From nginx at 2xlp.com Sat Jun 1 01:52:56 2013 From: nginx at 2xlp.com (Jonathan Vanasco) Date: Fri, 31 May 2013 21:52:56 -0400 Subject: making supervisord web interface viewable on nginx In-Reply-To: <546111d7a5d9ce0d970462eed5813883.NginxMailingListEnglish@forum.nginx.org> References: <20100810074126.GA20207@megiteam.pl> <546111d7a5d9ce0d970462eed5813883.NginxMailingListEnglish@forum.nginx.org> Message-ID: <3B5528B3-BB3D-43B1-80E9-4566B019F070@2xlp.com> using the inet interface on supervisord was simple ( proxying to port 9001) i wanted to turn that off, avoid tcp and just use the unix socket after a bit of tinkering, this seems to work : proxy_pass http://unix:///tmp/supervisord.sock:; is this correct way to handle this ? From chamithlkml at gmail.com Sat Jun 1 05:12:37 2013 From: chamithlkml at gmail.com (chamith Jayaweera) Date: Sat, 1 Jun 2013 10:42:37 +0530 Subject: Need help on proxy passing Message-ID: I experience an issue on missing some part of the page (Long page) on passing proxy requests. Please help me to solve this. Thank You. My configuration file is as follow. server { root /usr/share/nginx/www; index index.html index.htm; server_name localhost; location / { proxy_pass https://127.0.0.1:3000/; } location /doc { root /var/www; autoindex on; allow 127.0.0.1; deny all; } location /images { root /usr/share; autoindex off; } } server { listen 443 default_server; server_name chamithlkml.com; ssl on; ssl_certificate /etc/nginx/server.crt; ssl_certificate_key /etc/nginx/server.key; ssl_session_cache shared:SSL:10m; ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; location / { proxy_pass https://127.0.0.1:3000/; proxy_set_header Host $host; proxy_redirect http:// https://; } } -- Chamith Jayaweera Software Engineer, Cyber LMJ. Mobile (+94)77 299 9492 -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Sat Jun 1 09:24:33 2013 From: francis at daoine.org (Francis Daly) Date: Sat, 1 Jun 2013 10:24:33 +0100 Subject: [LB]Bad root document set via proxy_pass In-Reply-To: References: Message-ID: <20130601092433.GO27406@craic.sysops.org> On Thu, May 30, 2013 at 12:14:09PM -0400, mafious wrote: Hi there, > Depending of the url, I forward to the proper backend: > location / { > proxy_pass http://_cluster; > } > > But via the proxy, the web page of my application is not correctly render. > The path to load images files is incorrect and point to the default root > document location. I'm not exactly sure what you are reporting. Is it that your application writes links like "/images/image.png" instead of "/myapp/images/image.png"? (In which case: fix your application.) Or is it that your application writes links like "/myapp/images/image.png" and you want the load balancer to serve them from somewhere else? (In which case: fix your load-balancer config.) Or is it something else? The more specific you are with reports like "I do this, I see this, I expect to see this", the more chance that someone will be able to help. Good luck, f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Sat Jun 1 15:50:54 2013 From: nginx-forum at nginx.us (natostanco) Date: Sat, 01 Jun 2013 11:50:54 -0400 Subject: if statement + ssl_certificate? In-Reply-To: References: Message-ID: <01f9c3ce8385ad75f05d71701c2ecbb5.NginxMailingListEnglish@forum.nginx.org> And is it possible to use different certificates under different subdomains having the same tld? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239732,239747#msg-239747 From contact at jpluscplusm.com Sat Jun 1 16:05:48 2013 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Sat, 1 Jun 2013 17:05:48 +0100 Subject: if statement + ssl_certificate? In-Reply-To: <01f9c3ce8385ad75f05d71701c2ecbb5.NginxMailingListEnglish@forum.nginx.org> References: <01f9c3ce8385ad75f05d71701c2ecbb5.NginxMailingListEnglish@forum.nginx.org> Message-ID: You mean like foo.com and bar.com? Of course - just use different server{} blocks with different SSL certificates on different IPs. Jonathan From nginx-forum at nginx.us Sat Jun 1 16:18:20 2013 From: nginx-forum at nginx.us (natostanco) Date: Sat, 01 Jun 2013 12:18:20 -0400 Subject: if statement + ssl_certificate? In-Reply-To: References: Message-ID: <8e493586a28267f25273a39d5a6ce07e.NginxMailingListEnglish@forum.nginx.org> No I mean like foo.bar.com and fooz.bar.com where each subdomain is declared under different server blocks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239732,239749#msg-239749 From avi.keinan at gmail.com Sat Jun 1 16:48:32 2013 From: avi.keinan at gmail.com (Avi Keinan) Date: Sat, 1 Jun 2013 19:48:32 +0300 Subject: Nginx SSL for backend server, do I need another server? In-Reply-To: References: Message-ID: Hi, > > I'm going to open a website to deliver huge files over the internet, > I'm planning to provide secure download (SSL) with nginx. > > But I don't know how much the cpu usage the ssl protocol will use, > I already have lots of 2X Xeon(R) CPU E5-2609 servers, with tons of > 7200RPM 3TB Sata in Raid6 to deliver the files, > . > Each server should handle 250 downloads at the same time (each 4 servers > with 1 10Gbit Port, with limit rate to 800K/S), > > My question is very simple: > Do i need another server for each existing server, to work as a frontend > ssl server? > Or if the ssl protocol will not consume so much cpu power? > > Thanks in advance, > Avi. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at jpluscplusm.com Sat Jun 1 17:10:46 2013 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Sat, 1 Jun 2013 18:10:46 +0100 Subject: if statement + ssl_certificate? In-Reply-To: <8e493586a28267f25273a39d5a6ce07e.NginxMailingListEnglish@forum.nginx.org> References: <8e493586a28267f25273a39d5a6ce07e.NginxMailingListEnglish@forum.nginx.org> Message-ID: On 1 June 2013 17:18, natostanco wrote: > No I mean like foo.bar.com and fooz.bar.com where each subdomain is declared > under different server blocks Yes, that's how nginx works. Just use a different server_name and (unless you have a wildcard cert) a different IP for each server{}. Jonathan From nginx-forum at nginx.us Sat Jun 1 17:17:33 2013 From: nginx-forum at nginx.us (natostanco) Date: Sat, 01 Jun 2013 13:17:33 -0400 Subject: if statement + ssl_certificate? In-Reply-To: References: Message-ID: I can't use different ips, I tried with the server_names, but the subdomain just keeps using the certificate of the tld ... Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239732,239752#msg-239752 From reallfqq-nginx at yahoo.fr Sat Jun 1 17:21:03 2013 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Sat, 1 Jun 2013 13:21:03 -0400 Subject: if statement + ssl_certificate? In-Reply-To: References: Message-ID: Hello, You might be interested in the following: http://nginx.org/en/docs/http/configuring_https_servers.html#name_based_https_servers --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From reallfqq-nginx at yahoo.fr Sat Jun 1 17:23:03 2013 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Sat, 1 Jun 2013 13:23:03 -0400 Subject: fastcgi_read_timeout with PHP backend In-Reply-To: <20130529164627.GF72282@mdounin.ru> References: <20130527101947.GA72282@mdounin.ru> <20130529164627.GF72282@mdounin.ru> Message-ID: Hello, I do not know if my private emails on the matter to Maxim went through. Non-broken resources were included. --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Sat Jun 1 17:32:12 2013 From: nginx-forum at nginx.us (natostanco) Date: Sat, 01 Jun 2013 13:32:12 -0400 Subject: if statement + ssl_certificate? In-Reply-To: References: Message-ID: That does not help because following that example I should use: server { listen 443 ssl; server_name www.sub1.example.com; ssl_certificate www.sub1.example.com.crt; ... } server { listen 443 ssl; server_name www.example.org; ssl_certificate www.example.org.crt; ... } But the first server declaration does not apply the different certificate, instead it applies the certificate of the TLD, so I guess either I can't declare a server with server_name equal to a subdomain of an already declared TLD. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239732,239755#msg-239755 From avi.keinan at gmail.com Sat Jun 1 17:50:24 2013 From: avi.keinan at gmail.com (Avi keinan) Date: Sat, 1 Jun 2013 20:50:24 +0300 Subject: Nginx SSL for backend server, do I need another server? In-Reply-To: References: Message-ID: <1DC1C555-C410-45AE-8F17-DCA83F1B6A98@gmail.com> > Hi, >> >> I'm going to open a website to deliver huge files over the internet with nginx, >> I'm planning to provide secure download (SSL) with nginx. >> >> But I don't know how much the cpu usage the ssl protocol will use, >> I already have lots of 2X Xeon(R) CPU E5-2609 servers, with tons of 7200RPM 3TB Sata in Raid6 to deliver the files, >> . >> Each server should handle 250 downloads at the same time (4 servers with 1 10Gbit shared Port, with limit rate to 800K/S), >> >> My question is very simple: >> Do i need another server(xeon 2609) for each existing server, to work as a frontend ssl server? >> Or if the ssl protocol will not consume so much cpu power? >> >> Thanks in advance, >> Avi. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From reallfqq-nginx at yahoo.fr Sat Jun 1 18:58:47 2013 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Sat, 1 Jun 2013 14:58:47 -0400 Subject: if statement + ssl_certificate? In-Reply-To: References: Message-ID: I read : "With this configuration a browser receives the default server?s certificate, i.e. www.example.com regardless of the requested server name. This is caused by SSL protocol behaviour. The SSL connection is established before the browser sends an HTTP request and nginx does not know the name of the requested server. Therefore, it may only offer the default server?s certificate." Clear enough IMHO... --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at jpluscplusm.com Sat Jun 1 20:55:35 2013 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Sat, 1 Jun 2013 21:55:35 +0100 Subject: if statement + ssl_certificate? In-Reply-To: References: Message-ID: On 1 June 2013 18:32, natostanco wrote: > I guess either I can't > declare a server with server_name equal to a subdomain of an already > declared TLD. That's not the case. Nginx can do this just fine. You're coming up against the age-old SSL virtual hosting problem, which is caused by the server's SSL certificate having to be presented to the client before the Host header is known. This is a problem for all HTTP servers, and is the reason why (for most cases) you need multiple IPs when hosting multiple sites over HTTPS. There are exceptions to this, and your situation happens to be one of these. Google "wildcard SSL certificate" to discover the sort of cert you'd have to buy to take advantage of this. "SNI" is the long-term fix for this, but as client support for it is not yet near ubiquitous, it's probably not applicable to your situation. If you absolutely control all the clients, it can be an option. HTH, Jonathan From nginx-forum at nginx.us Sun Jun 2 01:09:55 2013 From: nginx-forum at nginx.us (justin) Date: Sat, 01 Jun 2013 21:09:55 -0400 Subject: HTTP status code 499 from long running requests Message-ID: <85c6903389aca19a504b7e3ee2b909bd.NginxMailingListEnglish@forum.nginx.org> Hello, I have long running requests upwards of five minutes that are called via ajax (jQuery) (XHR), and hitting a backend PHP script. I am seeing very strange behavior, intermittently calling the script twice, even though in Chrome developers tools I only see a single XHR request in the network pane. I know that it is running twice because in my backend PHP script I write a log to a MySQL database, and I am seeing two entries. I took a look at the nginx access log, and seeing HTTP status code 499, which seems to be: client closed connection before nginx was able to send anything to client. What is the best way to fix this? Is there a config setting in nginx to keep the connection open? Or is the client terminating the request, and then reissuing the request, thus way I am seeing two entries? Thanks for the help with this. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239759,239759#msg-239759 From nginx-forum at nginx.us Sun Jun 2 09:37:10 2013 From: nginx-forum at nginx.us (natostanco) Date: Sun, 02 Jun 2013 05:37:10 -0400 Subject: if statement + ssl_certificate? In-Reply-To: References: Message-ID: <2650f5dd3a015b0cda194c8f25725397.NginxMailingListEnglish@forum.nginx.org> I know I would need a wildcard ssl yet...every application of SNI I have found uses different TLD, and never only different subdomains...anyway I have control over all the clients. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239732,239764#msg-239764 From mdounin at mdounin.ru Sun Jun 2 11:04:24 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 2 Jun 2013 15:04:24 +0400 Subject: HTTP status code 499 from long running requests In-Reply-To: <85c6903389aca19a504b7e3ee2b909bd.NginxMailingListEnglish@forum.nginx.org> References: <85c6903389aca19a504b7e3ee2b909bd.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20130602110424.GK72282@mdounin.ru> Hello! On Sat, Jun 01, 2013 at 09:09:55PM -0400, justin wrote: > Hello, I have long running requests upwards of five minutes that are called > via ajax (jQuery) (XHR), and hitting a backend PHP script. > > I am seeing very strange behavior, intermittently calling the script twice, > even though in Chrome developers tools I only see a single XHR request in > the network pane. I know that it is running twice because in my backend PHP > script I write a log to a MySQL database, and I am seeing two entries. > > I took a look at the nginx access log, and seeing HTTP status code 499, > which seems to be: client closed connection before nginx > was able to send anything to client. > > What is the best way to fix this? Is there a config setting in nginx to keep > the connection open? Or is the client terminating the request, and then > reissuing the request, thus way I am seeing two entries? The 499 code means that _client_ closed connection, and there is more or less nothing you can do from nginx side. You have to either find a way to ask client to wait longer before it gives up, or return something before it gives up. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Sun Jun 2 12:02:43 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 2 Jun 2013 16:02:43 +0400 Subject: Need help on proxy passing In-Reply-To: References: Message-ID: <20130602120243.GM72282@mdounin.ru> Hello! On Sat, Jun 01, 2013 at 10:42:37AM +0530, chamith Jayaweera wrote: > I experience an issue on missing some part of the page (Long page) on > passing proxy requests. Please help me to solve this. Thank You. My > configuration file is as follow. By "missing some part" do you mean the page is truncated? In most cases this is caused by incorrect access rights on proxy_temp_path directory. Try looking into error_log to see if there is anything there. -- Maxim Dounin http://nginx.org/en/donation.html From optimum.dulopin at laposte.net Sun Jun 2 13:33:34 2013 From: optimum.dulopin at laposte.net (optimum.dulopin at laposte.net) Date: Sun, 02 Jun 2013 15:33:34 +0200 Subject: rewrite utf8 : why lower case Message-ID: <431377923.81802.1370180013991.JavaMail.www@wwinf8310> Hi I have some routes that was previously with uppercase for language and now I want lowrcase. here is a route : /Ka/???????????? that should simply become /ka/???????????? in my conf if ($uri ~ ^/K(.+)){ set $bb $1; rewrite ^(.*)$ $scheme://$host/k$bb permanent; } and I cant understand why but /ka/%E1%83%92%E1%83%90%E1%83%9C%E1%83%AA%E1%83%AE%E1%83%90%E1%83%93%E1%83%94%E1%83%91%E1%83%94%E1%83%91%E1%83%98/ become /ka/%e1%83%92%e1%83%90%e1%83%9c%e1%83%aa%e1%83%ae%e1%83%90%e1%83%93%e1%83%94%e1%83%91%e1%83%94%e1%83%91%e1%83%98 ie all uppercase letter become lowercase, that cause ? pb with my rails app. does anyone know why nginx do this ? and is it possible to block this ? I can't just uppercase everything as there is some latin letter and my routes are case sensitive thanks Une messagerie gratuite, garantie ? vie et des services en plus, ?a vous tente ? Je cr?e ma bo?te mail www.laposte.net From francis at daoine.org Sun Jun 2 14:07:41 2013 From: francis at daoine.org (Francis Daly) Date: Sun, 2 Jun 2013 15:07:41 +0100 Subject: rewrite utf8 : why lower case In-Reply-To: <431377923.81802.1370180013991.JavaMail.www@wwinf8310> References: <431377923.81802.1370180013991.JavaMail.www@wwinf8310> Message-ID: <20130602140741.GP27406@craic.sysops.org> On Sun, Jun 02, 2013 at 03:33:34PM +0200, optimum.dulopin at laposte.net wrote: Hi there, > I have some routes that was previously with uppercase for language and now I want lowrcase. here is a route : /Ka/???????????? that should simply become /ka/???????????? > > in my conf if ($uri ~ ^/K(.+)){ set $bb $1; rewrite ^(.*)$ $scheme://$host/k$bb permanent; } > > and I cant understand why but /ka/%E1%83%92%E1%83%90%E1%83%9C%E1%83%AA%E1%83%AE%E1%83%90%E1%83%93%E1%83%94%E1%83%91%E1%83%94%E1%83%91%E1%83%98/ > > become > > /ka/%e1%83%92%e1%83%90%e1%83%9c%e1%83%aa%e1%83%ae%e1%83%90%e1%83%93%e1%83%94%e1%83%91%e1%83%94%e1%83%91%e1%83%98 > > ie all uppercase letter become lowercase, that cause ? pb with my rails app. > > does anyone know why nginx do this ? and is it possible to block this ? As I understand it: %AA and %aa are exactly equivalent in a url. nginx rewrite has to pick something, and chooses to use lowercase. I don't think there is a config-file way to control this. (AA and aa are different; but the percent encoding is case-insensitive.) You could try patching your nginx to make it choose to use uppercase, but that is unlikely to be very useful going forward. The best I can suggest is that if your rails app handles %AA and %aa differently, that's a bug in your rails app that might be easier for you to fix. > I can't just uppercase everything as there is some latin letter and my routes are case sensitive urls are case-sensitive *after* the %-decoding has happened. Before %-decoding, "%2E", "%2e", and "." are all equivalent, so requests for "/a.png", "/a%2Epng", and "/a%2epn%67" should be handled identically. Can you get your rails app to only consider the after-decoding request "/ka/????????????" for routing? f -- Francis Daly francis at daoine.org From mdounin at mdounin.ru Sun Jun 2 22:32:50 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 3 Jun 2013 02:32:50 +0400 Subject: fastcgi_read_timeout with PHP backend In-Reply-To: References: <20130527101947.GA72282@mdounin.ru> <20130529164627.GF72282@mdounin.ru> Message-ID: <20130602223250.GQ72282@mdounin.ru> Hello! On Sat, Jun 01, 2013 at 01:23:03PM -0400, B.R. wrote: > Hello, > > I do not know if my private emails on the matter to Maxim went through. > Non-broken resources were included. Non-broken tcpdump just confirms what was already said based on error log: nothing is seen from php after 18:48:45, and this results in the timeout at 18:50:45. You have to dig into your code. -- Maxim Dounin http://nginx.org/en/donation.html From nginx-forum at nginx.us Mon Jun 3 04:28:16 2013 From: nginx-forum at nginx.us (meltzerj) Date: Mon, 03 Jun 2013 00:28:16 -0400 Subject: Prevent NGINX from rerouting to a backend that was previously down Message-ID: I'm using NGINX's ip_hash directive to ensure that client requests always end up at the same backend server. In the case of a backend server outage, NGINX will reroute to the available server, and since I can listen for a disconnection event on my client application, I can have my client-side application react accordingly. However, when the previously down server comes back up, NGINX will route requests back to the original server. This breaks my application, as I have no way of knowing that this happens from my client-side application. So is there a way for NGINX to send a notification event to my client-side app when it detects that a previously down server is available, or preferably prevent NGINX from exhibiting this behavior? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239781,239781#msg-239781 From rga at abiosis.dk Mon Jun 3 09:31:58 2013 From: rga at abiosis.dk (Rasmus Glud Andersen) Date: Mon, 3 Jun 2013 11:31:58 +0200 Subject: upstream may not have port 80 ; upgrade from 1.2.1 to 1.4.1 Message-ID: <20130603093158.GB67078@mail.abiosis.dk> Hi, After running nginx 1.2.1 with the following configuration, I now get warnings when testing the same configuration under 1.4.1 Any advice on this would be highly appreciated. [error] $ nginx -t -c /tmp/nginx.conf nginx: [warn] upstream "appcluster-secure" may not have port 80 in /tmp/nginx.conf:60 nginx: configuration file /tmp/nginx.conf test failed $ nginx -V nginx version: nginx/1.4.1 TLS SNI support enabled configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-ipv6 --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_stub_status_module --add-module=/usr/ports/www/nginx/work/nginx-sticky-module-1.1 --with-pcre --add-module=/usr/ports/www/nginx/work/yaoweibin-nginx_tcp_proxy_module-b83e5a6 --with-http_ssl_module [http] Server listen on 192.168.1.227:80 forwards to 192.168.3.224:80 Server listen on 192.168.1.226:80 forwards to 192.168.0.123:80 and 192.168.0.124:80 [tcp] Server listen on 192.168.1.226:443 forwards to 192.168.0.123:443 and 192.168.0.124:443 ---[ nginx.conf ]--- 1 # $Id: nginx.conf,v 1.15 2013/06/03 07:16:28 root Exp $ 2 3 #user nobody; 4 worker_processes 1; 5 6 events { 7 worker_connections 1024; 8 } 9 10 http { 11 proxy_read_timeout 300; 12 13 upstream appcluster { 14 sticky; 15 server 192.168.0.123:80; 16 server 192.168.0.124:80; 17 } 18 19 upstream single_server { 20 sticky; 21 server 192.168.3.244:80; 22 } 23 24 default_type application/octet-stream; 25 sendfile on; 26 keepalive_timeout 65; 27 28 server { 29 listen 192.168.1.227:80; 30 server_name localhost; 31 location / { 32 proxy_pass http://single_server; 33 proxy_set_header Host $host; 34 } 35 error_page 500 502 503 504 /50x.html; 36 location = /50x.html { 37 root /usr/local/www/nginx-dist; 38 } 39 } 40 41 server { 42 listen 192.168.1.226:80; 43 server_name localhost; 44 location / { 45 proxy_pass http://appcluster; 46 proxy_set_header Host $host; 47 } 48 } 49 } 50 51 tcp { 52 upstream appcluster-secure { 53 server 192.168.0.123:443; 54 server 192.168.0.124:443; 55 } 56 server { 57 listen 192.168.1.226:443; 58 server_name _; 59 tcp_nodelay on; 60 proxy_pass appcluster-secure; 61 } 62 } 63 } 64 ---[ EOF ]--- -- Rasmus G. Andersen From mdounin at mdounin.ru Mon Jun 3 11:06:46 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 3 Jun 2013 15:06:46 +0400 Subject: upstream may not have port 80 ; upgrade from 1.2.1 to 1.4.1 In-Reply-To: <20130603093158.GB67078@mail.abiosis.dk> References: <20130603093158.GB67078@mail.abiosis.dk> Message-ID: <20130603110646.GS72282@mdounin.ru> Hello! On Mon, Jun 03, 2013 at 11:31:58AM +0200, Rasmus Glud Andersen wrote: > Hi, > > After running nginx 1.2.1 with the following configuration, I now get warnings when testing the same configuration under 1.4.1 > > Any advice on this would be highly appreciated. > > > [error] > $ nginx -t -c /tmp/nginx.conf > nginx: [warn] upstream "appcluster-secure" may not have port 80 in /tmp/nginx.conf:60 > nginx: configuration file /tmp/nginx.conf test failed > > $ nginx -V > nginx version: nginx/1.4.1 > TLS SNI support enabled > configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-ipv6 --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_stub_status_module --add-module=/usr/ports/www/nginx/work/nginx-sticky-module-1.1 --with-pcre --add-module=/usr/ports/www/nginx/work/yaoweibin-nginx_tcp_proxy_module-b83e5a6 --with-http_ssl_module You have to upgrade tcp proxy module to a newer version. [...] -- Maxim Dounin http://nginx.org/en/donation.html From iptablez at yahoo.com Mon Jun 3 11:38:54 2013 From: iptablez at yahoo.com (Indo Php) Date: Mon, 3 Jun 2013 04:38:54 -0700 (PDT) Subject: Import Static File into MogileFS Message-ID: <1370259534.12828.YahooMailNeo@web142305.mail.bf1.yahoo.com> hi all i want to ask about importing our existing static files into nginx + mogilefs module is that posibble to add like proxy_store and proxy_pass from http address? -------------- next part -------------- An HTML attachment was scrubbed... URL: From rga at abiosis.dk Mon Jun 3 11:52:44 2013 From: rga at abiosis.dk (Rasmus Glud Andersen) Date: Mon, 3 Jun 2013 13:52:44 +0200 Subject: upstream may not have port 80 ; upgrade from 1.2.1 to 1.4.1 In-Reply-To: <20130603110646.GS72282@mdounin.ru> References: <20130603093158.GB67078@mail.abiosis.dk> <20130603110646.GS72282@mdounin.ru> Message-ID: <20130603115244.GA68745@mail.abiosis.dk> On Mon, Jun 03, 2013 at 03:06:46PM +0400, Maxim Dounin wrote: > > On Mon, Jun 03, 2013 at 11:31:58AM +0200, Rasmus Glud Andersen wrote: > > > After running nginx 1.2.1 with the following configuration, I now get warnings when testing the same configuration under 1.4.1 > > > > [error] > > $ nginx -t -c /tmp/nginx.conf > > nginx: [warn] upstream "appcluster-secure" may not have port 80 in /tmp/nginx.conf:60 > > nginx: configuration file /tmp/nginx.conf test failed > > > > $ nginx -V > > nginx version: nginx/1.4.1 > > TLS SNI support enabled > > configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-ipv6 --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_stub_status_module --add-module=/usr/ports/www/nginx/work/nginx-sticky-module-1.1 --with-pcre --add-module=/usr/ports/www/nginx/work/yaoweibin-nginx_tcp_proxy_module-b83e5a6 --with-http_ssl_module > > You have to upgrade tcp proxy module to a newer version. > [...] Thank you, solved the problem. -- Rasmus G. Andersen From nginx-forum at nginx.us Mon Jun 3 12:57:21 2013 From: nginx-forum at nginx.us (Belly) Date: Mon, 03 Jun 2013 08:57:21 -0400 Subject: Memory Management ( > 25GB memory usage) Message-ID: Hello nginx! I have one worker-process, which uses over 25GB memory (and doesn't stop to do that). My configuration is... let's say special: So there is nginx, which proxies all requests to the PHP backend and the PHP backend sends a large request back to nginx. I set the fastcgi_buffers very enormous huge to avoid nginx creating temporary files on my disk - which would result in high CPU load. Here is my configuration: (reduced to the problem) worker_processes 1; worker_rlimit_nofile 80000; worker_priority -20; events { worker_connections 10240; multi_accept on; } # ... # fastcgi settings fastcgi_buffers 20480 1k; fastcgi_connect_timeout 30; fastcgi_read_timeout 30; fastcgi_send_timeout 30; fastcgi_keep_conn on; upstream php-backend { server 127.0.0.1:9000; keepalive 10000; } As you can see the buffers are extreme large, to avoid disk buffering. The problem is that nginx doesn't free the buffers. It just eats and eats. I know it's my fault and not nginx' fault. What am I doing wrong? The response of my php backend could be from 1k to 300mb. What is the best setting for my situation? Thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239795,239795#msg-239795 From shahzaib.cb at gmail.com Mon Jun 3 13:05:23 2013 From: shahzaib.cb at gmail.com (shahzaib shahzaib) Date: Mon, 3 Jun 2013 18:05:23 +0500 Subject: Memory Management ( > 25GB memory usage) In-Reply-To: References: Message-ID: Hello, Please assign worker-processors according to the number of cpus your server have and reduce or comment the values regarding fastcgi buffers and examine the changes after doing it. On Mon, Jun 3, 2013 at 5:57 PM, Belly wrote: > Hello nginx! > > I have one worker-process, which uses over 25GB memory (and doesn't stop to > do that). > My configuration is... let's say special: > > So there is nginx, which proxies all requests to the PHP backend and the > PHP > backend sends a large request back to nginx. I set the fastcgi_buffers very > enormous huge to avoid nginx creating temporary files on my disk - which > would result in high CPU load. > > Here is my configuration: (reduced to the problem) > > worker_processes 1; > worker_rlimit_nofile 80000; > worker_priority -20; > > events { > worker_connections 10240; > multi_accept on; > } > # ... > # fastcgi settings > fastcgi_buffers 20480 1k; > fastcgi_connect_timeout 30; > fastcgi_read_timeout 30; > fastcgi_send_timeout 30; > fastcgi_keep_conn on; > upstream php-backend { > server 127.0.0.1:9000; > keepalive 10000; > } > > > As you can see the buffers are extreme large, to avoid disk buffering. The > problem is that nginx doesn't free the buffers. It just eats and eats. I > know it's my fault and not nginx' fault. What am I doing wrong? > > The response of my php backend could be from 1k to 300mb. > > What is the best setting for my situation? > > Thanks > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,239795,239795#msg-239795 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Mon Jun 3 13:13:39 2013 From: nginx-forum at nginx.us (Belly) Date: Mon, 03 Jun 2013 09:13:39 -0400 Subject: Memory Management ( > 25GB memory usage) In-Reply-To: References: Message-ID: <7e1ac1476138e1d6d1a09ccdb1c21f0a.NginxMailingListEnglish@forum.nginx.org> Thanks for your reply! I don't have performance issues. It's just the memory usage. I don't know how nginx handles its memory, but if I increase the number of worker processes wouldn't this lead into much higher memory usage (worker_process*25GB) ? The one worker is able to handle all requests, I don't see the point of adding more workers. I want to know why nginx does not free the buffers after a request is finished. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239795,239797#msg-239797 From mdounin at mdounin.ru Mon Jun 3 13:51:04 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 3 Jun 2013 17:51:04 +0400 Subject: Memory Management ( > 25GB memory usage) In-Reply-To: References: Message-ID: <20130603135104.GW72282@mdounin.ru> Hello! On Mon, Jun 03, 2013 at 08:57:21AM -0400, Belly wrote: > Hello nginx! > > I have one worker-process, which uses over 25GB memory (and doesn't stop to > do that). > My configuration is... let's say special: > > So there is nginx, which proxies all requests to the PHP backend and the PHP > backend sends a large request back to nginx. I set the fastcgi_buffers very > enormous huge to avoid nginx creating temporary files on my disk - which > would result in high CPU load. > > Here is my configuration: (reduced to the problem) > > worker_processes 1; > worker_rlimit_nofile 80000; > worker_priority -20; > > events { > worker_connections 10240; > multi_accept on; > } > # ... > # fastcgi settings > fastcgi_buffers 20480 1k; Just a side note: each buffer structure takes about 100 bytes of memory on 64-bit platforms, and using 1k buffers results in about 10% overhead just because of this. > fastcgi_connect_timeout 30; > fastcgi_read_timeout 30; > fastcgi_send_timeout 30; > fastcgi_keep_conn on; > upstream php-backend { > server 127.0.0.1:9000; > keepalive 10000; > } > > > As you can see the buffers are extreme large, to avoid disk buffering. The > problem is that nginx doesn't free the buffers. It just eats and eats. I > know it's my fault and not nginx' fault. What am I doing wrong? > > The response of my php backend could be from 1k to 300mb. With your settings each connection can allocate up to 20M of buffers. That is, 1500k connections are enough to allocate 25G of memory. So the basic question is - how many connections are open? With pessimistic assumption of 10k connections as per worker_connections, you configuration will result in more than 200G memory used. > What is the best setting for my situation? I would recommend using "fastcgi_max_temp_file_size 0;" if you want to disable disk buffering (see [1]), and configuring some reasonable number of reasonably sized fastcgi_buffers. I would recommend starting tuning with something like 32 x 64k buffers. [1] http://nginx.org/r/fastcgi_max_temp_file_size -- Maxim Dounin http://nginx.org/en/donation.html From nginx-forum at nginx.us Mon Jun 3 14:13:03 2013 From: nginx-forum at nginx.us (Belly) Date: Mon, 03 Jun 2013 10:13:03 -0400 Subject: Memory Management ( > 25GB memory usage) In-Reply-To: <20130603135104.GW72282@mdounin.ru> References: <20130603135104.GW72282@mdounin.ru> Message-ID: <10fd19b439227d55c7a3200dad891df6.NginxMailingListEnglish@forum.nginx.org> Thanks Maxim for you answer! Maxim Dounin Wrote: ------------------------------------------------------- > Hello! > > On Mon, Jun 03, 2013 at 08:57:21AM -0400, Belly wrote: > > > Hello nginx! > > > > I have one worker-process, which uses over 25GB memory (and doesn't > stop to > > do that). > > My configuration is... let's say special: > > > > So there is nginx, which proxies all requests to the PHP backend and > the PHP > > backend sends a large request back to nginx. I set the > fastcgi_buffers very > > enormous huge to avoid nginx creating temporary files on my disk - > which > > would result in high CPU load. > > > > Here is my configuration: (reduced to the problem) > > > > worker_processes 1; > > worker_rlimit_nofile 80000; > > worker_priority -20; > > > > events { > > worker_connections 10240; > > multi_accept on; > > } > > # ... > > # fastcgi settings > > fastcgi_buffers 20480 1k; > > Just a side note: each buffer structure takes about 100 bytes of > memory on 64-bit platforms, and using 1k buffers results in about > 10% overhead just because of this. > Very interesting! - Didn't know that... Thanks! > > fastcgi_connect_timeout 30; > > fastcgi_read_timeout 30; > > fastcgi_send_timeout 30; > > fastcgi_keep_conn on; > > upstream php-backend { > > server 127.0.0.1:9000; > > keepalive 10000; > > } > > > > > > As you can see the buffers are extreme large, to avoid disk > buffering. The > > problem is that nginx doesn't free the buffers. It just eats and > eats. I > > know it's my fault and not nginx' fault. What am I doing wrong? > > > > The response of my php backend could be from 1k to 300mb. > > With your settings each connection can allocate up to 20M of > buffers. That is, 1500k connections are enough to allocate 25G of > memory. So the basic question is - how many connections are open? > 1000 - 2000... got your point. > With pessimistic assumption of 10k connections as per > worker_connections, you configuration will result in more than > 200G memory used. > > > What is the best setting for my situation? > > I would recommend using "fastcgi_max_temp_file_size 0;" if you > want to disable disk buffering (see [1]), and configuring some > reasonable number of reasonably sized fastcgi_buffers. I would > recommend starting tuning with something like 32 x 64k buffers. > > [1] http://nginx.org/r/fastcgi_max_temp_file_size > I read about fastcgi_max_temp_file_size, but I'm a bit afraid of. fastcgi_max_temp_file_size 0; states that data will be transfered synchronously. What does it mean exactly? Is it faster/better than disk buffering? Nginx is built in an asynchronous way. What happens if a worker will do a synchronous job inside an asynchronous one? Will it block the event loop? > -- > Maxim Dounin > http://nginx.org/en/donation.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239795,239801#msg-239801 From mdounin at mdounin.ru Mon Jun 3 15:13:20 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 3 Jun 2013 19:13:20 +0400 Subject: Memory Management ( > 25GB memory usage) In-Reply-To: <10fd19b439227d55c7a3200dad891df6.NginxMailingListEnglish@forum.nginx.org> References: <20130603135104.GW72282@mdounin.ru> <10fd19b439227d55c7a3200dad891df6.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20130603151320.GZ72282@mdounin.ru> Hello! On Mon, Jun 03, 2013 at 10:13:03AM -0400, Belly wrote: > Thanks Maxim for you answer! > > Maxim Dounin Wrote: > ------------------------------------------------------- > > Hello! > > > > On Mon, Jun 03, 2013 at 08:57:21AM -0400, Belly wrote: > > > > > Hello nginx! > > > > > > I have one worker-process, which uses over 25GB memory (and doesn't > > stop to > > > do that). > > > My configuration is... let's say special: > > > > > > So there is nginx, which proxies all requests to the PHP backend and > > the PHP > > > backend sends a large request back to nginx. I set the > > fastcgi_buffers very > > > enormous huge to avoid nginx creating temporary files on my disk - > > which > > > would result in high CPU load. > > > > > > Here is my configuration: (reduced to the problem) > > > > > > worker_processes 1; > > > worker_rlimit_nofile 80000; > > > worker_priority -20; > > > > > > events { > > > worker_connections 10240; > > > multi_accept on; > > > } > > > # ... > > > # fastcgi settings > > > fastcgi_buffers 20480 1k; > > > > Just a side note: each buffer structure takes about 100 bytes of > > memory on 64-bit platforms, and using 1k buffers results in about > > 10% overhead just because of this. > > > > Very interesting! - Didn't know that... Thanks! > > > > fastcgi_connect_timeout 30; > > > fastcgi_read_timeout 30; > > > fastcgi_send_timeout 30; > > > fastcgi_keep_conn on; > > > upstream php-backend { > > > server 127.0.0.1:9000; > > > keepalive 10000; > > > } > > > > > > > > > As you can see the buffers are extreme large, to avoid disk > > buffering. The > > > problem is that nginx doesn't free the buffers. It just eats and > > eats. I > > > know it's my fault and not nginx' fault. What am I doing wrong? > > > > > > The response of my php backend could be from 1k to 300mb. > > > > With your settings each connection can allocate up to 20M of > > buffers. That is, 1500k connections are enough to allocate 25G of > > memory. So the basic question is - how many connections are open? > > > > 1000 - 2000... got your point. > > > With pessimistic assumption of 10k connections as per > > worker_connections, you configuration will result in more than > > 200G memory used. > > > > > What is the best setting for my situation? > > > > I would recommend using "fastcgi_max_temp_file_size 0;" if you > > want to disable disk buffering (see [1]), and configuring some > > reasonable number of reasonably sized fastcgi_buffers. I would > > recommend starting tuning with something like 32 x 64k buffers. > > > > [1] http://nginx.org/r/fastcgi_max_temp_file_size > > > > I read about fastcgi_max_temp_file_size, but I'm a bit afraid of. > fastcgi_max_temp_file_size 0; states that data will be transfered > synchronously. What does it mean exactly? Is it faster/better than disk > buffering? Nginx is built in an asynchronous way. What happens if a worker > will do a synchronous job inside an asynchronous one? Will it block the > event loop? Docs ask linked document the effect as follows: : Value of zero disables buffering of responses to temporary files. This is what it actually does - it stops nginx from using disk buffering. Instead, if fastcgi_buffers configured isn't enough, nginx will wait for some buffers to be sent to a client before reading more data from a backend. Note this means the backend will be busy sending the response for a longer time. -- Maxim Dounin http://nginx.org/en/donation.html From nginx at 2xlp.com Mon Jun 3 15:17:31 2013 From: nginx at 2xlp.com (Jonathan Vanasco) Date: Mon, 3 Jun 2013 11:17:31 -0400 Subject: Memory Management ( > 25GB memory usage) In-Reply-To: <10fd19b439227d55c7a3200dad891df6.NginxMailingListEnglish@forum.nginx.org> References: <20130603135104.GW72282@mdounin.ru> <10fd19b439227d55c7a3200dad891df6.NginxMailingListEnglish@forum.nginx.org> Message-ID: <09DF61EF-4118-4943-924D-0CD706875994@2xlp.com> On Jun 3, 2013, at 10:13 AM, Belly wrote: >>> What is the best setting for my situation? >> >> I would recommend using "fastcgi_max_temp_file_size 0;" if you >> want to disable disk buffering (see [1]), and configuring some >> reasonable number of reasonably sized fastcgi_buffers. I would >> recommend starting tuning with something like 32 x 64k buffers. >> >> [1] http://nginx.org/r/fastcgi_max_temp_file_size >> > > I read about fastcgi_max_temp_file_size, but I'm a bit afraid of. > fastcgi_max_temp_file_size 0; states that data will be transfered > synchronously. What does it mean exactly? Is it faster/better than disk > buffering? Nginx is built in an asynchronous way. What happens if a worker > will do a synchronous job inside an asynchronous one? Will it block the > event loop? It's always been my understanding that in this context, "synchronously" means that nginx is proxying the data from php/fcgi to the client in real time. This sounds like a typical problem of application load balancing. The disk buffering / temp files allows for nginx to immediately "slurp" the entire response from the backend process, and then serves the files to the downstream client. This has the advantage of allowing you to immediately re-use the fcgi process for dynamic content ? slow or hangup connections downstream won't tie up your pool of fcgi/apache processes. restated with blocking - the temp files allow for blocking within nginx instead of php ( nginx can handle 10k connections, php is limited to the number of processes ). by removing the tempfiles, blocking will happen within php instead. my advice would be to use URL partitioning to segment this type of behavior. I would only allow specific URLs to have no tmp files , and I would proxy them back to a different pool of fcgi (or apache) servers running with a tweaked config. this would allow the blocking activity from the routes serving large files to not affect the "global" pool of php processes. i would also look into periodic reloads of nginx, to see if that frees things up. if so, that might be a simpler/more elegant solution. I encountered problems like this about 10years ago with mod_perl under apache. The aggressive code optimizations and memory/process management were tailored to making the application work very well ? but did not play nice with the rest of the box. The fix was to keep a low number of max_requests , and move to a "vanilla + mod_perl apache" system. Years later, nginx became the vanilla apache. similar issues like this happen to people in the python and ruby communities as well ? more expensive or intensive routes are often sectioned off and dispatched to a different pool of servers , so their workload doesn't affect the rest of requests. -------------- next part -------------- An HTML attachment was scrubbed... URL: From aldernetwork at gmail.com Mon Jun 3 22:24:52 2013 From: aldernetwork at gmail.com (Alder Network) Date: Mon, 3 Jun 2013 15:24:52 -0700 Subject: Need help: websocket proxy stops working after a while Message-ID: I got nginx websocket proxy working but the socket would close in a minute or so. So I add proxy_read_timeout 180s; and it works within 3 minutes but closed the websocket after 3 minutes, but it works OK before that. Why is that? BTW, I am using Nginx 1.4 now. Thanks, - Alder -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Mon Jun 3 23:07:50 2013 From: nginx-forum at nginx.us (kgoess) Date: Mon, 03 Jun 2013 19:07:50 -0400 Subject: HTTP status codes missing description in header for proxy_pass Message-ID: We're using nginx as a middle layer in front of our application server (mod_perl). When mod_perl returns an error page, the HTTP status line is missing the "reason phrase" after the status code, like "Not Found", e.g. HTTP/1.1 404 Server: nginx/1.2.1 ...etc should be HTTP/1.1 404 Not Found ...etc... AFAICT, the HTTP spec requires at least a space after the status code: --------------------------------------------- http://www.w3.org/Protocols/rfc1945/rfc1945 The first line of a Full-Response message is the Status-Line, consisting of the protocol version followed by a numeric status code and its associated textual phrase, with each element separated by SP characters. No CR or LF is allowed except in the final CRLF sequence. Status-Line = HTTP-Version SP Status-Code SP Reason-Phrase CRLF Since a status line always begins with the protocol version and status code "HTTP/" 1*DIGIT "." 1*DIGIT SP 3DIGIT SP (e.g., "HTTP/1.0 200 "), --------------------------------------------- Reason-Phrase = * --------------------------------------------- The reason we noticed is that putting Perlbal in front of nginx got the status rejected, since Perlbal is written to strictly follow the spec: ------------------------------------------------ return fail("Bogus response line") unless $self->{responseLine} =~ m!^HTTP\/(\d+)\.(\d+)\s+(\d+)(?:\s+(.*))$!; ------------------------------------------------ Is this a bug in nginx, or a configuration issue that we can fix? The patch to Perlbal is simple enough, is it worth looking for a patch to nginx? Or did we miss something else entirely? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239811,239811#msg-239811 From luky-37 at hotmail.com Mon Jun 3 23:19:49 2013 From: luky-37 at hotmail.com (Lukas Tribus) Date: Tue, 4 Jun 2013 01:19:49 +0200 Subject: HTTP status codes missing description in header for proxy_pass In-Reply-To: References: Message-ID: Hi, nginx does its job correctly: ?? $ curl -I http://nginx.org/404 ?? $ HTTP/1.1 404 Not Found ?? $ [...] I guess the irregular response comes from your mod_perl backend? Did you check that out? Capturing nginx's debug output of such a request will probably help. http://nginx.org/en/docs/debugging_log.html Regards, Lukas From info at pkern.at Mon Jun 3 23:53:44 2013 From: info at pkern.at (Patrik Kernstock) Date: Tue, 4 Jun 2013 01:53:44 +0200 Subject: WBB ACP HTTPS Rewrite rule Message-ID: <056701ce60b5$99034b00$cb09e100$@pkern.at> Hello, I'm trying since about half an hour to get SSL-only on the administration panel of Woltlab burning board working, but without success. The rule will just be ignored. What I currently have: location /acp/(.*)$ { if ($server_port = 80) { rewrite ^/(.*)$ https://forum/acp/$1 redirect; } } Thanks for any help! :) Kind regards, Patrik Kernstock From appa at perusio.net Tue Jun 4 00:02:11 2013 From: appa at perusio.net (=?ISO-8859-1?Q?Ant=F3nio_P=2E_P=2E_Almeida?=) Date: Tue, 4 Jun 2013 02:02:11 +0200 Subject: WBB ACP HTTPS Rewrite rule In-Reply-To: <056701ce60b5$99034b00$cb09e100$@pkern.at> References: <056701ce60b5$99034b00$cb09e100$@pkern.at> Message-ID: Try: server { server_name forum; ... location ^~ /acp/ { return 301 https://forum$request_uri; } } server { server_name forum; listen 443 ssl; .... location / { return 301 http://forum$request_uri; } location ^~ /acp/ { ... } } ----appa On Tue, Jun 4, 2013 at 1:53 AM, Patrik Kernstock wrote: > Hello, > > I'm trying since about half an hour to get SSL-only on the administration > panel of Woltlab burning board working, but without success. The rule will > just be ignored. > > What I currently have: > location /acp/(.*)$ { > if ($server_port = 80) { > rewrite ^/(.*)$ https://forum/acp/$1 redirect; > } > } > > Thanks for any help! :) > > Kind regards, > Patrik Kernstock > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From info at pkern.at Tue Jun 4 00:38:04 2013 From: info at pkern.at (Patrik Kernstock) Date: Tue, 4 Jun 2013 02:38:04 +0200 Subject: AW: WBB ACP HTTPS Rewrite rule In-Reply-To: References: <056701ce60b5$99034b00$cb09e100$@pkern.at> Message-ID: <057a01ce60bb$cad0b770$60722650$@pkern.at> Thanks for your fast reply, Antonio! I forgot to say, that I try to only enable SSL on ACP on not for the rest of the forum :) Von: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] Im Auftrag von Ant?nio P. P. Almeida Gesendet: Dienstag, 04. Juni 2013 02:02 An: nginx Betreff: Re: WBB ACP HTTPS Rewrite rule Try: server { ? ? ?server_name forum; ?? ? ? ... ? ? ?location ^~ /acp/ { ? ? ? ? ?return 301 https://forum$request_uri; ? ? ?} } server { ? ? ?server_name forum; ?? ? ? ?listen 443 ssl; ? ? .... ? ? location / { ? ? ? ? return 301 http://forum$request_uri; ? ? } ? ? ?location ^~ /acp/ { ? ? ? ? ?... ? ? ?} } From the.energetic at gmail.com Tue Jun 4 03:17:54 2013 From: the.energetic at gmail.com (Travis Maxwell) Date: Mon, 3 Jun 2013 23:17:54 -0400 Subject: Nginx permission denied for tmp directory (with correct user) Message-ID: <7758B7AE-5F66-4946-83C5-F2A2E28423A4@gmail.com> Whenever I submit a long post from within wordpress, I get the following error: 2013/06/04 03:04:19 [crit] 12248#0: *491 open() "/var/lib/nginx/tmp/client_body/0000000008" failed (13: Permission denied) It works fine if the post isn't that long, but submitting a long one throws a 500 error on the front end, and this in my error log file :/ I tried googling and nothing is much help, other than to change the user or something Right now I already have... /var/lib/nginx/tmp/client_body owned by www:www (nginx) and set to 700 permissions -------------- next part -------------- An HTML attachment was scrubbed... URL: From steve at greengecko.co.nz Tue Jun 4 03:46:05 2013 From: steve at greengecko.co.nz (Steve Holdoway) Date: Tue, 04 Jun 2013 15:46:05 +1200 Subject: Nginx permission denied for tmp directory (with correct user) In-Reply-To: <7758B7AE-5F66-4946-83C5-F2A2E28423A4@gmail.com> References: <7758B7AE-5F66-4946-83C5-F2A2E28423A4@gmail.com> Message-ID: <1370317565.29037.189.camel@steve-new> On Mon, 2013-06-03 at 23:17 -0400, Travis Maxwell wrote: > Whenever I submit a long post from within wordpress, I get the > following error: > > 2013/06/04 03:04:19 [crit] 12248#0: *491 open() "/var/lib/nginx/tmp/client_body/0000000008" failed (13: Permission denied) > It works fine if the post isn't that long, but submitting a long one > throws a 500 error on the front end, and this in my error log file :/ > > I tried googling and nothing is much help, other than to change the > user or something > > Right now I already have... > > /var/lib/nginx/tmp/client_body owned by www:www (nginx) and set to 700 > permissions This is usually caused by user www not having read/execute ( well, technically just execute but that's a bit of a pain to use ) access to one of the parent directories. I expect the file is only used when temp storage is needed for the fastcgi php access, so it may be worth increasing those resources too. hth, Steve -- Steve Holdoway BSc(Hons) MNZCS http://www.greengecko.co.nz Linkedin: http://www.linkedin.com/in/steveholdoway Skype: sholdowa From the.energetic at gmail.com Tue Jun 4 03:58:20 2013 From: the.energetic at gmail.com (Travis Maxwell) Date: Mon, 3 Jun 2013 23:58:20 -0400 Subject: Nginx permission denied for tmp directory (with correct user) In-Reply-To: <1370317565.29037.189.camel@steve-new> References: <7758B7AE-5F66-4946-83C5-F2A2E28423A4@gmail.com> <1370317565.29037.189.camel@steve-new> Message-ID: Thanks! that worked :) I didn't think about parent directories On Jun 3, 2013, at 11:46 PM, Steve Holdoway wrote: > On Mon, 2013-06-03 at 23:17 -0400, Travis Maxwell wrote: >> Whenever I submit a long post from within wordpress, I get the >> following error: >> >> 2013/06/04 03:04:19 [crit] 12248#0: *491 open() "/var/lib/nginx/tmp/client_body/0000000008" failed (13: Permission denied) >> It works fine if the post isn't that long, but submitting a long one >> throws a 500 error on the front end, and this in my error log file :/ >> >> I tried googling and nothing is much help, other than to change the >> user or something >> >> Right now I already have... >> >> /var/lib/nginx/tmp/client_body owned by www:www (nginx) and set to 700 >> permissions > This is usually caused by user www not having read/execute ( well, > technically just execute but that's a bit of a pain to use ) access to > one of the parent directories. > > I expect the file is only used when temp storage is needed for the > fastcgi php access, so it may be worth increasing those resources too. > > hth, > > Steve > > -- > Steve Holdoway BSc(Hons) MNZCS > http://www.greengecko.co.nz > Linkedin: http://www.linkedin.com/in/steveholdoway > Skype: sholdowa > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Tue Jun 4 04:52:03 2013 From: nginx-forum at nginx.us (justin) Date: Tue, 04 Jun 2013 00:52:03 -0400 Subject: HTTP status code 499 from long running requests In-Reply-To: <20130602110424.GK72282@mdounin.ru> References: <20130602110424.GK72282@mdounin.ru> Message-ID: <1e4fd0823496bde4d9bab012f84b5827.NginxMailingListEnglish@forum.nginx.org> Maxim, Does it seem reasonable that the 499 status codes are responsible for double requests? I.E. do you think the client is resending the request after the 499 status? Maxim Dounin Wrote: ------------------------------------------------------- > Hello! > > On Sat, Jun 01, 2013 at 09:09:55PM -0400, justin wrote: > > > Hello, I have long running requests upwards of five minutes that are > called > > via ajax (jQuery) (XHR), and hitting a backend PHP script. > > > > I am seeing very strange behavior, intermittently calling the script > twice, > > even though in Chrome developers tools I only see a single XHR > request in > > the network pane. I know that it is running twice because in my > backend PHP > > script I write a log to a MySQL database, and I am seeing two > entries. > > > > I took a look at the nginx access log, and seeing HTTP status code > 499, > > which seems to be: client closed connection before nginx > > was able to send anything to client. > > > > What is the best way to fix this? Is there a config setting in nginx > to keep > > the connection open? Or is the client terminating the request, and > then > > reissuing the request, thus way I am seeing two entries? > > The 499 code means that _client_ closed connection, and there is > more or less nothing you can do from nginx side. You have to > either find a way to ask client to wait longer before it gives up, > or return something before it gives up. > > -- > Maxim Dounin > http://nginx.org/en/donation.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239759,239819#msg-239819 From nginx-forum at nginx.us Tue Jun 4 07:48:27 2013 From: nginx-forum at nginx.us (Belly) Date: Tue, 04 Jun 2013 03:48:27 -0400 Subject: Memory Management ( > 25GB memory usage) In-Reply-To: References: Message-ID: Thanks Maxim and Jonathan for making these things clear to me! Disabling disk buffering by using fastcgi_max_temp_file_size 0; and reducing the number of buffers solved the problem and made my service more efficient. Best Regards, Belly Dancer Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239795,239822#msg-239822 From mdounin at mdounin.ru Tue Jun 4 10:45:07 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 4 Jun 2013 14:45:07 +0400 Subject: Need help: websocket proxy stops working after a while In-Reply-To: References: Message-ID: <20130604104507.GE72282@mdounin.ru> Hello! On Mon, Jun 03, 2013 at 03:24:52PM -0700, Alder Network wrote: > I got nginx websocket proxy working but the socket would close > in a minute or so. So I add > proxy_read_timeout 180s; > and it works within 3 minutes but closed the websocket after 3 > minutes, but it works OK before that. Why is that? > BTW, I am using Nginx 1.4 now. Much like with normal http, nginx will time out connection to the upstream server if it doesn't see any data from it. If with a backend you use there are no data expected from the backend to a client, there are two possible solutions: 1) Send periodic ping frames from the backend. 2) Configure higher proxy_read_timeout in a location where websocket connections are handled. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Jun 4 10:56:05 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 4 Jun 2013 14:56:05 +0400 Subject: HTTP status codes missing description in header for proxy_pass In-Reply-To: References: Message-ID: <20130604105605.GG72282@mdounin.ru> Hello! On Mon, Jun 03, 2013 at 07:07:50PM -0400, kgoess wrote: > We're using nginx as a middle layer in front of our application server > (mod_perl). When mod_perl returns an error page, the HTTP status line is > missing the "reason phrase" after the status code, like "Not Found", e.g. > > HTTP/1.1 404 > Server: nginx/1.2.1 > ...etc > > should be > > HTTP/1.1 404 Not Found > ...etc... [...] > Is this a bug in nginx, or a configuration issue that we can fix? The patch > to Perlbal is simple enough, is it worth looking for a patch to nginx? Or > did we miss something else entirely? As soon as you proxy requests to another server - nginx just returns a status line as got from a backend as soon as it's able to recognize it. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Jun 4 11:28:03 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 4 Jun 2013 15:28:03 +0400 Subject: HTTP status code 499 from long running requests In-Reply-To: <1e4fd0823496bde4d9bab012f84b5827.NginxMailingListEnglish@forum.nginx.org> References: <20130602110424.GK72282@mdounin.ru> <1e4fd0823496bde4d9bab012f84b5827.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20130604112803.GH72282@mdounin.ru> Hello! On Tue, Jun 04, 2013 at 12:52:03AM -0400, justin wrote: > Does it seem reasonable that the 499 status codes are responsible for double > requests? I.E. do you think the client is resending the request after the > 499 status? No. But both 499 status codes (i.e. client closed connection) and double requests are likely happen because client times out. -- Maxim Dounin http://nginx.org/en/donation.html From pablo.platt at gmail.com Tue Jun 4 11:39:38 2013 From: pablo.platt at gmail.com (pablo platt) Date: Tue, 4 Jun 2013 14:39:38 +0300 Subject: ulimit in the ubuntu package Message-ID: Hi, I'm using the ubuntu package from nginx.org. In the package from the official ubuntu repo, you can set file descriptor limit by changing /etc/default/nginx # Check if the ULIMIT is set in /etc/default/nginx if [ -n "$ULIMIT" ]; then # Set the ulimits ulimit $ULIMIT fi Is there a reason this setting is missing from the nginx.org package? I increased the limit but checking /proc//limits still shows the default. Should it be enough to set the soft and hard nofile limits in /etc/security/limits.conf or do I have to set ulimit $ULIMIT in the init.d script? Are there plans to use upstart instead of init.d script? Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From sb at waeme.net Tue Jun 4 12:30:40 2013 From: sb at waeme.net (Sergey Budnevitch) Date: Tue, 4 Jun 2013 16:30:40 +0400 Subject: ulimit in the ubuntu package In-Reply-To: References: Message-ID: <277BD3DF-E518-41A2-B7C4-1BA0D31AE3E9@waeme.net> On 4 Jun2013, at 15:39 , pablo platt wrote: > Hi, > > I'm using the ubuntu package from nginx.org. > > In the package from the official ubuntu repo, you can set file descriptor limit by changing /etc/default/nginx > # Check if the ULIMIT is set in /etc/default/nginx > if [ -n "$ULIMIT" ]; then > # Set the ulimits > ulimit $ULIMIT > fi ulimit without flags sets max file size in blocks, not file descriptor limit, so you may fill a bug in their bug tracker. > Is there a reason this setting is missing from the nginx.org package? > > I increased the limit but checking /proc//limits still shows the default. > Should it be enough to set the soft and hard nofile limits in /etc/security/limits.conf > or do I have to set ulimit $ULIMIT in the init.d script? You may add worker_rlimit_nofile in nginx.conf (http://nginx.org/r/worker_rlimit_nofile). > > Are there plans to use upstart instead of init.d script? No. I will try to wait until either systemd or upstart win. :-) From mdounin at mdounin.ru Tue Jun 4 12:39:06 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 4 Jun 2013 16:39:06 +0400 Subject: ulimit in the ubuntu package In-Reply-To: <277BD3DF-E518-41A2-B7C4-1BA0D31AE3E9@waeme.net> References: <277BD3DF-E518-41A2-B7C4-1BA0D31AE3E9@waeme.net> Message-ID: <20130604123906.GM72282@mdounin.ru> Hello! On Tue, Jun 04, 2013 at 04:30:40PM +0400, Sergey Budnevitch wrote: > > On 4 Jun2013, at 15:39 , pablo platt wrote: > > > Hi, > > > > I'm using the ubuntu package from nginx.org. > > > > In the package from the official ubuntu repo, you can set file descriptor limit by changing /etc/default/nginx > > # Check if the ULIMIT is set in /etc/default/nginx > > if [ -n "$ULIMIT" ]; then > > # Set the ulimits > > ulimit $ULIMIT > > fi > > ulimit without flags sets max file size in blocks, not file descriptor limit, so > you may fill a bug in their bug tracker. I think the expected use is to supply arguments within the ULIMIT variable. -- Maxim Dounin http://nginx.org/en/donation.html From andrejaenisch at googlemail.com Tue Jun 4 12:54:23 2013 From: andrejaenisch at googlemail.com (Andre Jaenisch) Date: Tue, 4 Jun 2013 14:54:23 +0200 Subject: ulimit in the ubuntu package In-Reply-To: <277BD3DF-E518-41A2-B7C4-1BA0D31AE3E9@waeme.net> References: <277BD3DF-E518-41A2-B7C4-1BA0D31AE3E9@waeme.net> Message-ID: 2013/6/4 Sergey Budnevitch : > No. I will try to wait until either systemd or upstart win. :-) In case you want to support other distros than Ubuntu, you should have an eye on SystemD ?but this is Off-Topic here. Regards, Andre From pablo.platt at gmail.com Tue Jun 4 13:04:02 2013 From: pablo.platt at gmail.com (pablo platt) Date: Tue, 4 Jun 2013 16:04:02 +0300 Subject: ulimit in the ubuntu package In-Reply-To: <20130604123906.GM72282@mdounin.ru> References: <277BD3DF-E518-41A2-B7C4-1BA0D31AE3E9@waeme.net> <20130604123906.GM72282@mdounin.ru> Message-ID: It's not clear to me how worker_rlimit_nofile, /etc/security/limits.conf and setting ulimit in the init.d script are related. Is worker_rlimit_nofile the same as using ulimit in the init.d script? Or does ulimit sets the maximum limit and worker_rlimit_nofile the limit per worker? Why does the init.d script from the ubuntu repo let me set using ulimit while the package from nginx.org doesn't? https://gist.github.com/aganov/1121022#file-nginx-L43 Does /etc/security/limits.conf has any effect on the nofile limit in nginx when it is started using init.d script? For upstart, I know that you have to set the limit in the upstart script and can't use /etc/security/limits.conf On Tue, Jun 4, 2013 at 3:39 PM, Maxim Dounin wrote: > Hello! > > On Tue, Jun 04, 2013 at 04:30:40PM +0400, Sergey Budnevitch wrote: > > > > > On 4 Jun2013, at 15:39 , pablo platt wrote: > > > > > Hi, > > > > > > I'm using the ubuntu package from nginx.org. > > > > > > In the package from the official ubuntu repo, you can set file > descriptor limit by changing /etc/default/nginx > > > # Check if the ULIMIT is set in /etc/default/nginx > > > if [ -n "$ULIMIT" ]; then > > > # Set the ulimits > > > ulimit $ULIMIT > > > fi > > > > ulimit without flags sets max file size in blocks, not file descriptor > limit, so > > you may fill a bug in their bug tracker. > > I think the expected use is to supply arguments within the ULIMIT > variable. > > -- > Maxim Dounin > http://nginx.org/en/donation.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sb at waeme.net Tue Jun 4 13:04:22 2013 From: sb at waeme.net (Sergey Budnevitch) Date: Tue, 4 Jun 2013 17:04:22 +0400 Subject: ulimit in the ubuntu package In-Reply-To: <20130604123906.GM72282@mdounin.ru> References: <277BD3DF-E518-41A2-B7C4-1BA0D31AE3E9@waeme.net> <20130604123906.GM72282@mdounin.ru> Message-ID: On 4 Jun2013, at 16:39 , Maxim Dounin wrote: > Hello! > > On Tue, Jun 04, 2013 at 04:30:40PM +0400, Sergey Budnevitch wrote: > >> >> On 4 Jun2013, at 15:39 , pablo platt wrote: >> >>> Hi, >>> >>> I'm using the ubuntu package from nginx.org. >>> >>> In the package from the official ubuntu repo, you can set file descriptor limit by changing /etc/default/nginx >>> # Check if the ULIMIT is set in /etc/default/nginx >>> if [ -n "$ULIMIT" ]; then >>> # Set the ulimits >>> ulimit $ULIMIT >>> fi >> >> ulimit without flags sets max file size in blocks, not file descriptor limit, so >> you may fill a bug in their bug tracker. > > I think the expected use is to supply arguments within the ULIMIT > variable. You are probably right. From sb at waeme.net Tue Jun 4 13:25:09 2013 From: sb at waeme.net (Sergey Budnevitch) Date: Tue, 4 Jun 2013 17:25:09 +0400 Subject: ulimit in the ubuntu package In-Reply-To: References: <277BD3DF-E518-41A2-B7C4-1BA0D31AE3E9@waeme.net> <20130604123906.GM72282@mdounin.ru> Message-ID: <83A93307-C67A-44BC-A8C5-A9ED570EED08@waeme.net> On 4 Jun2013, at 17:04 , pablo platt wrote: > It's not clear to me how worker_rlimit_nofile, /etc/security/limits.conf and setting ulimit in the init.d script are related. > > Is worker_rlimit_nofile the same as using ulimit in the init.d script? > Or does ulimit sets the maximum limit and worker_rlimit_nofile the limit per worker? All of them set RLIMIT_NOFILE (man 2 setrlimit). If there is worker_rlimit_nofile directive in nginx.conf, nginx master process sets RLIMIT_NOFILE for new workers processes. This works no matter how you start nginx. ulimit -n in init script will works if nginx is started by init script. limits.conf is used by pam_limits, so it works for: % grep pam_limits /etc/pam.d/* /etc/pam.d/atd:session required pam_limits.so /etc/pam.d/cron:session required pam_limits.so /etc/pam.d/login:session required pam_limits.so /etc/pam.d/sshd:session required pam_limits.so /etc/pam.d/su:# session required pam_limits.so atd, cron, login, sshd processes and their child processes, for example when you login locally or via ssh. > > Why does the init.d script from the ubuntu repo let me set using ulimit while the package from nginx.org doesn't? > https://gist.github.com/aganov/1121022#file-nginx-L43 > > Does /etc/security/limits.conf has any effect on the nofile limit in nginx when it is started using init.d script? > For upstart, I know that you have to set the limit in the upstart script and can't use /etc/security/limits.conf limits.conf will not work if init script is started on system boot. > > > On Tue, Jun 4, 2013 at 3:39 PM, Maxim Dounin wrote: > Hello! > > On Tue, Jun 04, 2013 at 04:30:40PM +0400, Sergey Budnevitch wrote: > > > > > On 4 Jun2013, at 15:39 , pablo platt wrote: > > > > > Hi, > > > > > > I'm using the ubuntu package from nginx.org. > > > > > > In the package from the official ubuntu repo, you can set file descriptor limit by changing /etc/default/nginx > > > # Check if the ULIMIT is set in /etc/default/nginx > > > if [ -n "$ULIMIT" ]; then > > > # Set the ulimits > > > ulimit $ULIMIT > > > fi > > > > ulimit without flags sets max file size in blocks, not file descriptor limit, so > > you may fill a bug in their bug tracker. > > I think the expected use is to supply arguments within the ULIMIT > variable. > > -- > Maxim Dounin > http://nginx.org/en/donation.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From pablo.platt at gmail.com Tue Jun 4 13:32:59 2013 From: pablo.platt at gmail.com (pablo platt) Date: Tue, 4 Jun 2013 16:32:59 +0300 Subject: ulimit in the ubuntu package In-Reply-To: <83A93307-C67A-44BC-A8C5-A9ED570EED08@waeme.net> References: <277BD3DF-E518-41A2-B7C4-1BA0D31AE3E9@waeme.net> <20130604123906.GM72282@mdounin.ru> <83A93307-C67A-44BC-A8C5-A9ED570EED08@waeme.net> Message-ID: "worker_rlimit_nofile set RLIMIT_NOFILE for workers only, so master process still sees previous value." http://mailman.nginx.org/pipermail/nginx/2008-April/004596.html If worker_rlimit_nofile doesn't affect the master process and limits.conf doesn't affect init script, do I need to call ulimit in the init.d script? On Tue, Jun 4, 2013 at 4:25 PM, Sergey Budnevitch wrote: > > On 4 Jun2013, at 17:04 , pablo platt wrote: > > > It's not clear to me how worker_rlimit_nofile, /etc/security/limits.conf > and setting ulimit in the init.d script are related. > > > > Is worker_rlimit_nofile the same as using ulimit in the init.d script? > > Or does ulimit sets the maximum limit and worker_rlimit_nofile the limit > per worker? > > All of them set RLIMIT_NOFILE (man 2 setrlimit). > If there is worker_rlimit_nofile directive in nginx.conf, nginx master > process > sets RLIMIT_NOFILE for new workers processes. This works no matter how > you start nginx. > ulimit -n in init script will works if nginx is started by init script. > limits.conf is used by pam_limits, so it works for: > % grep pam_limits /etc/pam.d/* > /etc/pam.d/atd:session required pam_limits.so > /etc/pam.d/cron:session required pam_limits.so > /etc/pam.d/login:session required pam_limits.so > /etc/pam.d/sshd:session required pam_limits.so > /etc/pam.d/su:# session required pam_limits.so > > atd, cron, login, sshd processes and their child processes, > for example when you login locally or via ssh. > > > > > > Why does the init.d script from the ubuntu repo let me set using ulimit > while the package from nginx.org doesn't? > > https://gist.github.com/aganov/1121022#file-nginx-L43 > > > > Does /etc/security/limits.conf has any effect on the nofile limit in > nginx when it is started using init.d script? > > For upstart, I know that you have to set the limit in the upstart script > and can't use /etc/security/limits.conf > > limits.conf will not work if init script is started on system boot. > > > > > > > > On Tue, Jun 4, 2013 at 3:39 PM, Maxim Dounin wrote: > > Hello! > > > > On Tue, Jun 04, 2013 at 04:30:40PM +0400, Sergey Budnevitch wrote: > > > > > > > > On 4 Jun2013, at 15:39 , pablo platt wrote: > > > > > > > Hi, > > > > > > > > I'm using the ubuntu package from nginx.org. > > > > > > > > In the package from the official ubuntu repo, you can set file > descriptor limit by changing /etc/default/nginx > > > > # Check if the ULIMIT is set in /etc/default/nginx > > > > if [ -n "$ULIMIT" ]; then > > > > # Set the ulimits > > > > ulimit $ULIMIT > > > > fi > > > > > > ulimit without flags sets max file size in blocks, not file descriptor > limit, so > > > you may fill a bug in their bug tracker. > > > > I think the expected use is to supply arguments within the ULIMIT > > variable. > > > > -- > > Maxim Dounin > > http://nginx.org/en/donation.html > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Tue Jun 4 13:42:29 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 4 Jun 2013 17:42:29 +0400 Subject: nginx-1.5.1 Message-ID: <20130604134229.GT72282@mdounin.ru> Changes with nginx 1.5.1 04 Jun 2013 *) Feature: the "ssi_last_modified", "sub_filter_last_modified", and "xslt_last_modified" directives. Thanks to Alexey Kolpakov. *) Feature: the "http_403" parameter of the "proxy_next_upstream", "fastcgi_next_upstream", "scgi_next_upstream", and "uwsgi_next_upstream" directives. *) Feature: the "allow" and "deny" directives now support unix domain sockets. *) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but without ngx_http_ssl_module; the bug had appeared in 1.3.14. *) Bugfix: in the "proxy_set_body" directive. Thanks to Lanshun Zhou. *) Bugfix: in the "lingering_time" directive. Thanks to Lanshun Zhou. *) Bugfix: the "fail_timeout" parameter of the "server" directive in the "upstream" context might not work if "max_fails" parameter was used; the bug had appeared in 1.3.0. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_stapling" directive was used. Thanks to Piotr Sikora. *) Bugfix: in the mail proxy server. Thanks to Filipe Da Silva. *) Bugfix: nginx/Windows might stop accepting connections if several worker processes were used. -- Maxim Dounin http://nginx.org/en/donation.html From sb at waeme.net Tue Jun 4 14:35:32 2013 From: sb at waeme.net (Sergey Budnevitch) Date: Tue, 4 Jun 2013 18:35:32 +0400 Subject: ulimit in the ubuntu package In-Reply-To: References: <277BD3DF-E518-41A2-B7C4-1BA0D31AE3E9@waeme.net> <20130604123906.GM72282@mdounin.ru> <83A93307-C67A-44BC-A8C5-A9ED570EED08@waeme.net> Message-ID: <3C0D4CDF-C779-4E1F-BF1B-E722D0D8BF34@waeme.net> On 4 Jun2013, at 17:32 , pablo platt wrote: > "worker_rlimit_nofile set RLIMIT_NOFILE for workers only, so master process still sees previous value." > http://mailman.nginx.org/pipermail/nginx/2008-April/004596.html You hardly need to increase number of file descriptors for master process, because master process do not serve connections. worker_rlimit_nofile will not help you only if you have a lot of log files, more then or about of ulimit -n value. > > If worker_rlimit_nofile doesn't affect the master process and limits.conf doesn't affect init script, do I need to call ulimit in the init.d script? It's up to you. Both ulimit in init script and worker_rlimit_nofile will work. > > > On Tue, Jun 4, 2013 at 4:25 PM, Sergey Budnevitch wrote: > > On 4 Jun2013, at 17:04 , pablo platt wrote: > > > It's not clear to me how worker_rlimit_nofile, /etc/security/limits.conf and setting ulimit in the init.d script are related. > > > > Is worker_rlimit_nofile the same as using ulimit in the init.d script? > > Or does ulimit sets the maximum limit and worker_rlimit_nofile the limit per worker? > > All of them set RLIMIT_NOFILE (man 2 setrlimit). > If there is worker_rlimit_nofile directive in nginx.conf, nginx master process > sets RLIMIT_NOFILE for new workers processes. This works no matter how > you start nginx. > ulimit -n in init script will works if nginx is started by init script. > limits.conf is used by pam_limits, so it works for: > % grep pam_limits /etc/pam.d/* > /etc/pam.d/atd:session required pam_limits.so > /etc/pam.d/cron:session required pam_limits.so > /etc/pam.d/login:session required pam_limits.so > /etc/pam.d/sshd:session required pam_limits.so > /etc/pam.d/su:# session required pam_limits.so > > atd, cron, login, sshd processes and their child processes, > for example when you login locally or via ssh. > > > > > > Why does the init.d script from the ubuntu repo let me set using ulimit while the package from nginx.org doesn't? > > https://gist.github.com/aganov/1121022#file-nginx-L43 > > > > Does /etc/security/limits.conf has any effect on the nofile limit in nginx when it is started using init.d script? > > For upstart, I know that you have to set the limit in the upstart script and can't use /etc/security/limits.conf > > limits.conf will not work if init script is started on system boot. > > > > > > > > On Tue, Jun 4, 2013 at 3:39 PM, Maxim Dounin wrote: > > Hello! > > > > On Tue, Jun 04, 2013 at 04:30:40PM +0400, Sergey Budnevitch wrote: > > > > > > > > On 4 Jun2013, at 15:39 , pablo platt wrote: > > > > > > > Hi, > > > > > > > > I'm using the ubuntu package from nginx.org. > > > > > > > > In the package from the official ubuntu repo, you can set file descriptor limit by changing /etc/default/nginx > > > > # Check if the ULIMIT is set in /etc/default/nginx > > > > if [ -n "$ULIMIT" ]; then > > > > # Set the ulimits > > > > ulimit $ULIMIT > > > > fi > > > > > > ulimit without flags sets max file size in blocks, not file descriptor limit, so > > > you may fill a bug in their bug tracker. > > > > I think the expected use is to supply arguments within the ULIMIT > > variable. > > > > -- > > Maxim Dounin > > http://nginx.org/en/donation.html > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From lists at ruby-forum.com Tue Jun 4 15:26:50 2013 From: lists at ruby-forum.com (Sergey K.) Date: Tue, 04 Jun 2013 17:26:50 +0200 Subject: resolver does not re-resolve upstream servers after initial cache In-Reply-To: <84F62AA0-260E-488B-890C-5376F443FA54@nginx.com> References: <38f956e05389a1f8e0b887e4a00d760e@ruby-forum.com> <20121108073406.GA23051@lo0.su> <2e1116fbc0bbef620bdc0b3cbfc9d3cf@ruby-forum.com> <0aeba29f8d54cc43d5df2e967be7a677.NginxMailingListEnglish@forum.nginx.org> <55ACB974-B712-4C7E-BEB4-2711B3A58B4B@waeme.net> <851e15012743ca75791645403c68b793@ruby-forum.com> <84F62AA0-260E-488B-890C-5376F443FA54@nginx.com> Message-ID: <3623717b7d582b47320ff931cd80febd@ruby-forum.com> Andrew Alexeev wrote in post #1083715: > Dave, > > On Nov 9, 2012, at 1:14 PM, Dave Nolan wrote: > >>> If you want the flexibility of DNS resolving and safeguard yourself >> else. I'm just interested in why it's not, and whether there are plans >> to change it. We might be interested in sponsoring this work. > > That's the current (and maybe already "legacy") design of nginx upstream > configuration. Unfortunately there's no quick solution but we actually > appreciate your feedback a lot and will try to incorporate a better > upstream design in the future releases. I was wondering if there were any updates on this in more recent nginx versions (1.5.1 at the moment)? This bug causes a lot of problems in cloud environments like AWS where IPs can change at any moment. -- Posted via http://www.ruby-forum.com/. From kworthington at gmail.com Tue Jun 4 16:34:23 2013 From: kworthington at gmail.com (Kevin Worthington) Date: Tue, 4 Jun 2013 12:34:23 -0400 Subject: nginx-1.5.1 In-Reply-To: <20130604134229.GT72282@mdounin.ru> References: <20130604134229.GT72282@mdounin.ru> Message-ID: Hello Nginx users, Now available: Nginx 1.5.1 for Windows http://goo.gl/eeXMm (32-bit and 64-bit versions) These versions are to support legacy users who are already using Cygwin based builds of Nginx. Officially supported native Windows binaries are at nginx.org. Announcements are also available via my Twitter stream ( http://twitter.com/kworthington), if you prefer to receive updates that way. Thank you, Kevin -- Kevin Worthington kworthington *@* (gmail] [dot} {com) http://kevinworthington.com/ http://twitter.com/kworthington On Tue, Jun 4, 2013 at 9:42 AM, Maxim Dounin wrote: > Changes with nginx 1.5.1 04 Jun > 2013 > > *) Feature: the "ssi_last_modified", "sub_filter_last_modified", and > "xslt_last_modified" directives. > Thanks to Alexey Kolpakov. > > *) Feature: the "http_403" parameter of the "proxy_next_upstream", > "fastcgi_next_upstream", "scgi_next_upstream", and > "uwsgi_next_upstream" directives. > > *) Feature: the "allow" and "deny" directives now support unix domain > sockets. > > *) Bugfix: nginx could not be built with the ngx_mail_ssl_module, but > without ngx_http_ssl_module; the bug had appeared in 1.3.14. > > *) Bugfix: in the "proxy_set_body" directive. > Thanks to Lanshun Zhou. > > *) Bugfix: in the "lingering_time" directive. > Thanks to Lanshun Zhou. > > *) Bugfix: the "fail_timeout" parameter of the "server" directive in > the > "upstream" context might not work if "max_fails" parameter was used; > the bug had appeared in 1.3.0. > > *) Bugfix: a segmentation fault might occur in a worker process if the > "ssl_stapling" directive was used. > Thanks to Piotr Sikora. > > *) Bugfix: in the mail proxy server. > Thanks to Filipe Da Silva. > > *) Bugfix: nginx/Windows might stop accepting connections if several > worker processes were used. > > > -- > Maxim Dounin > http://nginx.org/en/donation.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pablo.platt at gmail.com Tue Jun 4 17:12:50 2013 From: pablo.platt at gmail.com (pablo platt) Date: Tue, 4 Jun 2013 20:12:50 +0300 Subject: ulimit in the ubuntu package In-Reply-To: <3C0D4CDF-C779-4E1F-BF1B-E722D0D8BF34@waeme.net> References: <277BD3DF-E518-41A2-B7C4-1BA0D31AE3E9@waeme.net> <20130604123906.GM72282@mdounin.ru> <83A93307-C67A-44BC-A8C5-A9ED570EED08@waeme.net> <3C0D4CDF-C779-4E1F-BF1B-E722D0D8BF34@waeme.net> Message-ID: So ulimit in the init script is redundant. I'll use worker_rlimit_nofile. Thanks On Tue, Jun 4, 2013 at 5:35 PM, Sergey Budnevitch wrote: > > On 4 Jun2013, at 17:32 , pablo platt wrote: > > > "worker_rlimit_nofile set RLIMIT_NOFILE for workers only, so master > process still sees previous value." > > http://mailman.nginx.org/pipermail/nginx/2008-April/004596.html > > You hardly need to increase number of file descriptors for master process, > because > master process do not serve connections. worker_rlimit_nofile will not help > you only if you have a lot of log files, more then or about of ulimit -n > value. > > > > > > If worker_rlimit_nofile doesn't affect the master process and > limits.conf doesn't affect init script, do I need to call ulimit in the > init.d script? > > It's up to you. Both ulimit in init script and worker_rlimit_nofile will > work. > > > > > > > On Tue, Jun 4, 2013 at 4:25 PM, Sergey Budnevitch wrote: > > > > On 4 Jun2013, at 17:04 , pablo platt wrote: > > > > > It's not clear to me how worker_rlimit_nofile, > /etc/security/limits.conf and setting ulimit in the init.d script are > related. > > > > > > Is worker_rlimit_nofile the same as using ulimit in the init.d script? > > > Or does ulimit sets the maximum limit and worker_rlimit_nofile the > limit per worker? > > > > All of them set RLIMIT_NOFILE (man 2 setrlimit). > > If there is worker_rlimit_nofile directive in nginx.conf, nginx master > process > > sets RLIMIT_NOFILE for new workers processes. This works no matter how > > you start nginx. > > ulimit -n in init script will works if nginx is started by init script. > > limits.conf is used by pam_limits, so it works for: > > % grep pam_limits /etc/pam.d/* > > /etc/pam.d/atd:session required pam_limits.so > > /etc/pam.d/cron:session required pam_limits.so > > /etc/pam.d/login:session required pam_limits.so > > /etc/pam.d/sshd:session required pam_limits.so > > /etc/pam.d/su:# session required pam_limits.so > > > > atd, cron, login, sshd processes and their child processes, > > for example when you login locally or via ssh. > > > > > > > > > > Why does the init.d script from the ubuntu repo let me set using > ulimit while the package from nginx.org doesn't? > > > https://gist.github.com/aganov/1121022#file-nginx-L43 > > > > > > Does /etc/security/limits.conf has any effect on the nofile limit in > nginx when it is started using init.d script? > > > For upstart, I know that you have to set the limit in the upstart > script and can't use /etc/security/limits.conf > > > > limits.conf will not work if init script is started on system boot. > > > > > > > > > > > > > On Tue, Jun 4, 2013 at 3:39 PM, Maxim Dounin > wrote: > > > Hello! > > > > > > On Tue, Jun 04, 2013 at 04:30:40PM +0400, Sergey Budnevitch wrote: > > > > > > > > > > > On 4 Jun2013, at 15:39 , pablo platt wrote: > > > > > > > > > Hi, > > > > > > > > > > I'm using the ubuntu package from nginx.org. > > > > > > > > > > In the package from the official ubuntu repo, you can set file > descriptor limit by changing /etc/default/nginx > > > > > # Check if the ULIMIT is set in /etc/default/nginx > > > > > if [ -n "$ULIMIT" ]; then > > > > > # Set the ulimits > > > > > ulimit $ULIMIT > > > > > fi > > > > > > > > ulimit without flags sets max file size in blocks, not file > descriptor limit, so > > > > you may fill a bug in their bug tracker. > > > > > > I think the expected use is to supply arguments within the ULIMIT > > > variable. > > > > > > -- > > > Maxim Dounin > > > http://nginx.org/en/donation.html > > > > > > _______________________________________________ > > > nginx mailing list > > > nginx at nginx.org > > > http://mailman.nginx.org/mailman/listinfo/nginx > > > > > > _______________________________________________ > > > nginx mailing list > > > nginx at nginx.org > > > http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Jun 4 20:09:13 2013 From: nginx-forum at nginx.us (kgoess) Date: Tue, 04 Jun 2013 16:09:13 -0400 Subject: HTTP status codes missing description in header for proxy_pass In-Reply-To: References: Message-ID: <5e77988538c74cc9c64e3b554b0f3947.NginxMailingListEnglish@forum.nginx.org> > I guess the irregular response comes from your mod_perl backend? Aha, from ngrep listening on port 8080 responding to nginx, it is indeed missing the description: T 10.200.1.59:8080 -> 10.200.1.59:57990 [AP] HTTP/1.1 404..Server: Apache/2.2.16 (Debian) mod_perl/2.0.4 Perl/v5.10.1 If apache is in the middle layer, instead of nginx, it looks like apache fills in the status line T 127.0.0.1:8082 -> 127.0.0.1:37887 [AP] HTTP/1.1 404 Not Found..Date: Tue, 04 Jun 2013 20:02:03 GMT..Server: Apache/2.2.16 (Debian) mod_perl/2.0.4 Perl/v5.10.1.. but if nginx is in the middle, it just passes it straight through: T 127.0.0.1:8083 -> 127.0.0.1:46829 [AP] HTTP/1.1 404..Server: nginx/1.2.1.. And sure enough, some pretty old cgi code needed this fix if (! -e $file) { bepress::Statsd->increment('viewcontent.error.native_not_found'); - $self->out( $cgiutils->header( -status => 404 ) ); + $self->out( $cgiutils->header( -status => '404 Not Found' ) ); $self->out( $cgiutils->start_html( Thanks for the help! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239811,239869#msg-239869 From nginx-forum at nginx.us Wed Jun 5 00:39:14 2013 From: nginx-forum at nginx.us (solitaryr) Date: Tue, 04 Jun 2013 20:39:14 -0400 Subject: nginx proxy vs apache proxy Message-ID: <4e1ac52177a2fa140555024cadf33fb7.NginxMailingListEnglish@forum.nginx.org> I'm sure this is probably just a misconfiguration or a misunderstanding of nginx proxying. I'm looking to replace apache as my ssl/proxy server for a Jboss/tcServer backend. Unfortunately, I have a java web start app that builds the jnlp files dynamically based on the scheme, protocol and server info passed back to it. I'm not getting the https (port 443) passed back as expected. I thought it was the application so I googled and found a some quick and dirty jsp pages that let me test the responses being passed back. For the apache server, I see the following: Scheme: https Name: my.example.com Port: 443 Nginx responses show (regardless of how I try to connect): Scheme: http Name: my.example.com Port: 80 I'm fairly new to nginx but I've read and googled fairly extensively to no avail. I'm trying to do similar to the following: location /myJWSapp/ { proxy_pass http://127.0.0.1:8080; proxy_redirect off; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-By $server_addr:$server_port; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } I can see the url in the jnlp file Also, for some reason the jnlp file is now being truncated at 10k (I've googled this to no avail as well). This is making it even more difficult to debug this issue. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239872,239872#msg-239872 From shahzaib.cb at gmail.com Wed Jun 5 05:56:53 2013 From: shahzaib.cb at gmail.com (shahzaib shahzaib) Date: Wed, 5 Jun 2013 10:56:53 +0500 Subject: slow streaming due to high %utilization !! Message-ID: Hello, We're using nginx-1.2.8 to stream large files size 1G but found the slow stream with high utilization of harddrive using command "iostat -x -d 3" Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-sz await svctm %util sdc 0.00 444.00 78.67 7.00 18336.00 3608.00 256.16 3.28 39.17 11.02 94.40 sdb 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sda 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 16G Ram 8X CPU E31240 HDD SATA Following are the main nginx configuration :- http { include mime.types; default_type application/octet-stream; #tcp_nopush on; client_body_buffer_size 128k; client_header_buffer_size 128k; client_max_body_size 1200M; keepalive_timeout 10; ignore_invalid_headers on; client_header_timeout 3m; client_body_timeout 3m; send_timeout 3m; reset_timedout_connection on; #gzip on; access_log off; include /usr/local/nginx/conf/vhosts/*; } Would be very thankful If someone could help me with better configuration of nginx to reduce HDD-utilization. Best Regards.. -------------- next part -------------- An HTML attachment was scrubbed... URL: From reallfqq-nginx at yahoo.fr Wed Jun 5 06:46:50 2013 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Wed, 5 Jun 2013 02:46:50 -0400 Subject: slow streaming due to high %utilization !! In-Reply-To: References: Message-ID: Hello, On Wed, Jun 5, 2013 at 1:56 AM, shahzaib shahzaib wrote: > Hello, > > We're using nginx-1.2.8 to stream large files size 1G but found the > slow stream with high utilization of harddrive using command "iostat -x -d > 3" > > Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s > avgrq-sz avgqu-sz await svctm %util > sdc 0.00 444.00 78.67 7.00 18336.00 3608.00 > 256.16 3.28 39.17 11.02 94.40 > sdb 0.00 0.00 0.00 0.00 0.00 > 0.00 0.00 0.00 0.00 0.00 0.00 > sda 0.00 0.00 0.00 0.00 0.00 > 0.00 0.00 0.00 0.00 0.00 0.00 > > 16G Ram > 8X CPU E31240 > HDD SATA > > ?The best way of serving large files is to use asynchronous transfer to avoid blocking disk requests. To do so, have a look at the aiodirective. The default behavior uses sendfile, which sends file in a synchronous fashion?. Note 1: On Linux, aio will work for writing requests only if activated alone. To activate asynchronous read requests (which seems coherent to your use case, since you stream files - I understand yo usend them, thus you read them), you need to activate the directiodirective. Refer to the aio documentaiton (link above) for details. Note 2: Using directio will automatically disable sendfile. If you don't use it, you'll need to deactivate sendfile manually. You might also wanna have a look at your output_buffers (once again see the aio directive documentation) to improve large files buffering. I read around that buffers large enough (>= 4MiB) are usually advised for big files (splitting them in less parts). Maybe you would like to make some tests for your specific use case to find the most appropriate values. The number of those buffers also have an impact: too much buffers consumes RAM for nothing, whereas too little of them will slow down requests by creating an artificial bottleneck. Following are the main nginx configuration :- > > http { > include mime.types; > default_type application/octet-stream; > #tcp_nopush on; > client_body_buffer_size 128k; > client_header_buffer_size 128k; > client_max_body_size 1200M; > keepalive_timeout 10; > ignore_invalid_headers on; > client_header_timeout 3m; > client_body_timeout 3m; > send_timeout 3m; > reset_timedout_connection on; > #gzip on; > access_log off; > include /usr/local/nginx/conf/vhosts/*; > > } > ?? > > ?By default, Nginx sets gzip to off. Depending on the content you stream and since you seem to have a nice CPU potential (you didn't provide information on CPU usage, you'll need to see if you have room for gzip compression there), you might wanna activate gzip to reduce the amount of data transferred, thus lowering the transmission time at the cost of a more sollicitated CPU... if your content provides room for a sensible compression efficiency (once again, it depends on your specific use case).? ?No need? for it if the benefit is 1% ;o) > > > Would be very thankful If someone could help me with better configuration > of nginx to reduce HDD-utilization. > > Best Regards.. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > ?No other idea. Hope I helped,? --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Wed Jun 5 06:54:34 2013 From: nginx-forum at nginx.us (justin) Date: Wed, 05 Jun 2013 02:54:34 -0400 Subject: etag support Message-ID: <973b4d9b19078d7c1d53f244fc837b13.NginxMailingListEnglish@forum.nginx.org> Are etags supported in nginx? I am running nginx/1.4.1 Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239877,239877#msg-239877 From ru at nginx.com Wed Jun 5 07:45:23 2013 From: ru at nginx.com (Ruslan Ermilov) Date: Wed, 5 Jun 2013 11:45:23 +0400 Subject: etag support In-Reply-To: <973b4d9b19078d7c1d53f244fc837b13.NginxMailingListEnglish@forum.nginx.org> References: <973b4d9b19078d7c1d53f244fc837b13.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20130605074523.GV66845@lo0.su> On Wed, Jun 05, 2013 at 02:54:34AM -0400, justin wrote: > Are etags supported in nginx? I am running nginx/1.4.1 http://nginx.org/r/etag From nginx-forum at nginx.us Wed Jun 5 07:53:23 2013 From: nginx-forum at nginx.us (justin) Date: Wed, 05 Jun 2013 03:53:23 -0400 Subject: etag support In-Reply-To: <20130605074523.GV66845@lo0.su> References: <20130605074523.GV66845@lo0.su> Message-ID: <80d1efc0513890cc41a875beed674e57.NginxMailingListEnglish@forum.nginx.org> I added etag on to my config, but still don't see etags in the response headers. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239877,239879#msg-239879 From shahzaib.cb at gmail.com Wed Jun 5 08:06:05 2013 From: shahzaib.cb at gmail.com (shahzaib shahzaib) Date: Wed, 5 Jun 2013 13:06:05 +0500 Subject: slow streaming due to high %utilization !! In-Reply-To: References:

Message-ID: Thanks for co-operation B.R but i've got to know that aio doesn't work well with linux centos and i already used it once with one of our content servers for serving large-files. I noted that after enabling aio, the svctime reduced but %util increased upto 20% using command iostat -x -d 3 Regarding gzip compression, i am afraid that our content server is used for large videos serving as well as conversion which consumes 80% of cpu resources and gzip compression would overwhelm the cpus. Also trying to figure out that how nginx works with the terms asynchronous and synchronous ? Best Regards. On Wed, Jun 5, 2013 at 11:46 AM, B.R. wrote: > Hello, > > On Wed, Jun 5, 2013 at 1:56 AM, shahzaib shahzaib wrote: > >> Hello, >> >> We're using nginx-1.2.8 to stream large files size 1G but found >> the slow stream with high utilization of harddrive using command "iostat -x >> -d 3" >> >> Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s >> avgrq-sz avgqu-sz await svctm %util >> sdc 0.00 444.00 78.67 7.00 18336.00 3608.00 >> 256.16 3.28 39.17 11.02 94.40 >> sdb 0.00 0.00 0.00 0.00 0.00 >> 0.00 0.00 0.00 0.00 0.00 0.00 >> sda 0.00 0.00 0.00 0.00 0.00 >> 0.00 0.00 0.00 0.00 0.00 0.00 >> >> 16G Ram >> 8X CPU E31240 >> HDD SATA >> >> The best way of serving large files is to use asynchronous transfer to > avoid blocking disk requests. > To do so, have a look at the aiodirective. The default behavior uses sendfile, which sends file in a > synchronous fashion. > > Note 1: On Linux, aio will work for writing requests only if activated > alone. To activate asynchronous read requests (which seems coherent to your > use case, since you stream files - I understand yo usend them, thus you > read them), you need to activate the directiodirective. > Refer to the aio documentaiton (link above) for details. > > Note 2: Using directio will automatically disable sendfile. If you don't > use it, you'll need to deactivate sendfile manually. > > You might also wanna have a look at your output_buffers (once again see > the aio directive documentation) to improve large files buffering. > I read around that buffers large enough (>= 4MiB) are usually advised for > big files (splitting them in less parts). Maybe you would like to make some > tests for your specific use case to find the most appropriate values. > The number of those buffers also have an impact: too much buffers consumes > RAM for nothing, whereas too little of them will slow down requests by > creating an artificial bottleneck. > > Following are the main nginx configuration :- >> >> http { >> include mime.types; >> default_type application/octet-stream; >> #tcp_nopush on; >> client_body_buffer_size 128k; >> client_header_buffer_size 128k; >> client_max_body_size 1200M; >> keepalive_timeout 10; >> ignore_invalid_headers on; >> client_header_timeout 3m; >> client_body_timeout 3m; >> send_timeout 3m; >> reset_timedout_connection on; >> #gzip on; >> access_log off; >> include /usr/local/nginx/conf/vhosts/*; >> >> } >> >> >> > By default, Nginx sets gzip to off. Depending on the content you stream > and since you seem to have a nice CPU potential (you didn't provide > information on CPU usage, you'll need to see if you have room for gzip > compression there), you might wanna activate gzip to reduce the amount of > data transferred, thus lowering the transmission time at the cost of a more > sollicitated CPU... if your content provides room for a sensible > compression efficiency (once again, it depends on your specific use case). > No need for it if the benefit is 1% ;o) > >> >> >> Would be very thankful If someone could help me with better configuration >> of nginx to reduce HDD-utilization. >> >> Best Regards.. >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > No other idea. > > Hope I helped, > --- > *B. R.* > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ru at nginx.com Wed Jun 5 09:55:09 2013 From: ru at nginx.com (Ruslan Ermilov) Date: Wed, 5 Jun 2013 13:55:09 +0400 Subject: etag support In-Reply-To: <80d1efc0513890cc41a875beed674e57.NginxMailingListEnglish@forum.nginx.org> References: <20130605074523.GV66845@lo0.su> <80d1efc0513890cc41a875beed674e57.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20130605095509.GW66845@lo0.su> On Wed, Jun 05, 2013 at 03:53:23AM -0400, justin wrote: > I added etag on to my config, but still don't see etags in the response > headers. ETag's are generated for static resources only. Modules that add dynamic contents to static resources may cause the ETag header to be removed from response, such as the ngx_http_addition_module, or when gzipping a response. From nginx-forum at nginx.us Wed Jun 5 10:26:25 2013 From: nginx-forum at nginx.us (honwel) Date: Wed, 05 Jun 2013 06:26:25 -0400 Subject: How can i get ip and port under forward proxy Message-ID: <3ef0b1c5b9a93baaf8ac23214b5d6eaa.NginxMailingListEnglish@forum.nginx.org> Hi, there I want to get ip and port under forward proxy use NGINX, a forward proxy sketch like this: [Client ]-> [NGINX] -> [Internet] so i want to get proxy's ip and port . i have try and made some modifications to the source code including ngx_http_upstream.c ngx_event_connect.c , there are some details: 1?add local_socket variable to get socket fd in ngx_event_connect_peer() 2?add local_sockaddr to get sockaddr structure in ngx_http_upstream_process_header(), because in this function the proxy had connected(connect() in ngx_event_connect_peer() is nonblocking) to the upstream(web, e.g. google.com) 3?add a $upstream_laddr variable in the ngx_http_upstream.c as ngx_http_upstream_addr_variable() function. 4?set log property like: fragment ****************************************************************************** log property start '$remote_addr:$remote_port ($upstream_laddr) [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; ****************************************************************************** log property end However, everthing does not work properly, the debug.log like this: 2013/06/05 16:35:50 [debug] 4978#0: *1 http upstream process header 2013/06/05 16:35:50 [debug] 4978#0: *1 http upstream connect socket: 12 2013/06/05 16:35:50 [debug] 4978#0: *1 http upstream connect sa_family: 21920 2013/06/05 16:35:50 [debug] 4978#0: *1 http upstream connect uri: / HTTP/1.1^M Host 2013/06/05 16:35:50 [debug] 4978#0: *1 http upstream connect ip: 255.127.0.0:5067 note: Worng ip and Port 2013/06/05 16:35:50 [debug] 4978#0: *1 http proxy status 200 "200 OK" ....................... 2013/06/05 16:38:57 [debug] 4978#0: *14 http upstream connect sa_family: 29728 note: Worng sa_family type 2013/06/05 16:38:57 [debug] 4978#0: *14 http upstream connect uri: /static/channel/focustop/focustop/focustop_105e9cbe.js HTTP/1.1^M Host 2013/06/05 16:38:57 [debug] 4978#0: *14 http upstream connect ip: 112.111.114.97:25965?^? note:Worng IP and Port 2013/06/05 16:38:57 [debug] 4978#0: *14 http proxy status 304 "304 Not Modified" ......................... 2013/06/05 17:05:32 [debug] 4978#0: *62 http upstream connect socket: 20 2013/06/05 17:05:32 [debug] 4978#0: *62 http upstream connect sa_family: 2 2013/06/05 17:05:32 [debug] 4978#0: *62 http upstream connect uri: /images1/ch/09xwzx/h_1.gif HTTP/1.1^M Host 2013/06/05 17:05:32 [debug] 4978#0: *62 http upstream connect ip: 192.168.1.163:49217??^? note:Correct IP and Port 2013/06/05 17:05:32 [debug] 4978#0: *62 http proxy status 304 "304 Not Modified" Does i have made mistake for code or worng understanding of NGINX event model. how can make this work correctly to get IP and Port. Thanks in advance. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239883,239883#msg-239883 From mdounin at mdounin.ru Wed Jun 5 12:18:15 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 5 Jun 2013 16:18:15 +0400 Subject: How can i get ip and port under forward proxy In-Reply-To: <3ef0b1c5b9a93baaf8ac23214b5d6eaa.NginxMailingListEnglish@forum.nginx.org> References: <3ef0b1c5b9a93baaf8ac23214b5d6eaa.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20130605121815.GE72282@mdounin.ru> Hello! On Wed, Jun 05, 2013 at 06:26:25AM -0400, honwel wrote: > Hi, there > > I want to get ip and port under forward proxy use NGINX, a forward proxy > sketch like this: > > [Client ]-> [NGINX] -> [Internet] > > so i want to get proxy's ip and port . i have try and made some > modifications to the source code including ngx_http_upstream.c > ngx_event_connect.c , there are some details: 1?add local_socket variable to > get socket fd in ngx_event_connect_peer() 2?add local_sockaddr to get > sockaddr structure in ngx_http_upstream_process_header(), because in this > function the proxy had connected(connect() in ngx_event_connect_peer() is > nonblocking) to the upstream(web, e.g. google.com) 3?add a $upstream_laddr > variable in the ngx_http_upstream.c as ngx_http_upstream_addr_variable() > function. 4?set log property like: [...] > Does i have made mistake for code or worng understanding of NGINX event > model. how can make this work correctly to get IP and Port. You may want to show your code if you want us to help. Note well: upstream connection socket's file descriptor is available via u->peer.connection->fd after a successful ngx_event_connect_peer() call in ngx_http_upstream_connect(). At this point, local sockaddr of the socket should be also valid as connect() was already called. -- Maxim Dounin http://nginx.org/en/donation.html From reallfqq-nginx at yahoo.fr Wed Jun 5 12:50:49 2013 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Wed, 5 Jun 2013 08:50:49 -0400 Subject: fastcgi_read_timeout with PHP backend In-Reply-To: <20130602223250.GQ72282@mdounin.ru> References: <20130527101947.GA72282@mdounin.ru> <20130529164627.GF72282@mdounin.ru> <20130602223250.GQ72282@mdounin.ru> Message-ID: Hello, Non-broken tcpdump just confirms what was already said based on > error log: nothing is seen from php after 18:48:45, and > this results in the timeout at 18:50:45. You have to dig into > your code. > > ?I agree. However, if you look at the output, you'll notice that the output is cut in the middle of what is sent at 16:45:43.8 UTC. The content of the array as printed by PHP in the TCP socket contains 29 elements (numbered from 0 to 28). The output is cut at the 24th. All the following content sent by PHP (and... received by Nginx?) are not displayed which produces the faulty browser output. I understand there is a timeout at some point (PHP runs out of memory). It seems that the error is not sent through the FastCGI tunnel and PHP simply stops answering. But that is another problem, not the main one I wanna outline here.? --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Wed Jun 5 13:48:36 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 5 Jun 2013 17:48:36 +0400 Subject: fastcgi_read_timeout with PHP backend In-Reply-To: References: <20130527101947.GA72282@mdounin.ru> <20130529164627.GF72282@mdounin.ru> <20130602223250.GQ72282@mdounin.ru> Message-ID: <20130605134836.GI72282@mdounin.ru> Hello! On Wed, Jun 05, 2013 at 08:50:49AM -0400, B.R. wrote: > Hello, > > Non-broken tcpdump just confirms what was already said based on > > > error log: nothing is seen from php after 18:48:45, and > > this results in the timeout at 18:50:45. You have to dig into > > your code. > > > > > ?I agree. > > However, if you look at the output, you'll notice that the output is cut in > the middle of what is sent at 16:45:43.8 UTC. > The content of the array as printed by PHP in the TCP socket contains 29 > elements (numbered from 0 to 28). The output is cut at the 24th. > > All the following content sent by PHP (and... received by Nginx?) are not > displayed which produces the faulty browser output. > > I understand there is a timeout at some point (PHP runs out of memory). It > seems that the error is not sent through the FastCGI tunnel and PHP simply > stops answering. > But that is another problem, not the main one I wanna outline here.? As long as upstream server times out, nginx stops processing of the request without sending what was buffered by nginx but not yet sent to a client. -- Maxim Dounin http://nginx.org/en/donation.html From reallfqq-nginx at yahoo.fr Wed Jun 5 14:28:26 2013 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Wed, 5 Jun 2013 10:28:26 -0400 Subject: fastcgi_read_timeout with PHP backend In-Reply-To: <20130605134836.GI72282@mdounin.ru> References: <20130527101947.GA72282@mdounin.ru> <20130529164627.GF72282@mdounin.ru> <20130602223250.GQ72282@mdounin.ru> <20130605134836.GI72282@mdounin.ru> Message-ID: oO Is that a bug or a feature? Wouldn't it be nice not to lose information in the middle? PHP sends information and probably wants the Web server to do its job forwarding it to the browser. I'd like that, as a personal note. Thanks for that insight Maxim, that was one of the piece of information I was seeking for. ;o) --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Wed Jun 5 15:26:25 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 5 Jun 2013 19:26:25 +0400 Subject: fastcgi_read_timeout with PHP backend In-Reply-To: References: <20130527101947.GA72282@mdounin.ru> <20130529164627.GF72282@mdounin.ru> <20130602223250.GQ72282@mdounin.ru> <20130605134836.GI72282@mdounin.ru> Message-ID: <20130605152625.GL72282@mdounin.ru> Hello! On Wed, Jun 05, 2013 at 10:28:26AM -0400, B.R. wrote: > oO > > Is that a bug or a feature? > Wouldn't it be nice not to lose information in the middle? PHP sends > information and probably wants the Web server to do its job forwarding it > to the browser. I'd like that, as a personal note. This is how it works. With proxy, you may avoid buffering in nginx with proxy_buffering off. With fastcgi you can't, as unbuffered mode isn't implemented (well, fastcgi_keep_conn will do something comparable, but not exactly). As long as this only happens if connection is broken anyway - this isn't considered to be a problem as information is lost anyway. > Thanks for that insight Maxim, that was one of the piece of information I > was seeking for. ;o) This what I wrote in my very first message in this thread: : There is buffering on nginx side, too, which may prevent last part : of the response from appearing in the output as seen by a browser. : It doesn't explain why read timeout isn't reset though. -- Maxim Dounin http://nginx.org/en/donation.html From nginx-forum at nginx.us Thu Jun 6 01:10:10 2013 From: nginx-forum at nginx.us (honwel) Date: Wed, 05 Jun 2013 21:10:10 -0400 Subject: How can i get ip and port under forward proxy In-Reply-To: <20130605121815.GE72282@mdounin.ru> References: <20130605121815.GE72282@mdounin.ru> Message-ID: <52615253d4df328d0f594fe269d61727.NginxMailingListEnglish@forum.nginx.org> Ok, code is as follow: Code: src/event/ngx_event_connect.c In ngx_event_connect_peer() .................................... rc = connect(s, pc->sockaddr, pc->socklen); if (rc == -1) { err = ngx_socket_errno; if (err != NGX_EINPROGRESS #if (NGX_WIN32) /* Winsock returns WSAEWOULDBLOCK (NGX_EAGAIN) */ && err != NGX_EAGAIN #endif ) { if (err == NGX_ECONNREFUSED #if (NGX_LINUX) /* * Linux returns EAGAIN instead of ECONNREFUSED * for unix sockets if listen queue is full */ || err == NGX_EAGAIN #endif || err == NGX_ECONNRESET || err == NGX_ENETDOWN || err == NGX_ENETUNREACH || err == NGX_EHOSTDOWN || err == NGX_EHOSTUNREACH) { level = NGX_LOG_ERR; } else { level = NGX_LOG_CRIT; } ngx_log_error(level, c->log, err, "connect() to %V failed", pc->name); ngx_close_connection(c); pc->connection = NULL; return NGX_DECLINED; } } pc->local_socket = s; /* save socket fd after connect() */ Code: src/http/ngx_http_upstream.c In ngx_http_upstream_process_header() ssize_t n; ngx_int_t rc; ngx_connection_t *c; ngx_peer_connection_t *pc; u_char sa[NGX_SOCKADDRLEN]; socklen_t len; u_char text[NGX_SOCKADDR_STRLEN]; u_char *p; struct sockaddr_in *sin; pc = &u->peer; c = u->peer.connection; ngx_log_debug0(NGX_LOG_DEBUG_HTTP, c->log, 0, "http upstream process header"); c->log->action = "reading response header from upstream"; if (c->read->timedout) { ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_TIMEOUT); return; } if (!u->request_sent && ngx_http_upstream_test_connect(c) != NGX_OK) { ngx_http_upstream_next(r, u, NGX_HTTP_UPSTREAM_FT_ERROR); return; } ......................................... /* getsockname by pc->local_socket which saved in ngx_event_connect_peer()*/ if (pc == NULL) { return; } if (pc->local_socket) { if (getsockname(pc->local_socket, (struct sockaddr *) &sa, &len) != -1) { if (pc->local_sockaddr != NULL) { ngx_memcpy(pc->local_sockaddr, &sa, len); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http upstream connect socket: %i", pc->local_socket); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http upstream connect sa_family: %i", pc->local_sockaddr->sa_family); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http upstream connect uri: %s", r->uri.data); sin = (struct sockaddr_in *) sa; p = (u_char *) &sin->sin_addr; p = ngx_snprintf(text, NGX_SOCKADDR_STRLEN, "%ud.%ud.%ud.%ud:%d", p[0], p[1], p[2], p[3], ntohs(sin->sin_port)); ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, "http upstream connect ip: %s", &text); } } } Code: src/http/ngx_http_upstream.c static ngx_int_t ngx_http_upstream_laddr_variable(ngx_http_request_t *r, ngx_http_variable_value_t *v, uintptr_t data) { ngx_peer_connection_t *pc; struct sockaddr_in *sin; u_char sa[NGX_SOCKADDRLEN]; socklen_t len; #if (NGX_HAVE_INET6) ngx_uint_t i; struct sockaddr_in6 *sin6; #endif ngx_str_t s; u_char addr[NGX_SOCKADDR_STRLEN]; s.len = NGX_SOCKADDR_STRLEN; s.data = addr; if (r->upstream == NULL) { return NGX_ERROR; } pc = &r->upstream->peer; if (pc == NULL){ return NGX_ERROR; } if (pc->local_sockaddr == NULL) { return NGX_ERROR; s.len = ngx_sock_ntop(pc->local_sockaddr, s.data, s.len, 1); s.data = ngx_pnalloc(r->pool, s.len); if (s.data == NULL) { return NGX_ERROR; } ngx_memcpy(s.data, addr, s.len); v->len = s.len; v->valid = 1; v->no_cacheable = 0; v->not_found = 0; v->data = s.data; return NGX_OK; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239883,239903#msg-239903 From nginx-forum at nginx.us Thu Jun 6 01:37:52 2013 From: nginx-forum at nginx.us (honwel) Date: Wed, 05 Jun 2013 21:37:52 -0400 Subject: How can i get ip and port under forward proxy In-Reply-To: <3ef0b1c5b9a93baaf8ac23214b5d6eaa.NginxMailingListEnglish@forum.nginx.org> References: <3ef0b1c5b9a93baaf8ac23214b5d6eaa.NginxMailingListEnglish@forum.nginx.org> Message-ID: <1e7f14c8d8df2bb273b1c177ef9b0738.NginxMailingListEnglish@forum.nginx.org> static void 457 ngx_http_upstream_init_request(ngx_http_request_t *r) ........................................ 498 #endif 499 500 u->store = (u->conf->store || u->conf->store_lengths); 501 502 if (!u->store && !r->post_action && !u->conf->ignore_client_abort) { 503 r->read_event_handler = ngx_http_upstream_rd_check_broken_connection; 504 r->write_event_handler = ngx_http_upstream_wr_check_broken_connection; 505 } 506 507 if (r->request_body) { 508 u->request_bufs = r->request_body->bufs; 509 } 510 511 if (u->create_request(r) != NGX_OK) { 512 ngx_http_finalize_request(r, NGX_HTTP_INTERNAL_SERVER_ERROR); 513 return; 514 } 515 516 u->peer.local = u->conf->local; 517 /* init */ 518 u->peer.local_sockaddr = ngx_palloc(r->pool, NGX_SOCKADDRLEN); .................... 650 return; 651 } 652 653 ngx_http_upstream_connect(r, u); } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239883,239904#msg-239904 From nginx-forum at nginx.us Thu Jun 6 04:10:51 2013 From: nginx-forum at nginx.us (justin) Date: Thu, 06 Jun 2013 00:10:51 -0400 Subject: etag support In-Reply-To: <20130605095509.GW66845@lo0.su> References: <20130605095509.GW66845@lo0.su> Message-ID: <39fcd116b3170156e9332fa17bbe7858.NginxMailingListEnglish@forum.nginx.org> Ok, I see the etag for images, but not for javascript or css. Is this because I have gzip enabled? Thanks for the help. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239877,239906#msg-239906 From ru at nginx.com Thu Jun 6 08:49:40 2013 From: ru at nginx.com (Ruslan Ermilov) Date: Thu, 6 Jun 2013 12:49:40 +0400 Subject: etag support In-Reply-To: <39fcd116b3170156e9332fa17bbe7858.NginxMailingListEnglish@forum.nginx.org> References: <20130605095509.GW66845@lo0.su> <39fcd116b3170156e9332fa17bbe7858.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20130606084940.GG66845@lo0.su> On Thu, Jun 06, 2013 at 12:10:51AM -0400, justin wrote: > Ok, I see the etag for images, but not for javascript or css. Is this > because I have gzip enabled? ETag is cleared when gzipping a response on the fly. You can use http://nginx.org/en/docs/http/ngx_http_gzip_static_module.html for javascript and css files, in which case the responses will include ETag. From mdounin at mdounin.ru Thu Jun 6 13:03:10 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 6 Jun 2013 17:03:10 +0400 Subject: How can i get ip and port under forward proxy In-Reply-To: <52615253d4df328d0f594fe269d61727.NginxMailingListEnglish@forum.nginx.org> References: <20130605121815.GE72282@mdounin.ru> <52615253d4df328d0f594fe269d61727.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20130606130310.GP72282@mdounin.ru> Hello! On Wed, Jun 05, 2013 at 09:10:10PM -0400, honwel wrote: > Ok, code is as follow: [...] > ngx_peer_connection_t *pc; > u_char sa[NGX_SOCKADDRLEN]; > socklen_t len; > u_char text[NGX_SOCKADDR_STRLEN]; > u_char *p; > struct sockaddr_in *sin; [...] > if (pc->local_socket) { > if (getsockname(pc->local_socket, (struct sockaddr *) &sa, &len) != > -1) { At this point, len is uninitialized. It is used by getsockname() as an input paramter though, and specifies the length of supplied sockaddr structure. -- Maxim Dounin http://nginx.org/en/donation.html From nginx-forum at nginx.us Thu Jun 6 13:16:14 2013 From: nginx-forum at nginx.us (geopcgeo) Date: Thu, 06 Jun 2013 09:16:14 -0400 Subject: Proxypass subfolder entries to another link Message-ID: Dear Support Currently we have nginx proxypass to tomcat service and is working fine. server { listen 80; server_name app.geo.com; location / { if (!-e $request_filename) { rewrite ^/(.*)$ /index.php?q=$1 last; } } location /docs { proxy_pass http://localhost:8080/officework; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } So while accessing app.geo.com/docs/* we are getting the contents of http://localhost:8080/officework Now we have another tomcat war folder /homework and while accessing app.geo.com/docs/home* we need to get the contents of http://localhost:8080/homework That is we need as follows: http://app.geo.com/docs/* -> http://localhost:8080/officework http://app.geo.com/docs/home/* -> http://localhost:8080/homework Can anyone please help us to configure this in our nginx. Thanks Geo Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239916,239916#msg-239916 From nginx-forum at nginx.us Thu Jun 6 15:17:01 2013 From: nginx-forum at nginx.us (mzabani) Date: Thu, 06 Jun 2013 11:17:01 -0400 Subject: thread started by module put to sleep state Message-ID: <7b67ef1d7cf904276d1d703e2b1134ee.NginxMailingListEnglish@forum.nginx.org> Hi everyone, I've been trying to embed mono within nginx to serve requests with ASP.NET just for learning purposes (I know there is a FastCGI server for mono out there), and I'm running into a problem. When I call into C# code, mono's runtime creates a thread to serve the request, but this thread is always in sleep state, and for this reason the response never comes, i.e. the browser appears to try to load the page indefinitely. I have tried to embed the same C# code into a C application that simulates the request (no nginx involved) and the request gets processed normally. I don't know what kind of information I can show you to help debug the problem, but, so far, this is just a simple handler that pretty much kills nginx's event loop by waiting for the full response to come. I know that if I simulate a quick response in the C# side (without really handling it appropriately, i.e. just creating some buffers with "Hello world") the response comes out nicely. What could be the cause of this? Thank you in advance, Marcelo Zabani. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239921,239921#msg-239921 From nginx-forum at nginx.us Thu Jun 6 21:57:54 2013 From: nginx-forum at nginx.us (kpstein) Date: Thu, 06 Jun 2013 17:57:54 -0400 Subject: gunzip module and buffer managment Message-ID: <3bce5767ce78282f77c14bc3ac8a4ba5.NginxMailingListEnglish@forum.nginx.org> I'm trying to use the http_gunzip module as an example for a filter I am trying to write. I'm particularly interested in the buffer management. The module has a value in its ctx stuct called last_buf ... ngx_chain_t **last_out; ... last_out is set in various places throughout the code. Sometimes to other chains in the ctx, sometimes to newly allocated chains. But as far as I can tell, none of the code ever uses the value stored in last_out. (It seems to be a write-only variable :-) Anybody know what I'm missing? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239934,239934#msg-239934 From vbart at nginx.com Thu Jun 6 22:33:55 2013 From: vbart at nginx.com (Valentin V. Bartenev) Date: Fri, 7 Jun 2013 02:33:55 +0400 Subject: gunzip module and buffer managment In-Reply-To: <3bce5767ce78282f77c14bc3ac8a4ba5.NginxMailingListEnglish@forum.nginx.org> References: <3bce5767ce78282f77c14bc3ac8a4ba5.NginxMailingListEnglish@forum.nginx.org> Message-ID: <201306070233.55682.vbart@nginx.com> On Friday 07 June 2013 01:57:54 kpstein wrote: > I'm trying to use the http_gunzip module as an example for a filter I am > trying to write. I'm particularly interested in the buffer management. > > The module has a value in its ctx stuct called last_buf > > ... > ngx_chain_t **last_out; > ... > > last_out is set in various places throughout the code. Sometimes to other > chains in the ctx, sometimes to newly allocated chains. > > But as far as I can tell, none of the code ever uses the value stored in > last_out. (It seems to be a write-only variable :-) > > Anybody know what I'm missing? > % grep '*ctx->last_out' -n src/http/modules/ngx_http_gunzip_filter_module.c 461: *ctx->last_out = cl; 497: *ctx->last_out = cl; 546: *ctx->last_out = cl; 592: *ctx->last_out = cl; wbr, Valentin V. Bartenev -- http://nginx.org/en/donation.html From nginx-forum at nginx.us Fri Jun 7 01:29:36 2013 From: nginx-forum at nginx.us (honwel) Date: Thu, 06 Jun 2013 21:29:36 -0400 Subject: How can i get ip and port under forward proxy In-Reply-To: <20130606130310.GP72282@mdounin.ru> References: <20130606130310.GP72282@mdounin.ru> Message-ID: <19a4bb2c60d8ab9e5d30ea2256786577.NginxMailingListEnglish@forum.nginx.org> Thanks, i add a line " len = NGX_SOCKADDRLEN ", then , it is ok! thanks very much. but i want to know , why? (struct sockaddr *) &sa and &len as are input paramter, why len need initialized? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239883,239939#msg-239939 From mdounin at mdounin.ru Fri Jun 7 02:04:42 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 7 Jun 2013 06:04:42 +0400 Subject: How can i get ip and port under forward proxy In-Reply-To: <19a4bb2c60d8ab9e5d30ea2256786577.NginxMailingListEnglish@forum.nginx.org> References: <20130606130310.GP72282@mdounin.ru> <19a4bb2c60d8ab9e5d30ea2256786577.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20130607020442.GV72282@mdounin.ru> Hello! On Thu, Jun 06, 2013 at 09:29:36PM -0400, honwel wrote: > Thanks, i add a line " len = NGX_SOCKADDRLEN ", then , it is ok! thanks > very much. > but i want to know , why? (struct sockaddr *) &sa and &len as are input > paramter, why len need initialized? As I already said, len value is used as an input parameter by getsockname() function, and hence it must be initialized properly. See here for more details: http://pubs.opengroup.org/onlinepubs/9699919799/functions/getsockname.html : The address_len argument points to a socklen_t object which on : input specifies the length of the supplied sockaddr structure, and : on output specifies the length of the stored address. If the : actual length of the address is greater than the length of the : supplied sockaddr structure, the stored address shall be : truncated. -- Maxim Dounin http://nginx.org/en/donation.html From nginx-forum at nginx.us Fri Jun 7 02:08:40 2013 From: nginx-forum at nginx.us (honwel) Date: Thu, 06 Jun 2013 22:08:40 -0400 Subject: gunzip module and buffer managment In-Reply-To: <3bce5767ce78282f77c14bc3ac8a4ba5.NginxMailingListEnglish@forum.nginx.org> References: <3bce5767ce78282f77c14bc3ac8a4ba5.NginxMailingListEnglish@forum.nginx.org> Message-ID: <56e7ef265cf1c26ffb52ba2fc24f1762.NginxMailingListEnglish@forum.nginx.org> second rank pointer. ---- ctx->last_out Matches (10 in 1 files) ---- Ngx_http_gunzip_filter_module.c (add-on): ctx->last_out = &ctx->out; Ngx_http_gunzip_filter_module.c (add-on): ctx->last_out = &ctx->out; Ngx_http_gunzip_filter_module.c (add-on): *ctx->last_out = cl; Ngx_http_gunzip_filter_module.c (add-on): ctx->last_out = &cl->next; Ngx_http_gunzip_filter_module.c (add-on): *ctx->last_out = cl; Ngx_http_gunzip_filter_module.c (add-on): ctx->last_out = &cl->next; Ngx_http_gunzip_filter_module.c (add-on): *ctx->last_out = cl; Ngx_http_gunzip_filter_module.c (add-on): ctx->last_out = &cl->next; Ngx_http_gunzip_filter_module.c (add-on): *ctx->last_out = cl; Ngx_http_gunzip_filter_module.c (add-on): ctx->last_out = &cl->next; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239934,239941#msg-239941 From nginx-forum at nginx.us Fri Jun 7 04:23:34 2013 From: nginx-forum at nginx.us (justin) Date: Fri, 07 Jun 2013 00:23:34 -0400 Subject: HTTP status code 499 from long running requests In-Reply-To: <20130604112803.GH72282@mdounin.ru> References: <20130604112803.GH72282@mdounin.ru> Message-ID: Maxim, I dug a bit deeper and here is the nginx access log showing the 499 status request, and then a repost of the same request: XX.XX.XXX.253 - - [06/Jun/2013:21:09:08 -0700] "POST /actions/execute.php HTTP/1.1" 499 0 "https://dev.mydomain.com/execute" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36" XX.XXX.XXX.253 - - [06/Jun/2013:21:11:32 -0700] "POST /actions/execute.php HTTP/1.1" 200 673 "https://dev.mydomain.com/execute" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/27.0.1453.110 Safari/537.36" I obviously need a solution, since I am essentially creating duplicate transactions. This only happens when the execute.php takes a long time though. In jQuery when I am making the AJAX request I am setting the timeout to 15 minutes. Is there anything else I can look at or try? Thanks for the help. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239759,239943#msg-239943 From steve at greengecko.co.nz Fri Jun 7 05:24:39 2013 From: steve at greengecko.co.nz (Steve Holdoway) Date: Fri, 07 Jun 2013 17:24:39 +1200 Subject: index.php in folders. Message-ID: <1370582679.29037.401.camel@steve-new> Is there a simple config I can use to check for an index.php in subfolders? It was my understanding that if I used index index.php; in the server block, and try_files $uri $uri/ /index.php; in location / {} that it would look for $uri/index.php. But I do seem to be misunderstanding. Help! Steve -- Steve Holdoway BSc(Hons) MNZCS http://www.greengecko.co.nz Linkedin: http://www.linkedin.com/in/steveholdoway Skype: sholdowa From reallfqq-nginx at yahoo.fr Fri Jun 7 05:54:38 2013 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Fri, 7 Jun 2013 01:54:38 -0400 Subject: index.php in folders. In-Reply-To: <1370582679.29037.401.camel@steve-new> References: <1370582679.29037.401.camel@steve-new> Message-ID: Hello, On Fri, Jun 7, 2013 at 1:24 AM, Steve Holdoway wrote: > Is there a simple config I can use to check for an index.php in > subfolders? > > It was my understanding that if I used > > index index.php; > > in the server block, and > > try_files $uri $uri/ /index.php; > > in location / {} that it would look for $uri/index.php. But I do seem to > be misunderstanding. > ? Your try_files directive is only working if your content is served by the location block where it is placed. If another location block serves content, the try_files directive won't apply. I don't know the default behavior then, but I guess that you either need to specify a directory by ending the URI with a trailing slash (directory) or specify the 'index.php' file at the end of it. I suggest you move the try_files directive up in the hierarchy, thus in the containing server block. ? > > Help! > ? I also suggest that you add something after the last part of the try_files directive or replace it with a proper handler for missing files. In your example, you specified that requests missing files should be redirected to '/index.php'. That can end-up in a loop-hole if there is no index.php file at root. I suggest you use something like: try_files $uri $uri/ /index.php =404; Please read the documentation of the try_files directivefor more information.? --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From cyril.lavier at davromaniak.eu Fri Jun 7 06:37:49 2013 From: cyril.lavier at davromaniak.eu (Cyril Lavier) Date: Fri, 07 Jun 2013 08:37:49 +0200 Subject: Updated patch for CVE-2013-2070 ? Message-ID: <51B17FBD.5050607@davromaniak.eu> Hello. As stated here (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164), the patch nginx developers wrote for fixing CVE-2013-2070 is not 100% correct C. This is a big issue for us (I'm part of the nginx debian packaging team), because this patch can be applied on the Debian Wheezy's packages (1.2.1) but won't be accepted in the repositories because the patch can create new security issues. Does anyone has an updated version of this patch ? Thanks. -- Cyril "Davromaniak" Lavier KeyID 59E9A881 http://www.davromaniak.eu From mike503 at gmail.com Fri Jun 7 07:18:16 2013 From: mike503 at gmail.com (Michael Shadle) Date: Fri, 7 Jun 2013 00:18:16 -0700 Subject: kerberos In-Reply-To: References: Message-ID: This is a long time coming - I wanted to reply, I funded a project to try to get GSSAPI/SPNEGO support into nginx. The developer didn't know Kerberos nor nginx - but tried his best to get it to work. I could never get it to work, but my company's AD/Kerberos setup is confusing even for an Apache setup (especially since I do not have admin access to the domain and such) Anyway, that code is up here, no idea if it works with newer versions of nginx. https://github.com/mike503/spnego-http-auth-nginx-module and a bunch of forks, but nobody is very vocal about this functionality with nginx sadly. https://github.com/mike503/spnego-http-auth-nginx-module/network One of the more active forks is here: https://github.com/stnoonan/spnego-http-auth-nginx-module I'd love to see this get further developed/tested/etc. - if anyone has done this successfully, what their configs look like, OS, keytabs, whatever else... because I'd like to *use* it :) On Thu, Apr 18, 2013 at 12:02 PM, Friedrich Locke wrote: > I wonder if nginx supports kerberos in the same sense as apache does! > I mean: with apache i may specify if i will want SSO or password (by > retrieving the password from the kerberos database). > > The configuration options are: > > KrbMethodNegotiate off/on > KrbMethodK5Passwd off/on > > These above are the directives for SSO or password (fetched from kdc > database). > > Does nginx support the same way too ? > > Thanks in advance. > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Jun 7 12:02:14 2013 From: nginx-forum at nginx.us (Larry) Date: Fri, 07 Jun 2013 08:02:14 -0400 Subject: Caching any point to go in ram ? Message-ID: <06cc93d827e31821f345a70d9152b9ff.NginxMailingListEnglish@forum.nginx.org> Hello, I have a 15k rpm server 16g ram on which is fiercely installed nginx 1.5.1 on a debian 7 machine (no apache installed). I read a lot (up to crunching my head) about caching strategy. I would like to reduce the latency of file serving. currently, my webpage (static html) loads in 43-70 ms but then 44ms are spent doing nothing then load the images. The total for a 120k page is 500ms. What is bugging me is that even with 4 cookie-less domain (actually same disk) the answer is always page load + 44 ms idle. So not a browser limitation. How could nginx cache the images so that the answer be really fast ? proxy_cache is useless in my case, isn't it ? Varnish would maybe help but it is something on the stack to debug when things go wrong. Not really a solution. Thanks, Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239951,239951#msg-239951 From mdounin at mdounin.ru Fri Jun 7 13:28:55 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 7 Jun 2013 17:28:55 +0400 Subject: Updated patch for CVE-2013-2070 ? In-Reply-To: <51B17FBD.5050607@davromaniak.eu> References: <51B17FBD.5050607@davromaniak.eu> Message-ID: <20130607132855.GY72282@mdounin.ru> Hello! On Fri, Jun 07, 2013 at 08:37:49AM +0200, Cyril Lavier wrote: > Hello. > > As stated here > (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708164), the patch > nginx developers wrote for fixing CVE-2013-2070 is not 100% correct C. >From standards point of view - yes, the patch in question might not be enough and the check might be, in theory, optimized out by a compiler. It's not a practical problem though. > This is a big issue for us (I'm part of the nginx debian packaging > team), because this patch can be applied on the Debian Wheezy's packages > (1.2.1) but won't be accepted in the repositories because the patch can > create new security issues. The patch can't create new security issues as in worst (theoretical) case the check added will be optimized out by a compiler. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Fri Jun 7 14:42:01 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 7 Jun 2013 18:42:01 +0400 Subject: HTTP status code 499 from long running requests In-Reply-To: References: <20130604112803.GH72282@mdounin.ru> Message-ID: <20130607144201.GB72282@mdounin.ru> Hello! On Fri, Jun 07, 2013 at 12:23:34AM -0400, justin wrote: > Maxim, > > I dug a bit deeper and here is the nginx access log showing the 499 status > request, and then a repost of the same request: > > XX.XX.XXX.253 - - [06/Jun/2013:21:09:08 -0700] "POST /actions/execute.php > HTTP/1.1" 499 0 "https://dev.mydomain.com/execute" "Mozilla/5.0 (Macintosh; > Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) > Chrome/27.0.1453.110 Safari/537.36" > > XX.XXX.XXX.253 - - [06/Jun/2013:21:11:32 -0700] "POST /actions/execute.php > HTTP/1.1" 200 673 "https://dev.mydomain.com/execute" "Mozilla/5.0 > (Macintosh; Intel Mac OS X 10_8_4) AppleWebKit/537.36 (KHTML, like Gecko) > Chrome/27.0.1453.110 Safari/537.36" Just a side note: from the log there is no reason to assume these requests are duplicate. > I obviously need a solution, since I am essentially creating duplicate > transactions. This only happens when the execute.php takes a long time > though. In jQuery when I am making the AJAX request I am setting the timeout > to 15 minutes. Is there anything else I can look at or try? I would recommend reproducing the issue on a client, and looking into network traffic via tcpdump / browser details via built in tools to see why duplicate requests are sent. On the other hand, duplicate POSTs aren't at all new - they used to happen due to users pressing "Submit" button multiple times. An obvious solution is to use some one-time form tokens. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Fri Jun 7 14:50:51 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 7 Jun 2013 18:50:51 +0400 Subject: Caching any point to go in ram ? In-Reply-To: <06cc93d827e31821f345a70d9152b9ff.NginxMailingListEnglish@forum.nginx.org> References: <06cc93d827e31821f345a70d9152b9ff.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20130607145051.GC72282@mdounin.ru> Hello! On Fri, Jun 07, 2013 at 08:02:14AM -0400, Larry wrote: > Hello, > > I have a 15k rpm server 16g ram on which is fiercely installed nginx 1.5.1 > on a debian 7 machine (no apache installed). > > I read a lot (up to crunching my head) about caching strategy. > > I would like to reduce the latency of file serving. > > currently, my webpage (static html) loads in 43-70 ms but then 44ms are > spent doing nothing then load the images. > > The total for a 120k page is 500ms. > > What is bugging me is that even with 4 cookie-less domain (actually same > disk) the answer is always page load + 44 ms idle. > So not a browser limitation. >From your description it looks like 44ms is a time spent by a browser doing something prerequisite (parsing the page? resolving dns names? loading some external javascript?). -- Maxim Dounin http://nginx.org/en/donation.html From reallfqq-nginx at yahoo.fr Fri Jun 7 15:03:23 2013 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Fri, 7 Jun 2013 11:03:23 -0400 Subject: Check applied confirguration per container (http, server, location, etc.) Message-ID: Hello, I wondered if the foolowing improvement ideas had been aleready mentioned or not and if they could prove useful. 1) Having the possibility of displaying the applied configuration for a specific level in configuration hierarchy providing enough information to identify it. This would output all the configuration variables and their state for the targeted block. nginx --block-check http nginx --block-check server (no argument provided, would display a list of servers with unique server ID nginx --block-check server (would display a list similar to the servers one for the locations of this server) nginx --block-check location Is Does it sound like gasworks? --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From aldernetwork at gmail.com Fri Jun 7 21:54:28 2013 From: aldernetwork at gmail.com (Alder Network) Date: Fri, 7 Jun 2013 14:54:28 -0700 Subject: Need help: websocket proxy stops working after a while In-Reply-To: <20130604104507.GE72282@mdounin.ru> References: <20130604104507.GE72282@mdounin.ru> Message-ID: Thanks for the info. For 2) , it would be nice to accept value of -1 ( or 0 ) for proxy_read_timeout as indefinite, namely no timeout checking at proxy. On Tue, Jun 4, 2013 at 3:45 AM, Maxim Dounin wrote: > Hello! > > On Mon, Jun 03, 2013 at 03:24:52PM -0700, Alder Network wrote: > > > I got nginx websocket proxy working but the socket would close > > in a minute or so. So I add > > proxy_read_timeout 180s; > > and it works within 3 minutes but closed the websocket after 3 > > minutes, but it works OK before that. Why is that? > > BTW, I am using Nginx 1.4 now. > > Much like with normal http, nginx will time out connection to the > upstream server if it doesn't see any data from it. If with a > backend you use there are no data expected from the backend to a > client, there are two possible solutions: > > 1) Send periodic ping frames from the backend. > > 2) Configure higher proxy_read_timeout in a location where > websocket connections are handled. > > -- > Maxim Dounin > http://nginx.org/en/donation.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From the.energetic at gmail.com Sat Jun 8 18:18:46 2013 From: the.energetic at gmail.com (Travis Maxwell) Date: Sat, 8 Jun 2013 14:18:46 -0400 Subject: Simple SSL Question Message-ID: <67FFA6D7-954F-497F-9538-8401B7190A49@gmail.com> Hi, I'm using nginx with SSL, and I want to always redirect to www, regardless of whether the request is http or https. I just want to redirect to the respective protocol but with www. I have the port 80 server block working fine. Beneath my first server block I have... server { listen 80; server_name example.com; return 301 http://www.example.com$request_uri; } and this works fine. But for my port 443 server block for https, I have all kinds of information inside regarding ssl on and different ciphers to use. I really don't want to mess up anything up related to security by doing something stupid.. so my question is on this second block for port 443 underneath the first one... server { listen 443; server_name example.com; return 301 https://www.example.com$request_uri; } do I need anything else? do I need ssl on or any other security related things? If they visit non-www does that mean it transfers the request insecurely or something (even for a split second while its redirecting?) Just want to make sure what I have is solid and secure. It seems to work but I want to double check. Thanks! From reallfqq-nginx at yahoo.fr Sat Jun 8 18:29:15 2013 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Sat, 8 Jun 2013 14:29:15 -0400 Subject: Simple SSL Question In-Reply-To: <67FFA6D7-954F-497F-9538-8401B7190A49@gmail.com> References: <67FFA6D7-954F-497F-9538-8401B7190A49@gmail.com> Message-ID: Hello, On Sat, Jun 8, 2013 at 2:18 PM, Travis Maxwell wrote: > Hi, > > I'm using nginx with SSL, and I want to always redirect to www, regardless > of whether the request is http or https. I just want to redirect to the > respective protocol but with www. > > I have the port 80 server block working fine. Beneath my first server > block I have... > > server { > listen 80; > server_name example.com; > return 301 http://www.example.com$request_uri; > } > > and this works fine. But for my port 443 server block for https, I have > all kinds of information inside regarding ssl on and different ciphers to > use. > > I really don't want to mess up anything up related to security by doing > something stupid.. so my question is on this second block for port 443 > underneath the first one... > > server { > listen 443; > server_name example.com; > return 301 https://www.example.com$request_uri; > } > > do I need anything else? do I need ssl on or any other security related > things? If they visit non-www does that mean it transfers the request > insecurely or something (even for a split second while its redirecting?) > ?? > > ? Put both 'listen' directives in the same server block. ? > Just want to make sure what I have is solid and secure. It seems to work > but I want to double check. > > Thanks! > --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From appa at perusio.net Sat Jun 8 18:54:36 2013 From: appa at perusio.net (=?ISO-8859-1?Q?Ant=F3nio_P=2E_P=2E_Almeida?=) Date: Sat, 8 Jun 2013 20:54:36 +0200 Subject: Simple SSL Question In-Reply-To: References: <67FFA6D7-954F-497F-9538-8401B7190A49@gmail.com> Message-ID: You need to include the SSL certificate and the key directives on the server block that does the SSL redirect. Le 8 juin 2013 20:30, "B.R." a ?crit : > Hello, > > On Sat, Jun 8, 2013 at 2:18 PM, Travis Maxwell wrote: > >> Hi, >> >> I'm using nginx with SSL, and I want to always redirect to www, >> regardless of whether the request is http or https. I just want to redirect >> to the respective protocol but with www. >> >> I have the port 80 server block working fine. Beneath my first server >> block I have... >> >> server { >> listen 80; >> server_name example.com; >> return 301 http://www.example.com$request_uri; >> } >> >> and this works fine. But for my port 443 server block for https, I have >> all kinds of information inside regarding ssl on and different ciphers to >> use. >> >> I really don't want to mess up anything up related to security by doing >> something stupid.. so my question is on this second block for port 443 >> underneath the first one... >> >> server { >> listen 443; >> server_name example.com; >> return 301 https://www.example.com$request_uri; >> } >> >> do I need anything else? do I need ssl on or any other security related >> things? If they visit non-www does that mean it transfers the request >> insecurely or something (even for a split second while its redirecting?) >> >> >> > Put both 'listen' directives in the same server block. > > > > >> Just want to make sure what I have is solid and secure. It seems to work >> but I want to double check. >> >> Thanks! >> > --- > *B. R.* > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From hostdl at gmail.com Sun Jun 9 01:47:10 2013 From: hostdl at gmail.com (Host DL) Date: Sun, 9 Jun 2013 06:17:10 +0430 Subject: All workers in 'D' state using sendfile Message-ID: Hi, I am facing the same exact issue as explained by Drew, is there any working solution to tune nginx for higher throughput? or how to deal with sleeping D state nginx processes ? i can post my server specs and nginx conf is needed but I would like to ask Drew if he found the working properly solution or not Regards -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Sun Jun 9 05:10:05 2013 From: nginx-forum at nginx.us (George) Date: Sun, 09 Jun 2013 01:10:05 -0400 Subject: Nginx SPDY: Missing NPN Extension in SSL/TLS Handshake ? Message-ID: <7a539a70e942756bb993ae92c4a195a9.NginxMailingListEnglish@forum.nginx.org> Hi guys, I've tried setting up CentOS 6.4, Nginx 1.4.1 with Google SPDY support and used spdycheck.org to check the site and all SPDY checks pass except this notice: Missing NPN Extension in SSL/TLS Handshake Sorry, but this server is not including an NPN Entension during the SSL/TLS handshake. The NPN Extension is an additional part of the SSL/TLS ServerHello message which allows web servers to tell browsers they support additional protocols, like SPDY. SSL/TLS servers that don't use send the NPN Extension cannot use SPDY because they have no way to tell the browser to use SPDY instead of HTTP. What exactly am I missing from Nginx 1.4.1, openssl 1.0.1e and SPDY setup to properly satisfy NPN Extension in SSL/TLS handshake ? Chrome reports SPDY support fine though. cheers Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239971,239971#msg-239971 From luky-37 at hotmail.com Sun Jun 9 11:53:27 2013 From: luky-37 at hotmail.com (Lukas Tribus) Date: Sun, 9 Jun 2013 13:53:27 +0200 Subject: Nginx SPDY: Missing NPN Extension in SSL/TLS Handshake ? In-Reply-To: <7a539a70e942756bb993ae92c4a195a9.NginxMailingListEnglish@forum.nginx.org> References: <7a539a70e942756bb993ae92c4a195a9.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hi, this doesn't really make sense; NPN is absolutely required for SPDY. What does the ssllabs test say in "Next Protocol Negotiation"? https://www.ssllabs.com/ssltest/index.html Regards, Lukas From mdounin at mdounin.ru Sun Jun 9 12:13:00 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 9 Jun 2013 16:13:00 +0400 Subject: All workers in 'D' state using sendfile In-Reply-To: References: Message-ID: <20130609121300.GP72282@mdounin.ru> Hello! On Sun, Jun 09, 2013 at 06:17:10AM +0430, Host DL wrote: > I am facing the same exact issue as explained by Drew, > > is there any working solution to tune nginx for higher throughput? > > or how to deal with sleeping D state nginx processes ? See this reply for basic tuning suggestions: http://mailman.nginx.org/pipermail/nginx/2012-May/033761.html -- Maxim Dounin http://nginx.org/en/donation.html From nginx-forum at nginx.us Sun Jun 9 12:48:36 2013 From: nginx-forum at nginx.us (George) Date: Sun, 09 Jun 2013 08:48:36 -0400 Subject: Nginx SPDY: Missing NPN Extension in SSL/TLS Handshake ? In-Reply-To: References: Message-ID: According to ssllabs for NPN Next Protocol Negotiation Yes spdy/2 http/1.1 so spdycheck.org incorrect ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239971,239977#msg-239977 From luky-37 at hotmail.com Sun Jun 9 13:39:42 2013 From: luky-37 at hotmail.com (Lukas Tribus) Date: Sun, 9 Jun 2013 15:39:42 +0200 Subject: Nginx SPDY: Missing NPN Extension in SSL/TLS Handshake ? In-Reply-To: References: , Message-ID: > so spdycheck.org incorrect ? I guess so. I would suggest to report this to support at zoompf dot com so they can fix it (or tell what exactly is wrong). Regards, Lukas From hostdl at gmail.com Sun Jun 9 14:54:49 2013 From: hostdl at gmail.com (Host DL) Date: Sun, 9 Jun 2013 19:24:49 +0430 Subject: All workers in 'D' state using sendfile In-Reply-To: <20130609121300.GP72282@mdounin.ru> References: <20130609121300.GP72282@mdounin.ru> Message-ID: Hello Maxim, Thanks for your response, and sorry that I am new to mailing list and my 1st message may was not very clear to you I've already read all posts in this conversation and all tuning options has been tested I'm using 8x 2TB SATA ENT in RAID10 level + 64G RAM on my box CentOS 5.9 x64_84 / 2.6.18-348.6.1.el5 nginx.conf: worker_priority -10; worker_processes 64; worker_rlimit_nofile 20000; events { worker_connections 2048; use epoll; worker_aio_requests 128; } http { sendfile off; tcp_nopush on; tcp_nodelay on; aio on; directio 2m; #directio_alignment 4k; output_buffers 1 1m; keepalive_timeout 15; ...... } During the peak time connections will reach up to 14-15K in total and more than 1Gbit/s outgoing throughput Please note that the server was stable with about 12K connections in the peak time and about 1-1.1Gbit/s throughput but after adding another VH with about 2-3K connections it seems that server is unable to handle the request properly at the peak time Its expected the throughput to exceed the previous ~1.1Gbit/s rate but it doesn't, Even it doesn't reach to 1Gbit/s while the connections are now getting more and bigger During every peak time the LA will each to the number of nginx workers ( 64 for my current config ) and will stay at the same rate to the end of peak time, all processes are in D state and the interesting thing, memory is not being used fully and it may push about 30-40G with about 20-30% I/O wait Connections are not being processed fast and it will stay in connecting and request sent/wait for a few seconds and then data transfer will start at a very slow rate I've already tried both sendfile and AIO, and AIO seems to handle the connections better Played with output_buffer and increased both number and size of buffers but no any special effect, even the throughput got lower The interesting thing is that at the same peak time the read transfer rate is more than 500mbit/s using scp/rsync from the RAID to /dev/null Sorry for my long post and if my english sux Any suggestion would be greatly appreciarted Respect, Moozi ============================================ On Sun, Jun 9, 2013 at 4:43 PM, Maxim Dounin wrote: > Hello! > > On Sun, Jun 09, 2013 at 06:17:10AM +0430, Host DL wrote: > > > I am facing the same exact issue as explained by Drew, > > > > is there any working solution to tune nginx for higher throughput? > > > > or how to deal with sleeping D state nginx processes ? > > See this reply for basic tuning suggestions: > > http://mailman.nginx.org/pipermail/nginx/2012-May/033761.html > > -- > Maxim Dounin > http://nginx.org/en/donation.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Mon Jun 10 09:38:25 2013 From: nginx-forum at nginx.us (molj) Date: Mon, 10 Jun 2013 05:38:25 -0400 Subject: error 504, gateway timeout nginx, Message-ID: Hello! I've setup a web server running on debian with Nginx, PHP5 (PHP-FPM), And Fcgiwrap My webpage is running ok but a friend recently noticed me that while trying to access my page it gives him the Error 504(others can see my page with no problem), gateway timeout. I've searched for a solution and I've done this so far (still gives him the same error): in /etc/nginx/sites-enabled/900-ponnod.com.vhost location @php { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9012; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_intercept_errors on; fastcgi_read_timeout 300s; fastcgi_send_timeout 300s; } in /etc/php5/fpm/php.ini max_execution_time = 300 max_input_time = 300 Can't find anything useful in my /var/log/nginx/acess or log or in php5-fpm.log i also turned the debug in the php-fpm.conf and this is what it puts out: [10-jun-2013 11:35:33.974656] DEBUG: pid 29522, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool web3] currently 0 active children, 2 spare children, 2 $ [10-jun-2013 11:35:33.974765] DEBUG: pid 29522, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool apps] currently 0 active children, 2 spare children, 2 $ [10-jun-2013 11:35:33.974786] DEBUG: pid 29522, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool ispconfig] currently 0 active children, 3 spare childre$ [10-jun-2013 11:35:33.974802] DEBUG: pid 29522, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 0 active children, 2 spare children, 2 r$ [10-jun-2013 11:35:34.975851] DEBUG: pid 29522, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool web3] currently 0 active children, 2 spare children, 2 $ [10-jun-2013 11:35:34.975963] DEBUG: pid 29522, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool apps] currently 0 active children, 2 spare children, 2 $ [10-jun-2013 11:35:34.975984] DEBUG: pid 29522, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool ispconfig] currently 0 active children, 3 spare childre$ [10-jun-2013 11:35:34.975998] DEBUG: pid 29522, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 0 active children, 2 spare children, 2 r$ [10-jun-2013 11:35:35.977049] DEBUG: pid 29522, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool web3] currently 0 active children, 2 spare children, 2 $ [10-jun-2013 11:35:35.977162] DEBUG: pid 29522, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool apps] currently 0 active children, 2 spare children, 2 $ [10-jun-2013 11:35:35.977183] DEBUG: pid 29522, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool ispconfig] currently 0 active children, 3 spare childre$ [10-jun-2013 11:35:35.977227] DEBUG: pid 29522, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently 0 active children, 2 spare children, 2 r$ Nothing useful as far as i can see. Any help or direction would be appriciated, thanks! Matej Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239986,239986#msg-239986 From stageline at gmail.com Mon Jun 10 09:48:47 2013 From: stageline at gmail.com (suttya) Date: Mon, 10 Jun 2013 11:48:47 +0200 Subject: error 504, gateway timeout nginx, In-Reply-To: References: Message-ID: Hy! in /etc/php5/fpm/pool.d/www.conf: check this: request_slowlog_timeout = 0s request_terminate_timeout = 0 Hope help you 2013/6/10 molj > Hello! > > I've setup a web server running on debian with Nginx, PHP5 (PHP-FPM), And > Fcgiwrap > > My webpage is running ok but a friend recently noticed me that while trying > to access my page it gives him the Error 504(others can see my page with no > problem), gateway timeout. I've searched for a solution and I've done this > so far (still gives him the same error): > > in /etc/nginx/sites-enabled/900-ponnod.com.vhost > > > location @php { > try_files $uri =404; > include /etc/nginx/fastcgi_params; > fastcgi_pass 127.0.0.1:9012; > fastcgi_index index.php; > fastcgi_param SCRIPT_FILENAME > $document_root$fastcgi_script_name; > #fastcgi_param PATH_INFO $fastcgi_script_name; > fastcgi_intercept_errors on; > fastcgi_read_timeout 300s; > fastcgi_send_timeout 300s; > } > > in /etc/php5/fpm/php.ini > > max_execution_time = 300 > max_input_time = 300 > > > > Can't find anything useful in my /var/log/nginx/acess or log or in > php5-fpm.log i also turned the debug in the php-fpm.conf and this is what > it puts out: > [10-jun-2013 11:35:33.974656] DEBUG: pid 29522, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool web3] currently > 0 active children, 2 spare children, 2 $ > [10-jun-2013 11:35:33.974765] DEBUG: pid 29522, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool apps] currently > 0 active children, 2 spare children, 2 $ > [10-jun-2013 11:35:33.974786] DEBUG: pid 29522, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool ispconfig] > currently 0 active children, 3 spare childre$ > [10-jun-2013 11:35:33.974802] DEBUG: pid 29522, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently > 0 > active children, 2 spare children, 2 r$ > [10-jun-2013 11:35:34.975851] DEBUG: pid 29522, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool web3] currently > 0 active children, 2 spare children, 2 $ > [10-jun-2013 11:35:34.975963] DEBUG: pid 29522, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool apps] currently > 0 active children, 2 spare children, 2 $ > [10-jun-2013 11:35:34.975984] DEBUG: pid 29522, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool ispconfig] > currently 0 active children, 3 spare childre$ > [10-jun-2013 11:35:34.975998] DEBUG: pid 29522, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently > 0 > active children, 2 spare children, 2 r$ > [10-jun-2013 11:35:35.977049] DEBUG: pid 29522, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool web3] currently > 0 active children, 2 spare children, 2 $ > [10-jun-2013 11:35:35.977162] DEBUG: pid 29522, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool apps] currently > 0 active children, 2 spare children, 2 $ > [10-jun-2013 11:35:35.977183] DEBUG: pid 29522, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool ispconfig] > currently 0 active children, 3 spare childre$ > [10-jun-2013 11:35:35.977227] DEBUG: pid 29522, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool www] currently > 0 > active children, 2 spare children, 2 r$ > > Nothing useful as far as i can see. > > > Any help or direction would be appriciated, thanks! > > Matej > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,239986,239986#msg-239986 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Mon Jun 10 10:55:22 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 10 Jun 2013 14:55:22 +0400 Subject: All workers in 'D' state using sendfile In-Reply-To: References: <20130609121300.GP72282@mdounin.ru> Message-ID: <20130610105521.GR72282@mdounin.ru> Hello! On Sun, Jun 09, 2013 at 07:24:49PM +0430, Host DL wrote: > Hello Maxim, > > Thanks for your response, and sorry that I am new to mailing list and my > 1st message may was not very clear to you > > I've already read all posts in this conversation and all tuning options has > been tested > > I'm using 8x 2TB SATA ENT in RAID10 level + 64G RAM on my box > CentOS 5.9 x64_84 / 2.6.18-348.6.1.el5 > > nginx.conf: > > worker_priority -10; > worker_processes 64; > worker_rlimit_nofile 20000; > > events { > worker_connections 2048; > use epoll; > worker_aio_requests 128; > } > > http { > sendfile off; > tcp_nopush on; > tcp_nodelay on; > aio on; > directio 2m; > #directio_alignment 4k; > output_buffers 1 1m; > > keepalive_timeout 15; > > ...... > } > > During the peak time connections will reach up to 14-15K in total and more > than 1Gbit/s outgoing throughput > Please note that the server was stable with about 12K connections in the > peak time and about 1-1.1Gbit/s throughput but after adding another VH with > about 2-3K connections it seems that server is unable to handle the request > properly at the peak time > Its expected the throughput to exceed the previous ~1.1Gbit/s rate but it > doesn't, Even it doesn't reach to 1Gbit/s while the connections are now > getting more and bigger > > During every peak time the LA will each to the number of nginx workers ( 64 > for my current config ) and will stay at the same rate to the end of peak > time, all processes are in D state and the interesting thing, memory is not > being used fully and it may push about 30-40G with about 20-30% I/O wait Main problem with AIO on Linux is that it requires directio to actually work asynchronously. I would assume you've just reached a critical number of synchronous requests to disks as due to "directio 2m" in your config (and that's why you see all workers in D state). Try tuning directio to a lower value to see if it helps. Note well: memory is not used for filesystem cache with directio, so there is no surprise it's not being used fully. -- Maxim Dounin http://nginx.org/en/donation.html From nginx-forum at nginx.us Mon Jun 10 11:04:33 2013 From: nginx-forum at nginx.us (khine) Date: Mon, 10 Jun 2013 07:04:33 -0400 Subject: nginx proxy to apache ERR_TOO_MANY_REDIRECTS Message-ID: <971ba2e79b880345b46daf542a323f93.NginxMailingListEnglish@forum.nginx.org> i have the following setup which uses nginx as proxy to an apache instance running prestashop, this works ok, but i get from time to time Error 310 ERR_TOO_MANY_REDIRECTS and i can't figure out where this is coming from and i also get these error in the apache log: [Sun Jun 09 18:57:01 2013] [error] [client xx.xx.xx.xx] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) [Sun Jun 09 19:21:29 2013] [error] [client xx.xx.xx.xx] client sent HTTP/1.1 request without hostname (see RFC2616 section 14.23): /w00tw00t.at.ISC.SANS.DFind:) here is my setup: # nginx -V nginx version: nginx/1.4.1 TLS SNI support enabled configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-ipv6 --with-google_perftools_module --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_geoip_module --with-http_gzip_static_module --with-http_realip_module --with-http_stub_status_module --add-module=/usr/ports/www/nginx/work/simpl-ngx_devel_kit-48bc5dd --add-module=/usr/ports/www/nginx/work/chaoslawful-lua-nginx-module-3915187 --with-pcre --add-module=/usr/ports/www/nginx/work/yaoweibin-nginx_tcp_proxy_module-b83e5a6 --with-http_ssl_module # httpd -M Loaded Modules: core_module (static) mpm_prefork_module (static) http_module (static) so_module (static) authn_file_module (shared) authn_dbm_module (shared) authn_anon_module (shared) authn_default_module (shared) authn_alias_module (shared) authz_host_module (shared) authz_groupfile_module (shared) authz_user_module (shared) authz_dbm_module (shared) authz_owner_module (shared) authz_default_module (shared) auth_basic_module (shared) auth_digest_module (shared) file_cache_module (shared) cache_module (shared) disk_cache_module (shared) dumpio_module (shared) reqtimeout_module (shared) include_module (shared) filter_module (shared) charset_lite_module (shared) deflate_module (shared) log_config_module (shared) logio_module (shared) env_module (shared) mime_magic_module (shared) cern_meta_module (shared) expires_module (shared) headers_module (shared) usertrack_module (shared) unique_id_module (shared) setenvif_module (shared) version_module (shared) ssl_module (shared) mime_module (shared) dav_module (shared) status_module (shared) autoindex_module (shared) asis_module (shared) info_module (shared) cgi_module (shared) dav_fs_module (shared) vhost_alias_module (shared) negotiation_module (shared) dir_module (shared) imagemap_module (shared) actions_module (shared) speling_module (shared) userdir_module (shared) alias_module (shared) rewrite_module (shared) php5_module (shared) rpaf_module (shared) then in my /usr/local/etc/nginx/nginx.conf i have: #user nobody; worker_processes 4; #x2 per CPU error_log /var/www/logs/nginx_error.log notice; #pid logs/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 5; gzip on; gzip_http_version 1.1; gzip_vary on; gzip_comp_level 6; gzip_proxied any; gzip_types text/plain text/css application/json application/javascript application/x-javascript text/javascript text/xml application/xml application/rss+xml application/atom+xml application/rdf+xml; gzip_buffers 16 8k; server { listen 178.xxx.xxx.xxx:80; server_name test.domain.tld; location ~ ^.+\.(jpg|jpeg|gif|png|ico|css|js)$ { root /www/domain.tld/http; expires max; access_log off; include custom/prestashop_params; } include custom/expires_params; location / { include custom/proxy_params; proxy_pass http://127.0.0.1:81; } } the `custom/prestashop_params` are as follows: # cat custom/prestashop_params rewrite "^/([a-z]{2})/js/(.+)$" /js/$2 last; rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg last; rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last; rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last; rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last; rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last; rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last; rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last; rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last; rewrite ^/c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2$3.jpg last; rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/c/$1$2.jpg last; rewrite ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 last; and `custom/proxy_params`: # cat custom/proxy_params proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-NginX-Proxy true; proxy_set_header Range ""; proxy_set_header Request-Range ""; client_max_body_size 10m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffers 16 128k; proxy_busy_buffers_size 128k; proxy_buffer_size 128k; proxy_cache nginx-cache; proxy_cache_valid 200 302 60m; proxy_cache_valid 404 1m; proxy_redirect off; http.conf is setup to listen to port 81 and the vhost is: ServerAdmin admin at domain.tld DocumentRoot /www/domain.tld/http/ ServerName domain.tld Options Indexes FollowSymLinks AllowOverride All Order allow,deny Allow from all ErrorLog /www/domain.tld/logs/error_log CustomLog /www/domain.tld/logs/access_log common i also have IPFW setup on my server and have opened both port 80 and 81 but not sure this has anything to do with it. is there a way to trace this, so that i can understand it better? perhaps the issue is the .htaccess in the /www/domain.tld/http root directory that is causing this! and can this setup be made simpler, as i will have several prestashops instances running from this server with individual SSL certificates? any advice much appreciated. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239993,239993#msg-239993 From hostdl at gmail.com Mon Jun 10 11:08:45 2013 From: hostdl at gmail.com (Host DL) Date: Mon, 10 Jun 2013 15:38:45 +0430 Subject: All workers in 'D' state using sendfile In-Reply-To: <20130610105521.GR72282@mdounin.ru> References: <20130609121300.GP72282@mdounin.ru> <20130610105521.GR72282@mdounin.ru> Message-ID: Dear Maxim, Thanks for your response, I don't think it will help much since all of my files are larger enough than 2MB Regarding AIO problem in linux, do you think using AIO + sendfile together on FreeBSD will be better in performance in my case? Respect ============================================ On Mon, Jun 10, 2013 at 3:25 PM, Maxim Dounin wrote: > Hello! > > On Sun, Jun 09, 2013 at 07:24:49PM +0430, Host DL wrote: > > > Hello Maxim, > > > > Thanks for your response, and sorry that I am new to mailing list and my > > 1st message may was not very clear to you > > > > I've already read all posts in this conversation and all tuning options > has > > been tested > > > > I'm using 8x 2TB SATA ENT in RAID10 level + 64G RAM on my box > > CentOS 5.9 x64_84 / 2.6.18-348.6.1.el5 > > > > nginx.conf: > > > > worker_priority -10; > > worker_processes 64; > > worker_rlimit_nofile 20000; > > > > events { > > worker_connections 2048; > > use epoll; > > worker_aio_requests 128; > > } > > > > http { > > sendfile off; > > tcp_nopush on; > > tcp_nodelay on; > > aio on; > > directio 2m; > > #directio_alignment 4k; > > output_buffers 1 1m; > > > > keepalive_timeout 15; > > > > ...... > > } > > > > During the peak time connections will reach up to 14-15K in total and > more > > than 1Gbit/s outgoing throughput > > Please note that the server was stable with about 12K connections in the > > peak time and about 1-1.1Gbit/s throughput but after adding another VH > with > > about 2-3K connections it seems that server is unable to handle the > request > > properly at the peak time > > Its expected the throughput to exceed the previous ~1.1Gbit/s rate but it > > doesn't, Even it doesn't reach to 1Gbit/s while the connections are now > > getting more and bigger > > > > During every peak time the LA will each to the number of nginx workers ( > 64 > > for my current config ) and will stay at the same rate to the end of peak > > time, all processes are in D state and the interesting thing, memory is > not > > being used fully and it may push about 30-40G with about 20-30% I/O wait > > Main problem with AIO on Linux is that it requires directio to > actually work asynchronously. I would assume you've just reached > a critical number of synchronous requests to disks as due to > "directio 2m" in your config (and that's why you see all workers > in D state). Try tuning directio to a lower value to see if it > helps. > > Note well: memory is not used for filesystem cache with directio, > so there is no surprise it's not being used fully. > > -- > Maxim Dounin > http://nginx.org/en/donation.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From contact at jpluscplusm.com Mon Jun 10 11:09:22 2013 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Mon, 10 Jun 2013 12:09:22 +0100 Subject: nginx proxy to apache ERR_TOO_MANY_REDIRECTS In-Reply-To: <971ba2e79b880345b46daf542a323f93.NginxMailingListEnglish@forum.nginx.org> References: <971ba2e79b880345b46daf542a323f93.NginxMailingListEnglish@forum.nginx.org> Message-ID: On 10 June 2013 12:04, khine wrote: > i also get these error in the apache log: > > [Sun Jun 09 18:57:01 2013] [error] [client xx.xx.xx.xx] client sent > HTTP/1.1 request without hostname (see RFC2616 section 14.23): > /w00tw00t.at.ISC.SANS.DFind:) > [Sun Jun 09 19:21:29 2013] [error] [client xx.xx.xx.xx] client sent > HTTP/1.1 request without hostname (see RFC2616 section 14.23): > /w00tw00t.at.ISC.SANS.DFind:) http://bit.ly/12eMCLC Jonathan From wigyori at uid0.hu Mon Jun 10 11:18:35 2013 From: wigyori at uid0.hu (Zoltan HERPAI) Date: Mon, 10 Jun 2013 13:18:35 +0200 (CEST) Subject: extended_status module for 1.5.x Message-ID: Hi all, Has someone forwardported this module to 1.5.x? Although the 1.0.11 diff can be applied to 1.2.6 as per the doc, it gives a shipload of fails when touching ngx_http_request.c. Thanks, -w- From vbart at nginx.com Mon Jun 10 11:30:55 2013 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 10 Jun 2013 15:30:55 +0400 Subject: All workers in 'D' state using sendfile In-Reply-To: References: <20130610105521.GR72282@mdounin.ru> Message-ID: <201306101530.55168.vbart@nginx.com> On Monday 10 June 2013 15:08:45 Host DL wrote: > Dear Maxim, > > Thanks for your response, > I don't think it will help much since all of my files are larger enough > than 2MB [...] How large? And how big is the entire dataset? Perhaps, quite the opposite you should increase the directio value for better utilization of pagecache. wbr, Valentin V. Bartenev -- http://nginx.org/en/donation.html From mdounin at mdounin.ru Mon Jun 10 11:57:06 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 10 Jun 2013 15:57:06 +0400 Subject: All workers in 'D' state using sendfile In-Reply-To: References: <20130609121300.GP72282@mdounin.ru> <20130610105521.GR72282@mdounin.ru> Message-ID: <20130610115706.GT72282@mdounin.ru> Hello! On Mon, Jun 10, 2013 at 03:38:45PM +0430, Host DL wrote: > Dear Maxim, > > Thanks for your response, > I don't think it will help much since all of my files are larger enough > than 2MB The "D" state of nginx workers has only one explanation: blocking operations on disks. When serving static files with nginx on Linux, this basically means one of the following: 1. opening / stat()'ing files 2. blocking aio reads due to no directio on unaligned reads 3. blocking aio reads due to no directio on small files Within nginx, you may reduce possibility of (3) using directio directive with a smaller value. Both (1) and (2) are more or less unavoidable, but aren't likely to happen, at least with proper OS tuning. If in doubt, try tracing where worker processes are blocked. As a very first step, ps(1) output should be examined for a wait channel column (wchan). > Regarding AIO problem in linux, do you think using AIO + sendfile together > on FreeBSD will be better in performance in my case? Yes. -- Maxim Dounin http://nginx.org/en/donation.html From nginx-forum at nginx.us Mon Jun 10 12:21:47 2013 From: nginx-forum at nginx.us (xiaowl) Date: Mon, 10 Jun 2013 08:21:47 -0400 Subject: I see unusual amount of 408 errors from access log Message-ID: <8236f873160351fbc464c5eb5f8af95f.NginxMailingListEnglish@forum.nginx.org> /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:01:20 +0000] "-" 408 0 "-" "-" /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:10:57 +0000] "-" 408 0 "-" "-" /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:16:55 +0000] "-" 408 0 "-" "-" /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:18:31 +0000] "-" 408 0 "-" "-" /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:21:54 +0000] "-" 408 0 "-" "-" /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:25:57 +0000] "-" 408 0 "-" "-" /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:33:43 +0000] "-" 408 0 "-" "-" /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:36:02 +0000] "-" 408 0 "-" "-" /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:36:21 +0000] "-" 408 0 "-" "-" /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:49:05 +0000] "-" 408 0 "-" "-" /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:55:31 +0000] "-" 408 0 "-" "-" As you can see, the log doesn't contain any information about request, like request method and request uri. A normal access log should like this: /var/log/nginx/nost_access.log.1:x.x.x.x - - [09/Jun/2013:22:49:58 +0000] "POST /some/resource/3984/upload/ HTTP/1.1" 408 0 "-" "APIClient-Android-16#v0.8.6" My question is, why some access log entries have no request method/uri? I guess the 408 occurs in a early phase when the request entry is not processed yet. Since I'm enable HTTPS, is that can be a reason about this error? My Nginx version is 1.2.1. Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,240003,240003#msg-240003 From nginx-forum at nginx.us Mon Jun 10 12:24:08 2013 From: nginx-forum at nginx.us (yogeshnachnani) Date: Mon, 10 Jun 2013 08:24:08 -0400 Subject: Sending SSL Client Certificate upstream In-Reply-To: <1cad592bfd9800e6e2d472f8afa03681.NginxMailingListEnglish@forum.nginx.org> References: <1cad592bfd9800e6e2d472f8afa03681.NginxMailingListEnglish@forum.nginx.org> Message-ID: <25a399d5c4bf5bca6ad8c14ec450c3da.NginxMailingListEnglish@forum.nginx.org> I have a similar requirement. Dave, Did you find a solution for this? The only thing that I can think of currently is have the servers use a basic http auth instead off ssl client cert auth. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,236314,240004#msg-240004 From mdounin at mdounin.ru Mon Jun 10 12:28:51 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 10 Jun 2013 16:28:51 +0400 Subject: I see unusual amount of 408 errors from access log In-Reply-To: <8236f873160351fbc464c5eb5f8af95f.NginxMailingListEnglish@forum.nginx.org> References: <8236f873160351fbc464c5eb5f8af95f.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20130610122851.GU72282@mdounin.ru> Hello! On Mon, Jun 10, 2013 at 08:21:47AM -0400, xiaowl wrote: > /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:01:20 +0000] > "-" 408 0 "-" "-" > /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:10:57 +0000] > "-" 408 0 "-" "-" > /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:16:55 +0000] > "-" 408 0 "-" "-" > /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:18:31 +0000] > "-" 408 0 "-" "-" > /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:21:54 +0000] > "-" 408 0 "-" "-" > /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:25:57 +0000] > "-" 408 0 "-" "-" > /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:33:43 +0000] > "-" 408 0 "-" "-" > /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:36:02 +0000] > "-" 408 0 "-" "-" > /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:36:21 +0000] > "-" 408 0 "-" "-" > /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:49:05 +0000] > "-" 408 0 "-" "-" > /var/log/nginx/nost_access.log.1:x.x.x.x - - [10/Jun/2013:09:55:31 +0000] > "-" 408 0 "-" "-" > > As you can see, the log doesn't contain any information about request, like > request method and request uri. A normal access log should like this: > > /var/log/nginx/nost_access.log.1:x.x.x.x - - [09/Jun/2013:22:49:58 +0000] > "POST /some/resource/3984/upload/ HTTP/1.1" 408 0 "-" > "APIClient-Android-16#v0.8.6" > > My question is, why some access log entries have no request method/uri? I > guess the 408 occurs in a early phase when the request entry is not > processed yet. Since I'm enable HTTPS, is that can be a reason about this > error? > > My Nginx version is 1.2.1. These are https connections without anything sent (closed due to timeout). In 1.3.15+, such connections are no longer result in access_log entries. -- Maxim Dounin http://nginx.org/en/donation.html From r at roze.lv Mon Jun 10 12:37:40 2013 From: r at roze.lv (Reinis Rozitis) Date: Mon, 10 Jun 2013 15:37:40 +0300 Subject: I see unusual amount of 408 errors from access log In-Reply-To: <8236f873160351fbc464c5eb5f8af95f.NginxMailingListEnglish@forum.nginx.org> References: <8236f873160351fbc464c5eb5f8af95f.NginxMailingListEnglish@forum.nginx.org> Message-ID: <2A989E12A6E04606B137EA3527CDCB6D@MezhRoze> > My question is, why some access log entries have no request method/uri? I guess the 408 occurs in a early phase when the request entry is not processed yet. It is usually generated by browsers (like Chrome http://code.google.com/p/chromium/issues/detail?id=85229 ) opening more sockets to the webserver (a way of "optimisation") and not actually using them - eg not sending any http request. rr From nginx-forum at nginx.us Mon Jun 10 12:42:01 2013 From: nginx-forum at nginx.us (George) Date: Mon, 10 Jun 2013 08:42:01 -0400 Subject: Nginx SPDY: Missing NPN Extension in SSL/TLS Handshake ? In-Reply-To: References: Message-ID: <2cd5b8bb748d045910746fe24fb98c00.NginxMailingListEnglish@forum.nginx.org> Thanks Lukas for your help :) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239971,240007#msg-240007 From agentzh at gmail.com Mon Jun 10 19:35:40 2013 From: agentzh at gmail.com (agentzh) Date: Mon, 10 Jun 2013 12:35:40 -0700 Subject: [ANN] ngx_openresty stable version 1.2.8.6 released Message-ID: Hello folks! I am happy to announce that the new stable version of ngx_openresty, 1.2.8.6, is now released: http://openresty.org/#Download Below is the change log for this release, as compared to the last (devel) release, 1.2.8.5: * upgraded LuaJIT to 2.0.2. * changes: The following components are bundled: * LuaJIT-2.0.2 * array-var-nginx-module-0.03rc1 * auth-request-nginx-module-0.2 * drizzle-nginx-module-0.1.5 * echo-nginx-module-0.45 * encrypted-session-nginx-module-0.03 * form-input-nginx-module-0.07 * headers-more-nginx-module-0.20 * iconv-nginx-module-0.10 * lua-5.1.5 * lua-cjson-1.0.3 * lua-rds-parser-0.05 * lua-redis-parser-0.10 * lua-resty-dns-0.09 * lua-resty-memcached-0.11 * lua-resty-mysql-0.13 * lua-resty-redis-0.15 * lua-resty-string-0.08 * lua-resty-upload-0.08 * memc-nginx-module-0.13rc3 * nginx-1.2.8 * ngx_coolkit-0.2rc1 * ngx_devel_kit-0.2.18 * ngx_lua-0.8.2 * ngx_postgres-1.0rc2 * rds-csv-nginx-module-0.05rc2 * rds-json-nginx-module-0.12rc10 * redis-nginx-module-0.3.6 * redis2-nginx-module-0.10 * set-misc-nginx-module-0.22rc8 * srcache-nginx-module-0.21 * xss-nginx-module-0.03rc9 We'll move onto the latest Nginx stable series 1.4.x for the next release :) OpenResty (aka. ngx_openresty) is a full-fledged web application server by bundling the standard Nginx core, lots of 3rd-party Nginx modules and Lua libraries, as well as most of their external dependencies. See OpenResty's homepage for details: http://openresty.org/ We have been running extensive testing on our Amazon EC2 test cluster and ensure that all the components (including the Nginx core) play well together. The latest test report can always be found here: http://qa.openresty.org Enjoy! -agentzh From nginx-forum at nginx.us Mon Jun 10 20:51:19 2013 From: nginx-forum at nginx.us (freerk55) Date: Mon, 10 Jun 2013 16:51:19 -0400 Subject: EGroupWare nginx config In-Reply-To: <20120113195141.3ad9aa14@e-healthexpert.org> References: <20120113195141.3ad9aa14@e-healthexpert.org> Message-ID: <50f3d505b6f56ee600a25309c84d93ad.NginxMailingListEnglish@forum.nginx.org> Hello Mark, I had Egroupware on Apache2 and have everything now on Nginx Everything works fine. Exept... The filemanager: Ik can upload files en see an icon wich "proofs" that the file arrived on the server. But when I click on the link of that file, i get an error: 404 Not Found nginx/1.2.6 (Ubuntu) Does this work on your situation? Freerk Jongsma Posted at Nginx Forum: http://forum.nginx.org/read.php?2,221202,240012#msg-240012 From nginx-forum at nginx.us Mon Jun 10 21:33:23 2013 From: nginx-forum at nginx.us (Perel) Date: Mon, 10 Jun 2013 17:33:23 -0400 Subject: Any equivalent of mod_dumpio In-Reply-To: References: Message-ID: <14b2683a7513a948e552e270e0b7cd27.NginxMailingListEnglish@forum.nginx.org> jeff7091 Wrote: ------------------------------------------------------- > Is there anything like Apache's mod_dumpio? Any way to get a full > running trace of request & responses, including the body data? Would > such a thing be useful to anyone besides me? I would be quite interested in this as well. Debug log is great, but does not show full response bodies like mod_dumpio does. Did you end up writing something? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,238419,240013#msg-240013 From nginx-forum at nginx.us Tue Jun 11 01:53:39 2013 From: nginx-forum at nginx.us (soisita) Date: Mon, 10 Jun 2013 21:53:39 -0400 Subject: Nginx http-bind eJabbered pending requests Chrome Message-ID: <84e82163c0f3af15ea514850badfaf9f.NginxMailingListEnglish@forum.nginx.org> Hi, I'm working on a server where nginx runs as proxy on Apache It proxies php files & ejabbered requests & serves static files Everything was fine until a few weeks, and only on Chrome: when http-bind is pending, it makes all further requests pending also, thus all images called after the http-bind request are "pending" until ejabbered answers (about 1.5 min) Any idea? here part of the conf: nginx/0.7.67 user www-data; worker_processes 8; worker_cpu_affinity 0001 0010 0011 0100 0101 0110 0111 1000; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; events { worker_connections 1024; multi_accept on; } http { include /etc/nginx/mime.types; default_type application/octet-stream; sendfile on; tcp_nopush on; server_tokens off; server_names_hash_bucket_size 128; #keepalive_timeout 0; keepalive_timeout 65; tcp_nodelay on; add_header Access-Control-Allow-Origin *; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } site: server { bla bla location /http-bind/ { tcp_nodelay on; keepalive_timeout 55; proxy_pass http://chatdomain:5280/http-bind/; } } server { listen 80; server_name STATICSDOMAIN; # redirect server error pages to the static page /50x.html # #error_page 500 502 503 504 /50x.html; location = /50x.html { root /var/www/nginx-default; } location ~* ^.+.(jpg|jpeg|gif|css|png|js|ico|srt|swf|pdf)$ { root /PATHTOSTATICS; expires 30d; } } conf.d/proxy.conf: proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; client_max_body_size 20m; client_body_buffer_size 128k; client_header_buffer_size 64k; proxy_connect_timeout 180; proxy_send_timeout 180; proxy_read_timeout 180; proxy_buffer_size 64k; proxy_buffers 32 64k; proxy_busy_buffers_size 128k; large_client_header_buffers 8 64k; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,240016,240016#msg-240016 From nginx-forum at nginx.us Tue Jun 11 09:10:20 2013 From: nginx-forum at nginx.us (n1xman) Date: Tue, 11 Jun 2013 05:10:20 -0400 Subject: Nginx cache files by mime type using ngx_srcache module Message-ID: Hi, I?m using ngx_srcache module with Memcached to cache static contents of the upstream servers. This is based on static file extensions. Now I need to cached them by looking at Content-Type of the header to cache .html pages as we do not use the .html extension. (i.e. http://www.example.com/this-is-my-site ) Is this possible with ngx_srcache module using map module or something similar.. http { map $upstream_http_content_type $no_proxy { default 0; ~*^html/ 0; } and hook this $no_proxy to ngx_srcache variables like I?m doing with extension?? location ~* \.(html)$ { set $key $uri$args; srcache_fetch GET /memc key=$key; srcache_store PUT /memc key=$key&exptime=$ttl_1m; proxy_pass http://www.example.com; } Any help to this is really appreciated. Thanks in advance. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,240023,240023#msg-240023 From jakob at jet-stream.nl Tue Jun 11 12:19:46 2013 From: jakob at jet-stream.nl (Jakob van Bethlehem) Date: Tue, 11 Jun 2013 14:19:46 +0200 Subject: Problems combining 'backup' command in upstream block with 'fair'-command Message-ID: Dear users, My first message here; I discussed my issue already with some folks on IRC; my main conclusion was that I should try it with a broader audience. So here's the problem: * we're using the ngx_http_upstream_module, and ngx_http_upstream_fair_module together with the HttpProxyModule * The 'proxy'-configuration looks like this: location "/jvbnet/betsy/ip-vhost-trial/" { rewrite "^/jvbnet/betsy/ip-vhost-trial/(.*)$" "/$1" break; proxy_pass http://0893697e3d3e9e1a78d79c5d3b13c258; proxy_set_header Host rd.devel.xxx-xxxxx.nl; proxy_cache cache; } * There is a separate configuration file defining the upstream: upstream 0893697e3d3e9e1a78d79c5d3b13c258 { server 172.17.88.10; server 172.17.88.20 backup; fair; } * What I see: - If no connection can be made to 172.17.88.10 (because I switched off Apache over there), no roll-over to 172.17.88.20 happens - Next I remove the 'fair' command: upstream 0893697e3d3e9e1a78d79c5d3b13c258 { server 172.17.88.10; server 172.17.88.20 backup; } - Now, in the same situation, nginx -does- rollover to 172.17.88.20, as I expected * What I expected: nginx performing rollover in the first scenario I get the same results if more non-backup servers are configured. And if I put 'fair' as the first command in the initial scenario: upstream 0893697e3d3e9e1a78d79c5d3b13c258 { fair; server 172.17.88.10; server 172.17.88.20 backup; } the nginx configuration tester gives an error: nginx: [emerg] invalid parameter "backup" To me it seems that the fair-module does not cooperate properly with the 'backup' parameter. Did anyone else notice this problem, and if so, is there a workaround/solution? Are there other configuration issues I may have to check? Sincerely, Jakob van Bethlehem -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Tue Jun 11 12:55:19 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 11 Jun 2013 16:55:19 +0400 Subject: Problems combining 'backup' command in upstream block with 'fair'-command In-Reply-To: References: Message-ID: <20130611125519.GG72282@mdounin.ru> Hello! On Tue, Jun 11, 2013 at 02:19:46PM +0200, Jakob van Bethlehem wrote: [...] > I get the same results if more non-backup servers are configured. And if I put 'fair' as the first command in the initial scenario: > upstream 0893697e3d3e9e1a78d79c5d3b13c258 { > fair; > server 172.17.88.10; > server 172.17.88.20 backup; > } > > the nginx configuration tester gives an error: > nginx: [emerg] invalid parameter "backup" > > To me it seems that the fair-module does not cooperate properly with the 'backup' parameter. Did anyone else notice this problem, and if so, is there a workaround/solution? Are there other configuration issues I may have to check? The error message suggests that fair balancer isn't able to work with backup servers. The error is only reported if a balancer is activated before "server" directives as the check in question only done when parsing "server" directives. -- Maxim Dounin http://nginx.org/en/donation.html From agentzh at gmail.com Tue Jun 11 19:05:31 2013 From: agentzh at gmail.com (agentzh) Date: Tue, 11 Jun 2013 12:05:31 -0700 Subject: Nginx cache files by mime type using ngx_srcache module In-Reply-To: References: Message-ID: Hello! On Tue, Jun 11, 2013 at 2:10 AM, n1xman wrote: > Now I need to > cached them by looking at Content-Type of the header to cache .html pages as > we do not use the .html extension. (i.e. > http://www.example.com/this-is-my-site ) > > Is this possible with ngx_srcache module using map module or something > similar.. > > http { > map $upstream_http_content_type $no_proxy { > default 0; > ~*^html/ 0; > } > > and hook this $no_proxy to ngx_srcache variables like I?m doing with > extension?? > > location ~* \.(html)$ { > set $key $uri$args; Just a side note: because you're using the key in the "key" URI argument below, you should escape it because the value may contain special characters. That is, set_escape_uri $key $uri$args; And then in your location = /memc, you should unescape the "key" URI argument like this: set_unescape_uri $key $arg_key; > srcache_fetch GET /memc key=$key; > srcache_store PUT /memc key=$key&exptime=$ttl_1m; > proxy_pass http://www.example.com; > } > You can use the srcache_store_skip directive to achieve this: http://wiki.nginx.org/HttpSRCacheModule#srcache_store_skip Basically, you can do something like this: map $upstream_http_content_type $no_store { default 1; ~*html 0; } server { ... location / { set_escape_uri $key $uri$args; srcache_fetch GET /memc key=$key; srcache_store PUT /memc key=$key&exptime=$ttl_1m; proxy_pass http://www.example.com; srcache_store_skip $no_store; } } Best regards, -agentzh From nginx-forum at nginx.us Tue Jun 11 23:46:25 2013 From: nginx-forum at nginx.us (solitaryr) Date: Tue, 11 Jun 2013 19:46:25 -0400 Subject: nginx proxy vs apache proxy In-Reply-To: <4e1ac52177a2fa140555024cadf33fb7.NginxMailingListEnglish@forum.nginx.org> References: <4e1ac52177a2fa140555024cadf33fb7.NginxMailingListEnglish@forum.nginx.org> Message-ID: <91889cdd888d38ea8a589a01dbcf535e.NginxMailingListEnglish@forum.nginx.org> This apparently handles the proxying differently. Guess it's back to Apache since it handles it readily and has AJP support. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239872,240043#msg-240043 From jan.algermissen at nordsc.com Wed Jun 12 06:31:47 2013 From: jan.algermissen at nordsc.com (Jan Algermissen) Date: Wed, 12 Jun 2013 08:31:47 +0200 Subject: OpenSSL memory management Message-ID: Hi, I am new to this list and to nginx, so here is a short intro: I am Jan Algermissen, primarily a complete REST/HTTP-head and recently focussing on REST API security. About to write an nginx module as an authenticating HTTP gateway. I have a question regarding memory management and the use of OpenSSL (libcrypto) in nginx: AFAIK, libcrypto is doing quite a lot of memory allocations/deallocations internally, unsing standard malloc etc. When a piece software that builds upon libcrypto provides its own memory management (for example nginx) it can explicitly set the memory management functions used by libcrypto. This can be done by using CRYPTO_set_mem_functions (#include ). Looking at the nginx sources, I did not find any use of this feature. Am I missing something, or does the SSL module of nginx simply ignore the memory management issue, defering to the use of malloc inside libcrypto? If so, can anyone explain the rationale for doiing so? Jan From nginx-forum at nginx.us Wed Jun 12 10:28:48 2013 From: nginx-forum at nginx.us (funtimezone) Date: Wed, 12 Jun 2013 06:28:48 -0400 Subject: Best Entertaining Platform from all over the world Message-ID: Welcome to the best entertaining program from all over the word. Make Money Online with best investment in Hedge fund day trading with high returns on Daily Interest the world best revenue sharing program. Post free classified ads, play free online games, find free recipes from all over the world, send free sms from all over the world and make live chat from all over the world and also private chat as well to do it, so enjoy with the best entertaining program in the world. For More Details click the link below: http://www.funtimezone.com Posted at Nginx Forum: http://forum.nginx.org/read.php?2,240048,240048#msg-240048 From nginx-forum at nginx.us Wed Jun 12 10:51:31 2013 From: nginx-forum at nginx.us (n1xman) Date: Wed, 12 Jun 2013 06:51:31 -0400 Subject: Nginx cache files by mime type using ngx_srcache module In-Reply-To: References: Message-ID: <71a7e6901155d24e9058fe9568ce1c64.NginxMailingListEnglish@forum.nginx.org> Hi agentzh, Thanks for the support and it is working :) However, I have noticed every srcache_fetch GET /memc subrequest hits the memcached even though srcache_store skipped content-type which is not defined. This will keep busy the memcached server and I think srcache_fetch GET subrequest should not executed if srcache_store_skip triggered first. Or am I missing something here... map $upstream_http_content_type $no_store { default 1; ~*html 0; } server { .. location /memc { internal; set_unescape_uri $memc_key $arg_key; set $memc_key $arg_key; set $memc_exptime $arg_exptime; memc_pass 127.0.0.1:11211; } location / { srcache_response_cache_control off; set_escape_uri $key $uri$args; set $ttl_1d 60; srcache_fetch GET /memc key=$key; srcache_store PUT /memc key=$key&exptime=$ttl_1d; srcache_store_statuses 200; proxy_pass http://192.168.0.61:900; srcache_store_skip $no_store; } .. } Find the debug logs when firing following urls curl -i http://192.168.0.160/index.html < served from the memcached curl -i http://192.168.0.160/santa.jpg < not served from the memcached but the request hits the memcached error.log http://pastebin.com/jbMm83qh [root at localhost conf.d]# nginx -V nginx version: nginx/1.4.1 built by gcc 4.4.6 20120305 (Red Hat 4.4.6-4) (GCC) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-mail_ssl_module --with-file-aio --without-mail_smtp_module --without-mail_imap_module --without-mail_pop3_module --with-debug --with-http_spdy_module --add-module=/usr/local/hirantha/rpmbuild/BUILD/nginx-1.4.1/contrib/ngx_devel_kit-master --add-module=/usr/local/hirantha/rpmbuild/BUILD/nginx-1.4.1/contrib/echo-nginx-module-master --add-module=/usr/local/hirantha/rpmbuild/BUILD/nginx-1.4.1/contrib/set-misc-nginx-module-master --add-module=/usr/local/hirantha/rpmbuild/BUILD/nginx-1.4.1/contrib/srcache-nginx-module-master --add-module=/usr/local/hirantha/rpmbuild/BUILD/nginx-1.4.1/contrib/nginx-sticky-module-1.1 --add-module=/usr/local/hirantha/rpmbuild/BUILD/nginx-1.4.1/contrib/nginx_upstream_check_module-master --add-module=/usr/local/hirantha/rpmbuild/BUILD/nginx-1.4.1/contrib/memc-nginx-module-master --add-module=/usr/local/hirantha/rpmbuild/BUILD/nginx-1.4.1/contrib/nginx_cross_origin_module-master --with-cc-opt='-O2 -g' Really appreciate your support here. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,240023,240049#msg-240049 From mailinglisten at simonhoenscheid.de Wed Jun 12 22:14:41 2013 From: mailinglisten at simonhoenscheid.de (=?ISO-8859-15?Q?Simon_H=F6nscheid?=) Date: Thu, 13 Jun 2013 00:14:41 +0200 Subject: Need some help with rewrite rule translation Message-ID: <51B8F2D1.8000602@simonhoenscheid.de> Hello List, I managed to translate nearly all our old apache rules, but have some problems with the following ones: # skip existing files RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule .* - [L] RewriteRule ^favicon\.ico$ - [R=404,L] RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^([0-9]+)\.(flv|gif)$ getFile.php?itemid=$1&type=$2 [L] RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_URI} !\/upload\/ RewriteRule ^(.*)$ upload/$1 [L] Thanks for the help Simon From luky-37 at hotmail.com Wed Jun 12 23:20:02 2013 From: luky-37 at hotmail.com (Lukas Tribus) Date: Thu, 13 Jun 2013 01:20:02 +0200 Subject: nginx proxy vs apache proxy In-Reply-To: <91889cdd888d38ea8a589a01dbcf535e.NginxMailingListEnglish@forum.nginx.org> References: <4e1ac52177a2fa140555024cadf33fb7.NginxMailingListEnglish@forum.nginx.org>, <91889cdd888d38ea8a589a01dbcf535e.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hi, > Nginx responses show (regardless of how I try to connect): > > Scheme: http > Name: my.example.com > Port: 80 > [...] > proxy_set_header Host $http_host; > proxy_set_header X-Forwarded-By $server_addr:$server_port; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto $scheme; Are you sure Apache uses exactly the same headers when passing the request to the backend? Compare the frontend/backend traffic with apache and nginx, and adjust the nginx configuration accordingly. Nginx will do what you configure; but I guess the values above are not really inspected by your backend. > Guess it's back to Apache since it handles it readily and has AJP support. Take a look at nginx_ajp_module: https://github.com/yaoweibin/nginx_ajp_module#readme Regards, Lukas From artemrts at ukr.net Thu Jun 13 03:46:25 2013 From: artemrts at ukr.net (wishmaster) Date: Thu, 13 Jun 2013 06:46:25 +0300 Subject: Need some help with rewrite rule translation In-Reply-To: <51B8F2D1.8000602@simonhoenscheid.de> References: <51B8F2D1.8000602@simonhoenscheid.de> Message-ID: <68473.1371095185.14077873764824907776@ffe16.ukr.net> --- Original message --- From: "Simon H?nscheid" Date: 13 June 2013, 01:14:11 > Hello List, > > I managed to translate nearly all our old apache rules, but have some > problems with the following ones: > > # skip existing files > RewriteCond %{REQUEST_FILENAME} -f [OR] > RewriteCond %{REQUEST_FILENAME} -d > RewriteRule .* - [L] > > RewriteRule ^favicon\.ico$ - [R=404,L] > > RewriteCond %{REQUEST_FILENAME} !-f > RewriteRule ^([0-9]+)\.(flv|gif)$ getFile.php?itemid=$1&type=$2 [L] > > > > RewriteCond %{REQUEST_FILENAME} !-f > RewriteCond %{REQUEST_URI} !\/upload\/ > RewriteRule ^(.*)$ upload/$1 [L] > And what is your own (draft) rules after reading http://nginx.org/en/docs/http/converting_rewrite_rules.html ?? From mailinglisten at simonhoenscheid.de Thu Jun 13 08:38:59 2013 From: mailinglisten at simonhoenscheid.de (mailinglisten at simonhoenscheid.de) Date: Thu, 13 Jun 2013 10:38:59 +0200 Subject: Need some help with rewrite rule translation In-Reply-To: <68473.1371095185.14077873764824907776@ffe16.ukr.net> References: <51B8F2D1.8000602@simonhoenscheid.de> <68473.1371095185.14077873764824907776@ffe16.ukr.net> Message-ID: <7a890132376ff0a045304fb0e1aa4c16@simonhoenscheid.de> That is what I have got: Am 13.06.2013 05:46, schrieb wishmaster: > --- Original message --- > From: "Simon H?nscheid" > Date: 13 June 2013, 01:14:11 > > > Hello List, > > I managed to translate nearly all our old apache rules, but have some > problems with the following ones: > > # skip existing files > RewriteCond %{REQUEST_FILENAME} -f [OR] > RewriteCond %{REQUEST_FILENAME} -d > RewriteRule .* - [L] I have no solution here > RewriteRule ^favicon\.ico$ - [R=404,L] location /(^favicon)/(.*\.(ico)) { return 404; } > > RewriteCond %{REQUEST_FILENAME} !-f > RewriteRule ^([0-9]+)\.(flv|gif)$ getFile.php?itemid=$1&type=$2 [L] > location / { if (!-e $request_filename){ rewrite ^/([0-9]+)\.(flv|gif)$ /getFile.php?itemid=$1&type=$2 last; } } > > RewriteCond %{REQUEST_FILENAME} !-f > RewriteCond %{REQUEST_URI} !\/upload\/ > RewriteRule ^(.*)$ upload/$1 [L] location ~ \/upload\/ { } location / { if (!-e $request_filename){ rewrite ^(.*)$ /upload/$1 last; } } > And what is your own (draft) rules after reading > http://nginx.org/en/docs/http/converting_rewrite_rules.html ?? > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From hostdl at gmail.com Thu Jun 13 08:52:16 2013 From: hostdl at gmail.com (Host DL) Date: Thu, 13 Jun 2013 13:22:16 +0430 Subject: Need some help with rewrite rule translation In-Reply-To: <51B8F2D1.8000602@simonhoenscheid.de> References: <51B8F2D1.8000602@simonhoenscheid.de> Message-ID: On Thu, Jun 13, 2013 at 2:44 AM, Simon H?nscheid < mailinglisten at simonhoenscheid.de> wrote: > > # skip existing files > RewriteCond %{REQUEST_FILENAME} -f [OR] > RewriteCond %{REQUEST_FILENAME} -d > RewriteRule .* - [L] > if (-e $request_filename){ break; } try this at the first of your location/server block -------------- next part -------------- An HTML attachment was scrubbed... URL: From hostdl at gmail.com Thu Jun 13 09:04:31 2013 From: hostdl at gmail.com (Host DL) Date: Thu, 13 Jun 2013 13:34:31 +0430 Subject: All workers in 'D' state using sendfile In-Reply-To: <20130610115706.GT72282@mdounin.ru> References: <20130609121300.GP72282@mdounin.ru> <20130610105521.GR72282@mdounin.ru> <20130610115706.GT72282@mdounin.ru> Message-ID: Thanks you for clarification on this issue The last modification that worked properly was reducing workers I tried both 64, 24 and 12 workers and less workers was better in performances during the peak time I can't recognize why but it works like a charm PS: Dual E5-2620 has been used which leads to 24 HT core and 12 real core -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Thu Jun 13 11:41:31 2013 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 13 Jun 2013 15:41:31 +0400 Subject: OpenSSL memory management In-Reply-To: References: Message-ID: <20130613114131.GN72282@mdounin.ru> Hello! On Wed, Jun 12, 2013 at 08:31:47AM +0200, Jan Algermissen wrote: > Hi, > > I am new to this list and to nginx, so here is a short intro: > > I am Jan Algermissen, primarily a complete REST/HTTP-head and recently > focussing on REST API security. About to write an nginx module as an > authenticating HTTP gateway. > > I have a question regarding memory management and the use of OpenSSL > (libcrypto) in nginx: > > AFAIK, libcrypto is doing quite a lot of memory allocations/deallocations > internally, unsing standard malloc etc. > > When a piece software that builds upon libcrypto provides its own > memory management (for example nginx) it can explicitly set the > memory management functions used by libcrypto. This can be done > by using CRYPTO_set_mem_functions (#include ). > > Looking at the nginx sources, I did not find any use of this feature. Am > I missing something, or does the SSL module of nginx simply ignore > the memory management issue, defering to the use of malloc inside > libcrypto? > > If so, can anyone explain the rationale for doiing so? OpenSSL allocations life time often more than a request life time, and sometimes more than a connection life time. This makes use of nginx memory management functions mostly pointless. -- Maxim Dounin http://nginx.org/en/donation.html From m00n.silv3r at gmail.com Thu Jun 13 12:26:35 2013 From: m00n.silv3r at gmail.com (Silver Moon) Date: Thu, 13 Jun 2013 17:56:35 +0530 Subject: Need to add expires header conditionally based on mime types In-Reply-To: References: Message-ID: Hi I need to add expires headers conditionally based on a certain mime type. For example add expires 7d to text/css How to do this ? So far I found that $sent_http_content_type contains the mime type that is send in http response. But its not possible to put it in a if directive and do expires either, if ($sent_http_content_type = "text/css") { expires 7d; } will not work. Also tried to create a map and try to hack around, but could not do it. I cannot do on file based or specific directory location based because lots of css/js content is generated from php files dynamically. And there are multiple php files generating content. I need a neat way to implement this, is it possible ? -- Silver -------------- next part -------------- An HTML attachment was scrubbed... URL: From gregm at servu.net.au Thu Jun 13 15:25:39 2013 From: gregm at servu.net.au (Greg M) Date: Thu, 13 Jun 2013 15:25:39 +0000 Subject: ipv6 upstream support Message-ID: <758BD56B30B33343A02413D9CADBD34310A9C722@HKNPRD0310MB361.apcprd03.prod.outlook.com> Hi Maxim, Is ipv6 upstream support available in nginx's proxy modules just yet? Thanks, Greg -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6469 bytes Desc: not available URL: From vbart at nginx.com Thu Jun 13 17:03:54 2013 From: vbart at nginx.com (Valentin V. Bartenev) Date: Thu, 13 Jun 2013 21:03:54 +0400 Subject: ipv6 upstream support In-Reply-To: <758BD56B30B33343A02413D9CADBD34310A9C722@HKNPRD0310MB361.apcprd03.prod.outlook.com> References: <758BD56B30B33343A02413D9CADBD34310A9C722@HKNPRD0310MB361.apcprd03.prod.outlook.com> Message-ID: <201306132103.54804.vbart@nginx.com> On Thursday 13 June 2013 19:25:39 Greg M wrote: > Is ipv6 upstream support available in nginx's proxy modules just yet? Yes, it's available since nginx 1.3.1 and 1.2.2. wbr, Valentin V. Bartenev -- http://nginx.org/en/donation.html From mailinglisten at simonhoenscheid.de Thu Jun 13 17:24:12 2013 From: mailinglisten at simonhoenscheid.de (mailinglisten at simonhoenscheid.de) Date: Thu, 13 Jun 2013 19:24:12 +0200 Subject: Need some help with rewrite rule translation In-Reply-To: References: <51B8F2D1.8000602@simonhoenscheid.de> Message-ID: I have an other rule driving me crazy: Apache: RewriteRule ^image/resized/(\d+)/([0-9a-fA-F]{6}/|)(.+)_(\d+)(|m)x(\d+)(|m)(_.+|).(jpg|jpeg|png|gif) resized/getByDimension.php?domainid=$1&objectid=$3&width=$4&height=$6&format=$9&random=$8&color=$2&maxwidth=$5&maxheight=$7 [L] nginx: location / { rewrite "^/image/resized/(\d+)/([0-9a-fA-F]{6}/|)(.+)_(\d+)(|m)x(\d+)(|m)(_.+|)\.(jpg|jpeg|png|gif)" /resized/getByDimension.php?domainid=$1&objectid=$3&width=$4&height=$6&format=$9&random=$8&color=$2&maxwidth=$5&maxheight=$7 last; } Is there a fault? Thanks for the Help Simon Am 13.06.2013 10:52, schrieb Host DL: > On Thu, Jun 13, 2013 at 2:44 AM, Simon H?nscheid > wrote: > > # skip existing files > RewriteCond %{REQUEST_FILENAME} -f [OR] > RewriteCond %{REQUEST_FILENAME} -d > RewriteRule .* - [L] > > if (-e $request_filename){ > > break; > } > > try this at the first of your location/server block > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From reallfqq-nginx at yahoo.fr Thu Jun 13 17:35:17 2013 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Thu, 13 Jun 2013 13:35:17 -0400 Subject: Need some help with rewrite rule translation In-Reply-To: References: <51B8F2D1.8000602@simonhoenscheid.de> Message-ID: What is the observed behavior? What do show your logs? --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglisten at simonhoenscheid.de Thu Jun 13 18:53:21 2013 From: mailinglisten at simonhoenscheid.de (=?ISO-8859-1?Q?Simon_H=F6nscheid?=) Date: Thu, 13 Jun 2013 20:53:21 +0200 Subject: Need to add expires header conditionally based on mime types In-Reply-To: References:

Message-ID: <51BA1521.1000002@simonhoenscheid.de> Hi Silver, this will fit your needs: location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires 7d; } Simon Am 13.06.2013 14:26, schrieb Silver Moon: > Hi > > I need to add expires headers conditionally based on a certain mime type. > For example add expires 7d to text/css > > How to do this ? > > So far I found that $sent_http_content_type contains the mime type that > is send in http response. But its not possible to put it in a if > directive and do expires > either, > > if ($sent_http_content_type = "text/css") > { > expires 7d; > } > > will not work. > > Also tried to create a map and try to hack around, but could not do it. > > I cannot do on file based or specific directory location based because > lots of css/js content is generated from php files dynamically. And > there are multiple php files generating content. > > I need a neat way to implement this, is it possible ? > > -- > Silver > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > From jbarton at conquerthe.net Thu Jun 13 19:31:28 2013 From: jbarton at conquerthe.net (John Barton) Date: Thu, 13 Jun 2013 14:31:28 -0500 Subject: Question about multiple applicable locations in a server config Message-ID: <38f0c82fb111e5878b1cccb300798697@conquerthe.net> I have read documentation from several sources, and there is still 1 detail about nginx configuration that I do not fully understand, and would like some additional guidance. In the nginx location configuration, how does one handle locations that would match multiple criteria, but nginx can only match on one? For example, lets say I have a php application and I am using php-fpm, which has an admin interface that I want to protect using htaccess. I would have location directives in my config with the following contents: location ~* /admin/ { auth_basic "Restricted"; auth_basic_user_file htpasswd; } location ~* .php$ { try_files $uri =404; fastcgi_index index.php; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; } >From my understanding of how nginx processes the config file, it would match the /admin/ regex first, but what if the files contained in this directory are PHP scripts? Since the first location matches in my config, I believe that the second location with the PHP redirect is never processed? Thanks in advance, -JB -------------- next part -------------- An HTML attachment was scrubbed... URL: From agentzh at gmail.com Thu Jun 13 19:38:32 2013 From: agentzh at gmail.com (agentzh) Date: Thu, 13 Jun 2013 12:38:32 -0700 Subject: Nginx cache files by mime type using ngx_srcache module In-Reply-To: <71a7e6901155d24e9058fe9568ce1c64.NginxMailingListEnglish@forum.nginx.org> References: <71a7e6901155d24e9058fe9568ce1c64.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello! On Wed, Jun 12, 2013 at 3:51 AM, n1xman wrote: > However, I have noticed every srcache_fetch GET /memc subrequest hits the > memcached even though srcache_store skipped content-type which is not > defined. > The cache fetch operation must be performed *before* sending a request to the backend while the Content-Type response header is only available *after* the backend request is already sent. You're having a chicken and egg problem here. And I don't see how the srcache_fetch can be skipped without a Content-Type response header available for checks. > This will keep busy the memcached server and I think srcache_fetch GET > subrequest should not executed if srcache_store_skip triggered first. Are you sure? srcache_store_skip always runs after srcache_fetch for a particular request. The caching workflow looks like this: srcache_fetch send backend request if it's a cache miss receive backend response (headers) srcache_store I cannot see how srcache_store_skip can be triggered before srcache_fetch without sending a backend request to get the Content-Type response header. Best regards, -agentzh From contact at jpluscplusm.com Thu Jun 13 20:48:33 2013 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Thu, 13 Jun 2013 21:48:33 +0100 Subject: Question about multiple applicable locations in a server config In-Reply-To: <38f0c82fb111e5878b1cccb300798697@conquerthe.net> References: <38f0c82fb111e5878b1cccb300798697@conquerthe.net> Message-ID: On 13 June 2013 20:31, John Barton wrote: > I have read documentation from several sources, and there is still 1 detail > about nginx configuration that I do not fully understand, and would like > some additional guidance. In the nginx location configuration, how does one > handle locations that would match multiple criteria, but nginx can only > match on one? > For example, lets say I have a php application and I am using php-fpm, which > has an admin interface that I want to protect using htaccess. I would have > location directives in my config with the following contents: > > location ~* /admin/ { > auth_basic "Restricted"; > auth_basic_user_file htpasswd; > } > > location ~* \.php$ { > try_files $uri =404; > fastcgi_index index.php; > fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; > include fastcgi_params; > fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; > fastcgi_param SCRIPT_NAME $fastcgi_script_name; > } > > > From my understanding of how nginx processes the config file, it would match > the /admin/ regex first, but what if the files contained in this directory > are PHP scripts? Since the first location matches in my config, I believe > that the second location with the PHP redirect is never processed? Remember you can use nested location. I would imagine (though haven't tested) that this will work: --------------------------------- location ~ \.php { try_files $uri =404; fastcgi_index index.php; fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock; include fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param SCRIPT_NAME $fastcgi_script_name; location ~ /admin/ { auth_basic "Restricted"; auth_basic_user_file htpasswd; } } --------------------------------- Regards, Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From contact at jpluscplusm.com Thu Jun 13 20:51:34 2013 From: contact at jpluscplusm.com (Jonathan Matthews) Date: Thu, 13 Jun 2013 21:51:34 +0100 Subject: Need some help with rewrite rule translation In-Reply-To: <7a890132376ff0a045304fb0e1aa4c16@simonhoenscheid.de> References: <51B8F2D1.8000602@simonhoenscheid.de> <68473.1371095185.14077873764824907776@ffe16.ukr.net> <7a890132376ff0a045304fb0e1aa4c16@simonhoenscheid.de> Message-ID: On 13 June 2013 09:38, wrote: [snip] >> RewriteRule ^favicon\.ico$ - [R=404,L] > > location /(^favicon)/(.*\.(ico)) { > return 404; Don't do that. You're only hurting yourself. Just return an empty gif (http://wiki.nginx.org/HttpEmptyGifModule) or ico/etc equivalent. Jonathan -- Jonathan Matthews // Oxford, London, UK http://www.jpluscplusm.com/contact.html From reallfqq-nginx at yahoo.fr Thu Jun 13 21:01:15 2013 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Thu, 13 Jun 2013 17:01:15 -0400 Subject: Need some help with rewrite rule translation In-Reply-To: References: <51B8F2D1.8000602@simonhoenscheid.de> <68473.1371095185.14077873764824907776@ffe16.ukr.net> <7a890132376ff0a045304fb0e1aa4c16@simonhoenscheid.de> Message-ID: On Thu, Jun 13, 2013 at 4:51 PM, Jonathan Matthews wrote: > On 13 June 2013 09:38, wrote: > [snip] > >> RewriteRule ^favicon\.ico$ - [R=404,L] > > > > location /(^favicon)/(.*\.(ico)) { > > return 404; > > Don't do that. You're only hurting yourself. Just return an empty gif > (http://wiki.nginx.org/HttpEmptyGifModule) or ico/etc equivalent. > ? You could also do that: location /favicon.ico { return 204; access_log off; log_not_found off; }? > Jonathan > -- > Jonathan Matthews // Oxford, London, UK > http://www.jpluscplusm.com/contact.html > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From m00n.silv3r at gmail.com Fri Jun 14 02:58:47 2013 From: m00n.silv3r at gmail.com (Silver Moon) Date: Fri, 14 Jun 2013 08:28:47 +0530 Subject: Need to add expires header conditionally based on mime types In-Reply-To: <51BA1521.1000002@simonhoenscheid.de> References:

<51BA1521.1000002@simonhoenscheid.de> Message-ID: hi this is not sufficient. in my application for example, js, css and images are generated dynamically from php scripts. and there are multiple scripts to generate such content. therefore i need mime based expire headers. On Fri, Jun 14, 2013 at 12:23 AM, Simon H?nscheid < mailinglisten at simonhoenscheid.de> wrote: > Hi Silver, > > this will fit your needs: > > location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { > expires 7d; > } > > Simon > Am 13.06.2013 14:26, schrieb Silver Moon: > > Hi > > > > I need to add expires headers conditionally based on a certain mime type. > > For example add expires 7d to text/css > > > > How to do this ? > > > > So far I found that $sent_http_content_type contains the mime type that > > is send in http response. But its not possible to put it in a if > > directive and do expires > > either, > > > > if ($sent_http_content_type = "text/css") > > { > > expires 7d; > > } > > > > will not work. > > > > Also tried to create a map and try to hack around, but could not do it. > > > > I cannot do on file based or specific directory location based because > > lots of css/js content is generated from php files dynamically. And > > there are multiple php files generating content. > > > > I need a neat way to implement this, is it possible ? > > > > -- > > Silver > > > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Silver -------------- next part -------------- An HTML attachment was scrubbed... URL: From steve at greengecko.co.nz Fri Jun 14 03:04:42 2013 From: steve at greengecko.co.nz (Steve Holdoway) Date: Fri, 14 Jun 2013 15:04:42 +1200 Subject: Need to add expires header conditionally based on mime types In-Reply-To: References:

<51BA1521.1000002@simonhoenscheid.de> Message-ID: <1371179082.25974.91.camel@steve-new> Are they presented as .js, .css etc to the client browser? If so, then this is sufficient. Steve On Fri, 2013-06-14 at 08:28 +0530, Silver Moon wrote: > hi > > > this is not sufficient. > > > in my application for example, js, css and images are generated > dynamically from php scripts. and there are multiple scripts to > generate such content. > > > therefore i need mime based expire headers. > > On Fri, Jun 14, 2013 at 12:23 AM, Simon H?nscheid > wrote: > Hi Silver, > > this will fit your needs: > > location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { > expires 7d; > } > > Simon > Am 13.06.2013 14:26, schrieb Silver Moon: > > Hi > > > > I need to add expires headers conditionally based on a > certain mime type. > > For example add expires 7d to text/css > > > > How to do this ? > > > > So far I found that $sent_http_content_type contains the > mime type that > > is send in http response. But its not possible to put it in > a if > > directive and do expires > > either, > > > > if ($sent_http_content_type = "text/css") > > { > > expires 7d; > > } > > > > will not work. > > > > Also tried to create a map and try to hack around, but could > not do it. > > > > I cannot do on file based or specific directory location > based because > > lots of css/js content is generated from php files > dynamically. And > > there are multiple php files generating content. > > > > I need a neat way to implement this, is it possible ? > > > > -- > > Silver > > > > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > > > > -- > Silver > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -- Steve Holdoway BSc(Hons) MNZCS http://www.greengecko.co.nz Linkedin: http://www.linkedin.com/in/steveholdoway Skype: sholdowa From hostdl at gmail.com Fri Jun 14 03:05:42 2013 From: hostdl at gmail.com (Host DL) Date: Fri, 14 Jun 2013 07:35:42 +0430 Subject: Need to add expires header conditionally based on mime types In-Reply-To: References:

<51BA1521.1000002@simonhoenscheid.de> Message-ID: If you handle your js, css and images by php scripts you can use header function to send out Expires and Cache-Control directives example: -------------- next part -------------- An HTML attachment was scrubbed... URL: From m00n.silv3r at gmail.com Fri Jun 14 03:12:05 2013 From: m00n.silv3r at gmail.com (Silver Moon) Date: Fri, 14 Jun 2013 08:42:05 +0530 Subject: Need to add expires header conditionally based on mime types In-Reply-To: References:

<51BA1521.1000002@simonhoenscheid.de> Message-ID: yes, i could send out headers from php itself but mime based header generation in the webserver itself would make things easier. so finally it is impossible to achieve that ? On Fri, Jun 14, 2013 at 8:35 AM, Host DL wrote: > If you handle your js, css and images by php scripts you can use header > function to send out Expires and Cache-Control directives > > example: > > header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 > header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past > ?> > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Silver -------------- next part -------------- An HTML attachment was scrubbed... URL: From miguelmclara at gmail.com Fri Jun 14 04:30:15 2013 From: miguelmclara at gmail.com (Miguel Clara) Date: Fri, 14 Jun 2013 04:30:15 +0000 Subject: Need to add expires header conditionally based on mime types In-Reply-To: References:

<51BA1521.1000002@simonhoenscheid.de>

Message-ID: <51BA9C57.1000905@gmail.com> >From what you describe I do think the suggested nginx config is enough... However maybe you're looking for something like this: http://stackoverflow.com/questions/14631044/expires-header-based-on-dynamic-content-type-in-nginx Not really sure if it suits you're needs, but It seems this is what you're looking for. You can also find more info on mime type here: http://wiki.nginx.org/HttpCoreModule#types Hope this helps, Mike On 06/14/13 03:12, Silver Moon wrote: > yes, i could send out headers from php itself > but mime based header generation in the webserver itself would make > things easier. > > so finally it is impossible to achieve that ? > > On Fri, Jun 14, 2013 at 8:35 AM, Host DL > wrote: > > If you handle your js, css and images by php scripts you can use > header function to send out Expires and Cache-Control directives > > example: > > header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 > header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past > ?> > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > > > > -- > Silver > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From m00n.silv3r at gmail.com Fri Jun 14 03:41:51 2013 From: m00n.silv3r at gmail.com (Silver Moon) Date: Fri, 14 Jun 2013 09:11:51 +0530 Subject: Need to add expires header conditionally based on mime types In-Reply-To: <51BA9C57.1000905@gmail.com> References:

<51BA1521.1000002@simonhoenscheid.de>

<51BA9C57.1000905@gmail.com> Message-ID: the putting $upstream_http_content_type or $sent_http_content_type or $content_type inside "if" does not work. i wish someone could test and provide a working example. none of the samples shown in the stackoverflow post work. i tested enough and found that only $sent_http_content_type contains the http response Content-type and that can be tested like this add_header TEST $sent_http_content_type however putting that inside an if and trying to add further headers inside that if will not work i opened a ticket in trac and they said that it does not work like that however no one confirms if it is strictly possible or impossible. On Fri, Jun 14, 2013 at 10:00 AM, Miguel Clara wrote: > From what you describe I do think the suggested nginx config is enough... > > However maybe you're looking for something like this: > > > http://stackoverflow.com/questions/14631044/expires-header-based-on-dynamic-content-type-in-nginx > > Not really sure if it suits you're needs, but It seems this is what you're > looking for. > > You can also find more info on mime type here: > http://wiki.nginx.org/HttpCoreModule#types > > Hope this helps, > > Mike > > > > On 06/14/13 03:12, Silver Moon wrote: > > yes, i could send out headers from php itself > but mime based header generation in the webserver itself would make things > easier. > > so finally it is impossible to achieve that ? > > On Fri, Jun 14, 2013 at 8:35 AM, Host DL wrote: > >> If you handle your js, css and images by php scripts you can use header >> function to send out Expires and Cache-Control directives >> >> example: >> >> > header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 >> header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past >> ?> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > > -- > Silver > > > _______________________________________________ > nginx mailing listnginx at nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Silver -------------- next part -------------- An HTML attachment was scrubbed... URL: From appa at perusio.net Fri Jun 14 06:35:54 2013 From: appa at perusio.net (=?ISO-8859-1?Q?Ant=F3nio_P=2E_P=2E_Almeida?=) Date: Fri, 14 Jun 2013 08:35:54 +0200 Subject: Need to add expires header conditionally based on mime types In-Reply-To: References:

<51BA1521.1000002@simonhoenscheid.de>

<51BA9C57.1000905@gmail.com> Message-ID: If you use the Lua embedded module you can do that AFAICT. http://wiki.nginx.org/HttpLuaModule#header_filter_by_lua Le 14 juin 2013 05:42, "Silver Moon" a ?crit : > the > > putting $upstream_http_content_type or $sent_http_content_type or > $content_type inside "if" does not work. > i wish someone could test and provide a working example. > > none of the samples shown in the stackoverflow post work. > > i tested enough and found that only $sent_http_content_type contains the > http response Content-type > and that can be tested like this > > add_header TEST $sent_http_content_type > > however putting that inside an if and trying to add further headers inside > that if will not work > i opened a ticket in trac and they said that it does not work like that > > however no one confirms if it is strictly possible or impossible. > > On Fri, Jun 14, 2013 at 10:00 AM, Miguel Clara wrote: > >> From what you describe I do think the suggested nginx config is >> enough... >> >> However maybe you're looking for something like this: >> >> >> http://stackoverflow.com/questions/14631044/expires-header-based-on-dynamic-content-type-in-nginx >> >> Not really sure if it suits you're needs, but It seems this is what >> you're looking for. >> >> You can also find more info on mime type here: >> http://wiki.nginx.org/HttpCoreModule#types >> >> Hope this helps, >> >> Mike >> >> >> >> On 06/14/13 03:12, Silver Moon wrote: >> >> yes, i could send out headers from php itself >> but mime based header generation in the webserver itself would make >> things easier. >> >> so finally it is impossible to achieve that ? >> >> On Fri, Jun 14, 2013 at 8:35 AM, Host DL wrote: >> >>> If you handle your js, css and images by php scripts you can use >>> header function to send out Expires and Cache-Control directives >>> >>> example: >>> >>> >> header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1 >>> header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past >>> ?> >>> >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >>> >> >> >> >> -- >> Silver >> >> >> _______________________________________________ >> nginx mailing listnginx at nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx >> >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > > -- > Silver > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mailinglisten at simonhoenscheid.de Fri Jun 14 07:58:12 2013 From: mailinglisten at simonhoenscheid.de (mailinglisten at simonhoenscheid.de) Date: Fri, 14 Jun 2013 09:58:12 +0200 Subject: Need some help with rewrite rule translation In-Reply-To: References: <51B8F2D1.8000602@simonhoenscheid.de> <68473.1371095185.14077873764824907776@ffe16.ukr.net> <7a890132376ff0a045304fb0e1aa4c16@simonhoenscheid.de>

Message-ID: Both solutions look interesting, I will have a look on it. Am 13.06.2013 23:01, schrieb B.R.: > On Thu, Jun 13, 2013 at 4:51 PM, Jonathan Matthews > wrote: > > On 13 June 2013 09:38, ? wrote: > [snip] > RewriteRule ^favicon.ico$ - [R=404,L] > > location /(^favicon)/(.*.(ico)) { > return 404; > > Don't do that. You're only hurting yourself. Just return an empty gif > (http://wiki.nginx.org/HttpEmptyGifModule [1]) or ico/etc equivalent. > > ? > You could also do that: > location /favicon.ico { > ??? return 204; > ??? access_log????? off; > ??? log_not_found?? off; > }? > > Jonathan > -- > Jonathan Matthews // Oxford, London, UK > http://www.jpluscplusm.com/contact.html [2] > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx [3] > --- > B. R. > > Links: > ------ > [1] http://wiki.nginx.org/HttpEmptyGifModule > [2] http://www.jpluscplusm.com/contact.html > [3] http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mailinglisten at simonhoenscheid.de Fri Jun 14 08:35:12 2013 From: mailinglisten at simonhoenscheid.de (mailinglisten at simonhoenscheid.de) Date: Fri, 14 Jun 2013 10:35:12 +0200 Subject: Need some help with rewrite rule translation In-Reply-To: References: <51B8F2D1.8000602@simonhoenscheid.de>

Message-ID: <9a58e16240d3b1c755947b82acae57ba@simonhoenscheid.de> Am 13.06.2013 19:35, schrieb B.R.: > What is the observed behavior? The parameters are not given corectly to the php script, delivering the picture. > What do show your logs? As expected there ist a 404 in the belonging access log. I activated the rewrite_log but there is no output in the error log. Simon > > --- > B. R. > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From m6rkalan at gmail.com Fri Jun 14 09:15:02 2013 From: m6rkalan at gmail.com (Mark Alan) Date: Fri, 14 Jun 2013 10:15:02 +0100 Subject: Need some help with rewrite rule translation In-Reply-To: References: <51B8F2D1.8000602@simonhoenscheid.de> <68473.1371095185.14077873764824907776@ffe16.ukr.net> <7a890132376ff0a045304fb0e1aa4c16@simonhoenscheid.de>

Message-ID: <51badf18.8918b40a.5454.7c37@mx.google.com> On Fri, 14 Jun 2013 09:58:12 +0200, mailinglisten at simonhoenscheid.de wrote: > Both solutions look interesting, I will have a look on it. We use been successfully the "return no content=204" opiton: location = /favicon.ico { access_log off; log_not_found off; expires 30d; try_files /sites/$server_name/files/favicon.ico $uri =204; } Meaning that try_files first looks in a directory where we usually keep favicon.ico and logos (.png, .jpg, etc.), then it tries the user provied $uri and, if it does not find any then thows out a "no content" code (204). There is no need to load one more module (Empty Gif Module) just to do that. M. From mailinglisten at simonhoenscheid.de Fri Jun 14 09:44:08 2013 From: mailinglisten at simonhoenscheid.de (mailinglisten at simonhoenscheid.de) Date: Fri, 14 Jun 2013 11:44:08 +0200 Subject: Need some help with rewrite rule translation In-Reply-To: <51badf18.8918b40a.5454.7c37@mx.google.com> References: <51B8F2D1.8000602@simonhoenscheid.de> <68473.1371095185.14077873764824907776@ffe16.ukr.net> <7a890132376ff0a045304fb0e1aa4c16@simonhoenscheid.de>

<51badf18.8918b40a.5454.7c37@mx.google.com> Message-ID: Thanks for the Detailed Information :-) I have still problems with this role: Client sends the first part of the urls, server rewrites it, and php delivers the picture. I tried to escape \ and dots, but this does not help. Server gives back a 404. Then I activated the error_log with level notice and added rewrite_log on, but there is no log output. Any hints? Simon Apache: RewriteRule ^image/resized/(\d+)/([0-9a-fA-F]{6}/|)(.+)_(\d+)(|m)x(\d+)(|m)(_.+|).(jpg|jpeg|png|gif) resized/getByDimension.php?domainid=$1&objectid=$3&width=$4&height=$6&format=$9&random=$8&color=$2&maxwidth=$5&maxheight=$7 [L] nginx: location / { rewrite "^/image/resized/(\d+)/([0-9a-fA-F]{6}/|)(.+)_(\d+)(|m)x(\d+)(|m)(_.+|)\.(jpg|jpeg|png|gif)" /resized/getByDimension.php?domainid=$1&objectid=$3&width=$4&height=$6&format=$9&random=$8&color=$2&maxwidth=$5&maxheight=$7 last; } Is there a fault? Am 14.06.2013 11:15, schrieb Mark Alan: > On Fri, 14 Jun 2013 09:58:12 +0200, mailinglisten at simonhoenscheid.de > wrote: > > Both solutions look interesting, I will have a look on it. > > We use been successfully the "return no content=204" opiton: > > location = /favicon.ico { access_log off; log_not_found off; expires > 30d; try_files /sites/$server_name/files/favicon.ico $uri =204; } > > Meaning that try_files first looks in a directory where we usually keep > favicon.ico and logos (.png, .jpg, etc.), then it tries the user > provied $uri and, if it does not find any then thows out a "no content" > code (204). > > There is no need to load one more module (Empty Gif Module) just to do > that. > > M. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From lista at oxdrove.co.uk Fri Jun 14 11:05:10 2013 From: lista at oxdrove.co.uk (James Lee) Date: Fri, 14 Jun 2013 12:05:10 +0100 Subject: truncated output for large files through proxy Message-ID: <51BAF8E6.4020204@oxdrove.co.uk> Hello, nginx 1.4.1 is truncating proxy output for large files. *** Steps to reproduce *** nginx.conf: location ^~ /download/ { proxy_pass http://localhost:9000; proxy_set_header Host $host; } The back end is a very simple servlet that copies a static file to the output stream. The test file is 7147652 bytes. Small files are delivered correctly, *** Test results *** First to show that the back end is sending a full file access it directly on port 9000: $ curl http://domain.local:9000/download/file.pdf | wc % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 6980k 0 6980k 0 0 39.3M 0 --:--:-- --:--:-- --:--:-- 39.6M 39699 166238 7147652 7147652 bytes delivered correctly. Example of failure, request via nginx: $ curl http://domain.local/download/file.pdf | wc % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 167k 0 167k 0 0 5779k 0 --:--:-- --:--:-- --:--:-- 5992k 1959 3853 171828 Only 171828 bytes delivered. By restricting the download speed more bytes are delivered, slower is better, eg: $ curl --limit-rate 200k http://domain.local/download/file.pdf | wc % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 6980k 0 6980k 0 0 200k 0 --:--:-- 0:00:34 --:--:-- 200k 39699 166238 7147652 *** Workaround *** Add limit-rate to nginx.conf: location ^~ /download/ { proxy_pass http://localhost:9000; proxy_set_header Host $host; limit_rate 1000k; } $ curl http://domain.local/download/file.pdf | wc % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 6980k 0 6980k 0 0 1000k 0 --:--:-- 0:00:06 --:--:-- 1001k 39699 166238 7147652 Full 7147652bytes delivered *** Other information *** This is similar to: http://mailman.nginx.org/pipermail/nginx/2012-April/033272.html The workaround for this was also set a limit rate in nginx.conf. nginx 1.4.1 Solaris 10u11 James. From reallfqq-nginx at yahoo.fr Fri Jun 14 11:40:45 2013 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Fri, 14 Jun 2013 07:40:45 -0400 Subject: Need some help with rewrite rule translation In-Reply-To: <9a58e16240d3b1c755947b82acae57ba@simonhoenscheid.de> References: <51B8F2D1.8000602@simonhoenscheid.de>

<9a58e16240d3b1c755947b82acae57ba@simonhoenscheid.de> Message-ID: