From nginx-forum at nginx.us Sat Dec 1 07:53:39 2012 From: nginx-forum at nginx.us (mevans336) Date: Sat, 01 Dec 2012 02:53:39 -0500 Subject: Internal 503 Redirect Issues? In-Reply-To: <79FAC8AE-221E-405F-A6EF-1BEB637E05F9@gmail.com> References: <79FAC8AE-221E-405F-A6EF-1BEB637E05F9@gmail.com> Message-ID: <8325cca214a04c2aa0d3c3cf6c03446f.NginxMailingListEnglish@forum.nginx.org> Apparently, from what I gather, if a 503 is returned the browsers (Chrome/IE10 I've tested) don't parse css, even if they can access them. I've verified this by typing the direct URL to the CSS file hosted on Nginx. I'm positive my code (HTML/CSS) is right. So how does one redirect to a page hosted on Nginx acting as a reverse proxy when the backend servers are down, while preserving CSS? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,232655,233450#msg-233450 From zhuzhaoyuan at gmail.com Sat Dec 1 08:06:17 2012 From: zhuzhaoyuan at gmail.com (Joshua Zhu) Date: Sat, 1 Dec 2012 16:06:17 +0800 Subject: Post mortem of a HackerNews Launch & references to mistakes made with Nginx config In-Reply-To: References: Message-ID: Hi, On Fri, Nov 30, 2012 at 11:32 PM, Cherian Thomas wrote: > Hello family, > > I wrote about some of the mistakes I made while doing a HN launch for my > new startup Cucumbertown > > http://www.gigpeppers.com/post-mortem-of-a-failed-hackernews-launch/ > > It has references to Nginx and how making a simple mistake in config cost > me a server crash that lasted for 20-30 minutes. > > *Hope this will benefit some of the new Nginx users who are trying to > scale.* > > On the positive side, if not for Nginx we wouldn?t have lasted 10 minutes > of peak traffic at 1000 users/sec+. Besides that, this blog gigpeppers.com is > hosted on a 128MB single core prgrmr.com machine and has been serving > peak HackerNews front page traffic for almost 17 hours now, > thanks to Nginx. > > http://news.ycombinator.com/item?id=4847665 > > Thank you Igor, Maxim, Antonio, Velentin and all other for this software > marvel. > Nice post! I think you can use the sysguard module ( http://tengine.taobao.org/document/http_sysguard.html ) comes from Tengine. It can protect your server when load or memory use goes too high. We have taken it from Tengine as a separate Nginx module ( https://github.com/taobao/nginx-http-sysguard ). Hope it helps. BTW, the sysguard module played a very important role in the 24-hour rush when Taobao conducted $3.06 billion USD of business ( http://westiseast.co.uk/blog/taobao-sales-19-billion-bonanza/ ). Regards, -- Joshua Zhu Senior Software Engineer Server Platforms Team at Taobao -------------- next part -------------- An HTML attachment was scrubbed... URL: From dredfunk at gmail.com Sat Dec 1 14:26:41 2012 From: dredfunk at gmail.com (dredfunk at gmail.com) Date: Sat, 1 Dec 2012 16:26:41 +0200 Subject: Limit access to files in cgi-bin Message-ID: Hello, I have a configuration file located at (example) http://domain.com:82/cgi-bin/xxx.pm that can be accessed by anyone if they know the address/file location. Is there a way to limit access to this location from outside the server? I mean so no one can access it if they go to that url? I tried with rewrite but my main server must communicate with this file located in cgi-bin and when rewrite is enabled the main server can't communicate with that file either. Please advise. Thank you! -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at jpluscplusm.com Sat Dec 1 15:28:19 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Sat, 1 Dec 2012 15:28:19 +0000 Subject: Limit access to files in cgi-bin In-Reply-To: References: Message-ID: On 1 December 2012 14:26, dredfunk at gmail.com wrote: > Hello, > > I have a configuration file located at (example) > http://domain.com:82/cgi-bin/xxx.pm that can be accessed by anyone if they > know the address/file location. Is there a way to limit access to this > location from outside the server? I mean so no one can access it if they go > to that url? > > I tried with rewrite but my main server must communicate with this file > located in cgi-bin and when rewrite is enabled the main server can't > communicate with that file either. Please advise. You could look at http://nginx.org/r/internal or, if that doesn't quite fit the bill, http://wiki.nginx.org/HttpAccessModule HTH, Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From nginx-forum at nginx.us Sat Dec 1 23:48:52 2012 From: nginx-forum at nginx.us (spdyg) Date: Sat, 01 Dec 2012 18:48:52 -0500 Subject: SPDY + proxy cache = occasional 499 errors Message-ID: <0b3c74c09413c46706cc40cdb8bf273b.NginxMailingListEnglish@forum.nginx.org> Hi there, I have been piloting the SPDY patch on a separate web server pointing to an existing HTTP backend. With just myself using this pilot web server, occasionally static resources such as css or images are not loading in Firefox (usually when pressing F5 to reload a page) Have done a bit of digging and have learnt this so far: When issue occurs in Firefox, access log is showing 499 errors for the missing static resources (when it should be 304) Refreshing the page will eventually load the resources (and they will show 304 in the access log) If I turn off the proxy cache for these static resources, the issue stops If I turn off SPDY, the issue stops. The issue obviously doesn't occur on the production web server running Nginx 1.2.x Has this been seen before, or can you think of any reason why this might happen? I don't normally use Chrome but have also witnessed this once in Chrome, so I don't think it's browser specific (however will try to get more confidence of this). Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233461,233461#msg-233461 From nginx-forum at nginx.us Sat Dec 1 23:53:33 2012 From: nginx-forum at nginx.us (jen123) Date: Sat, 01 Dec 2012 18:53:33 -0500 Subject: Beginner user WHM/Cpanel/PhpMysql knowledge only Message-ID: Hi all, I have a project that I think Nginx might be good for. I am building a car sales website in joomla. (joomla is a php/Mysql based cms). The content, car listings is not stored in the database but served externally via an api so there is no real search heavy lifting on the front end joomla site (eg im not storing 200 000 listings in the mysql db as content items). There is however a lot of content, images etc and listing content can be cached as well. Im curious about nginx because im dedicated to making this site the fastest and easiest to use, but it also needs to handle high volumes of traffic - eg if we get some good press and our traffic explodes, the server needs to be able to handle it. By explode I mean a few hundred requests a second. My server admin experience is basic ssh, WHM/Cpanel/Phpmyadmin - is there a similar setup for nginx in terms of creating hosting accounts on the server, setting up zone files, email addresses, mysql users, db's etc? And what about security? Is there a mod_security or similar? Finally, what about caching etc? Is there a mod_pagespeed? Perhaps just some simple guides or links to how nginx handles the above instead of apache? Thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233462,233462#msg-233462 From jamiedolan at gmail.com Sun Dec 2 01:23:32 2012 From: jamiedolan at gmail.com (Jamie Dolan) Date: Sat, 1 Dec 2012 19:23:32 -0600 Subject: Beginner user WHM/Cpanel/PhpMysql knowledge only In-Reply-To: References: Message-ID: > Im curious about nginx because im dedicated to making this site the fastest > and easiest to use, but it also needs to handle high volumes of traffic - > eg > if we get some good press and our traffic explodes, the server needs to be able to handle it. By explode I mean a few hundred requests a second. > If your really going to get that level of traffic you probably don't want this running on a cpanel box(s), due to the cpanel overhead. Cpanel is very useful when you need to support hosting space for clients or need a very easy setup. My server admin experience is basic ssh, WHM/Cpanel/Phpmyadmin - is there a > similar setup for nginx in terms of creating hosting accounts on the > server, > setting up zone files, email addresses, mysql users, db's etc? > A third party maintains a plugin for Nginx that works with Cpanel: http://nginxcp.com > And what about security? Is there a mod_security or similar? > The Cpanel & Nginxcp setup is very easy and the author of nginxcp seems to keep it up to date from what i've seen. If your site grows beyond that you may want to think about hiring someone to help you or getting setup with managed hosting. Jamie -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Sun Dec 2 01:29:25 2012 From: nginx-forum at nginx.us (jen123) Date: Sat, 01 Dec 2012 20:29:25 -0500 Subject: Beginner user WHM/Cpanel/PhpMysql knowledge only In-Reply-To: References: Message-ID: Hi thanks for the fast reply. By WHM/Cpanel/PHPMyadmin I meant to say I am used to these tools for various tasks, but i certainly dont need them if there is a better way. Its not a requirement and I am trying to get away from these to reduce overhead I am just used to the nice Gui's etc they provide for tasks. I have no idea for instance on how to create a db, username, pw, permissions etc in a db without cpanel. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233462,233464#msg-233464 From jamiedolan at gmail.com Sun Dec 2 01:39:48 2012 From: jamiedolan at gmail.com (Jamie Dolan) Date: Sat, 1 Dec 2012 19:39:48 -0600 Subject: Beginner user WHM/Cpanel/PhpMysql knowledge only In-Reply-To: References: Message-ID: > I have no idea for instance on how to create a db, username, pw, > permissions > etc in a db without cpanel. > You will have a lot to learn if you want to do this manually. The good thing is most of this is well documented on the Internet, but will take you time to learn. You might want to look for a system admin group or support forum as this list is focused just on Nginx and not the other server software. You can read the doc on Nginx here: http://nginx.org/en/docs/ There are some install guides on this site that may also be helpful to you: http://library.linode.com/web-servers/nginx/installation Jamie -------------- next part -------------- An HTML attachment was scrubbed... URL: From bpaquet at octo.com Sun Dec 2 11:15:03 2012 From: bpaquet at octo.com (Bertrand Paquet) Date: Sun, 2 Dec 2012 12:15:03 +0100 Subject: ngx_cpuinfo / kvm & qemu / ngx_cacheline_size Message-ID: Hi, I have virtual machine running on qemu / kvm. cat /proc/cpuinfo give : processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 2 model name : QEMU Virtual CPU version 1.1.2 stepping : 3 microcode : 0x1 cpu MHz : 1999.999 cache size : 4096 KB fpu : yes fpu_exception : yes cpuid level : 4 wp : yes flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm up rep_good nopl pni cx16 popcnt hypervisor lahf_lm bogomips : 3999.99 clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: the code in ngx_cpuinfo use the model value (2), and set the ngx_cacheline_size to 32, instead of 64 given by cache_alignment in /proc/cpuinfo. On same host using vmware virtualization, /proc/cpuinfo give a model of 45, ngx_cacheline_size is set to 64. I think I can have low performances problems due to the ngx_cacheline_size of 32 under qemu virtualization. Do you confirm ? Do you think we have to change ngx_cpuinfo code to give ngx_cacheline_size 64 on qemu env ? Regards, Bertrand -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Mon Dec 3 00:08:55 2012 From: nginx-forum at nginx.us (adambenayoun) Date: Sun, 02 Dec 2012 19:08:55 -0500 Subject: Removing index.php from url Message-ID: <39c5525712de892a3c54f9b810c6e697.NginxMailingListEnglish@forum.nginx.org> Hey all, I have a server with nginx 1.2.5 and php-fpm 5.3.3 installed. I have a web application built on top of zend framework and the routing passes everything thru a index.php file. So while http://www.domain.com/contact works - http://www.domain.com/index.php/contact will fetch the same content aswell and I'd like to get rid of it for SEO purpose. Here's my configuration - right now there's a if statement that takes care of removing the index.php however I know that if is evil and therefore shouldn't be used. On top of that the only instance that won't work well is http://www.domain.com/index.php which in this case instead of redirecting to www.domain.com will just display a blank page with a 301 status code. On top of that - if you guys spot any problem with my config - I'd love to hear what I am doing wrong and what can be improved. server { listen *:80; server_name domain.com; return 301 $scheme://www.domain.com$request_uri; } server { listen 80; listen 443 ssl; server_name www.domain.com; ssl_certificate /etc/nginx/certs/www.domain.com.crt; ssl_certificate_key /etc/nginx/certs/www.domain.com.key; error_log /var/www/domain/logs/error_log warn; root /var/www/domain/html/http; index index.php; client_max_body_size 150m; error_page 403 404 http://www.domain.com/notfound; if ( $request_uri ~ "^/index.php" ) { rewrite ^/index.php(.*) $1 permanent; } location / { rewrite ^/wanted/feed$ /feed?filter=wanted permanent; try_files $uri $uri/ /index.php?$args; } location /min { try_files $uri $uri/ /min/index.php?q=; } location /blog { try_files $uri $uri/ /blog/index.php?q=$1; } location /apc { try_files $uri $uri/ /apc.php$args; } location ~ \.php { include /etc/nginx/fastcgi_params; fastcgi_param HTTPS $https if_not_empty; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param SERVER_NAME $http_host; fastcgi_pass 127.0.0.1:9000; } location ~* ^.+\.(ht|svn|git)$ { deny all; } # Static files location location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ { expires max; } } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233476,233476#msg-233476 From edho at myconan.net Mon Dec 3 02:00:09 2012 From: edho at myconan.net (Edho Arief) Date: Mon, 3 Dec 2012 09:00:09 +0700 Subject: Removing index.php from url In-Reply-To: <39c5525712de892a3c54f9b810c6e697.NginxMailingListEnglish@forum.nginx.org> References: <39c5525712de892a3c54f9b810c6e697.NginxMailingListEnglish@forum.nginx.org> Message-ID: 2012/12/03 7:09 "adambenayoun" : > > Hey all, > I have a server with nginx 1.2.5 and php-fpm 5.3.3 installed. I have a web > application built on top of zend framework and the routing passes everything > thru a index.php file. > So while http://www.domain.com/contact works - > http://www.domain.com/index.php/contact will fetch the same content aswell > and I'd like to get rid of it for SEO purpose. > > Here's my configuration - right now there's a if statement that takes care > of removing the index.php however I know that if is evil and therefore > shouldn't be used. On top of that the only instance that won't work well is > http://www.domain.com/index.php which in this case instead of redirecting to > www.domain.com will just display a blank page with a 301 status code. > location = /index.php { return 301 /; } location ~ ^/index\.php(/.*) { return 301 $1; } Note that the $1 may or may not work as I never tested that. > On top of that - if you guys spot any problem with my config - I'd love to > hear what I am doing wrong and what can be improved. > > > server { > listen *:80; > server_name domain.com; > return 301 $scheme://www.domain.com$request_uri; > } > server { > listen 80; > listen 443 ssl; > server_name www.domain.com; > ssl_certificate /etc/nginx/certs/www.domain.com.crt; > ssl_certificate_key /etc/nginx/certs/www.domain.com.key; > error_log /var/www/domain/logs/error_log warn; > root /var/www/domain/html/http; > index index.php; > client_max_body_size 150m; > error_page 403 404 http://www.domain.com/notfound; > > if ( $request_uri ~ "^/index.php" ) { > rewrite ^/index.php(.*) $1 permanent; > } > location / { > rewrite ^/wanted/feed$ /feed?filter=wanted permanent; > try_files $uri $uri/ /index.php?$args; > } > location /min { > try_files $uri $uri/ /min/index.php?q=; > } > location /blog { > try_files $uri $uri/ /blog/index.php?q=$1; > } > location /apc { > try_files $uri $uri/ /apc.php$args; > } > location ~ \.php { > include /etc/nginx/fastcgi_params; > fastcgi_param HTTPS $https if_not_empty; > fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; > fastcgi_param PATH_INFO $fastcgi_script_name; > fastcgi_param SERVER_NAME $http_host; > fastcgi_pass 127.0.0.1:9000; > } > location ~* ^.+\.(ht|svn|git)$ { > deny all; > } > > # Static files location > location ~* > ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ > { > expires max; > } > } > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233476,233476#msg-233476 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Mon Dec 3 13:06:45 2012 From: nginx-forum at nginx.us (xrfang) Date: Mon, 03 Dec 2012 08:06:45 -0500 Subject: slowfs cache Message-ID: <5c11357a1c4fac3b3fcbef837f50a4db.NginxMailingListEnglish@forum.nginx.org> hi, anyone using/tried slowfs_cache? http://labs.frickle.com/nginx_ngx_slowfs_cache/ If I have a machine with big memory, e.g. 128G or more, is it useful to create a ramdisk and use slowfs cache? or I can just rely on linux VFS to reduce disk i/o? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233496,233496#msg-233496 From vbart at nginx.com Mon Dec 3 13:14:05 2012 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 3 Dec 2012 17:14:05 +0400 Subject: SPDY + proxy cache = occasional 499 errors In-Reply-To: <0b3c74c09413c46706cc40cdb8bf273b.NginxMailingListEnglish@forum.nginx.org> References: <0b3c74c09413c46706cc40cdb8bf273b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <201212031714.05331.vbart@nginx.com> On Sunday 02 December 2012 03:48:52 spdyg wrote: > Hi there, > > I have been piloting the SPDY patch on a separate web server pointing to an > existing HTTP backend. > > With just myself using this pilot web server, occasionally static resources > such as css or images are not loading in Firefox (usually when pressing F5 > to reload a page) > > Have done a bit of digging and have learnt this so far: > > When issue occurs in Firefox, access log is showing 499 errors for the > missing static resources (when it should be 304) > Refreshing the page will eventually load the resources (and they will show > 304 in the access log) > If I turn off the proxy cache for these static resources, the issue stops > If I turn off SPDY, the issue stops. > The issue obviously doesn't occur on the production web server running > Nginx 1.2.x > > Has this been seen before, or can you think of any reason why this might > happen? > [...] Thank you for testing. There is a reason for this in current spdy implementation. I'm working on it. wbr, Valentin V. Bartenev -- http://nginx.com/support.html http://nginx.org/en/donation.html From mdounin at mdounin.ru Mon Dec 3 13:55:34 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 3 Dec 2012 17:55:34 +0400 Subject: ngx_cpuinfo / kvm & qemu / ngx_cacheline_size In-Reply-To: References: Message-ID: <20121203135533.GW40452@mdounin.ru> Hello! On Sun, Dec 02, 2012 at 12:15:03PM +0100, Bertrand Paquet wrote: > Hi, > > I have virtual machine running on qemu / kvm. > > cat /proc/cpuinfo give : > processor : 0 > vendor_id : GenuineIntel > cpu family : 6 > model : 2 > model name : QEMU Virtual CPU version 1.1.2 > stepping : 3 > microcode : 0x1 > cpu MHz : 1999.999 > cache size : 4096 KB > fpu : yes > fpu_exception : yes > cpuid level : 4 > wp : yes > flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 > clflush mmx fxsr sse sse2 syscall nx lm up rep_good nopl pni cx16 popcnt > hypervisor lahf_lm > bogomips : 3999.99 > clflush size : 64 > cache_alignment : 64 > address sizes : 40 bits physical, 48 bits virtual > power management: > > the code in ngx_cpuinfo use the model value (2), and set > the ngx_cacheline_size to 32, instead of 64 given by cache_alignment in > /proc/cpuinfo. > > On same host using vmware virtualization, /proc/cpuinfo give a model of 45, > ngx_cacheline_size is set to 64. > > I think I can have low performances problems due to the ngx_cacheline_size > of 32 under qemu virtualization. Do you confirm ? > > Do you think we have to change ngx_cpuinfo code to give ngx_cacheline_size > 64 on qemu env ? Incorrectly detected cache line size may result in slightly non-optimal performance in some situations (I wouldn't suppose 32 vs 64 to result in more than a few percent difference in real word nginx operation though, even on real hardware). On the other hand, using virtualization ensures non-optimal performance in all situations, so one using virtualization probably don't care anyway. (In any case there are no plans to change Intel CPUs cache line size detection code to support fake emulated qemu CPUs. In particular because it's not possible to tell which cache line size is more effective for a given emulated CPU. It's up to you to configure qemu to emulate a CPU with a cache line size most effective on your hardware if you think you care.) -- Maxim Dounin http://nginx.com/support.html From smallfish.xy at gmail.com Mon Dec 3 14:43:49 2012 From: smallfish.xy at gmail.com (smallfish) Date: Mon, 3 Dec 2012 22:43:49 +0800 Subject: login wiki.nginx.org failed? Message-ID: login in the wiki failed. And i "reset password", use new password also login failed. What's happend? Thanks. -- smallfish http://chenxiaoyu.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From bpaquet at octo.com Mon Dec 3 15:05:47 2012 From: bpaquet at octo.com (Bertrand Paquet) Date: Mon, 3 Dec 2012 16:05:47 +0100 Subject: ngx_cpuinfo / kvm & qemu / ngx_cacheline_size In-Reply-To: <20121203135533.GW40452@mdounin.ru> References: <20121203135533.GW40452@mdounin.ru> Message-ID: Ok, thx you for answering. Regards, Bertrand On Mon, Dec 3, 2012 at 2:55 PM, Maxim Dounin wrote: > Hello! > > On Sun, Dec 02, 2012 at 12:15:03PM +0100, Bertrand Paquet wrote: > > > Hi, > > > > I have virtual machine running on qemu / kvm. > > > > cat /proc/cpuinfo give : > > processor : 0 > > vendor_id : GenuineIntel > > cpu family : 6 > > model : 2 > > model name : QEMU Virtual CPU version 1.1.2 > > stepping : 3 > > microcode : 0x1 > > cpu MHz : 1999.999 > > cache size : 4096 KB > > fpu : yes > > fpu_exception : yes > > cpuid level : 4 > > wp : yes > > flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 > > clflush mmx fxsr sse sse2 syscall nx lm up rep_good nopl pni cx16 popcnt > > hypervisor lahf_lm > > bogomips : 3999.99 > > clflush size : 64 > > cache_alignment : 64 > > address sizes : 40 bits physical, 48 bits virtual > > power management: > > > > the code in ngx_cpuinfo use the model value (2), and set > > the ngx_cacheline_size to 32, instead of 64 given by cache_alignment in > > /proc/cpuinfo. > > > > On same host using vmware virtualization, /proc/cpuinfo give a model of > 45, > > ngx_cacheline_size is set to 64. > > > > I think I can have low performances problems due to the > ngx_cacheline_size > > of 32 under qemu virtualization. Do you confirm ? > > > > Do you think we have to change ngx_cpuinfo code to give > ngx_cacheline_size > > 64 on qemu env ? > > Incorrectly detected cache line size may result in slightly > non-optimal performance in some situations (I wouldn't suppose 32 > vs 64 to result in more than a few percent difference in real word > nginx operation though, even on real hardware). On the other > hand, using virtualization ensures non-optimal performance in all > situations, so one using virtualization probably don't care > anyway. > > (In any case there are no plans to change Intel CPUs cache line > size detection code to support fake emulated qemu CPUs. In > particular because it's not possible to tell which cache line size > is more effective for a given emulated CPU. It's up to you to > configure qemu to emulate a CPU with a cache line size most > effective on your hardware if you think you care.) > > -- > Maxim Dounin > http://nginx.com/support.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Mon Dec 3 20:08:09 2012 From: nginx-forum at nginx.us (Gallitin) Date: Mon, 03 Dec 2012 15:08:09 -0500 Subject: connect() failed (111: Connection refused) while connecting to upstream Message-ID: Can't figure out why I keep getting 502 bad gateway nginx error. Here is the error from nginx error log. 2012/12/03 19:30:21 [error] 20650#0: *939328 connect() failed (111: Connection refused) while connecting to upstream, client: 70.94.18.35, server: demo.domain.com, request: "GET /assets/js/msgFBmodal.js HTTP/1.1", upstream: "http://108.166.94.94:7080/assets/js/msgFBmodal.js", host: "demo.domain.com", referrer: "http://demo.domain.com/register/user_profile" I'm on a rackspace cloud sever, centos. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233519,233519#msg-233519 From contact at jpluscplusm.com Mon Dec 3 20:18:51 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Mon, 3 Dec 2012 20:18:51 +0000 Subject: connect() failed (111: Connection refused) while connecting to upstream In-Reply-To: References: Message-ID: On 3 December 2012 20:08, Gallitin wrote: > Can't figure out why I keep getting 502 bad gateway nginx error. Here is the > error from nginx error log. > > 2012/12/03 19:30:21 [error] 20650#0: *939328 connect() failed (111: > Connection refused) while connecting to upstream, client: 70.94.18.35, > server: demo.domain.com, request: "GET /assets/js/msgFBmodal.js HTTP/1.1", > upstream: "http://108.166.94.94:7080/assets/js/msgFBmodal.js", host: > "demo.domain.com", referrer: "http://demo.domain.com/register/user_profile" The error message of "Connection refused" would seem to be pretty self-explanatory ... :-) What about it is surprising you? J -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From nginx-forum at nginx.us Mon Dec 3 20:20:56 2012 From: nginx-forum at nginx.us (Gallitin) Date: Mon, 03 Dec 2012 15:20:56 -0500 Subject: connect() failed (111: Connection refused) while connecting to upstream In-Reply-To: References: Message-ID: I didn't understand why it's refused? Where can I see why it was refused? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233519,233522#msg-233522 From francis at daoine.org Mon Dec 3 20:21:56 2012 From: francis at daoine.org (Francis Daly) Date: Mon, 3 Dec 2012 20:21:56 +0000 Subject: connect() failed (111: Connection refused) while connecting to upstream In-Reply-To: References: Message-ID: <20121203202156.GA18139@craic.sysops.org> On Mon, Dec 03, 2012 at 03:08:09PM -0500, Gallitin wrote: Hi there, > Can't figure out why I keep getting 502 bad gateway nginx error. Can your nginx access the server you have configured it to? > 2012/12/03 19:30:21 [error] 20650#0: *939328 connect() failed (111: > Connection refused) while connecting to upstream, client: 70.94.18.35, > server: demo.domain.com, request: "GET /assets/js/msgFBmodal.js HTTP/1.1", > upstream: "http://108.166.94.94:7080/assets/js/msgFBmodal.js", host: > "demo.domain.com", referrer: "http://demo.domain.com/register/user_profile" What do you get when you do curl -i http://108.166.94.94:7080/assets/js/msgFBmodal.js from the nginx server? (That's not exactly the same as nginx would do, but the error message should be instructive.) f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Mon Dec 3 20:29:19 2012 From: nginx-forum at nginx.us (Gallitin) Date: Mon, 03 Dec 2012 15:29:19 -0500 Subject: connect() failed (111: Connection refused) while connecting to upstream In-Reply-To: <20121203202156.GA18139@craic.sysops.org> References: <20121203202156.GA18139@craic.sysops.org> Message-ID: <637cadb73692aae4134fb7fe6c75fb9f.NginxMailingListEnglish@forum.nginx.org> Via SSH? Yes I can do this. When I do that it says HTTP/1.1 404 Not Found Date: Mon, 03 Dec 2012 20:28:35 GMT Server: Apache Content-Length: 286 Connection: close Content-Type: text/html; charset=iso-8859-1 404 Not Found

Not Found

The requested URL /assets/js/msgFBmodal.js was not found on this server.

Apache Server at 108.166.94.94 Port 7080
No if I do: curl -i http://domain.com/assets/js/msgFBmodal.js It returns the page code from that file. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233519,233524#msg-233524 From francis at daoine.org Mon Dec 3 20:44:44 2012 From: francis at daoine.org (Francis Daly) Date: Mon, 3 Dec 2012 20:44:44 +0000 Subject: connect() failed (111: Connection refused) while connecting to upstream In-Reply-To: <637cadb73692aae4134fb7fe6c75fb9f.NginxMailingListEnglish@forum.nginx.org> References: <20121203202156.GA18139@craic.sysops.org> <637cadb73692aae4134fb7fe6c75fb9f.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121203204444.GB18139@craic.sysops.org> On Mon, Dec 03, 2012 at 03:29:19PM -0500, Gallitin wrote: Hi there, > Via SSH? Yes I can do this. Yes, so long as you are running curl on the same machine that nginx is running on, it should be a valid network test. > When I do that it says > > > HTTP/1.1 404 Not Found >
Apache Server at 108.166.94.94 Port 7080
Ok, that suggests that there is a listener on the host:port that nginx is trying to access. If you add "-H Host:demo.domain.com " to the curl command (just after "-i "), you will more closely mimic what nginx should be doing -- that might show you the correct content. > No if I do: > curl -i http://domain.com/assets/js/msgFBmodal.js > > It returns the page code from that file. I'm unsure what you mean here. If it is "now it is all working", then that's good and the most likely reason for the problem was that apache was not running, or was firewalled, when you first tested and that has now been fixed. If it is "here is a similar thing that is working, but my test case is not", then can you provide enough of the nginx.conf to allow the test be reproduced? Probably, that will be just the location{} block that has the proxy_pass that is used in the request, plus the relevant upstream{} definition if there is one, plus whatever config is in that server{} but outside all location{}s. (Or just include the whole nginx config.) Cheers, f -- Francis Daly francis at daoine.org From francis at daoine.org Mon Dec 3 21:11:29 2012 From: francis at daoine.org (Francis Daly) Date: Mon, 3 Dec 2012 21:11:29 +0000 Subject: Removing index.php from url In-Reply-To: <39c5525712de892a3c54f9b810c6e697.NginxMailingListEnglish@forum.nginx.org> References: <39c5525712de892a3c54f9b810c6e697.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121203211129.GC18139@craic.sysops.org> On Sun, Dec 02, 2012 at 07:08:55PM -0500, adambenayoun wrote: Hi there, I don't have a direct answer to your questions, but there is something I'd like to comment on... > So while http://www.domain.com/contact works - > http://www.domain.com/index.php/contact will fetch the same content aswell > and I'd like to get rid of it for SEO purpose. "get rid of" means: if a request comes in for /index.php/anything, it should be permanently redirected to /anything. > right now there's a if statement that takes care > of removing the index.php however I know that if is evil and therefore > shouldn't be used. Here's the thing: why do you believe that? It seems to be a reasonably common belief. The wiki page about it, http://wiki.nginx.org/IfIsEvil, has as its first line: "Directive if has problems when used in location context". You're not using it in location context, so you should be fine. Outside of location context, I don't think it counts as any more evil than any of the rewrite module directives. Anyway: on to the questions... > On top of that the only instance that won't work well is > http://www.domain.com/index.php which in this case instead of redirecting to > www.domain.com will just display a blank page with a 301 status code. So: what do you want to happen when someone requests /index.php without an immediately-following / ? Just process the page, or redirect to / ? http://nginx.org/r/location for the details, but you can use "location = /" or "location = /index.php" to handle the "exact" case (which can involve fastcgi_pass and the like); then "location ^~ /index.php/" for everything that should be redirected to "no index.php" (possibly with a map (http://nginx.org/r/map) to find the thing to redirect to); and then the rest stays as it is. > On top of that - if you guys spot any problem with my config - I'd love to > hear what I am doing wrong and what can be improved. > error_page 403 404 http://www.domain.com/notfound; That bit possibly does not do what you want. > if ( $request_uri ~ "^/index.php" ) { > rewrite ^/index.php(.*) $1 permanent; > } With the pure-location setup, that bit becomes unnecessary. > location /min { > try_files $uri $uri/ /min/index.php?q=; No $args there. > location /blog { > try_files $uri $uri/ /blog/index.php?q=$1; It's not obvious what $1 is set to there. > location /apc { > try_files $uri $uri/ /apc.php$args; No ? there. Each of those may or may not do what you want. If they work, that's fine. > location ~ \.php { > location ~* ^.+\.(ht|svn|git)$ { > location ~* An occasional suggestion on the list is to avoid top-level regex match locations, for ease of reading/scalability reasons. If you choose to follow that suggestion, those would need to be rewritten. It may not be worth you following that suggestion, depending on how your files are organised. Cheers, f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Mon Dec 3 21:32:04 2012 From: nginx-forum at nginx.us (Gallitin) Date: Mon, 03 Dec 2012 16:32:04 -0500 Subject: connect() failed (111: Connection refused) while connecting to upstream In-Reply-To: <20121203204444.GB18139@craic.sysops.org> References: <20121203204444.GB18139@craic.sysops.org> Message-ID: <7865fa531f03ad82c9dcd2df8436547e.NginxMailingListEnglish@forum.nginx.org> Sorry for the grammar error. If I do curl -i http://domain.com/assets/js/msgFBmodal.js it returns the code from the msgFBmodal.js page. Yet if I hit the page via browser I still receive the gateway error. The nginx.conf file is: #user nginx; worker_processes 1; #error_log /var/log/nginx/error.log; #error_log /var/log/nginx/error.log notice; #error_log /var/log/nginx/error.log info; #pid /var/run/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; #log_format main '$remote_addr - $remote_user [$time_local] "$request" ' # '$status $body_bytes_sent "$http_referer" ' # '"$http_user_agent" "$http_x_forwarded_for"'; "nginx.conf" 40L, 847C Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233519,233527#msg-233527 From vbart at nginx.com Mon Dec 3 21:54:11 2012 From: vbart at nginx.com (Valentin V. Bartenev) Date: Tue, 4 Dec 2012 01:54:11 +0400 Subject: connect() failed (111: Connection refused) while connecting to upstream In-Reply-To: <7865fa531f03ad82c9dcd2df8436547e.NginxMailingListEnglish@forum.nginx.org> References: <20121203204444.GB18139@craic.sysops.org> <7865fa531f03ad82c9dcd2df8436547e.NginxMailingListEnglish@forum.nginx.org> Message-ID: <201212040154.11246.vbart@nginx.com> On Tuesday 04 December 2012 01:32:04 Gallitin wrote: > Sorry for the grammar error. > > If I do curl -i http://domain.com/assets/js/msgFBmodal.js > it returns the code from the msgFBmodal.js page. Yet if I hit the page via > browser I still receive the gateway error. [...] You should clear your browser's cache. wbr, Valentin V. Bartenev -- http://nginx.com/support.html http://nginx.org/en/donation.html From nginx-forum at nginx.us Mon Dec 3 21:56:03 2012 From: nginx-forum at nginx.us (mevans336) Date: Mon, 03 Dec 2012 16:56:03 -0500 Subject: Internal 503 Redirect Issues? In-Reply-To: <3649ec49eef97d1a713617c1445b2518.NginxMailingListEnglish@forum.nginx.org> References: <3649ec49eef97d1a713617c1445b2518.NginxMailingListEnglish@forum.nginx.org> Message-ID: I resolved this by simply using an internal style sheet. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,232655,233529#msg-233529 From nginx-forum at nginx.us Mon Dec 3 21:56:49 2012 From: nginx-forum at nginx.us (Gallitin) Date: Mon, 03 Dec 2012 16:56:49 -0500 Subject: connect() failed (111: Connection refused) while connecting to upstream In-Reply-To: <201212040154.11246.vbart@nginx.com> References: <201212040154.11246.vbart@nginx.com> Message-ID: <35849aabeed0802190b52d7b79883752.NginxMailingListEnglish@forum.nginx.org> Just tried that still receiving the error Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233519,233530#msg-233530 From contact at jpluscplusm.com Mon Dec 3 21:59:59 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Mon, 3 Dec 2012 21:59:59 +0000 Subject: connect() failed (111: Connection refused) while connecting to upstream In-Reply-To: <35849aabeed0802190b52d7b79883752.NginxMailingListEnglish@forum.nginx.org> References: <201212040154.11246.vbart@nginx.com> <35849aabeed0802190b52d7b79883752.NginxMailingListEnglish@forum.nginx.org> Message-ID: On 3 December 2012 21:56, Gallitin wrote: > Just tried that still receiving the error So a curl *running*on*your*desktop* receives a 200 as expected, but your browser *on*your*desktop* does not? Jonathan From nginx-forum at nginx.us Mon Dec 3 22:03:17 2012 From: nginx-forum at nginx.us (Gallitin) Date: Mon, 03 Dec 2012 17:03:17 -0500 Subject: connect() failed (111: Connection refused) while connecting to upstream In-Reply-To: References: Message-ID: <5d6464c46e2ccb3075a46a0c27c5507d.NginxMailingListEnglish@forum.nginx.org> I run the curl command via SSH and I receive the code output from that file. I browse to the page that uses that file and receive the gateway error. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233519,233532#msg-233532 From contact at jpluscplusm.com Mon Dec 3 22:19:29 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Mon, 3 Dec 2012 22:19:29 +0000 Subject: connect() failed (111: Connection refused) while connecting to upstream In-Reply-To: <5d6464c46e2ccb3075a46a0c27c5507d.NginxMailingListEnglish@forum.nginx.org> References: <5d6464c46e2ccb3075a46a0c27c5507d.NginxMailingListEnglish@forum.nginx.org> Message-ID: On 3 December 2012 22:03, Gallitin wrote: > I run the curl command via SSH and I receive the code output from that > file. > > I browse to the page that uses that file and receive the gateway error. You need to show us some commands running, some output, and nginx config - without redacted network names. This is too annoying/confusing to help you troubleshoot without seeing exactly what you're running exactly where. Jonathan From nginx-forum at nginx.us Mon Dec 3 23:15:04 2012 From: nginx-forum at nginx.us (djczaski) Date: Mon, 03 Dec 2012 18:15:04 -0500 Subject: Caching authentication requests? In-Reply-To: References: Message-ID: <4b4d72c632b5b26702d06a0c2f970f52.NginxMailingListEnglish@forum.nginx.org> I asked this question awhile ago but got no responses. I guess that means its either majorly stupid or completely obvious. I'm running on a beaglebone and when I enable something like auth_pam the number of requests I can handle drops from about 500 per second to about 30 which isn't suitable. Any kind of point would be help. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233054,233534#msg-233534 From nycfresh at yahoo.com Mon Dec 3 23:39:05 2012 From: nycfresh at yahoo.com (JacobV) Date: Mon, 3 Dec 2012 15:39:05 -0800 (PST) Subject: nginx with cavium SSL Message-ID: <1354577945.77655.YahooMailNeo@web39305.mail.mud.yahoo.com> Anyone using nginx with cavium SSL ? Compiled as ./configure --with-http_ssl_module --with-openssl=/home/cavium/software/apps/openssl-1.0.0b --with-openssl-opt="no-threads no-asm cav_crypto_offload cav_ssl_offload" Works but speed drop makes it unusable simple curl test on a static file gives ~ 3.5 MB/sec with cavium driver loaded vs 70MB/s without cavium. Any hints appreciated . Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Mon Dec 3 23:58:30 2012 From: francis at daoine.org (Francis Daly) Date: Mon, 3 Dec 2012 23:58:30 +0000 Subject: connect() failed (111: Connection refused) while connecting to upstream In-Reply-To: <7865fa531f03ad82c9dcd2df8436547e.NginxMailingListEnglish@forum.nginx.org> References: <20121203204444.GB18139@craic.sysops.org> <7865fa531f03ad82c9dcd2df8436547e.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121203235830.GE18139@craic.sysops.org> On Mon, Dec 03, 2012 at 04:32:04PM -0500, Gallitin wrote: Hi there, > Sorry for the grammar error. No worries. Once it is clear what works and what fails, we can see what to do next. > If I do curl -i http://domain.com/assets/js/msgFBmodal.js > it returns the code from the msgFBmodal.js page. Yet if I hit the page via > browser I still receive the gateway error. So, include all details each time, even if it looks repetitive. Yes or no: "domain.com" is your nginx-hosted web site, and resolves to your nginx server? >From a shell on the nginx server, what does curl -i http://domain.com/assets/js/msgFBmodal.js return? HTTP 200 and the content of the msgFBmodal.js file, or something else? >From a shell on your PC, the same machine your browser runs from, what does curl -i http://domain.com/assets/js/msgFBmodal.js return? HTTP 200 and the content of the msgFBmodal.js file, or something else? >From your browser, what do you see when you try to access http://domain.com/assets/js/msgFBmodal.js ? The content of the msgFBmodal.js file, or something else? > The nginx.conf file is: > # '$status $body_bytes_sent "$http_referer" ' > # '"$http_user_agent" "$http_x_forwarded_for"'; > "nginx.conf" 40L, 847C Unfortunately, that doesn't show the configuration. It only shows the top half of the main file; I suspect it will "include" some other files. What matters is the configuration of the server{} block that handles domain.com. f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Tue Dec 4 04:38:25 2012 From: nginx-forum at nginx.us (radhav) Date: Mon, 03 Dec 2012 23:38:25 -0500 Subject: upload module (2.2.0) compile errors on windows Message-ID: I am trying to compile nginx on windows following the instructions at http://nginx.org/en/docs/howto_build_on_win32.html. I am using the nginx sources from release-1.2.5 and including nginx_upload_module-2.2.0. I am getting the following errors: --- ./nginx_upload_module-2.2.0/ngx_http_upload_module.c(1200) : warning C4047: '=' : 'ngx_fd_t' differs in levels of indirection from 'int' ./nginx_upload_module-2.2.0/ngx_http_upload_module.c(1321) : warning C4047: '=' : 'ngx_fd_t' differs in levels of indirection from 'int' ./nginx_upload_module-2.2.0/ngx_http_upload_module.c(1363) : warning C4244: '=' : conversion from 'off_t' to 'size_t', possible loss of data ./nginx_upload_module-2.2.0/ngx_http_upload_module.c(1455) : warning C4204: nonstandard extension used : non-constant aggregate initializer ./nginx_upload_module-2.2.0/ngx_http_upload_module.c(1456) : warning C4204: nonstandard extension used : non-constant aggregate initializer ./nginx_upload_module-2.2.0/ngx_http_upload_module.c(1696) : warning C4013: 'ngx_lock_fd' undefined; assuming extern returning int ./nginx_upload_module-2.2.0/ngx_http_upload_module.c(1729) : error C2039: 'st_size' : is not a member of '_BY_HANDLE_FILE_INFORMATION' c:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\include\winbase.h(4831) : see declaration of '_BY_HANDLE_FILE_INFORMATION' ./nginx_upload_module-2.2.0/ngx_http_upload_module.c(1730) : error C2039: 'st_size' : is not a member of '_BY_HANDLE_FILE_INFORMATION' c:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\include\winbase.h(4831) : see declaration of '_BY_HANDLE_FILE_INFORMATION' ./nginx_upload_module-2.2.0/ngx_http_upload_module.c(1731) : error C2039: 'st_size' : is not a member of '_BY_HANDLE_FILE_INFORMATION' c:\Program Files (x86)\Microsoft SDKs\Windows\v7.0A\include\winbase.h(4831) : see declaration of '_BY_HANDLE_FILE_INFORMATION' ./nginx_upload_module-2.2.0/ngx_http_upload_module.c(1731) : fatal error C1903: unable to recover from previous error(s); stopping compilation NMAKE : fatal error U1077: '"C:\Program Files (x86)\Microsoft Visual Studio 10.0\VC\BIN\cl.EXE"' : return code '0x2' ---- I would appreciate any help in resolving this. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233537,233537#msg-233537 From robm at fastmail.fm Tue Dec 4 05:29:25 2012 From: robm at fastmail.fm (Robert Mueller) Date: Tue, 04 Dec 2012 16:29:25 +1100 Subject: 301 redirect with custom content problem In-Reply-To: <20121130074324.GC40452@mdounin.ru> References: <1354240383.10341.140661159923181.0F1A33B1@webmail.messagingengine.com> <20121130074324.GC40452@mdounin.ru> Message-ID: <1354598965.25587.140661161549297.6CFA9908@webmail.messagingengine.com> > This way you'll end up with two 301 redirects due to rewrite being > executed again for /foo/bar/301.html. Ah right, makes sense. > Try this instead: > > server { > listen 80 default; > > location / { > error_page 301 /foo/bar/301.html; > return 301 "https://example.com$request_uri"; > } > > location = /foo/bar/301.html { > # static > } > } Great, that worked, thanks. Rob From nginx-forum at nginx.us Tue Dec 4 09:10:51 2012 From: nginx-forum at nginx.us (srinivasa.nallapati) Date: Tue, 04 Dec 2012 04:10:51 -0500 Subject: redirect joomla url to dns name Message-ID: HI All , my joomla application is running 192.168.1.203 system in httpd sever,Operating system Fedora 14. URL : http://192.168.1.203/joomla I want redirect this url with some good name like , srinivas.walkingtree.in (it was created by dns server for ip 192.168.1.150). my nginx,conf file .(nginx server = 192.168.1.150) server { listen 192.168.1.150:80; server_name srinivas.walkingtree.in; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://192.168.1.203/joomla; } } At first , When i access http://srinivas.walkingtree.in . This is working . If i click on any button (products), it is redirecting to http://192.168.1.203/joomla/products . Please help me . Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233546,233546#msg-233546 From francis at daoine.org Tue Dec 4 12:20:25 2012 From: francis at daoine.org (Francis Daly) Date: Tue, 4 Dec 2012 12:20:25 +0000 Subject: redirect joomla url to dns name In-Reply-To: References: Message-ID: <20121204122025.GF18139@craic.sysops.org> On Tue, Dec 04, 2012 at 04:10:51AM -0500, srinivasa.nallapati wrote: Hi there, > server_name srinivas.walkingtree.in; > location / { > proxy_set_header X-Forwarded-Host $host; > proxy_set_header X-Forwarded-Server $host; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_pass http://192.168.1.203/joomla; > } > At first , When i access http://srinivas.walkingtree.in . This is working . > If i click on any button (products), it is redirecting to > http://192.168.1.203/joomla/products . http://nginx.org/r/proxy_set_header Most likely you can get it to do what you want by adding proxy_set_header Host $host; beside the other proxy_set_header lines. f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Tue Dec 4 12:34:14 2012 From: nginx-forum at nginx.us (srinivasa.nallapati) Date: Tue, 04 Dec 2012 07:34:14 -0500 Subject: redirect joomla url to dns name In-Reply-To: <20121204122025.GF18139@craic.sysops.org> References: <20121204122025.GF18139@craic.sysops.org> Message-ID: <0420eb8fbb6febd2cf2e85d612820d08.NginxMailingListEnglish@forum.nginx.org> Thanks , Now i used the follow thing , server { listen 192.168.1.150:80; server_name srinivas.walkingtree.in; location / { proxy_pass http://192.168.1.203/joomla/; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; } } when i click on products , http://srinivas.walkingtree.in/joomla/index.php/products error: Not Found The requested URL /joomla/joomla/index.php/products was not found on this server. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233546,233559#msg-233559 From appa at perusio.net Tue Dec 4 12:41:03 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Tue, 4 Dec 2012 13:41:03 +0100 Subject: redirect joomla url to dns name In-Reply-To: <0420eb8fbb6febd2cf2e85d612820d08.NginxMailingListEnglish@forum.nginx.org> References: <20121204122025.GF18139@craic.sysops.org> <0420eb8fbb6febd2cf2e85d612820d08.NginxMailingListEnglish@forum.nginx.org> Message-ID: > Thanks , > > Now i used the follow thing , > > server { > listen 192.168.1.150:80; > server_name srinivas.walkingtree.in; > location / { > > proxy_pass http://192.168.1.203/joomla/; > proxy_redirect off; > > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > client_max_body_size 10m; > client_body_buffer_size 128k; > > proxy_connect_timeout 90; > proxy_send_timeout 90; > proxy_read_timeout 90; > > proxy_buffer_size 4k; > proxy_buffers 4 32k; > proxy_busy_buffers_size 64k; > proxy_temp_file_write_size 64k; > } > } > > when i click on products , > http://srinivas.walkingtree.in/joomla/index.php/products Try: http://srinivas.walkingtree.in/index.php/products --appa From nginx-forum at nginx.us Tue Dec 4 12:48:49 2012 From: nginx-forum at nginx.us (srinivasa.nallapati) Date: Tue, 04 Dec 2012 07:48:49 -0500 Subject: redirect joomla url to dns name In-Reply-To: References: Message-ID: <32374bc6c83cffdb17df520893b55430.NginxMailingListEnglish@forum.nginx.org> Thanks , Now the page is loading but ,No images ,No colors and no css etc.. it is coming just like basic index page . Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233546,233561#msg-233561 From nginx-forum at nginx.us Tue Dec 4 13:16:40 2012 From: nginx-forum at nginx.us (srinivasa.nallapati) Date: Tue, 04 Dec 2012 08:16:40 -0500 Subject: redirect joomla url to dns name In-Reply-To: <32374bc6c83cffdb17df520893b55430.NginxMailingListEnglish@forum.nginx.org> References: <32374bc6c83cffdb17df520893b55430.NginxMailingListEnglish@forum.nginx.org> Message-ID: <781473dd90bd39fe1ee41937f8993d25.NginxMailingListEnglish@forum.nginx.org> srinivasa.nallapati Wrote: ------------------------------------------------------- > Thanks , > > Now the page is loading but ,No images ,No colors and no css etc.. > > it is coming just like basic index page . in developer tools , the below error is coming GET http://demojoomla.walkingtree.in/bapoc/components/com_virtuemart/assets/css/facebox.css 404 (Not Found) /:12 GET http://demojoomla.walkingtree.in/bapoc/components/com_virtuemart/assets/css/vmsite-ltr.css 404 (Not Found) /:13 GET http://demojoomla.walkingtree.in/bapoc/media/system/js/mootools-core.js 404 (Not Found) /:14 GET http://demojoomla.walkingtree.in/bapoc/media/system/js/core.js 404 (Not Found) /:14 GET http://demojoomla.walkingtree.in/bapoc/media/system/js/caption.js 404 (Not Found) /:14 GE Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233546,233564#msg-233564 From nginx-forum at nginx.us Tue Dec 4 13:20:37 2012 From: nginx-forum at nginx.us (srinivasa.nallapati) Date: Tue, 04 Dec 2012 08:20:37 -0500 Subject: redirect joomla url to dns name In-Reply-To: <781473dd90bd39fe1ee41937f8993d25.NginxMailingListEnglish@forum.nginx.org> References: <32374bc6c83cffdb17df520893b55430.NginxMailingListEnglish@forum.nginx.org> <781473dd90bd39fe1ee41937f8993d25.NginxMailingListEnglish@forum.nginx.org> Message-ID: <9e585b6883b3f0225d82b72a10c286de.NginxMailingListEnglish@forum.nginx.org> srinivasa.nallapati Wrote: ------------------------------------------------------- > srinivasa.nallapati Wrote: > ------------------------------------------------------- > > Thanks , > > > > Now the page is loading but ,No images ,No colors and no css etc.. > > > > it is coming just like basic index page . > sorry for wrong information , in developer tools , the below error is coming GET http://srinivas.walkingtree.in/joomla/components/com_virtuemart/assets/css/facebox.css 404 (Not Found) /:12 it is calling joomla after dns name Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233546,233565#msg-233565 From nginx-forum at nginx.us Tue Dec 4 14:07:52 2012 From: nginx-forum at nginx.us (poulphunter) Date: Tue, 04 Dec 2012 09:07:52 -0500 Subject: X-accel-redirect serving html download page instead of file. In-Reply-To: References: Message-ID: <649b1ccdfd761f17ebb6852759ddbae0.NginxMailingListEnglish@forum.nginx.org> I've correct this bug adding an expire header like : location ^~ /protected-file/ { expires 30s; add_header Pragma public; add_header Cache-Control "public, must-revalidate, proxy-revalidate"; gzip off; internal; alias /; } And my PHP headers are : header("X-Accel-Redirect: /protected-file".realpath($realpath)); header("X-Accel-Buffering: yes"); header('Content-Length: '.$size); header("Content-Type: "); header('Content-Disposition: attachment; filename="'.$filename.'"'); Nginx MIME types are /etc/nginx/mime.conf (from normal config) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,230161,233566#msg-233566 From sahmed1020 at gmail.com Tue Dec 4 14:56:30 2012 From: sahmed1020 at gmail.com (S Ahmed) Date: Tue, 4 Dec 2012 09:56:30 -0500 Subject: new log file every x minutes Message-ID: Hi, How can I tell nginx to create a new log file (access log) every x minutes? -------------- next part -------------- An HTML attachment was scrubbed... URL: From edho at myconan.net Tue Dec 4 15:01:03 2012 From: edho at myconan.net (Edho Arief) Date: Tue, 4 Dec 2012 22:01:03 +0700 Subject: new log file every x minutes In-Reply-To: References: Message-ID: On Tue, Dec 4, 2012 at 9:56 PM, S Ahmed wrote: > Hi, > > How can I tell nginx to create a new log file (access log) every x minutes? > Use your system's logrotate to do that. From smallfish.xy at gmail.com Tue Dec 4 15:03:53 2012 From: smallfish.xy at gmail.com (smallfish) Date: Tue, 4 Dec 2012 23:03:53 +0800 Subject: new log file every x minutes In-Reply-To: References: Message-ID: use crontab. and send USR1 to master process. -- smallfish http://chenxiaoyu.org On Tue, Dec 4, 2012 at 10:56 PM, S Ahmed wrote: > Hi, > > How can I tell nginx to create a new log file (access log) every x minutes? > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Tue Dec 4 15:11:55 2012 From: francis at daoine.org (Francis Daly) Date: Tue, 4 Dec 2012 15:11:55 +0000 Subject: redirect joomla url to dns name In-Reply-To: <9e585b6883b3f0225d82b72a10c286de.NginxMailingListEnglish@forum.nginx.org> References: <32374bc6c83cffdb17df520893b55430.NginxMailingListEnglish@forum.nginx.org> <781473dd90bd39fe1ee41937f8993d25.NginxMailingListEnglish@forum.nginx.org> <9e585b6883b3f0225d82b72a10c286de.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121204151155.GG18139@craic.sysops.org> On Tue, Dec 04, 2012 at 08:20:37AM -0500, srinivasa.nallapati wrote: Hi there, > GET > http://srinivas.walkingtree.in/joomla/components/com_virtuemart/assets/css/facebox.css > 404 (Not Found) /:12 What file, on what server, does that "facebox.css" correspond to? If you issue the request with "curl -i", can you see whether the 404 message came from nginx or from something else? Untested, but I suspect that you want either location / { proxy_pass http://192.168.1.203; # the rest of the config goes here } or location /joomla/ { proxy_pass http://192.168.1.203/joomla/; # the rest of the config goes here } location = / { return 301 /joomla/; } to achieve what you want -- but it's not yet clear exactly what you want. http://nginx.org/r/proxy_pass for details. f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Tue Dec 4 15:46:58 2012 From: nginx-forum at nginx.us (srinivasa.nallapati) Date: Tue, 04 Dec 2012 10:46:58 -0500 Subject: redirect joomla url to dns name In-Reply-To: <20121204151155.GG18139@craic.sysops.org> References: <20121204151155.GG18139@craic.sysops.org> Message-ID: <775a77c017b90cc3a07728b536dbc282.NginxMailingListEnglish@forum.nginx.org> Sorry ! Actually i am running joomla in httpd server . URL : http://192.168.1.203/joomla/; I want acces this url with name like srinivas.walkingtree.in When i browse srinivas.walkingtree.in .it is working ,if i click any button in this appllication , it is redirecting to again http://192.168.1.203/joomla/ Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233546,233575#msg-233575 From dewanggaba at gmail.com Tue Dec 4 16:10:37 2012 From: dewanggaba at gmail.com (antituhan) Date: Tue, 4 Dec 2012 08:10:37 -0800 (PST) Subject: Is it possible using multiple directive on different root location? (Without Symlinks) In-Reply-To: <20121130223853.GX18139@craic.sysops.org> References: <1335864986389-7516384.post@n2.nabble.com> <1335896925.4775.25.camel@portable-evil> <1335925217815-7518776.post@n2.nabble.com> <1335934594.4775.45.camel@portable-evil> <1336049994106-7523526.post@n2.nabble.com> <20120503224309.GB11895@craic.sysops.org> <1336712290522-7549205.post@n2.nabble.com> <20120511080357.GH457@craic.sysops.org> <1354018101825-7582658.post@n2.nabble.com> <20121130223853.GX18139@craic.sysops.org> Message-ID: <1354637437235-7582798.post@n2.nabble.com> Hi F, Yup, i want the fastcgi server to process the .php files. I've tried to set like this While I access http://static.antituhan.com/test/tehbotol.php the error log shows that tehbotol.php can't found on /something/test/tehbotol.php Francis Daly wrote > On Tue, Nov 27, 2012 at 04:08:21AM -0800, antituhan wrote: > > Hi there, > >> Change $document_root$fastcgi_script_name into $document_root$1, but I >> still >> got 403 Forbidden when access >> http://static.antituhan.com/test/tehbotol.php > > What file do you want the fastcgi server to process when you request > http://static.antituhan.com/test/tehbotol.php? > > If it is /something/test/tehboto1.php, then put "root /something" inside > the location{} block and use $document_root$fastcgi_script_name. > > If it isn't, then you'll need to build what it is in some other way. > > f > -- > Francis Daly > francis@ > > _______________________________________________ > nginx mailing list > nginx@ > http://mailman.nginx.org/mailman/listinfo/nginx ----- [daemon at antituhan.com ~]# -- View this message in context: http://nginx.2469901.n2.nabble.com/Is-it-possible-using-multiple-directive-on-different-root-location-Without-Symlinks-tp7516384p7582798.html Sent from the nginx mailing list archive at Nabble.com. From francis at daoine.org Tue Dec 4 17:44:31 2012 From: francis at daoine.org (Francis Daly) Date: Tue, 4 Dec 2012 17:44:31 +0000 Subject: Is it possible using multiple directive on different root location? (Without Symlinks) In-Reply-To: <1354637437235-7582798.post@n2.nabble.com> References: <1335896925.4775.25.camel@portable-evil> <1335925217815-7518776.post@n2.nabble.com> <1335934594.4775.45.camel@portable-evil> <1336049994106-7523526.post@n2.nabble.com> <20120503224309.GB11895@craic.sysops.org> <1336712290522-7549205.post@n2.nabble.com> <20120511080357.GH457@craic.sysops.org> <1354018101825-7582658.post@n2.nabble.com> <20121130223853.GX18139@craic.sysops.org> <1354637437235-7582798.post@n2.nabble.com> Message-ID: <20121204174431.GI18139@craic.sysops.org> On Tue, Dec 04, 2012 at 08:10:37AM -0800, antituhan wrote: > While I access http://static.antituhan.com/test/tehbotol.php the error log > shows that tehbotol.php can't found on /something/test/tehbotol.php What file do you want the fastcgi server to process when you request http://static.antituhan.com/test/tehbotol.php? f -- Francis Daly francis at daoine.org From francis at daoine.org Tue Dec 4 18:17:47 2012 From: francis at daoine.org (Francis Daly) Date: Tue, 4 Dec 2012 18:17:47 +0000 Subject: redirect joomla url to dns name In-Reply-To: <775a77c017b90cc3a07728b536dbc282.NginxMailingListEnglish@forum.nginx.org> References: <20121204151155.GG18139@craic.sysops.org> <775a77c017b90cc3a07728b536dbc282.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121204181747.GJ18139@craic.sysops.org> On Tue, Dec 04, 2012 at 10:46:58AM -0500, srinivasa.nallapati wrote: Hi there, > Actually i am running joomla in httpd server . URL : > http://192.168.1.203/joomla/; > > I want acces this url with name like srinivas.walkingtree.in If you are happy for the user to see http://srinivas.walkingtree.in/joomla/ and what was suggested does not work for you, then please be specific about what exact configuration you used, what url you tried to access, what response you got, and what response you expected to get. Ideally, copy-paste the "curl -i" commands which show the problem. If you do not want the user to see http://srinivas.walkingtree.in/joomla/, then some other changes will be needed. Possibly using proxy_redirect (http://nginx.org/r/proxy_redirect) will help, or possibly some configuration on the joomla side will be needed to allow it to be hidden in a subdirectory behind a reverse proxy. > When i browse srinivas.walkingtree.in .it is working ,if i click any button > in this appllication , it is redirecting to again > http://192.168.1.203/joomla/ The first line there is: curl -i http://srinivas.walkingtree.in/ and you can compare what you get with what you expect. The second line is something else. Instead of clicking on a button, right-click and "copy link location" or "copy shortcut" or do whatever your browser needs to store the url you are about to access; then paste that url into the command line curl -i and again you can compare what you get with what you expect. For example, you probably don't expect to see the address 192.168.1.203 anywhere in the response. Unless you show exactly what you do, what you see, and what you expect to see; it is difficult for others to offer useful help. f -- Francis Daly francis at daoine.org From sahmed1020 at gmail.com Tue Dec 4 18:45:25 2012 From: sahmed1020 at gmail.com (S Ahmed) Date: Tue, 4 Dec 2012 13:45:25 -0500 Subject: new log file every x minutes In-Reply-To: References: Message-ID: How do I sent a USR1? What is that for, it signals to nginx to start a new file? On Tue, Dec 4, 2012 at 10:03 AM, smallfish wrote: > USR1 -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at jpluscplusm.com Tue Dec 4 18:49:15 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Tue, 4 Dec 2012 18:49:15 +0000 Subject: new log file every x minutes In-Reply-To: References: Message-ID: On 4 December 2012 18:45, S Ahmed wrote: > How do I sent a USR1? What is that for, it signals to nginx to start a new > file? I don't believe so, no. Check http://wiki.nginx.org/CommandLine#Stopping_or_Restarting_Nginx You'd have to move the log out from under nginx before sending it, I think. I'd personally use logrotate with a specially SIGUSR1-related config stanza if I had to do this, and wouldn't try and write the logic myself. Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From sahmed1020 at gmail.com Tue Dec 4 19:05:33 2012 From: sahmed1020 at gmail.com (S Ahmed) Date: Tue, 4 Dec 2012 14:05:33 -0500 Subject: new log file every x minutes In-Reply-To: References: Message-ID: I didn't realize this would so tricky, or "tricky" :) I was hoping it was just a simple config setting! hehe On Tue, Dec 4, 2012 at 1:49 PM, Jonathan Matthews wrote: > On 4 December 2012 18:45, S Ahmed wrote: > > How do I sent a USR1? What is that for, it signals to nginx to start a > new > > file? > > I don't believe so, no. Check > http://wiki.nginx.org/CommandLine#Stopping_or_Restarting_Nginx > You'd have to move the log out from under nginx before sending it, I think. > > I'd personally use logrotate with a specially SIGUSR1-related config > stanza if I had to do this, and wouldn't try and write the logic > myself. > > Jonathan > -- > Jonathan Matthews // Oxford, London, UK > http://www.jpluscplusm.com/contact.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Dec 4 22:18:56 2012 From: nginx-forum at nginx.us (djczaski) Date: Tue, 04 Dec 2012 17:18:56 -0500 Subject: auth_request_set into variable and lua Message-ID: <45ac71d3301731a29e6a32fad68cf50b.NginxMailingListEnglish@forum.nginx.org> Trying to get a header from an auth_request into a variable and use it from Lua with no luck. This was the simple example I tried. location = /auth { add_header X-Boo "Hello World"; return 204; } location /test { auth_request /auth; auth_request_set $test $upstream_http_x_boo; add_header X-BooHoo $test; content_by_lua ' ngx.say("(" .. ngx.var.test .. ")") '; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233582,233582#msg-233582 From nginx-forum at nginx.us Tue Dec 4 22:28:48 2012 From: nginx-forum at nginx.us (jeenam) Date: Tue, 04 Dec 2012 17:28:48 -0500 Subject: keepalive_timeout http|server|listen context Message-ID: <470fe3b863b63a6bf3e49d866d32e6a4.NginxMailingListEnglish@forum.nginx.org> If 'keepalive_timeout 0' is set at the http context level, does nginx honor 'keepalive_timeout N' at the server and/or listen level? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233583,233583#msg-233583 From igor at sysoev.ru Wed Dec 5 00:52:23 2012 From: igor at sysoev.ru (Igor Sysoev) Date: Wed, 5 Dec 2012 04:52:23 +0400 Subject: keepalive_timeout http|server|listen context In-Reply-To: <470fe3b863b63a6bf3e49d866d32e6a4.NginxMailingListEnglish@forum.nginx.org> References: <470fe3b863b63a6bf3e49d866d32e6a4.NginxMailingListEnglish@forum.nginx.org> Message-ID: On Dec 5, 2012, at 2:28 , jeenam wrote: > If 'keepalive_timeout 0' is set at the http context level, does nginx honor > 'keepalive_timeout N' at the server and/or listen level? There is no listen context as such, but there is default server for listen address:port pair. As to the question - yes, you can change keepalive_timeout at server or location level. -- Igor Sysoev http://nginx.com/support.html From agentzh at gmail.com Wed Dec 5 02:19:02 2012 From: agentzh at gmail.com (agentzh) Date: Tue, 4 Dec 2012 18:19:02 -0800 Subject: auth_request_set into variable and lua In-Reply-To: <45ac71d3301731a29e6a32fad68cf50b.NginxMailingListEnglish@forum.nginx.org> References: <45ac71d3301731a29e6a32fad68cf50b.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello! On Tue, Dec 4, 2012 at 2:18 PM, djczaski wrote: > Trying to get a header from an auth_request into a variable and use it from > Lua with no luck. This was the simple example I tried. > You're making several mistakes. See the discussion below: > location = /auth { > add_header X-Boo "Hello World"; Mistake #1: The add_header directive from the standard ngx_headers module has no effect on subrequests while your location /auth here is accessed by a subrequest issued via the auth_request directive. > return 204; > } > > location /test { > auth_request /auth; > auth_request_set $test $upstream_http_x_boo; Mistake #2: The $upstream_http_XXX variables are only meaningful when the *current* location is configured by one of those Nginx upstream modules like ngx_proxy, ngx_fastcgi, ngx_uwsgi, and etc. Here your current location, location /test, is not configured by any Nginx upstream modules (neither ngx_auth_request nor ngx_lua are upstream modules). Mistake #3: The $upstream_http_XXX variables are only in effect for the current request. It won't inherit values from any other requests including subrequests. > add_header X-BooHoo $test; > > content_by_lua ' > ngx.say("(" .. ngx.var.test .. ")") > '; > } > BTW, I'm not sure what business requirements you're trying to achieve here but I think you can just use access_by_lua with ngx.location.capture here in place of auth_request and you can inspect the subrequest's response headers easily in Lua. Best regards, -agentzh From djczaski at gmail.com Wed Dec 5 03:36:39 2012 From: djczaski at gmail.com (djczaski) Date: Tue, 4 Dec 2012 22:36:39 -0500 Subject: auth_request_set into variable and lua In-Reply-To: References: <45ac71d3301731a29e6a32fad68cf50b.NginxMailingListEnglish@forum.nginx.org> Message-ID: Thank you taking the time with your detailed response. I have some comments below. On Tue, Dec 4, 2012 at 9:19 PM, agentzh wrote: > Hello! > > On Tue, Dec 4, 2012 at 2:18 PM, djczaski wrote: >> Trying to get a header from an auth_request into a variable and use it from >> Lua with no luck. This was the simple example I tried. >> > > You're making several mistakes. See the discussion below: > >> location = /auth { >> add_header X-Boo "Hello World"; This was an attempt to make a simple example. The authentication comes from a fastcgi process. > Mistake #1: The add_header directive from the standard ngx_headers > module has no effect on subrequests while your location /auth here is > accessed by a subrequest issued via the auth_request directive. > >> return 204; >> } >> >> location /test { >> auth_request /auth; >> auth_request_set $test $upstream_http_x_boo; > > Mistake #2: The $upstream_http_XXX variables are only meaningful when > the *current* location is configured by one of those Nginx upstream > modules like ngx_proxy, ngx_fastcgi, ngx_uwsgi, and etc. Here your > current location, location /test, is not configured by any Nginx > upstream modules (neither ngx_auth_request nor ngx_lua are upstream > modules). The fastcgi process from /auth sets some headers which I need to forward into parameters for a second fastcgi processes. > Mistake #3: The $upstream_http_XXX variables are only in effect for > the current request. It won't inherit values from any other requests > including subrequests. > >> add_header X-BooHoo $test; >> >> content_by_lua ' >> ngx.say("(" .. ngx.var.test .. ")") >> '; >> } >> > > BTW, I'm not sure what business requirements you're trying to achieve > here but I think you can just use access_by_lua with > ngx.location.capture here in place of auth_request and you can inspect > the subrequest's response headers easily in Lua. I was looking at nginx as a replacement of another web server in order to improve performance on an embedded platform. Actually, I was able to implement this through access_by_lua while I was having problems and although it worked, performance was worse than using the fastcgi authorizer on the other server. To improve performance, I could write a module and I looked at using auth_pam however the pam conversation on each request is extremely slow. It could be that all of this is the wrong path. The basic requirement is user login with pam authentication. > Best regards, > -agentzh > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From i.hailperin at heinlein-support.de Wed Dec 5 11:00:51 2012 From: i.hailperin at heinlein-support.de (Isaac Hailperin) Date: Wed, 05 Dec 2012 12:00:51 +0100 Subject: Set-Cookie is missing via proxy Message-ID: <50BF2963.1090106@heinlein-support.de> Hi, I am using nginx as a reverse proxy for apache. I have the following symptom: Sessions of users get mixed up. The original html from the apache looks like this via curl: [...]
[...] If I get this page through nginx, it looks like this: [...]
[...] So obviously the query string containing the identifing ID is missing. I guess this is where sessions get mixed up. Now I had a look a the headers, and there I got via apache: curl --head http://www.foobar-shop.de/ HTTP/1.1 200 OK Date: Wed, 05 Dec 2012 10:19:48 GMT Server: Apache X-Powered-By: PHP/5.2.17-0.dotdeb.0 Set-Cookie: acmeID=48dceed9217eea2b691f75e26276bdb8; expires=Fri, 15-Mar-2013 10:19:48 GMT; path=/; domain=.foobar-shop.de Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Content-Type: text/html;charset=UTF-8 and via nginx: HTTP/1.1 200 OK Server: nginx/1.2.5 Date: Wed, 05 Dec 2012 10:45:54 GMT Content-Type: text/html; charset=iso-8859-1 Content-Length: 945 Connection: keep-alive Last-Modified: Fri, 13 Apr 2012 02:58:01 GMT ETag: "132b39c-3b1-4bd86a3f74040" Accept-Ranges: bytes Vary: Accept-Encoding So the "Set-Cookie" header is missing via nginx. I guess this is the reason why the query string is also missing in the html. ( Odly though, if I browse the site with firefox, I still get the cookie ...? ) I tried setting proxy_pass_header Set-Cookie; but with no success. Now I am a bit clueless. My config: /etc/nginx/nginx.conf user www-data; worker_processes 16; pid /var/run/nginx.pid; events { worker_connections 2000; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json # application/x-javascript text/xml application/xml application/xml+rss # text/javascript; # Because we have a lot of server_names, we need to increase # server_names_hash_bucket_size # (http://nginx.org/en/docs/http/server_names.html) server_names_hash_max_size 6000; server_names_hash_bucket_size 512; # raise default # values for php client_max_body_size 20M; client_body_buffer_size 128k; ## # Virtual Host Configs ## include /var/www3/acme_cache/load_balancer/upstream.conf; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; include /etc/nginx/proxy_params; index index.html index.htm ; ## # Proxy Settings ## # include hostname in request to backend proxy_set_header Host $host; # only honor internal Caching policies proxy_ignore_headers X-Accel-Expires Expires Cache-Control; # let cookies from the backend pass proxy_pass_header Set-Cookie; } /etc/nginx/proxy_params proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; /etc/nginx/conf.d/proxy_paths.conf proxy_temp_path /var/lib/nginx/proxy/tmp; proxy_cache_path /var/lib/nginx/proxy/cache levels=2:2:2 keys_zone=acme-cache:800m max_size=55000m inactive=10m; /etc/nginx/sites-enabled/foobar-shop.de_p80 server { server_name www.foobar-shop.de foobar-shop.de foobar-beta.de; listen 80; access_log /var/log/www/asdf/foobar/log/access.log; error_log /var/log/nginx/vhost_error.log; proxy_cache acme-cache; proxy_cache_key "$scheme$host$proxy_host$uri$is_args$args"; proxy_cache_valid 200 302 60m; proxy_cache_valid 404 10m; location ~* \.(jpg|gif|png|css|js) { try_files $uri @proxy; } location @proxy { proxy_pass http://backend-all-apaches; } location / { proxy_pass http://backend-all-apaches; } } Any Ideas? Isaac From mdounin at mdounin.ru Wed Dec 5 11:20:23 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 5 Dec 2012 15:20:23 +0400 Subject: auth_request_set into variable and lua In-Reply-To: References: <45ac71d3301731a29e6a32fad68cf50b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121205112023.GK40452@mdounin.ru> Hello! On Tue, Dec 04, 2012 at 06:19:02PM -0800, agentzh wrote: > Hello! > > On Tue, Dec 4, 2012 at 2:18 PM, djczaski wrote: > > Trying to get a header from an auth_request into a variable and use it from > > Lua with no luck. This was the simple example I tried. > > > > You're making several mistakes. See the discussion below: > > > location = /auth { > > add_header X-Boo "Hello World"; > > Mistake #1: The add_header directive from the standard ngx_headers > module has no effect on subrequests while your location /auth here is > accessed by a subrequest issued via the auth_request directive. > > > return 204; > > } > > > > location /test { > > auth_request /auth; > > auth_request_set $test $upstream_http_x_boo; > > Mistake #2: The $upstream_http_XXX variables are only meaningful when > the *current* location is configured by one of those Nginx upstream > modules like ngx_proxy, ngx_fastcgi, ngx_uwsgi, and etc. Here your > current location, location /test, is not configured by any Nginx > upstream modules (neither ngx_auth_request nor ngx_lua are upstream > modules). > > Mistake #3: The $upstream_http_XXX variables are only in effect for > the current request. It won't inherit values from any other requests > including subrequests. The #2 and #3 are the reasons why the auth_request_set directive exists: it allows to store variables specific to auth subrequest, like $upstream_http_*, in variables of main request. So the only valid problem in config is #1. [...] -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Wed Dec 5 12:23:10 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 5 Dec 2012 16:23:10 +0400 Subject: Set-Cookie is missing via proxy In-Reply-To: <50BF2963.1090106@heinlein-support.de> References: <50BF2963.1090106@heinlein-support.de> Message-ID: <20121205122309.GM40452@mdounin.ru> Hello! On Wed, Dec 05, 2012 at 12:00:51PM +0100, Isaac Hailperin wrote: > I am using nginx as a reverse proxy for apache. > I have the following symptom: Sessions of users get mixed up. > The original html from the apache looks like this via curl: > > [...] > >
> [...] > > If I get this page through nginx, it looks like this: > [...] > src="/layout/cyt/img/blind.gif" alt="" />
> [...] > > So obviously the query string containing the identifing ID is > missing. I guess > this is where sessions get mixed up. Now I had > a look a the headers, and there I got via apache: > curl --head http://www.foobar-shop.de/ > HTTP/1.1 200 OK > Date: Wed, 05 Dec 2012 10:19:48 GMT > Server: Apache > X-Powered-By: PHP/5.2.17-0.dotdeb.0 > Set-Cookie: acmeID=48dceed9217eea2b691f75e26276bdb8; expires=Fri, > 15-Mar-2013 > 10:19:48 GMT; path=/; domain=.foobar-shop.de > Expires: Thu, 19 Nov 1981 08:52:00 GMT > Cache-Control: no-store, no-cache, must-revalidate, post-check=0, > pre-check=0 > Pragma: no-cache > Content-Type: text/html;charset=UTF-8 > > and via nginx: > HTTP/1.1 200 OK > Server: nginx/1.2.5 > Date: Wed, 05 Dec 2012 10:45:54 GMT > Content-Type: text/html; charset=iso-8859-1 > Content-Length: 945 > Connection: keep-alive > Last-Modified: Fri, 13 Apr 2012 02:58:01 GMT > ETag: "132b39c-3b1-4bd86a3f74040" > Accept-Ranges: bytes > Vary: Accept-Encoding > > So the "Set-Cookie" header is missing via nginx. I guess this is the > reason why the query > string is also missing in the html. ( Odly though, if I browse the site with > firefox, I still get the cookie ...? ) I would suggest it's backend code/configs which needs investigation. It looks like the backend returns static file (note Content-Length, ETag and no X-Powered-By) to nginx for some reason. [...] -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Wed Dec 5 14:27:21 2012 From: nginx-forum at nginx.us (djczaski) Date: Wed, 05 Dec 2012 09:27:21 -0500 Subject: auth_request_set into variable and lua In-Reply-To: References: Message-ID: <50311b7d502f4e27c2fd0ff57bf547b7.NginxMailingListEnglish@forum.nginx.org> agentzh Wrote: ------------------------------------------------------- > Hello! > > On Tue, Dec 4, 2012 at 2:18 PM, djczaski wrote: > > Trying to get a header from an auth_request into a variable and use > it from > > Lua with no luck. This was the simple example I tried. > > > > You're making several mistakes. See the discussion below: > > > location = /auth { > > add_header X-Boo "Hello World"; > > Mistake #1: The add_header directive from the standard ngx_headers > module has no effect on subrequests while your location /auth here is > accessed by a subrequest issued via the auth_request directive. > > > return 204; > > } > > > > location /test { > > auth_request /auth; > > auth_request_set $test $upstream_http_x_boo; > > Mistake #2: The $upstream_http_XXX variables are only meaningful when > the *current* location is configured by one of those Nginx upstream > modules like ngx_proxy, ngx_fastcgi, ngx_uwsgi, and etc. Here your > current location, location /test, is not configured by any Nginx > upstream modules (neither ngx_auth_request nor ngx_lua are upstream > modules). > > Mistake #3: The $upstream_http_XXX variables are only in effect for > the current request. It won't inherit values from any other requests > including subrequests. > > > add_header X-BooHoo $test; > > > > content_by_lua ' > > ngx.say("(" .. ngx.var.test .. ")") > > '; > > } > > > > BTW, I'm not sure what business requirements you're trying to achieve > here but I think you can just use access_by_lua with > ngx.location.capture here in place of auth_request and you can inspect > the subrequest's response headers easily in Lua. I confirmed mistake #1 was my problem. Thank you for the help. I benchmarked both approaches: 1.0 Nginx 1.3.8 no auth 1.4 Nginx 1.3.8 auth_request_set 1.5 Nginx 1.3.8 access_by_lua Interestingly, Nginx 1.3.9 seemed to be about 3% slower than 1.3.8. Surprisingly, Nginx 1.3.8 was about 8% slower than Lighttpd, which was shocking. Serving static files, Nginx was much faster than Lighttpd. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233582,233601#msg-233601 From nginx-forum at nginx.us Wed Dec 5 16:00:23 2012 From: nginx-forum at nginx.us (djczaski) Date: Wed, 05 Dec 2012 11:00:23 -0500 Subject: auth_request_set into variable and lua In-Reply-To: References: Message-ID: <5ad5cea0437bc7150534d20652c50534.NginxMailingListEnglish@forum.nginx.org> agentzh Wrote: ------------------------------------------------------- > Hello! > > On Tue, Dec 4, 2012 at 2:18 PM, djczaski wrote: > > Trying to get a header from an auth_request into a variable and use > it from > > Lua with no luck. This was the simple example I tried. > > > > You're making several mistakes. See the discussion below: > > > location = /auth { > > add_header X-Boo "Hello World"; > > Mistake #1: The add_header directive from the standard ngx_headers > module has no effect on subrequests while your location /auth here is > accessed by a subrequest issued via the auth_request directive. > > > return 204; > > } > > > > location /test { > > auth_request /auth; > > auth_request_set $test $upstream_http_x_boo; > > Mistake #2: The $upstream_http_XXX variables are only meaningful when > the *current* location is configured by one of those Nginx upstream > modules like ngx_proxy, ngx_fastcgi, ngx_uwsgi, and etc. Here your > current location, location /test, is not configured by any Nginx > upstream modules (neither ngx_auth_request nor ngx_lua are upstream > modules). > > Mistake #3: The $upstream_http_XXX variables are only in effect for > the current request. It won't inherit values from any other requests > including subrequests. > > > add_header X-BooHoo $test; > > > > content_by_lua ' > > ngx.say("(" .. ngx.var.test .. ")") > > '; > > } > > > > BTW, I'm not sure what business requirements you're trying to achieve > here but I think you can just use access_by_lua with > ngx.location.capture here in place of auth_request and you can inspect > the subrequest's response headers easily in Lua. I confirmed mistake #1 was my problem. Thank you for the help. I benchmarked both approaches: 1.0 Nginx 1.3.8 no auth 1.4 Nginx 1.3.8 auth_request_set 1.5 Nginx 1.3.8 access_by_lua Interestingly, Nginx 1.3.9 seemed to be about 3% slower than 1.3.8. Surprisingly, Nginx 1.3.8 was about 8% slower than Lighttpd, which was shocking. Serving static files, Nginx was much faster than Lighttpd. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233582,233602#msg-233602 From nginx-forum at nginx.us Wed Dec 5 17:05:02 2012 From: nginx-forum at nginx.us (pokrface) Date: Wed, 05 Dec 2012 12:05:02 -0500 Subject: SSL key permissions - why does root work? Message-ID: Hi all-- This might be a silly question, so I apologize, but I would like to know the answer. When configuring Nginx to work with SSL/TLS, best practice appears to be to secure your site's private key by ensuring it's owned by root:root and that its permissions are set to 400. My question, though, is why does this work? The Nginx worker processes, running under their own context, can't access the file that way. Do they rely on the master process (running as root) to read the key for them? Thanks! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233606,233606#msg-233606 From nginx-forum at nginx.us Wed Dec 5 19:26:40 2012 From: nginx-forum at nginx.us (sdee) Date: Wed, 05 Dec 2012 14:26:40 -0500 Subject: slowfs cache In-Reply-To: <5c11357a1c4fac3b3fcbef837f50a4db.NginxMailingListEnglish@forum.nginx.org> References: <5c11357a1c4fac3b3fcbef837f50a4db.NginxMailingListEnglish@forum.nginx.org> Message-ID: <8d39b2fc8acf6b244dc2557c7bc8b58d.NginxMailingListEnglish@forum.nginx.org> I don't see the point in the slowfs_cache module, does it actually offer anything over having nginx configured as reverse caching proxy with the caching location using the fast disk subsystem and proxy backend reading from the slow disk subsystem? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233496,233612#msg-233612 From i.hailperin at heinlein-support.de Wed Dec 5 19:42:31 2012 From: i.hailperin at heinlein-support.de (Isaac Hailperin) Date: Wed, 05 Dec 2012 20:42:31 +0100 Subject: Set-Cookie is missing via proxy In-Reply-To: <20121205122309.GM40452@mdounin.ru> References: <50BF2963.1090106@heinlein-support.de> <20121205122309.GM40452@mdounin.ru> Message-ID: <50BFA3A7.5010500@heinlein-support.de> On 12/05/2012 01:23 PM, Maxim Dounin wrote: > I would suggest it's backend code/configs which needs > investigation. It looks like the backend returns static file > (note Content-Length, ETag and no X-Powered-By) to nginx for some > reason. Am I understanding you correctly: you suggest that for some reason the backend is delivering a page without the query string, so nginx has no chance to deliver it? Isaac From i.hailperin at heinlein-support.de Wed Dec 5 20:12:09 2012 From: i.hailperin at heinlein-support.de (Isaac Hailperin) Date: Wed, 05 Dec 2012 21:12:09 +0100 Subject: Set-Cookie is missing via proxy In-Reply-To: <50BFA3A7.5010500@heinlein-support.de> References: <50BF2963.1090106@heinlein-support.de> <20121205122309.GM40452@mdounin.ru> <50BFA3A7.5010500@heinlein-support.de> Message-ID: <50BFAA99.2070200@heinlein-support.de> Also, at least from the config, the html should not be cached, right? I will also check the communication with the backend(there currently is a different problem which prevents this check) to see which headers are passed between nginx and the backend, and compare them with the headers sent between the client and nginx. Anything else I could do to investigate? Isaac On 12/05/2012 08:42 PM, Isaac Hailperin wrote: > > > On 12/05/2012 01:23 PM, Maxim Dounin wrote: > >> I would suggest it's backend code/configs which needs >> investigation. It looks like the backend returns static file >> (note Content-Length, ETag and no X-Powered-By) to nginx for some >> reason. > Am I understanding you correctly: you suggest that for some reason the > backend is delivering a page without the query string, so nginx has no > chance to deliver it? > > Isaac > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From dewanggaba at gmail.com Thu Dec 6 02:06:41 2012 From: dewanggaba at gmail.com (antituhan) Date: Wed, 5 Dec 2012 18:06:41 -0800 (PST) Subject: Is it possible using multiple directive on different root location? (Without Symlinks) In-Reply-To: <20121204174431.GI18139@craic.sysops.org> References: <1335925217815-7518776.post@n2.nabble.com> <1335934594.4775.45.camel@portable-evil> <1336049994106-7523526.post@n2.nabble.com> <20120503224309.GB11895@craic.sysops.org> <1336712290522-7549205.post@n2.nabble.com> <20120511080357.GH457@craic.sysops.org> <1354018101825-7582658.post@n2.nabble.com> <20121130223853.GX18139@craic.sysops.org> <1354637437235-7582798.post@n2.nabble.com> <20121204174431.GI18139@craic.sysops.org> Message-ID: <1354759601011-7582818.post@n2.nabble.com> tehbotol.php content is : Francis Daly wrote > On Tue, Dec 04, 2012 at 08:10:37AM -0800, antituhan wrote: > >> While I access http://static.antituhan.com/test/tehbotol.php the error >> log >> shows that tehbotol.php can't found on /something/test/tehbotol.php > > What file do you want the fastcgi server to process when you request > http://static.antituhan.com/test/tehbotol.php? > > f > -- > Francis Daly > francis@ > > _______________________________________________ > nginx mailing list > nginx@ > http://mailman.nginx.org/mailman/listinfo/nginx ----- [daemon at antituhan.com ~]# -- View this message in context: http://nginx.2469901.n2.nabble.com/Is-it-possible-using-multiple-directive-on-different-root-location-Without-Symlinks-tp7516384p7582818.html Sent from the nginx mailing list archive at Nabble.com. From agentzh at gmail.com Thu Dec 6 03:02:32 2012 From: agentzh at gmail.com (agentzh) Date: Wed, 5 Dec 2012 19:02:32 -0800 Subject: auth_request_set into variable and lua In-Reply-To: References: <45ac71d3301731a29e6a32fad68cf50b.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello! On Tue, Dec 4, 2012 at 7:36 PM, djczaski wrote: > I was looking at nginx as a replacement of another web server in order > to improve performance on an embedded platform. Actually, I was able > to implement this through access_by_lua while I was having problems > and although it worked, performance was worse than using the fastcgi > authorizer on the other server. How did you write your Lua code in access_by_lua? Are you using blocking 3rd-party Lua libraries there? Regards, -agentzh From djczaski at gmail.com Thu Dec 6 03:33:56 2012 From: djczaski at gmail.com (djczaski) Date: Wed, 5 Dec 2012 22:33:56 -0500 Subject: auth_request_set into variable and lua In-Reply-To: References: <45ac71d3301731a29e6a32fad68cf50b.NginxMailingListEnglish@forum.nginx.org> Message-ID: On Wed, Dec 5, 2012 at 10:02 PM, agentzh wrote: > Hello! > > On Tue, Dec 4, 2012 at 7:36 PM, djczaski wrote: >> I was looking at nginx as a replacement of another web server in order >> to improve performance on an embedded platform. Actually, I was able >> to implement this through access_by_lua while I was having problems >> and although it worked, performance was worse than using the fastcgi >> authorizer on the other server. > > How did you write your Lua code in access_by_lua? Are you using > blocking 3rd-party Lua libraries there? No. Its basically: local res = ngx.location.capture("/auth") if res.status == 200 then ngx.var.test = res.headers["X-Boo"] else ngx.exit(res.status) end From agentzh at gmail.com Thu Dec 6 04:01:35 2012 From: agentzh at gmail.com (agentzh) Date: Wed, 5 Dec 2012 20:01:35 -0800 Subject: auth_request_set into variable and lua In-Reply-To: References: <45ac71d3301731a29e6a32fad68cf50b.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello! On Wed, Dec 5, 2012 at 7:33 PM, djczaski wrote: > > No. Its basically: > > local res = ngx.location.capture("/auth") > if res.status == 200 then > ngx.var.test = res.headers["X-Boo"] > else > ngx.exit(res.status) > end > It won't help much in terms of performance. I thought you were using Lua to implement an efficient nonblocking (if network I/O is involved) authorizer and speeding it up with LuaJIT 2.0 :) Best regards, -agentzh From mdounin at mdounin.ru Thu Dec 6 10:22:49 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 6 Dec 2012 14:22:49 +0400 Subject: SSL key permissions - why does root work? In-Reply-To: References: Message-ID: <20121206102249.GP40452@mdounin.ru> Hello! On Wed, Dec 05, 2012 at 12:05:02PM -0500, pokrface wrote: > Hi all-- > > This might be a silly question, so I apologize, but I would like to know the > answer. When configuring Nginx to work with SSL/TLS, best practice appears > to be to secure your site's private key by ensuring it's owned by root:root > and that its permissions are set to 400. My question, though, is why does > this work? The Nginx worker processes, running under their own context, > can't access the file that way. Do they rely on the master process (running > as root) to read the key for them? Worker processes doesn't read keys, but use keys already in memory (read by the master process during reading/parsing the configuration file, and inherited via fork() syscall, much like all other configuration data). -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Thu Dec 6 13:37:36 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 6 Dec 2012 17:37:36 +0400 Subject: Set-Cookie is missing via proxy In-Reply-To: <50BFAA99.2070200@heinlein-support.de> References: <50BF2963.1090106@heinlein-support.de> <20121205122309.GM40452@mdounin.ru> <50BFA3A7.5010500@heinlein-support.de> <50BFAA99.2070200@heinlein-support.de> Message-ID: <20121206133736.GR40452@mdounin.ru> Hello! On Wed, Dec 05, 2012 at 09:12:09PM +0100, Isaac Hailperin wrote: > Also, at least from the config, the html should not be cached, right? I don't see anything in the config you provided which will prevent caching. [...] > >>I would suggest it's backend code/configs which needs > >>investigation. It looks like the backend returns static file > >>(note Content-Length, ETag and no X-Powered-By) to nginx for some > >>reason. > >Am I understanding you correctly: you suggest that for some reason the > >backend is delivering a page without the query string, so nginx has no > >chance to deliver it? Yes. -- Maxim Dounin http://nginx.com/support.html From i.hailperin at heinlein-support.de Thu Dec 6 15:16:50 2012 From: i.hailperin at heinlein-support.de (Isaac Hailperin) Date: Thu, 06 Dec 2012 16:16:50 +0100 Subject: Set-Cookie is missing via proxy In-Reply-To: <20121206133736.GR40452@mdounin.ru> References: <50BF2963.1090106@heinlein-support.de> <20121205122309.GM40452@mdounin.ru> <50BFA3A7.5010500@heinlein-support.de> <50BFAA99.2070200@heinlein-support.de> <20121206133736.GR40452@mdounin.ru> Message-ID: <46889b6a217cf7572f8359d8265b8509@heinlein-support.de> On 06.12.2012 14:37, Maxim Dounin wrote: >> Also, at least from the config, the html should not be cached, >> right? > > I don't see anything in the config you provided which will prevent > caching. location ~* \.(jpg|gif|png|css|js) { try_files $uri @proxy; } location @proxy { proxy_pass http://backend-all-apaches; } location / { proxy_pass http://backend-all-apaches; } As far as my understanding goes, this will only cache jpg|gif|png|css|js files, and send the rest directly to the backend. Please correct me if I am wrong. Isaac From howachen at gmail.com Thu Dec 6 16:02:40 2012 From: howachen at gmail.com (howard chen) Date: Fri, 7 Dec 2012 00:02:40 +0800 Subject: having lot of waiting connection will cause high CPU usage? In-Reply-To: <1354119177779-7582708.post@n2.nabble.com> References: <1354044938814-7582673.post@n2.nabble.com> <1354119177779-7582708.post@n2.nabble.com> Message-ID: Hi, Really sorry for the late reply. My vmstat 1 is: procs -----------memory---------- ---swap-- -----io---- -system-- ----cpu---- r b swpd free buff cache si so bi bo in cs us sy id wa 1 0 15536 40376 47352 1017532 0 0 5 11 1 0 13 26 61 0 3 0 15536 40624 47360 1017420 0 0 0 20 8094 3010 19 29 53 0 1 0 15536 40128 47360 1017492 0 0 0 0 8338 2893 19 32 49 0 1 0 15536 40096 47360 1017576 0 0 0 0 8724 3118 27 29 45 0 2 0 15536 39880 47360 1017684 0 0 0 8 9030 3155 27 25 47 0 3 0 15536 39632 47368 1017792 0 0 0 56 9053 2969 26 28 46 0 2 0 15536 39260 47376 1017892 0 0 0 20 8549 3094 22 26 52 0 2 0 15536 39260 47376 1017864 0 0 0 0 8637 3228 23 26 51 0 4 0 15536 39064 47380 1017472 0 0 4 0 8571 3142 24 28 48 0 4 0 15536 39592 47380 1017440 0 0 0 20 8683 3084 26 27 47 0 2 0 15536 39468 47388 1017476 0 0 0 148 8730 3154 30 24 46 0 On Thu, Nov 29, 2012 at 12:12 AM, antituhan wrote: > Type *vmstat 1* > > > > ----- > [daemon at antituhan.com ~]# > -- > View this message in context: > http://nginx.2469901.n2.nabble.com/having-lot-of-waiting-connection-will-cause-high-CPU-usage-tp7582492p7582708.html > Sent from the nginx mailing list archive at Nabble.com. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Thu Dec 6 16:02:53 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 6 Dec 2012 20:02:53 +0400 Subject: Set-Cookie is missing via proxy In-Reply-To: <46889b6a217cf7572f8359d8265b8509@heinlein-support.de> References: <50BF2963.1090106@heinlein-support.de> <20121205122309.GM40452@mdounin.ru> <50BFA3A7.5010500@heinlein-support.de> <50BFAA99.2070200@heinlein-support.de> <20121206133736.GR40452@mdounin.ru> <46889b6a217cf7572f8359d8265b8509@heinlein-support.de> Message-ID: <20121206160253.GU40452@mdounin.ru> Hello! On Thu, Dec 06, 2012 at 04:16:50PM +0100, Isaac Hailperin wrote: > On 06.12.2012 14:37, Maxim Dounin wrote: > > >>Also, at least from the config, the html should not be cached, > >>right? > > > >I don't see anything in the config you provided which will prevent > >caching. > > location ~* \.(jpg|gif|png|css|js) > { > try_files $uri @proxy; > } > > location @proxy > { > proxy_pass http://backend-all-apaches; > } > > location / > { > proxy_pass http://backend-all-apaches; > } > > As far as my understanding goes, this will only cache > jpg|gif|png|css|js files, and send the rest directly to the backend. > Please correct me if I am wrong. You are wrong. It tries to lookup jpg/gif/png/css/js files directly on the file system as static files, but it's 1) Not cache. Cache is activated with proxy_cache directive, see http://nginx.org/r/proxy_cache. 2) Not related to html files you talked about. 3) Not related to the response in question as headers clearly indicate it was originally returned by Apache (note ETag in Apache format). Whether or not the response in question was cached can't be concluded from the information provided. Most likely it was as config says to cache all 200 responses (without cookies) for 60 minutes. -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Thu Dec 6 17:34:18 2012 From: nginx-forum at nginx.us (marcosluna79) Date: Thu, 06 Dec 2012 12:34:18 -0500 Subject: Use next Balanced member if 503 error Message-ID: Hello I am working with nginx as balancer between two jetty servers. The balancing is working but I am facing a problem when a 503 error is generated by one of the servers, I added the line proxy_next_upstream error timeout invalid_header http_500 http_503; It seems not to work when one of the servers fail because a resource is lost like a DB connection. I can see the 503 error page instead of the correct page in the other balanced member. I have checked that the other server do have a valid DB connection but nginx fails to forward to it. Thanks for your help. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233653,233653#msg-233653 From nginx-forum at nginx.us Thu Dec 6 19:06:26 2012 From: nginx-forum at nginx.us (spacerobot) Date: Thu, 06 Dec 2012 14:06:26 -0500 Subject: Setting large proxy_buffer_size Message-ID: <88a3e9e92e10390a81f2235143ef4c4c.NginxMailingListEnglish@forum.nginx.org> Ran into an issue that I needed to set a larger proxy_buffer_size (e.g. to 128k). It works after increasing. However my question is: what's the disadvantages of setting a large buffer size? If there is no disadvantage, why the default is only 8k? Is there a certain value that I certainly shouldn't set it larger than that? Thanks! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233654,233654#msg-233654 From kirpit at gmail.com Thu Dec 6 19:31:45 2012 From: kirpit at gmail.com (kirpit) Date: Thu, 6 Dec 2012 21:31:45 +0200 Subject: can get "uwsgi_buffering off" working.. Message-ID: Hi, I'm just trying to setup a non-blocking server backed with uwsgi/gevent. So I need to turn off uwsgi buffering as it's necessary. However, it seems quite impossible to get it working even though it says "46382#0: *1 http upstream process non buffered downstream" within the debug output and I started to consider that would be a bug. I've tried both with v1.2.5 and v1.2.4. Here the output belongs to requesting a static file that is handled by uwsgi itself (via "static-map" directive; http://projects.unbit.it/uwsgi/wiki/Doc). And here is the minimal setup and outputs: nginx -V ################################ configure arguments: --prefix=/opt/local --with-cc-opt='-I/opt/local/include -O2' --with-ld-opt=-L/opt/local/lib --conf-path=/opt/local/etc/nginx/nginx.conf --error-log-path=/opt/local/var/log/nginx/error.log --http-log-path=/opt/local/var/log/nginx/access.log --pid-path=/opt/local/var/run/nginx/nginx.pid --lock-path=/opt/local/var/run/nginx/nginx.lock --http-client-body-temp-path=/opt/local/var/run/nginx/client_body_temp --http-proxy-temp-path=/opt/local/var/run/nginx/proxy_temp --http-fastcgi-temp-path=/opt/local/var/run/nginx/fastcgi_temp --http-uwsgi-temp-path=/opt/local/var/run/nginx/uwsgi_temp --with-ipv6 --with-http_gzip_static_module --with-http_ssl_module --with-debug nginx.conf ################################ # path prefixes daemon on; master_process on; pid /data/log/nginx/nginx.pid; error_log /data/log/nginx/main-errors.log error; events { debug_connection 127.0.0.1; } http { include mime.types; include uwsgi_params; include uwsgicluster; access_log /data/log/nginx/main-access.log; # gevent async server! uwsgi_buffering off; # www (application) server server { server_name $host; listen 80 default_server deferred; access_log /data/log/nginx/$host-access.log; uwsgi_buffering off; # gevent async server! location ~ ^/(favicon\.ico|robots\.txt)$ { root /data/app/pycore/static_extra; log_not_found off; access_log off; } location / { uwsgi_pass uwsgicluster; } } } ################################ uwsgi daemon.log ################################ Thu Dec 6 21:10:50 2012 - spawned uWSGI worker 2 (pid: 46388, cores: 100) Thu Dec 6 21:10:50 2012 - mapping worker 1 to CPUs: Thu Dec 6 21:10:50 2012 - spawned uWSGI worker 3 (pid: 46389, cores: 100) Thu Dec 6 21:10:50 2012 - mapping worker 2 to CPUs: Thu Dec 6 21:10:50 2012 - spawned uWSGI worker 4 (pid: 46390, cores: 100) Thu Dec 6 21:10:50 2012 - *** running gevent loop engine [addr:0x10c9db0d0] *** Thu Dec 6 21:10:50 2012 - *** Stats server enabled on /tmp/uwsgistat.sock fd: 15 *** Thu Dec 6 21:10:50 2012 - mapping worker 3 to CPUs: Thu Dec 6 21:10:50 2012 - mapping worker 4 to CPUs: Thu Dec 6 21:10:50 2012 - [uwsgi-daemons] spawning "memcached -m 512" tripall.com {address space usage: 2522730496 bytes/2405MB} {rss usage: 6287360 bytes/5MB} [pid: 46387|app: 0|req: -1/1] 127.0.0.1 () {48 vars in 1395 bytes} [Thu Dec 6 21:11:30 2012] GET /static/css/bootstrap.min.css => generated 4096 bytes in 40 msecs via sendfile() (HTTP/1.1 200) 2 headers in 89 bytes (2 switches on core 99) Thu Dec 6 21:11:30 2012 - ...The work of process 46387 is done. Seeya! Thu Dec 6 21:11:30 2012 - Gracefully killing worker 1 (pid: 46387)... Thu Dec 6 21:11:30 2012 - stopping gevent signals watchers for worker 1 (pid: 46387)... Thu Dec 6 21:11:30 2012 - stopping gevent sockets watchers for worker 1 (pid: 46387)... Thu Dec 6 21:11:30 2012 - main gevent watchers stopped for worker 1 (pid: 46387)... Thu Dec 6 21:11:30 2012 - Respawned uWSGI worker 1 (new pid: 46397) Thu Dec 6 21:11:30 2012 - mapping worker 1 to CPUs: Thu Dec 6 21:11:30 2012 - *** running gevent loop engine [addr:0x10c9db0d0] *** Thu Dec 6 21:12:31 2012 - *** HARAKIRI ON WORKER 2 (pid: 46388, try: 1) *** Thu Dec 6 21:12:31 2012 - *** backtrace of 46388 *** Thu Dec 6 21:12:31 2012 - 0 uwsgi 0x000000010c9bb1db uwsgi_backtrace + 43 Thu Dec 6 21:12:31 2012 - 1 uwsgi 0x000000010c9baf11 what_i_am_doing + 49 Thu Dec 6 21:12:31 2012 - 2 libsystem_c.dylib 0x00007fff896698ea _sigtramp + 26 Thu Dec 6 21:12:31 2012 - 3 ??? 0x00007f8ee3c13990 0x0 + 140251683174800 Thu Dec 6 21:12:31 2012 - 4 core.so 0x000000010e49c08b ev_run + 1124 Thu Dec 6 21:12:31 2012 - 5 core.so 0x000000010e4bab6b __pyx_pw_6gevent_4core_4loop_15run + 615 Thu Dec 6 21:12:31 2012 - 6 Python 0x000000010d073747 PyEval_EvalFrameEx + 9911 Thu Dec 6 21:12:31 2012 - 7 Python 0x000000010d071046 PyEval_EvalCodeEx + 1990 Thu Dec 6 21:12:31 2012 - 8 Python 0x000000010d006a1b function_call + 347 Thu Dec 6 21:12:31 2012 - 9 Python 0x000000010cfe3421 PyObject_Call + 97 Thu Dec 6 21:12:31 2012 - 10 Python 0x000000010cfeef46 instancemethod_call + 502 Thu Dec 6 21:12:31 2012 - 11 Python 0x000000010cfe3421 PyObject_Call + 97 Thu Dec 6 21:12:31 2012 - 12 Python 0x000000010d077de8 PyEval_CallObjectWithKeywords + 168 Thu Dec 6 21:12:31 2012 - 13 greenlet.so 0x000000010e4946f9 g_initialstub + 865 Thu Dec 6 21:12:31 2012 - 14 greenlet.so 0x000000010e493eff g_switch + 293 Thu Dec 6 21:12:31 2012 - 15 greenlet.so 0x000000010e494ebf green_switch + 20 Thu Dec 6 21:12:31 2012 - 16 Python 0x000000010cfe3421 PyObject_Call + 97 Thu Dec 6 21:12:31 2012 - 17 Python 0x000000010d077de8 PyEval_CallObjectWithKeywords + 168 Thu Dec 6 21:12:31 2012 - 18 Python 0x000000010cff7e0e methoddescr_call + 318 Thu Dec 6 21:12:31 2012 - 19 Python 0x000000010cfe3421 PyObject_Call + 97 Thu Dec 6 21:12:31 2012 - 20 Python 0x000000010d073a0a PyEval_EvalFrameEx + 10618 Thu Dec 6 21:12:31 2012 - 21 Python 0x000000010d071046 PyEval_EvalCodeEx + 1990 Thu Dec 6 21:12:31 2012 - 22 Python 0x000000010d07863d fast_function + 285 Thu Dec 6 21:12:31 2012 - 23 Python 0x000000010d0737e8 PyEval_EvalFrameEx + 10072 Thu Dec 6 21:12:31 2012 - 24 Python 0x000000010d071046 PyEval_EvalCodeEx + 1990 Thu Dec 6 21:12:31 2012 - 25 Python 0x000000010d07863d fast_function + 285 Thu Dec 6 21:12:31 2012 - 26 Python 0x000000010d0737e8 PyEval_EvalFrameEx + 10072 Thu Dec 6 21:12:31 2012 - 27 Python 0x000000010d071046 PyEval_EvalCodeEx + 1990 Thu Dec 6 21:12:31 2012 - 28 Python 0x000000010d006a1b function_call + 347 Thu Dec 6 21:12:31 2012 - 29 Python 0x000000010cfe3421 PyObject_Call + 97 Thu Dec 6 21:12:31 2012 - 30 Python 0x000000010cfeef46 instancemethod_call + 502 Thu Dec 6 21:12:31 2012 - 31 Python 0x000000010cfe3421 PyObject_Call + 97 Thu Dec 6 21:12:31 2012 - 32 Python 0x000000010cfe35ff call_function_tail + 95 Thu Dec 6 21:12:31 2012 - 33 Python 0x000000010cfe386e PyObject_CallMethod + 318 Thu Dec 6 21:12:31 2012 - 34 uwsgi 0x000000010c9db5e8 gevent_loop + 1304 Thu Dec 6 21:12:31 2012 - 35 uwsgi 0x000000010c9bf71d uwsgi_ignition + 317 Thu Dec 6 21:12:31 2012 - 36 uwsgi 0x000000010c9bf318 uwsgi_start + 6344 Thu Dec 6 21:12:31 2012 - 37 uwsgi 0x000000010c9bd273 main + 6995 Thu Dec 6 21:12:31 2012 - 38 libdyld.dylib 0x00007fff8db7d7e1 start + 0 Thu Dec 6 21:12:31 2012 - 39 ??? 0x0000000000000003 0x0 + 3 Thu Dec 6 21:12:31 2012 - *** end of backtrace *** Thu Dec 6 21:12:33 2012 - *** HARAKIRI ON WORKER 2 (pid: 46388, try: 2) *** Thu Dec 6 21:12:34 2012 - DAMN ! worker 2 (pid: 46388) died, killed by signal 9 :( trying respawn ... Thu Dec 6 21:12:34 2012 - Respawned uWSGI worker 2 (new pid: 46401) Thu Dec 6 21:12:34 2012 - mapping worker 2 to CPUs: ################################ nginx debug output: ################################ 2012/12/06 21:11:30 [debug] 46382#0: *1 accept: 127.0.0.1 fd:3 2012/12/06 21:11:30 [debug] 46382#0: *1 event timer add: 3: 60000:1354821150093 2012/12/06 21:11:30 [debug] 46382#0: *1 kevent set event: 3: ft:-1 fl:0025 2012/12/06 21:11:30 [debug] 46382#0: *2 accept: 127.0.0.1 fd:9 2012/12/06 21:11:30 [debug] 46382#0: *2 event timer add: 9: 60000:1354821150093 2012/12/06 21:11:30 [debug] 46382#0: *2 kevent set event: 9: ft:-1 fl:0025 2012/12/06 21:11:30 [debug] 46382#0: *1 kevent: 3: ft:-1 fl:0025 ff:00000000 d:1084 ud:00007F8742055AE0 2012/12/06 21:11:30 [debug] 46382#0: *1 malloc: 00007F8742023A00:1256 2012/12/06 21:11:30 [debug] 46382#0: *1 posix_memalign: 00007F8741C1E0C0:256 @16 2012/12/06 21:11:30 [debug] 46382#0: *1 malloc: 00007F8742007C00:1024 2012/12/06 21:11:30 [debug] 46382#0: *1 posix_memalign: 00007F8742008000:4096 @16 2012/12/06 21:11:30 [debug] 46382#0: *1 http process request line 2012/12/06 21:11:30 [debug] 46382#0: *1 recv: eof:0, avail:1084, err:0 2012/12/06 21:11:30 [debug] 46382#0: *1 recv: fd:3 1024 of 1024 2012/12/06 21:11:30 [debug] 46382#0: *1 http request line: "GET /static/css/bootstrap.min.css HTTP/1.1" 2012/12/06 21:11:30 [debug] 46382#0: *1 http uri: "/static/css/bootstrap.min.css" 2012/12/06 21:11:30 [debug] 46382#0: *1 http args: "" 2012/12/06 21:11:30 [debug] 46382#0: *1 http exten: "css" 2012/12/06 21:11:30 [debug] 46382#0: *1 http process request header line 2012/12/06 21:11:30 [debug] 46382#0: *1 http header: "Host: tripall.com" 2012/12/06 21:11:30 [debug] 46382#0: *1 http header: "Connection: keep-alive" 2012/12/06 21:11:30 [debug] 46382#0: *1 http header: "Cache-Control: max-age=0" 2012/12/06 21:11:30 [debug] 46382#0: *1 http header: "Authorization: Basic ZXJ0dXI6YmFoYXJpeWU=" 2012/12/06 21:11:30 [debug] 46382#0: *1 http header: "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4" 2012/12/06 21:11:30 [debug] 46382#0: *1 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" 2012/12/06 21:11:30 [debug] 46382#0: *1 http header: "Accept-Encoding: gzip,deflate,sdch" 2012/12/06 21:11:30 [debug] 46382#0: *1 http header: "Accept-Language: en-US,en;q=0.8" 2012/12/06 21:11:30 [debug] 46382#0: *1 http header: "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3" 2012/12/06 21:11:30 [debug] 46382#0: *1 http header: "Cookie: _nm_expiry_ng=47c5f6ac-3b44-428f-ae73-d1bb48d9fd6b; JSESSIONID=B7D8C155FE2B0235F75CD4EB751DD2DB; __utma=1.1759916378.1347958332.1347958332.1347958332.1; __utmc=1; __utmz=1.1347958332.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); csrftoken=TNY9lk0guaPmierieEmSeVm3cNozzzs4; djdt=hide; sessionid=405335e2ec3cc7f574c29a6d4a3790be; csrftoken=TNY9lk0guaPmierieEmSeVm3cNozzzs4; __utma=2927093.410235394.1351698122.1354799223.1354803506.25; __utmc=2927093; __utmz=2927093.1351698122.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)" 2012/12/06 21:11:30 [debug] 46382#0: *1 http alloc large header buffer 2012/12/06 21:11:30 [debug] 46382#0: *1 malloc: 00007F8742009000:8192 2012/12/06 21:11:30 [debug] 46382#0: *1 http large header alloc: 00007F8742009000 8192 2012/12/06 21:11:30 [debug] 46382#0: *1 http large header copy: 7 2012/12/06 21:11:30 [debug] 46382#0: *1 recv: eof:0, avail:60, err:0 2012/12/06 21:11:30 [debug] 46382#0: *1 recv: fd:3 60 of 8185 2012/12/06 21:11:30 [debug] 46382#0: *1 http header: "Range: bytes=4096-4096" 2012/12/06 21:11:30 [debug] 46382#0: *1 http header: "If-Range: Wed, 28 Nov 2012 11:25:02 GMT" 2012/12/06 21:11:30 [debug] 46382#0: *1 http header done 2012/12/06 21:11:30 [debug] 46382#0: *1 event timer del: 3: 1354821150093 2012/12/06 21:11:30 [debug] 46382#0: *1 rewrite phase: 0 2012/12/06 21:11:30 [debug] 46382#0: *1 test location: "/" 2012/12/06 21:11:30 [debug] 46382#0: *1 test location: ~ "^/(favicon\.ico|robots\.txt)$" 2012/12/06 21:11:30 [debug] 46382#0: *1 using configuration "/" 2012/12/06 21:11:30 [debug] 46382#0: *1 http cl:-1 max:1048576 2012/12/06 21:11:30 [debug] 46382#0: *1 rewrite phase: 2 2012/12/06 21:11:30 [debug] 46382#0: *1 post rewrite phase: 3 2012/12/06 21:11:30 [debug] 46382#0: *1 generic phase: 4 2012/12/06 21:11:30 [debug] 46382#0: *1 generic phase: 5 2012/12/06 21:11:30 [debug] 46382#0: *1 access phase: 6 2012/12/06 21:11:30 [debug] 46382#0: *1 access phase: 7 2012/12/06 21:11:30 [debug] 46382#0: *1 post access phase: 8 2012/12/06 21:11:30 [debug] 46382#0: *1 http init upstream, client timer: 0 2012/12/06 21:11:30 [debug] 46382#0: *1 kevent set event: 3: ft:-2 fl:0025 2012/12/06 21:11:30 [debug] 46382#0: *1 posix_memalign: 00007F8741C1E1C0:256 @16 2012/12/06 21:11:30 [debug] 46382#0: *1 posix_memalign: 00007F8742017E00:4096 @16 2012/12/06 21:11:30 [debug] 46382#0: *1 http script copy: "QUERY_STRING" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "QUERY_STRING: " 2012/12/06 21:11:30 [debug] 46382#0: *1 http script copy: "REQUEST_METHOD" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script var: "GET" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "REQUEST_METHOD: GET" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script copy: "CONTENT_TYPE" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "CONTENT_TYPE: " 2012/12/06 21:11:30 [debug] 46382#0: *1 http script copy: "CONTENT_LENGTH" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "CONTENT_LENGTH: " 2012/12/06 21:11:30 [debug] 46382#0: *1 http script copy: "REQUEST_URI" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script var: "/static/css/bootstrap.min.css" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "REQUEST_URI: /static/css/bootstrap.min.css" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script copy: "PATH_INFO" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script var: "/static/css/bootstrap.min.css" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "PATH_INFO: /static/css/bootstrap.min.css" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script copy: "DOCUMENT_ROOT" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script var: "/opt/local/html" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "DOCUMENT_ROOT: /opt/local/html" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script copy: "SERVER_PROTOCOL" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script var: "HTTP/1.1" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "SERVER_PROTOCOL: HTTP/1.1" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script copy: "REMOTE_ADDR" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script var: "127.0.0.1" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "REMOTE_ADDR: 127.0.0.1" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script copy: "REMOTE_PORT" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script var: "53675" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "REMOTE_PORT: 53675" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script copy: "SERVER_PORT" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script var: "80" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "SERVER_PORT: 80" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script copy: "SERVER_NAME" 2012/12/06 21:11:30 [debug] 46382#0: *1 http script var: "$host" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "SERVER_NAME: $host" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "HTTP_HOST: tripall.com " 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "HTTP_CONNECTION: keep-alive" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "HTTP_CACHE_CONTROL: max-age=0" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "HTTP_AUTHORIZATION: Basic ZXJ0dXI6YmFoYXJpeWU=" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "HTTP_USER_AGENT: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "HTTP_ACCEPT: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "HTTP_ACCEPT_ENCODING: gzip,deflate,sdch" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "HTTP_ACCEPT_LANGUAGE: en-US,en;q=0.8" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "HTTP_ACCEPT_CHARSET: ISO-8859-1,utf-8;q=0.7,*;q=0.3" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "HTTP_COOKIE: _nm_expiry_ng=47c5f6ac-3b44-428f-ae73-d1bb48d9fd6b; JSESSIONID=B7D8C155FE2B0235F75CD4EB751DD2DB; __utma=1.1759916378.1347958332.1347958332.1347958332.1; __utmc=1; __utmz=1.1347958332.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); csrftoken=TNY9lk0guaPmierieEmSeVm3cNozzzs4; djdt=hide; sessionid=405335e2ec3cc7f574c29a6d4a3790be; csrftoken=TNY9lk0guaPmierieEmSeVm3cNozzzs4; __utma=2927093.410235394.1351698122.1354799223.1354803506.25; __utmc=2927093; __utmz=2927093.1351698122.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "HTTP_RANGE: bytes=4096-4096" 2012/12/06 21:11:30 [debug] 46382#0: *1 uwsgi param: "HTTP_IF_RANGE: Wed, 28 Nov 2012 11:25:02 GMT" 2012/12/06 21:11:30 [debug] 46382#0: *1 http cleanup add: 00007F87420183F8 2012/12/06 21:11:30 [debug] 46382#0: *1 get ip hash peer, try: 1 2012/12/06 21:11:30 [debug] 46382#0: *1 get rr peer, try: 1 2012/12/06 21:11:30 [debug] 46382#0: *1 socket 10 2012/12/06 21:11:30 [debug] 46382#0: *1 connect to 127.0.0.1:9001, fd:10 #3 2012/12/06 21:11:30 [debug] 46382#0: *1 kevent set event: 10: ft:-1 fl:0025 2012/12/06 21:11:30 [debug] 46382#0: *1 kevent set event: 10: ft:-2 fl:0025 2012/12/06 21:11:30 [debug] 46382#0: *1 http upstream connect: -2 2012/12/06 21:11:30 [debug] 46382#0: *1 posix_memalign: 00007F8741C1E810:128 @16 2012/12/06 21:11:30 [debug] 46382#0: *1 event timer add: 10: 60000:1354821150094 2012/12/06 21:11:30 [debug] 46382#0: *1 http finalize request: -4, "/static/css/bootstrap.min.css?" a:1, c:2 2012/12/06 21:11:30 [debug] 46382#0: *1 http request count:2 blk:0 2012/12/06 21:11:30 [debug] 46382#0: *1 kevent: 3: ft:-2 fl:0025 ff:00000000 d:146988 ud:00007F8742063AE0 2012/12/06 21:11:30 [debug] 46382#0: *1 http run request: "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 http upstream check client, write event:1, "/static/css/bootstrap.min.css" 2012/12/06 21:11:30 [debug] 46382#0: *1 kevent: 10: ft:-2 fl:0025 ff:00000000 d:146988 ud:00007F8742063BC0 2012/12/06 21:11:30 [debug] 46382#0: *1 http upstream request: "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 http upstream send request handler 2012/12/06 21:11:30 [debug] 46382#0: *1 http upstream send request 2012/12/06 21:11:30 [debug] 46382#0: *1 chain writer buf fl:0 s:1399 2012/12/06 21:11:30 [debug] 46382#0: *1 chain writer in: 00007F8742018458 2012/12/06 21:11:30 [debug] 46382#0: *1 writev: 1399 of 1399 2012/12/06 21:11:30 [debug] 46382#0: *1 chain writer out: 0000000000000000 2012/12/06 21:11:30 [debug] 46382#0: *1 event timer del: 10: 1354821150094 2012/12/06 21:11:30 [debug] 46382#0: *1 event timer add: 10: 60000:1354821150095 2012/12/06 21:11:30 [debug] 46382#0: *1 kevent: 10: ft:-2 fl:0025 ff:00000000 d:146988 ud:00007F8742063BC0 2012/12/06 21:11:30 [debug] 46382#0: *1 http upstream request: "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 http upstream dummy handler 2012/12/06 21:11:30 [debug] 46382#0: *1 kevent: 10: ft:-1 fl:0025 ff:00000000 d:89 ud:00007F8742055BC0 2012/12/06 21:11:30 [debug] 46382#0: *1 http upstream request: "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 http upstream process header 2012/12/06 21:11:30 [debug] 46382#0: *1 malloc: 00007F8742018E00:4096 2012/12/06 21:11:30 [debug] 46382#0: *1 recv: eof:0, avail:89, err:0 2012/12/06 21:11:30 [debug] 46382#0: *1 recv: fd:10 4096 of 4096 2012/12/06 21:11:30 [debug] 46382#0: *1 http uwsgi status 200 "200 OK" 2012/12/06 21:11:30 [debug] 46382#0: *1 http uwsgi header: "Content-Length: 113975" 2012/12/06 21:11:30 [debug] 46382#0: *1 http uwsgi header: "Last-Modified: Wed, 28 Nov 2012 11:25:02 GMT" 2012/12/06 21:11:30 [debug] 46382#0: *1 http uwsgi header done 2012/12/06 21:11:30 [debug] 46382#0: *1 HTTP/1.1 200 OK Server: nginx/1.2.4 Date: Thu, 06 Dec 2012 19:11:30 GMT Content-Length: 113975 Connection: keep-alive Last-Modified: Wed, 28 Nov 2012 11:25:02 GMT 2012/12/06 21:11:30 [debug] 46382#0: *1 write new buf t:1 f:0 00007F87420186B0, pos 00007F87420186B0, size: 171 file: 0, size: 0 2012/12/06 21:11:30 [debug] 46382#0: *1 http write filter: l:0 f:0 s:171 2012/12/06 21:11:30 [debug] 46382#0: *1 tcp_nodelay 2012/12/06 21:11:30 [debug] 46382#0: *1 http upstream process non buffered downstream 2012/12/06 21:11:30 [debug] 46382#0: *1 http output filter "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 http copy filter: "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 http postpone filter "/static/css/bootstrap.min.css?" 00007F8742018780 2012/12/06 21:11:30 [debug] 46382#0: *1 write old buf t:1 f:0 00007F87420186B0, pos 00007F87420186B0, size: 171 file: 0, size: 0 2012/12/06 21:11:30 [debug] 46382#0: *1 write new buf t:0 f:0 0000000000000000, pos 00007F8742018E59, size: 4007 file: 0, size: 0 2012/12/06 21:11:30 [debug] 46382#0: *1 http write filter: l:0 f:1 s:4178 2012/12/06 21:11:30 [debug] 46382#0: *1 http write filter limit 0 2012/12/06 21:11:30 [debug] 46382#0: *1 writev: 4178 of 4178 2012/12/06 21:11:30 [debug] 46382#0: *1 http write filter 0000000000000000 2012/12/06 21:11:30 [debug] 46382#0: *1 http copy filter: 0 "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 event timer: 10, old: 1354821150095, new: 1354821150136 2012/12/06 21:11:30 [debug] 46382#0: *1 kevent: 10: ft:-1 fl:8025 ff:00000000 d:89 ud:00007F8742055BC0 2012/12/06 21:11:30 [debug] 46382#0: *1 http upstream request: "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 http upstream process non buffered upstream 2012/12/06 21:11:30 [debug] 46382#0: *1 recv: eof:1, avail:89, err:0 2012/12/06 21:11:30 [debug] 46382#0: *1 recv: fd:10 89 of 4096 2012/12/06 21:11:30 [debug] 46382#0: *1 http output filter "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 http copy filter: "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 http postpone filter "/static/css/bootstrap.min.css?" 00007F8742018780 2012/12/06 21:11:30 [debug] 46382#0: *1 write new buf t:0 f:0 0000000000000000, pos 00007F8742018E00, size: 89 file: 0, size: 0 2012/12/06 21:11:30 [debug] 46382#0: *1 http write filter: l:0 f:1 s:89 2012/12/06 21:11:30 [debug] 46382#0: *1 http write filter limit 0 2012/12/06 21:11:30 [debug] 46382#0: *1 writev: 89 of 89 2012/12/06 21:11:30 [debug] 46382#0: *1 http write filter 0000000000000000 2012/12/06 21:11:30 [debug] 46382#0: *1 http copy filter: 0 "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 recv: eof:1, avail:0, err:0 2012/12/06 21:11:30 [debug] 46382#0: *1 finalize http upstream request: 0 2012/12/06 21:11:30 [debug] 46382#0: *1 finalize http uwsgi request 2012/12/06 21:11:30 [debug] 46382#0: *1 free rr peer 1 0 2012/12/06 21:11:30 [debug] 46382#0: *1 close http upstream connection: 10 2012/12/06 21:11:30 [debug] 46382#0: *1 free: 00007F8741C1E810, unused: 48 2012/12/06 21:11:30 [debug] 46382#0: *1 event timer del: 10: 1354821150095 2012/12/06 21:11:30 [debug] 46382#0: *1 reusable connection: 0 2012/12/06 21:11:30 [debug] 46382#0: *1 http output filter "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 http copy filter: "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 http postpone filter "/static/css/bootstrap.min.css?" 00007FFF51F15500 2012/12/06 21:11:30 [debug] 46382#0: *1 write new buf t:0 f:0 0000000000000000, pos 0000000000000000, size: 0 file: 0, size: 0 2012/12/06 21:11:30 [debug] 46382#0: *1 http write filter: l:1 f:0 s:0 2012/12/06 21:11:30 [debug] 46382#0: *1 http copy filter: 0 "/static/css/bootstrap.min.css?" 2012/12/06 21:11:30 [debug] 46382#0: *1 http finalize request: 0, "/static/css/bootstrap.min.css?" a:1, c:1 2012/12/06 21:11:30 [debug] 46382#0: *1 set http keepalive handler 2012/12/06 21:11:30 [debug] 46382#0: *1 http close request 2012/12/06 21:11:30 [debug] 46382#0: *1 http log handler 2012/12/06 21:11:30 [error] 46382#0: *1 testing "/opt/local/html" existence failed (2: No such file or directory) while logging request, client: 127.0.0.1, server: $host, request: "GET /static/css/bootstrap.min.css HTTP/1.1", upstream: "uwsgi://127.0.0.1:9001", host: "tripall.com" 2012/12/06 21:11:30 [debug] 46382#0: *1 free: 00007F8742018E00 2012/12/06 21:11:30 [debug] 46382#0: *1 free: 00007F8742008000, unused: 0 2012/12/06 21:11:30 [debug] 46382#0: *1 free: 00007F8742017E00, unused: 1049 2012/12/06 21:11:30 [debug] 46382#0: *1 event timer add: 3: 75000:1354821165139 2012/12/06 21:11:30 [debug] 46382#0: *1 free: 00007F8742023A00 2012/12/06 21:11:30 [debug] 46382#0: *1 free: 00007F8742007C00 2012/12/06 21:11:30 [debug] 46382#0: *1 hc free: 0000000000000000 0 2012/12/06 21:11:30 [debug] 46382#0: *1 hc busy: 00007F8741C1E140 1 2012/12/06 21:11:30 [debug] 46382#0: *1 free: 00007F8742009000 2012/12/06 21:11:30 [debug] 46382#0: *1 reusable connection: 1 2012/12/06 21:11:30 [debug] 46382#0: *1 kevent: 3: ft:-2 fl:0025 ff:00000000 d:146988 ud:00007F8742063AE0 2012/12/06 21:11:30 [debug] 46382#0: *1 http empty handler 2012/12/06 21:11:30 [debug] 46382#0: *1 kevent: 3: ft:-2 fl:0025 ff:00000000 d:146988 ud:00007F8742063AE0 2012/12/06 21:11:30 [debug] 46382#0: *1 http empty handler 2012/12/06 21:11:40 [debug] 46382#0: *2 kevent: 9: ft:-1 fl:8025 ff:00000000 d:0 ud:00007F8742055B50 2012/12/06 21:11:40 [debug] 46382#0: *2 malloc: 00007F8742023A00:1256 2012/12/06 21:11:40 [debug] 46382#0: *2 posix_memalign: 00007F8741C1EAF0:256 @16 2012/12/06 21:11:40 [debug] 46382#0: *2 malloc: 00007F8742024000:1024 2012/12/06 21:11:40 [debug] 46382#0: *2 posix_memalign: 00007F8742007C00:4096 @16 2012/12/06 21:11:40 [debug] 46382#0: *2 http process request line 2012/12/06 21:11:40 [debug] 46382#0: *2 recv: eof:1, avail:0, err:0 2012/12/06 21:11:40 [info] 46382#0: *2 client prematurely closed connection while reading client request line, client: 127.0.0.1, server: $host 2012/12/06 21:11:40 [debug] 46382#0: *2 http finalize request: 400, "?" a:1, c:1 2012/12/06 21:11:40 [debug] 46382#0: *2 http terminate request count:1 2012/12/06 21:11:40 [debug] 46382#0: *2 http terminate cleanup count:1 blk:0 2012/12/06 21:11:40 [debug] 46382#0: *2 http request count:1 blk:0 2012/12/06 21:11:40 [debug] 46382#0: *2 http close request 2012/12/06 21:11:40 [debug] 46382#0: *2 http log handler 2012/12/06 21:11:40 [error] 46382#0: *2 testing "/opt/local/html" existence failed (2: No such file or directory) while logging request, client: 127.0.0.1, server: $host 2012/12/06 21:11:40 [debug] 46382#0: *2 free: 00007F8742007C00, unused: 2319 2012/12/06 21:11:40 [debug] 46382#0: *2 close http connection: 9 2012/12/06 21:11:40 [debug] 46382#0: *2 event timer del: 9: 1354821150093 2012/12/06 21:11:40 [debug] 46382#0: *2 reusable connection: 0 2012/12/06 21:11:40 [debug] 46382#0: *2 free: 00007F8742024000 2012/12/06 21:11:40 [debug] 46382#0: *2 free: 00007F8742023A00 2012/12/06 21:11:40 [debug] 46382#0: *2 free: 00007F8741C1E710, unused: 8 2012/12/06 21:11:40 [debug] 46382#0: *2 free: 00007F8741C1EAF0, unused: 128 2012/12/06 21:12:45 [debug] 46382#0: *1 event timer del: 3: 1354821165139 2012/12/06 21:12:45 [debug] 46382#0: *1 http keepalive handler 2012/12/06 21:12:45 [debug] 46382#0: *1 close http connection: 3 2012/12/06 21:12:45 [debug] 46382#0: *1 reusable connection: 0 2012/12/06 21:12:45 [debug] 46382#0: *1 free: 0000000000000000 2012/12/06 21:12:45 [debug] 46382#0: *1 free: 0000000000000000 2012/12/06 21:12:45 [debug] 46382#0: *1 free: 0000000000000000 2012/12/06 21:12:45 [debug] 46382#0: *1 free: 00007F8741C1DEC0, unused: 8 2012/12/06 21:12:45 [debug] 46382#0: *1 free: 00007F8741C1E0C0, unused: 0 2012/12/06 21:12:45 [debug] 46382#0: *1 free: 00007F8741C1E1C0, unused: 208 2012/12/06 21:12:45 [debug] 46382#0: *4 accept: 127.0.0.1 fd:3 2012/12/06 21:12:45 [debug] 46382#0: *4 event timer add: 3: 60000:1354821225146 2012/12/06 21:12:45 [debug] 46382#0: *4 kevent set event: 3: ft:-1 fl:0025 2012/12/06 21:12:45 [debug] 46382#0: *4 kevent: 3: ft:-1 fl:0025 ff:00000000 d:916 ud:00007F8742055AE1 2012/12/06 21:12:45 [debug] 46382#0: *4 malloc: 00007F8742023A00:1256 2012/12/06 21:12:45 [debug] 46382#0: *4 posix_memalign: 00007F8741C1DEC0:256 @16 2012/12/06 21:12:45 [debug] 46382#0: *4 malloc: 00007F8742024000:1024 2012/12/06 21:12:45 [debug] 46382#0: *4 posix_memalign: 00007F8742007C00:4096 @16 2012/12/06 21:12:45 [debug] 46382#0: *4 http process request line 2012/12/06 21:12:45 [debug] 46382#0: *4 recv: eof:0, avail:916, err:0 2012/12/06 21:12:45 [debug] 46382#0: *4 recv: fd:3 916 of 1024 2012/12/06 21:12:45 [debug] 46382#0: *4 http request line: "GET /favicon.ico HTTP/1.1" 2012/12/06 21:12:45 [debug] 46382#0: *4 http uri: "/favicon.ico" 2012/12/06 21:12:45 [debug] 46382#0: *4 http args: "" 2012/12/06 21:12:45 [debug] 46382#0: *4 http exten: "ico" 2012/12/06 21:12:45 [debug] 46382#0: *4 http process request header line 2012/12/06 21:12:45 [debug] 46382#0: *4 http header: "Host: tripall.com" 2012/12/06 21:12:45 [debug] 46382#0: *4 http header: "Connection: keep-alive" 2012/12/06 21:12:45 [debug] 46382#0: *4 http header: "Authorization: Basic ZXJ0dXI6YmFoYXJpeWU=" 2012/12/06 21:12:45 [debug] 46382#0: *4 http header: "Accept: */*" 2012/12/06 21:12:45 [debug] 46382#0: *4 http header: "User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_2) AppleWebKit/537.4 (KHTML, like Gecko) Chrome/22.0.1229.79 Safari/537.4" 2012/12/06 21:12:45 [debug] 46382#0: *4 http header: "Accept-Encoding: gzip,deflate,sdch" 2012/12/06 21:12:45 [debug] 46382#0: *4 http header: "Accept-Language: en-US,en;q=0.8" 2012/12/06 21:12:45 [debug] 46382#0: *4 http header: "Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3" 2012/12/06 21:12:45 [debug] 46382#0: *4 http header: "Cookie: _nm_expiry_ng=47c5f6ac-3b44-428f-ae73-d1bb48d9fd6b; JSESSIONID=B7D8C155FE2B0235F75CD4EB751DD2DB; __utma=1.1759916378.1347958332.1347958332.1347958332.1; __utmc=1; __utmz=1.1347958332.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); csrftoken=TNY9lk0guaPmierieEmSeVm3cNozzzs4; djdt=hide; sessionid=405335e2ec3cc7f574c29a6d4a3790be; csrftoken=TNY9lk0guaPmierieEmSeVm3cNozzzs4; __utma=2927093.410235394.1351698122.1354799223.1354803506.25; __utmc=2927093; __utmz=2927093.1351698122.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)" 2012/12/06 21:12:45 [debug] 46382#0: *4 http header done 2012/12/06 21:12:45 [debug] 46382#0: *4 event timer del: 3: 1354821225146 2012/12/06 21:12:45 [debug] 46382#0: *4 rewrite phase: 0 2012/12/06 21:12:45 [debug] 46382#0: *4 test location: "/" 2012/12/06 21:12:45 [debug] 46382#0: *4 test location: ~ "^/(favicon\.ico|robots\.txt)$" 2012/12/06 21:12:45 [debug] 46382#0: *4 using configuration "^/(favicon\.ico|robots\.txt)$" 2012/12/06 21:12:45 [debug] 46382#0: *4 http cl:-1 max:1048576 2012/12/06 21:12:45 [debug] 46382#0: *4 rewrite phase: 2 2012/12/06 21:12:45 [debug] 46382#0: *4 post rewrite phase: 3 2012/12/06 21:12:45 [debug] 46382#0: *4 generic phase: 4 2012/12/06 21:12:45 [debug] 46382#0: *4 generic phase: 5 2012/12/06 21:12:45 [debug] 46382#0: *4 access phase: 6 2012/12/06 21:12:45 [debug] 46382#0: *4 access phase: 7 2012/12/06 21:12:45 [debug] 46382#0: *4 post access phase: 8 2012/12/06 21:12:45 [debug] 46382#0: *4 content phase: 9 2012/12/06 21:12:45 [debug] 46382#0: *4 content phase: 10 2012/12/06 21:12:45 [debug] 46382#0: *4 content phase: 11 2012/12/06 21:12:45 [debug] 46382#0: *4 content phase: 12 2012/12/06 21:12:45 [debug] 46382#0: *4 http filename: "/data/app/pycore/static_extra/favicon.ico" 2012/12/06 21:12:45 [debug] 46382#0: *4 add cleanup: 00007F87420086F8 2012/12/06 21:12:45 [debug] 46382#0: *4 http finalize request: 404, "/favicon.ico?" a:1, c:1 2012/12/06 21:12:45 [debug] 46382#0: *4 http special response: 404, "/favicon.ico?" 2012/12/06 21:12:45 [debug] 46382#0: *4 http set discard body 2012/12/06 21:12:45 [debug] 46382#0: *4 HTTP/1.1 404 Not Found Server: nginx/1.2.4 Date: Thu, 06 Dec 2012 19:12:45 GMT Content-Type: text/html Content-Length: 570 Connection: keep-alive 2012/12/06 21:12:45 [debug] 46382#0: *4 write new buf t:1 f:0 00007F8742008778, pos 00007F8742008778, size: 154 file: 0, size: 0 2012/12/06 21:12:45 [debug] 46382#0: *4 http write filter: l:0 f:0 s:154 2012/12/06 21:12:45 [debug] 46382#0: *4 http output filter "/favicon.ico?" 2012/12/06 21:12:45 [debug] 46382#0: *4 http copy filter: "/favicon.ico?" 2012/12/06 21:12:45 [debug] 46382#0: *4 http postpone filter "/favicon.ico?" 00007F8742008990 2012/12/06 21:12:45 [debug] 46382#0: *4 write old buf t:1 f:0 00007F8742008778, pos 00007F8742008778, size: 154 file: 0, size: 0 2012/12/06 21:12:45 [debug] 46382#0: *4 write new buf t:0 f:0 0000000000000000, pos 000000010DD77940, size: 116 file: 0, size: 0 2012/12/06 21:12:45 [debug] 46382#0: *4 write new buf t:0 f:0 0000000000000000, pos 000000010DD77300, size: 52 file: 0, size: 0 2012/12/06 21:12:45 [debug] 46382#0: *4 write new buf t:0 f:0 0000000000000000, pos 000000010DD77370, size: 402 file: 0, size: 0 2012/12/06 21:12:45 [debug] 46382#0: *4 http write filter: l:1 f:0 s:724 2012/12/06 21:12:45 [debug] 46382#0: *4 http write filter limit 0 2012/12/06 21:12:45 [debug] 46382#0: *4 writev: 724 of 724 2012/12/06 21:12:45 [debug] 46382#0: *4 http write filter 0000000000000000 2012/12/06 21:12:45 [debug] 46382#0: *4 http copy filter: 0 "/favicon.ico?" 2012/12/06 21:12:45 [debug] 46382#0: *4 http finalize request: 0, "/favicon.ico?" a:1, c:1 2012/12/06 21:12:45 [debug] 46382#0: *4 set http keepalive handler 2012/12/06 21:12:45 [debug] 46382#0: *4 http close request 2012/12/06 21:12:45 [debug] 46382#0: *4 http log handler 2012/12/06 21:12:45 [debug] 46382#0: *4 free: 00007F8742007C00, unused: 528 2012/12/06 21:12:45 [debug] 46382#0: *4 event timer add: 3: 75000:1354821240146 2012/12/06 21:12:45 [debug] 46382#0: *4 free: 00007F8742023A00 2012/12/06 21:12:45 [debug] 46382#0: *4 free: 00007F8742024000 2012/12/06 21:12:45 [debug] 46382#0: *4 hc free: 0000000000000000 0 2012/12/06 21:12:45 [debug] 46382#0: *4 hc busy: 0000000000000000 0 2012/12/06 21:12:45 [debug] 46382#0: *4 tcp_nodelay 2012/12/06 21:12:45 [debug] 46382#0: *4 reusable connection: 1 2012/12/06 21:14:00 [debug] 46382#0: *4 event timer del: 3: 1354821240146 2012/12/06 21:14:00 [debug] 46382#0: *4 http keepalive handler 2012/12/06 21:14:00 [debug] 46382#0: *4 close http connection: 3 2012/12/06 21:14:00 [debug] 46382#0: *4 reusable connection: 0 2012/12/06 21:14:00 [debug] 46382#0: *4 free: 0000000000000000 2012/12/06 21:14:00 [debug] 46382#0: *4 free: 0000000000000000 2012/12/06 21:14:00 [debug] 46382#0: *4 free: 00007F8741C1E710, unused: 8 2012/12/06 21:14:00 [debug] 46382#0: *4 free: 00007F8741C1DEC0, unused: 128 ################################ -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Dec 7 02:37:16 2012 From: nginx-forum at nginx.us (groknaut) Date: Thu, 06 Dec 2012 21:37:16 -0500 Subject: nginx reload fails with [emerg] host not found in upstream Message-ID: <2f94ec642fce2d61abd4ac11e1f29b48.NginxMailingListEnglish@forum.nginx.org> hello -- nginx will not reload on some of our proxy servers, but does on others. all are running the same version: nginx/1.0.15. the reload fails with error: [emerg] 26903#0: host not found in upstream "webappNNx:8080" in /etc/nginx/upstream.conf:N the issue appears to be related to nginx's ability to resolve a hostname. our proxy servers use BIND servers that we run ourselves. the BIND servers are returning answers just fine afaict. and when i reproduce this problem on a proxy server, i sniff the network and can confirm the proxy is asking the nameserver for an A record, and gets that answer back successfully. there is a workaround i found, but i would really really rather not resort to this: putting backend (aka upstream :<) app nodes' into /etc/hosts. i have also heard suggestions to put the backend nodes' IPs into the proxy pool file (upstream.conf), but again, i'd rather not because it's not human readable, especially when firefighting. i'm hoping there is a better solution out there than these workarounds. we are using a thirdparty module: https://github.com/yaoweibin/nginx_upstream_check_module. no i have not tried to reproduce this problem without the module. i don't know how i would since we need the functionality that it provides. and yes i will follow up with the module author. any help? thank you very much in advance. all the gory details follow. kallen straces available upon request :> a proxy server where the problem does occur: ============================================ i'd like to note that the nginx parent on this server has been running for about 6 months. i try to reload, but the reload will not complete due to the error [emerg] 26903#0: host not found in upstream "webapp04a:8080" in /etc/nginx/upstream.conf:3 12/07 01:28[root at proxy2-prod-ue1 ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful 12/07 01:28[root at proxy2-prod-ue1 ~]# ps wwwwaxuf | grep ngin[x] root 20569 0.0 0.2 25652 5364 ? Ss Jun20 0:03 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 3401 0.4 0.8 37056 15960 ? S Dec05 8:39 \_ nginx: worker process nginx 3402 0.4 1.1 40916 19836 ? S Dec05 8:36 \_ nginx: worker process 12/07 01:29[root at proxy2-prod-ue1 ~]# cat /etc/nginx/upstream.conf ## Tomcat via HTTP upstream tomcats_http { server webapp02c:8080 max_fails=2; server webapp06c:8080 max_fails=2; server roapp02c:8080 backup; check interval=3000 rise=3 fall=3 timeout=1000 type=http default_down=false; check_http_send "GET /healthcheck/version HTTP/1.0\r\n\r\n"; } 12/07 01:29[root at proxy2-prod-ue1 ~]# tcpdump -nvv -i eth0 -s0 -X port 53 and host 10.24.27.66 12/07 01:30[root at proxy2-prod-ue1 ~]# strace -f -s 2048 -ttt -T -p 20569 -o nginx-parent-strace Process 20569 attached - interrupt to quit 12/07 01:27[root at proxy2-prod-ue1 ~]# /etc/init.d/nginx reload; tail -f /var/log/nginx/error.log Reloading nginx: [ OK ] 2012/12/07 00:05:29 [debug] 12290#0: bind() 0.0.0.0:80 #6 2012/12/07 00:05:29 [debug] 12290#0: bind() 0.0.0.0:443 #7 2012/12/07 00:05:29 [debug] 12290#0: counter: B7F38080, 1 2012/12/07 01:28:37 [debug] 22928#0: bind() 0.0.0.0:80 #6 2012/12/07 01:28:37 [debug] 22928#0: bind() 0.0.0.0:443 #7 2012/12/07 01:28:37 [debug] 22928#0: counter: B7F8F080, 1 2012/12/07 01:31:44 [debug] 23383#0: bind() 0.0.0.0:80 #6 2012/12/07 01:31:44 [debug] 23383#0: bind() 0.0.0.0:443 #7 2012/12/07 01:31:44 [debug] 23383#0: counter: B7F56080, 1 2012/12/07 01:31:44 [emerg] 20569#0: host not found in upstream "webapp02c:8080" in /etc/nginx/upstream.conf:3 as soon as that reload fires, i do see nameservice traffic on the wire. so it is NOT a matter of DNS service being unavailable. i note that it does ask for the A record twice. i don't know why. 01:31:44.426376 IP (tos 0x0, ttl 64, id 30918, offset 0, flags [DF], proto: UDP (17), length: 72) 10.45.33.82.60723 > 10.24.27.66.domain: [bad udp cksum 799c!] 18875+ A? webapp02c.prod.romeovoid.com. (44) 0x0000: 4500 0048 78c6 4000 4011 934e 0af5 2b52 E..Hx. at .@..N..+R 0x0010: 0af4 ed55 ed33 0035 0034 2ed6 49bb 0100 ...U.3.5.4..I... 0x0020: 0001 0000 0000 0000 0977 6562 6170 7030 .........webapp0 0x0030: 3263 0470 726f 6407 7361 6173 7572 6503 2c.prod.romeovoid. 0x0040: 636f 6d00 0001 0001 com..... 01:31:44.427301 IP (tos 0x0, ttl 63, id 42228, offset 0, flags [none], proto: UDP (17), length: 156) 10.24.27.66.domain > 10.45.33.82.60723: [udp sum ok] 18875* q: A? webapp02c.prod.romeovoid.com. 1/2/2 webapp02c.prod.romeovoid.com. A 10.51.23.17 ns: prod.romeovoid.com. NS ns1.prod.romeovoid.com., prod.romeovoid.com. NS ns2.prod.romeovoid.com. ar: ns1.prod.romeovoid.com. A 10.192.83.14, ns2.prod.romeovoid.com. A 10.24.27.66 (128) 0x0000: 4500 009c a4f4 0000 3f11 a7cc 0af4 ed55 E.......?......U 0x0010: 0af5 2b52 0035 ed33 0088 e8c5 49bb 8580 ..+R.5.3....I... 0x0020: 0001 0001 0002 0002 0977 6562 6170 7030 .........webapp0 0x0030: 3263 0470 726f 6407 7361 6173 7572 6503 2c.prod.romeovoid. 0x0040: 636f 6d00 0001 0001 c00c 0001 0001 0000 com............. 0x0050: 003c 0004 0a73 2aab c016 0002 0001 0001 .<...s*......... 0x0060: 5180 0006 036e 7331 c016 c016 0002 0001 Q....ns1........ 0x0070: 0001 5180 0006 036e 7332 c016 c048 0001 ..Q....ns2...H.. 0x0080: 0001 0000 003c 0004 0ac0 530e c05a 0001 .....<....S..Z.. 0x0090: 0001 0000 003c 0004 0af4 ed55 .....<.....U 01:31:44.427420 IP (tos 0x0, ttl 64, id 30918, offset 0, flags [DF], proto: UDP (17), length: 72) 10.45.33.82.60723 > 10.24.27.66.domain: [bad udp cksum 8c21!] 50344+ A? webapp02c.prod.romeovoid.com. (44) 0x0000: 4500 0048 78c6 4000 4011 934e 0af5 2b52 E..Hx. at .@..N..+R 0x0010: 0af4 ed55 ed33 0035 0034 2ed6 c4a8 0100 ...U.3.5.4...... 0x0020: 0001 0000 0000 0000 0977 6562 6170 7030 .........webapp0 0x0030: 3263 0470 726f 6407 7361 6173 7572 6503 2c.prod.romeovoid. 0x0040: 636f 6d00 0001 0001 com..... 01:31:44.428050 IP (tos 0x0, ttl 63, id 42229, offset 0, flags [none], proto: UDP (17), length: 156) 10.24.27.66.domain > 10.45.33.82.60723: [udp sum ok] 50344* q: A? webapp02c.prod.romeovoid.com. 1/2/2 webapp02c.prod.romeovoid.com. A 10.51.23.17 ns: prod.romeovoid.com. NS ns2.prod.romeovoid.com., prod.romeovoid.com. NS ns1.prod.romeovoid.com. ar: ns1.prod.romeovoid.com. A 10.192.83.14, ns2.prod.romeovoid.com. A 10.24.27.66 (128) 0x0000: 4500 009c a4f5 0000 3f11 a7cb 0af4 ed55 E.......?......U 0x0010: 0af5 2b52 0035 ed33 0088 6dd8 c4a8 8580 ..+R.5.3..m..... 0x0020: 0001 0001 0002 0002 0977 6562 6170 7030 .........webapp0 0x0030: 3263 0470 726f 6407 7361 6173 7572 6503 2c.prod.romeovoid. 0x0040: 636f 6d00 0001 0001 c00c 0001 0001 0000 com............. 0x0050: 003c 0004 0a73 2aab c016 0002 0001 0001 .<...s*......... 0x0060: 5180 0006 036e 7332 c016 c016 0002 0001 Q....ns2........ 0x0070: 0001 5180 0006 036e 7331 c016 c05a 0001 ..Q....ns1...Z.. 0x0080: 0001 0000 003c 0004 0ac0 530e c048 0001 .....<....S..H.. 0x0090: 0001 0000 003c 0004 0af4 ed55 .....<.....U 01:31:44.428142 IP (tos 0x0, ttl 64, id 30918, offset 0, flags [DF], proto: UDP (17), length: 72) 10.45.33.82.60723 > 10.24.27.66.domain: [bad udp cksum 1632!] 45086+ A? webapp06c.prod.romeovoid.com. (44) 0x0000: 4500 0048 78c6 4000 4011 934e 0af5 2b52 E..Hx. at .@..N..+R 0x0010: 0af4 ed55 ed33 0035 0034 2ed6 b01e 0100 ...U.3.5.4...... 0x0020: 0001 0000 0000 0000 0977 6562 6170 7030 .........webapp0 0x0030: 3663 0470 726f 6407 7361 6173 7572 6503 6c.prod.romeovoid. 0x0040: 636f 6d00 0001 0001 com..... 01:31:44.428791 IP (tos 0x0, ttl 63, id 42230, offset 0, flags [none], proto: UDP (17), length: 156) 10.24.27.66.domain > 10.45.33.82.60723: [udp sum ok] 45086* q: A? webapp06c.prod.romeovoid.com. 1/2/2 webapp06c.prod.romeovoid.com. A 10.195.76.80 ns: prod.romeovoid.com. NS ns1.prod.romeovoid.com., prod.romeovoid.com. NS ns2.prod.romeovoid.com. ar: ns1.prod.romeovoid.com. A 10.192.83.14, ns2.prod.romeovoid.com. A 10.24.27.66 (128) [snip] the workaround, put all backend nodes (in upstream.conf) into /etc/hosts :< 12/07 01:34[root at proxy2-prod-ue1 ~]# tail -3 /etc/hosts 10.51.23.17 webapp02c.prod.romeovoid.com webapp02c 10.195.76.80 webapp06c.prod.romeovoid.com webapp06c 10.96.23.87 roapp02c.prod.romeovoid.com roapp02c and now, it will reload just fine: 12/07 01:34[root at proxy2-prod-ue1 ~]# /etc/init.d/nginx reload; tail -f /var/log/nginx/error.log Reloading nginx: [ OK ] 2012/12/07 01:35:39 [debug] 24076#0: bind() 0.0.0.0:80 #6 2012/12/07 01:35:39 [debug] 24076#0: bind() 0.0.0.0:443 #7 2012/12/07 01:35:39 [debug] 24076#0: counter: B7FCD080, 1 2012/12/07 01:35:39 [debug] 20569#0: http upstream check, find oshm_zone:092C6390, opeers_shm: B7451000 2012/12/07 01:35:39 [debug] 20569#0: http upstream check: inherit opeer:10.51.23.17:8080 2012/12/07 01:35:39 [debug] 20569#0: http upstream check: inherit opeer:10.195.76.80:8080 2012/12/07 01:35:39 [debug] 20569#0: http upstream check: inherit opeer:10.96.23.87:8080 2012/12/07 01:35:39 [notice] 20569#0: using the "epoll" event method 2012/12/07 01:35:39 [notice] 20569#0: start worker processes 2012/12/07 01:35:39 [debug] 20569#0: channel 3:5 2012/12/07 01:35:39 [notice] 20569#0: start worker process 24078 2012/12/07 01:35:39 [debug] 20569#0: pass channel s:2 pid:24078 fd:3 to s:0 pid:3401 fd:9 2012/12/07 01:35:39 [debug] 20569#0: pass channel s:2 pid:24078 fd:3 to s:1 pid:3402 fd:11 2012/12/07 01:35:39 [debug] 20569#0: channel 14:15 2012/12/07 01:35:39 [notice] 20569#0: start worker process 24079 2012/12/07 01:35:39 [debug] 20569#0: pass channel s:3 pid:24079 fd:14 to s:0 pid:3401 fd:9 2012/12/07 01:35:39 [debug] 20569#0: pass channel s:3 pid:24079 fd:14 to s:1 pid:3402 fd:11 2012/12/07 01:35:39 [debug] 20569#0: pass channel s:3 pid:24079 fd:14 to s:2 pid:24078 fd:3 2012/12/07 01:35:39 [debug] 20569#0: child: 0 3401 e:0 t:0 d:0 r:1 j:0 2012/12/07 01:35:39 [debug] 20569#0: child: 1 3402 e:0 t:0 d:0 r:1 j:0 2012/12/07 01:35:39 [debug] 20569#0: child: 2 24078 e:0 t:0 d:0 r:1 j:1 2012/12/07 01:35:39 [debug] 20569#0: child: 3 24079 e:0 t:0 d:0 r:1 j:1 2012/12/07 01:35:39 [debug] 20569#0: sigsuspend 2012/12/07 01:35:39 [debug] 24078#0: malloc: 09340600:6144 2012/12/07 01:35:39 [debug] 24079#0: malloc: 09340600:6144 2012/12/07 01:35:39 [debug] 24078#0: malloc: 0931D3E0:102400 a proxy server where the problem does NOT occur: ================================================ i'd like to note that the nginx parent on this server has been running for only about 1 month. 12/07 01:04[root at proxy5-prod-ue1 ~]# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful 12/07 01:40[root at proxy5-prod-ue1 ~]# cat /etc/nginx/upstream.conf ## Tomcat via HTTP upstream tomcats_http { server webapp09e:8080 max_fails=2; server webapp10e:8080 max_fails=2; server roapp05e:8080 backup; check interval=3000 rise=3 fall=3 timeout=1000 type=http default_down=false; check_http_send "GET /healthcheck/version HTTP/1.0\r\n\r\n"; } 12/07 01:40[root at proxy5-prod-ue1 ~]# grep webapp /etc/hosts 12/07 01:41[root at proxy5-prod-ue1 ~]# # nothing as expected 12/07 01:42[root at proxy5-prod-ue1 ~]# ps wwwwaxuf | grep ngin[x] root 4817 0.0 0.3 106184 5528 ? Ss Nov07 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 8396 0.6 0.8 116692 15488 ? S 00:36 0:25 \_ nginx: worker process nginx 8397 0.6 0.8 116296 15096 ? S 00:36 0:25 \_ nginx: worker process 12/07 01:42[root at userproxy5-prod-ue1 ~]# /etc/init.d/nginx reload; tail -f /var/log/nginx/error.log Reloading nginx: [ OK ] 2012/12/07 01:42:44 [debug] 8396#0: posted event 0000000000000000 2012/12/07 01:42:44 [debug] 8396#0: worker cycle 2012/12/07 01:42:44 [debug] 8396#0: accept mutex locked 2012/12/07 01:42:44 [debug] 8396#0: epoll timer: 399 2012/12/07 01:42:44 [notice] 4817#0: signal 1 (SIGHUP) received, reconfiguring 2012/12/07 01:42:44 [debug] 4817#0: wake up, sigio 0 2012/12/07 01:42:44 [notice] 4817#0: reconfiguring 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 00000000007F1BA0:16384 @16 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 000000000081FB60:16384 @16 2012/12/07 01:42:44 [debug] 4817#0: malloc: 00000000008C1980:4096 2012/12/07 01:42:44 [debug] 4817#0: read: 6, 00000000008C1980, 4096, 0 2012/12/07 01:42:44 [debug] 4817#0: malloc: 00000000006E0A80:6912 2012/12/07 01:42:44 [debug] 4817#0: malloc: 00000000007E59C0:4280 2012/12/07 01:42:44 [debug] 4817#0: malloc: 00000000007A0610:4280 2012/12/07 01:42:44 [debug] 4817#0: malloc: 0000000000731E00:4280 2012/12/07 01:42:44 [debug] 4817#0: malloc: 0000000000774AD0:4280 2012/12/07 01:42:44 [debug] 4817#0: malloc: 0000000000873750:4280 2012/12/07 01:42:44 [debug] 4817#0: malloc: 0000000000781760:4280 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 00000000008D1170:16384 @16 2012/12/07 01:42:44 [debug] 4817#0: malloc: 00000000007EEA40:4096 2012/12/07 01:42:44 [debug] 4817#0: include /etc/nginx/mime.types 2012/12/07 01:42:44 [debug] 4817#0: include /etc/nginx/mime.types 2012/12/07 01:42:44 [debug] 4817#0: malloc: 000000000080F300:4096 2012/12/07 01:42:44 [debug] 4817#0: read: 8, 000000000080F300, 3463, 0 2012/12/07 01:42:44 [debug] 4817#0: malloc: 00000000006DCA90:4096 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 00000000007642B0:16384 @16 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 00000000008B5F40:16384 @16 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 000000000075B000:16384 @16 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 000000000087E390:16384 @16 2012/12/07 01:42:44 [debug] 4817#0: include upstream.conf 2012/12/07 01:42:44 [debug] 4817#0: include /etc/nginx/upstream.conf our config ===================== upstream.conf: ## Tomcat via HTTP upstream tomcats_http { server webapp02c:8080 max_fails=2; server webapp06c:8080 max_fails=2; server roapp02c:8080 backup; check interval=3000 rise=3 fall=3 timeout=1000 type=http default_down=false; check_http_send "GET /healthcheck/version HTTP/1.0\r\n\r\n"; } nginx.conf: user nginx; worker_processes 2; syslog local2 nginx; error_log syslog:warn|/var/log/nginx/error.log; pid /var/run/nginx.pid; worker_rlimit_core 500M; working_directory /var/coredumps/; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; proxy_buffers 8 16k; proxy_buffer_size 32k; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log syslog:warn|/var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; gzip on; server { listen 80; server_name _; # put X-Purpose: preview into the trash. thank you Safari if ($http_x_purpose ~* "preview") { return 444; break; } # http://wiki.nginx.org/HttpStubStatusModule location /nginx-status { stub_status on; access_log off; allow 10.0.0.0/8; allow 127.0.0.1; deny all; } location /upstream-status { check_status; access_log off; allow 10.0.0.0/8; allow 127.0.0.1; deny all; } error_page 404 /404.html; location = /404.html { root /usr/share/nginx/error; } error_page 403 /403.html; location = /403.html { root /usr/share/nginx/error; } error_page 500 502 504 /500.html; location = /500.html { root /usr/share/nginx/error; } error_page 503 /503.html; location = /503.html { root /usr/share/nginx/error; } set $global_ssl_redirect 'yes'; if ($request_filename ~ "nginx-status") { set $global_ssl_redirect 'no'; } if ($request_filename ~ "upstream-status") { set $global_ssl_redirect 'no'; } if ($global_ssl_redirect ~* '^yes$') { rewrite ^ https://$host$request_uri? permanent; break; } } ## Keep upstream defs in a separate file for easier pool membership control include upstream.conf; server { listen 443; server_name _; # put X-Purpose: preview into the trash. thank you Safari if ($http_x_purpose ~* "preview") { return 444; break; } ssl on; ssl_certificate certs/wildcard_void_com.crt; ssl_certificate_key certs/wildcard_void_com.key; ssl_protocols SSLv3 TLSv1; ssl_ciphers HIGH:!ADH:!MD5; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; set_real_ip_from 10.0.0.0/8; real_ip_header X-Forwarded-For; add_header Cache-Control public; ## Tomcat via HTTP location / { proxy_pass http://tomcats_http; proxy_connect_timeout 10s; proxy_next_upstream error invalid_header http_503 http_502 http_504; proxy_set_header Host $host; proxy_set_header X-Server-Port $server_port; proxy_set_header X-Server-Protocol https; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Strict-Transport-Security max-age=315360000; proxy_set_header X-Secure true; proxy_set_header Transfer-Encoding ""; # OPS-475 remove if/when we update/punt Tomcat if ($request_uri ~* "\.(ico|css|js|gif|jpe?g|png)") { expires 365d; break; } } error_page 404 /404.html; location = /404.html { root /usr/share/nginx/error; } error_page 403 /403.html; location = /403.html { root /usr/share/nginx/error; } error_page 500 502 504 /500.html; location = /500.html { root /usr/share/nginx/error; } error_page 503 /503.html; location = /503.html { root /usr/share/nginx/error; } } } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233661,233661#msg-233661 From yaoweibin at gmail.com Fri Dec 7 04:24:32 2012 From: yaoweibin at gmail.com (=?GB2312?B?0qbOsLHz?=) Date: Fri, 7 Dec 2012 12:24:32 +0800 Subject: nginx reload fails with [emerg] host not found in upstream In-Reply-To: <2f94ec642fce2d61abd4ac11e1f29b48.NginxMailingListEnglish@forum.nginx.org> References: <2f94ec642fce2d61abd4ac11e1f29b48.NginxMailingListEnglish@forum.nginx.org> Message-ID: I think your BIND server is suspicious. In Nginx, it's just do the call gethostbyname() when reloading. It's normal call in the glibc. Can you write a simple C code to use the gethostbyname() call for confirmation? 2012/12/7 groknaut > hello -- > > nginx will not reload on some of our proxy servers, but does on others. all > are running the same version: nginx/1.0.15. the reload fails with error: > > [emerg] 26903#0: host not found in upstream "webappNNx:8080" in > /etc/nginx/upstream.conf:N > > the issue appears to be related to nginx's ability to resolve a hostname. > our proxy servers use BIND servers that we run ourselves. the BIND servers > are returning answers just fine afaict. and when i reproduce this problem > on > a proxy server, i sniff the network and can confirm the proxy is asking the > nameserver for an A record, and gets that answer back successfully. > > > there is a workaround i found, but i would really really rather not resort > to this: putting backend (aka upstream :<) app nodes' into /etc/hosts. i > have also heard suggestions to put the backend nodes' IPs into the proxy > pool file (upstream.conf), but again, i'd rather not because it's not human > readable, especially when firefighting. i'm hoping there is a better > solution out there than these workarounds. > > we are using a thirdparty module: > https://github.com/yaoweibin/nginx_upstream_check_module. no i have not > tried to reproduce this problem without the module. i don't know how i > would > since we need the functionality that it provides. and yes i will follow up > with the module author. > > > any help? thank you very much in advance. all the gory details follow. > > kallen > > straces available upon request :> > > > a proxy server where the problem does occur: > ============================================ > > i'd like to note that the nginx parent on this server has been running for > about 6 months. > > i try to reload, but the reload will not complete due to the error > > [emerg] 26903#0: host not found in upstream "webapp04a:8080" in > /etc/nginx/upstream.conf:3 > > > 12/07 01:28[root at proxy2-prod-ue1 ~]# nginx -t > nginx: the configuration file /etc/nginx/nginx.conf syntax is ok > nginx: configuration file /etc/nginx/nginx.conf test is successful > > 12/07 01:28[root at proxy2-prod-ue1 ~]# ps wwwwaxuf | grep ngin[x] > root 20569 0.0 0.2 25652 5364 ? Ss Jun20 0:03 nginx: > master process /usr/sbin/nginx -c /etc/nginx/nginx.conf > nginx 3401 0.4 0.8 37056 15960 ? S Dec05 8:39 \_ nginx: > worker process > nginx 3402 0.4 1.1 40916 19836 ? S Dec05 8:36 \_ nginx: > worker process > > 12/07 01:29[root at proxy2-prod-ue1 ~]# cat /etc/nginx/upstream.conf > ## Tomcat via HTTP > upstream tomcats_http { > server webapp02c:8080 max_fails=2; > server webapp06c:8080 max_fails=2; > server roapp02c:8080 backup; > check interval=3000 rise=3 fall=3 timeout=1000 type=http > default_down=false; > check_http_send "GET /healthcheck/version HTTP/1.0\r\n\r\n"; > } > > 12/07 01:29[root at proxy2-prod-ue1 ~]# tcpdump -nvv -i eth0 -s0 -X port 53 > and > host 10.24.27.66 > > 12/07 01:30[root at proxy2-prod-ue1 ~]# strace -f -s 2048 -ttt -T -p 20569 -o > nginx-parent-strace > Process 20569 attached - interrupt to quit > > > 12/07 01:27[root at proxy2-prod-ue1 ~]# /etc/init.d/nginx reload; tail -f > /var/log/nginx/error.log > Reloading nginx: [ OK ] > 2012/12/07 00:05:29 [debug] 12290#0: bind() 0.0.0.0:80 #6 > 2012/12/07 00:05:29 [debug] 12290#0: bind() 0.0.0.0:443 #7 > 2012/12/07 00:05:29 [debug] 12290#0: counter: B7F38080, 1 > 2012/12/07 01:28:37 [debug] 22928#0: bind() 0.0.0.0:80 #6 > 2012/12/07 01:28:37 [debug] 22928#0: bind() 0.0.0.0:443 #7 > 2012/12/07 01:28:37 [debug] 22928#0: counter: B7F8F080, 1 > 2012/12/07 01:31:44 [debug] 23383#0: bind() 0.0.0.0:80 #6 > 2012/12/07 01:31:44 [debug] 23383#0: bind() 0.0.0.0:443 #7 > 2012/12/07 01:31:44 [debug] 23383#0: counter: B7F56080, 1 > 2012/12/07 01:31:44 [emerg] 20569#0: host not found in upstream > "webapp02c:8080" in /etc/nginx/upstream.conf:3 > > > as soon as that reload fires, i do see nameservice traffic on the wire. so > it is NOT a matter of DNS service being unavailable. i note that it does > ask > for the A record twice. i don't know why. > > 01:31:44.426376 IP (tos 0x0, ttl 64, id 30918, offset 0, flags [DF], > proto: > UDP (17), length: 72) 10.45.33.82.60723 > 10.24.27.66.domain: [bad udp > cksum > 799c!] 18875+ A? webapp02c.prod.romeovoid.com. (44) > 0x0000: 4500 0048 78c6 4000 4011 934e 0af5 2b52 E..Hx. at .@..N..+R > 0x0010: 0af4 ed55 ed33 0035 0034 2ed6 49bb 0100 ...U.3.5.4..I... > 0x0020: 0001 0000 0000 0000 0977 6562 6170 7030 .........webapp0 > 0x0030: 3263 0470 726f 6407 7361 6173 7572 6503 > 2c.prod.romeovoid. > 0x0040: 636f 6d00 0001 0001 com..... > 01:31:44.427301 IP (tos 0x0, ttl 63, id 42228, offset 0, flags [none], > proto: UDP (17), length: 156) 10.24.27.66.domain > 10.45.33.82.60723: [udp > sum ok] 18875* q: A? webapp02c.prod.romeovoid.com. 1/2/2 > webapp02c.prod.romeovoid.com. A 10.51.23.17 ns: prod.romeovoid.com. NS > ns1.prod.romeovoid.com., prod.romeovoid.com. NS ns2.prod.romeovoid.com. > ar: > ns1.prod.romeovoid.com. A 10.192.83.14, ns2.prod.romeovoid.com. A > 10.24.27.66 (128) > 0x0000: 4500 009c a4f4 0000 3f11 a7cc 0af4 ed55 E.......?......U > 0x0010: 0af5 2b52 0035 ed33 0088 e8c5 49bb 8580 ..+R.5.3....I... > 0x0020: 0001 0001 0002 0002 0977 6562 6170 7030 .........webapp0 > 0x0030: 3263 0470 726f 6407 7361 6173 7572 6503 > 2c.prod.romeovoid. > 0x0040: 636f 6d00 0001 0001 c00c 0001 0001 0000 com............. > 0x0050: 003c 0004 0a73 2aab c016 0002 0001 0001 .<...s*......... > 0x0060: 5180 0006 036e 7331 c016 c016 0002 0001 Q....ns1........ > 0x0070: 0001 5180 0006 036e 7332 c016 c048 0001 ..Q....ns2...H.. > 0x0080: 0001 0000 003c 0004 0ac0 530e c05a 0001 .....<....S..Z.. > 0x0090: 0001 0000 003c 0004 0af4 ed55 .....<.....U > 01:31:44.427420 IP (tos 0x0, ttl 64, id 30918, offset 0, flags [DF], > proto: > UDP (17), length: 72) 10.45.33.82.60723 > 10.24.27.66.domain: [bad udp > cksum > 8c21!] 50344+ A? webapp02c.prod.romeovoid.com. (44) > 0x0000: 4500 0048 78c6 4000 4011 934e 0af5 2b52 E..Hx. at .@..N..+R > 0x0010: 0af4 ed55 ed33 0035 0034 2ed6 c4a8 0100 ...U.3.5.4...... > 0x0020: 0001 0000 0000 0000 0977 6562 6170 7030 .........webapp0 > 0x0030: 3263 0470 726f 6407 7361 6173 7572 6503 > 2c.prod.romeovoid. > 0x0040: 636f 6d00 0001 0001 com..... > 01:31:44.428050 IP (tos 0x0, ttl 63, id 42229, offset 0, flags [none], > proto: UDP (17), length: 156) 10.24.27.66.domain > 10.45.33.82.60723: [udp > sum ok] 50344* q: A? webapp02c.prod.romeovoid.com. 1/2/2 > webapp02c.prod.romeovoid.com. A 10.51.23.17 ns: prod.romeovoid.com. NS > ns2.prod.romeovoid.com., prod.romeovoid.com. NS ns1.prod.romeovoid.com. > ar: > ns1.prod.romeovoid.com. A 10.192.83.14, ns2.prod.romeovoid.com. A > 10.24.27.66 (128) > 0x0000: 4500 009c a4f5 0000 3f11 a7cb 0af4 ed55 E.......?......U > 0x0010: 0af5 2b52 0035 ed33 0088 6dd8 c4a8 8580 ..+R.5.3..m..... > 0x0020: 0001 0001 0002 0002 0977 6562 6170 7030 .........webapp0 > 0x0030: 3263 0470 726f 6407 7361 6173 7572 6503 > 2c.prod.romeovoid. > 0x0040: 636f 6d00 0001 0001 c00c 0001 0001 0000 com............. > 0x0050: 003c 0004 0a73 2aab c016 0002 0001 0001 .<...s*......... > 0x0060: 5180 0006 036e 7332 c016 c016 0002 0001 Q....ns2........ > 0x0070: 0001 5180 0006 036e 7331 c016 c05a 0001 ..Q....ns1...Z.. > 0x0080: 0001 0000 003c 0004 0ac0 530e c048 0001 .....<....S..H.. > 0x0090: 0001 0000 003c 0004 0af4 ed55 .....<.....U > 01:31:44.428142 IP (tos 0x0, ttl 64, id 30918, offset 0, flags [DF], > proto: > UDP (17), length: 72) 10.45.33.82.60723 > 10.24.27.66.domain: [bad udp > cksum > 1632!] 45086+ A? webapp06c.prod.romeovoid.com. (44) > 0x0000: 4500 0048 78c6 4000 4011 934e 0af5 2b52 E..Hx. at .@..N..+R > 0x0010: 0af4 ed55 ed33 0035 0034 2ed6 b01e 0100 ...U.3.5.4...... > 0x0020: 0001 0000 0000 0000 0977 6562 6170 7030 .........webapp0 > 0x0030: 3663 0470 726f 6407 7361 6173 7572 6503 > 6c.prod.romeovoid. > 0x0040: 636f 6d00 0001 0001 com..... > 01:31:44.428791 IP (tos 0x0, ttl 63, id 42230, offset 0, flags [none], > proto: UDP (17), length: 156) 10.24.27.66.domain > 10.45.33.82.60723: [udp > sum ok] 45086* q: A? webapp06c.prod.romeovoid.com. 1/2/2 > webapp06c.prod.romeovoid.com. A 10.195.76.80 ns: prod.romeovoid.com. NS > ns1.prod.romeovoid.com., prod.romeovoid.com. NS ns2.prod.romeovoid.com. > ar: > ns1.prod.romeovoid.com. A 10.192.83.14, ns2.prod.romeovoid.com. A > 10.24.27.66 (128) > [snip] > > > the workaround, put all backend nodes (in upstream.conf) into /etc/hosts :< > > 12/07 01:34[root at proxy2-prod-ue1 ~]# tail -3 /etc/hosts > 10.51.23.17 webapp02c.prod.romeovoid.com webapp02c > 10.195.76.80 webapp06c.prod.romeovoid.com webapp06c > 10.96.23.87 roapp02c.prod.romeovoid.com roapp02c > > and now, it will reload just fine: > > 12/07 01:34[root at proxy2-prod-ue1 ~]# /etc/init.d/nginx reload; tail -f > /var/log/nginx/error.log > Reloading nginx: [ OK ] > 2012/12/07 01:35:39 [debug] 24076#0: bind() 0.0.0.0:80 #6 > 2012/12/07 01:35:39 [debug] 24076#0: bind() 0.0.0.0:443 #7 > 2012/12/07 01:35:39 [debug] 24076#0: counter: B7FCD080, 1 > 2012/12/07 01:35:39 [debug] 20569#0: http upstream check, find > oshm_zone:092C6390, opeers_shm: B7451000 > 2012/12/07 01:35:39 [debug] 20569#0: http upstream check: inherit > opeer:10.51.23.17:8080 > 2012/12/07 01:35:39 [debug] 20569#0: http upstream check: inherit > opeer:10.195.76.80:8080 > 2012/12/07 01:35:39 [debug] 20569#0: http upstream check: inherit > opeer:10.96.23.87:8080 > 2012/12/07 01:35:39 [notice] 20569#0: using the "epoll" event method > 2012/12/07 01:35:39 [notice] 20569#0: start worker processes > 2012/12/07 01:35:39 [debug] 20569#0: channel 3:5 > 2012/12/07 01:35:39 [notice] 20569#0: start worker process 24078 > 2012/12/07 01:35:39 [debug] 20569#0: pass channel s:2 pid:24078 fd:3 to s:0 > pid:3401 fd:9 > 2012/12/07 01:35:39 [debug] 20569#0: pass channel s:2 pid:24078 fd:3 to s:1 > pid:3402 fd:11 > 2012/12/07 01:35:39 [debug] 20569#0: channel 14:15 > 2012/12/07 01:35:39 [notice] 20569#0: start worker process 24079 > 2012/12/07 01:35:39 [debug] 20569#0: pass channel s:3 pid:24079 fd:14 to > s:0 > pid:3401 fd:9 > 2012/12/07 01:35:39 [debug] 20569#0: pass channel s:3 pid:24079 fd:14 to > s:1 > pid:3402 fd:11 > 2012/12/07 01:35:39 [debug] 20569#0: pass channel s:3 pid:24079 fd:14 to > s:2 > pid:24078 fd:3 > 2012/12/07 01:35:39 [debug] 20569#0: child: 0 3401 e:0 t:0 d:0 r:1 j:0 > 2012/12/07 01:35:39 [debug] 20569#0: child: 1 3402 e:0 t:0 d:0 r:1 j:0 > 2012/12/07 01:35:39 [debug] 20569#0: child: 2 24078 e:0 t:0 d:0 r:1 j:1 > 2012/12/07 01:35:39 [debug] 20569#0: child: 3 24079 e:0 t:0 d:0 r:1 j:1 > 2012/12/07 01:35:39 [debug] 20569#0: sigsuspend > 2012/12/07 01:35:39 [debug] 24078#0: malloc: 09340600:6144 > 2012/12/07 01:35:39 [debug] 24079#0: malloc: 09340600:6144 > 2012/12/07 01:35:39 [debug] 24078#0: malloc: 0931D3E0:102400 > > > > > a proxy server where the problem does NOT occur: > ================================================ > > i'd like to note that the nginx parent on this server has been running for > only about 1 month. > > > 12/07 01:04[root at proxy5-prod-ue1 ~]# nginx -t > nginx: the configuration file /etc/nginx/nginx.conf syntax is ok > nginx: configuration file /etc/nginx/nginx.conf test is successful > > 12/07 01:40[root at proxy5-prod-ue1 ~]# cat /etc/nginx/upstream.conf > ## Tomcat via HTTP > upstream tomcats_http { > server webapp09e:8080 max_fails=2; > server webapp10e:8080 max_fails=2; > server roapp05e:8080 backup; > check interval=3000 rise=3 fall=3 timeout=1000 type=http > default_down=false; > check_http_send "GET /healthcheck/version HTTP/1.0\r\n\r\n"; > } > 12/07 01:40[root at proxy5-prod-ue1 ~]# grep webapp /etc/hosts > 12/07 01:41[root at proxy5-prod-ue1 ~]# # nothing as expected > > 12/07 01:42[root at proxy5-prod-ue1 ~]# ps wwwwaxuf | grep ngin[x] > root 4817 0.0 0.3 106184 5528 ? Ss Nov07 0:00 nginx: > master process /usr/sbin/nginx -c /etc/nginx/nginx.conf > nginx 8396 0.6 0.8 116692 15488 ? S 00:36 0:25 \_ nginx: > worker process > nginx 8397 0.6 0.8 116296 15096 ? S 00:36 0:25 \_ nginx: > worker process > > > > 12/07 01:42[root at userproxy5-prod-ue1 ~]# /etc/init.d/nginx reload; tail -f > /var/log/nginx/error.log > Reloading nginx: [ OK ] > 2012/12/07 01:42:44 [debug] 8396#0: posted event 0000000000000000 > 2012/12/07 01:42:44 [debug] 8396#0: worker cycle > 2012/12/07 01:42:44 [debug] 8396#0: accept mutex locked > 2012/12/07 01:42:44 [debug] 8396#0: epoll timer: 399 > 2012/12/07 01:42:44 [notice] 4817#0: signal 1 (SIGHUP) received, > reconfiguring > 2012/12/07 01:42:44 [debug] 4817#0: wake up, sigio 0 > 2012/12/07 01:42:44 [notice] 4817#0: reconfiguring > 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 00000000007F1BA0:16384 > @16 > 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 000000000081FB60:16384 > @16 > 2012/12/07 01:42:44 [debug] 4817#0: malloc: 00000000008C1980:4096 > 2012/12/07 01:42:44 [debug] 4817#0: read: 6, 00000000008C1980, 4096, 0 > 2012/12/07 01:42:44 [debug] 4817#0: malloc: 00000000006E0A80:6912 > 2012/12/07 01:42:44 [debug] 4817#0: malloc: 00000000007E59C0:4280 > 2012/12/07 01:42:44 [debug] 4817#0: malloc: 00000000007A0610:4280 > 2012/12/07 01:42:44 [debug] 4817#0: malloc: 0000000000731E00:4280 > 2012/12/07 01:42:44 [debug] 4817#0: malloc: 0000000000774AD0:4280 > 2012/12/07 01:42:44 [debug] 4817#0: malloc: 0000000000873750:4280 > 2012/12/07 01:42:44 [debug] 4817#0: malloc: 0000000000781760:4280 > 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 00000000008D1170:16384 > @16 > 2012/12/07 01:42:44 [debug] 4817#0: malloc: 00000000007EEA40:4096 > 2012/12/07 01:42:44 [debug] 4817#0: include /etc/nginx/mime.types > 2012/12/07 01:42:44 [debug] 4817#0: include /etc/nginx/mime.types > 2012/12/07 01:42:44 [debug] 4817#0: malloc: 000000000080F300:4096 > 2012/12/07 01:42:44 [debug] 4817#0: read: 8, 000000000080F300, 3463, 0 > 2012/12/07 01:42:44 [debug] 4817#0: malloc: 00000000006DCA90:4096 > 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 00000000007642B0:16384 > @16 > 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 00000000008B5F40:16384 > @16 > 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 000000000075B000:16384 > @16 > 2012/12/07 01:42:44 [debug] 4817#0: posix_memalign: 000000000087E390:16384 > @16 > 2012/12/07 01:42:44 [debug] 4817#0: include upstream.conf > 2012/12/07 01:42:44 [debug] 4817#0: include /etc/nginx/upstream.conf > > > > our config > ===================== > upstream.conf: > > ## Tomcat via HTTP > upstream tomcats_http { > server webapp02c:8080 max_fails=2; > server webapp06c:8080 max_fails=2; > server roapp02c:8080 backup; > check interval=3000 rise=3 fall=3 timeout=1000 type=http > default_down=false; > check_http_send "GET /healthcheck/version HTTP/1.0\r\n\r\n"; > } > > nginx.conf: > > user nginx; > worker_processes 2; > syslog local2 nginx; > error_log syslog:warn|/var/log/nginx/error.log; > pid /var/run/nginx.pid; > worker_rlimit_core 500M; > working_directory /var/coredumps/; > events { > worker_connections 1024; > } > http { > include /etc/nginx/mime.types; > default_type application/octet-stream; > proxy_buffers 8 16k; > proxy_buffer_size 32k; > log_format main '$remote_addr - $remote_user [$time_local] "$request" ' > '$status $body_bytes_sent "$http_referer" ' > '"$http_user_agent" "$http_x_forwarded_for"'; > access_log syslog:warn|/var/log/nginx/access.log main; > sendfile on; > keepalive_timeout 65; > gzip on; > server { > listen 80; > server_name _; > # put X-Purpose: preview into the trash. thank you Safari > if ($http_x_purpose ~* "preview") { > return 444; > break; > } > # http://wiki.nginx.org/HttpStubStatusModule > location /nginx-status { > stub_status on; > access_log off; > allow 10.0.0.0/8; > allow 127.0.0.1; > deny all; > } > location /upstream-status { > check_status; > access_log off; > allow 10.0.0.0/8; > allow 127.0.0.1; > deny all; > } > error_page 404 /404.html; > location = /404.html { > root /usr/share/nginx/error; > } > error_page 403 /403.html; > location = /403.html { > root /usr/share/nginx/error; > } > error_page 500 502 504 /500.html; > location = /500.html { > root /usr/share/nginx/error; > } > error_page 503 /503.html; > location = /503.html { > root /usr/share/nginx/error; > } > set $global_ssl_redirect 'yes'; > if ($request_filename ~ "nginx-status") { > set $global_ssl_redirect 'no'; > } > if ($request_filename ~ "upstream-status") { > set $global_ssl_redirect 'no'; > } > if ($global_ssl_redirect ~* '^yes$') { > rewrite ^ https://$host$request_uri? permanent; > break; > } > } > ## Keep upstream defs in a separate file for easier pool membership > control > include upstream.conf; > server { > listen 443; > server_name _; > # put X-Purpose: preview into the trash. thank you Safari > if ($http_x_purpose ~* "preview") { > return 444; > break; > } > ssl on; > ssl_certificate certs/wildcard_void_com.crt; > ssl_certificate_key certs/wildcard_void_com.key; > ssl_protocols SSLv3 TLSv1; > ssl_ciphers HIGH:!ADH:!MD5; > ssl_session_cache shared:SSL:10m; > ssl_session_timeout 10m; > set_real_ip_from 10.0.0.0/8; > real_ip_header X-Forwarded-For; > add_header Cache-Control public; > ## Tomcat via HTTP > location / { > proxy_pass http://tomcats_http; > proxy_connect_timeout 10s; > proxy_next_upstream error invalid_header http_503 http_502 http_504; > proxy_set_header Host $host; > proxy_set_header X-Server-Port $server_port; > proxy_set_header X-Server-Protocol https; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Strict-Transport-Security max-age=315360000; > proxy_set_header X-Secure true; > proxy_set_header Transfer-Encoding ""; # OPS-475 remove if/when we > update/punt Tomcat > if ($request_uri ~* "\.(ico|css|js|gif|jpe?g|png)") { > expires 365d; > break; > } > } > error_page 404 /404.html; > location = /404.html { > root /usr/share/nginx/error; > } > error_page 403 /403.html; > location = /403.html { > root /usr/share/nginx/error; > } > error_page 500 502 504 /500.html; > location = /500.html { > root /usr/share/nginx/error; > } > error_page 503 /503.html; > location = /503.html { > root /usr/share/nginx/error; > } > } > } > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,233661,233661#msg-233661 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Weibin Yao Developer @ Server Platform Team of Taobao -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Dec 7 05:33:34 2012 From: nginx-forum at nginx.us (groknaut) Date: Fri, 07 Dec 2012 00:33:34 -0500 Subject: nginx reload fails with [emerg] host not found in upstream In-Reply-To: References: Message-ID: 12/07 05:31[root at proxy2-prod-ue1 ~]# cat gethostbyname.c #include #include int main(int argc, char *argv[]) { if (argc != 2) { printf("usage: %s [hostname]\n", argv[0]); return 1; } struct hostent *lh = gethostbyname(argv[1]); if (lh) { puts(lh->h_name); return 0; } else { herror("gethostbyname"); return 1; } } 12/07 05:31[root at proxy2-prod-ue1 ~]# gcc -o gethostbyname gethostbyname.c 12/07 05:31[root at proxy2-prod-ue1 ~]# ./gethostbyname webapp02c webapp02c.prod.romeovoid.com 12/07 05:31[root at proxy2-prod-ue1 ~]# ./gethostbyname webapp02c.prod.romeovoid.com webapp02c.prod.romeovoid.com Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233661,233663#msg-233663 From nginx-forum at nginx.us Fri Dec 7 06:22:50 2012 From: nginx-forum at nginx.us (groknaut) Date: Fri, 07 Dec 2012 01:22:50 -0500 Subject: nginx reload fails with [emerg] host not found in upstream In-Reply-To: <2f94ec642fce2d61abd4ac11e1f29b48.NginxMailingListEnglish@forum.nginx.org> References: <2f94ec642fce2d61abd4ac11e1f29b48.NginxMailingListEnglish@forum.nginx.org> Message-ID: maybe this one's better: 12/07 06:19[root at proxy2-prod-ue1 ~]# cat gethostbyname.c #include #include #include #include #include int main(int argc, char *argv[]) { if (argc < 2) { fprintf(stderr, "usage: %s hostname\n", argv[0]); return 1; } // skip 0 because that is the program name for (int i = 1; i < argc; ++i) { struct hostent *lh = gethostbyname( argv[i] ); if (lh) { struct in_addr **addr_list; addr_list = (struct in_addr **) lh->h_addr_list; printf("%-14s %s\n", inet_ntoa( *addr_list[0] ), lh->h_name ); } else { herror("gethostbyname"); } } return 0; } 12/07 06:20[root at proxy2-prod-ue1 ~]# gcc -std=c99 gethostbyname.c -o gethostbyname.bin 12/07 06:20[root at proxy2-prod-ue1 ~]# ./gethostbyname.bin webapp02c.prod.romeovoid.com 10.51.23.17 webapp02c.prod.romeovoid.com 12/07 06:21[root at proxy2-prod-ue1 ~]# ./gethostbyname.bin webapp06c.prod.romeovoid.com 10.195.76.80 webapp06c.prod.romeovoid.com our DNS does work.. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233661,233664#msg-233664 From ru at nginx.com Fri Dec 7 07:23:10 2012 From: ru at nginx.com (Ruslan Ermilov) Date: Fri, 7 Dec 2012 11:23:10 +0400 Subject: nginx reload fails with [emerg] host not found in upstream In-Reply-To: References: <2f94ec642fce2d61abd4ac11e1f29b48.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121207072310.GA12793@lo0.su> On Fri, Dec 07, 2012 at 01:22:50AM -0500, groknaut wrote: > maybe this one's better: > > 12/07 06:19[root at proxy2-prod-ue1 ~]# cat gethostbyname.c > #include > #include > #include > #include > #include > > int main(int argc, char *argv[]) > { > if (argc < 2) { > fprintf(stderr, "usage: %s hostname\n", argv[0]); > return 1; > } > > // skip 0 because that is the program name > for (int i = 1; i < argc; ++i) { > > struct hostent *lh = gethostbyname( argv[i] ); > > if (lh) { > struct in_addr **addr_list; > addr_list = (struct in_addr **) lh->h_addr_list; > > printf("%-14s %s\n", > inet_ntoa( *addr_list[0] ), > lh->h_name > ); > } > else { > herror("gethostbyname"); > } > } > > return 0; > } > 12/07 06:20[root at proxy2-prod-ue1 ~]# gcc -std=c99 gethostbyname.c -o > gethostbyname.bin > 12/07 06:20[root at proxy2-prod-ue1 ~]# ./gethostbyname.bin > webapp02c.prod.romeovoid.com > 10.51.23.17 webapp02c.prod.romeovoid.com > 12/07 06:21[root at proxy2-prod-ue1 ~]# ./gethostbyname.bin > webapp06c.prod.romeovoid.com > 10.195.76.80 webapp06c.prod.romeovoid.com > > > our DNS does work.. Like was already told, nginx internally does gethostbyname() to resolve hostnames during configuration, so if a problem disappears by moving the hostnames into /etc/hosts, I'd not suspect nginx. (It does gethostbyname() twice due to how it's currently coded, so it's expected.) To emulate what nginx does internally when processing this upstream, run it like this: ./gethostbyname.bin webapp02c webapp02c webapp06c webapp06c roapp02c roapp02c WITHOUT hostnames in /etc/hosts. Do it several times in a row. If that doesn't reveal the problem, do you have an ability to recompile nginx from sources? From piotr.sikora at frickle.com Fri Dec 7 08:53:22 2012 From: piotr.sikora at frickle.com (Piotr Sikora) Date: Fri, 7 Dec 2012 09:53:22 +0100 Subject: [ANNOUNCE] ngx_cache_purge-2.0 Message-ID: <175C8AEC3D9F4685A2EE35E79284709E@Desktop> Version 2.0 is now available at: http://labs.frickle.com/nginx_ngx_cache_purge/ GitHub repository is available at: https://github.com/FRiCKLE/ngx_cache_purge/ Changes: 2012-12-07 VERSION 2.0 * Add alternative "same location" syntax. From CloudFlare. Best regards, Piotr Sikora < piotr.sikora at frickle.com > From irfan.khan at enovatemedia.co.in Fri Dec 7 11:08:20 2012 From: irfan.khan at enovatemedia.co.in (Irfan Khan) Date: Fri, 7 Dec 2012 16:38:20 +0530 Subject: nginx and tomcat integrated but how to serve static files Message-ID: <002301cdd46b$2a660290$7f3207b0$@enovatemedia.co.in> Hi pals, I have my applications running on tomcat and to improve performance I have put nginx infront.Nginx proxy pass successfully pass all request to tomcat server. There are some html static files and images in my application which I don't to be served by tomcat. again, I am trying to as much as performance boost for my app. I am tried to do some research but unable to get solutions. please see my current config ans suggest! server { index index.html index.htm; listen 192.168.0.16:80; server_name localhost; location / { root /var/www/nginx-default; index index.html index.htm index.jsp; } location /abc/ { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; } thanks in advance! Irfan Khan -------------- next part -------------- An HTML attachment was scrubbed... URL: From aweber at comcast.net Fri Dec 7 13:42:17 2012 From: aweber at comcast.net (AJ Weber) Date: Fri, 07 Dec 2012 08:42:17 -0500 Subject: nginx and tomcat integrated but how to serve static files In-Reply-To: <002301cdd46b$2a660290$7f3207b0$@enovatemedia.co.in> References: <002301cdd46b$2a660290$7f3207b0$@enovatemedia.co.in> Message-ID: <50C1F239.4090006@comcast.net> I'm still relatively new to nginx but find it to be great. My high-level recommendation would be twofold: 1) Make sure you define a "proxy_cache" (check the nginx website for details on these directives). In there you can define further how to cache anything that's even a bit "static" from tomcat. And if you're overriding specific paths or regex'es from tomcat (like if you know there are static images or something being served from your webapp that you can't easily move out to the flat filesystem), you'll want to add proxy_ignore_headers to override what tomcat is telling the browser, add the proxy_cache_valid, the Cache-Control header (see #2), and maybe "expires". 2) For images and other truly static content, add_header Cache-Control with some reasonable values. This will tell any downstream proxies and the actual client PC's to cache those images locally, so they won't be continuously fetched from your server. There is no "one size fits all", but the power contained in nginx is really great. You just have to take some time to try the settings and use something like fiddler on the desktop to see the differences when you make changes. (Be sure to clear your local browser's cache between tests!) Good Luck! On 12/7/2012 6:08 AM, Irfan Khan wrote: > > Hi pals, > > > I have my applications running on tomcat and to improve performance I > have put nginx infront.Nginx proxy pass successfully pass all request > to tomcat server. > > There are some html static files and images in my application which I > don't to be served by tomcat. again, I am trying to as much as > performance boost for my app. > > I am tried to do some research but unable to get solutions. > > please see my current config ans suggest! > > server { > index index.html index.htm; > listen 192.168.0.16:80; > server_name localhost; > location / { > root /var/www/nginx-default; > index index.html index.htm index.jsp; > } > > > location /abc/ { > proxy_pass http://localhost:8080; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Host $http_host; > > } > > thanks in advance! > > *Irfan Khan* > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Fri Dec 7 16:01:28 2012 From: francis at daoine.org (Francis Daly) Date: Fri, 7 Dec 2012 16:01:28 +0000 Subject: nginx and tomcat integrated but how to serve static files In-Reply-To: <002301cdd46b$2a660290$7f3207b0$@enovatemedia.co.in> References: <002301cdd46b$2a660290$7f3207b0$@enovatemedia.co.in> Message-ID: <20121207160128.GR18139@craic.sysops.org> On Fri, Dec 07, 2012 at 04:38:20PM +0530, Irfan Khan wrote: > There are some html static files and images in my application which I don't > to be served by tomcat. again, I am trying to as much as performance boost > for my app. > > I am tried to do some research but unable to get solutions. nginx chooses how to handle a request based on the location{} blocks you have defined. Currently, you have: if it starts with /abc/, proxy to tomcat; otherwise, serve from the filesystem. So: which urls do you really want proxied to tomcat, and which do you really want served from the filesystem? If I guess that "url starts with /abc/ and ends in html" means "serve from filesystem, not tomcat", then you could add one line: > location /abc/ { location ~ html$ {} > proxy_pass http://localhost:8080; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Host $http_host; > > } and a request for /abc/a.html will look for the file /usr/local/nginx/html/abc/a.html (or strictly: abc/a.html below whatever you have configured "root" to be). Best would be to make the non-tomcat things be in a different url prefix to the tomcat things -- such as /abc/static, for example -- because then you could just use prefix locations. That depends on how your application is written, which may not be changeable. f -- Francis Daly francis at daoine.org From mdounin at mdounin.ru Fri Dec 7 16:06:03 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 7 Dec 2012 20:06:03 +0400 Subject: can get "uwsgi_buffering off" working.. In-Reply-To: References: Message-ID: <20121207160603.GZ40452@mdounin.ru> Hello! On Thu, Dec 06, 2012 at 09:31:45PM +0200, kirpit wrote: > Hi, > > I'm just trying to setup a non-blocking server backed with uwsgi/gevent. So > I need to turn off uwsgi buffering as it's necessary. However, it seems > quite impossible to get it working even though it says "46382#0: *1 http > upstream process non buffered downstream" within the debug output and I > started to consider that would be a bug. I've tried both with v1.2.5 and > v1.2.4. > > Here the output belongs to requesting a static file that is handled by > uwsgi itself (via "static-map" directive; > http://projects.unbit.it/uwsgi/wiki/Doc). It looks like you are trying to solve wrong problem. From nginx point of view response was fully got from upstream (as upstream closed the connection), and everything in nginx itself works fine. But per uwsgi logs you've provided it looks like something bad happened in uwsgi worker process, but it's doesn't look like something related to nginx: [...] > Thu Dec 6 21:12:31 2012 - *** HARAKIRI ON WORKER 2 (pid: 46388, try: 1) *** > Thu Dec 6 21:12:31 2012 - *** backtrace of 46388 *** > Thu Dec 6 21:12:31 2012 - 0 uwsgi 0x000000010c9bb1db uwsgi_backtrace + 43 > Thu Dec 6 21:12:31 2012 - 1 uwsgi 0x000000010c9baf11 what_i_am_doing + 49 > Thu Dec 6 21:12:31 2012 - 2 libsystem_c.dylib 0x00007fff896698ea _sigtramp + 26 > Thu Dec 6 21:12:31 2012 - 3 ??? 0x00007f8ee3c13990 0x0 + 140251683174800 > Thu Dec 6 21:12:31 2012 - 4 core.so 0x000000010e49c08b ev_run + 1124 [...] > Thu Dec 6 21:12:31 2012 - *** end of backtrace *** > Thu Dec 6 21:12:33 2012 - *** HARAKIRI ON WORKER 2 (pid: 46388, try: 2) *** > Thu Dec 6 21:12:34 2012 - DAMN ! worker 2 (pid: 46388) died, killed by > signal 9 :( trying respawn ... > Thu Dec 6 21:12:34 2012 - Respawned uWSGI worker 2 (new pid: 46401) > Thu Dec 6 21:12:34 2012 - mapping worker 2 to CPUs: [...] Here how it goes from nginx point of view: > 2012/12/06 21:11:30 [debug] 46382#0: *1 socket 10 > 2012/12/06 21:11:30 [debug] 46382#0: *1 connect to 127.0.0.1:9001, fd:10 #3 (connected to the backend) [...] > 2012/12/06 21:11:30 [debug] 46382#0: *1 recv: fd:10 4096 of 4096 > 2012/12/06 21:11:30 [debug] 46382#0: *1 http uwsgi status 200 "200 OK" > 2012/12/06 21:11:30 [debug] 46382#0: *1 http uwsgi header: "Content-Length: 113975" > 2012/12/06 21:11:30 [debug] 46382#0: *1 http uwsgi header: "Last-Modified: Wed, 28 Nov 2012 11:25:02 GMT" > 2012/12/06 21:11:30 [debug] 46382#0: *1 http uwsgi header done > 2012/12/06 21:11:30 [debug] 46382#0: *1 HTTP/1.1 200 OK (got response headers and start of the response body) [...] > 2012/12/06 21:11:30 [debug] 46382#0: *1 http upstream process non buffered upstream > 2012/12/06 21:11:30 [debug] 46382#0: *1 recv: eof:1, avail:89, err:0 > 2012/12/06 21:11:30 [debug] 46382#0: *1 recv: fd:10 89 of 4096 (got some mory bytes of the response body) > 2012/12/06 21:11:30 [debug] 46382#0: *1 recv: eof:1, avail:0, err:0 (got EOF from the backend) -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Fri Dec 7 16:18:55 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 7 Dec 2012 20:18:55 +0400 Subject: Setting large proxy_buffer_size In-Reply-To: <88a3e9e92e10390a81f2235143ef4c4c.NginxMailingListEnglish@forum.nginx.org> References: <88a3e9e92e10390a81f2235143ef4c4c.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121207161854.GA40452@mdounin.ru> Hello! On Thu, Dec 06, 2012 at 02:06:26PM -0500, spacerobot wrote: > Ran into an issue that I needed to set a larger proxy_buffer_size (e.g. to > 128k). It works after increasing. > > However my question is: what's the disadvantages of setting a large buffer > size? If there is no disadvantage, why the default is only 8k? Is there a > certain value that I certainly shouldn't set it larger than that? Obvious disadvantage is that it needs more memory if set to a bigger value. It's set to pagesize by default as it's an amount of memory which may be effeciently allocated, and sufficient for most uses (which doesn't try to abuse HTTP headers to transfer data). -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Fri Dec 7 19:06:18 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 7 Dec 2012 23:06:18 +0400 Subject: Use next Balanced member if 503 error In-Reply-To: References: Message-ID: <20121207190618.GF40452@mdounin.ru> Hello! On Thu, Dec 06, 2012 at 12:34:18PM -0500, marcosluna79 wrote: > Hello I am working with nginx as balancer between two jetty servers. > > The balancing is working but I am facing a problem when a 503 error is > generated by one of the servers, I added the line > > proxy_next_upstream error timeout invalid_header http_500 http_503; > > It seems not to work when one of the servers fail because a resource is lost > like a DB connection. I can see the 503 error page instead of the correct > page in the other balanced member. > > I have checked that the other server do have a valid DB connection but nginx > fails to forward to it. The 503 error may be returned even with "proxy_next_upstream http_503" configured e.g. if both backends return 503 or one of the backends was already considered down for some reason (due to previous errors). If you want to investigate what goes on in your case, you probably want to log details on upstream communication like $upstream_addr, $upstream_status, see here for more details: http://nginx.org/en/docs/http/ngx_http_upstream_module.html#variables Just in case, trivial config to test that "proxy_next_upstream http_503" actually works: http { upstream backends { server 127.0.0.1:8081; server 127.0.0.1:8082; } server { listen 8080; location / { proxy_pass http://backends; proxy_next_upstream error timeout http_503; } } server { listen 8081; return 503; } server { listen 8082; return 200 "OK\n"; } } And trivial test with curl: $ curl http://127.0.0.1:8080/ OK $ curl http://127.0.0.1:8080/ OK $ curl http://127.0.0.1:8080/ OK $ curl http://127.0.0.1:8080/ OK -- Maxim Dounin http://nginx.com/support.html From lists at ruby-forum.com Fri Dec 7 19:19:07 2012 From: lists at ruby-forum.com (Robert Gabriel) Date: Fri, 07 Dec 2012 20:19:07 +0100 Subject: Help with apache rewrite rule to nginx Message-ID: <0125c55d7fc5edba832c57dcdd7da8cb@ruby-forum.com> Hello, would like to convert the below rule from Apache to nginx, but to be honest I have no clue how. RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d [OR] RewriteCond %{REQUEST_FILENAME} gallery\_remote2\.php RewriteCond %{REQUEST_URI} !/main\.php$ RewriteRule . - [L] Please if someone knows, please let me know, thank you! -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Fri Dec 7 21:28:21 2012 From: nginx-forum at nginx.us (Mehhy) Date: Fri, 07 Dec 2012 16:28:21 -0500 Subject: What can lead to a zone memory exhaustion and how Nginx reacts to it? Message-ID: What is a possible scenario for exhausting the memory designated to a connection zone with limit_conn_zone directive and what are the implication in this case? Suppose I have this in my configuration: http { limit_conn_zone $binary_remote_addr zone=connzone:1m; ... server { limit_conn connzone 5; which, according to the documentation, allocates 16000 states for 'connzone' on a 64-bit server. It also says that "If the storage for a zone is exhausted, the server will return error 503 (Service Temporarily Unavailable) to all further requests". Well, Ok. But what does it mean on practice? When does this happen? Who receives those 503s? Does it mean that if the number of IPs *somehow* associated with 'connzone' hits 16000 everyone gets a 503 and it's all over? How does Nginx decide? The documentation is weirdly vague on this. So, considering the example config, who would actually get a 503 and under which circumstances and how would things go from there? Same with request zones? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233709,233709#msg-233709 From nginx-forum at nginx.us Fri Dec 7 22:11:52 2012 From: nginx-forum at nginx.us (groknaut) Date: Fri, 07 Dec 2012 17:11:52 -0500 Subject: nginx reload fails with [emerg] host not found in upstream In-Reply-To: <20121207072310.GA12793@lo0.su> References: <20121207072310.GA12793@lo0.su> Message-ID: <5a4e1439e9122878d40b5dba5f5c2048.NginxMailingListEnglish@forum.nginx.org> i ran the test, and i see no problems: 12/07 22:07[root at proxy2-prod-ue1 ~]# grep app /etc/hosts 12/07 22:07[root at proxy2-prod-ue1 ~]# time ./gethostbyname.bin webapp02c webapp02c webapp06c webapp06c roapp02c roapp02c 10.51.23.17 webapp02c.prod.romeovoid.com 10.51.23.17 webapp02c.prod.romeovoid.com 10.195.76.80 webapp06c.prod.romeovoid.com 10.195.76.80 webapp06c.prod.romeovoid.com 10.96.23.87 roapp02c.prod.romeovoid.com 10.96.23.87 roapp02c.prod.romeovoid.com real 0m0.009s user 0m0.000s sys 0m0.000s Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233661,233711#msg-233711 From ru at nginx.com Sat Dec 8 05:35:22 2012 From: ru at nginx.com (Ruslan Ermilov) Date: Sat, 8 Dec 2012 09:35:22 +0400 Subject: What can lead to a zone memory exhaustion and how Nginx reacts to it? In-Reply-To: References: Message-ID: <20121208053522.GB36873@lo0.su> On Fri, Dec 07, 2012 at 04:28:21PM -0500, Mehhy wrote: > What is a possible scenario for exhausting the memory designated to a > connection zone with limit_conn_zone directive and what are the implication > in this case? > > Suppose I have this in my configuration: > > http { > limit_conn_zone $binary_remote_addr zone=connzone:1m; > ... > server { > limit_conn connzone 5; > > which, according to the documentation, allocates 16000 states for 'connzone' > on a 64-bit server. It also says that "If the storage for a zone is > exhausted, the server will return error 503 (Service Temporarily > Unavailable) to all further requests". > > Well, Ok. But what does it mean on practice? When does this happen? Who > receives those 503s? Does it mean that if the number of IPs *somehow* > associated with 'connzone' hits 16000 everyone gets a 503 and it's all over? > How does Nginx decide? The documentation is weirdly vague on this. > > So, considering the example config, who would actually get a 503 and under > which circumstances and how would things go from there? Same with request > zones? The server will be able to track the number of connections for ~16k distinct client IP addresses. If you happen to have that many active clients, then the next connection attempt from the client whose IP is not yet known will attempt to create a new state, that will fail because zone is exhausted and the client will be returned 503. From agentzh at gmail.com Sat Dec 8 08:32:32 2012 From: agentzh at gmail.com (agentzh) Date: Sat, 8 Dec 2012 00:32:32 -0800 Subject: [ANN] ngx_openresty devel version 1.2.4.11 released In-Reply-To: References: Message-ID: Hello, folks! I am happy to announce the new development version of ngx_openresty, 1.2.4.11: http://openresty.org/#Download Special thanks go to all our contributors and users for helping make this happen! Below is the complete change log for this release, as compared to the last (devel) release, 1.2.4.9: * upgraded LuaNginxModule to 0.7.7. * feature: added ngx.req.start_time() to return the request starting time in seconds (the milliseconds part is the decimal part just as in ngx.now). thanks Matthieu Tourne for the patch. * feature: setting ngx.status or calling ngx.exit(N) (where "N >= 300") after sending out response headers no longer yields a Lua exception but only leaves an error message in the error.log file, which is useful for Lua land debugging. thanks Matthieu Tourne for requesting this. * feature: the user can now call ngx.exit(444) to abort pending subrequests in other "light threads" from within a "light thread". * feature: added new dtrace static probe "http-lua-user-thread-wait". * bugfix: ngx.location.capture and ngx.location.capture_multi might hang infinitely because the parent request might not be waken up right after the first time the "post_subrequest" callback was called. * bugfix: the "light thread" object created by ngx.thread.spawn() or ngx.on_abort() might be prematurely collected by the Lua GC because we did not correctly register its coroutine object into the Lua regsitry table. this bug may crash the Lua VM and Nginx workers under load. thanks Zhu Dejiang for reporting this issue. * bugfix: ngx.thread.wait() might hang infinitely when more than 4 user "light threads" are created in the same request handler due to the incorrect use of "ngx_array_t" for "ngx_list_t". thanks Junwei Shi for reporting this issue. * bugfix: when a user coroutine or user "light thread" dies with an error, our Lua backtrace dumper written in C may access one of its dead parent threads (if any) which could lead to segmentation faults. * bugfix: ngx.exit(N) incorrectly threw out Lua exceptions when "N" was 408, 499, or 444 and the response header was already sent. thanks Kindy Lin for reporting this issue. * bugfix: when the user callback function registered by ngx.on_abort() discarded the client abort event, the request would be aborted by force when the next client abort event happened. * bugfix: an English typo in the error message for init_by_lua*. * applied slab_alloc_no_memory_as_info.patch to lower the log level of the error message "ngx_slab_alloc() failed: no memory" from "crit" to "info". * bugfix: the upstream_pipelining patch introduced a regression that when "upstream_next" is in action, Nginx might hang. thanks Kindy Lin for reporting this issue. * bugfix: include the latest chagnes in the LuaJIT 2.0 git repository (up to git commit 2ad9834d). The HTML version of the change log with lots of helpful hyper-links can be browsed here: http://openresty.org/#ChangeLog1002004 OpenResty (aka. ngx_openresty) is a full-fledged web application server by bundling the standard Nginx core, lots of 3rd-party Nginx modules and Lua libraries, as well as most of their external dependencies. See OpenResty's homepage for details: http://openresty.org/ We have been running extensive testing on our Amazon EC2 test cluster and ensure that all the components (including the Nginx core) play well together. The latest test report can always be found here: http://qa.openresty.org Have fun! -agentzh From nginx-forum at nginx.us Sat Dec 8 12:16:01 2012 From: nginx-forum at nginx.us (Mehhy) Date: Sat, 08 Dec 2012 07:16:01 -0500 Subject: What can lead to a zone memory exhaustion and how Nginx reacts to it? In-Reply-To: <20121208053522.GB36873@lo0.su> References: <20121208053522.GB36873@lo0.su> Message-ID: <6fd20174e938010916c6b9ed7f5d172d.NginxMailingListEnglish@forum.nginx.org> Thanks a bunch. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233709,233729#msg-233729 From nginx-forum at nginx.us Sat Dec 8 18:20:12 2012 From: nginx-forum at nginx.us (mrtn) Date: Sat, 08 Dec 2012 13:20:12 -0500 Subject: Nginx removes X-Client-IP header added by loadbalancer Message-ID: <2be332ee1aff13f49441523e24a04f80.NginxMailingListEnglish@forum.nginx.org> Hi, I have a HAProxy running in front of Nginx, and I add 'X-Client-IP' header to reflect the actual IP of the client. If the request is routed directly to the application server (Tornado in my case), this header is present and I can retrieve it with no problem. However, if the request is first routed to Nginx and then to the application server using: proxy_pass http://127.0.0.1:8080; proxy_redirect off; then the 'X-Client-IP' header is missing from the request when it reaches Tornado. I guess I might need to explicitly add this header in Nginx as well, so it can relay it on. What is the right solution here? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233736,233736#msg-233736 From francis at daoine.org Sat Dec 8 19:15:12 2012 From: francis at daoine.org (Francis Daly) Date: Sat, 8 Dec 2012 19:15:12 +0000 Subject: Nginx removes X-Client-IP header added by loadbalancer In-Reply-To: <2be332ee1aff13f49441523e24a04f80.NginxMailingListEnglish@forum.nginx.org> References: <2be332ee1aff13f49441523e24a04f80.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121208191512.GT18139@craic.sysops.org> On Sat, Dec 08, 2012 at 01:20:12PM -0500, mrtn wrote: Hi there, > However, if the request is first routed to Nginx and then to the application > server using: > > proxy_pass http://127.0.0.1:8080; > proxy_redirect off; > > then the 'X-Client-IP' header is missing from the request when it reaches > Tornado. I guess I might need to explicitly add this header in Nginx as > well, so it can relay it on. What is the right solution here? It seems to work for me. Can you provide an nginx.conf and nginx -V output that shows the problem? When I use === server { listen 8000; location / { proxy_pass http://127.0.0.1:8080; proxy_redirect off; } } === and try curl -i -A "" -H X-Client-IP:1.2.3.4 http://localhost:8000/ then I can see in tcpdump output going to port 8080: === GET / HTTP/1.0 Host: 127.0.0.1:8080 Connection: close Accept: */* X-Client-IP: 1.2.3.4 === This is with nginx/1.2.4. What's different in your setup? f -- Francis Daly francis at daoine.org From sahmed1020 at gmail.com Sun Dec 9 02:48:54 2012 From: sahmed1020 at gmail.com (S Ahmed) Date: Sat, 8 Dec 2012 21:48:54 -0500 Subject: lockdown a website, password protect Message-ID: Before I launch my website, I want to be able to test it live in production but don't want anyone else to view it. Would it be possible to lock down the website except for the main page, all other pages require me to enter a password to view it? I can do this many ways (by limited ip address etc), but I was wondering if there was a simple way to do it via nginx somehow which would save me the work. I've seen some very crude types of authentication where you get this ugly popup and you enter the password and you can view the site. I believe it was using the web server to do this. Possible? -------------- next part -------------- An HTML attachment was scrubbed... URL: From steve at greengecko.co.nz Sun Dec 9 06:06:01 2012 From: steve at greengecko.co.nz (Steve Holdoway) Date: Sun, 09 Dec 2012 19:06:01 +1300 Subject: rewrite help please... Message-ID: <1355033161.4485.24.camel@steve-new> I've got a WP site that also provides landing pages for a number of other sites. I've set it up as the default server config for that IP, and that's working fine. However, the requirement I've got is to go to a specific landing page dependant on domain name. This is how I've gone about it ( as there are a lot of pages... map $http_host $page_redirect { hostnames; default notset; .example1.com /link/example1; ... } hostname example.com; location = / { if ( $page_redirect ~ notset ) { rewrite ^ /index.php break; } # this one works but rewrites the url. rewrite ^ $page_redirect redirect; #try_files $page_redirect $page_redirect/ /index.php?$page_redirect; } So I'm basically only trying to redirect from http://www.example.com for example, but not http://www.example.com/index.php, and only from predefined domains. As the comment says, this does work if I use a rewrite ... redirect; but the URL then changes to http://www.example1.com/link/example1, whereas I want to see http://www.example1.com alone. The try_files comes up with a 404, which is really perplexing... I expected it to go through the .php block like the others! Any ideas what I'm doing wrong? Cheers, Steve -- Steve Holdoway BSc(Hons) MIITP http://www.greengecko.co.nz Skype: sholdowa -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6189 bytes Desc: not available URL: From nginx-forum at nginx.us Sun Dec 9 10:16:34 2012 From: nginx-forum at nginx.us (preinde) Date: Sun, 09 Dec 2012 05:16:34 -0500 Subject: Passing variables to handler function Message-ID: <23cc3c453fdfc9809d6cca581d4f55fa.NginxMailingListEnglish@forum.nginx.org> Good morning, I'm writing a custom Nginx module and am using NGX_AGAIN to call the handler several times, however am at a loss about how to pass a variable between calls. I want to use the variable to differentiate between states. Does anybody have any suggestions? Peter R. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233751,233751#msg-233751 From lists at ruby-forum.com Sun Dec 9 10:20:02 2012 From: lists at ruby-forum.com (Peter Reinde) Date: Sun, 09 Dec 2012 11:20:02 +0100 Subject: Passing variables to handler function Message-ID: Good morning, I'm writing a custom Nginx module and am using NGX_AGAIN to call the handler several times, however am at a loss about how to pass a variable between calls. I want to use the variable to differentiate between states. Does anybody have any suggestions? Peter R. -- Posted via http://www.ruby-forum.com/. From francis at daoine.org Sun Dec 9 10:29:37 2012 From: francis at daoine.org (Francis Daly) Date: Sun, 9 Dec 2012 10:29:37 +0000 Subject: rewrite help please... In-Reply-To: <1355033161.4485.24.camel@steve-new> References: <1355033161.4485.24.camel@steve-new> Message-ID: <20121209102937.GU18139@craic.sysops.org> On Sun, Dec 09, 2012 at 07:06:01PM +1300, Steve Holdoway wrote: Hi there, > I've got a WP site that also provides landing pages for a number of > other sites. I've set it up as the default server config for that IP, > and that's working fine. The usual nginx way is to have a different configuration for each server_name in different server{} blocks, which is usually based on the Host: header sent by the browser. You want slightly different handling for different Host: headers, but all in the same server{} block. That's ok, but when you start adding more special cases, you should probably consider switching to multiple server{} blocks. > However, the requirement I've got is to go to a > specific landing page dependant on domain name. This is how I've gone > about it ( as there are a lot of pages... > > > map $http_host $page_redirect { Some small points: $http_host is "whatever the browser sent, including :80 if it did that". $host is "the hostname part of that, apart from a couple of exceptions". If you're not sure which to use, use $host. "redirect" usually suggests "send a http 301 to the browser, so that it issues a new request". That's not what you want to happen. Perhaps $landing_page would be clearer for the next person to read? But that's not directly relevant to the configuration issue. > hostnames; > > default notset; > > .example1.com /link/example1; When you have many things in the one server block, consistency is great. "notset" is a flag which means "do something special". What is "/link/example1"? A file that should be served? A file that should be php-processed? A directory containing a file that should be php-processed? Maybe something like default /index.php; .example1.com /link/example1/index.php; would allow you to handle all situations equivalently. > } > > hostname example.com; > > location = / { > if ( $page_redirect ~ notset ) { > rewrite ^ /index.php break; > } location -> if -> "return ..." is OK. location -> if -> "rewrite ... last" is OK. location -> if -> anything else, and you're on your own. It's consistent, but not necessarily easily predictable what will happen. > # this one works but rewrites the url. > rewrite ^ $page_redirect redirect; Yes - "redirect" means "rewrite the url". > #try_files $page_redirect $page_redirect/ /index.php?$page_redirect; > } > > So I'm basically only trying to redirect from http://www.example.com for > example, but not http://www.example.com/index.php, and only from > predefined domains. Given your above configuration, am I right that what you want is: http://www.example.com/ -> php-process /usr/local/nginx/html/index.php http://www.example.com/index.php -> php-process /usr/local/nginx/html/index.php http://www.example.com/file.png -> send /usr/local/nginx/html/file.png http://www.example1.com/ -> php-process /usr/local/nginx/html/link/example1/index.php http://www.example1.com/index.php -> php-process /usr/local/nginx/html/index.php http://www.example1.com/file.png -> send /usr/local/nginx/html/file.png where in each case "send" or "php-process" means "respond http 200 with the output of that file"? > As the comment says, this does work if I use a rewrite ... redirect; but > the URL then changes to http://www.example1.com/link/example1, whereas I > want to see http://www.example1.com alone. > > The try_files comes up with a 404, which is really perplexing... I > expected it to go through the .php block like the others! After "location -> if -> anything else", I find it's usually not worth wondering why things do or don't work as hoped. You're in "here be dragons" territory anyway. That's nginx. > Any ideas what I'm doing wrong? With the assumptions and changes from above, maybe location = / { fastcgi_pass unix:php.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$page_redirect; } is closer to what you want? Good luck with it, f -- Francis Daly francis at daoine.org From francis at daoine.org Sun Dec 9 11:04:35 2012 From: francis at daoine.org (Francis Daly) Date: Sun, 9 Dec 2012 11:04:35 +0000 Subject: lockdown a website, password protect In-Reply-To: References: Message-ID: <20121209110435.GV18139@craic.sysops.org> On Sat, Dec 08, 2012 at 09:48:54PM -0500, S Ahmed wrote: Hi there, > Before I launch my website, I want to be able to test it live in production > but don't want anyone else to view it. The most straightforward way is probably to use a separate server{} block for "now" and "next", and protect all of "next" and none of "now". Then, when you're happy with it, remove the protection and swap names. If you don't want to do that... > Would it be possible to lock down the website except for the main page, all > other pages require me to enter a password to view it? Yes. Provided that you can specify which locations correspond to "the main page" and which do not. Put access control -- for example "auth_basic" (http://nginx.org/r/auth_basic) and associated directives -- at server{} level, then in "the main page" locations, remove it -- for example, by "auth_basic off". "the main page" is probably some combination of things like location = / {} location = /index.html {} location = /images/banner.png {} and maybe more. f -- Francis Daly francis at daoine.org From lists at ruby-forum.com Sun Dec 9 11:26:14 2012 From: lists at ruby-forum.com (Peter Reinde) Date: Sun, 09 Dec 2012 12:26:14 +0100 Subject: "Hacking" the event model of Nginx In-Reply-To: <1207995396.20062.77.camel@rangiroa> References: <1207995396.20062.77.camel@rangiroa> Message-ID: > // My specific Nginx http handler > int my_http_handler (ngx_request_t * r) > { > if (r->my_state == 0) // first step: initiate the work to do I'm trying to do something similar, however r->my_state is unknown here. Did you create your own struct? -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Sun Dec 9 15:02:13 2012 From: nginx-forum at nginx.us (mfouwaaz) Date: Sun, 09 Dec 2012 10:02:13 -0500 Subject: Storing/serving images securely and efficiently Message-ID: <0c00d24439089c6ecf4479e56b267a1f.NginxMailingListEnglish@forum.nginx.org> What is the best practice for storing and serving images securely without hurting performance? Is it possible to store user images in a folder that's not web accessible (possibly higher up and before /www?) and serve on demand after the user has logged in to the page? There is a username and password access mechanism already in place. The users don't want these images to be publicly accessible. I am running nginx with php on Ubuntu. Database is mysql. Thank you. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233756,233756#msg-233756 From steve at greengecko.co.nz Sun Dec 9 20:51:00 2012 From: steve at greengecko.co.nz (Steve Holdoway) Date: Mon, 10 Dec 2012 09:51:00 +1300 Subject: rewrite help please... In-Reply-To: <20121209102937.GU18139@craic.sysops.org> References: <1355033161.4485.24.camel@steve-new> <20121209102937.GU18139@craic.sysops.org> Message-ID: <1355086260.4485.43.camel@steve-new> On Sun, 2012-12-09 at 10:29 +0000, Francis Daly wrote: > > Given your above configuration, am I right that what you want is: > > http://www.example.com/ -> php-process /usr/local/nginx/html/index.php > http://www.example.com/index.php -> php-process /usr/local/nginx/html/index.php > http://www.example.com/file.png -> send /usr/local/nginx/html/file.png > http://www.example1.com/ -> php-process /usr/local/nginx/html/link/example1/index.php > http://www.example1.com/index.php -> php-process /usr/local/nginx/html/index.php > http://www.example1.com/file.png -> send /usr/local/nginx/html/file.png > > where in each case "send" or "php-process" means "respond http 200 with > the output of that file"? > > > As the comment says, this does work if I use a rewrite ... redirect; but > > the URL then changes to http://www.example1.com/link/example1, whereas I > > want to see http://www.example1.com alone. > > > > The try_files comes up with a 404, which is really perplexing... I > > expected it to go through the .php block like the others! > > After "location -> if -> anything else", I find it's usually not worth > wondering why things do or don't work as hoped. You're in "here be > dragons" territory anyway. That's nginx. > > > Any ideas what I'm doing wrong? > > With the assumptions and changes from above, maybe > > location = / { > fastcgi_pass unix:php.sock; > include fastcgi_params; > fastcgi_param SCRIPT_FILENAME $document_root$page_redirect; > } > > is closer to what you want? > > Good luck with it, Thanks for the ideas Francis, it's cleaned up my config no end! This is a WordPress site, so all requests have to go to /index.php to be processed. The URL dictates the page returned. I can't seem to find a way of mimicing what I'm trying to do with your method, no matter what fastcgi_params I try setting up. Cheers, Steve -- Steve Holdoway BSc(Hons) MIITP http://www.greengecko.co.nz Skype: sholdowa -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6189 bytes Desc: not available URL: From steve at greengecko.co.nz Sun Dec 9 21:05:58 2012 From: steve at greengecko.co.nz (Steve Holdoway) Date: Mon, 10 Dec 2012 10:05:58 +1300 Subject: rewrite help please... In-Reply-To: <1355086260.4485.43.camel@steve-new> References: <1355033161.4485.24.camel@steve-new> <20121209102937.GU18139@craic.sysops.org> <1355086260.4485.43.camel@steve-new> Message-ID: <1355087158.4485.53.camel@steve-new> On Mon, 2012-12-10 at 09:51 +1300, Steve Holdoway wrote: > On Sun, 2012-12-09 at 10:29 +0000, Francis Daly wrote: > > With the assumptions and changes from above, maybe > > > > location = / { > > fastcgi_pass unix:php.sock; > > include fastcgi_params; > > fastcgi_param SCRIPT_FILENAME $document_root$page_redirect; > > } > > > > is closer to what you want? > > > > Good luck with it, > > Thanks for the ideas Francis, it's cleaned up my config no end! > > This is a WordPress site, so all requests have to go to /index.php to be > processed. The URL dictates the page returned. > > I can't seem to find a way of mimicing what I'm trying to do with your > method, no matter what fastcgi_params I try setting up. > > Cheers, > > > Steve > As with everything like this, 2 extra minutes with google found me the answer. I need to add fastcgi_param PATH_INFO $page_redirect; and it works perfectly. Chanks for putting me on the right track, Steve -- Steve Holdoway BSc(Hons) MIITP http://www.greengecko.co.nz Skype: sholdowa -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 6189 bytes Desc: not available URL: From mdounin at mdounin.ru Mon Dec 10 00:47:08 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 10 Dec 2012 04:47:08 +0400 Subject: Nginx removes X-Client-IP header added by loadbalancer In-Reply-To: <2be332ee1aff13f49441523e24a04f80.NginxMailingListEnglish@forum.nginx.org> References: <2be332ee1aff13f49441523e24a04f80.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121210004707.GG40452@mdounin.ru> Hello! On Sat, Dec 08, 2012 at 01:20:12PM -0500, mrtn wrote: > Hi, > > I have a HAProxy running in front of Nginx, and I add 'X-Client-IP' header > to reflect the actual IP of the client. If the request is routed directly to > the application server (Tornado in my case), this header is present and I > can retrieve it with no problem. > > However, if the request is first routed to Nginx and then to the application > server using: > > proxy_pass http://127.0.0.1:8080; > proxy_redirect off; > > then the 'X-Client-IP' header is missing from the request when it reaches > Tornado. I guess I might need to explicitly add this header in Nginx as > well, so it can relay it on. What is the right solution here? Most likely your balancer adds something like "X-Client_IP" instead, with "_" (underscore) instead of "-" (dash). Such headers are removed by nginx by default unless explicitly allowed, see http://nginx.org/r/underscores_in_headers You may either enable such headers in nginx (see above, but not recommended), or (better) change "_" to "-" in your balancer configs. -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Mon Dec 10 01:30:39 2012 From: nginx-forum at nginx.us (mrtn) Date: Sun, 09 Dec 2012 20:30:39 -0500 Subject: Nginx removes X-Client-IP header added by loadbalancer In-Reply-To: <20121210004707.GG40452@mdounin.ru> References: <20121210004707.GG40452@mdounin.ru> Message-ID: <042e8b7f17bad5389f71ce83c107cccc.NginxMailingListEnglish@forum.nginx.org> Hello Maxim, Thanks for the suggestion. I checked my Haproxy config again, and this is what I use for adding the 'X-Client-IP' header: option forwardfor header X-Client-IP In addition, if Haproxy is passing header things like 'X-Client_IP', then why is that the requests routed directly to Tornado (not via Nginx) contain the correct header 'X-Client-IP'? It seem like something happens when the requests go through nginx and the header is dropped. Below is part of my nginx config, and the last location block is the relevant one here. worker_processes 2; pid /var/run/nginx.pid; daemon off; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; sendfile on; tcp_nodelay on; tcp_nopush on; client_body_timeout 10; client_header_timeout 10; keepalive_timeout 15; send_timeout 15; server_tokens off; gzip on; gzip_http_version 1.1; gzip_comp_level 3; gzip_types text/plain text/css application/x-javascript application/xml application/xml+rss text/javascript; log_format mylog '$remote_addr - $remote_user [$time_local] "$request" $status $sent_http_content_type $body_bytes_sent "$http_referer" "$http_user_agent"'; server { listen 8484; server_name www.mysite.com mysite.com; access_log /home/www-data/logs/nginx_www_access.log; error_log /home/www-data/logs/nginx_www_error.log debug; error_page 404 /404.html; error_page 502 503 504 /50x.html; error_page 403 /forbidden.html; root /home/www-data/tornado/mysite/static; if ( $http_referer ~* (babes|click|diamond|forsale|girl|jewelry|love|nudit|organic|poker|porn|sex|teen|video|webcam) ) { return 405; } location ~* (\.jpg|\.png|\.css|\.js|\.html)$ { valid_referers none blocked www.mysite.com static.mysite.com mysite.com; if ($invalid_referer) { return 405; } } location ^~ /doc/read/ { if ($uri ~* (\.jpg|\.png|\.css|\.js|\.html)$) { return 404; } if ($uri !~* /doc/read/[a-zA-Z0-9_-]+/[0-9]+$) { return 404; } #if ($http_cookie !~* "subject=[.]+") { return 404; } proxy_pass http://127.0.0.1:8080; proxy_redirect off; } } } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233736,233770#msg-233770 From mdounin at mdounin.ru Mon Dec 10 02:58:57 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 10 Dec 2012 06:58:57 +0400 Subject: Nginx removes X-Client-IP header added by loadbalancer In-Reply-To: <042e8b7f17bad5389f71ce83c107cccc.NginxMailingListEnglish@forum.nginx.org> References: <20121210004707.GG40452@mdounin.ru> <042e8b7f17bad5389f71ce83c107cccc.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121210025857.GJ40452@mdounin.ru> Hello! On Sun, Dec 09, 2012 at 08:30:39PM -0500, mrtn wrote: > Hello Maxim, > > Thanks for the suggestion. I checked my Haproxy config again, and this is > what I use for adding the 'X-Client-IP' header: > > option forwardfor header X-Client-IP > > In addition, if Haproxy is passing header things like 'X-Client_IP', then > why is that the requests routed directly to Tornado (not via Nginx) contain > the correct header 'X-Client-IP'? It seem like something happens when the > requests go through nginx and the header is dropped. Usually headers are accessed by a backend code via CGI-like environment variables like HTTP_X_CLIENT_IP, which makes it impossible to distinguish "_" from "-", that's why I suggested the "_" as a most likely reason. > Below is part of my nginx config, and the last location block is the > relevant one here. There is nothing which may cause such a behaviour in your config, but the "part" part is what always leaves a room for speculations. By default nginx doesn't removes any X-* headers from proxied requests. If the header was indeed removed (i.e. you see it on the wire before nginx, but not between nginx and a backend) it may indicate one of the following: 1) The header was ignored as invalid, e.g. due to underscore in it's name. Check nginx logs for "client sent invalid header line" messages at info level, it might provide additional information. 2) The header was hidden by proxy configuration, either by proxy_set_header with the exact name, or using proxy_pass_request_headers. 3) Something really bad happened which prevented request from being parsed correctly. In either case debug log (http://nginx.org/en/docs/debugging_log.html) should provide enough info to diagnose the problem. Actually looking on the data on the wire (e.g. with "tcpdump -Xs0" might also help). -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Mon Dec 10 07:19:59 2012 From: nginx-forum at nginx.us (amodpandey) Date: Mon, 10 Dec 2012 02:19:59 -0500 Subject: proxy_cache_bypass and proxy_no_cache Message-ID: I want to proxy_cache responses only with a specific cookie in request. I thought to use proxy_cache_bypass ! $cookie_cache; proxy_no_cache ! $cookie_cache; That ( ! ) does not work. One more question, why we need to have proxy_cache_bypass and proxy_no_cache else nginx: [warn] "proxy_no_cache" functionality has been changed in 0.8.46, now it should be used together with "proxy_cache_bypass" Help Please! Regards Amod Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233778,233778#msg-233778 From appa at perusio.net Mon Dec 10 08:32:03 2012 From: appa at perusio.net (=?ISO-8859-1?Q?Ant=F3nio_P=2E_P=2E_Almeida?=) Date: Mon, 10 Dec 2012 09:32:03 +0100 Subject: proxy_cache_bypass and proxy_no_cache Message-ID: <2pwq4erevxid3oscpwu8pbs7.1355128106982@email.android.com> You can use at the http level: map $cookie_no_cache $dont_cache { 0 1; 1 0; } Then use the $dont_cache variable instead. --appa amodpandey a ?crit?: >I want to proxy_cache responses only with a specific cookie in request. > >I thought to use > >proxy_cache_bypass ! $cookie_cache; >proxy_no_cache ! $cookie_cache; > >That ( ! ) does not work. > >One more question, why we need to have proxy_cache_bypass and proxy_no_cache >else >nginx: [warn] "proxy_no_cache" functionality has been changed in 0.8.46, now >it should be used together with "proxy_cache_bypass" > >Help Please! > >Regards >Amod > >Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233778,233778#msg-233778 > >_______________________________________________ >nginx mailing list >nginx at nginx.org >http://mailman.nginx.org/mailman/listinfo/nginx From appa at perusio.net Mon Dec 10 08:47:56 2012 From: appa at perusio.net (=?ISO-8859-1?Q?Ant=F3nio_P=2E_P=2E_Almeida?=) Date: Mon, 10 Dec 2012 09:47:56 +0100 Subject: proxy_cache_bypass and proxy_no_cache Message-ID: <8qdx3muu8sys1k4jk8s597un.1355129276230@email.android.com> Another option is to use an if. set $dont_cache 0; if ($cookie_no_cache) { set $dont_cache 1; } --appa amodpandey a ?crit?: >I want to proxy_cache responses only with a specific cookie in request. > >I thought to use > >proxy_cache_bypass ! $cookie_cache; >proxy_no_cache ! $cookie_cache; > >That ( ! ) does not work. > >One more question, why we need to have proxy_cache_bypass and proxy_no_cache >else >nginx: [warn] "proxy_no_cache" functionality has been changed in 0.8.46, now >it should be used together with "proxy_cache_bypass" > >Help Please! > >Regards >Amod > >Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233778,233778#msg-233778 > >_______________________________________________ >nginx mailing list >nginx at nginx.org >http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Mon Dec 10 09:02:29 2012 From: nginx-forum at nginx.us (amodpandey) Date: Mon, 10 Dec 2012 04:02:29 -0500 Subject: proxy_cache_bypass and proxy_no_cache In-Reply-To: <2pwq4erevxid3oscpwu8pbs7.1355128106982@email.android.com> References: <2pwq4erevxid3oscpwu8pbs7.1355128106982@email.android.com> Message-ID: <4f25b8decb44d912128f57b85b52e63e.NginxMailingListEnglish@forum.nginx.org> I did this ( my cookie name is cahe ) map $cookie_cache $dont_cache { 0 1; 1 0; } proxy_cache_bypass $dont_cache; proxy_no_cache $dont_cache; But the first request which does not have the cookie is getting cached. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233778,233783#msg-233783 From appa at perusio.net Mon Dec 10 09:27:14 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Mon, 10 Dec 2012 10:27:14 +0100 Subject: proxy_cache_bypass and proxy_no_cache In-Reply-To: <4f25b8decb44d912128f57b85b52e63e.NginxMailingListEnglish@forum.nginx.org> References: <2pwq4erevxid3oscpwu8pbs7.1355128106982@email.android.com> <4f25b8decb44d912128f57b85b52e63e.NginxMailingListEnglish@forum.nginx.org> Message-ID: <19e2a5936358a23025c59d6c2951ae32.squirrel@damiao.org> > I did this ( my cookie name is cahe ) > > map $cookie_cache $dont_cache { > 0 1; > 1 0; > } > > proxy_cache_bypass $dont_cache; > proxy_no_cache $dont_cache; > > But the first request which does not have the cookie is getting cached. Try: map $cookie_cache $dont_cache { default 1; ~.+$ 0; } --appa From nginx-forum at nginx.us Mon Dec 10 09:31:38 2012 From: nginx-forum at nginx.us (amodpandey) Date: Mon, 10 Dec 2012 04:31:38 -0500 Subject: proxy_cache_bypass and proxy_no_cache In-Reply-To: <19e2a5936358a23025c59d6c2951ae32.squirrel@damiao.org> References: <19e2a5936358a23025c59d6c2951ae32.squirrel@damiao.org> Message-ID: <51df22afe7e4d70015c54dca745ce155.NginxMailingListEnglish@forum.nginx.org> I was trying this :) map $cookie_route $dont_cache { default 1; ~*[A-Za-z0-9]+ 0; } Let me try your suggestion. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233778,233785#msg-233785 From nginx-forum at nginx.us Mon Dec 10 10:15:11 2012 From: nginx-forum at nginx.us (amodpandey) Date: Mon, 10 Dec 2012 05:15:11 -0500 Subject: proxy_cache_bypass and proxy_no_cache In-Reply-To: <19e2a5936358a23025c59d6c2951ae32.squirrel@damiao.org> References: <19e2a5936358a23025c59d6c2951ae32.squirrel@damiao.org> Message-ID: <0098172fcaaa5052411d778b3e9816ae.NginxMailingListEnglish@forum.nginx.org> Thank you :) This one worked. I would like to take this opportunity to share the exact problem I had. I am using sticky module for some app version targetting. Plus I have enabled proxy cache. The sticky module works in a way that it first let the upstream handle the weights and according to which server catered the response it set cookie with server info hash. So the response that is cached is without cookie. So in this case even proxy_no_store $http_set_cookie does not work. So the only way I could think was to change the caching behaviour to cache only requests with my cookie. There is only proxy_no_store ( proxy_store does something else ) so I need to negate the value, if set. Here the map helped me to achieve the same. But I wish there could have been a straight forward way. I had this followup question Why we need to have proxy_cache_bypass and proxy_no_cache else nginx: [warn] "proxy_no_cache" functionality has been changed in 0.8.46, now it should be used together with "proxy_cache_bypass" Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233778,233786#msg-233786 From nginx-forum at nginx.us Mon Dec 10 10:22:11 2012 From: nginx-forum at nginx.us (amodpandey) Date: Mon, 10 Dec 2012 05:22:11 -0500 Subject: proxy_cache_bypass and proxy_no_cache In-Reply-To: <0098172fcaaa5052411d778b3e9816ae.NginxMailingListEnglish@forum.nginx.org> References: <19e2a5936358a23025c59d6c2951ae32.squirrel@damiao.org> <0098172fcaaa5052411d778b3e9816ae.NginxMailingListEnglish@forum.nginx.org> Message-ID: <430ae07d4284cfad9f272e7f63387f01.NginxMailingListEnglish@forum.nginx.org> One interesting observation I put this code location /test { proxy_pass http://a/; .... set $dont_cache 1; if ( $cookie_route ) { set $dont_cache 0; } proxy_cache_bypass $dont_cache; proxy_no_cache $dont_cache; } and it started to dis-honour the trailing slash http://a/ With the end / it does not look for /test but only due to the if block it started to look for it. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233778,233788#msg-233788 From igor at sysoev.ru Mon Dec 10 11:23:15 2012 From: igor at sysoev.ru (Igor Sysoev) Date: Mon, 10 Dec 2012 15:23:15 +0400 Subject: proxy_cache_bypass and proxy_no_cache In-Reply-To: <0098172fcaaa5052411d778b3e9816ae.NginxMailingListEnglish@forum.nginx.org> References: <19e2a5936358a23025c59d6c2951ae32.squirrel@damiao.org> <0098172fcaaa5052411d778b3e9816ae.NginxMailingListEnglish@forum.nginx.org> Message-ID: <35A10927-4F58-46C7-9156-BB38C226B354@sysoev.ru> On Dec 10, 2012, at 14:15 , amodpandey wrote: > Thank you :) This one worked. > > I would like to take this opportunity to share the exact problem I had. > > I am using sticky module for some app version targetting. Plus I have > enabled proxy cache. The sticky module works in a way that it first let the > upstream handle the weights and according to which server catered the > response it set cookie with server info hash. So the response that is cached > is without cookie. > > So in this case even proxy_no_store $http_set_cookie does not work. So the > only way I could think was to change the caching behaviour to cache only > requests with my cookie. > > There is only proxy_no_store ( proxy_store does something else ) so I need > to negate the value, if set. Here the map helped me to achieve the same. > > But I wish there could have been a straight forward way. > > I had this followup question > > Why we need to have proxy_cache_bypass and proxy_no_cache else > nginx: [warn] "proxy_no_cache" functionality has been changed in 0.8.46, now > it should be used together with "proxy_cache_bypass" By default nginx does not cache response with Set-Cookies header. So to force to cache such response you should set: proxy_ignore_headers Set-Cookie; As to your problem, it's better to resolve it on upstream side by setting X-Accel-Expires: 0 for the first response without Cookie, and X-Accel-Expires: a_number_of_seconds_to_cache for response with cookies. Also you should $http_cookie_cache variable to proxy_cache_key -- Igor Sysoev From igor at sysoev.ru Mon Dec 10 11:24:02 2012 From: igor at sysoev.ru (Igor Sysoev) Date: Mon, 10 Dec 2012 15:24:02 +0400 Subject: proxy_cache_bypass and proxy_no_cache In-Reply-To: <430ae07d4284cfad9f272e7f63387f01.NginxMailingListEnglish@forum.nginx.org> References: <19e2a5936358a23025c59d6c2951ae32.squirrel@damiao.org> <0098172fcaaa5052411d778b3e9816ae.NginxMailingListEnglish@forum.nginx.org> <430ae07d4284cfad9f272e7f63387f01.NginxMailingListEnglish@forum.nginx.org> Message-ID: <22B56129-1F75-4E59-8271-8386B00CD215@sysoev.ru> On Dec 10, 2012, at 14:22 , amodpandey wrote: > One interesting observation > > I put this code > > location /test { > proxy_pass http://a/; > .... > set $dont_cache 1; > > if ( $cookie_route ) { > set $dont_cache 0; > } > proxy_cache_bypass $dont_cache; > proxy_no_cache $dont_cache; > > } > > and it started to dis-honour the trailing slash http://a/ With the end / it > does not look for /test but only due to the if block it started to look for > it. Do not use "if", use "map" instead. -- Igor Sysoev http://nginx.com/support.html From ru at nginx.com Mon Dec 10 13:31:56 2012 From: ru at nginx.com (Ruslan Ermilov) Date: Mon, 10 Dec 2012 17:31:56 +0400 Subject: Turn basic authentication on and off for specific HTTP user agent In-Reply-To: <20e5722ddd757472f91e25a021509d0e.NginxMailingListEnglish@forum.nginx.org> References: <20e5722ddd757472f91e25a021509d0e.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121210133156.GB71576@lo0.su> On Mon, Nov 26, 2012 at 03:24:20AM -0500, hide wrote: > Hello All! > > Is it possible to turn authentication on and off for a specific user agent > in some location? When I configure the following > > location /specloc/ { > if ($http_user_agent ~ MSIE) { > auth_basic "private area"; > auth_basic_user_file /etc/nginx/htpasswd; > } > #... > } > > my "nginx -t" prints > > nginx: [emerg] "auth_basic" directive is not allowed here in > /etc/nginx/nginx.conf:75 > nginx: configuration file /etc/nginx/nginx.conf test failed > > Thank you if you answer. http://trac.nginx.org/nginx/changeset/4946/nginx As of this change, you can do it like this: map $http_user_agent $realm { default off; ~MSIE "private area"; } server { location /specloc/ { auth_basic $realm; auth_basic_user_file /etc/nginx/htpasswd; } } From appa at perusio.net Mon Dec 10 14:09:27 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Mon, 10 Dec 2012 15:09:27 +0100 Subject: proxy_cache_bypass and proxy_no_cache Message-ID: > One interesting observation > > I put this code > > location /test { > proxy_pass http://a/; > .... > set $dont_cache 1; > > if ( $cookie_route ) { > set $dont_cache 0; > } > proxy_cache_bypass $dont_cache; > proxy_no_cache $dont_cache; > > } > > and it started to dis-honour the trailing slash http://a/ With the end / > it > does not look for /test but only due to the if block it started to look > for > it. You have to set it at the server level to make it work. set $dont_cache 1; if ($cookie_route) { set $dont_cache 0; } location /test { proxy_pass http://a/; proxy_cache_bypass $dont_cache; proxy_no_cache $dont_cache; } If creates an implicit location. If is evil: http://wiki.nginx.org/IfIsEvil As Igor said above use map and get clear of the if directive quirks. --appa From nginx-forum at nginx.us Mon Dec 10 16:16:00 2012 From: nginx-forum at nginx.us (tkellen) Date: Mon, 10 Dec 2012 11:16:00 -0500 Subject: memcached_gzip_flag Message-ID: <503886041310aea19938eb82307e7b80.NginxMailingListEnglish@forum.nginx.org> I'm running nginx 1.3.9 with memcached_pass and I have set memcached_gzip_flag in an attempt to serve gzipped content directly from memcached (mainly to save memory on my memcached processes, which get pretty large). My gzip flag is being detected properly--nginx adds the Content-Encoding header--but I get 330 errors saying the content encoding is incorrect. Every test I've made indicates that the data I am storing is valid gzipped data. Does anyone have any advice on how to troubleshoot this? Thanks so much! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233807,233807#msg-233807 From nginx-forum at nginx.us Mon Dec 10 16:16:54 2012 From: nginx-forum at nginx.us (tkellen) Date: Mon, 10 Dec 2012 11:16:54 -0500 Subject: memcached_gzip_flag In-Reply-To: <503886041310aea19938eb82307e7b80.NginxMailingListEnglish@forum.nginx.org> References: <503886041310aea19938eb82307e7b80.NginxMailingListEnglish@forum.nginx.org> Message-ID: PS: I'm writing the data using Dalli (https://github.com/mperham/dalli) with compression on and raw set to true. Dalli sets the bitmask for compression to 0x2 (all of this appears to be working correctly). Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233807,233808#msg-233808 From irfan.khan at enovatemedia.co.in Mon Dec 10 16:25:01 2012 From: irfan.khan at enovatemedia.co.in (Irfan Khan) Date: Mon, 10 Dec 2012 21:55:01 +0530 Subject: nginx and tomcat integrated but how to serve static files In-Reply-To: <20121207160128.GR18139@craic.sysops.org> References: <002301cdd46b$2a660290$7f3207b0$@enovatemedia.co.in> <20121207160128.GR18139@craic.sysops.org> Message-ID: <00a901cdd6f2$e73df740$b5b9e5c0$@enovatemedia.co.in> Hi, Thanks for the suggestion, but unfortunately it didn't worked. I have tried to create new location to be served by nginx but all requests goes to tomcat by next location directive. Any html within /foo/ directory doesn't work at all. I am a newbie to Nginx and really loves it. I hope some regex combination would help to solve the problem. Please suggestion! My config as follows; Location /foo/* Root /tomcat/webapps/abc/ Index.html > location /abc/ { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; } Irfan Khan Lead - IT eNovate Media Solutions Pvt Ltd #204, 2nd Floor, Cunningham Classic 22, Cunningham Road Bangalore - 560052 Voice - + 91 80 41657660 | Mob - +91 903 589 38 14 www.enovatemedia.com -----Original Message----- From: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] On Behalf Of Francis Daly Sent: 07 December 2012 21:31 To: nginx at nginx.org Subject: Re: nginx and tomcat integrated but how to serve static files On Fri, Dec 07, 2012 at 04:38:20PM +0530, Irfan Khan wrote: > There are some html static files and images in my application which I > don't to be served by tomcat. again, I am trying to as much as > performance boost for my app. > > I am tried to do some research but unable to get solutions. nginx chooses how to handle a request based on the location{} blocks you have defined. Currently, you have: if it starts with /abc/, proxy to tomcat; otherwise, serve from the filesystem. So: which urls do you really want proxied to tomcat, and which do you really want served from the filesystem? If I guess that "url starts with /abc/ and ends in html" means "serve from filesystem, not tomcat", then you could add one line: > location /abc/ { location ~ html$ {} > proxy_pass http://localhost:8080; > proxy_set_header X-Real-IP $remote_addr; proxy_set_header > X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host > $http_host; > > } and a request for /abc/a.html will look for the file /usr/local/nginx/html/abc/a.html (or strictly: abc/a.html below whatever you have configured "root" to be). Best would be to make the non-tomcat things be in a different url prefix to the tomcat things -- such as /abc/static, for example -- because then you could just use prefix locations. That depends on how your application is written, which may not be changeable. f -- Francis Daly francis at daoine.org _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Mon Dec 10 16:33:31 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 10 Dec 2012 20:33:31 +0400 Subject: memcached_gzip_flag In-Reply-To: References: <503886041310aea19938eb82307e7b80.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121210163330.GN40452@mdounin.ru> Hello! On Mon, Dec 10, 2012 at 11:16:54AM -0500, tkellen wrote: > PS: I'm writing the data using Dalli (https://github.com/mperham/dalli) with > compression on and raw set to true. Dalli sets the bitmask for compression > to 0x2 (all of this appears to be working correctly). As far as I can tell from [1], it stores zlib stream, not gzip (which is a different format on top of the same compression algorithm, see zlib.h for details). It likely can be easily adapted to use gzip though. [1] https://github.com/mperham/dalli/blob/master/lib/dalli/compressor.rb -- Maxim Dounin http://nginx.com/support.html From vbart at nginx.com Mon Dec 10 16:34:05 2012 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 10 Dec 2012 20:34:05 +0400 Subject: memcached_gzip_flag In-Reply-To: References: <503886041310aea19938eb82307e7b80.NginxMailingListEnglish@forum.nginx.org> Message-ID: <201212102034.05851.vbart@nginx.com> On Monday 10 December 2012 20:16:54 tkellen wrote: > PS: I'm writing the data using Dalli (https://github.com/mperham/dalli) > with compression on and raw set to true. Dalli sets the bitmask for > compression to 0x2 (all of this appears to be working correctly). > But Dalli for compressed data uses zlib wrapper instead of gzip one. wbr, Valentin V. Bartenev -- http://nginx.com/support.html http://nginx.org/en/donation.html From nginx-forum at nginx.us Mon Dec 10 17:14:42 2012 From: nginx-forum at nginx.us (tkellen) Date: Mon, 10 Dec 2012 12:14:42 -0500 Subject: memcached_gzip_flag In-Reply-To: <201212102034.05851.vbart@nginx.com> References: <201212102034.05851.vbart@nginx.com> Message-ID: <61377f4a7999b0e0a2edbe7517da1813.NginxMailingListEnglish@forum.nginx.org> Right you are. Thanks for the second set of eyes! I've submitted a PR to Dalli to add a gzip compressor and I'm using a custom one now. It's working wonderfully. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233807,233816#msg-233816 From tjoseph1 at ymail.com Mon Dec 10 18:56:58 2012 From: tjoseph1 at ymail.com (Thomas Joseph) Date: Tue, 11 Dec 2012 02:56:58 +0800 (SGT) Subject: I want help... Message-ID: <1355165818.56997.YahooMailNeo@web193004.mail.sg3.yahoo.com> Hello all, What is the best way to block un-expected submissions? For example, I have this puzzle: ?((aaa=(\d{1,8}\.)+(\d{1,8}))\&(bbb=\w{10,30})\&(ccc=\d{1,10})) aaa is uuid, bbb is alphanumric, ccc is just numeric. I want to have nginx validating this regex, and one more, if someone craft (ddd=xyz) in the submission url, it has to FAIL. Pls, comments are welcome. tjoseph. -------------- next part -------------- An HTML attachment was scrubbed... URL: From tjoseph1 at ymail.com Mon Dec 10 19:27:58 2012 From: tjoseph1 at ymail.com (Thomas Joseph) Date: Tue, 11 Dec 2012 03:27:58 +0800 (SGT) Subject: I want help... In-Reply-To: <1355165818.56997.YahooMailNeo@web193004.mail.sg3.yahoo.com> References: <1355165818.56997.YahooMailNeo@web193004.mail.sg3.yahoo.com> Message-ID: <1355167678.27889.YahooMailNeo@web193006.mail.sg3.yahoo.com> Did I tell that I am looking into a reverse proxy situation ? No. My mistake. I want to have a reverse proxy, that would filter the incoming and pass-on/reject ?upon the rules. [SSL enabled web-client]=>[NGINX]=>{filtering]=>[My own custom built HTTP application] [SSL enabled web-client]<=[NGINX]<=[My own custom built HTTP application]? Thanks, tjoseph. ________________________________ From: Thomas Joseph To: "nginx at nginx.org" Sent: Tuesday, 11 December 2012 12:26 AM Subject: I want help... Hello all, What is the best way to block un-expected submissions? For example, I have this puzzle: ?((aaa=(\d{1,8}\.)+(\d{1,8}))\&(bbb=\w{10,30})\&(ccc=\d{1,10})) aaa is uuid, bbb is alphanumric, ccc is just numeric. I want to have nginx validating this regex, and one more, if someone craft (ddd=xyz) in the submission url, it has to FAIL. Pls, comments are welcome. tjoseph. _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Mon Dec 10 19:48:41 2012 From: francis at daoine.org (Francis Daly) Date: Mon, 10 Dec 2012 19:48:41 +0000 Subject: nginx and tomcat integrated but how to serve static files In-Reply-To: <00a901cdd6f2$e73df740$b5b9e5c0$@enovatemedia.co.in> References: <002301cdd46b$2a660290$7f3207b0$@enovatemedia.co.in> <20121207160128.GR18139@craic.sysops.org> <00a901cdd6f2$e73df740$b5b9e5c0$@enovatemedia.co.in> Message-ID: <20121210194841.GD18139@craic.sysops.org> On Mon, Dec 10, 2012 at 09:55:01PM +0530, Irfan Khan wrote: Hi there, > Thanks for the suggestion, but unfortunately it didn't worked. What one url did you try that you wanted to be served from the filesystem, but was instead served by tomcat? (And why do you think that it was served by tomcat?) What config file do you use that shows the problem? f -- Francis Daly francis at daoine.org From francis at daoine.org Mon Dec 10 19:50:59 2012 From: francis at daoine.org (Francis Daly) Date: Mon, 10 Dec 2012 19:50:59 +0000 Subject: rewrite help please... In-Reply-To: <1355087158.4485.53.camel@steve-new> References: <1355033161.4485.24.camel@steve-new> <20121209102937.GU18139@craic.sysops.org> <1355086260.4485.43.camel@steve-new> <1355087158.4485.53.camel@steve-new> Message-ID: <20121210195059.GE18139@craic.sysops.org> On Mon, Dec 10, 2012 at 10:05:58AM +1300, Steve Holdoway wrote: > On Mon, 2012-12-10 at 09:51 +1300, Steve Holdoway wrote: Hi there, > fastcgi_param PATH_INFO $page_redirect; > > and it works perfectly. "works perfectly" is always a good report. Glad you found what you wanted. All the best, f -- Francis Daly francis at daoine.org From christian.boenning at gmail.com Mon Dec 10 21:37:30 2012 From: christian.boenning at gmail.com (=?ISO-8859-1?Q?Christian_B=F6nning?=) Date: Mon, 10 Dec 2012 22:37:30 +0100 Subject: Proxy Cache: how much shared memory is "enough"? Message-ID: Hi, I'm planning to deploy some big websites which will make heavy usage of proxy cacheing (e.g. 1.5 million actively accessed objects in cache). The ratio of plain HTML vs images should be about 50/50 if that does have any impact on the scenario itself. Now the question which came up is how much Shared Memory for such a cache is enough. The docs don't really say very much about that. So may be one of you can give me a hint on how much memory is suitable for such a deployment. Thanks in advance. Regards, Christian -------------- next part -------------- An HTML attachment was scrubbed... URL: From grosendorf at gmail.com Tue Dec 11 02:48:00 2012 From: grosendorf at gmail.com (Gabriel Rosendorf) Date: Mon, 10 Dec 2012 21:48:00 -0500 Subject: Proxy Pass Message-ID: I'm attempting to use the proxy pass directive to send traffic to a non-https Apache server on the same server as Nginx. The server is behind a firewall, and I'm using a port forward to send traffic from a custom port to the https port. We'll call that custom port 9000. My location block looks like this: server { listen 443 server_name _; ssl on; ssl_certificate /etc/nginx/certs/company.com.crt; ssl_certificate_key /etc/nginx/certs/company.com.key; ssl_session_timeout 5m; ssl_protocols SSLv2 SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; ssl_verify_depth 2; location /location { proxy_pass http://127.0.0.1:80; } } My problem is that when the URI sent to Nginx by the browser is https://blah.company.com:9000/location Nginx translates the URL to https://blah.company.com/location (dropping the port). But, if the URI sent to Nginx is https://blah.company.com:9000/location/ (with a trailing slash), Nginx translates the URI to https://blah.company.com:9000/location/#. I want the second result, but I don't want the user to always have to type the trailing slash. I've used Nginx for this purpose before, with the same configuration, but have not run into this. -Gabriel -------------- next part -------------- An HTML attachment was scrubbed... URL: From djczaski at gmail.com Tue Dec 11 03:35:00 2012 From: djczaski at gmail.com (djczaski) Date: Mon, 10 Dec 2012 22:35:00 -0500 Subject: auth_request and nested locations Message-ID: Except for a few exceptions, I want to require authentication for an entire site. The safest place would be to put the auth_request directive at the http level but there's no way to allow the exceptions. If I put the auth_request in locations I'll need to repeat it multiple times and that seems less maintainable because the chance of it getting missed when new services are added or changed. Is there a decent way of structuring the config file for an auth portion of a site and an un auth'd side? From mdounin at mdounin.ru Tue Dec 11 08:06:12 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 11 Dec 2012 12:06:12 +0400 Subject: Proxy Cache: how much shared memory is "enough"? In-Reply-To: References: Message-ID: <20121211080612.GS40452@mdounin.ru> Hello! On Mon, Dec 10, 2012 at 10:37:30PM +0100, Christian B?nning wrote: > I'm planning to deploy some big websites which will make heavy usage of > proxy cacheing (e.g. 1.5 million actively accessed objects in cache). The > ratio of plain HTML vs images should be about 50/50 if that does have any > impact on the scenario itself. Now the question which came up is how much > Shared Memory for such a cache is enough. The docs don't really say very > much about that. So may be one of you can give me a hint on how much memory > is suitable for such a deployment. Each object in cache uses 128 bytes of memory in keys shared memory zone on 64-bit platforms, as outlined on wiki here: http://wiki.nginx.org/HttpProxyModule#proxy_cache_path So for 1.5 mln objects you'll need about 200M of memory. -- Maxim Dounin http://nginx.com/support.html From christian.boenning at gmail.com Tue Dec 11 08:18:45 2012 From: christian.boenning at gmail.com (=?ISO-8859-1?Q?Christian_B=F6nning?=) Date: Tue, 11 Dec 2012 09:18:45 +0100 Subject: Proxy Cache: how much shared memory is "enough"? In-Reply-To: <20121211080612.GS40452@mdounin.ru> References: <20121211080612.GS40452@mdounin.ru> Message-ID: Seems that I should have read the docs better ;) Thank you, Maxim. Regards, Christian 2012/12/11 Maxim Dounin > Hello! > > On Mon, Dec 10, 2012 at 10:37:30PM +0100, Christian B?nning wrote: > > > I'm planning to deploy some big websites which will make heavy usage of > > proxy cacheing (e.g. 1.5 million actively accessed objects in cache). The > > ratio of plain HTML vs images should be about 50/50 if that does have any > > impact on the scenario itself. Now the question which came up is how much > > Shared Memory for such a cache is enough. The docs don't really say very > > much about that. So may be one of you can give me a hint on how much > memory > > is suitable for such a deployment. > > Each object in cache uses 128 bytes of memory in keys shared > memory zone on 64-bit platforms, as outlined on wiki here: > > http://wiki.nginx.org/HttpProxyModule#proxy_cache_path > > So for 1.5 mln objects you'll need about 200M of memory. > > -- > Maxim Dounin > http://nginx.com/support.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Tue Dec 11 08:28:08 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 11 Dec 2012 12:28:08 +0400 Subject: auth_request and nested locations In-Reply-To: References: Message-ID: <20121211082808.GT40452@mdounin.ru> Hello! On Mon, Dec 10, 2012 at 10:35:00PM -0500, djczaski wrote: > Except for a few exceptions, I want to require authentication for an > entire site. The safest place would be to put the auth_request > directive at the http level but there's no way to allow the > exceptions. If I put the auth_request in locations I'll need to > repeat it multiple times and that seems less maintainable because the > chance of it getting missed when new services are added or changed. Is > there a decent way of structuring the config file for an auth portion > of a site and an un auth'd side? There are two basic aproaches: 1) Use "auth_request off" to switch off auth when needed: auth_request /auth; location / { ... } location /no_auth_here/ { auth_request off; } 2) Use nested locations for places which need auth, and explicitly configure locations without auth when needed: location / { auth_request /auth; location /some_nested_location_with_auth/ { ... } } location /no_auth_here/ { # no auth_request here } -- Maxim Dounin http://nginx.com/support.html From irfan.khan at enovatemedia.co.in Tue Dec 11 08:48:27 2012 From: irfan.khan at enovatemedia.co.in (Irfan Khan) Date: Tue, 11 Dec 2012 14:18:27 +0530 Subject: nginx and tomcat integrated but how to serve static files In-Reply-To: <20121210194841.GD18139@craic.sysops.org> References: <002301cdd46b$2a660290$7f3207b0$@enovatemedia.co.in> <20121207160128.GR18139@craic.sysops.org> <00a901cdd6f2$e73df740$b5b9e5c0$@enovatemedia.co.in> <20121210194841.GD18139@craic.sysops.org> Message-ID: <009901cdd77c$4aed88d0$e0c89a70$@enovatemedia.co.in> Hi, My config is same as earlier. I had tried to access /foo/learning.html from Nginx. But if I keep tomcat server off then I am unable to load this page. If I keep tomcat server up and try for some files (blah.html)which is not exists then tomcat reports an error on page. I have also tried giving full access to webapps directive just for testing purpose. Nothing worked! Kindly suggest, my config is as follows; Location /foo/* Root /tomcat/webapps/abc/ Index.html > location /abc/ { proxy_pass http://localhost:8080; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; } Thanks and Regards, Irfan Khan -----Original Message----- From: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] On Behalf Of Francis Daly Sent: 11 December 2012 01:19 To: nginx at nginx.org Subject: Re: nginx and tomcat integrated but how to serve static files On Mon, Dec 10, 2012 at 09:55:01PM +0530, Irfan Khan wrote: Hi there, > Thanks for the suggestion, but unfortunately it didn't worked. What one url did you try that you wanted to be served from the filesystem, but was instead served by tomcat? (And why do you think that it was served by tomcat?) What config file do you use that shows the problem? f -- Francis Daly francis at daoine.org _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx From dinoosh.niki at gmail.com Tue Dec 11 08:58:51 2012 From: dinoosh.niki at gmail.com (Dinoosh Nikapitiya) Date: Tue, 11 Dec 2012 14:28:51 +0530 Subject: Fwd: reverse proxy In-Reply-To: References: Message-ID: Hi all, I configured an nginx server as a reverse proxy few months ago. i have apache server as a back end of the reverse proxy. Every thing worked well until i start to use ssl. When i try to redirect https://mydomain.com to https://www.mydomain.com it gives me ssl untrusted error. When i check HTTP_X_URL_SCHEME on backend server it shows only http. Backend cannot understand if it is a http or https header. How do i fix this? below is my nginx vhost and back end apache vhost server { listen 443; server_name mydomain.com www.mydomain.com; access_log /var/log/nginx/mydomain.com.access.log; ssl on; ssl_certificate /home/ssl/mydomain.com.crt; ssl_certificate_key /home/ssl/mydomain.com.pvk; ssl_prefer_server_ciphers on; ssl_protocols SSLv3 TLSv1; ssl_session_cache shared:SSL:2m; ssl_ciphers DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:EDH-RSA-DES-CBC3-SHA:AES256-SHA:DES-CBC3-SHA:AES128-SHA:RC4-SHA:RC4-MD5; charset utf-8; keepalive_timeout 70; location / { proxy_pass http://xx.xx.xx.xx:xx; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Url-Scheme $scheme; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; } ########################################################## DocumentRoot /path/ Options -Indexes FollowSymLinks MultiViews AllowOverride None RewriteEngine on AddDefaultCharset utf-8 RewriteCond %{HTTP_HOST} ^mydomain.com RewriteCond %{HTTPS} !=on RewriteRule ^(.*)$ https://www.mydomain.com$1 [R=302,L] RewriteCond %{HTTP_HOST} ^mydomain.com RewriteRule ^(.*)$ http://www.mydomain.com$1 [R=302,L] RewriteCond %{REQUEST_METHOD} !^(GET|POST|HEAD)$ RewriteRule .* - [F] RewriteRule ^(.*)$ index.php?route=$1 [L,QSA] Order allow,deny Allow from all RPAFenable On RPAFsethostname On RPAFproxy_ips xx.xx.xx.xx -- *Dinoosh Nikapitiya IT Infrastructure Administrator Mobile :- (077) 5 904 547* -------------- next part -------------- An HTML attachment was scrubbed... URL: From edho at myconan.net Tue Dec 11 09:18:49 2012 From: edho at myconan.net (Edho Arief) Date: Tue, 11 Dec 2012 16:18:49 +0700 Subject: reverse proxy In-Reply-To: References: Message-ID: On Tue, Dec 11, 2012 at 3:58 PM, Dinoosh Nikapitiya wrote: > Hi all, > > I configured an nginx server as a reverse proxy few months ago. i have > apache server as a back end of the reverse proxy. Every thing worked well > until i start to use ssl. > > When i try to redirect https://mydomain.com to https://www.mydomain.com it > gives me ssl untrusted error. > SSL is handled by nginx and not usually passed at all to backend. The error probably caused by nginx serving certificate for mydomain.com but the browser is accessing www.mydomain.com. Domain mismatch raises the error. Put a certificate for www.mydomain.com instead which usually already includes mydomain.com (depends on the provider) or create separate server block which has certificate for each domain (which probably better since it will skip backend entirely for the redirect). > When i check HTTP_X_URL_SCHEME on backend server it shows only http. > Backend cannot understand if it is a http or https header. > How did you check it? Have you tried hardcoding https to the proxy set header? From nginx-forum at nginx.us Tue Dec 11 09:36:42 2012 From: nginx-forum at nginx.us (goosman.lei) Date: Tue, 11 Dec 2012 04:36:42 -0500 Subject: Help me!!! About Content-Type header parse Message-ID: When I used multipart/form-data, I find that: 1. Content-Type: multipart/form-data; boundary=----------------------------4db878605894\r\n 2. Content-Type: multipart/form-data; boundary=----------------------------4db878605894; charset=utf-8\r\n 3. Content-Type: multipart/form-data; charset=utf-8; boundary=----------------------------4db878605894\r\n in above three example, when I submit 1 and 3, It's work fine, but 2 don't work Is there a bug? or who can tell me why? demonstrate code: http://pastebin.com/59aAhkFY Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233848,233848#msg-233848 From dinoosh.niki at gmail.com Tue Dec 11 09:47:13 2012 From: dinoosh.niki at gmail.com (Dinoosh Nikapitiya) Date: Tue, 11 Dec 2012 15:17:13 +0530 Subject: reverse proxy In-Reply-To: References: Message-ID: Hay Edho Arief, We already have the certificate for both www.mydomain.com and mydomain.com. But still get the error. >> When i check HTTP_X_URL_SCHEME on backend server it shows only http. >> Backend cannot understand if it is a http or https header. >> >How did you check it? Usually php can get those headers. I just used php scrip to get it. >Have you tried hardcoding https to the proxy set header? Yes I tried that also. But still no luck. On Tue, Dec 11, 2012 at 2:48 PM, Edho Arief wrote: > On Tue, Dec 11, 2012 at 3:58 PM, Dinoosh Nikapitiya > wrote: > > Hi all, > > > > I configured an nginx server as a reverse proxy few months ago. i have > > apache server as a back end of the reverse proxy. Every thing worked well > > until i start to use ssl. > > > > When i try to redirect https://mydomain.com to https://www.mydomain.comit > > gives me ssl untrusted error. > > > > SSL is handled by nginx and not usually passed at all to backend. The > error probably caused by nginx serving certificate for mydomain.com > but the browser is accessing www.mydomain.com. Domain mismatch raises > the error. > > Put a certificate for www.mydomain.com instead which usually already > includes mydomain.com (depends on the provider) or create separate > server block which has certificate for each domain (which probably > better since it will skip backend entirely for the redirect). > > > When i check HTTP_X_URL_SCHEME on backend server it shows only http. > > Backend cannot understand if it is a http or https header. > > > > How did you check it? Have you tried hardcoding https to the proxy set > header? > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- *Dinoosh Nikapitiya IT Infrastructure Administrator Mobile :- (077) 5 904 547* -------------- next part -------------- An HTML attachment was scrubbed... URL: From edho at myconan.net Tue Dec 11 10:01:09 2012 From: edho at myconan.net (Edho Arief) Date: Tue, 11 Dec 2012 17:01:09 +0700 Subject: reverse proxy In-Reply-To: References: Message-ID: On Tue, Dec 11, 2012 at 4:47 PM, Dinoosh Nikapitiya wrote: > Hay Edho Arief, > We already have the certificate for both www.mydomain.com and mydomain.com. > But still get the error. > are they both in single certificate or separate? Check the DNS Name in certificate's Subject Alternative Name. The correct certificate should include both names (mydomain.com and www.mydomain.com) if you want to have only one server block. Otherwise you have to create two separate server block: server { listen 443 ssl; server_name mydomain.com; ssl_certificate ...; ssl_certificate_key ...; return 301 https://www.mydomain.com$request_uri; } server { listen 443 ssl; server_name www.mydomain.com; ssl_certificate ...; ... } > >>> When i check HTTP_X_URL_SCHEME on backend server it shows only http. >>> Backend cannot understand if it is a http or https header. >>> > >>How did you check it? > > Usually php can get those headers. I just used php scrip to get it. > My guess is apache overwritten the variable. From falon at csi.it Tue Dec 11 10:14:05 2012 From: falon at csi.it (Marco) Date: Tue, 11 Dec 2012 10:14:05 +0000 (UTC) Subject: nginx mail starttls ip based Message-ID: Hello, I'm new in nginx world. I would like to configure a single nginx server to proxy imap/pop servers with starttls option. I would like that the "starttls" could be "on" on a list of known safe IPs and "only" on other IPs. Using the same listen port and protocol. Could you tell me how to achieve this? Maybe, is there a way to set the starttls in auth phase? For instance, let suppose I have configured this: server { listen 110; protocol pop3; starttls on; proxy on; } server { listen 110; protocol pop3; starttls only; proxy on; } I would select first or second server block using Client-IP header. Is it possible? Thanks a lot. Best Regards Marco From djczaski at gmail.com Tue Dec 11 11:52:46 2012 From: djczaski at gmail.com (djczaski) Date: Tue, 11 Dec 2012 06:52:46 -0500 Subject: auth_request and nested locations In-Reply-To: <20121211082808.GT40452@mdounin.ru> References: <20121211082808.GT40452@mdounin.ru> Message-ID: Thank you for the reply. On Tue, Dec 11, 2012 at 3:28 AM, Maxim Dounin wrote: > Hello! > > On Mon, Dec 10, 2012 at 10:35:00PM -0500, djczaski wrote: > >> Except for a few exceptions, I want to require authentication for an >> entire site. The safest place would be to put the auth_request >> directive at the http level but there's no way to allow the >> exceptions. If I put the auth_request in locations I'll need to >> repeat it multiple times and that seems less maintainable because the >> chance of it getting missed when new services are added or changed. Is >> there a decent way of structuring the config file for an auth portion >> of a site and an un auth'd side? > > There are two basic aproaches: > > 1) Use "auth_request off" to switch off auth when needed: > > auth_request /auth; > > location / { > ... > } > > location /no_auth_here/ { > auth_request off; > } I didn't understand this was possible. I figured the auth_request from the http level was "evaluated" first before looking at lower levels. This is good to know. > 2) Use nested locations for places which need auth, and > explicitly configure locations without auth when needed: > > location / { > auth_request /auth; > > location /some_nested_location_with_auth/ { > ... > } > } > > location /no_auth_here/ { > # no auth_request here > } This style seems best, but I read a post from Igor that said you can not use nested locations except with regular expressions: http://forum.nginx.org/read.php?2,174517,174534#msg-174534 Maybe I am miss understanding his statement. Thanks. > -- > Maxim Dounin > http://nginx.com/support.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From lists at ruby-forum.com Tue Dec 11 11:54:06 2012 From: lists at ruby-forum.com (adam sun) Date: Tue, 11 Dec 2012 12:54:06 +0100 Subject: nginx on multi ip address Message-ID: My webserver has two ip(192.168.0.10 and 200.12.12.10). And I have many hosts running on these ip. most of them configured like this: server { server_name server1; listen 80; }; server { server_name server2; listen 80; }; #........ Then I would like to make "server1" only listen to internal ip address(192.168.0.10). And I changed the server1 conf to server { server_name server1; listen 192.168.0.10:80; }; and keep everything else as before. Now I got problem. When I visit server2 using ip 192.168.0.10, the server will give me response of server1. Is there anyway to resolve this? -- Posted via http://www.ruby-forum.com/. From francis at daoine.org Tue Dec 11 12:02:43 2012 From: francis at daoine.org (Francis Daly) Date: Tue, 11 Dec 2012 12:02:43 +0000 Subject: auth_request and nested locations In-Reply-To: References: <20121211082808.GT40452@mdounin.ru> Message-ID: <20121211120243.GF18139@craic.sysops.org> On Tue, Dec 11, 2012 at 06:52:46AM -0500, djczaski wrote: Hi there, > This style seems best, but I read a post from Igor that said you can > not use nested locations except with regular expressions: > > http://forum.nginx.org/read.php?2,174517,174534#msg-174534 > > Maybe I am miss understanding his statement. I suspect that the line """ If you use only locations without regexes, then you may not use nested locations. """ is better understood as "you are not required to use nested" than "you are required not to use nested". f -- Francis Daly francis at daoine.org From contact at jpluscplusm.com Tue Dec 11 12:04:07 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Tue, 11 Dec 2012 12:04:07 +0000 Subject: auth_request and nested locations In-Reply-To: References: <20121211082808.GT40452@mdounin.ru> Message-ID: On 11 December 2012 11:52, djczaski wrote: > This style seems best, but I read a post from Igor that said you can > not use nested locations except with regular expressions: > > http://forum.nginx.org/read.php?2,174517,174534#msg-174534 > > Maybe I am miss understanding his statement. Why don't you try it out and see what happens? I think Igor was speaking from a last-1%-performance perspective, personally. Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From francis at daoine.org Tue Dec 11 12:13:41 2012 From: francis at daoine.org (Francis Daly) Date: Tue, 11 Dec 2012 12:13:41 +0000 Subject: nginx on multi ip address In-Reply-To: References: Message-ID: <20121211121341.GG18139@craic.sysops.org> On Tue, Dec 11, 2012 at 12:54:06PM +0100, adam sun wrote: Hi there, > When I visit server2 using ip 192.168.0.10, the server will give me > response of server1. http://nginx.org/en/docs/http/request_processing.html > Is there anyway to resolve this? Probably simplest is to list all of the desired listen addresses in each server{} block. (I don't know if there's a sensible way to have server1 just reject any incoming requests to the "wrong" addresses -- if so, that might be an alternative.) f -- Francis Daly francis at daoine.org From contact at jpluscplusm.com Tue Dec 11 12:22:29 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Tue, 11 Dec 2012 12:22:29 +0000 Subject: nginx on multi ip address In-Reply-To: References: Message-ID: On 11 December 2012 11:54, adam sun wrote: > My webserver has two ip(192.168.0.10 and 200.12.12.10). > And I have many hosts running on these ip. > > most of them configured like this: > > server { > server_name server1; > listen 80; > }; > > server { > server_name server2; > listen 80; > }; > > #........ > > Then I would like to make "server1" only listen to internal ip > address(192.168.0.10). > And I changed the server1 conf to > server { > server_name server1; > listen 192.168.0.10:80; > }; > > and keep everything else as before. > > Now I got problem. > When I visit server2 using ip 192.168.0.10, the server will give me > response of server1. > > > Is there anyway to resolve this? Along with the IP-specific server{} blocks you've created, set up a default server which doesn't have an affinity to any site. e.g. server { listen 192.168.0.10:80 default_server; listen 200.12.12.10:80 default_server; server_name _; return 444; # or redirect, or whatever is appropriate } HTH Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From francis at daoine.org Tue Dec 11 12:26:20 2012 From: francis at daoine.org (Francis Daly) Date: Tue, 11 Dec 2012 12:26:20 +0000 Subject: nginx and tomcat integrated but how to serve static files In-Reply-To: <009901cdd77c$4aed88d0$e0c89a70$@enovatemedia.co.in> References: <002301cdd46b$2a660290$7f3207b0$@enovatemedia.co.in> <20121207160128.GR18139@craic.sysops.org> <00a901cdd6f2$e73df740$b5b9e5c0$@enovatemedia.co.in> <20121210194841.GD18139@craic.sysops.org> <009901cdd77c$4aed88d0$e0c89a70$@enovatemedia.co.in> Message-ID: <20121211122620.GH18139@craic.sysops.org> On Tue, Dec 11, 2012 at 02:18:27PM +0530, Irfan Khan wrote: Hi there, > My config is same as earlier. I had tried to access /foo/learning.html from > Nginx. But if I keep tomcat server off then I am unable to load this page. If you use the config you posted in the first mail, /foo/learning.html should give you the file /var/www/nginx-default/foo/learning.html, and should not involve tomcat at all (so shouldn't change whether tomcat is on or off). Does it give you that file? If not, what does it give you instead? Probably best is to copy-paste the output of curl -i http://192.168.0.16/foo/learning.html if it is not what you want it to be. The later mails, including this one, don't appear to include any other valid nginx config. > If I keep tomcat server up and try for some files (blah.html)which is not > exists then tomcat reports an error on page. curl -i http://192.168.0.16/blah.html should show you the file /var/www/nginx-default/blah.html, or an nginx http 404 message. curl -i http://192.168.0.16/abc/blah.html should show you whatever tomcat produces, if you use your original configuration; or should show you the content of (probably) /usr/local/nginx/html/abc/blah.html, if you add the change suggested. > I have also tried giving full access to webapps directive just for testing > purpose. Nothing worked! I want to use the nginx config that you provide, to reproduce the error that you report. So far, I can't. f -- Francis Daly francis at daoine.org From mdounin at mdounin.ru Tue Dec 11 12:31:07 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 11 Dec 2012 16:31:07 +0400 Subject: nginx mail starttls ip based In-Reply-To: References: Message-ID: <20121211123107.GU40452@mdounin.ru> Hello! On Tue, Dec 11, 2012 at 10:14:05AM +0000, Marco wrote: > Hello, > > I'm new in nginx world. I would like to configure a single nginx server > to proxy imap/pop servers with starttls option. > > I would like that the "starttls" could be "on" on a list of known safe IPs > and "only" on other IPs. Using the same listen port and protocol. > > Could you tell me how to achieve this? > Maybe, is there a way to set the starttls in auth phase? > > For instance, let suppose I have configured this: > > server { > listen 110; > protocol pop3; > starttls on; > proxy on; > } > > server { > listen 110; > protocol pop3; > starttls only; > proxy on; > } > > I would select first or second server block using Client-IP header. > Is it possible? No. Either use "starttls only" for all clients, or configure different servers on different ip addresses/ports. -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Tue Dec 11 13:25:30 2012 From: nginx-forum at nginx.us (polleke) Date: Tue, 11 Dec 2012 08:25:30 -0500 Subject: Dynamic Mass vhosts / reverse proxying Message-ID: <48ad3804bbed358facd66bf36f13b79c.NginxMailingListEnglish@forum.nginx.org> I'm trying to configure mass (300+) dynamic vhosts and reverse proxying. users come in at: https://test.abc.example.com and should be transparantly proxied to: http://foo.abc.somethingelse.net Anyone who has this kind of config running ? - tried regular expressions - wildcard certificate available Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233866,233866#msg-233866 From appa at perusio.net Tue Dec 11 13:30:56 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Tue, 11 Dec 2012 14:30:56 +0100 Subject: Dynamic Mass vhosts / reverse proxying In-Reply-To: <48ad3804bbed358facd66bf36f13b79c.NginxMailingListEnglish@forum.nginx.org> References: <48ad3804bbed358facd66bf36f13b79c.NginxMailingListEnglish@forum.nginx.org> Message-ID: <665698838394db53fc40843fd90bfb9b.squirrel@damiao.org> > I'm trying to configure mass (300+) dynamic vhosts and reverse proxying. > > users come in at: https://test.abc.example.com and should be transparantly > proxied to: http://foo.abc.somethingelse.net > > Anyone who has this kind of config running ? > - tried regular expressions > - wildcard certificate available Look up the map directive: http://nginx.org/en/docs/http/ngx_http_map_module.html#map I think it's the most suitable thing for your setup. --appa From djczaski at gmail.com Tue Dec 11 13:35:21 2012 From: djczaski at gmail.com (djczaski at gmail.com) Date: Tue, 11 Dec 2012 08:35:21 -0500 Subject: auth_request and nested locations In-Reply-To: References: <20121211082808.GT40452@mdounin.ru> Message-ID: On Dec 11, 2012, at 7:04 AM, Jonathan Matthews wrote: > On 11 December 2012 11:52, djczaski wrote: >> This style seems best, but I read a post from Igor that said you can >> not use nested locations except with regular expressions: >> >> http://forum.nginx.org/read.php?2,174517,174534#msg-174534 >> >> Maybe I am miss understanding his statement. > > Why don't you try it out and see what happens? I did try it and it seems to work. > I think Igor was speaking from a last-1%-performance perspective, personally. I kind of read it as "don't do this" so i was concerned with using it as a solution or hack. > > Jonathan > -- > Jonathan Matthews // Oxford, London, UK > http://www.jpluscplusm.com/contact.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From lists at ruby-forum.com Tue Dec 11 13:38:37 2012 From: lists at ruby-forum.com (Davide D'Amico) Date: Tue, 11 Dec 2012 14:38:37 +0100 Subject: cannot PUT file with nginx-mogilefs-module In-Reply-To: <4CA1C361.8070402@gmail.com> References: <4CA03960.9010105@gmail.com> <12668837.15258.1285591476230.JavaMail.root@zone.mtgsy.net> <1813735.15383.1285667742665.JavaMail.root@zone.mtgsy.net> <4CA1C361.8070402@gmail.com> Message-ID: <2846b3aca29bbf42a2436b7e6cd1401c@ruby-forum.com> rrssuupp1231 at gmail.com wrote in post #944380: > Thank you very much Valery, > > Your patch worked very well in my environment. > > > I'm going to look for a permanent solution later. > I'm looking forward to your best solution!! > Hi, I'm using FreeBSD 9.0 amd64 and nginx-1.2.5_1,1 with the mogilefs module taken from github: https://github.com/vkholodkov/nginx-mogilefs-module/blob/master/ngx_http_mogilefs_module.c During a 'massive' (1 upload / second) upload I see that nginx never closes opened connections: root at motracker1:~# sockstat -v | grep 80 | wc -l 260 root at motracker1:~# After seconds... root at motracker1:~# sockstat -v | grep 80 | wc -l 265 root at motracker1:~# And it grows up filling all worker_connections slots. Any hint? Thanks, d. -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Tue Dec 11 14:59:28 2012 From: nginx-forum at nginx.us (polleke) Date: Tue, 11 Dec 2012 09:59:28 -0500 Subject: Dynamic Mass vhosts / reverse proxying In-Reply-To: <665698838394db53fc40843fd90bfb9b.squirrel@damiao.org> References: <665698838394db53fc40843fd90bfb9b.squirrel@damiao.org> Message-ID: <005698524b999c6fdb678d57901ae124.NginxMailingListEnglish@forum.nginx.org> Looks like a "not so much used" feature ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233866,233872#msg-233872 From mdounin at mdounin.ru Tue Dec 11 15:01:23 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 11 Dec 2012 19:01:23 +0400 Subject: nginx-1.2.6 Message-ID: <20121211150123.GA40452@mdounin.ru> Changes with nginx 1.2.6 11 Dec 2012 *) Feature: the $request_time and $msec variables can now be used not only in the "log_format" directive. *) Bugfix: cache manager and cache loader processes might not be able to start if more than 512 listen sockets were used. *) Bugfix: in the ngx_http_dav_module. -- Maxim Dounin http://nginx.com/support.html From r at roze.lv Tue Dec 11 15:08:52 2012 From: r at roze.lv (Reinis Rozitis) Date: Tue, 11 Dec 2012 17:08:52 +0200 Subject: nginx-1.2.6 In-Reply-To: <20121211150123.GA40452@mdounin.ru> References: <20121211150123.GA40452@mdounin.ru> Message-ID: <77F8FCC7D99E48438E945EEC7D39CAD4@MasterPC> > *) Bugfix: in the ngx_http_dav_module. Maxim can you be a bit more detailed on this one (using dav module so interested if affected)? rr From contact at jpluscplusm.com Tue Dec 11 15:14:24 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Tue, 11 Dec 2012 15:14:24 +0000 Subject: Dynamic Mass vhosts / reverse proxying In-Reply-To: <005698524b999c6fdb678d57901ae124.NginxMailingListEnglish@forum.nginx.org> References: <665698838394db53fc40843fd90bfb9b.squirrel@damiao.org> <005698524b999c6fdb678d57901ae124.NginxMailingListEnglish@forum.nginx.org> Message-ID: On 11 December 2012 14:59, polleke wrote: > Looks like a "not so much used" feature ? Please explain why you think that's the case. -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From appa at perusio.net Tue Dec 11 15:20:29 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Tue, 11 Dec 2012 16:20:29 +0100 Subject: Dynamic Mass vhosts / reverse proxying In-Reply-To: <005698524b999c6fdb678d57901ae124.NginxMailingListEnglish@forum.nginx.org> References: <665698838394db53fc40843fd90bfb9b.squirrel@damiao.org> <005698524b999c6fdb678d57901ae124.NginxMailingListEnglish@forum.nginx.org> Message-ID: <6dd5694435b7f83ab6ccc1e0ec2a7025.squirrel@damiao.org> > Looks like a "not so much used" feature ? Why do you say that? If you go to the russian language list is often talked about and even here it has been growing. It's the most clean way to implement what you want IMHO. --appa From igor at sysoev.ru Tue Dec 11 15:33:53 2012 From: igor at sysoev.ru (Igor Sysoev) Date: Tue, 11 Dec 2012 19:33:53 +0400 Subject: Dynamic Mass vhosts / reverse proxying In-Reply-To: <005698524b999c6fdb678d57901ae124.NginxMailingListEnglish@forum.nginx.org> References: <665698838394db53fc40843fd90bfb9b.squirrel@damiao.org> <005698524b999c6fdb678d57901ae124.NginxMailingListEnglish@forum.nginx.org> Message-ID: <71A6EB8A-247C-44C3-B27C-255D8DA5CC4E@sysoev.ru> 11.12.2012, ? 18:59, "polleke" ???????(?): > Looks like a "not so much used" feature ? Surprisingly but "map" has been initially introduced exactly for mass hosting. -- Igor Sysoev From mdounin at mdounin.ru Tue Dec 11 16:40:30 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 11 Dec 2012 20:40:30 +0400 Subject: nginx-1.2.6 In-Reply-To: <77F8FCC7D99E48438E945EEC7D39CAD4@MasterPC> References: <20121211150123.GA40452@mdounin.ru> <77F8FCC7D99E48438E945EEC7D39CAD4@MasterPC> Message-ID: <20121211164030.GE40452@mdounin.ru> Hello! On Tue, Dec 11, 2012 at 05:08:52PM +0200, Reinis Rozitis wrote: > > *) Bugfix: in the ngx_http_dav_module. > > Maxim can you be a bit more detailed on this one (using dav module > so interested if affected)? http://trac.nginx.org/nginx/changeset/4955/nginx -- Maxim Dounin http://nginx.com/support.html From contact at jpluscplusm.com Tue Dec 11 16:44:52 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Tue, 11 Dec 2012 16:44:52 +0000 Subject: nginx-1.2.6 In-Reply-To: <20121211150123.GA40452@mdounin.ru> References: <20121211150123.GA40452@mdounin.ru> Message-ID: On 11 December 2012 15:01, Maxim Dounin wrote: > Changes with nginx 1.2.6 11 Dec 2012 > > *) Feature: the $request_time and $msec variables can now be used not > only in the "log_format" directive. This is great! Could you give some examples of other variables that these can now be considered similar to, with respect to when and where they're available for use? Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From r at roze.lv Tue Dec 11 16:46:14 2012 From: r at roze.lv (Reinis Rozitis) Date: Tue, 11 Dec 2012 18:46:14 +0200 Subject: nginx-1.2.6 In-Reply-To: <20121211164030.GE40452@mdounin.ru> References: <20121211150123.GA40452@mdounin.ru> <77F8FCC7D99E48438E945EEC7D39CAD4@MasterPC> <20121211164030.GE40452@mdounin.ru> Message-ID: <434A626C253245BF8E8E7D3C2C0F2730@MasterPC> > http://trac.nginx.org/nginx/changeset/4955/nginx Thx. p.s. using on a fuse filesystem - have never encountered something like that rr From mdounin at mdounin.ru Tue Dec 11 17:13:38 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 11 Dec 2012 21:13:38 +0400 Subject: nginx-1.2.6 In-Reply-To: <434A626C253245BF8E8E7D3C2C0F2730@MasterPC> References: <20121211150123.GA40452@mdounin.ru> <77F8FCC7D99E48438E945EEC7D39CAD4@MasterPC> <20121211164030.GE40452@mdounin.ru> <434A626C253245BF8E8E7D3C2C0F2730@MasterPC> Message-ID: <20121211171338.GG40452@mdounin.ru> Hello! On Tue, Dec 11, 2012 at 06:46:14PM +0200, Reinis Rozitis wrote: > >http://trac.nginx.org/nginx/changeset/4955/nginx > > Thx. > > p.s. using on a fuse filesystem - have never encountered something like that This is not about filesystem, but rather about configuration. Configuring nginx to handle webdav PUT requests e.g. after error_page fallback from another proxied location resulted in segmentation fault rather than 500 (Internal Server Error) being returned due to unsupported configuration. -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Tue Dec 11 18:33:04 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 11 Dec 2012 22:33:04 +0400 Subject: nginx-1.2.6 In-Reply-To: References: <20121211150123.GA40452@mdounin.ru> Message-ID: <20121211183303.GH40452@mdounin.ru> Hello! On Tue, Dec 11, 2012 at 04:44:52PM +0000, Jonathan Matthews wrote: > On 11 December 2012 15:01, Maxim Dounin wrote: > > Changes with nginx 1.2.6 11 Dec 2012 > > > > *) Feature: the $request_time and $msec variables can now be used not > > only in the "log_format" directive. > > This is great! Could you give some examples of other variables that > these can now be considered similar to, with respect to when and where > they're available for use? There are some (semi-)variables which were only available in the log_format directive, see here for a full list: http://nginx.org/r/log_format These variables wasn't available as generic ones as they weren't expected to be usable during request processing. For now this aproach is reconsidered, and the plan is to eventually make all such variables generic, even if they don't make much sense till request processing is complete. This will allow, in particular, to use such variables in other modules similar to ngx_http_log_module, or to log some derivative variables using map{}. Semantic of such variables didn't change when they are made available as generic variables as long as they are used in the "log_format" directive, i.e. evaluated during request logging. If you'll try to use them at other phases of a request processing, in some cases previous definitions no longer apply or slightly changes. E.g. $msec, previously defined as (quote from http://nginx.org/r/log_format): time in seconds with a milliseconds resolution at the time of log write now defined as (quote from http://nginx.org/en/docs/http/ngx_http_core_module.html#var_msec): current time in seconds with a milliseconds resolution Where "current" means a time of the variable evaluation. E.g. if you'll use it in proxy_set_header directive, it will be the time when request to an upstream was created. The $request_time was defined as (quote from http://nginx.org/r/log_format): request processing time in seconds with a milliseconds resolution; time elapsed between the first bytes were read from the client and the log write after the last bytes were sent to the client It remains the same when used in log format, but more generic definition is now available (quote from http://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_time): request processing time in seconds with a milliseconds resolution (1.3.9, 1.2.6); time elapsed since the first bytes were read from the client Much like $msec, if you'll use it in proxy_set_header, it will be the time from a request start till nginx created a request to an upstream. And if used in add_header, it will be the time from a request start till sending response headers to a client. Hope this helps. -- Maxim Dounin http://nginx.com/support.html From kworthington at gmail.com Tue Dec 11 19:27:54 2012 From: kworthington at gmail.com (Kevin Worthington) Date: Tue, 11 Dec 2012 14:27:54 -0500 Subject: [nginx-announce] nginx-1.2.6 In-Reply-To: <20121211150156.GB40452@mdounin.ru> References: <20121211150156.GB40452@mdounin.ru> Message-ID: Hello Nginx Users, Now available: Nginx 1.2.6 For Windows http://goo.gl/FMg4H (32-bit and 64-bit versions) These versions are to support legacy users who are already using Cygwin based builds of Nginx. Officially supported native Windows binaries are at nginx.org. Announcements are also available via my Twitter stream ( http://twitter.com/kworthington), if you prefer to receive updates that way. Thank you, Kevin -- Kevin Worthington kworthington *@* (gmail] [dot} {com) http://kevinworthington.com/ http://twitter.com/kworthington On Tue, Dec 11, 2012 at 10:01 AM, Maxim Dounin wrote: > Changes with nginx 1.2.6 11 Dec > 2012 > > *) Feature: the $request_time and $msec variables can now be used not > only in the "log_format" directive. > > *) Bugfix: cache manager and cache loader processes might not be able > to > start if more than 512 listen sockets were used. > > *) Bugfix: in the ngx_http_dav_module. > > > -- > Maxim Dounin > http://nginx.com/support.html > > _______________________________________________ > nginx-announce mailing list > nginx-announce at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-announce > -------------- next part -------------- An HTML attachment was scrubbed... URL: From agentzh at gmail.com Tue Dec 11 20:06:20 2012 From: agentzh at gmail.com (agentzh) Date: Tue, 11 Dec 2012 12:06:20 -0800 Subject: [ANN] ngx_openresty devel version 1.2.4.13 released In-Reply-To: References: Message-ID: Hello, folks! I am happy to announce the new development version of ngx_openresty, 1.2.4.13: http://openresty.org/#Download This is possibly the last development release in the 1.2.4.x series if no regressions are reported. Special thanks go to all our contributors and users for helping make this happen! Below is the complete change log for this release, as compared to the last (development) release, 1.2.4.11: * upgraded LuaNginxModule to 0.7.8. * bugfix: ngx.req.set_body_file() might lead to memory issues because it directly used the storage of Lua strings allocated by the Lua GC (we should have allocated a new memory block on the Nginx side and copy the string data over). * upgraded LuaRestyMySQLLibrary to 0.12. * feature: convert the MySQL "newdecimal" typed fields to Lua numbers by default as requested by shedar. * optimize: marked the internal Lua function "_recv_packet" as a "local" function. The HTML version of the change log with some helpful hyper-links can be browsed here: http://openresty.org/#ChangeLog1002004 OpenResty (aka. ngx_openresty) is a full-fledged web application server by bundling the standard Nginx core, lots of 3rd-party Nginx modules and Lua libraries, as well as most of their external dependencies. See OpenResty's homepage for details: http://openresty.org/ We have been running extensive testing on our Amazon EC2 test cluster and ensure that all the components (including the Nginx core) play well together. The latest test report can always be found here: http://qa.openresty.org Enjoy! -agentzh From nginx-forum at nginx.us Tue Dec 11 21:15:44 2012 From: nginx-forum at nginx.us (mauro76) Date: Tue, 11 Dec 2012 16:15:44 -0500 Subject: connect_timeout option for proxy_next_upstream Message-ID: I posted this question in another thread but I received no answer, sorry to ask again. On my current set up, I'm using the timeout option to make sure the request is passed to the next upstream if the first server is down. If the request is hanging, it's possible the request coming in is a bad request, which could potentially slow down the whole cluster. I would like to go to the next upstream only on connection timeout. I wonder if you could provide two additional options, "read_timeout" and "connect_timeout", leaving "timeout" unchanged. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233894,233894#msg-233894 From h.dudeness at gmail.com Tue Dec 11 22:18:01 2012 From: h.dudeness at gmail.com (Matt M) Date: Tue, 11 Dec 2012 16:18:01 -0600 Subject: Upload Progress Message-ID: Hello, I recently installed http://wiki.nginx.org/HttpUploadProgressModule with nginx 1.2.6. On the client side I have a request coming every second to check on the upload status. As I watch the access.log I can see all of the status check requests before the actual file post shows up in the access log. I am wondering if that is normal or should I see the file post show up in the access log then the status check requests after that? From nginx-forum at nginx.us Wed Dec 12 07:49:20 2012 From: nginx-forum at nginx.us (goosman.lei) Date: Wed, 12 Dec 2012 02:49:20 -0500 Subject: Help me!!! About Content-Type header parse In-Reply-To: References: Message-ID: anyone can help me? please Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233848,233907#msg-233907 From mdounin at mdounin.ru Wed Dec 12 08:36:04 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 12 Dec 2012 12:36:04 +0400 Subject: Upload Progress In-Reply-To: References: Message-ID: <20121212083604.GJ40452@mdounin.ru> Hello! On Tue, Dec 11, 2012 at 04:18:01PM -0600, Matt M wrote: > Hello, > > I recently installed http://wiki.nginx.org/HttpUploadProgressModule > with nginx 1.2.6. > > On the client side I have a request coming every second to check on > the upload status. As I watch the access.log I can see all of the > status check requests before the actual file post shows up in the > access log. > > I am wondering if that is normal or should I see the file post show up > in the access log then the status check requests after that? It's normal. Logging happens after a request processing is complete, after sending the response, and hence status check requests are logged before the file post. -- Maxim Dounin http://nginx.com/support.html From h.dudeness at gmail.com Wed Dec 12 12:09:56 2012 From: h.dudeness at gmail.com (Matt M) Date: Wed, 12 Dec 2012 06:09:56 -0600 Subject: Upload Progress In-Reply-To: <20121212083604.GJ40452@mdounin.ru> References: <20121212083604.GJ40452@mdounin.ru> Message-ID: Thanks for the response. On Wed, Dec 12, 2012 at 2:36 AM, Maxim Dounin wrote: > Hello! > > On Tue, Dec 11, 2012 at 04:18:01PM -0600, Matt M wrote: > >> Hello, >> >> I recently installed http://wiki.nginx.org/HttpUploadProgressModule >> with nginx 1.2.6. >> >> On the client side I have a request coming every second to check on >> the upload status. As I watch the access.log I can see all of the >> status check requests before the actual file post shows up in the >> access log. >> >> I am wondering if that is normal or should I see the file post show up >> in the access log then the status check requests after that? > > It's normal. Logging happens after a request processing is > complete, after sending the response, and hence status check > requests are logged before the file post. I am curious. The status never gets past "starting" in the progress response. Where should I look to try to debug this? I am not very good at system admin. From pashdown at xmission.com Wed Dec 12 16:13:27 2012 From: pashdown at xmission.com (Pete Ashdown) Date: Wed, 12 Dec 2012 09:13:27 -0700 Subject: Help with specific redirect to https Message-ID: <50C8AD27.5080303@xmission.com> I'm trying to redirect anyURL that contains "UserLogin" (ie: Mediawiki) to https. This is what I've tried: rewrite .*UserLogin.* https://domain.com$request_uri? permanent; ---- rewrite UserLogin https://domain.com$request_uri? permanent; ---- rewrite ^.*UserLogin.*$ https://domain.com$request_uri? permanent; ---- location ~* .*UserLogin.* { return 301 https://domain.com$request_uri; } ---- location ~ .*UserLogin.* { return 301 https://domain.com$request_uri; } All of them have no effect. I'm running out of trial to match my error. Can anyone tell me what I'm doing wrong? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From appa at perusio.net Wed Dec 12 16:48:59 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Wed, 12 Dec 2012 17:48:59 +0100 Subject: Help with specific redirect to https In-Reply-To: <50C8AD27.5080303@xmission.com> References: <50C8AD27.5080303@xmission.com> Message-ID: <841ae0f13cac707ac4563e415493f923.squirrel@damiao.org> > I'm trying to redirect anyURL that contains "UserLogin" (ie: Mediawiki) to > https. This is what I've tried: > > rewrite .*UserLogin.* https://domain.com$request_uri? permanent; > ---- > rewrite UserLogin https://domain.com$request_uri? permanent; > ---- > rewrite ^.*UserLogin.*$ https://domain.com$request_uri? permanent; > ---- > location ~* .*UserLogin.* { > return 301 https://domain.com$request_uri; > } > ---- > location ~ .*UserLogin.* { > return 301 https://domain.com$request_uri; > } At the http level: map $uri $redirect_https { default 0; ~^.*UserLogin.*$ 1; } Then at the server level do: if ($redirect_https) { return 301 https://$host$request_uri; } --appa From pashdown at xmission.com Wed Dec 12 16:58:11 2012 From: pashdown at xmission.com (Pete Ashdown) Date: Wed, 12 Dec 2012 09:58:11 -0700 Subject: Help with specific redirect to https In-Reply-To: <841ae0f13cac707ac4563e415493f923.squirrel@damiao.org> References: <50C8AD27.5080303@xmission.com> <841ae0f13cac707ac4563e415493f923.squirrel@damiao.org> Message-ID: <50C8B7A3.9090706@xmission.com> On 12/12/2012 09:48 AM, Antonio P.P. Almeida wrote: >> I'm trying to redirect anyURL that contains "UserLogin" (ie: Mediawiki) to >> https. This is what I've tried: >> >> rewrite .*UserLogin.* https://domain.com$request_uri? permanent; >> ---- >> rewrite UserLogin https://domain.com$request_uri? permanent; >> ---- >> rewrite ^.*UserLogin.*$ https://domain.com$request_uri? permanent; >> ---- >> location ~* .*UserLogin.* { >> return 301 https://domain.com$request_uri; >> } >> ---- >> location ~ .*UserLogin.* { >> return 301 https://domain.com$request_uri; >> } > At the http level: > > map $uri $redirect_https { > default 0; > ~^.*UserLogin.*$ 1; > } > > Then at the server level do: > > if ($redirect_https) { > return 301 https://$host$request_uri; > } Thanks for your attempt, but this failed as well. Pete From francis at daoine.org Wed Dec 12 17:14:20 2012 From: francis at daoine.org (Francis Daly) Date: Wed, 12 Dec 2012 17:14:20 +0000 Subject: Help with specific redirect to https In-Reply-To: <50C8AD27.5080303@xmission.com> References: <50C8AD27.5080303@xmission.com> Message-ID: <20121212171420.GI18139@craic.sysops.org> On Wed, Dec 12, 2012 at 09:13:27AM -0700, Pete Ashdown wrote: Hi there, > I'm trying to redirect anyURL that contains "UserLogin" (ie: Mediawiki) to > https. This is what I've tried: Can you show one example request that you would like to have redirected? In nginx, the query string part of the request may not be matched when you might expect it to be. f -- Francis Daly francis at daoine.org From appa at perusio.net Wed Dec 12 18:07:52 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Wed, 12 Dec 2012 19:07:52 +0100 Subject: Help with specific redirect to https In-Reply-To: <50C8B7A3.9090706@xmission.com> References: <50C8AD27.5080303@xmission.com> <841ae0f13cac707ac4563e415493f923.squirrel@damiao.org> <50C8B7A3.9090706@xmission.com> Message-ID: > Thanks for your attempt, but this failed as well. What's the exact structure of your URI? If it's an argument then there are several approaches. For starters this should work (but it's ugly :) to improve it we need further details). map $request_uri $redirect_https { default 0; ~*^.*UserLogin.*$ 1; } --appa From pashdown at xmission.com Wed Dec 12 19:22:51 2012 From: pashdown at xmission.com (Pete Ashdown) Date: Wed, 12 Dec 2012 12:22:51 -0700 Subject: Help with specific redirect to https In-Reply-To: References: <50C8AD27.5080303@xmission.com> <841ae0f13cac707ac4563e415493f923.squirrel@damiao.org> <50C8B7A3.9090706@xmission.com> Message-ID: <50C8D98B.4050808@xmission.com> On 12/12/2012 11:07 AM, Antonio P.P. Almeida wrote: >> Thanks for your attempt, but this failed as well. > > What's the exact structure of your URI? > > If it's an argument then there are several approaches. For starters this > should work (but it's ugly :) to improve it we need further details). > > map $request_uri $redirect_https { > default 0; > ~*^.*UserLogin.*$ 1; > } This is what it looks like via Mediawiki. The &returnto argument is dependent on where the Login button is hit, and may or may not be present. http://domain.com/index.php?title=Special:UserLogin&returnto=Main+Page From appa at perusio.net Wed Dec 12 22:30:15 2012 From: appa at perusio.net (=?UTF-8?B?QW50w7NuaW8=?= P. P. Almeida) Date: Wed, 12 Dec 2012 23:30:15 +0100 Subject: Help with specific redirect to https In-Reply-To: <50C8D98B.4050808@xmission.com> References: <50C8AD27.5080303@xmission.com> <841ae0f13cac707ac4563e415493f923.squirrel@damiao.org> <50C8B7A3.9090706@xmission.com> <50C8D98B.4050808@xmission.com> Message-ID: <87zk1ieweg.wl%appa@perusio.net> On 12 Dez 2012 20h22 CET, pashdown at xmission.com wrote: > On 12/12/2012 11:07 AM, Antonio P.P. Almeida wrote: >>> Thanks for your attempt, but this failed as well. >> >> What's the exact structure of your URI? >> >> If it's an argument then there are several approaches. For starters >> this should work (but it's ugly :) to improve it we need further >> details). >> >> map $request_uri $redirect_https { >> default 0; >> ~*^.*UserLogin.*$ 1; >> } > > This is what it looks like via Mediawiki. The &returnto argument is > dependent on where the Login button is hit, and may or may not be > present. > > http://domain.com/index.php?title=Special:UserLogin&returnto=Main+Page Try: map $arg_title $redirect_https { default 0; Special:UserLogin 1; } --- appa From nginx-forum at nginx.us Wed Dec 12 22:49:11 2012 From: nginx-forum at nginx.us (mattphi) Date: Wed, 12 Dec 2012 17:49:11 -0500 Subject: Random Internal Server Error Message-ID: <8b88d49d3a6514e9231bcb8cbb9dc80e.NginxMailingListEnglish@forum.nginx.org> Hi, I'm having trouble with my nginx showing totally random Internal Server Error. I'm running gunicorn with nginx as a reverse proxy. My error log (info) shows: "upstream sent too much data while reading upstream" and client x.x.x.x closed keepalive connection nginx version: 1.2.4 Any help would be appreciated! thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233947,233947#msg-233947 From francis at daoine.org Wed Dec 12 23:42:48 2012 From: francis at daoine.org (Francis Daly) Date: Wed, 12 Dec 2012 23:42:48 +0000 Subject: Help with specific redirect to https In-Reply-To: <50C8D98B.4050808@xmission.com> References: <50C8AD27.5080303@xmission.com> <841ae0f13cac707ac4563e415493f923.squirrel@damiao.org> <50C8B7A3.9090706@xmission.com> <50C8D98B.4050808@xmission.com> Message-ID: <20121212234248.GJ18139@craic.sysops.org> On Wed, Dec 12, 2012 at 12:22:51PM -0700, Pete Ashdown wrote: Hi there, > This is what it looks like via Mediawiki. The &returnto argument is > dependent on where the Login button is hit, and may or may not be present. > > http://domain.com/index.php?title=Special:UserLogin&returnto=Main+Page In nginx terms, for this request, $uri = /index.php. $uri is what both "rewrite" and "location" match against. That is why the first few attempts did not do what you hoped they would. Some other variables which are available include: $request_uri = /index.php?title=Special:UserLogin&returnto=Main+Page $args = title=Special:UserLogin&returnto=Main+Page $arg_title = Special:UserLogin So you can do an exact or regex match of any of those in a "map" to set another variable; or you can match directly in an "if"; and then return the redirection. All the best, f -- Francis Daly francis at daoine.org From ewgraf at gmail.com Thu Dec 13 02:56:01 2012 From: ewgraf at gmail.com (Sokolov Evgeniy) Date: Thu, 13 Dec 2012 08:56:01 +0600 Subject: Upload Progress In-Reply-To: References: <20121212083604.GJ40452@mdounin.ru> Message-ID: Hi! If you compile your nginx with debug - enable debug logging, restart nginx and you will see messages from upload module, it is very helpful. Also read this note http://wiki.nginx.org/HttpUploadProgressModule#track_uploads - "The POST * must* have a query parameter called *X-Progress-ID"... *If the POST has no such information, the upload will not be tracked.... 2012/12/12 Matt M > Thanks for the response. > > On Wed, Dec 12, 2012 at 2:36 AM, Maxim Dounin wrote: > > Hello! > > > > On Tue, Dec 11, 2012 at 04:18:01PM -0600, Matt M wrote: > > > >> Hello, > >> > >> I recently installed http://wiki.nginx.org/HttpUploadProgressModule > >> with nginx 1.2.6. > >> > >> On the client side I have a request coming every second to check on > >> the upload status. As I watch the access.log I can see all of the > >> status check requests before the actual file post shows up in the > >> access log. > >> > >> I am wondering if that is normal or should I see the file post show up > >> in the access log then the status check requests after that? > > > > It's normal. Logging happens after a request processing is > > complete, after sending the response, and hence status check > > requests are logged before the file post. > > I am curious. The status never gets past "starting" in the progress > response. Where should I look to try to debug this? I am not very good > at system admin. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- -- ? ?????????, ??????? ??????? -------------- next part -------------- An HTML attachment was scrubbed... URL: From robm at fastmail.fm Thu Dec 13 03:44:42 2012 From: robm at fastmail.fm (Robert Mueller) Date: Thu, 13 Dec 2012 14:44:42 +1100 Subject: Logging errors via error_page + post_action? Message-ID: <1355370282.17475.140661165396829.04E700D9@webmail.messagingengine.com> Hi In our nginx setup we use proxy_pass to pass most requests to backend servers. We like to monitor our logs regularly for any errors to see that everything is working as expected. We can grep the nginx logs, but: a) That's not real time b) We can't get extended information about the request, like if it's a POST, what the POST body actually was So what we wanted to do was use an error_page handler in nginx so if any backend returned an error, we resent the request details to an error handler script, something like: location / { proxy_pass http://backend/; } error_page 500 /internal_error_page_500; location /internal_error_page_500 { internal; proxy_set_header X-URL "$host$request_uri"; proxy_set_header X-Post $request_body; proxy_set_header X-Method $request_method; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://local/cgi-bin/error.pl; } The problem is that this replaces any result content from the main / proxy_pass with the content that error.pl generates. We don't want that, we want to keep the original result, but just use the error_page handler to effectively "log" the error for later. I thought maybe we could replace: proxy_pass http://local/cgi-bin/error.pl; With: post_action http://local/cgi-bin/error.pl; But that just causes nginx to return a "404 Not Found" error instead. Is there any way to do this? Return the original result content of a proxy_pass directive, but if that proxy_pass returns an error code (eg 500, etc), do a request to another URL with "logging" information (eg URL, method, POST body content, etc) -- Rob Mueller robm at fastmail.fm From mdounin at mdounin.ru Thu Dec 13 10:58:28 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 13 Dec 2012 14:58:28 +0400 Subject: Random Internal Server Error In-Reply-To: <8b88d49d3a6514e9231bcb8cbb9dc80e.NginxMailingListEnglish@forum.nginx.org> References: <8b88d49d3a6514e9231bcb8cbb9dc80e.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121213105828.GR40452@mdounin.ru> Hello! On Wed, Dec 12, 2012 at 05:49:11PM -0500, mattphi wrote: > Hi, > > I'm having trouble with my nginx showing totally random Internal Server > Error. > > I'm running gunicorn with nginx as a reverse proxy. My error log (info) > shows: > > "upstream sent too much data while reading upstream" and client x.x.x.x > closed keepalive connection > > nginx version: 1.2.4 > > Any help would be appreciated! The "upstream sent too much data" error means your upstream (backend) server returned incorrect response, with Content-Length not matching the content returned. This indicate something wrong happens on your backend, either in your code or in the framework/backend server you use, and might result in undefined behaviour. -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Thu Dec 13 11:44:17 2012 From: nginx-forum at nginx.us (mattphi) Date: Thu, 13 Dec 2012 06:44:17 -0500 Subject: Random Internal Server Error In-Reply-To: <20121213105828.GR40452@mdounin.ru> References: <20121213105828.GR40452@mdounin.ru> Message-ID: <65f83a3a5c86bee7e6cae2aec48d34db.NginxMailingListEnglish@forum.nginx.org> Hey Maxim! Yes, indeed. After more in depth debugging on the backend side, it was caused by misplaced imports. Thanks! Maxim Dounin Wrote: ------------------------------------------------------- > Hello! > > On Wed, Dec 12, 2012 at 05:49:11PM -0500, mattphi wrote: > > > Hi, > > > > I'm having trouble with my nginx showing totally random Internal > Server > > Error. > > > > I'm running gunicorn with nginx as a reverse proxy. My error log > (info) > > shows: > > > > "upstream sent too much data while reading upstream" and client > x.x.x.x > > closed keepalive connection > > > > nginx version: 1.2.4 > > > > Any help would be appreciated! > > The "upstream sent too much data" error means your upstream > (backend) server returned incorrect response, with Content-Length > not matching the content returned. This indicate something wrong > happens on your backend, either in your code or in the > framework/backend server you use, and might result in undefined > behaviour. > > -- > Maxim Dounin > http://nginx.com/support.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233947,233963#msg-233963 From h.dudeness at gmail.com Thu Dec 13 14:26:34 2012 From: h.dudeness at gmail.com (Matt M) Date: Thu, 13 Dec 2012 08:26:34 -0600 Subject: Upload Progress In-Reply-To: References: <20121212083604.GJ40452@mdounin.ru> Message-ID: Hi! Thanks for the response. On Wed, Dec 12, 2012 at 8:56 PM, Sokolov Evgeniy wrote: > Hi! > > If you compile your nginx with debug - enable debug logging, restart nginx > and you will see messages from upload module, it is very helpful. > > Also read this note > http://wiki.nginx.org/HttpUploadProgressModule#track_uploads - "The POST > must have a query parameter called X-Progress-ID"... If the POST has no such > information, the upload will not be tracked.... I have double checked and I can see the post variable X-Progress-ID coming with the upload but the status just stays at starting. My nginx.conf looks like this: worker_processes 1; events { worker_connections 1024; } http { #error_log /usr/local/nginx/logs/error.log debug; include mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; tcp_nodelay off; gzip on; gzip_http_version 1.0; gzip_comp_level 2; gzip_proxied any; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; upstream modperl { ip_hash; server 127.0.0.1:8080; } client_body_timeout 10; client_header_timeout 10; client_max_body_size 3M; keepalive_timeout 10; send_timeout 10; limit_conn_zone $binary_remote_addr zone=limit_per_ip:16m; # reserve 1MB under the name 'proxied' to track uploads upload_progress proxied 1m; upload_progress_json_output; # HTTP Server server { listen 80; server_name _; root /var/www/$host/; limit_conn limit_per_ip 5; proxy_buffering off; ## Only allow GET and HEAD request methods if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } # Serve static files directly location ~* ^(?!\/(internal_documents)).+\.(jpg|jpeg|gif|css|js|ico|html|swf|png|pdf|xls|xlsx|doc|docx)$ { access_log off; expires 30d; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location / { # needed to forward user's IP address to rails proxy_set_header X-Real-IP $remote_addr; # needed for HTTPS proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_max_temp_file_size 0; proxy_read_timeout 600; # If the file exists as a static file serve it directly without # running all the other rewite tests on it if (-f $request_filename) { break; } proxy_pass http://modperl; # track uploads in the 'proxied' zone # remember connections for 30s after they finished track_uploads proxied 30s; } location ^~ /progress { # report uploads tracked in the 'proxied' zone report_uploads proxied; } } # HTTPS server - Without SSL Certificate server { listen 442; server_name _; limit_conn limit_per_ip 5; proxy_buffering off; ## Only allow GET and HEAD request methods if ($request_method !~ ^(GET|HEAD|POST)$ ) { return 444; } server_name_in_redirect off; ssl off; root /var/www/$host/; # serve static files directly location ~* ^(?!\/(internal_documents)).+\.(jpg|jpeg|gif|css|js|ico|html|swf|png|pdf|xls|xlsx|doc|docx)$ { access_log off; expires 30d; break; } location / { # needed to forward user's IP address to rails proxy_set_header X-Real-IP $remote_addr; # needed for HTTPS proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; proxy_max_temp_file_size 0; proxy_read_timeout 600; # If the file exists as a static file serve it directly without # running all the other rewite tests on it if (-f $request_filename) { break; } proxy_pass http://modperl; # track uploads in the 'proxied' zone # remember connections for 30s after they finished #track_uploads proxied 30s; } location ^~ /progress { # report uploads tracked in the 'proxied' zone report_uploads proxied; } } } From pashdown at xmission.com Thu Dec 13 17:03:49 2012 From: pashdown at xmission.com (Pete Ashdown) Date: Thu, 13 Dec 2012 10:03:49 -0700 Subject: Help with specific redirect to https In-Reply-To: <87zk1ieweg.wl%appa@perusio.net> References: <50C8AD27.5080303@xmission.com> <841ae0f13cac707ac4563e415493f923.squirrel@damiao.org> <50C8B7A3.9090706@xmission.com> <50C8D98B.4050808@xmission.com> <87zk1ieweg.wl%appa@perusio.net> Message-ID: <50CA0A75.7030805@xmission.com> On 12/12/2012 03:30 PM, Ant?nio P. P. Almeida wrote: > On 12 Dez 2012 20h22 CET, pashdown at xmission.com wrote: > >> On 12/12/2012 11:07 AM, Antonio P.P. Almeida wrote: >>>> Thanks for your attempt, but this failed as well. >>> What's the exact structure of your URI? >>> >>> If it's an argument then there are several approaches. For starters >>> this should work (but it's ugly :) to improve it we need further >>> details). >>> >>> map $request_uri $redirect_https { >>> default 0; >>> ~*^.*UserLogin.*$ 1; >>> } >> This is what it looks like via Mediawiki. The &returnto argument is >> dependent on where the Login button is hit, and may or may not be >> present. >> >> http://domain.com/index.php?title=Special:UserLogin&returnto=Main+Page > Try: > > map $arg_title $redirect_https { > default 0; > Special:UserLogin 1; > } > Thank you Antonio. This works perfectly. From nginx-forum at nginx.us Thu Dec 13 18:29:07 2012 From: nginx-forum at nginx.us (amodpandey) Date: Thu, 13 Dec 2012 13:29:07 -0500 Subject: set cookie if not already set Message-ID: I figured out a simple solution so thought to share it ( to get feedback or may be to help ). In an earlier discussion I got to know about map and why one should avoid to use if an try to use map. http { map $cookie_abt $abt { default "abt=a;Path=/"; ~.+$ ""; } server { listen 8081; location / { add_header Set-Cookie $abt; ... } } } the map returns "" ( empty ) if cookie is already else the cookie value ( abt=a;Path=/" ). The good news is add_header Set-Cookie "" does not set any cookie and we are good to go :) HTH Any feedback? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233983,233983#msg-233983 From vbart at nginx.com Thu Dec 13 23:35:45 2012 From: vbart at nginx.com (Valentin V. Bartenev) Date: Fri, 14 Dec 2012 03:35:45 +0400 Subject: set cookie if not already set In-Reply-To: References: Message-ID: <201212140335.46042.vbart@nginx.com> On Thursday 13 December 2012 22:29:07 amodpandey wrote: > I figured out a simple solution so thought to share it ( to get feedback or > may be to help ). In an earlier discussion I got to know about map and why > one should avoid to use if an try to use map. > > http { > > map $cookie_abt $abt { > default "abt=a;Path=/"; > ~.+$ ""; > } > [...] This one: map $cookie_abt $abt { default ""; "" "abt=a;Path=/"; } does the same thing, but without the resource consuming regular expression. Moreover, it looks plain and more readable. wbr, Valentin V. Bartenev -- http://nginx.com/support.html http://nginx.org/en/donation.html From nginx-forum at nginx.us Fri Dec 14 02:45:19 2012 From: nginx-forum at nginx.us (justin) Date: Thu, 13 Dec 2012 21:45:19 -0500 Subject: SSL performance optimization with cache Message-ID: <584ab315a992b8a9b2a78443692d4a08.NginxMailingListEnglish@forum.nginx.org> Hello, I am optimizing our install of nginx for SSL performance, since our SaaS app is served exclusively over https. I have the following SSL performance directives: ssl_session_cache shared:SSL_CACHE:4m; ssl_session_timeout 5m; My question is, what is the downfall, if any, of setting the timeout to like 720m which is 12 hours. Seems like caching longer would be better. Or, is there a security risk of caching for such a long time? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233990,233990#msg-233990 From nginx-forum at nginx.us Fri Dec 14 06:45:34 2012 From: nginx-forum at nginx.us (justin) Date: Fri, 14 Dec 2012 01:45:34 -0500 Subject: SSL performance optimization with cache In-Reply-To: <584ab315a992b8a9b2a78443692d4a08.NginxMailingListEnglish@forum.nginx.org> References: <584ab315a992b8a9b2a78443692d4a08.NginxMailingListEnglish@forum.nginx.org> Message-ID: <6144e3a64646c7e9fb4f8fa2d0401e6b.NginxMailingListEnglish@forum.nginx.org> Browsing my nginx error log noticed the following logged A LOT: 2012/12/13 21:37:18 [crit] 7968#0: ngx_slab_alloc() failed: no memory in SSL session shared cache "SSL_CACHE" If the cache fills, does it flush older entries for new entries? Basically, how does the SSL cache work exactly? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233990,233999#msg-233999 From ewgraf at gmail.com Fri Dec 14 08:15:04 2012 From: ewgraf at gmail.com (Sokolov Evgeniy) Date: Fri, 14 Dec 2012 14:15:04 +0600 Subject: Upload Progress In-Reply-To: References: <20121212083604.GJ40452@mdounin.ru> Message-ID: > I can see the post variable X-Progress-ID coming with the upload 1. It must be not a "post variable" - it must be query variable. For example:
2. Did you try enable debug? What you have in logs related to uploadprogress module? 2012/12/13 Matt M > I can see the post variable X-Progress-ID > coming with the upload > -- -- ? ?????????, ??????? ??????? -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Fri Dec 14 10:56:16 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 14 Dec 2012 14:56:16 +0400 Subject: SSL performance optimization with cache In-Reply-To: <6144e3a64646c7e9fb4f8fa2d0401e6b.NginxMailingListEnglish@forum.nginx.org> References: <584ab315a992b8a9b2a78443692d4a08.NginxMailingListEnglish@forum.nginx.org> <6144e3a64646c7e9fb4f8fa2d0401e6b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121214105615.GE40452@mdounin.ru> Hello! On Fri, Dec 14, 2012 at 01:45:34AM -0500, justin wrote: > Browsing my nginx error log noticed the following logged A LOT: > > 2012/12/13 21:37:18 [crit] 7968#0: ngx_slab_alloc() failed: no memory in SSL > session shared cache "SSL_CACHE" > > If the cache fills, does it flush older entries for new entries? Basically, > how does the SSL cache work exactly? If there is no memory available in a shared cache, oldest non-expired session will be dropped. In most cases this will be enough to create new session, but I wouldn't rely on this as this is more an emergency mechanism than a normal behaviour. -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Fri Dec 14 11:00:00 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 14 Dec 2012 15:00:00 +0400 Subject: SSL performance optimization with cache In-Reply-To: <584ab315a992b8a9b2a78443692d4a08.NginxMailingListEnglish@forum.nginx.org> References: <584ab315a992b8a9b2a78443692d4a08.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121214105959.GF40452@mdounin.ru> Hello! On Thu, Dec 13, 2012 at 09:45:19PM -0500, justin wrote: > Hello, > > I am optimizing our install of nginx for SSL performance, since our SaaS app > is served exclusively over https. I have the following SSL performance > directives: > > ssl_session_cache shared:SSL_CACHE:4m; > ssl_session_timeout 5m; > > My question is, what is the downfall, if any, of setting the timeout to like > 720m which is 12 hours. Seems like caching longer would be better. Or, is > there a security risk of caching for such a long time? You may consider RFC5246, which suggests an upper limit of 24h: http://tools.ietf.org/html/rfc5246#appendix-F.1.4 -- Maxim Dounin http://nginx.com/support.html From howachen at gmail.com Fri Dec 14 11:31:41 2012 From: howachen at gmail.com (howard chen) Date: Fri, 14 Dec 2012 19:31:41 +0800 Subject: Setting expires header to multiple locations Message-ID: Currently I need to use tricks since I have multiple locations in my site config. e.g. ===================================== location ~* /a { location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { expires 1y; } } location ~* /b { location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { expires 1y; } } location ~* /c { location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { expires 1y; } } ===================================== Are there any better way to write it? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From edho at myconan.net Fri Dec 14 11:38:43 2012 From: edho at myconan.net (Edho Arief) Date: Fri, 14 Dec 2012 18:38:43 +0700 Subject: Setting expires header to multiple locations In-Reply-To: References: Message-ID: On Fri, Dec 14, 2012 at 6:31 PM, howard chen wrote: > Currently I need to use tricks since I have multiple locations in my site > config. > > e.g. > > ===================================== > > > location ~* /a { > location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { > expires 1y; > } > } > > location ~* /b { > location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { > expires 1y; > } > } > > location ~* /c { > location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { > expires 1y; > } > } > > > ===================================== > > Are there any better way to write it? > > put in separate file and include it in each blocks? From appa at perusio.net Fri Dec 14 11:59:49 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Fri, 14 Dec 2012 12:59:49 +0100 Subject: Setting expires header to multiple locations In-Reply-To: References: Message-ID: <017836a62045bbe2edcb4c62ad75b469.squirrel@damiao.org> > Currently I need to use tricks since I have multiple locations in my site > config. > > e.g. > > ===================================== > > > location ~* /a { > location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { > expires 1y; > } > } > > location ~* /b { > location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { > expires 1y; > } > } > > location ~* /c { > location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { > expires 1y; > } > } Going against Igor, Maxim, Valentin and Ruslan in order to be more DRY you could use a regex based location (which has its own quirks): location ~* ^/(?:a|b|c)/.*\.(?:css|gif|js|jpe?g|png)$ { expires 1y; } --appa From igor at sysoev.ru Fri Dec 14 12:37:23 2012 From: igor at sysoev.ru (Igor Sysoev) Date: Fri, 14 Dec 2012 16:37:23 +0400 Subject: Setting expires header to multiple locations In-Reply-To: <017836a62045bbe2edcb4c62ad75b469.squirrel@damiao.org> References: <017836a62045bbe2edcb4c62ad75b469.squirrel@damiao.org> Message-ID: On Dec 14, 2012, at 15:59 , Antonio P.P. Almeida wrote: >> Currently I need to use tricks since I have multiple locations in my site >> config. >> >> e.g. >> >> ===================================== >> >> >> location ~* /a { >> location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { >> expires 1y; >> } >> } >> >> location ~* /b { >> location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { >> expires 1y; >> } >> } >> >> location ~* /c { >> location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { >> expires 1y; >> } >> } > > Going against Igor, Maxim, Valentin and Ruslan in order to be more DRY you > could use a regex based location (which has its own quirks): > > location ~* ^/(?:a|b|c)/.*\.(?:css|gif|js|jpe?g|png)$ { > expires 1y; > } This valid only if "~* /b" was intended for "~* ^/b". As to me, I prefer to isolate regex locations (if I have to use them at all) inside usual locations: location /c { location ~* \.(?:css|js|jpg|jpeg|gif|png)$ { expires 1y; } } Of course this requires more time to type, but allows me to spend much less time when I need to modify configuration in future. -- Igor Sysoev http://nginx.com/support.html From nginx-forum at nginx.us Fri Dec 14 13:01:33 2012 From: nginx-forum at nginx.us (constable1) Date: Fri, 14 Dec 2012 08:01:33 -0500 Subject: Nginx server_name command being ignored Message-ID: Hi, I'm running ubuntu server 12.04 and the latest version of nginx. The problem I am having is that nginx seems to be ignoring the server_name command, I am able to access the server by going to the IP address of the server or by going to the server's name (http://ubuntuserver/) but http://test/ will give me nothing, no connection, not even an error page. I have checked that the website file (in enabled-sites) is included in the nginx.conf file and I have correctly restarted nginx having changed settings. I have tried with the whole server block stripped down to just the server_name designation and still I can't get anything at http://test/ and in this case I get an expected error page on http://ubuntuserver/ I can only deduce that for some reason the "server_name" command is being ignored! If anyone could give me any advice with regards to this then it would be much appreciated. Code from file "www" in "enabled-sites": server { add_header Cache-Control public; access_log /var/log/nginx/access.log main buffer=32k; error_log /var/log/nginx/error.log error; expires max; limit_req zone=gulag burst=200 nodelay; listen 127.0.0.1:80 sndbuf=128k; root /usr/share/nginx/html; server_name test; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234028,234028#msg-234028 From appa at perusio.net Fri Dec 14 13:08:41 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Fri, 14 Dec 2012 14:08:41 +0100 Subject: Nginx server_name command being ignored In-Reply-To: References: Message-ID: <2a57ce013a40b41b1e4c0f7950374226.squirrel@damiao.org> > Hi, I'm running ubuntu server 12.04 and the latest version of nginx. The > problem I am having is that nginx seems to be ignoring the server_name > command, I am able to access the server by going to the IP address of the > server or by going to the server's name (http://ubuntuserver/) but > http://test/ will give me nothing, no connection, not even an error page. > I > have checked that the website file (in enabled-sites) is included in the > nginx.conf file and I have correctly restarted nginx having changed > settings. I have tried with the whole server block stripped down to just > the > server_name designation and still I can't get anything at http://test/ and > in this case I get an expected error page on http://ubuntuserver/ > > I can only deduce that for some reason the "server_name" command is being > ignored! > Is there a resolver (DNS or /etc/hosts) for test? What does ping test gives? --appa From contact at jpluscplusm.com Fri Dec 14 13:09:33 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Fri, 14 Dec 2012 13:09:33 +0000 Subject: Nginx server_name command being ignored In-Reply-To: References: Message-ID: On 14 December 2012 13:01, constable1 wrote: > Hi, I'm running ubuntu server 12.04 and the latest version of nginx. The > problem I am having is that nginx seems to be ignoring the server_name > command, I am able to access the server by going to the IP address of the > server or by going to the server's name (http://ubuntuserver/) but > http://test/ will give me nothing, no connection, not even an error page. I > have checked that the website file (in enabled-sites) is included in the > nginx.conf file and I have correctly restarted nginx having changed > settings. I have tried with the whole server block stripped down to just the > server_name designation and still I can't get anything at http://test/ and > in this case I get an expected error page on http://ubuntuserver/ > > I can only deduce that for some reason the "server_name" command is being > ignored! I really doubt it is. It's an absolute cornerstone of how nginx works. a) Does your machine resolve the correct IP address when asking your hostsfile/DNS/etc for "test"? server_name doesn't automatically point your browser towards the correct machine ... b) The first server{} stanza for an IP:port pair is the default one served when a request comes in on that IP and port, and the Host header doesn't match /another/ server_name configured elsewhere for that same IP and port. Unless there's a dedicated default server ... You may wish to set up a sacrificial default server to make nginx's behaviour more obvious. This is roughly what I have (typed but not tested, FYI): server { listen 80 default_server; server_name _; return 400 "Server not configured"; } HTH, Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From nginx-forum at nginx.us Fri Dec 14 13:12:45 2012 From: nginx-forum at nginx.us (constable1) Date: Fri, 14 Dec 2012 08:12:45 -0500 Subject: Nginx server_name command being ignored In-Reply-To: References: Message-ID: I've tried pinging http://test/ and get nothing, I'll have a go with your suggestion Jonathan and report back! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234028,234032#msg-234032 From francis at daoine.org Fri Dec 14 13:13:44 2012 From: francis at daoine.org (Francis Daly) Date: Fri, 14 Dec 2012 13:13:44 +0000 Subject: Nginx server_name command being ignored In-Reply-To: References: Message-ID: <20121214131344.GK18139@craic.sysops.org> On Fri, Dec 14, 2012 at 08:01:33AM -0500, constable1 wrote: Hi there, > I am able to access the server by going to the IP address of the > server or by going to the server's name (http://ubuntuserver/) but > http://test/ will give me nothing, no connection, not even an error page. What is the output of curl -i http://test/ ? My guess is that your browser fails to resolve the name to the correct address, and so never talks to nginx in the first place. If that is the case, make the name resolvable -- put it in DNS or /etc/hosts, for example -- and retry the curl command. If it does not show what you expect, describe that output too. f -- Francis Daly francis at daoine.org From contact at jpluscplusm.com Fri Dec 14 13:18:06 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Fri, 14 Dec 2012 13:18:06 +0000 Subject: Nginx server_name command being ignored In-Reply-To: References: Message-ID: On 14 December 2012 13:12, constable1 wrote: > I've tried pinging http://test/ and get nothing Just do "ping test". Not "ping http://test/" > I'll have a go with your > suggestion Jonathan and report back! My suggestion for a default server will not fix your inability to resolve the site's name. It's just a sanity thing you'll find useful if you set up more server{}s over time. You need to fix the DNS/etc issue, once you prove it exists as per the above. Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From francis at daoine.org Fri Dec 14 13:32:21 2012 From: francis at daoine.org (Francis Daly) Date: Fri, 14 Dec 2012 13:32:21 +0000 Subject: Nginx server_name command being ignored In-Reply-To: <20121214131344.GK18139@craic.sysops.org> References: <20121214131344.GK18139@craic.sysops.org> Message-ID: <20121214133221.GM18139@craic.sysops.org> On Fri, Dec 14, 2012 at 01:13:44PM +0000, Francis Daly wrote: > On Fri, Dec 14, 2012 at 08:01:33AM -0500, constable1 wrote: Hi there, > What is the output of > > curl -i http://test/ > > ? > > My guess is that your browser fails to resolve the name to the correct > address, and so never talks to nginx in the first place. Oh, if that is the case, then you can still test the nginx side without fixing name resolution by looking at the output of curl -i -H Host:test http://127.0.0.1/ and confirming that it is what you expect. f -- Francis Daly francis at daoine.org From crirus at gmail.com Fri Dec 14 13:48:04 2012 From: crirus at gmail.com (Cristian Rusu) Date: Fri, 14 Dec 2012 15:48:04 +0200 Subject: Nginx to listen on two IPs Message-ID: Hello I have this server with Nginx that have like 4 subdomains and default localhost set. I also have as econd network card that have an internal IP 192.168.1.2. How can I define another server that will listen to the private IP only? Thanks --------------------------------------------------------------- Cristian Rusu Web Developement & Electronic Publishing ====== Crilance.com Crilance.blogspot.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From r at roze.lv Fri Dec 14 13:54:45 2012 From: r at roze.lv (Reinis Rozitis) Date: Fri, 14 Dec 2012 15:54:45 +0200 Subject: Nginx to listen on two IPs In-Reply-To: References: Message-ID: <1413160D6D694B65B3808DE6FF167098@MasterPC> > How can I define another server that will listen to the private IP only? http://nginx.org/en/docs/http/ngx_http_core_module.html#listen rr From contact at jpluscplusm.com Fri Dec 14 13:56:56 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Fri, 14 Dec 2012 13:56:56 +0000 Subject: Nginx to listen on two IPs In-Reply-To: References: Message-ID: On 14 December 2012 13:48, Cristian Rusu wrote: > Hello > > I have this server with Nginx that have like 4 subdomains and default > localhost set. > I also have as econd network card that have an internal IP 192.168.1.2. > > How can I define another server that will listen to the private IP only? http://bit.ly/UgzJIR HTH, Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From howachen at gmail.com Fri Dec 14 14:38:16 2012 From: howachen at gmail.com (howard chen) Date: Fri, 14 Dec 2012 22:38:16 +0800 Subject: Setting expires header to multiple locations In-Reply-To: <017836a62045bbe2edcb4c62ad75b469.squirrel@damiao.org> References: <017836a62045bbe2edcb4c62ad75b469.squirrel@damiao.org> Message-ID: Hi On Fri, Dec 14, 2012 at 7:59 PM, Antonio P.P. Almeida wrote: > > Going against Igor, Maxim, Valentin and Ruslan in order to be more DRY you > could use a regex based location (which has its own quirks): > > location ~* ^/(?:a|b|c)/.*\.(?:css|gif|js|jpe?g|png)$ { > expires 1y; > } > Thanks. My example just in a simplified form and there are more config inside each a, b, c...So I must need separate blocks for them.. -------------- next part -------------- An HTML attachment was scrubbed... URL: From howachen at gmail.com Fri Dec 14 14:43:39 2012 From: howachen at gmail.com (howard chen) Date: Fri, 14 Dec 2012 22:43:39 +0800 Subject: Setting expires header to multiple locations In-Reply-To: References: <017836a62045bbe2edcb4c62ad75b469.squirrel@damiao.org> Message-ID: Hi Ignor On Fri, Dec 14, 2012 at 8:37 PM, Igor Sysoev wrote: > > > This valid only if "~* /b" was intended for "~* ^/b". > > As to me, I prefer to isolate regex locations (if I have to use them at > all) > inside usual locations: > > location /c { > location ~* \.(?:css|js|jpg|jpeg|gif|png)$ { > expires 1y; > } > } > > My issue is in nginx, url can only be matched to only ONE location, unlike in Apache we have something like * ExpiresByType*, seems duplicate multiple locations is a must in nginx. e.g. location ~* /a { location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { expires 1y; } # more unique config for /a, cannot be combined } location ~* /b { location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { expires 1y; } # more unique config for /b, cannot be combined } location ~* /c { location ~* ^/.*\.(?:css|js|jpg|jpeg|gif|png)$ { expires 1y; } # more unique config for /c, cannot be combined } Any better way? -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Dec 14 17:29:15 2012 From: nginx-forum at nginx.us (vvpham) Date: Fri, 14 Dec 2012 12:29:15 -0500 Subject: Please helpe me, hacking the module Gzip Pre-Compression Module Message-ID: <7cdb778857844b74158fc8a3cc4bc672.NginxMailingListEnglish@forum.nginx.org> Hello, I wrote to Igor but do not have the response so I write my question here and please help me. Firse of all, excuse me for my bad english!!!!! I hack the module "ngx_http_gzip_static_module.c" and I know that if client demande a file A, for example, the server NGINX will search the file "A.gz" and if it exist, Server will uncompress this gz file and the Server will serve the file uncompress of A.gz. It is not my objectif. My objectif is if a client demande a file B, for example. The server will search the file B.gz(compressed file) and serve this file if it exists. Client will receive file B.gz, not file B uncompressed. I lost for weeks for hacking this function but do not success. Please help me to figure out how I can realize this. Thanks for your help. VVPHAM Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234044,234044#msg-234044 From mdounin at mdounin.ru Fri Dec 14 17:57:07 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 14 Dec 2012 21:57:07 +0400 Subject: Please helpe me, hacking the module Gzip Pre-Compression Module In-Reply-To: <7cdb778857844b74158fc8a3cc4bc672.NginxMailingListEnglish@forum.nginx.org> References: <7cdb778857844b74158fc8a3cc4bc672.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121214175707.GB40452@mdounin.ru> Hello! On Fri, Dec 14, 2012 at 12:29:15PM -0500, vvpham wrote: > Hello, > I wrote to Igor but do not have the response so I write my question here and > please help me. > > Firse of all, excuse me for my bad english!!!!! > > I hack the module "ngx_http_gzip_static_module.c" and I know that if client > demande a file A, for example, the server NGINX will search the file "A.gz" > and if it exist, Server will uncompress this gz file and the Server will > serve the file uncompress of A.gz. This is incorrect. The gzip_static assumes there are two files with identical contents: foo foo.gz The "foo" file (uncompressed one) will be returned to clients which doesn't support gzip. The "foo.gz" file (compressed one) will be returned to clients which support gzip. If you want nginx to uncompress a gz file, you have to use recently introduced gunzip module, see http://nginx.org/r/gunzip, along with gzip_static set to "always". > It is not my objectif. My objectif is if a client demande a file B, for > example. The server will search the file B.gz(compressed file) and serve > this file if it exists. Client will receive file B.gz, not file B > uncompressed. > > I lost for weeks for hacking this function but do not success. Please help > me to figure out how I can realize this. I'm not sure I understand correctly what you want, but it looks like what you are asking for is "gzip_static always", as available in nginx 1.3.6+. See http://nginx.org/r/gzip_static for details. -- Maxim Dounin http://nginx.com/support.html From sahmed1020 at gmail.com Fri Dec 14 20:00:53 2012 From: sahmed1020 at gmail.com (S Ahmed) Date: Fri, 14 Dec 2012 15:00:53 -0500 Subject: by default does nginx just use a single log file? Message-ID: By default does nginx just keep appending to the same log file? (for both access and error log files) Is there a reason why there is no built in way of having it create a new file per day/hour or something? I guess the idea is to keep the feature set very lean? -------------- next part -------------- An HTML attachment was scrubbed... URL: From tjoseph1 at ymail.com Fri Dec 14 20:18:55 2012 From: tjoseph1 at ymail.com (Thomas Joseph) Date: Sat, 15 Dec 2012 04:18:55 +0800 (SGT) Subject: I want help... In-Reply-To: <1355167678.27889.YahooMailNeo@web193006.mail.sg3.yahoo.com> References: <1355165818.56997.YahooMailNeo@web193004.mail.sg3.yahoo.com> <1355167678.27889.YahooMailNeo@web193006.mail.sg3.yahoo.com> Message-ID: <1355516335.71877.YahooMailNeo@web193006.mail.sg3.yahoo.com> Hello all, Want to share what I came up with. See, I have 3 key strings , say abc, pqr and xyz. And a valid submission will be https://x.y.com/?abc=1.2.3.4&pqr=asdf&xyz=123888598 abc is numeric, with . in between, and ending in digit(s), think of a uuid like 2.16.840.1.113883 pqr is only alpha, but has 2 choices, asdf or lkjh xyz is purely numeric I do not use this for anything other than reverse proxy, if the pattern matches. Here is what I come up with: location / { .... .... if ($args ~ ^((abc=(\d+\.)+(\d+))\&(pqr=(asdf|lkjh))\&(xyz=\d+))$){ proxy_pass http://127.0.0.1:890/?$1; } Still I can not limit the repetition, like (abc=(\d{3,10})). Seems nginx, does not support {}. Is that true ?? Provided that I can predict if there can not be more than 64?characters?for abc how do I do it ? And what about "if is evil" Does that make sense in 1.2.6 too ?? Tell me I am wrong !! Thanks all. tjoseph. ________________________________ From: Thomas Joseph To: "nginx at nginx.org" Sent: Tuesday, 11 December 2012 12:57 AM Subject: Re: I want help... Did I tell that I am looking into a reverse proxy situation ? No. My mistake. I want to have a reverse proxy, that would filter the incoming and pass-on/reject ?upon the rules. [SSL enabled web-client]=>[NGINX]=>{filtering]=>[My own custom built HTTP application] [SSL enabled web-client]<=[NGINX]<=[My own custom built HTTP application]? Thanks, tjoseph. ________________________________ From: Thomas Joseph To: "nginx at nginx.org" Sent: Tuesday, 11 December 2012 12:26 AM Subject: I want help... Hello all, What is the best way to block un-expected submissions? For example, I have this puzzle: ?((aaa=(\d{1,8}\.)+(\d{1,8}))\&(bbb=\w{10,30})\&(ccc=\d{1,10})) aaa is uuid, bbb is alphanumric, ccc is just numeric. I want to have nginx validating this regex, and one more, if someone craft (ddd=xyz) in the submission url, it has to FAIL. Pls, comments are welcome. tjoseph. _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Fri Dec 14 20:20:46 2012 From: francis at daoine.org (Francis Daly) Date: Fri, 14 Dec 2012 20:20:46 +0000 Subject: by default does nginx just use a single log file? In-Reply-To: References: Message-ID: <20121214202046.GP18139@craic.sysops.org> On Fri, Dec 14, 2012 at 03:00:53PM -0500, S Ahmed wrote: Hi there, > By default does nginx just keep appending to the same log file? (for both > access and error log files) Yes. (Although the access log file name can include per-request variables.) > Is there a reason why there is no built in way of having it create a new > file per day/hour or something? I guess the idea is to keep the feature > set very lean? Would you like it per day or per hour? Or every 4 MB, or every 1 million lines? (Or every second Tuesday unless the moon is full?) There are too many possibly-useful rules for anything built-in to satisfy everybody. So nginx allows you to choose whatever combination of circumstances you want, outside of nginx, and then provides a well-defined way for you to induce a log file rotation. http://nginx.org/en/docs/control.html#logs That's my understanding, anyway. f -- Francis Daly francis at daoine.org From davide.damico at contactlab.com Fri Dec 14 20:45:52 2012 From: davide.damico at contactlab.com (Davide D'Amico) Date: Fri, 14 Dec 2012 21:45:52 +0100 Subject: Nginx 1.x and Vary header HTTP Message-ID: <50CB9000.2020701@contactlab.com> Hi, I'm reading this web page: http://www.notthewizard.com/2012/02/27/nginx-reverse-proxy-can-cause-ie-to-fail/ that leads to this statement (http://wiki.nginx.org/HttpProxyModule): "nginx does not handle "Vary" headers when caching." I found this bug tracker page: http://trac.nginx.org/nginx/ticket/118 that seems related to the same topic. Are there news about supporting / honoring the Vary header using nginx purely as a reverse proxy in front of IIS / Tomcat / Apache webservers? I'm using nginx 1.2.6 on a freebsd 9.1 amd64 box. Thanks in advance, d. From francis at daoine.org Fri Dec 14 20:51:38 2012 From: francis at daoine.org (Francis Daly) Date: Fri, 14 Dec 2012 20:51:38 +0000 Subject: I want help... In-Reply-To: <1355516335.71877.YahooMailNeo@web193006.mail.sg3.yahoo.com> References: <1355165818.56997.YahooMailNeo@web193004.mail.sg3.yahoo.com> <1355167678.27889.YahooMailNeo@web193006.mail.sg3.yahoo.com> <1355516335.71877.YahooMailNeo@web193006.mail.sg3.yahoo.com> Message-ID: <20121214205138.GQ18139@craic.sysops.org> On Sat, Dec 15, 2012 at 04:18:55AM +0800, Thomas Joseph wrote: Hi there, it seems to me that the level of application-specific control you are looking for probably does not belong in a default nginx.conf. The back-end application is probably the right place to do these checks. You could try using one of the nginx embedded language modules, which may provide more features. Or you could try using the various $arg_* variables in a map -- http://nginx.org/r/map. > And a valid submission will be https://x.y.com/?abc=1.2.3.4&pqr=asdf&xyz=123888598 Would https://x.y.com/?abc=1.2.3.4&xyz=123888598&pqr=asdf be invalid? Unless you control the client, you probably don't control the order. > abc is numeric, with . in between, and ending in digit(s), think of a uuid like 2.16.840.1.113883 > > pqr is only alpha, but has 2 choices, asdf or lkjh > > xyz is purely numeric Untested, but something like map $arg_xyz $xyz_bad { default 1 ~ ^[0-9]+$ 0 } with similar things for "abc" and "pqr", would set variables that you could then test for. if ($xyz_bad) { return 400 "xyz is wrong" } > location / { > .... > .... > if ($args ~ ^((abc=(\d+\.)+(\d+))\&(pqr=(asdf|lkjh))\&(xyz=\d+))$){ > proxy_pass http://127.0.0.1:890/?$1; > } > > Still I can not limit the repetition, like (abc=(\d{3,10})). Seems nginx, does not support {}. Is that true ?? I don't know; but it possibly depends on the regex library found at compile time. > And what about "if is evil" Don't use "if" inside "location" unless you can explain why your usage is correct. That's the rule I tend to use. Good luck with it, f -- Francis Daly francis at daoine.org From sahmed1020 at gmail.com Fri Dec 14 21:10:21 2012 From: sahmed1020 at gmail.com (S Ahmed) Date: Fri, 14 Dec 2012 16:10:21 -0500 Subject: by default does nginx just use a single log file? In-Reply-To: <20121214202046.GP18139@craic.sysops.org> References: <20121214202046.GP18139@craic.sysops.org> Message-ID: only on a full moon, excluding leap years. thank you and when can I expect this feature? :) On Fri, Dec 14, 2012 at 3:20 PM, Francis Daly wrote: > On Fri, Dec 14, 2012 at 03:00:53PM -0500, S Ahmed wrote: > > Hi there, > > > By default does nginx just keep appending to the same log file? (for both > > access and error log files) > > Yes. (Although the access log file name can include per-request variables.) > > > Is there a reason why there is no built in way of having it create a new > > file per day/hour or something? I guess the idea is to keep the feature > > set very lean? > > Would you like it per day or per hour? Or every 4 MB, or every 1 million > lines? (Or every second Tuesday unless the moon is full?) There are too > many possibly-useful rules for anything built-in to satisfy everybody. > > So nginx allows you to choose whatever combination of circumstances you > want, outside of nginx, and then provides a well-defined way for you to > induce a log file rotation. > > http://nginx.org/en/docs/control.html#logs > > That's my understanding, anyway. > > f > -- > Francis Daly francis at daoine.org > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From xmirya at gmail.com Fri Dec 14 21:42:50 2012 From: xmirya at gmail.com (m irya) Date: Fri, 14 Dec 2012 23:42:50 +0200 Subject: by default does nginx just use a single log file? In-Reply-To: References: <20121214202046.GP18139@craic.sysops.org> Message-ID: Nginx doesn't include periodic log rotation functionality, the only thing included is reopening the log files on USR1 signal, so one may rename the current log file and then kill -USR1 `cat /var/run/nginx.pid` for nginx to create a new log (see http://wiki.nginx.org/LogRotation ). External tools may be used to do the actual period rotation, like in Linuxish world it's normally done by logrotate ( http://manpages.ubuntu.com/manpages/lucid/man8/logrotate.8.html ) - in recent Ubuntu versions it's already set up to rotate default nginx log files. 2012/12/14 S Ahmed > only on a full moon, excluding leap years. thank you and when can I > expect this feature? :) > > > On Fri, Dec 14, 2012 at 3:20 PM, Francis Daly wrote: > >> On Fri, Dec 14, 2012 at 03:00:53PM -0500, S Ahmed wrote: >> >> Hi there, >> >> > By default does nginx just keep appending to the same log file? (for >> both >> > access and error log files) >> >> Yes. (Although the access log file name can include per-request >> variables.) >> >> > Is there a reason why there is no built in way of having it create a new >> > file per day/hour or something? I guess the idea is to keep the feature >> > set very lean? >> >> Would you like it per day or per hour? Or every 4 MB, or every 1 million >> lines? (Or every second Tuesday unless the moon is full?) There are too >> many possibly-useful rules for anything built-in to satisfy everybody. >> >> So nginx allows you to choose whatever combination of circumstances you >> want, outside of nginx, and then provides a well-defined way for you to >> induce a log file rotation. >> >> http://nginx.org/en/docs/control.html#logs >> >> That's my understanding, anyway. >> >> f >> -- >> Francis Daly francis at daoine.org >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From tjoseph1 at ymail.com Fri Dec 14 21:58:02 2012 From: tjoseph1 at ymail.com (Thomas Joseph) Date: Sat, 15 Dec 2012 05:58:02 +0800 (SGT) Subject: I want help... In-Reply-To: <20121214205138.GQ18139@craic.sysops.org> References: <1355165818.56997.YahooMailNeo@web193004.mail.sg3.yahoo.com> <1355167678.27889.YahooMailNeo@web193006.mail.sg3.yahoo.com> <1355516335.71877.YahooMailNeo@web193006.mail.sg3.yahoo.com> <20121214205138.GQ18139@craic.sysops.org> Message-ID: <1355522282.6753.YahooMailNeo@web193002.mail.sg3.yahoo.com> Hi, Thanks a lot for the insight. I have checked the order of abc, pqr and xyz and nginx does not proxy_pass. It does not proxy_pass if it is ab or abcd, instead of abc. It does not even matching special characters.? That is good, and it is blocking a submission with additional?parameters, like https://x.y.com/?abc=1.2.3.4&pqr=asdf&xyz=123888598&def=123 The client is typically the browser that would make ajax call from anywhere in the Internet, but I do see someone possibly crafting a payload that could confuse the app running on 127.0.0.1. Will definitely go through map and will get back. Appreciate and thanks again, Francis. tjoseph. ________________________________ From: Francis Daly To: nginx at nginx.org Sent: Saturday, 15 December 2012 2:21 AM Subject: Re: I want help... On Sat, Dec 15, 2012 at 04:18:55AM +0800, Thomas Joseph wrote: Hi there, it seems to me that the level of application-specific control you are looking for probably does not belong in a default nginx.conf. The back-end application is probably the right place to do these checks. You could try using one of the nginx embedded language modules, which may provide more features. Or you could try using the various $arg_* variables in a map -- http://nginx.org/r/map. > And a valid submission will be https://x.y.com/?abc=1.2.3.4&pqr=asdf&xyz=123888598 Would https://x.y.com/?abc=1.2.3.4&xyz=123888598&pqr=asdf be invalid? Unless you control the client, you probably don't control the order. > abc is numeric, with . in between, and ending in digit(s), think of a uuid like 2.16.840.1.113883 > > pqr is only alpha, but has 2 choices, asdf or lkjh > > xyz is purely numeric Untested, but something like ? map $arg_xyz $xyz_bad { ? ? default 1 ? ? ~ ^[0-9]+$ 0 ? } with similar things for "abc" and "pqr", would set variables that you could then test for. ? if ($xyz_bad) { ? ? return 400 "xyz is wrong" ? } > location / { > .... > .... > if ($args ~ ^((abc=(\d+\.)+(\d+))\&(pqr=(asdf|lkjh))\&(xyz=\d+))$){ > proxy_pass http://127.0.0.1:890/?$1; > } > > Still I can not limit the repetition, like (abc=(\d{3,10})). Seems nginx, does not support {}. Is that true ?? I don't know; but it possibly depends on the regex library found at compile time. > And what about "if is evil" Don't use "if" inside "location" unless you can explain why your usage is correct. That's the rule I tend to use. Good luck with it, ??? f -- Francis Daly? ? ? ? francis at daoine.org _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From sahmed1020 at gmail.com Fri Dec 14 22:10:32 2012 From: sahmed1020 at gmail.com (S Ahmed) Date: Fri, 14 Dec 2012 17:10:32 -0500 Subject: by default does nginx just use a single log file? In-Reply-To: References: <20121214202046.GP18139@craic.sysops.org> Message-ID: m irya, Thanks. I'm planning to run 12.04 ubuntu. What exactly does 're-opening' of a log file mean? Isn't it already open, meaning nginx has it open and is appending to it? So step by step, what is to be done? 1. kill -USR1 2. rename file? 3. kill -USR1 'cat /var/run/nginx.pid' 4. profit ? On Fri, Dec 14, 2012 at 4:42 PM, m irya wrote: > USR1 signal -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Dec 14 22:52:07 2012 From: nginx-forum at nginx.us (justin) Date: Fri, 14 Dec 2012 17:52:07 -0500 Subject: SSL performance optimization with cache In-Reply-To: <20121214105615.GE40452@mdounin.ru> References: <20121214105615.GE40452@mdounin.ru> Message-ID: Maxim, Thanks for the reply, so if the oldest cache entries are automatically purged why am I seeing: ngx_slab_alloc() failed: no memory in SSL session shared cache "SSL_CACHE" Logged thousands upon thousands of times in my error log? Was this because even though at that time my expiration was 5m, the cache was full, and it couldn't purge any cache entries because none were expired? If this is the case, I recommend changing the message from critical error to a notice. Basically, just means that SSL connections could not use cache, they were not failing, just slower. Probably shouldn't be a critical error right? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233990,234060#msg-234060 From nginx-forum at nginx.us Fri Dec 14 23:54:58 2012 From: nginx-forum at nginx.us (constable1) Date: Fri, 14 Dec 2012 18:54:58 -0500 Subject: Nginx server_name command being ignored In-Reply-To: References: Message-ID: <82ec0b8bfaa66695f7342ba6d867edf0.NginxMailingListEnglish@forum.nginx.org> Hi Jonathan, Francis, I've just tried on the server "ping test", and I get no packet loss, it all seems to be looking fine. I also tried "curl -i http://test/" and I get the output as the code that makes up the html of my page, so it appears that nginx is working fine, but when I try going to http://test/ on another machine on my home network then I get nothing, I agree that this must be some kind of DNS issue here, but how does one go about fixing it? Cheers, Matt Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234028,234062#msg-234062 From contact at jpluscplusm.com Sat Dec 15 00:22:31 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Sat, 15 Dec 2012 00:22:31 +0000 Subject: Nginx server_name command being ignored In-Reply-To: <82ec0b8bfaa66695f7342ba6d867edf0.NginxMailingListEnglish@forum.nginx.org> References: <82ec0b8bfaa66695f7342ba6d867edf0.NginxMailingListEnglish@forum.nginx.org> Message-ID: On 14 December 2012 23:54, constable1 wrote: > Hi Jonathan, Francis, > > I've just tried on the server "ping test", and I get no packet loss, it all > seems to be looking fine. I also tried "curl -i http://test/" and I get the > output as the code that makes up the html of my page, so it appears that > nginx is working fine, but when I try going to http://test/ on another > machine on my home network then I get nothing, I agree that this must be > some kind of DNS issue here, but how does one go about fixing it? Work put how the machines *should* be resolving "test" to an IP address, and add entries so that they *can*. This may be your hosts file, if you're doing internal, LAN-only development, or a DNS server somewhere. This is somewhat of out of scope for the nginx list now, though ... :-) HTH, Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From nginx-forum at nginx.us Sat Dec 15 01:20:13 2012 From: nginx-forum at nginx.us (constable1) Date: Fri, 14 Dec 2012 20:20:13 -0500 Subject: Nginx server_name command being ignored In-Reply-To: References: Message-ID: Jonathan, I've added to the host file of my server 127.0.0.1 test, but still have no luck locally. I have also tried port forwarding from my router (port 80 to port 80) and am unable to then connect to my server using my public IP address. Do you know if there are any forums which could help me in this regard? Cheers Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234028,234064#msg-234064 From howachen at gmail.com Sat Dec 15 07:00:53 2012 From: howachen at gmail.com (howard chen) Date: Sat, 15 Dec 2012 15:00:53 +0800 Subject: Did nginx fixed the php/pathinfo exploit in the core? Message-ID: Now tried to test for the exploit ( http://forum.nginx.org/read.php?2,88845,88996) , nginx return 403 directly without hitting my backend php =============== curl -s -D - 'http://www.example.com/test.jpg/f.php' HTTP/1.1 403 Forbidden Server: nginx Date: Fri, 14 Dec 2012 17:40:03 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Access denied. =============== Which version it was fixed? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From igor at sysoev.ru Sat Dec 15 09:44:19 2012 From: igor at sysoev.ru (Igor Sysoev) Date: Sat, 15 Dec 2012 13:44:19 +0400 Subject: by default does nginx just use a single log file? In-Reply-To: References: <20121214202046.GP18139@craic.sysops.org> Message-ID: On Dec 15, 2012, at 2:10 , S Ahmed wrote: > m irya, > > Thanks. I'm planning to run 12.04 ubuntu. > > What exactly does 're-opening' of a log file mean? Isn't it already open, meaning nginx has it open and is appending to it? > > So step by step, what is to be done? > > 1. kill -USR1 > 2. rename file? > 3. kill -USR1 'cat /var/run/nginx.pid' > 4. profit 1. rename file 2. kill -USR1 'cat /var/run/nginx.pid' 3. sleep 2 4. do everything with the file: gzipping, moving to other host, etc. -- Igor Sysoev http://nginx.com/support.html -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Sat Dec 15 11:05:58 2012 From: francis at daoine.org (Francis Daly) Date: Sat, 15 Dec 2012 11:05:58 +0000 Subject: Nginx server_name command being ignored In-Reply-To: <82ec0b8bfaa66695f7342ba6d867edf0.NginxMailingListEnglish@forum.nginx.org> References: <82ec0b8bfaa66695f7342ba6d867edf0.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121215110558.GR18139@craic.sysops.org> On Fri, Dec 14, 2012 at 06:54:58PM -0500, constable1 wrote: Hi there, > I also tried "curl -i http://test/" and I get the > output as the code that makes up the html of my page, so it appears that > nginx is working fine, but when I try going to http://test/ on another > machine on my home network then I get nothing, Exactly the same as the last time: What is the output of curl -i http://test/ ? Do that from whatever machine you want things to work from. The output is unlikely to be "nothing", and is likely to give an indication of the first problem. And you can still test the nginx side without fixing name resolution by looking at the output of curl -i -H Host:test http://127.0.0.1/ where "127.0.0.1" should be replaced with "an ip address that the nginx server is listening on". Note that 127.0.0.1 is a special address which means (roughly) "this machine only". And so is unlikely to work from any other machine. The server{} block that has "server_name test" would need to "listen" on a non-127.0.0.1 address for it to be accessible > I agree that this must be > some kind of DNS issue here, but how does one go about fixing it? "Big" fix is "whatever your network does". "Small" fix is /etc/hosts. f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Sat Dec 15 11:32:07 2012 From: nginx-forum at nginx.us (constable1) Date: Sat, 15 Dec 2012 06:32:07 -0500 Subject: Nginx server_name command being ignored In-Reply-To: <20121215110558.GR18139@craic.sysops.org> References: <20121215110558.GR18139@craic.sysops.org> Message-ID: <63a4a9a0b600dad878083be6a9e3b634.NginxMailingListEnglish@forum.nginx.org> Hi Francis, I am trying to access the web server from a bunch of windows machines (I don't have any linux desktops). My /etc/hosts file already reads: 127.0.0.1 localhost 127.0.1.1 ubuntuserver 192.168.1.93 test Where the final address is the local address of the server. When I do the curl operation from the server on http://test/ then I get the index.html page back, which is encouraging, but when I try to ping it from any of my windows machines then I get nothing. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234028,234073#msg-234073 From francis at daoine.org Sat Dec 15 11:46:54 2012 From: francis at daoine.org (Francis Daly) Date: Sat, 15 Dec 2012 11:46:54 +0000 Subject: Nginx server_name command being ignored In-Reply-To: <63a4a9a0b600dad878083be6a9e3b634.NginxMailingListEnglish@forum.nginx.org> References: <20121215110558.GR18139@craic.sysops.org> <63a4a9a0b600dad878083be6a9e3b634.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121215114654.GS18139@craic.sysops.org> On Sat, Dec 15, 2012 at 06:32:07AM -0500, constable1 wrote: Hi there, > I am trying to access the web server from a bunch of windows machines (I > don't have any linux desktops). My /etc/hosts file already reads: > 127.0.0.1 localhost > 127.0.1.1 ubuntuserver > 192.168.1.93 test /etc/hosts is for local-to-this-machine name resolution. It is the client machine -- the one running the web browser -- that needs to resolve the name "test" to the ip address. So if you try on a windows machine, you must have the "test" entry in the /etc/hosts file on that windows machine. Searching the fine web should tell you exactly which file that corresponds to on the version of windows that you are using. > Where the final address is the local address of the server. When I do the > curl operation from the server on http://test/ then I get the index.html > page back, which is encouraging, but when I try to ping it from any of my > windows machines then I get nothing. When you type "curl -i http://test/" from a command shell on any one windows machine, you get immediately returned to the prompt with no other output? Likewise when you use the other curl command suggested? That is unexpected to me and I do not know how to proceed. f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Sat Dec 15 12:01:45 2012 From: nginx-forum at nginx.us (constable1) Date: Sat, 15 Dec 2012 07:01:45 -0500 Subject: Nginx server_name command being ignored In-Reply-To: <20121215114654.GS18139@craic.sysops.org> References: <20121215114654.GS18139@craic.sysops.org> Message-ID: <5f06976bf5cfcf59b63411faaa7b9a77.NginxMailingListEnglish@forum.nginx.org> Francis, forgive me, I was accidentally editing the host file on the wrong machine, stupid mistake, I've now got it sorted and working for a public IP now. Thanks for all of your help Jonathan, Francis! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234028,234075#msg-234075 From francis at daoine.org Sat Dec 15 14:11:48 2012 From: francis at daoine.org (Francis Daly) Date: Sat, 15 Dec 2012 14:11:48 +0000 Subject: Nginx server_name command being ignored In-Reply-To: <5f06976bf5cfcf59b63411faaa7b9a77.NginxMailingListEnglish@forum.nginx.org> References: <20121215114654.GS18139@craic.sysops.org> <5f06976bf5cfcf59b63411faaa7b9a77.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121215141148.GT18139@craic.sysops.org> On Sat, Dec 15, 2012 at 07:01:45AM -0500, constable1 wrote: Hi there, > Francis, forgive me, I was accidentally editing the host file on the wrong > machine, stupid mistake, I've now got it sorted and working for a public IP > now. No worries; "sorted and working" is good news.. Good stuff, f -- Francis Daly francis at daoine.org From francis at daoine.org Sat Dec 15 14:20:19 2012 From: francis at daoine.org (Francis Daly) Date: Sat, 15 Dec 2012 14:20:19 +0000 Subject: Did nginx fixed the php/pathinfo exploit in the core? In-Reply-To: References: Message-ID: <20121215142019.GU18139@craic.sysops.org> On Sat, Dec 15, 2012 at 03:00:53PM +0800, howard chen wrote: Hi there, > Now tried to test for the exploit ( > http://forum.nginx.org/read.php?2,88845,88996) , nginx return 403 directly > without hitting my backend php > Which version it was fixed? What's in your nginx.conf? The one location that matches /test.jpg/f.php, plus the server-level config if relevant? I suspect it was fixed in "whichever version you used a suitable configuration in". (But maybe I misunderstood the nature of the problem.) f -- Francis Daly francis at daoine.org From sahmed1020 at gmail.com Sat Dec 15 18:20:19 2012 From: sahmed1020 at gmail.com (S Ahmed) Date: Sat, 15 Dec 2012 13:20:19 -0500 Subject: by default does nginx just use a single log file? In-Reply-To: References: <20121214202046.GP18139@craic.sysops.org> Message-ID: I see, thanks. So there is there a small window of time when the logs will not be written or lost? On Sat, Dec 15, 2012 at 4:44 AM, Igor Sysoev wrote: > On Dec 15, 2012, at 2:10 , S Ahmed wrote: > > m irya, > > Thanks. I'm planning to run 12.04 ubuntu. > > What exactly does 're-opening' of a log file mean? Isn't it already open, > meaning nginx has it open and is appending to it? > > So step by step, what is to be done? > > 1. kill -USR1 > 2. rename file? > 3. kill -USR1 'cat /var/run/nginx.pid' > 4. profit > > > 1. rename file > 2. kill -USR1 'cat /var/run/nginx.pid' > 3. sleep 2 > 4. do everything with the file: gzipping, moving to other host, etc. > > > -- > Igor Sysoev > http://nginx.com/support.html > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From igor at sysoev.ru Sat Dec 15 20:31:28 2012 From: igor at sysoev.ru (Igor Sysoev) Date: Sun, 16 Dec 2012 00:31:28 +0400 Subject: by default does nginx just use a single log file? In-Reply-To: References: <20121214202046.GP18139@craic.sysops.org> Message-ID: <0BD4E58C-5B23-4A70-B0C3-68AFD962FFE5@sysoev.ru> No, logs are always written either in renamed old file or created newly by master process. There is window between sending signal and reopening new files by worker processes. -- Igor Sysoev http://nginx.com/support.html On Dec 15, 2012, at 22:20 , S Ahmed wrote: > I see, thanks. > > So there is there a small window of time when the logs will not be written or lost? > > > On Sat, Dec 15, 2012 at 4:44 AM, Igor Sysoev wrote: > On Dec 15, 2012, at 2:10 , S Ahmed wrote: > >> m irya, >> >> Thanks. I'm planning to run 12.04 ubuntu. >> >> What exactly does 're-opening' of a log file mean? Isn't it already open, meaning nginx has it open and is appending to it? >> >> So step by step, what is to be done? >> >> 1. kill -USR1 >> 2. rename file? >> 3. kill -USR1 'cat /var/run/nginx.pid' >> 4. profit > > 1. rename file > 2. kill -USR1 'cat /var/run/nginx.pid' > 3. sleep 2 > 4. do everything with the file: gzipping, moving to other host, etc. > > > -- > Igor Sysoev > http://nginx.com/support.html > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From rainer at ultra-secure.de Sat Dec 15 21:37:51 2012 From: rainer at ultra-secure.de (Rainer Duffner) Date: Sat, 15 Dec 2012 22:37:51 +0100 Subject: How exactly is NGINX spelled? Message-ID: <20121215223751.52e82e84@linux-wb36.example.org> Hi, this got me thinking: - nginx.com says "NGINX" in all-caps on the frontpage, - the page with the links to FAQ and handbook also spells it like "NGINX" - at least three times out of four - the FAQ itself spells it "nginx". - sometimes you also see Nginx... Can someone with an nginx.com email-address spell it out for once? ;-) Best Regards Rainer From andrejaenisch at googlemail.com Sat Dec 15 22:04:32 2012 From: andrejaenisch at googlemail.com (Andre Jaenisch) Date: Sat, 15 Dec 2012 23:04:32 +0100 Subject: How exactly is NGINX spelled? In-Reply-To: <20121215223751.52e82e84@linux-wb36.example.org> References: <20121215223751.52e82e84@linux-wb36.example.org> Message-ID: 2012/12/15 Rainer Duffner : > Can someone with an nginx.com email-address spell it out for once? Relating to Wikipedia: http://en.wikipedia.org/wiki/Nginx it is "engine-x" [??n??n ??ks]. Therefore I prefer to write NginX :-) Regards, Andr? From ru at nginx.com Sat Dec 15 22:09:14 2012 From: ru at nginx.com (Ruslan Ermilov) Date: Sun, 16 Dec 2012 02:09:14 +0400 Subject: How exactly is NGINX spelled? In-Reply-To: <20121215223751.52e82e84@linux-wb36.example.org> References: <20121215223751.52e82e84@linux-wb36.example.org> Message-ID: <20121215220914.GA8531@lo0.su> On Sat, Dec 15, 2012 at 10:37:51PM +0100, Rainer Duffner wrote: > Hi, > > this got me thinking: > - nginx.com says "NGINX" in all-caps on the frontpage, > - the page with the links to FAQ and handbook also spells it like > "NGINX" - at least three times out of four > - the FAQ itself spells it "nginx". > - sometimes you also see Nginx... > > > > Can someone with an nginx.com email-address spell it out for once? > ;-) We use all possible spellings. :) "nginx" when it's about software (http://nginx.org/en/) or command name "Nginx" when it's about company (Nginx, Inc.) (http://nginx.com) "NGINX" when it's about environment variable (http://nginx.org/r/env) From mejedi at gmail.com Sun Dec 16 07:58:32 2012 From: mejedi at gmail.com (Nick Zavaritsky) Date: Sun, 16 Dec 2012 11:58:32 +0400 Subject: websockets Message-ID: <42F0954D-B768-45AE-A83A-8E3C6B511F6E@gmail.com> Hi! According to the roadmap at http://trac.nginx.org/nginx/roadmap, the support for websockets is planned for release in 2 month. Is there any preview code available yet? It would be nice to start playing with this feature early on. Since this is going to be used in my pet project the possible instability doesn't scare me much. From nginx-forum at nginx.us Sun Dec 16 19:37:07 2012 From: nginx-forum at nginx.us (skycoyotte) Date: Sun, 16 Dec 2012 14:37:07 -0500 Subject: image_filter don't resize Message-ID: <5b2d0da4e7d37f0e26c5c80b50149173.NginxMailingListEnglish@forum.nginx.org> hello I'm using nginx 1.2.4 with image_filter and i recently found a problem. If i try to make come down the jpeg quality, and the size (800-600), for an image in the same resolution, NGinx does nothing. In other word, I think NGinx give me the original image when the resolution i ask is the same than the orignal. Am i wrong ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234090,234090#msg-234090 From r at roze.lv Sun Dec 16 23:05:29 2012 From: r at roze.lv (Reinis Rozitis) Date: Mon, 17 Dec 2012 01:05:29 +0200 Subject: image_filter don't resize In-Reply-To: <5b2d0da4e7d37f0e26c5c80b50149173.NginxMailingListEnglish@forum.nginx.org> References: <5b2d0da4e7d37f0e26c5c80b50149173.NginxMailingListEnglish@forum.nginx.org> Message-ID: <3FE635820F4F4C0E99BEDF35BB948FA0@NeiRoze> > In other word, I think NGinx give me the original image when the > resolution i ask is the same than the orignal. You are correct. Though it is quite easy to edit the image_filter module if you really need the resize when the dimensions are the same or less. rr From nginx-forum at nginx.us Mon Dec 17 08:16:47 2012 From: nginx-forum at nginx.us (skycoyotte) Date: Mon, 17 Dec 2012 03:16:47 -0500 Subject: image_filter don't resize In-Reply-To: <3FE635820F4F4C0E99BEDF35BB948FA0@NeiRoze> References: <3FE635820F4F4C0E99BEDF35BB948FA0@NeiRoze> Message-ID: <3685229803e804541d6814186bd74de5.NginxMailingListEnglish@forum.nginx.org> Thanks Indeed i think i can update this function around the file ngx_http_image_filter_module.c. have a nice day Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234090,234099#msg-234099 From maxim at nginx.com Mon Dec 17 08:29:39 2012 From: maxim at nginx.com (Maxim Konovalov) Date: Mon, 17 Dec 2012 12:29:39 +0400 Subject: websockets In-Reply-To: <42F0954D-B768-45AE-A83A-8E3C6B511F6E@gmail.com> References: <42F0954D-B768-45AE-A83A-8E3C6B511F6E@gmail.com> Message-ID: <50CED7F3.2050709@nginx.com> Hi Nick, On 12/16/12 11:58 AM, Nick Zavaritsky wrote: > Hi! > > According to the roadmap at http://trac.nginx.org/nginx/roadmap, > the support for websockets is planned for release in 2 month. Is > there any preview code available yet? It would be nice to start > playing with this feature early on. > The roadmap is correct but no such code available yet. Ping us again in mid-January. -- Maxim Konovalov +7 (910) 4293178 http://nginx.com/support.html From i.hailperin at heinlein-support.de Mon Dec 17 10:01:06 2012 From: i.hailperin at heinlein-support.de (Isaac Hailperin) Date: Mon, 17 Dec 2012 11:01:06 +0100 Subject: Set-Cookie is missing via proxy In-Reply-To: <20121206160253.GU40452@mdounin.ru> References: <50BF2963.1090106@heinlein-support.de> <20121205122309.GM40452@mdounin.ru> <50BFA3A7.5010500@heinlein-support.de> <50BFAA99.2070200@heinlein-support.de> <20121206133736.GR40452@mdounin.ru> <46889b6a217cf7572f8359d8265b8509@heinlein-support.de> <20121206160253.GU40452@mdounin.ru> Message-ID: <50CEED62.8070606@heinlein-support.de> On 12/06/2012 05:02 PM, Maxim Dounin wrote: >> location ~* \.(jpg|gif|png|css|js) >> { >> try_files $uri @proxy; >> } >> >> location @proxy >> { >> proxy_pass http://backend-all-apaches; >> } >> >> location / >> { >> proxy_pass http://backend-all-apaches; >> } >> >> As far as my understanding goes, this will only cache >> jpg|gif|png|css|js files, and send the rest directly to the backend. >> Please correct me if I am wrong. > > You are wrong. It tries to lookup jpg/gif/png/css/js files > directly on the file system as static files, but it's > > 1) Not cache. Cache is activated with proxy_cache directive, see > http://nginx.org/r/proxy_cache. > > 2) Not related to html files you talked about. > > 3) Not related to the response in question as headers clearly > indicate it was originally returned by Apache (note ETag in Apache > format). > > Whether or not the response in question was cached can't be > concluded from the information provided. Most likely it was as > config says to cache all 200 responses (without cookies) for 60 > minutes. Thank you Maxim, that was very helpfull! So indeed, my config was wrong, so in debugging the original problem, I made wrong assumptions. Now for the original problem: The Set-Cookie was not missing, but it turned out that having proxy_set_header Host $host; twice as I did accidentally, "confused" the backend, which is why it did not deliver the Set-Cookie header. Removing one instance solved that problem. But that did not solve the session mixing. The session mixing was due to proxy_ignore_headers X-Accel-Expires Expires Cache-Control; I set this earlier, because not every page set those headers correctly, resulting in suboptimal cacheing. But it turns out that its really needed for other pages, so I removed that line again. This solved the session mixing problem. Isaac From abletony84 at gmail.com Mon Dec 17 10:09:45 2012 From: abletony84 at gmail.com (Tony) Date: Mon, 17 Dec 2012 11:09:45 +0100 Subject: How exactly is NGINX spelled? In-Reply-To: <20121215220914.GA8531@lo0.su> References: <20121215223751.52e82e84@linux-wb36.example.org> <20121215220914.GA8531@lo0.su> Message-ID: This type of inconsistency is one of the biggest no-no's in branding according to the world's leading brand agency Wolff-Olins. Tony On Sat, Dec 15, 2012 at 11:09 PM, Ruslan Ermilov wrote: > On Sat, Dec 15, 2012 at 10:37:51PM +0100, Rainer Duffner wrote: > > Hi, > > > > this got me thinking: > > - nginx.com says "NGINX" in all-caps on the frontpage, > > - the page with the links to FAQ and handbook also spells it like > > "NGINX" - at least three times out of four > > - the FAQ itself spells it "nginx". > > - sometimes you also see Nginx... > > > > > > > > Can someone with an nginx.com email-address spell it out for once? > > ;-) > > We use all possible spellings. :) > > "nginx" when it's about software (http://nginx.org/en/) or command name > "Nginx" when it's about company (Nginx, Inc.) (http://nginx.com) > "NGINX" when it's about environment variable (http://nginx.org/r/env) > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From laursen at oxygen.net Mon Dec 17 10:14:38 2012 From: laursen at oxygen.net (Lasse Laursen) Date: Mon, 17 Dec 2012 11:14:38 +0100 Subject: How exactly is NGINX spelled? In-Reply-To: References: <20121215223751.52e82e84@linux-wb36.example.org> <20121215220914.GA8531@lo0.su> Message-ID: <91D7AE7D-C84C-429D-A28B-2F02042CA5C2@oxygen.net> Offtopic: Throughout its history, Wolff Olins has presented controversial work.[23][24] Its piper design for BT in 1991 attracted a great deal of opposition.The company was also responsible for the short-lived $110m (?75m) re-branding of PwC Consulting to Monday in 2002. The launch of the London 2012 brand in 2007 was met with widespread public derision. Design critic Stephen Bayley condemned the London 2012 Olympic Games logo as "a puerile mess, an artistic flop and a commercial scandal".[25] ? seems leading to me :) And I believe it's 'Wolff Olins' and not 'Wolff-Olins' ;) On 17/12/2012, at 11.09, Tony wrote: > This type of inconsistency is one of the biggest no-no's in branding according to the world's leading brand agency Wolff-Olins. > > Tony > > > On Sat, Dec 15, 2012 at 11:09 PM, Ruslan Ermilov wrote: > On Sat, Dec 15, 2012 at 10:37:51PM +0100, Rainer Duffner wrote: > > Hi, > > > > this got me thinking: > > - nginx.com says "NGINX" in all-caps on the frontpage, > > - the page with the links to FAQ and handbook also spells it like > > "NGINX" - at least three times out of four > > - the FAQ itself spells it "nginx". > > - sometimes you also see Nginx... > > > > > > > > Can someone with an nginx.com email-address spell it out for once? > > ;-) > > We use all possible spellings. :) > > "nginx" when it's about software (http://nginx.org/en/) or command name > "Nginx" when it's about company (Nginx, Inc.) (http://nginx.com) > "NGINX" when it's about environment variable (http://nginx.org/r/env) > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From andrew at nginx.com Mon Dec 17 10:16:49 2012 From: andrew at nginx.com (Andrew Alexeev) Date: Mon, 17 Dec 2012 14:16:49 +0400 Subject: How exactly is NGINX spelled? In-Reply-To: <91D7AE7D-C84C-429D-A28B-2F02042CA5C2@oxygen.net> References: <20121215223751.52e82e84@linux-wb36.example.org> <20121215220914.GA8531@lo0.su> <91D7AE7D-C84C-429D-A28B-2F02042CA5C2@oxygen.net> Message-ID: <670D520F-318A-4706-B608-F6AD83041613@nginx.com> On Dec 17, 2012, at 2:14 PM, Lasse Laursen wrote: > Offtopic: > > Throughout its history, Wolff Olins has presented controversial work.[23][24] Its piper design for BT in 1991 attracted a great deal of opposition.The company was also responsible for the short-lived $110m (?75m) re-branding of PwC Consulting to Monday in 2002. The launch of the London 2012 brand in 2007 was met with widespread public derision. Design critic Stephen Bayley condemned the London 2012 Olympic Games logo as "a puerile mess, an artistic flop and a commercial scandal".[25] > > ? seems leading to me :) And I believe it's 'Wolff Olins' and not 'Wolff-Olins' ;) > > > On 17/12/2012, at 11.09, Tony wrote: > >> This type of inconsistency is one of the biggest no-no's in branding according to the world's leading brand agency Wolff-Olins. >> >> Tony >> >> >> On Sat, Dec 15, 2012 at 11:09 PM, Ruslan Ermilov wrote: >> On Sat, Dec 15, 2012 at 10:37:51PM +0100, Rainer Duffner wrote: >>> Hi, >>> >>> this got me thinking: >>> - nginx.com says "NGINX" in all-caps on the frontpage, >>> - the page with the links to FAQ and handbook also spells it like >>> "NGINX" - at least three times out of four >>> - the FAQ itself spells it "nginx". >>> - sometimes you also see Nginx... >>> >>> >>> >>> Can someone with an nginx.com email-address spell it out for once? >>> ;-) >> >> We use all possible spellings. :) >> >> "nginx" when it's about software (http://nginx.org/en/) or command name >> "Nginx" when it's about company (Nginx, Inc.) (http://nginx.com) >> "NGINX" when it's about environment variable (http://nginx.org/r/env) Guys, let's keep this list focused on technical matters, ok? :) We've got things to do with the marketing, alright (spellings, logos, web sites, positioning etc.). That's quite different from the purpose of this particular list. From nginx-forum at nginx.us Mon Dec 17 20:05:51 2012 From: nginx-forum at nginx.us (preinde) Date: Mon, 17 Dec 2012 15:05:51 -0500 Subject: Accessing custom upstream proxy header Message-ID: <3af9d5b7cc86d97d82b2896f6f57f920.NginxMailingListEnglish@forum.nginx.org> Good morning, Using ngx_http_request_t, how can I access a custom upstream header within a module, for example: r->upstream->headers_in->xxx_my_header->value No matter what I try, it doesn't appear to be working - Peter Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234126,234126#msg-234126 From nginx at westbrook.com Mon Dec 17 22:29:21 2012 From: nginx at westbrook.com (E. Westbrook) Date: Mon, 17 Dec 2012 15:29:21 -0700 Subject: List of all request headers in perl? Message-ID: <50CF9CC1.8000905@westbrook.com> Hi! I'm new to the list; so please accept my apologies and do kindly correct me if I've missed something in my research, or if I'm not complying with any particular social custom or etiquette on this list. I'm using nginx's integrated perl support, and all is going well so far, but I'm missing one critical thing right now: a way to get a list of all of the request headers. I can certainly use $r->header_in() to obtain any given specific header, which works well if I know the header in advance -- but in my case I need to iterate all of the incoming request headers, even (especially, actually) headers whose presence I would not have anticipated. I do see some references to Nginx modules on CPAN, and in at least one of those, a $r->headers_in() method... but those modules are not the same animal as the built-in "nginx" module, are they. Please help! Thanks, Eric -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Dec 18 00:08:12 2012 From: nginx-forum at nginx.us (gyre007) Date: Mon, 17 Dec 2012 19:08:12 -0500 Subject: nginx add trailing slash Message-ID: <44b5e82b97db508786c87dd9ed6307ee.NginxMailingListEnglish@forum.nginx.org> I'm having troubles figuring out the following problem. Basically, we have a jekyll blog which we decided to separate physically on the server from our main website ie. it is not served from the main application server's root directory. The configuration looks like this: upstream unicorn { server 127.0.0.1:3000; } server { listen 4430; root /app/current/public; server_name example.com; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto https; proxy_set_header Strict-Transport-Security: "max-age=31556926; includeSubDomains"; proxy_redirect off; location ~* ^/assets { expires max; add_header Cache-Control public; break; } location ~* ^/admin { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/htpasswd; proxy_pass http://unicorn; } location ~* ^/dashboard_api { auth_basic "Restricted"; auth_basic_user_file /etc/nginx/htpasswd; proxy_pass http://unicorn; } location / { try_files $uri/index.html $uri.html $uri @app; } location ~ /blog { alias /app/blog/current/; } location @app { auth_basic off; proxy_pass http://unicorn; } # Turn on maintenance mode if the maintenance template exists if (-f $document_root/system/maintenance.html) { return 503; } error_page 503 @maintenance; location @maintenance { rewrite ^(.*)$ /system/maintenance.html last; break; } } I'm talking about /blog location here. Basically, the location of the blog files (those are just STATIC HTML files) is not in /app/current/public but in /app/blog/current. The problem I'm having is that every time the user tries to access the blog via the following URL: http://example.com/blog , the request fails and user is redirected to http://example.com:4430/blog/. However when the user adds a trailing slash ie when he accesses http://example.com/blog/ , all works as expected. The same thing happens with every blog post it http://example.com/blog/post1 fails, http://example.com/blog/post1/ succeeds. I'm trying to figure out how to configure nginx so that the trailing slashes are added and the requests without them will stop failing. Also I'd like to know why is the above redirect to exmple.com:4430 happening ?? ;) Any help would be greatly appreciates! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234131,234131#msg-234131 From farseas at gmail.com Tue Dec 18 02:38:44 2012 From: farseas at gmail.com (Bob S.) Date: Mon, 17 Dec 2012 21:38:44 -0500 Subject: List of all request headers in perl? In-Reply-To: <50CF9CC1.8000905@westbrook.com> References: <50CF9CC1.8000905@westbrook.com> Message-ID: This may help: View HTTP Request and Response Header On Mon, Dec 17, 2012 at 5:29 PM, E. Westbrook wrote: > Hi! > > I'm new to the list; so please accept my apologies and do kindly correct > me if I've missed something in my research, or if I'm not complying with > any particular social custom or etiquette on this list. > > I'm using nginx's integrated perl support, and all is going well so far, > but I'm missing one critical thing right now: a way to get a list of all > of the request headers. > > I can certainly use $r->header_in() to obtain any given specific header, > which works well if I know the header in advance -- but in my case I need > to iterate all of the incoming request headers, even (especially, actually) > headers whose presence I would not have anticipated. > > I do see some references to Nginx modules on CPAN, and in at least one of > those, a $r->headers_in() method... but those modules are not the same > animal as the built-in "nginx" module, are they. > > Please help! > > Thanks, > Eric > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From earle.ake at gmail.com Tue Dec 18 03:13:29 2012 From: earle.ake at gmail.com (Earle Ake) Date: Mon, 17 Dec 2012 22:13:29 -0500 Subject: Trouble compiling nginx on AIX 5.3 Message-ID: I am having issues getting nginx v1.2.6 compiled on AIX 5.3. This is the first time I have tried on AIX. I am using the configure line: ./configure --without-http_rewrite_module --without-http_gzip_module --with-http_ssl_module --with-zlib=/usr/lib/ It gets so far in compiling then stops at this error: gcc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -I src/core -I src/event -I src/event/modules -I src/os/unix -I objs -o objs/src/os/unix/ngx_process.o src/os/unix/ngx_process.c src/os/unix/ngx_process.c: In function `ngx_process_get_status': src/os/unix/ngx_process.c:510: warning: signed and unsigned type in conditional expression src/os/unix/ngx_process.c:517: warning: signed and unsigned type in conditional expression src/os/unix/ngx_process.c:523: warning: signed and unsigned type in conditional expression src/os/unix/ngx_process.c:528: warning: signed and unsigned type in conditional expression src/os/unix/ngx_process.c:529: warning: signed and unsigned type in conditional expression make: 1254-004 The error code from the last command is 1. Stop. make: 1254-004 The error code from the last command is 2. Stop. I also tried V1.2.4 and got the same results but a slightly different line number. Any help? From nginx at westbrook.com Tue Dec 18 03:48:49 2012 From: nginx at westbrook.com (E. Westbrook) Date: Mon, 17 Dec 2012 20:48:49 -0700 Subject: List of all request headers in perl? Message-ID: <50CFE7A1.4030009@westbrook.com> I'm very confused... there's not an "$r" to be seen at that link. Perhaps I asked the original question poorly, or in the wrong place? Thanks again, Eric On Mon, Dec 17, 2012 at 7:38 PM, Bob S. wrote: This may help: View HTTP Request and Response Header On Mon, Dec 17, 2012 at 5:29 PM, E. Westbrook wrote: Hi! I'm new to the list; so please accept my apologies and do kindly correct me if I've missed something in my research, or if I'm not complying with any particular social custom or etiquette on this list. I'm using nginx's integrated perl support, and all is going well so far, but I'm missing one critical thing right now: a way to get a list of all of the request headers. I can certainly use $r->header_in() to obtain any given specific header, which works well if I know the header in advance -- but in my case I need to iterate all of the incoming request headers, even (especially, actually) headers whose presence I would not have anticipated. I do see some references to Nginx modules on CPAN, and in at least one of those, a $r->headers_in() method... but those modules are not the same animal as the built-in "nginx" module, are they. Please help! Thanks, Eric -------------- next part -------------- An HTML attachment was scrubbed... URL: From maxim at nginx.com Tue Dec 18 06:53:49 2012 From: maxim at nginx.com (Maxim Konovalov) Date: Tue, 18 Dec 2012 10:53:49 +0400 Subject: Trouble compiling nginx on AIX 5.3 In-Reply-To: References: Message-ID: <50D012FD.1020009@nginx.com> Hello, On 12/18/12 7:13 AM, Earle Ake wrote: > I am having issues getting nginx v1.2.6 compiled on AIX 5.3. This is > the first time I have tried on AIX. I am using the configure line: > > ./configure --without-http_rewrite_module --without-http_gzip_module > --with-http_ssl_module --with-zlib=/usr/lib/ > > It gets so far in compiling then stops at this error: > [...] We don't have an access to the system with AIX 5.3. The build works OK on 7.1 with gcc 4.6.0 though. -- Maxim Konovalov +7 (910) 4293178 http://nginx.com/support.html From christian.boenning at gmail.com Tue Dec 18 08:29:52 2012 From: christian.boenning at gmail.com (=?ISO-8859-1?Q?Christian_B=F6nning?=) Date: Tue, 18 Dec 2012 09:29:52 +0100 Subject: nginx add trailing slash In-Reply-To: <44b5e82b97db508786c87dd9ed6307ee.NginxMailingListEnglish@forum.nginx.org> References: <44b5e82b97db508786c87dd9ed6307ee.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hi, you may want to have a look into the `port_in_redirect` directive ( http://nginx.org/en/docs/http/ngx_http_core_module.html#port_in_redirect). Regards, Christian 2012/12/18 gyre007 > I'm having troubles figuring out the following problem. Basically, we have > a > jekyll blog which we decided to separate physically on the server from our > main website ie. it is not served from the main application server's root > directory. The configuration looks like this: > > upstream unicorn { > server 127.0.0.1:3000; > } > > server { > listen 4430; > root /app/current/public; > > server_name example.com; > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Host $http_host; > proxy_set_header X-Forwarded-Proto https; > proxy_set_header Strict-Transport-Security: "max-age=31556926; > includeSubDomains"; > proxy_redirect off; > > location ~* ^/assets { > expires max; > add_header Cache-Control public; > break; > } > > location ~* ^/admin { > auth_basic "Restricted"; > auth_basic_user_file /etc/nginx/htpasswd; > proxy_pass http://unicorn; > } > > location ~* ^/dashboard_api { > auth_basic "Restricted"; > auth_basic_user_file /etc/nginx/htpasswd; > proxy_pass http://unicorn; > } > > location / { > try_files $uri/index.html $uri.html $uri @app; > } > > location ~ /blog { > alias /app/blog/current/; > } > > location @app { > auth_basic off; > proxy_pass http://unicorn; > } > > # Turn on maintenance mode if the maintenance template exists > if (-f $document_root/system/maintenance.html) { > return 503; > } > > error_page 503 @maintenance; > location @maintenance { > rewrite ^(.*)$ /system/maintenance.html last; > break; > } > } > > I'm talking about /blog location here. Basically, the location of the blog > files (those are just STATIC HTML files) is not in /app/current/public but > in /app/blog/current. The problem I'm having is that every time the user > tries to access the blog via the following URL: http://example.com/blog , > the request fails and user is redirected to http://example.com:4430/blog/. > However when the user adds a trailing slash ie when he accesses > http://example.com/blog/ , all works as expected. The same thing happens > with every blog post it http://example.com/blog/post1 fails, > http://example.com/blog/post1/ succeeds. I'm trying to figure out how to > configure nginx so that the trailing slashes are added and the requests > without them will stop failing. Also I'd like to know why is the above > redirect to exmple.com:4430 happening ?? ;) > > Any help would be greatly appreciates! > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,234131,234131#msg-234131 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Tue Dec 18 12:01:09 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 18 Dec 2012 16:01:09 +0400 Subject: Accessing custom upstream proxy header In-Reply-To: <3af9d5b7cc86d97d82b2896f6f57f920.NginxMailingListEnglish@forum.nginx.org> References: <3af9d5b7cc86d97d82b2896f6f57f920.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121218120109.GP40452@mdounin.ru> Hello! On Mon, Dec 17, 2012 at 03:05:51PM -0500, preinde wrote: > Good morning, > > Using ngx_http_request_t, how can I access a custom upstream header within a > module, for example: > > r->upstream->headers_in->xxx_my_header->value > > No matter what I try, it doesn't appear to be working Obviously enough the r->upstream->headers_in structure won't contain any specific members for your custom header unless you patch nginx. If you want to search for a custom header within a module, you have to iterate though &r->upstream->headers_in.headers list. See e.g. ngx_http_upstream_header_variable() and ngx_http_variable_unknown_header(), used to implement $upstream_http_* variables. -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Tue Dec 18 12:53:24 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 18 Dec 2012 16:53:24 +0400 Subject: Trouble compiling nginx on AIX 5.3 In-Reply-To: References: Message-ID: <20121218125323.GS40452@mdounin.ru> Hello! On Mon, Dec 17, 2012 at 10:13:29PM -0500, Earle Ake wrote: > I am having issues getting nginx v1.2.6 compiled on AIX 5.3. This is > the first time I have tried on AIX. I am using the configure line: > > ./configure --without-http_rewrite_module --without-http_gzip_module > --with-http_ssl_module --with-zlib=/usr/lib/ > > It gets so far in compiling then stops at this error: > > gcc -c -pipe -O -W -Wall -Wpointer-arith > -Wno-unused-parameter -Werror -g -I src/core -I src/event -I > src/event/modules -I src/os/unix -I objs -o > objs/src/os/unix/ngx_process.o src/os/unix/ngx_process.c > src/os/unix/ngx_process.c: In function `ngx_process_get_status': > src/os/unix/ngx_process.c:510: warning: signed and unsigned type in > conditional expression > src/os/unix/ngx_process.c:517: warning: signed and unsigned type in > conditional expression > src/os/unix/ngx_process.c:523: warning: signed and unsigned type in > conditional expression > src/os/unix/ngx_process.c:528: warning: signed and unsigned type in > conditional expression > src/os/unix/ngx_process.c:529: warning: signed and unsigned type in > conditional expression > make: 1254-004 The error code from the last command is 1. > > > Stop. > make: 1254-004 The error code from the last command is 2. > > > Stop. > > > I also tried V1.2.4 and got the same results but a slightly different > line number. Any help? Line numbers suggests there is a problem with system headers and your compiler - it complains about macros like WTERMSIG(). If you are brave enough to assume these warnings are harmless, you may tro using ./configure --with-cc-opt="-Wno-error" to compile nginx despite of the warnings. -- Maxim Dounin http://nginx.com/support.html From haroldsinclair at gmail.com Tue Dec 18 14:11:30 2012 From: haroldsinclair at gmail.com (Harold Sinclair) Date: Tue, 18 Dec 2012 09:11:30 -0500 Subject: List of all request headers in perl? In-Reply-To: <50CFE7A1.4030009@westbrook.com> References: <50CFE7A1.4030009@westbrook.com> Message-ID: You're right the Nginx modules on CPAN are not related. Sorry I don't have a setup in front of me but isn't $r->args some data structure that may contain the request headers? Can you iterate thru it or incorporate Data::Dumper to see what it contains? Check the source code of the embedded perl module to see what is implemented? On Mon, Dec 17, 2012 at 10:48 PM, E. Westbrook wrote: > I'm very confused... there's not an "$r" to be seen at that link. > Perhaps I asked the original question poorly, or in the wrong place? > > Thanks again, > Eric > > On Mon, Dec 17, 2012 at 7:38 PM, Bob S. wrote: > > This may help: > > View HTTP Request and Response Header > > On Mon, Dec 17, 2012 at 5:29 PM, E. Westbrook wrote: > > Hi! > > I'm new to the list; so please accept my apologies and do kindly correct > me if I've missed something in my research, or if I'm not complying with > any particular social custom or etiquette on this list. > > I'm using nginx's integrated perl support, and all is going well so far, > but I'm missing one critical thing right now: a way to get a list of all > of the request headers. > > I can certainly use $r->header_in() to obtain any given specific header, > which works well if I know the header in advance -- but in my case I need > to iterate all of the incoming request headers, even (especially, actually) > headers whose presence I would not have anticipated. > > I do see some references to Nginx modules on CPAN, and in at least one of > those, a $r->headers_in() method... but those modules are not the same > animal as the built-in "nginx" module, are they. > > Please help! > > Thanks, > Eric > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From earle.ake at gmail.com Tue Dec 18 14:39:46 2012 From: earle.ake at gmail.com (Earle Ake) Date: Tue, 18 Dec 2012 09:39:46 -0500 Subject: Trouble compiling nginx on AIX 5.3 In-Reply-To: <20121218125323.GS40452@mdounin.ru> References: <20121218125323.GS40452@mdounin.ru> Message-ID: It now compiles. Can't help the OS as that is what we are given. Will see if it ow runs. Thanks! -Earle On Tue, Dec 18, 2012 at 7:53 AM, Maxim Dounin wrote: > Hello! > > On Mon, Dec 17, 2012 at 10:13:29PM -0500, Earle Ake wrote: > > > I am having issues getting nginx v1.2.6 compiled on AIX 5.3. This is > > the first time I have tried on AIX. I am using the configure line: > > > > ./configure --without-http_rewrite_module --without-http_gzip_module > > --with-http_ssl_module --with-zlib=/usr/lib/ > > > > It gets so far in compiling then stops at this error: > > > > gcc -c -pipe -O -W -Wall -Wpointer-arith > > -Wno-unused-parameter -Werror -g -I src/core -I src/event -I > > src/event/modules -I src/os/unix -I objs -o > > objs/src/os/unix/ngx_process.o src/os/unix/ngx_process.c > > src/os/unix/ngx_process.c: In function `ngx_process_get_status': > > src/os/unix/ngx_process.c:510: warning: signed and unsigned type in > > conditional expression > > src/os/unix/ngx_process.c:517: warning: signed and unsigned type in > > conditional expression > > src/os/unix/ngx_process.c:523: warning: signed and unsigned type in > > conditional expression > > src/os/unix/ngx_process.c:528: warning: signed and unsigned type in > > conditional expression > > src/os/unix/ngx_process.c:529: warning: signed and unsigned type in > > conditional expression > > make: 1254-004 The error code from the last command is 1. > > > > > > Stop. > > make: 1254-004 The error code from the last command is 2. > > > > > > Stop. > > > > > > I also tried V1.2.4 and got the same results but a slightly different > > line number. Any help? > > Line numbers suggests there is a problem with system headers and > your compiler - it complains about macros like WTERMSIG(). If you > are brave enough to assume these warnings are harmless, you may > tro using > > ./configure --with-cc-opt="-Wno-error" > > to compile nginx despite of the warnings. > > -- > Maxim Dounin > http://nginx.com/support.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Dec 18 15:24:59 2012 From: nginx-forum at nginx.us (gadh) Date: Tue, 18 Dec 2012 10:24:59 -0500 Subject: strange nginx hang after ~18600 requests Message-ID: I'm developing a module that uses a handler module and header+body filter module at my handler phase (registered in the nginx rewrite phase) i stop the request (return NGX_OK), then issue a subrequest to another server, get the result back (hook function), then continue to the header+body filter, change the headers + body and calls the next filters accordingly. also, the subrequest runs thru a proxy , here's the relevant conf lines: ---------------------------------- (general:) keepalive_timeout 65; gzip on; proxy_http_version 1.1; worker_connections 1024; location / { // this location is where the ab tries to get (see below the ab test) include proxy_pass http://server } location /def1 { // this is the subrequest uri proxy_buffers 8 128k; proxy_buffer_size 128k; proxy_busy_buffers_size 128k; proxy_pass http://server2/page.php // another nginx runs fastcgi } ------------------------------------------ all works fine, untill i run an "ab" test against my nginx (10/12 workers) that runs on a multi-core, heavy duty linux server, and here's my ab line: ab -c 50 -n 20000 http://...myserver... the actual rate is ~1000 requests per second, very high... but almost exactly after 18500-18600 reuests (that ran smoothly without any errors, debug level INFO with printouts of my own) - the nginx hangs - not stuck - since i see in debug level "debug" its epoll loop runing ok, but not recv nor proceesing any other requests although they continue to come from my ab test any suggestions please ? thanks Gad Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234161,234161#msg-234161 From nginx-forum at nginx.us Tue Dec 18 15:26:41 2012 From: nginx-forum at nginx.us (gadh) Date: Tue, 18 Dec 2012 10:26:41 -0500 Subject: strange nginx hang after ~18600 requests In-Reply-To: References: Message-ID: <577932cc0246a878909321be27ac718e.NginxMailingListEnglish@forum.nginx.org> addon: the stuck occurs right after the last (~18600) subrequet has been sent to the server def1) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234161,234162#msg-234162 From mdounin at mdounin.ru Tue Dec 18 15:44:58 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 18 Dec 2012 19:44:58 +0400 Subject: strange nginx hang after ~18600 requests In-Reply-To: References: Message-ID: <20121218154458.GC40452@mdounin.ru> Hello! On Tue, Dec 18, 2012 at 10:24:59AM -0500, gadh wrote: > I'm developing a module that uses a handler module and header+body filter > module > at my handler phase (registered in the nginx rewrite phase) i stop the > request (return NGX_OK), then issue a subrequest to another server, get the > result back (hook function), then continue to the header+body filter, change > the headers + body and calls the next filters accordingly. > also, the subrequest runs thru a proxy , here's the relevant conf lines: [...] > but almost exactly after 18500-18600 reuests (that ran smoothly without any > errors, debug level INFO with printouts of my own) - the nginx hangs - not > stuck - since i see in debug level "debug" its epoll loop runing ok, but not > recv nor proceesing any other requests although they continue to come from > my ab test > > any suggestions please ? Most likely your module causes some resouce leak, which later results in a hang. Hard to say more without seeing the code which causes the problem. -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Tue Dec 18 15:54:33 2012 From: nginx-forum at nginx.us (gadh) Date: Tue, 18 Dec 2012 10:54:33 -0500 Subject: strange nginx hang after ~18600 requests In-Reply-To: <20121218154458.GC40452@mdounin.ru> References: <20121218154458.GC40452@mdounin.ru> Message-ID: thanks for the fast reply, Maxim the code is complicated and i cannot send it all. more info: when i set the proxy_connect_timeout from default 60s to 2s (the upstream server is close enough) , i could see that in the hang state, all workers were waiting for an answer from the upstream server (thru the proxy) and after that the nginx hanged (so lack of resources also occurs after the timeout) any suggestions ? tnx Gad Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234161,234166#msg-234166 From nginx-forum at nginx.us Tue Dec 18 16:32:32 2012 From: nginx-forum at nginx.us (gadh) Date: Tue, 18 Dec 2012 11:32:32 -0500 Subject: strange nginx hang after ~18600 requests In-Reply-To: <20121218154458.GC40452@mdounin.ru> References: <20121218154458.GC40452@mdounin.ru> Message-ID: hi maxim since i cannot send you my code for now, could you point me to the reason/s to the lack of resources, so i can search for a solution ? can you suggest on a monitoring/debug tool that can help ? (valgrind could not find any specific problem rather than the regular notes on the nginx core code, which BTW i suggest to monitor) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234161,234168#msg-234168 From mdounin at mdounin.ru Tue Dec 18 16:51:28 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 18 Dec 2012 20:51:28 +0400 Subject: strange nginx hang after ~18600 requests In-Reply-To: References: <20121218154458.GC40452@mdounin.ru> Message-ID: <20121218165128.GJ40452@mdounin.ru> Hello! On Tue, Dec 18, 2012 at 11:32:32AM -0500, gadh wrote: > hi maxim > since i cannot send you my code for now, could you point me to the reason/s > to the lack of resources, so i can search for a solution ? can you suggest > on a monitoring/debug tool that can help ? I would recommend the following, in no particular order: - Try looking at various trivial things like open files/sockets counters, nginx stub status output and so on. - Try looking though debug log of a single request execution, and making sure you understand what goes on, there are no unexpected things and the request is properly finalized. - Try producing a reduced test case which is as simple as possible in contrast to your original code, but is enough to reproduce the problem. -- Maxim Dounin http://nginx.com/support.html From nginx at westbrook.com Tue Dec 18 17:03:07 2012 From: nginx at westbrook.com (E. Westbrook) Date: Tue, 18 Dec 2012 10:03:07 -0700 Subject: List of all request headers in perl? In-Reply-To: <50CFE7A1.4030009@westbrook.com> References: <50CFE7A1.4030009@westbrook.com> Message-ID: <50D0A1CB.4090400@westbrook.com> Thanks for the thought! Unfortunately, I don't think that helps. The $r-args() function seems to only return data from the GET-style query parameters (if any). As for the source module (at least, the nginx.pm file), it seems to be just constants, declarations, definitions and such, but no actual code. I presume it's all in some kind of XS stuff, which I'm sure could be further dissected if needed. I suppose I might end up going that way if all else fails, in hopes it might reveal some clever API usage that would work. But that feels more to me like an effort would seem to be heading in the direction of developing a patch -- which might be great (for someone other than me, too) -- but it also might represent a level of development and maintenance effort far greater than simply switching to a different (and lesser in some ways) implementation. Indeed, I'm hoping someone just knows of a way using the perl API just as it is, maybe just not thoroughly documented or easy to find. After all, I'm just trying to list the request's headers! Isn't that a pretty basic operation? Thanks again, Eric On Tue, Dec 18, 2012 at 7:11 AM, Harold Sinclair wrote: You're right the Nginx modules on CPAN are not related. Sorry I don't have a setup in front of me but isn't $r->args some data structure that may contain the request headers? Can you iterate thru it or incorporate Data::Dumper to see what it contains? Check the source code of the embedded perl module to see what is implemented? -------------- next part -------------- An HTML attachment was scrubbed... URL: From ian.hobson at ntlworld.com Tue Dec 18 18:46:37 2012 From: ian.hobson at ntlworld.com (Ian Hobson) Date: Tue, 18 Dec 2012 18:46:37 +0000 Subject: websockets In-Reply-To: <50CED7F3.2050709@nginx.com> References: <42F0954D-B768-45AE-A83A-8E3C6B511F6E@gmail.com> <50CED7F3.2050709@nginx.com> Message-ID: <50D0BA0D.5000101@ntlworld.com> On 17/12/2012 08:29, Maxim Konovalov wrote: > Hi Nick, > > On 12/16/12 11:58 AM, Nick Zavaritsky wrote: >> Hi! >> >> According to the roadmap at http://trac.nginx.org/nginx/roadmap, >> the support for websockets is planned for release in 2 month. Is >> there any preview code available yet? It would be nice to start >> playing with this feature early on. >> > The roadmap is correct but no such code available yet. Ping us > again in mid-January. > I want to use websockets also, and found http://yaoweibin.github.com/nginx_tcp_proxy_module/ which may provide web-sockets now. I have only got as far as compiling it into 1.2.6 - so no testing done yet. Regards Ian -- Ian Hobson 31 Sheerwater, Northampton NN3 5HU, Tel: 01604 513875 Preparing eBooks for Kindle and ePub formats to give the best reader experience. From kirpit at gmail.com Tue Dec 18 19:21:13 2012 From: kirpit at gmail.com (kirpit) Date: Tue, 18 Dec 2012 21:21:13 +0200 Subject: websockets In-Reply-To: <50D0BA0D.5000101@ntlworld.com> References: <42F0954D-B768-45AE-A83A-8E3C6B511F6E@gmail.com> <50CED7F3.2050709@nginx.com> <50D0BA0D.5000101@ntlworld.com> Message-ID: +1 for websocket waiting list.. On Tue, Dec 18, 2012 at 8:46 PM, Ian Hobson wrote: > On 17/12/2012 08:29, Maxim Konovalov wrote: > >> Hi Nick, >> >> On 12/16/12 11:58 AM, Nick Zavaritsky wrote: >> >>> Hi! >>> >>> According to the roadmap at http://trac.nginx.org/nginx/**roadmap >>> , >>> the support for websockets is planned for release in 2 month. Is >>> there any preview code available yet? It would be nice to start >>> playing with this feature early on. >>> >>> The roadmap is correct but no such code available yet. Ping us >> again in mid-January. >> >> I want to use websockets also, and found http://yaoweibin.github.com/** > nginx_tcp_proxy_module/which may provide web-sockets now. > > I have only got as far as compiling it into 1.2.6 - so no testing done yet. > > Regards > > Ian > > -- > Ian Hobson > 31 Sheerwater, Northampton NN3 5HU, > Tel: 01604 513875 > Preparing eBooks for Kindle and ePub formats to give the best reader > experience. > > ______________________________**_________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/**mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From aweber at comcast.net Tue Dec 18 19:33:06 2012 From: aweber at comcast.net (AJ Weber) Date: Tue, 18 Dec 2012 14:33:06 -0500 Subject: access_log to track failed logins Message-ID: <50D0C4F2.1010605@comcast.net> I have a login page that redirects (actually appends the parameter "?error=true" to the URL and lets the user try again). I was trying to re-define "access_log" with a full path and (for now) "combined" to a separate file in that location in hopes of tracking failed logins in a separate log. Originally, I had a regex nested location for the error redirect, then I took it out and put it in its own location. Nothing seems to work. This doesn't seem to work at all. An empty log gets created at startup, but nothing ever gets written there. Is it because the access logging is already done by the time the location is determined? How can I somehow log when someone accesses the "login" page with the "error=true" parameter on the URL? Thanks, AJ From francis at daoine.org Tue Dec 18 22:33:45 2012 From: francis at daoine.org (Francis Daly) Date: Tue, 18 Dec 2012 22:33:45 +0000 Subject: access_log to track failed logins In-Reply-To: <50D0C4F2.1010605@comcast.net> References: <50D0C4F2.1010605@comcast.net> Message-ID: <20121218223345.GX18139@craic.sysops.org> On Tue, Dec 18, 2012 at 02:33:06PM -0500, AJ Weber wrote: Hi there, > I have a login page that redirects (actually appends the parameter > "?error=true" to the URL and lets the user try again). > > I was trying to re-define "access_log" with a full path and (for now) > "combined" to a separate file in that location nginx chooses configuration based (primarily) on the "location", which is the local part of the request, excluding query string. So whatever location matches /my/login/page will also match /my/login/page?error=true. Does that explain why your initial attempts did not do what you expected? > This doesn't seem to work at all. An empty log gets created at startup, > but nothing ever gets written there. Is it because the access logging > is already done by the time the location is determined? No, the access logging is done in the context of whichever location the request finishes in. It doesn't appear in your error=true log, because a request like /my/login/page%3Ferror=true was not made. (As a test, make a request like that, and you should see it in the new file.) > How can I somehow log when someone accesses the "login" page with the > "error=true" parameter on the URL? Easiest? Log as normal, and post-process the access log. Something like tail -F logs/access.log | grep error=true >> logs/error=true.log may be close enough for a first pass. Or let the application do this logging. Otherwise, read http://nginx.org/r/access_log to see if that offers anything. Possibly logging to "logs/access.log-$arg_error", or to something that includes a variable set in a map based on $arg_error, would do what you want? But be aware of the constraints. Good luck, f -- Francis Daly francis at daoine.org From aweber at comcast.net Wed Dec 19 02:05:30 2012 From: aweber at comcast.net (AJ Weber) Date: Tue, 18 Dec 2012 21:05:30 -0500 Subject: access_log to track failed logins In-Reply-To: <20121218223345.GX18139@craic.sysops.org> References: <50D0C4F2.1010605@comcast.net> <20121218223345.GX18139@craic.sysops.org> Message-ID: <50D120EA.5020506@comcast.net> >> I have a login page that redirects (actually appends the parameter >> "?error=true" to the URL and lets the user try again). >> >> I was trying to re-define "access_log" with a full path and (for now) >> "combined" to a separate file in that location > nginx chooses configuration based (primarily) on the "location", which > is the local part of the request, excluding query string. > > So whatever location matches /my/login/page will also match > /my/login/page?error=true. > > Does that explain why your initial attempts did not do what you expected? No, unfortunately it doesn't. I copied the "GET" from the "usual" access log exactly. Thus, I know the call is being made, because it's being logged in the normal log, and I'm pretty sure I have the right location string, because I copied it right out of the log. Do I need to escape anything? I've tried = and ^~ matching and neither seems to catch it. >> This doesn't seem to work at all. An empty log gets created at startup, >> but nothing ever gets written there. Is it because the access logging >> is already done by the time the location is determined? > No, the access logging is done in the context of whichever location the > request finishes in. It doesn't appear in your error=true log, because > a request like /my/login/page%3Ferror=true was not made. > > (As a test, make a request like that, and you should see it in the > new file.) Yes, as I mentioned above, my requests DO get logged (always). They just don't go to the log I want them to. >> How can I somehow log when someone accesses the "login" page with the >> "error=true" parameter on the URL? >> From howachen at gmail.com Wed Dec 19 07:52:27 2012 From: howachen at gmail.com (howard chen) Date: Wed, 19 Dec 2012 15:52:27 +0800 Subject: Handling nginx's too many open files even I have the correct ulimit Message-ID: Hi, On ubuntu, I tried su - www-data ulimit -Hn >> 200000 ulimit -Sn >> 100000 The value seems be fine as I have worker_connections = 4000, and worker_processes = 4, so total is 16000, and still within the limit. But when my server become busy, I can find the error log contains the line entries "..(24: Too many open files),.." Any way to debug? Thanks.. -------------- next part -------------- An HTML attachment was scrubbed... URL: From igor at sysoev.ru Wed Dec 19 08:32:56 2012 From: igor at sysoev.ru (Igor Sysoev) Date: Wed, 19 Dec 2012 12:32:56 +0400 Subject: Handling nginx's too many open files even I have the correct ulimit In-Reply-To: References: Message-ID: <92107F49-29C6-43B0-B2D9-C743760744A4@sysoev.ru> On Dec 19, 2012, at 11:52 , howard chen wrote: > > Hi, > > On ubuntu, I tried > > su - www-data > ulimit -Hn > >> 200000 > ulimit -Sn > >> 100000 > > The value seems be fine as I have worker_connections = 4000, and worker_processes = 4, so total is 16000, and still within the limit. > > But when my server become busy, I can find the error log contains the line entries > > "..(24: Too many open files),.." > > Any way to debug? Thanks.. What does "cat /proc/sys/fs/file-max" ouuput ? -- Igor Sysoev http://nginx.com/support.html From nginx-forum at nginx.us Wed Dec 19 09:00:27 2012 From: nginx-forum at nginx.us (gadh) Date: Wed, 19 Dec 2012 04:00:27 -0500 Subject: strange nginx hang after ~18600 requests In-Reply-To: <20121218154458.GC40452@mdounin.ru> References: <20121218154458.GC40452@mdounin.ru> Message-ID: <2b23309882de4c4d06ce95b9d4e570ea.NginxMailingListEnglish@forum.nginx.org> if i want to send you a some source files, to which email to send ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234161,234193#msg-234193 From appa at perusio.net Wed Dec 19 09:11:30 2012 From: appa at perusio.net (Antonio P.P. Almeida) Date: Wed, 19 Dec 2012 10:11:30 +0100 Subject: access_log to track failed logins In-Reply-To: <50D0C4F2.1010605@comcast.net> References: <50D0C4F2.1010605@comcast.net> Message-ID: <07e7ba67e0288966ec7ba809a967ff40.squirrel@damiao.org> > I have a login page that redirects (actually appends the parameter > "?error=true" to the URL and lets the user try again). > > I was trying to re-define "access_log" with a full path and (for now) > "combined" to a separate file in that location in hopes of tracking > failed logins in a separate log. Originally, I had a regex nested > location for the error redirect, then I took it out and put it in its > own location. Nothing seems to work. > > This doesn't seem to work at all. An empty log gets created at startup, > but nothing ever gets written there. Is it because the access logging > is already done by the time the location is determined? > > How can I somehow log when someone accesses the "login" page with the > "error=true" parameter on the URL? Try at the http level: map $arg_error $log_error { default 0; true 1; } and at the server level: error_page 418 @log-error; if ($log_error) { return 418; } location @log-error { access_log my_special.log; } --appa From francis at daoine.org Wed Dec 19 09:12:35 2012 From: francis at daoine.org (Francis Daly) Date: Wed, 19 Dec 2012 09:12:35 +0000 Subject: access_log to track failed logins In-Reply-To: <50D120EA.5020506@comcast.net> References: <50D0C4F2.1010605@comcast.net> <20121218223345.GX18139@craic.sysops.org> <50D120EA.5020506@comcast.net> Message-ID: <20121219091235.GY18139@craic.sysops.org> On Tue, Dec 18, 2012 at 09:05:30PM -0500, AJ Weber wrote: Hi there, > >So whatever location matches /my/login/page will also match > >/my/login/page?error=true. > > > >Does that explain why your initial attempts did not do what you expected? > No, unfortunately it doesn't. I copied the "GET" from the "usual" > access log exactly. Thus, I know the call is being made, because it's > being logged in the normal log, and I'm pretty sure I have the right > location string, because I copied it right out of the log. For nginx location{} matching, /my/login/page and /my/login/page?error=true are exactly the same. It is not possible to have one matched by one location, and the other matched by another. (So you need something other than location{} matching to distinguish them.) f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Wed Dec 19 09:17:10 2012 From: nginx-forum at nginx.us (gadh) Date: Wed, 19 Dec 2012 04:17:10 -0500 Subject: strange nginx hang after ~18600 requests In-Reply-To: <20121218165128.GJ40452@mdounin.ru> References: <20121218165128.GJ40452@mdounin.ru> Message-ID: <93270d79866740f22b22725dc0ffcf3c.NginxMailingListEnglish@forum.nginx.org> could you tell me where i can find (in the nginx code ) the table size of the open sockets/connections ? maybe its related Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234161,234196#msg-234196 From mdounin at mdounin.ru Wed Dec 19 10:48:32 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 19 Dec 2012 14:48:32 +0400 Subject: strange nginx hang after ~18600 requests In-Reply-To: <2b23309882de4c4d06ce95b9d4e570ea.NginxMailingListEnglish@forum.nginx.org> References: <20121218154458.GC40452@mdounin.ru> <2b23309882de4c4d06ce95b9d4e570ea.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121219104832.GQ40452@mdounin.ru> Hello! On Wed, Dec 19, 2012 at 04:00:27AM -0500, gadh wrote: > if i want to send you a some source files, to which email to send ? If you want private communication, please consider commercial support options, see http://nginx.com/support.html for details. -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Wed Dec 19 12:09:03 2012 From: nginx-forum at nginx.us (Petertan2000) Date: Wed, 19 Dec 2012 07:09:03 -0500 Subject: Nginx Response Timing Range Message-ID: 1. To test the stability of my Nginx installation, I use a load generator on a static_30K.html page of 30KB. I added $response_time to my log file and generated 100 threads x 10 loops of static_30K.html My top show load of 0.01 2. I sorted the timings of the log file in a spreadsheet. There are 1,000 entries. timing range from 0.000 (600 entries) to max of 0.944 sec 3. The range is on the high side especially the Upper numbers consider my server is no load and it is only one static file 4. Can advise what I can focused to tune on Nginx and even OS 5. I am on the latest developer release on Nginx 1.3.9 running php5-fpm Mysql on Ubuntu Precise. My CPU is 4 core with 2GB RAM with FAST SSD 6. My Nginx Config are shown below. nginx.conf --------------------------- user www-data; worker_processes 2; worker_rlimit_nofile 10000; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; events { worker_connections 2048; } http { include /etc/nginx/mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 60; server_tokens off; gzip on; gzip_disable "msie6"; gzip_buffers 16 8k; gzip_comp_level 9; gzip_proxied any; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/default; } default --------------- log_format combined_withtime_format '$remote_addr $request_time $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; server { server_name XXXXXXX.org; rewrite ^/(.*) http://www.XXXXXXX.org/$1 permanent; } server { server_name www.XXXXXXX.org; access_log /var/log/nginx/access.log combined_withtime_format; error_log /var/log/nginx/error.log ; add_header 'X-UA-Compatible' 'IE=edge'; location ~ /\. { deny all; } location / { root /var/www; index index.html index.htm index.php; } } Many Thans Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234201,234201#msg-234201 From nginx-forum at nginx.us Wed Dec 19 18:25:32 2012 From: nginx-forum at nginx.us (hristoc) Date: Wed, 19 Dec 2012 13:25:32 -0500 Subject: How to bind nginx to ipv4 and ipv6 interface ? In-Reply-To: References: Message-ID: <715cd5447523521a1ce0da1e2265f9a5.NginxMailingListEnglish@forum.nginx.org> Any one ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233246,234206#msg-234206 From steve at greengecko.co.nz Wed Dec 19 18:31:03 2012 From: steve at greengecko.co.nz (Steve Holdoway) Date: Thu, 20 Dec 2012 07:31:03 +1300 Subject: How to bind nginx to ipv4 and ipv6 interface ? In-Reply-To: <715cd5447523521a1ce0da1e2265f9a5.NginxMailingListEnglish@forum.nginx.org> References: <715cd5447523521a1ce0da1e2265f9a5.NginxMailingListEnglish@forum.nginx.org> Message-ID: Multiple listen statements On 20/12/2012, at 7:25 AM, "hristoc" wrote: > Any one ? > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,233246,234206#msg-234206 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From igor at sysoev.ru Wed Dec 19 19:01:39 2012 From: igor at sysoev.ru (Igor Sysoev) Date: Wed, 19 Dec 2012 23:01:39 +0400 Subject: How to bind nginx to ipv4 and ipv6 interface ? In-Reply-To: References: Message-ID: <9D83022E-CD0E-4C5D-B817-199191F89AC1@sysoev.ru> On Nov 27, 2012, at 1:50 , hristoc wrote: > Hello, > any one can tell me what is wrong on my nginx 1.2.5 version compied with > ipv6 suppot ? I try to start nginx on both ipv4 and ipv6. I read on internet > if I put in my config file: listen [::]:80; is enought and nginx will bind > on both ipv4 and ipv6 interfaces or even if I compile nginx with ipv6 > support is enought and on listen 80; will bind to ip4 and ip6, but i receive > follow error: > > [emerg] 15728#0: bind() to [::]:80 failed (98: Address already in use > > > Any hints how to start nginx on both intefaces ? listen 80; listen [::]:80 ipv6only=on; -- Igor Sysoev http://nginx.com/support.html From ian.hobson at ntlworld.com Wed Dec 19 20:02:38 2012 From: ian.hobson at ntlworld.com (Ian Hobson) Date: Wed, 19 Dec 2012 20:02:38 +0000 Subject: websockets In-Reply-To: <42F0954D-B768-45AE-A83A-8E3C6B511F6E@gmail.com> References: <42F0954D-B768-45AE-A83A-8E3C6B511F6E@gmail.com> Message-ID: <50D21D5E.1040207@ntlworld.com> On 16/12/2012 07:58, Nick Zavaritsky wrote: > Hi! > > According to the roadmap at http://trac.nginx.org/nginx/roadmap, the support for websockets is planned for release in 2 month. Is there any preview code available yet? It would be nice to start playing with this feature early on. > > Since this is going to be used in my pet project the possible instability doesn't scare me much. > _______________________________________________ > Further information from my testing. It appears that using nginx-tcp-proxy-module can only handle websockets on a different port to http traffic. :( This is no use to me. Many of our potential users are commercial and lock down outgoing ports to 80 and 443 only. Does anyone connected with the development of the new software know if it will enable nginx to separate websocket and other traffic by domain name. I expected to use a sub-domain rather than location for connections that are to be upgraded to websockets. That will start things off properly - after that the link is the link, so the sub-domain is not relevant. (Or is my understanding of networking faulty?) thanks Ian From nginx-forum at nginx.us Wed Dec 19 23:32:33 2012 From: nginx-forum at nginx.us (abxccd) Date: Wed, 19 Dec 2012 18:32:33 -0500 Subject: Display/log value of document_root Message-ID: <8ff12bcb37c73e0a263d4a53a63ec4b0.NginxMailingListEnglish@forum.nginx.org> I am currently debugging a problem where PHP-FPM claims that there is "No input file specified", but the file clearly exists in that location. Is it possible to ask nginx to log the value or display the value of $document_root and $fastcgi_script_name to a file? Thanks :) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234213,234213#msg-234213 From nginx-forum at nginx.us Thu Dec 20 00:42:55 2012 From: nginx-forum at nginx.us (digitalpoint) Date: Wed, 19 Dec 2012 19:42:55 -0500 Subject: crypt_r() issue when viewing HTTP auth page Message-ID: When viewing a page that is HTTP auth password protected, we sometimes get an error 500 (internal server error), but 100% of the time, a browser reload of the page makes it work the second time around. The ngnix error log shows this: 2012/12/19 15:50:43 [crit] 28799#0: *6224 crypt_r() failed (2: No such file or directory), client: 108.199.xxx.xxx, server: dev.digitalpoint.com, request: "GET /admin.php HTTP/1.1", host: "dev.digitalpoint.com", referrer: "http://dev.digitalpoint.com/" It makes me wonder if maybe nginx worker processes can never read the auth_basic_user_file the first time it tries for some reason (but always can after that first try)? Like I mentioned, it will work properly 100% of the time on a browser reload. relevant part of nginx conf: location /admin.php { auth_basic Restricted; auth_basic_user_file /etc/nginx/.passwd; <...clipped...> } /etc/nginx/.passwd exists and I assume everything is okay with it since everything works as expected on browser reload. Anyone know how to fix this? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234214,234214#msg-234214 From howachen at gmail.com Thu Dec 20 03:30:52 2012 From: howachen at gmail.com (howard chen) Date: Thu, 20 Dec 2012 11:30:52 +0800 Subject: Handling nginx's too many open files even I have the correct ulimit In-Reply-To: <92107F49-29C6-43B0-B2D9-C743760744A4@sysoev.ru> References: <92107F49-29C6-43B0-B2D9-C743760744A4@sysoev.ru> Message-ID: On Wed, Dec 19, 2012 at 4:32 PM, Igor Sysoev wrote: > /proc/sys/fs/file-max cat /proc/sys/fs/file-max 394959 -------------- next part -------------- An HTML attachment was scrubbed... URL: From andrew at nginx.com Thu Dec 20 03:34:10 2012 From: andrew at nginx.com (Andrew Alexeev) Date: Thu, 20 Dec 2012 07:34:10 +0400 Subject: websockets In-Reply-To: <50D21D5E.1040207@ntlworld.com> References: <42F0954D-B768-45AE-A83A-8E3C6B511F6E@gmail.com> <50D21D5E.1040207@ntlworld.com> Message-ID: <843F1441-04F8-4AD6-B48A-A9C9F87213D5@nginx.com> On Dec 20, 2012, at 0:02, Ian Hobson wrote: > On 16/12/2012 07:58, Nick Zavaritsky wrote: >> Hi! >> >> According to the roadmap at http://trac.nginx.org/nginx/roadmap, the support for websockets is planned for release in 2 month. Is there any preview code available yet? It would be nice to start playing with this feature early on. >> >> Since this is going to be used in my pet project the possible instability doesn't scare me much. >> _______________________________________________ >> > Further information from my testing. It appears that using nginx-tcp-proxy-module can only handle websockets on a different port to http traffic. :( > > This is no use to me. Many of our potential users are commercial and lock down outgoing ports to 80 and 443 only. > > Does anyone connected with the development of the new software know if it will enable nginx to separate websocket and other traffic by domain name. Our implementation will be fully compatible with the existing proxy_pass semantics, including upstream server groups, load balancing etc. > I expected to use a sub-domain rather than location for connections that are to be upgraded to websockets. That should be ok. Btw, we still have one sponsorship seat vacant. Email to nginx-inquiries at nginx dot com if this something that might be interesting for you guys. > That will start things off properly - after that the link is the link, so the sub-domain is not relevant. (Or is my understanding of networking faulty?) > > thanks > > Ian > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From luky-37 at hotmail.com Thu Dec 20 08:29:17 2012 From: luky-37 at hotmail.com (Lukas Tribus) Date: Thu, 20 Dec 2012 09:29:17 +0100 Subject: How to bind nginx to ipv4 and ipv6 interface ? In-Reply-To: <9D83022E-CD0E-4C5D-B817-199191F89AC1@sysoev.ru> References: , <9D83022E-CD0E-4C5D-B817-199191F89AC1@sysoev.ru> Message-ID: > listen 80; > listen [::]:80 ipv6only=on; Remember that ipv6only is a socket option, and you can specify a socket option only once per address:port pair: > A listen directive can have several additional parameters specific to > socket-related system calls. They can be specified in any listen > directive, but only once for the given address:port pair. So your config needs to look this way, if you have multiple server statements in your config: > server { > listen 80; > listen [::]:80 ipv6only=on; > [...] > } > server { > listen 80; > listen [::]:80; > [...] > } > server { > listen 80; > listen [::]:80; > [...] > } From nginx-forum at nginx.us Thu Dec 20 09:11:32 2012 From: nginx-forum at nginx.us (sblack) Date: Thu, 20 Dec 2012 04:11:32 -0500 Subject: upstream sent unexpected FastCGI record: 3 while reading response header from upstream Message-ID: Recently,i have a problem about nginx_error : 22634269 upstream sent unexpected FastCGI record: 3 while reading response header from upstream, client: 223.204.194.89, server: kingslave.boyaagame.com, request: "POST xxx HTTP/1.1", upstream: "fastcgi://unix:/dev/shm/php-cgi.sock:", host: "xxx", referrer: "xxx is anyone have the same problem Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234235,234235#msg-234235 From vadim.lazovskiy at gmail.com Thu Dec 20 11:03:11 2012 From: vadim.lazovskiy at gmail.com (=?KOI8-R?B?98HEyc0g7MHaz9fTy8nK?=) Date: Thu, 20 Dec 2012 15:03:11 +0400 Subject: Display/log value of document_root In-Reply-To: <8ff12bcb37c73e0a263d4a53a63ec4b0.NginxMailingListEnglish@forum.nginx.org> References: <8ff12bcb37c73e0a263d4a53a63ec4b0.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello. Please, try: at "http" context: log_format debug_phpfpm '$remote_addr [$time_local] "$request" $status $document_root $fastcgi_script_name'; then: location ~ \.php$ { access_log /var/log/nginx/debug-fpm.log debug_phpfpm; fastcgi_pass ...; } 2012/12/20 abxccd > I am currently debugging a problem where PHP-FPM claims that there is "No > input file specified", but the file clearly exists in that location. > > Is it possible to ask nginx to log the value or display the value of > $document_root and $fastcgi_script_name to a file? > > Thanks :) > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,234213,234213#msg-234213 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Best Regards, Vadim Lazovskiy -------------- next part -------------- An HTML attachment was scrubbed... URL: From aweber at comcast.net Thu Dec 20 14:01:54 2012 From: aweber at comcast.net (AJ Weber) Date: Thu, 20 Dec 2012 09:01:54 -0500 Subject: access_log to track failed logins In-Reply-To: <07e7ba67e0288966ec7ba809a967ff40.squirrel@damiao.org> References: <50D0C4F2.1010605@comcast.net> <07e7ba67e0288966ec7ba809a967ff40.squirrel@damiao.org> Message-ID: <50D31A52.70808@comcast.net> This solution worked. Many thanks to you AND Francis for your replies to help. I always cringe when using the if-statement because of the "bad press" it's gotten in the past. I understand the push to use "location" wherever possible, but sometimes a well-placed, simple if-statement is exactly what's needed! Now the logging is working, and I wrote a (really just modified an existing) fail2ban "jail" to watch for IP's trying to hack the site. Nothing's foolproof, but every little bit helps! Thanks to all again, AJ On 12/19/2012 4:11 AM, Antonio P.P. Almeida wrote: >> I have a login page that redirects (actually appends the parameter >> "?error=true" to the URL and lets the user try again). >> >> I was trying to re-define "access_log" with a full path and (for now) >> "combined" to a separate file in that location in hopes of tracking >> failed logins in a separate log. Originally, I had a regex nested >> location for the error redirect, then I took it out and put it in its >> own location. Nothing seems to work. >> >> This doesn't seem to work at all. An empty log gets created at startup, >> but nothing ever gets written there. Is it because the access logging >> is already done by the time the location is determined? >> >> How can I somehow log when someone accesses the "login" page with the >> "error=true" parameter on the URL? > Try at the http level: > > map $arg_error $log_error { > default 0; > true 1; > } > > and at the server level: > > error_page 418 @log-error; > > if ($log_error) { > return 418; > } > > location @log-error { > access_log my_special.log; > } > > > --appa > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Thu Dec 20 17:11:43 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 20 Dec 2012 21:11:43 +0400 Subject: crypt_r() issue when viewing HTTP auth page In-Reply-To: References: Message-ID: <20121220171143.GF40452@mdounin.ru> Hello! On Wed, Dec 19, 2012 at 07:42:55PM -0500, digitalpoint wrote: > When viewing a page that is HTTP auth password protected, we sometimes get > an error 500 (internal server error), but 100% of the time, a browser reload > of the page makes it work the second time around. The ngnix error log shows > this: > > 2012/12/19 15:50:43 [crit] 28799#0: *6224 crypt_r() failed (2: No such file > or directory), client: 108.199.xxx.xxx, server: dev.digitalpoint.com, > request: "GET /admin.php HTTP/1.1", host: "dev.digitalpoint.com", referrer: > "http://dev.digitalpoint.com/" > > It makes me wonder if maybe nginx worker processes can never read the > auth_basic_user_file the first time it tries for some reason (but always can > after that first try)? Like I mentioned, it will work properly 100% of the > time on a browser reload. > > relevant part of nginx conf: > > location /admin.php { > auth_basic Restricted; > auth_basic_user_file /etc/nginx/.passwd; > <...clipped...> > } > > /etc/nginx/.passwd exists and I assume everything is okay with it since > everything works as expected on browser reload. > > Anyone know how to fix this? Try the following patch: --- a/src/os/unix/ngx_user.c +++ b/src/os/unix/ngx_user.c @@ -28,20 +28,15 @@ ngx_libc_crypt(ngx_pool_t *pool, u_char { char *value; size_t len; - ngx_err_t err; struct crypt_data cd; - ngx_set_errno(0); - cd.initialized = 0; /* work around the glibc bug */ cd.current_salt[0] = ~salt[0]; value = crypt_r((char *) key, (char *) salt, &cd); - err = ngx_errno; - - if (err == 0) { + if (value) { len = ngx_strlen(value) + 1; *encrypted = ngx_pnalloc(pool, len); @@ -49,9 +44,11 @@ ngx_libc_crypt(ngx_pool_t *pool, u_char ngx_memcpy(*encrypted, value, len); return NGX_OK; } + + return NGX_ERROR; } - ngx_log_error(NGX_LOG_CRIT, pool->log, err, "crypt_r() failed"); + ngx_log_error(NGX_LOG_CRIT, pool->log, ngx_errno, "crypt_r() failed"); return NGX_ERROR; } -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Thu Dec 20 19:05:38 2012 From: nginx-forum at nginx.us (technocoreai) Date: Thu, 20 Dec 2012 14:05:38 -0500 Subject: Response stalls with gzip and proxy Message-ID: <94434ad6cd7681e82fe93d65b3528600.NginxMailingListEnglish@forum.nginx.org> We've been experiencing a weird issue with nginx used as a gzipping proxy. One of our internal services doesn't support content-encoding and because it usually streams huge amounts of json data in response, we've decided to put it behind nginx. Unfortunately, about 5-10% of responses in this configuration seem to just stall with the TCP connection perfectly fine, but no data going anywhere. I've tried to diagnose the issue to check if it's a problem with our HTTP libraries, VPN or network, but it does look like nginx is the culprit: - The issue is reproducible with any HTTP client, including curl --compress. - Packet capture on the server that's hosting a client and the server that's hosting nginx show nothing interesting. There are no lost or corrupted packets; the client receives the last packet sent by nginx, ACKs it and then ACKs keepalives. If the client is killed, it and nginx exchange FIN/FIN-ACKs just fine. - Packet capture on the loopback interface, however, shows that nginx just stops reading data at some point (I see a ?full window? notice in wireshark and netstat shows an nginx worker sitting with a 512k-2M receive queue with an empty transmit queue). Some technical details (I've masked our internal host names): The server on which nginx is on is running a server build of Ubuntu; uname -a gives Linux 3.2.0-32-generic #51-Ubuntu SMP Wed Sep 26 21:33:09 UTC 2012 x86_64 x86_64 x86_64 GNU/Linux. This issue occurs on nginx from the Ubuntu repo (1.1.19-1ubuntu0.1) and Debian wheezy repo (1.2.1-2.2). nginx -V output: nginx version: nginx/1.2.1 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --with-pcre-jit --with-debug --with-http_addition_module --with-http_dav_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_realip_module --with-http_stub_status_module --with-http_ssl_module --with-http_sub_module --with-http_xslt_module --with-ipv6 --with-sha1=/usr/include/openssl --with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-auth-pam --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-echo --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-upstream-fair --add-module=/tmp/buildd/nginx-1.2.1/debian/modules/nginx-dav-ext-module Basic nginx config is unchanged from Ubuntu-provided defaults; the server section looks like this: server { gzip on; gzip_proxied any; gzip_types application/json; listen 80 default; server_name ; access_log /var/log/nginx/-access.log; location / { proxy_pass http://127.0.0.1:8083; proxy_buffering off; } } You can see the nginx debug log here: http://pastebin.com/qDis2RS4 (I've masked the request URL but it's otherwise unchanged); it ends about 1 second after the response stall. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234275,234275#msg-234275 From nginx-forum at nginx.us Thu Dec 20 19:34:22 2012 From: nginx-forum at nginx.us (digitalpoint) Date: Thu, 20 Dec 2012 14:34:22 -0500 Subject: crypt_r() issue when viewing HTTP auth page In-Reply-To: <20121220171143.GF40452@mdounin.ru> References: <20121220171143.GF40452@mdounin.ru> Message-ID: <4d0597efd7257c9f6719d4ac2baf36f4.NginxMailingListEnglish@forum.nginx.org> Thanks... that patch seems to have fixed it. I haven't done exhaustive testing, but if the crypt_r()/internal server errors pop up again, I'll post back here. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234214,234277#msg-234277 From bill.culp at me.com Thu Dec 20 20:41:26 2012 From: bill.culp at me.com (Bill Culp) Date: Thu, 20 Dec 2012 12:41:26 -0800 Subject: NGINX not binding to localhost:80 only 127.0.0.1:80 Message-ID: <5FD9FBB6-4031-47AE-93F2-65D19D925030@me.com> Ive had this issue with tomcat apache in the past and always fixed it by specifying localhost as part of the listen directive - not working with NGINX on OS X. NGINX is responding to 127.0.0.1 - but localhost it just drops the connection (its not refusing the connection, just dropping it)? Is there a way to fix this I have tried listen *:80, listen localhost:80 and still I cant reach it through the browser using localhost. localhost is resolvable with ping and has its entry in the hosts file. From contact at jpluscplusm.com Thu Dec 20 21:10:57 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Thu, 20 Dec 2012 21:10:57 +0000 Subject: NGINX not binding to localhost:80 only 127.0.0.1:80 In-Reply-To: <5FD9FBB6-4031-47AE-93F2-65D19D925030@me.com> References: <5FD9FBB6-4031-47AE-93F2-65D19D925030@me.com> Message-ID: On 20 December 2012 20:41, Bill Culp wrote: > Ive had this issue with tomcat apache in the past and always fixed it by specifying localhost as part of the listen directive - not working with NGINX on OS X. > > NGINX is responding to 127.0.0.1 - but localhost it just drops the connection (its not refusing the connection, just dropping it)? > > Is there a way to fix this I have tried listen *:80, listen localhost:80 and still I cant reach it through the browser using localhost. > > localhost is resolvable with ping and has its entry in the hosts file. Posting your configuration would probably help people diagnose your issue more easily ... Jonathan From bill.culp at me.com Thu Dec 20 21:14:44 2012 From: bill.culp at me.com (Bill Culp) Date: Thu, 20 Dec 2012 13:14:44 -0800 Subject: NGINX not binding to localhost:80 only 127.0.0.1:80 In-Reply-To: References: <5FD9FBB6-4031-47AE-93F2-65D19D925030@me.com> Message-ID: lsof says NGINX is listening on localhost nginx 3315 root 8u IPv4 0xfd9b22b8ee1eac23 0t0 TCP localhost:http (LISTEN) When I run another web server on that port localhost works fine but not with this NGINX config. #user nobody; worker_processes 1; #error_log logs/error.log; #error_log logs/error.log notice; error_log var/log/nginx/error.log info; pid var/log/nginx/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; ####################################### # Perl ImageMagick Resize #perl_modules perl/lib; #perl_require resize.pm; #server { # location / { # root /var/www; # if (!-f $request_filename) { # rewrite ^(.*)(.jpg|.JPG|.gif|.GIF|.png|.PNG)$ /resize$1$2 last; # } # } # location /resize { # perl resize::handler; # } #} ################################ End Perl Image Resize log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log var/log/nginx/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; #gzip on; server { listen localhost:80; server_name localhost; #charset koi8-r; access_log var/log/nginx/host.access.log main; location / { root share/nginx/html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root share/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root share/nginx/html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } # another virtual host using mix of IP-, name-, and port-based configuration # #server { # listen 8000; # listen somename:8080; # server_name somename alias another.alias; # location / { # root share/nginx/html; # index index.html index.htm; # } #} # HTTPS server # #server { # listen 443; # server_name localhost; # ssl on; # ssl_certificate cert.pem; # ssl_certificate_key cert.key; # ssl_session_timeout 5m; # ssl_protocols SSLv2 SSLv3 TLSv1; # ssl_ciphers HIGH:!aNULL:!MD5; # ssl_prefer_server_ciphers on; # location / { # root share/nginx/html; # index index.html index.htm; # } #} } On Dec 20, 2012, at 1:10 PM, Jonathan Matthews wrote: > On 20 December 2012 20:41, Bill Culp wrote: >> Ive had this issue with tomcat apache in the past and always fixed it by specifying localhost as part of the listen directive - not working with NGINX on OS X. >> >> NGINX is responding to 127.0.0.1 - but localhost it just drops the connection (its not refusing the connection, just dropping it)? >> >> Is there a way to fix this I have tried listen *:80, listen localhost:80 and still I cant reach it through the browser using localhost. >> >> localhost is resolvable with ping and has its entry in the hosts file. > > Posting your configuration would probably help people diagnose your > issue more easily ... > > Jonathan > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Thu Dec 20 22:27:11 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 21 Dec 2012 02:27:11 +0400 Subject: NGINX not binding to localhost:80 only 127.0.0.1:80 In-Reply-To: <5FD9FBB6-4031-47AE-93F2-65D19D925030@me.com> References: <5FD9FBB6-4031-47AE-93F2-65D19D925030@me.com> Message-ID: <20121220222711.GK40452@mdounin.ru> Hello! On Thu, Dec 20, 2012 at 12:41:26PM -0800, Bill Culp wrote: > Ive had this issue with tomcat apache in the past and always > fixed it by specifying localhost as part of the listen directive > - not working with NGINX on OS X. > > NGINX is responding to 127.0.0.1 - but localhost it just drops > the connection (its not refusing the connection, just dropping > it)? > > Is there a way to fix this I have tried listen *:80, listen > localhost:80 and still I cant reach it through the browser > using localhost. > > localhost is resolvable with ping and has its entry in the hosts > file. As of now listen localhost:80; will only listen on first ipv4 address resolved from the localhost name. If you want nginx to listen on all ip addresses (likely ipv4 127.0.0.1 and ipv6 ::1 in your case), you have to list them explicitly, like this: listen 127.0.0.1:80; listen [::1]:80; Or listen on both ipv4 and ipv6 wildcard addresses, like this: listen *:80; listen [::]:80; Note well that to work with ipv6 addresses you need nginx compiled with ipv6 support. -- Maxim Dounin http://nginx.com/support.html From bill.culp at me.com Fri Dec 21 01:07:26 2012 From: bill.culp at me.com (Bill Culp) Date: Thu, 20 Dec 2012 17:07:26 -0800 Subject: NGINX not binding to localhost:80 only 127.0.0.1:80 In-Reply-To: <20121220222711.GK40452@mdounin.ru> References: <5FD9FBB6-4031-47AE-93F2-65D19D925030@me.com> <20121220222711.GK40452@mdounin.ru> Message-ID: <65A47B4B-94D3-4B2B-BBD7-ED2296075774@me.com> Maxim, I used the listen localhost:80; listen [::]:80; And now the server responds to localhost. Not sure why this would be happening unless nginx was binding to v6 rather than v4 either way its nice to have that annoyance gone. Thanks! On Dec 20, 2012, at 2:27 PM, Maxim Dounin wrote: > Hello! > > On Thu, Dec 20, 2012 at 12:41:26PM -0800, Bill Culp wrote: > >> Ive had this issue with tomcat apache in the past and always >> fixed it by specifying localhost as part of the listen directive >> - not working with NGINX on OS X. >> >> NGINX is responding to 127.0.0.1 - but localhost it just drops >> the connection (its not refusing the connection, just dropping >> it)? >> >> Is there a way to fix this I have tried listen *:80, listen >> localhost:80 and still I cant reach it through the browser >> using localhost. >> >> localhost is resolvable with ping and has its entry in the hosts >> file. > > As of now > > listen localhost:80; > > will only listen on first ipv4 address resolved from the localhost > name. If you want nginx to listen on all ip addresses (likely > ipv4 127.0.0.1 and ipv6 ::1 in your case), you have to list them > explicitly, like this: > > listen 127.0.0.1:80; > listen [::1]:80; > > Or listen on both ipv4 and ipv6 wildcard addresses, like this: > > listen *:80; > listen [::]:80; > > Note well that to work with ipv6 addresses you need nginx compiled > with ipv6 support. > > -- > Maxim Dounin > http://nginx.com/support.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Fri Dec 21 11:27:54 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 21 Dec 2012 15:27:54 +0400 Subject: NGINX not binding to localhost:80 only 127.0.0.1:80 In-Reply-To: <65A47B4B-94D3-4B2B-BBD7-ED2296075774@me.com> References: <5FD9FBB6-4031-47AE-93F2-65D19D925030@me.com> <20121220222711.GK40452@mdounin.ru> <65A47B4B-94D3-4B2B-BBD7-ED2296075774@me.com> Message-ID: <20121221112754.GS40452@mdounin.ru> Hello! On Thu, Dec 20, 2012 at 05:07:26PM -0800, Bill Culp wrote: > Maxim, > > I used the > > listen localhost:80; > listen [::]:80; > > And now the server responds to localhost. > > Not sure why this would be happening unless nginx was binding to v6 rather than v4 > either way its nice to have that annoyance gone. The problem is not that nginx binded to ipv6 - it instead binded to ipv4 only. But the tool you've used to connect to nginx only used ipv6 (or used ipv6 as first option, and didn't fallback to other addresses). > > Thanks! > On Dec 20, 2012, at 2:27 PM, Maxim Dounin wrote: > > > Hello! > > > > On Thu, Dec 20, 2012 at 12:41:26PM -0800, Bill Culp wrote: > > > >> Ive had this issue with tomcat apache in the past and always > >> fixed it by specifying localhost as part of the listen directive > >> - not working with NGINX on OS X. > >> > >> NGINX is responding to 127.0.0.1 - but localhost it just drops > >> the connection (its not refusing the connection, just dropping > >> it)? > >> > >> Is there a way to fix this I have tried listen *:80, listen > >> localhost:80 and still I cant reach it through the browser > >> using localhost. > >> > >> localhost is resolvable with ping and has its entry in the hosts > >> file. > > > > As of now > > > > listen localhost:80; > > > > will only listen on first ipv4 address resolved from the localhost > > name. If you want nginx to listen on all ip addresses (likely > > ipv4 127.0.0.1 and ipv6 ::1 in your case), you have to list them > > explicitly, like this: > > > > listen 127.0.0.1:80; > > listen [::1]:80; > > > > Or listen on both ipv4 and ipv6 wildcard addresses, like this: > > > > listen *:80; > > listen [::]:80; > > > > Note well that to work with ipv6 addresses you need nginx compiled > > with ipv6 support. > > > > -- > > Maxim Dounin > > http://nginx.com/support.html > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Fri Dec 21 16:05:54 2012 From: nginx-forum at nginx.us (Gulaholic) Date: Fri, 21 Dec 2012 11:05:54 -0500 Subject: nginx erroneously redirecting to https In-Reply-To: References: Message-ID: Hi, Sorry I reactivated old topic. I'm facing the same issue like you. My CMS base URL us set to HTTPS by default. With Apache the base URL is HTTP not HTTPS. I've been struggling for this several days. Please kindly help me. I'm using CMS Made Simple. Thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,231379,234310#msg-234310 From bill.culp at me.com Fri Dec 21 16:08:31 2012 From: bill.culp at me.com (Bill Culp) Date: Fri, 21 Dec 2012 08:08:31 -0800 Subject: NGINX not binding to localhost:80 only 127.0.0.1:80 In-Reply-To: <20121221112754.GS40452@mdounin.ru> References: <5FD9FBB6-4031-47AE-93F2-65D19D925030@me.com> <20121220222711.GK40452@mdounin.ru> <65A47B4B-94D3-4B2B-BBD7-ED2296075774@me.com> <20121221112754.GS40452@mdounin.ru> Message-ID: <220E010A-30F3-415A-B322-42E44DF44121@me.com> I suspected that could the case as well I just didn't think google chrome and safari would both exhibit that behavior and the other web servers I start on the sane port aren't even ipv6 aware Sent from my iPhone On Dec 21, 2012, at 3:27 AM, Maxim Dounin wrote: > Hello! > > On Thu, Dec 20, 2012 at 05:07:26PM -0800, Bill Culp wrote: > >> Maxim, >> >> I used the >> >> listen localhost:80; >> listen [::]:80; >> >> And now the server responds to localhost. >> >> Not sure why this would be happening unless nginx was binding to v6 rather than v4 >> either way its nice to have that annoyance gone. > > The problem is not that nginx binded to ipv6 - it instead binded > to ipv4 only. But the tool you've used to connect to nginx only > used ipv6 (or used ipv6 as first option, and didn't fallback to > other addresses). > >> >> Thanks! >> On Dec 20, 2012, at 2:27 PM, Maxim Dounin wrote: >> >>> Hello! >>> >>> On Thu, Dec 20, 2012 at 12:41:26PM -0800, Bill Culp wrote: >>> >>>> Ive had this issue with tomcat apache in the past and always >>>> fixed it by specifying localhost as part of the listen directive >>>> - not working with NGINX on OS X. >>>> >>>> NGINX is responding to 127.0.0.1 - but localhost it just drops >>>> the connection (its not refusing the connection, just dropping >>>> it)? >>>> >>>> Is there a way to fix this I have tried listen *:80, listen >>>> localhost:80 and still I cant reach it through the browser >>>> using localhost. >>>> >>>> localhost is resolvable with ping and has its entry in the hosts >>>> file. >>> >>> As of now >>> >>> listen localhost:80; >>> >>> will only listen on first ipv4 address resolved from the localhost >>> name. If you want nginx to listen on all ip addresses (likely >>> ipv4 127.0.0.1 and ipv6 ::1 in your case), you have to list them >>> explicitly, like this: >>> >>> listen 127.0.0.1:80; >>> listen [::1]:80; >>> >>> Or listen on both ipv4 and ipv6 wildcard addresses, like this: >>> >>> listen *:80; >>> listen [::]:80; >>> >>> Note well that to work with ipv6 addresses you need nginx compiled >>> with ipv6 support. >>> >>> -- >>> Maxim Dounin >>> http://nginx.com/support.html >>> >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > -- > Maxim Dounin > http://nginx.com/support.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From francis at daoine.org Fri Dec 21 19:20:41 2012 From: francis at daoine.org (Francis Daly) Date: Fri, 21 Dec 2012 19:20:41 +0000 Subject: nginx erroneously redirecting to https In-Reply-To: References: Message-ID: <20121221192041.GD18139@craic.sysops.org> On Fri, Dec 21, 2012 at 11:05:54AM -0500, Gulaholic wrote: Hi there, > My CMS base URL us set to HTTPS by default. With Apache the base URL is HTTP > not HTTPS. What is your nginx.conf, at least the location{} block that handles the request that does not act as you wish? What is the output of "curl -i" of that problem request? What output do you want to have for that request? > I've been struggling for this several days. There are possibly many parts involved. Answers to the above questions may give a hint as to what should be changed to make everything work as you wish. f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Sat Dec 22 07:05:26 2012 From: nginx-forum at nginx.us (surmountgery) Date: Sat, 22 Dec 2012 02:05:26 -0500 Subject: ED Hardy's bold and trend-setting ways Message-ID: Each [url=http://www.edhardy-fi.com/]ED Hardy[/url] piece of clothing is like a fabulous present that if given to anyone will surely make their eyes pop in surprise. Wearing one is definitely a pleasurable experience. We can see that from the faces of the proud owner of shirts and other products. They have proven that it's truly an excellent choice because of the brand's bold and trend-setting ways. The youth is their target market but they also sell to a lot of people from all ages and all walks of life. No one can ever be excluded from being fashionable. [url=http://www.edhardy-fi.com/]ED Hardy vaatteet netist?[/url]: There are a lot of good reasons why you should own one. First of all, it's not boring. They are designed with wonderful and colorful prints that are very unique. You will really find these clothes and accessories very hard to resist. But are you wondering who's the person behind the popular clothing brand that never runs of cool designs? If you are already curious to know who's responsible for all of these awesome works of art. Every design of [url=http://www.edhardy-fi.com/]ED Hardy vaatteet[/url] is considered to be a masterpiece for every person who buy them. What makes them different from the rest is the tattoo inspired design which became everybody's favorite. It has become a constant hit that other designers keep on copying and replicating his design but they will never compare to the original ones. Ed Hardy has been a tattoo artist for so many years. He is simply unstoppable when it comes to being creative in various ways. You can never count his achievements because he keeps on getting more up to this time. Indeed, he has made a strong and unbeatable empire when it comes to clothing industry. But do you also know that he doesn't only concentrate on tattoo? He also does prints on various surfaces, drawing and painting. Check out [url=http://www.edhardy-fi.com/]ED Hardy suomi[/url]. He truly deserves to be called as "the godfather of modern tattoo." No doubt a lot of tattoo enthusiasts adapt his ways. They simply wanted to adapt his style and way of thinking. There are also a few detractors who were unsuccessful in putting him down. But no one can ever stop him from doing what he does best. To him, the tattoo is not merely something that he puts on skin but it also conveys a deeper meaning that you can never read at first glance. Up to this day, Ed Hardy's strong influence never stops. In fact, he seems more inspired to be ahead of others. He is always towards the direction of growth and development and the product sales still continue to skyrocket. [url=http://www.edhardy-fi.com/]ED Hardy suomessa[/url] has always been the favorite and top choice of consumers who love fun designs. I know you would agree when I say that he is an ultimate designer like no other. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234322,234322#msg-234322 From nginx-forum at nginx.us Sat Dec 22 17:00:10 2012 From: nginx-forum at nginx.us (Gulaholic) Date: Sat, 22 Dec 2012 12:00:10 -0500 Subject: nginx erroneously redirecting to https In-Reply-To: <20121221192041.GD18139@craic.sysops.org> References: <20121221192041.GD18139@craic.sysops.org> Message-ID: <94ff118dad016636a8913de4473ae519.NginxMailingListEnglish@forum.nginx.org> Hi, Thank you for your response. Here is my Nginx conf: user www-data; pid /var/run/nginx.pid; events { multi_accept on; worker_connections 1024; } http { access_log off; default_type application/octet-stream; server_names_hash_bucket_size 64; server_tokens off; } server { listen 80; server_name domain.tld; access_log off; error_log /home/userdirectory/http/logs/beta.crunchy.tk.log; index index.html index.php; root /home/userdirectory/http/hosts/beta.crunchy.tk; } Here is the output of curl -i http://domain.tld: HTTP/1.1 302 Moved Temporarily Server: nginx Date: Sat, 22 Dec 2012 16:57:20 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Set-Cookie: CMSSESSIDddd38826=ce5tkr97o1gm2vj7kkumuevur5; path=/ Expires: Sat, 22 Dec 2012 19:57:20 GMT Cache-Control: public, max-age=10800 Last-Modified: Sat, 10 Nov 2012 16:14:56 GMT Location: https://domain.tld As you can see the location is using https already. What can you see from these information? Thank you Posted at Nginx Forum: http://forum.nginx.org/read.php?2,231379,234328#msg-234328 From edho at myconan.net Sat Dec 22 17:04:34 2012 From: edho at myconan.net (Edho Arief) Date: Sun, 23 Dec 2012 00:04:34 +0700 Subject: nginx erroneously redirecting to https In-Reply-To: <94ff118dad016636a8913de4473ae519.NginxMailingListEnglish@forum.nginx.org> References: <20121221192041.GD18139@craic.sysops.org> <94ff118dad016636a8913de4473ae519.NginxMailingListEnglish@forum.nginx.org> Message-ID: On Sun, Dec 23, 2012 at 12:00 AM, Gulaholic wrote: > Hi, > > Thank you for your response. > > Here is my Nginx conf: > user www-data; > pid /var/run/nginx.pid; > > events { > multi_accept on; > worker_connections 1024; > } > > http { > access_log off; > default_type application/octet-stream; > server_names_hash_bucket_size 64; > server_tokens off; > } > > > server { > listen 80; > server_name domain.tld; > access_log off; > error_log /home/userdirectory/http/logs/beta.crunchy.tk.log; > index index.html index.php; > root /home/userdirectory/http/hosts/beta.crunchy.tk; > } > > > Here is the output of curl -i http://domain.tld: > HTTP/1.1 302 Moved Temporarily > Server: nginx > Date: Sat, 22 Dec 2012 16:57:20 GMT > Content-Type: text/html > Transfer-Encoding: chunked > Connection: keep-alive > Set-Cookie: CMSSESSIDddd38826=ce5tkr97o1gm2vj7kkumuevur5; path=/ > Expires: Sat, 22 Dec 2012 19:57:20 GMT > Cache-Control: public, max-age=10800 > Last-Modified: Sat, 10 Nov 2012 16:14:56 GMT > Location: https://domain.tld > > As you can see the location is using https already. > > What can you see from these information? > Your php application caused this. You can trick it into thinking it's https by sending relevant headers or just check the application. And I think you cut too much information from your config. From vadim.lazovskiy at gmail.com Sat Dec 22 21:43:58 2012 From: vadim.lazovskiy at gmail.com (=?KOI8-R?B?98HEyc0g7MHaz9fTy8nK?=) Date: Sun, 23 Dec 2012 01:43:58 +0400 Subject: nginx erroneously redirecting to https In-Reply-To: <94ff118dad016636a8913de4473ae519.NginxMailingListEnglish@forum.nginx.org> References: <20121221192041.GD18139@craic.sysops.org> <94ff118dad016636a8913de4473ae519.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello. You may try: SetEnv HTTPS on SetEnv Port 443 somewhere in your httpd.conf, if you are using apache backend, or: fastcgi_param HTTPS $https if_not_empty; for fastcgi. 2012/12/22 Gulaholic > Hi, > > Thank you for your response. > > Here is my Nginx conf: > user www-data; > pid /var/run/nginx.pid; > > events { > multi_accept on; > worker_connections 1024; > } > > http { > access_log off; > default_type application/octet-stream; > server_names_hash_bucket_size 64; > server_tokens off; > } > > > server { > listen 80; > server_name domain.tld; > access_log off; > error_log /home/userdirectory/http/logs/beta.crunchy.tk.log; > index index.html index.php; > root /home/userdirectory/http/hosts/beta.crunchy.tk; > } > > > Here is the output of curl -i http://domain.tld: > HTTP/1.1 302 Moved Temporarily > Server: nginx > Date: Sat, 22 Dec 2012 16:57:20 GMT > Content-Type: text/html > Transfer-Encoding: chunked > Connection: keep-alive > Set-Cookie: CMSSESSIDddd38826=ce5tkr97o1gm2vj7kkumuevur5; path=/ > Expires: Sat, 22 Dec 2012 19:57:20 GMT > Cache-Control: public, max-age=10800 > Last-Modified: Sat, 10 Nov 2012 16:14:56 GMT > Location: https://domain.tld > > As you can see the location is using https already. > > What can you see from these information? > > Thank you > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,231379,234328#msg-234328 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Best Regards, Vadim Lazovskiy -------------- next part -------------- An HTML attachment was scrubbed... URL: From friedrich.locke at gmail.com Sat Dec 22 22:19:31 2012 From: friedrich.locke at gmail.com (Friedrich Locke) Date: Sat, 22 Dec 2012 20:19:31 -0200 Subject: high performance infra strutucre Message-ID: Hey, this is my first message to this mailing list. I am not, right now, using nginx, but i would like to do so. My intent is the following: I would like to build a farm of x web server. I would like to perform load balance among them. I need high performance and high availability for a set of 100k domains to hosted within this farm of web server. The requirement i was presented with is that a domain must be served by at least 3 server. I want to use nginx as web server; and could use nginx or varnish as reverse proxy, which ever would be a better approach. Some doubts arose : 0) Do i need to have the html/jpeg/php/* of a given domain replicated on each of the http server i want to serv that domain ? 1) What happens if a web client upload a file to that domain, it (the file) get saved in a http server and the next request of that web client to the domain goes to a second http server the upload file is not there ? 2) What about session? User authenticated session ? How does nginx manage such? A given server could have information about a session and the other server that serves the domain too is not aware about the session. Thanks a lot for your time and cooperation. Best regards. -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at jpluscplusm.com Sat Dec 22 23:27:31 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Sat, 22 Dec 2012 23:27:31 +0000 Subject: high performance infra strutucre In-Reply-To: References: Message-ID: On 22 December 2012 22:19, Friedrich Locke wrote: > Hey, > > this is my first message to this mailing list. I am not, right now, using > nginx, but i would like to do so. Good plan. It's a very flexible HTTP server and router. > My intent is the following: > > I would like to build a farm of x web server. I would like to perform load > balance among them. I need high performance and high availability for a set > of 100k domains to hosted within this farm of web server. The requirement i > was presented with is that a domain must be served by at least 3 server. That's very achievable. At mass-hosting volumes like these, you'll need to distinguish between static site hosting and dynamic application hosting. Doing the former at volume is (almost!) trivial using nginx; doing the latter will be more ... interesting. > I want to use nginx as web server; and could use nginx or varnish as reverse > proxy, which ever would be a better approach. If you mean a pure reverse proxy with responsibility other than HTTP routing, then nginx is very well suited to this. If you want to bring back-end health checks and HTTP caching into the mix as well, then I'd suggest supplementing nginx with Varnish (caching) and HAProxy (health checks). Whilst nginx can fulfil both these functions, I prefer those other two tools for various operational reasons. > Some doubts arose : > > 0) Do i need to have the html/jpeg/php/* of a given domain replicated on > each of the http server i want to serv that domain ? Generally yes, but you may wish to research network attached storage (NAS) and cluster filesystems for a common solution to this scaling problem. > 1) What happens if a web client upload a file to that domain, it (the file) > get saved in a http server and the next request of that web client to the > domain goes to a second http server the upload file is not there ? You don't mention if this is the site admin uploading files to the site, or user generated content (UGC) being provided by users In general, the former is something you'd need to solve in the same way you solved for your question #0, above. The latter is generally an application-level problem, which may well use the replication/etc strategies provided by the solution to #0, but really isn't obliged to. > 2) What about session? User authenticated session ? How does nginx manage > such? A given server could have information about a session and the other > server that serves the domain too is not aware about the session. You would normally solve this at the application or application framework layer. HTH, Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From friedrich.locke at gmail.com Sun Dec 23 01:09:25 2012 From: friedrich.locke at gmail.com (Friedrich Locke) Date: Sat, 22 Dec 2012 23:09:25 -0200 Subject: high performance infra strutucre In-Reply-To: References: Message-ID: Thanks Matthews for you reply. What cluster FS do you, or someone else, suggest for this farm of web server ? Does nginx support for mass hosting configuration? I would not like to set each of the 100k domain manually ! Thanks once more! PS: BTW, for the cluster FS, keep in mind i am running OpenBSD and cannot change the this OS. I must adapt myself to it. On Sat, Dec 22, 2012 at 9:27 PM, Jonathan Matthews wrote: > On 22 December 2012 22:19, Friedrich Locke > wrote: > > Hey, > > > > this is my first message to this mailing list. I am not, right now, using > > nginx, but i would like to do so. > > Good plan. It's a very flexible HTTP server and router. > > > My intent is the following: > > > > I would like to build a farm of x web server. I would like to perform > load > > balance among them. I need high performance and high availability for a > set > > of 100k domains to hosted within this farm of web server. The > requirement i > > was presented with is that a domain must be served by at least 3 server. > > That's very achievable. At mass-hosting volumes like these, you'll > need to distinguish between static site hosting and dynamic > application hosting. Doing the former at volume is (almost!) trivial > using nginx; doing the latter will be more ... interesting. > > > I want to use nginx as web server; and could use nginx or varnish as > reverse > > proxy, which ever would be a better approach. > > If you mean a pure reverse proxy with responsibility other than HTTP > routing, then nginx is very well suited to this. If you want to bring > back-end health checks and HTTP caching into the mix as well, then I'd > suggest supplementing nginx with Varnish (caching) and HAProxy (health > checks). Whilst nginx can fulfil both these functions, I prefer those > other two tools for various operational reasons. > > > Some doubts arose : > > > > 0) Do i need to have the html/jpeg/php/* of a given domain replicated on > > each of the http server i want to serv that domain ? > > Generally yes, but you may wish to research network attached storage > (NAS) and cluster filesystems for a common solution to this scaling > problem. > > > 1) What happens if a web client upload a file to that domain, it (the > file) > > get saved in a http server and the next request of that web client to the > > domain goes to a second http server the upload file is not there ? > > You don't mention if this is the site admin uploading files to the > site, or user generated content (UGC) being provided by users > > In general, the former is something you'd need to solve in the same > way you solved for your question #0, above. The latter is generally an > application-level problem, which may well use the replication/etc > strategies provided by the solution to #0, but really isn't obliged > to. > > > 2) What about session? User authenticated session ? How does nginx manage > > such? A given server could have information about a session and the other > > server that serves the domain too is not aware about the session. > > You would normally solve this at the application or application framework > layer. > > HTH, > Jonathan > -- > Jonathan Matthews // Oxford, London, UK > http://www.jpluscplusm.com/contact.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Sun Dec 23 11:09:57 2012 From: francis at daoine.org (Francis Daly) Date: Sun, 23 Dec 2012 11:09:57 +0000 Subject: nginx erroneously redirecting to https In-Reply-To: <94ff118dad016636a8913de4473ae519.NginxMailingListEnglish@forum.nginx.org> References: <20121221192041.GD18139@craic.sysops.org> <94ff118dad016636a8913de4473ae519.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121223110957.GE18139@craic.sysops.org> On Sat, Dec 22, 2012 at 12:00:10PM -0500, Gulaholic wrote: Hi there, > Here is my Nginx conf: This isn't complete, but there's nothing there that indicates that nginx is creating the https redirect. It looks like the application wants to use https for some requests, and you do not want to use https at all. The cleanest way to achieve that, once you understand that you are breaking the application's security model, is to configure the application never to use https. How to do that is a question for the application documentation, but something like setting config[root_url] and config[ssl_url] to the same string which starts http:// might be worth investigating. f -- Francis Daly francis at daoine.org From ola.cepinska at gmail.com Sun Dec 23 17:33:29 2012 From: ola.cepinska at gmail.com (=?ISO-8859-2?Q?Aleksandra_Cepi=F1ska?=) Date: Sun, 23 Dec 2012 18:33:29 +0100 Subject: Nginx key-drivers Message-ID: Hi! I with my group from university are describing Nginx in our project. We need to know what are your key-drivers. At the moment I found Performance, Security and Extensibility from your official Nginx inc. site. Please make me sure with that. Kind regards, Aleksandra Cepinska -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at jpluscplusm.com Sun Dec 23 19:12:13 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Sun, 23 Dec 2012 19:12:13 +0000 Subject: Nginx key-drivers In-Reply-To: References: Message-ID: On 23 December 2012 17:33, Aleksandra Cepi?ska wrote: > Hi! > > I with my group from university are describing Nginx in our project. > > We need to know what are your key-drivers. > At the moment I found Performance, Security and Extensibility from your > official Nginx inc. site. You appear to be asking people on this public and archived mailing list, publicly, to do your university homework for you. Are you sure you meant to do that? Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From nginx-forum at nginx.us Sun Dec 23 22:04:54 2012 From: nginx-forum at nginx.us (anyaservices) Date: Sun, 23 Dec 2012 17:04:54 -0500 Subject: newbie- How to use nginx as a load balancer Message-ID: Hello all, I have recently been introduced to nginx, hence pardon me if my questions sound silly to you :) (1) Kindly let me know how I can programmatically create/update/remove load balancers for use with apps in different languages like PHP/Java/Ruby/Python etc. So that I can deploy an app to a Cloud of my choice, and then create and configure a load balancer for use with the deployed app. (2) Also, how do I monitor the load balancer itself? (3) How do I assign a load balancer to a group of servers? (4) How do I add/remove a server that is one of the multiple servers running the web app (5) Am I correct in thinking that with ref to the web app that is being served by the load balancer-->I simply have to deploy that web app to multiple servers, and then configure the server running nginx to be the load balancer for all those servers? (6) Also, is the method/answer suggested by you applicable to any cloud of my choice? Can I use nginx (with the help of your answers to this thread) as a load balancer for any app/cloud? Thanks, Arvind. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234375,234375#msg-234375 From riklaunim at gmail.com Sun Dec 23 22:11:01 2012 From: riklaunim at gmail.com (=?ISO-8859-2?Q?piotr_mali=F1ski?=) Date: Sun, 23 Dec 2012 23:11:01 +0100 Subject: Nginx with SPDY + Django/Gunicorn Message-ID: Hi I'm trying to setup a test configuration of SPDY enabled Nxing with Django/Gunicorn on my localhost. My config looks like so: http://pastebin.com/xiQsYDCT SPDY is working when I use https and doesn't when I enter localhost via http (no SSL). How can I make it working for non-ssl connection? -------------- next part -------------- An HTML attachment was scrubbed... URL: From vbart at nginx.com Sun Dec 23 22:23:22 2012 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 24 Dec 2012 02:23:22 +0400 Subject: Nginx with SPDY + Django/Gunicorn In-Reply-To: References: Message-ID: <201212240223.22783.vbart@nginx.com> On Monday 24 December 2012 02:11:01 piotr mali?ski wrote: > Hi > > I'm trying to setup a test configuration of SPDY enabled Nxing with > Django/Gunicorn on my localhost. My config looks like so: > http://pastebin.com/xiQsYDCT > > SPDY is working when I use https and doesn't when I enter localhost via > http (no SSL). How can I make it working for non-ssl connection? SPDY works only over TLS. That's it. Currently it makes no sense to enable SPDY over plain TCP, except for protocol debugging purposes. wbr, Valentin V. Bartenev -- http://nginx.com/support.html http://nginx.org/en/donation.html From agentzh at gmail.com Mon Dec 24 00:15:20 2012 From: agentzh at gmail.com (agentzh) Date: Sun, 23 Dec 2012 16:15:20 -0800 Subject: [ANN] ngx_openresty stable version 1.2.4.14 released In-Reply-To: References: Message-ID: Hello, all I am happy to announce the new stable version of ngx_openresty, 1.2.4.14: http://openresty.org/#Download Special thanks go to all our contributors and users for helping make this happen! This is the last release in the 1.2.4.x series. The next release will be based on the Nginx 1.2.6 core (or later). Below is the complete change log for this release, as compared to the last (development) release, 1.2.4.13: * upgraded LuaNginxModule to 0.7.9. * bugfix: assignment to ngx.status would always be overridden by the later ngx.exit() calls for HTTP 1.0 requests if lua_http10_buffering is on (the default setting). thanks chenshu for reporting this issue. * bugfix: there was a typo in the error message when accessing an Nginx variable that has not been defined. * docs: documented the request body automatic inheritance behaviour in ngx.location.capture. * docs: fixed incorrect dates shown in the code samples for ngx.http_time and ngx.parse_http_time. thanks Gosuke Miyashita for the patch. * upgraded LuaRestyUploadLibrary to 0.05. * bugfix: unexpected runtime exceptions would be thrown when "resty.upload" met a in-part header field line or a terminating boundary line that was too long. this bug had appeared in LuaRestyUploadLibrary 0.04 and OpenResty 1.2.4.7. * bugfix: "resty.upload" could not parse "Content-Type" request header values like "boundary="simple boundary"", that is, with double quotes around the boundary value. * optimize: marked internal auxiliary functions as Lua "local" functions. The following components are bundled: * ~LuaJIT-2.0.0 * array-var-nginx-module-0.03rc1 * auth-request-nginx-module-0.2 * drizzle-nginx-module-0.1.4 * echo-nginx-module-0.41 * encrypted-session-nginx-module-0.02 * form-input-nginx-module-0.07rc5 * headers-more-nginx-module-0.19 * iconv-nginx-module-0.10rc7 * lua-5.1.5 * lua-cjson-1.0.3 * lua-rds-parser-0.05 * lua-redis-parser-0.10 * lua-resty-dns-0.09 * lua-resty-memcached-0.10 * lua-resty-mysql-0.12 * lua-resty-redis-0.15 * lua-resty-string-0.08 * lua-resty-upload-0.05 * memc-nginx-module-0.13rc3 * nginx-1.2.4 * ngx_coolkit-0.2rc1 * ngx_devel_kit-0.2.17 * ngx_lua-0.7.9 * ngx_postgres-1.0rc2 * rds-csv-nginx-module-0.05rc2 * rds-json-nginx-module-0.12rc10 * redis-nginx-module-0.3.6 * redis2-nginx-module-0.09 * set-misc-nginx-module-0.22rc8 * srcache-nginx-module-0.16 * xss-nginx-module-0.03rc9 The HTML version of the change log with some helpful hyper-links can be browsed here: http://openresty.org/#ChangeLog1002004 OpenResty (aka. ngx_openresty) is a full-fledged web application server by bundling the standard Nginx core, lots of 3rd-party Nginx modules and Lua libraries, as well as most of their external dependencies. See OpenResty's homepage for details: http://openresty.org/ We have been running extensive testing on our Amazon EC2 test cluster and ensure that all the components (including the Nginx core) play well together. The latest test report can always be found here: http://qa.openresty.org Have fun! -agentzh From howachen at gmail.com Mon Dec 24 10:01:11 2012 From: howachen at gmail.com (howard chen) Date: Mon, 24 Dec 2012 18:01:11 +0800 Subject: Rewrite all urls inside location block in nginx Message-ID: Hello, I have a config like location = /foo.xml { if ($scheme = https) { rewrite .* http://$http_host/foo.xml permanent; }} But as you can see, the file is already matched with the location block, it seems to me the regex rewrite is wasting the CPU cycle, are there any better way to do it? -------------- next part -------------- An HTML attachment was scrubbed... URL: From edho at myconan.net Mon Dec 24 10:02:44 2012 From: edho at myconan.net (Edho Arief) Date: Mon, 24 Dec 2012 17:02:44 +0700 Subject: Rewrite all urls inside location block in nginx In-Reply-To: References: Message-ID: On Mon, Dec 24, 2012 at 5:01 PM, howard chen wrote: > > Hello, > > I have a config like > location = /foo.xml { if ($scheme = https) { rewrite .* > http://$http_host/foo.xml permanent; } } > > But as you can see, the file is already matched with the location block, > it seems to me the regex rewrite is wasting the CPU cycle, are there any > better way to do it? > return 301 http://$http_host/foo.xml; From nginx-forum at nginx.us Mon Dec 24 15:28:06 2012 From: nginx-forum at nginx.us (kalpesh.patel@glgroup.com) Date: Mon, 24 Dec 2012 10:28:06 -0500 Subject: nginx log time stamps customization Message-ID: <3c713b8102eb5b145ad2fcc1c581ba28.NginxMailingListEnglish@forum.nginx.org> Hello NGINX Dev team: Hope you can help answer a simple question (I've gone through documentations and experimented with it and the answer seems no but hoping to get confimration from "the" authority on it). I need to customize the time stamp for logging access logs in certain ways. Looking at the log module, I see that the nginx offers only two pre-configured formats, namely the $time_local and $time_iso8601 formats. I was looking to avoid post-processing of the written logs by changing the log_format directive at the nginx level which would have met out needs. This would have also provided "built-in" log-rotation that we were looking to employ (given that file is opened and immediately closed) as well. If this is the case of not RTFM (namely http://wiki.nginx.org/HttpLogModule#log_format) then I apologies and hopefully I can be pointed to the propriate place(s). Thanks and have a Happy Holidays! Kalpesh... Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234391,234391#msg-234391 From nginx-forum at nginx.us Tue Dec 25 06:36:55 2012 From: nginx-forum at nginx.us (Wireless) Date: Tue, 25 Dec 2012 01:36:55 -0500 Subject: HttpUploadProgressModule + uwsgi Message-ID: <9a112bfa5b41c5ad589629dec0816c0d.NginxMailingListEnglish@forum.nginx.org> http://wiki.nginx.org/HttpUploadProgressModule reads "the location must be a proxy_pass or fastcgi location" Will it work for uwSGI location? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234405,234405#msg-234405 From goelvivek2011 at gmail.com Tue Dec 25 06:52:50 2012 From: goelvivek2011 at gmail.com (Vivek Goel) Date: Tue, 25 Dec 2012 12:22:50 +0530 Subject: How to get maximum number of connection, I have ever got on my server? Message-ID: Is there a way I can log current number of active connection in nginx? I want to check the max number of parallel connection I am getting on my server. regards Vivek Goel -------------- next part -------------- An HTML attachment was scrubbed... URL: From howachen at gmail.com Tue Dec 25 10:55:41 2012 From: howachen at gmail.com (howard chen) Date: Tue, 25 Dec 2012 18:55:41 +0800 Subject: Rewrite all urls inside location block in nginx In-Reply-To: References: Message-ID: Thanks. On Mon, Dec 24, 2012 at 6:02 PM, Edho Arief wrote: > return 301 http://$http_host/foo.xml; > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Dec 25 13:06:45 2012 From: nginx-forum at nginx.us (xinghua_hi) Date: Tue, 25 Dec 2012 08:06:45 -0500 Subject: error_page can not work in if directive Message-ID: I want to display different pages when 413 code return, for example set $var 1; if ?$var = 1) { error_page 413 /413_old.html; } if ($var =2) { error_page 413 /413_new.html; } error_page can not work, but I write error_page directive in location block directly instead of using if directive, it can work normally Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234417,234417#msg-234417 From nginx-forum at nginx.us Tue Dec 25 14:36:51 2012 From: nginx-forum at nginx.us (xinghua_hi) Date: Tue, 25 Dec 2012 09:36:51 -0500 Subject: error_page can not work in if directive In-Reply-To: References: Message-ID: please help me, thank you Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234417,234420#msg-234420 From mdounin at mdounin.ru Tue Dec 25 14:42:25 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 25 Dec 2012 18:42:25 +0400 Subject: error_page can not work in if directive In-Reply-To: References: Message-ID: <20121225144225.GW40452@mdounin.ru> Hello! On Tue, Dec 25, 2012 at 08:06:45AM -0500, xinghua_hi wrote: > I want to display different pages when 413 code return, for example > > set $var 1; > if ?$var = 1) { > error_page 413 /413_old.html; > } > if ($var =2) { > error_page 413 /413_new.html; > } > > error_page can not work, but I write error_page directive in location block > directly instead of using if directive, it can work normally There several ways to do what you want. E.g. you may use variables in the error page specified, e.g. error_page 413 /413.$var.html; or use an error_page with additional processing for the page in question, e.g. error_page 413 /413.html; location = /413.html { if ($new) { rewrite ^ /413.new.html; } } -- Maxim Dounin http://nginx.com/support.html From mdounin at mdounin.ru Tue Dec 25 14:47:28 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 25 Dec 2012 18:47:28 +0400 Subject: nginx-1.3.10 Message-ID: <20121225144728.GX40452@mdounin.ru> Changes with nginx 1.3.10 25 Dec 2012 *) Change: domain names specified in configuration file are now resolved to IPv6 addresses as well as IPv4 ones. *) Change: now if the "include" directive with mask is used on Unix systems, included files are sorted in alphabetical order. *) Change: the "add_header" directive adds headers to 201 responses. *) Feature: the "geo" directive now supports IPv6 addresses in CIDR notation. *) Feature: the "flush" and "gzip" parameters of the "access_log" directive. *) Feature: variables support in the "auth_basic" directive. *) Bugfix: nginx could not be built with the ngx_http_perl_module in some cases. *) Bugfix: a segmentation fault might occur in a worker process if the ngx_http_xslt_module was used. *) Bugfix: nginx could not be built on MacOSX in some cases. Thanks to Piotr Sikora. *) Bugfix: the "limit_rate" directive with high rates might result in truncated responses on 32-bit platforms. Thanks to Alexey Antropov. *) Bugfix: a segmentation fault might occur in a worker process if the "if" directive was used. Thanks to Piotr Sikora. *) Bugfix: a "100 Continue" response was issued with "413 Request Entity Too Large" responses. *) Bugfix: the "image_filter", "image_filter_jpeg_quality" and "image_filter_sharpen" directives might be inherited incorrectly. Thanks to Ian Babrou. *) Bugfix: "crypt_r() failed" errors might appear if the "auth_basic" directive was used on Linux. *) Bugfix: in backup servers handling. Thanks to Thomas Chen. *) Bugfix: proxied HEAD requests might return incorrect response if the "gzip" directive was used. Merry Christmas! -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Tue Dec 25 15:09:45 2012 From: nginx-forum at nginx.us (xinghua_hi) Date: Tue, 25 Dec 2012 10:09:45 -0500 Subject: error_page can not work in if directive In-Reply-To: <20121225144225.GW40452@mdounin.ru> References: <20121225144225.GW40452@mdounin.ru> Message-ID: thank you very much, but i sitll want to know why error_page can't work normally in if block. I see the error_page 's context can be " if in location" in the document. the whole location conf like below, error_page can not work: client_max_body_size 50k; location / { set $var "haha"; if ($var = "haha") { error_page 413 /413.html; } } but client_max_body_size 50k; location / { error_page 413 /413.html; } it works! and location / { set $var "haha"; if ($var = "haha") { error_page 404 /404.html; } } it also works! thanks? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234417,234426#msg-234426 From mdounin at mdounin.ru Tue Dec 25 15:27:01 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 25 Dec 2012 19:27:01 +0400 Subject: error_page can not work in if directive In-Reply-To: References: <20121225144225.GW40452@mdounin.ru> Message-ID: <20121225152701.GC40452@mdounin.ru> Hello! On Tue, Dec 25, 2012 at 10:09:45AM -0500, xinghua_hi wrote: > thank you very much, but i sitll want to know why error_page can't work > normally in if block. > I see the error_page 's context can be " if in location" in the document. > > the whole location conf like below, error_page can not work: > > client_max_body_size 50k; > location / { > set $var "haha"; > if ($var = "haha") { > error_page 413 /413.html; > } > } > > but > > client_max_body_size 50k; > location / { > error_page 413 /413.html; > } > it works! The 413 error is generated once location configuration is determinded, and this happens before location-level rewrite module directives (the "if" directive in particular) are executed. Hence error_page 413 configure inside the "if" doesn't make any difference. (Please also note that in general it's a good idea to avoid using the "if" directive, see http://wiki.nginx.org/IfIsEvil.) -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Tue Dec 25 16:04:03 2012 From: nginx-forum at nginx.us (PascalTurbo) Date: Tue, 25 Dec 2012 11:04:03 -0500 Subject: Problem when using subfolder Message-ID: Hi There, need to solve the following Problem: location / should point to /var/www/myfirstside and location /subside should point to /var/www/mysecondside I have no idea how to solve this. I tried: location / { root /var/www/myfirstside } location /subside { root /var/www/mysecondside } but this doesn't work because nginx send all requests for /subside to /var/www/mysecondside/subside ... Could anybody help me? THX allot Pascal Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234428,234428#msg-234428 From mdounin at mdounin.ru Tue Dec 25 16:07:53 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 25 Dec 2012 20:07:53 +0400 Subject: Problem when using subfolder In-Reply-To: References: Message-ID: <20121225160753.GE40452@mdounin.ru> Hello! On Tue, Dec 25, 2012 at 11:04:03AM -0500, PascalTurbo wrote: > Hi There, > > need to solve the following Problem: > > location / should point to /var/www/myfirstside > and location /subside should point to /var/www/mysecondside > > I have no idea how to solve this. > > I tried: > > location / { > root /var/www/myfirstside > } > > location /subside { > root /var/www/mysecondside > } > > but this doesn't work because nginx send all requests for /subside to > /var/www/mysecondside/subside ... > > Could anybody help me? Try "alias": location / { root /var/www/myfirstside; } location /subside/ { alias /var/www/mysecondside/; } See http://nginx.org/r/alias for details. -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Tue Dec 25 16:47:58 2012 From: nginx-forum at nginx.us (xinghua_hi) Date: Tue, 25 Dec 2012 11:47:58 -0500 Subject: error_page can not work in if directive In-Reply-To: <20121225152701.GC40452@mdounin.ru> References: <20121225152701.GC40452@mdounin.ru> Message-ID: <94af40da02f1be73cf4ca0bd60b1b40f.NginxMailingListEnglish@forum.nginx.org> thanks, but a new question comming? I try to resolve my problem according to your method: (1) ?set" is also an location-level rewrite module directive, so the conf like this location / { root XXX; set $var "haha"; error_page 413 /413.${var}.html; } will return 404, but 413.haha.html exists my root dir?I see the debug log , find some log like http finalize request: 404, "/413..html?" obviously, nginx takes $var as an empty string, I think the reason is also that 413 error is generated before set directive? so , how to use variable in error_page uri? (2) if I writer conf like this: location / { set $var "haha"; error_page 413 /413.html; } location = /413.html { if ($var) { rewriter ^ /413.new.html; } } the key problem is how can i pass the $var to location /413.html? I try it , the second $var is empty?I also wonder about the result because I remember when internal redirect, the location can share the variable) ? Thank you . Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234417,234437#msg-234437 From bill.culp at me.com Tue Dec 25 16:52:32 2012 From: bill.culp at me.com (Bill Culp) Date: Tue, 25 Dec 2012 08:52:32 -0800 Subject: Problem when using subfolder In-Reply-To: <20121225160753.GE40452@mdounin.ru> References: <20121225160753.GE40452@mdounin.ru> Message-ID: ngnix docs state that the closest match will always be found in location phrases So why is alias needed? On Dec 25, 2012, at 8:07 AM, Maxim Dounin wrote: > Hello! > > On Tue, Dec 25, 2012 at 11:04:03AM -0500, PascalTurbo wrote: > >> Hi There, >> >> need to solve the following Problem: >> >> location / should point to /var/www/myfirstside >> and location /subside should point to /var/www/mysecondside >> >> I have no idea how to solve this. >> >> I tried: >> >> location / { >> root /var/www/myfirstside >> } >> >> location /subside { >> root /var/www/mysecondside >> } >> >> but this doesn't work because nginx send all requests for /subside to >> /var/www/mysecondside/subside ... >> >> Could anybody help me? > > Try "alias": > > location / { > root /var/www/myfirstside; > } > > location /subside/ { > alias /var/www/mysecondside/; > } > > See http://nginx.org/r/alias for details. > > -- > Maxim Dounin > http://nginx.com/support.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From bill.culp at me.com Tue Dec 25 16:55:17 2012 From: bill.culp at me.com (Bill Culp) Date: Tue, 25 Dec 2012 08:55:17 -0800 Subject: Problem when using subfolder In-Reply-To: <20121225160753.GE40452@mdounin.ru> References: <20121225160753.GE40452@mdounin.ru> Message-ID: <8DB368E8-643E-451A-9B32-19A954187576@me.com> Ah IC your appending a context path, but since this isnt Java, Im still curious as to why On Dec 25, 2012, at 8:07 AM, Maxim Dounin wrote: > Hello! > > On Tue, Dec 25, 2012 at 11:04:03AM -0500, PascalTurbo wrote: > >> Hi There, >> >> need to solve the following Problem: >> >> location / should point to /var/www/myfirstside >> and location /subside should point to /var/www/mysecondside >> >> I have no idea how to solve this. >> >> I tried: >> >> location / { >> root /var/www/myfirstside >> } >> >> location /subside { >> root /var/www/mysecondside >> } >> >> but this doesn't work because nginx send all requests for /subside to >> /var/www/mysecondside/subside ... >> >> Could anybody help me? > > Try "alias": > > location / { > root /var/www/myfirstside; > } > > location /subside/ { > alias /var/www/mysecondside/; > } > > See http://nginx.org/r/alias for details. > > -- > Maxim Dounin > http://nginx.com/support.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Tue Dec 25 17:24:01 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 25 Dec 2012 21:24:01 +0400 Subject: error_page can not work in if directive In-Reply-To: <94af40da02f1be73cf4ca0bd60b1b40f.NginxMailingListEnglish@forum.nginx.org> References: <20121225152701.GC40452@mdounin.ru> <94af40da02f1be73cf4ca0bd60b1b40f.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121225172401.GH40452@mdounin.ru> Hello! On Tue, Dec 25, 2012 at 11:47:58AM -0500, xinghua_hi wrote: > thanks, but a new question comming? > I try to resolve my problem according to your method: > (1) > ?set" is also an location-level rewrite module directive, so the conf like > this > location / { > root XXX; > set $var "haha"; > error_page 413 /413.${var}.html; > } > > will return 404, but 413.haha.html exists my root dir?I see the debug log , > find some log like > http finalize request: 404, "/413..html?" > obviously, nginx takes $var as an empty string, I think the reason is also > that 413 error is generated before set directive? so , how to use variable > in error_page uri? Same problem here: the "set" directive isn't executed, and hence the $var isn't "haha" but uninitialized and evaluates to an empty string. You have to make $var variable available by other means (e.g. set the variable at server level, or make it available via map{} directive). > (2) > if I writer conf like this: > location / { > set $var "haha"; > error_page 413 /413.html; > } > > location = /413.html { > if ($var) { > rewriter ^ /413.new.html; > } > } > > the key problem is how can i pass the $var to location /413.html? I try > it , the second $var is empty?I also wonder about the result because I > remember when internal redirect, the location can share the variable) ? And the same problem here: "set $var "haha";" in the location / isn't executed, and hence $var remains uninitialized. -- Maxim Dounin http://nginx.com/support.html From nginx-forum at nginx.us Tue Dec 25 17:39:09 2012 From: nginx-forum at nginx.us (kalpesh.patel@glgroup.com) Date: Tue, 25 Dec 2012 12:39:09 -0500 Subject: Using Crypt::OpenSSL::RSA with http_perl_module problem Message-ID: <80cb0a23745b4049edc28371edb8c67d.NginxMailingListEnglish@forum.nginx.org> Hi all: I am trying to utilize Crypt::OpenSSL::RSA perl module that is called from within the the http_perl_module handler. The interesting part is that if I use this module from a strait perl script then it works fine but when I call from the handler in nginx then it fail nginx's sanity test check. Hopefully someone can shed some light here. I suspect /usr/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA.so to be the culprit somewhere. First, I created two perl scripts as mentioned at http://stuff-things.net/2007/05/02/encrypting-sensitive-data-with-perl/. Here is the output from these two scripts, thus indicating that Perl modules installed are sane and complete ... Let me know if any additional piece of info is needed. Thanks. -------Version information root at master-01:/home/theapp/theEnDec/conf# perl -version This is perl 5, version 12, subversion 4 (v5.12.4) built for x86_64-linux-gnu-thread-multi (with 48 registered patches, see perl -V for more detail) Copyright 1987-2010, Larry Wall Perl may be copied only under the terms of either the Artistic License or the GNU General Public License, which may be found in the Perl 5 source kit. Complete documentation for Perl, including FAQ lists, should be found on this system using "man perl" or "perldoc perl". If you have access to the Internet, point your browser at http://www.perl.org/, the Perl Home Page. root at master-01:/home/theapp/theEnDec/conf# /usr/local/nginx/sbin/nginx -v nginx version: nginx/1.2.6 ii libclass-accessor-perl 0.34-1 Perl module that automatically generates accessors ii libclass-isa-perl 0.36-1 report the search path for a class's ISA tree ii libcurses-perl 1.28-1build1 Curses interface for Perl ii libcurses-ui-perl 0.9607-2 curses-based OO user interface framework for Perl ii liberror-perl 0.17-1 Perl module for error/exception handling in an OO-ish way ii libio-string-perl 1.08-2 Emulate IO::File interface for in-core strings ii liblocale-gettext-perl 1.05-6build1 Using libc functions for internationalization in Perl ii libparse-debianchangelog-perl 1.2.0-1ubuntu1 parse Debian changelogs and output them in other formats ii libperl-dev 5.12.4-4ubuntu0.1 Perl library: development files ii libperl5.12 5.12.4-4ubuntu0.1 shared Perl library ii libpod-plainer-perl 1.03-1 Perl extension for converting Pod to old-style Pod. ii libsub-name-perl 0.05-1build1 module for assigning a new name to referenced sub ii libswitch-perl 2.16-1 A switch statement for Perl ii libterm-readkey-perl 2.30-4build2 A perl module for simple terminal control ii libtext-charwidth-perl 0.04-6build1 get display widths of characters on the terminal ii libtext-iconv-perl 1.7-2build1 converts between character sets in Perl ii libtext-wrapi18n-perl 0.06-7 internationalized substitute of Text::Wrap ii libtimedate-perl 1.2000-1 collection of modules to manipulate date/time information ii perl 5.12.4-4ubuntu0.1 Larry Wall's Practical Extraction and Report Language ii perl-base 5.12.4-4ubuntu0.1 minimal Perl system ii perl-modules 5.12.4-4ubuntu0.1 Core Perl modules -------Encryption script root at master-01:/home/theapp/theEnDec/perl# cat test_encrypt.pl #!/usr/bin/perl use Crypt::OpenSSL::RSA; use MIME::Base64; use strict; my $public_key = 'public.pem'; my $string = 'Hello World!'; print encryptPublic($public_key,$string); exit; sub encryptPublic { my ($public_key,$string) = @_; my $key_string; open(PUB,$public_key) || die "$public_key: $!"; read(PUB,$key_string,-s PUB); # Suck in the whole file close(PUB); my $public = Crypt::OpenSSL::RSA->new_public_key($key_string); encode_base64($public->encrypt($string)); } root at master-01:/home/theapp/theEnDec/perl# ./test_encrypt.pl gFG/i6YvQ54hEmlYf1D8MEZ4wPs9GANJ8WkBGkokyT4u6aYPuff8DmgFiXMgUvjPIfiOtf8JDaiS wr7FpXfSi1TuZVb9waFTZitxJ9Gh7PRBw1YLr/ZQWGSf7ZzOF0iuIEl8q4C+MZScCFjiYjqz4qc0 6ehgnmggDA5R2RmlvVv0q1H5Orrv0xlucAxNpMvg9CD74tKg+192unGOhWOK29G4uf2jE5I9CfbI TJU7vrpD7RY1RFR+BAdNRe6W6+VadcLc/vytMp175JDD9tBsUKm/ZueGTJ6L7Y7kQ6yx+trvhgNQ zjmFg7wQ+2x9V0fcA4uUueRT58dqFjAQpXVnCw== -------Decryption script root at master-01:/home/theapp/theEnDec/perl# cat test_decrypt.pl #!/usr/bin/perl use Convert::PEM; use Crypt::OpenSSL::RSA; use MIME::Base64; use strict; my $encrypted_string =q( gFG/i6YvQ54hEmlYf1D8MEZ4wPs9GANJ8WkBGkokyT4u6aYPuff8DmgFiXMgUvjPIfiOtf8JDaiS wr7FpXfSi1TuZVb9waFTZitxJ9Gh7PRBw1YLr/ZQWGSf7ZzOF0iuIEl8q4C+MZScCFjiYjqz4qc0 6ehgnmggDA5R2RmlvVv0q1H5Orrv0xlucAxNpMvg9CD74tKg+192unGOhWOK29G4uf2jE5I9CfbI TJU7vrpD7RY1RFR+BAdNRe6W6+VadcLc/vytMp175JDD9tBsUKm/ZueGTJ6L7Y7kQ6yx+trvhgNQ zjmFg7wQ+2x9V0fcA4uUueRT58dqFjAQpXVnCw== ); my $private_key = 'private.pem'; my $password = 'testing'; print decryptPrivate($private_key,$password,$encrypted_string), "\n"; exit; sub decryptPrivate { my ($private_key,$password,$string) = @_; my $key_string = readPrivateKey($private_key,$password); return(undef) unless ($key_string); # Decrypt failed. my $private = Crypt::OpenSSL::RSA->new_private_key($key_string) || die "$!"; $private->decrypt(decode_base64($string)); } sub readPrivateKey { my ($file,$password) = @_; my $key_string; $key_string = decryptPEM($file,$password); } sub decryptPEM { my ($file,$password) = @_; my $pem = Convert::PEM->new( Name => 'RSA PRIVATE KEY', ASN => qq( RSAPrivateKey SEQUENCE { version INTEGER, n INTEGER, e INTEGER, d INTEGER, p INTEGER, q INTEGER, dp INTEGER, dq INTEGER, iqmp INTEGER } )); my $pkey = $pem->read(Filename => $file, Password => $password); return(undef) unless ($pkey); # Decrypt failed. $pem->encode(Content => $pkey); } root at master-01:/home/theapp/theEnDec/perl# ./test_decrypt.pl Hello World! -------Perl handler for NGINX package theEnDec; use Convert::PEM; use Crypt::OpenSSL::RSA; use MIME::Base64; use strict; use nginx; sub handler { my $r = shift; my $public_key = 'public.pem'; my $private_key = 'private.pem'; my $password = 'testing'; my $operation = r->variable('operation'); my $op_string = r->variable('op_string'); my $result = 'Error: no operation performed!'; if (lc($operation) eq 'encode') { $result = encryptPublic($public_key,$op_string); } if (lc($operation) eq 'decode') { $result = decryptPrivate($private_key,$password,$op_string); } $r->header_out ("X-theAnswerIs=", $result); $r->send_http_header("text/html"); $r->rflush; return OK if $r->header_only; my $bodyis = CGI->new; $bodyis->compile(); $r->print ($bodyis->start_html('Test Page')); $r->print ($bodyis->h3({-align=>right},'That is the only thing I can give. Use it wisely!')); $r->print ($bodyis->end_html); $r->rflush; return OK; #-## Encryption sub-routines sub encryptPublic { my ($public_key,$string) = @_; my $key_string; open(PUB,$public_key) || die "$public_key: $!"; read(PUB,$key_string,-s PUB); # Suck in the whole file close(PUB); my $public = Crypt::OpenSSL::RSA->new_public_key($key_string); encode_base64($public->encrypt($string)); } #-## Decryption sub-routines sub decryptPrivate { my ($private_key,$password,$string) = @_; my $key_string = readPrivateKey($private_key,$password); return(undef) unless ($key_string); # Decrypt failed. my $private = Crypt::OpenSSL::RSA->new_private_key($key_string) || die "$!"; $private->decrypt(decode_base64($string)); } sub readPrivateKey { my ($file,$password) = @_; my $key_string; $key_string = decryptPEM($file,$password); } sub decryptPEM { my ($file,$password) = @_; my $pem = Convert::PEM->new( Name => 'RSA PRIVATE KEY', ASN => qq( RSAPrivateKey SEQUENCE { version INTEGER, n INTEGER, e INTEGER, d INTEGER, p INTEGER, q INTEGER, dp INTEGER, dq INTEGER, iqmp INTEGER } )); my $pkey = $pem->read(Filename => $file, Password => $password); return(undef) unless ($pkey); # Decrypt failed. $pem->encode(Content => $pkey); } } 1; __END__ -------nginx server stanza in the configuration file server { resolver 127.0.0.1; resolver_timeout 1s; listen 80; server_name mixmaster; if ($uri ~* ^/([^/]*)(.*)$ ) { set $operation $1; set $op_string $2; } # this prevents hidden files (beginning with a period) from being served location ~ /\. { access_log off; log_not_found off; deny all; } # Prevents someone from accessing a backup copy of a file someone working on location ~ ~$ { access_log off; log_not_found off; deny all; } # Prevents someone from accessing a swap file of a file someone working on location ~ swp$ { access_log off; log_not_found off; deny all; } location / { perl theEnDec::handler; } } -------nginx configuration testing root at master-01:/home/theapp/theEnDec/conf# /usr/local/nginx/sbin/nginx -t nginx: [emerg] require_pv("theEnDec.pm") failed: "Can't locate loadable object for module Crypt::OpenSSL::RSA in @INC (@INC contains: /usr/local/nginx/perl /etc/perl /usr/local/lib/perl/5.12.4 /usr/local/share/perl/5.12.4 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.12 /usr/share/perl/5.12 /usr/local/lib/site_perl .) at /usr/local/nginx/perl/theEnDec.pm line 4 Compilation failed in require at /usr/local/nginx/perl/theEnDec.pm line 4. BEGIN failed--compilation aborted at /usr/local/nginx/perl/theEnDec.pm line 4. Compilation failed in require at (eval 1) line 1." nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed root at master-01:/home/theapp/theEnDec/conf# -------strace of the testing on Ubuntu 11.10 root at master-01:/home/theapp/theEnDec/conf# strace -f /usr/local/nginx/sbin/nginx -t execve("/usr/local/nginx/sbin/nginx", ["/usr/local/nginx/sbin/nginx", "-t"], [/* 521 vars */]) = 0 brk(0) = 0x1694000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd2e0ab000 access("/etc/ld.so.preload", R_OK) = 0 open("/etc/ld.so.preload", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=57, ...}) = 0 mmap(NULL, 57, PROT_READ|PROT_WRITE, MAP_PRIVATE, 3, 0) = 0x7fcd2e0aa000 close(3) = 0 open("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA.so", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240/\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0555, st_size=145442, ...}) = 0 mmap(NULL, 2142976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fcd2dc81000 mprotect(0x7fcd2dc8c000, 2093056, PROT_NONE) = 0 mmap(0x7fcd2de8b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0xa000) = 0x7fcd2de8b000 close(3) = 0 munmap(0x7fcd2e0aa000, 57) = 0 open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=19679, ...}) = 0 mmap(NULL, 19679, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7fcd2e0a6000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0Pl\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=135500, ...}) = 0 mmap(NULL, 2212920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fcd2da64000 mprotect(0x7fcd2da7c000, 2093056, PROT_NONE) = 0 mmap(0x7fcd2dc7b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7fcd2dc7b000 mmap(0x7fcd2dc7d000, 13368, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fcd2dc7d000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libcrypt.so.1", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\n\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=43296, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd2e0a5000 mmap(NULL, 2327040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fcd2d82b000 mprotect(0x7fcd2d834000, 2097152, PROT_NONE) = 0 mmap(0x7fcd2da34000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x7fcd2da34000 mmap(0x7fcd2da36000, 184832, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fcd2da36000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libpcre.so.3", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\300\25\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=243800, ...}) = 0 mmap(NULL, 2338984, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fcd2d5ef000 mprotect(0x7fcd2d62a000, 2093056, PROT_NONE) = 0 mmap(0x7fcd2d829000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x3a000) = 0x7fcd2d829000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libssl.so.1.0.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0@\376\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=332400, ...}) = 0 mmap(NULL, 2427672, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fcd2d39e000 mprotect(0x7fcd2d3e8000, 2093056, PROT_NONE) = 0 mmap(0x7fcd2d5e7000, 32768, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x49000) = 0x7fcd2d5e7000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libcrypto.so.1.0.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\312\5\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=1749000, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd2e0a4000 mmap(NULL, 3859752, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fcd2cfef000 mprotect(0x7fcd2d177000, 2097152, PROT_NONE) = 0 mmap(0x7fcd2d377000, 143360, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x188000) = 0x7fcd2d377000 mmap(0x7fcd2d39a000, 13608, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fcd2d39a000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libz.so.1", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P \0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=96816, ...}) = 0 mmap(NULL, 2191920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fcd2cdd7000 mprotect(0x7fcd2cdee000, 2093056, PROT_NONE) = 0 mmap(0x7fcd2cfed000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16000) = 0x7fcd2cfed000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/libperl.so.5.12", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200T\3\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=1524408, ...}) = 0 mmap(NULL, 3620040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fcd2ca63000 mprotect(0x7fcd2cbcf000, 2093056, PROT_NONE) = 0 mmap(0x7fcd2cdce000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16b000) = 0x7fcd2cdce000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \24\2\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1694008, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd2e0a3000 mmap(NULL, 3810152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fcd2c6c0000 mprotect(0x7fcd2c859000, 2093056, PROT_NONE) = 0 mmap(0x7fcd2ca58000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x198000) = 0x7fcd2ca58000 mmap(0x7fcd2ca5d000, 21352, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fcd2ca5d000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=14768, ...}) = 0 mmap(NULL, 2109704, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fcd2c4bc000 mprotect(0x7fcd2c4be000, 2097152, PROT_NONE) = 0 mmap(0x7fcd2c6be000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7fcd2c6be000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libm.so.6", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360>\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=538928, ...}) = 0 mmap(NULL, 2633960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7fcd2c238000 mprotect(0x7fcd2c2bb000, 2093056, PROT_NONE) = 0 mmap(0x7fcd2c4ba000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x82000) = 0x7fcd2c4ba000 close(3) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd2e0a2000 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd2e0a1000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd2e09f000 arch_prctl(ARCH_SET_FS, 0x7fcd2e09f720) = 0 mprotect(0x7fcd2c4ba000, 4096, PROT_READ) = 0 mprotect(0x7fcd2c6be000, 4096, PROT_READ) = 0 mprotect(0x7fcd2ca58000, 16384, PROT_READ) = 0 mprotect(0x7fcd2cdce000, 16384, PROT_READ) = 0 mprotect(0x7fcd2cfed000, 4096, PROT_READ) = 0 mprotect(0x7fcd2d377000, 102400, PROT_READ) = 0 mprotect(0x7fcd2d5e7000, 12288, PROT_READ) = 0 mprotect(0x7fcd2d829000, 4096, PROT_READ) = 0 mprotect(0x7fcd2da34000, 4096, PROT_READ) = 0 mprotect(0x7fcd2dc7b000, 4096, PROT_READ) = 0 mprotect(0x7fcd2de8b000, 4096, PROT_READ) = 0 mprotect(0x69f000, 4096, PROT_READ) = 0 mprotect(0x7fcd2e0ad000, 4096, PROT_READ) = 0 munmap(0x7fcd2e0a6000, 19679) = 0 set_tid_address(0x7fcd2e09f9f0) = 23220 set_robust_list(0x7fcd2e09fa00, 0x18) = 0 futex(0x7fff656e8a8c, FUTEX_WAKE_PRIVATE, 1) = 0 futex(0x7fff656e8a8c, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, 7fcd2e09f720) = -1 EAGAIN (Resource temporarily unavailable) rt_sigaction(SIGRTMIN, {0x7fcd2da6a6c0, [], SA_RESTORER|SA_SIGINFO, 0x7fcd2da74060}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {0x7fcd2da6a750, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7fcd2da74060}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0 brk(0) = 0x1694000 brk(0x16b5000) = 0x16b5000 open("/etc/localtime", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 fstat(3, {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd2e0aa000 read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\4\0\0\0\4\0\0\0\0"..., 4096) = 3519 lseek(3, -2252, SEEK_CUR) = 1267 read(3, "TZif2\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\5\0\0\0\5\0\0\0\0"..., 4096) = 2252 close(3) = 0 munmap(0x7fcd2e0aa000, 4096) = 0 open("/usr/local/nginx/logs/error.log", O_WRONLY|O_CREAT|O_APPEND, 0644) = 3 open("/usr/lib/ssl/openssl.cnf", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0644, st_size=10819, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd2e0aa000 read(4, "#\n# OpenSSL example configuratio"..., 4096) = 4096 read(4, "Netscape crash on BMPStrings or "..., 4096) = 4096 read(4, "nterpreting an end user certific"..., 4096) = 2627 read(4, "", 4096) = 0 close(4) = 0 munmap(0x7fcd2e0aa000, 4096) = 0 uname({sys="Linux", node="master-01", ...}) = 0 brk(0x16da000) = 0x16da000 open("/proc/stat", O_RDONLY|O_CLOEXEC) = 4 read(4, "cpu 127383 12003 198535 6778121"..., 8192) = 1365 close(4) = 0 getrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=4*1024}) = 0 stat("/etc/localtime", {st_mode=S_IFREG|0644, st_size=3519, ...}) = 0 uname({sys="Linux", node="master-01", ...}) = 0 open("/usr/local/nginx/conf/nginx.conf", O_RDONLY) = 4 fstat(4, {st_mode=S_IFREG|0664, st_size=1414, ...}) = 0 pread(4, "\nuser www-data;\n\nworker_processe"..., 1414, 0) = 1414 geteuid() = 0 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5 connect(5, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(5) = 0 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5 connect(5, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(5) = 0 open("/etc/nsswitch.conf", O_RDONLY) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=475, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7fcd2e0aa000 read(5, "# /etc/nsswitch.conf\n#\n# Example"..., 4096) = 475 read(5, "", 4096) = 0 close(5) = 0 munmap(0x7fcd2e0aa000, 4096) = 0 open("/etc/ld.so.cache", O_RDONLY) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=19679, ...}) = 0 mmap(NULL, 19679, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7fcd2e0a6000 close(5) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libnss_compat.so.2", O_RDONLY) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\20\23\0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=35712, ...}) = 0 mmap(NULL, 2131288, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7fcd2c02f000 mprotect(0x7fcd2c037000, 2093056, PROT_NONE) = 0 mmap(0x7fcd2c236000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x7000) = 0x7fcd2c236000 close(5) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libnsl.so.1", O_RDONLY) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0p@\0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=97256, ...}) = 0 mmap(NULL, 2202328, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7fcd2be15000 mprotect(0x7fcd2be2c000, 2093056, PROT_NONE) = 0 mmap(0x7fcd2c02b000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x16000) = 0x7fcd2c02b000 mmap(0x7fcd2c02d000, 6872, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7fcd2c02d000 close(5) = 0 mprotect(0x7fcd2c02b000, 4096, PROT_READ) = 0 mprotect(0x7fcd2c236000, 4096, PROT_READ) = 0 munmap(0x7fcd2e0a6000, 19679) = 0 open("/etc/ld.so.cache", O_RDONLY) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=19679, ...}) = 0 mmap(NULL, 19679, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7fcd2e0a6000 close(5) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libnss_nis.so.2", O_RDONLY) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0` \0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=47696, ...}) = 0 mmap(NULL, 2143552, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7fcd2bc09000 mprotect(0x7fcd2bc13000, 2097152, PROT_NONE) = 0 mmap(0x7fcd2be13000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xa000) = 0x7fcd2be13000 close(5) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libnss_files.so.2", O_RDONLY) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\"\0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=51736, ...}) = 0 mmap(NULL, 2148088, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7fcd2b9fc000 mprotect(0x7fcd2ba08000, 2093056, PROT_NONE) = 0 mmap(0x7fcd2bc07000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xb000) = 0x7fcd2bc07000 close(5) = 0 mprotect(0x7fcd2bc07000, 4096, PROT_READ) = 0 mprotect(0x7fcd2be13000, 4096, PROT_READ) = 0 munmap(0x7fcd2e0a6000, 19679) = 0 open("/etc/passwd", O_RDONLY|O_CLOEXEC) = 5 fcntl(5, F_GETFD) = 0x1 (flags FD_CLOEXEC) lseek(5, 0, SEEK_CUR) = 0 fstat(5, {st_mode=S_IFREG|0644, st_size=1367, ...}) = 0 mmap(NULL, 1367, PROT_READ, MAP_SHARED, 5, 0) = 0x7fcd2e0aa000 lseek(5, 1367, SEEK_SET) = 1367 munmap(0x7fcd2e0aa000, 1367) = 0 close(5) = 0 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5 connect(5, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(5) = 0 socket(PF_FILE, SOCK_STREAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0) = 5 connect(5, {sa_family=AF_FILE, path="/var/run/nscd/socket"}, 110) = -1 ENOENT (No such file or directory) close(5) = 0 open("/etc/group", O_RDONLY|O_CLOEXEC) = 5 lseek(5, 0, SEEK_CUR) = 0 fstat(5, {st_mode=S_IFREG|0644, st_size=747, ...}) = 0 mmap(NULL, 747, PROT_READ, MAP_SHARED, 5, 0) = 0x7fcd2e0aa000 lseek(5, 747, SEEK_SET) = 747 munmap(0x7fcd2e0aa000, 747) = 0 close(5) = 0 epoll_create(100) = 5 close(5) = 0 open("/usr/local/nginx/conf/mime.types", O_RDONLY) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=3463, ...}) = 0 pread(5, "\ntypes {\n text/html "..., 3463, 0) = 3463 close(5) = 0 brk(0x16fb000) = 0x16fb000 rt_sigaction(SIGFPE, {SIG_IGN, [FPE], SA_RESTORER|SA_RESTART, 0x7fcd2c6f6460}, {SIG_DFL, [], 0}, 8) = 0 getuid() = 0 geteuid() = 0 getgid() = 0 getegid() = 0 open("/dev/urandom", O_RDONLY) = 5 read(5, "\361L\246!", 4) = 4 close(5) = 0 stat("/usr/local/nginx/perl/5.12.4/x86_64-linux-gnu-thread-multi", 0x7fff656e77a0) = -1 ENOENT (No such file or directory) stat("/usr/local/nginx/perl/5.12.4", 0x7fff656e77a0) = -1 ENOENT (No such file or directory) stat("/usr/local/nginx/perl/5.12.3", 0x7fff656e77a0) = -1 ENOENT (No such file or directory) stat("/usr/local/nginx/perl/x86_64-linux-gnu-thread-multi", 0x7fff656e77a0) = -1 ENOENT (No such file or directory) readlink("/proc/self/exe", "/usr/local/nginx/sbin/nginx"..., 4095) = 27 stat("/usr/local/lib/site_perl/5.12.4/x86_64-linux-gnu-thread-multi", 0x7fff656e7640) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/site_perl/5.12.4", 0x7fff656e7640) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/site_perl/x86_64-linux-gnu-thread-multi", 0x7fff656e7640) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.3", 0x7fff656e7780) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.3", 0x7fff656e7780) = -1 ENOENT (No such file or directory) ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 lseek(1, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 lseek(2, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) open("/dev/null", O_RDONLY) = 5 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff656e7648) = -1 ENOTTY (Inappropriate ioctl for device) lseek(5, 0, SEEK_CUR) = 0 fcntl(5, F_SETFD, FD_CLOEXEC) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0 brk(0x171c000) = 0x171c000 stat("/usr/local/nginx/perl/nginx.pmc", 0x7fff656e7270) = -1 ENOENT (No such file or directory) stat("/usr/local/nginx/perl/nginx.pm", 0x7fff656e71c0) = -1 ENOENT (No such file or directory) stat("/etc/perl/nginx.pmc", 0x7fff656e7270) = -1 ENOENT (No such file or directory) stat("/etc/perl/nginx.pm", 0x7fff656e71c0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/nginx.pmc", 0x7fff656e7270) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/nginx.pm", {st_mode=S_IFREG|0444, st_size=3305, ...}) = 0 open("/usr/local/lib/perl/5.12.4/nginx.pm", O_RDONLY) = 6 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff656e6f38) = -1 ENOTTY (Inappropriate ioctl for device) lseek(6, 0, SEEK_CUR) = 0 read(6, "package nginx;\n\nuse 5.006001;\nus"..., 4096) = 3305 stat("/usr/local/nginx/perl/strict.pmc", 0x7fff656e6c50) = -1 ENOENT (No such file or directory) stat("/usr/local/nginx/perl/strict.pm", 0x7fff656e6ba0) = -1 ENOENT (No such file or directory) stat("/etc/perl/strict.pmc", 0x7fff656e6c50) = -1 ENOENT (No such file or directory) stat("/etc/perl/strict.pm", 0x7fff656e6ba0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/strict.pmc", 0x7fff656e6c50) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/strict.pm", 0x7fff656e6ba0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/strict.pmc", 0x7fff656e6c50) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/strict.pm", 0x7fff656e6ba0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/strict.pmc", 0x7fff656e6c50) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/strict.pm", 0x7fff656e6ba0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/strict.pmc", 0x7fff656e6c50) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/strict.pm", 0x7fff656e6ba0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/strict.pmc", 0x7fff656e6c50) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/strict.pm", 0x7fff656e6ba0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/strict.pmc", 0x7fff656e6c50) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/strict.pm", {st_mode=S_IFREG|0644, st_size=879, ...}) = 0 open("/usr/share/perl/5.12/strict.pm", O_RDONLY) = 7 ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fff656e6918) = -1 ENOTTY (Inappropriate ioctl for device) lseek(7, 0, SEEK_CUR) = 0 read(7, "package strict;\n\n$strict::VERSIO"..., 4096) = 879 lseek(7, 878, SEEK_SET) = 878 lseek(7, 0, SEEK_CUR) = 878 close(7) = 0 ................other modules strace removed due to message limitations but relevency looks below .......................... stat("/usr/local/nginx/perl/auto/Crypt/OpenSSL/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/etc/perl/auto/Crypt/OpenSSL/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0 stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/auto/Crypt/OpenSSL/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/auto/Crypt/OpenSSL/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/auto/Crypt/OpenSSL/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/auto/Crypt/OpenSSL/RSA", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/usr/lib/perl/5.12/auto/Crypt/OpenSSL/RSA/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/auto/Crypt/OpenSSL/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/site_perl/auto/Crypt/OpenSSL/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("./auto/Crypt/OpenSSL/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("-L/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("-L/usr/lib/perl/5.12/auto/Crypt/OpenSSL/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("-L/usr/local/nginx/perl", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("-L/etc/perl", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("-L/usr/local/lib/perl/5.12.4", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("-L/usr/local/share/perl/5.12.4", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("-L/usr/lib/perl5", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("-L/usr/share/perl5", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("-L/usr/lib/perl/5.12", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("-L/usr/share/perl/5.12", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("-L/usr/local/lib/site_perl", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0 stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/libRSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/auto/Crypt/OpenSSL/RSA", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/usr/lib/perl/5.12/auto/Crypt/OpenSSL/RSA/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/auto/Crypt/OpenSSL/RSA/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/auto/Crypt/OpenSSL/RSA/libRSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/auto/Crypt/OpenSSL/RSA/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/nginx/perl", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0 stat("/usr/local/nginx/perl/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/nginx/perl/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/nginx/perl/libRSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/nginx/perl/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/etc/perl", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/etc/perl/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/etc/perl/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/etc/perl/libRSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/etc/perl/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0 stat("/usr/local/lib/perl/5.12.4/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/libRSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0 stat("/usr/local/share/perl/5.12.4/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/libRSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/usr/lib/perl5/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/libRSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/usr/share/perl5/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/libRSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/usr/lib/perl/5.12/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/libRSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 stat("/usr/share/perl/5.12/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/libRSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/site_perl", 0x16d0e68) = -1 ENOENT (No such file or directory) stat(".", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0 stat("./RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("./RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("./libRSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("./RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) lseek(5, 62, SEEK_SET) = 62 lseek(5, 0, SEEK_CUR) = 62 close(5) = 0 write(3, "2012/12/24 13:26:05 [emerg] 2322"..., 593) = 593 write(2, "nginx: [emerg] require_pv(\"theEn"..., 571nginx: [emerg] require_pv("theEnDec.pm") failed: "Can't locate loadable object for module Crypt::OpenSSL::RSA in @INC (@INC contains: /usr/local/nginx/perl /etc/perl /usr/local/lib/perl/5.12.4 /usr/local/share/perl/5.12.4 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.12 /usr/share/perl/5.12 /usr/local/lib/site_perl .) at /usr/local/nginx/perl/theEnDec.pm line 4 Compilation failed in require at /usr/local/nginx/perl/theEnDec.pm line 4. BEGIN failed--compilation aborted at /usr/local/nginx/perl/theEnDec.pm line 4. Compilation failed in require at (eval 1) line 1." ) = 571 brk(0x1a40000) = 0x1a40000 brk(0x1a20000) = 0x1a20000 brk(0x1a1d000) = 0x1a1d000 brk(0x1a16000) = 0x1a16000 brk(0x1a04000) = 0x1a04000 brk(0x19f6000) = 0x19f6000 brk(0x19e7000) = 0x19e7000 brk(0x19dc000) = 0x19dc000 brk(0x1993000) = 0x1993000 brk(0x198c000) = 0x198c000 brk(0x198a000) = 0x198a000 brk(0x1989000) = 0x1989000 brk(0x1980000) = 0x1980000 brk(0x1960000) = 0x1960000 brk(0x1944000) = 0x1944000 close(4) = 0 write(2, "nginx: configuration file /usr/l"..., 71nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed ) = 71 exit_group(1) = ? root at master-01:/home/theapp/theEnDec/conf# Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234394,234394#msg-234394 From mdounin at mdounin.ru Tue Dec 25 18:05:27 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 25 Dec 2012 22:05:27 +0400 Subject: Problem when using subfolder In-Reply-To: References: <20121225160753.GE40452@mdounin.ru> Message-ID: <20121225180526.GJ40452@mdounin.ru> Hello! On Tue, Dec 25, 2012 at 08:52:32AM -0800, Bill Culp wrote: > ngnix docs state that the closest match will always be found in location phrases > > So why is alias needed? Normally (with root specified) nginx constructs file name as + . This allows to specify root at any level, and it will work without surprises via configuration inheritance. I.e. root /path/to; location /foo/ { # ... } and location /foo/ { root /path/to; } and even location /foo/ { ... location /foo/bar { root /path/to; } } all will result in a "/foo/bar.txt" request being mapped into a "/path/to/foo/bar.txt" file. In contrast, alias replaces part of the URI matched by a location, and file name will be + . This is more fragile as things change as you move the alias directive to another place, but allows to map URI to file system if some parts of the URI needs to be modified, e.g. in configuration like location /foo/ { alias /path/to/baz/; } request to "/foo/bar.txt" will be mappend into "/path/to/baz/bar.txt" file. It is generally recommended to use "root", except in situations like thread starter has, i.e. when URI needs to be modified when mapping to a file system. See here for docs: http://nginx.org/r/root http://nginx.org/r/alias [...] -- Maxim Dounin http://nginx.com/support.html From multiformeingegno at gmail.com Tue Dec 25 23:16:51 2012 From: multiformeingegno at gmail.com (Lorenzo Raffio) Date: Wed, 26 Dec 2012 00:16:51 +0100 Subject: How to use the gzip format for access_log in the new 1.3.10? Message-ID: Guys I updated from nginx 1.3.9 to 1.3.10, edited my access_log line and here it is now: *access_log /var/www/blahblah/logs/access.log gzip buffer=32k;* Unfortunately when I restart nginx I get this error: nginx: [emerg] unknown log format "gzip" What am I doing wrong? Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From vbart at nginx.com Tue Dec 25 23:24:53 2012 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 26 Dec 2012 03:24:53 +0400 Subject: How to use the gzip format for access_log in the new 1.3.10? In-Reply-To: References: Message-ID: <201212260324.54055.vbart@nginx.com> On Wednesday 26 December 2012 03:16:51 Lorenzo Raffio wrote: > Guys I updated from nginx 1.3.9 to 1.3.10, edited my access_log line and > here it is now: > *access_log /var/www/blahblah/logs/access.log gzip buffer=32k;* > > Unfortunately when I restart nginx I get this error: > nginx: [emerg] unknown log format "gzip" > > What am I doing wrong? > > Thanks in advance. You forgot to specify log format ("gzip" is not log format). http://nginx.org/r/access_log http://nginx.org/r/log_format wbr, Valentin V. Bartenev -- http://nginx.com/support.html http://nginx.org/en/donation.html From multiformeingegno at gmail.com Wed Dec 26 00:26:17 2012 From: multiformeingegno at gmail.com (Lorenzo Raffio) Date: Wed, 26 Dec 2012 01:26:17 +0100 Subject: How to use the gzip format for access_log in the new 1.3.10? In-Reply-To: References: Message-ID: Thanks Valentin! *access_log /var/www/blahblah/logs/access.log combined gzip; worked :)* **Last question: what does the flush variable do? Does it specify for how much times to keep the logs? 2012/12/26 Lorenzo Raffio > Guys I updated from nginx 1.3.9 to 1.3.10, edited my access_log line and > here it is now: > *access_log /var/www/blahblah/logs/access.log gzip buffer=32k;* > > Unfortunately when I restart nginx I get this error: > nginx: [emerg] unknown log format "gzip" > > What am I doing wrong? > > Thanks in advance. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From multiformeingegno at gmail.com Wed Dec 26 00:27:59 2012 From: multiformeingegno at gmail.com (Lorenzo Raffio) Date: Wed, 26 Dec 2012 01:27:59 +0100 Subject: How to use the gzip format for access_log in the new 1.3.10? In-Reply-To: References: Message-ID: Oh, I was forgetting: is there a way to globally set to gzip access_log? Cause I have a lot of websites and it will be better to set this globally instead of manually changing access_log line for every vhost :) 2012/12/26 Lorenzo Raffio > Thanks Valentin! > > *access_log /var/www/blahblah/logs/access.log combined gzip; worked :)* > > **Last question: what does the flush variable do? Does it specify for how much times to keep the logs? > > > > 2012/12/26 Lorenzo Raffio > >> Guys I updated from nginx 1.3.9 to 1.3.10, edited my access_log line and >> here it is now: >> *access_log /var/www/blahblah/logs/access.log gzip buffer=32k;* >> >> Unfortunately when I restart nginx I get this error: >> nginx: [emerg] unknown log format "gzip" >> >> What am I doing wrong? >> >> Thanks in advance. >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vbart at nginx.com Wed Dec 26 07:45:03 2012 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 26 Dec 2012 11:45:03 +0400 Subject: How to use the gzip format for access_log in the new 1.3.10? In-Reply-To: References: Message-ID: <201212261145.03532.vbart@nginx.com> On Wednesday 26 December 2012 04:26:17 Lorenzo Raffio wrote: > Thanks Valentin! > > *access_log /var/www/blahblah/logs/access.log combined gzip; worked :)* > > **Last question: what does the flush variable do? Does it specify for > how much times to keep the logs? > It specifies how long the log lines can be buffered. See the docs: http://nginx.org/r/access_log wbr, Valentin V. Bartenev -- http://nginx.com/support.html http://nginx.org/en/donation.html From vbart at nginx.com Wed Dec 26 07:51:38 2012 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 26 Dec 2012 11:51:38 +0400 Subject: How to use the gzip format for access_log in the new 1.3.10? In-Reply-To: References: Message-ID: <201212261151.38073.vbart@nginx.com> On Wednesday 26 December 2012 04:27:59 Lorenzo Raffio wrote: > Oh, I was forgetting: is there a way to globally set to gzip access_log? > Cause I have a lot of websites and it will be better to set this globally > instead of manually changing access_log line for every vhost :) > This settings is set on a per file basis. If you want to change it for a lot of access log files, you could use automated editing tools like sed, awk.. wbr, Valentin V. Bartenev -- http://nginx.com/support.html http://nginx.org/en/donation.html From nginx-forum at nginx.us Wed Dec 26 09:31:52 2012 From: nginx-forum at nginx.us (Kurtosis) Date: Wed, 26 Dec 2012 04:31:52 -0500 Subject: Changed /usr/share/nginx/html/ softlink, now nginx won't serve it @localhost Message-ID: <696fb6a723d24cd6ba81a96c7c30a540.NginxMailingListEnglish@forum.nginx.org> Nginx 1.2.4 on Ubuntu 12.04 x64 desktop I have a pure html site located at: ~/Projects/Clients/ANS/src/MetroBusiness.ans That is softlinked to nginx's localhost directory: /usr/share/nginx/html/dev/MetroBusiness.ans And I used to view the site at http://localhost/dev/MetroBusiness.ans. But I recently moved the site source to ~/work: ~/work/clients/ans/src/MetroBusiness.ans And re-linked it in nginx's localhost directory: /usr/share/nginx/html/dev/MetroBusiness.ans But now I can't view the site in localhost. It should be the same url, but now I'm getting: ---------------------------- Welcome to nginx! If you see this page, the nginx web server is successfully installed and working. ---------------------------- However, the other soft-linked sites that I didn't change still work fine, just the one I changed and re-linked. Also, it doesn't show up in the nginx directory listing at http://localhost/dev/ (with other sites linked in the same way, but not recently moved) Permissions are set to rwxrwxr_x on the site source directory. I restarted nginx, even restarted the computer, but no luck. I'm sure there's something minor I'm missing, but drawing a blank now. Any idea why Nginx can't see this soft link and serve this site anymore? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234468,234468#msg-234468 From francis at daoine.org Wed Dec 26 11:55:23 2012 From: francis at daoine.org (Francis Daly) Date: Wed, 26 Dec 2012 11:55:23 +0000 Subject: Changed /usr/share/nginx/html/ softlink, now nginx won't serve it @localhost In-Reply-To: <696fb6a723d24cd6ba81a96c7c30a540.NginxMailingListEnglish@forum.nginx.org> References: <696fb6a723d24cd6ba81a96c7c30a540.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121226115523.GF18139@craic.sysops.org> On Wed, Dec 26, 2012 at 04:31:52AM -0500, Kurtosis wrote: Hi there, > ~/Projects/Clients/ANS/src/MetroBusiness.ans > ~/work/clients/ans/src/MetroBusiness.ans The capitalisation there has changed. Can you see "ls -l" and "ls -lL" of the symlink to confirm that things on the filesystem are as they should be? > But now I can't view the site in localhost. It should be the same url, but > now I'm getting: > > ---------------------------- > Welcome to nginx! If you see this page, the nginx web server is successfully > installed and working. > ---------------------------- What does nginx.conf have, for this server{} and this location{}? > Any idea why Nginx can't see this soft link and serve this site anymore? If the above doesn't give you a hint, perhaps the error or debug log will? Good luck with it, f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Wed Dec 26 12:35:00 2012 From: nginx-forum at nginx.us (parttis) Date: Wed, 26 Dec 2012 07:35:00 -0500 Subject: Complancy with the IETF specifications (RFCs 1945, 2616 and 2396) Message-ID: <7fad813209300d535511bde845ba236e.NginxMailingListEnglish@forum.nginx.org> Hi I am currently making a research related to different HTTP server implementations. To make my research results complete, I would like to know if Nginx web server is fully compliant with the following IETF recommendations: * HTTP/1.0 specification RFC 1945, * HTTP/1.1 specification RFC 2616, and * the URI generic syntax specification RFC 2396. Thanks in advance. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234475,234475#msg-234475 From contact at jpluscplusm.com Wed Dec 26 13:12:18 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Wed, 26 Dec 2012 13:12:18 +0000 Subject: Complancy with the IETF specifications (RFCs 1945, 2616 and 2396) In-Reply-To: <7fad813209300d535511bde845ba236e.NginxMailingListEnglish@forum.nginx.org> References: <7fad813209300d535511bde845ba236e.NginxMailingListEnglish@forum.nginx.org> Message-ID: On 26 December 2012 12:35, parttis wrote: > Hi > > I am currently making a research related to different HTTP server > implementations. > > To make my research results complete, I would like to know if Nginx web > server is fully compliant with the following IETF recommendations: > * HTTP/1.0 specification RFC 1945, > * HTTP/1.1 specification RFC 2616, and > * the URI generic syntax specification RFC 2396. Isn't the point of "research" that you actually, er, *research* these things yourself? For example, writing a test suite of clients and tests that you can point at various HTTP servers to discover their RFC/etc compliance levels? Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From multiformeingegno at gmail.com Wed Dec 26 15:54:02 2012 From: multiformeingegno at gmail.com (Lorenzo Raffio) Date: Wed, 26 Dec 2012 16:54:02 +0100 Subject: "msie_padding on" doesn't work? Message-ID: msie_padding is set to on by default (and I didn't change it). Today I added this line to my location php block: if ($http_user_agent ~ "MSIE 6" ) { return 403 "Browser not supported. Please update or change to another one."; } So now it is: location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi.conf; fastcgi_pass unix:/var/run/php5-fpm.sock; if ($http_user_agent ~ "MSIE 6" ) { return 403 "Browser not supported. Please update or change to another one."; } } It works (with curl and a IE6 user-agent I get my custom error message), the problem is that IE6 (real browser) displays its default error page (because my message is < of 512 bytes). But msie_padding on should "fix" that, am I wrong? If I change the error to something longer it works! For example I set one (in italian, sorry): "Internet Explorer 6.0 non e' supportato. Per poter visualizzare il sito aggiorna ad una versione successiva o installa un browser alternativo (Google Chrome, Mozilla Firefox, Opera ...)." and it displays my error. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Wed Dec 26 15:58:16 2012 From: nginx-forum at nginx.us (kalpesh.patel@glgroup.com) Date: Wed, 26 Dec 2012 10:58:16 -0500 Subject: Using Crypt::OpenSSL::RSA with http_perl_module problem In-Reply-To: <80cb0a23745b4049edc28371edb8c67d.NginxMailingListEnglish@forum.nginx.org> References: <80cb0a23745b4049edc28371edb8c67d.NginxMailingListEnglish@forum.nginx.org> Message-ID: <4607a967859d0c909edaaa5f40acabff.NginxMailingListEnglish@forum.nginx.org> I am suspecting following to be issue some how. I've tried specifying it via $LD_LIBRARY_PATH, $LD_PRELOAD and /etc/ld.so.preload but no love. root at master-01:/home/theApp/theEnDec/conf# find / -name RSA.so /usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA.so /usr/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA.so In case it helps, this is the Makefile to get the environment to the point of testing it on a Ubuntu 11.10 build: apt-get -y --force-yes install gcc apt-get -y --force-yes install unzip apt-get -y --force-yes install libpcre3 libpcre3-dev apt-get -y --force-yes install libssl-dev apt-get -y --force-yes install libperl-dev cpan -fi Crypt::OpenSSL::RSA cpan -fi MIME::Base64 cpan -fi Convert::PEM cpan -fi CGI tar -xvzf nginx-1.2.6.tar.gz tar -xvzf set-misc-nginx-module-0.22rc8.tar.gz unzip -o ngx_devel_kit-master.zip cd nginx-1.2.6 && ./configure --with-http_ssl_module --with-http_perl_module --add-module=../ngx_devel_kit-master --add-module=../set-misc-nginx-module-0.22rc8 --with-http_stub_status_module --with-debug cd nginx-1.2.6 && make install Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234394,234485#msg-234485 From igor at sysoev.ru Wed Dec 26 15:59:37 2012 From: igor at sysoev.ru (Igor Sysoev) Date: Wed, 26 Dec 2012 19:59:37 +0400 Subject: "msie_padding on" doesn't work? In-Reply-To: References: Message-ID: On Dec 26, 2012, at 19:54 , Lorenzo Raffio wrote: > msie_padding is set to on by default (and I didn't change it). Today I added this line to my location php block: > if ($http_user_agent ~ "MSIE 6" ) { > return 403 "Browser not supported. Please update or change to another one."; > } > > So now it is: > location ~ \.php$ { > try_files $uri =404; > fastcgi_split_path_info ^(.+\.php)(/.+)$; > include /etc/nginx/fastcgi.conf; > fastcgi_pass unix:/var/run/php5-fpm.sock; > if ($http_user_agent ~ "MSIE 6" ) { > return 403 "Browser not supported. Please update or change to another one."; > } > } > > It works (with curl and a IE6 user-agent I get my custom error message), the problem is that IE6 (real browser) displays its default error page (because my message is < of 512 bytes). But msie_padding on should "fix" that, am I wrong? No, nginx adds this padding only to its internal messages. > If I change the error to something longer it works! For example I set one (in italian, sorry): "Internet Explorer 6.0 non e' supportato. Per poter visualizzare il sito aggiorna ad una versione successiva o installa un browser alternativo (Google Chrome, Mozilla Firefox, Opera ...)." and it displays my error. You create page for MSIE6: error_page 402 = /msie6.html; and return 402 error: if ($http_user_agent ~ "MSIE 6") { return 402; } -- Igor Sysoev http://nginx.com/support.html -------------- next part -------------- An HTML attachment was scrubbed... URL: From multiformeingegno at gmail.com Wed Dec 26 16:02:11 2012 From: multiformeingegno at gmail.com (Lorenzo Raffio) Date: Wed, 26 Dec 2012 17:02:11 +0100 Subject: "msie_padding on" doesn't work? Message-ID: Oh, ok! Maybe it would be useful to add the padding to custom error messages too..? :) Should be an easy add. -------------- next part -------------- An HTML attachment was scrubbed... URL: From igor at sysoev.ru Wed Dec 26 16:03:14 2012 From: igor at sysoev.ru (Igor Sysoev) Date: Wed, 26 Dec 2012 20:03:14 +0400 Subject: Using Crypt::OpenSSL::RSA with http_perl_module problem In-Reply-To: <4607a967859d0c909edaaa5f40acabff.NginxMailingListEnglish@forum.nginx.org> References: <80cb0a23745b4049edc28371edb8c67d.NginxMailingListEnglish@forum.nginx.org> <4607a967859d0c909edaaa5f40acabff.NginxMailingListEnglish@forum.nginx.org> Message-ID: <4DC1BA72-01D0-43FA-89ED-92829854968E@sysoev.ru> On Dec 26, 2012, at 19:58 , kalpesh.patel at glgroup.com wrote: > I am suspecting following to be issue some how. I've tried specifying it via > $LD_LIBRARY_PATH, $LD_PRELOAD and /etc/ld.so.preload but no love. > > > root at master-01:/home/theApp/theEnDec/conf# find / -name RSA.so > /usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA.so > /usr/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA.so Try to set in nginx.conf at top level: env PERL5LIB=/usr/local/lib/perl/5.12.4/:/usr/lib/perl/5.12.4/; Details at http://nginx.org/en/docs/ngx_core_module.html#env -- Igor Sysoev http://nginx.com/support.html From nginx-forum at nginx.us Wed Dec 26 16:40:04 2012 From: nginx-forum at nginx.us (kalpesh.patel@glgroup.com) Date: Wed, 26 Dec 2012 11:40:04 -0500 Subject: Using Crypt::OpenSSL::RSA with http_perl_module problem In-Reply-To: <4DC1BA72-01D0-43FA-89ED-92829854968E@sysoev.ru> References: <4DC1BA72-01D0-43FA-89ED-92829854968E@sysoev.ru> Message-ID: Igor: I had tried that before but now I tried with following two which still errors out with same exact place and error: env PERL5LIB=/usr/local/lib/perl/5.12.4/:/usr/lib/perl/5.12.4/; env LD_LIBRARY_PATH=/usr/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234394,234489#msg-234489 From igor at sysoev.ru Wed Dec 26 17:08:59 2012 From: igor at sysoev.ru (Igor Sysoev) Date: Wed, 26 Dec 2012 21:08:59 +0400 Subject: Using Crypt::OpenSSL::RSA with http_perl_module problem In-Reply-To: References: <4DC1BA72-01D0-43FA-89ED-92829854968E@sysoev.ru> Message-ID: On Dec 26, 2012, at 20:40 , kalpesh.patel at glgroup.com wrote: > Igor: > > I had tried that before but now I tried with following two which still > errors out with same exact place and error: > > > env PERL5LIB=/usr/local/lib/perl/5.12.4/:/usr/lib/perl/5.12.4/; > env LD_LIBRARY_PATH=/usr/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/; Sorry, I did not look your first message with strace. Perl already knows about these pathes, but it seems this perl installation is broken: Perl found right directory but then tries to look "RSA." instead of "RSA.so": stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0 stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA.", 0x16d0e68) = -1 ENOENT (No such file or directory) Then it looks "-L/..." directories which are actually linking parameters: stat("-L/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) stat("-L/usr/lib/perl/5.12/auto/Crypt/OpenSSL/RSA", 0x16d0e68) = -1 ENOENT (No such file or directory) -- Igor Sysoev http://nginx.com/support.html From potapov.d at gmail.com Wed Dec 26 17:58:44 2012 From: potapov.d at gmail.com (Dmitry Potapov) Date: Wed, 26 Dec 2012 20:58:44 +0300 Subject: Access to location configs from postconfiguration Message-ID: Hello, I'm writing my first nginx module and want perform some per-location initialization (and validation) in postconfiguration function. Unfortunately I've found that only named locations can be accessed from postconfiguration function (using the chain main_conf->servers->named_locations). I don't want to force users to named locations usage, so I'm looking for another way to iterate over locations configs. For now I've found the following solution: 1. In create_main_conf: create empty array of pointers to ngx_http_core_loc_conf_t inside module main_conf 2. At the end of each merge_loc_conf function: remove pointer to parent config from pointers array (if any) and add (or replace) pointer to child config 3. In postconfiguration function: iterate through pointers array from module main_conf 4. At the end of postconfiguration: free memory used for pointers array But this seems to be bad solution. It there any easy and built-in mechanism to iterate over location configuration, so I can perform initialization for those where my module was used (and appropriate module location configuration flag was set while parsing)? -- Thanks in advance, Dmitry -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Thu Dec 27 11:34:34 2012 From: nginx-forum at nginx.us (adambenayoun) Date: Thu, 27 Dec 2012 06:34:34 -0500 Subject: rewrite or internal redirection cycle while internally redirecting to "/index.php" Message-ID: <68b7d4d41a99be3c1d0245801a99d4d7.NginxMailingListEnglish@forum.nginx.org> Hello everyone, I'm having some issue with X-accel and I'd be happy if someone could look over my configuration file and let me know what I did wrong. I am basically running nginx/1.2.5 with php-fpm 5.3.3 on Centos 5.5 I am running an application that is served using Zend Framework from /var/www/domain/html/http I have many files available for download from /var/www/domain/html/files/projects/$id/$file_name ($id is anything ranging from 1-999 and $file_name is a zip file). I want to basically serve the zip files using X-Accel and bypass php-fpm. In the application when I check if the file can be served or not - I added this: header("X-Accel-Redirect: " . $file); in order to serve it using X-Accel. I also added this location in my config to serve the zip files using nginx location /projects { internal; root /var/www/domain/html/files; } The problem is I get a 500 error and when I look at the log file - this is what I can spot: [error] 10274#0: *25 rewrite or internal redirection cycle while internally redirecting to "/index.php" This is the content of my domain.conf in /conf.d server { listen 80; listen 443 ssl; server_name domain.com; ssl_certificate /etc/nginx/certs/www.domain.com.crt; ssl_certificate_key /etc/nginx/certs/www.domain.com.key; return 301 $scheme://www.domain.com$request_uri; } server { listen 80; listen 443 ssl; server_name www.domain.com; error_log /var/www/domain/logs/error_log warn; ssl_certificate /etc/nginx/certs/www.domain.com.crt; ssl_certificate_key /etc/nginx/certs/www.domain.com.key; root /var/www/domain/html/http; index index.php; client_max_body_size 250m; error_page 403 404 =404 /notfound; include /etc/nginx/conf.d/domain.locations; } #### Content of domain.locations if ( $request_uri ~ "^/index.php" ) { rewrite ^/index.php(.*) $1 permanent; } location / { rewrite ^/wanted/feed$ /feed?filter=wanted permanent; try_files $uri $uri/ /index.php?$args; } location /min { try_files $uri $uri/ /min/index.php?q=; } location /blog { try_files $uri $uri/ /blog/index.php?q=$1; } location /apc { try_files $uri $uri/ /apc.php$args; } location /projects { internal; root /var/www/domain/html/files; } location ~ \.php { include /etc/nginx/fastcgi_params; fastcgi_param HTTPS $https if_not_empty; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param SERVER_NAME $http_host; fastcgi_pass 127.0.0.1:9000; } location ~* ^.+\.(ht|svn|git)$ { deny all; } # Static files location location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js)$ { expires max; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234501,234501#msg-234501 From nginx-forum at nginx.us Thu Dec 27 13:33:05 2012 From: nginx-forum at nginx.us (kalpesh.patel@glgroup.com) Date: Thu, 27 Dec 2012 08:33:05 -0500 Subject: Using Crypt::OpenSSL::RSA with http_perl_module problem In-Reply-To: References: Message-ID: <5083352203c7891c0cb24dc15a53d731.NginxMailingListEnglish@forum.nginx.org> Igor: You could be right. Than it leaves me a bit puzzled. I have a strait forward perl script using same library seems to load it perfectly fine and works without any errors. I checked and I have only one perl version installed so mixing and matching isn't an issue. Search for "-------> relevent part seems to be here" to jump to it if strace is of any interest... I'll give a shot at compiling perl from source and see what turns it takes. -------> The perl script: #!/usr/bin/perl use Convert::PEM; use Crypt::OpenSSL::RSA; use MIME::Base64; use strict; my $encrypted_string =q( gFG/i6YvQ54hEmlYf1D8MEZ4wPs9GANJ8WkBGkokyT4u6aYPuff8DmgFiXMgUvjPIfiOtf8JDaiS wr7FpXfSi1TuZVb9waFTZitxJ9Gh7PRBw1YLr/ZQWGSf7ZzOF0iuIEl8q4C+MZScCFjiYjqz4qc0 6ehgnmggDA5R2RmlvVv0q1H5Orrv0xlucAxNpMvg9CD74tKg+192unGOhWOK29G4uf2jE5I9CfbI TJU7vrpD7RY1RFR+BAdNRe6W6+VadcLc/vytMp175JDD9tBsUKm/ZueGTJ6L7Y7kQ6yx+trvhgNQ zjmFg7wQ+2x9V0fcA4uUueRT58dqFjAQpXVnCw== ); my $private_key = 'private.pem'; my $password = 'testing'; print decryptPrivate($private_key,$password,$encrypted_string), "\n"; exit; sub decryptPrivate { my ($private_key,$password,$string) = @_; my $key_string = readPrivateKey($private_key,$password); return(undef) unless ($key_string); # Decrypt failed. my $private = Crypt::OpenSSL::RSA->new_private_key($key_string) || die "$!"; $private->decrypt(decode_base64($string)); } sub readPrivateKey { my ($file,$password) = @_; my $key_string; $key_string = decryptPEM($file,$password); } sub decryptPEM { my ($file,$password) = @_; my $pem = Convert::PEM->new( Name => 'RSA PRIVATE KEY', ASN => qq( RSAPrivateKey SEQUENCE { version INTEGER, n INTEGER, e INTEGER, d INTEGER, p INTEGER, q INTEGER, dp INTEGER, dq INTEGER, iqmp INTEGER } )); my $pkey = $pem->read(Filename => $file, Password => $password); return(undef) unless ($pkey); # Decrypt failed. $pem->encode(Content => $pkey); } -------> strace of perl run root at master-01:/home/theapp/theEnDec/perl# strace -f ./test_decrypt.pl execve("./test_decrypt.pl", ["./test_decrypt.pl"], [/* 521 vars */]) = 0 brk(0) = 0x238a000 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f433091b000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) open("/etc/ld.so.cache", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=19679, ...}) = 0 mmap(NULL, 19679, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f4330916000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/usr/lib/libperl.so.5.12", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200T\3\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=1524408, ...}) = 0 mmap(NULL, 3620040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f4330389000 mprotect(0x7f43304f5000, 2093056, PROT_NONE) = 0 mmap(0x7f43306f4000, 36864, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x16b000) = 0x7f43306f4000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0 \24\2\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=1694008, ...}) = 0 mmap(NULL, 3810152, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f432ffe6000 mprotect(0x7f433017f000, 2093056, PROT_NONE) = 0 mmap(0x7f433037e000, 20480, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x198000) = 0x7f433037e000 mmap(0x7f4330383000, 21352, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f4330383000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libdl.so.2", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\340\r\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=14768, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4330915000 mmap(NULL, 2109704, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f432fde2000 mprotect(0x7f432fde4000, 2097152, PROT_NONE) = 0 mmap(0x7f432ffe4000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x2000) = 0x7f432ffe4000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libm.so.6", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\360>\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=538928, ...}) = 0 mmap(NULL, 2633960, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f432fb5e000 mprotect(0x7f432fbe1000, 2093056, PROT_NONE) = 0 mmap(0x7f432fde0000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x82000) = 0x7f432fde0000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libpthread.so.0", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0Pl\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0755, st_size=135500, ...}) = 0 mmap(NULL, 2212920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f432f941000 mprotect(0x7f432f959000, 2093056, PROT_NONE) = 0 mmap(0x7f432fb58000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17000) = 0x7f432fb58000 mmap(0x7f432fb5a000, 13368, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f432fb5a000 close(3) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libcrypt.so.1", O_RDONLY) = 3 read(3, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P\n\0\0\0\0\0\0"..., 832) = 832 fstat(3, {st_mode=S_IFREG|0644, st_size=43296, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4330914000 mmap(NULL, 2327040, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f432f708000 mprotect(0x7f432f711000, 2097152, PROT_NONE) = 0 mmap(0x7f432f911000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x9000) = 0x7f432f911000 mmap(0x7f432f913000, 184832, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f432f913000 close(3) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4330913000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f4330911000 arch_prctl(ARCH_SET_FS, 0x7f4330911720) = 0 mprotect(0x7f432f911000, 4096, PROT_READ) = 0 mprotect(0x7f432fb58000, 4096, PROT_READ) = 0 mprotect(0x7f432fde0000, 4096, PROT_READ) = 0 mprotect(0x7f432ffe4000, 4096, PROT_READ) = 0 mprotect(0x7f433037e000, 16384, PROT_READ) = 0 mprotect(0x7f43306f4000, 16384, PROT_READ) = 0 mprotect(0x601000, 4096, PROT_READ) = 0 mprotect(0x7f433091d000, 4096, PROT_READ) = 0 munmap(0x7f4330916000, 19679) = 0 set_tid_address(0x7f43309119f0) = 25875 set_robust_list(0x7f4330911a00, 0x18) = 0 futex(0x7fffd34b5dcc, FUTEX_WAKE_PRIVATE, 1) = 0 futex(0x7fffd34b5dcc, FUTEX_WAIT_BITSET_PRIVATE|FUTEX_CLOCK_REALTIME, 1, NULL, 7f4330911720) = -1 EAGAIN (Resource temporarily unavailable) rt_sigaction(SIGRTMIN, {0x7f432f9476c0, [], SA_RESTORER|SA_SIGINFO, 0x7f432f951060}, NULL, 8) = 0 rt_sigaction(SIGRT_1, {0x7f432f947750, [], SA_RESTORER|SA_RESTART|SA_SIGINFO, 0x7f432f951060}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 getrlimit(RLIMIT_STACK, {rlim_cur=8192*1024, rlim_max=RLIM_INFINITY}) = 0 rt_sigaction(SIGFPE, {SIG_IGN, [FPE], SA_RESTORER|SA_RESTART, 0x7f433001c460}, {SIG_DFL, [], 0}, 8) = 0 brk(0) = 0x238a000 brk(0x23ab000) = 0x23ab000 getuid() = 0 geteuid() = 0 getgid() = 0 getegid() = 0 open("/usr/lib/locale/locale-archive", O_RDONLY) = 3 fstat(3, {st_mode=S_IFREG|0644, st_size=2919792, ...}) = 0 mmap(NULL, 2919792, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f432f43f000 close(3) = 0 open("/dev/urandom", O_RDONLY) = 3 read(3, "I>'D", 4) = 4 close(3) = 0 brk(0x23cc000) = 0x23cc000 readlink("/proc/self/exe", "/usr/bin/perl", 4095) = 13 stat("/usr/local/lib/site_perl/5.12.4/x86_64-linux-gnu-thread-multi", 0x7fffd34b5950) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/site_perl/5.12.4", 0x7fffd34b5950) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/site_perl/x86_64-linux-gnu-thread-multi", 0x7fffd34b5950) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.3", 0x7fffd34b5a90) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.3", 0x7fffd34b5a90) = -1 ENOENT (No such file or directory) ioctl(0, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 lseek(0, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) ioctl(1, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 lseek(1, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) ioctl(2, SNDCTL_TMR_TIMEBASE or TCGETS, {B38400 opost isig icanon echo ...}) = 0 lseek(2, 0, SEEK_CUR) = -1 ESPIPE (Illegal seek) open("./test_decrypt.pl", O_RDONLY) = 3 ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b5958) = -1 ENOTTY (Inappropriate ioctl for device) -------> removed some strace to meet the message body size. stat("/etc/perl/utf8.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/etc/perl/utf8.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/utf8.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/utf8.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/utf8.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/utf8.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/utf8.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/utf8.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/utf8.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/utf8.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/utf8.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/utf8.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/utf8.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/utf8.pm", {st_mode=S_IFREG|0644, st_size=379, ...}) = 0 open("/usr/share/perl/5.12/utf8.pm", O_RDONLY) = 6 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4658) = -1 ENOTTY (Inappropriate ioctl for device) lseek(6, 0, SEEK_CUR) = 0 read(6, "package utf8;\n\n$utf8::hint_bits "..., 4096) = 379 lseek(6, 378, SEEK_SET) = 378 lseek(6, 0, SEEK_CUR) = 378 close(6) = 0 read(5, "($tree) {\n $self->{error} = $"..., 4096) = 4096 read(5, " os2ip {\n my($os, $biclass) ="..., 4096) = 1971 brk(0x2537000) = 0x2537000 stat("/etc/perl/Convert/ASN1/_decode.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/etc/perl/Convert/ASN1/_decode.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Convert/ASN1/_decode.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Convert/ASN1/_decode.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Convert/ASN1/_decode.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Convert/ASN1/_decode.pm", {st_mode=S_IFREG|0444, st_size=15765, ...}) = 0 open("/usr/local/share/perl/5.12.4/Convert/ASN1/_decode.pm", O_RDONLY) = 6 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4658) = -1 ENOTTY (Inappropriate ioctl for device) lseek(6, 0, SEEK_CUR) = 0 read(6, "# Copyright (c) 2000-2005 Graham"..., 4096) = 4096 read(6, "arr,\n\t\t);\n\n\t\t$pos = $npos+$len+$"..., 4096) = 4096 brk(0x2558000) = 0x2558000 read(6, "xp);\n return;\n }\n elsif($fi"..., 4096) = 4096 brk(0x2579000) = 0x2579000 read(6, "\n\nmy %_dec_time_opt = ( unixtime"..., 4096) = 3477 read(6, "", 4096) = 0 close(6) = 0 stat("/etc/perl/Convert/ASN1/_encode.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/etc/perl/Convert/ASN1/_encode.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Convert/ASN1/_encode.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Convert/ASN1/_encode.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Convert/ASN1/_encode.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Convert/ASN1/_encode.pm", {st_mode=S_IFREG|0444, st_size=9432, ...}) = 0 open("/usr/local/share/perl/5.12.4/Convert/ASN1/_encode.pm", O_RDONLY) = 6 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4658) = -1 ENOTTY (Inappropriate ioctl for device) lseek(6, 0, SEEK_CUR) = 0 read(6, "# Copyright (c) 2000-2005 Graham"..., 4096) = 4096 brk(0x259a000) = 0x259a000 read(6, "substr($_[4],$l,1) = asn_encode_"..., 4096) = 4096 brk(0x25bb000) = 0x25bb000 read(6, "enc_any {\n# 0 1 2 "..., 4096) = 1240 read(6, "", 4096) = 0 close(6) = 0 stat("/etc/perl/Convert/ASN1/IO.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/etc/perl/Convert/ASN1/IO.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Convert/ASN1/IO.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Convert/ASN1/IO.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Convert/ASN1/IO.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Convert/ASN1/IO.pm", {st_mode=S_IFREG|0444, st_size=5473, ...}) = 0 open("/usr/local/share/perl/5.12.4/Convert/ASN1/IO.pm", O_RDONLY) = 6 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4658) = -1 ENOTTY (Inappropriate ioctl for device) lseek(6, 0, SEEK_CUR) = 0 read(6, "# Copyright (c) 2000-2005 Graham"..., 4096) = 4096 stat("/etc/perl/Socket.pmc", 0x7fffd34b4370) = -1 ENOENT (No such file or directory) stat("/etc/perl/Socket.pm", 0x7fffd34b42c0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Socket.pmc", 0x7fffd34b4370) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Socket.pm", 0x7fffd34b42c0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Socket.pmc", 0x7fffd34b4370) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Socket.pm", 0x7fffd34b42c0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/Socket.pmc", 0x7fffd34b4370) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/Socket.pm", 0x7fffd34b42c0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/Socket.pmc", 0x7fffd34b4370) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/Socket.pm", 0x7fffd34b42c0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/Socket.pmc", 0x7fffd34b4370) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/Socket.pm", {st_mode=S_IFREG|0644, st_size=3737, ...}) = 0 open("/usr/lib/perl/5.12/Socket.pm", O_RDONLY) = 7 ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4038) = -1 ENOTTY (Inappropriate ioctl for device) lseek(7, 0, SEEK_CUR) = 0 read(7, "package Socket;\n\nour($VERSION, @"..., 4096) = 3737 stat("/etc/perl/Carp.pmc", 0x7fffd34b3d50) = -1 ENOENT (No such file or directory) stat("/etc/perl/Carp.pm", 0x7fffd34b3ca0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Carp.pmc", 0x7fffd34b3d50) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Carp.pm", 0x7fffd34b3ca0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Carp.pmc", 0x7fffd34b3d50) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Carp.pm", 0x7fffd34b3ca0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/Carp.pmc", 0x7fffd34b3d50) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/Carp.pm", 0x7fffd34b3ca0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/Carp.pmc", 0x7fffd34b3d50) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/Carp.pm", 0x7fffd34b3ca0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/Carp.pmc", 0x7fffd34b3d50) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/Carp.pm", 0x7fffd34b3ca0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/Carp.pmc", 0x7fffd34b3d50) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/Carp.pm", {st_mode=S_IFREG|0644, st_size=8793, ...}) = 0 open("/usr/share/perl/5.12/Carp.pm", O_RDONLY) = 8 ioctl(8, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b3a18) = -1 ENOTTY (Inappropriate ioctl for device) lseek(8, 0, SEEK_CUR) = 0 read(8, "package Carp;\n\nour $VERSION = '1"..., 4096) = 4096 read(8, "ord($1))/eg;\n return $arg;\n}\n\n#"..., 4096) = 4096 brk(0x25dc000) = 0x25dc000 read(8, "$known->{$parent}) {\n my "..., 4096) = 601 lseek(8, 8792, SEEK_SET) = 8792 lseek(8, 0, SEEK_CUR) = 8792 close(8) = 0 read(7, "", 4096) = 0 close(7) = 0 brk(0x25fd000) = 0x25fd000 stat("/usr/lib/perl/5.12/auto/Socket/Socket.bs", 0x238a138) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/auto/Socket/Socket.so", {st_mode=S_IFREG|0644, st_size=31104, ...}) = 0 stat("/usr/lib/perl/5.12/auto/Socket/Socket.bs", 0x238a138) = -1 ENOENT (No such file or directory) open("/usr/lib/perl/5.12/auto/Socket/Socket.so", O_RDONLY) = 7 read(7, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200(\0\0\0\0\0\0"..., 832) = 832 fstat(7, {st_mode=S_IFREG|0644, st_size=31104, ...}) = 0 mmap(NULL, 2126288, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 7, 0) = 0x7f432ec22000 mprotect(0x7f432ec28000, 2097152, PROT_NONE) = 0 mmap(0x7f432ee28000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 7, 0x6000) = 0x7f432ee28000 close(7) = 0 mprotect(0x7f432ee28000, 4096, PROT_READ) = 0 brk(0x261e000) = 0x261e000 read(6, "])\n : send($_[0],$_[1],$_[2])"..., 4096) = 1377 read(6, "", 4096) = 0 close(6) = 0 stat("/etc/perl/Convert/ASN1/parser.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/etc/perl/Convert/ASN1/parser.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Convert/ASN1/parser.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Convert/ASN1/parser.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Convert/ASN1/parser.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Convert/ASN1/parser.pm", {st_mode=S_IFREG|0444, st_size=25267, ...}) = 0 open("/usr/local/share/perl/5.12.4/Convert/ASN1/parser.pm", O_RDONLY) = 6 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4658) = -1 ENOTTY (Inappropriate ioctl for device) lseek(6, 0, SEEK_CUR) = 0 read(6, "#$yysccsid = \"@(#)yaccpar 1.8 (B"..., 4096) = 4096 stat("/etc/perl/Exporter/Heavy.pmc", 0x7fffd34b4370) = -1 ENOENT (No such file or directory) stat("/etc/perl/Exporter/Heavy.pm", 0x7fffd34b42c0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Exporter/Heavy.pmc", 0x7fffd34b4370) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Exporter/Heavy.pm", 0x7fffd34b42c0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Exporter/Heavy.pmc", 0x7fffd34b4370) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Exporter/Heavy.pm", 0x7fffd34b42c0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/Exporter/Heavy.pmc", 0x7fffd34b4370) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/Exporter/Heavy.pm", 0x7fffd34b42c0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/Exporter/Heavy.pmc", 0x7fffd34b4370) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/Exporter/Heavy.pm", 0x7fffd34b42c0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/Exporter/Heavy.pmc", 0x7fffd34b4370) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/Exporter/Heavy.pm", 0x7fffd34b42c0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/Exporter/Heavy.pmc", 0x7fffd34b4370) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/Exporter/Heavy.pm", {st_mode=S_IFREG|0644, st_size=6233, ...}) = 0 open("/usr/share/perl/5.12/Exporter/Heavy.pm", O_RDONLY) = 7 ioctl(7, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4038) = -1 ENOTTY (Inappropriate ioctl for device) lseek(7, 0, SEEK_CUR) = 0 read(7, "package Exporter::Heavy;\n\nuse st"..., 4096) = 4096 brk(0x263f000) = 0x263f000 read(7, "= map { /^\\w/ ? ($_, '&'.$_) : $"..., 4096) = 2137 read(7, "", 4096) = 0 close(7) = 0 brk(0x2660000) = 0x2660000 read(6, "18, 18, 18, 18, 18, 19"..., 4096) = 4096 read(6, " 55, 72, 39, 32, 33, 5"..., 4096) = 4096 brk(0x2681000) = 0x2681000 read(6, "sp-3];\n\t\t @{$yyval = []}[cTYPE,"..., 4096) = 4096 brk(0x26a2000) = 0x26a2000 read(6, "te56: {\n# 306 \"parser.y\"\n{ $yyva"..., 4096) = 4096 read(6, "D])[0]\n\t\t\t: ''\n\t } @{$op->[cCHI"..., 4096) = 4096 brk(0x26c3000) = 0x26c3000 read(6, "th($asn);\n\n 0\n}\n\nsub yyerror {\n"..., 4096) = 691 read(6, "", 4096) = 0 close(6) = 0 read(5, "", 4096) = 0 close(5) = 0 stat("/etc/perl/Convert/PEM/CBC.pmc", 0x7fffd34b4f60) = -1 ENOENT (No such file or directory) stat("/etc/perl/Convert/PEM/CBC.pm", 0x7fffd34b4eb0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Convert/PEM/CBC.pmc", 0x7fffd34b4f60) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Convert/PEM/CBC.pm", 0x7fffd34b4eb0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Convert/PEM/CBC.pmc", 0x7fffd34b4f60) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Convert/PEM/CBC.pm", {st_mode=S_IFREG|0444, st_size=6454, ...}) = 0 open("/usr/local/share/perl/5.12.4/Convert/PEM/CBC.pm", O_RDONLY) = 5 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4c28) = -1 ENOTTY (Inappropriate ioctl for device) lseek(5, 0, SEEK_CUR) = 0 read(5, "package Convert::PEM::CBC;\nuse s"..., 4096) = 4096 lseek(5, 2598, SEEK_SET) = 2598 lseek(5, 0, SEEK_CUR) = 2598 close(5) = 0 brk(0x26e4000) = 0x26e4000 read(4, "----\"; \n my $tail = \"-----END"..., 4096) = 4096 lseek(4, 5655, SEEK_SET) = 5655 lseek(4, 0, SEEK_CUR) = 5655 close(4) = 0 stat("/etc/perl/Crypt/OpenSSL/RSA.pmc", 0x7fffd34b5580) = -1 ENOENT (No such file or directory) stat("/etc/perl/Crypt/OpenSSL/RSA.pm", 0x7fffd34b54d0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Crypt/OpenSSL/RSA.pmc", 0x7fffd34b5580) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Crypt/OpenSSL/RSA.pm", {st_mode=S_IFREG|0444, st_size=8427, ...}) = 0 open("/usr/local/lib/perl/5.12.4/Crypt/OpenSSL/RSA.pm", O_RDONLY) = 4 ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b5248) = -1 ENOTTY (Inappropriate ioctl for device) lseek(4, 0, SEEK_CUR) = 0 read(4, "package Crypt::OpenSSL::RSA;\n\nus"..., 4096) = 4096 stat("/etc/perl/AutoLoader.pmc", 0x7fffd34b4f60) = -1 ENOENT (No such file or directory) stat("/etc/perl/AutoLoader.pm", 0x7fffd34b4eb0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/AutoLoader.pmc", 0x7fffd34b4f60) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/AutoLoader.pm", 0x7fffd34b4eb0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/AutoLoader.pmc", 0x7fffd34b4f60) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/AutoLoader.pm", 0x7fffd34b4eb0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/AutoLoader.pmc", 0x7fffd34b4f60) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/AutoLoader.pm", 0x7fffd34b4eb0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/AutoLoader.pmc", 0x7fffd34b4f60) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/AutoLoader.pm", 0x7fffd34b4eb0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/AutoLoader.pmc", 0x7fffd34b4f60) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/AutoLoader.pm", 0x7fffd34b4eb0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/AutoLoader.pmc", 0x7fffd34b4f60) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/AutoLoader.pm", {st_mode=S_IFREG|0644, st_size=5404, ...}) = 0 open("/usr/share/perl/5.12/AutoLoader.pm", O_RDONLY) = 5 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4c28) = -1 ENOTTY (Inappropriate ioctl for device) lseek(5, 0, SEEK_CUR) = 0 read(5, "package AutoLoader;\n\nuse strict;"..., 4096) = 4096 read(5, "owever, if @INC is a relative pa"..., 4096) = 1308 brk(0x2705000) = 0x2705000 lseek(5, 5403, SEEK_SET) = 5403 lseek(5, 0, SEEK_CUR) = 5403 close(5) = 0 stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/autosplit.ix", {st_mode=S_IFREG|0444, st_size=230, ...}) = 0 open("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/autosplit.ix", O_RDONLY) = 5 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4c28) = -1 ENOTTY (Inappropriate ioctl for device) lseek(5, 0, SEEK_CUR) = 0 read(5, "# Index created by AutoSplit for"..., 4096) = 230 read(5, "", 4096) = 0 close(5) = 0 stat("/etc/perl/Crypt/OpenSSL/Bignum.pmc", 0x7fffd34b4fb0) = -1 ENOENT (No such file or directory) stat("/etc/perl/Crypt/OpenSSL/Bignum.pm", 0x7fffd34b4f00) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Crypt/OpenSSL/Bignum.pmc", 0x7fffd34b4fb0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Crypt/OpenSSL/Bignum.pm", {st_mode=S_IFREG|0444, st_size=6475, ...}) = 0 open("/usr/local/lib/perl/5.12.4/Crypt/OpenSSL/Bignum.pm", O_RDONLY) = 5 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4c78) = -1 ENOTTY (Inappropriate ioctl for device) lseek(5, 0, SEEK_CUR) = 0 read(5, "package Crypt::OpenSSL::Bignum;\n"..., 4096) = 4096 lseek(5, 431, SEEK_SET) = 431 lseek(5, 0, SEEK_CUR) = 431 close(5) = 0 stat("/etc/perl/DynaLoader.pmc", 0x7fffd34b4fb0) = -1 ENOENT (No such file or directory) stat("/etc/perl/DynaLoader.pm", 0x7fffd34b4f00) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/DynaLoader.pmc", 0x7fffd34b4fb0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/DynaLoader.pm", 0x7fffd34b4f00) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/DynaLoader.pmc", 0x7fffd34b4fb0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/DynaLoader.pm", 0x7fffd34b4f00) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/DynaLoader.pmc", 0x7fffd34b4fb0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/DynaLoader.pm", 0x7fffd34b4f00) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/DynaLoader.pmc", 0x7fffd34b4fb0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/DynaLoader.pm", 0x7fffd34b4f00) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/DynaLoader.pmc", 0x7fffd34b4fb0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/DynaLoader.pm", {st_mode=S_IFREG|0644, st_size=7404, ...}) = 0 open("/usr/lib/perl/5.12/DynaLoader.pm", O_RDONLY) = 5 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4c78) = -1 ENOTTY (Inappropriate ioctl for device) lseek(5, 0, SEEK_CUR) = 0 read(5, "# Generated from DynaLoader_pm.P"..., 4096) = 4096 stat("/etc/perl/Config.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/etc/perl/Config.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Config.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Config.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Config.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Config.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/Config.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/Config.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/Config.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/Config.pm", 0x7fffd34b48e0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/Config.pmc", 0x7fffd34b4990) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/Config.pm", {st_mode=S_IFREG|0644, st_size=2824, ...}) = 0 open("/usr/lib/perl/5.12/Config.pm", O_RDONLY) = 6 ioctl(6, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4658) = -1 ENOTTY (Inappropriate ioctl for device) lseek(6, 0, SEEK_CUR) = 0 read(6, "# This file was created by confi"..., 4096) = 2824 read(6, "", 4096) = 0 close(6) = 0 read(5, " dynamic loading or has the $mo"..., 4096) = 3308 brk(0x2726000) = 0x2726000 read(5, "", 4096) = 0 close(5) = 0 stat("/etc/perl/Config_heavy.pl", 0x7fffd34b4b30) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Config_heavy.pl", 0x7fffd34b4b30) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Config_heavy.pl", 0x7fffd34b4b30) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/Config_heavy.pl", 0x7fffd34b4b30) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/Config_heavy.pl", 0x7fffd34b4b30) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/Config_heavy.pl", {st_mode=S_IFREG|0644, st_size=43963, ...}) = 0 open("/usr/lib/perl/5.12/Config_heavy.pl", O_RDONLY) = 5 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b48a8) = -1 ENOTTY (Inappropriate ioctl for device) lseek(5, 0, SEEK_CUR) = 0 read(5, "# This file was created by confi"..., 4096) = 4096 read(5, "IG_SH='true'\nPERL_PATCHLEVEL=''\n"..., 4096) = 4096 read(5, "9e-308L) __DEC128_EPSILON__=1E-3"..., 4096) = 4096 read(5, "744073709551615UL __UINTPTR_TYPE"..., 4096) = 4096 read(5, "e'\nd_gethbyname='define'\nd_gethe"..., 4096) = 4096 read(5, "_setpwent='define'\nd_setpwent_r="..., 4096) = 4096 read(5, "s/CBuilder ExtUtils/Command ExtU"..., 4096) = 4096 read(5, "_termios='define'\ni_time='define"..., 4096) = 4096 read(5, "opt=''\nnm_so_opt='--dynamic'\nnon"..., 4096) = 4096 read(5, "UM46\", \"NUM47\", \"NUM48\", \"NUM49\""..., 4096) = 4096 brk(0x274f000) = 0x274f000 read(5, "nfig_sh_len = length $_;\n\nour $C"..., 4096) = 3003 read(5, "", 4096) = 0 close(5) = 0 brk(0x2770000) = 0x2770000 stat("/etc/perl/Config_git.pl", 0x7fffd34b4940) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Config_git.pl", 0x7fffd34b4940) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Config_git.pl", 0x7fffd34b4940) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/Config_git.pl", 0x7fffd34b4940) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/Config_git.pl", 0x7fffd34b4940) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/Config_git.pl", {st_mode=S_IFREG|0644, st_size=409, ...}) = 0 open("/usr/lib/perl/5.12/Config_git.pl", O_RDONLY) = 5 ioctl(5, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b46b8) = -1 ENOTTY (Inappropriate ioctl for device) lseek(5, 0, SEEK_CUR) = 0 read(5, "################################"..., 4096) = 409 read(5, "", 4096) = 0 close(5) = 0 stat("/etc/perl/auto/Crypt/OpenSSL/Bignum", 0x238a138) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/Bignum", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0 stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/Bignum/Bignum.so", {st_mode=S_IFREG|0555, st_size=137079, ...}) = 0 stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/Bignum/Bignum.bs", {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 open("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/Bignum/Bignum.so", O_RDONLY) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\0'\0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0555, st_size=137079, ...}) = 0 mmap(NULL, 2142832, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f432ea16000 mprotect(0x7f432ea21000, 2093056, PROT_NONE) = 0 mmap(0x7f432ec20000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0xa000) = 0x7f432ec20000 close(5) = 0 open("/etc/ld.so.cache", O_RDONLY) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=19679, ...}) = 0 mmap(NULL, 19679, PROT_READ, MAP_PRIVATE, 5, 0) = 0x7f4330916000 close(5) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libcrypto.so.1.0.0", O_RDONLY) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\200\312\5\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=1749000, ...}) = 0 mmap(NULL, 3859752, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f432e667000 mprotect(0x7f432e7ef000, 2097152, PROT_NONE) = 0 mmap(0x7f432e9ef000, 143360, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x188000) = 0x7f432e9ef000 mmap(0x7f432ea12000, 13608, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f432ea12000 close(5) = 0 access("/etc/ld.so.nohwcap", F_OK) = -1 ENOENT (No such file or directory) open("/lib/x86_64-linux-gnu/libz.so.1", O_RDONLY) = 5 read(5, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0P \0\0\0\0\0\0"..., 832) = 832 fstat(5, {st_mode=S_IFREG|0644, st_size=96816, ...}) = 0 mmap(NULL, 2191920, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 5, 0) = 0x7f432e44f000 mprotect(0x7f432e466000, 2093056, PROT_NONE) = 0 mmap(0x7f432e665000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 5, 0x16000) = 0x7f432e665000 close(5) = 0 mprotect(0x7f432e665000, 4096, PROT_READ) = 0 mprotect(0x7f432e9ef000, 102400, PROT_READ) = 0 mprotect(0x7f432ec20000, 4096, PROT_READ) = 0 munmap(0x7f4330916000, 19679) = 0 open("/usr/share/locale/locale.alias", O_RDONLY) = 5 fstat(5, {st_mode=S_IFREG|0644, st_size=2570, ...}) = 0 mmap(NULL, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f433091a000 read(5, "# Locale name alias data base.\n#"..., 4096) = 2570 read(5, "", 4096) = 0 close(5) = 0 munmap(0x7f433091a000, 4096) = 0 open("/usr/share/locale/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale-langpack/en_US.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale-langpack/en_US.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale-langpack/en_US/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale-langpack/en.UTF-8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale-langpack/en.utf8/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) open("/usr/share/locale-langpack/en/LC_MESSAGES/libc.mo", O_RDONLY) = -1 ENOENT (No such file or directory) lseek(4, 310, SEEK_SET) = 310 lseek(4, 0, SEEK_CUR) = 310 close(4) = 0 -------> relevent part seems to be here stat("/etc/perl/auto/Crypt/OpenSSL/RSA", 0x238a138) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0 stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA.so", {st_mode=S_IFREG|0555, st_size=145434, ...}) = 0 stat("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA.bs", {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 open("/usr/local/lib/perl/5.12.4/auto/Crypt/OpenSSL/RSA/RSA.so", O_RDONLY) = 4 read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\240/\0\0\0\0\0\0"..., 832) = 832 fstat(4, {st_mode=S_IFREG|0555, st_size=145434, ...}) = 0 mmap(NULL, 2142976, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f432e243000 mprotect(0x7f432e24e000, 2093056, PROT_NONE) = 0 mmap(0x7f432e44d000, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0xa000) = 0x7f432e44d000 close(4) = 0 mprotect(0x7f432e44d000, 4096, PROT_READ) = 0 read(3, "", 4096) = 0 close(3) = 0 open("private.pem", O_RDONLY) = 3 ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b57a8) = -1 ENOTTY (Inappropriate ioctl for device) lseek(3, 0, SEEK_CUR) = 0 fstat(3, {st_mode=S_IFREG|0664, st_size=1743, ...}) = 0 fcntl(3, F_SETFD, FD_CLOEXEC) = 0 fstat(3, {st_mode=S_IFREG|0664, st_size=1743, ...}) = 0 read(3, "-----BEGIN RSA PRIVATE KEY-----\n"..., 4096) = 1743 read(3, "", 4096) = 0 close(3) = 0 stat("/etc/perl/Crypt/DES_EDE3.pmc", 0x7fffd34b5490) = -1 ENOENT (No such file or directory) stat("/etc/perl/Crypt/DES_EDE3.pm", 0x7fffd34b53e0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Crypt/DES_EDE3.pmc", 0x7fffd34b5490) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Crypt/DES_EDE3.pm", 0x7fffd34b53e0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Crypt/DES_EDE3.pmc", 0x7fffd34b5490) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Crypt/DES_EDE3.pm", {st_mode=S_IFREG|0444, st_size=2743, ...}) = 0 open("/usr/local/share/perl/5.12.4/Crypt/DES_EDE3.pm", O_RDONLY) = 3 ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b5158) = -1 ENOTTY (Inappropriate ioctl for device) lseek(3, 0, SEEK_CUR) = 0 read(3, "# $Id: DES_EDE3.pm,v 1.2 2001/09"..., 4096) = 2743 stat("/etc/perl/Crypt/DES.pmc", 0x7fffd34b4e70) = -1 ENOENT (No such file or directory) stat("/etc/perl/Crypt/DES.pm", 0x7fffd34b4dc0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Crypt/DES.pmc", 0x7fffd34b4e70) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Crypt/DES.pm", {st_mode=S_IFREG|0444, st_size=3514, ...}) = 0 open("/usr/local/lib/perl/5.12.4/Crypt/DES.pm", O_RDONLY) = 4 ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4b38) = -1 ENOTTY (Inappropriate ioctl for device) lseek(4, 0, SEEK_CUR) = 0 read(4, "#\n# Copyright (C) 1995, 1996 Sys"..., 4096) = 3514 brk(0x2791000) = 0x2791000 lseek(4, 1174, SEEK_SET) = 1174 lseek(4, 0, SEEK_CUR) = 1174 close(4) = 0 stat("/etc/perl/auto/Crypt/DES", 0x238a138) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/auto/Crypt/DES", {st_mode=S_IFDIR|0775, st_size=4096, ...}) = 0 stat("/usr/local/lib/perl/5.12.4/auto/Crypt/DES/DES.so", {st_mode=S_IFREG|0555, st_size=70024, ...}) = 0 stat("/usr/local/lib/perl/5.12.4/auto/Crypt/DES/DES.bs", {st_mode=S_IFREG|0444, st_size=0, ...}) = 0 open("/usr/local/lib/perl/5.12.4/auto/Crypt/DES/DES.so", O_RDONLY) = 4 read(4, "\177ELF\2\1\1\0\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0`\22\0\0\0\0\0\0"..., 832) = 832 fstat(4, {st_mode=S_IFREG|0555, st_size=70024, ...}) = 0 mmap(NULL, 2118016, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_DENYWRITE, 4, 0) = 0x7f432e03d000 mprotect(0x7f432e040000, 2093056, PROT_NONE) = 0 mmap(0x7f432e23f000, 16384, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 4, 0x2000) = 0x7f432e23f000 close(4) = 0 mprotect(0x7f432e23f000, 4096, PROT_READ) = 0 lseek(3, 796, SEEK_SET) = 796 lseek(3, 0, SEEK_CUR) = 796 close(3) = 0 stat("/usr/local/lib/perl/5.12.4/auto/Crypt/DES/DESTROY.al", 0x238a138) = -1 ENOENT (No such file or directory) stat("/etc/perl/auto/Crypt/DES/DESTROY.al", 0x7fffd34b5300) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/auto/Crypt/DES/DESTROY.al", 0x7fffd34b5300) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/auto/Crypt/DES/DESTROY.al", 0x7fffd34b5300) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/auto/Crypt/DES/DESTROY.al", 0x7fffd34b5300) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/auto/Crypt/DES/DESTROY.al", 0x7fffd34b5300) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/auto/Crypt/DES/DESTROY.al", 0x7fffd34b5300) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/auto/Crypt/DES/DESTROY.al", 0x7fffd34b5300) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/site_perl/auto/Crypt/DES/DESTROY.al", 0x7fffd34b5300) = -1 ENOENT (No such file or directory) stat("./auto/Crypt/DES/DESTROY.al", 0x7fffd34b5300) = -1 ENOENT (No such file or directory) stat("/etc/perl/Math/BigInt.pmc", 0x7fffd34b5a90) = -1 ENOENT (No such file or directory) stat("/etc/perl/Math/BigInt.pm", 0x7fffd34b59e0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Math/BigInt.pmc", 0x7fffd34b5a90) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Math/BigInt.pm", 0x7fffd34b59e0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Math/BigInt.pmc", 0x7fffd34b5a90) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Math/BigInt.pm", {st_mode=S_IFREG|0444, st_size=158428, ...}) = 0 open("/usr/local/share/perl/5.12.4/Math/BigInt.pm", O_RDONLY) = 3 ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b5758) = -1 ENOTTY (Inappropriate ioctl for device) lseek(3, 0, SEEK_CUR) = 0 read(3, "package Math::BigInt;\n\n#\n# \"Mike"..., 4096) = 4096 brk(0x27b2000) = 0x27b2000 read(3, " \n $_[2] ? ref($_[0])->new($_["..., 4096) = 4096 stat("/etc/perl/overload.pmc", 0x7fffd34b5470) = -1 ENOENT (No such file or directory) stat("/etc/perl/overload.pm", 0x7fffd34b53c0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/overload.pmc", 0x7fffd34b5470) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/overload.pm", 0x7fffd34b53c0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/overload.pmc", 0x7fffd34b5470) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/overload.pm", 0x7fffd34b53c0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/overload.pmc", 0x7fffd34b5470) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/overload.pm", 0x7fffd34b53c0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/overload.pmc", 0x7fffd34b5470) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/overload.pm", 0x7fffd34b53c0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/overload.pmc", 0x7fffd34b5470) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/overload.pm", 0x7fffd34b53c0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/overload.pmc", 0x7fffd34b5470) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/overload.pm", {st_mode=S_IFREG|0644, st_size=4530, ...}) = 0 open("/usr/share/perl/5.12/overload.pm", O_RDONLY) = 4 ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b5138) = -1 ENOTTY (Inappropriate ioctl for device) lseek(4, 0, SEEK_CUR) = 0 read(4, "package overload;\n\nour $VERSION "..., 4096) = 4096 brk(0x27d3000) = 0x27d3000 read(4, "sed into.\n if (warnings::"..., 4096) = 434 lseek(4, 4529, SEEK_SET) = 4529 lseek(4, 0, SEEK_CUR) = 4529 close(4) = 0 read(3, " $x || __PACKAGE__;\n\n no strict"..., 4096) = 4096 brk(0x27f4000) = 0x27f4000 read(3, " };\n foreach my $key (qw/\n "..., 4096) = 4096 read(3, "ake integer from mantissa by adj"..., 4096) = 4096 brk(0x2815000) = 0x2815000 read(3, "f (@_ > 0)\n {\n if (@_ > 3)"..., 4096) = 4096 read(3, "->can('numify') ? $p->numify() :"..., 4096) = 4096 brk(0x2836000) = 0x2836000 read(3, " # zero or NaN\n}\n\nsub bneg \n"..., 4096) = 4096 read(3, "e} = $CALC->_sub($y->{value},$x-"..., 4096) = 4096 brk(0x2857000) = 0x2857000 read(3, " return $x->bnan() if $x->{sign"..., 4096) = 4096 brk(0x2878000) = 0x2878000 read(3, " : 0;\n }\n $x->{sign} =~ /^[+"..., 4096) = 4096 read(3, "($self) || !$z->isa($self) || !$"..., 4096) = 4096 brk(0x2899000) = 0x2899000 read(3, " = (ref($_[0]), at _);\n # objectif"..., 4096) = 4096 read(3, "\n\n # Check for valid input. All"..., 4096) = 4096 brk(0x28ba000) = 0x28ba000 read(3, "-inf => NaN\n return $x->bnan("..., 4096) = 4096 read(3, "\n $r[3] = $y;\t\t\t\t# no push!\n\n "..., 4096) = 4096 brk(0x28db000) = 0x28db000 read(3, "t($upgrade->new($y), at r) if defin"..., 4096) = 4096 brk(0x28fc000) = 0x28fc000 read(3, "git_after = '0'; $digit_after = "..., 4096) = 4096 read(3, " #\n # $x->badd(1); "..., 4096) = 4096 read(3, " }\n }\n # any non :consta"..., 4096) = 4096 brk(0x291d000) = 0x291d000 brk(0x291c000) = 0x291c000 read(3, "C->_from_hex('0x' . $chrs);\n\n "..., 4096) = 4096 read(3, " return if $m eq '.' || $m eq"..., 4096) = 4096 brk(0x293d000) = 0x293d000 read(3, "e;\n\n require Math::BigFloat;\n "..., 4096) = 4096 lseek(3, 91169, SEEK_SET) = 91169 lseek(3, 0, SEEK_CUR) = 91169 close(3) = 0 stat("/etc/perl/Math/BigInt/Calc.pmc", 0x7fffd34b5490) = -1 ENOENT (No such file or directory) stat("/etc/perl/Math/BigInt/Calc.pm", 0x7fffd34b53e0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Math/BigInt/Calc.pmc", 0x7fffd34b5490) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/Math/BigInt/Calc.pm", 0x7fffd34b53e0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Math/BigInt/Calc.pmc", 0x7fffd34b5490) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/Math/BigInt/Calc.pm", {st_mode=S_IFREG|0444, st_size=79629, ...}) = 0 open("/usr/local/share/perl/5.12.4/Math/BigInt/Calc.pm", O_RDONLY) = 3 ioctl(3, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b5158) = -1 ENOTTY (Inappropriate ioctl for device) lseek(3, 0, SEEK_CUR) = 0 read(3, "package Math::BigInt::Calc;\n\nuse"..., 4096) = 4096 read(3, "low brush the problems with the "..., 4096) = 4096 stat("/etc/perl/integer.pmc", 0x7fffd34b4e70) = -1 ENOENT (No such file or directory) stat("/etc/perl/integer.pm", 0x7fffd34b4dc0) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/integer.pmc", 0x7fffd34b4e70) = -1 ENOENT (No such file or directory) stat("/usr/local/lib/perl/5.12.4/integer.pm", 0x7fffd34b4dc0) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/integer.pmc", 0x7fffd34b4e70) = -1 ENOENT (No such file or directory) stat("/usr/local/share/perl/5.12.4/integer.pm", 0x7fffd34b4dc0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/integer.pmc", 0x7fffd34b4e70) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl5/integer.pm", 0x7fffd34b4dc0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/integer.pmc", 0x7fffd34b4e70) = -1 ENOENT (No such file or directory) stat("/usr/share/perl5/integer.pm", 0x7fffd34b4dc0) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/integer.pmc", 0x7fffd34b4e70) = -1 ENOENT (No such file or directory) stat("/usr/lib/perl/5.12/integer.pm", 0x7fffd34b4dc0) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/integer.pmc", 0x7fffd34b4e70) = -1 ENOENT (No such file or directory) stat("/usr/share/perl/5.12/integer.pm", {st_mode=S_IFREG|0644, st_size=172, ...}) = 0 open("/usr/share/perl/5.12/integer.pm", O_RDONLY) = 4 ioctl(4, SNDCTL_TMR_TIMEBASE or TCGETS, 0x7fffd34b4b38) = -1 ENOTTY (Inappropriate ioctl for device) lseek(4, 0, SEEK_CUR) = 0 brk(0x295e000) = 0x295e000 read(4, "package integer;\n\nour $VERSION ="..., 4096) = 172 read(4, "", 4096) = 0 close(4) = 0 read(3, "ich happens if the number\n # "..., 4096) = 4096 read(3, "sh @$xv, $car if $car != 0;\n "..., 4096) = 4096 brk(0x297f000) = 0x297f000 read(3, "a by a single element one, so sp"..., 4096) = 4096 read(3, "> 0: x > y\n if ($a <= 0)\n "..., 4096) = 4096 brk(0x29a0000) = 0x29a0000 read(3, "\n return $x;\t\t\t\t\t# only x, wh"..., 4096) = 4096 read(3, " my $r = [ $x->[0] % $yorg->[0"..., 4096) = 4096 brk(0x29c1000) = 0x29c1000 read(3, "if (wantarray) \n {\n @d = ("..., 4096) = 4096 read(3, "rt (this can be zero)\n while ($"..., 4096) = 4096 read(3, " left-over array elems\n pop @"..., 4096) = 4096 brk(0x29e2000) = 0x29e2000 read(3, "en N exceeds the storage of a Pe"..., 4096) = 4096 read(3, "gain\n unshift @$cx, (0) x $zero"..., 4096) = 4096 brk(0x2a03000) = 0x2a03000 read(3, "$BASE_LEN);\n print \"l = $l \" i"..., 4096) = 4096 read(3, "\n }\n\n # hit not exactly?"..., 4096) = 4096 brk(0x2a24000) = 0x2a24000 read(3, " if ($] >= 5.006)\n {\n $x1"..., 4096) = 4096 read(3, "###\n# special modulus functions\n"..., 4096) = 4096 brk(0x2a45000) = 0x2a45000 lseek(3, 68233, SEEK_SET) = 68233 lseek(3, 0, SEEK_CUR) = 68233 close(3) = 0 open("/dev/urandom", O_RDONLY|O_NOCTTY|O_NONBLOCK) = 3 fstat(3, {st_mode=S_IFCHR|0666, st_rdev=makedev(1, 9), ...}) = 0 poll([{fd=3, events=POLLIN}], 1, 10) = 1 ([{fd=3, revents=POLLIN}]) read(3, "-\363BR_+\322v&\364\35g\264\35\252u\3237\332\2743\231\22\304\337\"\314p\37U\200\212", 32) = 32 close(3) = 0 getuid() = 0 write(1, "Hello World!\n", 13Hello World! ) = 13 rt_sigaction(SIG_0, NULL, {0x7f43303d4040, [HUP INT QUIT TRAP ABRT BUS KILL], 0x238a010 /* SA_??? */}, 8) = -1 EINVAL (Invalid argument) rt_sigaction(SIGHUP, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGINT, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGQUIT, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGILL, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGTRAP, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGABRT, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGBUS, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGFPE, NULL, {SIG_IGN, [FPE], SA_RESTORER|SA_RESTART, 0x7f433001c460}, 8) = 0 rt_sigaction(SIGKILL, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGUSR1, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGSEGV, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGUSR2, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGPIPE, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGALRM, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGTERM, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGSTKFLT, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGCONT, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGSTOP, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGTSTP, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGTTIN, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGTTOU, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGURG, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGXCPU, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGXFSZ, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGVTALRM, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGPROF, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGWINCH, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGIO, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGPWR, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGSYS, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_2, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_3, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_4, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_5, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_6, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_7, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_8, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_9, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_10, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_11, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_12, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_13, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_14, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_15, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_16, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_17, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_18, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_19, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_20, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_21, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_22, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_23, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_24, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_25, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_26, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_27, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_28, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_29, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_30, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_31, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGRT_32, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGABRT, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGCHLD, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGIO, NULL, {SIG_DFL, [], 0}, 8) = 0 rt_sigaction(SIGSYS, NULL, {SIG_DFL, [], 0}, 8) = 0 exit_group(0) = ? root at master-01:/home/theapp/theEnDec/perl# Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234394,234493#msg-234493 From reallfqq-nginx at yahoo.fr Thu Dec 27 13:36:18 2012 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Thu, 27 Dec 2012 08:36:18 -0500 Subject: Disable auth_basic for unique (set of) URL Message-ID: Hello, I am using the auth_basic directive to restrict access to a whole server (auth_basic server-wide set, not in any particular location). Since I am using php, I am also using: location ~ \.php$ { FastCGI stuff here... } to forward my request to the PHP application. Now, I would like to remove the auth_basic authentication for a very unique and specific location: thisfile.php I first tried: location ~ \.php$ { location = /thisfile.php { auth_basic off; } FastCGI stuff here... } but Nginx said: nginx: [emerg] location "/thisfile.php" is outside location "\.php$" in .../nginx/conf.d/mystupid.conf:69 nginx: configuration file .../nginx/nginx.conf test failed I then tried: location ~ \.php$ { location ~ ^/thisfile.php$ { auth_basic off; } FastCGI stuff here... } But of course now the FastCGI part does not server the request and the PHP file is sent for download... What king of clean solution do I have? Am I forced to place the auth_basic in all my 'location' blocks but one, which would be for 'thisfile.php'? Thanks, --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From howachen at gmail.com Thu Dec 27 14:21:05 2012 From: howachen at gmail.com (howard chen) Date: Thu, 27 Dec 2012 22:21:05 +0800 Subject: Dynamic set upstream severs weight? Message-ID: Hi Is it possible to change server weight or take them offline without modifying the config and reload? We want to change server weight from a script that monitor backend load average, is it possible? p.s. something like Feedbackd for LVS. -------------- next part -------------- An HTML attachment was scrubbed... URL: From reallfqq-nginx at yahoo.fr Thu Dec 27 14:57:16 2012 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Thu, 27 Dec 2012 09:57:16 -0500 Subject: Disable auth_basic for unique (set of) URL In-Reply-To: References: Message-ID: I found inspiration here . I then tried to solve my problem with: location /thisfile.php { auth_basic off; # Start of *exact* copy location ~ \.php$ { FastCGI stuff here... } # End of *exact* copy } location ~ \.php$ { FastCGI stuff here... } I don't like this solution because it makes me copying my FastCGI work. What if one day I am to modify it? I'll probably forget there are 2 places to check... But it seems to work. Any better idea? Another point: If I set 'location = /thisfile.php' rather than 'location /thisfile.php', Nginx insults me with 'nginx: [emerg] location "\.php$" cannot be inside the exact location "/thisfile.php"' again. Bug or feature? --- *B. R.* On Thu, Dec 27, 2012 at 8:36 AM, B.R. wrote: > Hello, > > I am using the auth_basic directive to restrict access to a whole server > (auth_basic server-wide set, not in any particular location). > Since I am using php, I am also using: > > location ~ \.php$ { > FastCGI stuff here... > } > > to forward my request to the PHP application. > > Now, I would like to remove the auth_basic authentication for a very > unique and specific location: thisfile.php > > I first tried: > > location ~ \.php$ { > location = /thisfile.php { > auth_basic off; > } > FastCGI stuff here... > } > > but Nginx said: > nginx: [emerg] location "/thisfile.php" is outside location "\.php$" in > .../nginx/conf.d/mystupid.conf:69 > nginx: configuration file .../nginx/nginx.conf test failed > > I then tried: > > location ~ \.php$ { > location ~ ^/thisfile.php$ { > auth_basic off; > } > FastCGI stuff here... > } > > But of course now the FastCGI part does not server the request and the > PHP file is sent for download... > > What king of clean solution do I have? > Am I forced to place the auth_basic in all my 'location' blocks but one, > which would be for 'thisfile.php'? > > Thanks, > --- > *B. R.* > -------------- next part -------------- An HTML attachment was scrubbed... URL: From siefke_listen at web.de Thu Dec 27 15:27:57 2012 From: siefke_listen at web.de (Silvio Siefke) Date: Thu, 27 Dec 2012 16:27:57 +0100 Subject: Multilanguage Websites Message-ID: <20121227162757.0614c719b67d5235ec41800f@web.de> I would like to realize a website in multiple languages. Is there a way to implement the project with Nginx, or recommends you other ways? Thanks for help and Greetings Silvio From brad at ftwentertainment.com Thu Dec 27 16:17:05 2012 From: brad at ftwentertainment.com (Brad Riemann) Date: Thu, 27 Dec 2012 16:17:05 +0000 Subject: Multilanguage Websites In-Reply-To: <20121227162757.0614c719b67d5235ec41800f@web.de> References: <20121227162757.0614c719b67d5235ec41800f@web.de> Message-ID: Hey Silvio, I've seen implementations of nginx with rewrites for different languages, but from personal experience in PHP, I've found it easy to implement language modules on the code side instead of having to worry about the webserver configuration side.. (just my opinion, and im a lazy php dev :)) If anyone would like to rebuttal, I would love to learn myself, just to see how it's done :D Brad Riemann Systems Engineer FTW Entertainment LLC -----Original Message----- From: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] On Behalf Of Silvio Siefke Sent: Thursday, December 27, 2012 9:28 AM To: nginx at nginx.org Subject: Multilanguage Websites I would like to realize a website in multiple languages. Is there a way to implement the project with Nginx, or recommends you other ways? Thanks for help and Greetings Silvio _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Thu Dec 27 16:27:43 2012 From: nginx-forum at nginx.us (Gulaholic) Date: Thu, 27 Dec 2012 11:27:43 -0500 Subject: nginx erroneously redirecting to https In-Reply-To: <94ff118dad016636a8913de4473ae519.NginxMailingListEnglish@forum.nginx.org> References: <20121221192041.GD18139@craic.sysops.org> <94ff118dad016636a8913de4473ae519.NginxMailingListEnglish@forum.nginx.org> Message-ID: <87e0cca15d07c75a9cb39a3b20d5a722.NginxMailingListEnglish@forum.nginx.org> I'm starting to figure these all out. I think there are problems with these files: function.cms_stylesheet.php and function.metadata.php. They are probably conflict with Nginx configuration. Does it has something to do with these: ====== if ($showbase) { $base = $config['root_url']; if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off') { $base = $config['ssl_url']; } $result .= "\n\n"; } ====== if( $auto_https ) { if (isset($_SERVER['HTTPS']) && strtolower($_SERVER['HTTPS']) != 'off') { $use_https = 1; } } ====== Why the script thinks Nginx configuration ($_SERVER['HTTPS) is on? This is my big curiosity. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,231379,234512#msg-234512 From kworthington at gmail.com Thu Dec 27 16:30:42 2012 From: kworthington at gmail.com (Kevin Worthington) Date: Thu, 27 Dec 2012 11:30:42 -0500 Subject: [nginx-announce] nginx-1.3.10 In-Reply-To: <20121225144737.GY40452@mdounin.ru> References: <20121225144737.GY40452@mdounin.ru> Message-ID: Hello Nginx Users, Now available: Nginx 1.3.10 For Windows http://goo.gl/RHn5k (32-bit and 64-bit versions) These versions are to support legacy users who are already using Cygwin based builds of Nginx. Officially supported native Windows binaries are at nginx.org. Announcements are also available via my Twitter stream ( http://twitter.com/kworthington), if you prefer to receive updates that way. Thank you, Kevin On Tue, Dec 25, 2012 at 9:47 AM, Maxim Dounin wrote: > Changes with nginx 1.3.10 25 Dec > 2012 > > *) Change: domain names specified in configuration file are now > resolved > to IPv6 addresses as well as IPv4 ones. > > *) Change: now if the "include" directive with mask is used on Unix > systems, included files are sorted in alphabetical order. > > *) Change: the "add_header" directive adds headers to 201 responses. > > *) Feature: the "geo" directive now supports IPv6 addresses in CIDR > notation. > > *) Feature: the "flush" and "gzip" parameters of the "access_log" > directive. > > *) Feature: variables support in the "auth_basic" directive. > > *) Bugfix: nginx could not be built with the ngx_http_perl_module in > some cases. > > *) Bugfix: a segmentation fault might occur in a worker process if the > ngx_http_xslt_module was used. > > *) Bugfix: nginx could not be built on MacOSX in some cases. > Thanks to Piotr Sikora. > > *) Bugfix: the "limit_rate" directive with high rates might result in > truncated responses on 32-bit platforms. > Thanks to Alexey Antropov. > > *) Bugfix: a segmentation fault might occur in a worker process if the > "if" directive was used. > Thanks to Piotr Sikora. > > *) Bugfix: a "100 Continue" response was issued with "413 Request > Entity > Too Large" responses. > > *) Bugfix: the "image_filter", "image_filter_jpeg_quality" and > "image_filter_sharpen" directives might be inherited incorrectly. > Thanks to Ian Babrou. > > *) Bugfix: "crypt_r() failed" errors might appear if the "auth_basic" > directive was used on Linux. > > *) Bugfix: in backup servers handling. > Thanks to Thomas Chen. > > *) Bugfix: proxied HEAD requests might return incorrect response if the > "gzip" directive was used. > > > Merry Christmas! > > > -- > Maxim Dounin > http://nginx.com/support.html > > _______________________________________________ > nginx-announce mailing list > nginx-announce at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-announce > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Thu Dec 27 16:30:50 2012 From: nginx-forum at nginx.us (Gulaholic) Date: Thu, 27 Dec 2012 11:30:50 -0500 Subject: nginx erroneously redirecting to https In-Reply-To: References: Message-ID: <16fedb163412f60438e5760bb8f29004.NginxMailingListEnglish@forum.nginx.org> Hi, Where should I put this line? fastcgi_param HTTPS $https if_not_empty; Thank you G Posted at Nginx Forum: http://forum.nginx.org/read.php?2,231379,234513#msg-234513 From reallfqq-nginx at yahoo.fr Thu Dec 27 16:36:56 2012 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Thu, 27 Dec 2012 11:36:56 -0500 Subject: Multilanguage Websites In-Reply-To: References: <20121227162757.0614c719b67d5235ec41800f@web.de> Message-ID: Web server can help with multilanguage when yo uwanna use URL rewriting. The problem start to arise when considering SEO. Separate languages per: - Subdomains? - Subdirectories? - Tag in file names? You may then wanna store language file is different directories on your Web server to help you sort everything out. Make the pros/cons and choose your solution. Nginx is then a nice tool to help. The rest is code in application, but that's not our concern here, talking about Nginx... --- *B. R.* On Thu, Dec 27, 2012 at 11:17 AM, Brad Riemann wrote: > Hey Silvio, I've seen implementations of nginx with rewrites for different > languages, but from personal experience in PHP, I've found it easy to > implement language modules on the code side instead of having to worry > about the webserver configuration side.. (just my opinion, and im a lazy > php dev :)) > > If anyone would like to rebuttal, I would love to learn myself, just to > see how it's done :D > > Brad Riemann > Systems Engineer > FTW Entertainment LLC > > > -----Original Message----- > From: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] On Behalf > Of Silvio Siefke > Sent: Thursday, December 27, 2012 9:28 AM > To: nginx at nginx.org > Subject: Multilanguage Websites > > I would like to realize a website in multiple languages. Is there a way to > implement the project with Nginx, or recommends you other ways? > > > Thanks for help and Greetings > Silvio > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From siefke_listen at web.de Thu Dec 27 17:17:45 2012 From: siefke_listen at web.de (Silvio Siefke) Date: Thu, 27 Dec 2012 18:17:45 +0100 Subject: Multilanguage Websites In-Reply-To: References: <20121227162757.0614c719b67d5235ec41800f@web.de> Message-ID: <20121227181745.60868f670c371d9559341c48@web.de> On Thu, 27 Dec 2012 11:36:56 -0500 "B.R." wrote: > Web server can help with multilanguage when yo uwanna use URL rewriting. Yes that i've found on web, the way but not where goes the rewriting. What i've found was most with index.php. http://www.justasysadmin.net/en/practical/site-multilingue-concrete5-avec-nginx/ > The problem start to arise when considering SEO. Separate languages per: > - Subdomains? > - Subdirectories? > - Tag in file names? I think best where subdomains, thats the best result. When nginx it can. > The rest is code in application, but that's not our concern here, talking > about Nginx... Thats normal, that why i ask. What were the best and secure way. Nginx or use PHP? What is expirence of Nginx User. Thanks for help and Greetings Silvio From siefke_listen at web.de Thu Dec 27 17:18:57 2012 From: siefke_listen at web.de (Silvio Siefke) Date: Thu, 27 Dec 2012 18:18:57 +0100 Subject: Multilanguage Websites In-Reply-To: References: <20121227162757.0614c719b67d5235ec41800f@web.de> Message-ID: <20121227181857.515831d168636415cdad817c@web.de> Hello, On Thu, 27 Dec 2012 16:17:05 +0000 Brad Riemann wrote: > Hey Silvio, I've seen implementations of nginx with rewrites for different languages, but from personal experience in PHP, I've found it easy to implement language modules on the code side instead of having to worry about the webserver configuration side.. (just my opinion, and im a lazy php dev :)) With php i was thinking, but work it correct that's why i ask. Is Server or Script better? Thanks for help and Greetings Silvio From nginx-forum at nginx.us Thu Dec 27 17:35:13 2012 From: nginx-forum at nginx.us (kalpesh.patel@glgroup.com) Date: Thu, 27 Dec 2012 12:35:13 -0500 Subject: Using Crypt::OpenSSL::RSA with http_perl_module problem In-Reply-To: <5083352203c7891c0cb24dc15a53d731.NginxMailingListEnglish@forum.nginx.org> References: <5083352203c7891c0cb24dc15a53d731.NginxMailingListEnglish@forum.nginx.org> Message-ID: <36d0477e123ef4de0bb4af63b9f7d8f4.NginxMailingListEnglish@forum.nginx.org> I think I now understand when you say perl installation is broken. libperl migh not be matching up with the perl binaries here... Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234394,234518#msg-234518 From kasperg at benjamin.dk Thu Dec 27 17:38:34 2012 From: kasperg at benjamin.dk (Kasper Grubbe) Date: Thu, 27 Dec 2012 18:38:34 +0100 Subject: Multilanguage Websites In-Reply-To: <20121227162757.0614c719b67d5235ec41800f@web.de> References: <20121227162757.0614c719b67d5235ec41800f@web.de> Message-ID: I Think it is best for an Application to be webserver agnostic. That way it does not matter what web server that is in front of your application. There is cases where it makes sense to depend on NGINX for rewrites, but I don't believe language is one of them. For an example we run a big Ruby On Rails platform that hosts lots of articles. We need to count the article hits every hour, and to do article.hits = article.hits + 1 for every hit on an article hit. To not stress our backend, and because hitting rails is costly, we do a rewrite like this: Http://site.com/article/15753/articlehit Which is hitting a NodeJS application that does the before mentioned operation and saves the result in memcache. We do localization like this: H = Hostname.find('kaspergrubbe.dk') H.locale # returns 'da' for Danish locale We then load up our i18n localization API with the locale and scope content based on locale. This solution is great for multiple domains. If you are not that fortunate do site.com/:locale and if the locale is not there you could redirect the user based on location/ip/etc. -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at jpluscplusm.com Thu Dec 27 19:47:04 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Thu, 27 Dec 2012 19:47:04 +0000 Subject: Multilanguage Websites In-Reply-To: <20121227181857.515831d168636415cdad817c@web.de> References: <20121227162757.0614c719b67d5235ec41800f@web.de> <20121227181857.515831d168636415cdad817c@web.de> Message-ID: On 27 December 2012 17:18, Silvio Siefke wrote: > Is Server or Script better? Distinguishing between different versions of content that should be served to different users for a single URI is the job of the application, not the system underlying it. Whilst there are cases where nginx (or "your HTTP server", as this isn't an nginx-specific discussion) should do some of this work (e.g. choosing between gzipped output or not), switching content based on the user's desired language is absolutely not one of them. There *are* nginx configuration options which look like they might help you with this, like http://wiki.nginx.org/HttpSplitClientsModule. Do not be fooled. They should *not* be used for something as complex as language selection. Read the 5 very informative posts here (read from bottom to top) for much more information about the complexities that you'll face during an internationalization process. Then imagine trying to solve those problems just using an nginx config. Then realise that that's a daft idea: http://codeascraft.etsy.com/category/internationalization/ Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From nginx-forum at nginx.us Fri Dec 28 14:10:30 2012 From: nginx-forum at nginx.us (nabeelahmed) Date: Fri, 28 Dec 2012 09:10:30 -0500 Subject: Nginx as a localhost for my Django project/site -uWSGI Message-ID: <23c29e253ec7ce7919a82d519cf058f2.NginxMailingListEnglish@forum.nginx.org> Hi, hope you all 're fine. I wanted to test Nginx, so I installed it on my machine (running Ubuntu 12.10) and it's running fine. My question is (to any Django expert here), as Django projects/sites don't have index.html index.php or anything, so what should be used/set as 'index' in nginx configuration. I have set the URL path, by typing it browser lands me in my Django project, also created and used demo.html for test (runs fine). P.S. How my Django file i.e. Project files (settings.py , urls.py) and my APP file going to communicate i.e. minimilistic CGI (if uWSGI, kindly state the setting steps for an already configured Nginx) .. as previously I was running Django project + apps via it's built-in dev server ----> how can I configure exactly the same while using my own localhost (Nginx). Thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234540,234540#msg-234540 From nginx-forum at nginx.us Fri Dec 28 23:23:50 2012 From: nginx-forum at nginx.us (rwahyudi) Date: Fri, 28 Dec 2012 18:23:50 -0500 Subject: Serve different set of cache conditionally Message-ID: Hi All, I would like to know if I can configure nginx to utilise different set of cache zone conditionally. For example - if the user-agent is a mobile device then use proxy_cache zone called "mobile_proxy_zone" - if $http_cookie contains the word "semi-static" then use proxy_cache zone called "semistatic_proxy_zone" - if user IP address is 8.8.0.0/16 then use proxy_cache zone called "gws_internal_zone" - Serve the rest using proxy_cache zone default_zone At this point, I don't mind having the rules as first hit first serve ( ie if it matched user-agent then just use mobile_proxy_zone even when the semi-static is present on the $http_cookie ) Is this do able ? Can we specify the proxy zone dynamically ? Regards, Rianto Wahyudi Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234555,234555#msg-234555 From nginx-forum at nginx.us Sat Dec 29 11:43:24 2012 From: nginx-forum at nginx.us (bat21) Date: Sat, 29 Dec 2012 06:43:24 -0500 Subject: error unlink() nginx 1.2.6 Message-ID: <9e653bb3256801787fe34f817aecf848.NginxMailingListEnglish@forum.nginx.org> the error.log file I get the error: 12/29/2012 12:40:39 [crit] 16489 # 0: unlink () "/ var/cache/cafe2/2/9e/5d7f005ef7a1b948e522a3b8ed5959e2" failed (2: No such file or directory) the folder has permissions 777. how to fix this? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234560,234560#msg-234560 From francis at daoine.org Sat Dec 29 14:27:00 2012 From: francis at daoine.org (Francis Daly) Date: Sat, 29 Dec 2012 14:27:00 +0000 Subject: nginx erroneously redirecting to https In-Reply-To: <87e0cca15d07c75a9cb39a3b20d5a722.NginxMailingListEnglish@forum.nginx.org> References: <20121221192041.GD18139@craic.sysops.org> <94ff118dad016636a8913de4473ae519.NginxMailingListEnglish@forum.nginx.org> <87e0cca15d07c75a9cb39a3b20d5a722.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121229142700.GG18139@craic.sysops.org> On Thu, Dec 27, 2012 at 11:27:43AM -0500, Gulaholic wrote: Hi there, > I'm starting to figure these all out. > I think there are problems with these files: function.cms_stylesheet.php and > function.metadata.php. They are probably conflict with Nginx configuration. There's not much nginx-specific here. It is pretty much all down to the application, and how you want to deploy it. The application seems to be built assuming that some pages will only be accessed over https. You seem to want to run it without using https at all. This apparent conflict must be resolved by you. If you decide that you want to run with https, then you configure things one way. If you decide that you want to run the application without https, then you configure things another way. The main difference from the nginx side is when you choose to send "HTTPS on" to the application -- if you choose to run without https, then you probably want to lie to the application and always say "HTTPS on". Otherwise, you only send "HTTPS on" when you actually have an ssl-enabled connection to the browser. (Note: lying to the application about this strongly suggests that any security problems that arise are your fault, not the application's.) > Why the script thinks Nginx configuration ($_SERVER['HTTPS) is on? In this case, it doesn't. You've not read the correct part of the application code correctly. If you can describe what you want nginx to do, someone here may be able to help you with the nginx configuration. f -- Francis Daly francis at daoine.org From mdounin at mdounin.ru Sat Dec 29 15:08:01 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sat, 29 Dec 2012 19:08:01 +0400 Subject: error unlink() nginx 1.2.6 In-Reply-To: <9e653bb3256801787fe34f817aecf848.NginxMailingListEnglish@forum.nginx.org> References: <9e653bb3256801787fe34f817aecf848.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20121229150801.GV40452@mdounin.ru> Hello! On Sat, Dec 29, 2012 at 06:43:24AM -0500, bat21 wrote: > the error.log file I get the error: 12/29/2012 12:40:39 [crit] 16489 # 0: > unlink () "/ var/cache/cafe2/2/9e/5d7f005ef7a1b948e522a3b8ed5959e2" failed > (2: No such file or directory) > the folder has permissions 777. how to fix this? Such errors appear if cache files are deleted by some external means, e.g. manually, while nginx is running. Obvious fix is to avoid deleting cache files. The message is probably a bit too scary, this condition is actually handled more or less normally by nginx - the only unwanted results of deleting cache files is the message itself and the total cache size being incorrect till the message (this may be a problem if you rely on a cache max size set via "proxy_cache_path ... max_size=N"). -- Maxim Dounin http://nginx.com/support.html From francis at daoine.org Sat Dec 29 17:34:37 2012 From: francis at daoine.org (Francis Daly) Date: Sat, 29 Dec 2012 17:34:37 +0000 Subject: Disable auth_basic for unique (set of) URL In-Reply-To: References: Message-ID: <20121229173437.GH18139@craic.sysops.org> On Thu, Dec 27, 2012 at 09:57:16AM -0500, B.R. wrote: Hi there, http://nginx.org/en/docs/http/request_processing.html is probably useful to read. nginx has that one request is handled in one location. Having learned those rules, I find nginx.conf (relatively) easy to read. > I then tried to solve my problem with: > > location /thisfile.php { > auth_basic off; > > # Start of *exact* copy > location ~ \.php$ { > FastCGI stuff here... > } > # End of *exact* copy > } > > location ~ \.php$ { > FastCGI stuff here... > } > > I don't like this solution because it makes me copying my FastCGI work. I don't have a problem with copying the FastCGI stuff. I'd probably just use "include my-fastcgi-config" in two places and not worry about it. I don't like the solution above because it doesn't do what you want. It will ask for authentication when you request /thisfile.php. > What if one day I am to modify it? I'll probably forget there are 2 places > to check... Either use an aid to remember, or don't repeat the things that are common to multiple places in the config file. You can use the nginx "include" directive; or you can use whatever macro processor you prefer to generated nginx.conf. > But it seems to work. Test again. Use "curl" -- it doesn't tend to use a cache or hide things from you. > Any better idea? location = /thisfile.php { auth_basic off; include my-fastcgi-config; } location ~ \.php$ { include my-fastcgi-config; } But really I'd probably try to avoid the top-level regex location. And, depending on what else is involved, I might just "include fastcgi.conf" once at server level, and then "fastcgi_pass" in the locations where I want the request to be handled by the fastcgi server. > Another point: > If I set 'location = /thisfile.php' rather than 'location /thisfile.php', > Nginx insults me with 'nginx: [emerg] location "\.php$" cannot be inside > the exact location "/thisfile.php"' again. Bug or feature? That nginx reports a dubious config? Feature. That you consider it an insult? Bug. In my opinion. f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Sat Dec 29 17:46:21 2012 From: nginx-forum at nginx.us (nurettin) Date: Sat, 29 Dec 2012 12:46:21 -0500 Subject: nginx post response doesn't get cached Message-ID: I'm using an old version of nginx (0.8) on centos as reverse proxy for caching POST requests in front of two upstream servers. The servers are built for receiving post requests and returning media, sometimes 10 MB in size. When the responses are small, nginx caches work fine. When I get a 2 MB response, nginx doesn't cache the POST response. I tried increasing proxy buffer size and busy buffer size but it had no effect, how do I cache large POST responses in nginx? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234567,234567#msg-234567 From reallfqq-nginx at yahoo.fr Sat Dec 29 19:48:16 2012 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Sat, 29 Dec 2012 14:48:16 -0500 Subject: Disable auth_basic for unique (set of) URL In-Reply-To: <20121229173437.GH18139@craic.sysops.org> References: <20121229173437.GH18139@craic.sysops.org> Message-ID: Thanks Francis for your insights. Your message has been a great help. Despite what you said, I don't have any cache configured yet (low-traffic server) and the configuration I use requests authentification for all .php file but the 'thisfile.php'. On the other hand, the browser I use doesn't store any cache either. I'd like more than theory on that particular point... I'm not a pro of cURL, never have been... I'm encountering some errors I am having a hard time understanding. You are right about that include usage. I havent' eventhought about it. How stupid I can be sometimes. I'll also follow your good advice on separating config/invocation of FastCGI and I'll clean up the 'global' inclusion. What I didn't understand about the error is that placing a '~ \.php' catch-all PHP reges inside 'location = /thisfile.php' isn't allowed but is allowed inside 'location /thisfile.php'... Which is not more generic than the previous one. Tell me how many PHP files will match each one of the 'location' clauses. I was excepting the same behavior regarding both those locations, either both generating an error or both silent... Which is not the case. I'll consider the first 2 of your last 3 lines as a lack of understanding of the problem I was pointing at. *That* could have been insulting In my opinion. --- *B. R.* On Sat, Dec 29, 2012 at 12:34 PM, Francis Daly wrote: > On Thu, Dec 27, 2012 at 09:57:16AM -0500, B.R. wrote: > > Hi there, > > http://nginx.org/en/docs/http/request_processing.html is probably useful > to read. > > nginx has that one request is handled in one location. Having learned > those rules, I find nginx.conf (relatively) easy to read. > > > I then tried to solve my problem with: > > > > location /thisfile.php { > > auth_basic off; > > > > # Start of *exact* copy > > location ~ \.php$ { > > FastCGI stuff here... > > } > > # End of *exact* copy > > } > > > > location ~ \.php$ { > > FastCGI stuff here... > > } > > > > I don't like this solution because it makes me copying my FastCGI work. > > I don't have a problem with copying the FastCGI stuff. I'd probably just > use "include my-fastcgi-config" in two places and not worry about it. > > I don't like the solution above because it doesn't do what you want. It > will ask for authentication when you request /thisfile.php. > > > What if one day I am to modify it? I'll probably forget there are 2 > places > > to check... > > Either use an aid to remember, or don't repeat the things that are > common to multiple places in the config file. You can use the nginx > "include" directive; or you can use whatever macro processor you prefer > to generated nginx.conf. > > > But it seems to work. > > Test again. Use "curl" -- it doesn't tend to use a cache or hide things > from you. > > > Any better idea? > > location = /thisfile.php { > auth_basic off; > include my-fastcgi-config; > } > location ~ \.php$ { > include my-fastcgi-config; > } > > But really I'd probably try to avoid the top-level regex location. And, > depending on what else is involved, I might just "include fastcgi.conf" > once at server level, and then "fastcgi_pass" in the locations where I > want the request to be handled by the fastcgi server. > > > Another point: > > If I set 'location = /thisfile.php' rather than 'location /thisfile.php', > > Nginx insults me with 'nginx: [emerg] location "\.php$" cannot be inside > > the exact location "/thisfile.php"' again. Bug or feature? > > That nginx reports a dubious config? Feature. > > That you consider it an insult? Bug. > > In my opinion. > > f > -- > Francis Daly francis at daoine.org > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Sat Dec 29 21:51:41 2012 From: francis at daoine.org (Francis Daly) Date: Sat, 29 Dec 2012 21:51:41 +0000 Subject: Disable auth_basic for unique (set of) URL In-Reply-To: References: <20121229173437.GH18139@craic.sysops.org> Message-ID: <20121229215141.GI18139@craic.sysops.org> On Sat, Dec 29, 2012 at 02:48:16PM -0500, B.R. wrote: Hi there, > Thanks Francis for your insights. Your message has been a great help. You're welcome. > Despite what you said, I don't have any cache configured yet (low-traffic > server) and the configuration I use requests authentification for all .php > file but the 'thisfile.php'. On the other hand, the browser I use doesn't > store any cache either. I was unclear. The "cache" I mentioned was not intended to refer to the server at all. Browsers tend to cache things, including user/pass credentials previously provided. So "merely" hitting reload in a typical browser may auto-send credentials without showing you that that is happening. curl tends not to do that. If you don't include the credentials on the command line each time, you will get the 401 response each time. So curl is particularly good to test with when changing server configuration, as it starts from the same state each time. > I'd like more than theory on that particular point... http://nginx.org/r/location Given only "location /thisfile.php" and "location ~ \.php$", a request for "/thisfile.php" will match the second location, not the first. When I test using a configuration like that, I get the 401 response for all ".php" requests. I can't explain how your nginx acts differently. > I'm not a pro of cURL, never have been... I'm encountering some errors I am > having a hard time understanding. I tend to test with, for example, curl -i http://localhost/thisfile.php "-i" shows the http response headers as well as the body; error states are usually shown in those headers. If the response to any request is not what you expect it to be, the error log and copy-paste'ing the request and response to the mailing list may help someone explain it. > What I didn't understand about the error is that placing a '~ \.php' > catch-all PHP reges inside 'location = /thisfile.php' isn't allowed but is > allowed inside 'location /thisfile.php'... Which is not more generic than > the previous one. "location /thisfile.php" is a prefix match. A request for /thisfile.phpsome/thing can match this location. So nesting a location within it can be useful. "location = /thisfile.php" is an exact match (of uri, not considering query string). Only one request can match this location. Nesting another location within it is not useful -- it would either always match or never match, and the person writing the config can determine which it would be and either include or exclude the extra configuration unconditionally. > Tell me how many PHP files will match each one of the 'location' clauses. > I was excepting the same behavior regarding both those locations, either > both generating an error or both silent... Which is not the case. http://nginx.org/r/location Some locations can be nested, some can't. And the example there hopefully allows you to determine which location will be used for each request. Assuming exactly these two top-level locations, your prefix match "/thisfile.php" location will be used for all requests that start "/thisfile.php" and do not end in ".php" (where "end" means "just before the first # or ?"). Because of that, your nested "~ \.php$" location will not match any request. Your top-level "~ \.php$" will match all requests that end ".php". Whether those requests correspond to php files is a separate matter. f -- Francis Daly francis at daoine.org From reallfqq-nginx at yahoo.fr Sun Dec 30 00:26:58 2012 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Sat, 29 Dec 2012 19:26:58 -0500 Subject: Disable auth_basic for unique (set of) URL In-Reply-To: <20121229215141.GI18139@craic.sysops.org> References: <20121229173437.GH18139@craic.sysops.org> <20121229215141.GI18139@craic.sysops.org> Message-ID: And... thanks again for all that information. Greatly appreciated! As I told you, I configured my browser (Firefox) to never store anything (passwords, cache, cookies: basically anything) at the end of a browsing session. Basically closing the browser clears everything up. Using cURL, I had some errors about an IPv6 address which I do not know. I checked with traceroute that the domain name was correctly resolved to the IPv4 address of my server, but the IPv6 was not mine. The traceroute didn't end up with anything since my server drops ICMP traffic. I basically tried 'curl -o file.out http://domain.name/thisfile.php', nothing fancy. Using the right domain name (and not any other or even IP) is important since my Nginx configuration serves content based on the requested name. Rather than losing time with cURL, I checked that a wrong configuration doesn't serves 'thisfile.php' and that a wrong configuration does. Changing behavior allows me to confirm I don't have cache. Thanks agains for all the details about the different types of 'location'behavior. I must have read something about that quite some time ago. It went totally out of my mind since then. Problem solved, configuration cleared and tweaked for better performance. I can't thank you enough (that is starting to be too much :oP) --- *B. R.* On Sat, Dec 29, 2012 at 4:51 PM, Francis Daly wrote: > On Sat, Dec 29, 2012 at 02:48:16PM -0500, B.R. wrote: > > Hi there, > > > Thanks Francis for your insights. Your message has been a great help. > > You're welcome. > > > Despite what you said, I don't have any cache configured yet (low-traffic > > server) and the configuration I use requests authentification for all > .php > > file but the 'thisfile.php'. On the other hand, the browser I use doesn't > > store any cache either. > > I was unclear. The "cache" I mentioned was not intended to refer to the > server at all. > > Browsers tend to cache things, including user/pass credentials previously > provided. So "merely" hitting reload in a typical browser may auto-send > credentials without showing you that that is happening. > > curl tends not to do that. If you don't include the credentials on the > command line each time, you will get the 401 response each time. > > So curl is particularly good to test with when changing server > configuration, as it starts from the same state each time. > > > I'd like more than theory on that particular point... > > http://nginx.org/r/location > > Given only "location /thisfile.php" and "location ~ \.php$", a request > for "/thisfile.php" will match the second location, not the first. > > When I test using a configuration like that, I get the 401 response for > all ".php" requests. I can't explain how your nginx acts differently. > > > I'm not a pro of cURL, never have been... I'm encountering some errors I > am > > having a hard time understanding. > > I tend to test with, for example, > > curl -i http://localhost/thisfile.php > > "-i" shows the http response headers as well as the body; error states > are usually shown in those headers. > > If the response to any request is not what you expect it to be, the error > log and copy-paste'ing the request and response to the mailing list may > help someone explain it. > > > What I didn't understand about the error is that placing a '~ \.php' > > catch-all PHP reges inside 'location = /thisfile.php' isn't allowed but > is > > allowed inside 'location /thisfile.php'... Which is not more generic than > > the previous one. > > "location /thisfile.php" is a prefix match. A request for > /thisfile.phpsome/thing can match this location. So nesting a location > within it can be useful. > > "location = /thisfile.php" is an exact match (of uri, not considering > query string). Only one request can match this location. Nesting another > location within it is not useful -- it would either always match or never > match, and the person writing the config can determine which it would > be and either include or exclude the extra configuration unconditionally. > > > Tell me how many PHP files will match each one of the 'location' clauses. > > I was excepting the same behavior regarding both those locations, either > > both generating an error or both silent... Which is not the case. > > http://nginx.org/r/location > > Some locations can be nested, some can't. > > And the example there hopefully allows you to determine which location > will be used for each request. > > Assuming exactly these two top-level locations, your prefix match > "/thisfile.php" location will be used for all requests that start > "/thisfile.php" and do not end in ".php" (where "end" means "just before > the first # or ?"). Because of that, your nested "~ \.php$" location > will not match any request. > > Your top-level "~ \.php$" will match all requests that end ".php". > > Whether those requests correspond to php files is a separate matter. > > f > -- > Francis Daly francis at daoine.org > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From multiformeingegno at gmail.com Sun Dec 30 01:38:09 2012 From: multiformeingegno at gmail.com (Lorenzo Raffio) Date: Sun, 30 Dec 2012 02:38:09 +0100 Subject: Feature idea: retrieve set_real_ip_from (HttpRealipModule) from a text file online Message-ID: What about adding the possibility to retrieve a list of set_real_ip_from from a text file online? I'm thinking about CloudFlare, that provides this 2 files (plain text): https://www.cloudflare.com/ips-v4 and https://www.cloudflare.com/ips-v6 It could be useful also for other big projects where nginx is used as proxy. -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Sun Dec 30 11:17:16 2012 From: francis at daoine.org (Francis Daly) Date: Sun, 30 Dec 2012 11:17:16 +0000 Subject: Disable auth_basic for unique (set of) URL In-Reply-To: References: <20121229173437.GH18139@craic.sysops.org> <20121229215141.GI18139@craic.sysops.org> Message-ID: <20121230111716.GJ18139@craic.sysops.org> On Sat, Dec 29, 2012 at 07:26:58PM -0500, B.R. wrote: Hi there, You've got a working nginx.conf, so all is good. I'll just add some small points about curl, which may make future testing easier. > Using cURL, I had some errors about an IPv6 address which I do not know. It is possible to use "-4" to tell curl to only resolve names to IPv4 addresses -- that might avoid that problem. > Using the right domain name (and not any other or even IP) is important > since my Nginx configuration serves content based on the requested name. You can use something like curl -i -H Host:domain.name http://127.0.0.1/thisfile.php to connect to the desired address, and then send the required domain name in the Host: header which nginx will use to choose the server{} configuration to use. > Problem solved, configuration cleared and tweaked for better performance. > I can't thank you enough (that is starting to be too much :oP) Glad it's all working now. All the best, f -- Francis Daly francis at daoine.org From francis at daoine.org Sun Dec 30 11:30:55 2012 From: francis at daoine.org (Francis Daly) Date: Sun, 30 Dec 2012 11:30:55 +0000 Subject: Feature idea: retrieve set_real_ip_from (HttpRealipModule) from a text file online In-Reply-To: References: Message-ID: <20121230113055.GK18139@craic.sysops.org> On Sun, Dec 30, 2012 at 02:38:09AM +0100, Lorenzo Raffio wrote: Hi there, > What about adding the possibility to retrieve a list of set_real_ip_from > from a text file online? With the "include" directive and "nginx -s reload", have you not enough support in nginx to do this already? An external script to periodically fetch the url contents, stick "set_real_ip_from " at the start and ";" at the end (or do whatever other manipulation is needed to make correct nginx.conf syntax) and save to a local file, and then get nginx to use the updated config? I'm not sure what extra benefit there would be to building something like this in to nginx. Perhaps I'm missing something, f -- Francis Daly francis at daoine.org From multiformeingegno at gmail.com Sun Dec 30 13:33:11 2012 From: multiformeingegno at gmail.com (Lorenzo Raffio) Date: Sun, 30 Dec 2012 14:33:11 +0100 Subject: Feature idea: retrieve set_real_ip_from (HttpRealipModule) from a text file online In-Reply-To: References: Message-ID: The idea is to have it built-in, without having to arrange a script that fetches an external file and appends each line to set_real_ip_from and adds a ; It would be a hundreds bytes add and IMO would help many. It's just an idea anayway. 2012/12/30 Lorenzo Raffio > What about adding the possibility to retrieve a list of set_real_ip_from > from a text file online? I'm thinking about CloudFlare, that provides this > 2 files (plain text): https://www.cloudflare.com/ips-v4 and > https://www.cloudflare.com/ips-v6 > > It could be useful also for other big projects where nginx is used as > proxy. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From edho at myconan.net Sun Dec 30 14:32:55 2012 From: edho at myconan.net (Edho Arief) Date: Sun, 30 Dec 2012 21:32:55 +0700 Subject: Feature idea: retrieve set_real_ip_from (HttpRealipModule) from a text file online In-Reply-To: References: Message-ID: On Sun, Dec 30, 2012 at 8:33 PM, Lorenzo Raffio wrote: > The idea is to have it built-in, without having to arrange a script that > fetches an external file and appends each line to set_real_ip_from and adds > a ; > It would be a hundreds bytes add and IMO would help many. It's just an idea > anayway. > do you really need this one liner built into nginx? curl http://what-ever.com/list | sed 's/^/set_real_ip_from /;s/$/\;/' \ > some-list.conf && nginx -s reload From nginx-forum at nginx.us Sun Dec 30 16:10:03 2012 From: nginx-forum at nginx.us (gadh) Date: Sun, 30 Dec 2012 11:10:03 -0500 Subject: nginx crash only when using Chromium (in ubuntu) Message-ID: <6b2696652f0eea27abf34fe157600f36.NginxMailingListEnglish@forum.nginx.org> i could not find the cause that only when using Chromium i get a crash but when using Firefox i never don't. some hints to the nginx experts that might help: 1. i use my handler module + filter module. (when module is disabled - no crash) 2. i use C++ code in shared lib and sometimes the crash is in the c++ object deconstructor . the object is allocated on the stack (not ptr, just regular declaration like: obj_t obj1) and freed automatically and end of function. 3. i attach here the headers of FF / CHR browsers. 4. when using valgrind - i get some warnings (see below) but never crash, even in CHR 5. the nginx runs on vurtual machine (centos 6.3) under ubuntu 12.10. the browser runs on the ubuntu. 6. the response handler runs when subrequest returns from an upstream server, then the handler continues and goes to the filter module. 7. sometimes when using palloc i got alignment errors so i used pnalloc. is it the source of the bug ? when to use palloc and when to use pnalloc ? (see below the function that uses pnalloc) 8. when restarting nginx and doing CTRL+F5 in CHR browser (right after the previous crash) - its easy to get another crash again with the same stack trace, while when browsing to anbother page - it takes time to reproduce the crash. =============== Thread [1] (Suspended: Signal 'SIGABRT' received. Description: Aborted.) 15 raise() 0x00007ffff64e18a5 14 abort() 0x00007ffff64e3085 13 __libc_message() 0x00007ffff651efe7 12 malloc_printerr() 0x00007ffff6524916 11 _int_free() 0x00007ffff6527443 10 ngx_destroy_pool() ngx_palloc.c:87 0x0000000000406a22 9 ngx_http_free_request() ngx_http_request.c:3081 0x000000000044dbfb 8 ngx_http_close_request() ngx_http_request.c:3006 0x000000000044d9b3 7 ngx_http_terminate_handler() ngx_http_request.c:2176 0x000000000044bc38 6 ngx_http_run_posted_requests() ngx_http_request.c:1903 0x000000000044b1ad 5 ngx_http_request_handler() ngx_http_request.c:1869 0x000000000044b0b6 4 ngx_epoll_process_events() ngx_epoll_module.c:683 0x00000000004377d6 3 ngx_process_events_and_timers() ngx_event.c:247 0x00000000004281f4 2 ngx_single_process_cycle() ngx_process_cycle.c:316 0x0000000000434442 1 main() nginx.c:409 0x0000000000403cdc valgrind: ==27496== Address 0x90c0b2d is 29 bytes inside a block of size 3,366 free'd ==27496== at 0x4C2645F: operator delete(void*) (vg_replace_malloc.c:387) ==27496== by 0x59B73AD: SBB::ResponseBean::~ResponseBean() (in /usr/local/lib/libClientAPI-C-Lib.so) ==27496== by 0x57ABB04: ngx_sbb_med_handle_va_response (in /usr/local/lib/libngx_sbb_mediator.so) ==27496== by 0x4A933D: ngx_sbb_va_response_handler (ngx_sbb_module.c:274) ==27496== by 0x4AA372: ngx_sbb_post_subrequest_handler (ngx_sbb_mod_utils.c:89) ==27496== by 0x44B3C0: ngx_http_finalize_request (ngx_http_request.c:1961) ==27496== by 0x465407: ngx_http_upstream_finalize_request (ngx_http_upstream.c:3095) CHR headers: GET /index.php?cat=1&pag=1&det=108 HTTP/1.1 Host: --- Connection: keep-alive Cache-Control: max-age=0 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.4 (KHTML, like Gecko) Ubuntu/12.10 Chromium/22.0.1229.94 Chrome/22.0.1229.94 Safari/537.4 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Referer: http://yellowmockup.com/index.php?cat=1 Accept-Encoding: gzip,deflate,sdch Accept-Language: en-US,en;q=0.8,he;q=0.6 Accept-Charset: UTF-8,*;q=0.5 Cookie: adOtr=4aYP5; PRLST=Ya; UTGv2=h4a59e6b096ada50ad0a1243f0549366c032; x-autozoom=150f; SPSI=56aa48be644d6ac8ccec5dd82ade576d FF headers: GET /index.php?cat=1&pag=1&det=108 HTTP/1.1 Host: --- User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:16.0) Gecko/20100101 Firefox/16.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Cookie: UTGv2=h430c577bc94965b18d99cd502407af14a80; SPSI=63c40df4be7823f2acbc8e966a8817df; PRLST=zi/Jv/DT; adOtr=04Hd6 Pragma: no-cache Cache-Control: no-cache another crash dump: Thread [1] (Suspended: Signal 'SIGSEGV' received. Description: Segmentation fault.) 16 memcpy() 0x00007ffff65381ab 15 sbb_strncpy() ngx_sbb_utils.c:12 0x00000000004a9e5f 14 ngx_sbb_utils_str2char() ngx_sbb_mod_utils.c:253 0x00000000004aaab7 13 ngx_sbb_med_prepare_va_request() 0x00007ffff725d7b4 12 ngx_sbb_handler() ngx_sbb_module.c:229 0x00000000004a913d 11 ngx_http_core_rewrite_phase() ngx_http_core_module.c:931 0x000000000043d2a1 10 ngx_http_core_run_phases() ngx_http_core_module.c:877 0x000000000043d103 9 ngx_http_handler() ngx_http_core_module.c:860 0x000000000043d07a 8 ngx_http_process_request() ngx_http_request.c:1687 0x000000000044ac51 7 ngx_http_process_request_headers() ngx_http_request.c:1135 0x0000000000449809 6 ngx_http_process_request_line() ngx_http_request.c:933 0x0000000000448fbe 5 ngx_http_init_request() ngx_http_request.c:519 0x000000000044873f 4 ngx_epoll_process_events() ngx_epoll_module.c:683 0x00000000004377d6 3 ngx_process_events_and_timers() ngx_event.c:247 0x00000000004281f4 2 ngx_single_process_cycle() ngx_process_cycle.c:316 0x0000000000434442 1 main() nginx.c:409 0x0000000000403cdc ============= // copies exactly n bytes from src to dest, then adds null in n+1 (alloc dst to n+1 first !) u_char * sbb_strncpy(u_char *dst, u_char *src, size_t n) { memcpy(dst, src, n); dst[n] = '\0'; return dst; } // allocate, copy and add terminating null. do not return null but null_str to avoid segmentation fault later (dereferencing null ptr) u_char* ngx_sbb_utils_str2char(ngx_http_request_t *r, ngx_str_t *ngx_str) { u_char *res = NULL; if ( (!ngx_str) || (!r)) return (u_char*)gv_null_str; res = ngx_pnalloc(r->pool, ngx_str->len+1); if (!res) return (u_char*)gv_null_str; return sbb_strncpy(res, ngx_str->data, ngx_str->len); // adds terminating null } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234580,234580#msg-234580 From multiformeingegno at gmail.com Sun Dec 30 20:17:47 2012 From: multiformeingegno at gmail.com (Lorenzo Raffio) Date: Sun, 30 Dec 2012 21:17:47 +0100 Subject: Feature idea: retrieve set_real_ip_from (HttpRealipModule) from a text file online In-Reply-To: References: Message-ID: Uhm, you're right. Anyway if can be useful for others in the future here's the script to fetch 2 files and mix 'em together preserving the set_real_ip_from formatting: { curl -s https://www.cloudflare.com/ips-v4 printf '\n' curl -s https://www.cloudflare.com/ips-v6 } | sed -r 's/^(.+)$/set_real_ip_from \1;/g' > some-list.conf && nginx -s reload 2012/12/30 Lorenzo Raffio > The idea is to have it built-in, without having to arrange a script that > fetches an external file and appends each line to set_real_ip_from and > adds a ; > It would be a hundreds bytes add and IMO would help many. It's just an > idea anayway. > > > 2012/12/30 Lorenzo Raffio > >> What about adding the possibility to retrieve a list of set_real_ip_from >> from a text file online? I'm thinking about CloudFlare, that provides this >> 2 files (plain text): https://www.cloudflare.com/ips-v4 and >> https://www.cloudflare.com/ips-v6 >> >> It could be useful also for other big projects where nginx is used as >> proxy. >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From multiformeingegno at gmail.com Sun Dec 30 20:33:43 2012 From: multiformeingegno at gmail.com (Lorenzo Raffio) Date: Sun, 30 Dec 2012 21:33:43 +0100 Subject: on-the-fly conf reload retrieves errors Message-ID: I tried to run a "nginx -c /etc/nginx/nginx.conf" but I got: nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) nginx: [emerg] still could not bind() [Exit 1] Then I run a fuser -k 80/tcp ; service nginx restart. I tried again with nginx -c /etc/nginx/nginx.conf but still the same [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) Why is this happening? -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Sun Dec 30 20:39:03 2012 From: nginx-forum at nginx.us (gadh) Date: Sun, 30 Dec 2012 15:39:03 -0500 Subject: nginx crash only when using Chromium (in ubuntu) In-Reply-To: <6b2696652f0eea27abf34fe157600f36.NginxMailingListEnglish@forum.nginx.org> References: <6b2696652f0eea27abf34fe157600f36.NginxMailingListEnglish@forum.nginx.org> Message-ID: <6725e3c2463f2d2fcc8b2fab123452c4.NginxMailingListEnglish@forum.nginx.org> forgot to add my nginx version: 1.2.5 Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234580,234583#msg-234583 From multiformeingegno at gmail.com Sun Dec 30 20:58:41 2012 From: multiformeingegno at gmail.com (Lorenzo Raffio) Date: Sun, 30 Dec 2012 21:58:41 +0100 Subject: on-the-fly conf reload retrieves errors In-Reply-To: References: Message-ID: Ignore, I found the explanation On 30/dic/2012, at 21:33, Lorenzo Raffio wrote: > I tried to run a "nginx -c /etc/nginx/nginx.conf" but I got: > nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) > nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) > nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) > nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) > nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) > nginx: [emerg] still could not bind() > [Exit 1] > > Then I run a fuser -k 80/tcp ; service nginx restart. I tried again with nginx -c /etc/nginx/nginx.conf but still the same [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use) > > Why is this happening? -------------- next part -------------- An HTML attachment was scrubbed... URL: From reallfqq-nginx at yahoo.fr Sun Dec 30 21:10:15 2012 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Sun, 30 Dec 2012 16:10:15 -0500 Subject: Disable auth_basic for unique (set of) URL In-Reply-To: References: <20121229173437.GH18139@craic.sysops.org> Message-ID: I'll try all that. Happ new year btw ;o) --- *B. R.* On Sat, Dec 29, 2012 at 2:48 PM, B.R. wrote: > Thanks Francis for your insights. Your message has been a great help. > > Despite what you said, I don't have any cache configured yet (low-traffic > server) and the configuration I use requests authentification for all .php > file but the 'thisfile.php'. On the other hand, the browser I use doesn't > store any cache either. > I'd like more than theory on that particular point... > I'm not a pro of cURL, never have been... I'm encountering some errors I > am having a hard time understanding. > > You are right about that include usage. I havent' eventhought about it. > How stupid I can be sometimes. > > I'll also follow your good advice on separating config/invocation of > FastCGI and I'll clean up the 'global' inclusion. > > What I didn't understand about the error is that placing a '~ \.php' > catch-all PHP reges inside 'location = /thisfile.php' isn't allowed but is > allowed inside 'location /thisfile.php'... Which is not more generic than > the previous one. > Tell me how many PHP files will match each one of the 'location' clauses. > I was excepting the same behavior regarding both those locations, either > both generating an error or both silent... Which is not the case. > > I'll consider the first 2 of your last 3 lines as a lack of understanding > of the problem I was pointing at. *That* could have been insulting > In my opinion. > > --- > *B. R.* > > > On Sat, Dec 29, 2012 at 12:34 PM, Francis Daly wrote: > >> On Thu, Dec 27, 2012 at 09:57:16AM -0500, B.R. wrote: >> >> Hi there, >> >> http://nginx.org/en/docs/http/request_processing.html is probably useful >> to read. >> >> nginx has that one request is handled in one location. Having learned >> those rules, I find nginx.conf (relatively) easy to read. >> >> > I then tried to solve my problem with: >> > >> > location /thisfile.php { >> > auth_basic off; >> > >> > # Start of *exact* copy >> > location ~ \.php$ { >> > FastCGI stuff here... >> > } >> > # End of *exact* copy >> > } >> > >> > location ~ \.php$ { >> > FastCGI stuff here... >> > } >> > >> > I don't like this solution because it makes me copying my FastCGI work. >> >> I don't have a problem with copying the FastCGI stuff. I'd probably just >> use "include my-fastcgi-config" in two places and not worry about it. >> >> I don't like the solution above because it doesn't do what you want. It >> will ask for authentication when you request /thisfile.php. >> >> > What if one day I am to modify it? I'll probably forget there are 2 >> places >> > to check... >> >> Either use an aid to remember, or don't repeat the things that are >> common to multiple places in the config file. You can use the nginx >> "include" directive; or you can use whatever macro processor you prefer >> to generated nginx.conf. >> >> > But it seems to work. >> >> Test again. Use "curl" -- it doesn't tend to use a cache or hide things >> from you. >> >> > Any better idea? >> >> location = /thisfile.php { >> auth_basic off; >> include my-fastcgi-config; >> } >> location ~ \.php$ { >> include my-fastcgi-config; >> } >> >> But really I'd probably try to avoid the top-level regex location. And, >> depending on what else is involved, I might just "include fastcgi.conf" >> once at server level, and then "fastcgi_pass" in the locations where I >> want the request to be handled by the fastcgi server. >> >> > Another point: >> > If I set 'location = /thisfile.php' rather than 'location >> /thisfile.php', >> > Nginx insults me with 'nginx: [emerg] location "\.php$" cannot be inside >> > the exact location "/thisfile.php"' again. Bug or feature? >> >> That nginx reports a dubious config? Feature. >> >> That you consider it an insult? Bug. >> >> In my opinion. >> >> f >> -- >> Francis Daly francis at daoine.org >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From siefke_listen at web.de Mon Dec 31 00:04:05 2012 From: siefke_listen at web.de (Silvio Siefke) Date: Mon, 31 Dec 2012 01:04:05 +0100 Subject: Multilanguage Websites In-Reply-To: <20121227162757.0614c719b67d5235ec41800f@web.de> References: <20121227162757.0614c719b67d5235ec41800f@web.de> Message-ID: <20121231010405.79f361636e8d27c43830a2cf@web.de> Hello, http://nginx.2469901.n2.nabble.com/rewrite-don-t-work-in-a-multilanguage-MVC-site-td6929547.html If I understand it, nginx passes the language requests on on a directory in the webroot. But on which module? Geoip? Basically I want to achieve that. Default is German and the corresponding forwarding from the Accept Language. Which module from nginx make that? Regards, Thanks and Happy new Year Silvio From contact at jpluscplusm.com Mon Dec 31 00:16:06 2012 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Mon, 31 Dec 2012 00:16:06 +0000 Subject: Multilanguage Websites In-Reply-To: <20121231010405.79f361636e8d27c43830a2cf@web.de> References: <20121227162757.0614c719b67d5235ec41800f@web.de> <20121231010405.79f361636e8d27c43830a2cf@web.de> Message-ID: On 31 December 2012 00:04, Silvio Siefke wrote: > Hello, > > http://nginx.2469901.n2.nabble.com/rewrite-don-t-work-in-a-multilanguage-MVC-site-td6929547.html > > If I understand it, nginx passes the language requests on on a directory > in the webroot. But on which module? Geoip? Basically I want to achieve that. > Default is German and the corresponding forwarding from the Accept Language. I strongly suggest to you that this is a dreadful idea. Do not do this. Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From nginx-forum at nginx.us Mon Dec 31 09:11:16 2012 From: nginx-forum at nginx.us (gadh) Date: Mon, 31 Dec 2012 04:11:16 -0500 Subject: nginx crash only when using Chromium (in ubuntu) In-Reply-To: <6b2696652f0eea27abf34fe157600f36.NginxMailingListEnglish@forum.nginx.org> References: <6b2696652f0eea27abf34fe157600f36.NginxMailingListEnglish@forum.nginx.org> Message-ID: i found that in some cases of the crash, the source of th crash was that nginx pnalloc() returned invalid ptr address 0x6632333834643264
i use 64 bit system, but all of my pointers are in the 32 bits bounds. is it related to the c/c++ code sharing ? any help please ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234580,234592#msg-234592 From siefke_listen at web.de Mon Dec 31 16:50:14 2012 From: siefke_listen at web.de (Silvio Siefke) Date: Mon, 31 Dec 2012 17:50:14 +0100 Subject: Multilanguage Websites In-Reply-To: References: <20121227162757.0614c719b67d5235ec41800f@web.de> <20121231010405.79f361636e8d27c43830a2cf@web.de> Message-ID: <20121231175014.8c37a3c1482045ec9857fca6@web.de> On Mon, 31 Dec 2012 00:16:06 +0000 Jonathan Matthews wrote: > I strongly suggest to you that this is a dreadful idea. Do not do this. Ok, but what ways have nginx? I'm looking for a way for days. With PHP, the implementation seems complicated. Nginx offers Geoip module, but that is a poor choice. I myself am often travel abroad, but I use German. Accept Language looks good, but with Gentoo I can use the module only without package manager. The websites in different languages ??are done, I needed a redirect and a default solution. Greetings, Thank you and Happy new Year Silvio From francis at daoine.org Mon Dec 31 17:55:18 2012 From: francis at daoine.org (Francis Daly) Date: Mon, 31 Dec 2012 17:55:18 +0000 Subject: Multilanguage Websites In-Reply-To: <20121231175014.8c37a3c1482045ec9857fca6@web.de> References: <20121227162757.0614c719b67d5235ec41800f@web.de> <20121231010405.79f361636e8d27c43830a2cf@web.de> <20121231175014.8c37a3c1482045ec9857fca6@web.de> Message-ID: <20121231175518.GL18139@craic.sysops.org> On Mon, Dec 31, 2012 at 05:50:14PM +0100, Silvio Siefke wrote: Hi there, > Ok, but what ways have nginx? I'm looking for a way for days. What, precisely, do you mean by "Multilanguage Websites"? If you mean "separate content for each of language1, language2, language3; all available at separate urls", then you need no special web server cleverness after the user has chosen to go to http://language1.example.org/ or to http://www.example.org/language1/ (depending on how you deploy it). All you need is for the index page on the "main" web site to offer a series of links to each of the known separate language index pages. Have a look at (for example) http://www.wikipedia.org/ or (as you've previously linked to) http://www.justasysadmin.net/ The former looks like it serves the same content to all; the latter tries some guessing of preferred language which fails on some of my browsers. If you want to implement some cleverness on the index page to avoid the user having to manually choose language, you must decide what you want the choice to be based on. Whatever you do choose, it may be worth your while making clear to the user why you chose that one, and what the user can do to get to the language version they actually prefer. The HTTP Accept-Language header is probably a reasonable choice, if your users know how to change it or to override it for your site. You are unlikely to be able to write a correct interpreter for the content of that header in the confines of the nginx.conf language. So you are probably better off writing an application to do it -- maybe in one of the embedded languages, or maybe as external code altogether. That application will need up-to-date information on which languages are currently available, so I suggest that external code is probably simpler to maintain. > Accept Language looks good, but with Gentoo I can use the module only > without package manager. The websites in different languages ??are done, > I needed a redirect and a default solution. The only modules used in the nginx.conf versions that you have linked to are core, map, and rewrite, as far as I can see. I suggest you use one of the "other server" modules, such as fastcgi. The only unusual part of nginx.conf would then be special handling for location = / {} where you would cause your external code to return either a redirect to the appropriate language index page, or the content (or a redirect to the content) of the "here are the various links, click the one you like" page. If you want to know how to properly interpret the content of the Accept-Language header, read the RFC or examine (for example) apache's mod_negotiation.c. You should compare "languages available" with "ordered list of languages acceptable", being aware of how (for example) "de-DE", "de-AT", and "de" compare within and between those lists. It's complicated. That's why I suggest you do it outside of nginx.conf. If, instead of all of that, you want "same url gives different content to different clients based on their preferred language", then there's probably a lot more work involved. f -- Francis Daly francis at daoine.org