginx_proxy/; > client_body_in_file_only on; > log_format bytes_log "$msec $bytes_sent ."; Everything looks good. Some options point to default values and can be omitted. > include "/etc/nginx/vhosts/*"; > } This line includes all files under listed directory. Whole your config is only about nginx configuration and lack particular site configuration. Maybe posting those would give anyone better clue on whats going on with your system. -- Sphinx of black quartz judge my vow. From pobreiluso at gmail.com Fri Apr 6 10:48:18 2012 From: pobreiluso at gmail.com (=?ISO-8859-1?Q?Antonio_Jerez_Guill=E9n?=) Date: Fri, 6 Apr 2012 12:48:18 +0200 Subject: I need the best nginx configuration please In-Reply-To: <4F7EA41E.3090504@gmail.com> References: <4f38466f869baed03ed613553a19acf0@ruby-forum.com> <4F7EA41E.3090504@gmail.com> Message-ID: Hi there! I guess, that your problem could be O.S. related and not Nginx related. I meant, probably, you are using more files per directory than your O.S. could support, in many cases, this limit is about 32.000 files per directory, but it may depends of your filesystem. take a look to the link below: http://stackoverflow.com/questions/466521/how-many-files-in-a-directory-is-too-many In order to solve this issue, you must add a two or three directory levels structure. For example: I guess your current directory structure is something like: /img/abcdefghijklmn?opqrstuvwxyz.jpg And you must try something like: /img/*ab/cd/ef/*abcdefghijklmn?opqrstuvwxyz.jpg Or also works for somebody, to add a modulus function to the directories, for example: /img/*01/02/*abcdefghijklmn?opqrstuvwxyz.jpg Hope it helps. El 6 de abril de 2012 10:06, Volodymyr Kostyrko escribi?: > > > MOHAMMED A. wrote: > >> Hello, >> >> Please, I need the best nginx configuration for my servers >> My servers for images hosting >> In any server, From 2 to 5 million images >> The problem is that images do not appear quickly, a long time, Slow >> Please help me in this, I need the best nginx configuration >> >> Thanks. >> >> The configuration now >> >> user nobody; >> # no need for more workers in the proxy mode >> worker_processes 2; >> error_log /var/log/nginx/error.log info; >> worker_rlimit_nofile 20480; >> events { >> worker_connections 5120; # increase for busier servers >> use epoll; # you should use epoll here for Linux kernels 2.6.x >> } >> http { >> upload_progress_header id; >> upload_progress uploads 5m; >> server_name_in_redirect off; >> server_names_hash_max_size 10240; >> server_names_hash_bucket_size 1024; >> include mime.types; >> default_type application/octet-stream; >> server_tokens off; >> sendfile on; >> tcp_nopush on; >> tcp_nodelay on; >> keepalive_timeout 5; >> gzip on; >> gzip_vary on; >> gzip_disable "MSIE [1-6]\."; >> gzip_proxied any; >> gzip_http_version 1.1; >> gzip_min_length 1000; >> gzip_comp_level 6; >> gzip_buffers 16 8k; >> # You can remove image/png image/x-icon image/gif image/jpeg if you have >> slow CPU >> gzip_types text/plain text/xml text/css application/x-javascript >> application/xml image/png image/x-icon image/gif image/jpeg >> application/xml+rss text/javascript application/atom+xml; >> ignore_invalid_headers on; >> client_header_timeout 360m; >> client_body_timeout 360m; >> send_timeout 360m; >> reset_timedout_connection on; >> connection_pool_size 256; >> client_header_buffer_size 256k; >> large_client_header_buffers 4 256k; >> client_max_body_size 2048M; >> client_body_buffer_size 1024k; >> request_pool_size 32k; >> output_buffers 4 32k; >> postpone_output 1460; >> proxy_temp_path /home/matarNginx/nginx_proxy/; >> client_body_in_file_only on; >> log_format bytes_log "$msec $bytes_sent ."; >> > > Everything looks good. Some options point to default values and can be > omitted. > > include "/etc/nginx/vhosts/*"; >> } >> > > This line includes all files under listed directory. Whole your config is > only about nginx configuration and lack particular site configuration. > Maybe posting those would give anyone better clue on whats going on with > your system. > > -- > Sphinx of black quartz judge my vow. > > > ______________________________**_________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/**mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Apr 6 12:32:16 2012 From: nginx-forum at nginx.us (shrinath.m) Date: Fri, 6 Apr 2012 08:32:16 -0400 (EDT) Subject: proxy_buffering on - doesn't return files with large data? Message-ID: <8e10eb48ce3782d66f10e4ae8386362e.NginxMailingListEnglish@forum.nginx.org> Hi, We have setup like so : 1. Nginx is configured as server which recieves user request 2. The user request is proxy_passed to another server which is also Nginx. Now when user requests for a file(401481 bytes) over AJAX, it is not being served. This problem doesn't happen for every file, just for random files. The same file doesn't load every time. I tried disabling proxy_buffering off, it worked. BTW, it is not the file size problem. It is working for larger file than the one that is not loading. I would love to know why. Thanks, Shrinath Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225015,225015#msg-225015 From bruno.premont at restena.lu Fri Apr 6 13:24:52 2012 From: bruno.premont at restena.lu (Bruno =?UTF-8?B?UHLDqW1vbnQ=?=) Date: Fri, 6 Apr 2012 15:24:52 +0200 Subject: limit_req_zone and limit_req: rate too strict Message-ID: <20120406152452.5729f6e0@pluto.restena.lu> Hi, I have started using limit_req_zone + limit_req but am seeing more delayed log entries than I would expect. I have the following: limit_req_zone $binary_remote_addr zone=one:10m rate=3r/s; ... server { ... location ~ .*\.php$ { limit_req zone=one burst=10; ... } In the logs I see that when 2 requests happen near simultaneously from the same IP address (e.g. page redirect to second PHP page or single PHP-generated image referenced by page) the second and third request get delayed if they arrive too early during the same second. I would wish to limit the user to 3 requests within a 1s window though not setting any constraint as to spacing between those requests, how can I accomplish it or what changes to limit_req module would be needed to not have a minimum 0.33s spacing between requests for above configuration? Thanks, Bruno From nginx-forum at nginx.us Fri Apr 6 13:25:53 2012 From: nginx-forum at nginx.us (nenad) Date: Fri, 6 Apr 2012 09:25:53 -0400 (EDT) Subject: HttpSecureLinkModule timestamp inside uri In-Reply-To: References: Message-ID: <5086ab5410a967ea6017e179cd4884b6.NginxMailingListEnglish@forum.nginx.org> thank you, that worked! can you also say me how i can point to correct root without /t{time}, now it try to open the file in a folder with timestamp in. www.example.aaa/260/7/4/3/4255/4543535/t1331894408/1234_x.jpg?a=1234567888 means it try to open it in: /media/photos/260/7/4/3/4255/4543535/t1331894408/1234_x.jpg instead /srv/media/260/7/4/3/4255/4543535/1234_x.jpg Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224960,225018#msg-225018 From nginx-forum at nginx.us Fri Apr 6 13:41:59 2012 From: nginx-forum at nginx.us (zuckbin) Date: Fri, 6 Apr 2012 09:41:59 -0400 (EDT) Subject: serve static content on static domain Message-ID: Hi, How to serve static content on static domain cookieless. I use ngix to serve static content then apache to dynamic content. Want to serve on static.mydomain.com all static content: jpeg, css, js, ... Here my actual conf: server { listen 80; client_max_body_size 50M; server_name www.mydoamin.com; access_log /var/log/nginx/localhost.access_log main; error_log /var/log/nginx/localhost.error_log info; location / { proxy_pass http://IP:8080/; proxy_redirect default; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location ~* ^.+.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ { root /home/www/domain.com; expires 30d; add_header Pragma public; add_header Cache-Control "public"; } } Want all my static content will be delivered only with: static.domain.com (no duplicate content) Thanks for your help Bye Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225020,225020#msg-225020 From edho at myconan.net Fri Apr 6 13:46:26 2012 From: edho at myconan.net (Edho Arief) Date: Fri, 6 Apr 2012 20:46:26 +0700 Subject: serve static content on static domain In-Reply-To: References: Message-ID: 2012/4/6 zuckbin : > Hi, > > How to serve static content on static domain cookieless. > > I use ngix to serve static content then apache to dynamic content. > > Want to serve on static.mydomain.com all static content: jpeg, css, js, > ... > Then you should tell your app to link static contents at static.mydomain.com instead of mydomain.com and then add its server block. From ne at vbart.ru Fri Apr 6 16:03:19 2012 From: ne at vbart.ru (Valentin V. Bartenev) Date: Fri, 6 Apr 2012 20:03:19 +0400 Subject: HttpSecureLinkModule timestamp inside uri In-Reply-To: <5086ab5410a967ea6017e179cd4884b6.NginxMailingListEnglish@forum.nginx.org> References: <5086ab5410a967ea6017e179cd4884b6.NginxMailingListEnglish@forum.nginx.org> Message-ID: <201204062003.19924.ne@vbart.ru> On Friday 06 April 2012 17:25:53 nenad wrote: > thank you, that worked! > > can you also say me how i can point to correct root without /t{time}, > now it try to open the file in a folder with timestamp in. > > www.example.aaa/260/7/4/3/4255/4543535/t1331894408/1234_x.jpg?a=1234567888 > > means it try to open it in: > /media/photos/260/7/4/3/4255/4543535/t1331894408/1234_x.jpg instead > /srv/media/260/7/4/3/4255/4543535/1234_x.jpg > http://nginx.org/r/alias location ~ ^(.+)/t(?P\d+)(/\d+_x\.(?:jpe?g|gif|png))$ { secure_link $arg_a,$t; secure_link_md5 mysecretword$uri$t; alias /srv/media$1$3; ... } wbr, Valentin V. Bartenev From ne at vbart.ru Fri Apr 6 16:06:36 2012 From: ne at vbart.ru (Valentin V. Bartenev) Date: Fri, 6 Apr 2012 20:06:36 +0400 Subject: limit_req_zone and limit_req: rate too strict In-Reply-To: <20120406152452.5729f6e0@pluto.restena.lu> References: <20120406152452.5729f6e0@pluto.restena.lu> Message-ID: <201204062006.36424.ne@vbart.ru> On Friday 06 April 2012 17:24:52 Bruno Pr?mont wrote: > Hi, > > I have started using limit_req_zone + limit_req but am seeing more delayed > log entries than I would expect. > > I have the following: > > limit_req_zone $binary_remote_addr zone=one:10m rate=3r/s; > ... > server { > ... > location ~ .*\.php$ { > limit_req zone=one burst=10; > ... > } > > > In the logs I see that when 2 requests happen near simultaneously from the > same IP address (e.g. page redirect to second PHP page or single > PHP-generated image referenced by page) the second and third request get > delayed if they arrive too early during the same second. > > > I would wish to limit the user to 3 requests within a 1s window though > not setting any constraint as to spacing between those requests, how can I > accomplish it or what changes to limit_req module would be needed to > not have a minimum 0.33s spacing between requests for above configuration? > http://nginx.org/r/limit_req limit_req zone=one burst=10 nodelay; wbr, Valentin V. Bartenev From mdounin at mdounin.ru Fri Apr 6 16:35:25 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 6 Apr 2012 20:35:25 +0400 Subject: proxy_buffering on - doesn't return files with large data? In-Reply-To: <8e10eb48ce3782d66f10e4ae8386362e.NginxMailingListEnglish@forum.nginx.org> References: <8e10eb48ce3782d66f10e4ae8386362e.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20120406163525.GK13466@mdounin.ru> Hello! On Fri, Apr 06, 2012 at 08:32:16AM -0400, shrinath.m wrote: > Hi, > > We have setup like so : > > 1. Nginx is configured as server which recieves user request > 2. The user request is proxy_passed to another server which is also > Nginx. > > Now when user requests for a file(401481 bytes) over AJAX, it is not > being served. This problem doesn't happen for every file, just for > random files. The same file doesn't load every time. > > I tried disabling proxy_buffering off, it worked. > BTW, it is not the file size problem. It is working for larger file than > the one that is not loading. I would love to know why. First of all try looking into error logs. If it doesn't help, please provide debug log, see here for details: http://wiki.nginx.org/Debugging Maxim Dounin From bruno.premont at restena.lu Fri Apr 6 19:38:59 2012 From: bruno.premont at restena.lu (Bruno =?UTF-8?B?UHLDqW1vbnQ=?=) Date: Fri, 6 Apr 2012 21:38:59 +0200 Subject: limit_req_zone and limit_req: rate too strict In-Reply-To: <201204062006.36424.ne@vbart.ru> References: <20120406152452.5729f6e0@pluto.restena.lu> <201204062006.36424.ne@vbart.ru> Message-ID: <20120406213859.61e809bd@neptune> On Fri, 06 April 2012 "Valentin V. Bartenev" wrote: > On Friday 06 April 2012 17:24:52 Bruno Pr?mont wrote: > > Hi, > > > > I have started using limit_req_zone + limit_req but am seeing more delayed > > log entries than I would expect. > > > > I have the following: > > > > limit_req_zone $binary_remote_addr zone=one:10m rate=3r/s; > > ... > > server { > > ... > > location ~ .*\.php$ { > > limit_req zone=one burst=10; > > ... > > } > > > > > > In the logs I see that when 2 requests happen near simultaneously from the > > same IP address (e.g. page redirect to second PHP page or single > > PHP-generated image referenced by page) the second and third request get > > delayed if they arrive too early during the same second. > > > > > > I would wish to limit the user to 3 requests within a 1s window though > > not setting any constraint as to spacing between those requests, how can I > > accomplish it or what changes to limit_req module would be needed to > > not have a minimum 0.33s spacing between requests for above configuration? > > > > http://nginx.org/r/limit_req > > limit_req zone=one burst=10 nodelay; In that case legitimate (from my point of view) requests get rejected which is even worse! I wish those that fall under rate to not be delayed to get nice distribution (in my case 1s sample-rate!), but to have those between rate and burst being delayed to the following seconds. As an example of what I expect (rate=3r/s, burst=5): Time Request Id 0.0s 1 initial request 0.1s 2 second request, should not get delayed 0.1s 3 third request, should not get delayed 3.5s 4 new initial request 3.6s 5 new second request, should not get delayed 3.7s 6 new third request, should not get delayed 3.8s 7 new fourth request, should get delayed until t=4.6s 3.9s 8 new fifth request, should get delayed until t=4.7s 4.0s 9 new sixth request, should get delayed until t=4.8s 4.1s 10 new seventh request, should get delayed until t=5.6s 4.2s 11 new eighth request, should get delayed until t=5.7s 4.3s 12 new ninth request, should get rejected with 503 (exceeds burst) 4.4s 13 new tenth request, should get rejected with 503 (exceeds burst) but I do get like: 0.0s 1 initial request 0.1s 2 second request, delayed until 0.33s 0.1s 3 third request, delayed until 0.66s Bruno From lists at ruby-forum.com Fri Apr 6 20:27:17 2012 From: lists at ruby-forum.com (Ashish S Dev) Date: Fri, 06 Apr 2012 22:27:17 +0200 Subject: Memcache module implementation with multi-get support? Message-ID: Hi, Is there a memcache module implementation with multi-get support? Thanks, Ashish -- Posted via http://www.ruby-forum.com/. From ne at vbart.ru Fri Apr 6 20:56:05 2012 From: ne at vbart.ru (Valentin V. Bartenev) Date: Sat, 7 Apr 2012 00:56:05 +0400 Subject: limit_req_zone and limit_req: rate too strict In-Reply-To: <20120406213859.61e809bd@neptune> References: <20120406152452.5729f6e0@pluto.restena.lu> <201204062006.36424.ne@vbart.ru> <20120406213859.61e809bd@neptune> Message-ID: <201204070056.05706.ne@vbart.ru> On Friday 06 April 2012 23:38:59 Bruno Pr?mont wrote: > > > > http://nginx.org/r/limit_req > > > > limit_req zone=one burst=10 nodelay; > > In that case legitimate (from my point of view) requests get rejected > which is even worse! No, with "nodelay" parameter they won't be rejected or delayed until the overflow of burst. > I wish those that fall under rate to not be delayed to get nice > distribution (in my case 1s sample-rate!), but to have those between rate > and burst being delayed to the following seconds. [...] There's no discrete "sample-rate". The limit_req module implements classical "leaky bucket" algorithm, which is simple, cheap and very common in the telecom world. http://en.wikipedia.org/wiki/Leaky_bucket wbr, Valentin V. Bartenev From brian at akins.org Fri Apr 6 21:40:14 2012 From: brian at akins.org (Brian Akins) Date: Fri, 6 Apr 2012 17:40:14 -0400 Subject: Memcache module implementation with multi-get support? In-Reply-To: References: Message-ID: <26880F2B-B366-40C5-ABDE-A1B8B525CAE8@akins.org> On Apr 6, 2012, at 4:27 PM, Ashish S Dev wrote: > > Is there a memcache module implementation with multi-get support? Probably be pretty simple to add it to https://github.com/agentzh/lua-resty-memcached From matthieu.tourne at gmail.com Fri Apr 6 22:00:33 2012 From: matthieu.tourne at gmail.com (Matthieu Tourne) Date: Fri, 6 Apr 2012 15:00:33 -0700 Subject: Memcache module implementation with multi-get support? In-Reply-To: <26880F2B-B366-40C5-ABDE-A1B8B525CAE8@akins.org> References: <26880F2B-B366-40C5-ABDE-A1B8B525CAE8@akins.org> Message-ID: On Fri, Apr 6, 2012 at 2:40 PM, Brian Akins wrote: > > On Apr 6, 2012, at 4:27 PM, Ashish S Dev wrote: > > > > Is there a memcache module implementation with multi-get support? > > Probably be pretty simple to add it to > https://github.com/agentzh/lua-resty-memcached > > I think it already supports it if you pass an array of keys to the memc:get() function Matt -------------- next part -------------- An HTML attachment was scrubbed... URL: From agentzh at gmail.com Sat Apr 7 00:42:07 2012 From: agentzh at gmail.com (agentzh) Date: Sat, 7 Apr 2012 08:42:07 +0800 Subject: Memcache module implementation with multi-get support? In-Reply-To: References: <26880F2B-B366-40C5-ABDE-A1B8B525CAE8@akins.org> Message-ID: On Sat, Apr 7, 2012 at 6:00 AM, Matthieu Tourne wrote: > On Fri, Apr 6, 2012 at 2:40 PM, Brian Akins wrote: >> On Apr 6, 2012, at 4:27 PM, Ashish S Dev wrote: >> > >> > Is there a memcache module implementation with multi-get support? >> >> Probably be pretty simple to add it to >> https://github.com/agentzh/lua-resty-memcached >> > > I think it already supports it if you pass an array of keys to the > memc:get() function > Yes, it does. Below is a test case for this feature: https://github.com/agentzh/lua-resty-memcached/blob/master/t/sanity.t#L1413 The lua-resty-memcached library is not an nginx module itself, but rather a (nonblocking) Lua library that is intended to be used with the ngx_lua module :) Best regards, -agentzh From nginx-forum at nginx.us Mon Apr 9 08:26:01 2012 From: nginx-forum at nginx.us (niraj) Date: Mon, 9 Apr 2012 04:26:01 -0400 (EDT) Subject: rewrite proxy flag set problem In-Reply-To: References: <20120327085508.GA12789@nginx.com> <93f51c1c0f37415b621ae6a794042639.NginxMailingListEnglish@forum.nginx.org> Message-ID: <7e72081cefac23b42757af8f94d6912d.NginxMailingListEnglish@forum.nginx.org> Hi As mentioned above the different condition for Nginx, If anybody know in details then please guide me. It will help me to understand the Nginx rewrite rule in details. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,224274,225057#msg-225057 From lists at ruby-forum.com Mon Apr 9 11:42:41 2012 From: lists at ruby-forum.com (Tariq wali) Date: Mon, 09 Apr 2012 13:42:41 +0200 Subject: nginx upstream prematurely closed connection In-Reply-To: References: Message-ID: Maxim, I see the same error on few of our lamp servers and nginx serving static content . I have looked for clues in apache error logs and syslog messages but can't establish a connection .. 2012/03/21 00:00:01 [error] 569#0: *10867863 upstream prematurely closed connection while reading response header from upstream, client: 121.243.22.130, server: _, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "servername.net" 2012/03/22 00:00:01 [error] 568#0: *10869967 upstream prematurely closed connection while reading response header from upstream, client: 121.243.22.130, server: _, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "servername.net" 2012/03/23 00:00:01 [error] 569#0: *10872221 upstream prematurely closed connection while reading response header from upstream, client: 121.243.22.130, server: _, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "servername.net" I would appreciate a direction I can take this issue in ..' T -- Posted via http://www.ruby-forum.com/. From nbubingo at gmail.com Mon Apr 9 13:28:26 2012 From: nbubingo at gmail.com (=?GB2312?B?0qbOsLHz?=) Date: Mon, 9 Apr 2012 21:28:26 +0800 Subject: [ANNOUNCE] Tengine-1.2.4 In-Reply-To: References:

Message-ID: Hello, Can you just focus on the technical problem? If you have any detail question to ask, we are pleased to serve you. Thanks. 2012/4/5 Sharl.Jimh.Tsin : > from your profile in LinkedIn website,i found that you are a student > of HuaiYin Normal University.right? > > Best regards, > Sharl.Jimh.Tsin (From China **Obviously Taiwan INCLUDED**) > > Using Gmail? Please read this important notice: > http://www.fsf.org/campaigns/jstrap/gmail?10073. > > > > ? 2012?4?1? ??9:58?smallfish ??? >> hah, perhaps just a joke. but nothing is impossable. :) >> -- >> blog: http://chenxiaoyu.org >> >> >> >> ? 2012?4?1? ??9:33?Sharl.Jimh.Tsin ??? >>> >>> are you sure that NOT a joke of April Fools' Day, like taolinux >>> (http://code.taobao.org/p/taobao_linux_server/src/trunk/taolinux/) ? >>> >>> Best regards, >>> Sharl.Jimh.Tsin (From China **Obviously Taiwan INCLUDED**) >>> >>> Using Gmail? Please read this important notice: >>> http://www.fsf.org/campaigns/jstrap/gmail?10073. >>> >>> >>> >>> 2012/3/31 Joshua Zhu : >>> > Hi folks! >>> > >>> > We're pleased to announce that Tengine-1.2.4 has been released. You can >>> > either download the tar ball >>> > from http://tengine.taobao.org/download/tengine-1.2.4.tar.gz , or >>> > checkout >>> > the code from https://github.com/taobao/tengine >>> > >>> > As this release, Tengine is based on Nginx-1.0.14. The highlight is a >>> > brand >>> > new 'user_agent' module which would be a good replacement for the >>> > 'browser' >>> > module in standard Nginx. It's more efficient and flexible than the >>> > 'browser' module. Other changes include: >>> > * Feature: added the 'log_escape' directive. >>> > * Bugfix: fixed a bug in the limit_req module. >>> > * Bugfix: fixed a bug in subrequest. >>> > >>> > Regards, >>> > >>> > -- >>> > Joshua Zhu >>> > Senior Software Engineer >>> > Server Platforms Team at Taobao >>> > >>> > _______________________________________________ >>> > nginx mailing list >>> > nginx at nginx.org >>> > http://mailman.nginx.org/mailman/listinfo/nginx >>> >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >> >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nbubingo at gmail.com Mon Apr 9 13:34:56 2012 From: nbubingo at gmail.com (=?GB2312?B?0qbOsLHz?=) Date: Mon, 9 Apr 2012 21:34:56 +0800 Subject: nginx upstream prematurely closed connection In-Reply-To: References:

Message-ID: This is also proxy log, not the static content request log. You should be sure you have enough resources in your backend server, like memory, connection... 2012/4/9 Tariq wali : > Maxim, > > I see the same error on few of our lamp servers and nginx serving static > content . > I have looked for clues in apache error logs and syslog messages but > can't establish a connection .. > > 2012/03/21 00:00:01 [error] 569#0: *10867863 upstream prematurely closed > connection while reading response header from upstream, client: > 121.243.22.130, server: _, request: "GET / HTTP/1.1", upstream: > "http://127.0.0.1:8080/", host: "servername.net" > 2012/03/22 00:00:01 [error] 568#0: *10869967 upstream prematurely closed > connection while reading response header from upstream, client: > 121.243.22.130, server: _, request: "GET / HTTP/1.1", upstream: > "http://127.0.0.1:8080/", host: "servername.net" > 2012/03/23 00:00:01 [error] 569#0: *10872221 upstream prematurely closed > connection while reading response header from upstream, client: > 121.243.22.130, server: _, request: "GET / HTTP/1.1", upstream: > "http://127.0.0.1:8080/", host: "servername.net" > > I would appreciate a direction I can take this issue in ..' > > > T > > -- > Posted via http://www.ruby-forum.com/. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Mon Apr 9 13:41:54 2012 From: nginx-forum at nginx.us (auxbuss) Date: Mon, 9 Apr 2012 09:41:54 -0400 (EDT) Subject: Rewrites for sites without SSL on same IP address as those using SSL Message-ID: <980ba766245be3167fb1f1a2770fa2d6.NginxMailingListEnglish@forum.nginx.org> I have a few sites on a single IP and a single nginx instance. Some domains have SSL certificates (and listen on ports 80 and 443) and some don't (and only listen on port 80). For those domains that don't have an SSL certificate, including a server block listening on port 443 to rewrite to port 80 does not work. I understand this is because the SSL exchange happens prior to the server name being inspected. When browsing over https to one of the sites without an SSL certificate, the current behaviour is that a security warning is presented to the client that lists the certificate for the default_server and not the appropriate domain. Is there a way to rewrite https requests to http (for the domains with an SSL certificate) while retaining the appropriate domain? If not, is the best way to resolve this to add an additional IP and use one for those sites requiring ports 80 and 443 and another for those only using port 80? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225064,225064#msg-225064 From igor at sysoev.ru Mon Apr 9 13:55:15 2012 From: igor at sysoev.ru (Igor Sysoev) Date: Mon, 9 Apr 2012 17:55:15 +0400 Subject: Rewrites for sites without SSL on same IP address as those using SSL In-Reply-To: <980ba766245be3167fb1f1a2770fa2d6.NginxMailingListEnglish@forum.nginx.org> References: <980ba766245be3167fb1f1a2770fa2d6.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20120409135515.GA49392@nginx.com> On Mon, Apr 09, 2012 at 09:41:54AM -0400, auxbuss wrote: > I have a few sites on a single IP and a single nginx instance. Some > domains have SSL certificates (and listen on ports 80 and 443) and some > don't (and only listen on port 80). > > For those domains that don't have an SSL certificate, including a server > block listening on port 443 to rewrite to port 80 does not work. I > understand this is because the SSL exchange happens prior to the server > name being inspected. > > When browsing over https to one of the sites without an SSL certificate, > the current behaviour is that a security warning is presented to the > client that lists the certificate for the default_server and not the > appropriate domain. > > Is there a way to rewrite https requests to http (for the domains with > an SSL certificate) while retaining the appropriate domain? Do you mean the domains WITHOUT an SSL certificate ? > If not, is the best way to resolve this to add an additional IP and use > one for those sites requiring ports 80 and 443 and another for those > only using port 80? Yes, in this case Firefox will show ----- Unable to connect Firefox can't establish a connection to the server at ... ----- -- Igor Sysoev From nginx-forum at nginx.us Mon Apr 9 13:57:46 2012 From: nginx-forum at nginx.us (auxbuss) Date: Mon, 9 Apr 2012 09:57:46 -0400 (EDT) Subject: Rewrites for sites without SSL on same IP address as those using SSL In-Reply-To: <980ba766245be3167fb1f1a2770fa2d6.NginxMailingListEnglish@forum.nginx.org> References: <980ba766245be3167fb1f1a2770fa2d6.NginxMailingListEnglish@forum.nginx.org> Message-ID: Yes, I mean domains without an SSL certificate. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225064,225066#msg-225066 From jdorfman at netdna.com Mon Apr 9 19:49:43 2012 From: jdorfman at netdna.com (Justin Dorfman) Date: Mon, 9 Apr 2012 12:49:43 -0700 Subject: could not build the referers_hash In-Reply-To: <1333144207.2204.8.camel@portable-evil> References: <1333071717.2082.3.camel@portable-evil> <1333120642.2082.7.camel@portable-evil> <1333144207.2204.8.camel@portable-evil> Message-ID: Our senior engineer figured how to fix it. What he did was edited this file: src/http/modules/ngx_http_referer_module.c and changed this line: prev->referer_hash_bucket_size, 64); to: prev->referer_hash_bucket_size, 128); Then recompiled nginx. Hope that helps someone in the future. Regards, Justin Dorfman On Fri, Mar 30, 2012 at 2:50 PM, Cliff Wells wrote: > On Fri, 2012-03-30 at 09:08 -0700, Justin Dorfman wrote: > > Hey Cliff, > > > > > > Here are the current values: > > > > > > server_names_hash_max_size 65536; > > server_names_hash_bucket_size 256; > > These are not the hashes you are looking for =) Your error message > specified "you should increase referers_hash_bucket_size", indicating > that it is currently 64. > > Regards, > Cliff > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at jpluscplusm.com Mon Apr 9 20:00:05 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Mon, 9 Apr 2012 21:00:05 +0100 Subject: Chunked input module problem with http_dav Message-ID: Hi all - I'm running the latest tagged version of the chunked input body module as per https://github.com/agentzh/chunkin-nginx-module/tags (0.23rc2) and nginx 1.0.14 with the http_dav module. I'm seeing some failures which are, to my eye, stopping chunkin work at /all/ in this combination. I'm using http_dav to provide an some upload space. After an upload completes (I started at 400MB, and still see the following problem with 4MB uploads), I get the following in the debug/error logs: 2012/04/09 20:38:02 [crit] 1485#0: *3 chmod() "/srv/tmp/0000000001" failed (2: No such file or directory), client: 10.0.10.183, server: upload.server, request: "PUT /external/testing123 HTTP/1.1", host: "upload.server:81" 2012/04/09 20:38:02 [crit] 1485#0: *3 unlink() "/srv/tmp/0000000001" failed (2: No such file or directory), client: 10.0.10.183, server: upload.server, request: "PUT /external/testing123 HTTP/1.1", host: "upload.server:81" Then the client receives a 500. "/srv/tmp" (the client body temp location) *is* on the same partition as the final resting place as the data. If I *don't* use chunked input, then the upload works fine. Here's the site config: --------------------------------------------------------------------- server { listen *:81; server_name upload.server; chunkin on; error_page 411 = @my_411_error; location @my_411_error { chunkin_resume; } location / { root /srv/data/; client_body_temp_path /srv/tmp/ client_max_body_size 500m; dav_methods PUT DELETE MKCOL COPY MOVE; create_full_put_path off; dav_access group:rw all:r; } } ... and here's the nginx-V output: nginx version: nginx/1.0.14 built by gcc 4.4.5 (Debian 4.4.5-8) configure arguments: --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-http_dav_module --with-http_realip_module --with-http_stub_status_module --with-http_sub_module --add-module=/root/src/nginx-modules/agentzh-chunkin-nginx-module-ddc0dd5 --prefix=/usr Any ideas what's causing this and how I can fix it? Or is chunkin just not supposed to be run in this way with http_dav? Cheers, Jonathan -- Jonathan Matthews London, Oxford, UK http://www.jpluscplusm.com/contact.html From nginx-forum at nginx.us Tue Apr 10 01:28:23 2012 From: nginx-forum at nginx.us (spacerobot) Date: Mon, 9 Apr 2012 21:28:23 -0400 (EDT) Subject: Nginx returning 414 even when large_client_header_buffers is set Message-ID: <8b19edbb6b2d137c94eae907213f378f.NginxMailingListEnglish@forum.nginx.org> My nginx server needs a request whose URI is about 4k long, it currently returns 414 with message Request-URI Too Long. I looked online and added: large_client_header_buffers 4 16k; to the http block in nginx.conf, restarted nginx, still returns 414. I also tried to add client_header_buffer_size and set to 16k and well but didn't help. I have nginx 1.0.12 and built with the following options: "--with-http_ssl_module", "--with-http_gzip_static_module", "--add-module=../git/nginx-x-rid-header", "--with-ld-opt=-luuid", "--with-http_stub_status_module" Anybody has any insights on the 414 problem? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225093,225093#msg-225093 From ashishs.dev at gmail.com Tue Apr 10 01:44:24 2012 From: ashishs.dev at gmail.com (Ashish S) Date: Mon, 9 Apr 2012 18:44:24 -0700 Subject: Memcache module implementation with multi-get support? In-Reply-To: References: <26880F2B-B366-40C5-ABDE-A1B8B525CAE8@akins.org>

Message-ID: Thanks, everyone. This works. --Ashish On Fri, Apr 6, 2012 at 5:42 PM, agentzh wrote: > On Sat, Apr 7, 2012 at 6:00 AM, Matthieu Tourne > wrote: >> On Fri, Apr 6, 2012 at 2:40 PM, Brian Akins wrote: >>> On Apr 6, 2012, at 4:27 PM, Ashish S Dev wrote: >>> > >>> > Is there a memcache module implementation with multi-get support? >>> >>> Probably be pretty simple to add it to >>> https://github.com/agentzh/lua-resty-memcached >>> >> >> I think it already supports it if you pass an array of keys to the >> memc:get() function >> > > Yes, it does. > > Below is a test case for this feature: > > https://github.com/agentzh/lua-resty-memcached/blob/master/t/sanity.t#L1413 > > The lua-resty-memcached library is not an nginx module itself, but > rather a (nonblocking) Lua library that is intended to be used with > the ngx_lua module :) > > Best regards, > -agentzh > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From ashishs.dev at gmail.com Tue Apr 10 02:02:10 2012 From: ashishs.dev at gmail.com (Ashish S) Date: Mon, 9 Apr 2012 19:02:10 -0700 Subject: Program hangs when modifying u->buffer while using proxy module to talk to upstream backend Message-ID: Hi, I currently use upstream to talk to a back-end, which sends me some response. In my module, i am trying to re-format the plain-text upstream backend response, to XML, and I also add some new data to it, based on an in-memory lookup within my module. What would be the best way to do this? In my setup, I am able to parse response from upstream (u->buffer), construct a modified string and assign it back to u->buffer, and am I setting u->headers_in.content_length_n and r->headers_out.content_length_n correctly. The issue i face is, every *second* request hangs, if i am trying the request through the browser. (However, trying through command-line & curl, works everytime). And I always see this error message in the logs: "client prematurely closed connection, so upstream connection is closed too while sending to client, client: 127.0.0.1". What am i doing wrong? Thanks, Ashish From nbubingo at gmail.com Tue Apr 10 05:17:17 2012 From: nbubingo at gmail.com (=?GB2312?B?0qbOsLHz?=) Date: Tue, 10 Apr 2012 13:17:17 +0800 Subject: Program hangs when modifying u->buffer while using proxy module to talk to upstream backend In-Reply-To: References: Message-ID: see the fastcgi module as an example 2012/4/10 Ashish S : > Hi, > > I currently use upstream to talk to a back-end, which sends me some > response. In my module, i am trying to re-format the plain-text > upstream backend response, to XML, and I also add some new data to it, > based on an in-memory lookup within my module. ?What would be the best > way to do this? > > In my setup, I am able to parse response from upstream (u->buffer), > construct a modified string and assign it back to u->buffer, and am I > setting ?u->headers_in.content_length_n and > r->headers_out.content_length_n correctly. The issue i face is, every > *second* request hangs, if i am trying the request through the > browser. (However, trying through command-line & curl, works > everytime). And I always see this error message in the logs: "client > prematurely closed connection, so upstream connection is closed too > while sending to client, client: 127.0.0.1". ? What am i doing wrong? > > Thanks, > Ashish > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Tue Apr 10 07:47:12 2012 From: nginx-forum at nginx.us (zuckbin) Date: Tue, 10 Apr 2012 03:47:12 -0400 (EDT) Subject: serve static content on static domain In-Reply-To: References: Message-ID: <7b3d5fd92177e2f34fe20ec621a93193.NginxMailingListEnglish@forum.nginx.org> What is the server block ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225020,225098#msg-225098 From ne at vbart.ru Tue Apr 10 08:52:17 2012 From: ne at vbart.ru (Valentin V. Bartenev) Date: Tue, 10 Apr 2012 12:52:17 +0400 Subject: serve static content on static domain In-Reply-To: <7b3d5fd92177e2f34fe20ec621a93193.NginxMailingListEnglish@forum.nginx.org> References: <7b3d5fd92177e2f34fe20ec621a93193.NginxMailingListEnglish@forum.nginx.org> Message-ID: <201204101252.17233.ne@vbart.ru> On Tuesday 10 April 2012 11:47:12 zuckbin wrote: > What is the server block ? > http://nginx.org/r/server wbr, Valentin V. Bartenev From nginx-forum at nginx.us Tue Apr 10 10:07:40 2012 From: nginx-forum at nginx.us (sibsoft) Date: Tue, 10 Apr 2012 06:07:40 -0400 (EDT) Subject: MP4 - start time is out mp4 stts samples In-Reply-To: <5e238ac1a229e14931b6ea72c107997c.NginxMailingListEnglish@forum.nginx.org> References: <20111117050603.GA10385@nginx.com> <5e238ac1a229e14931b6ea72c107997c.NginxMailingListEnglish@forum.nginx.org> Message-ID: <9d8ab115b3e9176b7c4111e95478bbc7.NginxMailingListEnglish@forum.nginx.org> Dealing with this trouble again (nginx 1.0.12, 1.0.14): 2012/04/10 12:06:59 [alert] 22812#0: *1571 pread() read only 0 of 1048576 from "/var/www/cgi-bin/uploads/03/00364/z46j20qdp6gt" while sending mp4 to client, client: 95.131.10.226, server: gorillavid.com, request: "GET /mgobz2aj6gu4rqukwztlpbbrdqzwmtcoid2bk6t6xenwqd3fwvt6z3pyqy/video.mp4?start=1190.84 HTTP/1.1", host: "85.17.30.216:8182" 2012/04/10 12:07:00 [error] 22815#0: *1630 start time is out mp4 stts samples in "/var/www/cgi-bin/uploads/03/00001/k2hhvgyfdmmu", client: 86.18.83.8, server: gorillavid.com, request: "GET /mgobznkw5ku4tqukwyf3nfjxilouln5pl5abqotvftlq7rqggvegaydxva/video.flv?start=0 HTTP/1.1", host: "85.17.30.216:8182" I believe that I have this patch already applied: if (start_time < (uint64_t) count * duration) { start_sample += (ngx_uint_t) (start_time / duration); count -= start_sample; ngx_mp4_set_32value(entry->count, count); goto found; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,218451,225103#msg-225103 From nginx-forum at nginx.us Tue Apr 10 10:10:34 2012 From: nginx-forum at nginx.us (sibsoft) Date: Tue, 10 Apr 2012 06:10:34 -0400 (EDT) Subject: MP4 - start time is out mp4 stts samples In-Reply-To: <3c2ccb0e721cdc80d2dd4bf09ec014ea.NginxMailingListEnglish@forum.nginx.org> References: <3c2ccb0e721cdc80d2dd4bf09ec014ea.NginxMailingListEnglish@forum.nginx.org> Message-ID: Dealing with this trouble again (nginx 1.0.12, 1.0.14): 2012/04/10 12:06:59 [alert] 22812#0: *1571 pread() read only 0 of 1048576 from "/var/www/cgi-bin/uploads/03/00364/z46j20qdp6gt" while sending mp4 to client, client: ....., server: ....., request: "GET /mgobz2aj6gu4rqukwztlpbbrdqzwmtcoid2bk6t6xenwqd3fwvt6z3pyqy/video.mp4?start=1190.84 HTTP/1.1", host: "....." 2012/04/10 12:07:00 [error] 22815#0: *1630 start time is out mp4 stts samples in "/var/www/cgi-bin/uploads/03/00001/k2hhvgyfdmmu", client: ....., server: ....., request: "GET /mgobznkw5ku4tqukwyf3nfjxilouln5pl5abqotvftlq7rqggvegaydxva/video.flv?start=0 HTTP/1.1", host: "....." I believe that I have this patch already applied: if (start_time < (uint64_t) count * duration) { start_sample += (ngx_uint_t) (start_time / duration); count -= start_sample; ngx_mp4_set_32value(entry->count, count); goto found; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,218451,225104#msg-225104 From rajnesh.siwal at gmail.com Tue Apr 10 10:53:14 2012 From: rajnesh.siwal at gmail.com (Rajnesh Kumar Siwal) Date: Tue, 10 Apr 2012 16:23:14 +0530 Subject: KeepAlive Not Working as expected for a Reverse Proxy Scenario Message-ID: Hi, The KeepAlive Timeout is set to 2 hours, but we can see that the connections start terminating after a few minutes. The KeepAlive module does not seems to be behaving as expected. The connections are created on port :343. The configuration file nginx.conf is :- ------------------------------------------------------------------- user nginx; worker_processes 16; error_log /var/log/nginx/error.log info; pid /var/run/nginx.pid; events { #worker_connections 16192; #worker_connections 161920; worker_connections 40960; use epoll; multi_accept on; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 7200 7200; tcp_keepalive on; tcp_keepcnt 10; tcp_keepidle 3600; tcp_keepintvl 1m; #gzip on; # # The default server # server { listen 4443; server_name _; location /nginx_status { # copied from http://blog.kovyrin.net/2006/04/29/monitoring-nginx-with-rrdtool/ stub_status on; access_log off; } } server { listen 80; server_name _; # keepalive_timeout 7200 7200; #charset koi8-r; access_log logs/host.access.log main; location / { proxy_pass http://172.31.253.50:180/; include /etc/nginx/proxy.conf; } } server { listen 443 ssl; ssl on; ssl_verify_client on; server_name _; ssl_certificate /home/rsiwal/cps.chargepoint.net.crt; #ssl_client_certificate /etc/httpd/certs/ chargepoint.net/server/certs/cps.chargepoint.net.crt; ssl_client_certificate /home/rsiwal/chargepoint.net.crt; ssl_certificate_key /home/rsiwal/cps.chargepoint.net.pem; location / { proxy_pass http://172.31.253.50:1443/; include /etc/nginx/proxy.conf; } } server { listen 343 ssl; ssl on; ssl_verify_client on; server_name _; #ssl_session_cache shared:SSL:40m; # Works fine upto 15K ssl_session_cache shared:SSL:70m; #######ssl_session_timeout 5m; # ssl_session_timeout 120m; # tcp_keepalive on; tcp_keepcnt 10; tcp_keepidle 7200; tcp_keepintvl 1m; access_log logs/ssl-access.log main; error_log logs/ssl-error.log debug; keepalive_requests 10000; #keepalive_disable none sendfile on; tcp_nopush on; tcp_nodelay on; client_header_timeout 300; client_body_timeout 300; ssl_certificate /home/rsiwal/cps.chargepoint.net.crt; ssl_certificate_key /home/rsiwal/cps.chargepoint.net.pem; ssl_client_certificate /home/rsiwal/chargepoint.net.crt; location / { proxy_pass http://172.31.253.50:1343/; include /etc/nginx/proxy.conf; } } include /etc/nginx/conf.d/*.conf; } ----------------------------------------------------------------------------------------------------------------------------- Thanks in advance -- Regards, Rajnesh Kumar Siwal -------------- next part -------------- An HTML attachment was scrubbed... URL: From amoiz.shine at gmail.com Tue Apr 10 10:55:36 2012 From: amoiz.shine at gmail.com (Sharl.Jimh.Tsin) Date: Tue, 10 Apr 2012 18:55:36 +0800 Subject: [ANNOUNCE] Tengine-1.2.4 In-Reply-To: References:

Message-ID: sorry for those non-technical posts,maybe i should send him directly instead of mailing-list. BTW,is there any improvements of tengine on CGI? Best regards, Sharl.Jimh.Tsin (From China **Obviously Taiwan INCLUDED**) Using Gmail? Please read this important notice: http://www.fsf.org/campaigns/jstrap/gmail?10073. ? 2012?4?9? ??9:28???? ??? > Hello, > > Can you just focus on the technical problem? If you have any detail > question to ask, we are pleased to serve you. > > Thanks. > > 2012/4/5 Sharl.Jimh.Tsin : >> from your profile in LinkedIn website,i found that you are a student >> of HuaiYin Normal University.right? >> >> Best regards, >> Sharl.Jimh.Tsin (From China **Obviously Taiwan INCLUDED**) >> >> Using Gmail? Please read this important notice: >> http://www.fsf.org/campaigns/jstrap/gmail?10073. >> >> >> >> ? 2012?4?1? ??9:58?smallfish ??? >>> hah, perhaps just a joke. but nothing is impossable. :) >>> -- >>> blog: http://chenxiaoyu.org >>> >>> >>> >>> ? 2012?4?1? ??9:33?Sharl.Jimh.Tsin ??? >>>> >>>> are you sure that NOT a joke of April Fools' Day, like taolinux >>>> (http://code.taobao.org/p/taobao_linux_server/src/trunk/taolinux/) ? >>>> >>>> Best regards, >>>> Sharl.Jimh.Tsin (From China **Obviously Taiwan INCLUDED**) >>>> >>>> Using Gmail? Please read this important notice: >>>> http://www.fsf.org/campaigns/jstrap/gmail?10073. >>>> >>>> >>>> >>>> 2012/3/31 Joshua Zhu : >>>> > Hi folks! >>>> > >>>> > We're pleased to announce that Tengine-1.2.4 has been released. You can >>>> > either download the tar ball >>>> > from http://tengine.taobao.org/download/tengine-1.2.4.tar.gz , or >>>> > checkout >>>> > the code from https://github.com/taobao/tengine >>>> > >>>> > As this release, Tengine is based on Nginx-1.0.14. The highlight is a >>>> > brand >>>> > new 'user_agent' module which would be a good replacement for the >>>> > 'browser' >>>> > module in standard Nginx. It's more efficient and flexible than the >>>> > 'browser' module. Other changes include: >>>> > * Feature: added the 'log_escape' directive. >>>> > * Bugfix: fixed a bug in the limit_req module. >>>> > * Bugfix: fixed a bug in subrequest. >>>> > >>>> > Regards, >>>> > >>>> > -- >>>> > Joshua Zhu >>>> > Senior Software Engineer >>>> > Server Platforms Team at Taobao >>>> > >>>> > _______________________________________________ >>>> > nginx mailing list >>>> > nginx at nginx.org >>>> > http://mailman.nginx.org/mailman/listinfo/nginx >>>> >>>> _______________________________________________ >>>> nginx mailing list >>>> nginx at nginx.org >>>> http://mailman.nginx.org/mailman/listinfo/nginx >>> >>> >>> >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Tue Apr 10 11:16:04 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 10 Apr 2012 15:16:04 +0400 Subject: could not build the referers_hash In-Reply-To: References: <1333071717.2082.3.camel@portable-evil> <1333120642.2082.7.camel@portable-evil> <1333144207.2204.8.camel@portable-evil> Message-ID: <20120410111604.GO13466@mdounin.ru> Hello! On Mon, Apr 09, 2012 at 12:49:43PM -0700, Justin Dorfman wrote: > Our senior engineer figured how to fix it. > > What he did was edited this file: src/http/modules/ngx_http_referer_module.c > > and changed this line: > prev->referer_hash_bucket_size, 64); > > to: > prev->referer_hash_bucket_size, 128); > > Then recompiled nginx. > > Hope that helps someone in the future. There is configuration directive to adjust this, referer_hash_bucket_size. You don't need to edit the code. Maxim Dounin > > Regards, > > Justin Dorfman > > > > > On Fri, Mar 30, 2012 at 2:50 PM, Cliff Wells wrote: > > > On Fri, 2012-03-30 at 09:08 -0700, Justin Dorfman wrote: > > > Hey Cliff, > > > > > > > > > Here are the current values: > > > > > > > > > server_names_hash_max_size 65536; > > > server_names_hash_bucket_size 256; > > > > These are not the hashes you are looking for =) Your error message > > specified "you should increase referers_hash_bucket_size", indicating > > that it is currently 64. > > > > Regards, > > Cliff > > > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Tue Apr 10 12:13:38 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 10 Apr 2012 16:13:38 +0400 Subject: Program hangs when modifying u->buffer while using proxy module to talk to upstream backend In-Reply-To: References: Message-ID: <20120410121337.GR13466@mdounin.ru> Hello! On Mon, Apr 09, 2012 at 07:02:10PM -0700, Ashish S wrote: > Hi, > > I currently use upstream to talk to a back-end, which sends me some > response. In my module, i am trying to re-format the plain-text > upstream backend response, to XML, and I also add some new data to it, > based on an in-memory lookup within my module. What would be the best > way to do this? Unless you are working on custom protocol module, you may want to use filter module to re-format data instead. > In my setup, I am able to parse response from upstream (u->buffer), > construct a modified string and assign it back to u->buffer, and am I > setting u->headers_in.content_length_n and > r->headers_out.content_length_n correctly. The issue i face is, every > *second* request hangs, if i am trying the request through the > browser. (However, trying through command-line & curl, works > everytime). And I always see this error message in the logs: "client > prematurely closed connection, so upstream connection is closed too > while sending to client, client: 127.0.0.1". What am i doing wrong? It's hard to say anything without seeing the code, but most likely you fail to set u->length properly. See e.g. memcached module for a simple example of non-buffered protocol handler. Maxim Dounin From mdounin at mdounin.ru Tue Apr 10 13:03:03 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 10 Apr 2012 17:03:03 +0400 Subject: KeepAlive Not Working as expected for a Reverse Proxy Scenario In-Reply-To: References: Message-ID: <20120410130303.GT13466@mdounin.ru> Hello! On Tue, Apr 10, 2012 at 04:23:14PM +0530, Rajnesh Kumar Siwal wrote: > The KeepAlive Timeout is set to 2 hours, but we can see that the > connections start terminating after a few minutes. > The KeepAlive module does not seems to be behaving as expected. > The connections are created on port :343. > The configuration file nginx.conf is :- [...] > keepalive_timeout 7200 7200; How do you test? Note: many (most?) browsers won't keep connections open for such a long time and will close them after a minute or so. E.g. Chrome unconditionally closes connections after 5 minutes. Note well: nginx itself might close keepalive connections before timeout passes if it's short on worker_connections. Though I suppose you are hitting browsers behaviour instead. Maxim Dounin From ne at vbart.ru Tue Apr 10 13:03:14 2012 From: ne at vbart.ru (Valentin V. Bartenev) Date: Tue, 10 Apr 2012 17:03:14 +0400 Subject: KeepAlive Not Working as expected for a Reverse Proxy Scenario In-Reply-To: References: Message-ID: <201204101703.14125.ne@vbart.ru> On Tuesday 10 April 2012 14:53:14 Rajnesh Kumar Siwal wrote: > Hi, > > The KeepAlive Timeout is set to 2 hours, but we can see that the > connections start terminating after a few minutes. > The KeepAlive module does not seems to be behaving as expected. So, what's in the error log? Are you sure that the client doesn't close the connection? Some browsers actually do after a minute or few. [...] > tcp_keepalive on; > tcp_keepcnt 10; > tcp_keepidle 7200; > tcp_keepintvl 1m; There are no such directives in the official nginx distribution. But you can set SO_KEEPALIVE by parameter of the listen directive: listen 443 ssl so_keepalive=2h:1m:10; Please, take a look at the docs: http://nginx.org/r/listen wbr, Valentin V. Bartenev From mp3geek at gmail.com Tue Apr 10 13:53:08 2012 From: mp3geek at gmail.com (Ryan Brown) Date: Wed, 11 Apr 2012 01:53:08 +1200 Subject: could not build the referers_hash In-Reply-To: <20120410111604.GO13466@mdounin.ru> References: <1333071717.2082.3.camel@portable-evil> <1333120642.2082.7.camel@portable-evil> <1333144207.2204.8.camel@portable-evil> <20120410111604.GO13466@mdounin.ru> Message-ID: > There is configuration directive to adjust this, > referer_hash_bucket_size. ?You don't need to edit the code. > > Maxim Dounin I got caught by this bug too, Seems a bit strange why the defaults (if not set) complains that its not enough.. I can see why people edit the code directly. If 64 isn't clearly enough when referer_hash_bucket_size isn't set, why not just up the default to 128 to avoid this unnecessary complaint by nginx. From mdounin at mdounin.ru Tue Apr 10 14:05:00 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 10 Apr 2012 18:05:00 +0400 Subject: MP4 - start time is out mp4 stts samples In-Reply-To: <9d8ab115b3e9176b7c4111e95478bbc7.NginxMailingListEnglish@forum.nginx.org> References: <20111117050603.GA10385@nginx.com> <5e238ac1a229e14931b6ea72c107997c.NginxMailingListEnglish@forum.nginx.org> <9d8ab115b3e9176b7c4111e95478bbc7.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20120410140500.GV13466@mdounin.ru> Hello! On Tue, Apr 10, 2012 at 06:07:40AM -0400, sibsoft wrote: > Dealing with this trouble again (nginx 1.0.12, 1.0.14): > > 2012/04/10 12:06:59 [alert] 22812#0: *1571 pread() read only 0 of > 1048576 from "/var/www/cgi-bin/uploads/03/00364/z46j20qdp6gt" while > sending mp4 to client, client: 95.131.10.226, server: gorillavid.com, > request: "GET > /mgobz2aj6gu4rqukwztlpbbrdqzwmtcoid2bk6t6xenwqd3fwvt6z3pyqy/video.mp4?start=1190.84 > HTTP/1.1", host: "85.17.30.216:8182" The message suggests video.mp4 is corrupted (or just truncated). > 2012/04/10 12:07:00 [error] 22815#0: *1630 start time is out mp4 stts > samples in "/var/www/cgi-bin/uploads/03/00001/k2hhvgyfdmmu", client: > 86.18.83.8, server: gorillavid.com, request: "GET > /mgobznkw5ku4tqukwyf3nfjxilouln5pl5abqotvftlq7rqggvegaydxva/video.flv?start=0 > HTTP/1.1", host: "85.17.30.216:8182" The "video.flv" file isn't likely to be an mp4 file. You have to use flv module for flv pseudo-streaming, not mp4. http://nginx.org/r/flv Maxim Dounin From mdounin at mdounin.ru Tue Apr 10 14:44:28 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 10 Apr 2012 18:44:28 +0400 Subject: could not build the referers_hash In-Reply-To: References: <1333071717.2082.3.camel@portable-evil> <1333120642.2082.7.camel@portable-evil> <1333144207.2204.8.camel@portable-evil> <20120410111604.GO13466@mdounin.ru> Message-ID: <20120410144428.GW13466@mdounin.ru> Hello! On Wed, Apr 11, 2012 at 01:53:08AM +1200, Ryan Brown wrote: > > There is configuration directive to adjust this, > > referer_hash_bucket_size. ?You don't need to edit the code. > > > > Maxim Dounin > > I got caught by this bug too, > > Seems a bit strange why the defaults (if not set) complains that its > not enough.. I can see why people edit the code directly. > > If 64 isn't clearly enough when referer_hash_bucket_size isn't set, > why not just up the default to 128 to avoid this unnecessary complaint > by nginx. The default is enough in most cases. There are some specific situations (long values in hash, multiple colliding values) which trigger the message, and the message itself explains what to do (and we have the page at http://nginx.org/en/docs/hash.html which explains details). We might want to better (read: automatically) handle some situation like non-colliding long values, where the only sensible solution is to increase ..._hash_bucket_size, but this has nothing to do with defaults change. With any default one will be able to write a configuration which triggers the "could not build hash" message. Maxim Dounin From ashishs.dev at gmail.com Tue Apr 10 18:16:10 2012 From: ashishs.dev at gmail.com (Ashish S) Date: Tue, 10 Apr 2012 11:16:10 -0700 Subject: Program hangs when modifying u->buffer while using proxy module to talk to upstream backend In-Reply-To: <20120410121337.GR13466@mdounin.ru> References: <20120410121337.GR13466@mdounin.ru> Message-ID: Hi Maxim, Here is a simple test code i wrote, (for my process header method), which shows the same behavior. ============ ngx_int_t ngx_http_my_process_header(ngx_http_request_t *r) { ngx_http_upstream_t *u = r->upstream; std::string tmpString ("Test string"); ngx_memcpy(u->buffer.start, tmpString.c_str(), tmpString.length()); u->buffer.pos = u->buffer.start; u->buffer.last = u->buffer.pos + tmpString.length(); u->length = u->headers_in.content_length_n = tmpString.length(); r->headers_out.content_length_n = tmpString.length(); u->headers_in.status_n = NGX_HTTP_OK; u->state->status = NGX_HTTP_OK; return NGX_OK; } ============ Thanks, Ashish On Tue, Apr 10, 2012 at 5:13 AM, Maxim Dounin wrote: > Hello! > > On Mon, Apr 09, 2012 at 07:02:10PM -0700, Ashish S wrote: > >> Hi, >> >> I currently use upstream to talk to a back-end, which sends me some >> response. In my module, i am trying to re-format the plain-text >> upstream backend response, to XML, and I also add some new data to it, >> based on an in-memory lookup within my module. ?What would be the best >> way to do this? > > Unless you are working on custom protocol module, you may want to > use filter module to re-format data instead. > >> In my setup, I am able to parse response from upstream (u->buffer), >> construct a modified string and assign it back to u->buffer, and am I >> setting ?u->headers_in.content_length_n and >> r->headers_out.content_length_n correctly. The issue i face is, every >> *second* request hangs, if i am trying the request through the >> browser. (However, trying through command-line & curl, works >> everytime). And I always see this error message in the logs: "client >> prematurely closed connection, so upstream connection is closed too >> while sending to client, client: 127.0.0.1". ? What am i doing wrong? > > It's hard to say anything without seeing the code, but most likely > you fail to set u->length properly. ?See e.g. memcached module for > a simple example of non-buffered protocol handler. > > Maxim Dounin > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Tue Apr 10 20:03:50 2012 From: nginx-forum at nginx.us (spacerobot) Date: Tue, 10 Apr 2012 16:03:50 -0400 (EDT) Subject: Nginx returning 414 even when large_client_header_buffers is set In-Reply-To: <8b19edbb6b2d137c94eae907213f378f.NginxMailingListEnglish@forum.nginx.org> References: <8b19edbb6b2d137c94eae907213f378f.NginxMailingListEnglish@forum.nginx.org> Message-ID: It appears that no matter how big I set the value of large_client_header_buffers to be, nginx just doesn't care of the setting and still returns 414 on a long request. I tried to make it 16k, 32k, 256k, and 512k, etc and POSTing a request with 1.5k long URL returns 414. It works when I reduce the request URI length to about 1k, regardless of the large_client_header_buffers value as well. I also tried to set proxy_buffers to a large value and didn't help. Is there any other settings I need to look at to make the nginx box take longer request URI without returning 414? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225093,225135#msg-225135 From mdounin at mdounin.ru Tue Apr 10 20:09:56 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 11 Apr 2012 00:09:56 +0400 Subject: Nginx returning 414 even when large_client_header_buffers is set In-Reply-To: References: <8b19edbb6b2d137c94eae907213f378f.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20120410200956.GB13466@mdounin.ru> Hello! On Tue, Apr 10, 2012 at 04:03:50PM -0400, spacerobot wrote: > It appears that no matter how big I set the value of > large_client_header_buffers to be, nginx just doesn't care of the > setting and still returns 414 on a long request. > > I tried to make it 16k, 32k, 256k, and 512k, etc and POSTing a request > with 1.5k long URL returns 414. It works when I reduce the request URI > length to about 1k, regardless of the large_client_header_buffers value > as well. > > I also tried to set proxy_buffers to a large value and didn't help. > > Is there any other settings I need to look at to make the nginx box take > longer request URI without returning 414? Most likely you are trying to configure client_header_buffer_size/large_client_header_buffers in a pure virtual server{}. This won't work as request headers parsing happens before Host header is known (and virtual server is selected), hence parseing happens in a context of the default server for a listen socket. You have to configure client_header_buffer_size/large_client_header_buffers in a default server (or at http level). Maxim Dounin From nginx-forum at nginx.us Tue Apr 10 20:26:25 2012 From: nginx-forum at nginx.us (spacerobot) Date: Tue, 10 Apr 2012 16:26:25 -0400 (EDT) Subject: Nginx returning 414 even when large_client_header_buffers is set In-Reply-To: <20120410200956.GB13466@mdounin.ru> References: <20120410200956.GB13466@mdounin.ru> Message-ID: > Most likely you are trying to configure > client_header_buffer_size/large_client_header_buff > ers in a pure > virtual server{}. This won't work as request > headers parsing > happens before Host header is known (and virtual > server is > selected), hence parseing happens in a context of > the default > server for a listen socket. > > You have to configure > client_header_buffer_size/large_client_header_buff > ers > in a default server (or at http level). > I tried to set it in the http context of the main /etc/nginx/nginx.conf file: http { large_client_header_buffers 8 512k; ... include /etc/nginx/sites-enabled/*; } And my server contexts are defined in a conf file in sites-enabled. But large_client_header_buffers still appears to be ignored. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225093,225138#msg-225138 From massimo.ferrari at gmail.com Tue Apr 10 20:32:31 2012 From: massimo.ferrari at gmail.com (massimo ferrari) Date: Tue, 10 Apr 2012 22:32:31 +0200 Subject: Redis2_pass with : from $args fail [maxf3r] Message-ID: I'm trying to address several redis instances, dispatching it on a host:port basis (one single backend location) here part of my nginx.conf location ... location /redis_backend { internal; set_unescape_uri $verb $arg_verb; set_unescape_uri $key $arg_key; set_unescape_uri $r_host $arg_host; set_unescape_uri $r_port $arg_port; redis2_query $verb $key; redis2_pass $r_host:$r_port; } ... I call /redis_backend location from a lua like this: .... r_instance["redis_host"] = '127.0.0.1' r_instance["redis_port"] = '33001' .... local res = ngx.location.capture ( "/redis_backend", { args = { verb = r_verb, key = redis_key, host = r_instance["redis_host"], port = r_instance["redis_port"], } } ) ... in nginx error log (i use the openresty suite ngx_openresty/1.0.10.44), I got this error *2012/04/07 19:25:03 [error] 11715#0: *1 redis2: upstream "127.0.0.1:33001" not found, client: 127.0.0.1, server: ....* I'm sure redis instance is up&running. I'm able to connect to her via redis-cli or, simply setting redis2_pass 127.0.0.1:33001; ciao massimo -------------- next part -------------- An HTML attachment was scrubbed... URL: From ashishs.dev at gmail.com Tue Apr 10 21:03:09 2012 From: ashishs.dev at gmail.com (Ashish S) Date: Tue, 10 Apr 2012 14:03:09 -0700 Subject: Program hangs when modifying u->buffer while using proxy module to talk to upstream backend In-Reply-To: References: