From nginx-forum at nginx.us  Sun Jul  1 04:01:19 2012
From: nginx-forum at nginx.us (Jiff)
Date: Sun, 1 Jul 2012 00:01:19 -0400 (EDT)
Subject: dokuwiki not in root problem of regexp
In-Reply-To: <20120630154217.GT6210@craic.sysops.org>
References: <20120630154217.GT6210@craic.sysops.org>
Message-ID: <99781b1df3ee3fd15d974e2f3e59875b.NginxMailingListEnglish@forum.nginx.org>

Hi Francis,

Well, I shouldn't work that much ]:-)
In fact there was so much tests, comments, etc that I missed 
the main problem: I use 2 files, the 2nd one being common to 
different servers in the 1st one; I just didn't saw I was refering
to an old version:(

Thanks anyway for you patience and hints that helped me to
debug that.
Jiff

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228124,228150#msg-228150


From nginx-forum at nginx.us  Sun Jul  1 04:16:31 2012
From: nginx-forum at nginx.us (Jiff)
Date: Sun, 1 Jul 2012 00:16:31 -0400 (EDT)
Subject: How can I redirect some IP addresses?
Message-ID: <f968ff665ac730b9e2cb238a96e024ed.NginxMailingListEnglish@forum.nginx.org>

Hi forulisters,

I've got a bunch of IP addresses and IP ranges I'd like 
to redirect to, let's say the amnesty international site 
(they're mainly from gov).

I read http://wiki.nginx.org/HttpAccessModule but as I've
got many of them I'm wondering if nginx can read a text 
file (or something else) instead of put all these addresses 
in a block?

I'd also like if I can have a round-robin of redirections
(once for amnesty, next to copwatch, etc)?

Jiff

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228151,228151#msg-228151


From francis at daoine.org  Sun Jul  1 09:55:44 2012
From: francis at daoine.org (Francis Daly)
Date: Sun, 1 Jul 2012 10:55:44 +0100
Subject: How can I redirect some IP addresses?
In-Reply-To: <f968ff665ac730b9e2cb238a96e024ed.NginxMailingListEnglish@forum.nginx.org>
References: <f968ff665ac730b9e2cb238a96e024ed.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120701095544.GU6210@craic.sysops.org>

On Sun, Jul 01, 2012 at 12:16:31AM -0400, Jiff wrote:

Hi there,

> I read http://wiki.nginx.org/HttpAccessModule but as I've
> got many of them I'm wondering if nginx can read a text 
> file (or something else) instead of put all these addresses 
> in a block?

http://nginx.org/r/include

> I'd also like if I can have a round-robin of redirections
> (once for amnesty, next to copwatch, etc)?

I'm not aware of a pure nginx.conf way of doing that.

But it shouldn't be too tough to use some scripting -- either error_page
to a location which does something_pass to a separate server which issues
the http redirect; or use one of the embedded scripting languages.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org


From francis at daoine.org  Sun Jul  1 10:11:44 2012
From: francis at daoine.org (Francis Daly)
Date: Sun, 1 Jul 2012 11:11:44 +0100
Subject: dokuwiki not in root problem of regexp
In-Reply-To: <99781b1df3ee3fd15d974e2f3e59875b.NginxMailingListEnglish@forum.nginx.org>
References: <20120630154217.GT6210@craic.sysops.org>
	<99781b1df3ee3fd15d974e2f3e59875b.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120701101144.GV6210@craic.sysops.org>

On Sun, Jul 01, 2012 at 12:01:19AM -0400, Jiff wrote:

Hi there,

> Thanks anyway for you patience and hints that helped me to
> debug that.

That sounds like you've found a working solution -- good work.

All of the (current) search results I see for "nginx dokuwiki" seem to
indicate to me that installing not in root is a problem for people.

When you're happy that what you have does everything it is supposed to,
could you post your config (mentioning version numbers) so that searchers
in a year will be able to take advantage of your work?

This mailing list / forum should be ok; the dokuwiki or nginx
documentation wikis would also be good, if you have access.

Thanks,

	f
-- 
Francis Daly        francis at daoine.org


From nginx-forum at nginx.us  Sun Jul  1 16:40:34 2012
From: nginx-forum at nginx.us (Jiff)
Date: Sun, 1 Jul 2012 12:40:34 -0400 (EDT)
Subject: dokuwiki not in root problem of regexp
In-Reply-To: <20120701101144.GV6210@craic.sysops.org>
References: <20120701101144.GV6210@craic.sysops.org>
Message-ID: <22f5daecb679540c2a41992683387f8b.NginxMailingListEnglish@forum.nginx.org>

myserver.org_dokuwiki_http_https_main.conf
==================================

# DOKUWIKI NOT-ON-ROOT MAIN FILE: BROWSE HTTP + DANGEROUS AREAS HTTPS
#====================================================================

# 2012-07-01 - Author: Jean-Yves F. Barbier - lazyvirus<at]gmx{dot)com

# File: myserver.org_dokuwiki_http_https_main.conf

# MOD'OP: Just symlink this file into /etc/nginx/sites-enabled

# Works on Debian squeeze + backports:
#   nginx-full                  1.2.1-1~dotdeb.0
#   php5                        5.3.14-1~dotdeb.0
#   php5-fpm                    5.3.14-1~dotdeb.0
# Works under Debian sid.

# Solutions mostly coming from:
# http://wiki.nginx.org
# http://agentzh.org/misc/nginx/agentzh-nginx-tutorials-enuk.html
# http://blog.slucas.fr/en/oss/dokuwiki-nginx-config
# http://www.dokuwiki.org/install:nginx?s[]=nginx
# http://www.dokuwiki.org/tips:httpslogin#nginx

# With this conf, leave parm 'securecookie' enabled.

# No tested w/ clean URL (but who cares?)

# CAUTION: MANY TIME WASTED: DW DON'T SET 'useacl' to 1 WHEN
INSTALLING,
#          WHICH ALLOW TO LOGIN BUT SEND A 'Permission denied' ASA YOU
#          MAKE ANY MODIFICATION!
# SOLT:    Install, then manually edit /conf/dokuwiki.php to set it to
1.

# NB: You can also redirect sensitive areas to localhost (unencrypted).

#=============================================================================
  HTTP/HTTPS DISCRIMINATOR

# In case of redirection to localhost, comment this line
# (and the one using this VAR in the common file).
map    $scheme $php_https {  default off;  https on;  }

#=============================================================================
  HTTP

server {
    listen                  80;
    server_name             myserver.org;
    root                    /var/www;
    index                   index.html    index.php    doku.php;

    access_log              /var/log/nginx/dokuwiki.http.access.log;
    error_log               /var/log/nginx/dokuwiki.http.error.log;
    rewrite_log             on;    # TEST ONLY (logs all rewrites)

    #-------------------------------------------------------------

    # Enforce HTTPS for /log?, /admin?, & /profile?

    if ($args  ~  do=(log|admin|profile)) {
        rewrite  ^  https://$host$request_uri?    redirect;
        # locahost (unencrypted) version
###        rewrite  ^  http://localhost$request_uri?    redirect;
    }

    # Common conf file

    include   
/etc/nginx/sites-available/myserver.org_dokuwiki_http_https_common.conf;
}

#=============================================================================
  HTTPS


server {
    listen                  443    ssl;
    server_name             myserver.org;
    root                    /var/www;
    index                   index.html    index.php    doku.php;

    ssl_certificate         /etc/nginx/SSL/nginx.crt;
    ssl_certificate_key     /etc/nginx/SSL/nginx-insecure.key;

    access_log              /var/log/nginx/dokuwiki.https.access.log;
    error_log               /var/log/nginx/dokuwiki.https.error.log;
    rewrite_log             on;    # TEST ONLY (log all rewrites)

    #-------------------------------------------------------------

    # CAUTION: DON'T enforce HTTP for normal requests (do=show|^$),
this
    #          renders any modification in DW worthless!

    # Common conf file

    include   
/etc/nginx/sites-available/myserver.org_dokuwiki_http_https_common.conf;
}

#=============================================================================
  EOF


myserver.org_dokuwiki_http_https_common.conf
====================================

    # DOKUWIKI NOT-ON-ROOT COMMON FILE: BROWSE HTTP + DANGEROUS AREAS
HTTPS
   
#======================================================================

    # 2012-07-01 - Author: Jean-Yves F. Barbier -
lazyvirus<at]gmx{dot)com

    # File: myserver.org_dokuwiki_http_https_common.conf

    # As DW is not on the HTTP/S svr root, redirect any root query
toward it
    # from:   http://myserver.org/   to:   http://myserver.org/dokuwiki
    # (until other services being available).

    location  =  / {
        error_page 403 = http://$host/dokuwiki;
    }

    #-------------------------------------------------------------

    location  /dokuwiki {
        try_files    $uri    $uri/    @dw;
    }

    location  @dw {
        rewrite    ^/dokuwiki/_media/(.*)           
/lib/exe/fetch.php?media=$1     last;
        rewrite    ^/dokuwiki/_detail/(.*)          
/lib/exe/detail.php?media=$1    last;
        rewrite    ^/dokuwiki/_export/([^/]+)/(.*)  
/doku.php?do=export_$1&id=$2    last;
        rewrite    ^/dokuwiki/(.*)                  
/doku.php?id=$1&$args           last;
    }

    #-------------------------------------------------------------

    location  ~  \.php$ {
        if (!-f $request_filename) { 
            return          404;
        }

        include          fastcgi_params;
        fastcgi_param    SCRIPT_FILENAME    
$document_root$fastcgi_script_name;
        # Comment the line below if redirecting to localhost
(unencrypted)
        fastcgi_param    HTTPS               $php_https;  # DW checks
$_SERVER['HTTPS']
        # Gain the TCP/IP overhead: use socket instead
        fastcgi_pass     unix:/var/run/php5-fpm.socket;
    }

    #-------------------------------------------------------------

    # For security reasons (http://www.dokuwiki.org/security) some
    # directories must not be reachable from the outside.  But a
    # 'deny all' isn't a good solution, as it returns a 403 which
    # is visible by the client.  The solution comes from a nginx
    # special extension: the 444 error that returns no information
    # to the client and closes its connection.  Useful as a deterrent
    # for malware as it is silent:)

    location  ~  ^/dokuwiki/(bin|conf|data|inc)/  {
        return      444;
    }
    
    #-------------------------------------------------------------

    # Force a long expiration delay on static files

    location  ~*  \.(js|css|png|jpg|jpeg|gif|ico)$  {
        expires             30d;
        access_log          off;
        log_not_found       off;
    }

    # This location serves static files

    location  ~  ^/dokuwiki/lib/ {
        expires     30d;
    }

    #-------------------------------------------------------------

    # As of nginx wiki this should go to /etc/nginx/conf.d/drop.conf,
    # but I like to have everything on sight.
    
    # NTS: It is normal not to see the pink icon about
    #      "data directory not properly secured": this is
    #      when I can see it that there's something wrong:)

    location  =  /dokuwiki/robots.txt {
        access_log      off;
        log_not_found   off;
    }

    location  =  /dokuwiki/favicon.ico {
        access_log      off;
        log_not_found   off;
    }

    # Silently protect all Linux hidden files (but log get attempts)
    location  ~  /\. {
        return          444;
    }

    # I spent some time to understand what this block was meant for:
    # http://kbeezie.com/view/nginx-configuration-examples/
    # This block is mainly for people who use vim, or any other command
line
    # editor that creates a backup copy of a file being worked on with a
file
    # name ending in ~.
    # Hiding this prevents someone from accessing a backup copy of a
file you
    # have been working on.
    location  ~  ~$ {
        access_log      off;
        log_not_found   off;
        return          444;
    }

#=============================================================================
  EOF

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228124,228155#msg-228155


From mat999 at gmail.com  Sun Jul  1 16:56:47 2012
From: mat999 at gmail.com (SplitIce)
Date: Mon, 2 Jul 2012 02:56:47 +1000
Subject: Proxy cache max size
In-Reply-To: <83880F25-A88D-4F83-8E56-8127B9D4B489@akins.org>
References: <39249915-61D3-4E86-8795-6EF5309932ED@gmail.com>
	<20120629135546.GO31671@mdounin.ru>
	<CALFfGYbyzN5ei5uxKJ-u=WERoYXdhq4nooM10_tvGWVZvorcyA@mail.gmail.com>
	<83880F25-A88D-4F83-8E56-8127B9D4B489@akins.org>
Message-ID: <CALFfGYYZMdmNJhy-h0Lid+y6AKk8D-U125m44W9fjpvuM_oEnQ@mail.gmail.com>

I came up with a crude solution, proxy_max_temp_file_size. By limiting the
max size in cached paths to 50mb I should make it impossible for someone to
store GBs of data to the disk before the cache manager runs.



On Sun, Jul 1, 2012 at 2:11 AM, Brian Akins <brian at akins.org> wrote:

>
> On Jun 30, 2012, at 3:20 AM, SplitIce wrote:
>
> > Hmm this presents a rather large issue for me.
> >
> > Is it possible to get the upstream response size in lua and set a
> variable to influence proxy_no_cache? If it is ill learn lua.
>
> By the time Lua gets involved, the response has already been cached (or
> not).
>
> You could do your own cache instead of proxy_cache, of course.  I have
> some things that store the "cache" in redis, for example. Could be
> memcache, custom cache, etc.
>
> --Brian
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120702/f8373b33/attachment.html>

From shahzaib.cb at gmail.com  Mon Jul  2 07:18:37 2012
From: shahzaib.cb at gmail.com (shahzaib shahzaib)
Date: Mon, 2 Jul 2012 12:18:37 +0500
Subject: nginx-1.3.2
In-Reply-To: <CAD3xhrP1OtPoO2AQ1G6ojqB3BmreouxaAvzjSwSCk=wp8bfGxQ@mail.gmail.com>
References: <20120626140023.GJ31671@mdounin.ru>
	<CAGo79UV7OUT-2Pj=2e=f=i=wiMvHs3ZF1saE1kLaKGb4m5d=eg@mail.gmail.com>
	<CAD3xhrM+FBVqeJsddDmTmqCxyVpv2xEUmuXUywB+fpC9kwM+kQ@mail.gmail.com>
	<CAD3xhrP1OtPoO2AQ1G6ojqB3BmreouxaAvzjSwSCk=wp8bfGxQ@mail.gmail.com>
Message-ID: <CAD3xhrO2Porv7cdKx4QKtRx8FtZj7L+PV2rnEp-zN3cjqYwLYQ@mail.gmail.com>

@Maxim & @Lukas, i've noticed that the flv audio psuedo is  working by
using given keyframes that is generated by flvmdi but  video  breaks during
usage of keyframes .

On Sat, Jun 30, 2012 at 11:17 AM, shahzaib shahzaib
<shahzaib.cb at gmail.com>wrote:

> Thats my starter of nginx.conf
> Server {
>
> location ~ \.flv$ {
>     flv;
> }
>
> location /videos {
>     root /usr/local/nginx/html;
>     index index.php index.html;
>     autoindex on;
>
> }
> }
>
> On Fri, Jun 29, 2012 at 5:02 PM, shahzaib shahzaib <shahzaib.cb at gmail.com>wrote:
>
>> @Maxim i've converted my flv video using flvmdi tool with this command
>> flvmdi test.flv sample.flv /k /x & it created flv file keyframes and save
>> into xml file, but still when i try to play the video from given keyframe,
>> does'nt show anything. Waiting for your help. Thanks
>>
>>
>> On Thu, Jun 28, 2012 at 6:06 PM, Kevin Worthington <
>> kworthington at gmail.com> wrote:
>>
>>> Hello Nginx Users,
>>>
>>> Now available: Nginx 1.3.2 For Windows http://goo.gl/2aSez (32-bit and
>>> 64-bit versions)
>>>
>>> These versions are to support legacy users who are already using
>>> Cygwin based builds of Nginx. Officially supported native Windows
>>> binaries are at nginx.org.
>>>
>>> Announcements are also available via my Twitter stream, listed below
>>> if you'd like updates that way.
>>>
>>> Thank you,
>>> Kevin
>>> --
>>> Kevin Worthington
>>> kworthington *@* (gmail]  [dot} {com)
>>> http://kevinworthington.com/
>>> http://twitter.com/kworthington
>>>
>>>
>>> On Tue, Jun 26, 2012 at 10:00 AM, Maxim Dounin <mdounin at mdounin.ru>
>>> wrote:
>>> > Changes with nginx 1.3.2                                         26
>>> Jun 2012
>>> >
>>> >    *) Change: the "single" parameter of the "keepalive" directive is
>>> now
>>> >       ignored.
>>> >
>>> >    *) Change: SSL compression is now disabled when using all versions
>>> of
>>> >       OpenSSL, including ones prior to 1.0.0.
>>> >
>>> >    *) Feature: it is now possible to use the "ip_hash" directive to
>>> balance
>>> >       IPv6 clients.
>>> >
>>> >    *) Feature: the $status variable can now be used not only in the
>>> >       "log_format" directive.
>>> >
>>> >    *) Bugfix: a segmentation fault might occur in a worker process on
>>> >       shutdown if the "resolver" directive was used.
>>> >
>>> >    *) Bugfix: a segmentation fault might occur in a worker process if
>>> the
>>> >       ngx_http_mp4_module was used.
>>> >
>>> >    *) Bugfix: in the ngx_http_mp4_module.
>>> >
>>> >    *) Bugfix: a segmentation fault might occur in a worker process if
>>> >       conflicting wildcard server names were used.
>>> >
>>> >    *) Bugfix: nginx might be terminated abnormally on a SIGBUS signal
>>> on
>>> >       ARM platform.
>>> >
>>> >    *) Bugfix: an alert "sendmsg() failed (9: Bad file number)" on HP-UX
>>> >       while reconfiguration.
>>> >
>>> >
>>> > Maxim Dounin
>>> >
>>> > _______________________________________________
>>> > nginx mailing list
>>> > nginx at nginx.org
>>> > http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120702/91c01892/attachment.html>

From nginx-forum at nginx.us  Mon Jul  2 09:02:59 2012
From: nginx-forum at nginx.us (aryut)
Date: Mon, 2 Jul 2012 05:02:59 -0400 (EDT)
Subject: video stream and secure link
Message-ID: <8ff215891f30e03c1f0284902edb3a9e.NginxMailingListEnglish@forum.nginx.org>

hi, 

i want to use mp4 module and secure link module together. 

this is my conf;
			location /videos/ {
			secure_link $arg_st,$arg_e;
			secure_link_md5 ssss$remote_addr$uri$arg_e;
			if ($secure_link = "") {
				return 403;
			}

			if ($secure_link = "0") {
				return 403;
			}

				mp4;

		}
it works with this config but when i change mp4; with 	
                               location ~ \.mp4$ {
						mp4;
					}
secure link doesn't works. streaming an seeking working well. 

i need to add this line because i want to stream flv files too. 

wat is the true way ? thanks.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228161,228161#msg-228161


From mdounin at mdounin.ru  Mon Jul  2 09:04:05 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Mon, 2 Jul 2012 13:04:05 +0400
Subject: Proxy cache max size
In-Reply-To: <CALFfGYYZMdmNJhy-h0Lid+y6AKk8D-U125m44W9fjpvuM_oEnQ@mail.gmail.com>
References: <39249915-61D3-4E86-8795-6EF5309932ED@gmail.com>
	<20120629135546.GO31671@mdounin.ru>
	<CALFfGYbyzN5ei5uxKJ-u=WERoYXdhq4nooM10_tvGWVZvorcyA@mail.gmail.com>
	<83880F25-A88D-4F83-8E56-8127B9D4B489@akins.org>
	<CALFfGYYZMdmNJhy-h0Lid+y6AKk8D-U125m44W9fjpvuM_oEnQ@mail.gmail.com>
Message-ID: <20120702090405.GS31671@mdounin.ru>

Hello!

On Mon, Jul 02, 2012 at 02:56:47AM +1000, SplitIce wrote:

> I came up with a crude solution, proxy_max_temp_file_size. By limiting the
> max size in cached paths to 50mb I should make it impossible for someone to
> store GBs of data to the disk before the cache manager runs.

No, the proxy_max_temp_file_size directive is ignored if cache is 
used.  This is for reason, as common use case is to disable disk 
buffering with "proxy_max_temp_file_size 0;", but have cache 
switched on for some requests.

Maxim Dounin

> 
> 
> 
> On Sun, Jul 1, 2012 at 2:11 AM, Brian Akins <brian at akins.org> wrote:
> 
> >
> > On Jun 30, 2012, at 3:20 AM, SplitIce wrote:
> >
> > > Hmm this presents a rather large issue for me.
> > >
> > > Is it possible to get the upstream response size in lua and set a
> > variable to influence proxy_no_cache? If it is ill learn lua.
> >
> > By the time Lua gets involved, the response has already been cached (or
> > not).
> >
> > You could do your own cache instead of proxy_cache, of course.  I have
> > some things that store the "cache" in redis, for example. Could be
> > memcache, custom cache, etc.
> >
> > --Brian
> >
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> >

> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From shahzaib.cb at gmail.com  Mon Jul  2 09:55:35 2012
From: shahzaib.cb at gmail.com (shahzaib shahzaib)
Date: Mon, 2 Jul 2012 14:55:35 +0500
Subject: video stream and secure link
In-Reply-To: <8ff215891f30e03c1f0284902edb3a9e.NginxMailingListEnglish@forum.nginx.org>
References: <8ff215891f30e03c1f0284902edb3a9e.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAD3xhrM-ZRZQP_yp-6LJWjt3i4zVoch0YQ-7ibrOj+NAqEPY_g@mail.gmail.com>

you can copy this location & paste beneath with flv instead of mp4

On Mon, Jul 2, 2012 at 2:02 PM, aryut <nginx-forum at nginx.us> wrote:

> hi,
>
> i want to use mp4 module and secure link module together.
>
> this is my conf;
>                         location /videos/ {
>                         secure_link $arg_st,$arg_e;
>                         secure_link_md5 ssss$remote_addr$uri$arg_e;
>                         if ($secure_link = "") {
>                                 return 403;
>                         }
>
>                         if ($secure_link = "0") {
>                                 return 403;
>                         }
>
>                                 mp4;
>
>                 }
> it works with this config but when i change mp4; with
>                                location ~ \.mp4$ {
>                                                 mp4;
>                                         }
> secure link doesn't works. streaming an seeking working well.
>
> i need to add this line because i want to stream flv files too.
>
> wat is the true way ? thanks.
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,228161,228161#msg-228161
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120702/c0c20626/attachment.html>

From ru at nginx.com  Mon Jul  2 10:16:58 2012
From: ru at nginx.com (Ruslan Ermilov)
Date: Mon, 2 Jul 2012 14:16:58 +0400
Subject: How can I redirect some IP addresses?
In-Reply-To: <f968ff665ac730b9e2cb238a96e024ed.NginxMailingListEnglish@forum.nginx.org>
References: <f968ff665ac730b9e2cb238a96e024ed.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120702101658.GA72261@lo0.su>

On Sun, Jul 01, 2012 at 12:16:31AM -0400, Jiff wrote:
> Hi forulisters,
> 
> I've got a bunch of IP addresses and IP ranges I'd like 
> to redirect to, let's say the amnesty international site 
> (they're mainly from gov).
> 
> I read http://wiki.nginx.org/HttpAccessModule but as I've
> got many of them I'm wondering if nginx can read a text 
> file (or something else) instead of put all these addresses 
> in a block?

I think you want the geo module instead:

http://nginx.org/en/docs/http/ngx_http_geo_module.html

It supports the "include" directive inside the "geo" block.
(Currently it lacks the IPv6 support though.)

> I'd also like if I can have a round-robin of redirections
> (once for amnesty, next to copwatch, etc)?

While not exactly what you want, but you can use the "split
clients" module to match $remote_port to a particular URL:

http://nginx.org/en/docs/http/ngx_http_split_clients_module.html

(This has a limitation: it will always give you the same
redirection URL over one persistent connection.)

http {
    geo $wrapped {
	127.0.0.1 1;
#	include conf/wrapped.conf;
    }

    split_clients "${remote_port}AAA" $redirect {
	33% http://url1;
	33% http://url2;
	*   http://url3;
    }

    server {
	if ($wrapped) {
	    return 301 $redirect;
	}

	location / {
	    return 200 "normal content";
	}
    }
}


From nginx-forum at nginx.us  Mon Jul  2 13:44:41 2012
From: nginx-forum at nginx.us (adamchal)
Date: Mon, 2 Jul 2012 09:44:41 -0400 (EDT)
Subject: Adding $request_path Variable
In-Reply-To: <8762apf2pi.wl%appa@perusio.net>
References: <8762apf2pi.wl%appa@perusio.net>
Message-ID: <cf991fe7de494f7d975ae088b572da02.NginxMailingListEnglish@forum.nginx.org>

Ant?nio, this was a really good idea, but with fastcgi_intercept_errors
and proxy_intercept_errors turned on, the $orig_uri is logged as
whatever the error_page is (in my case /error.html).

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,227612,228168#msg-228168


From nginx-forum at nginx.us  Mon Jul  2 14:25:15 2012
From: nginx-forum at nginx.us (aryut)
Date: Mon, 2 Jul 2012 10:25:15 -0400 (EDT)
Subject: video stream and secure link
In-Reply-To: <8ff215891f30e03c1f0284902edb3a9e.NginxMailingListEnglish@forum.nginx.org>
References: <8ff215891f30e03c1f0284902edb3a9e.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <e4e90bbb7a00f7781d2ce803be95d8a9.NginxMailingListEnglish@forum.nginx.org>

i'll try to explain again; 

location /videos/ { 
   /*secure link module codes */
    mp4; 
} //secure link and mp4 streaming & seeking works well

location /videos/ { 
	/*secure link module codes */  
	mp4; 
	flv;	
} //secure links works. mp4 streaming & seeking doesnt works as should
be.

location /videos/ { 
	/*secure link module codes */ 
	location ~ \.mp4$ { 
		mp4;
	}  
} //secure link doesn't works, mp4 streaming & seeking works.



location /videos/ { 
	/*secure link module codes */  
	mp4; 
	location ~ \.flv$ { 
		flv;
	} 
} //secure link works on mp4 extension, but doesn't works on flv.
streamings & seekings works well.



location /videos/ { 
	/*secure link module codes */  
	location ~ \.mp4$ { 
		mp4;
	}  
	location ~ \.flv$ { 
		flv;
	} 
} //secure link  doesn't works on flv and mp4. streamings & seekings
works well.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228161,228172#msg-228172


From nginx-forum at nginx.us  Mon Jul  2 14:38:26 2012
From: nginx-forum at nginx.us (arosolino)
Date: Mon, 2 Jul 2012 10:38:26 -0400 (EDT)
Subject: Nginx Module Non-blocking event
Message-ID: <c2c2ddb13554f7fc14094fb24ace4658.NginxMailingListEnglish@forum.nginx.org>

Hello all,

I just finished my module for nginx. Now I am going through and fixing
any problems that may arise. My module is currently using the shared
memory to store IPs received into an rbtree. Then after so many IPs are
stored it sends these IPs via libcurl to a third party site for review.

I got this all working fine, no problem. However an issue arises if the
third party site is experiencing lag, as it will lag the person who
initiated the request. I want the libcurl process to be handled
separately from the user connection. What should I be looking at to
achieve this?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228173,228173#msg-228173


From ne at vbart.ru  Mon Jul  2 15:42:54 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Mon, 2 Jul 2012 19:42:54 +0400
Subject: video stream and secure link
In-Reply-To: <e4e90bbb7a00f7781d2ce803be95d8a9.NginxMailingListEnglish@forum.nginx.org>
References: <8ff215891f30e03c1f0284902edb3a9e.NginxMailingListEnglish@forum.nginx.org>
	<e4e90bbb7a00f7781d2ce803be95d8a9.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <201207021942.54710.ne@vbart.ru>

On Monday 02 July 2012 18:25:15 aryut wrote:
> i'll try to explain again;
> 
> location /videos/ {
>    /*secure link module codes */
>     mp4;
> } //secure link and mp4 streaming & seeking works well
> 
> location /videos/ {
> 	/*secure link module codes */
> 	mp4;
> 	flv;
> } //secure links works. mp4 streaming & seeking doesnt works as should
> be.
> 
> location /videos/ {
> 	/*secure link module codes */
> 	location ~ \.mp4$ {
> 		mp4;
> 	}
> } //secure link doesn't works, mp4 streaming & seeking works.
> 
> 
> 
> location /videos/ {
> 	/*secure link module codes */
> 	mp4;
> 	location ~ \.flv$ {
> 		flv;
> 	}
> } //secure link works on mp4 extension, but doesn't works on flv.
> streamings & seekings works well.
> 
> 
> 
> location /videos/ {
> 	/*secure link module codes */
> 	location ~ \.mp4$ {
> 		mp4;
> 	}
> 	location ~ \.flv$ {
> 		flv;
> 	}
> } //secure link  doesn't works on flv and mp4. streamings & seekings
> works well.
> 

http://nginx.org/r/location
http://nginx.org/en/docs/http/ngx_http_rewrite_module.html
http://nginx.org/en/docs/http/ngx_http_secure_link_module.html

    location /videos/ { 
        secure_link $arg_st,$arg_e;
        secure_link_md5 ssss$remote_addr$uri$arg_e;

        location ~ \.mp4$ { 

                if ($secure_link = "") {
                    return 403;
                }

                mp4;
        }

        location ~ \.flv$ {

                if ($secure_link = "") {
                    return 403;
                }

                flv;
        }
    }


 wbr, Valentin V. Bartenev


From piotr.sikora at frickle.com  Mon Jul  2 17:40:52 2012
From: piotr.sikora at frickle.com (Piotr Sikora)
Date: Mon, 2 Jul 2012 19:40:52 +0200
Subject: [ANNOUNCE] ngx_cache_purge-1.6
Message-ID: <F5F313C9C7CB4216806ED594731A2151@Desktop>

Version 1.6 is now available at:
http://labs.frickle.com/nginx_ngx_cache_purge/

GitHub repository is available at:
https://github.com/FRiCKLE/ngx_cache_purge/

Changes:
2012-07-02    VERSION 1.6
    * Fix compatibility with nginx-1.3.2+.
      Reported by MagicBear, patch from Ruslan Ermilov.

Best regards,
Piotr Sikora < piotr.sikora at frickle.com >


From piotr.sikora at frickle.com  Mon Jul  2 17:41:03 2012
From: piotr.sikora at frickle.com (Piotr Sikora)
Date: Mon, 2 Jul 2012 19:41:03 +0200
Subject: [ANNOUNCE] ngx_slowfs_cache-1.9
Message-ID: <AE16CB52476E4318AA6BE1BD894FAFDE@Desktop>

[late announcement, it was actually released months ago]

Version 1.9 is now available at:
http://labs.frickle.com/nginx_ngx_slowfs_cache/

GitHub repository is available at:
https://github.com/FRiCKLE/ngx_slowfs_cache/

Changes:
2012-04-24    VERSION 1.9
    * Fix issue in which "copy once" fail-safe would be removed
      if (misbehaving) client would disconnect before cache update
      of an expired file was completed.

Best regards,
Piotr Sikora < piotr.sikora at frickle.com >


From piotr.sikora at frickle.com  Mon Jul  2 17:41:31 2012
From: piotr.sikora at frickle.com (Piotr Sikora)
Date: Mon, 2 Jul 2012 19:41:31 +0200
Subject: [ANNOUNCE] FRiCKLE & Simpl.it pres. ngx_mongo-1.0
Message-ID: <079662EF365343E28AD4FF3B0D03A25D@Desktop>

[late announcement, it was actually released months ago]

I'm pleased to announce ngx_mongo, an upstream module that allows nginx to 
communicate directly with MongoDB database. Please see README file for 
details.

GitHub repository is available at:
https://github.com/simpl/ngx_mongo

Best regards,
Piotr Sikora < piotr.sikora at frickle.com >


From liuguiyuan at ruijie.com.cn  Tue Jul  3 02:56:27 2012
From: liuguiyuan at ruijie.com.cn (=?gb2312?B?wfW58NS0KNHQwfkguKPW3Sk=?=)
Date: Tue, 3 Jul 2012 02:56:27 +0000
Subject: kill -HUP BUG
Message-ID: <9A0DE85218A1A84CB3A0409964FB8EFF0B7CDE37@fzex.ruijie.com.cn>

HI,
         Master!
         After kill ?CHUP the pid of nginx twice, nginx is Segmentation fault (core dumped)
Here is the gdb info:
Program received signal SIGSEGV, Segmentation fault.
0x0040eb29 in ngx_clean_old_cycles (ev=0x570e10) at src/core/ngx_cycle.c:1349
1349                if (cycle[i]->connections[n].fd != (ngx_socket_t) -1) {
(gdb) bt
#0  0x0040eb29 in ngx_clean_old_cycles (ev=0x570e10) at src/core/ngx_cycle.c:1349
#1  0x004159a9 in ngx_event_expire_timers () at src/event/ngx_event_timer.c:150
#2  0x0041492a in ngx_process_events_and_timers (cycle=0x100485c8) at src/event/ngx_event.c:262
#3  0x0041a9a8 in ngx_single_process_cycle (cycle=0x10020c78)
    at src/os/unix/ngx_process_cycle.c:312
#4  0x004014a8 in main (argc=1, argv=0x10011e58) at src/core/nginx.c:409

Is it kind of bug?
This proble exist in all versions of nginx and different OS.
                                                        Guiyuan Liu
                                                FuZhou FuJian China

Best wishes!

[cid:image002.png at 01CD590A.7EB3A5A0]
-----------------------------------------------------------------------------------------------------------
??????
????????????????????????????
?? ????18950476473
?? ????0591- 28053888 - 3416
?? ????liuguiyuan at ruijie.com.cn
?? ????http://www.ruijie.com.cn
?? ????????????????618????????26#4??
-----------------------------------------------------------------------------------------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120703/74f53c7b/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.png
Type: image/png
Size: 5659 bytes
Desc: image002.png
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120703/74f53c7b/attachment-0001.png>

From igor at sysoev.ru  Tue Jul  3 05:44:47 2012
From: igor at sysoev.ru (Igor Sysoev)
Date: Tue, 3 Jul 2012 09:44:47 +0400
Subject: kill -HUP BUG
In-Reply-To: <9A0DE85218A1A84CB3A0409964FB8EFF0B7CDE37@fzex.ruijie.com.cn>
References: <9A0DE85218A1A84CB3A0409964FB8EFF0B7CDE37@fzex.ruijie.com.cn>
Message-ID: <20120703054447.GA55854@nginx.com>

On Tue, Jul 03, 2012 at 02:56:27AM +0000, ???(?? ??) wrote:
> HI,
>          Master!
>          After kill ?CHUP the pid of nginx twice, nginx is Segmentation fault (core dumped)
> Here is the gdb info:
> Program received signal SIGSEGV, Segmentation fault.
> 0x0040eb29 in ngx_clean_old_cycles (ev=0x570e10) at src/core/ngx_cycle.c:1349
> 1349                if (cycle[i]->connections[n].fd != (ngx_socket_t) -1) {
> (gdb) bt
> #0  0x0040eb29 in ngx_clean_old_cycles (ev=0x570e10) at src/core/ngx_cycle.c:1349
> #1  0x004159a9 in ngx_event_expire_timers () at src/event/ngx_event_timer.c:150
> #2  0x0041492a in ngx_process_events_and_timers (cycle=0x100485c8) at src/event/ngx_event.c:262
> #3  0x0041a9a8 in ngx_single_process_cycle (cycle=0x10020c78)
>     at src/os/unix/ngx_process_cycle.c:312
> #4  0x004014a8 in main (argc=1, argv=0x10011e58) at src/core/nginx.c:409
> 
> Is it kind of bug?
> This proble exist in all versions of nginx and different OS.

"master_process off" mode is not intended for production.


-- 
Igor Sysoev


From liuguiyuan at ruijie.com.cn  Tue Jul  3 05:55:46 2012
From: liuguiyuan at ruijie.com.cn (=?utf-8?B?5YiY5qGC5rqQKOeglOWFrSDnpo/lt54p?=)
Date: Tue, 3 Jul 2012 05:55:46 +0000
Subject: =?UTF-8?B?562U5aSNOiBraWxsIC1IVVAgQlVH?=
In-Reply-To: <20120703054447.GA55854@nginx.com>
References: <9A0DE85218A1A84CB3A0409964FB8EFF0B7CDE37@fzex.ruijie.com.cn>
	<20120703054447.GA55854@nginx.com>
Message-ID: <9A0DE85218A1A84CB3A0409964FB8EFF0B7CDE5B@fzex.ruijie.com.cn>

Thank you very much!

-----????-----
???: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] ?? Igor Sysoev
????: 2012?7?3? 13:45
???: nginx at nginx.org
??: Re: kill -HUP BUG

On Tue, Jul 03, 2012 at 02:56:27AM +0000, ???(?? ??) wrote:
> HI,
>          Master!
>          After kill ?CHUP the pid of nginx twice, nginx is Segmentation fault (core dumped)
> Here is the gdb info:
> Program received signal SIGSEGV, Segmentation fault.
> 0x0040eb29 in ngx_clean_old_cycles (ev=0x570e10) at src/core/ngx_cycle.c:1349
> 1349                if (cycle[i]->connections[n].fd != (ngx_socket_t) -1) {
> (gdb) bt
> #0  0x0040eb29 in ngx_clean_old_cycles (ev=0x570e10) at src/core/ngx_cycle.c:1349
> #1  0x004159a9 in ngx_event_expire_timers () at src/event/ngx_event_timer.c:150
> #2  0x0041492a in ngx_process_events_and_timers (cycle=0x100485c8) at src/event/ngx_event.c:262
> #3  0x0041a9a8 in ngx_single_process_cycle (cycle=0x10020c78)
>     at src/os/unix/ngx_process_cycle.c:312
> #4  0x004014a8 in main (argc=1, argv=0x10011e58) at src/core/nginx.c:409
> 
> Is it kind of bug?
> This proble exist in all versions of nginx and different OS.

"master_process off" mode is not intended for production.


-- 
Igor Sysoev

_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

From nginx-forum at nginx.us  Tue Jul  3 08:22:14 2012
From: nginx-forum at nginx.us (admon.org)
Date: Tue, 3 Jul 2012 04:22:14 -0400 (EDT)
Subject: what exactly does proxy_http_version mean?
Message-ID: <4bdaf72760e60969d84d405af839cc21.NginxMailingListEnglish@forum.nginx.org>

Along with nginx-1.1.4, a new directive named 'proxy_http_version'
introduced
I thought it was something related to the communication between nginx
cache and upstream web server, right?

But per my tests with latest v-1.2.1, Nginx is still using HTTP/1.0 to
access upstream web server.

+++++++++ 
abc $ curl -I -H 'If-None-Match: "9cx7b1-x2e-44xa4x9axd0x0"'
http://test.stg/crossdomain.xml 
HTTP/1.1 200 OK
Server: nginx/1.2.1
...
+++++++++ end

Which intends to return 3.4 if it's using HTTP/1.1, did I misunderstand
this directive?

Thanks for any input..

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228225,228225#msg-228225


From francis at daoine.org  Tue Jul  3 09:44:27 2012
From: francis at daoine.org (Francis Daly)
Date: Tue, 3 Jul 2012 10:44:27 +0100
Subject: what exactly does proxy_http_version mean?
In-Reply-To: <4bdaf72760e60969d84d405af839cc21.NginxMailingListEnglish@forum.nginx.org>
References: <4bdaf72760e60969d84d405af839cc21.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120703094427.GA6210@craic.sysops.org>

On Tue, Jul 03, 2012 at 04:22:14AM -0400, admon.org wrote:

Hi there,

> Along with nginx-1.1.4, a new directive named 'proxy_http_version'
> introduced
> I thought it was something related to the communication between nginx
> cache and upstream web server, right?

That's what http://nginx.org/r/proxy_http_version says, yes. (Although
I probably wouldn't call it "nginx cache".)

> But per my tests with latest v-1.2.1, Nginx is still using HTTP/1.0 to
> access upstream web server.

How can I repeat your tests? Your results don't match mine.

> Thanks for any input..

cgi script "ex", available on a local http server:

==
#!/bin/sh
echo Content-Type: text/plain
echo
echo SERVER_PROTOCOL=$SERVER_PROTOCOL
==

relevant part of nginx.conf:

==
    server {
        listen       8080;
#	proxy_http_version 1.1;
	location / {
	    proxy_pass http://127.0.0.1:10080/ex/;
        }
    }
==

$ curl http://localhost:8080/
SERVER_PROTOCOL=HTTP/1.0

Uncomment the nginx.conf line and reload

$ curl http://localhost:8080/
SERVER_PROTOCOL=HTTP/1.1

$ sbin/nginx -v
nginx version: nginx/1.2.1

	f
-- 
Francis Daly        francis at daoine.org


From mdounin at mdounin.ru  Tue Jul  3 11:18:46 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 3 Jul 2012 15:18:46 +0400
Subject: nginx-1.2.2
Message-ID: <20120703111846.GC31671@mdounin.ru>

Changes with nginx 1.2.2                                         03 Jul 2012

    *) Change: the "single" parameter of the "keepalive" directive is now
       ignored.

    *) Change: SSL compression is now disabled when using all versions of
       OpenSSL, including ones prior to 1.0.0.

    *) Feature: the "proxy_pass", "fastcgi_pass", "scgi_pass", "uwsgi_pass"
       directives, and the "server" directive inside the "upstream" block,
       now support IPv6 addresses.

    *) Feature: the "resolver" directive now supports IPv6 addresses and an
       optional port specification.

    *) Feature: the "least_conn" directive inside the "upstream" block.

    *) Feature: it is now possible to specify a weight for servers while
       using the "ip_hash" directive.

    *) Feature: it is now possible to use the "ip_hash" directive to balance
       IPv6 clients.

    *) Feature: the $status variable can now be used not only in the
       "log_format" directive.

    *) Bugfix: nginx could not be built with ngx_cpp_test_module; the bug
       had appeared in 1.1.12.

    *) Bugfix: access to variables from SSI and embedded perl module might
       not work after reconfiguration.
       Thanks to Yichun Zhang.

    *) Bugfix: in the ngx_http_xslt_filter_module.
       Thanks to Kuramoto Eiji.

    *) Bugfix: memory leak if $geoip_org variable was used.
       Thanks to Denis F. Latypoff.

    *) Bugfix: in the "proxy_cookie_domain" and "proxy_cookie_path"
       directives.

    *) Bugfix: a segmentation fault might occur in a worker process on
       shutdown if the "resolver" directive was used.

    *) Bugfix: a segmentation fault might occur in a worker process if the
       ngx_http_mp4_module was used.

    *) Bugfix: in the ngx_http_mp4_module.

    *) Bugfix: a segmentation fault might occur in a worker process if
       conflicting wildcard server names were used.

    *) Bugfix: nginx might be terminated abnormally on a SIGBUS signal on
       ARM platform.

    *) Bugfix: an alert "sendmsg() failed (9: Bad file number)" on HP-UX
       while reconfiguration.


Maxim Dounin


From mulder.patrick at gmail.com  Tue Jul  3 12:45:21 2012
From: mulder.patrick at gmail.com (Patrick Mulder)
Date: Tue, 3 Jul 2012 14:45:21 +0200
Subject: Phantom redirects in Log file
Message-ID: <CAEx2pdfSTre7mrHNF5cNcjDsK+gc00patQ36-z-RMf-nE0598Q@mail.gmail.com>

Hello,

I am hosting multiple domains on a vserver, and I observe some
cross-domains redirects at the end of a visit:

xxx.xxx.211.94] /  IND - Bangalore  / domain1.info / -
[03/Jul/2012:13:15:31 +0200] "GET /favicon.ico HTTP/1.1" 200 0 /
Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like
Gecko) Chrome/20.0.1132.47 Safari/536.11
xxx.xxx.211.94] /  IND - Bangalore  / domain2.com / -
[03/Jul/2012:13:15:41 +0200] "-" 400 0 / -


Anyone knows why there is redirect at the end of the visiti in the
log? What's the effect for the visitor on the other end?

Here are some more details:

/etc/nginx/sites-enabled
lrwxrwxrwx 1 www-data root 30 2012-02-28 18:57 domain2.com ->
../sites-available/domain2.com
lrwxrwxrwx 1 root     root 29 2012-06-20 23:20 domain1.info ->
../sites-available/domain1.info

upstream unicorn_domain1 {
  server unix:/tmp/unicorn_domain1.todo.sock fail_timeout=0;
}

server {
             listen  80;
             server_name www.domain1.info;
             rewrite ^/(.*) http://domain1.info permanent;
}


server {
            listen   80;
            server_name domain1.info;

            root   /home/domain1/development/current/public;

            error_page  502  /502.html;

           try_files $uri/index.html $uri @unicorn_domain1;

location @unicorn_domain1 {
  proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header Host $http_host;
  proxy_redirect off;
  proxy_pass http://unicorn_domain1;
}

           client_max_body_size 4G;
           keepalive_timeout 5;
           error_page 500 502 503 504 /500.html;

            location ~* \.(ico|js|css|gif|jpe?g|png)(\?[0-9]+)?$ {
                expires max;
                break;
            }

            if (-f $request_filename/index.html) {
                rewrite (.*) $1/index.html break;
            }

            if (-f $request_filename.html) {
                rewrite (.*) $1.html break;
            }

}

domain2.com
server {
            listen   80;
            server_name domain2.com;

            root   /home/domain2/development/current/public;

            error_page  502  /502.html;

            location ~* \.(ico|js|css|gif|jpe?g|png)(\?[0-9]+)?$ {
                expires max;
                break;
            }

            if (-f $request_filename/index.html) {
                rewrite (.*) $1/index.html break;
            }

            if (-f $request_filename.html) {
                rewrite (.*) $1.html break;
            }

}


From nginx-forum at nginx.us  Tue Jul  3 12:45:32 2012
From: nginx-forum at nginx.us (tahseen)
Date: Tue, 3 Jul 2012 08:45:32 -0400 (EDT)
Subject: nginx high active connections
Message-ID: <74fa13b1a6625e5b626051b286bc35f7.NginxMailingListEnglish@forum.nginx.org>

We have couple of servers. nginx takes the web requests


Active connections in the range of 400-450 is okay

but sometimes it goes to like 4,000. at this point in time. This is
abnormal

What does this mean? Is it that nginx is not able to take the load?

Or is it that the DB Server behind nginx is taking time? Or is it that
the Ubuntu server is not network optimized? Or is it that the RAM is
low?

Tahseen

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228238,228238#msg-228238


From mdounin at mdounin.ru  Tue Jul  3 13:03:01 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 3 Jul 2012 17:03:01 +0400
Subject: Phantom redirects in Log file
In-Reply-To: <CAEx2pdfSTre7mrHNF5cNcjDsK+gc00patQ36-z-RMf-nE0598Q@mail.gmail.com>
References: <CAEx2pdfSTre7mrHNF5cNcjDsK+gc00patQ36-z-RMf-nE0598Q@mail.gmail.com>
Message-ID: <20120703130301.GI31671@mdounin.ru>

Hello!

On Tue, Jul 03, 2012 at 02:45:21PM +0200, Patrick Mulder wrote:

> Hello,
> 
> I am hosting multiple domains on a vserver, and I observe some
> cross-domains redirects at the end of a visit:
> 
> xxx.xxx.211.94] /  IND - Bangalore  / domain1.info / -
> [03/Jul/2012:13:15:31 +0200] "GET /favicon.ico HTTP/1.1" 200 0 /
> Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like
> Gecko) Chrome/20.0.1132.47 Safari/536.11
> xxx.xxx.211.94] /  IND - Bangalore  / domain2.com / -
> [03/Jul/2012:13:15:41 +0200] "-" 400 0 / -
> 
> 
> Anyone knows why there is redirect at the end of the visiti in the
> log? What's the effect for the visitor on the other end?

Why do you think it's redirect?  Most likely "domain2.com" is just 
a default server on the listen socket used, and an invalid request 
(or, rather, a connection without a request at all) was logged in 
it's context.

See here for more details:
http://nginx.org/en/docs/http/request_processing.html

Maxim Dounin


From mulder.patrick at gmail.com  Tue Jul  3 13:21:24 2012
From: mulder.patrick at gmail.com (Patrick Mulder)
Date: Tue, 3 Jul 2012 15:21:24 +0200
Subject: Phantom redirects in Log file
In-Reply-To: <20120703130301.GI31671@mdounin.ru>
References: <CAEx2pdfSTre7mrHNF5cNcjDsK+gc00patQ36-z-RMf-nE0598Q@mail.gmail.com>
	<20120703130301.GI31671@mdounin.ru>
Message-ID: <CAEx2pdfSspEdPcJmm4hikFj72oxyXBQO5QGWsDrbY+osx3oCNA@mail.gmail.com>

On Tue, Jul 3, 2012 at 3:03 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:
>> xxx.xxx.211.94] /  IND - Bangalore  / domain1.info / -
>> [03/Jul/2012:13:15:31 +0200] "GET /favicon.ico HTTP/1.1" 200 0 /
>> Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/536.11 (KHTML, like
>> Gecko) Chrome/20.0.1132.47 Safari/536.11
>> xxx.xxx.211.94] /  IND - Bangalore  / domain2.com / -
>> [03/Jul/2012:13:15:41 +0200] "-" 400 0 / -
>>
>>
>> Anyone knows why there is redirect at the end of the visiti in the
>> log? What's the effect for the visitor on the other end?
>
> Why do you think it's redirect?  Most likely "domain2.com" is just
> a default server on the listen socket used, and an invalid request
> (or, rather, a connection without a request at all) was logged in
> it's context.
>
> See here for more details:
> http://nginx.org/en/docs/http/request_processing.html

Thanks, that helps in my understanding! I'll test the influence of
having the default_server set to domain1.
Btw, is there some help / tools to see the difference between a
connection and an HTTP request?


From nginx-forum at nginx.us  Tue Jul  3 13:58:12 2012
From: nginx-forum at nginx.us (admon.org)
Date: Tue, 3 Jul 2012 09:58:12 -0400 (EDT)
Subject: what exactly does proxy_http_version mean?
In-Reply-To: <4bdaf72760e60969d84d405af839cc21.NginxMailingListEnglish@forum.nginx.org>
References: <4bdaf72760e60969d84d405af839cc21.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <7a71c641fcfbe0590588066fcf2b50ed.NginxMailingListEnglish@forum.nginx.org>

Many thanks Francis!
Here are my configs, I'm using Nginx as a reverse proxy server to cache
static files from its upstream servers.

+++++++++++++++++++++++++++++++++++
    proxy_temp_path   /tmp/proxy_temp_dir;
    proxy_cache_path  /tmp/proxy_cache_dir  levels=1:2  
keys_zone=cache_one:200m inactive=1d max_size=30g;

    upstream backend_server {
        server   myserver01 weight=1 max_fails=2 fail_timeout=15s;
        server   myserver02 weight=1 max_fails=2 fail_timeout=15s;
    }

    server {
        listen       80;
        server_name  test.stg
        root   html;
        index  index.html index.htm;

        charset utf-8;

        location / {
            proxy_next_upstream http_502 http_504 error timeout
invalid_header;
            proxy_cache cache_one;
            proxy_cache_valid  200 304 12h;
            proxy_cache_key $host$uri$is_args$args;
            proxy_set_header Host  $host;
            proxy_set_header X-Forwarded-For  $remote_addr;
            proxy_set_header Connection "";

            proxy_pass http://backend_server;
            proxy_http_version   1.1;
            expires      1d;
        }

        #error_page  404              /404.html;
        # redirect server error pages to the static page /50x.html
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
             root   html;
        }
+++++++++++++++++++++++++++++++++++ END


I'm trying to implement a smart way to purge cache e.g. by touching the
file to change its etag. This needs the HTTP/1.1 support. But per my
tests, Nginx does not return expected value.

$ curl -I -H 'If-None-Match: "9cx7b1-x2e-44xa4x9axd0x0"'
http://test.stg/crossdomain.xml 

This command gives 200 OK return code, but if I use Varnish instead, it
gives the expected value 304 Not Modified.
So I'm wondering that it may be caused by the protocal between Nginx and
the upstream server.

Can you help have another check. Appriciated!

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228225,228245#msg-228245


From r at roze.lv  Tue Jul  3 15:09:50 2012
From: r at roze.lv (Reinis Rozitis)
Date: Tue, 3 Jul 2012 18:09:50 +0300
Subject: nginx high active connections
In-Reply-To: <74fa13b1a6625e5b626051b286bc35f7.NginxMailingListEnglish@forum.nginx.org>
References: <74fa13b1a6625e5b626051b286bc35f7.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <7B58F5CCF2024A89A34C2A9A5B699EB8@DD21>

> Active connections in the range of 400-450 is okay
> but sometimes it goes to like 4,000. at this point in time. This is abnormal

> What does this mean? Is it that nginx is not able to take the load?


It is rarely the webserver itself which can't handle the load/connections (having even 10k connections is no big deal) but it is 
hard to get to any conclusions and/or give any solutions knowing only 2 numbers  - 400 / 4000. One needs at least some application 
specifics (is there a dynamic language involved (php/python/...) or only static files are being served / are there any db backends 
involved / does the undelaying filesystem can handle the load (no wa?) etc etc?).


Just out of experience 2  cases come into mind - it's either slowdown of the application - single request starts to take up too much 
server time and then the rest just pile up.
Other possibility is some sort of DDOS (but I would put this as less likely case).



First thing to do is to check the logs:
- check the nginx error log if there are notification (of file descriptors running out of workers being too few / upstream servers 
not responding)

- if you use php (with fpm) check the error_log too -  lines like '[pool www] seems busy (you may need to increase pm.start_servers, 
or pm.min/max_spare_servers)' might indicate that there are sudden changes in request patterns or execution speed and all worker 
childs are busy. It's also useful to enable set request_slowlog_timeout so php logs any request taking too much time to execute.

- if you use any DBs check those logs too (like MySQL .err log or best if you have a slow query log enabled ( log_slow_queries / 
long_query_time = 2 ))


There is no magical quick fix or answer to your question :)


rr 


From mat999 at gmail.com  Tue Jul  3 17:01:48 2012
From: mat999 at gmail.com (SplitIce)
Date: Wed, 4 Jul 2012 03:01:48 +1000
Subject: Map Module and Domains
Message-ID: <CALFfGYbvhQLcSVpb+6MRWxAA6AUu4gaCKRugYh_0-SsHQO8ukg@mail.gmail.com>

Ok, I was reading up on the map module and it seems the right way to do
this, howeaver I really couldnt think of a way to do this (without just
using the if alternative way).

Blocking domains is what I want to do, my server blocks are per IP
accepting everything for any domain, howeaver I want to filter certain
[blocked] domains away by way of proxy passing or redirecting to another
URL.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120704/1f0f75bf/attachment.html>

From mdounin at mdounin.ru  Tue Jul  3 17:13:03 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 3 Jul 2012 21:13:03 +0400
Subject: what exactly does proxy_http_version mean?
In-Reply-To: <7a71c641fcfbe0590588066fcf2b50ed.NginxMailingListEnglish@forum.nginx.org>
References: <4bdaf72760e60969d84d405af839cc21.NginxMailingListEnglish@forum.nginx.org>
	<7a71c641fcfbe0590588066fcf2b50ed.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120703171303.GL31671@mdounin.ru>

Hello!

On Tue, Jul 03, 2012 at 09:58:12AM -0400, admon.org wrote:

> Many thanks Francis!
> Here are my configs, I'm using Nginx as a reverse proxy server to cache
> static files from its upstream servers.

[...]

> I'm trying to implement a smart way to purge cache e.g. by touching the
> file to change its etag. This needs the HTTP/1.1 support. But per my
> tests, Nginx does not return expected value.
> 
> $ curl -I -H 'If-None-Match: "9cx7b1-x2e-44xa4x9axd0x0"'
> http://test.stg/crossdomain.xml 
> 
> This command gives 200 OK return code, but if I use Varnish instead, it
> gives the expected value 304 Not Modified.
> So I'm wondering that it may be caused by the protocal between Nginx and
> the upstream server.
> 
> Can you help have another check. Appriciated!

With cache switched on nginx strips all conditional headers in 
requests to backends to make sure it'll get full response which 
may be cached.  And as nginx itself doesn't support entity tags 
yet, the request with If-None-Match doesn't return 304.

Support for entity tags are expected to appear soon, somewhere 
near upcoming 1.3.3.

Maxim Dounin


From wangsamp at gmail.com  Tue Jul  3 17:23:03 2012
From: wangsamp at gmail.com (Oleksandr V. Typlyns'kyi)
Date: Tue, 3 Jul 2012 20:23:03 +0300 (EEST)
Subject: Map Module and Domains
In-Reply-To: <CALFfGYbvhQLcSVpb+6MRWxAA6AUu4gaCKRugYh_0-SsHQO8ukg@mail.gmail.com>
References: <CALFfGYbvhQLcSVpb+6MRWxAA6AUu4gaCKRugYh_0-SsHQO8ukg@mail.gmail.com>
Message-ID: <alpine.BSF.2.00.1207032012320.38615@u.fchgavxzrqvn.arg>

Tomorrow Jul 4, 2012 at 03:01 SplitIce wrote:

> Ok, I was reading up on the map module and it seems the right way to do
> this, howeaver I really couldnt think of a way to do this (without just
> using the if alternative way).
> 
> Blocking domains is what I want to do, my server blocks are per IP
> accepting everything for any domain, howeaver I want to filter certain
> [blocked] domains away by way of proxy passing or redirecting to another
> URL.

  You can use another server block for that domains.
  http://nginx.org/en/docs/http/request_processing.html

  server {
      listen 192.168.1.1:80;
      ...
  }

  server {
      listen 192.168.2.2:80;
      ...
  }

  server {
      listen 192.168.1.1:80;
      listen 192.168.2.2:80;
      server_name blocked.example.org *.filtered.net badsite.*;
      ...
  }



-- 
WNGS-RIPE


From nginx-forum at nginx.us  Tue Jul  3 17:39:55 2012
From: nginx-forum at nginx.us (pgn)
Date: Tue, 3 Jul 2012 13:39:55 -0400 (EDT)
Subject: startup error -> "[emerg] duplicate listen options" if 2nd IPv6
	listener is enabled
Message-ID: <590d729737636a1828a810c00494b026.NginxMailingListEnglish@forum.nginx.org>

I run src-built nginx/1.3.2 on linux/64.

I have two nginx vhosts enabled:
	site 1)
		...
		server {
			server_name test1.loc;
			listen      10.0.0.1:443;
			listen      [2001:xxx:xxxx:xxx::1]:443 ipv6only=on;
		...

	site 2)
		...
		server {
			server_name test2.loc;
			listen      10.0.0.1:443 default;
		#	listen      [2001:xxx:xxxx:xxx::1]:443 ipv6only=on;
		...[code]

With this config, if I start nginx,

	service nginx start
		Shutting down nginx                done
		Starting nginx                     done

all's well.

But, if for site 2) I enable the IPv6 listener,

	-	#	listen      [2001:xxx:xxxx:xxx::1]:443 ipv6only=on;
	+		listen      [2001:xxx:xxxx:xxx::1]:443 ipv6only=on;


Now, @ nginx start,

	service nginx start
		Starting nginx nginx: [emerg] duplicate listen options for
[2001:xxx:xxxx:xxx::1]:443 in
/usr/local/etc/nginx/sites-enabled/test2.loc.conf:21
		startproc:  exit status of parent of /usr/local/sbin/nginx: 1
                                                                        
                                 failed


Is this a bug, feature or config problem?

Thanks.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228250,228250#msg-228250


From nginx-forum at nginx.us  Tue Jul  3 17:59:41 2012
From: nginx-forum at nginx.us (munkhabi)
Date: Tue, 3 Jul 2012 13:59:41 -0400 (EDT)
Subject: Using ngx_conf_t
Message-ID: <3351f2a44bcf0a5888bf556e95b4cfe3.NginxMailingListEnglish@forum.nginx.org>

Hello all,
Is it possible to get ngx_conf_t in a handler? If it is, how to get it?

Thank you.
M.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228251,228251#msg-228251


From wangsamp at gmail.com  Tue Jul  3 18:02:23 2012
From: wangsamp at gmail.com (Oleksandr V. Typlyns'kyi)
Date: Tue, 3 Jul 2012 21:02:23 +0300 (EEST)
Subject: startup error -> "[emerg] duplicate listen options" if 2nd IPv6
	listener is enabled
In-Reply-To: <590d729737636a1828a810c00494b026.NginxMailingListEnglish@forum.nginx.org>
References: <590d729737636a1828a810c00494b026.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <alpine.BSF.2.00.1207032057190.38615@u.fchgavxzrqvn.arg>

Today Jul 3, 2012 at 13:39 pgn wrote:

> But, if for site 2) I enable the IPv6 listener,
> 
> 	-	#	listen      [2001:xxx:xxxx:xxx::1]:443 ipv6only=on;
> 	+		listen      [2001:xxx:xxxx:xxx::1]:443 ipv6only=on;
> 
> 
> Now, @ nginx start,
> 
> 	service nginx start
> 		Starting nginx nginx: [emerg] duplicate listen options for
> [2001:xxx:xxxx:xxx::1]:443 in
> /usr/local/etc/nginx/sites-enabled/test2.loc.conf:21
> 		startproc:  exit status of parent of /usr/local/sbin/nginx: 1
>                                                                         
>                                  failed
> Is this a bug, feature or config problem?

  http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
  A listen directive can have several additional parameters specific to 
  system calls listen() and bind(). They can be specified in any listen 
  directive, but only once for the given address:port pair.

-- 
WNGS-RIPE


From nginx-forum at nginx.us  Tue Jul  3 18:12:46 2012
From: nginx-forum at nginx.us (pgn)
Date: Tue, 3 Jul 2012 14:12:46 -0400 (EDT)
Subject: startup error -> "[emerg] duplicate listen options" if 2nd IPv6
	listener is enabled
In-Reply-To: <alpine.BSF.2.00.1207032057190.38615@u.fchgavxzrqvn.arg>
References: <alpine.BSF.2.00.1207032057190.38615@u.fchgavxzrqvn.arg>
Message-ID: <290d6bab65821f235f697b807ab1cffb.NginxMailingListEnglish@forum.nginx.org>

Sorry, I don't understand your point.

Why is this ok, and fully functional? 
---------------------------------
server { server_name test1.loc;
listen 10.0.0.1:443;
...
server {server_name test2.loc;
listen 10.0.0.1:443;
...
---------------------------------

but this is not?
---------------------------------
server { server_name test1.loc;
listen [2001:xxx:xxxx:xxx::1]:443 ipv6only=on;
...
server {server_name test2.loc;
listen [2001:xxx:xxxx:xxx::1]:443 ipv6only=on;
...
---------------------------------


In BOTH cases, BOTH server{} are listening on the same address:port,
differentiated by server_name for vhost redirection.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228250,228253#msg-228253


From roman.vasilyev at yousendit.com  Tue Jul  3 18:32:55 2012
From: roman.vasilyev at yousendit.com (Roman Vasilyev)
Date: Tue, 3 Jul 2012 11:32:55 -0700
Subject: Using ngx_conf_t
In-Reply-To: <3351f2a44bcf0a5888bf556e95b4cfe3.NginxMailingListEnglish@forum.nginx.org>
References: <3351f2a44bcf0a5888bf556e95b4cfe3.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <4FF33AD7.9040204@yousendit.com>

On 07/03/2012 10:59 AM, munkhabi wrote:
> Hello all,
> Is it possible to get ngx_conf_t in a handler? If it is, how to get it?
ngx_http_get_module_(loc|srv|http)_conf
>
> Thank you.
> M.
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228251,228251#msg-228251
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From wangsamp at gmail.com  Tue Jul  3 18:34:47 2012
From: wangsamp at gmail.com (Oleksandr V. Typlyns'kyi)
Date: Tue, 3 Jul 2012 21:34:47 +0300 (EEST)
Subject: startup error -> "[emerg] duplicate listen options" if 2nd IPv6
	listener is enabled
In-Reply-To: <290d6bab65821f235f697b807ab1cffb.NginxMailingListEnglish@forum.nginx.org>
References: <alpine.BSF.2.00.1207032057190.38615@u.fchgavxzrqvn.arg>
	<290d6bab65821f235f697b807ab1cffb.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <alpine.BSF.2.00.1207032129510.38615@u.fchgavxzrqvn.arg>

Today Jul 3, 2012 at 14:12 pgn wrote:

> Sorry, I don't understand your point.
> 
> Why is this ok, and fully functional? 
> ---------------------------------
> server { server_name test1.loc;
> listen 10.0.0.1:443;
> ...
> server {server_name test2.loc;
> listen 10.0.0.1:443;
> ...
> ---------------------------------

  listen directive without additional parameters.

> but this is not?
> ---------------------------------
> server { server_name test1.loc;
> listen [2001:xxx:xxxx:xxx::1]:443 ipv6only=on;
> ...
> server {server_name test2.loc;
> listen [2001:xxx:xxxx:xxx::1]:443 ipv6only=on;
> ...
> ---------------------------------

  Additional parameters specified twice.

> In BOTH cases, BOTH server{} are listening on the same address:port,
> differentiated by server_name for vhost redirection.

  Additional parameters can be specified only once for the given address:port pair.

-- 
WNGS-RIPE


From mdounin at mdounin.ru  Tue Jul  3 18:43:13 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 3 Jul 2012 22:43:13 +0400
Subject: Using ngx_conf_t
In-Reply-To: <3351f2a44bcf0a5888bf556e95b4cfe3.NginxMailingListEnglish@forum.nginx.org>
References: <3351f2a44bcf0a5888bf556e95b4cfe3.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120703184313.GN31671@mdounin.ru>

Hello!

On Tue, Jul 03, 2012 at 01:59:41PM -0400, munkhabi wrote:

> Hello all,
> Is it possible to get ngx_conf_t in a handler? If it is, how to get it?

The ngx_conf_t is a type of a structure used for configuration 
parsing.  It only exists during configuration parsing, and 
obviously you can't access it after configuration parsing is 
complete.

Maxim Dounin


From nginx-forum at nginx.us  Tue Jul  3 19:04:26 2012
From: nginx-forum at nginx.us (pgn)
Date: Tue, 3 Jul 2012 15:04:26 -0400 (EDT)
Subject: startup error -> "[emerg] duplicate listen options" if 2nd IPv6
	listener is enabled
In-Reply-To: <alpine.BSF.2.00.1207032129510.38615@u.fchgavxzrqvn.arg>
References: <alpine.BSF.2.00.1207032129510.38615@u.fchgavxzrqvn.arg>
Message-ID: <5918b30e6d987eee0953533447d9965f.NginxMailingListEnglish@forum.nginx.org>

Done.

Reading the docs, it's not clear to me -- or others apparently:

	http://kromey.us/2011/06/named-based-virtual-hosts-with-nginx-on-ipv6-423.html
	http://serverfault.com/questions/277653/nginx-name-based-virtual-hosts-on-ipv6

-- that ipv6only=on can only be specified once ...

While some 'additional parameters' on the listen line are restricted in
this manner, others -- e.g., ssl, spdy -- are not, and can appear
multiple times.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228250,228257#msg-228257


From kworthington at gmail.com  Tue Jul  3 19:06:35 2012
From: kworthington at gmail.com (Kevin Worthington)
Date: Tue, 3 Jul 2012 15:06:35 -0400
Subject: nginx-1.2.2
In-Reply-To: <20120703111846.GC31671@mdounin.ru>
References: <20120703111846.GC31671@mdounin.ru>
Message-ID: <CAGo79UV4r+euVUVW6LQS1qUO6fSB1QDj=W0KhALPOjz0r01Xjg@mail.gmail.com>

Hello Nginx Users,

Now available: Nginx 1.2.2 For Windows http://goo.gl/ewwoa (32-bit and
64-bit versions)

These versions are to support legacy users who are already using
Cygwin based builds of Nginx. Officially supported native Windows
binaries are at nginx.org.

Announcements are also available via my Twitter stream
(http://twitter.com/kworthington), if you'd like to receive updates
that way.

Thank you,
Kevin
--
Kevin Worthington
kworthington *@* (gmail]  [dot} {com)
http://kevinworthington.com/
http://twitter.com/kworthington


On Tue, Jul 3, 2012 at 7:18 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> Changes with nginx 1.2.2                                         03 Jul 2012
>
>     *) Change: the "single" parameter of the "keepalive" directive is now
>        ignored.
>
>     *) Change: SSL compression is now disabled when using all versions of
>        OpenSSL, including ones prior to 1.0.0.
>
>     *) Feature: the "proxy_pass", "fastcgi_pass", "scgi_pass", "uwsgi_pass"
>        directives, and the "server" directive inside the "upstream" block,
>        now support IPv6 addresses.
>
>     *) Feature: the "resolver" directive now supports IPv6 addresses and an
>        optional port specification.
>
>     *) Feature: the "least_conn" directive inside the "upstream" block.
>
>     *) Feature: it is now possible to specify a weight for servers while
>        using the "ip_hash" directive.
>
>     *) Feature: it is now possible to use the "ip_hash" directive to balance
>        IPv6 clients.
>
>     *) Feature: the $status variable can now be used not only in the
>        "log_format" directive.
>
>     *) Bugfix: nginx could not be built with ngx_cpp_test_module; the bug
>        had appeared in 1.1.12.
>
>     *) Bugfix: access to variables from SSI and embedded perl module might
>        not work after reconfiguration.
>        Thanks to Yichun Zhang.
>
>     *) Bugfix: in the ngx_http_xslt_filter_module.
>        Thanks to Kuramoto Eiji.
>
>     *) Bugfix: memory leak if $geoip_org variable was used.
>        Thanks to Denis F. Latypoff.
>
>     *) Bugfix: in the "proxy_cookie_domain" and "proxy_cookie_path"
>        directives.
>
>     *) Bugfix: a segmentation fault might occur in a worker process on
>        shutdown if the "resolver" directive was used.
>
>     *) Bugfix: a segmentation fault might occur in a worker process if the
>        ngx_http_mp4_module was used.
>
>     *) Bugfix: in the ngx_http_mp4_module.
>
>     *) Bugfix: a segmentation fault might occur in a worker process if
>        conflicting wildcard server names were used.
>
>     *) Bugfix: nginx might be terminated abnormally on a SIGBUS signal on
>        ARM platform.
>
>     *) Bugfix: an alert "sendmsg() failed (9: Bad file number)" on HP-UX
>        while reconfiguration.
>
>
> Maxim Dounin
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From nginx-forum at nginx.us  Tue Jul  3 19:13:00 2012
From: nginx-forum at nginx.us (Jiff)
Date: Tue, 3 Jul 2012 15:13:00 -0400 (EDT)
Subject: How can I redirect some IP addresses?
In-Reply-To: <f968ff665ac730b9e2cb238a96e024ed.NginxMailingListEnglish@forum.nginx.org>
References: <f968ff665ac730b9e2cb238a96e024ed.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <c58779f5de00da7b2a6d3f1668ce518f.NginxMailingListEnglish@forum.nginx.org>

Thanks to the both of you, I'll stick to include + a cron script to
exchange include files.
Regards.
Jiff

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228151,228259#msg-228259


From wangsamp at gmail.com  Tue Jul  3 19:23:51 2012
From: wangsamp at gmail.com (Oleksandr V. Typlyns'kyi)
Date: Tue, 3 Jul 2012 22:23:51 +0300 (EEST)
Subject: startup error -> "[emerg] duplicate listen options" if 2nd IPv6
	listener is enabled
In-Reply-To: <5918b30e6d987eee0953533447d9965f.NginxMailingListEnglish@forum.nginx.org>
References: <alpine.BSF.2.00.1207032129510.38615@u.fchgavxzrqvn.arg>
	<5918b30e6d987eee0953533447d9965f.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <alpine.BSF.2.00.1207032218010.38615@u.fchgavxzrqvn.arg>

Today Jul 3, 2012 at 15:04 pgn wrote:

> Done.
> 
> Reading the docs, it's not clear to me -- or others apparently:
> 
> 	http://kromey.us/2011/06/named-based-virtual-hosts-with-nginx-on-ipv6-423.html
> 	http://serverfault.com/questions/277653/nginx-name-based-virtual-hosts-on-ipv6
> 
> -- that ipv6only=on can only be specified once ...
> 
> While some 'additional parameters' on the listen line are restricted in
> this manner, others -- e.g., ssl, spdy -- are not, and can appear
> multiple times.

  You should read docs more careful.
  http://nginx.org/en/docs/http/ngx_http_core_module.html#listen
  ssl this parameter (0.7.14) does not relate to system calls listen() and bind(), 
  but allows to specify that all connections accepted on this port should work in the SSL mode.

-- 
WNGS-RIPE


From nginx-forum at nginx.us  Wed Jul  4 03:17:15 2012
From: nginx-forum at nginx.us (admon.org)
Date: Tue, 3 Jul 2012 23:17:15 -0400 (EDT)
Subject: what exactly does proxy_http_version mean?
In-Reply-To: <7a71c641fcfbe0590588066fcf2b50ed.NginxMailingListEnglish@forum.nginx.org>
References: <4bdaf72760e60969d84d405af839cc21.NginxMailingListEnglish@forum.nginx.org>
	<7a71c641fcfbe0590588066fcf2b50ed.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <f811da209df4b86f262be25e53911256.NginxMailingListEnglish@forum.nginx.org>

Maxim, That's Cool, Thanks a lot for your updates!

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228225,228262#msg-228262


From shahzaib.cb at gmail.com  Wed Jul  4 06:55:54 2012
From: shahzaib.cb at gmail.com (shahzaib shahzaib)
Date: Wed, 4 Jul 2012 11:55:54 +0500
Subject: nginx-1.3.2
In-Reply-To: <CAD3xhrO2Porv7cdKx4QKtRx8FtZj7L+PV2rnEp-zN3cjqYwLYQ@mail.gmail.com>
References: <20120626140023.GJ31671@mdounin.ru>
	<CAGo79UV7OUT-2Pj=2e=f=i=wiMvHs3ZF1saE1kLaKGb4m5d=eg@mail.gmail.com>
	<CAD3xhrM+FBVqeJsddDmTmqCxyVpv2xEUmuXUywB+fpC9kwM+kQ@mail.gmail.com>
	<CAD3xhrP1OtPoO2AQ1G6ojqB3BmreouxaAvzjSwSCk=wp8bfGxQ@mail.gmail.com>
	<CAD3xhrO2Porv7cdKx4QKtRx8FtZj7L+PV2rnEp-zN3cjqYwLYQ@mail.gmail.com>
Message-ID: <CAD3xhrPEJiGHnZrh=Wb9Zk2Liem0FD60EhOBwNy_LySGrPfGAA@mail.gmail.com>

will anyone help me? i am stuck in same problem?

On Mon, Jul 2, 2012 at 12:18 PM, shahzaib shahzaib <shahzaib.cb at gmail.com>wrote:

> @Maxim & @Lukas, i've noticed that the flv audio psuedo is  working by
> using given keyframes that is generated by flvmdi but  video  breaks during
> usage of keyframes .
>
>
> On Sat, Jun 30, 2012 at 11:17 AM, shahzaib shahzaib <shahzaib.cb at gmail.com
> > wrote:
>
>> Thats my starter of nginx.conf
>> Server {
>>
>> location ~ \.flv$ {
>>     flv;
>> }
>>
>> location /videos {
>>     root /usr/local/nginx/html;
>>     index index.php index.html;
>>     autoindex on;
>>
>> }
>> }
>>
>> On Fri, Jun 29, 2012 at 5:02 PM, shahzaib shahzaib <shahzaib.cb at gmail.com
>> > wrote:
>>
>>> @Maxim i've converted my flv video using flvmdi tool with this command
>>> flvmdi test.flv sample.flv /k /x & it created flv file keyframes and save
>>> into xml file, but still when i try to play the video from given keyframe,
>>> does'nt show anything. Waiting for your help. Thanks
>>>
>>>
>>> On Thu, Jun 28, 2012 at 6:06 PM, Kevin Worthington <
>>> kworthington at gmail.com> wrote:
>>>
>>>> Hello Nginx Users,
>>>>
>>>> Now available: Nginx 1.3.2 For Windows http://goo.gl/2aSez (32-bit and
>>>> 64-bit versions)
>>>>
>>>> These versions are to support legacy users who are already using
>>>> Cygwin based builds of Nginx. Officially supported native Windows
>>>> binaries are at nginx.org.
>>>>
>>>> Announcements are also available via my Twitter stream, listed below
>>>> if you'd like updates that way.
>>>>
>>>> Thank you,
>>>> Kevin
>>>> --
>>>> Kevin Worthington
>>>> kworthington *@* (gmail]  [dot} {com)
>>>> http://kevinworthington.com/
>>>> http://twitter.com/kworthington
>>>>
>>>>
>>>> On Tue, Jun 26, 2012 at 10:00 AM, Maxim Dounin <mdounin at mdounin.ru>
>>>> wrote:
>>>> > Changes with nginx 1.3.2                                         26
>>>> Jun 2012
>>>> >
>>>> >    *) Change: the "single" parameter of the "keepalive" directive is
>>>> now
>>>> >       ignored.
>>>> >
>>>> >    *) Change: SSL compression is now disabled when using all versions
>>>> of
>>>> >       OpenSSL, including ones prior to 1.0.0.
>>>> >
>>>> >    *) Feature: it is now possible to use the "ip_hash" directive to
>>>> balance
>>>> >       IPv6 clients.
>>>> >
>>>> >    *) Feature: the $status variable can now be used not only in the
>>>> >       "log_format" directive.
>>>> >
>>>> >    *) Bugfix: a segmentation fault might occur in a worker process on
>>>> >       shutdown if the "resolver" directive was used.
>>>> >
>>>> >    *) Bugfix: a segmentation fault might occur in a worker process if
>>>> the
>>>> >       ngx_http_mp4_module was used.
>>>> >
>>>> >    *) Bugfix: in the ngx_http_mp4_module.
>>>> >
>>>> >    *) Bugfix: a segmentation fault might occur in a worker process if
>>>> >       conflicting wildcard server names were used.
>>>> >
>>>> >    *) Bugfix: nginx might be terminated abnormally on a SIGBUS signal
>>>> on
>>>> >       ARM platform.
>>>> >
>>>> >    *) Bugfix: an alert "sendmsg() failed (9: Bad file number)" on
>>>> HP-UX
>>>> >       while reconfiguration.
>>>> >
>>>> >
>>>> > Maxim Dounin
>>>> >
>>>> > _______________________________________________
>>>> > nginx mailing list
>>>> > nginx at nginx.org
>>>> > http://mailman.nginx.org/mailman/listinfo/nginx
>>>>
>>>> _______________________________________________
>>>> nginx mailing list
>>>> nginx at nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>>
>>>
>>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120704/9bf2e856/attachment-0001.html>

From list at oxdrove.co.uk  Wed Jul  4 09:56:02 2012
From: list at oxdrove.co.uk (James Lee)
Date: Wed, 04 Jul 2012 09:56:02 GMT
Subject: SSI and expires header
In-Reply-To: <zarafa.4fe871ea.331c.4342a6fc037d7b16@mail.openindex.io>
References: <zarafa.4fe871ea.331c.4342a6fc037d7b16@mail.openindex.io>
Message-ID: <20120704.9560200.37541905@gyor.oxdrove.co.uk>

On 25/06/12, 15:12:58, "Markus Jelsma" <markus.jelsma at openindex.io> wrote
regarding SSI and expires header:

Hello,

> We use SSI for serving a specific file but we want it to be cached
> by the clients for a few hours. We know SSI removes the Expires
> header set by the standard headers module so

SSI + expires works for me, example below.


> The browser, however, doesn't seem to cache the object so we must do
> something wrong here. I assume we also need a LastModified header
> but how can we force to send that header while SSI is on?


    location /ssi/ {
        ssi on;
        expires 1w;
        add_header Last-Modified 'not added';
    }
    location /ssi-with-last-modified/ {
        proxy_pass        http://localhost/ssi/;
        proxy_set_header  Host www.HOST.co.uk;
        add_header Last-Modified 'this works!';
    }



$ curl -I http://www.HOST.co.uk/ssi/
HTTP/1.1 200 OK
Server: nginx/1.2.2
Date: Wed, 04 Jul 2012 09:44:28 GMT
Content-Type: text/html; charset=8858-1
Connection: keep-alive
Vary: Accept-Encoding
Expires: Wed, 11 Jul 2012 09:44:28 GMT
Cache-Control: max-age=604800

$ curl -I http://www.HOST.co.uk/ssi-with-last-modified/
HTTP/1.1 200 OK
Server: nginx/1.2.2
Date: Wed, 04 Jul 2012 09:44:38 GMT
Content-Type: text/html; charset=8858-1
Connection: keep-alive
Vary: Accept-Encoding
Vary: Accept-Encoding
Expires: Wed, 11 Jul 2012 09:44:38 GMT
Cache-Control: max-age=604800
Last-Modified: this works!





James.


From brian at akins.org  Wed Jul  4 13:10:02 2012
From: brian at akins.org (Brian Akins)
Date: Wed, 4 Jul 2012 09:10:02 -0400
Subject: SSI and expires header
In-Reply-To: <20120704.9560200.37541905@gyor.oxdrove.co.uk>
References: <zarafa.4fe871ea.331c.4342a6fc037d7b16@mail.openindex.io>
	<20120704.9560200.37541905@gyor.oxdrove.co.uk>
Message-ID: <6A354EDA-2331-4E63-A961-448C72C2AA9B@akins.org>


On Jul 4, 2012, at 5:56 AM, James Lee wrote:
> 
>    location /ssi/ {
>        ssi on;
>        expires 1w;
>        add_header Last-Modified 'not added';
>    }
>    location /ssi-with-last-modified/ {
>        proxy_pass        http://localhost/ssi/;
>        proxy_set_header  Host www.HOST.co.uk;
>        add_header Last-Modified 'this works!';
>    }
> 

With this config, every request will actually cause two hits to nginx. 

Last-Modified is removed from SSI in every web server I know because you'd really need to show the last modified time of the newest included element. Also, if there are dynamic elements, how do you handle those?

I did  simple Lua header filter that adds the current time to Last-Modified when needed.  Depending on which browsers you need to support, however, just adding Expires and/or Cache-Control headers is enough to get the browser to cache. I know that not all browsers behave correctly, however.

Something simple like:

header_filter_by_lua '
     ngx.header["Last-Modified"] = ngx.http_time(ngx.time())
';

Of course, you may want to check to see if it's already been set, only set if a flag is present, etc.


The "proxy to yourself" solution is unacceptable for a busy site.

--Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120704/a9114b18/attachment.html>

From markus.jelsma at openindex.io  Wed Jul  4 13:48:50 2012
From: markus.jelsma at openindex.io (=?utf-8?Q?Markus_Jelsma?=)
Date: Wed, 4 Jul 2012 13:48:50 +0000
Subject: SSI and expires header
In-Reply-To: <6A354EDA-2331-4E63-A961-448C72C2AA9B@akins.org>
References: <6A354EDA-2331-4E63-A961-448C72C2AA9B@akins.org>
Message-ID: <zarafa.4ff449c2.5cf9.6ae7de8906680cac@mail.openindex.io>

Thank you both for your comments.

We attempted to set the Last-Modified header because expires and cache-control alone did not seem to work at all, the object is still transferred over the wire. We even increased the expires time from two to six hours but different browsers still download the object. These are the object's response headers:

Cache-Control:public,max-age=28800
Connection:keep-alive
Content-Encoding:gzip
Content-Type:application/x-javascript; charset=utf-8
Date:Wed, 04 Jul 2012 13:45:37 GMT
Expires:Wed, 04 Jul 2012 21:45:37 GMT
Transfer-Encoding:chunked

I don't see anything really missing. Any hints to share?

Thanks!

 
-----Original message-----
> From:Brian Akins <brian at akins.org>
> Sent: Wed 04-Jul-2012 15:11
> To: nginx at nginx.org
> Subject: Re: SSI and expires header
> 
> On Jul 4, 2012, at 5:56 AM, James Lee wrote:
> 
>  ???location /ssi/ {
>  ???????ssi on;
>  ???????expires 1w;
>  ???????add_header Last-Modified 'not added';
>  ???}
>  ???location /ssi-with-last-modified/ {
>  ???????proxy_pass ???????http://localhost/ssi/ <http://localhost/ssi/> ;
>  ???????proxy_set_header ?Host www.HOST.co.uk <http://www.HOST.co.uk> ;
>  ???????add_header Last-Modified 'this works!';
>  ???}
> 
> 
> With this config, every request will actually cause two hits to nginx.?
> 
> Last-Modified is removed from SSI in every web server I know because you'd really need to show the last modified time of the newest included element. Also, if there are dynamic elements, how do you handle those?
> 
> I did ?simple Lua header filter that adds the current time to Last-Modified when needed. ?Depending on which browsers you need to support, however, just adding Expires and/or Cache-Control headers is enough to get the browser to cache. I know that not all browsers behave correctly, however.
> 
> Something simple like:
> 
> header_filter_by_lua '
> ? ???ngx.header["Last-Modified"] =?ngx.http_time(ngx.time())
> ';
> 
> Of course, you may want to check to see if it's already been set, only set if a flag is present, etc.
> 
> 
> The "proxy to yourself" solution is unacceptable for a busy site.
> 
> --Brian
> 
> _______________________________________________
> 
> nginx mailing list
> 
> nginx at nginx.org
> 
> http://mailman.nginx.org/mailman/listinfo/nginx
> 
> 


From nginx-forum at nginx.us  Wed Jul  4 14:42:19 2012
From: nginx-forum at nginx.us (karolis)
Date: Wed, 4 Jul 2012 10:42:19 -0400 (EDT)
Subject: problem with proxy_pass
Message-ID: <8f6777b965f6bad4985a1bb4e5f8fef0.NginxMailingListEnglish@forum.nginx.org>

Hi everyone,

something wrong in my nginx.conf file:

user              nginx;
worker_processes  8;

error_log  logs/error.log;
pid        logs/nginx.pid;

events {
    worker_connections  8192;
}

http {
upstream www_serveriai_80  {
  server 10.255.7.120:8080;
}
    include       /usr/local/nginx/conf/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local]
"$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /usr/local/nginx/logs/access.log  main;

    sendfile        on;
    keepalive_timeout  65;

    server {
      listen 80;
      server_name alis.am.lt;

      error_page 502 /502.html;

      location = /502.html {
         root /usr/local/nginx/html/;
         allow all;
      }
      location /error502resourcescss {
         alias /usr/local/nginx/html/error502resourcescss/;
      }
      location /error502resourcesimages {
         alias /usr/local/nginx/html/error502resourcesimages/;
      }

      location /AlisL09Service {
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Server $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://10.255.6.120:8080/AlisL09Service/;
        proxy_redirect off;
      }

      location / {
        proxy_pass  http://www_serveriai_80;
        proxy_set_header Host $http_host;
      }
}
}

When i connect to AlisL09Service i find 400 error message, but i know
that it should be 405 error. Everything worked fine yesterday, changed
something don't remember exactly what (very dumb, right?) and it's not
working correctly now. Please help.


Regards,
Karolis M.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228280,228280#msg-228280


From mat999 at gmail.com  Wed Jul  4 15:45:31 2012
From: mat999 at gmail.com (SplitIce)
Date: Thu, 5 Jul 2012 01:45:31 +1000
Subject: Map Module and Domains
In-Reply-To: <alpine.BSF.2.00.1207032012320.38615@u.fchgavxzrqvn.arg>
References: <CALFfGYbvhQLcSVpb+6MRWxAA6AUu4gaCKRugYh_0-SsHQO8ukg@mail.gmail.com>
	<alpine.BSF.2.00.1207032012320.38615@u.fchgavxzrqvn.arg>
Message-ID: <CALFfGYbouSXAQTU0aDKW8GFnQh=hLwqCzuxLT24tKZGn+Kmo1w@mail.gmail.com>

And I take it that the first block is the 'default' so I should add my
'bad-site' block last like you have? Just clarification.

I really like the way you did this, way more clean than the if based system
I was planning to use (and less evil).

On Wed, Jul 4, 2012 at 3:23 AM, Oleksandr V. Typlyns'kyi <wangsamp at gmail.com
> wrote:

> Tomorrow Jul 4, 2012 at 03:01 SplitIce wrote:
>
> > Ok, I was reading up on the map module and it seems the right way to do
> > this, howeaver I really couldnt think of a way to do this (without just
> > using the if alternative way).
> >
> > Blocking domains is what I want to do, my server blocks are per IP
> > accepting everything for any domain, howeaver I want to filter certain
> > [blocked] domains away by way of proxy passing or redirecting to another
> > URL.
>
>   You can use another server block for that domains.
>   http://nginx.org/en/docs/http/request_processing.html
>
>   server {
>       listen 192.168.1.1:80;
>       ...
>   }
>
>   server {
>       listen 192.168.2.2:80;
>       ...
>   }
>
>   server {
>       listen 192.168.1.1:80;
>       listen 192.168.2.2:80;
>       server_name blocked.example.org *.filtered.net badsite.*;
>       ...
>   }
>
>
>
> --
> WNGS-RIPE
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120705/4b38332c/attachment.html>

From wangsamp at gmail.com  Wed Jul  4 21:56:43 2012
From: wangsamp at gmail.com (Oleksandr V. Typlyns'kyi)
Date: Thu, 5 Jul 2012 00:56:43 +0300 (EEST)
Subject: Map Module and Domains
In-Reply-To: <CALFfGYbouSXAQTU0aDKW8GFnQh=hLwqCzuxLT24tKZGn+Kmo1w@mail.gmail.com>
References: <CALFfGYbvhQLcSVpb+6MRWxAA6AUu4gaCKRugYh_0-SsHQO8ukg@mail.gmail.com>
	<alpine.BSF.2.00.1207032012320.38615@u.fchgavxzrqvn.arg>
	<CALFfGYbouSXAQTU0aDKW8GFnQh=hLwqCzuxLT24tKZGn+Kmo1w@mail.gmail.com>
Message-ID: <alpine.BSF.2.00.1207050050150.38615@u.fchgavxzrqvn.arg>

Today Jul 5, 2012 at 01:45 SplitIce wrote:

> And I take it that the first block is the 'default' so I should add my
> 'bad-site' block last like you have? Just clarification.
> 
> I really like the way you did this, way more clean than the if based system
> I was planning to use (and less evil).

  It doesn't metter if you add default_server parameter to the right place.
  http://nginx.org/en/docs/http/ngx_http_core_module.html#listen

-- 
WNGS-RIPE


From agentzh at gmail.com  Wed Jul  4 23:37:46 2012
From: agentzh at gmail.com (agentzh)
Date: Wed, 4 Jul 2012 16:37:46 -0700
Subject: [ANN] ngx_openresty devel version 1.2.1.5 released
In-Reply-To: <CAB4Tn6MrwZMs1uXm4CSJmKHkG6VfHr7GT=ZfrVFU-cn3SoYZeA@mail.gmail.com>
References: <CAB4Tn6MrwZMs1uXm4CSJmKHkG6VfHr7GT=ZfrVFU-cn3SoYZeA@mail.gmail.com>
Message-ID: <CAB4Tn6M7VOtUMFvqB+UFxMOH2zMrAXTUXnw4tNE-f78YFEA5qw@mail.gmail.com>

Hello!

After more than one week's active development, I'm happy to announce
that ngx_openresty development version, 1.2.1.5, is now released:

   http://openresty.org/#Download

Below is the change log for this release, as compared to the last release
(1.2.1.3):

 *   upgraded LuaNginxModule to 0.5.5.

     *   feature: added new configure directives init_by_lua and
         init_by_lua_file. they can be used to pre-load Lua modules,
         register true Lua global variables, and initialize the
         shared-memory storage defined via lua_shared_dict, at Nginx
         config-loading time. thanks drdrxp for suggesting this new
         feature.

     *   feature: now we print backtrace to "error.log" when Lua
         errors happen in set_by_lua*, header_filter_by_lua*,
         body_filter_by_lua*, and log_by_lua.

     *   bugfix: upstream data buffers were not marked as fully
         consumed when body_filter_by_lua* was used and "ngx.arg[1]"
         was overwritten. this could result in connection hang for
         large response bodies. thanks Tzury Bar Yochay for reporting
         this issue.

     *   bugfix: gcc complained that "dereferencing type-punned
         pointer will break strict-aliasing rules" when "-O2" or
         above was enabled while compiling. thanks Ryan Ooi for
         reporting this and chaoslawful for fixing it.

 *   upgraded LuaRestyRedisLibrary to 0.10.

     *   feature: added the Redis "script" command introduced in
         Redis 2.6. thanks Evgeniy Dolzhenko for suggesting this.

     *   docs: documented that storing the object instance into lua
         module-level variables will result in failures for
         concurrent requests.

     *   docs: documented that this lib cannot be used in those
         contexts where the ngx_lua cosocket API is unavailable.

 *   upgraded SrcacheNginxModule to 0.14.

     *   feature: added new nginx variable $srcache_fetch_status
         which takes one of three values, "BYASS", "MISS", and "HIT".
         thanks Feibo Li for the patch.

     *   feature: added new Nginx variable $srcache_store_status
         which takes the value "BYASS" or "STORE".

     *   optimize: removed unused context data field "fetch_sr" on
         the C level to reduce the memory footprint a bit.

The HTML version of the change log with some useful hyper-links can be
browsed here:

   http://openresty.org/#ChangeLog1002001

Special thanks go to all our contributors and users for helping make this
happen :)

OpenResty (aka. ngx_openresty) is a full-fledged web application server by
bundling the standard Nginx core, lots of 3rd-party Nginx modules, as well
as most of their external dependencies. See OpenResty's homepage for
details:

    http://openresty.org/

Enjoy!
-agentzh


From wendal1985 at gmail.com  Thu Jul  5 10:51:59 2012
From: wendal1985 at gmail.com (Wendal Chen)
Date: Thu, 5 Jul 2012 18:51:59 +0800
Subject: nginx-1.3.2
In-Reply-To: <CAD3xhrPEJiGHnZrh=Wb9Zk2Liem0FD60EhOBwNy_LySGrPfGAA@mail.gmail.com>
References: <20120626140023.GJ31671@mdounin.ru>
	<CAGo79UV7OUT-2Pj=2e=f=i=wiMvHs3ZF1saE1kLaKGb4m5d=eg@mail.gmail.com>
	<CAD3xhrM+FBVqeJsddDmTmqCxyVpv2xEUmuXUywB+fpC9kwM+kQ@mail.gmail.com>
	<CAD3xhrP1OtPoO2AQ1G6ojqB3BmreouxaAvzjSwSCk=wp8bfGxQ@mail.gmail.com>
	<CAD3xhrO2Porv7cdKx4QKtRx8FtZj7L+PV2rnEp-zN3cjqYwLYQ@mail.gmail.com>
	<CAD3xhrPEJiGHnZrh=Wb9Zk2Liem0FD60EhOBwNy_LySGrPfGAA@mail.gmail.com>
Message-ID: <CAM79QPUqSz+=CmmwHuaD9ccnLZJqR1Oos4oLXTqjuPKXoG=Rcw@mail.gmail.com>

2012/7/4 shahzaib shahzaib <shahzaib.cb at gmail.com>

> will anyone help me? i am stuck in same problem?
>
>
> On Mon, Jul 2, 2012 at 12:18 PM, shahzaib shahzaib <shahzaib.cb at gmail.com>wrote:
>
>> @Maxim & @Lukas, i've noticed that the flv audio psuedo is  working by
>> using given keyframes that is generated by flvmdi but  video  breaks during
>> usage of keyframes .
>>
>>
>> On Sat, Jun 30, 2012 at 11:17 AM, shahzaib shahzaib <
>> shahzaib.cb at gmail.com> wrote:
>>
>>> Thats my starter of nginx.conf
>>> Server {
>>>
>>> location ~ \.flv$ {
>>>     flv;
>>> }
>>>
>>> location /videos {
>>>     root /usr/local/nginx/html;
>>>     index index.php index.html;
>>>     autoindex on;
>>>
>>> }
>>> }
>>>
>>> On Fri, Jun 29, 2012 at 5:02 PM, shahzaib shahzaib <
>>> shahzaib.cb at gmail.com> wrote:
>>>
>>>> @Maxim i've converted my flv video using flvmdi tool with this command
>>>> flvmdi test.flv sample.flv /k /x & it created flv file keyframes and save
>>>> into xml file, but still when i try to play the video from given keyframe,
>>>> does'nt show anything. Waiting for your help. Thanks
>>>>
>>>>
>>>> On Thu, Jun 28, 2012 at 6:06 PM, Kevin Worthington <
>>>> kworthington at gmail.com> wrote:
>>>>
>>>>> Hello Nginx Users,
>>>>>
>>>>> Now available: Nginx 1.3.2 For Windows http://goo.gl/2aSez (32-bit and
>>>>> 64-bit versions)
>>>>>
>>>>> These versions are to support legacy users who are already using
>>>>> Cygwin based builds of Nginx. Officially supported native Windows
>>>>> binaries are at nginx.org.
>>>>>
>>>>> Announcements are also available via my Twitter stream, listed below
>>>>> if you'd like updates that way.
>>>>>
>>>>> Thank you,
>>>>> Kevin
>>>>> --
>>>>> Kevin Worthington
>>>>> kworthington *@* (gmail]  [dot} {com)
>>>>> http://kevinworthington.com/
>>>>> http://twitter.com/kworthington
>>>>>
>>>>>
>>>>> On Tue, Jun 26, 2012 at 10:00 AM, Maxim Dounin <mdounin at mdounin.ru>
>>>>> wrote:
>>>>> > Changes with nginx 1.3.2                                         26
>>>>> Jun 2012
>>>>> >
>>>>> >    *) Change: the "single" parameter of the "keepalive" directive is
>>>>> now
>>>>> >       ignored.
>>>>> >
>>>>> >    *) Change: SSL compression is now disabled when using all
>>>>> versions of
>>>>> >       OpenSSL, including ones prior to 1.0.0.
>>>>> >
>>>>> >    *) Feature: it is now possible to use the "ip_hash" directive to
>>>>> balance
>>>>> >       IPv6 clients.
>>>>> >
>>>>> >    *) Feature: the $status variable can now be used not only in the
>>>>> >       "log_format" directive.
>>>>> >
>>>>> >    *) Bugfix: a segmentation fault might occur in a worker process on
>>>>> >       shutdown if the "resolver" directive was used.
>>>>> >
>>>>> >    *) Bugfix: a segmentation fault might occur in a worker process
>>>>> if the
>>>>> >       ngx_http_mp4_module was used.
>>>>> >
>>>>> >    *) Bugfix: in the ngx_http_mp4_module.
>>>>> >
>>>>> >    *) Bugfix: a segmentation fault might occur in a worker process if
>>>>> >       conflicting wildcard server names were used.
>>>>> >
>>>>> >    *) Bugfix: nginx might be terminated abnormally on a SIGBUS
>>>>> signal on
>>>>> >       ARM platform.
>>>>>
>>>> Nginx can run in ARM ?

> >
>>>>> >    *) Bugfix: an alert "sendmsg() failed (9: Bad file number)" on
>>>>> HP-UX
>>>>> >       while reconfiguration.
>>>>> >
>>>>> >
>>>>> > Maxim Dounin
>>>>> >
>>>>> > _______________________________________________
>>>>> > nginx mailing list
>>>>> > nginx at nginx.org
>>>>> > http://mailman.nginx.org/mailman/listinfo/nginx
>>>>>
>>>>> _______________________________________________
>>>>> nginx mailing list
>>>>> nginx at nginx.org
>>>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>>>
>>>>
>>>>
>>>
>>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



-- 
Wendal Chen
GuangDong China
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120705/8710e543/attachment-0001.html>

From mdounin at mdounin.ru  Thu Jul  5 12:56:47 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Thu, 5 Jul 2012 16:56:47 +0400
Subject: nginx-1.3.2
In-Reply-To: <CAM79QPUqSz+=CmmwHuaD9ccnLZJqR1Oos4oLXTqjuPKXoG=Rcw@mail.gmail.com>
References: <20120626140023.GJ31671@mdounin.ru>
	<CAGo79UV7OUT-2Pj=2e=f=i=wiMvHs3ZF1saE1kLaKGb4m5d=eg@mail.gmail.com>
	<CAD3xhrM+FBVqeJsddDmTmqCxyVpv2xEUmuXUywB+fpC9kwM+kQ@mail.gmail.com>
	<CAD3xhrP1OtPoO2AQ1G6ojqB3BmreouxaAvzjSwSCk=wp8bfGxQ@mail.gmail.com>
	<CAD3xhrO2Porv7cdKx4QKtRx8FtZj7L+PV2rnEp-zN3cjqYwLYQ@mail.gmail.com>
	<CAD3xhrPEJiGHnZrh=Wb9Zk2Liem0FD60EhOBwNy_LySGrPfGAA@mail.gmail.com>
	<CAM79QPUqSz+=CmmwHuaD9ccnLZJqR1Oos4oLXTqjuPKXoG=Rcw@mail.gmail.com>
Message-ID: <20120705125647.GD31671@mdounin.ru>

Hello!

On Thu, Jul 05, 2012 at 06:51:59PM +0800, Wendal Chen wrote:

[...]

> >>>>> >    *) Bugfix: nginx might be terminated abnormally on a SIGBUS
> >>>>> signal on
> >>>>> >       ARM platform.
> 
> Nginx can run in ARM ?

Yes.

Maxim Dounin


From wendal1985 at gmail.com  Thu Jul  5 14:43:43 2012
From: wendal1985 at gmail.com (Wendal Chen)
Date: Thu, 5 Jul 2012 22:43:43 +0800
Subject: nginx-1.3.2
In-Reply-To: <20120705125647.GD31671@mdounin.ru>
References: <20120626140023.GJ31671@mdounin.ru>
	<CAGo79UV7OUT-2Pj=2e=f=i=wiMvHs3ZF1saE1kLaKGb4m5d=eg@mail.gmail.com>
	<CAD3xhrM+FBVqeJsddDmTmqCxyVpv2xEUmuXUywB+fpC9kwM+kQ@mail.gmail.com>
	<CAD3xhrP1OtPoO2AQ1G6ojqB3BmreouxaAvzjSwSCk=wp8bfGxQ@mail.gmail.com>
	<CAD3xhrO2Porv7cdKx4QKtRx8FtZj7L+PV2rnEp-zN3cjqYwLYQ@mail.gmail.com>
	<CAD3xhrPEJiGHnZrh=Wb9Zk2Liem0FD60EhOBwNy_LySGrPfGAA@mail.gmail.com>
	<CAM79QPUqSz+=CmmwHuaD9ccnLZJqR1Oos4oLXTqjuPKXoG=Rcw@mail.gmail.com>
	<20120705125647.GD31671@mdounin.ru>
Message-ID: <CAM79QPXBUf64X5xquHrd17=e0FaO-mTBds7jpEm4Sq1pJhZ0tA@mail.gmail.com>

How?

Can you pls  provide  a  example configure cmd?

2012/7/5 Maxim Dounin <mdounin at mdounin.ru>

> Hello!
>
> On Thu, Jul 05, 2012 at 06:51:59PM +0800, Wendal Chen wrote:
>
> [...]
>
> > >>>>> >    *) Bugfix: nginx might be terminated abnormally on a SIGBUS
> > >>>>> signal on
> > >>>>> >       ARM platform.
> >
> > Nginx can run in ARM ?
>
> Yes.
>
> Maxim Dounin
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



-- 
Wendal Chen
GuangDong China
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120705/f5def878/attachment.html>

From ru at nginx.com  Thu Jul  5 14:52:38 2012
From: ru at nginx.com (Ruslan Ermilov)
Date: Thu, 5 Jul 2012 18:52:38 +0400
Subject: Map Module and Domains
In-Reply-To: <alpine.BSF.2.00.1207050050150.38615@u.fchgavxzrqvn.arg>
References: <CALFfGYbvhQLcSVpb+6MRWxAA6AUu4gaCKRugYh_0-SsHQO8ukg@mail.gmail.com>
	<alpine.BSF.2.00.1207032012320.38615@u.fchgavxzrqvn.arg>
	<CALFfGYbouSXAQTU0aDKW8GFnQh=hLwqCzuxLT24tKZGn+Kmo1w@mail.gmail.com>
	<alpine.BSF.2.00.1207050050150.38615@u.fchgavxzrqvn.arg>
Message-ID: <20120705145238.GA91054@lo0.su>

On Thu, Jul 05, 2012 at 12:56:43AM +0300, Oleksandr V. Typlyns'kyi wrote:
> Today Jul 5, 2012 at 01:45 SplitIce wrote:
> 
> > And I take it that the first block is the 'default' so I should add my
> > 'bad-site' block last like you have? Just clarification.
> > 
> > I really like the way you did this, way more clean than the if based system
> > I was planning to use (and less evil).
> 
>   It doesn't metter if you add default_server parameter to the right place.
>   http://nginx.org/en/docs/http/ngx_http_core_module.html#listen

http://nginx.org/en/docs/http/request_processing.html


From steeeeeveee at gmx.net  Thu Jul  5 15:26:36 2012
From: steeeeeveee at gmx.net (Steve)
Date: Thu, 05 Jul 2012 17:26:36 +0200
Subject: nginx-1.3.2
In-Reply-To: <CAM79QPXBUf64X5xquHrd17=e0FaO-mTBds7jpEm4Sq1pJhZ0tA@mail.gmail.com>
References: <20120626140023.GJ31671@mdounin.ru>
	<CAGo79UV7OUT-2Pj=2e=f=i=wiMvHs3ZF1saE1kLaKGb4m5d=eg@mail.gmail.com>
	<CAD3xhrM+FBVqeJsddDmTmqCxyVpv2xEUmuXUywB+fpC9kwM+kQ@mail.gmail.com>
	<CAD3xhrP1OtPoO2AQ1G6ojqB3BmreouxaAvzjSwSCk=wp8bfGxQ@mail.gmail.com>
	<CAD3xhrO2Porv7cdKx4QKtRx8FtZj7L+PV2rnEp-zN3cjqYwLYQ@mail.gmail.com>
	<CAD3xhrPEJiGHnZrh=Wb9Zk2Liem0FD60EhOBwNy_LySGrPfGAA@mail.gmail.com>
	<CAM79QPUqSz+=CmmwHuaD9ccnLZJqR1Oos4oLXTqjuPKXoG=Rcw@mail.gmail.com>
	<20120705125647.GD31671@mdounin.ru>
	<CAM79QPXBUf64X5xquHrd17=e0FaO-mTBds7jpEm4Sq1pJhZ0tA@mail.gmail.com>
Message-ID: <20120705152636.9860@gmx.net>

-------- Original-Nachricht --------
> Datum: Thu, 5 Jul 2012 22:43:43 +0800
> Von: Wendal Chen <wendal1985 at gmail.com>
> An: nginx at nginx.org
> Betreff: Re: nginx-1.3.2

> How?
> 
Compile it directly on ARM or cross compile it or use a binary for ARM.


> Can you pls  provide  a  example configure cmd?
> 
> 2012/7/5 Maxim Dounin <mdounin at mdounin.ru>
> 
> > Hello!
> >
> > On Thu, Jul 05, 2012 at 06:51:59PM +0800, Wendal Chen wrote:
> >
> > [...]
> >
> > > >>>>> >    *) Bugfix: nginx might be terminated abnormally on a SIGBUS
> > > >>>>> signal on
> > > >>>>> >       ARM platform.
> > >
> > > Nginx can run in ARM ?
> >
> > Yes.
> >
> > Maxim Dounin
> >
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> >
> 
> 
> 
> -- 
> Wendal Chen
> GuangDong China


From nginx-forum at nginx.us  Thu Jul  5 16:15:09 2012
From: nginx-forum at nginx.us (munkhabi)
Date: Thu, 5 Jul 2012 12:15:09 -0400 (EDT)
Subject: Locations
Message-ID: <137ce279c0341d297438bd362a14107b.NginxMailingListEnglish@forum.nginx.org>

Hello all,
How can I see all locations in a handler? Is it posssible?

Thanks.
M.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228309,228309#msg-228309


From roman.vasilyev at yousendit.com  Thu Jul  5 16:30:59 2012
From: roman.vasilyev at yousendit.com (Roman Vasilyev)
Date: Thu, 5 Jul 2012 09:30:59 -0700
Subject: NGINX + kerberos
Message-ID: <4FF5C143.9000502@yousendit.com>

Hi,

figuring out does exists kerberos auth module for NGINX, found this:
https://github.com/fintler/nginx-mod-auth-kerb

scares comment:
pray for no segfaults...

Wile checked sources don't see some extremely dangerous code segments.
Remember that ngx_array_push(&cmcf->phases[NGX_HTTP_ACCESS_PHASE].handlers);
not correct way if you need just variables/headers.

Any alternatives to this module for now?


From nginx-forum at nginx.us  Fri Jul  6 03:08:03 2012
From: nginx-forum at nginx.us (eddz)
Date: Thu, 5 Jul 2012 23:08:03 -0400 (EDT)
Subject: 404 Not Found -- nginx/1.0.10
In-Reply-To: <48588bf169f802f9a4e463200cb73889.NginxMailingListEnglish@forum.nginx.org>
References: <51cc82b2926976f43edefa52dccee5cd.NginxMailingListEnglish@forum.nginx.org>
	<48588bf169f802f9a4e463200cb73889.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <6712945f399bef2b3362d5d07d227b09.NginxMailingListEnglish@forum.nginx.org>

Hi,

I'm just wondering what your solution to this problem was? I'm
struggling here myself.

Many thanks!

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219405,228316#msg-228316


From nginx-forum at nginx.us  Fri Jul  6 03:50:18 2012
From: nginx-forum at nginx.us (lulalala)
Date: Thu, 5 Jul 2012 23:50:18 -0400 (EDT)
Subject: Static file serving only works if root is a subfolder under public
Message-ID: <05f9564efb0f40aa74d5e51ec071eac4.NginxMailingListEnglish@forum.nginx.org>

I am trying to serve static cache files using nginx. There are
index.html files under the rails_root/public/cache directory. I tried
the following configuration first, which doesn't work:


    root <%= current_path %>/public;
    try_files /cache$uri/index.html /cache$uri.html @rails;

Accessing the root / gives this error:

    [error] 4056#0: *13503414 directory index of "(...)current/public/"
is forbidden, request: "GET / HTTP/1.1"

I then tried 

    root <%= current_path %>/public/cache;
    try_files $uri/index.html $uri.html @rails;

And to my surprise this works.

---

The permissions of the folders are:

    775 public
      755 cache
        644 index.html

The thing is that my favicon sitting under public/ is served correctly:

    # asset server
    server {
      listen 80;
      server_name assets.<%= server_name %>;
      expires max;
      add_header Cache-Control public;
      charset utf-8;
      root   <%= current_path %>/public;
    }

So, why is it that I can do the latter not the former( since they point
to the same location)? Thanks.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228318,228318#msg-228318


From shahzaib.cb at gmail.com  Fri Jul  6 07:08:24 2012
From: shahzaib.cb at gmail.com (shahzaib shahzaib)
Date: Fri, 6 Jul 2012 12:08:24 +0500
Subject: FLV module issues (was Re: nginx-1.3.2)
In-Reply-To: <CAFWPQt68B6SY_b+6569K8UwwT4gF9asLGGzBvK3Z8t_n0Y5yfA@mail.gmail.com>
References: <CAFWPQt68B6SY_b+6569K8UwwT4gF9asLGGzBvK3Z8t_n0Y5yfA@mail.gmail.com>
Message-ID: <CAD3xhrN0WThHFs5jHFZDfxSHxdko1VE9sFQKsAkpBYarXaFBJA@mail.gmail.com>

i've converted flv files with flvmdi tool & when i try to play flv file by
given bytes(keyframes), audio pseudo continue from keyframes but video
doesnot load & show black screen. Now i am scratching my head more than
enough :-(

On Wed, Jun 27, 2012 at 9:12 PM, Mit Rowe <mit at stagename.com> wrote:

> shahzaib,
>
> those instructions are for incredibly old versions of things. Perhaps what
> you're looking for is this module...
>
> http://wiki.nginx.org/HttpFlvModule
>
> and/or this one...
>
> http://wiki.nginx.org/HttpMp4Module
>
> both of which can be compiled into the most recent versions of nginx.
>
> I also echo Maxim's advise that you use the nginx 1.2.x branch from
> http://nginx.org/en/download.html as the 1.3.x branch is a development
> version
>
> Hope this helps,
> Mit
>
>
>
>
>
> On Wed, Jun 27, 2012 at 11:45 AM, shahzaib shahzaib <shahzaib.cb at gmail.com
> > wrote:
>
>> well, i've compiled my nginx 1.2.1 from this source
>> http://h264.code-shop.com/trac/wiki/Mod-H264-Streaming-Nginx-Version2 ,
>> add aditional module --with-http_flv_module for pseudo stream and added flv
>> directive in nginx.conf file. But when i try to play video by
>> test.flv?start=343434 , player stucked & not play. Mp4 is working fine but
>> not flv.
>>
>>
>> On Wed, Jun 27, 2012 at 7:28 PM, Maxim Dounin <mdounin at mdounin.ru> wrote:
>>
>>> Hello!
>>>
>>> On Wed, Jun 27, 2012 at 04:57:32PM +0500, shahzaib shahzaib wrote:
>>>
>>> > & i am having problem on using nginx-1.2.1 its flv module is broken
>>> :-(,
>>> > flv psuedo streaming is not working .
>>>
>>> It's not broken, for sure.  You've just doing it wrong.
>>> Unfortunately you've failed to provide enough information to say
>>> what exactly you are doing wrong.
>>>
>>> Maxim Dounin
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
>
> --
> Will 'Mit' Rowe
> Stagename*
> *1-866-326-3098
> mit at stagename.com <josh at stagename.com>
> www.stagename.com
> Twitter: @stagename
>
> *The information transmitted is intended only for the person or entity to
> which it is addressed and may contain confidential and/or privileged
> material. Any review, retransmission, dissemination or other use of this
> information by persons or entities other than the intended recipient is
> prohibited. If you received this transmission in error, please contact the
> sender and delete all material contained herein from your computer.*
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120706/eade8723/attachment-0001.html>

From soracchi at netbuilder.it  Fri Jul  6 11:30:33 2012
From: soracchi at netbuilder.it (Andrea Soracchi)
Date: Fri, 6 Jul 2012 13:30:33 +0200 (CEST)
Subject: Compile nginx for zimbra
In-Reply-To: <5874481.157.1341574479509.JavaMail.sorry@sorry>
Message-ID: <15593763.164.1341574585836.JavaMail.sorry@sorry>

Hi,

I have a ubuntu 10.04 TLS. When compile nginx for zimbra (http://zimbra.imladris.sk/download/src/HELIX-720.fbsd/ThirdParty/nginx/nginx-0.9-zimbra/) I get this error:

       gcc -o objs/nginx \                                                                                                                                                              
        objs/src/core/nginx.o \                                                                                                                                                  
        objs/src/core/ngx_log.o \                                                                                                                                                
        objs/src/core/ngx_palloc.o \                                                                                                                                             
        objs/src/core/ngx_array.o \                                                                                                                                              
        objs/src/core/ngx_list.o \                                                                                                                                               
        objs/src/core/ngx_hash.o \                                                                                                                                               
        objs/src/core/ngx_buf.o \                                                                                                                                                
        objs/src/core/ngx_queue.o \                                                                                                                                              
        objs/src/core/ngx_output_chain.o \                                                                                                                                       
        objs/src/core/ngx_string.o \                                                                                                                                             
        objs/src/core/ngx_parse.o \                                                                                                                                              
        objs/src/core/ngx_inet.o \                                                                                                                                               
        objs/src/core/ngx_file.o \                                                                                                                                               
        objs/src/core/ngx_crc32.o \                                                                                                                                              
        objs/src/core/ngx_rbtree.o \                                                                                                                                             
        objs/src/core/ngx_radix_tree.o \                                                                                                                                         
        objs/src/core/ngx_slab.o \                                                                                                                                               
        objs/src/core/ngx_times.o \                                                                                                                                              
        objs/src/core/ngx_shmtx.o \                                                                                                                                              
        objs/src/core/ngx_connection.o \                                                                                                                                         
        objs/src/core/ngx_cycle.o \                                                                                                                                              
        objs/src/core/ngx_spinlock.o \                                                                                                                                           
        objs/src/core/ngx_cpuinfo.o \                                                                                                                                            
        objs/src/core/ngx_conf_file.o \                                                                                                                                          
        objs/src/core/ngx_resolver.o \                                                                                                                                           
        objs/src/core/ngx_open_file_cache.o \                                                                                                                                    
        objs/src/core/ngx_memcache.o \                                                                                                                                           
        objs/src/core/ngx_zm_lookup.o \                                                                                                                                          
        objs/src/event/ngx_event.o \                                                                                                                                             
        objs/src/event/ngx_event_timer.o \                                                                                                                                       
        objs/src/event/ngx_event_posted.o \                                                                                                                                      
        objs/src/event/ngx_event_busy_lock.o \                                                                                                                                   
        objs/src/event/ngx_event_accept.o \                                                                                                                                      
        objs/src/event/ngx_event_connect.o \                                                                                                                                     
        objs/src/event/ngx_event_pipe.o \                                                                                                                                        
        objs/src/os/unix/ngx_time.o \                                                                                                                                            
        objs/src/os/unix/ngx_errno.o \                                                                                                                                           
        objs/src/os/unix/ngx_alloc.o \                                                                                                                                           
        objs/src/os/unix/ngx_files.o \                                                                                                                                           
        objs/src/os/unix/ngx_socket.o \                                                                                                                                          
        objs/src/os/unix/ngx_recv.o \                                                                                                                                            
        objs/src/os/unix/ngx_readv_chain.o \                                                                                                                                     
        objs/src/os/unix/ngx_udp_recv.o \                                                                                                                                        
        objs/src/os/unix/ngx_send.o \                                                                                                                                            
        objs/src/os/unix/ngx_writev_chain.o \
        objs/src/os/unix/ngx_channel.o \
        objs/src/os/unix/ngx_shmem.o \
        objs/src/os/unix/ngx_process.o \
        objs/src/os/unix/ngx_daemon.o \
        objs/src/os/unix/ngx_setproctitle.o \
        objs/src/os/unix/ngx_posix_init.o \
        objs/src/os/unix/ngx_user.o \
        objs/src/os/unix/ngx_process_cycle.o \
        objs/src/os/unix/ngx_linux_init.o \
        objs/src/event/modules/ngx_epoll_module.o \
        objs/src/os/unix/ngx_linux_sendfile_chain.o \
        objs/src/event/ngx_event_openssl.o \
        objs/src/mail/ngx_mail.o \
        objs/src/mail/ngx_mail_core_module.o \
        objs/src/mail/ngx_mail_handler.o \
        objs/src/mail/ngx_mail_parse.o \
        objs/src/mail/ngx_mail_ssl_module.o \
        objs/src/mail/ngx_mail_pop3_module.o \
        objs/src/mail/ngx_mail_pop3_handler.o \
        objs/src/mail/ngx_mail_imap_module.o \
        objs/src/mail/ngx_mail_imap_handler.o \
        objs/src/mail/ngx_mail_smtp_module.o \
        objs/src/mail/ngx_mail_smtp_handler.o \
        objs/src/mail/ngx_mail_auth_http_module.o \
        objs/src/mail/ngx_mail_proxy_module.o \
        objs/src/mail/ngx_mail_throttle_module.o \
        objs/ngx_modules.o \
        -lssl -lcrypto -ldl
objs/src/mail/ngx_mail_handler.o: In function `ngx_mail_initialize_sasl':
/usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:961: undefined reference to `sasl_server_init'
/usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:965: undefined reference to `sasl_errstring'
objs/src/mail/ngx_mail_handler.o: In function `ngx_mail_create_sasl_context':
/usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:1229: undefined reference to `sasl_server_new'
/usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:1243: undefined reference to `sasl_errstring'
/usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:1266: undefined reference to `sasl_setprop'
objs/src/mail/ngx_mail_handler.o: In function `ngx_mail_dispose_sasl_context':
/usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:1280: undefined reference to `sasl_dispose'
objs/src/mail/ngx_mail_handler.o: In function `ngx_mail_sasl_startstep':
/usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:1355: undefined reference to `sasl_server_start'
/usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:1387: undefined reference to `sasl_server_step'
/usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:1399: undefined reference to `sasl_errstring'
/usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:1464: undefined reference to `sasl_getprop'
/usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:1465: undefined reference to `sasl_getprop'
collect2: ld returned 1 exit status
make[1]: *** [objs/nginx] Error 1
make[1]: Leaving directory `/usr/local/src/nginx-0.9-zimbra'
make: *** [build] Error 2

Any idea?

Thanks,


-- 
Andrea Soracchi - Netbuilder S.r.l. 
Multidialogo : La storia e' fatta da chi sa comunicare 
System Engineer // t. +39 0521 247791 // f. +39 0521 7431140 // www.netbuilder.it 



From lists at ruby-forum.com  Fri Jul  6 12:47:43 2012
From: lists at ruby-forum.com (Waleed G.)
Date: Fri, 06 Jul 2012 14:47:43 +0200
Subject: Good log analysis tool for nginx?
In-Reply-To: <634760.80154.qm@web46313.mail.sp1.yahoo.com>
References: <634760.80154.qm@web46313.mail.sp1.yahoo.com>
Message-ID: <76a20d40ca63dadf67e3b7e7ab9987cf@ruby-forum.com>

Please check Nginx
Error Log Reader (
http://gadelkareem.com/2012/07/01/nginx-error-log-reader/ ); a php
reader/parser/analyzer for Nginx error log
file. the script is able to read error logs recursively and display them
in a user friendly table. Script configuration includes the number of
bytes to read per page and allow pagination through the error log.

-- 
Posted via http://www.ruby-forum.com/.


From mdounin at mdounin.ru  Fri Jul  6 13:06:44 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 6 Jul 2012 17:06:44 +0400
Subject: Compile nginx for zimbra
In-Reply-To: <15593763.164.1341574585836.JavaMail.sorry@sorry>
References: <5874481.157.1341574479509.JavaMail.sorry@sorry>
	<15593763.164.1341574585836.JavaMail.sorry@sorry>
Message-ID: <20120706130644.GL31671@mdounin.ru>

Hello!

On Fri, Jul 06, 2012 at 01:30:33PM +0200, Andrea Soracchi wrote:

> I have a ubuntu 10.04 TLS. When compile nginx for zimbra 
> (http://zimbra.imladris.sk/download/src/HELIX-720.fbsd/ThirdParty/nginx/nginx-0.9-zimbra/) 
> I get this error:

[...]

> objs/src/mail/ngx_mail_handler.o: In function `ngx_mail_initialize_sasl':
> /usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:961: undefined reference to `sasl_server_init'
> /usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:965: undefined reference to `sasl_errstring'

This looks like problem in zimbra changes to nginx and you may 
have better luck asking in zimbra-related lists.

On the other hand, it looks like the problem is simple enough, and 
you just need to add "-lsasl" to ld flags.  Something like

./configure --with-ld-opt="-lsasl"

should work.

Maxim Dounin


From soracchi at netbuilder.it  Fri Jul  6 13:19:08 2012
From: soracchi at netbuilder.it (Andrea Soracchi)
Date: Fri, 6 Jul 2012 15:19:08 +0200 (CEST)
Subject: Compile nginx for zimbra
In-Reply-To: <20120706130644.GL31671@mdounin.ru>
Message-ID: <24525256.176.1341581101205.JavaMail.sorry@sorry>

Hi,

thanks for your help.

I get this error:

./configure: error: the invalid value in --with-ld-opt="-lsasl"

Idea?

Thanks,
Andrea

----- Messaggio originale -----
Da: "Maxim Dounin" <mdounin at mdounin.ru>
A: nginx at nginx.org
Inviato: Venerd?, 6 luglio 2012 15:06:44
Oggetto: Re: Compile nginx for zimbra

Hello!

On Fri, Jul 06, 2012 at 01:30:33PM +0200, Andrea Soracchi wrote:

> I have a ubuntu 10.04 TLS. When compile nginx for zimbra 
> (http://zimbra.imladris.sk/download/src/HELIX-720.fbsd/ThirdParty/nginx/nginx-0.9-zimbra/) 
> I get this error:

[...]

> objs/src/mail/ngx_mail_handler.o: In function `ngx_mail_initialize_sasl':
> /usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:961: undefined reference to `sasl_server_init'
> /usr/local/src/nginx-0.9-zimbra/src/mail/ngx_mail_handler.c:965: undefined reference to `sasl_errstring'

This looks like problem in zimbra changes to nginx and you may 
have better luck asking in zimbra-related lists.

On the other hand, it looks like the problem is simple enough, and 
you just need to add "-lsasl" to ld flags.  Something like

./configure --with-ld-opt="-lsasl"

should work.

Maxim Dounin

_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx


From mdounin at mdounin.ru  Fri Jul  6 13:35:15 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 6 Jul 2012 17:35:15 +0400
Subject: Compile nginx for zimbra
In-Reply-To: <24525256.176.1341581101205.JavaMail.sorry@sorry>
References: <20120706130644.GL31671@mdounin.ru>
	<24525256.176.1341581101205.JavaMail.sorry@sorry>
Message-ID: <20120706133515.GP31671@mdounin.ru>

Hello!

On Fri, Jul 06, 2012 at 03:19:08PM +0200, Andrea Soracchi wrote:

> Hi,
> 
> thanks for your help.
> 
> I get this error:
> 
> ./configure: error: the invalid value in --with-ld-opt="-lsasl"
> 
> Idea?

Your ld doesn't like -lsasl options, i.e. you don't have SASL 
library installed, at least not in default library path. 

Maxim Dounin


From soracchi at netbuilder.it  Fri Jul  6 13:48:58 2012
From: soracchi at netbuilder.it (Andrea Soracchi)
Date: Fri, 6 Jul 2012 15:48:58 +0200 (CEST)
Subject: Compile nginx for zimbra
In-Reply-To: <20120706133515.GP31671@mdounin.ru>
Message-ID: <21702088.194.1341582891749.JavaMail.sorry@sorry>

Hi,

very strange. This is the output of command: dpkg --list | grep -i sasl:

ii  libsasl2-2                      2.1.23.dfsg1-5ubuntu1             Cyrus SASL - authentication abstraction libr
ii  libsasl2-dev                    2.1.23.dfsg1-5ubuntu1             Cyrus SASL - development files for authentic
ii  libsasl2-modules                2.1.23.dfsg1-5ubuntu1             Cyrus SASL - pluggable authentication module

Andrea

----- Messaggio originale -----
Da: "Maxim Dounin" <mdounin at mdounin.ru>
A: nginx at nginx.org
Inviato: Venerd?, 6 luglio 2012 15:35:15
Oggetto: Re: Compile nginx for zimbra

Hello!

On Fri, Jul 06, 2012 at 03:19:08PM +0200, Andrea Soracchi wrote:

> Hi,
> 
> thanks for your help.
> 
> I get this error:
> 
> ./configure: error: the invalid value in --with-ld-opt="-lsasl"
> 
> Idea?

Your ld doesn't like -lsasl options, i.e. you don't have SASL 
library installed, at least not in default library path. 

Maxim Dounin

_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx


From mdounin at mdounin.ru  Fri Jul  6 13:55:47 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 6 Jul 2012 17:55:47 +0400
Subject: Compile nginx for zimbra
In-Reply-To: <21702088.194.1341582891749.JavaMail.sorry@sorry>
References: <20120706133515.GP31671@mdounin.ru>
	<21702088.194.1341582891749.JavaMail.sorry@sorry>
Message-ID: <20120706135547.GR31671@mdounin.ru>

Hello!

On Fri, Jul 06, 2012 at 03:48:58PM +0200, Andrea Soracchi wrote:

> Hi,
> 
> very strange. This is the output of command: dpkg --list | grep -i sasl:
> 
> ii  libsasl2-2                      2.1.23.dfsg1-5ubuntu1             Cyrus SASL - authentication abstraction libr
> ii  libsasl2-dev                    2.1.23.dfsg1-5ubuntu1             Cyrus SASL - development files for authentic
> ii  libsasl2-modules                2.1.23.dfsg1-5ubuntu1             Cyrus SASL - pluggable authentication module

The name suggests it's libsasl2, not libsasl.  Try "-lsasl2" 
instead.

Maxim Dounin

> 
> Andrea
> 
> ----- Messaggio originale -----
> Da: "Maxim Dounin" <mdounin at mdounin.ru>
> A: nginx at nginx.org
> Inviato: Venerd?, 6 luglio 2012 15:35:15
> Oggetto: Re: Compile nginx for zimbra
> 
> Hello!
> 
> On Fri, Jul 06, 2012 at 03:19:08PM +0200, Andrea Soracchi wrote:
> 
> > Hi,
> > 
> > thanks for your help.
> > 
> > I get this error:
> > 
> > ./configure: error: the invalid value in --with-ld-opt="-lsasl"
> > 
> > Idea?
> 
> Your ld doesn't like -lsasl options, i.e. you don't have SASL 
> library installed, at least not in default library path. 
> 
> Maxim Dounin
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From soracchi at netbuilder.it  Fri Jul  6 13:59:53 2012
From: soracchi at netbuilder.it (Andrea Soracchi)
Date: Fri, 6 Jul 2012 15:59:53 +0200 (CEST)
Subject: Compile nginx for zimbra
In-Reply-To: <20120706135547.GR31671@mdounin.ru>
Message-ID: <17573486.198.1341583545305.JavaMail.sorry@sorry>

Thanks,

is all OK!

Have a nice week!

----- Messaggio originale -----
Da: "Maxim Dounin" <mdounin at mdounin.ru>
A: nginx at nginx.org
Inviato: Venerd?, 6 luglio 2012 15:55:47
Oggetto: Re: Compile nginx for zimbra

Hello!

On Fri, Jul 06, 2012 at 03:48:58PM +0200, Andrea Soracchi wrote:

> Hi,
> 
> very strange. This is the output of command: dpkg --list | grep -i sasl:
> 
> ii  libsasl2-2                      2.1.23.dfsg1-5ubuntu1             Cyrus SASL - authentication abstraction libr
> ii  libsasl2-dev                    2.1.23.dfsg1-5ubuntu1             Cyrus SASL - development files for authentic
> ii  libsasl2-modules                2.1.23.dfsg1-5ubuntu1             Cyrus SASL - pluggable authentication module

The name suggests it's libsasl2, not libsasl.  Try "-lsasl2" 
instead.

Maxim Dounin

> 
> Andrea
> 
> ----- Messaggio originale -----
> Da: "Maxim Dounin" <mdounin at mdounin.ru>
> A: nginx at nginx.org
> Inviato: Venerd?, 6 luglio 2012 15:35:15
> Oggetto: Re: Compile nginx for zimbra
> 
> Hello!
> 
> On Fri, Jul 06, 2012 at 03:19:08PM +0200, Andrea Soracchi wrote:
> 
> > Hi,
> > 
> > thanks for your help.
> > 
> > I get this error:
> > 
> > ./configure: error: the invalid value in --with-ld-opt="-lsasl"
> > 
> > Idea?
> 
> Your ld doesn't like -lsasl options, i.e. you don't have SASL 
> library installed, at least not in default library path. 
> 
> Maxim Dounin
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

_______________________________________________
nginx mailing list
nginx at nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx


From mangoo at wpkg.org  Fri Jul  6 14:32:08 2012
From: mangoo at wpkg.org (Tomasz Chmielewski)
Date: Fri, 06 Jul 2012 22:32:08 +0800
Subject: nginx serving large files - performance issues with more than
	~800-1000 connections
In-Reply-To: <20120524102547.GD31671@mdounin.ru>
References: <4FBDE338.40305@wpkg.org> <20120524102547.GD31671@mdounin.ru>
Message-ID: <4FF6F6E8.1010800@wpkg.org>

On 05/24/2012 06:25 PM, Maxim Dounin wrote:

>> Does it suggest nginx issues? Because the second nginx instance
>> serves the files fine.
>>
>> Or maybe some system / sysctl parameters?
> 
> It suggests you are disk-bound and all nginx workers are busy
> waiting for I/O operations.  Try looking here for basic
> optimization steps:
> 
> http://mailman.nginx.org/pipermail/nginx/2012-May/033761.html

I've tried to follow these recommendations, but don't really see any improvement.

The systems are not disk bound (see below).

Even if I try to fetch a file which is stored in tmpfs, it is slow - 20, 30 secs, even more, like here:

[root at da1 ~]# time curl ca3/404/404.html
curl: (7) couldn't connect to host

real    1m3.204s
user    0m0.000s
sys     0m0.000s


I see it only when the number of established connections to nginx is around 700 and more (most serving large files, so the connections are long-lived).



Disk load:

root at ca2:~# iostat -k 1
(...)

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
          21.23    0.00   25.69    2.41    0.00   50.66

Device:            tps    kB_read/s    kB_wrtn/s    kB_read    kB_wrtn
sda               0.00         0.00         0.00          0          0
sdb              26.00      1240.00         0.00       1240          0
sdc              23.00      2324.00         0.00       2324          0
sdd              12.00       916.00         0.00        916          0
sde               9.00       532.00         0.00        532          0
sdf               9.00       532.00         0.00        532          0
sdg               9.00       532.00         0.00        532          0
sdh              22.00      2196.00         0.00       2196          0
sdi              32.00      1044.00       172.00       1044        172
sdj               5.00        20.00         0.00         20          0
sdk              13.00      1044.00         0.00       1044          0
sdl              17.00      1556.00         0.00       1556          0
sdm              18.00       940.00         0.00        940          0


root at ca2:~# iostat -x 1

avg-cpu:  %user   %nice %system %iowait  %steal   %idle
          21.81    0.00   29.46    4.46    0.00   44.26

Device:         rrqm/s   wrqm/s     r/s     w/s   rsec/s   wsec/s avgrq-sz avgqu-sz   await  svctm  %util
sda               0.00     0.00    0.00    0.00     0.00     0.00     0.00     0.00    0.00   0.00   0.00
sdb               0.00    26.00    6.00    2.00  1536.00   224.00   220.00     0.00    0.00   0.00   0.00
sdc               0.00     0.00   18.00    0.00  2656.00     0.00   147.56     0.04    2.22   1.11   2.00
sdd               0.00    33.00    4.00    3.00  1024.00   288.00   187.43     0.00    0.00   0.00   0.00
sde               0.00    26.00    4.00    2.00   768.00   224.00   165.33     0.00    0.00   0.00   0.00
sdf               0.00    23.00    1.00    2.00   192.00   200.00   130.67     0.02    6.67   6.67   2.00
sdg               0.00    27.00    6.00    2.00   560.00   232.00    99.00     0.09   11.25   2.50   2.00
sdh               0.00    39.00   28.00   19.00  2392.00   464.00    60.77     0.24    5.11   0.85   4.00
sdi               0.00     0.00    8.00    0.00  1792.00     0.00   224.00     0.02    2.50   1.25   1.00
sdj               0.00    25.00    0.00    2.00     0.00   216.00   108.00     0.00    0.00   0.00   0.00
sdk               0.00     0.00    8.00    0.00  2048.00     0.00   256.00     0.03    3.75   2.50   2.00
sdl               0.00    28.00   14.00    2.00  1152.00   240.00    87.00     0.00    0.00   0.00   0.00
sdm               0.00    60.00    4.00    3.00  1024.00   504.00   218.29     0.01    1.43   1.43   1.00



-- 
Tomasz Chmielewski
http://www.ptraveler.com


From julyclyde at gmail.com  Fri Jul  6 14:44:15 2012
From: julyclyde at gmail.com (=?GB2312?B?yM7P/sDa?=)
Date: Fri, 6 Jul 2012 22:44:15 +0800
Subject: why should I use question mark ?
Message-ID: <47091FCC-B2AC-498E-A2FC-54F80EE0322B@gmail.com>

I want rewrite a uri to itself without querystring, I tried
rewrite .+ $uri permanent;
but it rewrite to the original uri, with querystring unstripped.

After googled, I try
rewrite .+ $uri? permanent;
and it works correctly. 

But why?

--
???????????????????
from iPad2 3G
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120706/12994393/attachment-0001.html>

From mdounin at mdounin.ru  Fri Jul  6 16:17:54 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 6 Jul 2012 20:17:54 +0400
Subject: nginx serving large files - performance issues with more than
	~800-1000 connections
In-Reply-To: <4FF6F6E8.1010800@wpkg.org>
References: <4FBDE338.40305@wpkg.org> <20120524102547.GD31671@mdounin.ru>
	<4FF6F6E8.1010800@wpkg.org>
Message-ID: <20120706161754.GS31671@mdounin.ru>

Hello!

On Fri, Jul 06, 2012 at 10:32:08PM +0800, Tomasz Chmielewski wrote:

> On 05/24/2012 06:25 PM, Maxim Dounin wrote:
> 
> >> Does it suggest nginx issues? Because the second nginx instance
> >> serves the files fine.
> >>
> >> Or maybe some system / sysctl parameters?
> > 
> > It suggests you are disk-bound and all nginx workers are busy
> > waiting for I/O operations.  Try looking here for basic
> > optimization steps:
> > 
> > http://mailman.nginx.org/pipermail/nginx/2012-May/033761.html
> 
> I've tried to follow these recommendations, but don't really see any improvement.
> 
> The systems are not disk bound (see below).

If your system isn't disk bound these recommendations aren't 
likely to help, indeed.  You have to find what's bottleneck in 
your case first.

On the other hand, the fact that second nginx instance running on 
different port doesn't have problems (as indicated in your 
original message) suggests there is some blocking which makes 
first instance slow.

Try looking into what nginx processes do when this happens.  
Something like

ps -eopid,user,args,wchan | grep nginx

should show where it blocks.

> Even if I try to fetch a file which is stored in tmpfs, it is 
> slow - 20, 30 secs, even more, like here:
> 
> [root at da1 ~]# time curl ca3/404/404.html
> curl: (7) couldn't connect to host
> 
> real    1m3.204s
> user    0m0.000s
> sys     0m0.000s
> 
> 
> I see it only when the number of established connections to 
> nginx is around 700 and more (most serving large files, so the 
> connections are long-lived).

Actually, this is expected behaviour for disk blocking: nginx 
worker processes are busy waiting for disk I/O and can't accept 
and handle new connections in a timely manner.  It doesn't matter 
where requested file resides as the pause is a result of nginx 
worker processes being blocked due to other requests.

[...]

Maxim Dounin


From nginx-forum at nginx.us  Fri Jul  6 16:22:20 2012
From: nginx-forum at nginx.us (itpp2012)
Date: Fri, 6 Jul 2012 12:22:20 -0400 (EDT)
Subject: 404 Not Found -- nginx/1.0.10
In-Reply-To: <51cc82b2926976f43edefa52dccee5cd.NginxMailingListEnglish@forum.nginx.org>
References: <51cc82b2926976f43edefa52dccee5cd.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <1552fec22f338e777654765cce8ee952.NginxMailingListEnglish@forum.nginx.org>

Virtual machines and nginx do work but you need to carefully look at the
network card you're using, the intel ones are the best.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219405,228338#msg-228338


From mdounin at mdounin.ru  Fri Jul  6 16:23:02 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 6 Jul 2012 20:23:02 +0400
Subject: why should I use question mark ?
In-Reply-To: <47091FCC-B2AC-498E-A2FC-54F80EE0322B@gmail.com>
References: <47091FCC-B2AC-498E-A2FC-54F80EE0322B@gmail.com>
Message-ID: <20120706162302.GT31671@mdounin.ru>

Hello!

On Fri, Jul 06, 2012 at 10:44:15PM +0800, ??? wrote:

> I want rewrite a uri to itself without querystring, I tried
> rewrite .+ $uri permanent;
> but it rewrite to the original uri, with querystring unstripped.
> 
> After googled, I try
> rewrite .+ $uri? permanent;
> and it works correctly. 
> 
> But why?

Because it's how it's expected to work.  By default the "rewrite" 
directive preserves query string, and even if you write arguments 
in a replacement string - they are added before original query 
string which is still preserved.  Trailing question mark is an 
explicit flag that you don't want to preserve query string.

http://nginx.org/r/rewrite

Maxim Dounin


From mangoo at wpkg.org  Fri Jul  6 17:17:18 2012
From: mangoo at wpkg.org (Tomasz Chmielewski)
Date: Sat, 07 Jul 2012 01:17:18 +0800
Subject: nginx serving large files - performance issues with more than
	~800-1000 connections
In-Reply-To: <20120706161754.GS31671@mdounin.ru>
References: <4FBDE338.40305@wpkg.org> <20120524102547.GD31671@mdounin.ru>
	<4FF6F6E8.1010800@wpkg.org> <20120706161754.GS31671@mdounin.ru>
Message-ID: <4FF71D9E.5030003@wpkg.org>

On 07/07/2012 12:17 AM, Maxim Dounin wrote:

> On the other hand, the fact that second nginx instance running on
> different port doesn't have problems (as indicated in your
> original message) suggests there is some blocking which makes
> first instance slow.
>
> Try looking into what nginx processes do when this happens.
> Something like
>
> ps -eopid,user,args,wchan | grep nginx
>
> should show where it blocks.

OK, it's the time of the day when the traffic drops (Asia based 
deployment), below ~600 connections, so I no longer see this "blocking".
Will follow up tomorrow.


> Actually, this is expected behaviour for disk blocking: nginx
> worker processes are busy waiting for disk I/O and can't accept
> and handle new connections in a timely manner.  It doesn't matter
> where requested file resides as the pause is a result of nginx
> worker processes being blocked due to other requests.

OK, so, what would be the conclusion? Start hundreds of worker processes?
Say, 512 or even 1024 instead of 32 I'm running now?

Note that I don't see any blocked processes with:

# ps aux | grep D

Rarely, there will be 1-3 nginx processes there, but they disappear very 
fast (i.e. immediately after I run the next ps, they are no longer there).

-- 
Tomasz Chmielewski
http://www.ptraveler.com


From nginx-forum at nginx.us  Fri Jul  6 17:40:19 2012
From: nginx-forum at nginx.us (eddz)
Date: Fri, 6 Jul 2012 13:40:19 -0400 (EDT)
Subject: 404 Not Found -- nginx/1.0.10
In-Reply-To: <6712945f399bef2b3362d5d07d227b09.NginxMailingListEnglish@forum.nginx.org>
References: <51cc82b2926976f43edefa52dccee5cd.NginxMailingListEnglish@forum.nginx.org>
	<48588bf169f802f9a4e463200cb73889.NginxMailingListEnglish@forum.nginx.org>
	<6712945f399bef2b3362d5d07d227b09.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <6263bc4461423b6a45f642877271b97c.NginxMailingListEnglish@forum.nginx.org>

Thanks itpp2012. But I'm running nginx on a standalone server with
php-fpm and am having exactly the same problem: random 404s after a
period of everything working, which only a restart can resolve. I'm
pulling my hair out trying to figure this out, and am so close to using
apache instead.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219405,228341#msg-228341


From nginx-forum at nginx.us  Fri Jul  6 23:45:29 2012
From: nginx-forum at nginx.us (gyre007)
Date: Fri, 6 Jul 2012 19:45:29 -0400 (EDT)
Subject: access log off nginx not working ?
Message-ID: <33f8500091ca2280c0399d93d43ed56c.NginxMailingListEnglish@forum.nginx.org>

I have the following drop.conf files located in /etc/nginx/drop.conf

location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { allow all; access_log off; log_not_found off;
}
location = /apple-touch-icon.png { access_log off; log_not_found off; }
location = /apple-touch-icon-precomposed.png { access_log off;
log_not_found off; }
location ~ /\. { deny all; access_log off; log_not_found off; }
location ~* ^/wp-content/uploads/.*.php$ {
    deny all;
    access_log off;
    log_not_found off;
}
location ~* /files/(.*).php$ {
    deny all;
    access_log off;
    log_not_found off;
}

Strange thing is when I include it in whichever server directive - ie in
whichever virtual host I have configured - I'm still getting favicon
logs in my access log. Is this a BUG ?? 
It looks like the include is simply not working ?

Example of the virtual host I'm including this in:

server {
        listen       127.0.0.1:8080;
        server_name  .somehost.com;
    root  /var/www/somehost.com;

        access_log /var/log/nginx/somehost.com-access.nginx.log main;
    error_log  /var/log/nginx/somehost.com-error.nginx.log;

        location ~* \.php.$ {
        # Proxy all requests with an URI ending with .php*
        # (includes PHP, PHP3, PHP4, PHP5...)
        include /etc/nginx/fastcgi.conf;
        }

        # all other files
        location / {
            root  /var/www/somehost.com;
        }

        error_page 404 /errors/404.html;
        location /errors/ {
                alias /var/www/errors/;
                internal;
        }

        #this loads custom logging configuration which disables favicon
error logging
        include /etc/nginx/drop.conf;
}

yet in access logs for that domain im still seeing:

***** - - [06/Jul/2012:22:16:05 +0000]  "GET /favicon.ico HTTP/1.1" 404
134 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4)
AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47
Safari/536.11"
Yes I have restarted and reloaded nginx.

When I add a specific location directive directly to the virtual host
above and disable the include by commenting it in,  favicon.ico requests
ARE STILL being logged. ie. I comment in include bit and add the
following to the above virtual host:

#include /etc/nginx/drop.conf;
location = /favicon.ico { access_log off; log_not_found off; }

Am I missing out something really obvious ? Or is this is a BUG ?
Cheers

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228344,228344#msg-228344


From julyclyde at gmail.com  Sat Jul  7 00:39:48 2012
From: julyclyde at gmail.com (=?GB2312?B?yM7P/sDa?=)
Date: Sat, 7 Jul 2012 08:39:48 +0800
Subject: why should I use question mark ?
In-Reply-To: <20120706162302.GT31671@mdounin.ru>
References: <47091FCC-B2AC-498E-A2FC-54F80EE0322B@gmail.com>
	<20120706162302.GT31671@mdounin.ru>
Message-ID: <124C39A0-147A-4411-A40B-B84D4F6870BE@gmail.com>


On 2012-7-7, at 0:23, Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
> 
> Because it's how it's expected to work.  By default the "rewrite" 
> directive preserves query string, and even if you write arguments 
> in a replacement string - they are added before original query 
> string which is still preserved.  Trailing question mark is an 
> explicit flag that you don't want to preserve query string.
> 
> http://nginx.org/r/rewrite
> 
Thank you. I was too careless to look though the wiki.


From mangoo at wpkg.org  Sat Jul  7 02:54:14 2012
From: mangoo at wpkg.org (Tomasz Chmielewski)
Date: Sat, 07 Jul 2012 10:54:14 +0800
Subject: nginx serving large files - performance issues with more than
	~800-1000 connections
In-Reply-To: <4FF71D9E.5030003@wpkg.org>
References: <4FBDE338.40305@wpkg.org> <20120524102547.GD31671@mdounin.ru>
	<4FF6F6E8.1010800@wpkg.org> <20120706161754.GS31671@mdounin.ru>
	<4FF71D9E.5030003@wpkg.org>
Message-ID: <4FF7A4D6.9090906@wpkg.org>

On 07/07/2012 01:17 AM, Tomasz Chmielewski wrote:
> On 07/07/2012 12:17 AM, Maxim Dounin wrote:
>
>> On the other hand, the fact that second nginx instance running on
>> different port doesn't have problems (as indicated in your
>> original message) suggests there is some blocking which makes
>> first instance slow.
>>
>> Try looking into what nginx processes do when this happens.
>> Something like
>>
>> ps -eopid,user,args,wchan | grep nginx
>>
>> should show where it blocks.
>
> OK, it's the time of the day when the traffic drops (Asia based
> deployment), below ~600 connections, so I no longer see this "blocking".
> Will follow up tomorrow.

OK, the traffic is back, I'm finally able to run "ps 
-eopid,user,args,wchan". I see 16 nginx processes in 
"wait_answer_interruptible" state (which matches the worker_processes 
setting on this server).


root at ca2:~# ps aux|grep D
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root      1900  0.0  0.0   7608   844 pts/1    S+   02:48   0:00 grep D

root at ca2:~# ps aux|grep D
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root      1902  0.0  0.0   7608   848 pts/1    S+   02:48   0:00 grep D

root at ca2:~# netstat -tpna | grep -c ESTABLI
637

root at ca2:~# ps aux|grep D
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root      1906  0.0  0.0   7608   844 pts/1    S+   02:48   0:00 grep D

root at ca2:~# ps -eopid,user,args,wchan | grep nginx
  1908 root     grep nginx                  pipe_wait
25101 root     nginx: master process /usr/ rt_sigsuspend
29353 www-data nginx: worker process       wait_answer_interruptible
29354 www-data nginx: worker process       wait_answer_interruptible
29355 www-data nginx: worker process       wait_answer_interruptible
29356 www-data nginx: worker process       wait_answer_interruptible
29357 www-data nginx: worker process       wait_answer_interruptible
29358 www-data nginx: worker process       wait_answer_interruptible
29359 www-data nginx: worker process       wait_answer_interruptible
29360 www-data nginx: worker process       wait_answer_interruptible
29361 www-data nginx: worker process       wait_answer_interruptible
29362 www-data nginx: worker process       wait_answer_interruptible
29363 www-data nginx: worker process       wait_answer_interruptible
29364 www-data nginx: worker process       wait_answer_interruptible
29365 www-data nginx: worker process       wait_answer_interruptible
29366 www-data nginx: worker process       wait_answer_interruptible
29367 www-data nginx: worker process       wait_answer_interruptible
29368 www-data nginx: worker process       wait_answer_interruptible




-- 
Tomasz Chmielewski
http://www.ptravever.com


From mdounin at mdounin.ru  Sat Jul  7 07:23:32 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Sat, 7 Jul 2012 11:23:32 +0400
Subject: access log off nginx not working ?
In-Reply-To: <33f8500091ca2280c0399d93d43ed56c.NginxMailingListEnglish@forum.nginx.org>
References: <33f8500091ca2280c0399d93d43ed56c.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120707072332.GV31671@mdounin.ru>

Hello!

On Fri, Jul 06, 2012 at 07:45:29PM -0400, gyre007 wrote:

> I have the following drop.conf files located in /etc/nginx/drop.conf
> 
> location = /favicon.ico { access_log off; log_not_found off; }

[...]

> Strange thing is when I include it in whichever server directive - ie in
> whichever virtual host I have configured - I'm still getting favicon
> logs in my access log. Is this a BUG ?? 
> It looks like the include is simply not working ?
> 
> Example of the virtual host I'm including this in:
> 
> server {

[...]

>         error_page 404 /errors/404.html;
>         location /errors/ {
>                 alias /var/www/errors/;
>                 internal;
>         }

[...]

> ***** - - [06/Jul/2012:22:16:05 +0000]  "GET /favicon.ico HTTP/1.1" 404
> 134 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4)
> AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47
> Safari/536.11"

[...]

> Am I missing out something really obvious ?

Requests are logged in context of a location where request 
execution ends up.  As you have error_page 404 defined, and no 
favicon.ico file - error 404 is generated and redirected to 
/errors/404.html.  As a result request is logged in context of 
"location /errors/" where you have access log enabled.

Maxim Dounin


From mdounin at mdounin.ru  Sat Jul  7 10:17:31 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Sat, 7 Jul 2012 14:17:31 +0400
Subject: nginx serving large files - performance issues with more than
	~800-1000 connections
In-Reply-To: <4FF7A4D6.9090906@wpkg.org>
References: <4FBDE338.40305@wpkg.org> <20120524102547.GD31671@mdounin.ru>
	<4FF6F6E8.1010800@wpkg.org> <20120706161754.GS31671@mdounin.ru>
	<4FF71D9E.5030003@wpkg.org> <4FF7A4D6.9090906@wpkg.org>
Message-ID: <20120707101731.GW31671@mdounin.ru>

Hello!

On Sat, Jul 07, 2012 at 10:54:14AM +0800, Tomasz Chmielewski wrote:

> On 07/07/2012 01:17 AM, Tomasz Chmielewski wrote:
> >On 07/07/2012 12:17 AM, Maxim Dounin wrote:
> >
> >>On the other hand, the fact that second nginx instance running on
> >>different port doesn't have problems (as indicated in your
> >>original message) suggests there is some blocking which makes
> >>first instance slow.
> >>
> >>Try looking into what nginx processes do when this happens.
> >>Something like
> >>
> >>ps -eopid,user,args,wchan | grep nginx
> >>
> >>should show where it blocks.
> >
> >OK, it's the time of the day when the traffic drops (Asia based
> >deployment), below ~600 connections, so I no longer see this "blocking".
> >Will follow up tomorrow.
> 
> OK, the traffic is back, I'm finally able to run "ps
> -eopid,user,args,wchan". I see 16 nginx processes in
> "wait_answer_interruptible" state (which matches the
> worker_processes setting on this server).

Trivial grep though Linux sources suggests this is blocking on 
fuse filesystem accesses.  So after all it's disk blocking, at 
least from nginx point of view.

All basic optimization steps still apply, though correct 
optimization of your filesystem probably much more important here.  

(Just in case, correct optimization for network filesystems like 
nfs is to avoid their use with nginx and use proxying instead.)

Maxim Dounin


From nginx-forum at nginx.us  Sat Jul  7 10:29:00 2012
From: nginx-forum at nginx.us (itpp2012)
Date: Sat, 7 Jul 2012 06:29:00 -0400 (EDT)
Subject: 404 Not Found -- nginx/1.0.10
In-Reply-To: <6263bc4461423b6a45f642877271b97c.NginxMailingListEnglish@forum.nginx.org>
References: <51cc82b2926976f43edefa52dccee5cd.NginxMailingListEnglish@forum.nginx.org>
	<48588bf169f802f9a4e463200cb73889.NginxMailingListEnglish@forum.nginx.org>
	<6712945f399bef2b3362d5d07d227b09.NginxMailingListEnglish@forum.nginx.org>
	<6263bc4461423b6a45f642877271b97c.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <f69420ced782edf1dcb2b68b06d3319d.NginxMailingListEnglish@forum.nginx.org>

I've had the same sort of issue yesterday with 1.2.2, all of a sudden
404's but with a additional 'No input file specified' coming from the
php backend(and 1 sec later from nginx cache 'HIT'), one minute later
and everything was normal again. No floods, normal traffic, no
additional log entries... Only backend effected, normal static sites
worked ok.

Restarts did not help either which is the weirdest, but then again I did
change alot recently like using nginx caching with the php backend, php
code RC cacher. And I did wanted to update php anyway to the 5.4 branch,
so now updated everything to 5.4, changed a dozen php apps to work
properly with 5.4 and now waiting to see if the issue happens again.

There are memory corruption issues with php 5.3 which have been fixed in
svn but not compiled/released yet, 5.4 does not have these issues so
hopefully 5.4 solves this weirdness.

It does sound like a php issue (75% sure) but it could be a nginx issue
as well like for some reason not passing data to the backend, however it
is extremely weird when restarting nginx and the backends the problem
persisted ! either wait without restarting or restart 3-4 times before
things are back to normal.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219405,228355#msg-228355


From nginx-forum at nginx.us  Sat Jul  7 12:49:02 2012
From: nginx-forum at nginx.us (Adrian Janeczek)
Date: Sat, 7 Jul 2012 08:49:02 -0400 (EDT)
Subject: Nginx truncate files than 1G
Message-ID: <371e5736111c8cb26fb07193dc4953b1.NginxMailingListEnglish@forum.nginx.org>

Hi my nginx truncate files than 1 G

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228356,228356#msg-228356


From nginx-forum at nginx.us  Sat Jul  7 13:52:52 2012
From: nginx-forum at nginx.us (gyre007)
Date: Sat, 7 Jul 2012 09:52:52 -0400 (EDT)
Subject: access log off nginx not working ?
In-Reply-To: <20120707072332.GV31671@mdounin.ru>
References: <20120707072332.GV31671@mdounin.ru>
Message-ID: <9367c68dd5f38714f2a5722e8b627151.NginxMailingListEnglish@forum.nginx.org>

Hi Max,

> Requests are logged in context of a location where
> request 
> execution ends up.  As you have error_page 404
> defined, and no 
> favicon.ico file - error 404 is generated and
> redirected to 
> /errors/404.html.  As a result request is logged
> in context of 
> "location /errors/" where you have access log
> enabled.
> 
> Maxim Dounin

thanks for the explanation - that was my initial thought too but as I'm
rookie I wasn't sure. Thanks again.
In that case I'm hitting a wall while trying to figure out how to
configure my server for the following scenario.
I have fastcgi_intercept_errors set in http block and have put
error_pages directive in the virtual host definition above to handle the
cases when someone tries to access PHP URI which does not exist ? if I
take it away then Im getting ?no input file specified? ? which  I
know makes sense as PHP-FPM is not able to find given file and reports
back to browser. 

The problem with this configuration is that the drop.conf file is
completely "ignored" because of what you said - so when I take
error_page bit out then drop.conf file is suddenly taken into account
and favicon.ico is no longer being logged. The question is how do I
handle this situation -> return 404 page when someone is accessing non
existing PHP URI and at the same time disable logging as per drop.conf
file ? Im banging my head against the table.
Any help appreciated.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228344,228359#msg-228359


From wendal1985 at gmail.com  Sat Jul  7 14:01:46 2012
From: wendal1985 at gmail.com (Wendal Chen)
Date: Sat, 7 Jul 2012 22:01:46 +0800
Subject: nginx-1.3.2
In-Reply-To: <20120705152636.9860@gmx.net>
References: <20120626140023.GJ31671@mdounin.ru>
	<CAGo79UV7OUT-2Pj=2e=f=i=wiMvHs3ZF1saE1kLaKGb4m5d=eg@mail.gmail.com>
	<CAD3xhrM+FBVqeJsddDmTmqCxyVpv2xEUmuXUywB+fpC9kwM+kQ@mail.gmail.com>
	<CAD3xhrP1OtPoO2AQ1G6ojqB3BmreouxaAvzjSwSCk=wp8bfGxQ@mail.gmail.com>
	<CAD3xhrO2Porv7cdKx4QKtRx8FtZj7L+PV2rnEp-zN3cjqYwLYQ@mail.gmail.com>
	<CAD3xhrPEJiGHnZrh=Wb9Zk2Liem0FD60EhOBwNy_LySGrPfGAA@mail.gmail.com>
	<CAM79QPUqSz+=CmmwHuaD9ccnLZJqR1Oos4oLXTqjuPKXoG=Rcw@mail.gmail.com>
	<20120705125647.GD31671@mdounin.ru>
	<CAM79QPXBUf64X5xquHrd17=e0FaO-mTBds7jpEm4Sq1pJhZ0tA@mail.gmail.com>
	<20120705152636.9860@gmx.net>
Message-ID: <CAM79QPU_VX+cBR8f9L=v6u9YWuEdQrf+Uoav9JPx3kayTA_sZw@mail.gmail.com>

Where I can found " a binary for ARM " ?

Thank you for any help!!

2012/7/5 Steve <steeeeeveee at gmx.net>

> -------- Original-Nachricht --------
> > Datum: Thu, 5 Jul 2012 22:43:43 +0800
> > Von: Wendal Chen <wendal1985 at gmail.com>
> > An: nginx at nginx.org
> > Betreff: Re: nginx-1.3.2
>
> > How?
> >
> Compile it directly on ARM or cross compile it or use a binary for ARM.
>
>
> > Can you pls  provide  a  example configure cmd?
> >
> > 2012/7/5 Maxim Dounin <mdounin at mdounin.ru>
> >
> > > Hello!
> > >
> > > On Thu, Jul 05, 2012 at 06:51:59PM +0800, Wendal Chen wrote:
> > >
> > > [...]
> > >
> > > > >>>>> >    *) Bugfix: nginx might be terminated abnormally on a
> SIGBUS
> > > > >>>>> signal on
> > > > >>>>> >       ARM platform.
> > > >
> > > > Nginx can run in ARM ?
> > >
> > > Yes.
> > >
> > > Maxim Dounin
> > >
> > > _______________________________________________
> > > nginx mailing list
> > > nginx at nginx.org
> > > http://mailman.nginx.org/mailman/listinfo/nginx
> > >
> >
> >
> >
> > --
> > Wendal Chen
> > GuangDong China
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



-- 
Wendal Chen
GuangDong China
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120707/9393f34d/attachment.html>

From nginx-forum at nginx.us  Sat Jul  7 15:07:28 2012
From: nginx-forum at nginx.us (Jiff)
Date: Sat, 7 Jul 2012 11:07:28 -0400 (EDT)
Subject: Make an internal site available on the web, proxy? + security
Message-ID: <0303b18b8b02cb2b54d3ef0249c435b8.NginxMailingListEnglish@forum.nginx.org>

Hi Forumators,

Everything is done from home.

I've a small cms (the exxxcellent lightspeed razorcms) from which I
serve my own little site: adsl box is forwarding the external port 80 to
svr.loc:80, and everything's fine.

What I would like to do - IF it is possible - is to add a "page" into my
site that is in fact a wiki installed on another LAN machine
(svrwiki.loc); my guess is, it could be achieved w/ nginx proxy, but I
don't see how (nor what to write in the "page").

My other question is about security: this wiki will contain some
sensitive information; so, is basic auth + fail2ban (set to jail any
client that would fail to authenticate 3 times in 3 seconds) really
sufficient to avoid any tampering, or should I consider another way to
do that? (and which way?)

Jiff

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228364,228364#msg-228364


From ne at vbart.ru  Sat Jul  7 15:14:52 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Sat, 7 Jul 2012 19:14:52 +0400
Subject: nginx-1.3.2
In-Reply-To: <CAM79QPU_VX+cBR8f9L=v6u9YWuEdQrf+Uoav9JPx3kayTA_sZw@mail.gmail.com>
References: <20120626140023.GJ31671@mdounin.ru> <20120705152636.9860@gmx.net>
	<CAM79QPU_VX+cBR8f9L=v6u9YWuEdQrf+Uoav9JPx3kayTA_sZw@mail.gmail.com>
Message-ID: <201207071914.52827.ne@vbart.ru>

On Saturday 07 July 2012 18:01:46 Wendal Chen wrote:
> Where I can found " a binary for ARM " ?
> 
> Thank you for any help!!
> 

In the package repository of your distro.

For example:
http://archlinuxarm.org/packages?search=nginx
http://packages.debian.org/search?arch=arm&keywords=nginx

 wbr, Valentin V. Bartenev


From ne at vbart.ru  Sat Jul  7 15:51:14 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Sat, 7 Jul 2012 19:51:14 +0400
Subject: access log off nginx not working ?
In-Reply-To: <9367c68dd5f38714f2a5722e8b627151.NginxMailingListEnglish@forum.nginx.org>
References: <20120707072332.GV31671@mdounin.ru>
	<9367c68dd5f38714f2a5722e8b627151.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <201207071951.14411.ne@vbart.ru>

On Saturday 07 July 2012 17:52:52 gyre007 wrote:
[...]
> The problem with this configuration is that the drop.conf file is
> completely "ignored" because of what you said - so when I take
> error_page bit out then drop.conf file is suddenly taken into account
> and favicon.ico is no longer being logged. The question is how do I
> handle this situation -> return 404 page when someone is accessing non
> existing PHP URI and at the same time disable logging as per drop.conf
> file ? Im banging my head against the table.
> Any help appreciated.
> 

  error_page 404 /errors/404.html;

  location /errors/ {
      internal;
      root /var/www;
  }

  location /errors/nolog/ {
      internal;
      alias /var/www/errors/;
      access_log off;
  }

  location = /favicon.ico {
      error_page 404 /errors/nolog/404.html;
      log_not_found off;
  }

etc...

 wbr, Valentin V. Bartenev


From nginx-forum at nginx.us  Sat Jul  7 17:56:25 2012
From: nginx-forum at nginx.us (arosolino)
Date: Sat, 7 Jul 2012 13:56:25 -0400 (EDT)
Subject: integrating event_add_timer, am I doing this right?
Message-ID: <462e1247b59d21e41e89318eebc5a72e.NginxMailingListEnglish@forum.nginx.org>

Hi,

So I have module where I need a certain number of events only to run
every 1 second. As of right now I am running them on every request and
it's using a mutex lock. So at 500 requests a second you can see where
this is unnecessary and causing a problem.

So after some research I attached my own method to the "init process"
handler. I then noticed it's called for each worker process, so whatever
worker_processes is equal to. So in my case my method was being called
16 times.

Now I do not need to attach it to 16 processes, only one. So I created a
shared memory that would store the pid of the first process. If the next
worker sees a PID is already set then it returns.

Then I attach my method to event_add_timer to have it run every second.

This is working great, and with workers I only have one of the workers
timing my method every second.

Now my question is, was this the right way to go about this? Here is my
code for the init process handler.

/* Initialize process */
static ngx_int_t ngx_http_mymodule_init_proc(ngx_cycle_t *cycle)
{

	// There is already an event owner set.
	if(ngx_http_mymodule_shm->event_owner)
		return NGX_OK;

	// Set the event owner.
	ngx_http_mymodule_shm->event_owner = ngx_pid;

	// Let's try to add a timer just for fun.
	ngx_http_mymodule_timer->log = cycle->log;
	ngx_http_mymodule_timer->data = ""; // Blank for now
	ngx_http_mymodule_timer->handler = ngx_http_mymodule_timer_test;
	ngx_add_timer(ngx_http_mymodule_timer, 1000);
		
	return NGX_OK;
}

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228369,228369#msg-228369


From sb at waeme.net  Sat Jul  7 20:40:36 2012
From: sb at waeme.net (Sergey Budnevitch)
Date: Sun, 8 Jul 2012 00:40:36 +0400
Subject: nginx-1.3.2
In-Reply-To: <CAM79QPU_VX+cBR8f9L=v6u9YWuEdQrf+Uoav9JPx3kayTA_sZw@mail.gmail.com>
References: <20120626140023.GJ31671@mdounin.ru>
	<CAGo79UV7OUT-2Pj=2e=f=i=wiMvHs3ZF1saE1kLaKGb4m5d=eg@mail.gmail.com>
	<CAD3xhrM+FBVqeJsddDmTmqCxyVpv2xEUmuXUywB+fpC9kwM+kQ@mail.gmail.com>
	<CAD3xhrP1OtPoO2AQ1G6ojqB3BmreouxaAvzjSwSCk=wp8bfGxQ@mail.gmail.com>
	<CAD3xhrO2Porv7cdKx4QKtRx8FtZj7L+PV2rnEp-zN3cjqYwLYQ@mail.gmail.com>
	<CAD3xhrPEJiGHnZrh=Wb9Zk2Liem0FD60EhOBwNy_LySGrPfGAA@mail.gmail.com>
	<CAM79QPUqSz+=CmmwHuaD9ccnLZJqR1Oos4oLXTqjuPKXoG=Rcw@mail.gmail.com>
	<20120705125647.GD31671@mdounin.ru>
	<CAM79QPXBUf64X5xquHrd17=e0FaO-mTBds7jpEm4Sq1pJhZ0tA@mail.gmail.com>
	<20120705152636.9860@gmx.net>
	<CAM79QPU_VX+cBR8f9L=v6u9YWuEdQrf+Uoav9JPx3kayTA_sZw@mail.gmail.com>
Message-ID: <F0B4EDB3-EDE7-42FE-AB37-A4DF7A0343FB@waeme.net>


On 07.07.2012, at 18:01, Wendal Chen wrote:

> Where I can found " a binary for ARM " ?

We build package for debian6-armel (little-endian arm) too:
http://nginx.org/packages/debian/pool/nginx/n/nginx/nginx_1.2.2-1~squeeze_armel.deb


From steeeeeveee at gmx.net  Sat Jul  7 22:42:46 2012
From: steeeeeveee at gmx.net (Steve)
Date: Sun, 08 Jul 2012 00:42:46 +0200
Subject: Nginx truncate files than 1G
In-Reply-To: <371e5736111c8cb26fb07193dc4953b1.NginxMailingListEnglish@forum.nginx.org>
References: <371e5736111c8cb26fb07193dc4953b1.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120707224246.29760@gmx.net>


-------- Original-Nachricht --------
> Datum: Sat, 7 Jul 2012 08:49:02 -0400 (EDT)
> Von: "Adrian Janeczek" <nginx-forum at nginx.us>
> An: nginx at nginx.org
> Betreff: Nginx truncate files than 1G

> Hi my nginx truncate files than 1 G
> 
<sarcasm>Wow! So much information at once? I am not sure if we here can handle that much information!</sarcasm>

Would it be possible for you to provide at least some minimal information like what version of nginx you are using, what arch, what exactly you are trying to do, nginx configuration, etc....




> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,228356,228356#msg-228356
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From nginx-forum at nginx.us  Sun Jul  8 04:52:29 2012
From: nginx-forum at nginx.us (arosolino)
Date: Sun, 8 Jul 2012 00:52:29 -0400 (EDT)
Subject: integrating event_add_timer, am I doing this right?
In-Reply-To: <462e1247b59d21e41e89318eebc5a72e.NginxMailingListEnglish@forum.nginx.org>
References: <462e1247b59d21e41e89318eebc5a72e.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <cf78f125389fe9e42860de32458cae7e.NginxMailingListEnglish@forum.nginx.org>

I need to allocate some memory inside the event, can i use the
cycle->pool?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228369,228381#msg-228381


From nginx-forum at nginx.us  Sun Jul  8 07:00:14 2012
From: nginx-forum at nginx.us (arosolino)
Date: Sun, 8 Jul 2012 03:00:14 -0400 (EDT)
Subject: integrating event_add_timer, am I doing this right?
In-Reply-To: <462e1247b59d21e41e89318eebc5a72e.NginxMailingListEnglish@forum.nginx.org>
References: <462e1247b59d21e41e89318eebc5a72e.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <1b2fc214d683ac28c765c3505f4bf873.NginxMailingListEnglish@forum.nginx.org>

I think I figured this out on my own, there posed an issue if a worker
thread died. NGINX will automatically respawn a new one, and I need to
make sure the event attaches to the new one. This code ended up working
good.

	// There is already an event owner set.
	if(dosstop_shm->event_owner)
	{
		// Does the PID still exist?
        for (s = 0; s < ngx_last_process; s++) {
            if (ngx_processes[s].pid == dosstop_shm->event_owner &&
!ngx_processes[s].exited) {
				ngx_shmtx_unlock(&shpool->mutex);
                return NGX_OK;
            }
        }
	}

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228369,228383#msg-228383


From mdounin at mdounin.ru  Sun Jul  8 09:24:14 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Sun, 8 Jul 2012 13:24:14 +0400
Subject: Nginx truncate files than 1G
In-Reply-To: <371e5736111c8cb26fb07193dc4953b1.NginxMailingListEnglish@forum.nginx.org>
References: <371e5736111c8cb26fb07193dc4953b1.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120708092414.GY31671@mdounin.ru>

Hello!

On Sat, Jul 07, 2012 at 08:49:02AM -0400, Adrian Janeczek wrote:

> Hi my nginx truncate files than 1 G

Most likely it's due to your backend closing connection due to 
timeout, as nginx stop receiving response for a while when it hits 
proxy_max_temp_file_size, which is 1G by default.

Possible solutions are:

1. Use lower proxy_max_temp_file_size to avoid timeouts on 
backends.  You may even want to disable disk buffering completely, 
by using "proxy_max_temp_file_size 0;".

2. Use bigger proxy_max_temp_file_size to make sure responses are 
always buffered by nginx.

3. Use bigger timeouts on your backend.

See here for more details:

http://nginx.org/r/proxy_max_temp_file_size

Maxim Dounin


From gmm at csdoc.com  Sun Jul  8 09:55:31 2012
From: gmm at csdoc.com (Gena Makhomed)
Date: Sun, 08 Jul 2012 12:55:31 +0300
Subject: Nginx truncate files than 1G
In-Reply-To: <20120708092414.GY31671@mdounin.ru>
References: <371e5736111c8cb26fb07193dc4953b1.NginxMailingListEnglish@forum.nginx.org>
	<20120708092414.GY31671@mdounin.ru>
Message-ID: <4FF95913.30402@csdoc.com>

On 08.07.2012 12:24, Maxim Dounin wrote:

>> Hi my nginx truncate files than 1 G
>
> Most likely it's due to your backend closing connection due to
> timeout, as nginx stop receiving response for a while when it hits
> proxy_max_temp_file_size, which is 1G by default.
>
> Possible solutions are:
>
> 1. Use lower proxy_max_temp_file_size to avoid timeouts on
> backends.  You may even want to disable disk buffering completely,
> by using "proxy_max_temp_file_size 0;".
>
> 2. Use bigger proxy_max_temp_file_size to make sure responses are
> always buffered by nginx.
>
> 3. Use bigger timeouts on your backend.
>
> See here for more details:
>
> http://nginx.org/r/proxy_max_temp_file_size

4. send static content directly by nginx, without backend server at all
(proxy to backend only requests to dynamic content: *.php, etc)

5. or use X-Accel-Redirect at backend to avoid full transfer of file
(http://kovyrin.net/2006/11/01/nginx-x-accel-redirect-php-rails/)

6. or use https://github.com/defanator/mod_aclr2

-- 
Best regards,
  Gena



From tdgh2323 at hotmail.com  Sun Jul  8 21:41:23 2012
From: tdgh2323 at hotmail.com (Joseph Cabezas)
Date: Sun, 8 Jul 2012 21:41:23 +0000
Subject: Tool to BAN IPs based on amount of requests and response codes.
Message-ID: <BLU144-W136BDD76B70CBEE1F0DF65D0EC0@phx.gbl>


   Hello all!!

Is there a log parser OR nginx module out there that can do this? 
I prefer this to be a tool that can invoke an iptables action, but not necessarily.
 
 
 BAN If an IP makes more then X requests per hour or day 
(limit zone module only limits based on r/m, and r/s)
EXAMPLE USE: No IP should be able to send 600 requests to a site with 60 pages per day.

BAN If an IP makes more then X requests to a SINGLE url per hour or day 

(this is not the same as the first, the first being any URL total, this being single URL total)
EXAMPLE USE: No IP should be able to send 60 requests as GET / per day.


BAN if an IP produces more then X requests per hour or day that result in 400, or 404 errors.
EXAMPLE USE: Only scanners generate more then 40 400s, or 404s to my site.

 
Fail2Ban doesnt work on this because it does not do accounting as far as I understand, i also understand that preferably the tool should work on RAM rather then parsing logs because of intensive IO consumption.
 

If it doesnt exist can anybody orientate me if one can be created and what could i base it off?


Joseph
 		 	   		  

From nginx-forum at nginx.us  Mon Jul  9 02:56:33 2012
From: nginx-forum at nginx.us (arosolino)
Date: Sun, 8 Jul 2012 22:56:33 -0400 (EDT)
Subject: Executing iptables command from module
Message-ID: <6f8133ee4b2d8c8298d7ddc505af7b13.NginxMailingListEnglish@forum.nginx.org>

I would like to implement iptables into my module, now I want to know if
I should even try to do this. I know the worker processes don't run as
root but the master does. So this most likely means I would need to
utilize the system() command using the master process?

Is this the right way to go about this, or do I just need to stop
pursuing this and let other stuff as fail2ban.

If it's possible to pursue I just need some quick guidance on how I
could achieve this.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228416,228416#msg-228416


From josh at joshparker.us  Mon Jul  9 04:49:19 2012
From: josh at joshparker.us (Parker, Joshua)
Date: Mon, 9 Jul 2012 00:49:19 -0400
Subject: Tool to BAN IPs based on amount of requests and response codes.
In-Reply-To: <BLU144-W136BDD76B70CBEE1F0DF65D0EC0@phx.gbl>
References: <BLU144-W136BDD76B70CBEE1F0DF65D0EC0@phx.gbl>
Message-ID: <CAOa7tqYfPhVkL1GvqnfK983PN8Vg4E17i4Qa9A6kzNwC1kkyEA@mail.gmail.com>

These may be of help:

http://blog.bodhizazen.net/linux/prevent-dos-with-iptables/

http://codelog.climens.net/2011/02/13/using-fail2ban-with-nginx-in-debian/

http://www.cyberciti.biz/tips/linux-unix-bsd-nginx-webserver-security.html

On Sun, Jul 8, 2012 at 5:41 PM, Joseph Cabezas <tdgh2323 at hotmail.com> wrote:

>
>    Hello all!!
>
> Is there a log parser OR nginx module out there that can do this?
> I prefer this to be a tool that can invoke an iptables action, but not
> necessarily.
>
>
>  BAN If an IP makes more then X requests per hour or day
> (limit zone module only limits based on r/m, and r/s)
> EXAMPLE USE: No IP should be able to send 600 requests to a site with 60
> pages per day.
>
> BAN If an IP makes more then X requests to a SINGLE url per hour or day
>
> (this is not the same as the first, the first being any URL total, this
> being single URL total)
> EXAMPLE USE: No IP should be able to send 60 requests as GET / per day.
>
>
> BAN if an IP produces more then X requests per hour or day that result in
> 400, or 404 errors.
> EXAMPLE USE: Only scanners generate more then 40 400s, or 404s to my site.
>
>
> Fail2Ban doesnt work on this because it does not do accounting as far as I
> understand, i also understand that preferably the tool should work on RAM
> rather then parsing logs because of intensive IO consumption.
>
>
> If it doesnt exist can anybody orientate me if one can be created and what
> could i base it off?
>
>
> Joseph
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



-- 


[image: Josh Parker WordPress Consultant] <http://www.7mediaws.org>
Joshua Parker
WordPress Consultant & PHP Developer
888.255.1798 x701
Skype: seven-media

7 Media Web Solutions, LLC
www.7mediaws.org
[image: Twitter] <http://twitter.com/#%21/7mediaws>[image:
Linkedin]<http://www.linkedin.com/in/joshmac>[image:
Josh Parker :: WordPress Consultant] <http://www.7mediaws.org/feed/>[image:
Skype][image: Google+] <http://gplus.to/joshuaparker>[image: WordPress
Profile] <http://wordpress.org/extend/plugins/profile/parkerj>[image:
About.me] <http://about.me/joshuaparker>[image:
Gravatar]<http://en.gravatar.com/joshmac3>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120709/a929415d/attachment.html>

From nginx-forum at nginx.us  Mon Jul  9 07:07:21 2012
From: nginx-forum at nginx.us (Vadim Pavlov)
Date: Mon, 9 Jul 2012 03:07:21 -0400 (EDT)
Subject: Is it possible to skip request body and send a response?
Message-ID: <4ae8b871048376db489f39cb9ec18d53.NginxMailingListEnglish@forum.nginx.org>

I'm using access_by_lua function to authorize request before starting
upload process, It works just awesome. But in case when request is not
authorized I would like to send a response skipping the stage of reading
request body. Is this possible in theory or does this contradicts
rfc2616? Currently I can only close connection by discarding the request
body with lingering_timeout set to zero.

Thanks for any help.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228422,228422#msg-228422


From nginx-forum at nginx.us  Mon Jul  9 08:25:25 2012
From: nginx-forum at nginx.us (erd)
Date: Mon, 9 Jul 2012 04:25:25 -0400 (EDT)
Subject: Using http_upload_module with http_perl_module
Message-ID: <e361f73d541fa21cbbcf08c2a9a842c8.NginxMailingListEnglish@forum.nginx.org>

Hi, everyone.

I am trying to implement upload using http_upload_module with
http_perl_module. But I am stuck at moment when upload_module should
send obtained information about successfuly uploaded file to the
internal redirect @upload. @upload location perl handler invoke, but it
never recieved any of arguments, even those, which defined from
upload_pass_form_field.

I mean, I have received temporary files at "/u" location, and I have
seen WebLab::upl handler result, but without any POST arguments inside.

I probably doing something wrong, but I do not know what. And sorry for
my English.

nginx version: nginx/1.3.2
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I
/usr/local/include' --with-ld-opt='-L /usr/local/lib'
--conf-path=/usr/local/etc/nginx/nginx.conf
--sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid
--error-log-path=/var/log/nginx-error.log --user=www --group=www
--with-file-aio --with-ipv6
--http-client-body-temp-path=/var/tmp/nginx/client_body_temp
--http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp
--http-proxy-temp-path=/var/tmp/nginx/proxy_temp
--http-scgi-temp-path=/var/tmp/nginx/scgi_temp
--http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp
--http-log-path=/var/log/nginx-access.log
--add-module=/usr/ports/www/nginx-devel/work/ngx_cache_purge-1.6
--with-http_image_filter_module --with-http_perl_module
--with-http_stub_status_module --with-http_sub_module
--add-module=/usr/ports/www/nginx-devel/work/nginx_upload_module-2.2.0
--add-module=/usr/ports/www/nginx-devel/work/masterzen-nginx-upload-progress-module-a788dea
--add-module=/usr/ports/www/nginx-devel/work/chaoslawful-lua-nginx-module-3b1e9aa
--with-pcre
--add-module=/usr/ports/www/nginx-devel/work/simpl-ngx_devel_kit-bc97eea
--add-module=/usr/ports/www/nginx-devel/work/calio-iconv-nginx-module-abdac17

#nginx config

server {
  client_header_buffer_size 4k;
  ...
  location /u {
    root /home/webl/www/node1;
    error_page 403 = 404;
  }
  location @upload {
    perl WebLab::upl;
  }
  location =/upload {
    client_max_body_size 15m;
  
    upload_pass @upload;
  
    upload_store /home/webl/www/node1/u;
    upload_store_access user:r;
  
#     upload_set_form_field $upload_field_name.name
"$upload_file_name";
#     upload_set_form_field $upload_field_name.content_type
"$upload_content_type";
#     upload_set_form_field $upload_field_name.path "$upload_tmp_path";

#     upload_aggregate_form_field "$upload_field_name.md5"
"$upload_file_md5";
#     upload_aggregate_form_field "$upload_field_name.size"
"$upload_file_size";

    upload_set_form_field "${upload_field_name}_name"
$upload_file_name;
    upload_set_form_field "${upload_field_name}_content_type"
$upload_content_type;
    upload_set_form_field "${upload_field_name}_path" $upload_tmp_path;

    upload_aggregate_form_field "${upload_field_name}_md5"
$upload_file_md5;
    upload_aggregate_form_field "${upload_field_name}_size"
$upload_file_size;

    upload_pass_form_field "^test$";

    upload_cleanup 400-404 499 500-505;
  }
}

#WebLab::upl handler

package WebLab;

sub upl
{
  no strict;
  no warnings;
  shift->has_request_body(sub{
    my $r = shift;
    $r->send_http_header("text/plain");
    $r->print("request_body: \"", $r->request_body, "\"\n");
    $r->print("request_body_file: \"", $r->request_body_file, "\"\n");
  });
}

#request to /upload

POST /upload HTTP/1.1
Host: node1.webl
Connection: keep-alive
...
Content-Type: multipart/form-data;
boundary=----WebKitFormBoundaryJ0GtAjmfwCLxtzFL

------WebKitFormBoundaryJ0GtAjmfwCLxtzFL
Content-Disposition: form-data; name="file"; filename="image.jpg"
Content-Type: image/jpeg


------WebKitFormBoundaryJ0GtAjmfwCLxtzFL
Content-Disposition: form-data; name="test"

val
------WebKitFormBoundaryJ0GtAjmfwCLxtzFL--

#server response (from @upload)

request_body: "------WebKitFormBoundaryJ0GtAjmfwCLxtzFL"
request_body_file: ""

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228424,228424#msg-228424


From sjon at react.nl  Mon Jul  9 08:41:19 2012
From: sjon at react.nl (Sjon Hortensius)
Date: Mon, 09 Jul 2012 10:41:19 +0200
Subject: nginx/1.3.2 - 4xx responses are returned without HTTP headers, bug?
Message-ID: <4FFA992F.6070300@react.nl>

Hi,

I think I stumbled upon a bug in nginx but I would like to get someone 
else's opinion on this.

It seems all 4xx errors are not prefixed by headers in HTTP responses. I 
have a simple test-script in bash which you can run to verify this behavior:

function req { echo -n "GET /bugtest?id="; for i in `seq 15000 17100` ; 
do echo -n "%7C$i" ; done ; echo -en "HTTP/1.1\nUser-Agent: 
Mozilla/5.0\nConnection: Close\nHost: wiki.nginx.org\r\n\r\n" ; } ; req 
| nc wiki.nginx.org 80

I can also reproduce this for other 4xx responses. My interpretation of 
the RFC is that this is unwanted, see 
http://tools.ietf.org/html/rfc2616#section-6.1

If this is not the appropriate place to report this please let me know 
as I couldn't find a better place to report this.

--

Regards,

Sjon Hortensius

| React B.V.
| http://www.react.nl
| Julianastraat 30
| 2012 ES, Haarlem
| 023  553 90 00


From nginx-forum at nginx.us  Mon Jul  9 09:25:40 2012
From: nginx-forum at nginx.us (Bdfy)
Date: Mon, 9 Jul 2012 05:25:40 -0400 (EDT)
Subject: Using http_upload_module with http_perl_module
In-Reply-To: <e361f73d541fa21cbbcf08c2a9a842c8.NginxMailingListEnglish@forum.nginx.org>
References: <e361f73d541fa21cbbcf08c2a9a842c8.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <1b9fdad14496ed54da18f7c89ba913e0.NginxMailingListEnglish@forum.nginx.org>

http://forum.nginx.org/read.php?21,228336

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228424,228430#msg-228430


From mdounin at mdounin.ru  Mon Jul  9 09:52:27 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Mon, 9 Jul 2012 13:52:27 +0400
Subject: nginx/1.3.2 - 4xx responses are returned without HTTP headers,
	bug?
In-Reply-To: <4FFA992F.6070300@react.nl>
References: <4FFA992F.6070300@react.nl>
Message-ID: <20120709095227.GI31671@mdounin.ru>

Hello!

On Mon, Jul 09, 2012 at 10:41:19AM +0200, Sjon Hortensius wrote:

> Hi,
> 
> I think I stumbled upon a bug in nginx but I would like to get
> someone else's opinion on this.
> 
> It seems all 4xx errors are not prefixed by headers in HTTP
> responses. I have a simple test-script in bash which you can run to
> verify this behavior:
> 
> function req { echo -n "GET /bugtest?id="; for i in `seq 15000
> 17100` ; do echo -n "%7C$i" ; done ; echo -en "HTTP/1.1\nUser-Agent:
> Mozilla/5.0\nConnection: Close\nHost: wiki.nginx.org\r\n\r\n" ; } ;
> req | nc wiki.nginx.org 80
> 
> I can also reproduce this for other 4xx responses. My interpretation
> of the RFC is that this is unwanted, see
> http://tools.ietf.org/html/rfc2616#section-6.1

Headers aren't sent if nginx assumes the request is in HTTP/0.9 
format.  The above script makes nginx to think it's HTTP/0.9 as 
uri used dosn't fit into header buffer and nginx isn't able to 
see "HTTP/1.1" before it returns 414.

Maxim Dounin


From sjon at react.nl  Mon Jul  9 11:01:21 2012
From: sjon at react.nl (Sjon Hortensius)
Date: Mon, 09 Jul 2012 13:01:21 +0200
Subject: nginx/1.3.2 - 4xx responses are returned without HTTP headers,
	bug?
In-Reply-To: <20120709095227.GI31671@mdounin.ru>
References: <4FFA992F.6070300@react.nl> <20120709095227.GI31671@mdounin.ru>
Message-ID: <4FFABA01.9040406@react.nl>

On 07/09/2012 11:52 AM, Maxim Dounin wrote:
> Hello!
>
> On Mon, Jul 09, 2012 at 10:41:19AM +0200, Sjon Hortensius wrote:
>
>> Hi,
>>
>> I think I stumbled upon a bug in nginx but I would like to get
>> someone else's opinion on this.
>>
>> It seems all 4xx errors are not prefixed by headers in HTTP
>> responses. I have a simple test-script in bash which you can run to
>> verify this behavior:
>>
>> function req { echo -n "GET /bugtest?id="; for i in `seq 15000
>> 17100` ; do echo -n "%7C$i" ; done ; echo -en "HTTP/1.1\nUser-Agent:
>> Mozilla/5.0\nConnection: Close\nHost: wiki.nginx.org\r\n\r\n" ; } ;
>> req | nc wiki.nginx.org 80
>>
>> I can also reproduce this for other 4xx responses. My interpretation
>> of the RFC is that this is unwanted, see
>> http://tools.ietf.org/html/rfc2616#section-6.1
>
> Headers aren't sent if nginx assumes the request is in HTTP/0.9
> format.  The above script makes nginx to think it's HTTP/0.9 as
> uri used dosn't fit into header buffer and nginx isn't able to
> see "HTTP/1.1" before it returns 414.
>
> Maxim Dounin

Thanks for your reply! I have been looking for RFC documents describing 
the maximum request-length in HTTP/0.9, but I cannot find any. I found 
http://www.w3.org/Protocols/HTTP/Request.html (which links to 
http://www.w3.org/Addressing/URL/5_BNF.html to describe URLs) and 
http://www.ietf.org/rfc/rfc1738.txt, both of which describe no maximum 
length.

If nginx assumes HTTP/0.9 for the request, it doesn't seem very logical 
to return an error which cannot exist within that very protocol?

--

Regards,

Sjon Hortensius

| React B.V.
| http://www.react.nl
| Julianastraat 30
| 2012 ES, Haarlem
| 023  553 90 00


From igor at sysoev.ru  Mon Jul  9 12:46:14 2012
From: igor at sysoev.ru (Igor Sysoev)
Date: Mon, 9 Jul 2012 16:46:14 +0400
Subject: nginx/1.3.2 - 4xx responses are returned without HTTP headers,
	bug?
In-Reply-To: <4FFABA01.9040406@react.nl>
References: <4FFA992F.6070300@react.nl> <20120709095227.GI31671@mdounin.ru>
	<4FFABA01.9040406@react.nl>
Message-ID: <20120709124614.GA55982@nginx.com>

On Mon, Jul 09, 2012 at 01:01:21PM +0200, Sjon Hortensius wrote:
> On 07/09/2012 11:52 AM, Maxim Dounin wrote:
> > Hello!
> >
> > On Mon, Jul 09, 2012 at 10:41:19AM +0200, Sjon Hortensius wrote:
> >
> >> Hi,
> >>
> >> I think I stumbled upon a bug in nginx but I would like to get
> >> someone else's opinion on this.
> >>
> >> It seems all 4xx errors are not prefixed by headers in HTTP
> >> responses. I have a simple test-script in bash which you can run to
> >> verify this behavior:
> >>
> >> function req { echo -n "GET /bugtest?id="; for i in `seq 15000
> >> 17100` ; do echo -n "%7C$i" ; done ; echo -en "HTTP/1.1\nUser-Agent:
> >> Mozilla/5.0\nConnection: Close\nHost: wiki.nginx.org\r\n\r\n" ; } ;
> >> req | nc wiki.nginx.org 80
> >>
> >> I can also reproduce this for other 4xx responses. My interpretation
> >> of the RFC is that this is unwanted, see
> >> http://tools.ietf.org/html/rfc2616#section-6.1
> >
> > Headers aren't sent if nginx assumes the request is in HTTP/0.9
> > format.  The above script makes nginx to think it's HTTP/0.9 as
> > uri used dosn't fit into header buffer and nginx isn't able to
> > see "HTTP/1.1" before it returns 414.
> >
> > Maxim Dounin
> 
> Thanks for your reply! I have been looking for RFC documents describing 
> the maximum request-length in HTTP/0.9, but I cannot find any. I found 
> http://www.w3.org/Protocols/HTTP/Request.html (which links to 
> http://www.w3.org/Addressing/URL/5_BNF.html to describe URLs) and 
> http://www.ietf.org/rfc/rfc1738.txt, both of which describe no maximum 
> length.
> 
> If nginx assumes HTTP/0.9 for the request, it doesn't seem very logical 
> to return an error which cannot exist within that very protocol?

Well, it does not return error. It just returns a page with text:
"414 Request-URI Too Large". What can you suggest to return for
a request larger than configured buffer ?


-- 
Igor Sysoev


From nginx-forum at nginx.us  Tue Jul 10 04:59:21 2012
From: nginx-forum at nginx.us (arosolino)
Date: Tue, 10 Jul 2012 00:59:21 -0400 (EDT)
Subject: Executing iptables command from module
In-Reply-To: <6f8133ee4b2d8c8298d7ddc505af7b13.NginxMailingListEnglish@forum.nginx.org>
References: <6f8133ee4b2d8c8298d7ddc505af7b13.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <1bbbd6bf9fd4a1e6dbae09a5981c6dfb.NginxMailingListEnglish@forum.nginx.org>

Nevermind I found a way to do this.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228416,228459#msg-228459


From nginx-forum at nginx.us  Tue Jul 10 06:48:14 2012
From: nginx-forum at nginx.us (arosolino)
Date: Tue, 10 Jul 2012 02:48:14 -0400 (EDT)
Subject: Executing iptables command from module
In-Reply-To: <6f8133ee4b2d8c8298d7ddc505af7b13.NginxMailingListEnglish@forum.nginx.org>
References: <6f8133ee4b2d8c8298d7ddc505af7b13.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <65abfa044f306584bf64a16b58aa0b86.NginxMailingListEnglish@forum.nginx.org>

Is there a way to detect if the module is quitting versus reloading. I
know how to tell if it's quitting by attaching a method to the exit
process. But I can not tell if it's for a reload?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228416,228460#msg-228460


From sjon at react.nl  Tue Jul 10 10:03:24 2012
From: sjon at react.nl (Sjon Hortensius)
Date: Tue, 10 Jul 2012 12:03:24 +0200
Subject: nginx/1.3.2 - 4xx responses are returned without HTTP headers,
	bug?
In-Reply-To: <20120709124614.GA55982@nginx.com>
References: <4FFA992F.6070300@react.nl> <20120709095227.GI31671@mdounin.ru>
	<4FFABA01.9040406@react.nl> <20120709124614.GA55982@nginx.com>
Message-ID: <4FFBFDEC.4080702@react.nl>

On 07/09/2012 02:46 PM, Igor Sysoev wrote:
> On Mon, Jul 09, 2012 at 01:01:21PM +0200, Sjon Hortensius wrote:
>> On 07/09/2012 11:52 AM, Maxim Dounin wrote:
>>> Hello!
>>>
>>> On Mon, Jul 09, 2012 at 10:41:19AM +0200, Sjon Hortensius wrote:
>>>
>>>> Hi,
>>>>
>>>> I think I stumbled upon a bug in nginx but I would like to get
>>>> someone else's opinion on this.
>>>>
>>>> It seems all 4xx errors are not prefixed by headers in HTTP
>>>> responses. I have a simple test-script in bash which you can run to
>>>> verify this behavior:
>>>>
>>>> function req { echo -n "GET /bugtest?id="; for i in `seq 15000
>>>> 17100` ; do echo -n "%7C$i" ; done ; echo -en "HTTP/1.1\nUser-Agent:
>>>> Mozilla/5.0\nConnection: Close\nHost: wiki.nginx.org\r\n\r\n" ; } ;
>>>> req | nc wiki.nginx.org 80
>>>>
>>>> I can also reproduce this for other 4xx responses. My interpretation
>>>> of the RFC is that this is unwanted, see
>>>> http://tools.ietf.org/html/rfc2616#section-6.1
>>>
>>> Headers aren't sent if nginx assumes the request is in HTTP/0.9
>>> format.  The above script makes nginx to think it's HTTP/0.9 as
>>> uri used dosn't fit into header buffer and nginx isn't able to
>>> see "HTTP/1.1" before it returns 414.
>>>
>>> Maxim Dounin
>>
>> Thanks for your reply! I have been looking for RFC documents describing
>> the maximum request-length in HTTP/0.9, but I cannot find any. I found
>> http://www.w3.org/Protocols/HTTP/Request.html (which links to
>> http://www.w3.org/Addressing/URL/5_BNF.html to describe URLs) and
>> http://www.ietf.org/rfc/rfc1738.txt, both of which describe no maximum
>> length.
>>
>> If nginx assumes HTTP/0.9 for the request, it doesn't seem very logical
>> to return an error which cannot exist within that very protocol?
>
> Well, it does not return error. It just returns a page with text:
> "414 Request-URI Too Large". What can you suggest to return for
> a request larger than configured buffer ?

When I said it returns an error I obviously meant it returns a HTTP 
error. Since HTTP/0.9 doesn't define a maximum length for a URL, it 
seems strange to return an error about this very length in this specific 
protocol.

I think the only problem I have with this behavior is nginx falling back 
to HTTP/0.9; a protocol which isn't used on any network I know. I would 
prefer falling back to HTTP/1.0 which more clients will support, 
although I don't know what impact this has.

--

Regards,

Sjon Hortensius

| React B.V.
| http://www.react.nl
| Julianastraat 30
| 2012 ES, Haarlem
| 023  553 90 00


From mdounin at mdounin.ru  Tue Jul 10 12:36:52 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 10 Jul 2012 16:36:52 +0400
Subject: nginx-1.3.3
Message-ID: <20120710123652.GU31671@mdounin.ru>

Changes with nginx 1.3.3                                         10 Jul 2012

    *) Feature: entity tags support and the "etag" directive.

    *) Bugfix: trailing dot in a source value was not ignored if the "map"
       directive was used with the "hostnames" parameter.

    *) Bugfix: incorrect location might be used to process a request if a
       URI was changed via a "rewrite" directive before an internal redirect
       to a named location.


Maxim Dounin


From nginx-forum at nginx.us  Tue Jul 10 12:56:54 2012
From: nginx-forum at nginx.us (athalas)
Date: Tue, 10 Jul 2012 08:56:54 -0400 (EDT)
Subject: nginx-1.3.3
In-Reply-To: <20120710123652.GU31671@mdounin.ru>
References: <20120710123652.GU31671@mdounin.ru>
Message-ID: <3c111a31a633622f88b76024c29d5fd5.NginxMailingListEnglish@forum.nginx.org>

Where would we find documentation on the "etag" directive? I've checked
http://wiki.nginx.org/DirectiveIndex but it's not listed there yet.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228475,228479#msg-228479


From mdounin at mdounin.ru  Tue Jul 10 13:05:38 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 10 Jul 2012 17:05:38 +0400
Subject: nginx-1.3.3
In-Reply-To: <3c111a31a633622f88b76024c29d5fd5.NginxMailingListEnglish@forum.nginx.org>
References: <20120710123652.GU31671@mdounin.ru>
	<3c111a31a633622f88b76024c29d5fd5.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120710130537.GY31671@mdounin.ru>

Hello!

On Tue, Jul 10, 2012 at 08:56:54AM -0400, athalas wrote:

> Where would we find documentation on the "etag" directive? I've checked
> http://wiki.nginx.org/DirectiveIndex but it's not listed there yet.

It's available in the official documentation, see 
http://nginx.org/r/etag.

Maxim Dounin


From nginx-forum at nginx.us  Tue Jul 10 13:15:30 2012
From: nginx-forum at nginx.us (athalas)
Date: Tue, 10 Jul 2012 09:15:30 -0400 (EDT)
Subject: nginx-1.3.3
In-Reply-To: <3c111a31a633622f88b76024c29d5fd5.NginxMailingListEnglish@forum.nginx.org>
References: <20120710123652.GU31671@mdounin.ru>
	<3c111a31a633622f88b76024c29d5fd5.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <d775b9f8842ba3a37b81b012c5fcc34c.NginxMailingListEnglish@forum.nginx.org>

Awesome! Thank you

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228475,228481#msg-228481


From steffen.weber at gmail.com  Tue Jul 10 16:34:35 2012
From: steffen.weber at gmail.com (Steffen Weber)
Date: Tue, 10 Jul 2012 18:34:35 +0200
Subject: nginx-1.3.3
In-Reply-To: <20120710123652.GU31671@mdounin.ru>
References: <20120710123652.GU31671@mdounin.ru>
Message-ID: <CAAct6c0ZAfU3trF7saTsB5OxGFkC2EueT6AjnMxgb4nvgkULXg@mail.gmail.com>

Based on which information is the entity tag generated? Inode + file size +
mtime?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120710/09045190/attachment.html>

From jnizjo at gmail.com  Tue Jul 10 17:05:44 2012
From: jnizjo at gmail.com (Alexander Usov)
Date: Tue, 10 Jul 2012 23:05:44 +0600
Subject: nginx-1.3.3
In-Reply-To: <CAAct6c0ZAfU3trF7saTsB5OxGFkC2EueT6AjnMxgb4nvgkULXg@mail.gmail.com>
References: <20120710123652.GU31671@mdounin.ru>
	<CAAct6c0ZAfU3trF7saTsB5OxGFkC2EueT6AjnMxgb4nvgkULXg@mail.gmail.com>
Message-ID: <CAJaUXTandKPoiAVtdak7ytXzxa6HbAf8Rh5YQOoP9KiDhPXncw@mail.gmail.com>

last_modified_time + content_length

2012/7/10 Steffen Weber <steffen.weber at gmail.com>

> Based on which information is the entity tag generated? Inode + file size
> + mtime?
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120710/5c7e4356/attachment.html>

From kworthington at gmail.com  Tue Jul 10 18:55:33 2012
From: kworthington at gmail.com (Kevin Worthington)
Date: Tue, 10 Jul 2012 14:55:33 -0400
Subject: nginx-1.3.3
In-Reply-To: <20120710123652.GU31671@mdounin.ru>
References: <20120710123652.GU31671@mdounin.ru>
Message-ID: <CAGo79UVTnv8+=Vj+mcmt18WaYNV-ivLrqLJBBy91_k63tcFnWg@mail.gmail.com>

Hello Nginx Users,

Now available: Nginx 1.3.3 For Windows http://goo.gl/j0C8d (32-bit and
64-bit versions)

These versions are to support legacy users who are already using
Cygwin based builds of Nginx. Officially supported native Windows
binaries are at nginx.org.

Announcements are also available via my Twitter stream
(http://twitter.com/kworthington), if you prefer to receive updates
that way.

Thank you,
Kevin
--
Kevin Worthington
kworthington *@* (gmail]  [dot} {com)
http://kevinworthington.com/
http://twitter.com/kworthington


On Tue, Jul 10, 2012 at 8:36 AM, Maxim Dounin <mdounin at mdounin.ru> wrote:
> Changes with nginx 1.3.3                                         10 Jul 2012
>
>     *) Feature: entity tags support and the "etag" directive.
>
>     *) Bugfix: trailing dot in a source value was not ignored if the "map"
>        directive was used with the "hostnames" parameter.
>
>     *) Bugfix: incorrect location might be used to process a request if a
>        URI was changed via a "rewrite" directive before an internal redirect
>        to a named location.
>
>
> Maxim Dounin
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From nginx-forum at nginx.us  Wed Jul 11 02:01:06 2012
From: nginx-forum at nginx.us (mogu0401)
Date: Tue, 10 Jul 2012 22:01:06 -0400 (EDT)
Subject: Could anyone can tell me why the operator in this code is '>=' ?
Message-ID: <61d9126270d08051f8a1ef7b62dc9bc7.NginxMailingListEnglish@forum.nginx.org>

ngx_slab.c

void *
ngx_slab_alloc_locked(ngx_slab_pool_t *pool, size_t size)
{
    size_t            s;
    uintptr_t         p, n, m, mask, *bitmap;
    ngx_uint_t        i, slot, shift, map;
    ngx_slab_page_t  *page, *prev, *slots;

    if (size >= ngx_slab_max_size) {                // why not '>' ?

        ngx_log_debug1(NGX_LOG_DEBUG_ALLOC, ngx_cycle->log, 0,
                       "slab alloc: %uz", size);

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228488,228488#msg-228488


From nginx-forum at nginx.us  Wed Jul 11 05:39:19 2012
From: nginx-forum at nginx.us (bluesmoon)
Date: Wed, 11 Jul 2012 01:39:19 -0400 (EDT)
Subject: accessing $arg_PARAMETER for parameter with . in it
Message-ID: <4ba3cfc6bb29d604b7071f834aa7ad06.NginxMailingListEnglish@forum.nginx.org>

Hi,

I have a query string parameter that has a dot in it.  For example,
`a.b`.  I need to write this parameter to my log file.  How do I
reference it?

I've tried `$arg_a.b` but that prints `-.b` (ie, it prints the value of
$arg_a which is - followed by .b)

I've also tried `$arg_a_b` but that just prints `-` since there is no
parameter a_b or a-b.

What should I do?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228490,228490#msg-228490


From nginx-forum at nginx.us  Wed Jul 11 11:01:01 2012
From: nginx-forum at nginx.us (lalyos)
Date: Wed, 11 Jul 2012 07:01:01 -0400 (EDT)
Subject: nginx 100% cpu usage
Message-ID: <dc8eae56059fa30a19ad8b496b2727b5.NginxMailingListEnglish@forum.nginx.org>

Hi,

im using nginx 0.8.54 in front of a tomcat. its running since 1 week
now, and with just a few open sessions, nginx is using 100% cpu.

strace is telling that 'munmap' is responsible for 94%. so looks like
some sort of memory problem,
but top shows that 400mb is free from the 4gb total memory.

more detailed logs (strace sample/top/nginx acces/error logs)
https://gist.github.com/3089367

note this is a vmware virtual machine.

any tips?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228495,228495#msg-228495


From r at roze.lv  Wed Jul 11 12:10:33 2012
From: r at roze.lv (Reinis Rozitis)
Date: Wed, 11 Jul 2012 15:10:33 +0300
Subject: nginx 100% cpu usage
In-Reply-To: <dc8eae56059fa30a19ad8b496b2727b5.NginxMailingListEnglish@forum.nginx.org>
References: <dc8eae56059fa30a19ad8b496b2727b5.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <2B2DAEF3DC6D456AB228D4EFB4C0E56B@MezhRoze>

> any tips?

Upgrade.
0.8.54 is like 2 years old already and there have been few bugs relating to 
cpu hogging.

rr 


From nginx-forum at nginx.us  Wed Jul 11 12:43:09 2012
From: nginx-forum at nginx.us (Vadim Pavlov)
Date: Wed, 11 Jul 2012 08:43:09 -0400 (EDT)
Subject: How to select a proper value for zone_size argument of the
	upload_progress directive?
Message-ID: <cc9b339e1d197f4c8a20abb10f39d085.NginxMailingListEnglish@forum.nginx.org>

How many simultaneous uploads I can track with zone_size set to 1m?

Is it a total amount of memory which server allocates per zone or per
upload?

Thanks for any help.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228498,228498#msg-228498


From nginx-forum at nginx.us  Wed Jul 11 13:15:53 2012
From: nginx-forum at nginx.us (WarrickF)
Date: Wed, 11 Jul 2012 09:15:53 -0400 (EDT)
Subject: Client Cache Time vs. Server Cache Time
Message-ID: <d9b9e1e5c71611f3fad2d75cb06efcf2.NginxMailingListEnglish@forum.nginx.org>

Hi Guys,

I'd like to setup a reverse proxy that functions as follows. 

Servers responds telling the client to cache content for 1 hour, but a
the same time tells Nginx to cache the content for 24 hours. 

Every hour client still re-request content but it's served from cache. 

If something changes on the origin servers I can still dump the cache on
Nginx, which will get a fresh copy. 

Is something like this currently supported?

Thanks
Warrick

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228499,228499#msg-228499


From mdounin at mdounin.ru  Wed Jul 11 15:31:38 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Wed, 11 Jul 2012 19:31:38 +0400
Subject: Client Cache Time vs. Server Cache Time
In-Reply-To: <d9b9e1e5c71611f3fad2d75cb06efcf2.NginxMailingListEnglish@forum.nginx.org>
References: <d9b9e1e5c71611f3fad2d75cb06efcf2.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120711153138.GD31671@mdounin.ru>

Hello!

On Wed, Jul 11, 2012 at 09:15:53AM -0400, WarrickF wrote:

> Hi Guys,
> 
> I'd like to setup a reverse proxy that functions as follows. 
> 
> Servers responds telling the client to cache content for 1 hour, but a
> the same time tells Nginx to cache the content for 24 hours. 
> 
> Every hour client still re-request content but it's served from cache. 
> 
> If something changes on the origin servers I can still dump the cache on
> Nginx, which will get a fresh copy. 
> 
> Is something like this currently supported?

Yes.

1) Instruct nginx to ignore Cache-Control / Expires headers you 
use to control expiration on client.

2) Either use explicit expiration set by proxy_cache_valid, or use 
X-Accel-Expires header to control expiration from backend.

See here for more details:

http://nginx.org/r/proxy_ignore_headers
http://nginx.org/r/proxy_cache_valid

Maxim Dounin


From nginx-forum at nginx.us  Wed Jul 11 16:48:51 2012
From: nginx-forum at nginx.us (bluesmoon)
Date: Wed, 11 Jul 2012 12:48:51 -0400 (EDT)
Subject: accessing $arg_PARAMETER for parameter with . in it
In-Reply-To: <4ba3cfc6bb29d604b7071f834aa7ad06.NginxMailingListEnglish@forum.nginx.org>
References: <4ba3cfc6bb29d604b7071f834aa7ad06.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <9d6a6cfd9b59d5bca9cad8df8076983b.NginxMailingListEnglish@forum.nginx.org>

I've also tried ${arg_a.b} and nginx -t tells me that the closing
bracket in "arg_a" variable is missing

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228490,228506#msg-228506


From mdounin at mdounin.ru  Wed Jul 11 19:14:45 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Wed, 11 Jul 2012 23:14:45 +0400
Subject: accessing $arg_PARAMETER for parameter with . in it
In-Reply-To: <4ba3cfc6bb29d604b7071f834aa7ad06.NginxMailingListEnglish@forum.nginx.org>
References: <4ba3cfc6bb29d604b7071f834aa7ad06.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120711191445.GE31671@mdounin.ru>

Hello!

On Wed, Jul 11, 2012 at 01:39:19AM -0400, bluesmoon wrote:

> Hi,
> 
> I have a query string parameter that has a dot in it.  For example,
> `a.b`.  I need to write this parameter to my log file.  How do I
> reference it?
> 
> I've tried `$arg_a.b` but that prints `-.b` (ie, it prints the value of
> $arg_a which is - followed by .b)
> 
> I've also tried `$arg_a_b` but that just prints `-` since there is no
> parameter a_b or a-b.
> 
> What should I do?

The $arg_* variables won't allow you to access request arguments with 
characters not allowed in variable names.

If you really need to, you may parse $args yourself, e.g. with 
map{} directive using regular expressions.  Something like this 
should work:

    map $args $ab {
        "~(?:^|[&;])a[.]b=(?<foo>[^&;]*)"  $foo;
    }

Maxim Dounin


From cad_jsilva at uolinc.com  Wed Jul 11 19:54:41 2012
From: cad_jsilva at uolinc.com (Jader Henrique da Silva)
Date: Wed, 11 Jul 2012 19:54:41 +0000
Subject: [ngx_lua] ngx.re.split implementation
Message-ID: <A3679F37A6B1F04D823FACED45FEEB5F01A20D@A4-SALOMAO7.uolcorp.intranet>

Hello

I was checking HttpLuaModule docs and saw "ngx.re.split" implementation in the TODO section.

Is it already implemented?
Are there any details about this implementation (e.g. parameters, returned data)?

Jader H. Silva

________________________________

AVISO: A informa??o contida neste e-mail, bem como em qualquer de seus anexos, ? CONFIDENCIAL e destinada ao uso exclusivo do(s) destinat?rio(s) acima referido(s), podendo conter informa??es sigilosas e/ou legalmente protegidas. Caso voc? n?o seja o destinat?rio desta mensagem, informamos que qualquer divulga??o, distribui??o ou c?pia deste e-mail e/ou de qualquer de seus anexos ? absolutamente proibida. Solicitamos que o remetente seja comunicado imediatamente, respondendo esta mensagem, e que o original desta mensagem e de seus anexos, bem como toda e qualquer c?pia e/ou impress?o realizada a partir destes, sejam permanentemente apagados e/ou destru?dos. Informa??es adicionais sobre nossa empresa podem ser obtidas no site http://sobre.uol.com.br/.

NOTICE: The information contained in this e-mail and any attachments thereto is CONFIDENTIAL and is intended only for use by the recipient named herein and may contain legally privileged and/or secret information.
If you are not the e-mail?s intended recipient, you are hereby notified that any dissemination, distribution or copy of this e-mail, and/or any attachments thereto, is strictly prohibited. Please immediately notify the sender replying to the above mentioned e-mail address, and permanently delete and/or destroy the original and any copy of this e-mail and/or its attachments, as well as any printout thereof. Additional information about our company may be obtained through the site http://www.uol.com.br/ir/.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120711/ac514dcf/attachment.html>

From nginx-forum at nginx.us  Wed Jul 11 20:34:42 2012
From: nginx-forum at nginx.us (bluesmoon)
Date: Wed, 11 Jul 2012 16:34:42 -0400 (EDT)
Subject: accessing $arg_PARAMETER for parameter with . in it
In-Reply-To: <20120711191445.GE31671@mdounin.ru>
References: <20120711191445.GE31671@mdounin.ru>
Message-ID: <48d33f8a18f736645ae6e53a37cf93b5.NginxMailingListEnglish@forum.nginx.org>

Maxim Dounin Wrote:

> If you really need to, you may parse $args
> yourself, e.g. with 
> map{} directive using regular expressions. 

thanks, I'll try that.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228490,228511#msg-228511


From guilherme.e at gmail.com  Wed Jul 11 21:21:32 2012
From: guilherme.e at gmail.com (Guilherme E. J.)
Date: Wed, 11 Jul 2012 18:21:32 -0300
Subject: [ngx_lua] ngx.re.split implementation
In-Reply-To: <A3679F37A6B1F04D823FACED45FEEB5F01A20D@A4-SALOMAO7.uolcorp.intranet>
References: <A3679F37A6B1F04D823FACED45FEEB5F01A20D@A4-SALOMAO7.uolcorp.intranet>
Message-ID: <5AB7EFD9-07CD-41DD-B2F7-490FC599F285@gmail.com>

Show!! As listas nos ajudam muito.

S? uma recomendacao: procure utilizar o seu email pessoal em listas de discussao. Nao utilizamos o corporativo para nao dar indicios do q estamos mexendo no UOL.

Abs

Sent from my iPhone

On 11/07/2012, at 16:54, Jader Henrique da Silva <cad_jsilva at uolinc.com> wrote:

> Hello
> 
> I was checking HttpLuaModule docs and saw "ngx.re.split" implementation in the TODO section.
> 
> Is it already implemented?
> Are there any details about this implementation (e.g. parameters, returned data)?
> 
> Jader H. Silva
> 
> 
> AVISO: A informa??o contida neste e-mail, bem como em qualquer de seus anexos, ? CONFIDENCIAL e destinada ao uso exclusivo do(s) destinat?rio(s) acima referido(s), podendo conter informa??es sigilosas e/ou legalmente protegidas. Caso voc? n?o seja o destinat?rio desta mensagem, informamos que qualquer divulga??o, distribui??o ou c?pia deste e-mail e/ou de qualquer de seus anexos ? absolutamente proibida. Solicitamos que o remetente seja comunicado imediatamente, respondendo esta mensagem, e que o original desta mensagem e de seus anexos, bem como toda e qualquer c?pia e/ou impress?o realizada a partir destes, sejam permanentemente apagados e/ou destru?dos. Informa??es adicionais sobre nossa empresa podem ser obtidas no site http://sobre.uol.com.br/.
> 
> NOTICE: The information contained in this e-mail and any attachments thereto is CONFIDENTIAL and is intended only for use by the recipient named herein and may contain legally privileged and/or secret information.
> If you are not the e-mail?s intended recipient, you are hereby notified that any dissemination, distribution or copy of this e-mail, and/or any attachments thereto, is strictly prohibited. Please immediately notify the sender replying to the above mentioned e-mail address, and permanently delete and/or destroy the original and any copy of this e-mail and/or its attachments, as well as any printout thereof. Additional information about our company may be obtained through the site http://www.uol.com.br/ir/.
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120711/a8f2bd43/attachment-0001.html>

From guilherme.e at gmail.com  Wed Jul 11 21:27:05 2012
From: guilherme.e at gmail.com (Guilherme E. J.)
Date: Wed, 11 Jul 2012 18:27:05 -0300
Subject: [ngx_lua] ngx.re.split implementation
In-Reply-To: <A3679F37A6B1F04D823FACED45FEEB5F01A20D@A4-SALOMAO7.uolcorp.intranet>
References: <A3679F37A6B1F04D823FACED45FEEB5F01A20D@A4-SALOMAO7.uolcorp.intranet>
Message-ID: <6BEEC9DE-683B-49AE-864D-89653BC93B38@gmail.com>

Sorry... Wrong mail.



On 11/07/2012, at 16:54, Jader Henrique da Silva <cad_jsilva at uolinc.com> wrote:

> Hello
> 
> I was checking HttpLuaModule docs and saw "ngx.re.split" implementation in the TODO section.
> 
> Is it already implemented?
> Are there any details about this implementation (e.g. parameters, returned data)?
> 
> Jader H. Silva
> 
> 
> AVISO: A informa??o contida neste e-mail, bem como em qualquer de seus anexos, ? CONFIDENCIAL e destinada ao uso exclusivo do(s) destinat?rio(s) acima referido(s), podendo conter informa??es sigilosas e/ou legalmente protegidas. Caso voc? n?o seja o destinat?rio desta mensagem, informamos que qualquer divulga??o, distribui??o ou c?pia deste e-mail e/ou de qualquer de seus anexos ? absolutamente proibida. Solicitamos que o remetente seja comunicado imediatamente, respondendo esta mensagem, e que o original desta mensagem e de seus anexos, bem como toda e qualquer c?pia e/ou impress?o realizada a partir destes, sejam permanentemente apagados e/ou destru?dos. Informa??es adicionais sobre nossa empresa podem ser obtidas no site http://sobre.uol.com.br/.
> 
> NOTICE: The information contained in this e-mail and any attachments thereto is CONFIDENTIAL and is intended only for use by the recipient named herein and may contain legally privileged and/or secret information.
> If you are not the e-mail?s intended recipient, you are hereby notified that any dissemination, distribution or copy of this e-mail, and/or any attachments thereto, is strictly prohibited. Please immediately notify the sender replying to the above mentioned e-mail address, and permanently delete and/or destroy the original and any copy of this e-mail and/or its attachments, as well as any printout thereof. Additional information about our company may be obtained through the site http://www.uol.com.br/ir/.
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120711/5638b312/attachment.html>

From nginx-forum at nginx.us  Wed Jul 11 22:21:47 2012
From: nginx-forum at nginx.us (JF002)
Date: Wed, 11 Jul 2012 18:21:47 -0400 (EDT)
Subject: Error 400-403 from local network
Message-ID: <83c7808b42df039c1787095d362492ea.NginxMailingListEnglish@forum.nginx.org>

Hi !

I'm currently trying to install Nginx/Php-fpm. 

In fact, every thing seem to be ok: I can access to html and php pages
using the local address (192.168.0.4/index.html, for example,
192.168.0.4 is the IP address of my nginx server).

Then, I created a No-Ip dynamic DNS. If I ping the DDNS address from
another computer on the local network, it pings my nginx server
(192.168.0.4).
On ALL on my computers (a laptop on WinXP, a Windows Mobile Phone, an
iPod Touch, a virtual machine on Ubuntu), I can access to my nginx
server using the DDNS addressn without doing any configuration on these
devices

On all computer... except one! This is my main computer, running on
Win7. Pinging the DDNS address returns the correct local IP address of
the Nginx server but when I want to display a page, I only have a blank
page. Chrome (using the developer tool) says that an Error 403
(forbidden) occurs. Using the local IP address directly works fine. I
have the same behaviour with Chrome, Firefox and IE, only on this
computer.

I tried to debug this problem, with no luck. Using Wireshark, I saw that
it seems that no GET request is sent. I tried to clear cache, flush DNS,
disabling anti-virus/firewall,... Nothing!

In the file access.log, I see that a line is added each time I request a
page from this computer (192.168.0.2 is the IP address of the computer
on which the problem occurs):
192.168.0.2 - - [12/Jul/2012:00:06:25 +0200] "-" 400 0 "-" "-"


Yeah, my problem is probably not caused by Nginx, but seriously, I don't
know where to look!

Can you help me, please?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228518,228518#msg-228518


From agentzh at gmail.com  Wed Jul 11 23:40:51 2012
From: agentzh at gmail.com (agentzh)
Date: Wed, 11 Jul 2012 16:40:51 -0700
Subject: [ngx_lua] ngx.re.split implementation
In-Reply-To: <A3679F37A6B1F04D823FACED45FEEB5F01A20D@A4-SALOMAO7.uolcorp.intranet>
References: <A3679F37A6B1F04D823FACED45FEEB5F01A20D@A4-SALOMAO7.uolcorp.intranet>
Message-ID: <CAB4Tn6MhWidOTQ3sfUUXwV6VJg1FHuxFza0Y6X+nY0JvQuL1UQ@mail.gmail.com>

Hello!

On Wed, Jul 11, 2012 at 12:54 PM, Jader Henrique da Silva
<cad_jsilva at uolinc.com> wrote:
> I was checking HttpLuaModule docs and saw "ngx.re.split" implementation in
> the TODO section.
>
> Is it already implemented?

Nope, otherwise I would update the TODO section accordingly :)

> Are there any details about this implementation (e.g. parameters, returned
> data)?
>

Not yet. But I think the behavior will be similar to Perl 5's split
builtin function.

I'm always open to patches for this feature :)

Best regards,
-agentzh


From eliezer at ngtech.co.il  Thu Jul 12 01:05:45 2012
From: eliezer at ngtech.co.il (Eliezer Croitoru)
Date: Thu, 12 Jul 2012 04:05:45 +0300
Subject: Executing iptables command from module
In-Reply-To: <1bbbd6bf9fd4a1e6dbae09a5981c6dfb.NginxMailingListEnglish@forum.nginx.org>
References: <6f8133ee4b2d8c8298d7ddc505af7b13.NginxMailingListEnglish@forum.nginx.org>
	<1bbbd6bf9fd4a1e6dbae09a5981c6dfb.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <4FFE22E9.5040700@ngtech.co.il>

On 7/10/2012 7:59 AM, arosolino wrote:
> Nevermind I found a way to do this.
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228416,228459#msg-228459
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
can you share how and what you did?
it seems like one thing i would like to know about nginx.

Thanks,
Eliezer

-- 
Eliezer Croitoru
https://www1.ngtech.co.il
IT consulting for Nonprofit organizations
eliezer <at> ngtech.co.il



From nginx-forum at nginx.us  Thu Jul 12 05:24:46 2012
From: nginx-forum at nginx.us (arosolino)
Date: Thu, 12 Jul 2012 01:24:46 -0400 (EDT)
Subject: Executing iptables command from module
In-Reply-To: <6f8133ee4b2d8c8298d7ddc505af7b13.NginxMailingListEnglish@forum.nginx.org>
References: <6f8133ee4b2d8c8298d7ddc505af7b13.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <6721125b321c4cb53907535ffa786569.NginxMailingListEnglish@forum.nginx.org>

Well if you are running nginx as a non root user. Then you need to add
the following lines to /etc/sudoers
Defaults:nginx !requiretty
nginx   ALL=(root)      NOPASSWD: /sbin/iptables

The above is necessary because iptables can only be modified as root.

I can't dump the code here for my module because it's irrelevant, but
you can basically use the system() command at this point to add an entry
from IP tables.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228416,228523#msg-228523


From nginx-forum at nginx.us  Thu Jul 12 07:09:52 2012
From: nginx-forum at nginx.us (google000)
Date: Thu, 12 Jul 2012 03:09:52 -0400 (EDT)
Subject: nginx 1.0.10 error [emerg] invalid condition "'!-f"
Message-ID: <f5f618caecec347f6c6bc8ef5525a975.NginxMailingListEnglish@forum.nginx.org>

I have that kind of code which I wanna add to my nginx conf but
unfortunately something is wrong and I don't know how to fix it...

location ^~ /folder/ {
           if ($cookie_amember_nr !~* [a-zA-Z0-9]+) { #no identity
               rewrite ^(.*)$
http://localhost/am3/plugins/protect/new_rewrite/login.php?v=-2,1&url=$request_uri?$args
redirect;
           }
           set $file1
$document_root/am3/data/new_rewrite/$cookie_amember_nr-1;
           set $file2
$document_root/am3/data/new_rewrite/$cookie_amember_nr-2;

           if (!-f $file1 && !-f $file2) { #has not access
               rewrite ^(.*)$
http://localhost/am3/plugins/protect/new_rewrite/login.php?v=-2,1&url=$request_uri?$args
redirect;
           }

        }


and I've got an error in line with : if (!-f $file1 && !-f $file2) {
#has not access

error : "[emerg] invalid condition "'!-f"

how to fix this ?

thank you for help

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228528,228528#msg-228528


From mdounin at mdounin.ru  Thu Jul 12 07:15:50 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Thu, 12 Jul 2012 11:15:50 +0400
Subject: nginx 1.0.10 error [emerg] invalid condition "'!-f"
In-Reply-To: <f5f618caecec347f6c6bc8ef5525a975.NginxMailingListEnglish@forum.nginx.org>
References: <f5f618caecec347f6c6bc8ef5525a975.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120712071550.GF31671@mdounin.ru>

Hello!

On Thu, Jul 12, 2012 at 03:09:52AM -0400, google000 wrote:

> I have that kind of code which I wanna add to my nginx conf but
> unfortunately something is wrong and I don't know how to fix it...
> 
> location ^~ /folder/ {
>            if ($cookie_amember_nr !~* [a-zA-Z0-9]+) { #no identity
>                rewrite ^(.*)$
> http://localhost/am3/plugins/protect/new_rewrite/login.php?v=-2,1&url=$request_uri?$args
> redirect;
>            }
>            set $file1
> $document_root/am3/data/new_rewrite/$cookie_amember_nr-1;
>            set $file2
> $document_root/am3/data/new_rewrite/$cookie_amember_nr-2;
> 
>            if (!-f $file1 && !-f $file2) { #has not access
>                rewrite ^(.*)$
> http://localhost/am3/plugins/protect/new_rewrite/login.php?v=-2,1&url=$request_uri?$args
> redirect;
>            }
> 
>         }
> 
> 
> and I've got an error in line with : if (!-f $file1 && !-f $file2) {
> #has not access
> 
> error : "[emerg] invalid condition "'!-f"
> 
> how to fix this ?

There is no support for the "&&" operator, hence the expression 
written is invalid.

http://nginx.org/r/if

Maxim Dounin


From am at simoon.de  Thu Jul 12 07:33:57 2012
From: am at simoon.de (Alexander Meis)
Date: Thu, 12 Jul 2012 09:33:57 +0200
Subject: Rewrite Exclude
Message-ID: <4FFE7DE5.4060201@simoon.de>

Hi,

i have the following rewrite rules

  rewrite /files/documents/.* /engine last;
  rewrite /templates/(.*(css|js))$ /engine/backend		
  ...

  if (!-e $request_filename) {
                 rewrite . /shopware.php last;
  }

i want everything under
  /foobarshopconnection/
to be excludet from the rewrite so that it can be accessed.
example: /foobarshopconnection/index.php/testcall/test/bartest

can someone tell me how to do that?

Thanks
Alex


From nginx-forum at nginx.us  Thu Jul 12 07:50:04 2012
From: nginx-forum at nginx.us (mogu0401)
Date: Thu, 12 Jul 2012 03:50:04 -0400 (EDT)
Subject: Could anyone can tell me why the operator in this code is '>=' ?
In-Reply-To: <61d9126270d08051f8a1ef7b62dc9bc7.NginxMailingListEnglish@forum.nginx.org>
References: <61d9126270d08051f8a1ef7b62dc9bc7.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <7d8b508dd40b1497b6bd212dcaa74a58.NginxMailingListEnglish@forum.nginx.org>

if a page size is 4096 bytes, then the ngx_slab_max_size is 2048 bytes.
When allocate 2048 bytes memory using nginx slab, it will get a total
page. Is this a waste of memory?

please explain. thanks.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228488,228531#msg-228531


From nginx-forum at nginx.us  Thu Jul 12 11:31:33 2012
From: nginx-forum at nginx.us (abcomp01)
Date: Thu, 12 Jul 2012 07:31:33 -0400 (EDT)
Subject: how to config to call http://ip-address
Message-ID: <db5e39d865423cbcfddb5554acfd7b5b.NginxMailingListEnglish@forum.nginx.org>

how to configure to call http://ip-address

to specif location

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228535,228535#msg-228535


From edho at myconan.net  Thu Jul 12 11:35:37 2012
From: edho at myconan.net (Edho Arief)
Date: Thu, 12 Jul 2012 18:35:37 +0700
Subject: how to config to call http://ip-address
In-Reply-To: <db5e39d865423cbcfddb5554acfd7b5b.NginxMailingListEnglish@forum.nginx.org>
References: <db5e39d865423cbcfddb5554acfd7b5b.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAAtReCnncTYHszTYxYSjGA-pHoo5UO+KPGgPbeDC_vifr=nGKw@mail.gmail.com>

On Thu, Jul 12, 2012 at 6:31 PM, abcomp01 <nginx-forum at nginx.us> wrote:
> how to configure to call http://ip-address
>
> to specif location
>

server {
  server_name 4.3.2.1;
  location / {
    ...
  }
}


From steffen.weber at gmail.com  Thu Jul 12 12:36:21 2012
From: steffen.weber at gmail.com (Steffen Weber)
Date: Thu, 12 Jul 2012 14:36:21 +0200
Subject: Flush FastCGI response early vs. GZIP
Message-ID: <CAAct6c3HQmRwiV68pSWAA8cs0OkKDzCc9i1c73aPqvWrp5jiHA@mail.gmail.com>

Sending the first few kilobytes of an HTML page to the client as early
as possible enables the client to download stylesheets without having
to wait for the whole HTML document (which might require database
queries and can therefore be relatively slow). Loading the stylesheets
early is important because the browser blocks rendering on
stylesheets. Details are available here:
http://calendar.perfplanet.com/2009/progressive-rendering-via-multiple-flushes/

So what I would like to do is: 1) Send the <head> element with its
stylesheet references to the client immediately. 2) Afterwards query
the database and generate the whole HTML page and send it to the
client. Meanwhile the client had a chance to already fetch the
stylesheets.

My problem is that nginx buffers FastCGI responses. I can only flush
the first few kilobytes early if I configure nginx to use very small
FastCGI buffers:

fastcgi_buffer_size 2k;

This does not seem to be a good idea in general because it might cause
the "upstream sent too big header" error in other scripts.
Additionally, the GZIP module has its own buffers that I'd have to
shrink as well (which does not sound like a great idea in general).

Is it possible to handle this issue with an nginx feature that I have
overlooked?

My idea would be a new internal header "X-Accel-Flush: [offset]" that
FastCGI apps could send to nginx to flush the partial response after
[offset] bytes. The GZIP module should obey this header, too (instead
of continuing to buffer the response).

Thanks
Steffen


From ru at nginx.com  Thu Jul 12 13:08:38 2012
From: ru at nginx.com (Ruslan Ermilov)
Date: Thu, 12 Jul 2012 17:08:38 +0400
Subject: access log off nginx not working ?
In-Reply-To: <20120707072332.GV31671@mdounin.ru>
References: <33f8500091ca2280c0399d93d43ed56c.NginxMailingListEnglish@forum.nginx.org>
	<20120707072332.GV31671@mdounin.ru>
Message-ID: <20120712130838.GA58522@lo0.su>

On Sat, Jul 07, 2012 at 11:23:32AM +0400, Maxim Dounin wrote:
> On Fri, Jul 06, 2012 at 07:45:29PM -0400, gyre007 wrote:
> 
> > I have the following drop.conf files located in /etc/nginx/drop.conf
> > 
> > location = /favicon.ico { access_log off; log_not_found off; }
> 
> [...]
> 
> > Strange thing is when I include it in whichever server directive - ie in
> > whichever virtual host I have configured - I'm still getting favicon
> > logs in my access log. Is this a BUG ?? 
> > It looks like the include is simply not working ?
> > 
> > Example of the virtual host I'm including this in:
> > 
> > server {
> 
> [...]
> 
> >         error_page 404 /errors/404.html;
> >         location /errors/ {
> >                 alias /var/www/errors/;
> >                 internal;
> >         }
> 
> [...]
> 
> > ***** - - [06/Jul/2012:22:16:05 +0000]  "GET /favicon.ico HTTP/1.1" 404
> > 134 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_7_4)
> > AppleWebKit/536.11 (KHTML, like Gecko) Chrome/20.0.1132.47
> > Safari/536.11"
> 
> [...]
> 
> > Am I missing out something really obvious ?
> 
> Requests are logged in context of a location where request 
> execution ends up.  As you have error_page 404 defined, and no 
> favicon.ico file - error 404 is generated and redirected to 
> /errors/404.html.  As a result request is logged in context of 
> "location /errors/" where you have access log enabled.

And BTW, this is documented here:
http://nginx.org/en/docs/http/ngx_http_log_module.html


From nginx-forum at nginx.us  Thu Jul 12 14:41:32 2012
From: nginx-forum at nginx.us (rosenbaaron)
Date: Thu, 12 Jul 2012 10:41:32 -0400 (EDT)
Subject: Self Signed Certs
Message-ID: <26eb913d355e95ca69fd953b8f121f9b.NginxMailingListEnglish@forum.nginx.org>

I have a fully working installation of NGINX. I can server http and
https websites when they have valid certificates. Only a few of my
servers use certificates signed by 3rd Party CA and those work
correctly. A few of my servers use a certificate generated from my
enterprise ca, and those worked once that enterprise CA was added to the
list of root CAs. The problem is I have a few appliances that don't
allow the use of enterprise CAs and I don't want to purchase a 3rd party
certificate for. Is there a way to get NGINX to server out these
websites?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228540,228540#msg-228540


From edho at myconan.net  Thu Jul 12 15:17:09 2012
From: edho at myconan.net (Edho Arief)
Date: Thu, 12 Jul 2012 22:17:09 +0700
Subject: Self Signed Certs
In-Reply-To: <26eb913d355e95ca69fd953b8f121f9b.NginxMailingListEnglish@forum.nginx.org>
References: <26eb913d355e95ca69fd953b8f121f9b.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAAtReCkCS63PWb4BuLFyph0gCBtOVjg+XuPiK39rHRRyKj3z-g@mail.gmail.com>

On Thu, Jul 12, 2012 at 9:41 PM, rosenbaaron <nginx-forum at nginx.us> wrote:
> I have a fully working installation of NGINX. I can server http and
> https websites when they have valid certificates. Only a few of my
> servers use certificates signed by 3rd Party CA and those work
> correctly. A few of my servers use a certificate generated from my
> enterprise ca, and those worked once that enterprise CA was added to the
> list of root CAs. The problem is I have a few appliances that don't
> allow the use of enterprise CAs and I don't want to purchase a 3rd party
> certificate for. Is there a way to get NGINX to server out these
> websites?
>

Yes, you can use self-signed certificates. Or you can get certificates
for free from startssl.


From rhowe at moonfruit.com  Thu Jul 12 16:48:11 2012
From: rhowe at moonfruit.com (Russell Howe)
Date: Thu, 12 Jul 2012 17:48:11 +0100
Subject: segfault in nginx 1.2.0 and 1.2.2 when serving 400 error pages via a
	reverse proxied host
Message-ID: <4FFEFFCB.5010309@moonfruit.com>

Earlier this year we noticed a large number of segfaulting nginx processes.

This turned out to be an instance of:

http://forum.nginx.org/read.php?2,213479

whereby we had a config snippet which looked like:

	error_page 400 @fallback

Triggered (we think) by someone running an exploit for CVE-2009-3896

I can reproduce the segfault by running:

$ echo -e "GET $(perl -e 'print "o" x 4079;')/ HTTP/1.1\r\n\r\n"|openssl s_client -connect 256.256.256.256:443

(where 256.256.256.256 is the address of an nginx host configured with SSL)

Here's a gdb backtrace. Unfortunately, my debugging skills aren't quite up to dealing with this as so far as I can tell, the optimiser has had its wicked way and rearranged everything, making it difficult to match the disassembly with the code.

Is this helpful to anyone?

Also, I discovered that your nginx-debug RPM doesn't actually include debug symbols (!)
On CentOS 5 I fixed this by adding to the top of the spec file:

%define __os_install_post  \
    /usr/lib/rpm/brp-compress \
    /usr/lib/rpm/brp-strip-static-archive \
    /usr/lib/rpm/brp-strip-comment-note \


Which is redefining __os_install_post to be the same as usual, minus the call to /usr/lib/rpm/brp-strip

What was happening was that the nginx binary was built, complete with symbols, copied to nginx.debug, then the original binary was stripped.

Then, __os_install_post ran, which called brp-strip. brp-strip goes and strips all the executables it can find, including nginx.debug!


GNU gdb (GDB) CentOS (7.0.1-42.el5.centos)
Copyright (C) 2009 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "x86_64-redhat-linux-gnu".
For bug reporting instructions, please see:
<http://www.gnu.org/software/gdb/bugs/>.
Attaching to process 6810
Reading symbols from /usr/sbin/nginx.debug...done.
Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done.
[Thread debugging using libthread_db enabled]
Loaded symbols for /lib64/libpthread.so.0
Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypt.so.1
Reading symbols from /lib64/libpcre.so.0...(no debugging symbols found)...done.
Loaded symbols for /lib64/libpcre.so.0
Reading symbols from /lib64/libssl.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libssl.so.6
Reading symbols from /lib64/libcrypto.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcrypto.so.6
Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libdl.so.2
Reading symbols from /lib64/libz.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libz.so.1
Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done.
Loaded symbols for /lib64/libc.so.6
Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/ld-linux-x86-64.so.2
Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libgssapi_krb5.so.2
Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libkrb5.so.3
Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libcom_err.so.2
Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libk5crypto.so.3
Reading symbols from /usr/lib64/libkrb5support.so.0...(no debugging symbols found)...done.
Loaded symbols for /usr/lib64/libkrb5support.so.0
Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libkeyutils.so.1
Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libresolv.so.2
Reading symbols from /lib64/libselinux.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libselinux.so.1
Reading symbols from /lib64/libsepol.so.1...(no debugging symbols found)...done.
Loaded symbols for /lib64/libsepol.so.1
Reading symbols from /lib64/libnss_files.so.2...(no debugging symbols found)...done.
Loaded symbols for /lib64/libnss_files.so.2

warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fffc613d000
0x000000321ced3603 in __epoll_wait_nocancel () from /lib64/libc.so.6
(gdb) 
(gdb) 
(gdb) cont
Continuing.

Program received signal SIGSEGV, Segmentation fault.
0x000000321ce7ab6e in memcpy () from /lib64/libc.so.6
(gdb) bt
#0  0x000000321ce7ab6e in memcpy () from /lib64/libc.so.6
#1  0x000000000046a99f in ngx_http_proxy_create_request (r=0x12c3a110) at src/http/modules/ngx_http_proxy_module.c:1067
#2  0x000000000044a023 in ngx_http_upstream_init_request (r=0x12c3a110) at src/http/ngx_http_upstream.c:505
#3  0x000000000043ef26 in ngx_http_read_client_request_body (r=0x12c3a110, post_handler=0x44a690 <ngx_http_upstream_init>) at src/http/ngx_http_request_body.c:155
#4  0x0000000000468ecb in ngx_http_proxy_handler (r=0x12c3a110) at src/http/modules/ngx_http_proxy_module.c:702
#5  0x00000000004325bc in ngx_http_core_content_phase (r=0x12c3a110, ph=0x12c3df18) at src/http/ngx_http_core_module.c:1396
#6  0x000000000042d2ad in ngx_http_core_run_phases (r=0x12c3a110) at src/http/ngx_http_core_module.c:877
#7  0x00000000004312d0 in ngx_http_named_location (r=0x12c3a110, name=0x7fffc606fa20) at src/http/ngx_http_core_module.c:2603
#8  0x00000000004346a7 in ngx_http_send_error_page (r=0x12c3a110, error=<value optimized out>) at src/http/ngx_http_special_response.c:573
#9  ngx_http_special_response_handler (r=0x12c3a110, error=<value optimized out>) at src/http/ngx_http_special_response.c:415
#10 0x00000000004379d1 in ngx_http_finalize_request (r=0x12c3a110, rc=400) at src/http/ngx_http_request.c:2004
#11 0x00000000004392ab in ngx_http_process_request_line (rev=0x2b982deef148) at src/http/ngx_http_request.c:943
#12 0x000000000041d2e4 in ngx_event_process_posted (cycle=0x12c01640, posted=0x6bd4a8) at src/event/ngx_event_posted.c:40
#13 0x00000000004241c6 in ngx_worker_process_cycle (cycle=0x12c01640, data=<value optimized out>) at src/os/unix/ngx_process_cycle.c:808
#14 0x00000000004226dd in ngx_spawn_process (cycle=0x12c01640, proc=0x424100 <ngx_worker_process_cycle>, data=0x0, name=0x48d306 "worker process", respawn=-3) at src/os/unix/ngx_process.c:198
#15 0x00000000004236fc in ngx_start_worker_processes (cycle=0x12c01640, n=4, type=-3) at src/os/unix/ngx_process_cycle.c:365
#16 0x0000000000424994 in ngx_master_process_cycle (cycle=0x12c01640) at src/os/unix/ngx_process_cycle.c:137
#17 0x00000000004066e5 in main (argc=3, argv=<value optimized out>) at src/core/nginx.c:410
(gdb) disassemble 0x000000000046a99f
Dump of assembler code for function ngx_http_proxy_create_request:
0x000000000046a520 <ngx_http_proxy_create_request+0>:	push   %r15
0x000000000046a522 <ngx_http_proxy_create_request+2>:	push   %r14
0x000000000046a524 <ngx_http_proxy_create_request+4>:	push   %r13
0x000000000046a526 <ngx_http_proxy_create_request+6>:	push   %r12
0x000000000046a528 <ngx_http_proxy_create_request+8>:	push   %rbp
0x000000000046a529 <ngx_http_proxy_create_request+9>:	push   %rbx
0x000000000046a52a <ngx_http_proxy_create_request+10>:	sub    $0x128,%rsp
0x000000000046a531 <ngx_http_proxy_create_request+17>:	mov    0x48(%rdi),%rax
0x000000000046a535 <ngx_http_proxy_create_request+21>:	mov    %rdi,0x10(%rsp)
0x000000000046a53a <ngx_http_proxy_create_request+26>:	mov    %rax,0x38(%rsp)
0x000000000046a53f <ngx_http_proxy_create_request+31>:	mov    0x249b5a(%rip),%rax        # 0x6b40a0 <ngx_http_proxy_module>
0x000000000046a546 <ngx_http_proxy_create_request+38>:	mov    0x38(%rsp),%rcx
0x000000000046a54b <ngx_http_proxy_create_request+43>:	lea    0x0(,%rax,8),%rdx
0x000000000046a553 <ngx_http_proxy_create_request+51>:	mov    0x28(%rdi),%rax
0x000000000046a557 <ngx_http_proxy_create_request+55>:	mov    (%rax,%rdx,1),%rax
0x000000000046a55b <ngx_http_proxy_create_request+59>:	mov    %rax,0x48(%rsp)
0x000000000046a560 <ngx_http_proxy_create_request+64>:	mov    0x320(%rcx),%rax
0x000000000046a567 <ngx_http_proxy_create_request+71>:	test   %rax,%rax
0x000000000046a56a <ngx_http_proxy_create_request+74>:	je     0x46a830 <ngx_http_proxy_create_request+784>
0x000000000046a570 <ngx_http_proxy_create_request+80>:	mov    0x328(%rcx),%rcx
0x000000000046a577 <ngx_http_proxy_create_request+87>:	add    $0x1,%rax
0x000000000046a57b <ngx_http_proxy_create_request+91>:	mov    %rax,0x58(%rsp)
0x000000000046a580 <ngx_http_proxy_create_request+96>:	mov    %rcx,0x50(%rsp)
0x000000000046a585 <ngx_http_proxy_create_request+101>:	mov    0x10(%rsp),%rcx
0x000000000046a58a <ngx_http_proxy_create_request+106>:	cmpq   $0x5,0x58(%rsp)
0x000000000046a590 <ngx_http_proxy_create_request+112>:	mov    0x10(%rcx),%rax
0x000000000046a594 <ngx_http_proxy_create_request+116>:	mov    (%rdx,%rax,1),%rdx
0x000000000046a598 <ngx_http_proxy_create_request+120>:	mov    %rdx,0x40(%rsp)
0x000000000046a59d <ngx_http_proxy_create_request+125>:	je     0x46a93f <ngx_http_proxy_create_request+1055>
0x000000000046a5a3 <ngx_http_proxy_create_request+131>:	mov    0x48(%rsp),%rdx
0x000000000046a5a8 <ngx_http_proxy_create_request+136>:	cmpq   $0x0,0x1b0(%rdx)
0x000000000046a5b0 <ngx_http_proxy_create_request+144>:	je     0x46a74e <ngx_http_proxy_create_request+558>
0x000000000046a5b6 <ngx_http_proxy_create_request+150>:	mov    0x40(%rsp),%rcx
0x000000000046a5bb <ngx_http_proxy_create_request+155>:	xor    %edx,%edx
0x000000000046a5bd <ngx_http_proxy_create_request+157>:	mov    0x68(%rcx),%rax
0x000000000046a5c1 <ngx_http_proxy_create_request+161>:	test   %rax,%rax
0x000000000046a5c4 <ngx_http_proxy_create_request+164>:	je     0x46a75c <ngx_http_proxy_create_request+572>
0x000000000046a5ca <ngx_http_proxy_create_request+170>:	movq   $0x0,0x18(%rsp)
0x000000000046a5d3 <ngx_http_proxy_create_request+179>:	movq   $0x0,0x20(%rsp)
0x000000000046a5dc <ngx_http_proxy_create_request+188>:	movq   $0x0,0x28(%rsp)
0x000000000046a5e5 <ngx_http_proxy_create_request+197>:	mov    0x58(%rsp),%rcx
0x000000000046a5ea <ngx_http_proxy_create_request+202>:	mov    0x10(%rsp),%rdi
0x000000000046a5ef <ngx_http_proxy_create_request+207>:	lea    0xd(%rcx,%rax,1),%rbx
0x000000000046a5f4 <ngx_http_proxy_create_request+212>:	mov    0x48(%rsp),%rax
0x000000000046a5f9 <ngx_http_proxy_create_request+217>:	mov    0x170(%rax),%rsi
0x000000000046a600 <ngx_http_proxy_create_request+224>:	callq  0x441c40 <ngx_http_script_flush_no_cacheable_variables>
0x000000000046a605 <ngx_http_proxy_create_request+229>:	mov    0x48(%rsp),%rdx
0x000000000046a60a <ngx_http_proxy_create_request+234>:	mov    0x178(%rdx),%rax
0x000000000046a611 <ngx_http_proxy_create_request+241>:	test   %rax,%rax
0x000000000046a614 <ngx_http_proxy_create_request+244>:	je     0x46a65f <ngx_http_proxy_create_request+319>
0x000000000046a616 <ngx_http_proxy_create_request+246>:	mov    (%rax),%rax
0x000000000046a619 <ngx_http_proxy_create_request+249>:	orb    $0x1,0xa0(%rsp)
0x000000000046a621 <ngx_http_proxy_create_request+257>:	xor    %ebp,%ebp
0x000000000046a623 <ngx_http_proxy_create_request+259>:	mov    0x10(%rsp),%rcx
0x000000000046a628 <ngx_http_proxy_create_request+264>:	cmpq   $0x0,(%rax)
0x000000000046a62c <ngx_http_proxy_create_request+268>:	mov    %rax,0x60(%rsp)
0x000000000046a631 <ngx_http_proxy_create_request+273>:	mov    %rcx,0xb0(%rsp)
0x000000000046a639 <ngx_http_proxy_create_request+281>:	je     0x46a653 <ngx_http_proxy_create_request+307>
0x000000000046a63b <ngx_http_proxy_create_request+283>:	lea    0x60(%rsp),%r12
0x000000000046a640 <ngx_http_proxy_create_request+288>:	mov    %r12,%rdi
0x000000000046a643 <ngx_http_proxy_create_request+291>:	callq  *(%rax)
0x000000000046a645 <ngx_http_proxy_create_request+293>:	add    %rax,%rbp
0x000000000046a648 <ngx_http_proxy_create_request+296>:	mov    0x60(%rsp),%rax
0x000000000046a64d <ngx_http_proxy_create_request+301>:	cmpq   $0x0,(%rax)
0x000000000046a651 <ngx_http_proxy_create_request+305>:	jne    0x46a640 <ngx_http_proxy_create_request+288>
0x000000000046a653 <ngx_http_proxy_create_request+307>:	mov    0x40(%rsp),%rax
0x000000000046a658 <ngx_http_proxy_create_request+312>:	add    %rbp,%rbx
0x000000000046a65b <ngx_http_proxy_create_request+315>:	mov    %rbp,0x78(%rax)
0x000000000046a65f <ngx_http_proxy_create_request+319>:	mov    0x48(%rsp),%rdx
0x000000000046a664 <ngx_http_proxy_create_request+324>:	mov    0x10(%rsp),%rcx
0x000000000046a669 <ngx_http_proxy_create_request+329>:	lea    0x60(%rsp),%r12
0x000000000046a66e <ngx_http_proxy_create_request+334>:	mov    0x188(%rdx),%rax
0x000000000046a675 <ngx_http_proxy_create_request+341>:	mov    %rcx,0xb0(%rsp)
0x000000000046a67d <ngx_http_proxy_create_request+349>:	mov    (%rax),%rax
0x000000000046a680 <ngx_http_proxy_create_request+352>:	orb    $0x1,0xa0(%rsp)
0x000000000046a688 <ngx_http_proxy_create_request+360>:	cmpq   $0x0,(%rax)
0x000000000046a68c <ngx_http_proxy_create_request+364>:	mov    %rax,0x60(%rsp)
---Type <return> to continue, or q <return> to quit---
0x000000000046a691 <ngx_http_proxy_create_request+369>:	je     0x46a6bb <ngx_http_proxy_create_request+411>
0x000000000046a693 <ngx_http_proxy_create_request+371>:	mov    0x60(%rsp),%rdx
0x000000000046a698 <ngx_http_proxy_create_request+376>:	mov    %r12,%rdi
0x000000000046a69b <ngx_http_proxy_create_request+379>:	callq  *(%rdx)
0x000000000046a69d <ngx_http_proxy_create_request+381>:	mov    0x60(%rsp),%rdx
0x000000000046a6a2 <ngx_http_proxy_create_request+386>:	add    %rax,%rbx
0x000000000046a6a5 <ngx_http_proxy_create_request+389>:	cmpq   $0x0,(%rdx)
0x000000000046a6a9 <ngx_http_proxy_create_request+393>:	jne    0x46a698 <ngx_http_proxy_create_request+376>
0x000000000046a6ab <ngx_http_proxy_create_request+395>:	cmpq   $0x0,0x8(%rdx)
0x000000000046a6b0 <ngx_http_proxy_create_request+400>:	lea    0x8(%rdx),%rax
0x000000000046a6b4 <ngx_http_proxy_create_request+404>:	mov    %rax,0x60(%rsp)
0x000000000046a6b9 <ngx_http_proxy_create_request+409>:	jne    0x46a693 <ngx_http_proxy_create_request+371>
0x000000000046a6bb <ngx_http_proxy_create_request+411>:	mov    0x48(%rsp),%rax
0x000000000046a6c0 <ngx_http_proxy_create_request+416>:	cmpq   $0x0,0x98(%rax)
0x000000000046a6c8 <ngx_http_proxy_create_request+424>:	je     0x46a90d <ngx_http_proxy_create_request+1005>
0x000000000046a6ce <ngx_http_proxy_create_request+430>:	mov    0x10(%rsp),%rdx
0x000000000046a6d3 <ngx_http_proxy_create_request+435>:	mov    0x10(%rsp),%r12
0x000000000046a6d8 <ngx_http_proxy_create_request+440>:	mov    %rax,%r15
0x000000000046a6db <ngx_http_proxy_create_request+443>:	xor    %r13d,%r13d
0x000000000046a6de <ngx_http_proxy_create_request+446>:	add    $0x198,%r15
0x000000000046a6e5 <ngx_http_proxy_create_request+453>:	mov    0x70(%rdx),%r14
0x000000000046a6e9 <ngx_http_proxy_create_request+457>:	add    $0x70,%r12
0x000000000046a6ed <ngx_http_proxy_create_request+461>:	cmp    0x8(%r12),%r13
0x000000000046a6f2 <ngx_http_proxy_create_request+466>:	jb     0x46a73f <ngx_http_proxy_create_request+543>
0x000000000046a6f4 <ngx_http_proxy_create_request+468>:	mov    0x10(%r12),%r12
0x000000000046a6f9 <ngx_http_proxy_create_request+473>:	test   %r12,%r12
0x000000000046a6fc <ngx_http_proxy_create_request+476>:	je     0x46a90d <ngx_http_proxy_create_request+1005>
0x000000000046a702 <ngx_http_proxy_create_request+482>:	mov    (%r12),%r14
0x000000000046a706 <ngx_http_proxy_create_request+486>:	xor    %eax,%eax
0x000000000046a708 <ngx_http_proxy_create_request+488>:	mov    $0x1,%r13d
0x000000000046a70e <ngx_http_proxy_create_request+494>:	lea    (%r14,%rax,1),%rbp
0x000000000046a712 <ngx_http_proxy_create_request+498>:	mov    %r15,%rdi
0x000000000046a715 <ngx_http_proxy_create_request+501>:	mov    0x8(%rbp),%rcx
0x000000000046a719 <ngx_http_proxy_create_request+505>:	mov    0x28(%rbp),%rdx
0x000000000046a71d <ngx_http_proxy_create_request+509>:	mov    0x0(%rbp),%rsi
0x000000000046a721 <ngx_http_proxy_create_request+513>:	callq  0x407a50 <ngx_hash_find>
0x000000000046a726 <ngx_http_proxy_create_request+518>:	test   %rax,%rax
0x000000000046a729 <ngx_http_proxy_create_request+521>:	jne    0x46a6ed <ngx_http_proxy_create_request+461>
0x000000000046a72b <ngx_http_proxy_create_request+523>:	mov    0x18(%rbp),%rax
0x000000000046a72f <ngx_http_proxy_create_request+527>:	add    0x8(%rbp),%rax
0x000000000046a733 <ngx_http_proxy_create_request+531>:	cmp    0x8(%r12),%r13
0x000000000046a738 <ngx_http_proxy_create_request+536>:	lea    0x4(%rax,%rbx,1),%rbx
0x000000000046a73d <ngx_http_proxy_create_request+541>:	jae    0x46a6f4 <ngx_http_proxy_create_request+468>
0x000000000046a73f <ngx_http_proxy_create_request+543>:	lea    0x0(%r13,%r13,2),%rax
0x000000000046a744 <ngx_http_proxy_create_request+548>:	add    $0x1,%r13
0x000000000046a748 <ngx_http_proxy_create_request+552>:	shl    $0x4,%rax
0x000000000046a74c <ngx_http_proxy_create_request+556>:	jmp    0x46a70e <ngx_http_proxy_create_request+494>
0x000000000046a74e <ngx_http_proxy_create_request+558>:	mov    0x40(%rsp),%rax
0x000000000046a753 <ngx_http_proxy_create_request+563>:	mov    0x68(%rax),%rdx
0x000000000046a757 <ngx_http_proxy_create_request+567>:	test   %rdx,%rdx
0x000000000046a75a <ngx_http_proxy_create_request+570>:	jne    0x46a76e <ngx_http_proxy_create_request+590>
0x000000000046a75c <ngx_http_proxy_create_request+572>:	mov    0x10(%rsp),%rcx
0x000000000046a761 <ngx_http_proxy_create_request+577>:	testb  $0x10,0x43c(%rcx)
0x000000000046a768 <ngx_http_proxy_create_request+584>:	jne    0x46a890 <ngx_http_proxy_create_request+880>
0x000000000046a76e <ngx_http_proxy_create_request+590>:	mov    0x10(%rsp),%rax
0x000000000046a773 <ngx_http_proxy_create_request+595>:	testb  $0x8,0x43c(%rax)
0x000000000046a77a <ngx_http_proxy_create_request+602>:	jne    0x46a871 <ngx_http_proxy_create_request+849>
0x000000000046a780 <ngx_http_proxy_create_request+608>:	movq   $0x0,0x18(%rsp)
0x000000000046a789 <ngx_http_proxy_create_request+617>:	mov    0x10(%rsp),%rcx
0x000000000046a78e <ngx_http_proxy_create_request+622>:	mov    $0x140000000,%rax
0x000000000046a798 <ngx_http_proxy_create_request+632>:	test   %rax,0x438(%rcx)
0x000000000046a79f <ngx_http_proxy_create_request+639>:	jne    0x46a8da <ngx_http_proxy_create_request+954>
0x000000000046a7a5 <ngx_http_proxy_create_request+645>:	movq   $0x0,0x20(%rsp)
0x000000000046a7ae <ngx_http_proxy_create_request+654>:	testb  $0x10,0x440(%rcx)
0x000000000046a7b5 <ngx_http_proxy_create_request+661>:	jne    0x46a8da <ngx_http_proxy_create_request+954>
0x000000000046a7bb <ngx_http_proxy_create_request+667>:	mov    0x10(%rsp),%rdx
0x000000000046a7c0 <ngx_http_proxy_create_request+672>:	mov    0x40(%rsp),%rcx
0x000000000046a7c5 <ngx_http_proxy_create_request+677>:	movq   $0x0,0x28(%rsp)
0x000000000046a7ce <ngx_http_proxy_create_request+686>:	mov    0x330(%rdx),%rax
0x000000000046a7d5 <ngx_http_proxy_create_request+693>:	add    0x68(%rcx),%rax
0x000000000046a7d9 <ngx_http_proxy_create_request+697>:	add    $0x1,%rax
0x000000000046a7dd <ngx_http_proxy_create_request+701>:	add    0x340(%rdx),%rax
0x000000000046a7e4 <ngx_http_proxy_create_request+708>:	sub    0x18(%rsp),%rax
0x000000000046a7e9 <ngx_http_proxy_create_request+713>:	add    0x20(%rsp),%rax
0x000000000046a7ee <ngx_http_proxy_create_request+718>:	test   %rax,%rax
0x000000000046a7f1 <ngx_http_proxy_create_request+721>:	jne    0x46a5e5 <ngx_http_proxy_create_request+197>
0x000000000046a7f7 <ngx_http_proxy_create_request+727>:	mov    0x10(%rsp),%rdx
0x000000000046a7fc <ngx_http_proxy_create_request+732>:	mov    0x8(%rdx),%rax
0x000000000046a800 <ngx_http_proxy_create_request+736>:	mov    0x50(%rax),%rsi
0x000000000046a804 <ngx_http_proxy_create_request+740>:	cmpq   $0x3,(%rsi)
0x000000000046a808 <ngx_http_proxy_create_request+744>:	jbe    0x46a926 <ngx_http_proxy_create_request+1030>
0x000000000046a80e <ngx_http_proxy_create_request+750>:	xor    %eax,%eax
0x000000000046a810 <ngx_http_proxy_create_request+752>:	mov    $0x495e80,%ecx
0x000000000046a815 <ngx_http_proxy_create_request+757>:	xor    %edx,%edx
0x000000000046a817 <ngx_http_proxy_create_request+759>:	mov    $0x4,%edi
0x000000000046a81c <ngx_http_proxy_create_request+764>:	callq  0x4069e0 <ngx_log_error_core>
0x000000000046a821 <ngx_http_proxy_create_request+769>:	mov    $0xffffffffffffffff,%rax
0x000000000046a828 <ngx_http_proxy_create_request+776>:	jmpq   0x46a92d <ngx_http_proxy_create_request+1037>
0x000000000046a82d <ngx_http_proxy_create_request+781>:	nopl   (%rax)
0x000000000046a830 <ngx_http_proxy_create_request+784>:	mov    0x48(%rsp),%rax
0x000000000046a835 <ngx_http_proxy_create_request+789>:	mov    0x1e8(%rax),%rax
0x000000000046a83c <ngx_http_proxy_create_request+796>:	test   %rax,%rax
0x000000000046a83f <ngx_http_proxy_create_request+799>:	mov    %rax,0x58(%rsp)
0x000000000046a844 <ngx_http_proxy_create_request+804>:	jne    0x46a8c4 <ngx_http_proxy_create_request+932>
0x000000000046a846 <ngx_http_proxy_create_request+806>:	mov    0x10(%rsp),%rax
0x000000000046a84b <ngx_http_proxy_create_request+811>:	mov    0x10(%rsp),%rcx
0x000000000046a850 <ngx_http_proxy_create_request+816>:	mov    0x378(%rax),%rax
0x000000000046a857 <ngx_http_proxy_create_request+823>:	mov    %rax,0x50(%rsp)
0x000000000046a85c <ngx_http_proxy_create_request+828>:	mov    0x370(%rcx),%rax
0x000000000046a863 <ngx_http_proxy_create_request+835>:	add    $0x1,%rax
0x000000000046a867 <ngx_http_proxy_create_request+839>:	mov    %rax,0x58(%rsp)
0x000000000046a86c <ngx_http_proxy_create_request+844>:	jmpq   0x46a585 <ngx_http_proxy_create_request+101>
0x000000000046a871 <ngx_http_proxy_create_request+849>:	test   %rdx,%rdx
0x000000000046a874 <ngx_http_proxy_create_request+852>:	je     0x46a780 <ngx_http_proxy_create_request+608>
0x000000000046a87a <ngx_http_proxy_create_request+858>:	mov    0x48(%rsp),%rdx
0x000000000046a87f <ngx_http_proxy_create_request+863>:	mov    0x1f8(%rdx),%rdx
0x000000000046a886 <ngx_http_proxy_create_request+870>:	mov    %rdx,0x18(%rsp)
0x000000000046a88b <ngx_http_proxy_create_request+875>:	jmpq   0x46a789 <ngx_http_proxy_create_request+617>
0x000000000046a890 <ngx_http_proxy_create_request+880>:	cmp    %rcx,0x398(%rcx)
0x000000000046a897 <ngx_http_proxy_create_request+887>:	jne    0x46a76e <ngx_http_proxy_create_request+590>
0x000000000046a89d <ngx_http_proxy_create_request+893>:	mov    0x360(%rcx),%rax
0x000000000046a8a4 <ngx_http_proxy_create_request+900>:	movq   $0x0,0x18(%rsp)
0x000000000046a8ad <ngx_http_proxy_create_request+909>:	movq   $0x0,0x20(%rsp)
0x000000000046a8b6 <ngx_http_proxy_create_request+918>:	movq   $0x1,0x28(%rsp)
0x000000000046a8bf <ngx_http_proxy_create_request+927>:	jmpq   0x46a7ee <ngx_http_proxy_create_request+718>
0x000000000046a8c4 <ngx_http_proxy_create_request+932>:	mov    0x48(%rsp),%rcx
0x000000000046a8c9 <ngx_http_proxy_create_request+937>:	mov    0x1f0(%rcx),%rcx
0x000000000046a8d0 <ngx_http_proxy_create_request+944>:	mov    %rcx,0x50(%rsp)
0x000000000046a8d5 <ngx_http_proxy_create_request+949>:	jmpq   0x46a585 <ngx_http_proxy_create_request+101>
0x000000000046a8da <ngx_http_proxy_create_request+954>:	mov    0x10(%rsp),%rax
0x000000000046a8df <ngx_http_proxy_create_request+959>:	mov    0x18(%rsp),%rsi
0x000000000046a8e4 <ngx_http_proxy_create_request+964>:	xor    %ecx,%ecx
0x000000000046a8e6 <ngx_http_proxy_create_request+966>:	xor    %edi,%edi
0x000000000046a8e8 <ngx_http_proxy_create_request+968>:	mov    0x330(%rax),%rdx
0x000000000046a8ef <ngx_http_proxy_create_request+975>:	add    0x338(%rax),%rsi
0x000000000046a8f6 <ngx_http_proxy_create_request+982>:	sub    0x18(%rsp),%rdx
0x000000000046a8fb <ngx_http_proxy_create_request+987>:	callq  0x40a6f0 <ngx_escape_uri>
0x000000000046a900 <ngx_http_proxy_create_request+992>:	add    %rax,%rax
0x000000000046a903 <ngx_http_proxy_create_request+995>:	mov    %rax,0x20(%rsp)
0x000000000046a908 <ngx_http_proxy_create_request+1000>:	jmpq   0x46a7bb <ngx_http_proxy_create_request+667>
0x000000000046a90d <ngx_http_proxy_create_request+1005>:	mov    0x10(%rsp),%rcx
0x000000000046a912 <ngx_http_proxy_create_request+1010>:	mov    %rbx,%rsi
0x000000000046a915 <ngx_http_proxy_create_request+1013>:	mov    0x58(%rcx),%rdi
0x000000000046a919 <ngx_http_proxy_create_request+1017>:	callq  0x408fd0 <ngx_create_temp_buf>
0x000000000046a91e <ngx_http_proxy_create_request+1022>:	test   %rax,%rax
0x000000000046a921 <ngx_http_proxy_create_request+1025>:	mov    %rax,%rbp
0x000000000046a924 <ngx_http_proxy_create_request+1028>:	jne    0x46a971 <ngx_http_proxy_create_request+1105>
0x000000000046a926 <ngx_http_proxy_create_request+1030>:	mov    $0xffffffffffffffff,%rax
0x000000000046a92d <ngx_http_proxy_create_request+1037>:	add    $0x128,%rsp
0x000000000046a934 <ngx_http_proxy_create_request+1044>:	pop    %rbx
0x000000000046a935 <ngx_http_proxy_create_request+1045>:	pop    %rbp
0x000000000046a936 <ngx_http_proxy_create_request+1046>:	pop    %r12
0x000000000046a938 <ngx_http_proxy_create_request+1048>:	pop    %r13
0x000000000046a93a <ngx_http_proxy_create_request+1050>:	pop    %r14
0x000000000046a93c <ngx_http_proxy_create_request+1052>:	pop    %r15
0x000000000046a93e <ngx_http_proxy_create_request+1054>:	retq   
0x000000000046a93f <ngx_http_proxy_create_request+1055>:	mov    0x50(%rsp),%rdi
0x000000000046a944 <ngx_http_proxy_create_request+1060>:	mov    $0x5,%edx
0x000000000046a949 <ngx_http_proxy_create_request+1065>:	mov    $0x495e7a,%esi
0x000000000046a94e <ngx_http_proxy_create_request+1070>:	callq  0x409c90 <ngx_strncasecmp>
0x000000000046a953 <ngx_http_proxy_create_request+1075>:	test   %rax,%rax
0x000000000046a956 <ngx_http_proxy_create_request+1078>:	jne    0x46a5a3 <ngx_http_proxy_create_request+131>
0x000000000046a95c <ngx_http_proxy_create_request+1084>:	mov    0x40(%rsp),%rax
0x000000000046a961 <ngx_http_proxy_create_request+1089>:	movq   $0x1,0x98(%rax)
0x000000000046a96c <ngx_http_proxy_create_request+1100>:	jmpq   0x46a5a3 <ngx_http_proxy_create_request+131>
0x000000000046a971 <ngx_http_proxy_create_request+1105>:	mov    0x10(%rsp),%rax
0x000000000046a976 <ngx_http_proxy_create_request+1110>:	mov    0x58(%rax),%rdi
0x000000000046a97a <ngx_http_proxy_create_request+1114>:	callq  0x408df0 <ngx_alloc_chain_link>
0x000000000046a97f <ngx_http_proxy_create_request+1119>:	test   %rax,%rax
0x000000000046a982 <ngx_http_proxy_create_request+1122>:	mov    %rax,0x30(%rsp)
0x000000000046a987 <ngx_http_proxy_create_request+1127>:	je     0x46a926 <ngx_http_proxy_create_request+1030>
0x000000000046a989 <ngx_http_proxy_create_request+1129>:	mov    0x58(%rsp),%rdx
0x000000000046a98e <ngx_http_proxy_create_request+1134>:	mov    0x8(%rbp),%rdi
0x000000000046a992 <ngx_http_proxy_create_request+1138>:	mov    0x50(%rsp),%rsi
0x000000000046a997 <ngx_http_proxy_create_request+1143>:	mov    %rbp,(%rax)
0x000000000046a99a <ngx_http_proxy_create_request+1146>:	callq  0x404798 <memcpy at plt>
0x000000000046a99f <ngx_http_proxy_create_request+1151>:	mov    0x48(%rsp),%rcx
0x000000000046a9a4 <ngx_http_proxy_create_request+1156>:	add    0x58(%rsp),%rax
0x000000000046a9a9 <ngx_http_proxy_create_request+1161>:	mov    0x38(%rsp),%rdx
0x000000000046a9ae <ngx_http_proxy_create_request+1166>:	cmpq   $0x0,0x1b0(%rcx)
0x000000000046a9b6 <ngx_http_proxy_create_request+1174>:	mov    %rax,0x8(%rbp)
0x000000000046a9ba <ngx_http_proxy_create_request+1178>:	mov    %rax,0x348(%rdx)
0x000000000046a9c1 <ngx_http_proxy_create_request+1185>:	je     0x46a9d5 <ngx_http_proxy_create_request+1205>
0x000000000046a9c3 <ngx_http_proxy_create_request+1187>:	mov    0x40(%rsp),%rax
0x000000000046a9c8 <ngx_http_proxy_create_request+1192>:	mov    0x68(%rax),%rdx
0x000000000046a9cc <ngx_http_proxy_create_request+1196>:	test   %rdx,%rdx
0x000000000046a9cf <ngx_http_proxy_create_request+1199>:	jne    0x46ac3d <ngx_http_proxy_create_request+1821>
0x000000000046a9d5 <ngx_http_proxy_create_request+1205>:	cmpq   $0x0,0x28(%rsp)
0x000000000046a9db <ngx_http_proxy_create_request+1211>:	jne    0x46ae09 <ngx_http_proxy_create_request+2281>
0x000000000046a9e1 <ngx_http_proxy_create_request+1217>:	mov    0x10(%rsp),%rcx
0x000000000046a9e6 <ngx_http_proxy_create_request+1222>:	testb  $0x8,0x43c(%rcx)
0x000000000046a9ed <ngx_http_proxy_create_request+1229>:	jne    0x46af77 <ngx_http_proxy_create_request+2647>
0x000000000046a9f3 <ngx_http_proxy_create_request+1235>:	cmpq   $0x0,0x20(%rsp)
0x000000000046a9f9 <ngx_http_proxy_create_request+1241>:	je     0x46adc6 <ngx_http_proxy_create_request+2214>
0x000000000046a9ff <ngx_http_proxy_create_request+1247>:	mov    0x10(%rsp),%rcx
0x000000000046aa04 <ngx_http_proxy_create_request+1252>:	mov    0x18(%rsp),%rsi
0x000000000046aa09 <ngx_http_proxy_create_request+1257>:	mov    0x8(%rbp),%rdi
0x000000000046aa0d <ngx_http_proxy_create_request+1261>:	mov    0x330(%rcx),%rdx
0x000000000046aa14 <ngx_http_proxy_create_request+1268>:	add    0x338(%rcx),%rsi
0x000000000046aa1b <ngx_http_proxy_create_request+1275>:	xor    %ecx,%ecx
0x000000000046aa1d <ngx_http_proxy_create_request+1277>:	sub    0x18(%rsp),%rdx
0x000000000046aa22 <ngx_http_proxy_create_request+1282>:	callq  0x40a6f0 <ngx_escape_uri>
0x000000000046aa27 <ngx_http_proxy_create_request+1287>:	mov    0x10(%rsp),%rax
0x000000000046aa2c <ngx_http_proxy_create_request+1292>:	mov    0x18(%rsp),%rdx
0x000000000046aa31 <ngx_http_proxy_create_request+1297>:	mov    0x330(%rax),%rax
0x000000000046aa38 <ngx_http_proxy_create_request+1304>:	add    %rax,0x20(%rsp)
0x000000000046aa3d <ngx_http_proxy_create_request+1309>:	sub    %rdx,0x20(%rsp)
0x000000000046aa42 <ngx_http_proxy_create_request+1314>:	mov    0x20(%rsp),%rcx
0x000000000046aa47 <ngx_http_proxy_create_request+1319>:	add    %rcx,0x8(%rbp)
0x000000000046aa4b <ngx_http_proxy_create_request+1323>:	mov    0x10(%rsp),%rax
0x000000000046aa50 <ngx_http_proxy_create_request+1328>:	cmpq   $0x0,0x340(%rax)
0x000000000046aa58 <ngx_http_proxy_create_request+1336>:	jne    0x46af40 <ngx_http_proxy_create_request+2592>
0x000000000046aa5e <ngx_http_proxy_create_request+1342>:	mov    0x38(%rsp),%rcx
0x000000000046aa63 <ngx_http_proxy_create_request+1347>:	mov    0x8(%rbp),%rdx
0x000000000046aa67 <ngx_http_proxy_create_request+1351>:	mov    %rdx,%rax
0x000000000046aa6a <ngx_http_proxy_create_request+1354>:	sub    0x348(%rcx),%rax
0x000000000046aa71 <ngx_http_proxy_create_request+1361>:	mov    %rax,0x340(%rcx)
0x000000000046aa78 <ngx_http_proxy_create_request+1368>:	mov    0x48(%rsp),%rax
0x000000000046aa7d <ngx_http_proxy_create_request+1373>:	cmpq   $0x3e9,0x298(%rax)
0x000000000046aa88 <ngx_http_proxy_create_request+1384>:	je     0x46ad9a <ngx_http_proxy_create_request+2170>
0x000000000046aa8e <ngx_http_proxy_create_request+1390>:	mov    0x2496df(%rip),%rax        # 0x6b4174 <ngx_http_proxy_version>
0x000000000046aa95 <ngx_http_proxy_create_request+1397>:	mov    %rax,(%rdx)
0x000000000046aa98 <ngx_http_proxy_create_request+1400>:	movzwl 0x2496dd(%rip),%eax        # 0x6b417c <ngx_http_proxy_version+8>
0x000000000046aa9f <ngx_http_proxy_create_request+1407>:	mov    %ax,0x8(%rdx)
0x000000000046aaa3 <ngx_http_proxy_create_request+1411>:	movzbl 0x2496d4(%rip),%eax        # 0x6b417e <ngx_http_proxy_version+10>
0x000000000046aaaa <ngx_http_proxy_create_request+1418>:	mov    %al,0xa(%rdx)
0x000000000046aaad <ngx_http_proxy_create_request+1421>:	lea    0xb(%rdx),%rax
0x000000000046aab1 <ngx_http_proxy_create_request+1425>:	mov    %rax,0x8(%rbp)
0x000000000046aab5 <ngx_http_proxy_create_request+1429>:	lea    0xc0(%rsp),%r13
0x000000000046aabd <ngx_http_proxy_create_request+1437>:	mov    $0x58,%edx
0x000000000046aac2 <ngx_http_proxy_create_request+1442>:	xor    %esi,%esi
0x000000000046aac4 <ngx_http_proxy_create_request+1444>:	mov    %r13,%rdi
0x000000000046aac7 <ngx_http_proxy_create_request+1447>:	callq  0x403fe8 <memset at plt>
0x000000000046aacc <ngx_http_proxy_create_request+1452>:	mov    0x48(%rsp),%rdx
0x000000000046aad1 <ngx_http_proxy_create_request+1457>:	mov    0x10(%rsp),%rcx
0x000000000046aad6 <ngx_http_proxy_create_request+1462>:	mov    0x190(%rdx),%rax
0x000000000046aadd <ngx_http_proxy_create_request+1469>:	mov    %rcx,0x110(%rsp)
0x000000000046aae5 <ngx_http_proxy_create_request+1477>:	mov    (%rax),%rax
0x000000000046aae8 <ngx_http_proxy_create_request+1480>:	mov    %rax,0xc0(%rsp)
0x000000000046aaf0 <ngx_http_proxy_create_request+1488>:	mov    0x8(%rbp),%rax
0x000000000046aaf4 <ngx_http_proxy_create_request+1492>:	orb    $0x1,0x100(%rsp)
0x000000000046aafc <ngx_http_proxy_create_request+1500>:	mov    %rax,0xc8(%rsp)
0x000000000046ab04 <ngx_http_proxy_create_request+1508>:	mov    0x188(%rdx),%rax
0x000000000046ab0b <ngx_http_proxy_create_request+1515>:	mov    (%rax),%rax
(continues)

-- 
Russell Howe
rhowe at moonfruit.com


From baishen.lists at gmail.com  Thu Jul 12 19:53:32 2012
From: baishen.lists at gmail.com (Bai Shen)
Date: Thu, 12 Jul 2012 15:53:32 -0400
Subject: Proxy_pass and URI processing
Message-ID: <CAJVBNiHyUcgJ0M4DFYEzk54hgs1Xm8hdj5_2Zont3Cc3Ac2otw@mail.gmail.com>

So I'm looking at the proxy_pass directive at
http://wiki.nginx.org/HttpProxyModule

It mentions URI processing.

For these cases of URI it is transferred without the mapping.

Furthermore, it is possible to indicate so that URI should be transferred
in the same form as sent by client, not in processed form. During
processing:

   - two or by more slashes are converted into one slash: "//" -- "/";
   - references to the current directory are removed: "/./" -- "/";
   - references to the previous catalog are removed: "/dir /../" -- "/".


However, I can't seem to find a way to turn this on or off.  The example
given is

proxy_pass <http://wiki.nginx.org/NginxHttpProxyModule#proxy_pass>
http <http://wiki.nginx.org/NginxHttpCoreModule#http>://localhost:8000/uri/;

But that doesn't work.  I even tried using $request_uri? and that didn't
work.

So how do I configure whether or not nginx does the processing?

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120712/08ac0fcf/attachment.html>

From nginx-forum at nginx.us  Thu Jul 12 21:05:24 2012
From: nginx-forum at nginx.us (mondalaci)
Date: Thu, 12 Jul 2012 17:05:24 -0400 (EDT)
Subject: Variable substition inconsistency
Message-ID: <8c4018762b44a44883a1a051be33a822.NginxMailingListEnglish@forum.nginx.org>

Hi List,

Here's a section of my configuration:

set $site mysite.com;
root /var/www/$site;
server_name $site;
access_log /var/log/nginx/${site}_access.log;
error_log /var/log/nginx/${site}_error.log;

In this example root and access_log gets substituted, server_name and
error_log doesn't.  Where can I look up that in which contexts
substitution works?

Laci

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228546,228546#msg-228546


From mdounin at mdounin.ru  Thu Jul 12 21:16:24 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 13 Jul 2012 01:16:24 +0400
Subject: Variable substition inconsistency
In-Reply-To: <8c4018762b44a44883a1a051be33a822.NginxMailingListEnglish@forum.nginx.org>
References: <8c4018762b44a44883a1a051be33a822.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120712211624.GI31671@mdounin.ru>

Hello!

On Thu, Jul 12, 2012 at 05:05:24PM -0400, mondalaci wrote:

> Hi List,
> 
> Here's a section of my configuration:
> 
> set $site mysite.com;
> root /var/www/$site;
> server_name $site;
> access_log /var/log/nginx/${site}_access.log;
> error_log /var/log/nginx/${site}_error.log;
> 
> In this example root and access_log gets substituted, server_name and
> error_log doesn't.  Where can I look up that in which contexts
> substitution works?

If variables are supported, it's explicitly documented:

http://nginx.org/r/root
http://nginx.org/r/access_log

Note well: the above config snippet suggests you don't need 
variables, but need some configuration macros instead.  Variables 
are evaluated at run time for each request and it's bad idea to 
use them just to replace several static strings.  Use your 
favorite macro processor instead if you need to.

Maxim Dounin


From nginx-forum at nginx.us  Fri Jul 13 00:10:44 2012
From: nginx-forum at nginx.us (mondalaci)
Date: Thu, 12 Jul 2012 20:10:44 -0400 (EDT)
Subject: Variable substition inconsistency
In-Reply-To: <20120712211624.GI31671@mdounin.ru>
References: <20120712211624.GI31671@mdounin.ru>
Message-ID: <cb102db22d48a07b630442bb52740d21.NginxMailingListEnglish@forum.nginx.org>

Thanks a lot for explaining, Maxim!

I didn't know that variables are evaluated at run time.  I won't use
them for sure then.  Having only a couple of server blocks I don't need
to use macro processors yet.

Cheers,
Laci

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228546,228554#msg-228554


From nginx-forum at nginx.us  Fri Jul 13 03:13:36 2012
From: nginx-forum at nginx.us (bpoppa)
Date: Thu, 12 Jul 2012 23:13:36 -0400 (EDT)
Subject: Bad File Descriptor
Message-ID: <cd890b2feb6119330b0c001b596e67fb.NginxMailingListEnglish@forum.nginx.org>

Hello,

Running v1.0.5 on ubuntu and having an issue.  When I make requests I am
getting this in the error logs:


sendfile() failed (9: Bad file descriptor) while sending response to
client

Googling turns up patches to the source.  Not sure with this version if
I need that and if I do, I would assume I would need to uninstall my
debs and compile from source.  THoughts?

Thanks!

Jim

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228558,228558#msg-228558


From nginx-forum at nginx.us  Fri Jul 13 03:21:24 2012
From: nginx-forum at nginx.us (bpoppa)
Date: Thu, 12 Jul 2012 23:21:24 -0400 (EDT)
Subject: Bad File Descriptor
In-Reply-To: <cd890b2feb6119330b0c001b596e67fb.NginxMailingListEnglish@forum.nginx.org>
References: <cd890b2feb6119330b0c001b596e67fb.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <3ea1c50430dc733b98b73b3becc2be8e.NginxMailingListEnglish@forum.nginx.org>

Update on this..I upgrade to 1.2.1 and still have the issue, thanks!

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228558,228559#msg-228559


From nginx-forum at nginx.us  Fri Jul 13 10:36:40 2012
From: nginx-forum at nginx.us (m081072)
Date: Fri, 13 Jul 2012 06:36:40 -0400 (EDT)
Subject: Keep what was uploaded even if browser disconnects
Message-ID: <537d37f465bf89f2d0dda36f97030a07.NginxMailingListEnglish@forum.nginx.org>

Hi all, this might be a little mental, but I have Actionscript code in
the browser that kicks off a HTTP POST of a binary body thats about 1MB
in size.  If the user navigates away from the page, or somehow the
browser disconnects, I'd like to be able to get whatever data was
uploaded, even if its only 10% of the body.

Is there any way I can do that?  Even if it means telling nginx not to
clean up temporary files, that would work. 

Basically I'm doing this for analytics purposes.

Thanks very much!
Mike.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228573,228573#msg-228573


From i.hailperin at heinlein-support.de  Fri Jul 13 10:49:08 2012
From: i.hailperin at heinlein-support.de (Isaac Hailperin)
Date: Fri, 13 Jul 2012 12:49:08 +0200
Subject: reverse proxy replaces square brackets in request
Message-ID: <4FFFFD24.9010109@heinlein-support.de>

Hi,

I have a redirect loop problem with a website that gets reversed 
proxied. It looks like the following is the cause (which I don't know 
how to solve)

Inspecting the site with httpfox, the request my browser sends looks 
like this:
https://www.acme.eu/acm/admin/gui_call.php?Object=admin at GuiAdminStartpage&Params[gui]=&action=&no_subtitle=1

My nginx log tells me this:
GET
/acm/admin/gui_call.php?Object=admin at GuiAdminStartpage&Params%252525252525252525252525255bgui%252525252525252525252525255d=&action=&no_subtitle=1
HTTP/1.1"
  HTTP/1.1" 301 486 "https://www.acme.eu/acm/ui/" "Mozilla/5.0 (X11;
  Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1"

(This repeats over and over until firefox detects the loop)

To me it looks like somehow nginx changes the square brackets around 
"gui" into "252525252525252525252525255b" and 
"252525252525252525252525255d" respectively. I assume that because the 
script gui_call.php gets wrong parameters, it redirects to /acm/ui. 
/acm/ui calls gui_call.php with wrong paramters, and so on.

If my interpretation is correct, how can I stop this? If not, what is 
going on here?

Isaac


From nginx-forum at nginx.us  Fri Jul 13 16:19:25 2012
From: nginx-forum at nginx.us (munkhabi)
Date: Fri, 13 Jul 2012 12:19:25 -0400 (EDT)
Subject: 502 error
Message-ID: <42778b73f8a3f04fd88b0d438f1bf061.NginxMailingListEnglish@forum.nginx.org>

Hello all,

have question about 502 Bad Gateway error. Does it generated by Nginx,
or by backend server? If it with in Nginx which module generates it?

Thanks.
M.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228575,228575#msg-228575


From mdounin at mdounin.ru  Fri Jul 13 19:50:26 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 13 Jul 2012 23:50:26 +0400
Subject: reverse proxy replaces square brackets in request
In-Reply-To: <4FFFFD24.9010109@heinlein-support.de>
References: <4FFFFD24.9010109@heinlein-support.de>
Message-ID: <20120713195026.GK31671@mdounin.ru>

Hello!

On Fri, Jul 13, 2012 at 12:49:08PM +0200, Isaac Hailperin wrote:

> Hi,
> 
> I have a redirect loop problem with a website that gets reversed
> proxied. It looks like the following is the cause (which I don't
> know how to solve)
> 
> Inspecting the site with httpfox, the request my browser sends looks
> like this:
> https://www.acme.eu/acm/admin/gui_call.php?Object=admin at GuiAdminStartpage&Params[gui]=&action=&no_subtitle=1
> 
> My nginx log tells me this:
> GET
> /acm/admin/gui_call.php?Object=admin at GuiAdminStartpage&Params%252525252525252525252525255bgui%252525252525252525252525255d=&action=&no_subtitle=1
> HTTP/1.1"
>  HTTP/1.1" 301 486 "https://www.acme.eu/acm/ui/" "Mozilla/5.0 (X11;
>  Ubuntu; Linux x86_64; rv:13.0) Gecko/20100101 Firefox/13.0.1"
> 
> (This repeats over and over until firefox detects the loop)
> 
> To me it looks like somehow nginx changes the square brackets around
> "gui" into "252525252525252525252525255b" and
> "252525252525252525252525255d" respectively. I assume that because
> the script gui_call.php gets wrong parameters, it redirects to
> /acm/ui. /acm/ui calls gui_call.php with wrong paramters, and so on.
> 
> If my interpretation is correct, how can I stop this? If not, what
> is going on here?

The "GET ... HTTP/1.1" in nginx logs is what your browser sent to 
nginx.  Original request from browser likely had 
"...Params=%5bgui%5d..." in it (which is ok as per RFC 3986 square 
brackets must be escaped).

It's not clear why and where additional escaping of a "%" 
character to "%25" happens, but likely in the same code which does 
redirects, i.e. it's probably up to your php script.

Maxim Dounin


From mdounin at mdounin.ru  Fri Jul 13 20:01:55 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Sat, 14 Jul 2012 00:01:55 +0400
Subject: 502 error
In-Reply-To: <42778b73f8a3f04fd88b0d438f1bf061.NginxMailingListEnglish@forum.nginx.org>
References: <42778b73f8a3f04fd88b0d438f1bf061.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120713200154.GL31671@mdounin.ru>

Hello!

On Fri, Jul 13, 2012 at 12:19:25PM -0400, munkhabi wrote:

> Hello all,
> 
> have question about 502 Bad Gateway error. Does it generated by Nginx,
> or by backend server? If it with in Nginx which module generates it?

The 502 is a generic error which is generated if upstream server 
doesn't respond properly, see here:

http://tools.ietf.org/html/rfc2616#section-10.5.3

It may be generated by nginx (if error happens while talking to a 
backend), as well as by a backend server (if it talks to some 
backends too, and error happens there).

In nginx it's generated by the upstream module, i.e. it might 
happen if you use proxy, fastcgi, scgi, uwsgi or memcached.

Maxim Dounin


From jaderhs5 at gmail.com  Fri Jul 13 21:13:30 2012
From: jaderhs5 at gmail.com (Jader H. Silva)
Date: Fri, 13 Jul 2012 18:13:30 -0300
Subject: [ngx_lua] ngx.re.split implementation
In-Reply-To: <CAB4Tn6MhWidOTQ3sfUUXwV6VJg1FHuxFza0Y6X+nY0JvQuL1UQ@mail.gmail.com>
References: <A3679F37A6B1F04D823FACED45FEEB5F01A20D@A4-SALOMAO7.uolcorp.intranet>
	<CAB4Tn6MhWidOTQ3sfUUXwV6VJg1FHuxFza0Y6X+nY0JvQuL1UQ@mail.gmail.com>
Message-ID: <CAKy9XyAcG3kgmaQcjdyQrBATXmCocump9E-9x1bw0VGuauGyKQ@mail.gmail.com>

So, here it is :)

ngx.re.split(*subject, regex, options?*, limit?)

This function is based on ngx_re_sub.

It will split subject on regex matches and return a table of strings. Limit
is the max number of splits (0 will return a table containing the subject
string).

Let me know if there are bugs, identation issues or anything I need to fix.

Jader H. Silva

2012/7/11 agentzh <agentzh at gmail.com>

> Hello!
>
> On Wed, Jul 11, 2012 at 12:54 PM, Jader Henrique da Silva
> <cad_jsilva at uolinc.com> wrote:
> > I was checking HttpLuaModule docs and saw "ngx.re.split" implementation
> in
> > the TODO section.
> >
> > Is it already implemented?
>
> Nope, otherwise I would update the TODO section accordingly :)
>
> > Are there any details about this implementation (e.g. parameters,
> returned
> > data)?
> >
>
> Not yet. But I think the behavior will be similar to Perl 5's split
> builtin function.
>
> I'm always open to patches for this feature :)
>
> Best regards,
> -agentzh
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120713/821dbfbd/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ngx_re_split.patch
Type: application/octet-stream
Size: 13574 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120713/821dbfbd/attachment-0001.obj>

From jaderhs5 at gmail.com  Fri Jul 13 21:19:11 2012
From: jaderhs5 at gmail.com (Jader H. Silva)
Date: Fri, 13 Jul 2012 18:19:11 -0300
Subject: [ngx_lua] ngx.re.split implementation
In-Reply-To: <CAKy9XyAcG3kgmaQcjdyQrBATXmCocump9E-9x1bw0VGuauGyKQ@mail.gmail.com>
References: <A3679F37A6B1F04D823FACED45FEEB5F01A20D@A4-SALOMAO7.uolcorp.intranet>
	<CAB4Tn6MhWidOTQ3sfUUXwV6VJg1FHuxFza0Y6X+nY0JvQuL1UQ@mail.gmail.com>
	<CAKy9XyAcG3kgmaQcjdyQrBATXmCocump9E-9x1bw0VGuauGyKQ@mail.gmail.com>
Message-ID: <CAKy9XyDRbn46YaL=zMsj=k7ddn26K6uAsO_o-VGH0h=U5uiRKQ@mail.gmail.com>

The patch was removed in the previous message :(
So here it is (for real).

>From 9091c40e22f6fd0ca2173ecbeb1f932502cc8ac6 Mon Sep 17 00:00:00 2001
From: "Jader H. Silva" <jaderhs5 at gmail.com>
Date: Fri, 13 Jul 2012 18:06:32 -0300
Subject: [PATCH] Add ngx.re.split function

---
 src/ngx_http_lua_regex.c |  443
++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 443 insertions(+)

diff --git a/src/ngx_http_lua_regex.c b/src/ngx_http_lua_regex.c
index 108070c..aa5d445 100644
--- a/src/ngx_http_lua_regex.c
+++ b/src/ngx_http_lua_regex.c
@@ -74,6 +74,7 @@ static int ngx_http_lua_ngx_re_match(lua_State *L);
 static int ngx_http_lua_ngx_re_gmatch(lua_State *L);
 static int ngx_http_lua_ngx_re_sub(lua_State *L);
 static int ngx_http_lua_ngx_re_gsub(lua_State *L);
+static int ngx_http_lua_ngx_re_split(lua_State *L);
 static void ngx_http_lua_regex_free_study_data(ngx_pool_t *pool,
     pcre_extra *sd);
 static ngx_int_t ngx_lua_regex_compile(ngx_lua_regex_compile_t *rc);
@@ -1611,6 +1612,445 @@ error:
     return luaL_error(L, msg);
 }

+static int
+ngx_http_lua_ngx_re_split(lua_State *L)
+{
+    ngx_http_lua_regex_t        *re;
+    ngx_http_request_t          *r;
+    ngx_str_t                    subj;
+    ngx_str_t                    pat;
+    ngx_str_t                    opts;
+    ngx_str_t                    tpl;
+    ngx_http_lua_main_conf_t    *lmcf = NULL;
+    ngx_pool_t                  *pool, *old_pool;
+    ngx_lua_regex_compile_t      re_comp;
+    const char                  *msg;
+    ngx_int_t                    rc;
+    ngx_uint_t                   n;
+    ngx_int_t                    i;
+    int                          nargs;
+    int                         *cap = NULL;
+    int                          ovecsize;
+    int                          type;
+    unsigned                     func;
+    int                          offset;
+    size_t                       count;
+    luaL_Buffer                  luabuf;
+    ngx_int_t                    flags;
+    ngx_int_t                    limit = -1;
+    u_char                      *p;
+    u_char                       errstr[NGX_MAX_CONF_ERRSTR + 1];
+    pcre_extra                  *sd = NULL;
+
+    ngx_http_lua_complex_value_t              *ctpl = NULL;
+    ngx_http_lua_compile_complex_value_t       ccv;
+
+    nargs = lua_gettop(L);
+
+    if (nargs != 2 && nargs != 3 && nargs != 4) {
+        return luaL_error(L, "expecting two or three or four arguments,
but got %d",
+                nargs);
+    }
+
+    lua_pushlightuserdata(L, &ngx_http_lua_request_key);
+    lua_rawget(L, LUA_GLOBALSINDEX);
+    r = lua_touserdata(L, -1);
+    lua_pop(L, 1);
+
+    if (r == NULL) {
+        return luaL_error(L, "no request object found");
+    }
+
+    subj.data = (u_char *) luaL_checklstring(L, 1, &subj.len);
+    pat.data = (u_char *) luaL_checklstring(L, 2, &pat.len);
+
+    if (nargs >= 3) {
+        opts.data = (u_char *) luaL_checklstring(L, 3, &opts.len);
+
+        if (nargs == 4) {
+            limit = luaL_checkinteger(L, 4);
+            lua_pop(L, 1);
+
+        } else {/* nargs == 3 */
+            limit = -1;
+        }
+
+    } else { /* nargs == 2 */
+        opts.data = (u_char *) "";
+        opts.len = 0;
+    }
+
+    ngx_memzero(&re_comp, sizeof(ngx_lua_regex_compile_t));
+
+    /* stack: subj regex repl */
+
+    re_comp.options = 0;
+
+    flags = ngx_http_lua_ngx_re_parse_opts(L, &re_comp, &opts, 4);
+
+    if (flags & NGX_LUA_RE_COMPILE_ONCE) {
+        lmcf = ngx_http_get_module_main_conf(r, ngx_http_lua_module);
+        pool = lmcf->pool;
+
+        dd("server pool %p", lmcf->pool);
+
+        lua_pushlightuserdata(L, &ngx_http_lua_regex_cache_key);
+        lua_rawget(L, LUA_REGISTRYINDEX); /* table */
+
+        lua_pushliteral(L, "s");
+        lua_pushinteger(L, tpl.len);
+        lua_pushliteral(L, ":");
+        lua_pushvalue(L, 2);
+
+        if (tpl.len != 0) {
+            lua_pushvalue(L, 3);
+        }
+
+        dd("options size: %d", (int) sizeof(re_comp.options));
+
+        lua_pushlstring(L, (char *) &re_comp.options,
sizeof(re_comp.options));
+                /* table regex opts */
+
+        if (tpl.len == 0) {
+            lua_concat(L, 5); /* table key */
+
+        } else {
+            lua_concat(L, 6); /* table key */
+        }
+
+        lua_pushvalue(L, -1); /* table key key */
+
+        dd("regex cache key: %.*s", (int) (pat.len +
sizeof(re_comp.options)),
+                lua_tostring(L, -1));
+
+        lua_rawget(L, -3); /* table key re */
+        re = lua_touserdata(L, -1);
+
+        lua_pop(L, 1); /* table key */
+
+        if (re) {
+            ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                    "lua regex cache hit for split regex \"%s\" with
options "
+                    "\"%s\"", pat.data, opts.data);
+
+            lua_pop(L, 2);
+
+            dd("restoring regex %p, ncaptures %d,  captures %p", re->regex,
+                    re->ncaptures, re->captures);
+
+            re_comp.regex = re->regex;
+            sd = re->regex_sd;
+            re_comp.captures = re->ncaptures;
+            cap = re->captures;
+            ctpl = re->replace;
+
+            if (flags & NGX_LUA_RE_MODE_DFA) {
+                ovecsize = 2;
+
+            } else {
+                ovecsize = (re->ncaptures + 1) * 3;
+            }
+
+            goto exec;
+        }
+
+        ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                "lua regex cache miss for split regex \"%s\" with options "
+                "\"%s\"",
+                pat.data, opts.data);
+
+        if (lmcf->regex_cache_entries >= lmcf->regex_cache_max_entries) {
+
+            if (lmcf->regex_cache_entries ==
lmcf->regex_cache_max_entries) {
+                ngx_log_error(NGX_LOG_WARN, r->connection->log, 0,
+                        "lua exceeding regex cache max entries (%i)",
+                        lmcf->regex_cache_max_entries);
+
+                lmcf->regex_cache_entries++;
+            }
+
+            pool = r->pool;
+            flags &= ~NGX_LUA_RE_COMPILE_ONCE;
+        }
+
+    } else {
+        pool = r->pool;
+    }
+
+    re_comp.pattern = pat;
+    re_comp.err.len = NGX_MAX_CONF_ERRSTR;
+    re_comp.err.data = errstr;
+    re_comp.pool = pool;
+
+    dd("compiling regex");
+
+    ngx_log_debug5(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+            "lua compiling split regex \"%s\" with options \"%s\" "
+            "(compile once: %d) (dfa mode: %d) (jit mode: %d)",
+            pat.data, opts.data,
+            (flags & NGX_LUA_RE_COMPILE_ONCE) != 0,
+            (flags & NGX_LUA_RE_MODE_DFA) != 0,
+            (flags & NGX_LUA_RE_MODE_JIT) != 0);
+
+    old_pool = ngx_http_lua_pcre_malloc_init(pool);
+
+    rc = ngx_lua_regex_compile(&re_comp);
+
+    ngx_http_lua_pcre_malloc_done(old_pool);
+
+    if (rc != NGX_OK) {
+        dd("compile failed");
+
+        re_comp.err.data[re_comp.err.len] = '\0';
+        msg = lua_pushfstring(L, "failed to compile regex \"%s\": %s",
+                pat.data, re_comp.err.data);
+
+        return luaL_argerror(L, 2, msg);
+    }
+
+#if LUA_HAVE_PCRE_JIT
+
+    if (flags & NGX_LUA_RE_MODE_JIT) {
+
+        old_pool = ngx_http_lua_pcre_malloc_init(pool);
+
+        sd = pcre_study(re_comp.regex, PCRE_STUDY_JIT_COMPILE, &msg);
+
+        ngx_http_lua_pcre_malloc_done(old_pool);
+
+#   if (NGX_DEBUG)
+        dd("sd = %p", sd);
+
+        if (msg != NULL) {
+            ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                "pcre study failed with PCRE_STUDY_JIT_COMPILE: %s (%p)",
+                msg, sd);
+        }
+
+        if (sd != NULL) {
+            int         jitted;
+
+            old_pool = ngx_http_lua_pcre_malloc_init(pool);
+
+            pcre_fullinfo(re_comp.regex, sd, PCRE_INFO_JIT, &jitted);
+
+            ngx_http_lua_pcre_malloc_done(old_pool);
+
+            ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                "pcre JIT compiling result: %d", jitted);
+        }
+#   endif /* NGX_DEBUG */
+
+    } else {
+
+        old_pool = ngx_http_lua_pcre_malloc_init(pool);
+
+        sd = pcre_study(re_comp.regex, 0, &msg);
+
+        ngx_http_lua_pcre_malloc_done(old_pool);
+
+#   if (NGX_DEBUG)
+        dd("sd = %p", sd);
+
+        if (msg != NULL) {
+            ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                "pcre_study failed with PCRE_STUDY_JIT_COMPILE: %s (%p)",
+                msg, sd);
+        }
+#   endif /* NGX_DEBUG */
+    }
+
+#else  /* LUA_HAVE_PCRE_JIT */
+
+    if (flags & NGX_LUA_RE_MODE_JIT) {
+        ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                "your pcre build does not have JIT support and "
+                "the \"j\" regex option is ignored");
+    }
+
+#endif /* LUA_HAVE_PCRE_JIT */
+
+    dd("compile done, captures %d", re_comp.captures);
+
+    if (flags & NGX_LUA_RE_MODE_DFA) {
+        ovecsize = 2;
+
+    } else {
+        ovecsize = (re_comp.captures + 1) * 3;
+    }
+
+    cap = ngx_palloc(pool, ovecsize * sizeof(int));
+    if (cap == NULL) {
+        flags &= ~NGX_LUA_RE_COMPILE_ONCE;
+        msg = "out of memory";
+        goto error;
+    }
+
+    if (flags & NGX_LUA_RE_COMPILE_ONCE) {
+
+        ngx_log_debug2(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+                "lua saving compiled sub regex (%d captures) into the
cache "
+                "(entries %i)", re_comp.captures,
+                lmcf ? lmcf->regex_cache_entries : 0);
+
+        re = ngx_palloc(pool, sizeof(ngx_http_lua_regex_t));
+        if (re == NULL) {
+            return luaL_error(L, "out of memory");
+        }
+
+        dd("saving regex %p, ncaptures %d,  captures %p", re_comp.regex,
+                re_comp.captures, cap);
+
+        re->regex = re_comp.regex;
+        re->regex_sd = sd;
+        re->ncaptures = re_comp.captures;
+        re->captures = cap;
+        re->replace = ctpl;
+
+        lua_pushlightuserdata(L, re); /* table key value */
+        lua_rawset(L, -3); /* table */
+        lua_pop(L, 1);
+
+        if (lmcf) {
+            lmcf->regex_cache_entries++;
+        }
+    }
+
+exec:
+    count = 0;
+    offset = 0;
+
+    lua_newtable(L);
+
+    for (;;) {
+        if (subj.len == 0 || count == limit) {
+            break;
+        }
+
+        if (flags & NGX_LUA_RE_MODE_DFA) {
+
+#if LUA_HAVE_PCRE_DFA
+
+            int ws[NGX_LUA_RE_DFA_MODE_WORKSPACE_COUNT];
+            rc = ngx_http_lua_regex_dfa_exec(re_comp.regex, sd, &subj,
+                offset, cap, ovecsize, ws,
NGX_LUA_RE_DFA_MODE_WORKSPACE_COUNT);
+
+#else /* LUA_HAVE_PCRE_DFA */
+
+            msg = "at least pcre 6.0 is required for the DFA mode";
+            goto error;
+
+#endif /* LUA_HAVE_PCRE_DFA */
+
+        } else {
+            rc = ngx_http_lua_regex_exec(re_comp.regex, sd, &subj, offset,
cap,
+                    ovecsize);
+        }
+
+        if (rc == NGX_REGEX_NO_MATCHED) {
+            break;
+        }
+
+        if (rc < 0) {
+            msg = lua_pushfstring(L, ngx_regex_exec_n " failed: %d on
\"%s\" "
+                "using \"%s\"", (int) rc, subj.data, pat.data);
+            goto error;
+        }
+
+        if (rc == 0) {
+            if (flags & NGX_LUA_RE_MODE_DFA) {
+                rc = 1;
+
+            } else {
+                msg = "capture size too small";
+                goto error;
+            }
+        }
+
+        dd("rc = %d", (int) rc);
+
+        count++;
+
+        luaL_buffinit(L, &luabuf);
+
+        luaL_addlstring(&luabuf, (char *) &subj.data[offset],
+                    cap[0] - offset);
+
+        lua_pushnumber(L, count);
+        luaL_pushresult(&luabuf);
+        lua_settable(L, -3);
+
+        offset = cap[1];
+
+    }
+
+    if (count == 0) {
+        dd("no match, just the original subject");
+
+        lua_pushnumber(L, count+1);
+        lua_pushvalue(L, 1);
+        lua_settable(L, -3);
+
+    } else {
+        if (offset != (int) subj.len) {
+            dd("adding trailer: %s (len %d)", &subj.data[offset],
+                    (int) (subj.len - offset));
+
+            luaL_buffinit(L, &luabuf);
+
+            luaL_addlstring(&luabuf, (char *) &subj.data[offset],
+                    subj.len - offset);
+
+            lua_pushnumber(L, count+1);
+            luaL_pushresult(&luabuf);
+            lua_settable(L, -3);
+
+        }
+
+        dd("the dst string: %s", lua_tostring(L, -1));
+    }
+
+    if (!(flags & NGX_LUA_RE_COMPILE_ONCE)) {
+        if (sd) {
+            ngx_http_lua_regex_free_study_data(pool, sd);
+        }
+
+        if (re_comp.regex) {
+            ngx_pfree(pool, re_comp.regex);
+        }
+
+        if (ctpl) {
+            ngx_pfree(pool, ctpl);
+        }
+
+        if (cap) {
+            ngx_pfree(pool, cap);
+        }
+    }
+
+    return 1;
+
+error:
+    if (!(flags & NGX_LUA_RE_COMPILE_ONCE)) {
+        if (sd) {
+            ngx_http_lua_regex_free_study_data(pool, sd);
+        }
+
+        if (re_comp.regex) {
+            ngx_pfree(pool, re_comp.regex);
+        }
+
+        if (ctpl) {
+            ngx_pfree(pool, ctpl);
+        }
+
+        if (cap) {
+            ngx_pfree(pool, cap);
+        }
+    }
+
+    return luaL_error(L, msg);
+}

 void
 ngx_http_lua_inject_regex_api(lua_State *L)
@@ -1631,6 +2071,9 @@ ngx_http_lua_inject_regex_api(lua_State *L)
     lua_pushcfunction(L, ngx_http_lua_ngx_re_gsub);
     lua_setfield(L, -2, "gsub");

+    lua_pushcfunction(L, ngx_http_lua_ngx_re_split);
+    lua_setfield(L, -2, "split");
+
     lua_setfield(L, -2, "re");
 }

-- 
1.7.9.5


2012/7/13 Jader H. Silva <jaderhs5 at gmail.com>

> So, here it is :)
>
> ngx.re.split(*subject, regex, options?*, limit?)
>
> This function is based on ngx_re_sub.
>
> It will split subject on regex matches and return a table of strings.
> Limit is the max number of splits (0 will return a table containing the
> subject string).
>
> Let me know if there are bugs, identation issues or anything I need to fix.
>
> Jader H. Silva
>
>
> 2012/7/11 agentzh <agentzh at gmail.com>
>
>> Hello!
>>
>> On Wed, Jul 11, 2012 at 12:54 PM, Jader Henrique da Silva
>> <cad_jsilva at uolinc.com> wrote:
>> > I was checking HttpLuaModule docs and saw "ngx.re.split" implementation
>> in
>> > the TODO section.
>> >
>> > Is it already implemented?
>>
>> Nope, otherwise I would update the TODO section accordingly :)
>>
>> > Are there any details about this implementation (e.g. parameters,
>> returned
>> > data)?
>> >
>>
>> Not yet. But I think the behavior will be similar to Perl 5's split
>> builtin function.
>>
>> I'm always open to patches for this feature :)
>>
>> Best regards,
>> -agentzh
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120713/18b127ed/attachment-0001.html>

From mdounin at mdounin.ru  Fri Jul 13 21:39:16 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Sat, 14 Jul 2012 01:39:16 +0400
Subject: segfault in nginx 1.2.0 and 1.2.2 when serving 400 error pages
	via a reverse proxied host
In-Reply-To: <4FFEFFCB.5010309@moonfruit.com>
References: <4FFEFFCB.5010309@moonfruit.com>
Message-ID: <20120713213915.GO31671@mdounin.ru>

Hello!

On Thu, Jul 12, 2012 at 05:48:11PM +0100, Russell Howe wrote:

> Earlier this year we noticed a large number of segfaulting nginx processes.
> 
> This turned out to be an instance of:
> 
> http://forum.nginx.org/read.php?2,213479
> 
> whereby we had a config snippet which looked like:
> 
> 	error_page 400 @fallback

Don't do that? (c)

The problem with 400 errors is more or less trivial and the above 
link explains it in details.  There is no need to debug anything 
here, it's mostly about writing code to handle it.  (Or probably 
about writing code to make the above config invalid and/or provide 
a warning.)

Note well that handling of 400 errors isn't really good idea even 
with normal uri of an error page, not only with named locations.  
As 400 (Bad request) means bad request and you can't really trust 
anything got from a client.  Unless you really understand what are 
you doing and possible implications it's much better idea to let 
nginx return builtin error page.

[...]

> Also, I discovered that your nginx-debug RPM doesn't actually include debug symbols (!)
> On CentOS 5 I fixed this by adding to the top of the spec file:
> 
> %define __os_install_post  \
>     /usr/lib/rpm/brp-compress \
>     /usr/lib/rpm/brp-strip-static-archive \
>     /usr/lib/rpm/brp-strip-comment-note \
> 
> 
> Which is redefining __os_install_post to be the same as usual, minus the call to /usr/lib/rpm/brp-strip
> 
> What was happening was that the nginx binary was built, complete with symbols, copied to nginx.debug, then the original binary was stripped.
> 
> Then, __os_install_post ran, which called brp-strip. brp-strip goes and strips all the executables it can find, including nginx.debug!

This looks intresting, thanks.  Sergey, could you please take a look?

[...]

Maxim Dounin


From jcpetit at syspark.com  Sat Jul 14 04:13:27 2012
From: jcpetit at syspark.com (Jean-Christophe Petit)
Date: Sat, 14 Jul 2012 00:13:27 -0400
Subject: nginx caching in milliseconds
Message-ID: <5000F1E7.90904@syspark.com>

Hello,

would it be possible to cache with nginx below 1 second ? I mean in the 
hundreds of milliseconds ?
For example:
proxy_cache_valid 200 301 302 500ms;

Have a good day,

JC

-- 
Jean-Christophe Petit
VP R&D et DSI

GROUPE SYSPARK
The Power of Internet Engineering / La Force du G?nie Internet
606 Cathcart, Suite 510
Montreal, Quebec H3B 1K9 - CANADA
T: 1 514 875 8755
C: 1 514 575 5560
F: 1 514 875 8775

-------------------------------------------------------------------
Le contenu de ce courriel est confidentiel et ? l'intention du (des) destinataire(s) seulement. Si vous recevez cette transmission par erreur, veuillez m'aviser imm?diatement par t?l?phone en utilisant le num?ro ci-haut (? frais vir?s si n?cessaire). Veuillez effacer ou d?truire toutes copies de ce courriel re?ues. Merci.

The information contained in this email is confidential information intended only for the addressee(s). If you have received this communication in error, please immediately notify me by telephone at the above noted number (collect if necessary) and delete or destroy any copies of it. Thank you


From nginx-forum at nginx.us  Sat Jul 14 14:59:37 2012
From: nginx-forum at nginx.us (lukasz138)
Date: Sat, 14 Jul 2012 10:59:37 -0400 (EDT)
Subject: Access to subfolder
Message-ID: <b7b16cd7e6afb2502f7ece984ac8baa1.NginxMailingListEnglish@forum.nginx.org>

I have site protected by password:
location / {
auth_basic ...
...
}

but I need excluded some folder ex. /a/b/c/ from authentication

it is possible ?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228587,228587#msg-228587


From edho at myconan.net  Sat Jul 14 15:06:42 2012
From: edho at myconan.net (Edho Arief)
Date: Sat, 14 Jul 2012 22:06:42 +0700
Subject: Access to subfolder
In-Reply-To: <b7b16cd7e6afb2502f7ece984ac8baa1.NginxMailingListEnglish@forum.nginx.org>
References: <b7b16cd7e6afb2502f7ece984ac8baa1.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAAtReC=QT10tBBkiv1SQRM7sfJ3zFY9fbWduWPtuFiAM80mJuQ@mail.gmail.com>

On Sat, Jul 14, 2012 at 9:59 PM, lukasz138 <nginx-forum at nginx.us> wrote:
> I have site protected by password:
> location / {
> auth_basic ...
> ...
> }
>
> but I need excluded some folder ex. /a/b/c/ from authentication
>
> it is possible ?
>

Yes. Just add another location where you don't want to use
authentication, optionally prefixing it by ^~[1]:

location ^~ /a/b/c/ {
  ...
}
location / {
  auth_basic ...
  ...
}

[1] http://nginx.org/r/location


From nginx-forum at nginx.us  Sat Jul 14 16:05:11 2012
From: nginx-forum at nginx.us (tahseen)
Date: Sat, 14 Jul 2012 12:05:11 -0400 (EDT)
Subject: nginx high active connections
In-Reply-To: <7B58F5CCF2024A89A34C2A9A5B699EB8@DD21>
References: <7B58F5CCF2024A89A34C2A9A5B699EB8@DD21>
Message-ID: <3dfd9dffdbedac73bf0a338be70edd73.NginxMailingListEnglish@forum.nginx.org>

So situation is this. nginx takes the incoming request and then passes
it on to Tomcat, which is running a servlet. The servlet responses back
to nginx and at the same time does logging of various request
information via JMS

Now nginx definitely is capable of handling high requests. 

I increased Tomcat threadpool value from 500 to 2,000 and made heapsize
4GB

JMSMaxConnections was set to 10 and JMSMaxActiveConnections was set to
5

I made them 100 and 50 respectively. After that it drastically reduced
nginx active connections

But my questions is have I done justice to JMS connection values? Aren't
they suppose to be more? LIke 500 or so

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228238,228589#msg-228589


From nginx-forum at nginx.us  Sat Jul 14 16:57:55 2012
From: nginx-forum at nginx.us (lukasz138)
Date: Sat, 14 Jul 2012 12:57:55 -0400 (EDT)
Subject: Access to subfolder
In-Reply-To: <CAAtReC=QT10tBBkiv1SQRM7sfJ3zFY9fbWduWPtuFiAM80mJuQ@mail.gmail.com>
References: <CAAtReC=QT10tBBkiv1SQRM7sfJ3zFY9fbWduWPtuFiAM80mJuQ@mail.gmail.com>
Message-ID: <f3472579eebdd0e153540dd55af3d732.NginxMailingListEnglish@forum.nginx.org>

ok, but I want to access to any subfolder behind /a/b/c/, example
/a/b/c/d or /a/b/c/test.html . Any solution ?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228587,228590#msg-228590


From agentzh at gmail.com  Sat Jul 14 19:05:52 2012
From: agentzh at gmail.com (agentzh)
Date: Sat, 14 Jul 2012 12:05:52 -0700
Subject: [ngx_lua] ngx.re.split implementation
In-Reply-To: <CAKy9XyDRbn46YaL=zMsj=k7ddn26K6uAsO_o-VGH0h=U5uiRKQ@mail.gmail.com>
References: <A3679F37A6B1F04D823FACED45FEEB5F01A20D@A4-SALOMAO7.uolcorp.intranet>
	<CAB4Tn6MhWidOTQ3sfUUXwV6VJg1FHuxFza0Y6X+nY0JvQuL1UQ@mail.gmail.com>
	<CAKy9XyAcG3kgmaQcjdyQrBATXmCocump9E-9x1bw0VGuauGyKQ@mail.gmail.com>
	<CAKy9XyDRbn46YaL=zMsj=k7ddn26K6uAsO_o-VGH0h=U5uiRKQ@mail.gmail.com>
Message-ID: <CAB4Tn6Ne9+8wiXTS-XV2hB9V182jdutBSKT_gobMcCrFxTHvrA@mail.gmail.com>

Hello!

On Fri, Jul 13, 2012 at 2:19 PM, Jader H. Silva <jaderhs5 at gmail.com> wrote:
> The patch was removed in the previous message :(
> So here it is (for real).
>

Thanks for the patch! I'll look into this in the next week :)

Best regards,
-agentzh


From agentzh at gmail.com  Sun Jul 15 01:21:57 2012
From: agentzh at gmail.com (agentzh)
Date: Sat, 14 Jul 2012 18:21:57 -0700
Subject: [ANN] ngx_openresty devel version 1.2.1.7 released
In-Reply-To: <CAB4Tn6Oyi+oCfxRCEA7tzWcuPuk9poSVOrYHH9RXK=yLDabzkA@mail.gmail.com>
References: <CAB4Tn6Oyi+oCfxRCEA7tzWcuPuk9poSVOrYHH9RXK=yLDabzkA@mail.gmail.com>
Message-ID: <CAB4Tn6Oib_k4K+RwPrPW9W9uv16QTq+sHbt52pQ0YDXpqrKrzQ@mail.gmail.com>

Hi, folks!

After 10 days' active development, I'm pleased to announce the new
development version of ngx_openresty, 1.2.1.7:

   http://openresty.org/#Download

This release features the new UDP and datagram unix domain cosocket
API in the ngx_lua module.

Below is the complete change log for this release, as compared to the
last release (1.2.1.5):

 *   upraded HeadersMoreNginxModule to 0.17.

     *   bugfix: more_clear_input_headers did not remove all the
         instances for the built-in headers or custom headers.

     *   bugfix: more_clear_input_headers might accidentally remove
         request headers that were not specified at all and left the
         specified headers with just empty header values when
         removing multiple built-in headers. thanks Matthieu Tourne
         for reporting the issues.

 *   upgraded LuaNginxModule to 0.5.7.

     *   feature: added an optional "option table" to
         tcpsock:connect() which accepts a "pool" option to allow the
         user specify a custom pool name intead of the automatically
         generated one based on the host-port pair or the socket file
         path. thanks Brian Akins for the patches.

     *   feature: implemented the UDP/unix-datagram cosocket API. the
         entry point is ngx.socket.udp. we preserve API compatibility
         with the LuaSocket library but everything is non-blocking in
         our implementation.

     *   feature: added new Nginx API for Lua:
         ngx.req.set_method(method_id) and ngx.req.get_method. thanks
         Matthieu Tourne for suggesting these.

     *   bugfix: the tcp/stream-unix cosocket object might hang when
         another concurrent request is accessing it while its
         operation is still in progress; now we always check for
         potential access conflicts and return the "socket busy"
         error string if it is indeed the case.

     *   bugfix: the tcpsock:connect() method always returned the
         (vague) error strng "connect peer error" instead of the
         (detailed) system error string when the connect syscall
         failed.

     *   bugfix: the TCP/stream-unix cosocket object might go wrong
         after it connected successfully in a single run (that is, no
         "EAGAIN" returned in the middle) and DNS domain names were
         used.

     *   bugfix: tcpsock:receive() and tcpsock:send() always returned
         "error" as the error message instead of the (detailed)
         system error string.

     *   bugfix: ngx.req.clear_header() did not remove all the
         instances for the built-in headers or custom headers.

     *   bugfix: ngx.req.clear_header() might accidentally remove
         request headers that are not specified at all and left the
         specified headers with just empty header values when
         removing multiple built-in headers. thanks Matthieu Tourne
         for reporting the issues.

     *   bugfix: we did not always test if the request object pointer
         is null in the "ngx.req.*_body" API.

     *   bugfix: ngx.exec() did not accept the "nil" value for its
         second (optional) argument.

     *   bugfix: "ngx.exit(404/500/...)" would throw out Lua errors
         when the response headers with exactly the same status code
         had already been sent. thanks Matthieu Tourne for reporting
         this.

     *   bugfix: gcc might issue the "unused variable" warning when
         PCRE was disabled. thanks Dirk Feytons for the patch.

 *   upgraded LuaRestyRedisLibrary to 0.11.

     *   feature: added the "array_to_hash" method. thanks Brian
         Akins for the patch in github #8.

 *   upgraded LuaRestyMySQLLibrary to 0.09.

     *   feature: added the "compact_arrays" option to the
         "connect()" method to make the driver return arrays of
         arrays instead of the (default) arrays of hashes. thanks
         Lance Li for requesting this feature.

     *   feature: added new method "set_compact_arrays" to change the
         current "compact_arrays" option value used by the current
         object for subsequent queries. thanks Lance Li for
         suggesting it.

     *   feature: added the "pool" option to the "connect()" method.

     *   bugfix: connections to different MySQL databases and/or
         different MySQL users would incorrectly share the same
         connection pool as long as they were connecting to the same
         MySQL server. thanks lhmwzy for reporting the issue.

     *   docs: fixed the "path" option value for the "connect()"
         method in README. it should not take the "unix:" prefix.
         thanks Lance Li.

     *   docs: documented that storing the object instance into lua
         module-level variables will result in failures for
         concurrent requests.

     *   docs: documented that this library cannot be used in those
         contexts where the cosocket API is unavailable.

 *   upgraded the standard Lua interpreter to 5.1.5.

 *   disabled the Lua 5.0 compatibility in the standard Lua
     interpreter bundled.

The HTML version of this change log with some useful hyper-links can be
browsed here:

   http://openresty.org/#ChangeLog1002001

Special thanks go to all our contributors and users for helping make
this happen :)

OpenResty (aka. ngx_openresty) is a full-fledged web application
server by bundling the standard Nginx core, lots of 3rd-party Nginx
modules, as well as most of their external dependencies. See
OpenResty's homepage for details:

    http://openresty.org/

Enjoy!
-agentzh


From sb at waeme.net  Sun Jul 15 08:36:05 2012
From: sb at waeme.net (Sergey Budnevitch)
Date: Sun, 15 Jul 2012 12:36:05 +0400
Subject: segfault in nginx 1.2.0 and 1.2.2 when serving 400 error pages
	via a reverse proxied host
In-Reply-To: <4FFEFFCB.5010309@moonfruit.com>
References: <4FFEFFCB.5010309@moonfruit.com>
Message-ID: <854FB616-8D1F-4F31-B240-F608D4283F36@waeme.net>


On 12.07.2012, at 20:48, Russell Howe wrote:
> 
> Also, I discovered that your nginx-debug RPM doesn't actually include debug symbols (!)
> On CentOS 5 I fixed this by adding to the top of the spec file:

Confirmed. I have mistakenly placed '%define __spec_install_port /usr/lib/rpm/brp-compress' in spec 
to avoid stripping but it is overwritten by external macro definition. I'll fix it by next release.

From nginx-forum at nginx.us  Sun Jul 15 12:51:06 2012
From: nginx-forum at nginx.us (google000)
Date: Sun, 15 Jul 2012 08:51:06 -0400 (EDT)
Subject: nginx 1.0.10 error [emerg] invalid condition "'!-f"
In-Reply-To: <f5f618caecec347f6c6bc8ef5525a975.NginxMailingListEnglish@forum.nginx.org>
References: <f5f618caecec347f6c6bc8ef5525a975.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <4af5a2fece192dd27cdf862da1b9d7ea.NginxMailingListEnglish@forum.nginx.org>

can someone help , if it doesnt support && , i dont know how to make it
works... ?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228528,228595#msg-228595


From nginx-forum at nginx.us  Sun Jul 15 13:10:55 2012
From: nginx-forum at nginx.us (google000)
Date: Sun, 15 Jul 2012 09:10:55 -0400 (EDT)
Subject: nginx 1.0.10 error [emerg] invalid condition "'!-f"
In-Reply-To: <4af5a2fece192dd27cdf862da1b9d7ea.NginxMailingListEnglish@forum.nginx.org>
References: <f5f618caecec347f6c6bc8ef5525a975.NginxMailingListEnglish@forum.nginx.org>
	<4af5a2fece192dd27cdf862da1b9d7ea.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <784b42505e6fcf4864792ddde8ae716c.NginxMailingListEnglish@forum.nginx.org>

ok, problem fixed.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228528,228596#msg-228596


From nginx-forum at nginx.us  Sun Jul 15 21:25:56 2012
From: nginx-forum at nginx.us (DeineAgentur)
Date: Sun, 15 Jul 2012 17:25:56 -0400 (EDT)
Subject: MP4 - start time is out mp4 stts samples
Message-ID: <ab84236712528666c35acdbcdf3b1ce7.NginxMailingListEnglish@forum.nginx.org>

Hello,

i get the following errors:


2012/07/15 22:58:44 [info] 30717#0: *1 client prematurely closed
connection while sending mp4 to client, client: 127.0.0.158, server:
xxx.com, request: "GET /mp4/mp4/vs-xxx.720p.mp4?start=0 HTTP/1.1", host:
"xxx.com", referrer: "http://xxx.com/stream/player.swf"
2012/07/15 22:58:44 [error] 30717#0: *2 start time is out mp4 stts
samples in "/var/www/virtual/xxx.com/files/mp4/mp4/vs-xxx.720p.mp4",
client: 127.0.0.158, server: xxx.com, request: "GET
/mp4/mp4/vs-xxx.720p.mp4?start=2934.89 HTTP/1.1", host: "xxx.com",
referrer: "http://xxx.com/stream/player.swf"
2012/07/15 23:07:33 [error] 31389#0: *1 open()
"/var/www/virtual/xxx.com/htdocs/favicon.ico" failed (2: No such file or
directory), client: 127.0.0.158, server: xxx.com, request: "GET
/favicon.ico HTTP/1.1", host: "xxx.com"
2012/07/15 23:07:45 [info] 31389#0: *1 client prematurely closed
connection while sending mp4 to client, client: 127.0.0.158, server:
xxx.com, request: "GET /mp4/mp4/vs-xxx.720p.mp4?start=0 HTTP/1.1", host:
"xxx.com", referrer: "http://xxx.com/stream/player.swf"
2012/07/15 23:07:45 [error] 31389#0: *2
"/var/www/virtual/xxx.com/files/mp4/mp4/vs-xxx.720p.mp4" mp4 moov atom
is too large:5689479, you may want to increase mp4_max_buffer_size,
client: 127.0.0.158, server: xxx.com, request: "GET
/mp4/mp4/vs-xxx.720p.mp4?start=528.83 HTTP/1.1", host: "xxx.com",
referrer: "http://xxx.com/stream/player.swf"
2012/07/15 23:09:03 [info] 31454#0: *1 sendfile() failed (104:
Connection reset by peer) while sending mp4 to client, client:
127.0.0.158, server: xxx.com, request: "GET
/mp4/mp4/vs-xxx.720p.mp4?start=0 HTTP/1.1", host: "xxx.com", referrer:
"http://xxx.com/stream/player.swf"
2012/07/15 23:09:03 [error] 31454#0: *2 start time is out mp4 stts
samples in "/var/www/virtual/xxx.com/files/mp4/mp4/vs-xxx.720p.mp4",
client: 127.0.0.158, server: xxx.com, request: "GET
/mp4/mp4/vs-xxx.720p.mp4?start=1667.46 HTTP/1.1", host: "xxx.com",
referrer: "http://xxx.com/stream/player.swf"


The file is 5.3 GB large. 

smaller files that i tried working.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228600,228600#msg-228600


From nginx-forum at nginx.us  Sun Jul 15 21:29:05 2012
From: nginx-forum at nginx.us (DeineAgentur)
Date: Sun, 15 Jul 2012 17:29:05 -0400 (EDT)
Subject: MP4 - start time is out mp4 stts samples
In-Reply-To: <ab84236712528666c35acdbcdf3b1ce7.NginxMailingListEnglish@forum.nginx.org>
References: <ab84236712528666c35acdbcdf3b1ce7.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <78e2f30bafbb33551618f386be1c2544.NginxMailingListEnglish@forum.nginx.org>

Some infos of my system:

Source: nginx deb 

Sys OS: UBUNTU 12.04

nginx version: nginx/1.2.1
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-log-path=/var/log/nginx/access.log
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi
--lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid
--with-pcre-jit --with-debug --with-http_addition_module
--with-http_dav_module --with-http_flv_module --with-http_geoip_module
--with-http_gzip_static_module --with-http_image_filter_module
--with-http_mp4_module --with-http_perl_module
--with-http_random_index_module --with-http_realip_module
--with-http_secure_link_module --with-http_stub_status_module
--with-http_ssl_module --with-http_sub_module --with-http_xslt_module
--with-ipv6 --with-sha1=/usr/include/openssl
--with-md5=/usr/include/openssl --with-mail --with-mail_ssl_module
--add-module=/build/buildd/nginx-1.2.1/debian/modules/nginx-auth-pam
--add-module=/build/buildd/nginx-1.2.1/debian/modules/chunkin-nginx-module
--add-module=/build/buildd/nginx-1.2.1/debian/modules/headers-more-nginx-module
--add-module=/build/buildd/nginx-1.2.1/debian/modules/nginx-development-kit
--add-module=/build/buildd/nginx-1.2.1/debian/modules/nginx-echo
--add-module=/build/buildd/nginx-1.2.1/debian/modules/nginx-http-push
--add-module=/build/buildd/nginx-1.2.1/debian/modules/nginx-lua
--add-module=/build/buildd/nginx-1.2.1/debian/modules/nginx-upload-module
--add-module=/build/buildd/nginx-1.2.1/debian/modules/nginx-upload-progress
--add-module=/build/buildd/nginx-1.2.1/debian/modules/nginx-upstream-fair
--add-module=/build/buildd/nginx-1.2.1/debian/modules/nginx-dav-ext-module

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228600,228601#msg-228601


From nginx-forum at nginx.us  Sun Jul 15 21:47:20 2012
From: nginx-forum at nginx.us (DeineAgentur)
Date: Sun, 15 Jul 2012 17:47:20 -0400 (EDT)
Subject: MP4 - start time is out mp4 stts samples
In-Reply-To: <ab84236712528666c35acdbcdf3b1ce7.NginxMailingListEnglish@forum.nginx.org>
References: <ab84236712528666c35acdbcdf3b1ce7.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <0d2d97399dfec9c119ea3fe4c08e50d5.NginxMailingListEnglish@forum.nginx.org>

Sorry the first server was an other... but this is the from
"http://nginx.org/packages/ubuntu/"

Ubuntu DEB
nginx version: nginx/1.2.2
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx/ --sbin-path=/usr/sbin/nginx
--conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error.log
--http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid
--lock-path=/var/run/nginx.lock
--http-client-body-temp-path=/var/cache/nginx/client_temp
--http-proxy-temp-path=/var/cache/nginx/proxy_temp
--http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp
--http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp
--http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx
--group=nginx --with-http_ssl_module --with-http_realip_module
--with-http_addition_module --with-http_sub_module
--with-http_dav_module --with-http_flv_module --with-http_mp4_module
--with-http_gzip_static_module --with-http_random_index_module
--with-http_secure_link_module --with-http_stub_status_module
--with-mail --with-mail_ssl_module --with-file-aio --with-ipv6


same error

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228600,228602#msg-228602


From nginx-forum at nginx.us  Sun Jul 15 21:57:32 2012
From: nginx-forum at nginx.us (dlang)
Date: Sun, 15 Jul 2012 17:57:32 -0400 (EDT)
Subject: Syslog
In-Reply-To: <4F994A1E.7020105@codepedia.eu>
References: <4F994A1E.7020105@codepedia.eu>
Message-ID: <a7ca4616fb2d4afce6a64b96733c1881.NginxMailingListEnglish@forum.nginx.org>

The performance of syslog depends heavily on what implementation you are
using. For example, rsyslog has been measured at 1M logs/sec under ideal
conditions (and I've used it at over 100K logs/sec). rsyslog is now the
default syslog on just about every linux distro. This isn't like the old
sysklogd that was could only process one message at a time and blocked
everything until it finished processing the message (limiting it to a
few hundred logs/sec, even on really good disks)

I can understand why you would not want to make logging to syslog be the
default, but why are you so opposed to having it as an option?

yes, if the syslog daemon dies, things writing to it will block, but if
your partition that you are writing logfiles to fills up you will block
as well. Deciding how to log, and if blocking on another daemon is
acceptable should be up to the system administrator. Sometimes getting a
copy of the logs elsewhere in near real-time is worth reducing the peak
requests/sec that a box can handle

The other approach you could allow someone to submit would be to sent
the logs out in real-time via UDP, this will mean that logs are lost if
the syslog daemon goes down, but nginx won't block

David Lang

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225811,228603#msg-228603


From nginx-forum at nginx.us  Sun Jul 15 23:42:10 2012
From: nginx-forum at nginx.us (IlyaK)
Date: Sun, 15 Jul 2012 19:42:10 -0400 (EDT)
Subject: Using "if -f" to return 503 for maintenace: good or bad?
Message-ID: <442e61fcbaed0ad58ac641489b19698f.NginxMailingListEnglish@forum.nginx.org>

Hello,

Sometimes I need to regenerate my website. I do not want my users to see
semi-generated site. I also do not want google to see 404 errors.

The best solution is to return "503" for while I my system generates new
files. Is not it?

So I want my system to put special "lock" file before generating content
and to remove it after it. 

And I put onto my server config: 

if (-f $document_root/lock ) {
    return 503;
}


Is my solution OK or is it bad? If so, what is the best solution? 
Probably I can configure nginx to establish TCP connection to my system
(permanent connection) and to show 503 in case of connection is
unavailable?
That should be better because we would not need to check filesystem each
time. 

Thanks!

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228604,228604#msg-228604


From nginx-forum at nginx.us  Mon Jul 16 01:24:38 2012
From: nginx-forum at nginx.us (tbt)
Date: Sun, 15 Jul 2012 21:24:38 -0400 (EDT)
Subject: Remove Authentication Dialog in the browser when a particular folder
	is accessed
Message-ID: <a21f955600e901d102e32eceef4c898c.NginxMailingListEnglish@forum.nginx.org>

Hi

I am new to nginx and I want to remove the dialog box that comes up
requesting a username and password when the admin folder is accessed.
eg; http://localhost/admin

The previous developer who handled this left suddenly and left no
documentation. How can I remove this?

Thanks
tbt

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228605,228605#msg-228605


From nginx-forum at nginx.us  Mon Jul 16 05:05:56 2012
From: nginx-forum at nginx.us (tbt)
Date: Mon, 16 Jul 2012 01:05:56 -0400 (EDT)
Subject: Restricting the url length through nginx
Message-ID: <37294b060d959685ec6b96724f9d4858.NginxMailingListEnglish@forum.nginx.org>

Hi,

I am new to nginx and I have been assigned a project where the previous
developer has restricted the url length to a certain size. I want to
increase this length but cannot find the place where it has been done.
Could someone help me out to find where the url length has been set in
nginx and how to increase it.

Thanks
tbt

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228606,228606#msg-228606


From nbubingo at gmail.com  Mon Jul 16 05:45:35 2012
From: nbubingo at gmail.com (=?GB2312?B?0qbOsLHz?=)
Date: Mon, 16 Jul 2012 13:45:35 +0800
Subject: Syslog
In-Reply-To: <a7ca4616fb2d4afce6a64b96733c1881.NginxMailingListEnglish@forum.nginx.org>
References: <4F994A1E.7020105@codepedia.eu>
	<a7ca4616fb2d4afce6a64b96733c1881.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAGxuLK3OuzkVMGpBnDx8YcgrqCCOy-DVC7FSgLqUmJW_8zMmZA@mail.gmail.com>

Maybe you can try the patch from Tengine
(http://tengine.taobao.org/document/http_log.html). We implement the
syslog protocol which indeed use the UDP socket. It will not block
Nginx any more.

2012/7/16 dlang <nginx-forum at nginx.us>:
> The performance of syslog depends heavily on what implementation you are
> using. For example, rsyslog has been measured at 1M logs/sec under ideal
> conditions (and I've used it at over 100K logs/sec). rsyslog is now the
> default syslog on just about every linux distro. This isn't like the old
> sysklogd that was could only process one message at a time and blocked
> everything until it finished processing the message (limiting it to a
> few hundred logs/sec, even on really good disks)
>
> I can understand why you would not want to make logging to syslog be the
> default, but why are you so opposed to having it as an option?
>
> yes, if the syslog daemon dies, things writing to it will block, but if
> your partition that you are writing logfiles to fills up you will block
> as well. Deciding how to log, and if blocking on another daemon is
> acceptable should be up to the system administrator. Sometimes getting a
> copy of the logs elsewhere in near real-time is worth reducing the peak
> requests/sec that a box can handle
>
> The other approach you could allow someone to submit would be to sent
> the logs out in real-time via UDP, this will mean that logs are lost if
> the syslog daemon goes down, but nginx won't block
>
> David Lang
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,225811,228603#msg-228603
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From f.bonnet at esiee.fr  Mon Jul 16 06:20:56 2012
From: f.bonnet at esiee.fr (Frank Bonnet)
Date: Mon, 16 Jul 2012 08:20:56 +0200
Subject: openupload anyone ?
Message-ID: <5003B2C8.3050702@esiee.fr>

Hello

Does anyone use ( in production ) openupload with nginx ?
If yes I am interrested by some feedback.

Thank you


From rhowe at moonfruit.com  Mon Jul 16 09:32:30 2012
From: rhowe at moonfruit.com (Russell Howe)
Date: Mon, 16 Jul 2012 10:32:30 +0100
Subject: segfault in nginx 1.2.0 and 1.2.2 when serving 400 error pages
 via a reverse proxied host
In-Reply-To: <20120713213915.GO31671@mdounin.ru>
References: <4FFEFFCB.5010309@moonfruit.com>
 <20120713213915.GO31671@mdounin.ru>
Message-ID: <5003DFAE.9060803@moonfruit.com>

On 13/07/12 22:39, Maxim Dounin wrote:
> Hello!
> 
>> whereby we had a config snippet which looked like:
>>
>> 	error_page 400 @fallback
> 
> Don't do that? (c)

Yeah, we stopped doing that pretty quickly once we realised the trouble it was causing.

> The problem with 400 errors is more or less trivial and the above 
> link explains it in details.  There is no need to debug anything 
> here, it's mostly about writing code to handle it.  (Or probably 
> about writing code to make the above config invalid and/or provide 
> a warning.)

Yes, any of these options sounds good to me.

> Note well that handling of 400 errors isn't really good idea even 
> with normal uri of an error page, not only with named locations.  
> As 400 (Bad request) means bad request and you can't really trust 
> anything got from a client.  Unless you really understand what are 
> you doing and possible implications it's much better idea to let 
> nginx return builtin error page.

Agreed, although it was a little surprising that nginx was segfaulting as a result
of poor configuration choices.

I'm surprised that nginx even allows 400's to be proxied to be honest - I can't
really think of a situation where you'd want to do that, unless you were relying
on the content of the 400 response for your application.

I'll try building without optimisation and see if I can trace the source of the
segfault anyway, if only to satisfy my own curiosity.

-- 
Russell Howe
rhowe at moonfruit.com


From contact at jpluscplusm.com  Mon Jul 16 10:59:58 2012
From: contact at jpluscplusm.com (Jonathan Matthews)
Date: Mon, 16 Jul 2012 11:59:58 +0100
Subject: Restricting the url length through nginx
In-Reply-To: <37294b060d959685ec6b96724f9d4858.NginxMailingListEnglish@forum.nginx.org>
References: <37294b060d959685ec6b96724f9d4858.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAKsTx7BGTrW-ZoxvepJOCGkG-Oas-v-6AFu=KBJ-hWqdQ-o_xw@mail.gmail.com>

On 16 July 2012 06:05, tbt <nginx-forum at nginx.us> wrote:
> I am new to nginx and I have been assigned a project where the previous
> developer has restricted the url length to a certain size. I want to
> increase this length but cannot find the place where it has been done.
> Could someone help me out to find where the url length has been set in
> nginx and how to increase it.

You'll need to provide more information. Such as your nginx config.

Jonathan
-- 
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html


From dewanggaba at gmail.com  Mon Jul 16 16:25:54 2012
From: dewanggaba at gmail.com (antituhan)
Date: Mon, 16 Jul 2012 09:25:54 -0700 (PDT)
Subject: Help with wrong directive
Message-ID: <1342455954086-7580849.post@n2.nabble.com>

Hello guys, I've got a problem with location directive. I set up a website
tracker using awstats, but the icon is not loaded. For example, the image
URL are like this http://www.domain.com/awstatsicon/other/vu.jpg



Anyone help please? :)

-----
[daemon at antituhan.com ~]# 
--
View this message in context: http://nginx.2469901.n2.nabble.com/Help-with-wrong-directive-tp7580849.html
Sent from the nginx mailing list archive at Nabble.com.


From nginx-forum at nginx.us  Tue Jul 17 03:42:57 2012
From: nginx-forum at nginx.us (justin)
Date: Mon, 16 Jul 2012 23:42:57 -0400 (EDT)
Subject: Need To Run Multiple Location Blocks
Message-ID: <5ae8e2aa793cd9f0ab7ede7f5813033d.NginxMailingListEnglish@forum.nginx.org>

I have the following location blocks:

  location ^~ /publish {
      allow 127.0.0.1;

      #Allow home
      allow 99.100.101.102;

      deny all;
    }

Then the following location block to process PHP after:

    location ~\.php {
      try_files $uri =404;
      fastcgi_index index.php;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      fastcgi_intercept_errors on;
      fastcgi_pass 127.0.0.1:9000;
      include /etc/nginx/fastcgi_params;
    }

The problem is that a request to /publish/execute.php is only hitting
the first location block, and not hitting the fastcgi PHP execution
location block. How can I make the publish location block also check for
PHP files and if so, execute them according to the second location
block?

Thanks.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228624,228624#msg-228624


From sb at waeme.net  Tue Jul 17 03:48:31 2012
From: sb at waeme.net (Sergey Budnevitch)
Date: Tue, 17 Jul 2012 07:48:31 +0400
Subject: nginx caching in milliseconds
In-Reply-To: <5000F1E7.90904@syspark.com>
References: <5000F1E7.90904@syspark.com>
Message-ID: <0CA9A036-F1EC-4B9E-88FB-4FD72E3B4DAE@waeme.net>


On 14.07.2012, at 8:13, Jean-Christophe Petit wrote:

> Hello,
> 
> would it be possible to cache with nginx below 1 second ? I mean in the hundreds of milliseconds ?
> For example:
> proxy_cache_valid 200 301 302 500ms;

No, it seems it makes no sense in proxy_cache_valid case, also msec granularity limits 
max time to ~ 24.8 days which may be small for proxy_cache_valid


From edho at myconan.net  Tue Jul 17 08:29:46 2012
From: edho at myconan.net (Edho Arief)
Date: Tue, 17 Jul 2012 15:29:46 +0700
Subject: Need To Run Multiple Location Blocks
In-Reply-To: <5ae8e2aa793cd9f0ab7ede7f5813033d.NginxMailingListEnglish@forum.nginx.org>
References: <5ae8e2aa793cd9f0ab7ede7f5813033d.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAAtReCmUXHigOn9tctzT86AnQevVQc8489McFy=ytTD5wNKqzw@mail.gmail.com>

On Tue, Jul 17, 2012 at 10:42 AM, justin <nginx-forum at nginx.us> wrote:
> I have the following location blocks:
>
>   location ^~ /publish {
>       allow 127.0.0.1;
>
>       #Allow home
>       allow 99.100.101.102;
>
>       deny all;
>     }
>
> Then the following location block to process PHP after:
>
>     location ~\.php {
>       try_files $uri =404;
>       fastcgi_index index.php;
>       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
>       fastcgi_intercept_errors on;
>       fastcgi_pass 127.0.0.1:9000;
>       include /etc/nginx/fastcgi_params;
>     }
>
> The problem is that a request to /publish/execute.php is only hitting
> the first location block, and not hitting the fastcgi PHP execution
> location block. How can I make the publish location block also check for
> PHP files and if so, execute them according to the second location
> block?
>

Put another \.php$ block inside the /publish block.

location ^~ /publish/ {
  ...
  location ~ \.php$ {
    ...
  }
}


From dewanggaba at gmail.com  Tue Jul 17 10:53:40 2012
From: dewanggaba at gmail.com (antituhan)
Date: Tue, 17 Jul 2012 03:53:40 -0700 (PDT)
Subject: Help with wrong directive
In-Reply-To: <1342455954086-7580849.post@n2.nabble.com>
References: <1342455954086-7580849.post@n2.nabble.com>
Message-ID: <1342522420303-7580855.post@n2.nabble.com>

I've change the directive like that, but nothing changes. :( The images with
the URL http://domain.com/awstatsicons/other/vu.png is not loaded. 



-----
[daemon at antituhan.com ~]# 
--
View this message in context: http://nginx.2469901.n2.nabble.com/Help-with-wrong-directive-tp7580849p7580855.html
Sent from the nginx mailing list archive at Nabble.com.


From nginx-forum at nginx.us  Tue Jul 17 13:26:12 2012
From: nginx-forum at nginx.us (karolis)
Date: Tue, 17 Jul 2012 09:26:12 -0400 (EDT)
Subject: problem with http headers when using ssl
Message-ID: <57463b400bff066e28b343df02126a98.NginxMailingListEnglish@forum.nginx.org>

Hi everyone,

when i'm proxying to tomcat server everything is fine, proxy_pass works.
>From there i connect to some payment site, but if i decide to go back,
it brings me to to site:

https://www80/actionVaiisisPayment.action

but it should be ip adress not upstream name:

https://10.255.7.120:8080/actionVaiisisPayment.action


Here's part of my nginx.conf file:


http {
upstream www80  {
  server 10.255.7.120:8080;
}
upstream www443  {
  server 10.255.7.120:443;
}

server {
      #server_name alis.am.lt;
      #server_name_in_redirect off;
      listen 443;
      ssl on;
      ssl_certificate      /home/dts/certificates/alis.am.lt.pem;
      ssl_certificate_key 
/home/dts/certificates/alis.am.lt_privateKeyNoPass.key;
      ssl_ciphers          HIGH:!aNULL:!MD5:!kEDH;
      keepalive_timeout    70;

      location / {
        proxy_pass                   http://www80;
        proxy_redirect              default;
        proxy_set_header        X-Forwarded-Host        $host;
        proxy_set_header        X-Forwarded-Server      $host;
        proxy_set_header        X-Forwarded-For        
$proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Ssl         on;
        proxy_set_header        X-Forwarded-Proto       https;
      }


Can anyone help me, please? Thanks in advance.

Regards,
Karolis

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228638,228638#msg-228638


From r at roze.lv  Tue Jul 17 13:45:20 2012
From: r at roze.lv (Reinis Rozitis)
Date: Tue, 17 Jul 2012 16:45:20 +0300
Subject: problem with http headers when using ssl
In-Reply-To: <57463b400bff066e28b343df02126a98.NginxMailingListEnglish@forum.nginx.org>
References: <57463b400bff066e28b343df02126a98.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <26A9CC57167D4D8AB45F69D7135FFE80@NeiRoze>

> when i'm proxying to tomcat server everything is fine, proxy_pass works.
>From there i connect to some payment site, but if i decide to go back,
> it brings me to to site:
> https://www80/actionVaiisisPayment.action
> but it should be ip adress not upstream name:
> https://10.255.7.120:8080/actionVaiisisPayment.action


The www80 probably comes from the upstream application (which makes a 
redirect) since you don't pass the real Host: header back to upstream and 
nginx uses the 'www80' upstream name when connecting to the backend.

You can either try to pass the actuall Host: header back to upstream - add:

proxy_set_header        Host        $host;


Or you can change the redirects with proxy_redirect ( 
http://wiki.nginx.org/NginxHttpProxyModule#proxy_redirect )


rr 


From i.hailperin at heinlein-support.de  Tue Jul 17 14:05:17 2012
From: i.hailperin at heinlein-support.de (Isaac Hailperin)
Date: Tue, 17 Jul 2012 16:05:17 +0200
Subject: reverse proxy an apache who forces ssl
Message-ID: <5005711D.8040503@heinlein-support.de>

Hi,

I am trying to proxy an apache, who forces ssl, see my vhost config:

RewriteEngine On
          RewriteRule /(.*)$ https://www.acme.eu/$1 [R=301,L]

The nginx config for port 443 looks like this:

[...]
         location  ~* \.(jpg|gif|png|css|js) {
                 try_files $uri @proxy;
         }
         location @proxy {
                 proxy_pass http://www.acme.eu;
         }
         location / {
                 proxy_pass http://www.acme.eu;
         }

This obviously gives me a rewrite loop, since apache forces https, and 
nginx keeps trying http.
When I change http to https in the location blocks, I get a 502 bad 
gateway error, and the nginx log tells me

012/07/17 15:42:30 [error] 3671#0: *21 SSL_do_handshake() failed (SSL: 
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) 
while SSL handshaking to upstream, client: 8.1.87.11, server: 
www.acme.eu, request: "GET / HTTP/1.1", upstream: 
"https://10.11.12.13:443/", host: "www.acme.eu"

My interpretation is that nginx does not know how to handle the upstream 
ssl connection. Is that correct?
How can I configure nginx to do that? Is that possible at all?

Not sure if its of interest, but: nginx has the ssl certs for 
www.acme.eu configured correctly, but thats for the side where nginx is 
the server to the client.
Of course, an option would be to drop the https forcing in the apache, 
and put the forcing in nginx, but currently that is not an option, as we 
are in a testing phase, where the proxied and unproxied versions of the 
site must be available.

Isaac


From nginx-forum at nginx.us  Tue Jul 17 14:09:17 2012
From: nginx-forum at nginx.us (karolis)
Date: Tue, 17 Jul 2012 10:09:17 -0400 (EDT)
Subject: problem with http headers when using ssl
In-Reply-To: <57463b400bff066e28b343df02126a98.NginxMailingListEnglish@forum.nginx.org>
References: <57463b400bff066e28b343df02126a98.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <ebc237c6406bdb8eac7877f2836b7244.NginxMailingListEnglish@forum.nginx.org>

Actually when i insert into my configuration this line
proxy_set_header Host $host;
i can't access site at all. I tried every configuration with
proxy_redirect, still no results.. :(
Any more suggestions?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228638,228643#msg-228643


From r at roze.lv  Tue Jul 17 14:17:09 2012
From: r at roze.lv (Reinis Rozitis)
Date: Tue, 17 Jul 2012 17:17:09 +0300
Subject: reverse proxy an apache who forces ssl
In-Reply-To: <5005711D.8040503@heinlein-support.de>
References: <5005711D.8040503@heinlein-support.de>
Message-ID: <1DCB5F2F11DB425EA8D33F14A1921F94@NeiRoze>

You can use 'https' in proxy pass eg:

location @proxy {
        proxy_pass https://www.acme.eu;
}


If you define your backends via upstream {}  add also :443 port there.


It is kinda overhead to talk to backends via SSL but it's possible.

rr


From mdounin at mdounin.ru  Tue Jul 17 16:09:16 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 17 Jul 2012 20:09:16 +0400
Subject: MP4 - start time is out mp4 stts samples
In-Reply-To: <ab84236712528666c35acdbcdf3b1ce7.NginxMailingListEnglish@forum.nginx.org>
References: <ab84236712528666c35acdbcdf3b1ce7.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120717160916.GT31671@mdounin.ru>

Hello!

On Sun, Jul 15, 2012 at 05:25:56PM -0400, DeineAgentur wrote:

> Hello,
> 
> i get the following errors:

[... unrelated messages skipped ...]

> 2012/07/15 22:58:44 [error] 30717#0: *2 start time is out mp4 stts
> samples in "/var/www/virtual/xxx.com/files/mp4/mp4/vs-xxx.720p.mp4",
> client: 127.0.0.158, server: xxx.com, request: "GET
> /mp4/mp4/vs-xxx.720p.mp4?start=2934.89 HTTP/1.1", host: "xxx.com",
> referrer: "http://xxx.com/stream/player.swf"

[...]

> 2012/07/15 23:09:03 [error] 31454#0: *2 start time is out mp4 stts
> samples in "/var/www/virtual/xxx.com/files/mp4/mp4/vs-xxx.720p.mp4",
> client: 127.0.0.158, server: xxx.com, request: "GET
> /mp4/mp4/vs-xxx.720p.mp4?start=1667.46 HTTP/1.1", host: "xxx.com",
> referrer: "http://xxx.com/stream/player.swf"
>
> The file is 5.3 GB large. 
> 
> smaller files that i tried working.

Messages suggest the file is shorter than 1667.46 seconds.  
Given the fact it's 5.3 GB large - the file is either corrupted or 
there is something in it which confuses nginx.  Could you please 
provide debug log and the file for investigation?

Maxim Dounin


From mdounin at mdounin.ru  Tue Jul 17 16:30:23 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 17 Jul 2012 20:30:23 +0400
Subject: Remove Authentication Dialog in the browser when a particular
 folder is accessed
In-Reply-To: <a21f955600e901d102e32eceef4c898c.NginxMailingListEnglish@forum.nginx.org>
References: <a21f955600e901d102e32eceef4c898c.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120717163022.GV31671@mdounin.ru>

Hello!

On Sun, Jul 15, 2012 at 09:24:38PM -0400, tbt wrote:

> Hi
> 
> I am new to nginx and I want to remove the dialog box that comes up
> requesting a username and password when the admin folder is accessed.
> eg; http://localhost/admin
> 
> The previous developer who handled this left suddenly and left no
> documentation. How can I remove this?

You have to remove or comment out auth_basic directive from your 
config.  See here for details:

http://nginx.org/r/auth_basic

Maxim Dounin


From i.hailperin at heinlein-support.de  Tue Jul 17 16:45:36 2012
From: i.hailperin at heinlein-support.de (Isaac Hailperin)
Date: Tue, 17 Jul 2012 18:45:36 +0200
Subject: reverse proxy an apache who forces ssl
In-Reply-To: <1DCB5F2F11DB425EA8D33F14A1921F94@NeiRoze>
References: <5005711D.8040503@heinlein-support.de>
 <1DCB5F2F11DB425EA8D33F14A1921F94@NeiRoze>
Message-ID: <500596B0.1060007@heinlein-support.de>



On 07/17/2012 04:17 PM, Reinis Rozitis wrote:
> You can use 'https' in proxy pass eg:
>
> location @proxy {
>         proxy_pass https://www.acme.eu;
> }
>
>
> If you define your backends via upstream {}  add also :443 port there.
I defined my upstream like this:
upstream backend-secure {
   server 10.10.2.1:443 max_fails=20;
   server 10.10.2.1:443 max_fails=20;
}
and my proxy pass
         location  ~* \.(jpg|gif|png|css|js) {
                 try_files $uri @proxy;
         }
         location @proxy {
                 proxy_pass https://backend-secure;
         }
         location / {
                 proxy_pass https://backend-secure;
         }

but I keep getting the 502 Bad Gateway error, and

2012/07/17 18:40:05 [error] 5043#0: *1 SSL_do_handshake() failed (SSL: 
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol) 
while SSL handshaking to upstream, client: 8.12.87.11, server: 
www.acme.eu, request: "GET / HTTP/1.1", upstream: 
"https://10.10.2.1:443/", host: "www.acme.eu"

in my log. What am I doing wrong?

> It is kinda overhead to talk to backends via SSL
I know, I won't use it in production, but at the moment I need this.

Isaac


From nginx-forum at nginx.us  Tue Jul 17 17:21:38 2012
From: nginx-forum at nginx.us (DeineAgentur)
Date: Tue, 17 Jul 2012 13:21:38 -0400 (EDT)
Subject: MP4 - start time is out mp4 stts samples
In-Reply-To: <20120717160916.GT31671@mdounin.ru>
References: <20120717160916.GT31671@mdounin.ru>
Message-ID: <b124b69eb9661410e2ef0cbeda823187.NginxMailingListEnglish@forum.nginx.org>

Hi Maxim,

here the debug.log

https://www.dropbox.com/s/8xwyxw8l0r0a2am/debug_localhost.rar

Maxim, if you send me an eMail, i will give you a link to the video.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228600,228651#msg-228651


From nginx-forum at nginx.us  Tue Jul 17 17:28:22 2012
From: nginx-forum at nginx.us (migue76)
Date: Tue, 17 Jul 2012 13:28:22 -0400 (EDT)
Subject: Weird apache status values with nginx
Message-ID: <dbdb600cf9008ed6a9196dd81a2341c9.NginxMailingListEnglish@forum.nginx.org>

Hello.

Since I have installed nginx on our dedicated server I'm having some odd
issue. The "cpu usage" and "requests currently being processed" are not
correct on apache-status

A couple of image to see ir clearly. Images from same server at same
time, same accounts and similar traffic:

http://i46.tinypic.com/nbte09.jpg <--- good

http://i46.tinypic.com/1jsot5.png <--- bad

Please, look at "cpu usage": u601?? s261?? cu4368?? However, cpu load is
correct

Look at "requests currently being processed": 4 request only? More than
300 websites at high traffic time and only 4 request? How is it
possible?

Finally, look at cpu load for each vhost (below): 174, 175, 170, etc...


Global cpu load and performance on server is nice. No problem but that
values prevents me know true values.

Any suggestion? Ideas?

Thank you!

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228652,228652#msg-228652


From r at roze.lv  Tue Jul 17 17:29:39 2012
From: r at roze.lv (Reinis Rozitis)
Date: Tue, 17 Jul 2012 20:29:39 +0300
Subject: reverse proxy an apache who forces ssl
In-Reply-To: <500596B0.1060007@heinlein-support.de>
References: <5005711D.8040503@heinlein-support.de>
 <1DCB5F2F11DB425EA8D33F14A1921F94@NeiRoze>
 <500596B0.1060007@heinlein-support.de>
Message-ID: <B770D04138A1478F9D46EC6585B8B201@NeiRoze>

> 2012/07/17 18:40:05 [error] 5043#0: *1 SSL_do_handshake() failed (SSL:
error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol)
while SSL handshaking to upstream, client: 8.12.87.11, server:
www.acme.eu, request: "GET / HTTP/1.1", upstream:
"https://10.10.2.1:443/", host: "www.acme.eu"

> in my log. What am I doing wrong?

The error is kinda saying that the upstream is not talking SSL (or vice 
versa if I'm wrong).


Can you show what does this return ( change the 10.10.2.1 to your backend 
apache ip/host if its not the real one from the error message):

openssl s_client -connect 10.10.2.1:443


It will either return the SSL cert information (then the backend is fine and 
the problem is on nginx side) or the same error.

rr 


From nginx-forum at nginx.us  Tue Jul 17 17:30:06 2012
From: nginx-forum at nginx.us (saucepan)
Date: Tue, 17 Jul 2012 13:30:06 -0400 (EDT)
Subject: reverse proxy an apache who forces ssl
In-Reply-To: <500596B0.1060007@heinlein-support.de>
References: <500596B0.1060007@heinlein-support.de>
Message-ID: <43febb538634cb3ed9d6178883f65bef.NginxMailingListEnglish@forum.nginx.org>

hi all ,
 I'm getting the same , my upstream https servers requires client
authenication (ie authenicate who nginx is!!)  but this fails, yet when
i verfied the same using wget alls okay ...... btw i using self sign
certs for now

I get the a 502 bad gateway  too ..... does nginx support this
configuration or have i messed up my ssl configuration 

thanks
 saucepan

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228642,228654#msg-228654


From nginx-forum at nginx.us  Tue Jul 17 18:26:50 2012
From: nginx-forum at nginx.us (beadon1)
Date: Tue, 17 Jul 2012 14:26:50 -0400 (EDT)
Subject: LZ4 + nginx
In-Reply-To: <CAG_yTXwdV01P1LQaAN2yR1uCxfwyUFGAMKvo-U5CZP7-aotOsw@mail.gmail.com>
References: <CAG_yTXwdV01P1LQaAN2yR1uCxfwyUFGAMKvo-U5CZP7-aotOsw@mail.gmail.com>
Message-ID: <3edb5db36c3c61e8a6d2a0e9b4b4f115.NginxMailingListEnglish@forum.nginx.org>

read a lz4 file or stream -> serve to browser

Can I also request LZ4 compression be a supported feature for direct
delivery to a browser ?  As a provider this means less overhead of a
compressed stream on each connection, meaning that there's less of a
bandwidth vs. CPU tradeoff.

I've begun requesting different browsers support this natively as well.

The real question I suppose is:  How did gzip come to be used ? With the
performance differences in speed and compression I envision a shift to
LZ4.

Thoughts ?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,222697,228656#msg-228656


From nginx-forum at nginx.us  Tue Jul 17 22:31:22 2012
From: nginx-forum at nginx.us (justin)
Date: Tue, 17 Jul 2012 18:31:22 -0400 (EDT)
Subject: Need To Run Multiple Location Blocks
In-Reply-To: <CAAtReCmUXHigOn9tctzT86AnQevVQc8489McFy=ytTD5wNKqzw@mail.gmail.com>
References: <CAAtReCmUXHigOn9tctzT86AnQevVQc8489McFy=ytTD5wNKqzw@mail.gmail.com>
Message-ID: <765d984369f80e25e16020d6626f545f.NginxMailingListEnglish@forum.nginx.org>

Edho,

Thanks for the reply. This is a bit sloppy though because let us assume
I have multiple publish location blocks. Copy and pasting the PHP
location block multiple times is bad practice, because if I need to make
changes, I have to update the PHP block multiple times. Is there a way
to make the PHP location block a variable and use it in multiple
locations?

Thanks much.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228624,228658#msg-228658


From nginx-forum at nginx.us  Tue Jul 17 23:12:05 2012
From: nginx-forum at nginx.us (justin)
Date: Tue, 17 Jul 2012 19:12:05 -0400 (EDT)
Subject: Need To Run Multiple Location Blocks
In-Reply-To: <5ae8e2aa793cd9f0ab7ede7f5813033d.NginxMailingListEnglish@forum.nginx.org>
References: <5ae8e2aa793cd9f0ab7ede7f5813033d.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <7affe212a9504d3912d7e36fdfc92069.NginxMailingListEnglish@forum.nginx.org>

So I pulled the PHP location block out, and put it in its own file
called php.conf. Then I simply did:

include /etc/nginx/php.conf

In each location block that needs to execute PHP. This seems to have
worked quite nicely. However, is there a better way of doing this?

Thanks.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228624,228659#msg-228659


From edho at myconan.net  Wed Jul 18 01:44:44 2012
From: edho at myconan.net (Edho Arief)
Date: Wed, 18 Jul 2012 08:44:44 +0700
Subject: Need To Run Multiple Location Blocks
In-Reply-To: <7affe212a9504d3912d7e36fdfc92069.NginxMailingListEnglish@forum.nginx.org>
References: <5ae8e2aa793cd9f0ab7ede7f5813033d.NginxMailingListEnglish@forum.nginx.org>
 <7affe212a9504d3912d7e36fdfc92069.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAAtReC=didd=m=JxaGGfOtB_or4p6cCwJ50hP4J6TzYS4hOyLw@mail.gmail.com>

On Jul 18, 2012 6:12 AM, "justin" <nginx-forum at nginx.us> wrote:
>
> So I pulled the PHP location block out, and put it in its own file
> called php.conf. Then I simply did:
>
> include /etc/nginx/php.conf
>
> In each location block that needs to execute PHP. This seems to have
> worked quite nicely. However, is there a better way of doing this?
>

AFAIK, that's the best way.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120718/7b1c3925/attachment.html>

From semenko at alum.mit.edu  Wed Jul 18 04:24:17 2012
From: semenko at alum.mit.edu (Nick Semenkovich)
Date: Tue, 17 Jul 2012 23:24:17 -0500
Subject: add_headers on text/html only?
Message-ID: <CAFepXZi8Dh20GfPx8fcv7Rn4+ej_wDEDgCu5Q4+MxRj_Vt9+AA@mail.gmail.com>

I'm trying to add three headers for security to all text/html content:

add_header X-Content-Type-Options 'nosniff';
add_header X-Frame-Options 'DENY';
add_header X-XSS-Protection '1; mode=block';

I'd like to add these to a number of different sites & virtual hosts in nginx.

Q: Is there an easy way to add this to multiple different hosts
without updating every server{} block?

Can I put this into an http{} section in some way (but still limit it
to text/html)?


Best,
Nick
-- 
Nick Semenkovich


From meteor8488 at 163.com  Wed Jul 18 06:20:09 2012
From: meteor8488 at 163.com (fhal)
Date: Wed, 18 Jul 2012 14:20:09 +0800 (CST)
Subject: help about limit_req
Message-ID: <52007f4d.19fab.13898be5eae.Coremail.meteor8488@163.com>

Hi All,
In the pass several days my server was under attack.
Someone are using WebBench to test my website, and it takes up all my server CPU resources.
So I'm wondering to use  limit_req to limit the request frequency.

I have 3 important php files -- portal.php forum.php home.php, they are in the root directory of my website, the URL like below:
    http://www.xxx.com/forum.php
    http://www.xxx.com/forum.php?******

And I also created below rules for URL rewrite in NGINX:
            rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
            rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
            rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
            rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
            rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
 
For now, the problem for me is, if I put below codes in NGINX, then my php file will stop execute.

    location ~*^/(home|forum|portal).php$ {
              limit_conn   addr  3;
                limit_req zone=refresh burst=3 nodelay;
                    }

 And if I put the limit (     limit_req zone=refresh burst=3 nodelay;) into below sections. It works, but user reports that sometimes they can't view the images.

 location ~ \.php$ {
            fastcgi_pass   unix:/tmp/nginx.socket;
            fastcgi_index  index.php;
            fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
            include        fastcgi_params;
        }
    
    
    Anyone can help me about this issue? I just want to set a limit for some specific php files?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120718/ac90cb7f/attachment.html>

From i.hailperin at heinlein-support.de  Wed Jul 18 07:35:59 2012
From: i.hailperin at heinlein-support.de (Isaac Hailperin)
Date: Wed, 18 Jul 2012 09:35:59 +0200
Subject: reverse proxy an apache who forces ssl
In-Reply-To: <B770D04138A1478F9D46EC6585B8B201@NeiRoze>
References: <5005711D.8040503@heinlein-support.de>
 <1DCB5F2F11DB425EA8D33F14A1921F94@NeiRoze>
 <500596B0.1060007@heinlein-support.de>
 <B770D04138A1478F9D46EC6585B8B201@NeiRoze>
Message-ID: <5006675F.6070703@heinlein-support.de>



On 07/17/2012 07:29 PM, Reinis Rozitis wrote:
>> 2012/07/17 18:40:05 [error] 5043#0: *1 SSL_do_handshake() failed (SSL:
> error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol)
> while SSL handshaking to upstream, client: 8.12.87.11, server:
> www.acme.eu, request: "GET / HTTP/1.1", upstream:
> "https://10.10.2.1:443/", host: "www.acme.eu"
>
>> in my log. What am I doing wrong?
>
> The error is kinda saying that the upstream is not talking SSL (or vice
> versa if I'm wrong).
>
>
> Can you show what does this return ( change the 10.10.2.1 to your
> backend apache ip/host if its not the real one from the error message):
>
> openssl s_client -connect 10.10.2.1:443
Its the same error as with nginx:
~# openssl s_client -connect 10.10.2.1:443
CONNECTED(00000003)
7571:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown 
protocol:s23_clnt.c:607:


> It will either return the SSL cert information (then the backend is fine
> and the problem is on nginx side) or the same error.
This would imply that the problem is on the backend (the apache) side.
But: I can connect to the backend directly (not via nginx) using https 
without any problem. So I am not sure about this conclusion.
Hm, it might still be a problem with the backend, but its not that ssl 
is not working in general on the backend.

Any hints are appreciated :)

Isaac


From nginx-forum at nginx.us  Wed Jul 18 09:40:31 2012
From: nginx-forum at nginx.us (saucepan)
Date: Wed, 18 Jul 2012 05:40:31 -0400 (EDT)
Subject: reverse proxy an apache who forces ssl
In-Reply-To: <5006675F.6070703@heinlein-support.de>
References: <5006675F.6070703@heinlein-support.de>
Message-ID: <ec68428018fff2f956c265563934d308.NginxMailingListEnglish@forum.nginx.org>

Hi all, here some further info on the issue, from my investigation into
2-way ssl support to upstream servers , i gathered the following ssl out
form my upstream server . You can see the problem occurs after the
server handshake the certificate chain is not found for nginx
*** Certificate chain
***

and for wget its this:

*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=blahblahblah, OU=Eng, O=saucepan, L=Dublin, ST=Dublin,
C=IE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5
...
....


Here the full output if your really interested


heres the the nginx -> upstream server:
***
*** Diffie-Hellman ServerKeyExchange
DH Modulus:  { 233, 230, 66, 89, 157, 53, 95, 55, 201, 127, 253, 53,
103, 18, 11, 142, 37, 201, 205, 67, 233, 39, 179, 169, 103, 15, 190,
197, 216, 144, 20, 25, 34, 210, 195, 179, 173, 36, 128, 9, 55, 153, 134,
157, 30, 132, 106, 171, 73, 250, 176, 173, 38, 210, 206, 106, 34, 33,
157, 71, 11, 206, 125, 119, 125, 74, 33, 251, 233, 194, 112, 181, 127,
96, 112, 2, 243, 206, 248, 57, 54, 148, 207, 69, 238, 54, 136, 193, 26,
140, 86, 171, 18, 122, 61, 175 }
DH Base:  { 48, 71, 10, 213, 160, 5, 251, 20, 206, 45, 157, 205, 135,
227, 139, 199, 209, 177, 197, 250, 203, 174, 203, 233, 95, 25, 10, 167,
163, 29, 35, 196, 219, 188, 190, 6, 23, 69, 68, 64, 26, 91, 44, 2, 9,
101, 216, 194, 189, 33, 113, 211, 102, 132, 69, 119, 31, 116, 186, 8,
77, 32, 41, 216, 60, 28, 21, 133, 71, 243, 169, 241, 162, 113, 91, 226,
61, 81, 174, 77, 62, 90, 31, 106, 112, 100, 243, 22, 147, 58, 52, 109,
63, 82, 146, 82 }
Server DH Public Key:  { 192, 133, 229, 57, 195, 243, 75, 86, 165, 34,
255, 75, 168, 125, 4, 223, 163, 159, 72, 6, 224, 226, 64, 12, 249, 195,
253, 39, 103, 164, 9, 200, 183, 199, 121, 52, 79, 122, 190, 88, 32, 5,
95, 70, 16, 151, 58, 64, 174, 208, 177, 123, 213, 92, 45, 234, 189, 61,
124, 82, 253, 91, 100, 247, 214, 162, 95, 161, 65, 53, 167, 151, 18, 7,
177, 98, 155, 97, 150, 26, 77, 37, 243, 165, 134, 150, 135, 6, 105, 76,
47, 104, 184, 128, 224, 225 }
Signed with a DSA or RSA public key
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<CN=blahblahblah, OU=Eng, O=saucepan, L=Dublin, ST=Dublin, C=IE>
*** ServerHelloDone
qtp1771121238-29, WRITE: TLSv1 Handshake, length = 1460
qtp1771121238-27, READ: TLSv1 Handshake, length = 7
*** Certificate chain
***
qtp1771121238-27, fatal error: 42: null cert chain
javax.net.ssl.SSLHandshakeException: null cert chain
qtp1771121238-27, SEND TLSv1 ALERT:  fatal, description =
bad_certificate
qtp1771121238-27, WRITE: TLSv1 Alert, length = 2
qtp1771121238-27, fatal: engine already closed.  Rethrowing
javax.net.ssl.SSLHandshakeException: null cert chain
qtp1771121238-27, called closeOutbound()
qtp1771121238-27, closeOutboundInternal()


Now here the output of the server with wget .... lots of 64 bit encoding
that can be ingored... just left it in so peeps can see

***
*** Diffie-Hellman ServerKeyExchange
DH Modulus:  { 233, 230, 66, 89, 157, 53, 95, 55, 201, 127, 253, 53,
103, 18, 11, 142, 37, 201, 205, 67, 233, 39, 179, 169, 103, 15, 190,
197, 216, 144, 20, 25, 34, 210, 195, 179, 173, 36, 128, 9, 55, 153, 134,
157, 30, 132, 106, 171, 73, 250, 176, 173, 38, 210, 206, 106, 34, 33,
157, 71, 11, 206, 125, 119, 125, 74, 33, 251, 233, 194, 112, 181, 127,
96, 112, 2, 243, 206, 248, 57, 54, 148, 207, 69, 238, 54, 136, 193, 26,
140, 86, 171, 18, 122, 61, 175 }
DH Base:  { 48, 71, 10, 213, 160, 5, 251, 20, 206, 45, 157, 205, 135,
227, 139, 199, 209, 177, 197, 250, 203, 174, 203, 233, 95, 25, 10, 167,
163, 29, 35, 196, 219, 188, 190, 6, 23, 69, 68, 64, 26, 91, 44, 2, 9,
101, 216, 194, 189, 33, 113, 211, 102, 132, 69, 119, 31, 116, 186, 8,
77, 32, 41, 216, 60, 28, 21, 133, 71, 243, 169, 241, 162, 113, 91, 226,
61, 81, 174, 77, 62, 90, 31, 106, 112, 100, 243, 22, 147, 58, 52, 109,
63, 82, 146, 82 }
Server DH Public Key:  { 102, 235, 160, 161, 240, 122, 53, 136, 76, 193,
131, 131, 190, 93, 10, 140, 187, 203, 66, 141, 87, 65, 192, 213, 28, 61,
192, 175, 244, 8, 195, 84, 143, 84, 82, 15, 251, 235, 25, 168, 121, 27,
95, 64, 38, 254, 2, 153, 147, 111, 33, 74, 29, 40, 176, 27, 11, 60, 61,
102, 91, 42, 156, 69, 245, 73, 18, 173, 24, 64, 32, 14, 216, 56, 95,
177, 244, 158, 253, 188, 22, 181, 148, 134, 142, 89, 87, 99, 236, 117,
93, 115, 3, 223, 188, 156 }
Signed with a DSA or RSA public key
*** CertificateRequest
Cert Types: RSA, DSS
Cert Authorities:
<CN=blahblahblah, OU=Eng, O=saucepan, L=Dublin, ST=Dublin, C=IE>
*** ServerHelloDone
qtp1771121238-30, WRITE: SSLv3 Handshake, length = 1460
qtp1771121238-29, READ: SSLv3 Handshake, length = 798
*** Certificate chain
chain [0] = [
[
  Version: V3
  Subject: CN=blahblahblah, OU=Eng, O=saucepan, L=Dublin, ST=Dublin,
C=IE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus:
127587979862584476706861530103335113586892890796380145018891142016239072352217188124779733934530261425464442718644103381320330433922989773276207747427016139967623107463854944049930411583732215014902035974735609136593060832687281722217241269155671154565182857904746107818762911813662092673804966355501353550911
  public exponent: 65537
  Validity: [From: Tue Jul 17 17:19:00 IST 2012,
               To: Thu Jul 10 17:19:00 IST 2042]
  Issuer: CN=blahblahblah, OU=Eng, O=saucepan, L=Dublin, ST=Dublin,
C=IE
  SerialNumber: [    d11ba577 66877914]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AE 98 C6 7D 02 2D 40 AB   60 BA 46 E0 E0 2F D0 33 
.....- at .`.F../.3
0010: 29 CC 9D 02                                        )...
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: AE 98 C6 7D 02 2D 40 AB   60 BA 46 E0 E0 2F D0 33 
.....- at .`.F../.3
0010: 29 CC 9D 02                                        )...
]

[CN=blahblahblah, OU=Eng, O=saucepan, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [    d11ba577 66877914]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 13 50 00 91 E6 DA 55 B7   C0 F8 C6 A7 77 A4 85 08 
.P....U.....w...
0010: D2 BB DB 32 79 E9 C4 D1   C9 67 7C 16 F4 52 EC EC 
...2y....g...R..
0020: CD B9 EC 79 94 6B 4E 79   5B 2F A0 D8 D2 91 F8 98 
...y.kNy[/......
0030: 6E 19 3D 5C 0F B4 37 FC   8A 03 CC 72 C3 0D 54 97 
n.=\..7....r..T.
0040: B4 9E D7 A8 6C EE 42 CB   B7 12 DF FA AE 50 BB DA 
....l.B......P..
0050: 66 DC 0B 87 AD 88 EE 35   51 45 5E 89 3D 05 03 1E 
f......5QE^.=...
0060: E8 04 75 D2 F5 DF F7 7C   3A C8 77 9B C7 D0 FE 6E 
..u.....:.w....n
0070: 0D 29 FE 4B 84 75 56 21   45 C2 8F 2B 2D A0 90 3F 
.).K.uV!E..+-..?

]
***
Found trusted certificate:
[
[
  Version: V3
  Subject: CN=blahblahblah, OU=Eng, O=saucepan, L=Dublin, ST=Dublin,
C=IE
  Signature Algorithm: SHA1withRSA, OID = 1.2.840.113549.1.1.5

  Key:  Sun RSA public key, 1024 bits
  modulus:
127587979862584476706861530103335113586892890796380145018891142016239072352217188124779733934530261425464442718644103381320330433922989773276207747427016139967623107463854944049930411583732215014902035974735609136593060832687281722217241269155671154565182857904746107818762911813662092673804966355501353550911
  public exponent: 65537
  Validity: [From: Tue Jul 17 17:19:00 IST 2012,
               To: Thu Jul 10 17:19:00 IST 2042]
  Issuer: CN=blahblahblah, OU=Eng, O=saucepan, L=Dublin, ST=Dublin,
C=IE
  SerialNumber: [    d11ba577 66877914]

Certificate Extensions: 3
[1]: ObjectId: 2.5.29.14 Criticality=false
SubjectKeyIdentifier [
KeyIdentifier [
0000: AE 98 C6 7D 02 2D 40 AB   60 BA 46 E0 E0 2F D0 33 
.....- at .`.F../.3
0010: 29 CC 9D 02                                        )...
]
]

[2]: ObjectId: 2.5.29.35 Criticality=false
AuthorityKeyIdentifier [
KeyIdentifier [
0000: AE 98 C6 7D 02 2D 40 AB   60 BA 46 E0 E0 2F D0 33 
.....- at .`.F../.3
0010: 29 CC 9D 02                                        )...
]

[CN=blahblahblah, OU=Eng, O=saucepan, L=Dublin, ST=Dublin, C=IE]
SerialNumber: [    d11ba577 66877914]
]

[3]: ObjectId: 2.5.29.19 Criticality=false
BasicConstraints:[
  CA:true
  PathLen:2147483647
]

]
  Algorithm: [SHA1withRSA]
  Signature:
0000: 13 50 00 91 E6 DA 55 B7   C0 F8 C6 A7 77 A4 85 08 
.P....U.....w...
0010: D2 BB DB 32 79 E9 C4 D1   C9 67 7C 16 F4 52 EC EC 
...2y....g...R..
0020: CD B9 EC 79 94 6B 4E 79   5B 2F A0 D8 D2 91 F8 98 
...y.kNy[/......
0030: 6E 19 3D 5C 0F B4 37 FC   8A 03 CC 72 C3 0D 54 97 
n.=\..7....r..T.
0040: B4 9E D7 A8 6C EE 42 CB   B7 12 DF FA AE 50 BB DA 
....l.B......P..
0050: 66 DC 0B 87 AD 88 EE 35   51 45 5E 89 3D 05 03 1E 
f......5QE^.=...
0060: E8 04 75 D2 F5 DF F7 7C   3A C8 77 9B C7 D0 FE 6E 
..u.....:.w....n
0070: 0D 29 FE 4B 84 75 56 21   45 C2 8F 2B 2D A0 90 3F 
.).K.uV!E..+-..?

]
qtp1771121238-29, READ: SSLv3 Handshake, length = 102
*** ClientKeyExchange, DH
DH Public key:  { 80, 96, 106, 59, 53, 100, 40, 243, 147, 137, 5, 149,
205, 218, 3, 16, 189, 80, 152, 47, 53, 34, 215, 202, 129, 236, 87, 89,
115, 239, 155, 183, 242, 83, 80, 66, 60, 78, 13, 1, 132, 141, 26, 135,
74, 19, 50, 137, 202, 177, 60, 8, 43, 92, 139, 15, 111, 166, 6, 128,
192, 161, 4, 153, 21, 180, 135, 62, 63, 53, 194, 155, 152, 152, 180, 13,
83, 69, 121, 223, 113, 130, 34, 93, 127, 66, 40, 102, 25, 219, 155, 175,
85, 218, 80, 192 }
SESSION KEYGEN:
PreMaster Secret:
0000: CA 5B 14 8F 70 CD 6F 59   99 E3 FD 66 80 F3 2B C1 
.[..p.oY...f..+.
0010: 3A 0A 50 F3 D1 78 1B C9   0C DD 71 4D 9A 06 1C A1 
:.P..x....qM....
0020: 42 8F 19 BB F4 7C CA A9   2C F7 03 13 1F 15 D7 94 
B.......,.......
0030: 6C D3 65 38 FC E9 D1 73   85 AE 2E A1 91 A4 14 9B 
l.e8...s........
0040: 1D AB 2C 92 6C 7C 68 DA   3B 52 66 2C 27 03 59 FA 
..,.l.h.;Rf,'.Y.
0050: 47 DA 5F 9C 24 D9 DF DB   4D E5 C2 0B A4 74 DF 95 
G._.$...M....t..
CONNECTION KEYGEN:
Client Nonce:
0000: 50 05 94 18 D2 E7 F9 72   61 2D CB 12 39 83 68 6D 
P......ra-..9.hm
0010: 7F F7 82 5E E1 6E 42 C1   A7 03 0C 70 34 A5 EC 61 
...^.nB....p4..a
Server Nonce:
0000: 50 05 94 19 FB FC F7 A0   D3 CF BD 05 A1 68 34 C7 
P............h4.
0010: 42 EA 30 D0 29 8B FF 21   90 2A BA FC 4F 27 FB 6A 
B.0.)..!.*..O'.j
Master Secret:
0000: 3A CF 9C E8 39 80 CD 83   07 B9 A7 37 B4 A5 81 A3 
:...9......7....
0010: 6B 14 E5 E1 A2 8A C4 B1   AC 25 C6 11 80 E1 F4 A1 
k........%......
0020: AE D2 A2 B1 B7 15 94 A2   93 6B 57 95 98 F8 A5 D3 
.........kW.....
Client MAC write Secret:
0000: 4F 54 22 42 6B 2F 1F 33   09 EE 51 D6 4E F2 D1 CC 
OT"Bk/.3..Q.N...
0010: DC D8 C8 C7                                        ....
Server MAC write Secret:
0000: 10 0D E5 5D 55 DE 48 67   39 1F B4 E9 16 4A D2 D5 
...]U.Hg9....J..
0010: D3 2C 82 4A                                        .,.J
Client write key:
0000: AA 82 DC 16 D8 B0 7B D6   F6 6E 20 4E BB B6 65 0A  .........n
N..e.
0010: 73 FE 55 E4 9D 8B 4E 21                            s.U...N!
Server write key:
0000: 4D B9 87 00 5A 1E F6 92   C4 89 36 86 7F DB B2 14 
M...Z.....6.....
0010: D8 B7 1C 00 30 16 7E CA                            ....0...
Client write IV:
0000: 6E D0 C8 54 5C 0F 07 81                            n..T\...
Server write IV:
0000: 31 E6 B6 70 4C 78 93 A6                            1..pLx..
qtp1771121238-29, READ: SSLv3 Handshake, length = 134
*** CertificateVerify
qtp1771121238-29, READ: SSLv3 Change Cipher Spec, length = 1
qtp1771121238-29, READ: SSLv3 Handshake, length = 64
*** Finished
verify_data:  { 185, 100, 131, 53, 152, 57, 153, 230, 137, 226, 218,
237, 18, 131, 144, 8, 163, 43, 99, 82, 149, 131, 123, 251, 14, 211, 158,
109, 43, 103, 80, 47, 44, 101, 221, 197 }
***
qtp1771121238-29, WRITE: SSLv3 Change Cipher Spec, length = 1
*** Finished
verify_data:  { 226, 10, 167, 159, 75, 91, 46, 203, 145, 224, 225, 64,
174, 171, 207, 1, 122, 104, 232, 72, 193, 222, 162, 51, 124, 234, 143,
246, 134, 208, 115, 240, 209, 174, 1, 192 }
***
qtp1771121238-29, WRITE: SSLv3 Handshake, length = 64
%% Cached server session: [Session-1, SSL_DHE_RSA_WITH_3DES_EDE_CBC_SHA]

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228642,228670#msg-228670


From r at roze.lv  Wed Jul 18 09:46:45 2012
From: r at roze.lv (Reinis Rozitis)
Date: Wed, 18 Jul 2012 12:46:45 +0300
Subject: reverse proxy an apache who forces ssl
In-Reply-To: <5006675F.6070703@heinlein-support.de>
References: <5005711D.8040503@heinlein-support.de>
 <1DCB5F2F11DB425EA8D33F14A1921F94@NeiRoze>
 <500596B0.1060007@heinlein-support.de>
 <B770D04138A1478F9D46EC6585B8B201@NeiRoze>
 <5006675F.6070703@heinlein-support.de>
Message-ID: <EC1BD39C2FD543D59779B520B716DE01@DD21>

>> openssl s_client -connect 10.10.2.1:443
>Its the same error as with nginx:
>~# openssl s_client -connect 10.10.2.1:443
>CONNECTED(00000003)
> 7571:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:607:

It's the problem on backend then - it doesn't (want to) talk ssl, at least on that particular IP/port.



> But: I can connect to the backend directly (not via nginx) using https  without any problem. So I am not sure about this 
> conclusion.

Can you show what does this return: wget --no-check-certificate -S --spider https://10.10.2.1

If you test with browser it might (out of thin air) not complain about the site not actually being SSL or the apache does some sort 
of redirect before actually landing on the real SSL (virtual)host.


But overall you should probably show your apache config (the parts with 'SSLEngine on' ).


rr 


From r at roze.lv  Wed Jul 18 12:22:21 2012
From: r at roze.lv (Reinis Rozitis)
Date: Wed, 18 Jul 2012 15:22:21 +0300
Subject: help about limit_req
In-Reply-To: <52007f4d.19fab.13898be5eae.Coremail.meteor8488@163.com>
References: <52007f4d.19fab.13898be5eae.Coremail.meteor8488@163.com>
Message-ID: <05A5313251684D1EBFC694E3140C97C4@DD21>

> For now, the problem for me is, if I put below codes in NGINX, then my php file will stop execute.

A quick fix would be just nest the locations or duplicate the fastcgi part. For example:

location ~*^/(home|forum|portal).php$ {
          limit_conn   addr  3;
          limit_req zone=refresh burst=3 nodelay;

          fastcgi_pass   unix:/tmp/nginx.socket;
          fastcgi_index  index.php;
          fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
          include        fastcgi_params;
}


rr


From i.hailperin at heinlein-support.de  Wed Jul 18 12:25:11 2012
From: i.hailperin at heinlein-support.de (Isaac Hailperin)
Date: Wed, 18 Jul 2012 14:25:11 +0200
Subject: reverse proxy an apache who forces ssl
In-Reply-To: <EC1BD39C2FD543D59779B520B716DE01@DD21>
References: <5005711D.8040503@heinlein-support.de>
 <1DCB5F2F11DB425EA8D33F14A1921F94@NeiRoze>
 <500596B0.1060007@heinlein-support.de>
 <B770D04138A1478F9D46EC6585B8B201@NeiRoze>
 <5006675F.6070703@heinlein-support.de>
 <EC1BD39C2FD543D59779B520B716DE01@DD21>
Message-ID: <5006AB27.9050901@heinlein-support.de>



On 07/18/2012 11:46 AM, Reinis Rozitis wrote:
> It's the problem on backend then - it doesn't (want to) talk ssl, at
> least on that particular IP/port.
Yes, that was the problem. The apache was configured to speak https on 
port 45600. So I changed my backend definition acordingly, and things 
worked!

Thank you very much for your guidance!

Not directly related, but just for the record:
The site contains a login, which needed a
proxy_set_header Host $host;
in the location section with the proxy_pass in order to work.

> If you test with browser it might (out of thin air) not complain about
> the site not actually being SSL or the apache does some sort of redirect
> before actually landing on the real SSL (virtual)host.
Yes, there is a loadbalancer, which did the port changing bevore the 
request came to apache.

Isaac


From nginx-forum at nginx.us  Wed Jul 18 13:51:43 2012
From: nginx-forum at nginx.us (mevans336)
Date: Wed, 18 Jul 2012 09:51:43 -0400 (EDT)
Subject: Upstream "Sticky Connections?"
Message-ID: <e1b7d6ebe52c6dfcaf75992d24c38904.NginxMailingListEnglish@forum.nginx.org>

Hello Everyone,

We are currently using Nginx 1.2.1 to terminate SSL and to load balance
between two JBoss servers.

Here is my upstream block:


upstream jboss_servers {
ip_hash;
server 192.168.1.100:8080;
server 192.168.1.101:8080;
}

The issue we're having is such -- When a user is connected to Nginx,
Nginx will proxy the connection to one of the two backend servers, for
example 192.168.1.100. If we take that server offline (by stopping
JBoss) the user is directed to the 192.168.1.101 server and their
session is broken, requiring them to login again. We understand and
accept this.

However, when server 192.168.1.100 is brought back online, Nginx is then
redirecting their session back to that server, breaking their session
and requiring them to login yet again.

Is there a directive I can use to prevent this behavior? I've seen this
referred to in other places as sticky sessions, does Nginx support a
similar method?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228685,228685#msg-228685


From jerome at loyet.net  Wed Jul 18 14:01:39 2012
From: jerome at loyet.net (=?ISO-8859-1?B?Suly9G1lIExveWV0?=)
Date: Wed, 18 Jul 2012 16:01:39 +0200
Subject: Upstream "Sticky Connections?"
In-Reply-To: <e1b7d6ebe52c6dfcaf75992d24c38904.NginxMailingListEnglish@forum.nginx.org>
References: <e1b7d6ebe52c6dfcaf75992d24c38904.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAFK6my7dcm0-y4H8CC28fe95L3n7chrG8HGdp3-OMLaTcmui3Q@mail.gmail.com>

2012/7/18 mevans336 <nginx-forum at nginx.us>
>
> Hello Everyone,
>
> We are currently using Nginx 1.2.1 to terminate SSL and to load balance
> between two JBoss servers.
>
> Here is my upstream block:
>
>
> upstream jboss_servers {
> ip_hash;
> server 192.168.1.100:8080;
> server 192.168.1.101:8080;
> }
>
> The issue we're having is such -- When a user is connected to Nginx,
> Nginx will proxy the connection to one of the two backend servers, for
> example 192.168.1.100. If we take that server offline (by stopping
> JBoss) the user is directed to the 192.168.1.101 server and their
> session is broken, requiring them to login again. We understand and
> accept this.
>
> However, when server 192.168.1.100 is brought back online, Nginx is then
> redirecting their session back to that server, breaking their session
> and requiring them to login yet again.
>
> Is there a directive I can use to prevent this behavior? I've seen this
> referred to in other places as sticky sessions, does Nginx support a
> similar method?
>


you can look at this module: http://code.google.com/p/nginx-sticky-module/


From nginx-forum at nginx.us  Wed Jul 18 14:14:44 2012
From: nginx-forum at nginx.us (mevans336)
Date: Wed, 18 Jul 2012 10:14:44 -0400 (EDT)
Subject: Upstream "Sticky Connections?"
In-Reply-To: <CAFK6my7dcm0-y4H8CC28fe95L3n7chrG8HGdp3-OMLaTcmui3Q@mail.gmail.com>
References: <CAFK6my7dcm0-y4H8CC28fe95L3n7chrG8HGdp3-OMLaTcmui3Q@mail.gmail.com>
Message-ID: <e737f1dbc334163d3226d26732ae4b47.NginxMailingListEnglish@forum.nginx.org>

Thank you J?r?me. 

Our previous load balancers (Kemp Loadmasters) used the cookie method
and it worked out well. We don't currently build Nginx from source
however, but rather we use the Ubuntu apt packages, so it would require
a little work on our side to change this.

If anyone has suggestions that are native to Nginx, I would like to hear
those as well.

Cheers,

Matt

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228685,228687#msg-228687


From nginx-forum at nginx.us  Wed Jul 18 15:55:49 2012
From: nginx-forum at nginx.us (drakerc)
Date: Wed, 18 Jul 2012 11:55:49 -0400 (EDT)
Subject: Problem with rewrite or internal redirection cycle
Message-ID: <7efe51e88888b6301a4b902bd6f57507.NginxMailingListEnglish@forum.nginx.org>

Hello

I have recently moved my website from Litespeed to nginx. I had to
change some lines in my PHP script to use x-sendfile function and
because of it I also had to change my nginx config. Unfortunately, when
I'm executing my PHP script, I receive 500 Internal Server Error. My
error.log says:


2012/07/18 17:39:52 [error] 23510#0: *20011855 rewrite or internal
redirection cycle while internal redirect to "/index.php", client:
31.175.62.69, server: modbase.pl, request: "GET [...]

I'm not sure what's causing this problem and how to fix it and I really
need your help.

My nginx website's config:
server {
        listen 80;
        server_name modbase.pl;
        server_name_in_redirect off;
        client_max_body_size 1024m;
        access_log /home/log/nginx/localhost.access_log;
        error_log /home/log/nginx/localhost.error_log;
        send_timeout 180;
        root /home/modbase.pl/public_html;
        index index.php;
        # Support Clean (aka Search Engine Friendly) URLs
        location / {
        client_max_body_size 1024m;
        try_files $uri $uri/ /index.php?q=$uri&$args;
        proxy_read_timeout 120;
        send_timeout 180;
        autoindex on;
        }

        index index.php index.html index.htm default.html default.htm;
        # deny running scripts inside writable directories
        location ~*
/(images|cache|media|logs|tmp)/.*\.(php|pl|py|jsp|asp|sh|cgi)$ {
                return 403;
                #error_page 403 /403_error.html;
        }

        location ~ .*.php$ {
            include /etc/nginx/fastcgi_params;
fastcgi_connect_timeout 320;

fastcgi_read_timeout 320;
client_max_body_size 1024m;
            fastcgi_pass  127.0.0.1:9000;
            fastcgi_index index.php;
            include fastcgi_params;
send_timeout 180;
            fastcgi_param SCRIPT_FILENAME
/home/modbase.pl/public_html$fastcgi_script_name;
        }

location /downloads {
internal;
}

        # caching of files
        location ~* \.(ico|pdf|flv)$ {
                expires 1y;
        }

        location ~* \.(js|css|png|jpg|jpeg|gif|swf|xml|txt)$ {
                expires 14d;
        }

}

My PHP script snippet that uses x-sendfile:

$filename_directoo = '/'.$cat_dir.'/'.$file_url;
header("X-Accel-Redirect:".$filename_directoo);
header('Content-Disposition: attachment; filename="'.$filename.'"');

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228698,228698#msg-228698


From meteor8488 at 163.com  Wed Jul 18 16:32:32 2012
From: meteor8488 at 163.com (fhal)
Date: Thu, 19 Jul 2012 00:32:32 +0800 (CST)
Subject: help about limit_req
In-Reply-To: <05A5313251684D1EBFC694E3140C97C4@DD21>
References: <52007f4d.19fab.13898be5eae.Coremail.meteor8488@163.com>
 <05A5313251684D1EBFC694E3140C97C4@DD21>
Message-ID: <49e89e69.21a72.1389aef0759.Coremail.meteor8488@163.com>

Thanks Reinis.

I tried to use the code you provided, I'll get an error message 'file not found' (not 404)





At 2012-07-18 20:22:21,"Reinis Rozitis" <r at roze.lv> wrote:
>> For now, the problem for me is, if I put below codes in NGINX, then my php file will stop execute.
>
>A quick fix would be just nest the locations or duplicate the fastcgi part. For example:
>
>location ~*^/(home|forum|portal).php$ {
>          limit_conn   addr  3;
>          limit_req zone=refresh burst=3 nodelay;
>
>          fastcgi_pass   unix:/tmp/nginx.socket;
>          fastcgi_index  index.php;
>          fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
>          include        fastcgi_params;
>}
>
>
>rr
>
>_______________________________________________
>nginx mailing list
>nginx at nginx.org
>http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120719/e84fb8a3/attachment.html>

From jaderhs5 at gmail.com  Wed Jul 18 18:17:41 2012
From: jaderhs5 at gmail.com (Jader H. Silva)
Date: Wed, 18 Jul 2012 15:17:41 -0300
Subject: Limiting maximum size of cached responses
Message-ID: <CAKy9XyAj_SC3ZM5_q7Qn4-cdG7psB7oTc4_78M0FLy7z47+i2Q@mail.gmail.com>

Is there any way to limit caching by response size, so responses won't be
cached if they exceed a maximum value?
E.g. Backend responses larger than 5mb won't be cached.

Jader H. Silva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120718/bc0addca/attachment.html>

From nginx-forum at nginx.us  Wed Jul 18 18:21:04 2012
From: nginx-forum at nginx.us (DeineAgentur)
Date: Wed, 18 Jul 2012 14:21:04 -0400 (EDT)
Subject: IPV4 & IPV6 Virtual Hosting - address in use
Message-ID: <9e8b0b706878f9893a86f002577db4a0.NginxMailingListEnglish@forum.nginx.org>

I have the sollowing problem:

If i config all sites in one file all works finde, but if i have for
each host a own config than i get the error 


nginx: [emerg] bind() to [::]:80 failed (98: Address already in use)

my config File for the hosts looks like:

server {
	listen   80; ## listen for ipv4; this line is default and implied
	listen   [::]:80 default_server ipv6only=on; ## listen for ipv6

	# Make site accessible from http://localhost/
	server_name _;

    return 444;

	location ~ /\.ht {
		deny all;
	}
}

server {
    listen      80;
    listen   [2001:1010:18:697b::1]:80;
...
}

server {
    listen      80;
    listen   [2001:1010:18:697b::2]:80;
...
}

server {
    listen      80;
    listen   [2001:1010:18:697b::3]:80;
...
}



All server use The same IPV4 and a own IPV6.

But as i have say abdove this works only if all in the same file and not
splited to each own.... :(

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228710,228710#msg-228710


From nginx-forum at nginx.us  Wed Jul 18 18:25:14 2012
From: nginx-forum at nginx.us (DeineAgentur)
Date: Wed, 18 Jul 2012 14:25:14 -0400 (EDT)
Subject: Using "if -f" to return 503 for maintenace: good or bad?
In-Reply-To: <442e61fcbaed0ad58ac641489b19698f.NginxMailingListEnglish@forum.nginx.org>
References: <442e61fcbaed0ad58ac641489b19698f.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <84bf1eb5feef759e78ba6bc6bd1b742e.NginxMailingListEnglish@forum.nginx.org>

Your solution is okay. 

Thats the only way if you maintaince your site. Google will come back
again. And dont get an error 404 or else.

So your search index will not destroy.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228604,228711#msg-228711


From nginx-forum at nginx.us  Wed Jul 18 18:38:13 2012
From: nginx-forum at nginx.us (munkhabi)
Date: Wed, 18 Jul 2012 14:38:13 -0400 (EDT)
Subject: another c file
Message-ID: <9b53f0d5b43ce650a1f3407910965e73.NginxMailingListEnglish@forum.nginx.org>

My module uses external c file. How can I link it with ngx?

thanks

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228712,228712#msg-228712


From r at roze.lv  Wed Jul 18 22:15:12 2012
From: r at roze.lv (Reinis Rozitis)
Date: Thu, 19 Jul 2012 01:15:12 +0300
Subject: help about limit_req
In-Reply-To: <49e89e69.21a72.1389aef0759.Coremail.meteor8488@163.com>
References: <52007f4d.19fab.13898be5eae.Coremail.meteor8488@163.com>
 <05A5313251684D1EBFC694E3140C97C4@DD21>
 <49e89e69.21a72.1389aef0759.Coremail.meteor8488@163.com>
Message-ID: <2A1EB218EF094AEFB6CBA61396E54F8B@NeiRoze>


> I tried to use the code you provided, I'll get an error message 'file not 
> found' (not 404)

Well I just copied over your existing config, to me this doesnt look right:

fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;


I would suggest to replace it with:

fastcgi_param  SCRIPT_FILENAME    $document_root$fastcgi_script_name;


rr 


From ezwetkow at gmx.de  Wed Jul 18 23:06:51 2012
From: ezwetkow at gmx.de (Elena Zwetkow)
Date: Thu, 19 Jul 2012 01:06:51 +0200
Subject: rewrite rule to 2 subdirectory from filename?
In-Reply-To: <84bf1eb5feef759e78ba6bc6bd1b742e.NginxMailingListEnglish@forum.nginx.org>
References: <442e61fcbaed0ad58ac641489b19698f.NginxMailingListEnglish@forum.nginx.org>
 <84bf1eb5feef759e78ba6bc6bd1b742e.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120718230651.48100@gmx.net>


Hello,

a short question about nginx rewrite function. Is it possible
to rewrite a url like:

http://domain.com/486ab6c88fd112a89ccgdwd04a3d8275:8d27ce:1.jpg

to a path like:

/media/48/6a/486ab6c88fd112a89cc4d9d04a3d8275:8d27ce:1.jpg

i will use the first 4 characters of my filename as 2 subdirectories. This was my test, but works not ...

location / {
  rewrite "^/([a-z0-9] {2})([a-z0-9] {2})([a-z0-9]+)$" /media/$1/$2/$1$2$3
}

Is there a way i can debug such rewrite rules?

Thanks so much.

Elena



From ne at vbart.ru  Thu Jul 19 00:47:13 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Thu, 19 Jul 2012 04:47:13 +0400
Subject: rewrite rule to 2 subdirectory from filename?
In-Reply-To: <20120718230651.48100@gmx.net>
References: <442e61fcbaed0ad58ac641489b19698f.NginxMailingListEnglish@forum.nginx.org>
 <84bf1eb5feef759e78ba6bc6bd1b742e.NginxMailingListEnglish@forum.nginx.org>
 <20120718230651.48100@gmx.net>
Message-ID: <201207190447.14206.ne@vbart.ru>

On Thursday 19 July 2012 03:06:51 Elena Zwetkow wrote:
[...]
> location / {
>   rewrite "^/([a-z0-9] {2})([a-z0-9] {2})([a-z0-9]+)$" /media/$1/$2/$1$2$3
> }

rewrite  "^/([0-9a-f]{2})([0-9a-f]{2})" /media/$1/$2$uri;

> Is there a way i can debug such rewrite rules?
> 

pcretest

 wbr, Valentin V. Bartenev


From nginx-forum at nginx.us  Thu Jul 19 01:15:12 2012
From: nginx-forum at nginx.us (ismtlee)
Date: Wed, 18 Jul 2012 21:15:12 -0400 (EDT)
Subject: high reading and low writing
Message-ID: <81b4455f0f6e1915a7c66980cb239bd2.NginxMailingListEnglish@forum.nginx.org>

To reduce waiting quota, keepalive_timeout was set to 3.

While the status shows as below,

Active connections: 1850
server accepts handled requests
14387580 14387580 15330890
Reading: 1312 Writing: 6 Waiting: 532

My question is, why nginx has so large reading/writing ratio?Thx!

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228717,228717#msg-228717


From smimail2me at gmail.com  Thu Jul 19 05:47:56 2012
From: smimail2me at gmail.com (Smitha)
Date: Thu, 19 Jul 2012 11:17:56 +0530
Subject: nginx installtion issue
Message-ID: <CAJiiPD28Ff4V-ZCz4UubZk-Ayqb1++pgjnAOme7D5DfnXg432g@mail.gmail.com>

Hello,

While installing nginx I am facing the following issue


# make
make -f objs/Makefile
make[1]: Entering directory `/tmp/root-passenger-17381/nginx-0.8.53'
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/nginx.o \
        src/core/nginx.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_log.o \
        src/core/ngx_log.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_palloc.o \
        src/core/ngx_palloc.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_array.o \
        src/core/ngx_array.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_list.o \
        src/core/ngx_list.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_hash.o \
        src/core/ngx_hash.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_buf.o \
        src/core/ngx_buf.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_queue.o \
        src/core/ngx_queue.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_output_chain.o \
        src/core/ngx_output_chain.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_string.o \
        src/core/ngx_string.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_parse.o \
        src/core/ngx_parse.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_inet.o \
        src/core/ngx_inet.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_file.o \
        src/core/ngx_file.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_crc32.o \
        src/core/ngx_crc32.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_rbtree.o \
        src/core/ngx_rbtree.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_radix_tree.o \
        src/core/ngx_radix_tree.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_slab.o \
        src/core/ngx_slab.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_times.o \
        src/core/ngx_times.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_shmtx.o \
        src/core/ngx_shmtx.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_connection.o \
        src/core/ngx_connection.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_cycle.o \
        src/core/ngx_cycle.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_spinlock.o \
        src/core/ngx_spinlock.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_cpuinfo.o \
        src/core/ngx_cpuinfo.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_conf_file.o \
        src/core/ngx_conf_file.c
gcc -c -pipe  -O -W -Wall -Wpointer-arith -Wno-unused-parameter
-Wunused-function -Wunused-variable -Wunused-value -Werror -g  -I src/core
-I src/event -I src/event/modules -I src/os/unix -I objs \
        -o objs/src/core/ngx_resolver.o \
        src/core/ngx_resolver.c
src/core/ngx_resolver.c: In function ?ngx_resolver_process_ptr?:
src/core/ngx_resolver.c:1425:43: error: variable ?qclass? set but not used
[-Werror=unused-but-set-variable]
src/core/ngx_resolver.c:1425:36: error: variable ?qtype? set but not used
[-Werror=unused-but-set-variable]
cc1: all warnings being treated as errors

make[1]: *** [objs/src/core/ngx_resolver.o] Error 1
make[1]: Leaving directory `/tmp/root-passenger-17381/nginx-0.8.53'
make: *** [build] Error 2



I got a patch file while searching for this error on google. But where do I
put it?

Please guide me to sove this issue.

Regards
Smitha
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120719/a8e876b7/attachment-0001.html>

From nginx-forum at nginx.us  Thu Jul 19 06:18:08 2012
From: nginx-forum at nginx.us (killed)
Date: Thu, 19 Jul 2012 02:18:08 -0400 (EDT)
Subject: Set error_page follow reverse proxy kind
Message-ID: <54bc45bb36802f0ab6b12dd9167630f2.NginxMailingListEnglish@forum.nginx.org>

Hi everyone,
My Nginx server is Reverse Proxy and other Apache is web server
192.168.1.10 (nginx) ----> 192.168.1.20 (apache)

How can I config error_page when nginx configurated like as Reverse
Proxy? And below my config file:

#===================================
user nginx nginx;

worker_processes 2;
worker_rlimit_nofile 8192;

pid /var/run/nginx.pid;

events {
  worker_connections 1024;
}

http {
limit_req_zone $binary_remote_addr zone=antiddos:10m rate=10r/s;
    include       mime.types;
    default_type  application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] '
                    '"$request" $status  $body_bytes_sent
"$http_referer" '
                    '"$http_user_agent" "$http_x_forwarded_for"';

    server_tokens off;
    access_log  /var/log/nginx_access.log  main;
    error_log  /var/log/nginx_error.log debug;
    server_names_hash_bucket_size 64;
    sendfile on;
    tcp_nopush     on;
    tcp_nodelay    off;
    keepalive_timeout  30;

    proxy_buffering on;
    proxy_buffer_size 16k;
    proxy_buffers 100 8k;
    proxy_connect_timeout      60;
    proxy_send_timeout         60;
    proxy_read_timeout         60;

    server {
      listen 192.168.1.10:80 default rcvbuf=8192 sndbuf=16384
backlog=32000;
      server_name _ ;
      charset off;
      access_log  /var/log/nginx_host_general.access.log  main;
      location / {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://192.168.1.20;
        client_max_body_size       2m;
        client_body_buffer_size    8k;
        proxy_buffering     on;
        proxy_connect_timeout      90;
        proxy_send_timeout         90;
        proxy_read_timeout         120;
        proxy_buffer_size          16k;
        proxy_buffers              32 32k;
        proxy_busy_buffers_size    64k;
        proxy_temp_file_write_size 64k;
      }
    }
    include /usr/local/nginx/vhosts/*.conf;
}
#===================================

Thank you very much

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228722,228722#msg-228722


From meteor8488 at 163.com  Thu Jul 19 07:34:09 2012
From: meteor8488 at 163.com (fhal)
Date: Thu, 19 Jul 2012 15:34:09 +0800 (CST)
Subject: questions about limit_req_zone,
 what's the difference between rate= and burst=
Message-ID: <691d557c.8bbf.1389e287b91.Coremail.meteor8488@163.com>

 Hi All,

According to NGINX wiki,

limit_req_zone  $binary_remote_addr  zone=one:10m   rate=1r/s;
 
    server {
        location /search/ {
            limit_req   zone=one  burst=5;
        }

means  allows a user no more than 1 request per second on average, with bursts of no more than 5 requests.

But what's the difference between rate= and burst=?
For example,

limit_req_zone  $binary_remote_addr  zone=one:10m   rate=1r/s;
limit_req   zone=one  burst=5;

limit_req_zone  $binary_remote_addr  zone=one:10m   rate=5r/s;
limit_req   zone=one  burst=1;

What's the difference between above code? From my understanding, for both settings, users can establish no more than 6 requests at the same time.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120719/b137ce27/attachment.html>

From nvezes at live.com  Thu Jul 19 08:18:31 2012
From: nvezes at live.com (Flavio Oliveira)
Date: Thu, 19 Jul 2012 08:18:31 +0000
Subject: HttpUseridModule
Message-ID: <BAY171-W82EA0A094B51A20948822EB2D90@phx.gbl>


Hi,

I am trying to use the HttpUseridModule but I am not able to set the cookie, however I can see that the request has been sent and the browser allows cookie.

$uid_got $uid_set
     -             uid=4D01310AD0BA0750254E223402040303
     -             uid=4D01310AD3BD0750D54FFDA202050303

Below you can see the conf that I used in the test. Is there something missing?

server {
    listen       80;
    server_name  boo;

    # log files
    access_log /etc/nginx/logs/access.log;
    error_log /etc/nginx/logs/error.log warn;

    # directory
    root   /home/test/public_html/boo;
    index  index.html;

    location / {
      userid          on;
      userid_name     uid;
      userid_domain   example.com;
      userid_path     /;
      userid_expires  365d;
      userid_p3p      'policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"';
    }

    error_page   401 403 404      /40x.html;
    error_page   500 502 504      /50x.html;
}


/Ollivera
 		 	   		  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120719/81116c71/attachment.html>

From nginx-forum at nginx.us  Thu Jul 19 08:32:47 2012
From: nginx-forum at nginx.us (21andy)
Date: Thu, 19 Jul 2012 04:32:47 -0400 (EDT)
Subject: how to fix the rewrite rule?
Message-ID: <329bec30c4cde82011d5a188d37114de.NginxMailingListEnglish@forum.nginx.org>

this works fine
rewrite "^/([a-f0-9]{2})([a-f0-9]{18})\.(jpg|png|gif)$"
/test.php?a=$1&b=$2&c=$3 last;

open /a669164f02f6fdc18f.jpg

test.php would output
Array ( [a] => ad [b] => a669164f02f6fdc18f [c] => jpg )

but this DO NOT WORK
rewrite "^/([a-f0-9]{2})([a-f0-9]{2})([a-f0-9]{14})\.(jpg|png|gif)$"
/test.php?a=$1&b=$2&c=$3 last;
it return 404 error

how can i fix this?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228725,228725#msg-228725


From francis at daoine.org  Thu Jul 19 08:48:41 2012
From: francis at daoine.org (Francis Daly)
Date: Thu, 19 Jul 2012 09:48:41 +0100
Subject: how to fix the rewrite rule?
In-Reply-To: <329bec30c4cde82011d5a188d37114de.NginxMailingListEnglish@forum.nginx.org>
References: <329bec30c4cde82011d5a188d37114de.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120719084841.GC14023@craic.sysops.org>

On Thu, Jul 19, 2012 at 04:32:47AM -0400, 21andy wrote:

Hi there,

> this works fine
> rewrite "^/([a-f0-9]{2})([a-f0-9]{18})\.(jpg|png|gif)$"
> /test.php?a=$1&b=$2&c=$3 last;
> 
> open /a669164f02f6fdc18f.jpg
> 
> test.php would output
> Array ( [a] => ad [b] => a669164f02f6fdc18f [c] => jpg )

Really?

Your url has 18 hex characters. Your rewrite rule will only match if
there are 20. And "[a] => ad" doesn't appear anywhere in your url.

> but this DO NOT WORK
> rewrite "^/([a-f0-9]{2})([a-f0-9]{2})([a-f0-9]{14})\.(jpg|png|gif)$"
> /test.php?a=$1&b=$2&c=$3 last;
> it return 404 error

Here your rewrite rule will only match if there are 18 hex characters.

I expect 

[a] => a6 [b] => 69 [c] => 164f02f6fdc18f

> how can i fix this?

Be consistent.

How long is the url you want to test? Make sure you match exactly that
many characters in your rewrite rule.

	f
-- 
Francis Daly        francis at daoine.org


From ezwetkow at gmx.de  Thu Jul 19 09:12:52 2012
From: ezwetkow at gmx.de (Elena Zwetkow)
Date: Thu, 19 Jul 2012 11:12:52 +0200
Subject: how to fix the rewrite rule?
In-Reply-To: <329bec30c4cde82011d5a188d37114de.NginxMailingListEnglish@forum.nginx.org>
References: <329bec30c4cde82011d5a188d37114de.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120719091252.36700@gmx.net>


Hello andi,

your solution looks a bit like my question from last
night... i use md5 hash to build my filenames, what
kind of hash do you use? 20 chars look intresing :)
are these unique hashes?

Elena


-------- Original-Nachricht --------
> Datum: Thu, 19 Jul 2012 04:32:47 -0400 (EDT)
> Von: "21andy" <nginx-forum at nginx.us>
> An: nginx at nginx.org
> Betreff: how to fix the rewrite rule?

> this works fine
> rewrite "^/([a-f0-9]{2})([a-f0-9]{18})\.(jpg|png|gif)$"
> /test.php?a=$1&b=$2&c=$3 last;
> 
> open /a669164f02f6fdc18f.jpg
> 
> test.php would output
> Array ( [a] => ad [b] => a669164f02f6fdc18f [c] => jpg )
> 
> but this DO NOT WORK
> rewrite "^/([a-f0-9]{2})([a-f0-9]{2})([a-f0-9]{14})\.(jpg|png|gif)$"
> /test.php?a=$1&b=$2&c=$3 last;
> it return 404 error
> 
> how can i fix this?
> 
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,228725,228725#msg-228725
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From ru at nginx.com  Thu Jul 19 09:42:18 2012
From: ru at nginx.com (Ruslan Ermilov)
Date: Thu, 19 Jul 2012 13:42:18 +0400
Subject: questions about limit_req_zone,
 what's the difference between rate= and burst=
In-Reply-To: <691d557c.8bbf.1389e287b91.Coremail.meteor8488@163.com>
References: <691d557c.8bbf.1389e287b91.Coremail.meteor8488@163.com>
Message-ID: <20120719094218.GA25940@lo0.su>

On Thu, Jul 19, 2012 at 03:34:09PM +0800, fhal wrote:
>     Hi All,
> 
>    According to NGINX wiki,
> 
>    limit_req_zone  $binary_remote_addr  zone=one:10m   rate=1r/s;
> 
>        server {
>            location /search/ {
>                limit_req   zone=one  burst=5;
>            }
> 
>    means  allows a user no more than 1 request per second on average, with
>    bursts of no more than 5 requests.
> 
>    But what's the difference between rate= and burst=?
>    For example,
> 
>    limit_req_zone  $binary_remote_addr  zone=one:10m   rate=1r/s;
>    limit_req   zone=one  burst=5;
> 
>    limit_req_zone  $binary_remote_addr  zone=one:10m   rate=5r/s;
>    limit_req   zone=one  burst=1;
> 
>    What's the difference between above code? From my understanding, for both
>    settings, users can establish no more than 6 requests at the same time.

http://nginx.org/en/docs/http/ngx_http_limit_req_module.html


From mdounin at mdounin.ru  Thu Jul 19 12:07:21 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Thu, 19 Jul 2012 16:07:21 +0400
Subject: Weird apache status values with nginx
In-Reply-To: <dbdb600cf9008ed6a9196dd81a2341c9.NginxMailingListEnglish@forum.nginx.org>
References: <dbdb600cf9008ed6a9196dd81a2341c9.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120719120721.GX31671@mdounin.ru>

Hello!

On Tue, Jul 17, 2012 at 01:28:22PM -0400, migue76 wrote:

> Hello.
> 
> Since I have installed nginx on our dedicated server I'm having some odd
> issue. The "cpu usage" and "requests currently being processed" are not
> correct on apache-status
> 
> A couple of image to see ir clearly. Images from same server at same
> time, same accounts and similar traffic:
> 
> http://i46.tinypic.com/nbte09.jpg <--- good
> 
> http://i46.tinypic.com/1jsot5.png <--- bad
> 
> Please, look at "cpu usage": u601?? s261?? cu4368?? However, cpu load is
> correct

Why do you think it isn't correct?  Two days at 3% cpu usage is 
something about 5000 cpu seconds.

Keeping in mind that in Apache server status's "CPU load" is just 
(u + s + cu + cs ) / uptime, it's highly unlikely that cpu usage 
stats would be incorrect while cpu load reported is correct.

The fact that Apache's cpu usage is different from what you have 
without nginx might have many reasons.  Possible ones are ranging 
from incorrect Apache configuration which causes neeedless process 
startup/shutdown (which now happens more often due to low worker 
process utilization) to just a simple fact that your system 
handles more requests now (and consumes more CPU as a result) due 
to no longer being limited by some other resource.

> Look at "requests currently being processed": 4 request only? More than
> 300 websites at high traffic time and only 4 request? How is it
> possible?

This is normal, as working with slow clients is offloaded to nginx 
now.  Apache processes are no longer busy waiting for a client 
to sent rest of a request or read another part of a response.

[...]

Maxim Dunin


From citrin at citrin.ru  Thu Jul 19 12:39:30 2012
From: citrin at citrin.ru (Anton Yuzhaninov)
Date: Thu, 19 Jul 2012 16:39:30 +0400
Subject: another c file
In-Reply-To: <9b53f0d5b43ce650a1f3407910965e73.NginxMailingListEnglish@forum.nginx.org>
References: <9b53f0d5b43ce650a1f3407910965e73.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <50080002.8050305@citrin.ru>

On 18.07.2012 22:38, munkhabi wrote:
> My module uses external c file. How can I link it with ngx?

Add this file to build config for module, e. g.

NGX_ADDON_SRCS="$NGX_ADDON_SRCS \
                 $ngx_addon_dir/ngx_foo_bar_module.c \
                 $ngx_addon_dir/some_extrenal_file.c"

If this code uses header files, it should be added to NGX_ADDON_DEPS

-- 
  Anton Yuzhaninov


From mdounin at mdounin.ru  Thu Jul 19 12:53:41 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Thu, 19 Jul 2012 16:53:41 +0400
Subject: nginx installtion issue
In-Reply-To: <CAJiiPD28Ff4V-ZCz4UubZk-Ayqb1++pgjnAOme7D5DfnXg432g@mail.gmail.com>
References: <CAJiiPD28Ff4V-ZCz4UubZk-Ayqb1++pgjnAOme7D5DfnXg432g@mail.gmail.com>
Message-ID: <20120719125340.GA31671@mdounin.ru>

Hello!

On Thu, Jul 19, 2012 at 11:17:56AM +0530, Smitha wrote:

> While installing nginx I am facing the following issue

[...]

> src/core/ngx_resolver.c: In function ?ngx_resolver_process_ptr?:
> src/core/ngx_resolver.c:1425:43: error: variable ?qclass? set but not used
> [-Werror=unused-but-set-variable]
> src/core/ngx_resolver.c:1425:36: error: variable ?qtype? set but not used
> [-Werror=unused-but-set-variable]
> cc1: all warnings being treated as errors
> 
> make[1]: *** [objs/src/core/ngx_resolver.o] Error 1
> make[1]: Leaving directory `/tmp/root-passenger-17381/nginx-0.8.53'
> make: *** [build] Error 2
> 
> 
> 
> I got a patch file while searching for this error on google. But where do I
> put it?

You may have better luck downloading latest version as available 
here:

http://nginx.org/en/download.html

Maxim Dounin


From mdounin at mdounin.ru  Thu Jul 19 13:14:56 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Thu, 19 Jul 2012 17:14:56 +0400
Subject: HttpUseridModule
In-Reply-To: <BAY171-W82EA0A094B51A20948822EB2D90@phx.gbl>
References: <BAY171-W82EA0A094B51A20948822EB2D90@phx.gbl>
Message-ID: <20120719131456.GB31671@mdounin.ru>

Hello!

On Thu, Jul 19, 2012 at 08:18:31AM +0000, Flavio Oliveira wrote:

> 
> Hi,
> 
> I am trying to use the HttpUseridModule but I am not able to set 
> the cookie, however I can see that the request has been sent and 
> the browser allows cookie.
> 
> $uid_got $uid_set
>      -             uid=4D01310AD0BA0750254E223402040303
>      -             uid=4D01310AD3BD0750D54FFDA202050303
> 
> Below you can see the conf that I used in the test. Is there something missing?
> 
> server {
>     listen       80;
>     server_name  boo;

[...]

>       userid_domain   example.com;

The "example.com" isn't likely to work here unless you indeed use 
example.com hostname to access your site.  Though different server_name 
suggests you don't.

Maxim Dounin


From mdounin at mdounin.ru  Thu Jul 19 14:28:06 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Thu, 19 Jul 2012 18:28:06 +0400
Subject: Problem with rewrite or internal redirection cycle
In-Reply-To: <7efe51e88888b6301a4b902bd6f57507.NginxMailingListEnglish@forum.nginx.org>
References: <7efe51e88888b6301a4b902bd6f57507.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120719142806.GD31671@mdounin.ru>

Hello!

On Wed, Jul 18, 2012 at 11:55:49AM -0400, drakerc wrote:

> Hello
> 
> I have recently moved my website from Litespeed to nginx. I had to
> change some lines in my PHP script to use x-sendfile function and
> because of it I also had to change my nginx config. Unfortunately, when
> I'm executing my PHP script, I receive 500 Internal Server Error. My
> error.log says:
> 
> 
> 2012/07/18 17:39:52 [error] 23510#0: *20011855 rewrite or internal
> redirection cycle while internal redirect to "/index.php", client:
> 31.175.62.69, server: modbase.pl, request: "GET [...]
> 
> I'm not sure what's causing this problem and how to fix it and I really
> need your help.

Your config with your script produce an infinite loop.  Most likely 
it's due to fact that after X-Accel-Redirect request ends up in 
location /, and then redirected to /index.php as file isn't found, 
and then again after X-Accel-Redirect request ends up in location 
/ and so on.

>         location / {
>         client_max_body_size 1024m;
>         try_files $uri $uri/ /index.php?q=$uri&$args;

[...]

> location /downloads {
> internal;
> }

[...]

> My PHP script snippet that uses x-sendfile:
> 
> $filename_directoo = '/'.$cat_dir.'/'.$file_url;
> header("X-Accel-Redirect:".$filename_directoo);
> header('Content-Disposition: attachment; filename="'.$filename.'"');

It looks like "location /downloads" was added to avoid the above 
loop, but you don't refer it in X-Accel-Redirect.

Maxim Dounin


From meteor8488 at 163.com  Thu Jul 19 15:04:58 2012
From: meteor8488 at 163.com (fhal)
Date: Thu, 19 Jul 2012 23:04:58 +0800 (CST)
Subject: help about limit_req
In-Reply-To: <05A5313251684D1EBFC694E3140C97C4@DD21>
References: <52007f4d.19fab.13898be5eae.Coremail.meteor8488@163.com>
 <05A5313251684D1EBFC694E3140C97C4@DD21>
Message-ID: <268b5b8d.116ce.1389fc53711.Coremail.meteor8488@163.com>

Hi Reinis,

One more question, for now, I'm using below code to limit the access of some URLs, such as
/forum.php?mod=forumdisplay?*****
/forum.php?mod=viewthread&****

    location ~*^/(home|forum|portal).php$ {
        root           /web/www;
        limit_conn   addr  5;
        limit_req zone=refresh burst=5 nodelay;
        fastcgi_pass   unix:/tmp/nginx.socket;
        fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        include        fastcgi_params;
        }
    location ~ \.php$ {
        root           /web/www;
        fastcgi_pass   unix:/tmp/nginx.socket;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        include        fastcgi_params;
        }

But I don't want to limit user access to below URL

/forum.php?mod=image&***

So I added below section into Nginx

    location ~*^/forum.php?mod=image$ {
        root           /web/www;
        fastcgi_pass   unix:/tmp/nginx.socket;
        fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        include        fastcgi_params;
        }

But it seems that this rule is not working, could you please help?




At 2012-07-18 20:22:21,"Reinis Rozitis" <r at roze.lv> wrote:
>> For now, the problem for me is, if I put below codes in NGINX, then my php file will stop execute.
>
>A quick fix would be just nest the locations or duplicate the fastcgi part. For example:
>
>location ~*^/(home|forum|portal).php$ {
>          limit_conn   addr  3;
>          limit_req zone=refresh burst=3 nodelay;
>
>          fastcgi_pass   unix:/tmp/nginx.socket;
>          fastcgi_index  index.php;
>          fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
>          include        fastcgi_params;
>}
>
>
>rr
>
>_______________________________________________
>nginx mailing list
>nginx at nginx.org
>http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120719/01b10808/attachment.html>

From r at roze.lv  Thu Jul 19 15:27:01 2012
From: r at roze.lv (Reinis Rozitis)
Date: Thu, 19 Jul 2012 18:27:01 +0300
Subject: help about limit_req
In-Reply-To: <268b5b8d.116ce.1389fc53711.Coremail.meteor8488@163.com>
References: <52007f4d.19fab.13898be5eae.Coremail.meteor8488@163.com>
 <05A5313251684D1EBFC694E3140C97C4@DD21>
 <268b5b8d.116ce.1389fc53711.Coremail.meteor8488@163.com>
Message-ID: <AB3002769C994CEE874C73BD0F43E734@DD21>

> But it seems that this rule is not working, could you please help?

Regular expression locations are matched in the order they are defined in the nginx config file, so you need to put that location 
above .

http://wiki.nginx.org/HttpCoreModule#location


rr 


From meteor8488 at 163.com  Thu Jul 19 15:29:51 2012
From: meteor8488 at 163.com (fhal)
Date: Thu, 19 Jul 2012 23:29:51 +0800 (CST)
Subject: help about limit_req
In-Reply-To: <AB3002769C994CEE874C73BD0F43E734@DD21>
References: <52007f4d.19fab.13898be5eae.Coremail.meteor8488@163.com>
 <05A5313251684D1EBFC694E3140C97C4@DD21>
 <268b5b8d.116ce.1389fc53711.Coremail.meteor8488@163.com>
 <AB3002769C994CEE874C73BD0F43E734@DD21>
Message-ID: <5976cde6.11967.1389fdc0148.Coremail.meteor8488@163.com>

Hi Reinis,

Thanks for your quickly response. But it still doesn't work.
Below is my configurations, could you please help to check?

    location ~*^/forum.php?mod=image$ {
        root           /web/www;
        fastcgi_pass   unix:/tmp/nginx.socket;
        fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        include        fastcgi_params;
        }
    location ~*^/(home|forum|portal).php$ {
        root           /web/www;
        limit_conn   addr  5;
        limit_req zone=refresh burst=5 nodelay;
        fastcgi_pass   unix:/tmp/nginx.socket;
        fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        include        fastcgi_params;
        }
    location ~ \.php$ {
        root           /web/www;
        fastcgi_pass   unix:/tmp/nginx.socket;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        include        fastcgi_params;
        }





At 2012-07-19 23:27:01,"Reinis Rozitis" <r at roze.lv> wrote:
>> But it seems that this rule is not working, could you please help?
>
>Regular expression locations are matched in the order they are defined in the nginx config file, so you need to put that location 
>above .
>
>http://wiki.nginx.org/HttpCoreModule#location
>
>
>rr 
>
>_______________________________________________
>nginx mailing list
>nginx at nginx.org
>http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120719/96fed3b5/attachment.html>

From nginx-forum at nginx.us  Thu Jul 19 15:52:00 2012
From: nginx-forum at nginx.us (migue76)
Date: Thu, 19 Jul 2012 11:52:00 -0400 (EDT)
Subject: Weird apache status values with nginx
In-Reply-To: <20120719120721.GX31671@mdounin.ru>
References: <20120719120721.GX31671@mdounin.ru>
Message-ID: <285394829bac7dbc09ee52e299eec0c1.NginxMailingListEnglish@forum.nginx.org>

Thanks for your explanation Maxim.

I think the results are not correct because I switch off nginx and
values come correct again. I swich on nginx and I get weird values. That
is why.

You said:
>The fact that Apache's cpu usage is different from what you have
>without nginx might have many reasons. Possible ones are ranging
>from incorrect Apache configuration which causes neeedless process
>startup/shutdown (which now happens more often due to low worker
>process utilization) to just a simple fact that your system
>handles more requests now (and consumes more CPU as a result) due
>to no longer being limited by some other resource.

Any tip, clue or url to start investigating about this?

>This is normal, as working with slow clients is offloaded to nginx
>now. Apache processes are no longer busy waiting for a client
>to sent rest of a request or read another part of a response.

Thanks! I understand now!

Regards.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228652,228751#msg-228751


From sb at waeme.net  Thu Jul 19 15:56:46 2012
From: sb at waeme.net (Sergey Budnevitch)
Date: Thu, 19 Jul 2012 19:56:46 +0400
Subject: add_headers on text/html only?
In-Reply-To: <CAFepXZi8Dh20GfPx8fcv7Rn4+ej_wDEDgCu5Q4+MxRj_Vt9+AA@mail.gmail.com>
References: <CAFepXZi8Dh20GfPx8fcv7Rn4+ej_wDEDgCu5Q4+MxRj_Vt9+AA@mail.gmail.com>
Message-ID: <AB5726F6-6506-4CE8-B4F4-A72D3F9E6E25@waeme.net>


On 18.07.2012, at 8:24, Nick Semenkovich wrote:

> I'm trying to add three headers for security to all text/html content:
> 
> add_header X-Content-Type-Options 'nosniff';
> add_header X-Frame-Options 'DENY';
> add_header X-XSS-Protection '1; mode=block';
> 
> I'd like to add these to a number of different sites & virtual hosts in nginx.
> 
> Q: Is there an easy way to add this to multiple different hosts
> without updating every server{} block?
> 
> Can I put this into an http{} section in some way (but still limit it
> to text/html)?

add_header will not add header with empty value, so

    add_header X-test $test;
    map $sent_http_content_type $test {
        text/html  1;
    }

should work.


From nginx-forum at nginx.us  Thu Jul 19 17:08:12 2012
From: nginx-forum at nginx.us (dgarstang)
Date: Thu, 19 Jul 2012 13:08:12 -0400 (EDT)
Subject: Disable Caching
Message-ID: <4f798777cb427e3d5086a6b06571d9c7.NginxMailingListEnglish@forum.nginx.org>

All,

I have an nginx config that looks like this...

user www-data;
worker_processes 4;
pid /var/run/nginx.pid;

events {
	worker_connections 768;
	# multi_accept on;
}

http {
	sendfile on;
	tcp_nopush on;
	tcp_nodelay on;
	keepalive_timeout 65;
	types_hash_max_size 2048;
	
	include /etc/nginx/mime.types;
	default_type application/octet-stream;

	access_log /var/log/nginx/access.log;
	error_log /var/log/nginx/error.log;

	gzip on;
	gzip_disable "msie6";

	include /etc/nginx/conf.d/*.conf;
	include /etc/nginx/sites-enabled/*;
}

In the included sites-enabled/portal file, there is a server section
that has:

server {
    listen 80;
    server_name portal.xxx.com;
    rewrite ^ https://portal.xxx.com$request_uri? permanent;
    proxy_no_cache 1;
    proxy_cache_bypass 1;
}

Note that both proxy_no_cache and proxy_cache_bypass are set to 1.
However, it appears that caching _is_ occurring.

Why? How do we disable this?

Thanks,
Doug.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228754,228754#msg-228754


From ne at vbart.ru  Thu Jul 19 17:18:52 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Thu, 19 Jul 2012 21:18:52 +0400
Subject: Disable Caching
In-Reply-To: <4f798777cb427e3d5086a6b06571d9c7.NginxMailingListEnglish@forum.nginx.org>
References: <4f798777cb427e3d5086a6b06571d9c7.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <201207192118.52902.ne@vbart.ru>

On Thursday 19 July 2012 21:08:12 dgarstang wrote:
[...]
> In the included sites-enabled/portal file, there is a server section
> that has:
> 
> server {
>     listen 80;
>     server_name portal.xxx.com;
>     rewrite ^ https://portal.xxx.com$request_uri? permanent;
>     proxy_no_cache 1;
>     proxy_cache_bypass 1;
> }
> 
> Note that both proxy_no_cache and proxy_cache_bypass are set to 1.
> However, it appears that caching _is_ occurring.
> 
> Why? How do we disable this?
> 

What? What exactly do you want to disable?

The proxy_* directives are related to the proxy module, and they only have
meaning in combination with proxy_pass.

http://nginx.org/ru/docs/http/ngx_http_proxy_module.html

 wbr, Valentin V. Bartenev


From nginx-forum at nginx.us  Thu Jul 19 21:13:01 2012
From: nginx-forum at nginx.us (mk.fg)
Date: Thu, 19 Jul 2012 17:13:01 -0400 (EDT)
Subject: [PATCH] Add "pass_only" option to ssl_verify_client to enable
 app-only validation
Message-ID: <f7a6b6f83ce1b0e2d14c1d47a73a18e9.NginxMailingListEnglish@forum.nginx.org>

Hello,

Proposed patch enables use-case scenario when Nginx asks Client for TLS
certificate but does not make any attempt to validate it, passing it to
the application instead. Application itself if then free to decide
whether provided certificate is valid and is able to reject it with the
same http status codes as Nginx does.

Same use-case is also referenced in
"http://forum.nginx.org/read.php?2,15584" and is *critical* for
implementing protocols like WebID (http://www.w3.org/wiki/WebID), which
relies on custom TLS certificates, which are signed with keys which are
unknown in advance.
With the patch, that can be accomplished by specifying
"ssl_verify_client pass_only;" ("ssl_client_certificate" is *not* used
in this case) and using "uwsgi_param X_CLIENT_CERT
$ssl_client_raw_cert;" (or similar options for different backends).

Currently, Nginx supports "off", "on" and "optional" parameters to
"ssl_verify_client" option, latter of which ("on" and "optional")
require CA certificate (specified with "ssl_client_certificate" option)
and perform mandatory check against it if client provides certificate.
"optional" parameter seem to allow client to skip providing the
certificate, but still requires CA certificate and performs the check
(if client provides the cert), returning http status 495 if validation
against that CA fails.
So there is currently no way to require client certificate but perform
it's validation in application (or on whatever backend) only, hence the
patch.

Please consider merging the patch into nginx codebase, enabling
aforementioned use-case in some other way, or at least commenting on why
it might be wrong or unsuitable approach/feature (if only to block
further proposals in the same vein).

Patch is made on top of current (as of 07.2012) svn trunk.
In case forum interface mangles the inline attachment, it can also be
found on the following URL: https://raw.github.com/gist/3146701/


>From 0ade221a2dbaeedfa5255875a89485166221a6f0 Mon Sep 17 00:00:00 2001
From: Mike Kazantsev <mk.fraggod at gmail.com>
Date: Fri, 20 Jul 2012 02:45:10 +0600
Subject: [PATCH] Add "pass_only" option to ssl_verify_client to enable
 app-only validation

---
 src/http/modules/ngx_http_ssl_module.c |    3 ++-
 src/http/ngx_http_request.c            |    2 +-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/http/modules/ngx_http_ssl_module.c
b/src/http/modules/ngx_http_ssl_module.c
index d759489..4435435 100644
--- a/src/http/modules/ngx_http_ssl_module.c
+++ b/src/http/modules/ngx_http_ssl_module.c
@@ -48,6 +48,7 @@ static ngx_conf_enum_t  ngx_http_ssl_verify[] = {
     { ngx_string("off"), 0 },
     { ngx_string("on"), 1 },
     { ngx_string("optional"), 2 },
+    { ngx_string("pass_only"), 3 },
     { ngx_null_string, 0 }
 };
 
@@ -466,7 +467,7 @@ ngx_http_ssl_merge_srv_conf(ngx_conf_t *cf, void
*parent, void *child)
 
     if (conf->verify) {
 
-        if (conf->client_certificate.len == 0) {
+        if (conf->verify != 3 && conf->client_certificate.len == 0) {
             ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
                           "no ssl_client_certificate for
ssl_client_verify");
             return NGX_CONF_ERROR;
diff --git a/src/http/ngx_http_request.c b/src/http/ngx_http_request.c
index 26420b1..11373dc 100644
--- a/src/http/ngx_http_request.c
+++ b/src/http/ngx_http_request.c
@@ -1631,7 +1631,7 @@ ngx_http_process_request(ngx_http_request_t *r)
 
         sscf = ngx_http_get_module_srv_conf(r, ngx_http_ssl_module);
 
-        if (sscf->verify) {
+        if (sscf->verify && sscf->verify != 3) {
             rc = SSL_get_verify_result(c->ssl->connection);
 
             if (rc != X509_V_OK) {
-- 
1.7.10.4

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228761,228761#msg-228761


From nginx-forum at nginx.us  Fri Jul 20 01:31:00 2012
From: nginx-forum at nginx.us (shikha)
Date: Thu, 19 Jul 2012 21:31:00 -0400 (EDT)
Subject: Flash Video In Drupal
Message-ID: <67e81e0850eee59edfae9f21783b9ff3.NginxMailingListEnglish@forum.nginx.org>

hey sir/mam,
I am new to drupal7 and i have been asked to include a f lash video in
the website which i am making can anyone please tell me the whole
procedure in detail as i won't be able to understand in short.The flash
has to b included on the front page of the website can somebody plz tell
me asap...thanks

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228762,228762#msg-228762


From jim at ohlste.in  Fri Jul 20 01:35:29 2012
From: jim at ohlste.in (Jim Ohlstein)
Date: Thu, 19 Jul 2012 21:35:29 -0400
Subject: Flash Video In Drupal
In-Reply-To: <67e81e0850eee59edfae9f21783b9ff3.NginxMailingListEnglish@forum.nginx.org>
References: <67e81e0850eee59edfae9f21783b9ff3.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CABxOBbRtt8_g-udOY8UciM4L=gr=r8fO=_ufBRKdhDp4RwvUuw@mail.gmail.com>

On Jul 19, 2012 9:31 PM, "shikha" <nginx-forum at nginx.us> wrote:
>
> hey sir/mam,
> I am new to drupal7 and i have been asked to include a f lash video in
> the website which i am making can anyone please tell me the whole
> procedure in detail as i won't be able to understand in short.The flash
> has to b included on the front page of the website can somebody plz tell
> me asap...thanks

This is something you should ask on a Drupal list, not here.

If you need to configure nginx to serve flash video, that's very
straightforward and you can find the information in the documentation.

>
> Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,228762,228762#msg-228762

Jim Ohlstein
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120719/40f10372/attachment.html>

From duanemulder at rattyshack.ca  Fri Jul 20 02:22:22 2012
From: duanemulder at rattyshack.ca (Duane Mulder)
Date: Thu, 19 Jul 2012 22:22:22 -0400
Subject: Absolute maximum value for  proxy_read_timeout
In-Reply-To: <20120719094218.GA25940@lo0.su>
References: <691d557c.8bbf.1389e287b91.Coremail.meteor8488@163.com>
 <20120719094218.GA25940@lo0.su>
Message-ID: <5008C0DE.4030302@rattyshack.ca>

Hello All:

We have an issue where I need to increase the proxy_read_timeout to a
large value.  Currently its 300s.  What is the the maximum supported
value  ?

I am running nginx 1.0.5, could I be able to manually compile a larger
value in ?

snippit of conf
       listen       10.222.3.88:80;
        server_name  localhost;
        client_max_body_size 2500m;
        proxy_read_timeout 300;
        proxy_connect_timeout 75;
        keepalive_timeout 75;


Regards
Duane


From appa at perusio.net  Fri Jul 20 07:25:42 2012
From: appa at perusio.net (=?UTF-8?B?QW50w7NuaW8=?= P. P. Almeida)
Date: Fri, 20 Jul 2012 09:25:42 +0200
Subject: Flash Video In Drupal
In-Reply-To: <67e81e0850eee59edfae9f21783b9ff3.NginxMailingListEnglish@forum.nginx.org>
References: <67e81e0850eee59edfae9f21783b9ff3.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <87wr1yvqq1.wl%appa@perusio.net>

On 20 Jul 2012 03h31 CEST, nginx-forum at nginx.us wrote:

> hey sir/mam, I am new to drupal7 and i have been asked to include a
> f lash video in the website which i am making can anyone please tell
> me the whole procedure in detail as i won't be able to understand in
> short.The flash has to b included on the front page of the website
> can somebody plz tell me asap...thanks

http://groups.drupal.org/nginx

--- appa


From mdounin at mdounin.ru  Fri Jul 20 08:43:50 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 20 Jul 2012 12:43:50 +0400
Subject: MP4 - start time is out mp4 stts samples
In-Reply-To: <b124b69eb9661410e2ef0cbeda823187.NginxMailingListEnglish@forum.nginx.org>
References: <20120717160916.GT31671@mdounin.ru>
 <b124b69eb9661410e2ef0cbeda823187.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120720084350.GG31671@mdounin.ru>

Hello!

On Tue, Jul 17, 2012 at 01:21:38PM -0400, DeineAgentur wrote:

> Hi Maxim,
> 
> here the debug.log
> 
> https://www.dropbox.com/s/8xwyxw8l0r0a2am/debug_localhost.rar

Ok, debug log suggests that there are 4 tracks in the file, and one 
of them is just 0.8 seconds long:

2012/07/17 19:01:26 [debug] 4539#0: *10 tkhd duration:4208128, time:7013.547s
2012/07/17 19:01:26 [debug] 4539#0: *10 tkhd duration:487, time:0.812s
2012/07/17 19:01:26 [debug] 4539#0: *10 tkhd duration:4208128, time:7013.547s
2012/07/17 19:01:26 [debug] 4539#0: *10 tkhd duration:4208140, time:7013.567s

This is what causes your problem, as nginx isn't currently able to 
drop short tracks, only seek them all.  And nginx complains as one 
of the tracks is too short for a requested seek.

This should be handled better.

> Maxim, if you send me an eMail, i will give you a link to the video.

Actually, my email is included in all messages to the mailing 
list (though forum interface hides it).  See e.g. here: 

http://mailman.nginx.org/pipermail/nginx/2012-July/034659.html

Maxim Dounin


From mdounin at mdounin.ru  Fri Jul 20 09:04:07 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 20 Jul 2012 13:04:07 +0400
Subject: Help with wrong directive
In-Reply-To: <1342522420303-7580855.post@n2.nabble.com>
References: <1342455954086-7580849.post@n2.nabble.com>
 <1342522420303-7580855.post@n2.nabble.com>
Message-ID: <20120720090407.GI31671@mdounin.ru>

Hello!

On Tue, Jul 17, 2012 at 03:53:40AM -0700, antituhan wrote:

> I've change the directive like that, but nothing changes. :( The images with
> the URL http://domain.com/awstatsicons/other/vu.png is not loaded. 

Try looking into error log, it usually helps.

Maxim Dounin


From mdounin at mdounin.ru  Fri Jul 20 09:16:20 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 20 Jul 2012 13:16:20 +0400
Subject: reverse proxy an apache who forces ssl
In-Reply-To: <43febb538634cb3ed9d6178883f65bef.NginxMailingListEnglish@forum.nginx.org>
References: <500596B0.1060007@heinlein-support.de>
 <43febb538634cb3ed9d6178883f65bef.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120720091620.GJ31671@mdounin.ru>

Hello!

On Tue, Jul 17, 2012 at 01:30:06PM -0400, saucepan wrote:

> hi all ,
>  I'm getting the same , my upstream https servers requires client
> authenication (ie authenicate who nginx is!!)  but this fails, yet when
> i verfied the same using wget alls okay ...... btw i using self sign
> certs for now
> 
> I get the a 502 bad gateway  too ..... does nginx support this
> configuration or have i messed up my ssl configuration 

nginx doesn't currently support client certificate authentication 
to upstream https servers.

Maxim Dounin


From mdounin at mdounin.ru  Fri Jul 20 09:50:56 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 20 Jul 2012 13:50:56 +0400
Subject: Weird apache status values with nginx
In-Reply-To: <285394829bac7dbc09ee52e299eec0c1.NginxMailingListEnglish@forum.nginx.org>
References: <20120719120721.GX31671@mdounin.ru>
 <285394829bac7dbc09ee52e299eec0c1.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120720095055.GL31671@mdounin.ru>

Hello!

On Thu, Jul 19, 2012 at 11:52:00AM -0400, migue76 wrote:

> Thanks for your explanation Maxim.
> 
> I think the results are not correct because I switch off nginx and
> values come correct again. I swich on nginx and I get weird values. That
> is why.
> 
> You said:
> >The fact that Apache's cpu usage is different from what you have
> >without nginx might have many reasons. Possible ones are ranging
> >from incorrect Apache configuration which causes neeedless process
> >startup/shutdown (which now happens more often due to low worker
> >process utilization) to just a simple fact that your system
> >handles more requests now (and consumes more CPU as a result) due
> >to no longer being limited by some other resource.
> 
> Any tip, clue or url to start investigating about this?

I would try to calculate something like "cpu seconds per request" 
metric and if it doesn't match previously seen values - start digging 
where additional cpu seconds go.  Playing with Apache settings 
like MaxClients/MaxSpareServers/MinSpareServers might be helpfull, 
as well as monitoring various things like system fork rate and so on.

Note though that some difference is normal, e.g. due to the fact 
that nginx doesn't use keepalive to upstream servers by default.

Maxim Dounin


From mdounin at mdounin.ru  Fri Jul 20 09:57:24 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 20 Jul 2012 13:57:24 +0400
Subject: Absolute maximum value for  proxy_read_timeout
In-Reply-To: <5008C0DE.4030302@rattyshack.ca>
References: <691d557c.8bbf.1389e287b91.Coremail.meteor8488@163.com>
 <20120719094218.GA25940@lo0.su> <5008C0DE.4030302@rattyshack.ca>
Message-ID: <20120720095724.GM31671@mdounin.ru>

Hello!

On Thu, Jul 19, 2012 at 10:22:22PM -0400, Duane Mulder wrote:

> We have an issue where I need to increase the proxy_read_timeout to a
> large value.  Currently its 300s.  What is the the maximum supported
> value  ?

Supported values are up to 24 days.

Maxim Dounin


From nginx-forum at nginx.us  Fri Jul 20 10:52:21 2012
From: nginx-forum at nginx.us (migue76)
Date: Fri, 20 Jul 2012 06:52:21 -0400 (EDT)
Subject: Weird apache status values with nginx
In-Reply-To: <20120720095055.GL31671@mdounin.ru>
References: <20120720095055.GL31671@mdounin.ru>
Message-ID: <d718ea15aa7b047cbbaafc836212370e.NginxMailingListEnglish@forum.nginx.org>

Thank you for your help Maxim.

I'll try to investigate about your suggestions

Thanks for your support.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228652,228783#msg-228783


From nginx-forum at nginx.us  Fri Jul 20 13:38:51 2012
From: nginx-forum at nginx.us (anthonyvage)
Date: Fri, 20 Jul 2012 09:38:51 -0400 (EDT)
Subject: Location header subsitution
Message-ID: <ca6be02f79c05da55cf10180b0896e73.NginxMailingListEnglish@forum.nginx.org>

Hello,

i tried to build content adaption with nginx. For example requesting
http://example.com.reverseproxy.com will serve you content from
example.com with substituted url from http://example.com to
http://example.com.reverseproxy.com
It works great but now i have to substitute Location Header on http
status code 301. Anybody knows how this is possible? I tried
subs_filter. It works great on body subsitution, but not on headers.

Sorry for my bad english.

Greetings
Anthony

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228784,228784#msg-228784


From meteor8488 at 163.com  Fri Jul 20 13:48:04 2012
From: meteor8488 at 163.com (fhal)
Date: Fri, 20 Jul 2012 21:48:04 +0800 (CST)
Subject: exception for NGINX limit_req_zone
Message-ID: <44d09df7.1aaeb.138a4a52cbf.Coremail.meteor8488@163.com>

I got a problem with NGINX limit_req_zone. Anyone can help? The problem is that, I want to limit user access to some specific URL, for example:

/forum.php?mod=forumdisplay?
/forum.php?mod=viewthread&***

But, I do want to add an exception for below URL,

/forum.php?mod=image&*

Below is the location section of my configuration, the problem is that, for URL started with /forum.php?mod=image&*, the limitation is still applied.
Any body can help?

location ~*^/forum.php?mod=image$ {
    root           /web/www;
    fastcgi_pass   unix:/tmp/nginx.socket;
    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    include        fastcgi_params;
    }
location ~*^/(home|forum|portal).php$ {
    root           /web/www;
    limit_conn   addr  5;
    limit_req zone=refresh burst=5 nodelay;
    fastcgi_pass   unix:/tmp/nginx.socket;
    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    include        fastcgi_params;
    }
location ~ \.php$ {
    root           /web/www;
    fastcgi_pass   unix:/tmp/nginx.socket;
    fastcgi_index  index.php;
    fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
    include        fastcgi_params;
    }

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120720/60cf7a8d/attachment.html>

From nginx-forum at nginx.us  Fri Jul 20 13:57:07 2012
From: nginx-forum at nginx.us (burn)
Date: Fri, 20 Jul 2012 09:57:07 -0400 (EDT)
Subject: Cache by mime type
Message-ID: <138642bc33393a60987eed80f13a0a59.NginxMailingListEnglish@forum.nginx.org>

Like the title says, can I cache images (or whatever) by mime type, not
extension? The only relevant info I found is at
http://stackoverflow.com/questions/6212361/nginx-cache-file-by-mime-type
However, the suggested config is not valid, because proxy directive
cannot be used inside if.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228786,228786#msg-228786


From latypoff at yandex.ru  Fri Jul 20 14:03:03 2012
From: latypoff at yandex.ru (Denis F. Latypoff)
Date: Fri, 20 Jul 2012 21:03:03 +0700
Subject: Cache by mime type
In-Reply-To: <138642bc33393a60987eed80f13a0a59.NginxMailingListEnglish@forum.nginx.org>
References: <138642bc33393a60987eed80f13a0a59.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <1383961342792983@web18d.yandex.ru>

20.07.2012, 20:57, "burn" <nginx-forum at nginx.us>:
> Like the title says, can I cache images (or whatever) by mime type, not
> extension?

Yes.

http://nginx.org/en/docs/http/ngx_http_map_module.html
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_bypass

> The only relevant info I found is at
> http://stackoverflow.com/questions/6212361/nginx-cache-file-by-mime-type
> However, the suggested config is not valid, because proxy directive
> cannot be used inside if.

forget about "if".

-- 
br, Denis F. Latypoff.


From nginx-forum at nginx.us  Fri Jul 20 14:38:52 2012
From: nginx-forum at nginx.us (jjk77)
Date: Fri, 20 Jul 2012 10:38:52 -0400 (EDT)
Subject: nginx-sticky & nginx_http_upstream_check modules not working
 together
In-Reply-To: <14d65d84bcef5ffb348da9ff6c08deaf.NginxMailingListEnglish@forum.nginx.org>
References: <ec1e8dadfc770c5b59dc45557e0f95d8.NginxMailingListEnglish@forum.nginx.org>
 <14d65d84bcef5ffb348da9ff6c08deaf.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <0efe10df649d85fef1616718251fea37.NginxMailingListEnglish@forum.nginx.org>

So, does anybody did a patch of the sticky module?

@???: Any chance you provide a patch?

best regrads
  Jens

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,227937,228788#msg-228788


From ne at vbart.ru  Fri Jul 20 15:01:19 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Fri, 20 Jul 2012 19:01:19 +0400
Subject: Location header subsitution
In-Reply-To: <ca6be02f79c05da55cf10180b0896e73.NginxMailingListEnglish@forum.nginx.org>
References: <ca6be02f79c05da55cf10180b0896e73.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <201207201901.19375.ne@vbart.ru>

On Friday 20 July 2012 17:38:51 anthonyvage wrote:
> Hello,
> 
> i tried to build content adaption with nginx. For example requesting
> http://example.com.reverseproxy.com will serve you content from
> example.com with substituted url from http://example.com to
> http://example.com.reverseproxy.com
> It works great but now i have to substitute Location Header on http
> status code 301. Anybody knows how this is possible? I tried
> subs_filter. It works great on body subsitution, but not on headers.
> 
> Sorry for my bad english.
> 

http://nginx.org/r/proxy_redirect

 wbr, Valentin V. Bartenev


From nginx-forum at nginx.us  Fri Jul 20 15:21:51 2012
From: nginx-forum at nginx.us (anthonyvage)
Date: Fri, 20 Jul 2012 11:21:51 -0400 (EDT)
Subject: Location header subsitution
In-Reply-To: <201207201901.19375.ne@vbart.ru>
References: <201207201901.19375.ne@vbart.ru>
Message-ID: <ad075e1d6b13fe5578672c2ea47df0b6.NginxMailingListEnglish@forum.nginx.org>

Thanks a lot i dit not know that i can use this with regular
expressions.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228784,228790#msg-228790


From nginx-forum at nginx.us  Fri Jul 20 17:47:35 2012
From: nginx-forum at nginx.us (burn)
Date: Fri, 20 Jul 2012 13:47:35 -0400 (EDT)
Subject: Cache by mime type
In-Reply-To: <1383961342792983@web18d.yandex.ru>
References: <1383961342792983@web18d.yandex.ru>
Message-ID: <ea28db2cab8d2b2841d1430dd7d76f78.NginxMailingListEnglish@forum.nginx.org>

can you elaborate on how to implement it? For me, it seems to cache html
as well (I'm checking saved files). Here's what I come up with:

nginx.conf

user  nginx;
worker_processes  8;
worker_rlimit_nofile 100000;
error_log   /var/log/nginx/error.log;
pid        /var/run/nginx.pid;
events {
    worker_connections  1024;
    use epoll;
}
http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;
    log_format  main  '$remote_addr - $remote_user [$time_local]
"$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';
    access_log  /var/log/nginx/access.log combined;
    sendfile        on;
    tcp_nopush      on;
    tcp_nodelay     on;
    server_tokens   off;
    gzip            on;
    gzip_static     on;
    gzip_comp_level 5;
    gzip_min_length 1024;
    keepalive_timeout  65;
    limit_conn_zone   $binary_remote_addr  zone=addr:10m;
    map $http_content_type $no_proxy {
        default         0;
        "~*image/"      1;
    }
    proxy_cache_path  /tmp/nginx/cache/image  levels=1:1:2 
keys_zone=image:1000m;
    proxy_temp_path  /tmp/nginx/temp;
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/vhosts/*;
}


vhost:

server {
    listen       8082;
    server_name  .forum.domain.com;
    charset utf-8;
    access_log  /var/log/nginx/forum.domain.com-access.log2 combined;
    error_log /var/log/nginx/forum.domain.com-error.log2;
    location / {
        root   /var/www/html/forum.domain.com;
        index  index.php;
        try_files $uri @apache;
    }
    location /forum {
        root   /var/www/html/forum.domain.com;
        index  index.php;
        try_files $uri @apache;
    }
    location /gallery {
        root   /var/www/html/forum.domain.com;
        index  index.php;
        try_files $uri @apache;
    }
    location ~ ^.*\.php$ {
        proxy_pass http://127.0.0.1:8081;
        include proxy.cache.inc;
    }
    location @apache {
        proxy_pass http://127.0.0.1:8081;
        include proxy.cache.inc;
    }
}


proxy.cache.inc:

proxy_cache image;
proxy_cache_use_stale updating;
proxy_cache_valid 7d;
proxy_cache_bypass $no_proxy;
proxy_connect_timeout 59s;
proxy_send_timeout   600;
proxy_read_timeout   600;
proxy_buffer_size    64k;
proxy_buffers     16 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_pass_header Set-Cookie;
proxy_redirect     off;
proxy_hide_header  Vary;
proxy_set_header   Accept-Encoding '';
proxy_ignore_headers Cache-Control Expires;
proxy_set_header   Referer $http_referer;
proxy_set_header   Host   $host;
proxy_set_header   Cookie $http_cookie;
proxy_set_header   X-Real-IP  $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228786,228794#msg-228794


From ne at vbart.ru  Fri Jul 20 17:58:33 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Fri, 20 Jul 2012 21:58:33 +0400
Subject: Cache by mime type
In-Reply-To: <ea28db2cab8d2b2841d1430dd7d76f78.NginxMailingListEnglish@forum.nginx.org>
References: <1383961342792983@web18d.yandex.ru>
 <ea28db2cab8d2b2841d1430dd7d76f78.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <201207202158.33554.ne@vbart.ru>

On Friday 20 July 2012 21:47:35 burn wrote:
[...]
>     map $http_content_type $no_proxy {
>         default         0;
>         "~*image/"      1;
>     }

$upstream_http_content_type

http://nginx.org/en/docs/http/ngx_http_upstream_module.html#variables

 wbr, Valentin V. Bartenev


From nginx-forum at nginx.us  Fri Jul 20 18:23:26 2012
From: nginx-forum at nginx.us (burn)
Date: Fri, 20 Jul 2012 14:23:26 -0400 (EDT)
Subject: Cache by mime type
In-Reply-To: <201207202158.33554.ne@vbart.ru>
References: <201207202158.33554.ne@vbart.ru>
Message-ID: <9b5f0cf4e37a98e144bbc0a960d7faef.NginxMailingListEnglish@forum.nginx.org>

but I'm not using upstream directive. Do you mean that it's only
possible to upstream instead of direct proxy_pass?
I tried that. I still see non-image files in cache.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228786,228797#msg-228797


From ne at vbart.ru  Fri Jul 20 18:31:31 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Fri, 20 Jul 2012 22:31:31 +0400
Subject: Cache by mime type
In-Reply-To: <9b5f0cf4e37a98e144bbc0a960d7faef.NginxMailingListEnglish@forum.nginx.org>
References: <201207202158.33554.ne@vbart.ru>
 <9b5f0cf4e37a98e144bbc0a960d7faef.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <201207202231.32018.ne@vbart.ru>

On Friday 20 July 2012 22:23:26 burn wrote:
> but I'm not using upstream directive. Do you mean that it's only
> possible to upstream instead of direct proxy_pass?

Actually "proxy_pass" uses upstream module regardless of whether you're
using the upstream directive or not.

> I tried that. I still see non-image files in cache.

Also you should use "proxy_no_cache" instead of "proxy_cache_bypass".

http://nginx.org/r/proxy_no_cache

 wbr, Valentin V. Bartenev


From nginx-forum at nginx.us  Fri Jul 20 18:45:44 2012
From: nginx-forum at nginx.us (burn)
Date: Fri, 20 Jul 2012 14:45:44 -0400 (EDT)
Subject: Cache by mime type
In-Reply-To: <201207202231.32018.ne@vbart.ru>
References: <201207202231.32018.ne@vbart.ru>
Message-ID: <95e5a87514dfc9a4cab2e8d278fd7e7e.NginxMailingListEnglish@forum.nginx.org>

with "proxy_no_cache $no_proxy;", there are css files in cache again.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228786,228800#msg-228800


From ne at vbart.ru  Fri Jul 20 18:50:50 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Fri, 20 Jul 2012 22:50:50 +0400
Subject: Cache by mime type
In-Reply-To: <95e5a87514dfc9a4cab2e8d278fd7e7e.NginxMailingListEnglish@forum.nginx.org>
References: <201207202231.32018.ne@vbart.ru>
 <95e5a87514dfc9a4cab2e8d278fd7e7e.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <201207202250.50182.ne@vbart.ru>

On Friday 20 July 2012 22:45:44 burn wrote:
> with "proxy_no_cache $no_proxy;", there are css files in cache again.
> 

If you configure $no_proxy like this:

  default         0;
  "~*image/"      1;

Images will not be cached. All others will.

 wbr, Valentin V. Bartenev


From nginx-forum at nginx.us  Fri Jul 20 19:05:40 2012
From: nginx-forum at nginx.us (burn)
Date: Fri, 20 Jul 2012 15:05:40 -0400 (EDT)
Subject: Cache by mime type
In-Reply-To: <201207202250.50182.ne@vbart.ru>
References: <201207202250.50182.ne@vbart.ru>
Message-ID: <ad98a9c19ee67c1568e75bfd730362ff.NginxMailingListEnglish@forum.nginx.org>

Right. The problem is that there were images as well. And now when I
swapped values, it seems that nothing at all is cached.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228786,228802#msg-228802


From francis at daoine.org  Fri Jul 20 22:38:49 2012
From: francis at daoine.org (Francis Daly)
Date: Fri, 20 Jul 2012 23:38:49 +0100
Subject: exception for NGINX limit_req_zone
In-Reply-To: <44d09df7.1aaeb.138a4a52cbf.Coremail.meteor8488@163.com>
References: <44d09df7.1aaeb.138a4a52cbf.Coremail.meteor8488@163.com>
Message-ID: <20120720223849.GE14023@craic.sysops.org>

On Fri, Jul 20, 2012 at 09:48:04PM +0800, fhal wrote:

Hi there,

> I got a problem with NGINX limit_req_zone. Anyone can help? The problem is that, I want to limit user access to some specific URL, for example:
> 
> /forum.php?mod=forumdisplay?
> /forum.php?mod=viewthread&***
> 
> But, I do want to add an exception for below URL,
> 
> /forum.php?mod=image&*

For nginx "location" matches, these three are all the same, and are all
exactly "/forum.php". The "location" goes from the first / to just before
the first ? or #.

That is why your configuration is not doing what you want.

> location ~*^/(home|forum|portal).php$ {
>     root           /web/www;
>     limit_conn   addr  5;
>     limit_req zone=refresh burst=5 nodelay;
>     fastcgi_pass   unix:/tmp/nginx.socket;
>     fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
>     include        fastcgi_params;
>     }

I do not know what the solution is, but I expect it will involve doing
something different based on the value of $arg_mod, within that location
block.

How is limit_req_zone zone=refresh defined? Would using "map" to set
the relevant $variable to empty if $arg_mod is "image" be appropriate?

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org


From meteor8488 at 163.com  Sat Jul 21 02:26:23 2012
From: meteor8488 at 163.com (fhal)
Date: Sat, 21 Jul 2012 10:26:23 +0800 (CST)
Subject: exception for NGINX limit_req_zone
In-Reply-To: <20120720223849.GE14023@craic.sysops.org>
References: <44d09df7.1aaeb.138a4a52cbf.Coremail.meteor8488@163.com>
 <20120720223849.GE14023@craic.sysops.org>
Message-ID: <4253f01a.1c2f.138a75b6ef0.Coremail.meteor8488@163.com>

Hi Francis.

Thanks very much.
I tried to use map, but it doesn't work. Below is the settings.

    map $arg_mod $forum_limit {
        default  $binary_remote_addr;
        image    '';
        }
    limit_conn_zone  $forum_limit  zone=addr:128m;
    limit_req_zone  $forum_limit  zone=refresh:128m   rate=3r/s;

server {
    location ~*^/(home|forum|portal).php$ {
        root           /web/www;
        limit_conn   addr  5;
        limit_req zone=refresh burst=5 nodelay;
        fastcgi_pass   unix:/tmp/nginx.socket;
        fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        include        fastcgi_params;
        }
    location ~ \.php$ {
        root           /web/www;
        fastcgi_pass   unix:/tmp/nginx.socket;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        include        fastcgi_params;
        }
    }





At 2012-07-21 06:38:49,"Francis Daly" <francis at daoine.org> wrote:
>On Fri, Jul 20, 2012 at 09:48:04PM +0800, fhal wrote:
>
>Hi there,
>
>> I got a problem with NGINX limit_req_zone. Anyone can help? The problem is that, I want to limit user access to some specific URL, for example:
>> 
>> /forum.php?mod=forumdisplay?
>> /forum.php?mod=viewthread&***
>> 
>> But, I do want to add an exception for below URL,
>> 
>> /forum.php?mod=image&*
>
>For nginx "location" matches, these three are all the same, and are all
>exactly "/forum.php". The "location" goes from the first / to just before
>the first ? or #.
>
>That is why your configuration is not doing what you want.
>
>> location ~*^/(home|forum|portal).php$ {
>>     root           /web/www;
>>     limit_conn   addr  5;
>>     limit_req zone=refresh burst=5 nodelay;
>>     fastcgi_pass   unix:/tmp/nginx.socket;
>>     fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
>>     include        fastcgi_params;
>>     }
>
>I do not know what the solution is, but I expect it will involve doing
>something different based on the value of $arg_mod, within that location
>block.
>
>How is limit_req_zone zone=refresh defined? Would using "map" to set
>the relevant $variable to empty if $arg_mod is "image" be appropriate?
>
>Good luck with it,
>
>	f
>-- 
>Francis Daly        francis at daoine.org
>
>_______________________________________________
>nginx mailing list
>nginx at nginx.org
>http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120721/eca4e3c6/attachment.html>

From nginx-forum at nginx.us  Sat Jul 21 09:13:56 2012
From: nginx-forum at nginx.us (killed)
Date: Sat, 21 Jul 2012 05:13:56 -0400 (EDT)
Subject: Set error_page follow reverse proxy kind
In-Reply-To: <54bc45bb36802f0ab6b12dd9167630f2.NginxMailingListEnglish@forum.nginx.org>
References: <54bc45bb36802f0ab6b12dd9167630f2.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <4cf11b55a42409d56347be2212eed851.NginxMailingListEnglish@forum.nginx.org>

Oki, fixed

#=========
server {
listen 192.168.1.10:80 default rcvbuf=8192 sndbuf=16384 backlog=32000;
server_name _ ;
charset off;
access_log /var/log/nginx_host_general.access.log main;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://192.168.1.20;
client_max_body_size 2m;
client_body_buffer_size 8k;
proxy_buffering on;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 120;
proxy_buffer_size 16k;
proxy_buffers 32 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
}
		error_page 404 /404.html;
		location = /404.html {
			root /usr/local/nginx/html;
		}

		error_page 500 502 503 504 /50x.html;
			location = /50x.html {
		root /usr/local/nginx/html;
		}
}
include /usr/local/nginx/vhosts/*.conf;
}
#========

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228722,228818#msg-228818


From francis at daoine.org  Sat Jul 21 20:08:20 2012
From: francis at daoine.org (Francis Daly)
Date: Sat, 21 Jul 2012 21:08:20 +0100
Subject: exception for NGINX limit_req_zone
In-Reply-To: <4253f01a.1c2f.138a75b6ef0.Coremail.meteor8488@163.com>
References: <44d09df7.1aaeb.138a4a52cbf.Coremail.meteor8488@163.com>
 <20120720223849.GE14023@craic.sysops.org>
 <4253f01a.1c2f.138a75b6ef0.Coremail.meteor8488@163.com>
Message-ID: <20120721200820.GF14023@craic.sysops.org>

On Sat, Jul 21, 2012 at 10:26:23AM +0800, fhal wrote:

Hi there,

> I tried to use map, but it doesn't work. Below is the settings.

It seems to work for me, in a slightly different test:

>     map $arg_mod $forum_limit {
>         default  $binary_remote_addr;
>         image    '';
>         }
>     limit_conn_zone  $forum_limit  zone=addr:128m;
>     limit_req_zone  $forum_limit  zone=refresh:128m   rate=3r/s;

I use "rate=1r/m", because that makes it very easy to see that things
are being blocked or not. But otherwise, those 6 lines are in nginx.conf.

server {
    location = /file {
        limit_req zone=refresh burst=2 nodelay;
    }
}

Now test:

for i in a b c d; do curl http://127.0.0.1:8000/file?mod=im; sleep 1; done

gives me "file contents" 3 times, and then the 503 Service Temporarily
Unavailable message.

for i in a b c d; do curl http://127.0.0.2:8000/file?mod=im; sleep 1; done

is the same, while

for i in a b c d; do curl http://127.0.0.1:8000/file?mod=image; sleep 1; done

gives me "file contents" 4 times. Repeat the first command, and I get
503 4 times; repeat the last, and I get "file contents" 4 times.

That looks to me like the thing is restricted by ip address to 1 request
per minute, bursting to 2 extra; unless "mod=image" is included, in
which case there is no restriction.

Note that I haven't tested limit_conn here, just limit_req, because that
is easier to build a test case for.

Does that test work or fail for you?

When I repeat the test with a fastcgi_pass configuration, instead of just
loading a file, I see the same results.

All the best,

	f
-- 
Francis Daly        francis at daoine.org


From weidezhang2007 at gmail.com  Sat Jul 21 22:37:16 2012
From: weidezhang2007 at gmail.com (Walter Chang)
Date: Sat, 21 Jul 2012 15:37:16 -0700
Subject: how to define a struct that only need one time initialization and
 used for every request
Message-ID: <CAMvZ5=7ZZ4cN8qi61ESYJNe172vjZERo+KYP9xLq-eROcKx+VQ@mail.gmail.com>

Hi ,

I'm new to server development.  I have a c++ struct that need to be
initialized once from file and it will be used in each request since the
data it has is read only. I'm not sure what's the best practice to define
that struct in nginx module.

Shall I put it in the module loc config or just define it as a global
variable ?

Thanks,

Weide
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120721/2332bee7/attachment.html>

From nbubingo at gmail.com  Sun Jul 22 06:17:32 2012
From: nbubingo at gmail.com (=?GB2312?B?0qbOsLHz?=)
Date: Sun, 22 Jul 2012 14:17:32 +0800
Subject: nginx-sticky & nginx_http_upstream_check modules not working
 together
In-Reply-To: <0efe10df649d85fef1616718251fea37.NginxMailingListEnglish@forum.nginx.org>
References: <ec1e8dadfc770c5b59dc45557e0f95d8.NginxMailingListEnglish@forum.nginx.org>
 <14d65d84bcef5ffb348da9ff6c08deaf.NginxMailingListEnglish@forum.nginx.org>
 <0efe10df649d85fef1616718251fea37.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAGxuLK0oTtAxvaN5FhREi80N6uo+K8w5WRcOY9okB=eT79dqFA@mail.gmail.com>

Done, I have added the nginx-sticky-module.patch
(https://github.com/yaoweibin/nginx_upstream_check_module/blob/master/nginx-sticky-module.patch)
for your. You can enable it like this:

$ svn checkout http://nginx-sticky-module.googlecode.com/svn/trunk/
nginx-sticky-module
$ cd nginx-sticky-module
$ patch -p0 < /path/to/nginx_http_upstream_check_module/nginx-sticky-module.patch
$ cd /path/to/nginx-1.0.14
$ ./configure --add-module=/path/to/nginx_http_upstream_check_module
--add-module=/path/to/nginx-sticky-module
$ make
$ make install

 Note that, the nginx-sticky-module also needs the original check.patch.

See the README file for detail.

Thanks.

2012/7/20 jjk77 <nginx-forum at nginx.us>:
> So, does anybody did a patch of the sticky module?
>
> @???: Any chance you provide a patch?
>
> best regrads
>   Jens
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,227937,228788#msg-228788
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From francis at daoine.org  Sun Jul 22 08:09:03 2012
From: francis at daoine.org (Francis Daly)
Date: Sun, 22 Jul 2012 09:09:03 +0100
Subject: Cache by mime type
In-Reply-To: <95e5a87514dfc9a4cab2e8d278fd7e7e.NginxMailingListEnglish@forum.nginx.org>
References: <201207202231.32018.ne@vbart.ru>
 <95e5a87514dfc9a4cab2e8d278fd7e7e.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120722080903.GG14023@craic.sysops.org>

On Fri, Jul 20, 2012 at 02:45:44PM -0400, burn wrote:

Hi there,

> with "proxy_no_cache $no_proxy;", there are css files in cache again.

I think the issue is with using both proxy_no_cache and proxy_cache_bypass
with the same $no_proxy variable.

(I think there was a bug related to this in the past -- something about
if you didn't use them with the same variable, bad things could happen.)

proxy_cache_bypass takes effect before the upstream is
contacted, so at that point $no_proxy is set based on an empty
$upstream_http_content_type. Later on, when proxy_no_cache is considered,
$no_proxy already has a value so that is used.

The following config seems to work for me:

===
http {
    map $upstream_http_content_type $no_proxy {
        default        proxy;
        ~*^image/      0;
    }
    proxy_cache_path proxy_cache keys_zone=images:1m inactive=1m;

    server {
        location / {
            proxy_pass  http://127.0.0.1:10080/;
            proxy_no_cache $no_proxy;
            proxy_cache_bypass 0;
            proxy_cache images;
        }
    }
}
===

I can run the two commands

curl -i http://localhost:8000/a.png
curl -i http://localhost:8000/a.txt

and I see exactly one file in my proxy_cache directory. (And the error
log says what is going on.)

And then I can run the commands again, and from the Expires header,
I can see that the txt file came from upstream, and the png file came
from cache.

(I use the proxy_cache_bypass line just to hush a warning (in 1.2.1). I
have *not* tested this for the partly-remembered bug mentioned above.)

	f
-- 
Francis Daly        francis at daoine.org


From nginx-forum at nginx.us  Sun Jul 22 09:27:44 2012
From: nginx-forum at nginx.us (burn)
Date: Sun, 22 Jul 2012 05:27:44 -0400 (EDT)
Subject: Cache by mime type
In-Reply-To: <20120722080903.GG14023@craic.sysops.org>
References: <20120722080903.GG14023@craic.sysops.org>
Message-ID: <0d069b68871d7a2e21a445cac5983a4c.NginxMailingListEnglish@forum.nginx.org>

Thanks, that seems to work. But I still don't quite understand how. I
did use both directives with the same variable. Now when I set
"proxy_cache_bypass 0;", it seems to correctly cache images and serve
that cache. I'd imagine that unconditional 0 in that directive would
cause nothing being served from cache ever (as that variable is
considered first). By the way, my Nginx version is 1.3.1.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228786,228836#msg-228836


From meteor8488 at 163.com  Sun Jul 22 15:05:12 2012
From: meteor8488 at 163.com (fhal)
Date: Sun, 22 Jul 2012 23:05:12 +0800 (CST)
Subject: exception for NGINX limit_req_zone
In-Reply-To: <20120721200820.GF14023@craic.sysops.org>
References: <44d09df7.1aaeb.138a4a52cbf.Coremail.meteor8488@163.com>
 <20120720223849.GE14023@craic.sysops.org>
 <4253f01a.1c2f.138a75b6ef0.Coremail.meteor8488@163.com>
 <20120721200820.GF14023@craic.sysops.org>
Message-ID: <4e48295.19040.138af388295.Coremail.meteor8488@163.com>

Hi Francis,

Thanks very much for your reply.
It still doesn't work.
The URL I want to exclude is like
/forum.php?mod=image&aid=1289568&size=300x300&key=6831686b88a927b0d9646529f88f5052&nocache=yes&type=fixnone
Does it because there are too many parameters, the map is not working?




At 2012-07-22 04:08:20,"Francis Daly" <francis at daoine.org> wrote:
>On Sat, Jul 21, 2012 at 10:26:23AM +0800, fhal wrote:
>
>Hi there,
>
>> I tried to use map, but it doesn't work. Below is the settings.
>
>It seems to work for me, in a slightly different test:
>
>>     map $arg_mod $forum_limit {
>>         default  $binary_remote_addr;
>>         image    '';
>>         }
>>     limit_conn_zone  $forum_limit  zone=addr:128m;
>>     limit_req_zone  $forum_limit  zone=refresh:128m   rate=3r/s;
>
>I use "rate=1r/m", because that makes it very easy to see that things
>are being blocked or not. But otherwise, those 6 lines are in nginx.conf.
>
>server {
>    location = /file {
>        limit_req zone=refresh burst=2 nodelay;
>    }
>}
>
>Now test:
>
>for i in a b c d; do curl http://127.0.0.1:8000/file?mod=im; sleep 1; done
>
>gives me "file contents" 3 times, and then the 503 Service Temporarily
>Unavailable message.
>
>for i in a b c d; do curl http://127.0.0.2:8000/file?mod=im; sleep 1; done
>
>is the same, while
>
>for i in a b c d; do curl http://127.0.0.1:8000/file?mod=image; sleep 1; done
>
>gives me "file contents" 4 times. Repeat the first command, and I get
>503 4 times; repeat the last, and I get "file contents" 4 times.
>
>That looks to me like the thing is restricted by ip address to 1 request
>per minute, bursting to 2 extra; unless "mod=image" is included, in
>which case there is no restriction.
>
>Note that I haven't tested limit_conn here, just limit_req, because that
>is easier to build a test case for.
>
>Does that test work or fail for you?
>
>When I repeat the test with a fastcgi_pass configuration, instead of just
>loading a file, I see the same results.
>
>All the best,
>
>	f
>-- 
>Francis Daly        francis at daoine.org
>
>_______________________________________________
>nginx mailing list
>nginx at nginx.org
>http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120722/8d36d322/attachment.html>

From francis at daoine.org  Sun Jul 22 18:12:24 2012
From: francis at daoine.org (Francis Daly)
Date: Sun, 22 Jul 2012 19:12:24 +0100
Subject: Cache by mime type
In-Reply-To: <0d069b68871d7a2e21a445cac5983a4c.NginxMailingListEnglish@forum.nginx.org>
References: <20120722080903.GG14023@craic.sysops.org>
 <0d069b68871d7a2e21a445cac5983a4c.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120722181224.GH14023@craic.sysops.org>

On Sun, Jul 22, 2012 at 05:27:44AM -0400, burn wrote:

Hi there,

> Thanks, that seems to work. But I still don't quite understand how. I
> did use both directives with the same variable. Now when I set
> "proxy_cache_bypass 0;", it seems to correctly cache images and serve
> that cache.

proxy_cache_bypass is "shall I serve this from upstream, even if I
already have a valid cached version". Setting it to 0 (or empty) means
that everything that is valid in the cache, will be served from the cache.

Strictly, it shouldn't be used in this case at all. But it is needed
to hush the warning that is presumably due to the bug mentioned in
http://mailman.nginx.org/pipermail/nginx/2011-March/025557.html

(I think that that bug was fixed in 1.0.3; possibly the warning is no
longer needed?)

And now you are using proxy_cache_bypass without an identical
proxy_no_cache -- although you're not actually caring about the
proxy_cache_bypass part, so maybe you won't have the problems referred to.

> I'd imagine that unconditional 0 in that directive would
> cause nothing being served from cache ever (as that variable is
> considered first).

No, unconditional 0 there means "serve from cache if possible", and is
equivalent to the line being omitted.

proxy_no_cache is about "shall I actually save this response into the
cache, even though all other indications are that I should do so". That's
the one that you want to be "no, don't" for all of the mime types that
you don't want cached.

All the best,

	f
-- 
Francis Daly        francis at daoine.org


From francis at daoine.org  Sun Jul 22 18:35:27 2012
From: francis at daoine.org (Francis Daly)
Date: Sun, 22 Jul 2012 19:35:27 +0100
Subject: exception for NGINX limit_req_zone
In-Reply-To: <4e48295.19040.138af388295.Coremail.meteor8488@163.com>
References: <44d09df7.1aaeb.138a4a52cbf.Coremail.meteor8488@163.com>
 <20120720223849.GE14023@craic.sysops.org>
 <4253f01a.1c2f.138a75b6ef0.Coremail.meteor8488@163.com>
 <20120721200820.GF14023@craic.sysops.org>
 <4e48295.19040.138af388295.Coremail.meteor8488@163.com>
Message-ID: <20120722183527.GI14023@craic.sysops.org>

On Sun, Jul 22, 2012 at 11:05:12PM +0800, fhal wrote:

Hi there,

> Thanks very much for your reply.
> It still doesn't work.

What, precisely, do you mean by "doesn't work"?

Be specific. (Do you mean "this one is being limited and I don't want
it to be", or "that one is not being limited and I do want it to be",
or something different?)

Read my mail again. I included the exact (small) nginx.conf fragment
used. I included the exact test command. I described what I saw. I
described what I expected to see.

Can you do the same, just so that I can make sure that I am repeating
exactly what you did?

> The URL I want to exclude is like
> /forum.php?mod=image&aid=1289568&size=300x300&key=6831686b88a927b0d9646529f88f5052&nocache=yes&type=fixnone
> Does it because there are too many parameters, the map is not working?

It still works for me.

for i in $(seq 4); do
 curl -I 'http://127.0.0.1:8000/forum.php?mod=imag&aid=1289568&size=300x300&key=6831686b88a927b0d9646529f88f5052&nocache=yes&type=fixnone'
 sleep 1
done

(Note: that has mod=imag, and so *should* be limited)

I see 3x HTTP 200 + 1x HTTP 503

for i in $(seq 4); do
 curl -I 'http://127.0.0.1:8000/forum.php?mod=image&aid=1289568&size=300x300&key=6831686b88a927b0d9646529f88f5052&nocache=yes&type=fixnone'
 sleep 1
done

(Note: that has mod=image, and so *should not* be limited)

I see 4x HTTP 200.

My nginx.conf http section:

===
http {
    map $arg_mod $forum_limit {
        default  $binary_remote_addr;
        image    '';
    }
    limit_req_zone  $forum_limit  zone=refresh:128m   rate=1r/m;

    include fastcgi.conf;
    server {
        location ~*^/(home|forum|portal).php$  {
            limit_req zone=refresh burst=2 nodelay;
            fastcgi_pass unix:php.sock;
        }
    }
}
===

	f
-- 
Francis Daly        francis at daoine.org


From Richard.Kearsley at m247.com  Mon Jul 23 08:14:30 2012
From: Richard.Kearsley at m247.com (Richard Kearsley)
Date: Mon, 23 Jul 2012 08:14:30 +0000
Subject: X-Accel-Redirect in LUA?
Message-ID: <EFC5A19DBF3A2E489904733B467D990B0AAD8A73@office-server2.m247.local>

Hi
Is it possible to trigger an X-Accel-Redirect from within lua code?

Example:

location /
{
# lua code should trigger X-Accel-Redirect to either location1 or location2? Somehow??
access_by_lua_file /home/nginx/conf/nginx.lua;

# if it hasn't set X-Accel-Redirect, proxy to some other server - important
                proxy_pass http://10.0.0.2;
}

location /location1 {
                internal;
                root /var/www/loc1;
}

location /location2 {
                internal;
                root /var/www/loc2;
}



Richard Kearsley
Systems Developer | M247 Limited
Internal Dial 2210 | Mobile +44 7970 621236

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120723/a87b96ad/attachment.html>

From nginx-forum at nginx.us  Mon Jul 23 13:43:47 2012
From: nginx-forum at nginx.us (lechevo)
Date: Mon, 23 Jul 2012 09:43:47 -0400 (EDT)
Subject: Nginx 502 bad gateway every few seconds
Message-ID: <acd6dfcc99e13802de5579bc63c852c4.NginxMailingListEnglish@forum.nginx.org>

Hi


Could someone help me i get the 502 bad gateway every few seconds

The server is running on vps on debian with quadcore and 3g ram

here is the kind of error i can in the nginx log :

2012/07/23 15:06:53 [error] 2908#0: *247 recv() failed (104: Connection
reset by peer) while reading response header from upstream, client:
81.255.98.253, server: www.acmslt.fr, request: "GET
/category/culte/conferences/ HTTP/1.1", upstream:
"fastcgi://127.0.0.1:9000", host: "acmslt.fr", referrer:
"http://www.google.fr/url?sa=t&rct=j&q=mosqu%C3%A9e%20de%20savigny%20le%20temple%2077&source=web&cd=2&ved=0CFsQjBAwAQ&url=http%3A%2F%2Facmslt.fr%2Fcategory%2Fculte%2Fconferences%2F&ei=OzANUOj0HYrG0QXusf2xCg&usg=AFQjCNHxw6lN8eBnkEOYDh5ONmutLiATHA"
~
here is the nginx.conf
  

    
    user www-data;
    worker_processes 4;
    events {
            worker_connections 1024;
           }

    http {
         include mime.types;
         default_type application/octet-stream;

         # Hide the Nginx version number
         server_tokens off;

         # Tweeks
         sendfile on;
         tcp_nodelay off;
         tcp_nopush on;
         keepalive_timeout 5;
         client_body_timeout 10;
         client_header_timeout 10;
         send_timeout 10;
         client_max_body_size 8M;

         set_real_ip_from 127.0.0.1;
         real_ip_header X-Forwarded-For;

         gzip on;
         gzip_disable "MSIE [1-6].(?!.*SV1)";
         gzip_vary on;
         gzip_comp_level 3;
         gzip_proxied any;
         gzip_buffers 16 8k;

         include /etc/nginx/conf.d/*.conf;
         include /etc/nginx/sites-enabled/*;
      }


the website conf in the site available

    server {
            listen 8080;
            server_name www.acmslt.fr acmslt.fr;
            location / {
            root /var/www/wordpress;
            index index.php index.html index.htm;
            # Rewrite rules
            if (!-e $request_filename) {
            rewrite ^(.+)$ /index.php?q=$1 last;
           }
           # Security
           # include global/security.conf;
           # W3 Total Cache
           include global/wordpress-w3-total-cache.conf;
           # PHP-FPM
           include global/php-fpm.conf;
           }
    } 

then the global/php-fpm.conf
   
    # PHP scripts -> PHP-FPM server listening on 127.0.0.1:9000
    location ~ \.php$ {
                       fastcgi_pass 127.0.0.1:9000;
                       fastcgi_index index.php;
                       include fastcgi_params;
                       fastcgi_connect_timeout 60;
                       fastcgi_send_timeout 180;
                       fastcgi_read_timeout 600;
                       fastcgi_temp_file_write_size 1M;
                       fastcgi_intercept_errors on;
                       fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
                      }

the php-fpm www.conf

    [www]
    user = www-data
    group = www-data
    listen = 127.0.0.1:9000
    pm = dynamic
    pm.max_children = 5
    pm.start_servers = 2
    pm.min_spare_servers = 1
    pm.max_spare_servers = 3
    chdir = /

Thanks

Edit here is what i can see in the php-fpm.log


here is what i can see in the php-fpm log

    [23-Jul-2012 08:13:26] NOTICE: fpm is running, pid 631
    [23-Jul-2012 08:13:26] NOTICE: ready to handle connections
    [23-Jul-2012 08:40:04] WARNING: [pool www] child 646 exited on
signal 11 (SIGSEGV)         after 1598.101386 seconds from start
    [23-Jul-2012 08:40:04] NOTICE: [pool www] child 1354 started
    [23-Jul-2012 08:40:04] WARNING: [pool www] child 1354 exited on
signal 11 (SIGSEGV) after 0.191254 seconds from start
    [23-Jul-2012 08:40:04] NOTICE: [pool www] child 1355 started
    [23-Jul-2012 08:40:20] WARNING: [pool www] child 647 exited on
signal 11 (SIGSEGV) after 1614.612810 seconds from start
    [23-Jul-2012 08:40:20] NOTICE: [pool www] child 1356 started
    [23-Jul-2012 08:41:05] NOTICE: Finishing ...
    [23-Jul-2012 08:41:05] NOTICE: exiting, bye-bye!
    [23-Jul-2012 08:41:05] NOTICE: fpm is running, pid 1937
    [23-Jul-2012 08:41:05] NOTICE: ready to handle connections
    [23-Jul-2012 08:51:43] NOTICE: Finishing ...
    [23-Jul-2012 08:51:43] NOTICE: exiting, bye-bye! 
    [23-Jul-2012 08:51:43] NOTICE: fpm is running, pid 2188
    [23-Jul-2012 08:51:43] NOTICE: ready to handle connections
    [23-Jul-2012 09:01:42] WARNING: [pool www] child 3934 exited on
signal 11 (SIGSEGV) after 325.793784 seconds from start
    [23-Jul-2012 09:01:42] NOTICE: [pool www] child 3983 started
    [23-Jul-2012 09:01:44] WARNING: [pool www] child 2189 exited on
signal 11 (SIGSEGV) after 601.533647 seconds from start
    [23-Jul-2012 09:01:44] NOTICE: [pool www] child 3984 started
    [23-Jul-2012 09:01:48] WARNING: [pool www] child 2190 exited on
signal 11 (SIGSEGV) after 605.045174 seconds from start
    [23-Jul-2012 09:01:48] NOTICE: [pool www] child 3986 started
    [23-Jul-2012 09:01:55] WARNING: [pool www] child 3984 exited on
signal 11 (SIGSEGV) after 10.610551 seconds from start

Thanks

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228869,228869#msg-228869


From augustocaringi at gmail.com  Mon Jul 23 13:56:07 2012
From: augustocaringi at gmail.com (Augusto Mecking Caringi)
Date: Mon, 23 Jul 2012 10:56:07 -0300
Subject: Nginx 502 bad gateway every few seconds
In-Reply-To: <acd6dfcc99e13802de5579bc63c852c4.NginxMailingListEnglish@forum.nginx.org>
References: <acd6dfcc99e13802de5579bc63c852c4.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CADFy_4EuPkziu6O7Z0tbVcNAEF-H0YVFoX_f0rR+Zg_04R6SZw@mail.gmail.com>

On Mon, Jul 23, 2012 at 10:43 AM, lechevo <nginx-forum at nginx.us> wrote:
> Hi
>
>
> Could someone help me i get the 502 bad gateway every few seconds
>
> The server is running on vps on debian with quadcore and 3g ram

I think that the problem isn't in Nginx.

There are a lot of PHP-FPM crashes in de PHP-FPM log...

Take a look in the changelog of the lastest PHP version:

http://php.net/ChangeLog-5.php

There are a few PHP-FPM related bugs fixed.

> here is the kind of error i can in the nginx log :
>
> 2012/07/23 15:06:53 [error] 2908#0: *247 recv() failed (104: Connection
> reset by peer) while reading response header from upstream, client:
> 81.255.98.253, server: www.acmslt.fr, request: "GET
> /category/culte/conferences/ HTTP/1.1", upstream:
> "fastcgi://127.0.0.1:9000", host: "acmslt.fr", referrer:
> "http://www.google.fr/url?sa=t&rct=j&q=mosqu%C3%A9e%20de%20savigny%20le%20temple%2077&source=web&cd=2&ved=0CFsQjBAwAQ&url=http%3A%2F%2Facmslt.fr%2Fcategory%2Fculte%2Fconferences%2F&ei=OzANUOj0HYrG0QXusf2xCg&usg=AFQjCNHxw6lN8eBnkEOYDh5ONmutLiATHA"
> ~
> here is the nginx.conf
>
>
>
>     user www-data;
>     worker_processes 4;
>     events {
>             worker_connections 1024;
>            }
>
>     http {
>          include mime.types;
>          default_type application/octet-stream;
>
>          # Hide the Nginx version number
>          server_tokens off;
>
>          # Tweeks
>          sendfile on;
>          tcp_nodelay off;
>          tcp_nopush on;
>          keepalive_timeout 5;
>          client_body_timeout 10;
>          client_header_timeout 10;
>          send_timeout 10;
>          client_max_body_size 8M;
>
>          set_real_ip_from 127.0.0.1;
>          real_ip_header X-Forwarded-For;
>
>          gzip on;
>          gzip_disable "MSIE [1-6].(?!.*SV1)";
>          gzip_vary on;
>          gzip_comp_level 3;
>          gzip_proxied any;
>          gzip_buffers 16 8k;
>
>          include /etc/nginx/conf.d/*.conf;
>          include /etc/nginx/sites-enabled/*;
>       }
>
>
> the website conf in the site available
>
>     server {
>             listen 8080;
>             server_name www.acmslt.fr acmslt.fr;
>             location / {
>             root /var/www/wordpress;
>             index index.php index.html index.htm;
>             # Rewrite rules
>             if (!-e $request_filename) {
>             rewrite ^(.+)$ /index.php?q=$1 last;
>            }
>            # Security
>            # include global/security.conf;
>            # W3 Total Cache
>            include global/wordpress-w3-total-cache.conf;
>            # PHP-FPM
>            include global/php-fpm.conf;
>            }
>     }
>
> then the global/php-fpm.conf
>
>     # PHP scripts -> PHP-FPM server listening on 127.0.0.1:9000
>     location ~ \.php$ {
>                        fastcgi_pass 127.0.0.1:9000;
>                        fastcgi_index index.php;
>                        include fastcgi_params;
>                        fastcgi_connect_timeout 60;
>                        fastcgi_send_timeout 180;
>                        fastcgi_read_timeout 600;
>                        fastcgi_temp_file_write_size 1M;
>                        fastcgi_intercept_errors on;
>                        fastcgi_param SCRIPT_FILENAME
> $document_root$fastcgi_script_name;
>                       }
>
> the php-fpm www.conf
>
>     [www]
>     user = www-data
>     group = www-data
>     listen = 127.0.0.1:9000
>     pm = dynamic
>     pm.max_children = 5
>     pm.start_servers = 2
>     pm.min_spare_servers = 1
>     pm.max_spare_servers = 3
>     chdir = /
>
> Thanks
>
> Edit here is what i can see in the php-fpm.log
>
>
> here is what i can see in the php-fpm log
>
>     [23-Jul-2012 08:13:26] NOTICE: fpm is running, pid 631
>     [23-Jul-2012 08:13:26] NOTICE: ready to handle connections
>     [23-Jul-2012 08:40:04] WARNING: [pool www] child 646 exited on
> signal 11 (SIGSEGV)         after 1598.101386 seconds from start
>     [23-Jul-2012 08:40:04] NOTICE: [pool www] child 1354 started
>     [23-Jul-2012 08:40:04] WARNING: [pool www] child 1354 exited on
> signal 11 (SIGSEGV) after 0.191254 seconds from start
>     [23-Jul-2012 08:40:04] NOTICE: [pool www] child 1355 started
>     [23-Jul-2012 08:40:20] WARNING: [pool www] child 647 exited on
> signal 11 (SIGSEGV) after 1614.612810 seconds from start
>     [23-Jul-2012 08:40:20] NOTICE: [pool www] child 1356 started
>     [23-Jul-2012 08:41:05] NOTICE: Finishing ...
>     [23-Jul-2012 08:41:05] NOTICE: exiting, bye-bye!
>     [23-Jul-2012 08:41:05] NOTICE: fpm is running, pid 1937
>     [23-Jul-2012 08:41:05] NOTICE: ready to handle connections
>     [23-Jul-2012 08:51:43] NOTICE: Finishing ...
>     [23-Jul-2012 08:51:43] NOTICE: exiting, bye-bye!
>     [23-Jul-2012 08:51:43] NOTICE: fpm is running, pid 2188
>     [23-Jul-2012 08:51:43] NOTICE: ready to handle connections
>     [23-Jul-2012 09:01:42] WARNING: [pool www] child 3934 exited on
> signal 11 (SIGSEGV) after 325.793784 seconds from start
>     [23-Jul-2012 09:01:42] NOTICE: [pool www] child 3983 started
>     [23-Jul-2012 09:01:44] WARNING: [pool www] child 2189 exited on
> signal 11 (SIGSEGV) after 601.533647 seconds from start
>     [23-Jul-2012 09:01:44] NOTICE: [pool www] child 3984 started
>     [23-Jul-2012 09:01:48] WARNING: [pool www] child 2190 exited on
> signal 11 (SIGSEGV) after 605.045174 seconds from start
>     [23-Jul-2012 09:01:48] NOTICE: [pool www] child 3986 started
>     [23-Jul-2012 09:01:55] WARNING: [pool www] child 3984 exited on
> signal 11 (SIGSEGV) after 10.610551 seconds from start
>
> Thanks
>
> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228869,228869#msg-228869
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx



-- 
Augusto Mecking Caringi


From bertrand.caplet at okira.net  Mon Jul 23 14:23:11 2012
From: bertrand.caplet at okira.net (Bertrand Caplet)
Date: Mon, 23 Jul 2012 16:23:11 +0200
Subject: nginx rewrite stikked
Message-ID: <500D5E4F.6040409@okira.net>

Hi,
I'm installing stikked (a pastebin web server) on my server. I'm having 
trouble, I want to rewrite all url like this : 
http://pastebin.okira.net/index.php/lists like that : 
http://pastebin.okira.net/index.php?lists
There is a rewrite rule in the install howto but it didn't work :

location / {
     try_files $uri $uri/ @stikked;
     }
location @stikked {
     rewrite ^/(.*)$ /index.php?/$1 last;
     }

Thanks for help, Regards.
-- 
Bertrand Caplet
Web. blog.okira.net <http://blog.okira.net>
bertrand.caplet at okira.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120723/03ea5e91/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: sig-ecolo.gif
Type: image/gif
Size: 1988 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120723/03ea5e91/attachment.gif>

From nginx-forum at nginx.us  Mon Jul 23 14:37:07 2012
From: nginx-forum at nginx.us (michalf)
Date: Mon, 23 Jul 2012 10:37:07 -0400 (EDT)
Subject: Listing current requests? Is there a module for it?
Message-ID: <fca586e0228dd8776cd0d73a957eec5c.NginxMailingListEnglish@forum.nginx.org>

Hi,

one last thing we would like to solve before moving from Lighttpd to
Nginx + php-fpm is an equivalent of mod_status module that would be able
to live list current requests like this:

https://img.skitch.com/20120723-p763bgrt87ach7cns17cipc3c.jpg

There were times that a live view of currently handled connections saved
us from trouble and endless debugging and allowed to rapidly diagnose
the situation.

I would be thankful for any suggestions.

Thanks,
Michal

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228881,228881#msg-228881


From nginx-forum at nginx.us  Mon Jul 23 15:14:19 2012
From: nginx-forum at nginx.us (mdeinum)
Date: Mon, 23 Jul 2012 11:14:19 -0400 (EDT)
Subject: Not all locations considered
Message-ID: <85407abe3e31c8137e52b5e68b021198.NginxMailingListEnglish@forum.nginx.org>

Hi All,

For a web application we have developed we wanted to use nginx as a
reverse proxy but I have some trouble/weird issues when setting it up.
Itseemds that part of my configuration is ignored, it appears it has to
do with the order and amount of locations (but that is at first sight).
We use nginx in a windows environment (on our test servers).

So what we wanted to is for a couple of applications create a single
entry point (main-server on port 81) now when a request comes in for
(/app1, /app2, /app3, /app4 it should pass it on to
main-servier:9090/appX) For /app5 and /app6 it should forward to server1
or server2 .

Our configuration is as follows (tried with and without ^~ but the same
result).

--
worker_processes  1;

error_log  logs/error.log  debug;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;
    keepalive_timeout  65;

    gzip  on;

    server {
        listen       main-server:81;

	location ^~ /app5 {
		include proxy.conf;
		proxy_pass http://server2:9080/sub-path/app5;
	}

	location ^~ /app1 {
		include D:/nginx/conf/proxy.conf;
		proxy_pass http://127.0.0.1:9080/app1;
	}

	location ^~ /app2{
		include proxy.conf;
		proxy_pass http://127.0.0.1:9080/app2;
	}

	location ^~ /app3 {
		include proxy.conf;
		proxy_pass http://127.0.0.1:9080/app3;
	}

	location ^~ /app4{
		include proxy.conf;
		proxy_pass http://127.0.0.1:9080/app4;
	}

	location ^~ /app6 {
		include proxy.conf;
		proxy_pass http://server1:9081/app6;
	}

    }

}
--
Now if I comment app3 and app4 app5 works, if I don't app5 does't work.
I get 404 errors. If I check the debug log I see it only checks app1,
app2, app3 and then it tells me using configuration "", after which it
tries to load the file from the file system. I'm not experienced enough
to see or deduct what is wrong (apparently :) ). So I'm looking for
pointers to the solution (or even better the solution).

Thanks,
 Marten

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228885,228885#msg-228885


From mdounin at mdounin.ru  Mon Jul 23 15:51:57 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Mon, 23 Jul 2012 19:51:57 +0400
Subject: Not all locations considered
In-Reply-To: <85407abe3e31c8137e52b5e68b021198.NginxMailingListEnglish@forum.nginx.org>
References: <85407abe3e31c8137e52b5e68b021198.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120723155157.GU31671@mdounin.ru>

Hello!

On Mon, Jul 23, 2012 at 11:14:19AM -0400, mdeinum wrote:

> For a web application we have developed we wanted to use nginx as a
> reverse proxy but I have some trouble/weird issues when setting it up.
> Itseemds that part of my configuration is ignored, it appears it has to
> do with the order and amount of locations (but that is at first sight).
> We use nginx in a windows environment (on our test servers).

[...]

> Now if I comment app3 and app4 app5 works, if I don't app5 does't work.
> I get 404 errors. If I check the debug log I see it only checks app1,
> app2, app3 and then it tells me using configuration "", after which it
> tries to load the file from the file system. I'm not experienced enough
> to see or deduct what is wrong (apparently :) ). So I'm looking for
> pointers to the solution (or even better the solution).

This sounds very similar to http://trac.nginx.org/nginx/ticket/90.

Are you indeed using "/app1", "/app2" and so on in your config, or 
it's just masks for some real names with uppercase letters?  If 
there are upperacse letters, than using locations in lowercase 
will resolve the issue as suggested in the ticket linked.

Maxim Dounin


From nginx-forum at nginx.us  Mon Jul 23 16:44:36 2012
From: nginx-forum at nginx.us (dgarstang)
Date: Mon, 23 Jul 2012 12:44:36 -0400 (EDT)
Subject: Nginx caching... but shouldn't be.
Message-ID: <05ecc2d7a2123884999d71adf63f1aba.NginxMailingListEnglish@forum.nginx.org>

We have nginx running, and for reasons I don't understand, it seems to
be caching content to /var/lib/nginx/proxy. I can't even find this
setting in the configuration anywhere, i.e. the following returns
nothing:

root at lb01:/etc/nginx# find /etc/nginx | xargs grep "/var/lib/nginx"

We have the following set:
    proxy_no_cache 1;
    proxy_cache_bypass 1;

I have pasted our config to http://pastebin.com/w7E0trG6. If anyone has
any ideas why nginx is caching, it would be appreciated.

Doug.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228893,228893#msg-228893


From nginx-forum at nginx.us  Mon Jul 23 16:53:53 2012
From: nginx-forum at nginx.us (lechevo)
Date: Mon, 23 Jul 2012 12:53:53 -0400 (EDT)
Subject: Nginx 502 bad gateway every few seconds
In-Reply-To: <acd6dfcc99e13802de5579bc63c852c4.NginxMailingListEnglish@forum.nginx.org>
References: <acd6dfcc99e13802de5579bc63c852c4.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <594cbc54141846d20b5bb187e83eebdf.NginxMailingListEnglish@forum.nginx.org>

Hi 
thanks 
i have update php to 5.4.5.1 and now i get always the 502 error
here is the log 
*1 connect() failed (111: Connection refused) while connecting to
upstream,

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228869,228887#msg-228887


From mdounin at mdounin.ru  Mon Jul 23 16:56:38 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Mon, 23 Jul 2012 20:56:38 +0400
Subject: Nginx caching... but shouldn't be.
In-Reply-To: <05ecc2d7a2123884999d71adf63f1aba.NginxMailingListEnglish@forum.nginx.org>
References: <05ecc2d7a2123884999d71adf63f1aba.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120723165638.GW31671@mdounin.ru>

Hello!

On Mon, Jul 23, 2012 at 12:44:36PM -0400, dgarstang wrote:

> We have nginx running, and for reasons I don't understand, it seems to
> be caching content to /var/lib/nginx/proxy. I can't even find this
> setting in the configuration anywhere, i.e. the following returns
> nothing:
> 
> root at lb01:/etc/nginx# find /etc/nginx | xargs grep "/var/lib/nginx"
> 
> We have the following set:
>     proxy_no_cache 1;
>     proxy_cache_bypass 1;
> 
> I have pasted our config to http://pastebin.com/w7E0trG6. If anyone has
> any ideas why nginx is caching, it would be appreciated.

I would rather suggest it's proxy temporary files, not cache.  If 
you don't want nginx to buffer responses to disk, use 
proxy_max_temp_file_size directive.  See here for details:

http://nginx.org/r/proxy_temp_path
http://nginx.org/r/proxy_max_temp_file_size

Maxim Dounin


From nginx-forum at nginx.us  Mon Jul 23 17:37:31 2012
From: nginx-forum at nginx.us (arosolino)
Date: Mon, 23 Jul 2012 13:37:31 -0400 (EDT)
Subject: Condensing Location Directives
Message-ID: <0ca68b1b819945b69005ee67c31022c1.NginxMailingListEnglish@forum.nginx.org>

I have this setup for my location directives

		location /css/ {
			proxy_pass	http://127.0.0.1:8080/css/;
		}
		
		location /js/ {
			proxy_pass	http://127.0.0.1:8080/js/;
		}

It seems a bit repetitive to me, is it possible to do something like
this.

		location /css/, /js/ {
			proxy_pass	http://127.0.0.1:8080/$1;
		}

Where you can have one block process multiple locations, then the
variable $1, copies the location defined into the proxy_pass URL? I
might have about 10-20 and it would be easier to have one block then 20.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228898,228898#msg-228898


From mdounin at mdounin.ru  Mon Jul 23 18:31:43 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Mon, 23 Jul 2012 22:31:43 +0400
Subject: [PATCH] Add "pass_only" option to ssl_verify_client to enable
 app-only validation
In-Reply-To: <f7a6b6f83ce1b0e2d14c1d47a73a18e9.NginxMailingListEnglish@forum.nginx.org>
References: <f7a6b6f83ce1b0e2d14c1d47a73a18e9.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120723183143.GX31671@mdounin.ru>

Hello!

On Thu, Jul 19, 2012 at 05:13:01PM -0400, mk.fg wrote:

> Hello,
> 
> Proposed patch enables use-case scenario when Nginx asks Client for TLS
> certificate but does not make any attempt to validate it, passing it to
> the application instead. Application itself if then free to decide
> whether provided certificate is valid and is able to reject it with the
> same http status codes as Nginx does.
> 
> Same use-case is also referenced in
> "http://forum.nginx.org/read.php?2,15584" and is *critical* for
> implementing protocols like WebID (http://www.w3.org/wiki/WebID), which
> relies on custom TLS certificates, which are signed with keys which are
> unknown in advance.
> With the patch, that can be accomplished by specifying
> "ssl_verify_client pass_only;" ("ssl_client_certificate" is *not* used
> in this case) and using "uwsgi_param X_CLIENT_CERT
> $ssl_client_raw_cert;" (or similar options for different backends).
> 
> Currently, Nginx supports "off", "on" and "optional" parameters to
> "ssl_verify_client" option, latter of which ("on" and "optional")
> require CA certificate (specified with "ssl_client_certificate" option)
> and perform mandatory check against it if client provides certificate.
> "optional" parameter seem to allow client to skip providing the
> certificate, but still requires CA certificate and performs the check
> (if client provides the cert), returning http status 495 if validation
> against that CA fails.
> So there is currently no way to require client certificate but perform
> it's validation in application (or on whatever backend) only, hence the
> patch.
> 
> Please consider merging the patch into nginx codebase, enabling
> aforementioned use-case in some other way, or at least commenting on why
> it might be wrong or unsuitable approach/feature (if only to block
> further proposals in the same vein).

I don't think that the patch is a right way to go.  If client 
certificates without CA being known in advance is indeed something 
required - it probably needs something like optional_no_ca instead 
as done in Apache's mod_ssl, i.e. with usual expiration checks and so on, 
but without verification against CAs.

Maxim Dounin


From augustocaringi at gmail.com  Mon Jul 23 19:12:18 2012
From: augustocaringi at gmail.com (Augusto Mecking Caringi)
Date: Mon, 23 Jul 2012 16:12:18 -0300
Subject: Nginx 502 bad gateway every few seconds
In-Reply-To: <594cbc54141846d20b5bb187e83eebdf.NginxMailingListEnglish@forum.nginx.org>
References: <acd6dfcc99e13802de5579bc63c852c4.NginxMailingListEnglish@forum.nginx.org>
 <594cbc54141846d20b5bb187e83eebdf.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CADFy_4Ej5FkhZKCMFp5w9grRmo6VUf+F0N5DNh9Tt4hX4dKQ5g@mail.gmail.com>

On Mon, Jul 23, 2012 at 1:53 PM, lechevo <nginx-forum at nginx.us> wrote:
> Hi
> thanks
> i have update php to 5.4.5.1 and now i get always the 502 error
> here is the log
> *1 connect() failed (111: Connection refused) while connecting to
> upstream,

Now seems like a configuration problem...

The Nginx server isn't connecting to PHP-FPM.

How the Nginx <-> PHP-FPM connection is made?

-- 
Augusto Mecking Caringi


From nginx-forum at nginx.us  Mon Jul 23 20:27:38 2012
From: nginx-forum at nginx.us (lechevo)
Date: Mon, 23 Jul 2012 16:27:38 -0400 (EDT)
Subject: Nginx 502 bad gateway every few seconds
In-Reply-To: <acd6dfcc99e13802de5579bc63c852c4.NginxMailingListEnglish@forum.nginx.org>
References: <acd6dfcc99e13802de5579bc63c852c4.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <fdef6cac1868a2c50eb9d422e7687eb9.NginxMailingListEnglish@forum.nginx.org>

Hi

thanks

Tell me wich file you want to see ?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228869,228907#msg-228907


From nginx-forum at nginx.us  Tue Jul 24 01:23:06 2012
From: nginx-forum at nginx.us (justin)
Date: Mon, 23 Jul 2012 21:23:06 -0400 (EDT)
Subject: Convert lighttpd rewrite rule to nginx
Message-ID: <63103fb79bee19a129272c3d4d5f358d.NginxMailingListEnglish@forum.nginx.org>

I have the following simple lighttpd rewrite rule:

    $HTTP["host"] =~ "^(app\.mydomain\.com)$" {
        url.rewrite-once = (
                "^[^.]*$" => "controller.php/$1"
        )
    }

I am trying to port this rule to nginx and have the following:

    server {
      listen 80;

      server_name app.mydomain.com;

      if ($host = 'app.mydomain.com') {
        rewrite ^[^.]*$ controller.php/$1 last;
      }

      root /srv/www/domains/app.mydomain.com;

      index index.php;

      access_log /var/log/nginx/domains/app.mydomain.com/access.log;
      error_log /var/log/nginx/domains/app.mydomain.com/error.log;

      include /etc/nginx/excludes.conf;
      include /etc/nginx/php.conf;
     include /etc/nginx/expires.conf;
}

The problem is that the rewrite rule for nginx is not working correctly?
Any idea what I am doing wrong?

Thanks much.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228909,228909#msg-228909


From meteor8488 at 163.com  Tue Jul 24 01:25:29 2012
From: meteor8488 at 163.com (fhal)
Date: Tue, 24 Jul 2012 09:25:29 +0800 (CST)
Subject: exception for NGINX limit_req_zone
In-Reply-To: <20120722183527.GI14023@craic.sysops.org>
References: <44d09df7.1aaeb.138a4a52cbf.Coremail.meteor8488@163.com>
 <20120720223849.GE14023@craic.sysops.org>
 <4253f01a.1c2f.138a75b6ef0.Coremail.meteor8488@163.com>
 <20120721200820.GF14023@craic.sysops.org>
 <4e48295.19040.138af388295.Coremail.meteor8488@163.com>
 <20120722183527.GI14023@craic.sysops.org>
Message-ID: <58df32a5.160e3.138b696bf84.Coremail.meteor8488@163.com>

HI Francis,

Thanks very much for your kindly help.
I testes the configuration as following steps:

1. modify nginx.conf

http {
    map $arg_mod $forum_limit {
            default  $binary_remote_addr;
            image    '';
    }

    limit_conn_zone $forum_limit zone=forum_conn:10m;
    limit_req_zone $forum_limit zone=forum_req:10m rate=1r/s;

    server {
    location ~*^/(home|forum|portal).php$ {
        root           /web/www;
        limit_conn   forum_conn  5;
        limit_req zone=forum_req burst=5 nodelay;
        fastcgi_pass   unix:/tmp/nginx.socket;
        fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        include        fastcgi_params;
        }
    location ~ \.php$ {
        root           /web/www;
        fastcgi_pass   unix:/tmp/nginx.socket;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /scripts$fastcgi_script_name;
        include        fastcgi_params;
        }
    }
}

2. Then I use webbench to test my website.
    First, I test the fourm.php
             webbench -c 10000 -t 10 http://www.xxx.com/fourm.php
   Then I checked nginx log, I can find that webbench got lots of 503 error, the limit works.
   
    Then I test the exception:
             webbench -c -10000 -t 10 http://www.xxx.com/forum.php?mod=image&aid=1294851&size=300x300&key=8cfbb1f976564317288102de4a134345&nocache=yes&type=fixnone
    I checked the nginx log, I can find that there are still 503 errors for this access. It means the exception doesn't work.








At 2012-07-23 02:35:27,"Francis Daly" <francis at daoine.org> wrote:
>On Sun, Jul 22, 2012 at 11:05:12PM +0800, fhal wrote:
>
>Hi there,
>
>> Thanks very much for your reply.
>> It still doesn't work.
>
>What, precisely, do you mean by "doesn't work"?
>
>Be specific. (Do you mean "this one is being limited and I don't want
>it to be", or "that one is not being limited and I do want it to be",
>or something different?)
>
>Read my mail again. I included the exact (small) nginx.conf fragment
>used. I included the exact test command. I described what I saw. I
>described what I expected to see.
>
>Can you do the same, just so that I can make sure that I am repeating
>exactly what you did?
>
>> The URL I want to exclude is like
>> /forum.php?mod=image&aid=1289568&size=300x300&key=6831686b88a927b0d9646529f88f5052&nocache=yes&type=fixnone
>> Does it because there are too many parameters, the map is not working?
>
>It still works for me.
>
>for i in $(seq 4); do
> curl -I 'http://127.0.0.1:8000/forum.php?mod=imag&aid=1289568&size=300x300&key=6831686b88a927b0d9646529f88f5052&nocache=yes&type=fixnone'
> sleep 1
>done
>
>(Note: that has mod=imag, and so *should* be limited)
>
>I see 3x HTTP 200 + 1x HTTP 503
>
>for i in $(seq 4); do
> curl -I 'http://127.0.0.1:8000/forum.php?mod=image&aid=1289568&size=300x300&key=6831686b88a927b0d9646529f88f5052&nocache=yes&type=fixnone'
> sleep 1
>done
>
>(Note: that has mod=image, and so *should not* be limited)
>
>I see 4x HTTP 200.
>
>My nginx.conf http section:
>
>===
>http {
>    map $arg_mod $forum_limit {
>        default  $binary_remote_addr;
>        image    '';
>    }
>    limit_req_zone  $forum_limit  zone=refresh:128m   rate=1r/m;
>
>    include fastcgi.conf;
>    server {
>        location ~*^/(home|forum|portal).php$  {
>            limit_req zone=refresh burst=2 nodelay;
>            fastcgi_pass unix:php.sock;
>        }
>    }
>}
>===
>
>	f
>-- 
>Francis Daly        francis at daoine.org
>
>_______________________________________________
>nginx mailing list
>nginx at nginx.org
>http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120724/11d49e57/attachment-0001.html>

From edho at myconan.net  Tue Jul 24 05:38:13 2012
From: edho at myconan.net (Edho Arief)
Date: Tue, 24 Jul 2012 12:38:13 +0700
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <63103fb79bee19a129272c3d4d5f358d.NginxMailingListEnglish@forum.nginx.org>
References: <63103fb79bee19a129272c3d4d5f358d.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAAtReCkZ+mcpDxFCzZ9dtNT=b_ZFM16KfmZppZ2EjE7wcOwkoA@mail.gmail.com>

On Tue, Jul 24, 2012 at 8:23 AM, justin <nginx-forum at nginx.us> wrote:
> I have the following simple lighttpd rewrite rule:
>
>     $HTTP["host"] =~ "^(app\.mydomain\.com)$" {
>         url.rewrite-once = (
>                 "^[^.]*$" => "controller.php/$1"
>         )
>     }
>
> I am trying to port this rule to nginx and have the following:
>
>     server {
>       listen 80;
>
>       server_name app.mydomain.com;
>
>       if ($host = 'app.mydomain.com') {
>         rewrite ^[^.]*$ controller.php/$1 last;
>       }
>
>       root /srv/www/domains/app.mydomain.com;
>
>       index index.php;
>
>       access_log /var/log/nginx/domains/app.mydomain.com/access.log;
>       error_log /var/log/nginx/domains/app.mydomain.com/error.log;
>
>       include /etc/nginx/excludes.conf;
>       include /etc/nginx/php.conf;
>      include /etc/nginx/expires.conf;
> }
>
> The problem is that the rewrite rule for nginx is not working correctly?
> Any idea what I am doing wrong?
>

Maybe post the content of php.conf. Also, the if test is not needed.


From nginx-forum at nginx.us  Tue Jul 24 06:08:54 2012
From: nginx-forum at nginx.us (justin)
Date: Tue, 24 Jul 2012 02:08:54 -0400 (EDT)
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <CAAtReCkZ+mcpDxFCzZ9dtNT=b_ZFM16KfmZppZ2EjE7wcOwkoA@mail.gmail.com>
References: <CAAtReCkZ+mcpDxFCzZ9dtNT=b_ZFM16KfmZppZ2EjE7wcOwkoA@mail.gmail.com>
Message-ID: <e6df18b38e2b8e19b989859da47d2287.NginxMailingListEnglish@forum.nginx.org>

Thanks for the tip on removing the if block. So, perhaps the regular
expression is off? Basically, the rewrite-rule should fire if the url
does NOT contain a period.

Examples:

     /some/path   //should hit the rewrite rule
     /file.php         //should NOT hit the rewrite rule

Here is php.conf as well:

location ~\.php {
  try_files $uri =404;
  fastcgi_index index.php;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  fastcgi_intercept_errors on;
  fastcgi_pass 127.0.0.1:9000;
  include /etc/nginx/fastcgi_params;
}

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228909,228918#msg-228918


From edho at myconan.net  Tue Jul 24 06:43:03 2012
From: edho at myconan.net (Edho Arief)
Date: Tue, 24 Jul 2012 13:43:03 +0700
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <e6df18b38e2b8e19b989859da47d2287.NginxMailingListEnglish@forum.nginx.org>
References: <CAAtReCkZ+mcpDxFCzZ9dtNT=b_ZFM16KfmZppZ2EjE7wcOwkoA@mail.gmail.com>
 <e6df18b38e2b8e19b989859da47d2287.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAAtReC=O6Gct_iEwWQvOxf6pBxQaRifg4g34LD5b1tvbqJdKqA@mail.gmail.com>

On Tue, Jul 24, 2012 at 1:08 PM, justin <nginx-forum at nginx.us> wrote:
> Thanks for the tip on removing the if block. So, perhaps the regular
> expression is off? Basically, the rewrite-rule should fire if the url
> does NOT contain a period.
>
> Examples:
>
>      /some/path   //should hit the rewrite rule
>      /file.php         //should NOT hit the rewrite rule
>
> Here is php.conf as well:
>
> location ~\.php {
>   try_files $uri =404;
>   fastcgi_index index.php;
>   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
>   fastcgi_intercept_errors on;
>   fastcgi_pass 127.0.0.1:9000;
>   include /etc/nginx/fastcgi_params;
> }
>

I think instead of using rewrite, this should work:

location ~ ^[^.]+$ {
  fastcgi_intercept_errors on;
  fastcgi_param SCRIPT_FILENAME $document_root/controller.php;
  fastcgi_param PATH_INFO $uri;
  fastcgi_pass 127.0.0.1:9000;
  include fastcgi_params;
}

Alternatively, check this: http://nginx.org/r/fastcgi_split_path_info


From igor at sysoev.ru  Tue Jul 24 06:49:25 2012
From: igor at sysoev.ru (Igor Sysoev)
Date: Tue, 24 Jul 2012 10:49:25 +0400
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <63103fb79bee19a129272c3d4d5f358d.NginxMailingListEnglish@forum.nginx.org>
References: <63103fb79bee19a129272c3d4d5f358d.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <26640586-C632-493A-A4E7-B3D0B93F26D2@sysoev.ru>

On Jul 24, 2012, at 5:23 , justin wrote:

> I have the following simple lighttpd rewrite rule:
> 
>    $HTTP["host"] =~ "^(app\.mydomain\.com)$" {
>        url.rewrite-once = (
>                "^[^.]*$" => "controller.php/$1"
>        )
>    }
> 
> I am trying to port this rule to nginx and have the following:
> 
>    server {
>      listen 80;
> 
>      server_name app.mydomain.com;
> 
>      if ($host = 'app.mydomain.com') {
>        rewrite ^[^.]*$ controller.php/$1 last;
>      }
> 
>      root /srv/www/domains/app.mydomain.com;
> 
>      index index.php;
> 
>      access_log /var/log/nginx/domains/app.mydomain.com/access.log;
>      error_log /var/log/nginx/domains/app.mydomain.com/error.log;
> 
>      include /etc/nginx/excludes.conf;
>      include /etc/nginx/php.conf;
>     include /etc/nginx/expires.conf;
> }
> 
> The problem is that the rewrite rule for nginx is not working correctly?
> Any idea what I am doing wrong?
> 

server {
    server_name   app.mydomain.com;

    root /srv/www/domains/app.mydomain.com;

    location ~ ^[^.]+$ {
        fastcgi_intercept_errors on;
        fastcgi_param SCRIPT_FILENAME $document_root/controller.php;
        fastcgi_param PATH_INFO $uri;
        fastcgi_pass 127.0.0.1:9000;
        include fastcgi_params;
    }

    ...
}



--
Igor Sysoev


From edho at myconan.net  Tue Jul 24 06:50:12 2012
From: edho at myconan.net (Edho Arief)
Date: Tue, 24 Jul 2012 13:50:12 +0700
Subject: Return 400 for invalid $uri and $args
Message-ID: <CAAtReC=_YttxkCQE-g=XQGEanH75Hy8ZceCAz68shTh8cq6Ouw@mail.gmail.com>

Is there a way to check $uri and $args for invalid percent-encoded
utf8 string and return 400?


From nginx-forum at nginx.us  Tue Jul 24 07:56:32 2012
From: nginx-forum at nginx.us (dagr)
Date: Tue, 24 Jul 2012 03:56:32 -0400 (EDT)
Subject: perl_modules
Message-ID: <7e32a63924f99a1eeb174d89ab9f4279.NginxMailingListEnglish@forum.nginx.org>

I compiled nginx with perl ( --with-http_perl_module ), 

............
checking for perl
 + perl version: v5.8.8 built for i386-linux-thread-multi
 + perl interpreter multiplicity found
..............................

 installed it , and then i get 


[root at host nginx-1.2.2]# nginx -t
nginx: [emerg] unknown directive "perl_modules" in
/vps_core/nginx/conf/nginx.conf:9
nginx: configuration file /vps_core/nginx/conf/nginx.conf test failed

[root at host nginx-1.2.2]# nginx -V
nginx version: nginx/1.2.2
configure arguments: --prefix=/vps_core/nginx   --with-http_perl_module

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228924,228924#msg-228924


From nginx-forum at nginx.us  Tue Jul 24 09:23:55 2012
From: nginx-forum at nginx.us (mk.fg)
Date: Tue, 24 Jul 2012 05:23:55 -0400 (EDT)
Subject: [PATCH] Add "pass_only" option to ssl_verify_client to enable
 app-only validation
In-Reply-To: <20120723183143.GX31671@mdounin.ru>
References: <20120723183143.GX31671@mdounin.ru>
Message-ID: <6b9a9bca924a46e5fe4c7eafaf3ce9ae.NginxMailingListEnglish@forum.nginx.org>

Thank you for the analysis and suggestions, I'll take a look at mod_ssl
and will try to come up with a more appropriate patch.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228761,228925#msg-228925


From nginx-forum at nginx.us  Tue Jul 24 10:01:23 2012
From: nginx-forum at nginx.us (HTF)
Date: Tue, 24 Jul 2012 06:01:23 -0400 (EDT)
Subject: PHP-FPM "upstream sent too big header..."
Message-ID: <2398ddef942f45d7055582ca2e4f0457.NginxMailingListEnglish@forum.nginx.org>

Hi,

I've noticed the following error message in the logs:

"2012/07/24 11:26:19 [error] 18623#0: *521909 upstream sent too big
header while reading response header from upstream, client..."

I've read the documentation and I do want to disable buffering to disk
so I've set "fastcgi_max_temp_file_size 0;" in
"/etc/nginx/fastcgi_params" (this file is included in the config
"include fastcgi_params;").

Could you please advise which parameters need to be configured to solve
the issue from the error log?

If I set the following parameters:

fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;

- is this going to overwrite the "fastcgi_max_temp_file_size"
directive?

Regards

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228926,228926#msg-228926


From mdounin at mdounin.ru  Tue Jul 24 10:49:43 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 24 Jul 2012 14:49:43 +0400
Subject: perl_modules
In-Reply-To: <7e32a63924f99a1eeb174d89ab9f4279.NginxMailingListEnglish@forum.nginx.org>
References: <7e32a63924f99a1eeb174d89ab9f4279.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120724104943.GA31671@mdounin.ru>

Hello!

On Tue, Jul 24, 2012 at 03:56:32AM -0400, dagr wrote:

> I compiled nginx with perl ( --with-http_perl_module ), 
> 
> ............
> checking for perl
>  + perl version: v5.8.8 built for i386-linux-thread-multi
>  + perl interpreter multiplicity found
> ..............................
> 
>  installed it , and then i get 
> 
> 
> [root at host nginx-1.2.2]# nginx -t
> nginx: [emerg] unknown directive "perl_modules" in
> /vps_core/nginx/conf/nginx.conf:9
> nginx: configuration file /vps_core/nginx/conf/nginx.conf test failed
> 
> [root at host nginx-1.2.2]# nginx -V
> nginx version: nginx/1.2.2
> configure arguments: --prefix=/vps_core/nginx   --with-http_perl_module

The "perl_modules" directive is only allowed at http level.  See 
http://nginx.org/r/perl_modules.

Maxim Dounin


From nginx-forum at nginx.us  Tue Jul 24 11:00:50 2012
From: nginx-forum at nginx.us (dagr)
Date: Tue, 24 Jul 2012 07:00:50 -0400 (EDT)
Subject: perl_modules
In-Reply-To: <20120724104943.GA31671@mdounin.ru>
References: <20120724104943.GA31671@mdounin.ru>
Message-ID: <14d4e96dbdbf7bb409b461e48afb5eb2.NginxMailingListEnglish@forum.nginx.org>

Now i see  - its because i placed it on top level  - now it works.

But actually this error message should be changed.
When i place directive in wrong place (for example limit_zone inside
location. ) - I used to get messages "this directive is not allowed
here"  - not an "uknown directive".

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228924,228929#msg-228929


From nginx-forum at nginx.us  Tue Jul 24 12:05:28 2012
From: nginx-forum at nginx.us (mdeinum)
Date: Tue, 24 Jul 2012 08:05:28 -0400 (EDT)
Subject: Not all locations considered
In-Reply-To: <20120723155157.GU31671@mdounin.ru>
References: <20120723155157.GU31671@mdounin.ru>
Message-ID: <e841583d271823e8dce5536e2d7419d0.NginxMailingListEnglish@forum.nginx.org>

Thanks. That was indeed the problem, mixing cases doesn't work reliable
under windows :s.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228885,228930#msg-228930


From yashgt at gmail.com  Tue Jul 24 12:33:50 2012
From: yashgt at gmail.com (Yash Ganthe)
Date: Tue, 24 Jul 2012 18:03:50 +0530
Subject: Browser shows rewritten URL
Message-ID: <CALPMVvP2V-JUgdKSaOgQMO1bt4AkxJ4a5d44CfE-7Tb00kSkbg@mail.gmail.com>

Hi,

I need to rewrite
http://mysite:81/magento_mysite/abc
to
http://mysite:81/magento_mysite/?store=abc

I am able to do this using the .conf file. However, the browser shows the
rewritten URL and not the original.
Apache's mod_rewrite ensures that the browser shows the original URL and
not the rewritten one.

Is there some parameter I should be passing to avoid showing the new URL?

Thanks,
Yash
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120724/0e2df2e6/attachment.html>

From cmfileds at gmail.com  Tue Jul 24 17:36:06 2012
From: cmfileds at gmail.com (CM Fields)
Date: Tue, 24 Jul 2012 13:36:06 -0400
Subject: nginx spdy server hint
Message-ID: <CAHxQ+CqDOETC52Q3HZx=VVR5YmiRdEaFjWYivQfYLgq=XchuTQ@mail.gmail.com>

Does Nginx support SPDY server hint ?

I have built nginx-1.3.3 with patch.spdy-47.txt and openssl-1.0.1c and
my test client is Chrome 22.0 (beta unstable). I know SPDY server push
is not supported, but is SPDY server hint supported? If so, how do I
enable the client to take advantage of server hint?

According to the chromium project docs a "link" header might work. I
added the Link header using the add_header directive in nginx as
stated in their example, but I do not think it is working. For
example:

Link: <mypicture1.jpg>; rel=subresource

http://www.chromium.org/spdy/link-headers-and-server-hint

Any help or basic pointers would be greatly appreciated.


From ne at vbart.ru  Tue Jul 24 18:07:47 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Tue, 24 Jul 2012 22:07:47 +0400
Subject: nginx spdy server hint
In-Reply-To: <CAHxQ+CqDOETC52Q3HZx=VVR5YmiRdEaFjWYivQfYLgq=XchuTQ@mail.gmail.com>
References: <CAHxQ+CqDOETC52Q3HZx=VVR5YmiRdEaFjWYivQfYLgq=XchuTQ@mail.gmail.com>
Message-ID: <201207242207.47619.ne@vbart.ru>

On Tuesday 24 July 2012 21:36:06 CM Fields wrote:
> Does Nginx support SPDY server hint ?
> 
> I have built nginx-1.3.3 with patch.spdy-47.txt and openssl-1.0.1c and
> my test client is Chrome 22.0 (beta unstable). I know SPDY server push
> is not supported, but is SPDY server hint supported? If so, how do I
> enable the client to take advantage of server hint?
> 
> According to the chromium project docs a "link" header might work. I
> added the Link header using the add_header directive in nginx as
> stated in their example, but I do not think it is working. For
> example:
> 
> Link: <mypicture1.jpg>; rel=subresource
> 
> http://www.chromium.org/spdy/link-headers-and-server-hint
> 
> Any help or basic pointers would be greatly appreciated.
> 

It's just "docs". You will not find either "server hint" or the "Link" header in 
the SPDY specification at the moment.

 wbr, Valentin V. Bartenev


From cmfileds at gmail.com  Tue Jul 24 18:36:19 2012
From: cmfileds at gmail.com (CM Fields)
Date: Tue, 24 Jul 2012 14:36:19 -0400
Subject: nginx spdy server hint
In-Reply-To: <201207242207.47619.ne@vbart.ru>
References: <CAHxQ+CqDOETC52Q3HZx=VVR5YmiRdEaFjWYivQfYLgq=XchuTQ@mail.gmail.com>
 <201207242207.47619.ne@vbart.ru>
Message-ID: <CAHxQ+CrVTv3us1qThdvYBAVNU9QeQ8OqBEJ3eE221c54KptQxw@mail.gmail.com>

Thanks for the clarification.

When I read through the SPDY documents up to version 4 I saw no
mention of server hints at all. I thought I must have missed something
since every news or review article I read mentions SDPY hints, but no
one ever had an example.

BTW, SDPY on Nginx has worked flawlessly in a public beta production
environment for three(3) weeks now. We see an average of 739
concurrent ips connecting with one TCP connection each and asking for
21 objects per un-cached page request. This has reduced the load
(cpu/ram) on our FreeBSD stateful firewall by ~63% due to less states
and decreased client load times by 47%. I can happily report no
crashes, faults or page errors with the current source build. Thanks
for all the hard work.

On Tue, Jul 24, 2012 at 2:07 PM, Valentin V. Bartenev <ne at vbart.ru> wrote:
> On Tuesday 24 July 2012 21:36:06 CM Fields wrote:
>> Does Nginx support SPDY server hint ?
>>
>> I have built nginx-1.3.3 with patch.spdy-47.txt and openssl-1.0.1c and
>> my test client is Chrome 22.0 (beta unstable). I know SPDY server push
>> is not supported, but is SPDY server hint supported? If so, how do I
>> enable the client to take advantage of server hint?
>>
>> According to the chromium project docs a "link" header might work. I
>> added the Link header using the add_header directive in nginx as
>> stated in their example, but I do not think it is working. For
>> example:
>>
>> Link: <mypicture1.jpg>; rel=subresource
>>
>> http://www.chromium.org/spdy/link-headers-and-server-hint
>>
>> Any help or basic pointers would be greatly appreciated.
>>
>
> It's just "docs". You will not find either "server hint" or the "Link" header in
> the SPDY specification at the moment.
>
>  wbr, Valentin V. Bartenev
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From maxim at nginx.com  Tue Jul 24 18:39:38 2012
From: maxim at nginx.com (Maxim Konovalov)
Date: Tue, 24 Jul 2012 22:39:38 +0400
Subject: nginx spdy server hint
In-Reply-To: <CAHxQ+CrVTv3us1qThdvYBAVNU9QeQ8OqBEJ3eE221c54KptQxw@mail.gmail.com>
References: <CAHxQ+CqDOETC52Q3HZx=VVR5YmiRdEaFjWYivQfYLgq=XchuTQ@mail.gmail.com>
 <201207242207.47619.ne@vbart.ru>
 <CAHxQ+CrVTv3us1qThdvYBAVNU9QeQ8OqBEJ3eE221c54KptQxw@mail.gmail.com>
Message-ID: <500EEBEA.6020708@nginx.com>

On 7/24/12 10:36 PM, CM Fields wrote:
[...]
> BTW, SDPY on Nginx has worked flawlessly in a public beta production
> environment for three(3) weeks now. We see an average of 739
> concurrent ips connecting with one TCP connection each and asking for
> 21 objects per un-cached page request. This has reduced the load
> (cpu/ram) on our FreeBSD stateful firewall by ~63% due to less states
> and decreased client load times by 47%.

The last metric is compared to a plain HTTP or HTTPS?

> I can happily report no crashes, faults or page errors with the
> current source build. Thanks  for all the hard work.

I suppose you use spdy.patch-47, right?

-- 
Maxim Konovalov
+7 (910) 4293178
http://nginx.com/



From ne at vbart.ru  Tue Jul 24 18:55:57 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Tue, 24 Jul 2012 22:55:57 +0400
Subject: nginx spdy server hint
In-Reply-To: <CAHxQ+CrVTv3us1qThdvYBAVNU9QeQ8OqBEJ3eE221c54KptQxw@mail.gmail.com>
References: <CAHxQ+CqDOETC52Q3HZx=VVR5YmiRdEaFjWYivQfYLgq=XchuTQ@mail.gmail.com>
 <201207242207.47619.ne@vbart.ru>
 <CAHxQ+CrVTv3us1qThdvYBAVNU9QeQ8OqBEJ3eE221c54KptQxw@mail.gmail.com>
Message-ID: <201207242255.57309.ne@vbart.ru>

On Tuesday 24 July 2012 22:36:19 CM Fields wrote:
> Thanks for the clarification.
> 
> When I read through the SPDY documents up to version 4 I saw no
> mention of server hints at all. I thought I must have missed something
> since every news or review article I read mentions SDPY hints, but no
> one ever had an example.

Seems it's a browser specific feature. It isn't related to SPDY, or nginx.

 * http://http://tools.ietf.org/html/rfc5988
 * https://developer.mozilla.org/en/Link_prefetching_FAQ

You can try:

    add_header Link "</images/big.jpeg>; rel=prefetch";

with Firefox.

> BTW, SDPY on Nginx has worked flawlessly in a public beta production
> environment for three(3) weeks now. We see an average of 739
> concurrent ips connecting with one TCP connection each and asking for
> 21 objects per un-cached page request. This has reduced the load
> (cpu/ram) on our FreeBSD stateful firewall by ~63% due to less states
> and decreased client load times by 47%. I can happily report no
> crashes, faults or page errors with the current source build. Thanks
> for all the hard work.

Great! Thank you for sharing your experience. We continue work on improving
SPDY in nginx and eventually merge the patch into the main branch.

 wbr, Valentin V. Bartenev


> On Tue, Jul 24, 2012 at 2:07 PM, Valentin V. Bartenev <ne at vbart.ru> wrote:
> > On Tuesday 24 July 2012 21:36:06 CM Fields wrote:
> >> Does Nginx support SPDY server hint ?
> >> 
> >> I have built nginx-1.3.3 with patch.spdy-47.txt and openssl-1.0.1c and
> >> my test client is Chrome 22.0 (beta unstable). I know SPDY server push
> >> is not supported, but is SPDY server hint supported? If so, how do I
> >> enable the client to take advantage of server hint?
> >> 
> >> According to the chromium project docs a "link" header might work. I
> >> added the Link header using the add_header directive in nginx as
> >> stated in their example, but I do not think it is working. For
> >> example:
> >> 
> >> Link: <mypicture1.jpg>; rel=subresource
> >> 
> >> http://www.chromium.org/spdy/link-headers-and-server-hint
> >> 
> >> Any help or basic pointers would be greatly appreciated.
> > 
> > It's just "docs". You will not find either "server hint" or the "Link"
> > header in the SPDY specification at the moment.
> > 
> >  wbr, Valentin V. Bartenev
> > 
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From ne at vbart.ru  Tue Jul 24 19:33:06 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Tue, 24 Jul 2012 23:33:06 +0400
Subject: nginx spdy server hint
In-Reply-To: <201207242255.57309.ne@vbart.ru>
References: <CAHxQ+CqDOETC52Q3HZx=VVR5YmiRdEaFjWYivQfYLgq=XchuTQ@mail.gmail.com>
 <CAHxQ+CrVTv3us1qThdvYBAVNU9QeQ8OqBEJ3eE221c54KptQxw@mail.gmail.com>
 <201207242255.57309.ne@vbart.ru>
Message-ID: <201207242333.07081.ne@vbart.ru>

On Tuesday 24 July 2012 22:55:57 Valentin V. Bartenev wrote:
> On Tuesday 24 July 2012 22:36:19 CM Fields wrote:
> > Thanks for the clarification.
> > 
> > When I read through the SPDY documents up to version 4 I saw no
> > mention of server hints at all. I thought I must have missed something
> > since every news or review article I read mentions SDPY hints, but no
> > one ever had an example.
> 
> Seems it's a browser specific feature. It isn't related to SPDY, or nginx.
> 
>  * http://http://tools.ietf.org/html/rfc5988
>  * https://developer.mozilla.org/en/Link_prefetching_FAQ
> 
> You can try:
> 
>     add_header Link "</images/big.jpeg>; rel=prefetch";
> 
> with Firefox.
> 

I've just test it myself. It works well with my Firefox 14 on both HTTP and
HTTPS (pure or over SPDY). But I also found that Firebug doesn't show these 
prefetched requests on the Net tab.

And I had no luck with Chromium 21.

 wbr, Valentin V. Bartenev


From francis at daoine.org  Tue Jul 24 21:08:26 2012
From: francis at daoine.org (Francis Daly)
Date: Tue, 24 Jul 2012 22:08:26 +0100
Subject: exception for NGINX limit_req_zone
In-Reply-To: <58df32a5.160e3.138b696bf84.Coremail.meteor8488@163.com>
References: <44d09df7.1aaeb.138a4a52cbf.Coremail.meteor8488@163.com>
 <20120720223849.GE14023@craic.sysops.org>
 <4253f01a.1c2f.138a75b6ef0.Coremail.meteor8488@163.com>
 <20120721200820.GF14023@craic.sysops.org>
 <4e48295.19040.138af388295.Coremail.meteor8488@163.com>
 <20120722183527.GI14023@craic.sysops.org>
 <58df32a5.160e3.138b696bf84.Coremail.meteor8488@163.com>
Message-ID: <20120724210826.GK14023@craic.sysops.org>

On Tue, Jul 24, 2012 at 09:25:29AM +0800, fhal wrote:

Hi there,

> Thanks very much for your kindly help.
> I testes the configuration as following steps:

Thanks for the description.

I am not able to reproduce your failure case.

When I use "siege -c 100 -t 10" against /forum.php, I rapidly start
seeing HTTP 503 messages. When I use it against /forum.php?mod=image,
I see only HTTP 200 messages, until I start seeing HTTP 502 -- which is
because my php fastcgi service has died.

I then test against /env.php, and I see about the same number of HTTP
200 messages before they revert to HTTP 502 after the php service dies.

"siege" is not the same as "webbench", but it was trivially available
on my test system, and it seems to do approximately the same thing.

Since you have a test case which reliably shows failure, can I suggest
you make some quick changes and repeat the test, in order to see at what
point things change from "failure" to "success"? That will hopefully
provide information that may point at the fix.

First: you are testing /forum.php. What happens if you test /mytest.php --
ideally, the php script should do roughly the same as /forum.php. Possibly
just copying forum.php to mytest.php will work. Your config puts no limits
on /mytest.php. Does it show any failures, or does it run perfectly?

Next: you are testing with two different limits. What happens if
you comment the limit_conn directive are restart nginx? Then instead
comment the limit_req directive? Can you see that it fails only when both
directives are active, or when either directive is active, or whenever
one particular directive is active?

Next: can the problem be due to the work done by the php script? (This
one strikes me as unlikely.) Replace the contents of forum.php with
just the single word "forum". Repeat the "unlimited" test. Does it
fail differently?

If that doesn't help find a configuration which doesn't fail: what
happens if you use "-c 10" instead of "-c 10000"? How about "-c 100"?

And finally, for testing: change the limit to be (say) 1r/m, and manually
make the requests. Does it fail for you now? If a mod=image request shows
a HTTP 503 within the first 10 requests, you now have a much more easily
reproducible test case.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org


From cmfileds at gmail.com  Tue Jul 24 21:26:53 2012
From: cmfileds at gmail.com (CM Fields)
Date: Tue, 24 Jul 2012 17:26:53 -0400
Subject: nginx spdy server hint
In-Reply-To: <500EEBEA.6020708@nginx.com>
References: <CAHxQ+CqDOETC52Q3HZx=VVR5YmiRdEaFjWYivQfYLgq=XchuTQ@mail.gmail.com>
 <201207242207.47619.ne@vbart.ru>
 <CAHxQ+CrVTv3us1qThdvYBAVNU9QeQ8OqBEJ3eE221c54KptQxw@mail.gmail.com>
 <500EEBEA.6020708@nginx.com>
Message-ID: <CAHxQ+Cp_EB9TkdiwqUg=mh4Bi6fHvh-mVEB+8i11_OykynaVuQ@mail.gmail.com>

Maxim,

We originally started on patch.spdy-44.txt and rebuilt nginx on each
successive patch release. Currently we are using nginx-1.3.3 with
patch.spdy-47.txt and openssl-1.0.1c on the live servers.

The client load time differences were calculated moving from https to
https-spdy. This was not a purely scientific study though as the
hardware did not change, but we did move the Nginx daemon to Freebsd 9
from Ubuntu Linux 12.04.

Still we are very happy with the improvements without changing any html code.

On Tue, Jul 24, 2012 at 2:39 PM, Maxim Konovalov <maxim at nginx.com> wrote:
> On 7/24/12 10:36 PM, CM Fields wrote:
> [...]
>
>> BTW, SDPY on Nginx has worked flawlessly in a public beta production
>> environment for three(3) weeks now. We see an average of 739
>> concurrent ips connecting with one TCP connection each and asking for
>> 21 objects per un-cached page request. This has reduced the load
>> (cpu/ram) on our FreeBSD stateful firewall by ~63% due to less states
>> and decreased client load times by 47%.
>
>
> The last metric is compared to a plain HTTP or HTTPS?
>
>
>> I can happily report no crashes, faults or page errors with the
>> current source build. Thanks  for all the hard work.
>
>
> I suppose you use spdy.patch-47, right?
>
> --
> Maxim Konovalov
> +7 (910) 4293178
> http://nginx.com/
>
>


From cmfileds at gmail.com  Tue Jul 24 21:48:00 2012
From: cmfileds at gmail.com (CM Fields)
Date: Tue, 24 Jul 2012 17:48:00 -0400
Subject: nginx spdy server hint
In-Reply-To: <201207242333.07081.ne@vbart.ru>
References: <CAHxQ+CqDOETC52Q3HZx=VVR5YmiRdEaFjWYivQfYLgq=XchuTQ@mail.gmail.com>
 <CAHxQ+CrVTv3us1qThdvYBAVNU9QeQ8OqBEJ3eE221c54KptQxw@mail.gmail.com>
 <201207242255.57309.ne@vbart.ru> <201207242333.07081.ne@vbart.ru>
Message-ID: <CAHxQ+Cp1HMGOiQggwrniQnyxKYJG6FC8Z+fDu=-4T5ApRHW_Rw@mail.gmail.com>

>From what I understand using the "Link" header with the rel=prefetch
directive will download the files once the current page is loaded and
the client connection is idle. This is to pre-load files that the
client may request later on the site. This option seems to be in
Firefox only and available for a few years now.

The Google docs for the "Link" header with the rel=subresource
directive seems to tell the client the files listed are to be
downloaded immediately as they are going to be using on the current
page rendering. In theory the client could ask for the index.html and
the server would send the index.html with the rel=subresource headers
for other jpgs. The client would then immediately ask for the jpgs, if
not already in its cache, instead of decompressing the index.html and
parsing the file to discover the same pictures.

   http://www.chromium.org/spdy/link-headers-and-server-hint

I did a few tests with the following headers which I found searching
the google dev docs. I tested the headers against the latest Firefox
17.0a1 and Chrome 22.0 and nothing seemed to make any difference
according to the browser's development tool timings.

add_header  X-subresource "image/jpeg;/image1.jpg;;
add_header  Link "</image1.jpg>; rel=subresource";

They probably just are not implemented in the browsers at this time.

On Tue, Jul 24, 2012 at 3:33 PM, Valentin V. Bartenev <ne at vbart.ru> wrote:
> On Tuesday 24 July 2012 22:55:57 Valentin V. Bartenev wrote:
>> On Tuesday 24 July 2012 22:36:19 CM Fields wrote:
>> > Thanks for the clarification.
>> >
>> > When I read through the SPDY documents up to version 4 I saw no
>> > mention of server hints at all. I thought I must have missed something
>> > since every news or review article I read mentions SDPY hints, but no
>> > one ever had an example.
>>
>> Seems it's a browser specific feature. It isn't related to SPDY, or nginx.
>>
>>  * http://http://tools.ietf.org/html/rfc5988
>>  * https://developer.mozilla.org/en/Link_prefetching_FAQ
>>
>> You can try:
>>
>>     add_header Link "</images/big.jpeg>; rel=prefetch";
>>
>> with Firefox.
>>
>
> I've just test it myself. It works well with my Firefox 14 on both HTTP and
> HTTPS (pure or over SPDY). But I also found that Firebug doesn't show these
> prefetched requests on the Net tab.
>
> And I had no luck with Chromium 21.
>
>  wbr, Valentin V. Bartenev
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From nginx-forum at nginx.us  Wed Jul 25 02:24:44 2012
From: nginx-forum at nginx.us (timotta)
Date: Tue, 24 Jul 2012 22:24:44 -0400 (EDT)
Subject: proxy_cache_use_stale, updating question
In-Reply-To: <125a0bd2f4119119586ad863b381b1df.NginxMailingListEnglish@forum.nginx.org>
References: <4AE6ECD1.4090708@puffy.pl>
 <125a0bd2f4119119586ad863b381b1df.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <6f7997dc63a81618a19f5a53eae26f12.NginxMailingListEnglish@forum.nginx.org>

Busy lock working with:

proxy_cache_lock on;

Tested here:

$ nginx -v
nginx version: nginx/1.1.19

$ab -n 3 -c 3 http://localhost/resource/8

$ tail -f /tmp/proxy.log
[24/Jul/2012:23:19:07 -0300] /resource/8 200 MISS 200
[24/Jul/2012:23:19:07 -0300] /resource/8 200 HIT -
[24/Jul/2012:23:19:07 -0300] /resource/8 200 HIT -

Tiago Albineli Motta
http://programandosemcafeina.blogspot.com

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,17239,228953#msg-228953


From maxim at nginx.com  Wed Jul 25 05:23:37 2012
From: maxim at nginx.com (Maxim Konovalov)
Date: Wed, 25 Jul 2012 09:23:37 +0400
Subject: nginx spdy server hint
In-Reply-To: <CAHxQ+Cp_EB9TkdiwqUg=mh4Bi6fHvh-mVEB+8i11_OykynaVuQ@mail.gmail.com>
References: <CAHxQ+CqDOETC52Q3HZx=VVR5YmiRdEaFjWYivQfYLgq=XchuTQ@mail.gmail.com>
 <201207242207.47619.ne@vbart.ru>
 <CAHxQ+CrVTv3us1qThdvYBAVNU9QeQ8OqBEJ3eE221c54KptQxw@mail.gmail.com>
 <500EEBEA.6020708@nginx.com>
 <CAHxQ+Cp_EB9TkdiwqUg=mh4Bi6fHvh-mVEB+8i11_OykynaVuQ@mail.gmail.com>
Message-ID: <500F82D9.8050700@nginx.com>

That's great.  Thanks for the report!

On 7/25/12 1:26 AM, CM Fields wrote:
> Maxim,
> 
> We originally started on patch.spdy-44.txt and rebuilt nginx on each
> successive patch release. Currently we are using nginx-1.3.3 with
> patch.spdy-47.txt and openssl-1.0.1c on the live servers.
> 
> The client load time differences were calculated moving from https to
> https-spdy. This was not a purely scientific study though as the
> hardware did not change, but we did move the Nginx daemon to Freebsd 9
> from Ubuntu Linux 12.04.
> 
> Still we are very happy with the improvements without changing any html code.

-- 
Maxim Konovalov
+7 (910) 4293178
http://nginx.com/


From christian.boenning at gmail.com  Wed Jul 25 12:18:01 2012
From: christian.boenning at gmail.com (=?ISO-8859-1?Q?Christian_B=F6nning?=)
Date: Wed, 25 Jul 2012 14:18:01 +0200
Subject: help needed with spdy
Message-ID: <CABgTHytqbHoL32Hf-e00hKd-spxPotd=wwXT1RJD6dumNS8R2w@mail.gmail.com>

Hi,

I'm usually compiling nginx from source (currently using 1.3.3). As
I've read that spdy success story yesterday I thought I'd try that
myself. So I got 1.3.3 again patched it using spdy.patch-47.txt,
downloaded OpenSSL 1.0.1c and configured nginx using
'--with-http_ssl_module
--with-openssl=/usr/src/nginx/source/openssl-1.0.1c
--with-sha1=/usr/src/nginx/source/openssl-1.0.1c
--with-md5=/usr/src/nginx/source/openssl-1.0.1c' besides my other
defaults (full nginx -V & uname -a as well as my config which I'm
running for that host here:
https://gist.github.com/5f7ff6c8e347371042e7).

The site which I'm running (with 'ssl' and 'spdy' within the listen
directive) on this host currently is a redmine installation where
nginx delivers all static assets and passes anything else to thin.
Another vHost (running phpmyadmin there) on that server is spdy
enabled too - but listening on both. HTTP and HTTPS. Any access for
testing there is running through https anyway.

However neither Chrome (v22 with spdy enabled) nor Firefox (v14, spdy
enabled too) indicate that spdy is used on any of those hosts. Any
ideas what's going be wrong here?

Regards,
Chris


From james at cloud9.co.uk  Wed Jul 25 12:53:41 2012
From: james at cloud9.co.uk (James Fidell)
Date: Wed, 25 Jul 2012 13:53:41 +0100
Subject: Whitelisting IP addresses for ratelimiting
Message-ID: <500FEC55.8030305@cloud9.co.uk>

I have my configuration set up based on the information at
http://gadelkareem.com/2012/03/25/limit-requests-per-ip-on-nginx-using-httplimitzonemodule-and-httplimitreqmodule-except-whitelist/
as follows:

http {
...
   geo $unlimited {
     default 1;
     192.168.45.56/32 0;
   }
...
   limit_req_zone  $binary_remote_addr  zone=unlimited:10m   rate=10r/m;
...
   server {
   ...
     location / {
       limit_req zone=unlimited burst=5;
     }
   }
}

I believe this should mean that requests from IP address 192.168.45.56
are not subject to the rate limiting, but it isn't working (they do get
blocked by the rate limiting) and I can't see why.

Is my configuration obviously wrong somewhere?

And if not, is there any way I can easily debug why the rate-limiting is
being applied?

Thanks,
James


From ne at vbart.ru  Wed Jul 25 12:53:41 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Wed, 25 Jul 2012 16:53:41 +0400
Subject: help needed with spdy
In-Reply-To: <CABgTHytqbHoL32Hf-e00hKd-spxPotd=wwXT1RJD6dumNS8R2w@mail.gmail.com>
References: <CABgTHytqbHoL32Hf-e00hKd-spxPotd=wwXT1RJD6dumNS8R2w@mail.gmail.com>
Message-ID: <201207251653.42083.ne@vbart.ru>

On Wednesday 25 July 2012 16:18:01 Christian B?nning wrote:
> Hi,
> 
> I'm usually compiling nginx from source (currently using 1.3.3). As
> I've read that spdy success story yesterday I thought I'd try that
> myself. So I got 1.3.3 again patched it using spdy.patch-47.txt,
> downloaded OpenSSL 1.0.1c and configured nginx using
> '--with-http_ssl_module
> --with-openssl=/usr/src/nginx/source/openssl-1.0.1c
> --with-sha1=/usr/src/nginx/source/openssl-1.0.1c
> --with-md5=/usr/src/nginx/source/openssl-1.0.1c' besides my other
> defaults (full nginx -V & uname -a as well as my config which I'm
> running for that host here:
> https://gist.github.com/5f7ff6c8e347371042e7).
> 
> The site which I'm running (with 'ssl' and 'spdy' within the listen
> directive) on this host currently is a redmine installation where
> nginx delivers all static assets and passes anything else to thin.
> Another vHost (running phpmyadmin there) on that server is spdy
> enabled too - but listening on both. HTTP and HTTPS. Any access for
> testing there is running through https anyway.
> 
> However neither Chrome (v22 with spdy enabled) nor Firefox (v14, spdy
> enabled too) indicate that spdy is used on any of those hosts. Any
> ideas what's going be wrong here?
> 

Could you provide a debug log?
http://nginx.org/en/docs/debugging_log.html

 wbr, Valentin V. Bartenev


From james at cloud9.co.uk  Wed Jul 25 12:56:29 2012
From: james at cloud9.co.uk (James Fidell)
Date: Wed, 25 Jul 2012 13:56:29 +0100
Subject: Whitelisting IP addresses for ratelimiting
In-Reply-To: <500FEC55.8030305@cloud9.co.uk>
References: <500FEC55.8030305@cloud9.co.uk>
Message-ID: <500FECFD.4080703@cloud9.co.uk>

On 25/07/12 13:53, James Fidell wrote:
> I have my configuration set up based on the information at
> http://gadelkareem.com/2012/03/25/limit-requests-per-ip-on-nginx-using-httplimitzonemodule-and-httplimitreqmodule-except-whitelist/
>
> as follows:
>
> http {
> ...
>    geo $unlimited {
>      default 1;
>      192.168.45.56/32 0;
>    }
> ...
>    limit_req_zone  $binary_remote_addr  zone=unlimited:10m   rate=10r/m;
> ...
>    server {
>    ...
>      location / {
>        limit_req zone=unlimited burst=5;
>      }
>    }
> }

I realise it may be much clearer if I did s/unlimited/limited/ on this 
config file :)

James


From christian.boenning at gmail.com  Wed Jul 25 13:22:00 2012
From: christian.boenning at gmail.com (=?ISO-8859-1?Q?Christian_B=F6nning?=)
Date: Wed, 25 Jul 2012 15:22:00 +0200
Subject: help needed with spdy
In-Reply-To: <201207251653.42083.ne@vbart.ru>
References: <CABgTHytqbHoL32Hf-e00hKd-spxPotd=wwXT1RJD6dumNS8R2w@mail.gmail.com>
 <201207251653.42083.ne@vbart.ru>
Message-ID: <CABgTHyu7Z9VxdsYjDiLh8Xbj57=xAT3wBCshn_r1cykSbxgd-Q@mail.gmail.com>

Yes, here you are: https://gist.github.com/db1281399f571ec1de2b. That
was created using the debug_connection directive on another - less
production critical - Host I can "play" with. 100% the same setup
(like os, compiler, openssl, nginx, configure-options & stuff). nginx
Config is the same (exept some paths where the application itself
lives). This host is showing the same problem.

Regards,
Christian


2012/7/25 Valentin V. Bartenev <ne at vbart.ru>:
> On Wednesday 25 July 2012 16:18:01 Christian B?nning wrote:
>> Hi,
>>
>> I'm usually compiling nginx from source (currently using 1.3.3). As
>> I've read that spdy success story yesterday I thought I'd try that
>> myself. So I got 1.3.3 again patched it using spdy.patch-47.txt,
>> downloaded OpenSSL 1.0.1c and configured nginx using
>> '--with-http_ssl_module
>> --with-openssl=/usr/src/nginx/source/openssl-1.0.1c
>> --with-sha1=/usr/src/nginx/source/openssl-1.0.1c
>> --with-md5=/usr/src/nginx/source/openssl-1.0.1c' besides my other
>> defaults (full nginx -V & uname -a as well as my config which I'm
>> running for that host here:
>> https://gist.github.com/5f7ff6c8e347371042e7).
>>
>> The site which I'm running (with 'ssl' and 'spdy' within the listen
>> directive) on this host currently is a redmine installation where
>> nginx delivers all static assets and passes anything else to thin.
>> Another vHost (running phpmyadmin there) on that server is spdy
>> enabled too - but listening on both. HTTP and HTTPS. Any access for
>> testing there is running through https anyway.
>>
>> However neither Chrome (v22 with spdy enabled) nor Firefox (v14, spdy
>> enabled too) indicate that spdy is used on any of those hosts. Any
>> ideas what's going be wrong here?
>>
>
> Could you provide a debug log?
> http://nginx.org/en/docs/debugging_log.html
>
>  wbr, Valentin V. Bartenev
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From mdounin at mdounin.ru  Wed Jul 25 13:45:55 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Wed, 25 Jul 2012 17:45:55 +0400
Subject: Whitelisting IP addresses for ratelimiting
In-Reply-To: <500FEC55.8030305@cloud9.co.uk>
References: <500FEC55.8030305@cloud9.co.uk>
Message-ID: <20120725134555.GO31671@mdounin.ru>

Hello!

On Wed, Jul 25, 2012 at 01:53:41PM +0100, James Fidell wrote:

> I have my configuration set up based on the information at
> http://gadelkareem.com/2012/03/25/limit-requests-per-ip-on-nginx-using-httplimitzonemodule-and-httplimitreqmodule-except-whitelist/
> as follows:
> 
> http {
> ...
>   geo $unlimited {
>     default 1;
>     192.168.45.56/32 0;
>   }
> ...
>   limit_req_zone  $binary_remote_addr  zone=unlimited:10m   rate=10r/m;
> ...
>   server {
>   ...
>     location / {
>       limit_req zone=unlimited burst=5;
>     }
>   }
> }
> 
> I believe this should mean that requests from IP address 192.168.45.56
> are not subject to the rate limiting, but it isn't working (they do get
> blocked by the rate limiting) and I can't see why.
> 
> Is my configuration obviously wrong somewhere?

Yes, it's obviously wrong, as well as blogpost you've followed.  
You don't use $unlimited variable anywhere in your config, and 
just use $binary_remote_addr for limiting without any exceptions.

To make an exception, you have to provide empty value for a 
variable in limit_req_zone (see http://nginx.org/r/limit_req_zone).

Correct config for exceptions based geo would be (involving 
intermediate map as geo doesn't allow variables in a resulting 
value):

    geo $limited {
        default           1;
        192.168.45.56/32  0;
    }

    map $limited $limit {
        1        $binary_remote_addr;
        0        "";
    }

    limit_req_zone $limit zone=foo:1m rate=10r/m;
    limit_req zone=foo burst=5;

As you can see from the above config, limit_req_zone now works 
based on a $limit variable, which is either client address, or an 
empty string.  In a latter case client isn't limited.

Maxim Dounin


From james at cloud9.co.uk  Wed Jul 25 14:00:20 2012
From: james at cloud9.co.uk (James Fidell)
Date: Wed, 25 Jul 2012 15:00:20 +0100
Subject: Whitelisting IP addresses for ratelimiting
In-Reply-To: <20120725134555.GO31671@mdounin.ru>
References: <500FEC55.8030305@cloud9.co.uk> <20120725134555.GO31671@mdounin.ru>
Message-ID: <500FFBF4.3060403@cloud9.co.uk>

On 25/07/12 14:45, Maxim Dounin wrote:

> Yes, it's obviously wrong, as well as blogpost you've followed.
> You don't use $unlimited variable anywhere in your config, and
> just use $binary_remote_addr for limiting without any exceptions.

I did wonder how the $unlimited variable had any effect.  Foolish of
me to assume that a blog is accurate :)

Thanks for your help.

James


From ne at vbart.ru  Wed Jul 25 17:20:09 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Wed, 25 Jul 2012 21:20:09 +0400
Subject: help needed with spdy
In-Reply-To: <CABgTHyu7Z9VxdsYjDiLh8Xbj57=xAT3wBCshn_r1cykSbxgd-Q@mail.gmail.com>
References: <CABgTHytqbHoL32Hf-e00hKd-spxPotd=wwXT1RJD6dumNS8R2w@mail.gmail.com>
 <201207251653.42083.ne@vbart.ru>
 <CABgTHyu7Z9VxdsYjDiLh8Xbj57=xAT3wBCshn_r1cykSbxgd-Q@mail.gmail.com>
Message-ID: <201207252120.09693.ne@vbart.ru>

On Wednesday 25 July 2012 17:22:00 Christian B?nning wrote:
> Yes, here you are: https://gist.github.com/db1281399f571ec1de2b. That
> was created using the debug_connection directive on another - less
> production critical - Host I can "play" with. 100% the same setup
> (like os, compiler, openssl, nginx, configure-options & stuff). nginx
> Config is the same (exept some paths where the application itself
> lives). This host is showing the same problem.
> 

Thanks! Could you try the new patch?

http://nginx.org/patches/spdy/patch.spdy-48.txt

 wbr, Valentin V. Bartenev


From cmfileds at gmail.com  Wed Jul 25 19:40:52 2012
From: cmfileds at gmail.com (CM Fields)
Date: Wed, 25 Jul 2012 15:40:52 -0400
Subject: nginx spdy server hint
In-Reply-To: <CAHxQ+Cp1HMGOiQggwrniQnyxKYJG6FC8Z+fDu=-4T5ApRHW_Rw@mail.gmail.com>
References: <CAHxQ+CqDOETC52Q3HZx=VVR5YmiRdEaFjWYivQfYLgq=XchuTQ@mail.gmail.com>
 <CAHxQ+CrVTv3us1qThdvYBAVNU9QeQ8OqBEJ3eE221c54KptQxw@mail.gmail.com>
 <201207242255.57309.ne@vbart.ru> <201207242333.07081.ne@vbart.ru>
 <CAHxQ+Cp1HMGOiQggwrniQnyxKYJG6FC8Z+fDu=-4T5ApRHW_Rw@mail.gmail.com>
Message-ID: <CAHxQ+CoF0uMna6i2P=2ChCFK6=94MszAU6sZztjCvmp0_sujvw@mail.gmail.com>

This is just a quick follow up on this thread of "server hint" for
those interested.

webtide.com has implemented SPDY/3 with server push on some of their
hosts. From the following link it looks like SPDY/3 with server push
will allow a client to deny a server push using a GOAWAY call. So, if
the server is pushing a jpg and the client already has it then the
client can stop the transfer. This method may negate the need for a
server hint entirely and save a few round trip times (RTT).

This is a quote from the article:

"Now you might be wondering what happens if the browser has the
resources already cached? Aren?t we sending data over the wire which
the browser actually already has? Well, usually we don?t. First we use
the if-modified-since header to identify if we should push sub
resources or not and second the browser can refuse push streams. If
the browser gets a syn for a sub resource it already has, then it can
simply reset the push stream. Then the only thing that has been send
is the syn frame for the push stream. Not a big drawback considering
the advantages this has."

http://webtide.intalio.com/2012/06/spdy-we-push/

If webtide is correct with their implementation we should be able to
make a best guess about the client cache and server push data to them
to significantly reduce load times. If we get the guess wrong and the
client already has the data the client can stop the transfer saving
bandwidth.

BTW, just made patch.spdy-48.txt  live on our servers and everything looks fine.

On Tue, Jul 24, 2012 at 5:48 PM, CM Fields <cmfileds at gmail.com> wrote:
> From what I understand using the "Link" header with the rel=prefetch
> directive will download the files once the current page is loaded and
> the client connection is idle. This is to pre-load files that the
> client may request later on the site. This option seems to be in
> Firefox only and available for a few years now.
>
> The Google docs for the "Link" header with the rel=subresource
> directive seems to tell the client the files listed are to be
> downloaded immediately as they are going to be using on the current
> page rendering. In theory the client could ask for the index.html and
> the server would send the index.html with the rel=subresource headers
> for other jpgs. The client would then immediately ask for the jpgs, if
> not already in its cache, instead of decompressing the index.html and
> parsing the file to discover the same pictures.
>
>    http://www.chromium.org/spdy/link-headers-and-server-hint
>
> I did a few tests with the following headers which I found searching
> the google dev docs. I tested the headers against the latest Firefox
> 17.0a1 and Chrome 22.0 and nothing seemed to make any difference
> according to the browser's development tool timings.
>
> add_header  X-subresource "image/jpeg;/image1.jpg;;
> add_header  Link "</image1.jpg>; rel=subresource";
>
> They probably just are not implemented in the browsers at this time.
>
> On Tue, Jul 24, 2012 at 3:33 PM, Valentin V. Bartenev <ne at vbart.ru> wrote:
>> On Tuesday 24 July 2012 22:55:57 Valentin V. Bartenev wrote:
>>> On Tuesday 24 July 2012 22:36:19 CM Fields wrote:
>>> > Thanks for the clarification.
>>> >
>>> > When I read through the SPDY documents up to version 4 I saw no
>>> > mention of server hints at all. I thought I must have missed something
>>> > since every news or review article I read mentions SDPY hints, but no
>>> > one ever had an example.
>>>
>>> Seems it's a browser specific feature. It isn't related to SPDY, or nginx.
>>>
>>>  * http://http://tools.ietf.org/html/rfc5988
>>>  * https://developer.mozilla.org/en/Link_prefetching_FAQ
>>>
>>> You can try:
>>>
>>>     add_header Link "</images/big.jpeg>; rel=prefetch";
>>>
>>> with Firefox.
>>>
>>
>> I've just test it myself. It works well with my Firefox 14 on both HTTP and
>> HTTPS (pure or over SPDY). But I also found that Firebug doesn't show these
>> prefetched requests on the Net tab.
>>
>> And I had no luck with Chromium 21.
>>
>>  wbr, Valentin V. Bartenev
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx


From christian.boenning at gmail.com  Wed Jul 25 20:03:38 2012
From: christian.boenning at gmail.com (Christian Boenning)
Date: Wed, 25 Jul 2012 22:03:38 +0200
Subject: help needed with spdy
In-Reply-To: <201207252120.09693.ne@vbart.ru>
References: <CABgTHytqbHoL32Hf-e00hKd-spxPotd=wwXT1RJD6dumNS8R2w@mail.gmail.com>
 <201207251653.42083.ne@vbart.ru>
 <CABgTHyu7Z9VxdsYjDiLh8Xbj57=xAT3wBCshn_r1cykSbxgd-Q@mail.gmail.com>
 <201207252120.09693.ne@vbart.ru>
Message-ID: <7131AC26-CA54-4838-B28B-8DC59497CCD8@gmail.com>

That's working now across both browsers for both Virtual Hosts on that Server. I'll push that patch to my production Servers soon and will monitor closely how it performs.

Thank you, Valentin!

Best,
Chris


Am 25.07.2012 um 19:20 schrieb Valentin V. Bartenev:

> On Wednesday 25 July 2012 17:22:00 Christian B?nning wrote:
>> Yes, here you are: https://gist.github.com/db1281399f571ec1de2b. That
>> was created using the debug_connection directive on another - less
>> production critical - Host I can "play" with. 100% the same setup
>> (like os, compiler, openssl, nginx, configure-options & stuff). nginx
>> Config is the same (exept some paths where the application itself
>> lives). This host is showing the same problem.
>> 
> 
> Thanks! Could you try the new patch?
> 
> http://nginx.org/patches/spdy/patch.spdy-48.txt
> 
> wbr, Valentin V. Bartenev
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From ne at vbart.ru  Wed Jul 25 20:43:03 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Thu, 26 Jul 2012 00:43:03 +0400
Subject: help needed with spdy
In-Reply-To: <7131AC26-CA54-4838-B28B-8DC59497CCD8@gmail.com>
References: <CABgTHytqbHoL32Hf-e00hKd-spxPotd=wwXT1RJD6dumNS8R2w@mail.gmail.com>
 <201207252120.09693.ne@vbart.ru>
 <7131AC26-CA54-4838-B28B-8DC59497CCD8@gmail.com>
Message-ID: <201207260043.03723.ne@vbart.ru>

On Thursday 26 July 2012 00:03:38 Christian Boenning wrote:
> That's working now across both browsers for both Virtual Hosts on that
> Server. I'll push that patch to my production Servers soon and will
> monitor closely how it performs.
> 
> Thank you, Valentin!
> 

Thank you for the report. This was a little bug with the "spdy" parameter
of the "listen" directive. It might not work in some certain virtual host 
configurations.

 wbr, Valentin V. Bartenev


From nginx-forum at nginx.us  Thu Jul 26 00:47:57 2012
From: nginx-forum at nginx.us (justin)
Date: Wed, 25 Jul 2012 20:47:57 -0400 (EDT)
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <63103fb79bee19a129272c3d4d5f358d.NginxMailingListEnglish@forum.nginx.org>
References: <63103fb79bee19a129272c3d4d5f358d.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <169f59e2b7b0b621b10827d607a521e1.NginxMailingListEnglish@forum.nginx.org>

Igor,

Thanks for the reply. Still not working, getting 404 error.

Here is the config snippet I am using:

server {
  listen 80;

  server_name app.mydomain.com;

  root /srv/www/domains/app.mydomain.com;
  
  index index.php;

  access_log /var/log/nginx/domains/app.mydomain.com/access.log;
  error_log /var/log/nginx/domains/app.mydomain.com/error.log;

  include /etc/nginx/excludes.conf;

  location ~ ^[^.]+$ {
    try_files $uri =404;
    fastcgi_param SCRIPT_FILENAME $document_root/controller.php;
    fastcgi_param PATH_INFO $uri;
    fastcgi_intercept_errors on;
    fastcgi_pass 127.0.0.1:9000;
    include /etc/nginx/fastcgi_params;
  }

  #Needed for standard php files which end with the .php extension
  include /etc/nginx/php.conf;

  include /etc/nginx/expires.conf;
}

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228909,228976#msg-228976


From coops at foursquare.com  Thu Jul 26 02:12:33 2012
From: coops at foursquare.com (Cooper Bethea)
Date: Wed, 25 Jul 2012 19:12:33 -0700
Subject: buffering response wrt backend only
Message-ID: <CAAHtSUPXxbL6J8xAsABP_Cmi73N8_5_gjojVt8-4NARE7kCASA@mail.gmail.com>

Hi everybody-

I am using nginx to proxy requests to a backend HTTP server with
slightly unusual behavior--it attempts to push out the <head></head>
portion of a HTTP response as quickly as possible so that the browser
can start building the page, then sends the rest of the response when
computed by the backend. I would like to likewise push this data back
from nginx to the client as quickly as possible, but still have nginx
buffer the response, so that backends do not have to hold open
connections for a long time when the client is slow to receive.

>From reading the wiki I think this behavior seems to be in-between
"proxy_buffering on" (buffers entire response) and "proxy_buffering
off" (does not buffer.) Is it possible to configure nginx to act this
way?


From nginx-forum at nginx.us  Thu Jul 26 03:52:20 2012
From: nginx-forum at nginx.us (DenisTRUFFAUT)
Date: Wed, 25 Jul 2012 23:52:20 -0400 (EDT)
Subject: SPDY compilation fail - Warnings
Message-ID: <25f6e6fa8c4340c7f53aa037266146c4.NginxMailingListEnglish@forum.nginx.org>

Hi,

SPDY compilation fails for me, due to some warnings.

The compilation script which fails could be seen here, syntaxically
colored : 
http://pastebin.com/wkqA4d8g

Or here, in a raw version :



# Nginx SPDY Compilation Fail
# -------------------------------
 
NGINX_VERSION='1.3.2'
NGINX_ECHO_MODULE_VERSION='0.39'
sudo mkdir -p /var/log/nginx
sudo mkdir -p /tmp/nginx/{client,proxy,fastcgi,cache}
sudo chown www-data:www-data /tmp/nginx/{client,proxy,fastcgi,cache}
sudo ps -C nginx -o pid='' | xargs sudo kill -9
cd /usr/local/src
sudo wget -O    nginx-$NGINX_ECHO_MODULE_VERSION.tar.gz
"https://github.com/agentzh/echo-nginx-module/tarball/v$NGINX_ECHO_MODULE_VERSION"
sudo tar  -zxvf nginx-$NGINX_ECHO_MODULE_VERSION.tar.gz
sudo rm   -fr   nginx-$NGINX_ECHO_MODULE_VERSION.tar.gz
sudo mv agentzh-echo* nginx_echo_module
cd /usr/local/src
sudo wget -O    nginx-$NGINX_VERSION.tar.gz
"http://nginx.org/download/nginx-$NGINX_VERSION.tar.gz"
sudo tar  -zxvf nginx-$NGINX_VERSION.tar.gz
sudo rm   -fr   nginx-$NGINX_VERSION.tar.gz
cd              nginx-$NGINX_VERSION
# Apply SPDY
sudo wget -O patch.spdy.txt
"http://nginx.org/patches/spdy/patch.spdy.txt"
sudo patch -p0 < patch.spdy.txt
# Remove NginX Version in headers
grep -risl 'Server: nginx' * | xargs sudo sed -i -e 's/Server:
nginx/Server: /g'
grep -risl 'server: %V' * | xargs sudo sed -i -e 's/server: %V/server:
/g'
sudo make clean
# --with-ld-opt='-ltcmalloc_minimal' is optional, but recommended
sudo ./configure --with-cc-opt='-O3 -unroll2 -march=native' \
                 --with-ld-opt='-ltcmalloc_minimal' \
                 --error-log-path=/var/log/nginx/error.log \
                 --add-module=/usr/local/src/nginx_echo_module \
                 --conf-path=/usr/local/nginx/nginx.conf \
                 --group=www-data \
                 --http-client-body-temp-path=/tmp/nginx/client \
                 --http-fastcgi-temp-path=/tmp/nginx/fastcgi \
                 --http-log-path=/var/log/nginx/access.log \
                 --http-proxy-temp-path=/tmp/nginx/proxy \
                
--lock-path=/var/lock/nginx.lock--prefix=/usr/local/nginx \
                 --pid-path=/var/run/nginx.pid \
                 --user=www-data \
                 --with-http_geoip_module \
                 --with-http_gzip_static_module \
                 --with-http_realip_module \
                 --with-http_ssl_module \
                 --with-http_stub_status_module \
                 --with-ipv6 \
                 --with-http_ssl_module \
                 --without-http_autoindex_module \
                 --without-http_auth_basic_module \
                 --without-http_browser_module \
                 --without-http_empty_gif_module \
                 --without-http_scgi_module \
                 --without-http_split_clients_module \
                 --without-http_ssi_module \
                 --without-http_uwsgi_module \
                 --without-mail_imap_module \
                 --without-mail_pop3_module \
                 --without-mail_smtp_module \
                 && sudo make && sudo make install && cd /usr/local/src
sudo rm -fr nginx-$NGINX_VERSION
sudo rm -fr nginx_echo_module
 
# -------------------------------
# Compile without SPDY Patch : it works
# Compile with SPDY Patch : it fails
# ---------------------------------

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228980,228980#msg-228980


From igor at sysoev.ru  Thu Jul 26 04:31:14 2012
From: igor at sysoev.ru (Igor Sysoev)
Date: Thu, 26 Jul 2012 08:31:14 +0400
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <169f59e2b7b0b621b10827d607a521e1.NginxMailingListEnglish@forum.nginx.org>
References: <63103fb79bee19a129272c3d4d5f358d.NginxMailingListEnglish@forum.nginx.org>
 <169f59e2b7b0b621b10827d607a521e1.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120726043114.GA52212@nginx.com>

On Wed, Jul 25, 2012 at 08:47:57PM -0400, justin wrote:
> Igor,
> 
> Thanks for the reply. Still not working, getting 404 error.
> 
> Here is the config snippet I am using:
> 
> server {
>   listen 80;
> 
>   server_name app.mydomain.com;
> 
>   root /srv/www/domains/app.mydomain.com;
>   
>   index index.php;
> 
>   access_log /var/log/nginx/domains/app.mydomain.com/access.log;
>   error_log /var/log/nginx/domains/app.mydomain.com/error.log;
> 
>   include /etc/nginx/excludes.conf;
> 
>   location ~ ^[^.]+$ {
>     try_files $uri =404;

As I understand the requested file does not exist on file system,
so try_files cannot find it and returns 404. The try_files is not
needed here.

>     fastcgi_param SCRIPT_FILENAME $document_root/controller.php;
>     fastcgi_param PATH_INFO $uri;
>     fastcgi_intercept_errors on;
>     fastcgi_pass 127.0.0.1:9000;
>     include /etc/nginx/fastcgi_params;
>   }
> 
>   #Needed for standard php files which end with the .php extension
>   include /etc/nginx/php.conf;
> 
>   include /etc/nginx/expires.conf;
> }


-- 
Igor Sysoev


From nginx-forum at nginx.us  Thu Jul 26 05:00:09 2012
From: nginx-forum at nginx.us (justin)
Date: Thu, 26 Jul 2012 01:00:09 -0400 (EDT)
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <20120726043114.GA52212@nginx.com>
References: <20120726043114.GA52212@nginx.com>
Message-ID: <b07ee3f864ae016dda7063104dd4304c.NginxMailingListEnglish@forum.nginx.org>

Once again, thanks Igor.

Removed the try_files and now I am getting:

Status: HTTP/1.1 403 Forbidden
Server:	nginx/1.2.2	
Date:	Thu, 26 Jul 2012 04:58:09 GMT	
Content-Type:	text/html	
Transfer-Encoding:	chunked	
Connection:	close	
X-Powered-By:	PHP/5.4.5

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228909,228982#msg-228982


From edho at myconan.net  Thu Jul 26 05:55:41 2012
From: edho at myconan.net (Edho Arief)
Date: Thu, 26 Jul 2012 12:55:41 +0700
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <b07ee3f864ae016dda7063104dd4304c.NginxMailingListEnglish@forum.nginx.org>
References: <20120726043114.GA52212@nginx.com>
 <b07ee3f864ae016dda7063104dd4304c.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAAtReCnY=smkMtbm4FprJsdNLFL9_Eqmze+_iyojkv=7fM7qYA@mail.gmail.com>

On Thu, Jul 26, 2012 at 12:00 PM, justin <nginx-forum at nginx.us> wrote:
> Once again, thanks Igor.
>
> Removed the try_files and now I am getting:
>
> Status: HTTP/1.1 403 Forbidden
> Server: nginx/1.2.2
> Date:   Thu, 26 Jul 2012 04:58:09 GMT
> Content-Type:   text/html
> Transfer-Encoding:      chunked
> Connection:     close
> X-Powered-By:   PHP/5.4.5
>

Try setting fastcgi_intercept_errors to off to see what returned by php.


From nginx-forum at nginx.us  Thu Jul 26 06:05:14 2012
From: nginx-forum at nginx.us (justin)
Date: Thu, 26 Jul 2012 02:05:14 -0400 (EDT)
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <CAAtReCnY=smkMtbm4FprJsdNLFL9_Eqmze+_iyojkv=7fM7qYA@mail.gmail.com>
References: <CAAtReCnY=smkMtbm4FprJsdNLFL9_Eqmze+_iyojkv=7fM7qYA@mail.gmail.com>
Message-ID: <797f1d925f6bd766edf53cb4e5017eab.NginxMailingListEnglish@forum.nginx.org>

Same thing. Access denied.

Thanks.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228909,228984#msg-228984


From edho at myconan.net  Thu Jul 26 06:10:30 2012
From: edho at myconan.net (Edho Arief)
Date: Thu, 26 Jul 2012 13:10:30 +0700
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <797f1d925f6bd766edf53cb4e5017eab.NginxMailingListEnglish@forum.nginx.org>
References: <CAAtReCnY=smkMtbm4FprJsdNLFL9_Eqmze+_iyojkv=7fM7qYA@mail.gmail.com>
 <797f1d925f6bd766edf53cb4e5017eab.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAAtReCk1HyP5T9FcJx5VWQNASkyiEvjONOVhQ8ptshUn6y7VYA@mail.gmail.com>

On Thu, Jul 26, 2012 at 1:05 PM, justin <nginx-forum at nginx.us> wrote:
> Same thing. Access denied.
>

Make sure the file is readable by user of php process.


From nginx-forum at nginx.us  Thu Jul 26 07:04:08 2012
From: nginx-forum at nginx.us (justin)
Date: Thu, 26 Jul 2012 03:04:08 -0400 (EDT)
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <CAAtReCk1HyP5T9FcJx5VWQNASkyiEvjONOVhQ8ptshUn6y7VYA@mail.gmail.com>
References: <CAAtReCk1HyP5T9FcJx5VWQNASkyiEvjONOVhQ8ptshUn6y7VYA@mail.gmail.com>
Message-ID: <3a3754c7845c526ec8a47f49f63378f0.NginxMailingListEnglish@forum.nginx.org>

Edho,

Confirmed the entire directory is owned by the php-fpm user 'php`.
Should not have any permission issues.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228909,228987#msg-228987


From edho at myconan.net  Thu Jul 26 07:11:27 2012
From: edho at myconan.net (Edho Arief)
Date: Thu, 26 Jul 2012 14:11:27 +0700
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <3a3754c7845c526ec8a47f49f63378f0.NginxMailingListEnglish@forum.nginx.org>
References: <CAAtReCk1HyP5T9FcJx5VWQNASkyiEvjONOVhQ8ptshUn6y7VYA@mail.gmail.com>
 <3a3754c7845c526ec8a47f49f63378f0.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAAtReCmYBKzvhkW1BvgpF563E+aprNgeyUV1vsjvMoiQYyV6GA@mail.gmail.com>

On Thu, Jul 26, 2012 at 2:04 PM, justin <nginx-forum at nginx.us> wrote:
> Edho,
>
> Confirmed the entire directory is owned by the php-fpm user 'php`.
> Should not have any permission issues.
>

how about

sudo -u php ls /path/to/php/file.php

?


From nginx-forum at nginx.us  Thu Jul 26 07:23:00 2012
From: nginx-forum at nginx.us (justin)
Date: Thu, 26 Jul 2012 03:23:00 -0400 (EDT)
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <CAAtReCmYBKzvhkW1BvgpF563E+aprNgeyUV1vsjvMoiQYyV6GA@mail.gmail.com>
References: <CAAtReCmYBKzvhkW1BvgpF563E+aprNgeyUV1vsjvMoiQYyV6GA@mail.gmail.com>
Message-ID: <36f55d0ad48daaee412c4ae8df5aacb7.NginxMailingListEnglish@forum.nginx.org>

Yeap, both:

sudo -u php ls /path/to/php/file.php

and 

sudo -u php cat /path/to/php/file.php

Work. However, took a peak at the error log and found this:

2012/07/25 23:05:12 [error] 1040#0: *1 FastCGI sent in stderr: "Access
to the script '/srv/www/domains/app.mydomain.com/' has been denied (see
security.limit_extensions)" while reading response header from upstream,
client: XXX.XXX.XXX.91, server: app.mydomain.com, request: "GET /
HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host:
"app.mydomain.com"

Any idea what that means?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228909,228990#msg-228990


From appa at perusio.net  Thu Jul 26 07:36:37 2012
From: appa at perusio.net (=?UTF-8?B?QW50w7NuaW8=?= P. P. Almeida)
Date: Thu, 26 Jul 2012 09:36:37 +0200
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <36f55d0ad48daaee412c4ae8df5aacb7.NginxMailingListEnglish@forum.nginx.org>
References: <CAAtReCmYBKzvhkW1BvgpF563E+aprNgeyUV1vsjvMoiQYyV6GA@mail.gmail.com>
 <36f55d0ad48daaee412c4ae8df5aacb7.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <87mx2nug6y.wl%appa@perusio.net>

On 26 Jul 2012 09h23 CEST, nginx-forum at nginx.us wrote:

> Yeap, both:
>
> sudo -u php ls /path/to/php/file.php
>
> and 
>
> sudo -u php cat /path/to/php/file.php
>
> Work. However, took a peak at the error log and found this:
>
> 2012/07/25 23:05:12 [error] 1040#0: *1 FastCGI sent in stderr:
> "Access to the script '/srv/www/domains/app.mydomain.com/' has been
> denied (see security.limit_extensions)" while reading response
> header from upstream, client: XXX.XXX.XXX.91, server:
> app.mydomain.com, request: "GET / HTTP/1.1", upstream:
> "fastcgi://127.0.0.1:9000", host: "app.mydomain.com"
>
> Any idea what that means?

Yes. It means that the file that you're trying to access has an
extension that your PHP runtime config forbids. You must enable that
extension by setting the security.limit_extensions parameter.

--- appa






> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,228909,228990#msg-228990
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From nginx-forum at nginx.us  Thu Jul 26 07:42:42 2012
From: nginx-forum at nginx.us (justin)
Date: Thu, 26 Jul 2012 03:42:42 -0400 (EDT)
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <87mx2nug6y.wl%appa@perusio.net>
References: <87mx2nug6y.wl%appa@perusio.net>
Message-ID: <cd51fe12236b752cfb1c8652b457507f.NginxMailingListEnglish@forum.nginx.org>

Humm, well all the files have a .php extension in reality, but the
entire point of this is to generate "permalinks" or pretty urls like:

http://app.mydomain.com/add-person

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228909,228992#msg-228992


From edho at myconan.net  Thu Jul 26 07:47:21 2012
From: edho at myconan.net (Edho Arief)
Date: Thu, 26 Jul 2012 14:47:21 +0700
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <36f55d0ad48daaee412c4ae8df5aacb7.NginxMailingListEnglish@forum.nginx.org>
References: <CAAtReCmYBKzvhkW1BvgpF563E+aprNgeyUV1vsjvMoiQYyV6GA@mail.gmail.com>
 <36f55d0ad48daaee412c4ae8df5aacb7.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAAtReCk4UEpZocnQ1N-za2r-5+_ynVh-gFENOd9voc=umjvVrQ@mail.gmail.com>

On Thu, Jul 26, 2012 at 2:23 PM, justin <nginx-forum at nginx.us> wrote:
> Yeap, both:
>
> sudo -u php ls /path/to/php/file.php
>
> and
>
> sudo -u php cat /path/to/php/file.php
>
> Work. However, took a peak at the error log and found this:
>
> 2012/07/25 23:05:12 [error] 1040#0: *1 FastCGI sent in stderr: "Access
> to the script '/srv/www/domains/app.mydomain.com/' has been denied (see
> security.limit_extensions)" while reading response header from upstream,
> client: XXX.XXX.XXX.91, server: app.mydomain.com, request: "GET /
> HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host:
> "app.mydomain.com"
>
> Any idea what that means?
>

try adding

fastcgi_param SCRIPT_NAME /controller.php;

to the location ~ ^[^.]+$ block.


From ne at vbart.ru  Thu Jul 26 09:24:37 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Thu, 26 Jul 2012 13:24:37 +0400
Subject: SPDY compilation fail - Warnings
In-Reply-To: <25f6e6fa8c4340c7f53aa037266146c4.NginxMailingListEnglish@forum.nginx.org>
References: <25f6e6fa8c4340c7f53aa037266146c4.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <201207261324.37735.ne@vbart.ru>

On Thursday 26 July 2012 07:52:20 DenisTRUFFAUT wrote:
> Hi,
> 
> SPDY compilation fails for me, due to some warnings.
> The compilation script which fails could be seen here, syntaxically
> colored :
> http://pastebin.com/wkqA4d8g
> 

What are the warnings you are getting?

 wbr, Valentin V. Bartenev


From nginx-forum at nginx.us  Thu Jul 26 09:58:06 2012
From: nginx-forum at nginx.us (ogray)
Date: Thu, 26 Jul 2012 05:58:06 -0400 (EDT)
Subject: Logging response body
In-Reply-To: <CAP3NOBmYkWNmP4oDMBQugWNCok1hi3j8+gHe41=W4zELtLAq4g@mail.gmail.com>
References: <CAP3NOBmYkWNmP4oDMBQugWNCok1hi3j8+gHe41=W4zELtLAq4g@mail.gmail.com>
Message-ID: <35ce63bc95fe86877de7a14ff2f6c75e.NginxMailingListEnglish@forum.nginx.org>

I have the same question. Need kind of log with request info and
response headers+body

Anyone?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,226071,228997#msg-228997


From nginx-forum at nginx.us  Thu Jul 26 13:13:27 2012
From: nginx-forum at nginx.us (DenisTRUFFAUT)
Date: Thu, 26 Jul 2012 09:13:27 -0400 (EDT)
Subject: SPDY compilation fail - Warnings
In-Reply-To: <201207261324.37735.ne@vbart.ru>
References: <201207261324.37735.ne@vbart.ru>
Message-ID: <16325881d7662d1fecb40ea2ec22645d.NginxMailingListEnglish@forum.nginx.org>

cc1: warnings being treated as errors
src/http/ngx_http_request.c: In function
?ngx_http_ssl_handshake_handler?:
src/http/ngx_http_request.c:635: error: implicit declaration of function
?SSL_get0_next_proto_negotiated?
make[1]: *** [objs/src/http/ngx_http_request.o] Erreur 1
make[1]: quittant le r?pertoire ? /usr/local/src/nginx-1.3.2 ?
make: *** [build] Erreur 2

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228980,229000#msg-229000


From nginx-forum at nginx.us  Thu Jul 26 13:21:03 2012
From: nginx-forum at nginx.us (DenisTRUFFAUT)
Date: Thu, 26 Jul 2012 09:21:03 -0400 (EDT)
Subject: SPDY compilation fail - Warnings
In-Reply-To: <16325881d7662d1fecb40ea2ec22645d.NginxMailingListEnglish@forum.nginx.org>
References: <201207261324.37735.ne@vbart.ru>
 <16325881d7662d1fecb40ea2ec22645d.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <a7f1efde13ada7d99b02cdf9c0f24aa3.NginxMailingListEnglish@forum.nginx.org>

The complete compilation log could be found here :
http://pastebin.com/CzpEeCt8

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228980,229001#msg-229001


From ne at vbart.ru  Thu Jul 26 13:56:22 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Thu, 26 Jul 2012 17:56:22 +0400
Subject: SPDY compilation fail - Warnings
In-Reply-To: <16325881d7662d1fecb40ea2ec22645d.NginxMailingListEnglish@forum.nginx.org>
References: <201207261324.37735.ne@vbart.ru>
 <16325881d7662d1fecb40ea2ec22645d.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <201207261756.22456.ne@vbart.ru>

On Thursday 26 July 2012 17:13:27 DenisTRUFFAUT wrote:
> cc1: warnings being treated as errors
> src/http/ngx_http_request.c: In function
> ?ngx_http_ssl_handshake_handler?:
> src/http/ngx_http_request.c:635: error: implicit declaration of function
> ?SSL_get0_next_proto_negotiated?
> make[1]: *** [objs/src/http/ngx_http_request.o] Erreur 1
> make[1]: quittant le r?pertoire ? /usr/local/src/nginx-1.3.2 ?
> make: *** [build] Erreur 2
> 

http://nginx.org/patches/spdy/README.txt

The version of the OpenSSL library must be 1.0.1 or above. Older versions do
not support the Next Protocol Negations extension which is required for SPDY.

 wbr, Valentin V. Bartenev


From i.hailperin at heinlein-support.de  Thu Jul 26 14:48:45 2012
From: i.hailperin at heinlein-support.de (Isaac Hailperin)
Date: Thu, 26 Jul 2012 16:48:45 +0200
Subject: proxy, upstream, apache vhosts not working
Message-ID: <501158CD.8040706@heinlein-support.de>

Hi,

I want to configure nginx as a proxy to a bunch of apaches, all serving 
the same multiple websites via vhosts.

I had it working with something like
         location  ~* \.(jpg|gif|png|css|js) {
                 try_files $uri @proxy;
         }
         location @proxy {
                proxy_pass http://www.acme.net;
         }
         location / {
                proxy_pass http://www.acme.net;
}

in my server section.
But this only asked a single apache, the one configured in /etc/hosts 
for http://www.acme.net.

Now I am trying to use all of my apaches. I defined an upstream block 
like this:
         upstream backend-all-apaches {
                 server 10.10.1.25;
                 server 10.10.1.26;
                 server 10.10.1.27;
                 server 10.10.1.28;
                 server 10.10.1.15;
                 server 10.10.1.18;
                 server 10.10.1.20;
         }
         proxy_set_header        Host            $host;

And the following in my server block:
           location @proxy {
                 proxy_pass http://backend-all-apaches;
         }
All I get in my browser is a default page that also gets deliverd when I 
call http://10.10.1.25 in my browser. So I assume the apaches don't get 
the right host value in the http header. I thought that
         proxy_set_header        Host            $host;
would solve this problem, but apprently it does not.

What am I doing wrong here, or what else could I try?

Isaac


From ne at vbart.ru  Thu Jul 26 15:42:36 2012
From: ne at vbart.ru (Valentin V. Bartenev)
Date: Thu, 26 Jul 2012 19:42:36 +0400
Subject: proxy, upstream, apache vhosts not working
In-Reply-To: <501158CD.8040706@heinlein-support.de>
References: <501158CD.8040706@heinlein-support.de>
Message-ID: <201207261942.36999.ne@vbart.ru>

On Thursday 26 July 2012 18:48:45 Isaac Hailperin wrote:
> Hi,
> 
> I want to configure nginx as a proxy to a bunch of apaches, all serving
> the same multiple websites via vhosts.
> 
> I had it working with something like
>          location  ~* \.(jpg|gif|png|css|js) {
>                  try_files $uri @proxy;
>          }
>          location @proxy {
>                 proxy_pass http://www.acme.net;
>          }
>          location / {
>                 proxy_pass http://www.acme.net;
> }
> 
> in my server section.
> But this only asked a single apache, the one configured in /etc/hosts
> for http://www.acme.net.
> 
> Now I am trying to use all of my apaches. I defined an upstream block
> like this:
>          upstream backend-all-apaches {
>                  server 10.10.1.25;
>                  server 10.10.1.26;
>                  server 10.10.1.27;
>                  server 10.10.1.28;
>                  server 10.10.1.15;
>                  server 10.10.1.18;
>                  server 10.10.1.20;
>          }
>          proxy_set_header        Host            $host;
> 
> And the following in my server block:
>            location @proxy {
>                  proxy_pass http://backend-all-apaches;
>          }
> All I get in my browser is a default page that also gets deliverd when I
> call http://10.10.1.25 in my browser. So I assume the apaches don't get
> the right host value in the http header. I thought that
>          proxy_set_header        Host            $host;
> would solve this problem, but apprently it does not.
> 
> What am I doing wrong here, or what else could I try?
> 

Is the above configuration is exactly what you're actually use?

 wbr, Valentin V. Bartenev


From nginx-forum at nginx.us  Thu Jul 26 15:59:04 2012
From: nginx-forum at nginx.us (DenisTRUFFAUT)
Date: Thu, 26 Jul 2012 11:59:04 -0400 (EDT)
Subject: SPDY compilation fail - Warnings
In-Reply-To: <a7f1efde13ada7d99b02cdf9c0f24aa3.NginxMailingListEnglish@forum.nginx.org>
References: <201207261324.37735.ne@vbart.ru>
 <16325881d7662d1fecb40ea2ec22645d.NginxMailingListEnglish@forum.nginx.org>
 <a7f1efde13ada7d99b02cdf9c0f24aa3.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <142d4f437c344a1d792472975b11c9e5.NginxMailingListEnglish@forum.nginx.org>

Compilation is a success. \o/

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228980,229011#msg-229011


From jaderhs5 at gmail.com  Thu Jul 26 16:37:10 2012
From: jaderhs5 at gmail.com (Jader H. Silva)
Date: Thu, 26 Jul 2012 13:37:10 -0300
Subject: Limit zone state size
Message-ID: <CAKy9XyDdwctrh2LcY-fVMu7ka_VcCcjmDJsARPQJERH+BxuOFg@mail.gmail.com>

Hello.
I've been reading the limit zone documentation and it seems there's some
ambiguity about the size of states.
There are some mentions in the docs about states being 32 or 64 bytes in
size (256/512 bits), but there's also this sentence:

"can keep about 32 thousand 32-bit states, and about 16 thousand 64-byte
states"

So, limit zone states are kept in 32/64 bits or 32/64 bytes (256/512 bits)?

http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_zone

Jader H. Silva
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120726/38a12fdb/attachment.html>

From mdounin at mdounin.ru  Thu Jul 26 21:31:06 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 27 Jul 2012 01:31:06 +0400
Subject: Limit zone state size
In-Reply-To: <CAKy9XyDdwctrh2LcY-fVMu7ka_VcCcjmDJsARPQJERH+BxuOFg@mail.gmail.com>
References: <CAKy9XyDdwctrh2LcY-fVMu7ka_VcCcjmDJsARPQJERH+BxuOFg@mail.gmail.com>
Message-ID: <20120726213105.GW31671@mdounin.ru>

Hello!

On Thu, Jul 26, 2012 at 01:37:10PM -0300, Jader H. Silva wrote:

> Hello.
> I've been reading the limit zone documentation and it seems there's some
> ambiguity about the size of states.
> There are some mentions in the docs about states being 32 or 64 bytes in
> size (256/512 bits), but there's also this sentence:
> 
> "can keep about 32 thousand 32-bit states, and about 16 thousand 64-byte
> states"
> 
> So, limit zone states are kept in 32/64 bits or 32/64 bytes (256/512 bits)?
> 
> http://nginx.org/en/docs/http/ngx_http_limit_conn_module.html#limit_zone

>From previous sentences and numbers in the one in question it 
should be clear enough that it's 32 bytes, not bits.  That was 
just typo, fixed, thanks.

Maxim Dounin


From nginx-forum at nginx.us  Fri Jul 27 00:52:15 2012
From: nginx-forum at nginx.us (justin)
Date: Thu, 26 Jul 2012 20:52:15 -0400 (EDT)
Subject: Convert lighttpd rewrite rule to nginx
In-Reply-To: <CAAtReCk4UEpZocnQ1N-za2r-5+_ynVh-gFENOd9voc=umjvVrQ@mail.gmail.com>
References: <CAAtReCk4UEpZocnQ1N-za2r-5+_ynVh-gFENOd9voc=umjvVrQ@mail.gmail.com>
Message-ID: <a9bf2863fa81b9800a7a6704e2434812.NginxMailingListEnglish@forum.nginx.org>

Same thing, access denied. How does Wordpress and PHP 5.4 with Nginx
work with permalinks? It would seem it would have the same problem since
the paths are like:

http://www.my-wordpress-domain.com/some/blog/post

Thanks for the assistance Edho.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228909,229020#msg-229020


From henson at acm.org  Fri Jul 27 01:24:03 2012
From: henson at acm.org (Paul B. Henson)
Date: Thu, 26 Jul 2012 18:24:03 -0700
Subject: Literal newlines dumped to error log when %0a in URL
Message-ID: <20120727012403.GH19210@bender.unx.csupomona.edu>

I noticed that when a %0a exists in the URL, nginx includes a literal
newline in the error_log when logging a file not found:

-----
2012/07/26 17:24:14 [error] 5478#0: *8 "/var/www/localhost/htdocs/


html/index.html" is not found (2: No such file or directory), client:
1.2.3.4, server: , request: "GET /%0a%0a%0ahtml/ HTTP/1.1", host:
"test.example.com"
-----

This wreaks havoc with my log monitoring utility 8-/.

It seems desirable to escape the newline in the log message? I tested
with the latest 1.2.2. Is there any way with the existing configuration
options to make this not happen, or any interest in updating the logging
module to handle this situation differently?

Thanks...


From i.hailperin at heinlein-support.de  Fri Jul 27 08:45:27 2012
From: i.hailperin at heinlein-support.de (Isaac Hailperin)
Date: Fri, 27 Jul 2012 10:45:27 +0200
Subject: proxy, upstream, apache vhosts not working
In-Reply-To: <201207261942.36999.ne@vbart.ru>
References: <501158CD.8040706@heinlein-support.de>
 <201207261942.36999.ne@vbart.ru>
Message-ID: <50125527.70905@heinlein-support.de>



On 07/26/2012 05:42 PM, Valentin V. Bartenev wrote:
> On Thursday 26 July 2012 18:48:45 Isaac Hailperin wrote:
>> Hi,
>>
>> I want to configure nginx as a proxy to a bunch of apaches, all serving
>> the same multiple websites via vhosts.
>>
>> I had it working with something like
>>           location  ~* \.(jpg|gif|png|css|js) {
>>                   try_files $uri @proxy;
>>           }
>>           location @proxy {
>>                  proxy_pass http://www.acme.net;
>>           }
>>           location / {
>>                  proxy_pass http://www.acme.net;
>> }
>>
>> in my server section.
>> But this only asked a single apache, the one configured in /etc/hosts
>> for http://www.acme.net.
>>
>> Now I am trying to use all of my apaches. I defined an upstream block
>> like this:
>>           upstream backend-all-apaches {
>>                   server 10.10.1.25;
>>                   server 10.10.1.26;
>>                   server 10.10.1.27;
>>                   server 10.10.1.28;
>>                   server 10.10.1.15;
>>                   server 10.10.1.18;
>>                   server 10.10.1.20;
>>           }
>>           proxy_set_header        Host            $host;
>>
>> And the following in my server block:
>>             location @proxy {
>>                   proxy_pass http://backend-all-apaches;
>>           }
>> All I get in my browser is a default page that also gets deliverd when I
>> call http://10.10.1.25 in my browser. So I assume the apaches don't get
>> the right host value in the http header. I thought that
>>           proxy_set_header        Host            $host;
>> would solve this problem, but apprently it does not.
>>
>> What am I doing wrong here, or what else could I try?
>>
>
> Is the above configuration is exactly what you're actually use?
Almost. I changed IPs and servername, the rest is the same.

Isaac


From nginx-forum at nginx.us  Fri Jul 27 08:49:41 2012
From: nginx-forum at nginx.us (amodpandey)
Date: Fri, 27 Jul 2012 04:49:41 -0400 (EDT)
Subject: suggestions on scaling with nginx
Message-ID: <4f72683dd4eda56e5a5998113a446eb2.NginxMailingListEnglish@forum.nginx.org>

Hi ,

I have various upsteram configurations. I want to add or remove servers
(scale up or down) from the upstream based on some parameters. Please
provide your suggestions.

One way that I think of is to update the upstream conf and perform a
SIGHUP. Does not feel very good about it as I have to do it say 5 times
a day and it the my main LB.

Thanks
Amod

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,229028,229028#msg-229028


From i.hailperin at heinlein-support.de  Fri Jul 27 09:15:21 2012
From: i.hailperin at heinlein-support.de (Isaac Hailperin)
Date: Fri, 27 Jul 2012 11:15:21 +0200
Subject: proxy, upstream, apache vhosts not working
In-Reply-To: <50125527.70905@heinlein-support.de>
References: <501158CD.8040706@heinlein-support.de>
 <201207261942.36999.ne@vbart.ru> <50125527.70905@heinlein-support.de>
Message-ID: <50125C29.6010203@heinlein-support.de>

So I finally found the reason: the nginx cache bit me :)
First I did not have the line
           proxy_set_header        Host            $host;
which got me that default page into my cache. Any subsequent
calls pulled that default page, since nginx does not know that
its just a default page I guess. So any changes I made to the config did 
not change the cache. Once I removed the cache, the config line
stated above did the trick.

I noticed this because when I came back to work this morning it 
suddently was working. So I tried to change the config and see what
it was, and was stuck again with the default page.
I then started tcpdump to see what the header would look like that got 
send to apache. I realized that nothing got send to apache, which lead
me to the conclusion that nginx was serving out of cache. Removing
the cache did the trick.

Sorry for bothering you.

Isaac


On 07/27/2012 10:45 AM, Isaac Hailperin wrote:
>
>
> On 07/26/2012 05:42 PM, Valentin V. Bartenev wrote:
>> On Thursday 26 July 2012 18:48:45 Isaac Hailperin wrote:
>>> Hi,
>>>
>>> I want to configure nginx as a proxy to a bunch of apaches, all serving
>>> the same multiple websites via vhosts.
>>>
>>> I had it working with something like
>>>           location  ~* \.(jpg|gif|png|css|js) {
>>>                   try_files $uri @proxy;
>>>           }
>>>           location @proxy {
>>>                  proxy_pass http://www.acme.net;
>>>           }
>>>           location / {
>>>                  proxy_pass http://www.acme.net;
>>> }
>>>
>>> in my server section.
>>> But this only asked a single apache, the one configured in /etc/hosts
>>> for http://www.acme.net.
>>>
>>> Now I am trying to use all of my apaches. I defined an upstream block
>>> like this:
>>>           upstream backend-all-apaches {
>>>                   server 10.10.1.25;
>>>                   server 10.10.1.26;
>>>                   server 10.10.1.27;
>>>                   server 10.10.1.28;
>>>                   server 10.10.1.15;
>>>                   server 10.10.1.18;
>>>                   server 10.10.1.20;
>>>           }
>>>           proxy_set_header        Host            $host;
>>>
>>> And the following in my server block:
>>>             location @proxy {
>>>                   proxy_pass http://backend-all-apaches;
>>>           }
>>> All I get in my browser is a default page that also gets deliverd when I
>>> call http://10.10.1.25 in my browser. So I assume the apaches don't get
>>> the right host value in the http header. I thought that
>>>           proxy_set_header        Host            $host;
>>> would solve this problem, but apprently it does not.
>>>
>>> What am I doing wrong here, or what else could I try?
>>>
>>
>> Is the above configuration is exactly what you're actually use?
> Almost. I changed IPs and servername, the rest is the same.
>
> Isaac
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From r at roze.lv  Fri Jul 27 09:15:41 2012
From: r at roze.lv (Reinis Rozitis)
Date: Fri, 27 Jul 2012 12:15:41 +0300
Subject: suggestions on scaling with nginx
In-Reply-To: <4f72683dd4eda56e5a5998113a446eb2.NginxMailingListEnglish@forum.nginx.org>
References: <4f72683dd4eda56e5a5998113a446eb2.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <F23F2D5E881F4C2D925083F9523D34BE@DD21>

> One way that I think of is to update the upstream conf and perform a SIGHUP. Does not feel very good about it as I have to do it 
> say 5 times a day and it the my main LB.


Why do you have to change upstreams 5 times a day?

p.s. nginx config reload is seamless


rr 


From mdounin at mdounin.ru  Fri Jul 27 09:37:54 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 27 Jul 2012 13:37:54 +0400
Subject: suggestions on scaling with nginx
In-Reply-To: <4f72683dd4eda56e5a5998113a446eb2.NginxMailingListEnglish@forum.nginx.org>
References: <4f72683dd4eda56e5a5998113a446eb2.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120727093754.GZ31671@mdounin.ru>

Hello!

On Fri, Jul 27, 2012 at 04:49:41AM -0400, amodpandey wrote:

> I have various upsteram configurations. I want to add or remove servers
> (scale up or down) from the upstream based on some parameters. Please
> provide your suggestions.
> 
> One way that I think of is to update the upstream conf and perform a
> SIGHUP. Does not feel very good about it as I have to do it say 5 times
> a day and it the my main LB.

Changing config and doing a reload is ok as long as you don't do 
it more often than old worker processes exit.  Something like 5 
times a day should be ok (as long as you don't have very long 
running requests).

Note though: if configuration will be reloaded automatically, it 
may be a good idea to somehow make sure it won't happen in the 
middle of some manual edit of the config.  As long as the config 
is invalid from syntax point of view, nginx will reject it and 
continue to work with an old configuration, but bad things might 
happen if the config is valid but just wrong.

Maxim Dounin


From phanquochien at gmail.com  Fri Jul 27 09:45:34 2012
From: phanquochien at gmail.com (Hien Phan)
Date: Fri, 27 Jul 2012 16:45:34 +0700
Subject: ModSecurity for Nginx launched at Black Hat
Message-ID: <CAMwoMPRuUFC9rTf16s+mxF5vW=+dQGzm+5f2=rZL5fZDfRQbMA@mail.gmail.com>

Hello nginx users,

Good news for nginx, ModSecurity for nginx is coming, you can read more
information about it in following links:

http://www.h-online.com/open/news/item/ModSecurity-for-IIS-and-Nginx-launched-at-Black-Hat-1654077.html
http://blog.spiderlabs.com/2012/07/beyond-apache-modsecurity-for-iisnginx.html

-- 
Best regards,
Phan Quoc Hien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120727/d6b48d7f/attachment.html>

From yashgt at gmail.com  Fri Jul 27 12:12:17 2012
From: yashgt at gmail.com (Yash Ganthe)
Date: Fri, 27 Jul 2012 17:42:17 +0530
Subject: How to redirect internally?
Message-ID: <CALPMVvNantVTPU8gLfA6CUR+ghevqrjz=jb6JK2OzN31R1Lhag@mail.gmail.com>

Hi,

I have created a config so that a URL like
www.mysite.com/abc/electronics.html is rewritten as
www.mysite.com/index.php/electronics.html?store=abc.

This is what I see in Mozilla Firebug


GET abc/electronics.html

301 Moved Permanently


GET index.php/electronics.html?store=abc

200 OK

What is annoying is that the browser now shows the rewritten URL and not
the pretty URL. How can we ensure that the redirection happens only
internally?

Thanks,
Yash
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120727/b0deaf03/attachment.html>

From contact at jpluscplusm.com  Fri Jul 27 12:22:29 2012
From: contact at jpluscplusm.com (Jonathan Matthews)
Date: Fri, 27 Jul 2012 13:22:29 +0100
Subject: How to redirect internally?
In-Reply-To: <CALPMVvNantVTPU8gLfA6CUR+ghevqrjz=jb6JK2OzN31R1Lhag@mail.gmail.com>
References: <CALPMVvNantVTPU8gLfA6CUR+ghevqrjz=jb6JK2OzN31R1Lhag@mail.gmail.com>
Message-ID: <CAKsTx7Dx11N2Qj6tSFd_Z2TrK-M8rJ4A8AhRwJ5_gMaYFWqaXw@mail.gmail.com>

On 27 July 2012 13:12, Yash Ganthe <yashgt at gmail.com> wrote:
> Hi,
>
> I have created a config so that a URL like
> www.mysite.com/abc/electronics.html is rewritten as
> www.mysite.com/index.php/electronics.html?store=abc.
>
> This is what I see in Mozilla Firebug
>
> GET abc/electronics.html
> 301 Moved Permanently
>
> GET index.php/electronics.html?store=abc
> 200 OK
>
> What is annoying is that the browser now shows the rewritten URL and not the
> pretty URL. How can we ensure that the redirection happens only internally?

If you're rewriting from/to inside the same server{} stanza, you can
investigate using the "last" flag in the rewrite documentation:
http://nginx.org/r/rewrite

I don't know how you can achieve this across different server{}s (with
the obvious proviso that you can have more than one server_name in a
server{}).

HTH,
Jonathan
-- 
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html


From francis at daoine.org  Fri Jul 27 12:33:35 2012
From: francis at daoine.org (Francis Daly)
Date: Fri, 27 Jul 2012 13:33:35 +0100
Subject: How to redirect internally?
In-Reply-To: <CALPMVvNantVTPU8gLfA6CUR+ghevqrjz=jb6JK2OzN31R1Lhag@mail.gmail.com>
References: <CALPMVvNantVTPU8gLfA6CUR+ghevqrjz=jb6JK2OzN31R1Lhag@mail.gmail.com>
Message-ID: <20120727123335.GL14023@craic.sysops.org>

On Fri, Jul 27, 2012 at 05:42:17PM +0530, Yash Ganthe wrote:

Hi there,

> I have created a config so that a URL like
> www.mysite.com/abc/electronics.html is rewritten as
> www.mysite.com/index.php/electronics.html?store=abc.

> What is annoying is that the browser now shows the rewritten URL and not
> the pretty URL. How can we ensure that the redirection happens only
> internally?

http://nginx.org/r/rewrite

rewrites are internal, unless you do something to turn them into redirects
(= external).

What is the rewrite directive you are using? Are are you doing anything
the documentation says makes it become a redirect?

	f
-- 
Francis Daly        francis at daoine.org


From nginx-forum at nginx.us  Fri Jul 27 13:12:15 2012
From: nginx-forum at nginx.us (locojohn)
Date: Fri, 27 Jul 2012 09:12:15 -0400 (EDT)
Subject: Browser shows rewritten URL
In-Reply-To: <CALPMVvP2V-JUgdKSaOgQMO1bt4AkxJ4a5d44CfE-7Tb00kSkbg@mail.gmail.com>
References: <CALPMVvP2V-JUgdKSaOgQMO1bt4AkxJ4a5d44CfE-7Tb00kSkbg@mail.gmail.com>
Message-ID: <f1c892d6112df7a1b0a9a24b5a3d4d5c.NginxMailingListEnglish@forum.nginx.org>

location = /magento_mysite/abc {
  return 301 /magento_mysite/?store=abc;
}

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228933,229037#msg-229037


From nginx-forum at nginx.us  Fri Jul 27 13:25:24 2012
From: nginx-forum at nginx.us (locojohn)
Date: Fri, 27 Jul 2012 09:25:24 -0400 (EDT)
Subject: Condensing Location Directives
In-Reply-To: <0ca68b1b819945b69005ee67c31022c1.NginxMailingListEnglish@forum.nginx.org>
References: <0ca68b1b819945b69005ee67c31022c1.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <7acd443ad6a89307d5d878dc257fc70c.NginxMailingListEnglish@forum.nginx.org>

It's possible to use regex, such as:

location ~ ^/(?<type>[^/]+)/ {
  proxy_pass http://127.0.0.1:8080/$type/;
}

BUT two static (non-regex) locations are faster.

Andrejs

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228898,229038#msg-229038


From nginx-forum at nginx.us  Fri Jul 27 13:49:47 2012
From: nginx-forum at nginx.us (arosolino)
Date: Fri, 27 Jul 2012 09:49:47 -0400 (EDT)
Subject: Condensing Location Directives
In-Reply-To: <0ca68b1b819945b69005ee67c31022c1.NginxMailingListEnglish@forum.nginx.org>
References: <0ca68b1b819945b69005ee67c31022c1.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <f4142da0c197f41d3c0a07ec0d684558.NginxMailingListEnglish@forum.nginx.org>

I agree with you there on speed which I am not willing to sacrifice,
then maybe ill just submit this as a feature request.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228898,229039#msg-229039


From matiasmmontenegro at gmail.com  Fri Jul 27 21:35:00 2012
From: matiasmmontenegro at gmail.com (Matias Montenegro)
Date: Fri, 27 Jul 2012 18:35:00 -0300
Subject: Client browser is not receiving response from server and remains
 waiting for it.
Message-ID: <CAK6vHTCQyNekVoMvoJ1hHyVvJKj_mn3JjtE-jAQ49dvtRfAV6A@mail.gmail.com>

Hello, I'm having weird a problem with nginx.

Sometimes, when I try to access the pages of my dedicated server from my
browser, I receive no response. My browser remains waiting with no stop
(there is no timeout).

I have a dedicated server, with 2 virtual machines. One of them, acts as a
reverse proxy (with nginx), and the other one, acts as a webserver (nginx
too).
I'm tailing the logs. When It happens, logs looks like this:
201.235.64.64 - icarabantes [27/Jul/2012:04:01:16 +0400] "GET
/admin/notification HTTP/1.1" 200 2287 "http://matweb.com/admin/"
"Mozilla/5.0
 (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0"
It throws a 200 response, but my browser has never received it.

The most annoying thing it's that it happens eventually, and then after
many retrials it comes back...
Any ideas???



-- 
Matias
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120727/78b697e8/attachment.html>

From mdounin at mdounin.ru  Fri Jul 27 22:07:52 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Sat, 28 Jul 2012 02:07:52 +0400
Subject: Client browser is not receiving response from server and remains
 waiting for it.
In-Reply-To: <CAK6vHTCQyNekVoMvoJ1hHyVvJKj_mn3JjtE-jAQ49dvtRfAV6A@mail.gmail.com>
References: <CAK6vHTCQyNekVoMvoJ1hHyVvJKj_mn3JjtE-jAQ49dvtRfAV6A@mail.gmail.com>
Message-ID: <20120727220752.GE31671@mdounin.ru>

Hello!

On Fri, Jul 27, 2012 at 06:35:00PM -0300, Matias Montenegro wrote:

> Hello, I'm having weird a problem with nginx.
> 
> Sometimes, when I try to access the pages of my dedicated server from my
> browser, I receive no response. My browser remains waiting with no stop
> (there is no timeout).
> 
> I have a dedicated server, with 2 virtual machines. One of them, acts as a
> reverse proxy (with nginx), and the other one, acts as a webserver (nginx
> too).
> I'm tailing the logs. When It happens, logs looks like this:
> 201.235.64.64 - icarabantes [27/Jul/2012:04:01:16 +0400] "GET
> /admin/notification HTTP/1.1" 200 2287 "http://matweb.com/admin/"
> "Mozilla/5.0
>  (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0"
> It throws a 200 response, but my browser has never received it.
> 
> The most annoying thing it's that it happens eventually, and then after
> many retrials it comes back...
> Any ideas???

I would try to tcpdump what happens on the wire, preferably on 
both ends (i.e. nginx and a client).  From the description above 
it looks like some wierd network problems, probably caused by some 
misbehaving firewall.

Maxim Dounin


From nginx-forum at nginx.us  Sat Jul 28 02:34:16 2012
From: nginx-forum at nginx.us (yhjhoo)
Date: Fri, 27 Jul 2012 22:34:16 -0400 (EDT)
Subject: How to setup window authentication in NGINX
Message-ID: <e495e24f503632b2d34b3e1cfbda3771.NginxMailingListEnglish@forum.nginx.org>

How to setup window authentication in NGINX? I want to use the feature
of NGINX, but I also do not want the user enter the password again

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,229049,229049#msg-229049


From contact at jpluscplusm.com  Sat Jul 28 18:37:16 2012
From: contact at jpluscplusm.com (Jonathan Matthews)
Date: Sat, 28 Jul 2012 19:37:16 +0100
Subject: How to setup window authentication in NGINX
In-Reply-To: <e495e24f503632b2d34b3e1cfbda3771.NginxMailingListEnglish@forum.nginx.org>
References: <e495e24f503632b2d34b3e1cfbda3771.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CAKsTx7DWu53r7Mtu9Wcev-cduu8FVyLzsXtg88UhVvr75FKrfA@mail.gmail.com>

On 28 July 2012 03:34, yhjhoo <nginx-forum at nginx.us> wrote:
> How to setup window authentication in NGINX? I want to use the feature
> of NGINX, but I also do not want the user enter the password again

Assuming you mean "Windows authentication", have a read of
http://forum.nginx.org/read.php?2,72871 , which I found with 30
seconds googling.

Jonathan
-- 
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html


From mat999 at gmail.com  Sun Jul 29 01:35:48 2012
From: mat999 at gmail.com (SplitIce)
Date: Sun, 29 Jul 2012 11:35:48 +1000
Subject: Syslog
In-Reply-To: <CAGxuLK3OuzkVMGpBnDx8YcgrqCCOy-DVC7FSgLqUmJW_8zMmZA@mail.gmail.com>
References: <4F994A1E.7020105@codepedia.eu>
 <a7ca4616fb2d4afce6a64b96733c1881.NginxMailingListEnglish@forum.nginx.org>
 <CAGxuLK3OuzkVMGpBnDx8YcgrqCCOy-DVC7FSgLqUmJW_8zMmZA@mail.gmail.com>
Message-ID: <CALFfGYZs3Y2p+ZofXWDWtW_piOAHs3pw=Fdm8fYe=HBpONOkVQ@mail.gmail.com>

Just thought i would add that support for error logging over syslog would
be great. Udp would be even better as we could send it straight out to the
remote storage and skip the local disk (io). If you need a test for your
module once you write it just let me know.

Although i plan on taking a look at tengines solution since im already
using some of his patches.
On Jul 16, 2012 3:46 PM, "???" <nbubingo at gmail.com> wrote:

> Maybe you can try the patch from Tengine
> (http://tengine.taobao.org/document/http_log.html). We implement the
> syslog protocol which indeed use the UDP socket. It will not block
> Nginx any more.
>
> 2012/7/16 dlang <nginx-forum at nginx.us>:
> > The performance of syslog depends heavily on what implementation you are
> > using. For example, rsyslog has been measured at 1M logs/sec under ideal
> > conditions (and I've used it at over 100K logs/sec). rsyslog is now the
> > default syslog on just about every linux distro. This isn't like the old
> > sysklogd that was could only process one message at a time and blocked
> > everything until it finished processing the message (limiting it to a
> > few hundred logs/sec, even on really good disks)
> >
> > I can understand why you would not want to make logging to syslog be the
> > default, but why are you so opposed to having it as an option?
> >
> > yes, if the syslog daemon dies, things writing to it will block, but if
> > your partition that you are writing logfiles to fills up you will block
> > as well. Deciding how to log, and if blocking on another daemon is
> > acceptable should be up to the system administrator. Sometimes getting a
> > copy of the logs elsewhere in near real-time is worth reducing the peak
> > requests/sec that a box can handle
> >
> > The other approach you could allow someone to submit would be to sent
> > the logs out in real-time via UDP, this will mean that logs are lost if
> > the syslog daemon goes down, but nginx won't block
> >
> > David Lang
> >
> > Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,225811,228603#msg-228603
> >
> > _______________________________________________
> > nginx mailing list
> > nginx at nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120729/3abb27b6/attachment.html>

From yashgt at gmail.com  Sun Jul 29 04:02:42 2012
From: yashgt at gmail.com (Yash Ganthe)
Date: Sun, 29 Jul 2012 09:32:42 +0530
Subject: How to redirect internally?
In-Reply-To: <20120727123335.GL14023@craic.sysops.org>
References: <CALPMVvNantVTPU8gLfA6CUR+ghevqrjz=jb6JK2OzN31R1Lhag@mail.gmail.com>
 <20120727123335.GL14023@craic.sysops.org>
Message-ID: <CALPMVvP98My6csom6=GUjJAFnt99_1ue2+tHXWGTpMz7N=+Uig@mail.gmail.com>

All the rewrites are marked as last. e.g.
rewrite ^/([a-zA-Z]+)(.*) $2?store=$1 last;

On 7/27/12, Francis Daly <francis at daoine.org> wrote:
> On Fri, Jul 27, 2012 at 05:42:17PM +0530, Yash Ganthe wrote:
>
> Hi there,
>
>> I have created a config so that a URL like
>> www.mysite.com/abc/electronics.html is rewritten as
>> www.mysite.com/index.php/electronics.html?store=abc.
>
>> What is annoying is that the browser now shows the rewritten URL and not
>> the pretty URL. How can we ensure that the redirection happens only
>> internally?
>
> http://nginx.org/r/rewrite
>
> rewrites are internal, unless you do something to turn them into redirects
> (= external).
>
> What is the rewrite directive you are using? Are are you doing anything
> the documentation says makes it become a redirect?
>
> 	f
> --
> Francis Daly        francis at daoine.org
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>


From yashgt at gmail.com  Sun Jul 29 06:39:25 2012
From: yashgt at gmail.com (Yash Ganthe)
Date: Sun, 29 Jul 2012 12:09:25 +0530
Subject: No input file specified
Message-ID: <CALPMVvOamauqDU41ge2MzLSVudpdMvDcfRG_-ETmKKG9-y9G5Q@mail.gmail.com>

Hi,

I deploy the application using Capistrano to /var/nginx/www/myapp. The
current code is always at /var/nginx/www/myapp/current.

So I changes the server's root folder to /var/nginx/www/myapp/current
hoping that the location specs would be raktive to this folder. Since
then I get the "No input file specified." error.

I also have fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;

What might be wrong?

Thanks,
Yash


From ian at ianhobson.co.uk  Sun Jul 29 08:15:24 2012
From: ian at ianhobson.co.uk (Ian Hobson)
Date: Sun, 29 Jul 2012 09:15:24 +0100
Subject: How to change the root for testing
Message-ID: <5014F11C.8090803@ianhobson.co.uk>

Hi all,

I want to change the root for location /testing.
How can I do this?

This is what I have in the middle of this server stanza, yet the testing 
reseller is served from the live root. :(

     index index.php index.html index.htm;
     root /home/ian/websites/coachmaster/htsecure;
     # move root for testing reseller
     location /testing {
        root /home/ian/websites/coachmaster/testing;
     }
     # take resellers off the front of path to rs=reseller param
     rewrite ^/(kaleidoscope|chat|Spanish|3MCoach|testing)(.*)$ $2?rs=$1 
last;
     # php to fastcgi
     location ~ \.php$ {
         fastcgi_pass 127.0.0.1:9000;
         fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
         fastcgi_param  HTTPS ON;
         include /etc/nginx/fastcgi_params;
     }

I was actually hoping to switch the root on a per-reseller basis, 
perhaps by testing for a file I can "touch" or delete to switch to the
new configuration, but I can't think how to do that.

Thanks
Ian

(Sorry if this is a duplicate - the first did not appear).


From ian at ianhobson.co.uk  Sun Jul 29 09:02:57 2012
From: ian at ianhobson.co.uk (Ian Hobson)
Date: Sun, 29 Jul 2012 10:02:57 +0100
Subject: Client browser is not receiving response from server and remains
 waiting for it.
In-Reply-To: <CAK6vHTCQyNekVoMvoJ1hHyVvJKj_mn3JjtE-jAQ49dvtRfAV6A@mail.gmail.com>
References: <CAK6vHTCQyNekVoMvoJ1hHyVvJKj_mn3JjtE-jAQ49dvtRfAV6A@mail.gmail.com>
Message-ID: <5014FC41.50508@ianhobson.co.uk>

Hi Matias,

This sounds to me very similar to a problem I have been having recently 
with the latest version of Chrome under Windows 7 64 bit.

For me it was an XMLHTTPRequest would be sent, logged at the server as 
completed, but no reply received.

I an sure it is an intermittent bug in Chrome, but I have been unable to 
reliably reproduce it.

Ian


On 27/07/2012 22:35, Matias Montenegro wrote:
> Hello, I'm having weird a problem with nginx.
>
> Sometimes, when I try to access the pages of my dedicated server from 
> my browser, I receive no response. My browser remains waiting with no 
> stop (there is no timeout).
>
> I have a dedicated server, with 2 virtual machines. One of them, acts 
> as a reverse proxy (with nginx), and the other one, acts as a 
> webserver (nginx too).
> I'm tailing the logs. When It happens, logs looks like this:
> 201.235.64.64 - icarabantes [27/Jul/2012:04:01:16 +0400] "GET 
> /admin/notification HTTP/1.1" 200 2287 "http://matweb.com/admin/" 
> "Mozilla/5.0
>  (X11; Linux i686; rv:12.0) Gecko/20100101 Firefox/12.0"
> It throws a 200 response, but my browser has never received it.
>
> The most annoying thing it's that it happens eventually, and then 
> after many retrials it comes back...
> Any ideas???
>
>
>
> -- 
> Matias
>
>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


-- 
Ian Hobson
31 Sheerwater, Northampton NN3 5HU,
Tel: 01604 513875
Preparing eBooks for Kindle and ePub formats to give the best reader experience.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120729/b038f20d/attachment.html>

From frumentius at gmail.com  Sun Jul 29 10:09:41 2012
From: frumentius at gmail.com (Joe)
Date: Sun, 29 Jul 2012 17:09:41 +0700
Subject: No input file specified
In-Reply-To: <CALPMVvOamauqDU41ge2MzLSVudpdMvDcfRG_-ETmKKG9-y9G5Q@mail.gmail.com>
References: <CALPMVvOamauqDU41ge2MzLSVudpdMvDcfRG_-ETmKKG9-y9G5Q@mail.gmail.com>
Message-ID: <CAPihCJU1S4C9mUzMqmmN4RZESL-jTgp+=Juqe77PWHuq6NFN9g@mail.gmail.com>

Are you using Capistrano with PHP?
No input file specified usually if there is no running PHP there.

Regards,
Joe


On Sun, Jul 29, 2012 at 1:39 PM, Yash Ganthe <yashgt at gmail.com> wrote:

> Hi,
>
> I deploy the application using Capistrano to /var/nginx/www/myapp. The
> current code is always at /var/nginx/www/myapp/current.
>
> So I changes the server's root folder to /var/nginx/www/myapp/current
> hoping that the location specs would be raktive to this folder. Since
> then I get the "No input file specified." error.
>
> I also have fastcgi_param  SCRIPT_FILENAME
>  $document_root$fastcgi_script_name;
>
> What might be wrong?
>
> Thanks,
> Yash
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120729/d79d60f3/attachment-0001.html>

From contact at jpluscplusm.com  Sun Jul 29 10:52:30 2012
From: contact at jpluscplusm.com (Jonathan Matthews)
Date: Sun, 29 Jul 2012 11:52:30 +0100
Subject: How to redirect internally?
In-Reply-To: <CALPMVvP98My6csom6=GUjJAFnt99_1ue2+tHXWGTpMz7N=+Uig@mail.gmail.com>
References: <CALPMVvNantVTPU8gLfA6CUR+ghevqrjz=jb6JK2OzN31R1Lhag@mail.gmail.com>
 <20120727123335.GL14023@craic.sysops.org>
 <CALPMVvP98My6csom6=GUjJAFnt99_1ue2+tHXWGTpMz7N=+Uig@mail.gmail.com>
Message-ID: <CAKsTx7B9zj6sMREqmHD2cEmqp857HgM6UAMPFCmANArNDZDg=Q@mail.gmail.com>

I suggest you show your wider config and some verbose curl -v output
against nginx.

On 29 July 2012 05:02, Yash Ganthe <yashgt at gmail.com> wrote:
> All the rewrites are marked as last. e.g.
> rewrite ^/([a-zA-Z]+)(.*) $2?store=$1 last;
>
> On 7/27/12, Francis Daly <francis at daoine.org> wrote:
>> On Fri, Jul 27, 2012 at 05:42:17PM +0530, Yash Ganthe wrote:
>>
>> Hi there,
>>
>>> I have created a config so that a URL like
>>> www.mysite.com/abc/electronics.html is rewritten as
>>> www.mysite.com/index.php/electronics.html?store=abc.
>>
>>> What is annoying is that the browser now shows the rewritten URL and not
>>> the pretty URL. How can we ensure that the redirection happens only
>>> internally?
>>
>> http://nginx.org/r/rewrite
>>
>> rewrites are internal, unless you do something to turn them into redirects
>> (= external).
>>
>> What is the rewrite directive you are using? Are are you doing anything
>> the documentation says makes it become a redirect?
>>
>>       f
>> --
>> Francis Daly        francis at daoine.org
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx



-- 
Jonathan Matthews
Oxford, London, UK
http://www.jpluscplusm.com/contact.html


From k9157 at operamail.com  Sun Jul 29 16:20:03 2012
From: k9157 at operamail.com (k9157 at operamail.com)
Date: Sun, 29 Jul 2012 09:20:03 -0700
Subject: bot-taming: which rules should apply, and in which order?
Message-ID: <1343578803.10050.140661108047325.49ABC5D2@webmail.messagingengine.com>


I'm attempting to tame (minimize or eliminate) Yandex bot access.

I'd like to understand the application/precedence of the rules I apply.

To my site config I've added

	map $http_user_agent $bad_bot {
		default 0;
		~(Yandex|YandexBot) 1;
	}

	map $http_referrer $bad_referrer {
		default 0;
		~*(yandex) 1;
	}

	valid_referers mydomain.com *.mydomain.com localhost 127.0.0.1
	[::1];

	location / {
		if ($bad_bot)         {return 403;}
		if ($bad_referrer)    {return 403;}
		if ($invalid_referer) {return 444;}
		...
	}

and

	cat /robots.txt
		User-agent: *
		Disallow: /

	cat /robot_ssl.txt
		User-agent: *
		Disallow: /

In my logs I see repeating '444' rejections:

	100.43.83.148 - - [28/Jul/2012:06:02:14 -0500] GET /robots.txt
	HTTP/1.1 "444" 0 "-" "Mozilla/5.0 (compatible; YandexBot/3.0;
	+http://yandex.com/bots)" "-"
	100.43.83.148 - - [28/Jul/2012:06:06:23 -0500] GET /robots.txt
	HTTP/1.1 "444" 0 "-" "Mozilla/5.0 (compatible; YandexBot/3.0;
	+http://yandex.com/bots)" "-"


With my rules above, I'd expect that to be a '403' rejection, as
specified for the "$bad_bot" check.

Why am I seeing the '444' instead of the '403'?


From nginx-forum at nginx.us  Mon Jul 30 01:53:07 2012
From: nginx-forum at nginx.us (chirho)
Date: Sun, 29 Jul 2012 21:53:07 -0400 (EDT)
Subject: The patch of Nginx SSL: PEM pass phrase problem
In-Reply-To: <8c1d65b918b52351b2382a2fa6c5d4ae.NginxMailingListEnglish@forum.nginx.org>
References: <8c1d65b918b52351b2382a2fa6c5d4ae.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <e55d6c5a38629a72f51ed9f4b03f434b.NginxMailingListEnglish@forum.nginx.org>

Hi, there.

it was glad to me at this post, because I have a same problem at now.
but, DL link was broken.

How/Where can I see the patch of this issue?

If anyone have the patch, can u send me email?

thank you.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,214641,229085#msg-229085


From nginx-forum at nginx.us  Mon Jul 30 05:46:19 2012
From: nginx-forum at nginx.us (yashgt)
Date: Mon, 30 Jul 2012 01:46:19 -0400 (EDT)
Subject: No input file specified
In-Reply-To: <CALPMVvOamauqDU41ge2MzLSVudpdMvDcfRG_-ETmKKG9-y9G5Q@mail.gmail.com>
References: <CALPMVvOamauqDU41ge2MzLSVudpdMvDcfRG_-ETmKKG9-y9G5Q@mail.gmail.com>
Message-ID: <85e57f6cee6bb8076acf0a0896c27cfa.NginxMailingListEnglish@forum.nginx.org>

When I access http://localhost:82/index.php
I get "No input file specified."

I have php running using:
php-cgi -b 127.0.0.1:9000

My conf file is:
    server {
        listen 82 default;
    ## SSL directives might go here
        
		server_name localhost 127.0.0.1 *;

        root /cygdrive/e/xampp/htdocs/getit/src/myapp;
		error_log /cygdrive/e/nginx.error.log notice;
		access_log /cygdrive/e/nginx.access.log ;
	
		rewrite_log on;
        
        location / {
            index index.html index.php; ## Allow a static html file to
be shown first
            try_files $uri $uri/ @magehandler; ## If missing pass the
URI to Magento's front handler
        }
     
        ## These locations would be hidden by .htaccess normally
        location ^~ /app/                { deny all; }
        location ^~ /includes/           { deny all; }
        location ^~ /lib/                { deny all; }
        location ^~ /media/downloadable/ { deny all; }
        location ^~ /pkginfo/            { deny all; }
        location ^~ /report/config.xml   { deny all; }
        location ^~ /var/                { deny all; }
     
        location ^~  /. { ## Disable .htaccess and other hidden files
            return 404;
        }
	
		#Any request that does not match the regex locations below is sent
here
        location @handler { ## Magento uses a common front handler
            
            rewrite / /index.php$1 last;
        }
        location @magehandler { ## Magento uses a common front handler
            
            rewrite (.*) /index.php$1 last;
        }

		#The more-specific regex are at the top.
		#The regex's are evaluated in the order in which they appear.
        location ~ .php.*$ { ## Execute PHP scripts
            
     		proxy_read_timeout 120;
			proxy_connect_timeout 120;
            expires        off; ## Do not cache dynamic content
            fastcgi_pass   127.0.0.1:9000;
            #fastcgi_param  HTTPS $fastcgi_https;
            
			fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
            fastcgi_param  MAGE_RUN_CODE default; ## Store code is
defined in administration > Configuration > Manage Stores
            fastcgi_param  MAGE_RUN_TYPE store;
            include        fastcgi_params; ## See
/etc/nginx/fastcgi_params
        }
        location ~ /(media|skin|js)/ { }
		location ~ /(tag|admin|customer|wishlist|checkout|catalog|app).*$ {
#store URL
			rewrite /(.*)$ /index.php/$1 last; 
		}
		location ~ /[a-zA-Z]+$ { #store URL
			rewrite ^/([a-zA-Z]+) ?store=$1 last;
		}
		location ~ /[a-zA-Z]+/ { #store URL
			rewrite ^/([a-zA-Z]+)(.*) $2?store=$1 last;
		}
    }

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,229066,229086#msg-229086


From nginx-forum at nginx.us  Mon Jul 30 07:59:43 2012
From: nginx-forum at nginx.us (lalyos)
Date: Mon, 30 Jul 2012 03:59:43 -0400 (EDT)
Subject: nginx 100% cpu usage
In-Reply-To: <2B2DAEF3DC6D456AB228D4EFB4C0E56B@MezhRoze>
References: <2B2DAEF3DC6D456AB228D4EFB4C0E56B@MezhRoze>
Message-ID: <2d9ecf4ff16ec95fd6784e10e182649d.NginxMailingListEnglish@forum.nginx.org>

Hi Reinis,

I was using nginx as part of the CloudFoundry framework, so first i
tried to use the nginx version they provided.
but i couldn't figure it out, so I just did an upgrade to 1.1.5 (that
was the latest i could use with the required plugins)

cpu hogging is gone,
thanks for the tip!

cheers,

lalyos

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,228495,229089#msg-229089


From nginx-forum at nginx.us  Mon Jul 30 12:22:42 2012
From: nginx-forum at nginx.us (leki75)
Date: Mon, 30 Jul 2012 08:22:42 -0400 (EDT)
Subject: Using rate limitation for files smaller than the defined limit.
Message-ID: <f2e8532d8a8b73f6075a9253073a4660.NginxMailingListEnglish@forum.nginx.org>

Hi!

We use nginx rate limiting function but realized that it does not work
for files smaller than the limit specified in limit_rate directive.
Analyzing the source code it turned out that forcing the limit is second
based. We modified the source to be able to rate limit more precisely
and it also works for smaller files.

Here is the patch:
leki at szunyog:~/src/agwlimit/nginx-1.2.2$ diff -u
src/http/ngx_http_write_filter_module.c{.old,}
--- src/http/ngx_http_write_filter_module.c.old 2012-07-30
08:32:13.155354399 +0200
+++ src/http/ngx_http_write_filter_module.c     2012-07-30
13:55:01.074823215 +0200
@@ -211,8 +211,15 @@
     }
 
     if (r->limit_rate) {
-        limit = r->limit_rate * (ngx_time() - r->start_sec + 1)
-                - (c->sent - clcf->limit_rate_after);
+        if (ngx_cached_time->msec < r->start_msec) {
+            limit = r->limit_rate * (ngx_time() - r->start_sec - 1)
+                    + r->limit_rate * (ngx_cached_time->msec + 1000 -
r->start_msec) / 1000
+                    - (c->sent - clcf->limit_rate_after);
+        } else {
+            limit = r->limit_rate * (ngx_time() - r->start_sec)
+                    + r->limit_rate * (ngx_cached_time->msec -
r->start_msec) / 1000
+                    - (c->sent - clcf->limit_rate_after);
+        }
 
         if (limit <= 0) {
             c->write->delayed = 1;

As we tested the pathced nginx it worked fine. Could we use it in
production or do you see any mistakes we made? Is there any reason you
don't count on milliseconds?

Regards,
    Gabor

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,229094,229094#msg-229094


From nginx-forum at nginx.us  Mon Jul 30 15:19:25 2012
From: nginx-forum at nginx.us (leki75)
Date: Mon, 30 Jul 2012 11:19:25 -0400 (EDT)
Subject: How to change the root for testing
In-Reply-To: <5014F11C.8090803@ianhobson.co.uk>
References: <5014F11C.8090803@ianhobson.co.uk>
Message-ID: <18c5a33758a4ceef0d64283e926031b2.NginxMailingListEnglish@forum.nginx.org>

Do you mean that requesting /testing/something.php tries to use
/home/ian/websites/coachmaster/htsecure/something.php instead of
/home/ian/websites/coachmaster/testing/something.php?

In the regexp location the document_root is inherited from the server
context. 

I think this would help you:

map $reseller $reseller_path {
default /home/ian/websites/coachmaster/htsecure;
testing /home/ian/websites/coachmaster/testing;
}

server {
index index.php index.html index.htm;
root /home/ian/websites/coachmaster/htsecure;

rewrite ^/(?<reseller>kaleidoscope|chat|Spanish|3MCoach|testing)(.*)$
$2?rs=$reseller last;

location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $reseller_path$fastcgi_script_name;
fastcgi_param HTTPS ON;
include /etc/nginx/fastcgi_params;
}
}

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,229067,229097#msg-229097


From nginx-forum at nginx.us  Mon Jul 30 17:06:20 2012
From: nginx-forum at nginx.us (ConnorMcLaud)
Date: Mon, 30 Jul 2012 13:06:20 -0400 (EDT)
Subject: Accept connections and close connection hooks in custom module
Message-ID: <094e9a88aa683f6230d5f72d481d4ee9.NginxMailingListEnglish@forum.nginx.org>

Hi all, 

I'm currently porting Apache module to nginx and need to have
preconnection and postconnection hook for custom code.
In apache it is ap_hook_pre_connection and apr_pool_cleanup_register
calls.

Is it possible in nginx?

Thanks in advance

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,229100,229100#msg-229100


From mdounin at mdounin.ru  Mon Jul 30 17:26:16 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Mon, 30 Jul 2012 21:26:16 +0400
Subject: Using rate limitation for files smaller than the defined limit.
In-Reply-To: <f2e8532d8a8b73f6075a9253073a4660.NginxMailingListEnglish@forum.nginx.org>
References: <f2e8532d8a8b73f6075a9253073a4660.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120730172616.GF40452@mdounin.ru>

Hello!

On Mon, Jul 30, 2012 at 08:22:42AM -0400, leki75 wrote:

> Hi!
> 
> We use nginx rate limiting function but realized that it does not work
> for files smaller than the limit specified in limit_rate directive.
> Analyzing the source code it turned out that forcing the limit is second
> based. We modified the source to be able to rate limit more precisely
> and it also works for smaller files.
> 
> Here is the patch:
> leki at szunyog:~/src/agwlimit/nginx-1.2.2$ diff -u
> src/http/ngx_http_write_filter_module.c{.old,}
> --- src/http/ngx_http_write_filter_module.c.old 2012-07-30
> 08:32:13.155354399 +0200
> +++ src/http/ngx_http_write_filter_module.c     2012-07-30
> 13:55:01.074823215 +0200
> @@ -211,8 +211,15 @@
>      }
>  
>      if (r->limit_rate) {
> -        limit = r->limit_rate * (ngx_time() - r->start_sec + 1)
> -                - (c->sent - clcf->limit_rate_after);
> +        if (ngx_cached_time->msec < r->start_msec) {

Using ngx_cached_time directly is a bad idea.  While it likely 
will work correctly right now (unless you are really happy and the 
expression will be broken in the middle by a timer signal, 
assuming timer_resolution used on linux), it's quite likely to 
break in the future.

Using ngx_timeofday() instead should be better.

> +            limit = r->limit_rate * (ngx_time() - r->start_sec - 1)
> +                    + r->limit_rate * (ngx_cached_time->msec + 1000 -
> r->start_msec) / 1000
> +                    - (c->sent - clcf->limit_rate_after);
> +        } else {
> +            limit = r->limit_rate * (ngx_time() - r->start_sec)
> +                    + r->limit_rate * (ngx_cached_time->msec -
> r->start_msec) / 1000
> +                    - (c->sent - clcf->limit_rate_after);

This basically limits to 0 at request start unless 
limit_rate_after is set to something non-zero, resulting in a 
first byte delay for all requests.

> +        }
>  
>          if (limit <= 0) {
>              c->write->delayed = 1;
> 
> As we tested the pathced nginx it worked fine. Could we use it in
> production or do you see any mistakes we made?

The above might be ok for your particular use case, though 
problems outlined above (and below) might cause suboptimal 
performance.

> Is there any reason you don't count on milliseconds?

Current code uses seconds as it's easier to handle, faster 
(implies less syscalls and less packets over network) and provides 
some inherent size for a first write.

With milliseconds and a 4k/s limit (as used in example in docs, 
see http://nginx.org/r/limit_rate) there will be 4 byte write each 
millisecond, which is quite inefficient.

Maxim Dounin


From agentzh at gmail.com  Tue Jul 31 06:15:56 2012
From: agentzh at gmail.com (agentzh)
Date: Mon, 30 Jul 2012 23:15:56 -0700
Subject: [ANN] ngx_openresty devel version 1.2.1.9 released
In-Reply-To: <CAB4Tn6OO+11cg-frGiGE8oPFV0WtAqBpULhG=cCTbs3CBOKJbA@mail.gmail.com>
References: <CAB4Tn6Pa5VVKPiejE5DhbVujqFaPBApwXsET-v3GsZPz5WUCjA@mail.gmail.com>
 <CAB4Tn6OO+11cg-frGiGE8oPFV0WtAqBpULhG=cCTbs3CBOKJbA@mail.gmail.com>
Message-ID: <CAB4Tn6Nx6bi-OQ8w34AQkeOqmDxmwhU+F58MTmJMBQPg-2skaQ@mail.gmail.com>

Hi, folks!

After more than two weeks' active development, I'm pleased to announce the
new development version of ngx_openresty, 1.2.1.9:

   http://openresty.org/#Download

Below is the complete change log for this release, as compared to the last
release, 1.2.1.7:

 *   upgraded LuaRestyMySQLLibrary to 0.10.

     *   bugfix: the MySQL "bigint" fields might overflow when
         converting to lua numbers. now we no longer convert such
         fields into Lua numbers and instead, just treat them as Lua
         strings. thanks Lance Li for reporting this issue.

 *   upgraded LuaNginxModule to 0.5.11.

     *   feature: added new Lua API ngx.req.init_body,
         ngx.req.append_body, and ngx.req.finish_body. These new
         functions can be used with the existing "downstream cosocket
         API" (provided by ngx.req.socket) to implement efficient
         Nginx "input filters" in pure Lua. thanks Matthieu Tourne
         for the patches.

     *   feature: added new Lua API ngx.get_phase for retrieving the
         current running phase of the Lua code being executed. thanks
         James Hurst for the patch.

     *   feature: added the first dtrace static probe:
         "nginx_lua:::http-lua-register-preload-package" and
         "nginx_lua:::http-lua-req-socket-consume-preread".

     *   bugfix: the ngx.req.socket() object could not handle
         pipelined requests correctly and resulted in the "400 Bad
         Request" error page in some special cases. thanks Matthieu
         Tourne for helping catching this bug.

     *   bugfix: "buffer error" would happen when the "args" option
         table to ngx.location.capture (and ngx.encode_args)
         contained a multi-value argument whose key also required URI
         escaping. thanks Matthieu Tourne for reporting this.

     *   bugfix: ngx.re.gmatch() might result in segmentation faults
         during nginx request cleanups if the iterator returned by
         ngx.re.gmatch() was collected (by Lua GC) before request
         cleanups. this bug had appeared in LuaNginxModule 0.5.0rc30
         (and OpenResty 1.0.15.9). thanks Wayne for reporting this
         issue.

     *   bugfix: 3rd-party nginx C modules that use the public C API
         function, "ngx_http_lua_add_package_preload", could result
         in segmentation faults at nginx server startup due to
         uninitialized Lua VM pointer. thanks Ray Bejjani for
         reporting this.

     *   bugfix: proper error messages were not always thrown when
         the iterator returned by ngx.re.gmatch was (incorrectly)
         used in the context of another nginx request.

     *   bugfix: fixed several Clang compilation warnings.

 *   feature: applied the dtrace patch to the nginx core that adds
     dtrace static probing support for both the Nginx core and
     3rd-party modules to the Nginx build system. this support can be
     enabled by "./configure --with-dtrace-probes".

 *   feature: added new dtrace static probes to the Nginx core

     *   added 8 kinds of static probes to the subrequest mechanism:
         "nginx:::http-subrequest-cycle",
         "nginx:::http-subrequest-start",
         "nginx:::http-subrequest-finalize-writing",
         "nginx:::http-subrequest-finalize-nonactive",
         "nginx:::http-subrequest-wake-parent",
         "nginx:::http-subrequest-done",
         "nginx:::http-subrequest-post-start", and
         "nginx:::http-subrequest-post-done".

     *   added 2 kinds of static probes to the standard request body
         reader: "nginx:::http-read-body-abort" and
         "nginx:::http-read-body-done".

     *   added 2 kinds of static probes to the standard main request
         header reader: "nginx:::http-read-req-line-done" and
         "nginx:::http-read-req-header-done".

     *   added 1 kind of static probes to the configuration loader:
         "nginx:::http-module-post-config".

     *   added the "nginx.stp" stapset script for systemtap:
         https://github.com/agentzh/nginx-dtrace/blob/master/src/dtra
         ce/nginx.stp

     *   added the stap-nginx wrapper sh script for systemtap's
         "stap" command for nginx. this script will be installed to
         "$PREFIX/sbin/" when the "./configure" option
         "--with-dtrace-probes" is specified.

 *   bugfix: fixed an issue regarding subrequests in
     allow_request_body_updating.patch.

The HTML version of the change contains lots of helpful hyper-links
and can be browsed here:

    http://openresty.org/#ChangeLog1002001

Special thanks go to all our contributors and users for helping make this
happen :)

OpenResty (aka. ngx_openresty) is a full-fledged web application server by
bundling the standard Nginx core, lots of 3rd-party Nginx modules, as well
as most of their external dependencies. See OpenResty's homepage for
details:

    http://openresty.org/

Have fun!
-agentzh


From nginx-forum at nginx.us  Tue Jul 31 07:06:58 2012
From: nginx-forum at nginx.us (yashgt)
Date: Tue, 31 Jul 2012 03:06:58 -0400 (EDT)
Subject: Nginx causes redirects when server root is changed
Message-ID: <cc3aa2e0a15302288d32f5403b887f25.NginxMailingListEnglish@forum.nginx.org>

My nginx version is :
root at v-enterprise15:/etc/nginx/conf.d# nginx -v
nginx: nginx version: nginx/1.0.5

My application is installed at 
/usr/share/nginx/www/magento/current

When I access
http://myserver:81/magento/current/index.php
it works fine. This is because the server root is set to
/usr/share/nginx/www;

Now I want to acces the app using http://myserver.co.in:81/index.php.
When I change the server root to /usr/share/nginx/www/magento/current
and type the above URL, it REDIRECTS with http 302 to 
http://myserver:81/magento/current. 
What might be the reason for this?

It then applies other rules from my .conf and gives a 404.

I see this in the access log:
[31/Jul/2012:11:19:23 +0530] "GET /index.php HTTP/1.1" 302 5 "-"
"Opera/9.80 (Windows NT 6.1; U; en) Presto/2.10.229 Version/11.64"

My .conf file is:
    server {
        listen 81 default;
    ## SSL directives might go here
        server_name myserver;
        #root /usr/share/nginx/www;
        root /usr/share/nginx/www/magento/current;
        error_log /var/log/nginx.error.log notice;
        access_log /var/log/nginx.access.log ;
        
        rewrite_log on;

        
        location / {
            auth_basic           "Restricted"; ## Message shown in login
window
            auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
            index index.html index.php; ## Allow a static html file to
be shown first
            try_files $uri $uri/ @magehandler; ## If missing pass the
URI to Magento's front handler
            #try_files $uri $uri/ ; ## If missing pass the URI to
Magento's front handler
            #expires 30d; ## Assume all files are cachable
        }

        
        location ^~  /. { ## Disable .htaccess and other hidden files
            return 404;
        }

        location @magehandler { ## Magento uses a common front handler
            #rewrite / /index.php;
            rewrite ^(.*) index.php$1 last;
        }

        #The more-specific regex are at the top.
        #The regex's are evaluated in the order in which they appear.
        location ~ .php$ { ## Execute PHP scripts
            #if (!-e $request_filename) { rewrite / /index.php last; }
## Catch 404s that try_files miss
                proxy_read_timeout 120;
                proxy_connect_timeout 120;
            expires        off; ## Do not cache dynamic content
            fastcgi_pass   127.0.0.1:9000;
            #fastcgi_param  HTTPS $fastcgi_https;
            fastcgi_param  SCRIPT_FILENAME 
$document_root$fastcgi_script_name;
            fastcgi_param  MAGE_RUN_CODE default; ## Store code is
defined in administration > Configuration > Manage Stores
            fastcgi_param  MAGE_RUN_TYPE store;
            include        fastcgi_params; ## See
/etc/nginx/fastcgi_params
        }
        location ~ /(media|skin|js)/ { }
        location ~
/(tag|admin|customer|wishlist|checkout|catalog|app).*$ { #store URL
                rewrite /(.*)$ /index.php/$1 last;
        }
        
        location ~ /[a-zA-Z]+$ { #store URL
                rewrite ^/([a-zA-Z]+) ?store=$1 last;
        }
        location ~ /[a-zA-Z]+/ { #store URL
                rewrite ^/([a-zA-Z]+)(.*) /$2?store=$1 last;
        }

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,229127,229127#msg-229127


From nginx-forum at nginx.us  Tue Jul 31 09:08:29 2012
From: nginx-forum at nginx.us (sayres)
Date: Tue, 31 Jul 2012 05:08:29 -0400 (EDT)
Subject: change the root directory in nginx
Message-ID: <06273df2dde92efcb5754657f886ca34.NginxMailingListEnglish@forum.nginx.org>

Hi .
How can I change the root directory in nginx??
Now my root directory is /usr/share/nginx/html.
I want change it, like ~/web

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,229128,229128#msg-229128


From nginx-forum at nginx.us  Tue Jul 31 09:43:31 2012
From: nginx-forum at nginx.us (ffeldhaus)
Date: Tue, 31 Jul 2012 05:43:31 -0400 (EDT)
Subject: Does Nginx allow to specify multiple root certificates for client
 certificate verification?
Message-ID: <ced1d45dd44ed9220dedce87e1727b84.NginxMailingListEnglish@forum.nginx.org>

For a project as part of the European Grid Infrastructure (EGI) we need
SSL client certificate verification for a service running on nginx. As
there are several root CAs allowed within EGI, we need nginx to check
them all during client certificate validation. In the documentation of
nginx I could only find the parameter ssl_client_certificate which
allows to specify just one file containing a root certificate.

Is there a way to specify more than one root CA for client certificate
verification in nginx or do I have to use Apache for this?

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,229129,229129#msg-229129


From mdounin at mdounin.ru  Tue Jul 31 10:47:17 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 31 Jul 2012 14:47:17 +0400
Subject: Does Nginx allow to specify multiple root certificates for client
 certificate verification?
In-Reply-To: <ced1d45dd44ed9220dedce87e1727b84.NginxMailingListEnglish@forum.nginx.org>
References: <ced1d45dd44ed9220dedce87e1727b84.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120731104716.GJ40452@mdounin.ru>

Hello!

On Tue, Jul 31, 2012 at 05:43:31AM -0400, ffeldhaus wrote:

> For a project as part of the European Grid Infrastructure (EGI) we need
> SSL client certificate verification for a service running on nginx. As
> there are several root CAs allowed within EGI, we need nginx to check
> them all during client certificate validation. In the documentation of
> nginx I could only find the parameter ssl_client_certificate which
> allows to specify just one file containing a root certificate.
> 
> Is there a way to specify more than one root CA for client certificate
> verification in nginx or do I have to use Apache for this?

Yes.  Just put multiple root CA certificates into a file specified 
in the ssl_client_certificate directive.

Note the docs explicitly say "certificates" (plural), see 
http://nginx.org/r/ssl_client_certificate.

Maxim Dounin


From ru at nginx.com  Tue Jul 31 13:07:17 2012
From: ru at nginx.com (Ruslan Ermilov)
Date: Tue, 31 Jul 2012 17:07:17 +0400
Subject: nginx-1.3.4
Message-ID: <20120731130717.GA22049@lo0.su>

Changes with nginx 1.3.4                                         31 Jul 2012

    *) Change: the "ipv6only" parameter is now turned on by default for
       listening IPv6 sockets.

    *) Feature: the Clang compiler support.

    *) Bugfix: extra listening sockets might be created.
       Thanks to Roman Odaisky.

    *) Bugfix: nginx/Windows might hog CPU if a worker process failed to
       start.
       Thanks to Ricardo Villalobos Guevara.

    *) Bugfix: the "proxy_pass_header", "fastcgi_pass_header",
       "scgi_pass_header", "uwsgi_pass_header", "proxy_hide_header",
       "fastcgi_hide_header", "scgi_hide_header", and "uwsgi_hide_header"
       directives might be inherited incorrectly.


From i.hailperin at heinlein-support.de  Tue Jul 31 13:35:25 2012
From: i.hailperin at heinlein-support.de (Isaac Hailperin)
Date: Tue, 31 Jul 2012 15:35:25 +0200
Subject: Can multiple nginx instances share a single proxy cache store?
Message-ID: <5017DF1D.5080206@heinlein-support.de>


Hi,

I am planning to deploy multiple nginx servers (10) to proxy a bunch of 
apaches(20). The apaches host about 4000 vhosts, with a total volume of 
about 1TB.
One scenario I am thinking of with regard to hard disk storage of the 
proxy cache would be to have a single storage object, eg. NAS, connected 
to all 10 nginx servers via fibre channel.

This would have the advantage of only pulling items into cache once, and 
would also avoid cache inconsistencies, which could at least be a 
temporal problem if all 10 nginx servers would have their own cache.

My question now is: would this work in theory?
Can multiple nginx instances share a single proxy cache store?
I am thinking of cache management, all 10 nginx instances would try to 
manage the same cache directory. I don't know enough about the cache 
management to understand if there are problems with this scenario.

Strictly speaking this is a second question, but still: the alternative 
would be to give the nginx local storage for the proxy cache (e.g. a 
raid 5, or even jbod (just a bunch of disks)). This would obviously be 
much simpler to set up and manage, und thus be more robust (the single 
storage would be a single point of failure).
Which would you recommend?

Isaac


From mdounin at mdounin.ru  Tue Jul 31 13:58:28 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 31 Jul 2012 17:58:28 +0400
Subject: Can multiple nginx instances share a single proxy cache store?
In-Reply-To: <5017DF1D.5080206@heinlein-support.de>
References: <5017DF1D.5080206@heinlein-support.de>
Message-ID: <20120731135827.GS40452@mdounin.ru>

Hello!

On Tue, Jul 31, 2012 at 03:35:25PM +0200, Isaac Hailperin wrote:

> 
> Hi,
> 
> I am planning to deploy multiple nginx servers (10) to proxy a bunch
> of apaches(20). The apaches host about 4000 vhosts, with a total
> volume of about 1TB.
> One scenario I am thinking of with regard to hard disk storage of
> the proxy cache would be to have a single storage object, eg. NAS,
> connected to all 10 nginx servers via fibre channel.
> 
> This would have the advantage of only pulling items into cache once,
> and would also avoid cache inconsistencies, which could at least be
> a temporal problem if all 10 nginx servers would have their own
> cache.
> 
> My question now is: would this work in theory?
> Can multiple nginx instances share a single proxy cache store?

No.

> I am thinking of cache management, all 10 nginx instances would try
> to manage the same cache directory. I don't know enough about the
> cache management to understand if there are problems with this
> scenario.
> 
> Strictly speaking this is a second question, but still: the
> alternative would be to give the nginx local storage for the proxy
> cache (e.g. a raid 5, or even jbod (just a bunch of disks)). This
> would obviously be much simpler to set up and manage, und thus be
> more robust (the single storage would be a single point of failure).
> Which would you recommend?

Use local storage.

The main disadvantage of a network storage pretending to be a 
local filesystem is blocking I/O.  Even with fully working AIO (in 
contrast to one available under Linux, which requires directio)
there are still blocking operations like open()/fstat(), and this 
will likely result in suboptimal nginx performance even if just 
serving static files from such storage.

Maxim Dounin


From i.hailperin at heinlein-support.de  Tue Jul 31 14:11:36 2012
From: i.hailperin at heinlein-support.de (Isaac Hailperin)
Date: Tue, 31 Jul 2012 16:11:36 +0200
Subject: Can multiple nginx instances share a single proxy cache store?
In-Reply-To: <20120731135827.GS40452@mdounin.ru>
References: <5017DF1D.5080206@heinlein-support.de>
 <20120731135827.GS40452@mdounin.ru>
Message-ID: <5017E798.1060302@heinlein-support.de>

Thank you Maxim, I have made my decision now!

Isaac

On 07/31/2012 03:58 PM, Maxim Dounin wrote:
> Hello!
>
> On Tue, Jul 31, 2012 at 03:35:25PM +0200, Isaac Hailperin wrote:
>
>>
>> Hi,
>>
>> I am planning to deploy multiple nginx servers (10) to proxy a bunch
>> of apaches(20). The apaches host about 4000 vhosts, with a total
>> volume of about 1TB.
>> One scenario I am thinking of with regard to hard disk storage of
>> the proxy cache would be to have a single storage object, eg. NAS,
>> connected to all 10 nginx servers via fibre channel.
>>
>> This would have the advantage of only pulling items into cache once,
>> and would also avoid cache inconsistencies, which could at least be
>> a temporal problem if all 10 nginx servers would have their own
>> cache.
>>
>> My question now is: would this work in theory?
>> Can multiple nginx instances share a single proxy cache store?
>
> No.
>
>> I am thinking of cache management, all 10 nginx instances would try
>> to manage the same cache directory. I don't know enough about the
>> cache management to understand if there are problems with this
>> scenario.
>>
>> Strictly speaking this is a second question, but still: the
>> alternative would be to give the nginx local storage for the proxy
>> cache (e.g. a raid 5, or even jbod (just a bunch of disks)). This
>> would obviously be much simpler to set up and manage, und thus be
>> more robust (the single storage would be a single point of failure).
>> Which would you recommend?
>
> Use local storage.
>
> The main disadvantage of a network storage pretending to be a
> local filesystem is blocking I/O.  Even with fully working AIO (in
> contrast to one available under Linux, which requires directio)
> there are still blocking operations like open()/fstat(), and this
> will likely result in suboptimal nginx performance even if just
> serving static files from such storage.
>
> Maxim Dounin
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>


From nginx-forum at nginx.us  Tue Jul 31 14:30:55 2012
From: nginx-forum at nginx.us (James_Lee)
Date: Tue, 31 Jul 2012 10:30:55 -0400 (EDT)
Subject: The patch of Nginx SSL: PEM pass phrase problem
In-Reply-To: <8c1d65b918b52351b2382a2fa6c5d4ae.NginxMailingListEnglish@forum.nginx.org>
References: <8c1d65b918b52351b2382a2fa6c5d4ae.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <254c32a8a8e3f5ac6eadcad4fbd281ba.NginxMailingListEnglish@forum.nginx.org>

I'am very glad that this patch is useful for you.
The below is the patch or the diff. It's based on the nginx 0.8.54 or
nginx 0.8.55.
Perhaps it also works for other version. Maybe you need to merge it by
hand.


Index: src/http/modules/ngx_http_ssl_module.c
===================================================================
--- src/http/modules/ngx_http_ssl_module.c	(revision 347)
+++ src/http/modules/ngx_http_ssl_module.c	(revision 348)
@@ -14,6 +14,7 @@
 
 
 #define NGX_DEFAULT_CIPHERS  "HIGH:!ADH:!MD5"
+#define PASS_PHRASE_ARG_LEN  255
 
 
 static ngx_int_t ngx_http_ssl_static_variable(ngx_http_request_t *r,
@@ -31,6 +32,11 @@
 static char *ngx_http_ssl_session_cache(ngx_conf_t *cf, ngx_command_t
*cmd,
     void *conf);
 
+static int ngx_enhanced_system(char* cmdstring, char* buf, int len);
+static int ngx_http_ssl_pass_phase_callback(char *buf, int bufsize,
+    int verify, void *srv);
+static char *ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf,
+    ngx_command_t *cmd, void *conf);
 
 static ngx_conf_bitmask_t  ngx_http_ssl_protocols[] = {
     { ngx_string("SSLv2"), NGX_SSL_SSLv2 },
@@ -141,6 +147,13 @@
       offsetof(ngx_http_ssl_srv_conf_t, crl),
       NULL },
 
+    { ngx_string("ssl_pass_phrase_dialog"),
+      NGX_HTTP_MAIN_CONF|NGX_HTTP_SRV_CONF|NGX_CONF_TAKE1,
+      ngx_conf_set_pass_phrase_dialog,
+      NGX_HTTP_SRV_CONF_OFFSET,
+      offsetof(ngx_http_ssl_srv_conf_t, pass_phrase_conf),
+      NULL },
+
       ngx_null_command
 };
 
@@ -213,6 +226,124 @@
 static ngx_str_t ngx_http_ssl_sess_id_ctx = ngx_string("HTTP");
 
 
+static char *
+ngx_conf_set_pass_phrase_dialog(ngx_conf_t *cf, ngx_command_t *cmd,
void *conf)
+{
+    char             *p = conf;
+    ngx_str_t        *field, *value;
+    int               len;
+
+    field = (ngx_str_t *) (p + cmd->offset);
+
+    if (field->data) {
+        return "is duplicate";
+    }
+
+    value = cf->args->elts;
+
+    *field = value[1];
+
+    if (field->len == 0) {
+        return NGX_CONF_OK;
+    } else if (field->len > PASS_PHRASE_ARG_LEN) {
+        len = PASS_PHRASE_ARG_LEN;
+
+        ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+            "The length of ssl_pass_phrase_dialog argument is more than
%d", len);
+
+        return NGX_CONF_ERROR;
+    }
+
+    return NGX_CONF_OK;
+}
+
+static int
+ngx_http_ssl_pass_phase_callback(char *buf, int bufsize, int verify,
void *srv)
+{
+    ngx_str_t    pass_phase_file;
+    int          ret;
+    char         cmdline[PASS_PHRASE_ARG_LEN + 1] = {0};
+
+    ngx_http_ssl_srv_conf_t * conf = srv;
+
+    /* get the executable file path */
+    pass_phase_file.data = conf->pass_phrase_conf.data + 5;
+    pass_phase_file.len = conf->pass_phrase_conf.len - 5;
+
+    ngx_memcpy(cmdline, pass_phase_file.data, pass_phase_file.len);
+    cmdline[pass_phase_file.len] = '\0';
+
+    ret = ngx_enhanced_system(cmdline, buf, bufsize);
+    if (ret != 0) {
+        return -1;
+    }
+
+    /* To support echo command in Linux, Unix shell */
+    if (buf[strlen(buf) - 1] == '\n') {
+        buf[strlen(buf) - 1] = '\0';
+    }
+
+    return strlen(buf);
+}
+
+/**
+* ngx_enhanced_system()
+*
+* @param[in] cmdstring : External command(executable or shell)
+* @param[out] buf : The buffer to store the result of the external
command.
+* @param[in] len : The length of the buffer.
+*
+* @return  0: success   -1: fail
+*/
+static int
+ngx_enhanced_system(char* cmdstring, char* buf, int len)
+{
+    int     fd[2];
+    pid_t   pid;
+    int     n, count;
+
+    memset(buf, 0, len);
+
+    if (pipe(fd) < 0) {
+        return -1;
+    }
+
+    if ((pid = fork()) < 0) {
+        return -1;
+    } else if (pid > 0) {    /* parent process */
+        close(fd[1]);        /* close write end */
+        count = 0;
+
+        while ((n = read(fd[0], buf + count, len)) > 0
+        && count > len) {
+            count += n;
+        }
+
+        close(fd[0]);
+
+        if (waitpid(pid, NULL, 0) != pid) {
+            return -1;
+        }
+
+    } else {              /* child process */
+        close(fd[0]);     /* close read end */
+
+        if (fd[1] != STDOUT_FILENO) {
+            if (dup2(fd[1], STDOUT_FILENO) != STDOUT_FILENO) {
+                return -1;
+            }
+            close(fd[1]);
+        }
+
+        if (execl("/bin/sh", "sh", "-c", cmdstring, (char*)0) == -1) {
+            return -1;
+        }
+    }
+
+    return 0;
+}
+
+
 static ngx_int_t
 ngx_http_ssl_static_variable(ngx_http_request_t *r,
     ngx_http_variable_value_t *v, uintptr_t data)
@@ -316,6 +447,8 @@
      *     sscf->crl = { 0, NULL };
      *     sscf->ciphers = { 0, NULL };
      *     sscf->shm_zone = NULL;
+     *
+     *     sscf->pass_phrase_conf = { 0, NULL };
      */
 
     sscf->enable = NGX_CONF_UNSET;
@@ -362,7 +495,9 @@
 
     ngx_conf_merge_str_value(conf->ciphers, prev->ciphers,
NGX_DEFAULT_CIPHERS);
 
+    ngx_conf_merge_str_value(conf->pass_phrase_conf,
prev->pass_phrase_conf, "builtin");
 
+
     conf->ssl.log = cf->log;
 
     if (conf->enable) {
@@ -401,6 +536,18 @@
         return NGX_CONF_ERROR;
     }
 
+    if (ngx_strncasecmp(conf->pass_phrase_conf.data, (u_char*)"exec:",
5) == 0) {
+
+        SSL_CTX_set_default_passwd_cb(conf->ssl.ctx,
ngx_http_ssl_pass_phase_callback);
+
+        SSL_CTX_set_default_passwd_cb_userdata(conf->ssl.ctx, (void
*)conf);
+
+    } else if (ngx_strncasecmp(conf->pass_phrase_conf.data,
(u_char*)"builtin", 7) != 0) {
+        ngx_log_error(NGX_LOG_EMERG, cf->log, 0,
+            "The arg of ssl_pass_phrase_dialog directive is incorrect:
builtin | exec:path");
+        return NGX_CONF_ERROR;
+    }
+
 #ifdef SSL_CTRL_SET_TLSEXT_HOSTNAME
 
     if (SSL_CTX_set_tlsext_servername_callback(conf->ssl.ctx,
Index: src/http/modules/ngx_http_ssl_module.h
===================================================================
--- src/http/modules/ngx_http_ssl_module.h	(revision 347)
+++ src/http/modules/ngx_http_ssl_module.h	(revision 348)
@@ -41,6 +41,8 @@
 
     u_char                         *file;
     ngx_uint_t                      line;
+
+    ngx_str_t                       pass_phrase_conf;
 } ngx_http_ssl_srv_conf_t;

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,214641,229145#msg-229145


From nginx-forum at nginx.us  Tue Jul 31 15:11:36 2012
From: nginx-forum at nginx.us (rahmanusta)
Date: Tue, 31 Jul 2012 11:11:36 -0400 (EDT)
Subject: Jmeter Nginx Stress Test Error Rate Higher
Message-ID: <81332bf83a5bddd1c85cff6979ad4daf.NginxMailingListEnglish@forum.nginx.org>

I have a JSF web application runs on Glassfish Application Server. I'm
using Nginx with reverse proxing to Glassfish. I wanna see performance
gains with Nginx, i'm testing application with JMeter. When i directly
test the application on glassfish, there ise no error count. But, when i
tested the application via Nginx response contains a lot of error count
approx. %80. I changed some time out in nginx configuration file then no
thing changed.

My Nginx Conf file;


worker_processes  3;
worker_rlimit_nofile 1024;
worker_priority -6;

events {
    multi_accept on;
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    sendfile        on;

    keepalive_timeout 120m ;

    server {
        listen       8070;
        server_name  localhost;
        root "html";

        location ~* \.(jpg|jpeg|gif|css|png|js|ico)$ {
        access_log off;
        expires max;        
        }

        location / {

        access_log off;

        proxy_pass http://localhost:8080/; >> to Glassfish port

        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 120m;
        proxy_connect_timeout 120m;


        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

    }

}

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,229146,229146#msg-229146


From nginx-forum at nginx.us  Tue Jul 31 15:18:18 2012
From: nginx-forum at nginx.us (leki75)
Date: Tue, 31 Jul 2012 11:18:18 -0400 (EDT)
Subject: Using rate limitation for files smaller than the defined limit.
In-Reply-To: <f2e8532d8a8b73f6075a9253073a4660.NginxMailingListEnglish@forum.nginx.org>
References: <f2e8532d8a8b73f6075a9253073a4660.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <efa010c51f001b1101ddc754cfcd3689.NginxMailingListEnglish@forum.nginx.org>

Dear Maxim,

thank you for your reply. I changed the code you suggested:
1. changed ngx_cached_time to ngx_timeofday()
2. added 1ms to send some bytes at request start

--- src/http/ngx_http_write_filter_module.c	2012-01-18
16:07:43.000000000 +0100
+++ src/http/ngx_http_write_filter_module.c.new	2012-07-31
16:38:11.074836346 +0200
@@ -211,8 +211,17 @@
     }
 
     if (r->limit_rate) {
-        limit = r->limit_rate * (ngx_time() - r->start_sec + 1)
-                - (c->sent - clcf->limit_rate_after);
+        ngx_time_t  *t = ngx_timeofday();
+
+        if (t->msec >= r->start_msec) {
+            limit = r->limit_rate * (t->sec - r->start_sec)
+                    + r->limit_rate * (t->msec - r->start_msec + 1) /
1000
+                    - (c->sent - clcf->limit_rate_after);
+        } else {
+            limit = r->limit_rate * (t->sec - r->start_sec - 1)
+                    + r->limit_rate * (t->msec - r->start_msec + 1001)
/ 1000
+                    - (c->sent - clcf->limit_rate_after);
+        }
 
         if (limit <= 0) {
             c->write->delayed = 1;

Can we avoid network segmentation by setting the following configuration
directives?
    tcp_nodelay  off;
    tcp_nopush  on;

Do you have any other suggestions how to rate limit objects, which size
is smaller than specified in limit_rate, other way?

Regards,
    Gabor

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,229094,229147#msg-229147


From nginx-forum at nginx.us  Tue Jul 31 15:21:26 2012
From: nginx-forum at nginx.us (ffeldhaus)
Date: Tue, 31 Jul 2012 11:21:26 -0400 (EDT)
Subject: Does Nginx allow to specify multiple root certificates for client
 certificate verification?
In-Reply-To: <20120731104716.GJ40452@mdounin.ru>
References: <20120731104716.GJ40452@mdounin.ru>
Message-ID: <fd1607b148ed8401a7a7b84eff8694c3.NginxMailingListEnglish@forum.nginx.org>

Hi,

Maxim Dounin Wrote:
>
> Hello!
> 
> On Tue, Jul 31, 2012 at 05:43:31AM -0400,
> ffeldhaus wrote:
> 
> > For a project as part of the European Grid
> Infrastructure (EGI) we need
> > SSL client certificate verification for a
> service running on nginx. As
> > there are several root CAs allowed within EGI,
> we need nginx to check
> > them all during client certificate validation.
> In the documentation of
> > nginx I could only find the parameter
> ssl_client_certificate which
> > allows to specify just one file containing a
> root certificate.
> > 
> > Is there a way to specify more than one root CA
> for client certificate
> > verification in nginx or do I have to use Apache
> for this?
> 
> Yes.  Just put multiple root CA certificates into
> a file specified 
> in the ssl_client_certificate directive.
> 
> Note the docs explicitly say "certificates"
> (plural), see 
> http://nginx.org/r/ssl_client_certificate.

I had hoped there would be another way. Putting the currently 105
certificates in one file may work, but the problem is, that the
certificates may change and with 105 CA certificates at the moment the
chance that a certificate is updated/revoked is not negligible anymore.
I could write a cron job to update the single certificate file after
each update, but it would be much easier if nginx would support multiple
CA certificate files out of the box. For Apache there is a directive
called SSLCACertificatePath to do just this. Do you think this could be
a feature worth implementing in Nginx? If so, how could I help?

Florian Feldhaus

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,229129,229148#msg-229148


From kworthington at gmail.com  Tue Jul 31 15:47:00 2012
From: kworthington at gmail.com (Kevin Worthington)
Date: Tue, 31 Jul 2012 11:47:00 -0400
Subject: nginx-1.3.4
In-Reply-To: <20120731130717.GA22049@lo0.su>
References: <20120731130717.GA22049@lo0.su>
Message-ID: <CAGo79UU60Dz1=0EimTisFYNHhLs1dTtZk-Nvw4_pCwVJ8YJCCw@mail.gmail.com>

Hello Nginx Users,

Now available: Nginx 1.3.4 For Windows http://goo.gl/AG0Ca (32-bit and 64-bit
versions)

These versions are to support legacy users who are already using Cygwin
based builds of Nginx. Officially supported native Windows binaries are at
nginx.org.

Announcements are also available via my Twitter stream (
http://twitter.com/kworthington), if you prefer to receive updates
that way.

Thank you,
Kevin
--
Kevin Worthington
kworthington *@* (gmail]  [dot} {com)
http://kevinworthington.com/
http://twitter.com/kworthington


On Tue, Jul 31, 2012 at 9:07 AM, Ruslan Ermilov <ru at nginx.com> wrote:

> Changes with nginx 1.3.4                                         31 Jul
> 2012
>
>     *) Change: the "ipv6only" parameter is now turned on by default for
>        listening IPv6 sockets.
>
>     *) Feature: the Clang compiler support.
>
>     *) Bugfix: extra listening sockets might be created.
>        Thanks to Roman Odaisky.
>
>     *) Bugfix: nginx/Windows might hog CPU if a worker process failed to
>        start.
>        Thanks to Ricardo Villalobos Guevara.
>
>     *) Bugfix: the "proxy_pass_header", "fastcgi_pass_header",
>        "scgi_pass_header", "uwsgi_pass_header", "proxy_hide_header",
>        "fastcgi_hide_header", "scgi_hide_header", and "uwsgi_hide_header"
>        directives might be inherited incorrectly.
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20120731/78837fd3/attachment.html>

From mdounin at mdounin.ru  Tue Jul 31 16:21:06 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 31 Jul 2012 20:21:06 +0400
Subject: Using rate limitation for files smaller than the defined limit.
In-Reply-To: <efa010c51f001b1101ddc754cfcd3689.NginxMailingListEnglish@forum.nginx.org>
References: <f2e8532d8a8b73f6075a9253073a4660.NginxMailingListEnglish@forum.nginx.org>
 <efa010c51f001b1101ddc754cfcd3689.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120731162106.GY40452@mdounin.ru>

Hello!

On Tue, Jul 31, 2012 at 11:18:18AM -0400, leki75 wrote:

[...]

> Can we avoid network segmentation by setting the following configuration
> directives?
>     tcp_nodelay  off;
>     tcp_nopush  on;

No.

> Do you have any other suggestions how to rate limit objects, which size
> is smaller than specified in limit_rate, other way?

You may try to delay last byte of a response (or something like 
this, ideally - just a partially filled last packet) instead.

Alternatively, you may introduce some granularity for limits and 
always allow a chunk of data (something like one packet at least) 
if at least one byte is allowed.  This should mitigate problems 
introduced by millisecond resolution. 

Maxim Dounin


From mdounin at mdounin.ru  Tue Jul 31 16:48:20 2012
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 31 Jul 2012 20:48:20 +0400
Subject: Does Nginx allow to specify multiple root certificates for client
 certificate verification?
In-Reply-To: <fd1607b148ed8401a7a7b84eff8694c3.NginxMailingListEnglish@forum.nginx.org>
References: <20120731104716.GJ40452@mdounin.ru>
 <fd1607b148ed8401a7a7b84eff8694c3.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120731164820.GZ40452@mdounin.ru>

Hello!

On Tue, Jul 31, 2012 at 11:21:26AM -0400, ffeldhaus wrote:

> Hi,
> 
> Maxim Dounin Wrote:
> >
> > Hello!
> > 
> > On Tue, Jul 31, 2012 at 05:43:31AM -0400,
> > ffeldhaus wrote:
> > 
> > > For a project as part of the European Grid
> > Infrastructure (EGI) we need
> > > SSL client certificate verification for a
> > service running on nginx. As
> > > there are several root CAs allowed within EGI,
> > we need nginx to check
> > > them all during client certificate validation.
> > In the documentation of
> > > nginx I could only find the parameter
> > ssl_client_certificate which
> > > allows to specify just one file containing a
> > root certificate.
> > > 
> > > Is there a way to specify more than one root CA
> > for client certificate
> > > verification in nginx or do I have to use Apache
> > for this?
> > 
> > Yes.  Just put multiple root CA certificates into
> > a file specified 
> > in the ssl_client_certificate directive.
> > 
> > Note the docs explicitly say "certificates"
> > (plural), see 
> > http://nginx.org/r/ssl_client_certificate.
> 
> I had hoped there would be another way. Putting the currently 105
> certificates in one file may work, but the problem is, that the
> certificates may change and with 105 CA certificates at the moment the
> chance that a certificate is updated/revoked is not negligible anymore.

If CA certificate is updated/revoked it probably needs some double 
checking by a human anyway.  Updating the file and asking nginx to 
reload it's config isn't going to be a big deal then.

> I could write a cron job to update the single certificate file after
> each update, but it would be much easier if nginx would support multiple
> CA certificate files out of the box. For Apache there is a directive
> called SSLCACertificatePath to do just this. Do you think this could be
> a feature worth implementing in Nginx? If so, how could I help?

"Certificate file" vs "certificate path" difference isn't about 
running something after updates of certificates or not (in both 
cases you have to update something, either cat to a single file or 
the c_rehash script to create symbolic links in case of CApath).
The difference is about certificates in memory vs. certficates on 
disk, and the later implies syscalls and disk access on each 
certificate check.

As nginx is designed to work under high loads, with many requests 
(and handshakes) per second, it uses CAfile variant.  And as nginx 
configuration reload is seamless, it's unlikely the CApath variant 
will add any extra value.

Maxim Dounin


From francis at daoine.org  Tue Jul 31 17:33:08 2012
From: francis at daoine.org (Francis Daly)
Date: Tue, 31 Jul 2012 18:33:08 +0100
Subject: Nginx causes redirects when server root is changed
In-Reply-To: <cc3aa2e0a15302288d32f5403b887f25.NginxMailingListEnglish@forum.nginx.org>
References: <cc3aa2e0a15302288d32f5403b887f25.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120731173308.GA32371@craic.sysops.org>

On Tue, Jul 31, 2012 at 03:06:58AM -0400, yashgt wrote:

Hi there,

> My application is installed at 
> /usr/share/nginx/www/magento/current
> 
> When I access
> http://myserver:81/magento/current/index.php
> it works fine. This is because the server root is set to
> /usr/share/nginx/www;
> 
> Now I want to acces the app using http://myserver.co.in:81/index.php.
> When I change the server root to /usr/share/nginx/www/magento/current
> and type the above URL, it REDIRECTS with http 302 to 
> http://myserver:81/magento/current. 
> What might be the reason for this?

Might it be the application doing the redirect, and not nginx?

What is the output from running the command

  curl -i http://myserver.co.in:81/index.php

? Does it include anything like "X-Powered-By: PHP"?

>From your configuration, I see no obvious reason why nginx should be
issuing the redirect.

If it *is* the application, then you'll probably want to configure it
to do what you want it to do.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org


From francis at daoine.org  Tue Jul 31 17:35:57 2012
From: francis at daoine.org (Francis Daly)
Date: Tue, 31 Jul 2012 18:35:57 +0100
Subject: change the root directory in nginx
In-Reply-To: <06273df2dde92efcb5754657f886ca34.NginxMailingListEnglish@forum.nginx.org>
References: <06273df2dde92efcb5754657f886ca34.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120731173557.GB32371@craic.sysops.org>

On Tue, Jul 31, 2012 at 05:08:29AM -0400, sayres wrote:

Hi there,

> How can I change the root directory in nginx??
> Now my root directory is /usr/share/nginx/html.
> I want change it, like ~/web

http://nginx.org/r/root

Probably: put "root /home/user/web;" in the server{} block that you
care about.

	f
-- 
Francis Daly        francis at daoine.org


From francis at daoine.org  Tue Jul 31 17:52:32 2012
From: francis at daoine.org (Francis Daly)
Date: Tue, 31 Jul 2012 18:52:32 +0100
Subject: No input file specified
In-Reply-To: <85e57f6cee6bb8076acf0a0896c27cfa.NginxMailingListEnglish@forum.nginx.org>
References: <CALPMVvOamauqDU41ge2MzLSVudpdMvDcfRG_-ETmKKG9-y9G5Q@mail.gmail.com>
 <85e57f6cee6bb8076acf0a0896c27cfa.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20120731175232.GC32371@craic.sysops.org>

On Mon, Jul 30, 2012 at 01:46:19AM -0400, yashgt wrote:

Hi there,

> When I access http://localhost:82/index.php
> I get "No input file specified."

That message (usually) comes from the fastcgi server, and (usually)
means that the SCRIPT_FILENAME that was sent was not found by that server.

>From your configuration, it looks like that for this request, SCRIPT_FILENAME is 
/cygdrive/e/xampp/htdocs/getit/src/myapp/index.php .

Does that filename exist, from the point of view of the fastcgi server?

(The "/cygdrive/" bit suggests that cygwin is involved somehow. Is
php running under cygwin? Does it have the same view of the filesystem
as nginx?)

	f
-- 
Francis Daly        francis at daoine.org


From nginx-forum at nginx.us  Tue Jul 31 23:12:04 2012
From: nginx-forum at nginx.us (chirho)
Date: Tue, 31 Jul 2012 19:12:04 -0400 (EDT)
Subject: The patch of Nginx SSL: PEM pass phrase problem
In-Reply-To: <254c32a8a8e3f5ac6eadcad4fbd281ba.NginxMailingListEnglish@forum.nginx.org>
References: <8c1d65b918b52351b2382a2fa6c5d4ae.NginxMailingListEnglish@forum.nginx.org>
 <254c32a8a8e3f5ac6eadcad4fbd281ba.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <43b5fa3104e5a0dabb407be7b6f40eb9.NginxMailingListEnglish@forum.nginx.org>

thank you for rapid answer.

actually, i use v1.2.0 of nginx version and i'll try to patch it.
after patching and testing, i'll post the results.

thank you again for this patch.

best regards.

Posted at Nginx Forum: http://forum.nginx.org/read.php?2,214641,229161#msg-229161