From mdounin at mdounin.ru Sun Jan 1 00:34:57 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 1 Jan 2012 04:34:57 +0400 Subject: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)? In-Reply-To: References: Message-ID: <20120101003457.GY67687@mdounin.ru> Hello! On Sat, Dec 31, 2011 at 11:37:39AM -0700, Justin Hart wrote: > http://www.securityweek.com/hash-table-collision-attacks-could-trigger-ddos-massive-scale > > Without going through the way nginx parses an incoming request, I'm unsure > if nginx isn't vulnerable to this, because of the availability to grab the > value of a GET parameter via > http://wiki.nginx.org/HttpCoreModule#.24arg_PARAMETER. My hope is that > especially if an $arg_PARAMETER isn't used in the config, it is not > vulnerable because it wouldn't even attempt to parse the parameters, but I > can't be sure. > > Can anyone speak to this? It's not vulnerable even if $arg_* is used. Maxim Dounin From agentzh at gmail.com Sun Jan 1 05:54:08 2012 From: agentzh at gmail.com (agentzh) Date: Sun, 1 Jan 2012 13:54:08 +0800 Subject: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)? In-Reply-To: References: Message-ID: On Sun, Jan 1, 2012 at 2:37 AM, Justin Hart wrote: > http://www.securityweek.com/hash-table-collision-attacks-could-trigger-ddos-massive-scale > > Without going through the way nginx parses an incoming request, I'm unsure > if nginx isn't vulnerable to this, because of the availability to grab the > value of a GET parameter > via?http://wiki.nginx.org/HttpCoreModule#.24arg_PARAMETER. ?My hope is that > especially if an $arg_PARAMETER isn't used in the config, it is not > vulnerable because it wouldn't even attempt to parse the parameters, but I > can't be sure. > Well, the $arg_PARAMETER variable is not implemented with hash tables at all ;) It scans the URI query string at every invocation :) Regards, -agentzh From onyxraven at gmail.com Sun Jan 1 05:58:48 2012 From: onyxraven at gmail.com (Justin Hart) Date: Sat, 31 Dec 2011 22:58:48 -0700 Subject: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)? In-Reply-To: References: Message-ID: <1285211291852136747@unknownmsgid> Thank you for the confirmation - I read through the parts of code in question but wanted to get a second opinion. How about the lua and/or the perl modules? It looks as if they are using the nginx functions? Sent from my iPhone On Dec 31, 2011, at 10:54 PM, agentzh wrote: > On Sun, Jan 1, 2012 at 2:37 AM, Justin Hart wrote: >> http://www.securityweek.com/hash-table-collision-attacks-could-trigger-ddos-massive-scale >> >> Without going through the way nginx parses an incoming request, I'm unsure >> if nginx isn't vulnerable to this, because of the availability to grab the >> value of a GET parameter >> via http://wiki.nginx.org/HttpCoreModule#.24arg_PARAMETER. My hope is that >> especially if an $arg_PARAMETER isn't used in the config, it is not >> vulnerable because it wouldn't even attempt to parse the parameters, but I >> can't be sure. >> > > Well, the $arg_PARAMETER variable is not implemented with hash tables > at all ;) It scans the URI query string at every invocation :) > > Regards, > -agentzh > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From agentzh at gmail.com Sun Jan 1 14:20:59 2012 From: agentzh at gmail.com (agentzh) Date: Sun, 1 Jan 2012 22:20:59 +0800 Subject: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)? In-Reply-To: <1285211291852136747@unknownmsgid> References: <1285211291852136747@unknownmsgid> Message-ID: On Sun, Jan 1, 2012 at 1:58 PM, Justin Hart wrote: > Thank you for the confirmation - I read through the parts of code in > question but wanted to get a second opinion. > > How about the lua and/or the perl modules? ?It looks as if they are > using the nginx functions? > The current released versions of ngx_lua does have this vulnerability in its ngx.req.get_uri_args() and ngx.req.get_post_args() functions. I've already worked out a patch for these two functions in ngx_lua's git max-args branch here: https://github.com/chaoslawful/lua-nginx-module/commit/75876 With this patch, both of these functions will only parse 100 query args at most. And one can specify a custom maximum number of args parsed with an optional function argument (default to 100) and enforcing unlimited parsing by specifying a zero number. This patch (as well as this branch) will be merged into the master branch in 3 Jan. Best, -agentzh From nginx at nginxuser.net Sun Jan 1 14:31:46 2012 From: nginx at nginxuser.net (Nginx User) Date: Sun, 1 Jan 2012 17:31:46 +0300 Subject: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)? In-Reply-To: References: <1285211291852136747@unknownmsgid> Message-ID: On 1 January 2012 17:20, agentzh wrote: > On Sun, Jan 1, 2012 at 1:58 PM, Justin Hart wrote: >> Thank you for the confirmation - I read through the parts of code in >> question but wanted to get a second opinion. >> >> How about the lua and/or the perl modules? ?It looks as if they are >> using the nginx functions? >> > > The current released versions of ngx_lua does have this vulnerability > in its ngx.req.get_uri_args() and ngx.req.get_post_args() functions. > I've already worked out a patch for these two functions in ngx_lua's > git max-args branch here: > > ? ?https://github.com/chaoslawful/lua-nginx-module/commit/75876 > > With this patch, both of these functions will only parse 100 query > args at most. And one can specify a custom maximum number of args > parsed with an optional function argument (default to 100) and > enforcing unlimited parsing by specifying a zero number. > > This patch (as well as this branch) will be merged into the master > branch in 3 Jan. It would probably be a good idea at that point, to finally make a release of v0.3.1 of the ngx_lua module as with about 45 "Release Candidates", it must already hold some record :) From osa at FreeBSD.org.ru Sun Jan 1 18:38:09 2012 From: osa at FreeBSD.org.ru (Sergey A. Osokin) Date: Sun, 1 Jan 2012 22:38:09 +0400 Subject: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)? In-Reply-To: References: <1285211291852136747@unknownmsgid>

Message-ID: <20120101183809.GB82696@FreeBSD.org.ru> On Sun, Jan 01, 2012 at 05:31:46PM +0300, Nginx User wrote: > On 1 January 2012 17:20, agentzh wrote: > > On Sun, Jan 1, 2012 at 1:58 PM, Justin Hart wrote: > >> Thank you for the confirmation - I read through the parts of code in > >> question but wanted to get a second opinion. > >> > >> How about the lua and/or the perl modules? ?It looks as if they are > >> using the nginx functions? > > > > The current released versions of ngx_lua does have this vulnerability > > in its ngx.req.get_uri_args() and ngx.req.get_post_args() functions. > > I've already worked out a patch for these two functions in ngx_lua's > > git max-args branch here: > > > > ? ?https://github.com/chaoslawful/lua-nginx-module/commit/75876 > > > > With this patch, both of these functions will only parse 100 query > > args at most. And one can specify a custom maximum number of args > > parsed with an optional function argument (default to 100) and > > enforcing unlimited parsing by specifying a zero number. > > > > This patch (as well as this branch) will be merged into the master > > branch in 3 Jan. > > It would probably be a good idea at that point, to finally make a > release of v0.3.1 of the ngx_lua module as with about 45 "Release > Candidates", it must already hold some record :) +1. -- Sergey A. Osokin osa at FreeBSD.ORG.ru osa at FreeBSD.ORG From nginx-forum at nginx.us Sun Jan 1 20:33:00 2012 From: nginx-forum at nginx.us (mfouwaaz) Date: Sun, 01 Jan 2012 15:33:00 -0500 Subject: How to add a new directory under domain root? In-Reply-To: <49ee2d5d77a7ba176f1299d858100578.NginxMailingListEnglish@forum.nginx.org> References: <49ee2d5d77a7ba176f1299d858100578.NginxMailingListEnglish@forum.nginx.org> Message-ID: <069691cfcda07517cf11740d1fd34f50.NginxMailingListEnglish@forum.nginx.org> Just for the record, things seem to be back to normal when I change the folder name from images to img. That`s how I resolved this issue -- until the nginx or css Gods deem otherwise (I tend to lean toward the former though). Best wishes for a New Year filled with Peace, Prosperity and Happiness! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220689,220725#msg-220725 From emmiller at gmail.com Sun Jan 1 16:51:50 2012 From: emmiller at gmail.com (Evan Miller) Date: Sun, 1 Jan 2012 16:51:50 +0000 (UTC) Subject: Updated cross-reference (LXR) Message-ID: Hello from an old ghost! To ring in the new year I've updated the Nginx LXR for the first time in ages: http://lxr.evanmiller.org/http/source/ It now hosts code from the 1.0.11 and 1.1.12 releases; I've retired the ancient 0.6/0.7/0.8 sources. Peruse and enjoy! Evan From gelonida at gmail.com Sun Jan 1 22:43:17 2012 From: gelonida at gmail.com (Gelonida N) Date: Sun, 01 Jan 2012 23:43:17 +0100 Subject: Verify client certificate, but ignore expiration date In-Reply-To: References: Message-ID: Hmm no reaction to this question so far. Does this mean it is impossible: On 12/27/2011 01:34 PM, Gelonida wrote: > I wanted to know whether I can configure nginx to verify client > certificates and reject them if invalid. > > However I would like to exclude the expiration date from the validation > step. > > The context is rather simple. > > I have some embedded devices trying to connect to a server. The client > certificates for some of these devices will expire before > they will be returned for maintenance > Instead of disabling client certificates globally I would like to 'just' ignore > the expiration date of a selected list of devices > > Ideally I'd like to just ignore the expiration date of a few given > certificates, but in my current setup even ignoring all expiration dates > would be an option untill all devices were updated with new certificats > > Is there any setup allowing this? Alternatively I'd be willing to change the C source of nginx if this would help me to solve above mentioned issue. Thanks for any pointers and suggestions. P.S. I know, that the 'real' answer would be to just avoid above situation and renew certificates prior to their expiration. However this is unfortunately not possible for the already deployed devices. From rainer at ultra-secure.de Sun Jan 1 22:48:22 2012 From: rainer at ultra-secure.de (Rainer Duffner) Date: Sun, 1 Jan 2012 23:48:22 +0100 Subject: Verify client certificate, but ignore expiration date In-Reply-To: References: Message-ID: Am 27.12.2011 um 13:34 schrieb Gelonida: > I wanted to know whether I can configure nginx to verify client certificates and reject them if invalid. > > However I would like to exclude the expiration date from the validation step. > > The context is rather simple. > > I have some embedded devices trying to connect to a server. The client certificate for these devices expired and for a certain time I will be unable to update them. > > Instead of disabling client certificates I would like to 'just' ignore the expiration date. > > Ideally I'd like to just ignore the expiration date of a few given certificates, but in my current setup even ignoring all expiration dates would be an option. > > Is there any setup allowing this? > > Thanks in advance for any suggestion of how to achieve this. > I would suspect that most (all?) validation is done in the SSL-libraries. As such, you would probably have modify the openssl-source. I'm no programmer (sitting in a glass house here), but I'd say if you knew how to do that, you wouldn't have asked the original question anyway?. Instead of trying to find a "quick fix", I would accelerate the project to update the clients. From ilan at time4learning.com Mon Jan 2 02:20:23 2012 From: ilan at time4learning.com (Ilan Berkner) Date: Sun, 1 Jan 2012 21:20:23 -0500 Subject: Help with rewrite rule Message-ID: I'm trying to rewrite any png files referenced through the fancybox sub directory to a directory off of the images folder as follows: rewrite ^/fancybox/(.+\.png)$ /images/fancybox/$1 last; This is not working, probably b/c my regex is off the mark. Any suggestions? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From ilan at time4learning.com Mon Jan 2 02:27:34 2012 From: ilan at time4learning.com (Ilan Berkner) Date: Sun, 1 Jan 2012 21:27:34 -0500 Subject: Fwd: Help with rewrite rule In-Reply-To: References: Message-ID: Solved it with this rule: rewrite ^(.*)/fancybox/(.+\.png)$ /images/fancybox/$2 last; ---------- Forwarded message ---------- From: Ilan Berkner Date: Sun, Jan 1, 2012 at 9:20 PM Subject: Help with rewrite rule To: nginx at nginx.org I'm trying to rewrite any png files referenced through the fancybox sub directory to a directory off of the images folder as follows: rewrite ^/fancybox/(.+\.png)$ /images/fancybox/$1 last; This is not working, probably b/c my regex is off the mark. Any suggestions? Thanks -- Ilan Berkner Chief Technology Officer Time4Learning.com 6300 NE 1st Ave., Suite 203 Ft. Lauderdale, FL 33334 (954) 771-0914 Time4Learning.com - Online interactive curriculum for home use, PreK-8th Grade. Time4Writing.com - Online writing tutorials for high, middle, and elementary school students. Time4Learning.net - A forum to chat with parents online about kids, education, parenting and more. spellingcity.com - Online vocabulary and spelling activities for teachers, parents and students. -------------- next part -------------- An HTML attachment was scrubbed... URL: From sahmed1020 at gmail.com Mon Jan 2 02:52:20 2012 From: sahmed1020 at gmail.com (S Ahmed) Date: Sun, 1 Jan 2012 21:52:20 -0500 Subject: can nginx have client sent the request to a specific server? Message-ID: If I have 3 web servers, and 1 nginx sitting in front of them (public ip mapped to my nginx server). My other backend servers are: www1.example.com www2.example.com www3.example.com My users are upload large files, so I don't want the request going through my nginx front-end server and then to my wwwX.example.com server. Could it be possible to have nginx map the request to a specific backend server and then have the request continue with that specific server? So a request using a proxy I believe goes like this: client request => proxy => backend-server and then it goes from backend-server => proxy => response But I want it to go: client request => proxy and then backend-server => response => client i.e. use nginx simply to map the request to a specific server, and then the client will continue the request/response with that specific server that is publicly accessible. Now this request is a single request/response, it will not continue on. The client is simply uploading a file or posting a file and that's it. -------------- next part -------------- An HTML attachment was scrubbed... URL: From piotr.sikora at frickle.com Mon Jan 2 04:13:16 2012 From: piotr.sikora at frickle.com (Piotr Sikora) Date: Mon, 2 Jan 2012 05:13:16 +0100 Subject: Forcing a Basic Dialog Box. In-Reply-To: <4EFD2CB2.60809@styleflare.com> References: <4EFD2CB2.60809@styleflare.com> Message-ID: <9B701B7CE0CA4CC1B1E11D3113FD2C5A@Desktop> Hi, diff inline. Please note that you'll also need ngx_headers_more module: https://github.com/agentzh/headers-more-nginx-module > location / { > auth_basic "Restricted"; -auth_basic "Restricted"; > root /var/www/web/; > auth_request /auth; > > try_files $uri $uri/ @upstream; > } > > > location /auth { -location /auth { +location = /auth { > internal; > > postgres_escape $user $remote_user; > postgres_escape $pass $remote_passwd; > > postgres_pass database; > postgres_query "SELECT login FROM users WHERE > login=$user AND pass=$pass"; > postgres_rewrite no_rows 403; -postgres_rewrite no_rows 403; +postgres_rewrite no_rows 401; +more_set_headers -s 401 'WWW-Authenticate: Basic realm="Restricted"'; > postgres_output none; > } Best regards, Piotr Sikora < piotr.sikora at frickle.com > From quan.nexthop at gmail.com Mon Jan 2 04:37:36 2012 From: quan.nexthop at gmail.com (Geoge.Q) Date: Mon, 2 Jan 2012 12:37:36 +0800 Subject: 502 & 504 error, again Message-ID: I know it should be a well-known issue. I searched and try to find out what on earth it is, but I failed. Step: 1) nginx works as reverse proxy and the version is V1.0.5, OS: Debian 5.0.3, Kernel Version 2.6.32 2) Enabled http 1.1, 504 error is popup in client; the error log indicates: ------------------------------------------------- 2011/12/30 09:40:06 [error] 11013#0: *1 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 10.208.127.142, server: 1.1.1.1, request: "POST /QueryStatManage/StatStudentAction.aspx HTTP/1.1", upstream: " http://1.1.1.1:80/QueryStatManage/StatStudentAction.aspx", host: "1.1.1.1", referrer: "http://1.1.1.1/QueryStatManage/StatStudentAction.aspx" ------------------------------------------------- 3) increase the vaule > proxy_read_timeout 600s > proxy_send_timeout 600s this time, it is poped up 502, the error logs indicates ------------------------------------ 2011/12/30 09:53:54 [error] 11173#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 10.208.127.142, server: 1.1.1.1, request: "POST /QueryStatManage/StatStudentAction.aspx HTTP/1.1", upstream: " http://1.1.1.1:80/QueryStatManage/StatStudentAction.aspx", host: "1.1.1.1", referrer: "http://1.1.1.1/QueryStatManage/StatStudentAction.aspx" 4) Someone told me that there is a kernel bug in linux, I am not sure, can someone see the same issue ? thanks George -------------- next part -------------- An HTML attachment was scrubbed... URL: From nam.nh at nd24.net Mon Jan 2 05:10:59 2012 From: nam.nh at nd24.net (Nguyen Hai Nam) Date: Mon, 2 Jan 2012 12:10:59 +0700 Subject: Reverse proxy for multiple websites Message-ID: Hi, I'm sticking on configure a reverse proxy, my scenario looks like: Internet .......| .......|__Reverse proxy (listen port 80) ......................|__web1.com (listen port 8080) ......................|__web2.net (listen port 8080) ......................|__web-n.org (listen port 8080) Assume All website shared one public IP only and each website runs on independent VPS. If I create multi server{} block to use proxy_pass directive to web server inside, it's only web1.com can be reachable (perhaps it's on top config). It's highly appreciate if someone advice me ideas to make this working. Thanks, -- Best regards, Hai Nam, Nguyen From jkoh5 at hanmail.net Mon Jan 2 09:13:19 2012 From: jkoh5 at hanmail.net (=?utf-8?B?7ZWc6re466Oo?=) Date: Mon, 02 Jan 2012 18:13:19 +0900 (KST) Subject: anyone can help? Message-ID: <20120102181319.HM.00000000001b3yY@jkoh5.wwl1576.hanmail.net> An HTML attachment was scrubbed... URL: From david at styleflare.com Mon Jan 2 09:47:20 2012 From: david at styleflare.com (David) Date: Mon, 02 Jan 2012 04:47:20 -0500 Subject: Forcing a Basic Dialog Box. In-Reply-To: <9B701B7CE0CA4CC1B1E11D3113FD2C5A@Desktop> References: <4EFD2CB2.60809@styleflare.com> <9B701B7CE0CA4CC1B1E11D3113FD2C5A@Desktop> Message-ID: <4F017D28.606@styleflare.com> Fantastic. That worked great. I didnt realize I needed the extra $more_headers package. Appreciate your help. Thank you! On 1/1/12 11:13 PM, Piotr Sikora wrote: > Hi, > diff inline. > > Please note that you'll also need ngx_headers_more module: > https://github.com/agentzh/headers-more-nginx-module > >> location / { >> auth_basic "Restricted"; > > -auth_basic "Restricted"; > >> root /var/www/web/; >> auth_request /auth; >> >> try_files $uri $uri/ @upstream; >> } >> >> >> location /auth { > > -location /auth { > +location = /auth { > >> internal; >> >> postgres_escape $user $remote_user; >> postgres_escape $pass $remote_passwd; >> >> postgres_pass database; >> postgres_query "SELECT login FROM users WHERE >> login=$user AND pass=$pass"; >> postgres_rewrite no_rows 403; > > -postgres_rewrite no_rows 403; > +postgres_rewrite no_rows 401; > +more_set_headers -s 401 'WWW-Authenticate: Basic realm="Restricted"'; > >> postgres_output none; >> } > > Best regards, > Piotr Sikora < piotr.sikora at frickle.com > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From chx1975 at gmail.com Mon Jan 2 15:40:21 2012 From: chx1975 at gmail.com (Karoly Negyesi) Date: Mon, 2 Jan 2012 16:40:21 +0100 Subject: variable variables? Message-ID: Hi, Nginx provides the value of the cookie "foo" in $cookie_foo . Is it possible to read "foo" from the URL? In PHP you would use two dollar signs for this kind of indirection. Drupal sets the name of session cookie based on the cookie domain. I am running SSI (reading from Redis via Webdis) and I would like to read some user specific information which is stored in a Redis hash named after the sesion name with a key of the value of the session cookie. So the SSI command would be something include virtual="/user/SESSnameofthesession". So I need to rewrite that into something like /redis/SESSnameofthesession/${COOKIE_$SESSnameofthesession}. Thanks Karoly Negyesi Ps. Sorry if i sent two copies of this. From nginx-forum at nginx.us Mon Jan 2 17:08:09 2012 From: nginx-forum at nginx.us (wipeout_dude) Date: Mon, 02 Jan 2012 12:08:09 -0500 Subject: GZIP not compressing .js and .css files.. Message-ID: Hi, My server doesn't appear to be compressing .js and .css files.. I have the following in my /etc/nginx/nginx.conf.. #### gzip on; gzip_disable "msie6"; gzip_vary on; # gzip_proxied any; gzip_comp_level 1; gzip_buffers 16 8k; gzip_http_version 1.1; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; #### Pagespeed in Chrome is telling me to enable compression and lists all the .js and .css files.. Have I missed something? TIA Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220747,220747#msg-220747 From mdounin at mdounin.ru Mon Jan 2 23:54:39 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 3 Jan 2012 03:54:39 +0400 Subject: 502 & 504 error, again In-Reply-To: References: Message-ID: <20120102235439.GC67687@mdounin.ru> Hello! On Mon, Jan 02, 2012 at 12:37:36PM +0800, Geoge.Q wrote: > I know it should be a well-known issue. > I searched and try to find out what on earth it is, but I failed. > > Step: > 1) nginx works as reverse proxy and the version is V1.0.5, > OS: Debian 5.0.3, Kernel Version 2.6.32 > > 2) Enabled http 1.1, 504 error is popup in client; > the error log indicates: > ------------------------------------------------- > 2011/12/30 09:40:06 [error] 11013#0: *1 upstream timed out (110: Connection > timed out) while reading response header from upstream, client: > 10.208.127.142, server: 1.1.1.1, request: "POST > /QueryStatManage/StatStudentAction.aspx HTTP/1.1", upstream: " > http://1.1.1.1:80/QueryStatManage/StatStudentAction.aspx", host: "1.1.1.1", > referrer: "http://1.1.1.1/QueryStatManage/StatStudentAction.aspx" > ------------------------------------------------- The "upstream" and "server" seems to be the same, so it looks like you've created an infinite proxy loop. Maxim Dounin From mdounin at mdounin.ru Mon Jan 2 23:59:05 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 3 Jan 2012 03:59:05 +0400 Subject: Reverse proxy for multiple websites In-Reply-To: References: Message-ID: <20120102235905.GD67687@mdounin.ru> Hello! On Mon, Jan 02, 2012 at 12:10:59PM +0700, Nguyen Hai Nam wrote: > Hi, > > I'm sticking on configure a reverse proxy, my scenario looks like: > > Internet > .......| > .......|__Reverse proxy (listen port 80) > ......................|__web1.com (listen port 8080) > ......................|__web2.net (listen port 8080) > ......................|__web-n.org (listen port 8080) > > Assume All website shared one public IP only and each website runs on > independent VPS. > > If I create multi server{} block to use proxy_pass directive to web > server inside, it's only web1.com can be reachable (perhaps it's on > top config). > > It's highly appreciate if someone advice me ideas to make this working. If many backend sites share the same ip, and you refer all of them with the same name (or ip) in proxy_pass directive, you probably want to use somethine like proxy_set_header Host ; to make sure backend will be able to distinguish them. Or just proxy_set_header Host $host; to pass what you've got from client. Maxim Dounin From mdounin at mdounin.ru Tue Jan 3 00:33:06 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 3 Jan 2012 04:33:06 +0400 Subject: anyone can help? In-Reply-To: <20120102181319.HM.00000000001b3yY@jkoh5.wwl1576.hanmail.net> References: <20120102181319.HM.00000000001b3yY@jkoh5.wwl1576.hanmail.net> Message-ID: <20120103003305.GE67687@mdounin.ru> Hello! On Mon, Jan 02, 2012 at 06:13:19PM +0900, ??? wrote: > Hello. > > > we have a big problem when we test uploading big file to nginx proxy > server. > > > In stress test we uploaded only one file with 100M file then the cpu > usage is go up to 95% !! > > > How can we fix it? First of all, it's not clear how you managed to get it. And what exactly you get. You are see nginx using 95% CPU with one 100M POST request, right? Could you please provide config, nginx -V output and top(1) snapshot? Maxim Dounin p.s. Please post in plain text here, not html. Thank you. From agentzh at gmail.com Tue Jan 3 05:19:19 2012 From: agentzh at gmail.com (agentzh) Date: Tue, 3 Jan 2012 13:19:19 +0800 Subject: variable variables? In-Reply-To: References: Message-ID: On Mon, Jan 2, 2012 at 11:40 PM, Karoly Negyesi wrote: > Hi, > > Nginx provides the value of the cookie "foo" in $cookie_foo . Is it > possible to read "foo" from the URL? In PHP you would use two dollar > signs for this kind of indirection. > Well, it is trivial with ngx_lua's set_by_lua config directive: location /blah { set_by_lua $arg_value 'local arg_name = ngx.var.cookie_foo return ngx.var["arg_" .. arg_name]'; # reference $arg_value in later phase config directives here... } See the documentation for details: http://wiki.nginx.org/HttpLuaModule#set_by_lua Regards, -agentzh From agentzh at gmail.com Tue Jan 3 05:25:40 2012 From: agentzh at gmail.com (agentzh) Date: Tue, 3 Jan 2012 13:25:40 +0800 Subject: variable variables? In-Reply-To: References: Message-ID: On Mon, Jan 2, 2012 at 11:40 PM, Karoly Negyesi wrote: > > Drupal sets the name of session cookie based on the cookie domain. I > am running SSI (reading from Redis via Webdis) and I would like to > read some user specific information which is stored in a Redis hash > named after the sesion name with a key of the value of the session > cookie. So the SSI command would be something include > virtual="/user/SESSnameofthesession". So I need to rewrite that into > something like /redis/SESSnameofthesession/${COOKIE_$SESSnameofthesession}. > I think you may consider replacing webdis with ngx_redis2: http://wiki.nginx.org/HttpRedis2Module Also, you may consider replacing SSI with content_by_lua because the latter provides a full-fledged scripting language as well as the same nonblocking network I/O capabilities (with ngx_redis2, among other things). Regards, -agentzh From quan.nexthop at gmail.com Tue Jan 3 12:37:34 2012 From: quan.nexthop at gmail.com (Geoge.Q) Date: Tue, 3 Jan 2012 20:37:34 +0800 Subject: 502 & 504 error, again In-Reply-To: <20120102235439.GC67687@mdounin.ru> References: <20120102235439.GC67687@mdounin.ru> Message-ID: thanks Max. I will check and update you. George On Tue, Jan 3, 2012 at 7:54 AM, Maxim Dounin wrote: > Hello! > > On Mon, Jan 02, 2012 at 12:37:36PM +0800, Geoge.Q wrote: > > > I know it should be a well-known issue. > > I searched and try to find out what on earth it is, but I failed. > > > > Step: > > 1) nginx works as reverse proxy and the version is V1.0.5, > > OS: Debian 5.0.3, Kernel Version 2.6.32 > > > > 2) Enabled http 1.1, 504 error is popup in client; > > the error log indicates: > > ------------------------------------------------- > > 2011/12/30 09:40:06 [error] 11013#0: *1 upstream timed out (110: > Connection > > timed out) while reading response header from upstream, client: > > 10.208.127.142, server: 1.1.1.1, request: "POST > > /QueryStatManage/StatStudentAction.aspx HTTP/1.1", upstream: " > > http://1.1.1.1:80/QueryStatManage/StatStudentAction.aspx", host: > "1.1.1.1", > > referrer: "http://1.1.1.1/QueryStatManage/StatStudentAction.aspx" > > ------------------------------------------------- > > The "upstream" and "server" seems to be the same, so it looks > like you've created an infinite proxy loop. > > Maxim Dounin > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cabbar at gmail.com Tue Jan 3 13:32:36 2012 From: cabbar at gmail.com (Cabbar Duzayak) Date: Tue, 3 Jan 2012 15:32:36 +0200 Subject: Empty /error log lines (a lot of them) Message-ID: Hi, I am using NGINX 0.8.54 on Ubuntu 11.04, and I am getting a lot of weird log entries in nginx access file. The structure is somewhat like below, but as you can see there is no method, URL, referer, user agent, etc. And, I see bunch of entries for different IP addresses (3 to 30-40 entries per IP) It might be a browser issue, but since I am seeing a lot of these, I just wanted to ask here if anyone has seen this before. Thanks... - - [07/Oct/2011:17:11:22 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:11:22 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:17:52 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:17:52 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:17:52 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:17:52 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:20:02 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:20:02 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:20:02 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:46:56 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:46:56 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:46:56 +0300] "-" 400 0 "-" "-" - - [07/Oct/2011:17:49:46 +0300] "-" 400 0 "-" "-" From stef at scaleengine.com Mon Jan 2 11:23:47 2012 From: stef at scaleengine.com (Stefan Caunter) Date: Mon, 2 Jan 2012 06:23:47 -0500 Subject: anyone can help? In-Reply-To: <20120102181319.HM.00000000001b3yY@jkoh5.wwl1576.hanmail.net> References: <20120102181319.HM.00000000001b3yY@jkoh5.wwl1576.hanmail.net> Message-ID: On Mon, Jan 2, 2012 at 4:13 AM, ??? wrote: > > Hello. > > > > we have a big problem?when we test?uploading big file to nginx proxy server. > > > > In stress test we uploaded only one file with 100M file then the cpu usage is go up to 95% !! > > > > How can we fix it? > Please provide relevant logging. What is the hardware profile and OS? What is the nginx configuration? What is the application? ---- Stefan Caunter From stef at scaleengine.com Mon Jan 2 11:33:29 2012 From: stef at scaleengine.com (Stefan Caunter) Date: Mon, 2 Jan 2012 06:33:29 -0500 Subject: 502 & 504 error, again In-Reply-To: References: Message-ID: On Sun, Jan 1, 2012 at 11:37 PM, Geoge.Q wrote: > I know it should be a well-known issue. > I searched and try to find out what on earth it is, but I failed. > > Step: > 1) nginx works as reverse proxy and the version is V1.0.5, > ?? OS: Debian 5.0.3, Kernel Version 2.6.32 > > 2) Enabled http 1.1,?? 504 error? is popup in client; You enabled the HTTP/1.1 protocol? Where? What were you doing before? > the error log indicates: > ------------------------------------------------- > 2011/12/30 09:40:06 [error] 11013#0: *1 upstream timed out (110: Connection > timed out) while reading response header from upstream, client: > 10.208.127.142, server: 1.1.1.1, request: "POST > /QueryStatManage/StatStudentAction.aspx HTTP/1.1", upstream: > "http://1.1.1.1:80/QueryStatManage/StatStudentAction.aspx", host: "1.1.1.1", > referrer: "http://1.1.1.1/QueryStatManage/StatStudentAction.aspx" > ------------------------------------------------- > How large is the POST? > > 3) increase the vaule > ???? > proxy_read_timeout 600s > ???? > proxy_send_timeout 600s > > ?? this time, it is poped up 502, the error logs indicates > ------------------------------------ > 2011/12/30 09:53:54 [error] 11173#0: *1 upstream prematurely closed > connection while reading response header from upstream, client: > 10.208.127.142, server: 1.1.1.1, request: "POST > /QueryStatManage/StatStudentAction.aspx HTTP/1.1", upstream: > "http://1.1.1.1:80/QueryStatManage/StatStudentAction.aspx", host: "1.1.1.1", > referrer: "http://1.1.1.1/QueryStatManage/StatStudentAction.aspx" > Does the back end application work without nginx as proxy? What is the nginx configuration? We need details to help you. > 4) Someone told me that there is a kernel bug in linux, I am not sure, can > someone see the same issue ? Irrelevant. These are HTTP errors, with HTTP logging. If you have kernel errors, send your logs to the appropriate maintainers :) You are running an ASP.NET application. You have to correctly set proxy timeouts and buffer sizes to proxy to ASP applications, assuming the application works. Stefan Caunter http://scaleengine.com/contact From nginx-forum at nginx.us Tue Jan 3 16:59:52 2012 From: nginx-forum at nginx.us (fernandokosh) Date: Tue, 03 Jan 2012 11:59:52 -0500 Subject: How to solve the problem of "405 not allowed"? In-Reply-To: <63d620952a4a8185eb9a41fd44e226f0.NginxMailingListEnglish@forum.nginx.org> References: <0f5a7655c4c4966f79b764d0c974d75a.NginxMailingListEnglish@forum.nginx.org> <63d620952a4a8185eb9a41fd44e226f0.NginxMailingListEnglish@forum.nginx.org> Message-ID: I have the same issue here running Rails 2 apps virtual hosts on Debian Squeeze. In my case I, the error occur when I perform update with the PUT method. That's solve my problem: location / { error_page 405 = $uri; try_files $uri @unicorn_app; } Thank you! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,2414,220771#msg-220771 From r at roze.lv Tue Jan 3 17:18:45 2012 From: r at roze.lv (Reinis Rozitis) Date: Tue, 3 Jan 2012 19:18:45 +0200 Subject: image_filter on error_page location Message-ID: Hello, I can't figure how to solve such issue - nginx seems not to apply image_filter in case the picture comes from upstream via internal error_page. I have something like (if picture is prefixed with sm_ a dynamic thumbnail is made and the original saved locally): location ~ /sm_ { rewrite (.*)/sm_(.*) $1/$2 break; image_filter crop 100 100; error_page 404 = @store; } location @store { internal; proxy_pass http://backend/$uri; proxy_store on; } If the file doesn't exist on the server client gets the original/full sized image, on the second request when the file is stored on the nginx box the image/response gets resized. Also requesting directly from the upstream within the location block: location ~ /sm_ { rewrite (.*)/sm_(.*) $1/$2 break; image_filter crop 100 100; proxy_pass http://backend/$uri; } works as expected but in this case obviously no local copy (which is necessary) is made. Any suggestions? wbr rr From mdounin at mdounin.ru Tue Jan 3 22:00:29 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 4 Jan 2012 02:00:29 +0400 Subject: Empty /error log lines (a lot of them) In-Reply-To: References: Message-ID: <20120103220029.GJ67687@mdounin.ru> Hello! On Tue, Jan 03, 2012 at 03:32:36PM +0200, Cabbar Duzayak wrote: > Hi, > > I am using NGINX 0.8.54 on Ubuntu 11.04, and I am getting a lot of > weird log entries in nginx access file. The structure is somewhat like > below, but as you can see there is no method, URL, referer, user > agent, etc. And, I see bunch of entries for different IP addresses (3 > to 30-40 entries per IP) > > It might be a browser issue, but since I am seeing a lot of these, I > just wanted to ask here if anyone has seen this before. > > Thanks... > > > - - [07/Oct/2011:17:11:22 +0300] "-" 400 0 "-" "-" [...] Such lines appear when client opens a connection and doesn't send valid request (e.g. just closes the connection). Some modern browsers (e.g. Chrome) tend to open several extra connections "just in case" and close them once they realize they have no requests to send (and thus they cause such lines to appear). Another common reason is health checks from external balancers, but it's probably not your case. Maxim Dounin From mdounin at mdounin.ru Tue Jan 3 22:08:19 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 4 Jan 2012 02:08:19 +0400 Subject: image_filter on error_page location In-Reply-To: References: Message-ID: <20120103220819.GK67687@mdounin.ru> Hello! On Tue, Jan 03, 2012 at 07:18:45PM +0200, Reinis Rozitis wrote: > Hello, > I can't figure how to solve such issue - nginx seems not to apply > image_filter in case the picture comes from upstream via internal > error_page. > > > I have something like (if picture is prefixed with sm_ a dynamic thumbnail is made and the original saved locally): > > location ~ /sm_ { > rewrite (.*)/sm_(.*) $1/$2 break; > image_filter crop 100 100; > error_page 404 = @store; > } > > location @store { > internal; > proxy_pass http://backend/$uri; > proxy_store on; > > } > > > If the file doesn't exist on the server client gets the > original/full sized image, on the second request when the file is > stored on the nginx box the image/response gets resized. This is expected behaviour: you have no image_filter configured in location @store, which handles the request if file doesn't exists. Obvious fix is to add image_filter to location @store, i.e. location @store { internal; proxy_pass http://backend/$uri; proxy_store on; image_filter crop 100 100; } Maxim Dounin From nginx-forum at nginx.us Tue Jan 3 22:35:31 2012 From: nginx-forum at nginx.us (ronjpark) Date: Tue, 03 Jan 2012 17:35:31 -0500 Subject: Optimize nginx for uploading/download huge files.. Message-ID: Hello everyone, Firstly, I'm sorry for posting the same question here and there (How to forum). It is urgent issue to me. Could you give me a tip for which directives and values I have to set for the optimization? I installed nginx on virtual machine as reverse proxy server. It checks the authentication and bypasses the client request to the backend servers. The most transactions are to upload/download files, from 1M to 1G... The CPU usage hits 100% when the 1M file download request reaches around 25 TPS.. around 20 TPS for upload request.. I set client_body_buffer_size, proxy_buffer_size, proxy_buffers and so on.. But not so good yet.. :( client_body_buffer_size is set to 2M and it helps to increase TPS for uploading, but not enough. proxy_buffer_size = 1M and proxy_buffers = 4 1M help to increase TPS for downloading little bit, but not so much.. Other directives are set by its default. The below is the result of profiling with google_proftools_module. As you can see, the most time is spent on readv() and writev(). Please give me any advice or your experience. Thank you for your time. Total: 22244 samples 11928 53.6% 53.6% 11930 53.6% readv 8212 36.9% 90.5% 8212 36.9% writev 907 4.1% 94.6% 907 4.1% recv 359 1.6% 96.2% 359 1.6% __connect_nocancel 248 1.1% 97.3% 248 1.1% __close_nocancel 35 0.2% 97.5% 46 0.2% _IO_str_pbackfail 34 0.2% 97.7% 34 0.2% __write_nocancel 31 0.1% 97.8% 31 0.1% socket 28 0.1% 97.9% 28 0.1% memset and Total: 64475 samples 34117 52.9% 52.9% 34117 52.9% writev 14173 22.0% 74.9% 14181 22.0% readv 11981 18.6% 93.5% 11981 18.6% recv 1046 1.6% 95.1% 1049 1.6% __connect_nocancel 878 1.4% 96.5% 878 1.4% __close_nocancel 343 0.5% 97.0% 343 0.5% epoll_wait 160 0.2% 97.2% 160 0.2% __write_nocancel 89 0.1% 97.4% 89 0.1% __xstat64 81 0.1% 97.5% 115 0.2% _IO_str_pbackfail Here is the information of my VM: ronjpark at PSEProxy:~/release/REL.0.13$ cat /proc/cpuinfo processor : 0 vendor_id : GenuineIntel cpu family : 6 model : 2 model name : QEMU Virtual CPU version 0.14.1 stepping : 3 cpu MHz : 2393.998 cache size : 4096 KB fpu : yes fpu_exception : yes cpuid level : 4 wp : yes flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 clflush mmx fxsr sse sse2 syscall nx lm up rep_good nopl pni cx16 popcnt hypervisor lahf_lm bogomips : 4787.99 clflush size : 64 cache_alignment : 64 address sizes : 40 bits physical, 48 bits virtual power management: ronjpark at PSEProxy:~/release/REL.0.13$ cat /proc/meminfo MemTotal: 4057052 kB MemFree: 2651832 kB Buffers: 80984 kB Cached: 1100692 kB SwapCached: 3856 kB Active: 325744 kB Inactive: 910176 kB Active(anon): 48884 kB Inactive(anon): 5684 kB Active(file): 276860 kB Inactive(file): 904492 kB Unevictable: 0 kB Mlocked: 0 kB SwapTotal: 2095100 kB SwapFree: 2082688 kB Dirty: 4 kB Writeback: 0 kB AnonPages: 51356 kB Mapped: 15740 kB Shmem: 324 kB Slab: 66252 kB SReclaimable: 56796 kB SUnreclaim: 9456 kB KernelStack: 1160 kB PageTables: 4124 kB NFS_Unstable: 0 kB Bounce: 0 kB WritebackTmp: 0 kB CommitLimit: 4123624 kB Committed_AS: 176112 kB VmallocTotal: 34359738367 kB VmallocUsed: 28816 kB VmallocChunk: 34359707236 kB HardwareCorrupted: 0 kB HugePages_Total: 0 HugePages_Free: 0 HugePages_Rsvd: 0 HugePages_Surp: 0 Hugepagesize: 2048 kB DirectMap4k: 42996 kB DirectMap2M: 4151296 kB ronjpark at PSEProxy:~/release/REL.0.13$ uname -a Linux PSEProxy 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC 2011 x86_64 x86_64 x86_64 GNU/Linux Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220778,220778#msg-220778 From r at roze.lv Wed Jan 4 01:27:07 2012 From: r at roze.lv (Reinis Rozitis) Date: Wed, 4 Jan 2012 03:27:07 +0200 Subject: image_filter on error_page location In-Reply-To: <20120103220819.GK67687@mdounin.ru> References: <20120103220819.GK67687@mdounin.ru> Message-ID: > This is expected behaviour: you have no image_filter configured in > location @store, which handles the request if file doesn't exists. > Obvious fix is to add image_filter to location @store, i.e. I see. Got a feeling that will have to define a seperate 404 location for each thumbnail block (since there are bunch and all have different image_filter params). rr From m.kliewe at team.mail.de Wed Jan 4 01:55:57 2012 From: m.kliewe at team.mail.de (Michael Kliewe) Date: Wed, 04 Jan 2012 02:55:57 +0100 Subject: Empty /error log lines (a lot of them) In-Reply-To: References: Message-ID: <4F03B1AD.4090207@team.mail.de> Hi, I also have a lot of these lines in my logs on all nginx webservers, they are a result of loadbalancers or nagios/icinga or something that is checking your webservers port for availability, some kind of half open connection without a full http request. If there would be any configuration setting to disable these entries that would be great, would save I/O and disk space ;-) Michael Am 03.01.2012 14:32, schrieb Cabbar Duzayak: > Hi, > > I am using NGINX 0.8.54 on Ubuntu 11.04, and I am getting a lot of > weird log entries in nginx access file. The structure is somewhat like > below, but as you can see there is no method, URL, referer, user > agent, etc. And, I see bunch of entries for different IP addresses (3 > to 30-40 entries per IP) > > It might be a browser issue, but since I am seeing a lot of these, I > just wanted to ask here if anyone has seen this before. > > Thanks... > > > - - [07/Oct/2011:17:11:22 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:11:22 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:17:52 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:17:52 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:17:52 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:17:52 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:20:02 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:20:02 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:20:02 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:46:56 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:46:56 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:46:56 +0300] "-" 400 0 "-" "-" > - - [07/Oct/2011:17:49:46 +0300] "-" 400 0 "-" "-" > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nbubingo at gmail.com Wed Jan 4 04:43:45 2012 From: nbubingo at gmail.com (=?GB2312?B?0qbOsLHz?=) Date: Wed, 4 Jan 2012 12:43:45 +0800 Subject: Updated cross-reference (LXR) In-Reply-To: References: Message-ID: Thanks. Evan. 2012/1/2 Evan Miller : > Hello from an old ghost! To ring in the new year I've updated the > Nginx LXR for the first time in ages: > > http://lxr.evanmiller.org/http/source/ > > It now hosts code from the 1.0.11 and 1.1.12 releases; I've retired > the ancient 0.6/0.7/0.8 sources. Peruse and enjoy! > > Evan > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From cabbar at gmail.com Wed Jan 4 07:03:51 2012 From: cabbar at gmail.com (Cabbar Duzayak) Date: Wed, 4 Jan 2012 09:03:51 +0200 Subject: Empty /error log lines (a lot of them) In-Reply-To: <4F03B1AD.4090207@team.mail.de> References: <4F03B1AD.4090207@team.mail.de> Message-ID: Hi, Upon further investigation, it turned out to be coming from chrome browser actually... I could not find why it is doing that (it was not shown in its network details page nor developer tools), but every once in a while it is going crazy and sending 4-5 requests at a time. And, it looked like these were generated from the browser right after a facebook call. And number of requests varies as well, sometimes it is just one request, sometimes it is 4 at a time. BTW, FF is not doing this. As Michael was saying, this is causing unnecessary I/O, disk space, etc. And, wish there was a way of disabling this! Can we at least tell Nginx not to log these? Something like, if there is no http method / url, skip the log? Thanks... On Wed, Jan 4, 2012 at 3:55 AM, Michael Kliewe wrote: > Hi, > > I also have a lot of these lines in my logs on all nginx webservers, they > are a result of loadbalancers or nagios/icinga or something that is checking > your webservers port for availability, some kind of half open connection > without a full http request. If there would be any configuration setting to > disable these entries that would be great, would save I/O and disk space ;-) > > Michael > > Am 03.01.2012 14:32, schrieb Cabbar Duzayak: >> >> Hi, >> >> I am using NGINX 0.8.54 on Ubuntu 11.04, and I am getting a lot of >> weird log entries in nginx access file. The structure is somewhat like >> below, but as ?you can see there is no method, URL, referer, user >> agent, etc. And, I see bunch of entries for different IP addresses (3 >> to 30-40 entries per IP) >> >> It might be a browser issue, but since I am seeing a lot of these, I >> just wanted to ask here if anyone has seen this before. >> >> Thanks... >> >> >> ?- - [07/Oct/2011:17:11:22 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:11:22 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:11:52 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:12:32 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:13:22 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:17:52 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:17:52 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:17:52 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:17:52 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:20:02 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:20:02 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:20:02 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:45:56 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:46:16 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:46:56 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:46:56 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:46:56 +0300] "-" 400 0 "-" "-" >> ?- - [07/Oct/2011:17:49:46 +0300] "-" 400 0 "-" "-" >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From agentzh at gmail.com Wed Jan 4 11:48:35 2012 From: agentzh at gmail.com (agentzh) Date: Wed, 4 Jan 2012 19:48:35 +0800 Subject: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)? In-Reply-To: References: <1285211291852136747@unknownmsgid> Message-ID: On Sun, Jan 1, 2012 at 10:20 PM, agentzh wrote: > The current released versions of ngx_lua does have this vulnerability > in its ngx.req.get_uri_args() and ngx.req.get_post_args() functions. > I've already worked out a patch for these two functions in ngx_lua's > git max-args branch here: > > ? ?https://github.com/chaoslawful/lua-nginx-module/commit/75876 > > With this patch, both of these functions will only parse 100 query > args at most. And one can specify a custom maximum number of args > parsed with an optional function argument (default to 100) and > enforcing unlimited parsing by specifying a zero number. > > This patch (as well as this branch) will be merged into the master > branch in 3 Jan. > I've also added similar protections to ngx.req.get_headers(): http://wiki.nginx.org/HttpLuaModule#ngx.req.get_headers All of these changes have been released as ngx_lua 0.3.1rc45: https://github.com/chaoslawful/lua-nginx-module/tags and also included in the ngx_openresty bundle's devel version 1.0.10.39: http://openresty.org/#Download Feedback welcome! Best, -agentzh From nginx-forum at nginx.us Wed Jan 4 14:12:12 2012 From: nginx-forum at nginx.us (od3n) Date: Wed, 04 Jan 2012 09:12:12 -0500 Subject: rewrite rule custom.php to custom.css Message-ID: <448df5c84ba71ba759f9506d759831e1.NginxMailingListEnglish@forum.nginx.org> hi, how can i rename custom.php to custom.css for my wordpress custom css. let say i put my custom.php inside my theme folder http://example.com/wp-content/themes/mytheme/assets/css/custom.php Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220792,220792#msg-220792 From appa at perusio.net Wed Jan 4 14:28:07 2012 From: appa at perusio.net (=?UTF-8?B?QW50w7NuaW8=?= P. P. Almeida) Date: Wed, 04 Jan 2012 14:28:07 +0000 Subject: rewrite rule custom.php to custom.css In-Reply-To: <448df5c84ba71ba759f9506d759831e1.NginxMailingListEnglish@forum.nginx.org> References: <448df5c84ba71ba759f9506d759831e1.NginxMailingListEnglish@forum.nginx.org> Message-ID: <878vln8ruw.wl%appa@perusio.net> On 4 Jan 2012 14h12 WET, nginx-forum at nginx.us wrote: > hi, > > how can i rename custom.php to custom.css for my wordpress custom > css. You mean rewrite or redirect I suppose. > let say i put my custom.php inside my theme folder > > http://example.com/wp-content/themes/mytheme/assets/css/custom.php Try: location ^~ /wp-content/themes/mytheme/assets/css/custom.php { return 302 /wp-content/themes/mytheme/assets/css/custom.css; } --- appa From nginx-forum at nginx.us Wed Jan 4 14:41:26 2012 From: nginx-forum at nginx.us (od3n) Date: Wed, 04 Jan 2012 09:41:26 -0500 Subject: rewrite rule custom.php to custom.css In-Reply-To: <878vln8ruw.wl%appa@perusio.net> References: <878vln8ruw.wl%appa@perusio.net> Message-ID: it's not redirect. i have .php file, but no .css file. if in apache, rewrite rule is like this : RewriteEngine On RewriteRule custom.css custom.php [L,QSA] Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220792,220794#msg-220794 From appa at perusio.net Wed Jan 4 14:53:01 2012 From: appa at perusio.net (=?UTF-8?B?QW50w7NuaW8=?= P. P. Almeida) Date: Wed, 04 Jan 2012 14:53:01 +0000 Subject: rewrite rule custom.php to custom.css In-Reply-To: References: <878vln8ruw.wl%appa@perusio.net> Message-ID: <877h178qpe.wl%appa@perusio.net> On 4 Jan 2012 14h41 WET, nginx-forum at nginx.us wrote: > it's not redirect. i have .php file, but no .css file. > > if in apache, rewrite rule is like this : > > > RewriteEngine On > RewriteRule custom.css custom.php [L,QSA] > > It's the other way around: location ^~ /wp-content/themes/mytheme/assets/css/custom.css { return 302 /wp-content/themes/mytheme/assets/css/custom.php; } --- appa From moseleymark at gmail.com Wed Jan 4 17:29:20 2012 From: moseleymark at gmail.com (Mark Moseley) Date: Wed, 4 Jan 2012 09:29:20 -0800 Subject: Netcraft Survey Message-ID: Congrats on passing M$ in the Active Site category. We've been using nginx for a few years now, to front Apache servers, with dramatic results, so I'm very grateful for all your efforts and think the rise in nginx popularity is well-deserved. From mit at stagename.com Wed Jan 4 18:27:34 2012 From: mit at stagename.com (Mit Rowe) Date: Wed, 4 Jan 2012 13:27:34 -0500 Subject: Empty /error log lines (a lot of them) In-Reply-To: References: <4F03B1AD.4090207@team.mail.de> Message-ID: On Wed, Jan 4, 2012 at 2:03 AM, Cabbar Duzayak wrote: > Hi, > > [..snip..] > Can we at least tell Nginx not to log these? Something like, if there > is no http method / url, skip the log? > > It's very likely that there's no Host header sent, so it's being directed to the server set as "default". In my setup i define a server{} section for every real host, and then add a separate "catch all" one for everything else and turn off the logs when not debugging. If you are able to do something similar, it should capture those spurious connections, direct them to the default host, and not log the lines #catch all server { listen 80 default_server; server_name localhost.domain.com localhost 127.0.0.1 xx.xx.xx.xx; #where xx.xx.xx.xx is the local IP access_log off; location / { #local allow 127.0.0.1; #office router allow xx.xx.xx.xx; #protect deny all; } } #real server(s) server { access_log /var/log/nginx/access.log; listen 80; server_name .domain.com; #matches www.domain.com and domain.com location / { #[..snip..] } } -- Will 'Mit' Rowe Stagename* *1-866-326-3098 mit at stagename.com www.stagename.com Twitter: @stagename *The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any review, retransmission, dissemination or other use of this information by persons or entities other than the intended recipient is prohibited. If you received this transmission in error, please contact the sender and delete all material contained herein from your computer.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Wed Jan 4 19:05:59 2012 From: nginx-forum at nginx.us (fxofxo) Date: Wed, 04 Jan 2012 14:05:59 -0500 Subject: Simply change the listen port ,does not work Message-ID: Hi, I just installed nginx-1.0.11 , and start it by default , view http://xxx.xxx.xxx.xxx:80 ,and nginx works Then I change the listen port in default.conf to 82, kill nginx , restart , and view http://xxx.xxx.xxx.xxx:82, nothing happened, nginx failed. Could anyone tell me what's wrong with it ? Thanks very much. server { listen 82; server_name localhost; #charset koi8-r; #access_log /var/log/nginx/log/host.access.log main; location / { root /usr/share/nginx/html; index index.html index.htm; } #error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # root html; # fastcgi_pass 127.0.0.1:9000; # fastcgi_index index.php; # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; # include fastcgi_params; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220804,220804#msg-220804 From nginx at nginxuser.net Wed Jan 4 20:01:56 2012 From: nginx at nginxuser.net (Nginx User) Date: Wed, 4 Jan 2012 23:01:56 +0300 Subject: Is nginx vulnerable to the Hash Table Vulnerability (n.runs AG)? In-Reply-To: References: <1285211291852136747@unknownmsgid> Message-ID: On 4 January 2012 14:48, agentzh wrote: > I've also added similar protections to ngx.req.get_headers(): > > ? ?http://wiki.nginx.org/HttpLuaModule#ngx.req.get_headers > > All of these changes have been released as ngx_lua 0.3.1rc45: Nice one. Thanks. From nginx-forum at nginx.us Wed Jan 4 20:12:10 2012 From: nginx-forum at nginx.us (piotr) Date: Wed, 04 Jan 2012 15:12:10 -0500 Subject: proxy_ignore_headers doesn't seem to work In-Reply-To: <20111218111735.GN67687@mdounin.ru> References: <20111218111735.GN67687@mdounin.ru> Message-ID: <205695db0bbc533cbb1587461c79dbf3.NginxMailingListEnglish@forum.nginx.org> Maxim, Sorry for the late response. I'm trying to hide those headers, you can see it in config posted before: proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; proxy_cache_valid 200 302 600h; proxy_cache_valid any 90m; But as you can see, you can find expire, cache-control headers in proxy repsonse, and also in headers of stored cache files on disk. With values from upstream server, not those set in config. I'm not sure now those times from my previous response, but whatever i do (delete cached files from disk, restart nginx, wait 10 minutes to expire files cached on disk), nginx is always returning in response cache-control and expire in 600 sec - taking this value from upstream server, not from the config file. Also, file is stored on disk for 600s, after this time i can see in logs that nginx is downloading again file from upstream server. Nginx should cache files for 600h in current config, but i've also tried before other values, like 6h or 6d etc. http://mpq1.XXX.com/tiles/1.0.0/osm/12/1035/1519.jpg GET /tiles/1.0.0/osm/12/1035/1519.jpg HTTP/1.1 Host: mpq1.XXX.com User-Agent: Mozilla/5.0 (Ubuntu; X11; Linux i686; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en,en-us;q=0.7,pl;q=0.3 Accept-Encoding: gzip, deflate Accept-Charset: ISO-8859-2,utf-8;q=0.7,*;q=0.7 Connection: keep-alive Cookie: bblastvisit=1325618979; bblastactivity=0; __utma=26892847.843027784.1325618982.1325618982.1325703951.2; __utmz=26892847.1325618982.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __qca=P0-367095175-1325618982208; bbsessionhash=02acddda9354e88dd04bab92358aeca6; __utmc=26892847 HTTP/1.1 200 OK Server: nginx/1.0.11 Date: Wed, 04 Jan 2012 19:52:01 GMT Content-Type: image/jpeg Connection: keep-alive Content-Length: 8010 Cache-Control: max-age=600 Last-Modified: Wed, 04 Jan 2012 02:18:15 GMT Expires: Wed, 04 Jan 2012 20:02:01 GMT Regards, Piotr Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220058,220808#msg-220808 From unai at leanservers.com Wed Jan 4 21:05:33 2012 From: unai at leanservers.com (Unai Rodriguez) Date: Thu, 5 Jan 2012 05:05:33 +0800 Subject: Simply change the listen port ,does not work In-Reply-To: References: Message-ID: <97645564-55A9-42AD-BBC9-64FB47AA1420@leanservers.com> Fxofxo, What do you mean by "nothing happened, nginx failed"? Is there any specific error on the logs? Are you sure NGINX is being restarted properly? Is NGINX listening on port 82 after you restart it? Unai Rodriguez CTO & Cofounder LeanWired LLP Singapore 168977 www.leanservers.com unai at leanservers.com On 5 Jan, 2012, at 3:05, "fxofxo" wrote: > Hi, I just installed nginx-1.0.11 , and start it by default , view > http://xxx.xxx.xxx.xxx:80 ,and nginx works > Then I change the listen port in default.conf to 82, kill nginx , > restart , and view http://xxx.xxx.xxx.xxx:82, nothing happened, nginx > failed. > Could anyone tell me what's wrong with it ? Thanks very much. > > server { > listen 82; > server_name localhost; > > #charset koi8-r; > #access_log /var/log/nginx/log/host.access.log main; > > location / { > root /usr/share/nginx/html; > index index.html index.htm; > } > > #error_page 404 /404.html; > > # redirect server error pages to the static page /50x.html > # > error_page 500 502 503 504 /50x.html; > location = /50x.html { > root /usr/share/nginx/html; > } > > # proxy the PHP scripts to Apache listening on 127.0.0.1:80 > # > #location ~ \.php$ { > # proxy_pass http://127.0.0.1; > #} > > # pass the PHP scripts to FastCGI server listening on > 127.0.0.1:9000 > # > #location ~ \.php$ { > # root html; > # fastcgi_pass 127.0.0.1:9000; > # fastcgi_index index.php; > # fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; > # include fastcgi_params; > #} > > # deny access to .htaccess files, if Apache's document root > # concurs with nginx's one > # > #location ~ /\.ht { > # deny all; > #} > } > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220804,220804#msg-220804 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From francis at daoine.org Wed Jan 4 22:26:05 2012 From: francis at daoine.org (Francis Daly) Date: Wed, 4 Jan 2012 22:26:05 +0000 Subject: proxy_ignore_headers doesn't seem to work In-Reply-To: <205695db0bbc533cbb1587461c79dbf3.NginxMailingListEnglish@forum.nginx.org> References: <20111218111735.GN67687@mdounin.ru> <205695db0bbc533cbb1587461c79dbf3.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20120104222605.GT27443@craic.sysops.org> On Wed, Jan 04, 2012 at 03:12:10PM -0500, piotr wrote: Hi there, > I'm trying to hide those headers, you can see it in config posted > before: > > proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; No, that's proxy_ignore_headers, not proxy_hide_header. > proxy_cache_valid 200 302 600h; > proxy_cache_valid any 90m; > > But as you can see, you can find expire, cache-control headers in proxy > repsonse, and also in headers of stored cache files on disk. With values > from upstream server, not those set in config. What comes from upstream is stored on disk. That's expected. proxy_ignore_headers determines which of upstream headers or proxy_cache_valid is used by nginx to decide for how long nginx will cache the response. Separate from that, you can use "proxy_hide_header" to tell nginx not to send some headers that came from upstream, to the client. Separate from that (mostly), you can use "expires" to tell nginx how to set Expires: and Cache-Control: headers in the response to the client. "(mostly)" is there because nginx will only send a single Expires header, so if you use "expires" to set one, then the one from upstream will not go to the client, even if it isn't in "proxy_hide_header". > I'm not sure now those times from my previous response, but whatever i > do (delete cached files from disk, restart nginx, wait 10 minutes to > expire files cached on disk), nginx is always returning in response > cache-control and expire in 600 sec - taking this value from upstream > server, not from the config file. That is as expected, since you have no other value in the config file to send in the response, and you have nothing in the config file to tell nginx not to send what came from upstream. > Also, file is stored on disk for 600s, > after this time i can see in logs that nginx is downloading again file > from upstream server. Nginx should cache files for 600h in current > config, but i've also tried before other values, like 6h or 6d etc. That observation, I don't understand. You can examine the first few bytes of the on-disk cache file to see when nginx thinks that it will become stale: od -t dL $cache_file | head -n 1 The second and fourth numbers there are valid-until- and fetched-at- timestamps, respectively. So if they are only 600 apart, then something unexpected (to me) is happening. When I use configuration like > proxy_cache_valid 200 302 600h; > proxy_cache_valid any 90m; in 1.1.11, I see them being the expected 2160000 (seconds, = 600 hours) apart for a http 200 response. Good luck, f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Wed Jan 4 22:30:42 2012 From: nginx-forum at nginx.us (freejack) Date: Wed, 04 Jan 2012 17:30:42 -0500 Subject: Trailing slash being removed from document root Message-ID: Hi all. We're considering switching from lighttpd to nginx in my company and so far everything looks good except for one thing I can't seem to figure out. When getting the document root in PHP from nginx using this: $_SERVER['DOCUMENT_ROOT']."../".$ZONE."/".$LOCALE...etc...... nginx will always return the path WITHOUT the trailing slash. I have the document root configured like this: root /home/web/www.site.com/html/; # note the trailing slash We have way too much code in php that gets the document root without adding a trailing slash after $_SERVER['DOCUMENT_ROOT'] because lighttpd and apache before that always had preserved the trailing slash. How can I configure nginx to keep the slash? Thanks! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220811,220811#msg-220811 From francis at daoine.org Wed Jan 4 22:56:58 2012 From: francis at daoine.org (Francis Daly) Date: Wed, 4 Jan 2012 22:56:58 +0000 Subject: Trailing slash being removed from document root In-Reply-To: References: Message-ID: <20120104225658.GU27443@craic.sysops.org> On Wed, Jan 04, 2012 at 05:30:42PM -0500, freejack wrote: Hi there, > When getting the document root in PHP from nginx using this: > > $_SERVER['DOCUMENT_ROOT']."../".$ZONE."/".$LOCALE...etc...... > > nginx will always return the path WITHOUT the trailing slash. nginx doesn't do PHP, it does fastcgi. Which means that it sends a series of key/value params to the fastcgi server, which in turn presents them to your PHP in the _SERVER array. Which in turn means that... > We have way too much code in php that gets the document root without > adding a trailing slash after $_SERVER['DOCUMENT_ROOT'] because lighttpd > and apache before that always had preserved the trailing slash. > > How can I configure nginx to keep the slash? ...wherever you currently set "fastcgi_param DOCUMENT_ROOT" (probably from "include fastcgi.conf"), add the slash there and it all should Just Work. That is: you probably have fastcgi_param DOCUMENT_ROOT $document_root; Change it to be fastcgi_param DOCUMENT_ROOT $document_root/; and on nginx -s reload, you should see the difference. f -- Francis Daly francis at daoine.org From francis at daoine.org Wed Jan 4 23:13:26 2012 From: francis at daoine.org (Francis Daly) Date: Wed, 4 Jan 2012 23:13:26 +0000 Subject: proxy_ignore_headers doesn't seem to work In-Reply-To: <20120104222605.GT27443@craic.sysops.org> References: <20111218111735.GN67687@mdounin.ru> <205695db0bbc533cbb1587461c79dbf3.NginxMailingListEnglish@forum.nginx.org> <20120104222605.GT27443@craic.sysops.org> Message-ID: <20120104231326.GV27443@craic.sysops.org> On Wed, Jan 04, 2012 at 10:26:05PM +0000, Francis Daly wrote: > On Wed, Jan 04, 2012 at 03:12:10PM -0500, piotr wrote: Hi there, One more thing on the final "600s"... > > Also, file is stored on disk for 600s, > > after this time i can see in logs that nginx is downloading again file > > from upstream server. Nginx should cache files for 600h in current > > config, but i've also tried before other values, like 6h or 6d etc. > > That observation, I don't understand. You don't specify "inactive" in your proxy_cache_path directive, so it defaults to 10 minutes. If you see one new request per url every 11 minutes, then it is expected that nginx will re-fetch from upstream each time. If you see a new request every 9 minutes, then nginx should not need to re-fetch from upstream. Does that explain what you see? f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Wed Jan 4 23:16:36 2012 From: nginx-forum at nginx.us (freejack) Date: Wed, 04 Jan 2012 18:16:36 -0500 Subject: Trailing slash being removed from document root In-Reply-To: References: Message-ID: <0ff38419352beda9dab73b11dd2ffe32.NginxMailingListEnglish@forum.nginx.org> Thanks that did the trick! Still have a lot to learn... ;) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220811,220814#msg-220814 From stef at caunter.ca Wed Jan 4 23:31:56 2012 From: stef at caunter.ca (Stefan Caunter) Date: Wed, 4 Jan 2012 18:31:56 -0500 Subject: Optimize nginx for uploading/download huge files.. In-Reply-To: References: Message-ID: On Tue, Jan 3, 2012 at 5:35 PM, ronjpark wrote: > Hello everyone, > > Firstly, I'm sorry for posting the same question here and there (How to > forum). > It is urgent issue to me. > > Could you give me a tip for which directives and values I have to set > for the optimization? > > I installed nginx on virtual machine as reverse proxy server. > It checks the authentication and bypasses the client request to the > backend servers. > The most transactions are to upload/download files, from 1M to 1G... > > The CPU usage hits 100% when the 1M file download request reaches around > 25 TPS.. > around 20 TPS for upload request.. > > I set client_body_buffer_size, proxy_buffer_size, proxy_buffers and so > on.. > But not so good yet.. :( > > client_body_buffer_size is set to 2M and it helps to increase TPS for > uploading, but not enough. > proxy_buffer_size = 1M and proxy_buffers = 4 1M help to increase TPS for > downloading little bit, but not so much.. > Other directives are set by its default. > > The below is the result of profiling with google_proftools_module. > As you can see, the most time is spent on readv() and writev(). > > Please give me any advice or your experience. > Thank you for your time. > > Total: 22244 samples > 11928 53.6% 53.6% 11930 53.6% readv > 8212 36.9% 90.5% 8212 36.9% writev > 907 4.1% 94.6% 907 4.1% recv > 359 1.6% 96.2% 359 1.6% __connect_nocancel > 248 1.1% 97.3% 248 1.1% __close_nocancel > 35 0.2% 97.5% 46 0.2% _IO_str_pbackfail > 34 0.2% 97.7% 34 0.2% __write_nocancel > 31 0.1% 97.8% 31 0.1% socket > 28 0.1% 97.9% 28 0.1% memset > and > Total: 64475 samples > 34117 52.9% 52.9% 34117 52.9% writev > 14173 22.0% 74.9% 14181 22.0% readv > 11981 18.6% 93.5% 11981 18.6% recv > 1046 1.6% 95.1% 1049 1.6% __connect_nocancel > 878 1.4% 96.5% 878 1.4% __close_nocancel > 343 0.5% 97.0% 343 0.5% epoll_wait > 160 0.2% 97.2% 160 0.2% __write_nocancel > 89 0.1% 97.4% 89 0.1% __xstat64 > 81 0.1% 97.5% 115 0.2% _IO_str_pbackfail > > > Here is the information of my VM: > ronjpark at PSEProxy:~/release/REL.0.13$ cat /proc/cpuinfo > processor : 0 > vendor_id : GenuineIntel > cpu family : 6 > model : 2 > model name : QEMU Virtual CPU version 0.14.1 > stepping : 3 > cpu MHz : 2393.998 > cache size : 4096 KB > fpu : yes > fpu_exception : yes > cpuid level : 4 > wp : yes > flags : fpu de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pse36 > clflush mmx fxsr sse sse2 syscall nx lm up rep_good nopl pni cx16 popcnt > hypervisor lahf_lm > bogomips : 4787.99 > clflush size : 64 > cache_alignment : 64 > address sizes : 40 bits physical, 48 bits virtual > power management: > > ronjpark at PSEProxy:~/release/REL.0.13$ cat /proc/meminfo > MemTotal: 4057052 kB > MemFree: 2651832 kB > Buffers: 80984 kB > Cached: 1100692 kB > SwapCached: 3856 kB > Active: 325744 kB > Inactive: 910176 kB > Active(anon): 48884 kB > Inactive(anon): 5684 kB > Active(file): 276860 kB > Inactive(file): 904492 kB > Unevictable: 0 kB > Mlocked: 0 kB > SwapTotal: 2095100 kB > SwapFree: 2082688 kB > Dirty: 4 kB > Writeback: 0 kB > AnonPages: 51356 kB > Mapped: 15740 kB > Shmem: 324 kB > Slab: 66252 kB > SReclaimable: 56796 kB > SUnreclaim: 9456 kB > KernelStack: 1160 kB > PageTables: 4124 kB > NFS_Unstable: 0 kB > Bounce: 0 kB > WritebackTmp: 0 kB > CommitLimit: 4123624 kB > Committed_AS: 176112 kB > VmallocTotal: 34359738367 kB > VmallocUsed: 28816 kB > VmallocChunk: 34359707236 kB > HardwareCorrupted: 0 kB > HugePages_Total: 0 > HugePages_Free: 0 > HugePages_Rsvd: 0 > HugePages_Surp: 0 > Hugepagesize: 2048 kB > DirectMap4k: 42996 kB > DirectMap2M: 4151296 kB > ronjpark at PSEProxy:~/release/REL.0.13$ uname -a > Linux PSEProxy 2.6.38-8-server #42-Ubuntu SMP Mon Apr 11 03:49:04 UTC > 2011 x86_64 x86_64 x86_64 GNU/Linux The bottleneck is neither CPU nor memory. VM disk performance will be bad. Any throughput you get on the virtual disk will degrade as each concurrent upload client triggers reads and writes. This is one case where you need a SAN, ZFS filesystem, or an SSD drive; configure with large block size if files are >1GB. Even server class hard drives will thrash and slow down everything with enough clients contending for the disk. Remember, in relative time, if a cpu operation takes a second, an operation on the disk takes one month, under ideal conditions, and you are giving nginx less than ideal conditions. Stefan Caunter http://scaleengine.com/contact From nginx-forum at nginx.us Wed Jan 4 23:51:16 2012 From: nginx-forum at nginx.us (DeneB) Date: Wed, 04 Jan 2012 18:51:16 -0500 Subject: NGinX Form Input Problem Message-ID: <7b47560704a625f5d162e375a3a6171a.NginxMailingListEnglish@forum.nginx.org> I have just recently set-up a new LEMP in Ubuntu 11.10 (64-bit) and running NGinX ver 1.0.5. the server is running fine but I cannot seem to get any forms to work. On my old server (windows) the forms worked fine, but now I get the following error "502 Bad Gateway". NGinX was installed with apt-get install, it is not a version that I compiled myself. Also I am running PHP5-Fastcgi. I have tried setting the forms to work in two different ways, one to write to a text file and also to write to MySQL database.....but with no luck. Any ideas on how to get the forms working again?? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220816,220816#msg-220816 From nginx-forum at nginx.us Thu Jan 5 00:38:08 2012 From: nginx-forum at nginx.us (ronjpark) Date: Wed, 04 Jan 2012 19:38:08 -0500 Subject: Optimize nginx for uploading/download huge files.. In-Reply-To: References: Message-ID: <9c6788ce9aa062102b81fa4ddba7d9d3.NginxMailingListEnglish@forum.nginx.org> stefancaunter Wrote: ------------------------------------------------------- > On Tue, Jan 3, 2012 at 5:35 PM, ronjpark > wrote: > > The bottleneck is neither CPU nor memory. VM disk > performance will be > bad. Any throughput you get on the virtual disk > will degrade as each > concurrent upload client triggers reads and > writes. This is one case > where you need a SAN, ZFS filesystem, or an SSD > drive; configure with > large block size if files are >1GB. Even server > class hard drives will > thrash and slow down everything with enough > clients contending for the > disk. Remember, in relative time, if a cpu > operation takes a second, > an operation on the disk takes one month, under > ideal conditions, and > you are giving nginx less than ideal conditions. > > Stefan Caunter > http://scaleengine.com/contact > Thank you Stefan. I also doubted what you said and tested with 1MB file. client_body_buffer_size is set to 2M and proxy_buffer_size = 2M also. But it doesn't work. As my understainding, nginx doesn't make disk I/O for this file transaction because of enough big buffer size. Right? Please fix me if I'm wrong. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220778,220818#msg-220818 From mdounin at mdounin.ru Thu Jan 5 03:18:57 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 5 Jan 2012 07:18:57 +0400 Subject: proxy_ignore_headers doesn't seem to work In-Reply-To: <205695db0bbc533cbb1587461c79dbf3.NginxMailingListEnglish@forum.nginx.org> References: <20111218111735.GN67687@mdounin.ru> <205695db0bbc533cbb1587461c79dbf3.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20120105031856.GM67687@mdounin.ru> Hello! On Wed, Jan 04, 2012 at 03:12:10PM -0500, piotr wrote: > Maxim, > > Sorry for the late response. > > I'm trying to hide those headers, you can see it in config posted > before: > > proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; > proxy_cache_valid 200 302 600h; > proxy_cache_valid any 90m; > > But as you can see, you can find expire, cache-control headers in proxy > repsonse, and also in headers of stored cache files on disk. With values > from upstream server, not those set in config. You don't hide the headers, and don't set headers in config. The proxy_ignore_headers instruct nginx to ignore headers in question (i.e. don't set/limit cache validity time as stored in cache metadata based on these headers). The proxy_cache_valid directives set cache validity times. None of these directives hide or modify headers in question. To hide headers, you have to use the proxy_hide_header directive (as already suggested in previous message), see here for details: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_hide_header To explicitly set Cache-Control/Expires headers, use the "expires" directive, see here for details: http://wiki.nginx.org/HttpHeadersModule#expires (no official docs in English yet) > I'm not sure now those times from my previous response, but whatever i > do (delete cached files from disk, restart nginx, wait 10 minutes to > expire files cached on disk), nginx is always returning in response > cache-control and expire in 600 sec - taking this value from upstream > server, not from the config file. Also, file is stored on disk for 600s, > after this time i can see in logs that nginx is downloading again file > from upstream server. Nginx should cache files for 600h in current > config, but i've also tried before other values, like 6h or 6d etc. Do you request the file in question with interval larger than 600 seconds, without any intermediate requests? It is expected to be removed from cache as inactive one in such test, see desciption of the "inactive" parameter of the "proxy_cache_path" directive here: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path Try requesting a file once per minute to keep it active. Maxim Dounin From nginx-forum at nginx.us Thu Jan 5 03:45:30 2012 From: nginx-forum at nginx.us (DeneB) Date: Wed, 04 Jan 2012 22:45:30 -0500 Subject: NGinX Form Input Problem In-Reply-To: <7b47560704a625f5d162e375a3a6171a.NginxMailingListEnglish@forum.nginx.org> References: <7b47560704a625f5d162e375a3a6171a.NginxMailingListEnglish@forum.nginx.org> Message-ID: So the only thing that I have found is this HttpFormInputModule.......looks like I will have to uninstall the rpm version and then download the source code and recompile/reconfigure nginx. The last time I did this I had added the http_flv_module but during that recompiling I could not get the http_xslt_module to compile at all and did it without_http_xslt_module. I really didn't want to do this but as far as the mechanics goes for my site I am almost there......just need to be able to accept data from forms. Does this sound like I am on the right path??? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220816,220820#msg-220820 From unai at leanservers.com Thu Jan 5 03:49:44 2012 From: unai at leanservers.com (Unai Rodriguez) Date: Thu, 5 Jan 2012 11:49:44 +0800 Subject: NGinX Form Input Problem In-Reply-To: <7b47560704a625f5d162e375a3a6171a.NginxMailingListEnglish@forum.nginx.org> References: <7b47560704a625f5d162e375a3a6171a.NginxMailingListEnglish@forum.nginx.org> Message-ID: Do you get the error "502 bad gateway" with any PHP page? It seems PHP might not be working at all. I would recommend creating a very simple PHP page and testing if it works with the following content for example: Let us know if this works. -- Unai Rodriguez CTO & Cofounder LeanWired LLP Singapore 168977 www.leanservers.com unai at leanservers.com On Thursday, January 5, 2012 at 7:51 AM, DeneB wrote: > I have just recently set-up a new LEMP in Ubuntu 11.10 (64-bit) and > running NGinX ver 1.0.5. the server is running fine but I cannot seem to > get any forms to work. On my old server (windows) the forms worked fine, > but now I get the following error "502 Bad Gateway". > > NGinX was installed with apt-get install, it is not a version that I > compiled myself. Also I am running PHP5-Fastcgi. > > I have tried setting the forms to work in two different ways, one to > write to a text file and also to write to MySQL database.....but with no > luck. > > Any ideas on how to get the forms working again?? > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220816,220816#msg-220816 > > _______________________________________________ > nginx mailing list > nginx at nginx.org (mailto:nginx at nginx.org) > http://mailman.nginx.org/mailman/listinfo/nginx > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Thu Jan 5 04:43:06 2012 From: nginx-forum at nginx.us (DeneB) Date: Wed, 04 Jan 2012 23:43:06 -0500 Subject: NGinX Form Input Problem In-Reply-To: References: Message-ID: Yes I get the error, "502 Bad Gateway", when I request a PHP page. I checked on my terminal and php5-fpm is running. I also use a php script in the nginx config to run webstats which is also running. What information should I post to help solve this problem????? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220816,220822#msg-220822 From nginx-forum at nginx.us Thu Jan 5 05:44:49 2012 From: nginx-forum at nginx.us (DeneB) Date: Thu, 05 Jan 2012 00:44:49 -0500 Subject: NGinX Form Input Problem In-Reply-To: References: Message-ID: okay.....I retraced my installation of PHP and it looks like I had never started a PHP FastCGI daemon (if that makes any sense) now I am able to see the php info page. I can also see under modules that MySQL is running. I am going to test my forms again right now. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220816,220824#msg-220824 From nginx-forum at nginx.us Thu Jan 5 06:14:11 2012 From: nginx-forum at nginx.us (DeneB) Date: Thu, 05 Jan 2012 01:14:11 -0500 Subject: NGinX Form Input Problem In-Reply-To: References: Message-ID: <68ce260980203090c1d9ff3f3990c05b.NginxMailingListEnglish@forum.nginx.org> Unai thank-you so much for your help and pointing me in the right direction. I just did a test and now the forms are working. I can write to a text file and when I changed it to see if I could write to a database I did not get the 502 BAD Gateway Error. (Instead I got a message saying it couldn't connect to the database.....but I think this is my error.....going to set up a new dBase and test again.) I must say you folks that hang out here are absolutley brilliant! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220816,220825#msg-220825 From reallfqq-nginx at yahoo.fr Thu Jan 5 06:33:06 2012 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Thu, 5 Jan 2012 01:33:06 -0500 Subject: Error log file Message-ID: Hello, Using Nginx 1.0.11, I changed the error log file in my configuration to /var/log/nginx.error.log. The new log file gets filled as it is supposed to be, but the old file /nginx-repo/logs/error.log keeps getting recreated. I would add that I checked the configuration so there is no conflicting entry. Btw, why does nginx doesn't use the 'standard' repos /var/log for the logs and /var/run for the PID file by default? It adds to the entropy... --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Thu Jan 5 09:14:57 2012 From: nginx-forum at nginx.us (DeneB) Date: Thu, 05 Jan 2012 04:14:57 -0500 Subject: NGinX Form Input Problem In-Reply-To: <68ce260980203090c1d9ff3f3990c05b.NginxMailingListEnglish@forum.nginx.org> References: <68ce260980203090c1d9ff3f3990c05b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <5845d95e3dbed8e47ad2d2de2e3fca4b.NginxMailingListEnglish@forum.nginx.org> Forms are writing to the database! Thanks Unai, and have a great day! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220816,220828#msg-220828 From unai at leanservers.com Thu Jan 5 09:25:06 2012 From: unai at leanservers.com (Unai Rodriguez) Date: Thu, 5 Jan 2012 17:25:06 +0800 Subject: NGinX Form Input Problem In-Reply-To: <5845d95e3dbed8e47ad2d2de2e3fca4b.NginxMailingListEnglish@forum.nginx.org> References: <68ce260980203090c1d9ff3f3990c05b.NginxMailingListEnglish@forum.nginx.org> <5845d95e3dbed8e47ad2d2de2e3fca4b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <6133B03B-0D80-4097-A473-47BBFCD3ACA7@leanservers.com> Sure, you are very welcome, take care Unai Rodriguez CTO & Cofounder LeanWired LLP Singapore 168977 www.leanservers.com unai at leanservers.com On 5 Jan, 2012, at 17:14, "DeneB" wrote: > Forms are writing to the database! Thanks Unai, and have a great day! > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220816,220828#msg-220828 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From tomasz.roda at gmail.com Thu Jan 5 09:48:39 2012 From: tomasz.roda at gmail.com (Tomasz Roda) Date: Thu, 5 Jan 2012 10:48:39 +0100 Subject: Problem with instant streaming request body to backend Message-ID: Hey, I am developer in new startup and Nginx is important part of whole system. Generally it is great load balancer, has many interesting modules and configuration possibilities but I have one serious problem which I cannot solve. Problem is that Nginx for each request collects the whole body of request and only after that sends request next to backend. I know that I can theoretically use upload module to omit that issue but we have got own part of code to handle uploads in way that we need (which must not be supported by module in load balancer). That issue is big problem for us because in current load balancer implementation data from client is unnecessarily "cached" on load balancer (load balancer's hard drive in fact) and then send to backend instead of instant streaming from client by load balancer to backend. Main problem is lower performance (requirement of fast storage on load balancer servers) and additional requests latency, it is really noticeable especially for big files. My question is: is any chance for adding feature of instant data streaming of request body to backend? If chance is real can we expect feature implementation soon? I think that it is useful functionallity and can be used by many Nginx users. Tomek From nginx-forum at nginx.us Thu Jan 5 10:01:17 2012 From: nginx-forum at nginx.us (atrus) Date: Thu, 05 Jan 2012 05:01:17 -0500 Subject: How to see nginx rps (requests per second) Message-ID: <18e0180c916acba5477b1b9f31f5a89a.NginxMailingListEnglish@forum.nginx.org> Hi Guys, I have enable stub module and location /status/ in nginx.conf All I see just : Active connections: 1 server accepts handled requests 478077 478077 478271 Reading: 0 Writing: 1 Waiting: 0 How can I know which values is the rps of the nginx server ? Thanks guys. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220831,220831#msg-220831 From smallfish.xy at gmail.com Thu Jan 5 10:02:55 2012 From: smallfish.xy at gmail.com (smallfish) Date: Thu, 5 Jan 2012 18:02:55 +0800 Subject: How to see nginx rps (requests per second) In-Reply-To: <18e0180c916acba5477b1b9f31f5a89a.NginxMailingListEnglish@forum.nginx.org> References: <18e0180c916acba5477b1b9f31f5a89a.NginxMailingListEnglish@forum.nginx.org> Message-ID: use ApacheBench(ab), http_load, siege or other performance tools -- blog: http://chenxiaoyu.org 2012/1/5 atrus > Hi Guys, > > I have enable stub module and location /status/ in nginx.conf > > All I see just : > > Active connections: 1 > server accepts handled requests > 478077 478077 478271 > Reading: 0 Writing: 1 Waiting: 0 > > How can I know which values is the rps of the nginx server ? > > Thanks guys. > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,220831,220831#msg-220831 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Thu Jan 5 10:17:24 2012 From: nginx-forum at nginx.us (layneuks) Date: Thu, 05 Jan 2012 05:17:24 -0500 Subject: rewrite N|next flag in apache Message-ID: Hi everyone, I'm writing here because i have rewrite problems on Nginx. First of all i will explain to you what result i'm expecting. For example i have this URL : http://www.mydomain.com/api/redirect/var1/value1/var2/value2/varX/valueX/?varX=valueX&... after rewrite i would like to get : http://www.mydomain.com/?var1=value1&var2=value2&varX=valueX&varX=valueX... So i get it works on apache with : RewriteRule ^(api/redirect/[^\/]+/[^\/]+/[^\/]+)/([^\/]+)/([^\/]+)([^\?]*) $1$4/?&$2=$3 [QSA,N] RewriteRule ^api/redirect/[^\/]+/[^\/]+/([^\/]+) index.php?service=Redirect&hash=$1 [QSA,L] And now i would like to have the same on nginx, but i think nginx doesn't handle something like apache's N flag. Then it's my nginx rewrite rules, it work once because it doesn't re-execute rewrite while it's possible. rewrite ^/(api/redirect/[^\/]+/[^\/]+/[^\/]+)/([^\/]+)/([^\/]+)([^\?]*) /$1$4/?&$2=$3; rewrite ^/api/redirect/[^\/]+/[^\/]+/([^\/]+) /public/index.php?service=Redirect&func=Redirect&hash=$1 last; Do someone have a solution for this please ? I will apreciate a lot. thanks you. Best regards, Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220833,220833#msg-220833 From nginx-forum at nginx.us Thu Jan 5 10:41:13 2012 From: nginx-forum at nginx.us (Yogui) Date: Thu, 05 Jan 2012 05:41:13 -0500 Subject: How to see nginx rps (requests per second) In-Reply-To: <18e0180c916acba5477b1b9f31f5a89a.NginxMailingListEnglish@forum.nginx.org> References: <18e0180c916acba5477b1b9f31f5a89a.NginxMailingListEnglish@forum.nginx.org> Message-ID: <069d41a48775bb48b64c0d019ed25575.NginxMailingListEnglish@forum.nginx.org> Hi, I beleive the stub module gives the number of requests since nginx was last reloaded (or started). To get the number of rps, you have to query the stub module each second and substract the old value from the current value. Regards, Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220831,220834#msg-220834 From andrew at nginx.com Thu Jan 5 11:53:29 2012 From: andrew at nginx.com (Andrew Alexeev) Date: Thu, 5 Jan 2012 15:53:29 +0400 Subject: Problem with instant streaming request body to backend In-Reply-To: References: Message-ID: Tomek, On Jan 5, 2012, at 1:48 PM, Tomasz Roda wrote: > Hey, > > I am developer in new startup and Nginx is important part of whole > system. Generally it is great load balancer, has many interesting > modules and configuration possibilities but I have one serious problem > which I cannot solve. > > Problem is that Nginx for each request collects the whole body of > request and only after that sends request next to backend. I know that > I can theoretically use upload module to omit that issue but we have > got own part of code to handle uploads in way that we need (which must > not be supported by module in load balancer). That issue is big > problem for us because in current load balancer implementation data > from client is unnecessarily "cached" on load balancer (load > balancer's hard drive in fact) and then send to backend instead of > instant streaming from client by load balancer to backend. Main > problem is lower performance (requirement of fast storage on load > balancer servers) and additional requests latency, it is really > noticeable especially for big files. > > My question is: is any chance for adding feature of instant data > streaming of request body to backend? If chance is real can we expect > feature implementation soon? I think that it is useful functionallity > and can be used by many Nginx users. By instant data streaming do you mean generic L4/TCP load balancing or still some form of a L7/HTTP load balancing with additional controls for headers and request/response, and with efficient handling of concurrent connections? What are the other roles of your nginx setup aside from load balancing to the backends? > Tomek > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From tomasz.roda at gmail.com Thu Jan 5 12:27:53 2012 From: tomasz.roda at gmail.com (Tomasz Roda) Date: Thu, 5 Jan 2012 13:27:53 +0100 Subject: Problem with instant streaming request body to backend In-Reply-To: References:

Message-ID: 2012/1/5 Andrew Alexeev : > Tomek, > > On Jan 5, 2012, at 1:48 PM, Tomasz Roda wrote: > >> Hey, >> >> I am developer in new startup and Nginx is important part of whole >> system. Generally it is great load balancer, has many interesting >> modules and configuration possibilities but I have one serious problem >> which I cannot solve. >> >> Problem is that Nginx for each request collects the whole body of >> request and only after that sends request next to backend. I know that >> I can theoretically use upload module to omit that issue but we have >> got own part of code to handle uploads in way that we need (which must >> not be supported by module in load balancer). That issue is big >> problem for us because in current load balancer implementation data >> from client is unnecessarily "cached" on load balancer (load >> balancer's hard drive in fact) and then send to backend instead of >> instant streaming from client by load balancer to backend. Main >> problem is lower performance (requirement of fast storage on load >> balancer servers) and additional requests latency, it is really >> noticeable especially for big files. >> >> My question is: is any chance for adding feature of instant data >> streaming of request body to backend? If chance is real can we expect >> feature implementation soon? I think that it is useful functionallity >> and can be used by many Nginx users. > > By instant data streaming do you mean generic L4/TCP load balancing or still some form of a L7/HTTP load balancing with additional controls for headers and request/response, and with efficient handling of concurrent connections? > > What are the other roles of your nginx setup aside from load balancing to the backends? > I mean a L7/HTTP load balancing. We need additional handling of requests by Nginx for HTTPS (backend applications operate on HTTP requests), access logging, passing requests to proper backend applications basing on URL, x-accel-redirect, etc. From andrew at nginx.com Thu Jan 5 12:44:41 2012 From: andrew at nginx.com (Andrew Alexeev) Date: Thu, 5 Jan 2012 16:44:41 +0400 Subject: Problem with instant streaming request body to backend In-Reply-To: References:

Message-ID: Tomek, On Jan 5, 2012, at 4:27 PM, Tomasz Roda wrote: > 2012/1/5 Andrew Alexeev : >> Tomek, >> >> On Jan 5, 2012, at 1:48 PM, Tomasz Roda wrote: >> >>> Hey, >>> >>> I am developer in new startup and Nginx is important part of whole >>> system. Generally it is great load balancer, has many interesting >>> modules and configuration possibilities but I have one serious problem >>> which I cannot solve. >>> >>> Problem is that Nginx for each request collects the whole body of >>> request and only after that sends request next to backend. I know that >>> I can theoretically use upload module to omit that issue but we have >>> got own part of code to handle uploads in way that we need (which must >>> not be supported by module in load balancer). That issue is big >>> problem for us because in current load balancer implementation data >>> from client is unnecessarily "cached" on load balancer (load >>> balancer's hard drive in fact) and then send to backend instead of >>> instant streaming from client by load balancer to backend. Main >>> problem is lower performance (requirement of fast storage on load >>> balancer servers) and additional requests latency, it is really >>> noticeable especially for big files. >>> >>> My question is: is any chance for adding feature of instant data >>> streaming of request body to backend? If chance is real can we expect >>> feature implementation soon? I think that it is useful functionallity >>> and can be used by many Nginx users. >> >> By instant data streaming do you mean generic L4/TCP load balancing or still some form of a L7/HTTP load balancing with additional controls for headers and request/response, and with efficient handling of concurrent connections? >> >> What are the other roles of your nginx setup aside from load balancing to the backends? >> > > I mean a L7/HTTP load balancing. We need additional handling of > requests by Nginx for HTTPS (backend applications operate on HTTP > requests), access logging, passing requests to proper backend > applications basing on URL, x-accel-redirect, etc. There's some work planned towards this direction (allowing to avoid buffering from the client), mostly to facilitate websockets stuff. But probably will turn out to be a generic "unbuffered L4/L7" load balancing. There's no ETA, though and it's probably a three months timeframe. From mdounin at mdounin.ru Thu Jan 5 13:04:38 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 5 Jan 2012 17:04:38 +0400 Subject: Optimize nginx for uploading/download huge files.. In-Reply-To: <9c6788ce9aa062102b81fa4ddba7d9d3.NginxMailingListEnglish@forum.nginx.org> References: <9c6788ce9aa062102b81fa4ddba7d9d3.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20120105130438.GN67687@mdounin.ru> Hello! On Wed, Jan 04, 2012 at 07:38:08PM -0500, ronjpark wrote: > stefancaunter Wrote: > ------------------------------------------------------- > > On Tue, Jan 3, 2012 at 5:35 PM, ronjpark > > wrote: > > > > The bottleneck is neither CPU nor memory. VM disk > > performance will be > > bad. Any throughput you get on the virtual disk > > will degrade as each > > concurrent upload client triggers reads and > > writes. This is one case > > where you need a SAN, ZFS filesystem, or an SSD > > drive; configure with > > large block size if files are >1GB. Even server > > class hard drives will > > thrash and slow down everything with enough > > clients contending for the > > disk. Remember, in relative time, if a cpu > > operation takes a second, > > an operation on the disk takes one month, under > > ideal conditions, and > > you are giving nginx less than ideal conditions. > > > > Stefan Caunter > > http://scaleengine.com/contact > > > > Thank you Stefan. > I also doubted what you said and tested with 1MB file. > > client_body_buffer_size is set to 2M and proxy_buffer_size = 2M also. > But it doesn't work. > > As my understainding, nginx doesn't make disk I/O for this file > transaction because of enough big buffer size. Right? > Please fix me if I'm wrong. Yes. To limit disk I/O for big requests/responses there are following options available: 1. Using larger buffers, notably client_body_buffer_size, proxy_buffer_size, proxy_buffers. This is basically what you've already done. 2. For responses you may also completely disable disk buffering using "proxy_max_temp_file_size 0". This implies that nginx won't be able to read full response from a backend though, and connection to a backend will be busy for a time needed to client to download a response. Directive description may be found here: http://wiki.nginx.org/HttpProxyModule#proxy_max_temp_file_size Maxim Dounin From jason at monsterjam.org Thu Jan 5 13:25:43 2012 From: jason at monsterjam.org (jason at monsterjam.org) Date: Thu, 5 Jan 2012 08:25:43 -0500 Subject: need help getting perl cgis to work. Message-ID: <20120105132543.GA17409@monsterjam.org> hey folks, ive been running apache for years but now trying to use nginx. I have nginx and php(with fastcgi) working fine, but whenever I try to bring up my web page that has a perl cgi on it, it just downloads the script instead of executing it.. I cant figure out how to make it work right.. basically heres the config that I have for it in my apache conf ScriptAliasMatch ^/blog/?(.*) /var/www/localhost/htdocs/blog/blog.pl/$1 and Options +Includes Options ExecCGI when do I need to do to get nginx to properly execute the perl cgi? thanks/regards, Jason From francis at daoine.org Thu Jan 5 13:43:12 2012 From: francis at daoine.org (Francis Daly) Date: Thu, 5 Jan 2012 13:43:12 +0000 Subject: need help getting perl cgis to work. In-Reply-To: <20120105132543.GA17409@monsterjam.org> References: <20120105132543.GA17409@monsterjam.org> Message-ID: <20120105134312.GW27443@craic.sysops.org> On Thu, Jan 05, 2012 at 08:25:43AM -0500, jason at monsterjam.org wrote: Hi there, > hey folks, ive been running apache for years but now trying to use nginx. I have nginx and php(with fastcgi) > working fine, but whenever I try to bring up my web page that has a perl cgi on it, it just downloads the script > when do I need to do to get nginx to properly execute the perl cgi? nginx doesn't do cgi. You'll need to run some separate server that nginx can talk to as a client, that is able to do whatever processing you want. If you have a http server that handles the cgi for you, you can "proxy_pass" to that. If you have a fastcgi server that is set up to do the right thing with your cgi script, you can "fastcgi_pass" to that. There are also other options. On the nginx side, you configure it in a similar way to your php-via-fastcgi configuration. f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Thu Jan 5 14:12:26 2012 From: nginx-forum at nginx.us (atrus) Date: Thu, 05 Jan 2012 09:12:26 -0500 Subject: How to see nginx rps (requests per second) In-Reply-To: <069d41a48775bb48b64c0d019ed25575.NginxMailingListEnglish@forum.nginx.org> References: <18e0180c916acba5477b1b9f31f5a89a.NginxMailingListEnglish@forum.nginx.org> <069d41a48775bb48b64c0d019ed25575.NginxMailingListEnglish@forum.nginx.org> Message-ID: <84406ea2a7cd2f84d7adc2e5be3856c1.NginxMailingListEnglish@forum.nginx.org> Thanks Yogui. Is there any other ways to do this automatically instead of manually subtract ?! I want to see in live. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220831,220843#msg-220843 From al-nginx at none.at Thu Jan 5 14:34:50 2012 From: al-nginx at none.at (Aleksandar Lazic) Date: Thu, 05 Jan 2012 15:34:50 +0100 Subject: need help getting perl cgis to work. In-Reply-To: <20120105132543.GA17409@monsterjam.org> References: <20120105132543.GA17409@monsterjam.org> Message-ID: <83cdba0aef3dfc8b85f8970716eaa2f2@none.at> Hi, I use the http://localdomain.pl/wiki/FcgiWrap for mailgraph.cgi behind nginx. BR Aleks On 05-01-2012 14:25, jason at monsterjam.org wrote: > hey folks, ive been running apache for years but now trying to use > nginx. I have nginx and php(with fastcgi) > working fine, but whenever I try to bring up my web page that has a > perl cgi on it, it just downloads the script > instead of executing it.. I cant figure out how to make it work > right.. basically heres the config that I have > for it in my apache conf > > ScriptAliasMatch ^/blog/?(.*) > /var/www/localhost/htdocs/blog/blog.pl/$1 > > and > > > Options +Includes > > Options ExecCGI > > > when do I need to do to get nginx to properly execute the perl cgi? > > thanks/regards, > Jason > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Thu Jan 5 15:22:24 2012 From: nginx-forum at nginx.us (layneuks) Date: Thu, 05 Jan 2012 10:22:24 -0500 Subject: rewrite N|next flag in apache In-Reply-To: References: Message-ID: <61a1c23ef92d580621d89752f96728f1.NginxMailingListEnglish@forum.nginx.org> No one ? I need a solution... ;'( Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220833,220845#msg-220845 From rcole at ilstech.com Thu Jan 5 16:36:00 2012 From: rcole at ilstech.com (Ryan Cole) Date: Thu, 5 Jan 2012 10:36:00 -0600 Subject: Changing worker user account causes throttling of response size? Message-ID: <91ddb2b0c4c28603c7a31dd17d1a7ae3@mail.gmail.com> Hi all, I'm setting up Nginx on a RHEL machine. I am proxying to an ASP.NETapplication. The ASP.NET application has some nifty built-in document viewer tool, and so it often downloads relatively large files (in the realm of 1MB-5MB, or larger). Nginx, when using the default 'nginx' worker user account, has been working fine. I recently tried enabling auth_basic, and because of that tried changing the worker user account to my own personal user account, so that it can access the htpasswd file from my home directory. This was working fine as well, until we started getting phone calls about the document viewer from the ASP.NET application saying it did not receive the entire document download. I investigated, and it looks like Nginx is throttling that ASP.NET response -> Nginx proxy -> Web user, after I changed the worker process user account. To test this, I removed the auth_basic lines that I added, and left the user account as my personal account, still. It continued to throttle the response size. It seems to cut the response off at around 48k pretty consistently - I cannot tell if it's a time-out or a throttle, but it's generally around 48k of a response before being cut off. To further test, I switched back to the 'nginx' worker user account, but added back in the auth_basic lines and the responses return to normal with no throttling. So to my untrained eye, it looks like switching this user account is causing it to pick up some different configuration settings, or something, and chooses to throttle response sizes. I scanned through all of the available config files and did not see anything that stood out to me. I scanned the documentation also, but none of the timeout or throttling options looked relative to this. Does anyone have any ideas? Thanks in advance, Ryan -------------- next part -------------- An HTML attachment was scrubbed... URL: From ilan at time4learning.com Thu Jan 5 17:05:36 2012 From: ilan at time4learning.com (Ilan Berkner) Date: Thu, 5 Jan 2012 12:05:36 -0500 Subject: 404 not showing up in error logs (for PHP files) Message-ID: Hi All, When a user enters an invalid php file name they are correctly routed to our default 404.html: try_files $fastcgi_script_name =404; The problem is that the 404 error is not showing up in our error logs. Other 404 errors do show up in our system. Please advise. Thanks! -------------- next part -------------- An HTML attachment was scrubbed... URL: From cliff at develix.com Thu Jan 5 21:33:52 2012 From: cliff at develix.com (Cliff Wells) Date: Thu, 05 Jan 2012 13:33:52 -0800 Subject: need help getting perl cgis to work. In-Reply-To: <20120105132543.GA17409@monsterjam.org> References: <20120105132543.GA17409@monsterjam.org> Message-ID: <1325799232.25712.1.camel@portable-evil> As others have mentioned, Nginx doesn't support CGI. Please see http://wiki.nginx.org/Configuration#CGI for a couple different options. Cliff On Thu, 2012-01-05 at 08:25 -0500, jason at monsterjam.org wrote: > hey folks, ive been running apache for years but now trying to use nginx. I have nginx and php(with fastcgi) > working fine, but whenever I try to bring up my web page that has a perl cgi on it, it just downloads the script > instead of executing it.. I cant figure out how to make it work right.. basically heres the config that I have > for it in my apache conf > > ScriptAliasMatch ^/blog/?(.*) /var/www/localhost/htdocs/blog/blog.pl/$1 > > and > > > Options +Includes > > Options ExecCGI > > > when do I need to do to get nginx to properly execute the perl cgi? > > thanks/regards, > Jason > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From ft at falkotimme.com Thu Jan 5 21:55:22 2012 From: ft at falkotimme.com (Falko Timme) Date: Thu, 5 Jan 2012 22:55:22 +0100 Subject: need help getting perl cgis to work. References: <20120105132543.GA17409@monsterjam.org> Message-ID: You can find three different solutions here: http://www.howtoforge.com/serving-cgi-scripts-with-nginx-on-debian-squeeze-ubuntu-11.04 (I prefer Fcgiwrap.) ----- Original Message ----- From: To: Sent: Thursday, January 05, 2012 2:25 PM Subject: need help getting perl cgis to work. > hey folks, ive been running apache for years but now trying to use nginx. > I have nginx and php(with fastcgi) > working fine, but whenever I try to bring up my web page that has a perl > cgi on it, it just downloads the script > instead of executing it.. I cant figure out how to make it work right.. > basically heres the config that I have > for it in my apache conf > > ScriptAliasMatch ^/blog/?(.*) /var/www/localhost/htdocs/blog/blog.pl/$1 > > and > > > Options +Includes > > Options ExecCGI > > > when do I need to do to get nginx to properly execute the perl cgi? > > thanks/regards, > Jason > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From ft at falkotimme.com Thu Jan 5 22:03:17 2012 From: ft at falkotimme.com (Falko Timme) Date: Thu, 5 Jan 2012 23:03:17 +0100 Subject: 404 not showing up in error logs (for PHP files) References: Message-ID: <816AF7CE5E5A42259DBCEBB87C9673F5@notebook> Have you tried fastcgi_intercept_errors on; ? ----- Original Message ----- From: Ilan Berkner To: nginx at nginx.org Sent: Thursday, January 05, 2012 6:05 PM Subject: 404 not showing up in error logs (for PHP files) Hi All, When a user enters an invalid php file name they are correctly routed to our default 404.html: try_files $fastcgi_script_name =404; The problem is that the 404 error is not showing up in our error logs. Other 404 errors do show up in our system. Please advise. Thanks! _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx From francis at daoine.org Thu Jan 5 23:32:49 2012 From: francis at daoine.org (Francis Daly) Date: Thu, 5 Jan 2012 23:32:49 +0000 Subject: 404 not showing up in error logs (for PHP files) In-Reply-To: References: Message-ID: <20120105233249.GY27443@craic.sysops.org> On Thu, Jan 05, 2012 at 12:05:36PM -0500, Ilan Berkner wrote: Hi there, > When a user enters an invalid php file name they are correctly routed to > our default 404.html: > > try_files $fastcgi_script_name =404; > > The problem is that the 404 error is not showing up in our error logs. > > Other 404 errors do show up in our system. I don't see any 404s in error.log, and I do see all 404s in access.log. Is that different from what you see, or different from what you expect? (I do see in error.log where the nginx static file handler logs when it fails to open an expected file; but that's distinct from 404 logging.) f -- Francis Daly francis at daoine.org From ilan at time4learning.com Thu Jan 5 23:37:15 2012 From: ilan at time4learning.com (Ilan Berkner) Date: Thu, 5 Jan 2012 18:37:15 -0500 Subject: 404 not showing up in error logs (for PHP files) In-Reply-To: <20120105233249.GY27443@craic.sysops.org> References: <20120105233249.GY27443@craic.sysops.org> Message-ID: I haven't checked the access logs yet (we have them turned off for now). I'm just working through various errors, but I understand what you're saying. I'll turn the access logs on and see if I see it in there (I'm sure I will). Also thanks to Falko pointing me to the error intercept option, although it may not be necessary at this time. Ilan On Thu, Jan 5, 2012 at 6:32 PM, Francis Daly wrote: > On Thu, Jan 05, 2012 at 12:05:36PM -0500, Ilan Berkner wrote: > > Hi there, > > > When a user enters an invalid php file name they are correctly routed to > > our default 404.html: > > > > try_files $fastcgi_script_name =404; > > > > The problem is that the 404 error is not showing up in our error logs. > > > > Other 404 errors do show up in our system. > > I don't see any 404s in error.log, and I do see all 404s in access.log. > > Is that different from what you see, or different from what you expect? > > (I do see in error.log where the nginx static file handler logs when it > fails to open an expected file; but that's distinct from 404 logging.) > > f > -- > Francis Daly francis at daoine.org > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Ilan Berkner Chief Technology Officer Time4Learning.com 6300 NE 1st Ave., Suite 203 Ft. Lauderdale, FL 33334 (954) 771-0914 Time4Learning.com - Online interactive curriculum for home use, PreK-8th Grade. Time4Writing.com - Online writing tutorials for high, middle, and elementary school students. Time4Learning.net - A forum to chat with parents online about kids, education, parenting and more. spellingcity.com - Online vocabulary and spelling activities for teachers, parents and students. -------------- next part -------------- An HTML attachment was scrubbed... URL: From edho at myconan.net Fri Jan 6 02:41:21 2012 From: edho at myconan.net (Edho Arief) Date: Fri, 6 Jan 2012 09:41:21 +0700 Subject: need help getting perl cgis to work. In-Reply-To: References: <20120105132543.GA17409@monsterjam.org> Message-ID: On Fri, Jan 6, 2012 at 4:55 AM, Falko Timme wrote: > You can find three different solutions here: > > http://www.howtoforge.com/serving-cgi-scripts-with-nginx-on-debian-squeeze-ubuntu-11.04 > And another one here: http://projects.unbit.it/uwsgi/wiki/CGI -- O< ascii ribbon campaign - stop html mail - www.asciiribbon.org From nginx-forum at nginx.us Fri Jan 6 07:37:02 2012 From: nginx-forum at nginx.us (gigabyte) Date: Fri, 06 Jan 2012 02:37:02 -0500 Subject: =?UTF-8?Q?Re=3A_why_my_php_file_in_subdirectory_doesn=27t_work=EF=BC=9F?= In-Reply-To: <61b7f4ff35ccac81d4708939acb29750.NginxMailingListEnglish@forum.nginx.org> References: <61b7f4ff35ccac81d4708939acb29750.NginxMailingListEnglish@forum.nginx.org> Message-ID: I have the same problem with subdirectories. My config Is: set $sroot /usr/local/www/ location ~ \.php$ { include /usr/local/etc/nginx/fastcgi_params; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $sroot/$fastcgi_script_name ; fastcgi_param QUERY_STRING $query_string; fastcgi_pass 127.0.0.1:9000; fastcgi_intercept_errors on; break; } location / { root $sroot ; index index.php; } By the way I think it all happend when I've upgraded from nginx 0.9 to 1.0.11. I think that my original configs had been replaced with new ones. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,215921,220863#msg-220863 From anil at saog.net Fri Jan 6 08:52:37 2012 From: anil at saog.net (=?UTF-8?B?QW7EsWwgw4dldGlu?=) Date: Fri, 06 Jan 2012 10:52:37 +0200 Subject: fastcgi cache bypass empty body Message-ID: <4F06B655.7000707@saog.net> Hi All, currently we are using nginx with fastcgi_cache with php backend. For some conditions php returns an empty body (that we can not find the cause) but sends some headers and nginx thinks it is valid. So it stores the file which results to an empty response for upcoming requests. Cached response from backend is attached, is there a configuration option to prevent this? p.s. I changed the site name to in attachment. -------------- next part -------------- A non-text attachment was scrubbed... Name: df3c2d9b53cd7241702f43ecfcdc0596 Type: application/octet-stream Size: 136 bytes Desc: not available URL: From ian at ianhobson.co.uk Fri Jan 6 10:31:07 2012 From: ian at ianhobson.co.uk (Ian Hobson) Date: Fri, 06 Jan 2012 10:31:07 +0000 Subject: =?UTF-8?Q?Re=3A_why_my_php_file_in_subdirectory_doesn=27t_work=EF=BC=9F?= In-Reply-To: References: <61b7f4ff35ccac81d4708939acb29750.NginxMailingListEnglish@forum.nginx.org> Message-ID: <4F06CD6B.9060901@ianhobson.co.uk> On 06/01/2012 07:37, gigabyte wrote: > fastcgi_param SCRIPT_FILENAME $sroot/$fastcgi_script_name ; I suspect this should be fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; Regards Ian -- Ian Hobson 31 Sheerwater, Northampton NN3 5HU, Tel: 01604 513875 Preparing eBooks for Kindle and ePub to give the best reader experience. From edho at myconan.net Fri Jan 6 10:36:25 2012 From: edho at myconan.net (Edho Arief) Date: Fri, 6 Jan 2012 17:36:25 +0700 Subject: =?UTF-8?Q?Re=3A_why_my_php_file_in_subdirectory_doesn=27t_work=EF=BC=9F?= In-Reply-To: <61b7f4ff35ccac81d4708939acb29750.NginxMailingListEnglish@forum.nginx.org> References: <61b7f4ff35ccac81d4708939acb29750.NginxMailingListEnglish@forum.nginx.org> Message-ID: On Mon, Oct 17, 2011 at 11:19 PM, suttles wrote: > Update on my problem.... if the URL is typed this way > http://www.domain.com/subdirectory it will not pull up the site, but > when the URL is typed http://www.domain.com/subdirectory/ the site comes > up immediately. How to do force nginx to put the trailing slash onto the > subdomains? > either location = /subdirectory { rewrite ^ $uri/?$args permanent; } or try_files $uri $uri/ =404; or symlink in root instead of redefining root in location /subdirectory/ or location /subdirectory { ... } ##note that this one kind of not what you expect. /subdirectorysomething will match this location. -- O< ascii ribbon campaign - stop html mail - www.asciiribbon.org From appa at perusio.net Fri Jan 6 11:20:38 2012 From: appa at perusio.net (=?UTF-8?B?QW50w7NuaW8=?= P. P. Almeida) Date: Fri, 06 Jan 2012 11:20:38 +0000 Subject: fastcgi cache bypass empty body In-Reply-To: <4F06B655.7000707@saog.net> References: <4F06B655.7000707@saog.net> Message-ID: <878vll6prt.wl%appa@perusio.net> On 6 Jan 2012 08h52 WET, anil at saog.net wrote: > Hi All, currently we are using nginx with fastcgi_cache with php > backend. For some conditions php returns an empty body (that we can > not find the cause) but sends some headers and nginx thinks it is > valid. So it stores the file which results to an empty response for > upcoming requests. Perhaps using the embedded Lua module you can capture the response and, for example, set 'X-Accel-Expires: 0', header for that request or set a variable that is evaluated by fastcgi_cache_bypass. then define: fastcgi_cache_bypass $no_cache; Check: http://wiki.nginx.org/HttpLuaModule#rewrite_by_lua --- appa From nginx-forum at nginx.us Fri Jan 6 11:39:17 2012 From: nginx-forum at nginx.us (gigabyte) Date: Fri, 06 Jan 2012 06:39:17 -0500 Subject: =?UTF-8?Q?Re=3A_why_my_php_file_in_subdirectory_doesn=27t_work=EF=BC=9F?= In-Reply-To: <4F06CD6B.9060901@ianhobson.co.uk> References: <4F06CD6B.9060901@ianhobson.co.uk> Message-ID: I've already tried meny variations including this one. In fact I'm using it right now with some modifications: location / { root $sroot; index index.php index.html index.htm; if (-e $request_filename) { break; } rewrite ^/(.+)$ /index.php?q=$1 last; } if ($host !~* ^www\.) { rewrite ^(.*)$ http://www.$host$1 permanent; } location = /administrator { rewrite ^ $uri/?$args permanent; } location ~ \.php$ { root $sroot; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /usr/local/etc/nginx/fastcgi_params; } location ~ /\.ht { deny all; } But it keeps redirecting me to document_root instead of document_root/subdirectory Also I know that It worked before some one put his hands on my config files. hobson42 Wrote: ------------------------------------------------------- > On 06/01/2012 07:37, gigabyte wrote: > > fastcgi_param SCRIPT_FILENAME > $sroot/$fastcgi_script_name ; > I suspect this should be > > fastcgi_param SCRIPT_FILENAME > $document_root$fastcgi_script_name; > > > Regards > > Ian > > -- > Ian Hobson > 31 Sheerwater, Northampton NN3 5HU, > Tel: 01604 513875 > Preparing eBooks for Kindle and ePub to give the > best reader experience. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,215921,220872#msg-220872 From edho at myconan.net Fri Jan 6 11:40:50 2012 From: edho at myconan.net (Edho Arief) Date: Fri, 6 Jan 2012 18:40:50 +0700 Subject: =?UTF-8?Q?Re=3A_why_my_php_file_in_subdirectory_doesn=27t_work=EF=BC=9F?= In-Reply-To: References: <4F06CD6B.9060901@ianhobson.co.uk> Message-ID: On Fri, Jan 6, 2012 at 6:39 PM, gigabyte wrote: > I've already tried meny variations including this one. In fact I'm using > it right now with some modifications: > Post the full config. -- O< ascii ribbon campaign - stop html mail - www.asciiribbon.org From nginx-forum at nginx.us Fri Jan 6 12:26:08 2012 From: nginx-forum at nginx.us (gigabyte) Date: Fri, 06 Jan 2012 07:26:08 -0500 Subject: =?UTF-8?Q?Re=3A_why_my_php_file_in_subdirectory_doesn=27t_work=EF=BC=9F?= In-Reply-To: References: Message-ID: Here is my full config server { set $sroot /services/www/site; listen 192.168.170.1:80; server_name site.net www.site.net; access_log /var/log/nginx/site.net.access.log main; error_log /var/log/nginx/site.net.error.log info; location = /administrator { root $sroot/administrator; } location / { root $sroot; index index.php index.html index.htm; if (-e $request_filename) { break; } rewrite ^/(.+)$ /index.php?q=$1 last; } if ($host !~* ^www\.) { rewrite ^(.*)$ http://www.$host$1 permanent; } location ~ \.php$ { root $sroot; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /usr/local/etc/nginx/fastcgi_params; } location ~ /\.ht { deny all; } } Edho Arief Wrote: ------------------------------------------------------- > On Fri, Jan 6, 2012 at 6:39 PM, gigabyte > wrote: > > I've already tried meny variations including > this one. In fact I'm using > > it right now with some modifications: > > > > Post the full config. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,215921,220874#msg-220874 From karthikr2006 at gmail.com Fri Jan 6 12:36:39 2012 From: karthikr2006 at gmail.com (karthik raman) Date: Fri, 6 Jan 2012 12:36:39 +0000 (UTC) Subject: Invitation to connect on LinkedIn Message-ID: <544185644.5523079.1325853399983.JavaMail.app@ela4-bed77.prod> LinkedIn ------------ I'd like to add you to my professional network on LinkedIn. - karthik karthik raman -- India Confirm that you know karthik raman: https://www.linkedin.com/e/vmkjfu-gx36vqui-17/isd/5422193304/6kyZ0_i4/?hs=false&tok=2EUlKRgvWkbB41 -- You are receiving Invitation to Connect emails. Click to unsubscribe: http://www.linkedin.com/e/vmkjfu-gx36vqui-17/qjYwmHPVxmbiVvrSCcWdH6Fp6b/goo/nginx%40nginx%2Eorg/20061/I1886930048_1/?hs=false&tok=3B6PP4QLGkbB41 (c) 2011 LinkedIn Corporation. 2029 Stierlin Ct, Mountain View, CA 94043, USA. -------------- next part -------------- An HTML attachment was scrubbed... URL: From edho at myconan.net Fri Jan 6 12:48:13 2012 From: edho at myconan.net (Edho Arief) Date: Fri, 6 Jan 2012 19:48:13 +0700 Subject: =?UTF-8?Q?Re=3A_why_my_php_file_in_subdirectory_doesn=27t_work=EF=BC=9F?= In-Reply-To: References: Message-ID: On Fri, Jan 6, 2012 at 7:26 PM, gigabyte wrote: > Here is my full config > server { > Try this instead: http://pastie.org/3137133 -- O< ascii ribbon campaign - stop html mail - www.asciiribbon.org From pasik at iki.fi Fri Jan 6 12:55:05 2012 From: pasik at iki.fi (Pasi =?iso-8859-1?Q?K=E4rkk=E4inen?=) Date: Fri, 6 Jan 2012 14:55:05 +0200 Subject: Plans to integrate HeadersMore module? In-Reply-To: <20111004082855.GF12984@reaktio.net> References: <20111004082855.GF12984@reaktio.net> Message-ID: <20120106125505.GX12984@reaktio.net> On Tue, Oct 04, 2011 at 11:28:55AM +0300, Pasi K?rkk?inen wrote: > Hello, > > Any plans to integrate the HeadersMore module (http://wiki.nginx.org/HttpHeadersMoreModule) > to standard nginx? > > It's a very handy tool.. especially when you need to modify headers for responses like 401. > Just trying to minimize the amount of custom-rpm-building for me ;) > Any comments? -- Pasi From nginx-forum at nginx.us Fri Jan 6 13:46:21 2012 From: nginx-forum at nginx.us (gigabyte) Date: Fri, 06 Jan 2012 08:46:21 -0500 Subject: =?UTF-8?Q?Re=3A_why_my_php_file_in_subdirectory_doesn=27t_work=EF=BC=9F?= In-Reply-To: References: Message-ID: <505cd9fcebc4dec1d5d22943f8c2d7ea.NginxMailingListEnglish@forum.nginx.org> No, this did not work either. nginx keeps looking for for relative files in a directory, but has to do it in /administrator directory Maybe some other suggestions ? Edho Arief Wrote: ------------------------------------------------------- > On Fri, Jan 6, 2012 at 7:26 PM, gigabyte > wrote: > > Here is my full config > > server { > > > > Try this instead: > > http://pastie.org/3137133 > > > -- > O< ascii ribbon campaign - stop html mail - > www.asciiribbon.org > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,215921,220882#msg-220882 From edho at myconan.net Fri Jan 6 13:48:25 2012 From: edho at myconan.net (Edho Arief) Date: Fri, 6 Jan 2012 20:48:25 +0700 Subject: =?UTF-8?Q?Re=3A_why_my_php_file_in_subdirectory_doesn=27t_work=EF=BC=9F?= In-Reply-To: <505cd9fcebc4dec1d5d22943f8c2d7ea.NginxMailingListEnglish@forum.nginx.org> References: <505cd9fcebc4dec1d5d22943f8c2d7ea.NginxMailingListEnglish@forum.nginx.org> Message-ID: On Fri, Jan 6, 2012 at 8:46 PM, gigabyte wrote: > No, this did not work either. > nginx keeps looking for for relative files in a directory, but > has to do it in /administrator directory > Maybe some other suggestions ? What do you mean? Are the files located in /services/www/site/administrator/administrator/? -- O< ascii ribbon campaign - stop html mail - www.asciiribbon.org From brian at akins.org Fri Jan 6 13:53:35 2012 From: brian at akins.org (Brian Akins) Date: Fri, 6 Jan 2012 08:53:35 -0500 Subject: Plans to integrate HeadersMore module? In-Reply-To: <20120106125505.GX12984@reaktio.net> References: <20111004082855.GF12984@reaktio.net> <20120106125505.GX12984@reaktio.net> Message-ID: <6446A66E-EB06-4802-AD18-70BB7A90C884@akins.org> On Jan 6, 2012, at 7:55 AM, Pasi K?rkk?inen wrote: >> >> Just trying to minimize the amount of custom-rpm-building for me ;) >> > > Any comments? We build our own packages using openresty as a base. Even if openresty, for example, was all in core, we'd still build our own packages. I'm sure others would as well. For us, it's a simple shell script that does the builds for us, so not a ton of work anyway. Digression: That's one reason I'm not worried about nginx's lack of "dynamic" modules - we'd have to build the modules anyway which would be about as much work as rebuilding nginx, so not really a huge win for us. We do a good bit of our nginx work in Lua nowadays (thanks agentzh and chaoslawful!) --Brian From nginx-forum at nginx.us Fri Jan 6 14:01:56 2012 From: nginx-forum at nginx.us (gigabyte) Date: Fri, 06 Jan 2012 09:01:56 -0500 Subject: =?UTF-8?Q?Re=3A_why_my_php_file_in_subdirectory_doesn=27t_work=EF=BC=9F?= In-Reply-To: References: Message-ID: <28ff7a7da4b72684f09f6df398e076ae.NginxMailingListEnglish@forum.nginx.org> the Root directory is /services/www/site/ When I login into the index.php which is located in /services/www/site/administrator nginx redirects me to index.php which is located in the root directory - /services/www/site When I manually enter site.net/administrator/index.php it opens the right file but all relative links on it (css,js, ,...etc) are being loaded from root directory (/services/www/site) and thay should be loaded from subdirectory (/services/www/site/administrator) and that is why I'm getting many 404 responses from server. Edho Arief Wrote: ------------------------------------------------------- > On Fri, Jan 6, 2012 at 8:46 PM, gigabyte > wrote: > > No, this did not work either. > > nginx keeps looking for for relative files in a > directory, but > > has to do it in /administrator directory > > Maybe some other suggestions ? > > What do you mean? Are the files located in > /services/www/site/administrator/administrator/? > > > -- > O< ascii ribbon campaign - stop html mail - > www.asciiribbon.org > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,215921,220885#msg-220885 From brian at akins.org Fri Jan 6 14:03:58 2012 From: brian at akins.org (Brian Akins) Date: Fri, 6 Jan 2012 09:03:58 -0500 Subject: How to see nginx rps (requests per second) In-Reply-To: <84406ea2a7cd2f84d7adc2e5be3856c1.NginxMailingListEnglish@forum.nginx.org> References: <18e0180c916acba5477b1b9f31f5a89a.NginxMailingListEnglish@forum.nginx.org> <069d41a48775bb48b64c0d019ed25575.NginxMailingListEnglish@forum.nginx.org> <84406ea2a7cd2f84d7adc2e5be3856c1.NginxMailingListEnglish@forum.nginx.org> Message-ID: On Jan 5, 2012, at 9:12 AM, atrus wrote: > > Is there any other ways to do this automatically instead of manually > subtract ?! I want to see in live. we have some command line ruby/perl scripts that do this, pretty simple. If you wanted to do this "in" nginx, I guess the easiest way would be using Lua that did a location_capture of stub_status and cached the value ( using http://wiki.nginx.org/HttpLuaModule#ngx.shared.DICT maybe). Or, have a script that polls nginx stub status every x seconds and writes it out to a static file that nginx can serve. I'd rather nginx just provide the raw data and I can slice and dice it for my own needs. --Brian From edho at myconan.net Fri Jan 6 14:07:21 2012 From: edho at myconan.net (Edho Arief) Date: Fri, 6 Jan 2012 21:07:21 +0700 Subject: =?UTF-8?Q?Re=3A_why_my_php_file_in_subdirectory_doesn=27t_work=EF=BC=9F?= In-Reply-To: <28ff7a7da4b72684f09f6df398e076ae.NginxMailingListEnglish@forum.nginx.org> References: <28ff7a7da4b72684f09f6df398e076ae.NginxMailingListEnglish@forum.nginx.org> Message-ID: On Fri, Jan 6, 2012 at 9:01 PM, gigabyte wrote: > the Root directory is /services/www/site/ > > When I login into the index.php which is located in > /services/www/site/administrator > nginx redirects me to index.php which is located in the root directory - > ?/services/www/site > > When I manually enter site.net/administrator/index.php it opens the > right file but all relative links on it (css,js, ,...etc) are being > loaded from root directory (/services/www/site) and thay should be > loaded from subdirectory (/services/www/site/administrator) and that is > why I'm getting many 404 responses from server. > > Looks like application configuration problem. -- O< ascii ribbon campaign - stop html mail - www.asciiribbon.org From nginx-forum at nginx.us Fri Jan 6 14:23:52 2012 From: nginx-forum at nginx.us (gigabyte) Date: Fri, 06 Jan 2012 09:23:52 -0500 Subject: =?UTF-8?Q?Re=3A_why_my_php_file_in_subdirectory_doesn=27t_work=EF=BC=9F?= In-Reply-To: References: Message-ID: May be but this all started when I've updated nginx from 1.0.4 to 1.0.9 This update erased all my previous config files and I've started from beginning and stuck on this problem Edho Arief Wrote: ------------------------------------------------------- > On Fri, Jan 6, 2012 at 9:01 PM, gigabyte > wrote: > > the Root directory is /services/www/site/ > > > > When I login into the index.php which is located > in > > /services/www/site/administrator > > nginx redirects me to index.php which is located > in the root directory - > > ?/services/www/site > > > > When I manually enter > site.net/administrator/index.php it opens the > > right file but all relative links on it (css,js, > ,...etc) are being > > loaded from root directory (/services/www/site) > and thay should be > > loaded from subdirectory > (/services/www/site/administrator) and that is > > why I'm getting many 404 responses from server. > > > > > > Looks like application configuration problem. > > -- > O< ascii ribbon campaign - stop html mail - > www.asciiribbon.org > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,215921,220888#msg-220888 From cabbar at gmail.com Fri Jan 6 15:26:59 2012 From: cabbar at gmail.com (Cabbar Duzayak) Date: Fri, 6 Jan 2012 17:26:59 +0200 Subject: Empty /error log lines (a lot of them) In-Reply-To: References: <4F03B1AD.4090207@team.mail.de>

Message-ID: This worked great! Thanks a lot for your help. On Wed, Jan 4, 2012 at 8:27 PM, Mit Rowe wrote: > > > On Wed, Jan 4, 2012 at 2:03 AM, Cabbar Duzayak wrote: >> >> Hi, >> > > [..snip..] > >> >> Can we at least tell Nginx not to log these? Something like, if there >> is no http method / url, skip the log? >> > > > It's very likely that there's no Host header sent, so it's being directed to > the server set as "default". > > In my setup i define a server{} section for every real host, and then add a > separate "catch all" one for everything else and turn off the logs when not > debugging. > If you are able to do something similar, it should capture those spurious > connections, direct them to the default host, and not log the lines > > #catch all > ? ? server { > ? ? ? ? listen 80 default_server; > ? ? ? ? server_name localhost.domain.com localhost 127.0.0.1 xx.xx.xx.xx; > #where xx.xx.xx.xx is the local IP > ? ? ? ? access_log off; > ? ? ? ? location / { > ? ? ? ? ? ? #local > ? ? ? ? ? ? allow 127.0.0.1; > ? ? ? ? ? ? #office router > ? ? ? ? ? ? allow xx.xx.xx.xx; > ? ? ? ? ? ? #protect > ? ? ? ? ? ? deny all; > ? ? ? ? } > ? ? } > > #real server(s) > ? ?server { > ? ? ? access_log /var/log/nginx/access.log; > ? ? ? listen 80; > ? ? ? server_name .domain.com; #matches www.domain.com and domain.com > ? ? ?location / { > ? ? ? ? #[..snip..] > ? ? ?} > ? ?} > > > > > -- > Will 'Mit' Rowe > Stagename > 1-866-326-3098 > mit at stagename.com > www.stagename.com > Twitter: @stagename > > The information transmitted is intended only for the person or entity to > which it is addressed and may contain confidential and/or privileged > material. Any review, retransmission, dissemination or other use of this > information by persons or entities other than the intended recipient is > prohibited. If you received this transmission in error, please contact the > sender and delete all material contained herein from your computer. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Fri Jan 6 20:36:57 2012 From: nginx-forum at nginx.us (kriswpl) Date: Fri, 06 Jan 2012 15:36:57 -0500 Subject: How to force SNI only connections, or have a fallback non-SNI server? In-Reply-To: <20100714200525.GA80274@rambler-co.ru> References: <20100714200525.GA80274@rambler-co.ru> Message-ID: I have the same problem to solve right now. And I see the good idea to sort the type of SNI and non-SNI supported browsers. But I made up that the user can connect to the server thru HTTP (no SSL), and server determine what kind of browser it is (SNI or non) and depending on the answer redirects to SSL on 443 (default https) for SNI and 4433 for non-SNI. So does anyone see how to determine if the client browser support SNI? I am not talking about a bunch of ifs (browser.version < ... or browser.version < ...). I need more something like TLS+SNI support - yes|no - maybe this kind of combination could tell us - ssl_protocols SSLv3 TLSv1; Thanks, Chris Posted at Nginx Forum: http://forum.nginx.org/read.php?2,108417,220893#msg-220893 From nginx-forum at nginx.us Fri Jan 6 21:49:16 2012 From: nginx-forum at nginx.us (gtuhl) Date: Fri, 06 Jan 2012 16:49:16 -0500 Subject: Nginx as Load Balancer Connection Issues Message-ID: <20451453746402827e0cb164c69a780b.NginxMailingListEnglish@forum.nginx.org> We have a box running nginx and two boxes running apache. The apache boxes are configured as an upstream for nginx. The nginx box has a public IP, and then it talks to the upstream apaches using the private network (same switch). We are sustaining a couple hundred requests/sec. We've had several issues with the upstreams being counted out by nginx, causing the "no live upstreams" message in the error log and end users seeing 502 errors. When this happens the machines are barely being used, single digit load averages in 16 core boxes. Initially we were seeing a ton of "connect() failed (110: Connection timed out)", 1 every couple seconds. I added these to sysctl.conf and that seemed to solve the problem: net.ipv4.tcp_syncookies = 1 net.ipv4.tcp_fin_timeout = 20 net.ipv4.tcp_max_syn_backlog = 20480 net.core.netdev_max_backlog = 4096 net.ipv4.tcp_max_tw_buckets = 400000 net.core.somaxconn = 4096 Now things generally run fine but every once in awhile we get a huge burst of "upstream prematurely closed connection while reading response header from upstream" followed by a "no live upstreams". Again, no apparent load on the machines involved. These bursts only last a minute or so. We also still get an occasional "connect() failed (110: Connection timed out)" but they are far less frequent, perhaps 1 or 2 per hour. Anyone have recommendations for tuning the networking side to improve the situation here? These are some of the nginx.conf settings we have in place, removed the ones that don't seem related to the issue: worker_processes 4; worker_rlimit_nofile 30000; events { worker_connections 4096; # multi_accept on; use epoll; } http { client_max_body_size 200m; proxy_read_timeout 600s; proxy_send_timeout 600s; proxy_connect_timeout 60s; proxy_buffer_size 128k; proxy_buffers 4 128k; keepalive_timeout 0; tcp_nodelay on; } Happy to provide any other details. This is the "ulimit -a" on all boxes: core file size (blocks, -c) 0 data seg size (kbytes, -d) unlimited scheduling priority (-e) 20 file size (blocks, -f) unlimited pending signals (-i) 16382 max locked memory (kbytes, -l) 64 max memory size (kbytes, -m) unlimited open files (-n) 300000 pipe size (512 bytes, -p) 8 POSIX message queues (bytes, -q) 819200 real-time priority (-r) 0 stack size (kbytes, -s) 8192 cpu time (seconds, -t) unlimited max user processes (-u) unlimited virtual memory (kbytes, -v) unlimited file locks (-x) unlimited Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220894,220894#msg-220894 From nginx-forum at nginx.us Sat Jan 7 00:17:42 2012 From: nginx-forum at nginx.us (starmonche) Date: Fri, 06 Jan 2012 19:17:42 -0500 Subject: reverse proxy root folder only Message-ID: <5170f7a3fb61c2f6067041772f82057a.NginxMailingListEnglish@forum.nginx.org> I have an nginx serverset up and I'm looking for a way to only reverse proxy the contents of the root folder. I'm using a location regex with a list of the files in root that are allowed and then a second catch-all location that goes nowhere but there must be an easier or cleaner way to do this. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220895,220895#msg-220895 From nginx-forum at nginx.us Sat Jan 7 03:12:20 2012 From: nginx-forum at nginx.us (speedfirst) Date: Fri, 06 Jan 2012 22:12:20 -0500 Subject: How to load a TRUSTED Client CA Message-ID: <583354cfbe5f6e29a5c0ce36aab40bee.NginxMailingListEnglish@forum.nginx.org> I need to specify a CA file to "ssl_client_certificate" directive. This crt is generated by openssl x509 command with "-trustout" parameter, so starts with "----BEGIN TRUSTED CERTIFICATE-----", rather than common "-----BEGIN CERTIFICATE-----". Nginx will report error: PEM routines:PEM_read_bio:no start line Internally, nginx uses openssl's API "SSL_load_client_CA_file()" to load the cert and report this error. So it's a bug, expected or I mis-configure somewhere? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220897,220897#msg-220897 From francis at daoine.org Sat Jan 7 10:02:27 2012 From: francis at daoine.org (Francis Daly) Date: Sat, 7 Jan 2012 10:02:27 +0000 Subject: reverse proxy root folder only In-Reply-To: <5170f7a3fb61c2f6067041772f82057a.NginxMailingListEnglish@forum.nginx.org> References: <5170f7a3fb61c2f6067041772f82057a.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20120107100227.GZ27443@craic.sysops.org> On Fri, Jan 06, 2012 at 07:17:42PM -0500, starmonche wrote: Hi there, > I have an nginx serverset up and I'm looking for a way to only reverse > proxy the contents of the root folder. I'm using a location regex with a > list of the files in root that are allowed and then a second catch-all > location that goes nowhere but there must be an easier or cleaner way to > do this. Conceptually, one location{} for the things you want, plus one for all else, *is* the easy way to do it. (That's more or less the same as one location{} for the things you don't want, plus one for all else.) Arguably the cleaner way is to have one exact location{} for each thing you want, plus one for the rest, but I guess you're not looking for that. So: what is "the contents of the root folder"? If it is "exactly these file names", then your current location ~ ^/(one|two|three)$ is correct. If it is "any request without a second /", then location ~ ^/[^/]*$ should work. And if you go the other way, and have "location /" as your "this is the root folder" block, then "all else" would be "any request with two slashes", which could be location ~ /.*/ (All untested, by the way.) Good luck with it, f -- Francis Daly francis at daoine.org From mdounin at mdounin.ru Sat Jan 7 11:37:09 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sat, 7 Jan 2012 15:37:09 +0400 Subject: 404 not showing up in error logs (for PHP files) In-Reply-To: References: Message-ID: <20120107113709.GQ67687@mdounin.ru> Hello! On Thu, Jan 05, 2012 at 12:05:36PM -0500, Ilan Berkner wrote: > Hi All, > > When a user enters an invalid php file name they are correctly routed to > our default 404.html: > > try_files $fastcgi_script_name =404; > > The problem is that the 404 error is not showing up in our error logs. > > Other 404 errors do show up in our system. > > Please advise. This is expected behaviour. The "try_files" directives checks files as configured and uses configured fallback if there are no files found. It is not expected to log anything to error log if there are no files found. Maxim Dounin From nginx-forum at nginx.us Sat Jan 7 13:49:32 2012 From: nginx-forum at nginx.us (AndriesLouw) Date: Sat, 07 Jan 2012 08:49:32 -0500 Subject: Mobile browser detection at server level In-Reply-To: <28646c8afe0455c277b2e3a8a7b0c004.squirrel@www.digitalhit.com> References: <28646c8afe0455c277b2e3a8a7b0c004.squirrel@www.digitalhit.com> Message-ID: It is perfectly possible to do so with nginx server level configuration, I wrote a blogpost about it on my blog: http://blog.andrieslouw.nl/2012/01/serving-mobile-users-with-nginx.html I'm not exactly sure if it follows all the best-practices, but it seems to work quite well in my enviroment. -- Andries Louw Wolthuizen Posted at Nginx Forum: http://forum.nginx.org/read.php?2,183827,220904#msg-220904 From nginx-forum at nginx.us Sat Jan 7 13:55:33 2012 From: nginx-forum at nginx.us (AndriesLouw) Date: Sat, 07 Jan 2012 08:55:33 -0500 Subject: How to see nginx rps (requests per second) In-Reply-To: <18e0180c916acba5477b1b9f31f5a89a.NginxMailingListEnglish@forum.nginx.org> References: <18e0180c916acba5477b1b9f31f5a89a.NginxMailingListEnglish@forum.nginx.org> Message-ID: If you've logging enabled in some sort, you could use a Visual Log Analyzer, I know some of them work for Apache-style logs, but it requires the overhead of having logging enabled for your webserver. Such log-analysers don't need many resources, as they don't require any interaction with requests served by nginx, they just read the logs nginx produces every x seconds. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220831,220905#msg-220905 From nginx-forum at nginx.us Sat Jan 7 14:00:53 2012 From: nginx-forum at nginx.us (AndriesLouw) Date: Sat, 07 Jan 2012 09:00:53 -0500 Subject: rewrite rule custom.php to custom.css In-Reply-To: <448df5c84ba71ba759f9506d759831e1.NginxMailingListEnglish@forum.nginx.org> References: <448df5c84ba71ba759f9506d759831e1.NginxMailingListEnglish@forum.nginx.org> Message-ID: <3bfeb5929ad566bd2d44f66ee50a9738.NginxMailingListEnglish@forum.nginx.org> If you want it mod_rewrite style (so no 302 Temporary Redirect header): location ^/wp-content/themes/mytheme/assets/css/ { rewrite custom.css custom.php; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220792,220906#msg-220906 From appa at perusio.net Sat Jan 7 14:25:18 2012 From: appa at perusio.net (=?UTF-8?B?QW50w7NuaW8=?= P. P. Almeida) Date: Sat, 07 Jan 2012 14:25:18 +0000 Subject: Mobile browser detection at server level In-Reply-To: References: <28646c8afe0455c277b2e3a8a7b0c004.squirrel@www.digitalhit.com> Message-ID: <87pqev4mk1.wl%appa@perusio.net> On 7 Jan 2012 13h49 WET, nginx-forum at nginx.us wrote: > It is perfectly possible to do so with nginx server level > configuration, I wrote a blogpost about it on my blog: > http://blog.andrieslouw.nl/2012/01/serving-mobile-users-with-nginx.html > > I'm not exactly sure if it follows all the best-practices, but it > seems to work quite well in my enviroment. There's a simpler and more efficient way to do it. Instead of detecting the mobile browser, do the complementary, i.e. detect the desktop browser: https://gist.github.com/1326701 --- appa From nginx-forum at nginx.us Sat Jan 7 14:35:55 2012 From: nginx-forum at nginx.us (Yogui) Date: Sat, 07 Jan 2012 09:35:55 -0500 Subject: How to see nginx rps (requests per second) In-Reply-To: References: <18e0180c916acba5477b1b9f31f5a89a.NginxMailingListEnglish@forum.nginx.org> Message-ID: <8642603cb607a551ba905c788d88d84b.NginxMailingListEnglish@forum.nginx.org> @atrus Please remember that what you are looking for is a "human" value, as opposed to the snapshot type of values the server can reliably provide. The reason why nginx does not provide what you are looking for may be that the server would have to provide several intervals to satisfy everyone (second, millisecond, minute, hour, etc.), and that is neither practical nor reliable. Such data could also be misleading, depending on your use case. From a server point of view, the best thing to do was to give a total number of requests served and let the admins do the math as they see fit. However, the stub status module provides easy-to-read data that you can parse with a script in a loop, or such a script could dump the stats in a database and you could then read that. That is the best long-term solution to your problem. Please remember too that this database does not need to be SQL, it could be RRD-based for example, or just plain files, whatever suits you best. Regards, Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220831,220908#msg-220908 From nginx-forum at nginx.us Sat Jan 7 14:56:20 2012 From: nginx-forum at nginx.us (AndriesLouw) Date: Sat, 07 Jan 2012 09:56:20 -0500 Subject: Mobile browser detection at server level In-Reply-To: <87pqev4mk1.wl%appa@perusio.net> References: <87pqev4mk1.wl%appa@perusio.net> Message-ID: Ant?nio P. P. Almeida Wrote: ------------------------------------------------------- > There's a simpler and more efficient way to do it. > Instead of > detecting the mobile browser, do the > complementary, i.e. detect the > desktop browser: > > https://gist.github.com/1326701 > > --- appa I'd like to warn you about that one, it detects bot's like Googlebot also as being an mobile device. My setup does also detect desktop browsers first, as you may or may not have seen. So it's the same setup, but mine has more exclusions to the "desktop" list. -- Andries Louw Wolthuizen Posted at Nginx Forum: http://forum.nginx.org/read.php?2,183827,220909#msg-220909 From brian at akins.org Sat Jan 7 15:09:49 2012 From: brian at akins.org (Brian Akins) Date: Sat, 7 Jan 2012 10:09:49 -0500 Subject: Mobile browser detection at server level In-Reply-To: References: <87pqev4mk1.wl%appa@perusio.net> Message-ID: <963131E6-0B01-4DCD-9D0C-2D33F84D6821@akins.org> We use some Lua that's basically a combination of the posted links. It catches the edge cases a little better. Some things are just easier to do in a "real" programming language. --Brian From sconger at brand.net Fri Jan 6 23:02:54 2012 From: sconger at brand.net (Scott Conger) Date: Fri, 6 Jan 2012 15:02:54 -0800 Subject: fastcgi_keep_conn consuming ports? Message-ID: <918068D0CE3C4A48880F53D3EF19861919630D1875@BRANDNETEXCH.Brandnet.local> I wanted to try the new "fastcgi_keep_conn on;" configuration setting. I grabbed 1.1.13 and added the setting to my configuration. It seems to function, but I started getting HTTP 502 errors when I put load on the server. Looking at netstat, it seems to be consuming all available ports: netstat -nt > stat.txt grep TIME_WAIT stat.txt | wc -l 49894 Everything works fine if I comment the configuration line out, which leaves me a bit puzzled as to what is going on. Is there perhaps some other setting I should be changing? nginx -V nginx version: nginx/1.1.13 built by gcc 4.1.2 20080704 (Red Hat 4.1.2-50) -Scott -------------- next part -------------- An HTML attachment was scrubbed... URL: From for-gmane at mutluit.com Sat Jan 7 10:09:54 2012 From: for-gmane at mutluit.com (U.Mutlu) Date: Sat, 07 Jan 2012 11:09:54 +0100 Subject: Disabling logging of absolute paths Message-ID: Is there a switch to suppress the logging of absolute paths in the log files? Only paths relative to the html directory should be logged. Reason: I don't want disclose my file system structure when posting log excerpts to abuse desks etc. Sanitized example: 2012/01/02 00:04:48 [error] 566#0: *966 open() "/bla/foo/nginx/html/admin/index.php" failed (2: No such file or directory), client: 111.171.207.252, server: localhost, request: "GET //admin/index.php HTTP/1.1", host: "x.200.43.136" Ie. the "/bla/foo/nginx/html" part should not be logged. From brian at akins.org Sat Jan 7 17:46:13 2012 From: brian at akins.org (Brian Akins) Date: Sat, 7 Jan 2012 12:46:13 -0500 Subject: Disabling logging of absolute paths In-Reply-To: References: Message-ID: <2806FC5D-91C3-4941-B920-7E70D8AD61BE@akins.org> On Jan 7, 2012, at 5:09 AM, U.Mutlu wrote: > > Reason: I don't want disclose my file system structure when posting log excerpts to abuse desks etc. Then redact them before posting. --Brian From lists at ruby-forum.com Sat Jan 7 18:19:33 2012 From: lists at ruby-forum.com (dhaval d.) Date: Sat, 07 Jan 2012 19:19:33 +0100 Subject: How to see nginx rps (requests per second) In-Reply-To: <18e0180c916acba5477b1b9f31f5a89a.NginxMailingListEnglish@forum.nginx.org> References: <18e0180c916acba5477b1b9f31f5a89a.NginxMailingListEnglish@forum.nginx.org> Message-ID: atrus wrote in post #1039525: > Hi Guys, > > I have enable stub module and location /status/ in nginx.conf > > All I see just : > > Active connections: 1 > server accepts handled requests > 478077 478077 478271 > Reading: 0 Writing: 1 Waiting: 0 > > How can I know which values is the rps of the nginx server ? > > Thanks guys. > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,220831,220831#msg-220831 If you are just interested in knowing Request per second and if you have logging enabled then I would suggest using netcat. you just need to tail the log file and then use the netcat to count the lines and it would give you the details you need. Since the tail by default updates every 1 second you will get what you need. -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Sat Jan 7 19:11:08 2012 From: nginx-forum at nginx.us (etrader) Date: Sat, 07 Jan 2012 14:11:08 -0500 Subject: Rewrite for subdomain Message-ID: I want to set a rewrite rule for redirection of search.php?q=word to word.domain.com I used the following rule but did not work. rewrite ^(.*).$server_name /search.php?q=$1 permanent; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,220917,220917#msg-220917 From mdounin at mdounin.ru Sat Jan 7 20:32:08 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 8 Jan 2012 00:32:08 +0400 Subject: fastcgi_keep_conn consuming ports? In-Reply-To: <918068D0CE3C4A48880F53D3EF19861919630D1875@BRANDNETEXCH.Brandnet.local> References: <918068D0CE3C4A48880F53D3EF19861919630D1875@BRANDNETEXCH.Brandnet.local> Message-ID: <20120107203208.GR67687@mdounin.ru> Hello! On Fri, Jan 06, 2012 at 03:02:54PM -0800, Scott Conger wrote: > I wanted to try the new "fastcgi_keep_conn on;" configuration > setting. I grabbed 1.1.13 and added the setting to my > configuration. It seems to function, but I started getting HTTP > 502 errors when I put load on the server. Looking at netstat, it > seems to be consuming all available ports: > > netstat -nt > stat.txt > grep TIME_WAIT stat.txt | wc -l > 49894 > > Everything works fine if I comment the configuration line out, > which leaves me a bit puzzled as to what is going on. Is there > perhaps some other setting I should be changing? > > nginx -V > nginx version: nginx/1.1.13 > built by gcc 4.1.2 20080704 (Red Hat 4.1.2-50) If you want to use persistent fastcgi connections, you should use fastcgi_keep_conn *and* keepalive directive in the upstream block, i.e. upstream backend { server ...; keepalive 5; } server { ... location / { fastcgi_pass backend; fastcgi_keep_conn on; ... } } Using fastcgi_keep_conn by itself only moves responsibility of closing fastcgi connections from backend to nginx, and thus moves TIME_WAIT connections from backend(s) to nginx side as well. Maxim Dounin From mdounin at mdounin.ru Sat Jan 7 20:57:24 2012 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 8 Jan 2012 00:57:24 +0400 Subject: Disabling logging of absolute paths In-Reply-To: References: Message-ID: <20120107205724.GS67687@mdounin.ru> Hello! On Sat, Jan 07, 2012 at 11:09:54AM +0100, U.Mutlu wrote: > Is there a switch to suppress the logging of absolute paths in the log files? > Only paths relative to the html directory should be logged. > Reason: I don't want disclose my file system structure when posting log excerpts to abuse desks etc. > > Sanitized example: > 2012/01/02 00:04:48 [error] 566#0: *966 open() "/bla/foo/nginx/html/admin/index.php" failed (2: No such file or directory), client: 111.171.207.252, server: localhost, request: "GET //admin/index.php HTTP/1.1", host: "x.200.43.136" > > Ie. the "/bla/foo/nginx/html" part should not be logged. No, there is no such option for error log. You may use access log instead. Maxim Dounin From appa at perusio.net Sat Jan 7 22:47:09 2012 From: appa at perusio.net (=?UTF-8?B?QW50w7NuaW8=?= P. P. Almeida) Date: Sat, 07 Jan 2012 22:47:09 +0000 Subject: rewrite rule custom.php to custom.css In-Reply-To: <3bfeb5929ad566bd2d44f66ee50a9738.NginxMailingListEnglish@forum.nginx.org> References: <448df5c84ba71ba759f9506d759831e1.NginxMailingListEnglish@forum.nginx.org> <3bfeb5929ad566bd2d44f66ee50a9738.NginxMailingListEnglish@forum.nginx.org> Message-ID: <87mx9z3zbm.wl%appa@perusio.net> On 7 Jan 2012 14h00 WET, nginx-forum at nginx.us wrote: > If you want it mod_rewrite style (so no 302 Temporary Redirect > header): > > location ^/wp-content/themes/mytheme/assets/css/ { > rewrite custom.css custom.php; > } Why this? Nginx is not Apache. There's no need for rewrites, in fact in most mod_rewrite -> nginx conversions you won't need them at all, IMO. If you want to return a 301 then just replace the 302 by 301. Furthermore the '^/' doesn't function since there's no ~ or ~* to denote a regex based location. --- appa From appa at perusio.net Sat Jan 7 22:51:11 2012 From: appa at perusio.net (=?UTF-8?B?QW50w7NuaW8=?= P. P. Almeida) Date: Sat, 07 Jan 2012 22:51:11 +0000 Subject: Rewrite for subdomain In-Reply-To: References: Message-ID: <87lipj3z4w.wl%appa@perusio.net> On 7 Jan 2012 19h11 WET, nginx-forum at nginx.us wrote: > I want to set a rewrite rule for redirection of search.php?q=word to > word.domain.com > I used the following rule but did not work. Try: location ^~ /search.php { return 301 http://$arg_q.domain.com; } --- appa From edho at myconan.net Sat Jan 7 23:00:33 2012 From: edho at myconan.net (Edho Arief) Date: Sun, 8 Jan 2012 06:00:33 +0700 Subject: Rewrite for subdomain In-Reply-To: <87lipj3z4w.wl%appa@perusio.net> References: