From nginx-forum at nginx.us Fri Aug 1 02:13:32 2014 From: nginx-forum at nginx.us (wandenberg) Date: Thu, 31 Jul 2014 22:13:32 -0400 Subject: GeoIP FirstNonPrivateXForwardedForIP In-Reply-To: References: Message-ID: <8e704f6c90dae68342c3761e49c4a7a1.NginxMailingListEnglish@forum.nginx.org> Hi, some time ago I had a similar issue and I grab some parts of nginx internals modules and did one specific to me. My issue was to use the first XForwardedFor IP, but only when the client address was the Google Chrome Proxy. I don't know if this is the best approach, but I check the client ip using the reverse dns and, if the ip came from Google, I change it for the first ip on XFowardedFor header. Doing that, the GeoIP module can be executed with the "real ip" instead of the Google. If you want to look how I did, the code is here https://github.com/wandenberg/nginx-trusted-proxy-resolver-module. (The idea is to expand this module to support other mobiles proxies like Windows Phone and Mini Opera.) Regards, Wandenberg Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250823,252190#msg-252190 From oyljerry at gmail.com Fri Aug 1 09:56:48 2014 From: oyljerry at gmail.com (Jerry OELoo) Date: Fri, 1 Aug 2014 17:56:48 +0800 Subject: How to directly return in filter Message-ID: Hi All: I am developing a module in Nginx-1.6.0, Now My module work as a filter. static ngx_int_t ngx_http_my_handler(ngx_http_request_t *r) { ... return ngx_http_output_filter(); } I use ngx_http_output_filter() to send the response to client. Now I want to do some extra thing in my handler, I can get the url from ngx_http_request_t, and I want just return some thing if request URL is www.aaa.com, but if request URL is www.bbb.com, I do not want my handler do anything, and just let client access www.bbb.com page. How can I achieve my aim. Thanks! Jerry -- Rejoice,I Desire! From nginx-forum at nginx.us Fri Aug 1 12:03:42 2014 From: nginx-forum at nginx.us (c0nw0nk) Date: Fri, 01 Aug 2014 08:03:42 -0400 Subject: [ANN] Windows nginx 1.7.4.2 WhiteRabbit In-Reply-To: References: Message-ID: <2cbe4ec75cd0149c30cb7bf03e1b06bf.NginxMailingListEnglish@forum.nginx.org> Yeah i thought that would not be allowed for some reason. Does anyone know a way you can execute a program via the echo module or another way with the lua module ? location ~* \.(jpg|png|jpeg|ico|gif|bmp)$ { echo "$http_host$request_uri"; } That should echo the url of the image then i just need to input that uri into one of the command line tools to compress it. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252064,252199#msg-252199 From nginx-forum at nginx.us Fri Aug 1 12:48:24 2014 From: nginx-forum at nginx.us (itpp2012) Date: Fri, 01 Aug 2014 08:48:24 -0400 Subject: Local processing return values from fastcgi_pass Message-ID: <9a054581752ed93dcaad4bef16c2682a.NginxMailingListEnglish@forum.nginx.org> For example I have one fastcgi_pass location block and I want to process the return values of a request to use in a second fastcgi_pass, is this possible ? location ... { ... fastcgi_pass server1; # server1 returns some values # process these values and call another fastcgi_pass server if (!$valuechecked) { return 404; } fastcgi_pass server2; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252200,252200#msg-252200 From mdounin at mdounin.ru Fri Aug 1 14:35:03 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 1 Aug 2014 18:35:03 +0400 Subject: How to directly return in filter In-Reply-To: References: Message-ID: <20140801143503.GR1849@mdounin.ru> Hello! On Fri, Aug 01, 2014 at 05:56:48PM +0800, Jerry OELoo wrote: > Hi All: > I am developing a module in Nginx-1.6.0, Now My module work as a filter. > > static ngx_int_t ngx_http_my_handler(ngx_http_request_t *r) > { > ... > return ngx_http_output_filter(); > } > I use ngx_http_output_filter() to send the response to client. > > Now I want to do some extra thing in my handler, I can get the url > from ngx_http_request_t, and I want just return some thing if request > URL is www.aaa.com, but if request URL is www.bbb.com, I do not want > my handler do anything, and just let client access www.bbb.com page. > > How can I achieve my aim. Thanks! Evan Miller's guide, as linked from http://nginx.org/en/links.html, have a chapter about writing filters: http://www.evanmiller.org/nginx-modules-guide.html#filters And you may want to read other parts as well. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Fri Aug 1 14:53:32 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 1 Aug 2014 18:53:32 +0400 Subject: Local processing return values from fastcgi_pass In-Reply-To: <9a054581752ed93dcaad4bef16c2682a.NginxMailingListEnglish@forum.nginx.org> References: <9a054581752ed93dcaad4bef16c2682a.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140801145332.GS1849@mdounin.ru> Hello! On Fri, Aug 01, 2014 at 08:48:24AM -0400, itpp2012 wrote: > For example I have one fastcgi_pass location block and I want to process the > return values of a request to use in a second fastcgi_pass, is this possible > ? > > location ... { > ... > fastcgi_pass server1; > # server1 returns some values > # process these values and call another fastcgi_pass server > if (!$valuechecked) { return 404; } > fastcgi_pass server2; > } If you are able to control the backend, this is something to be done with X-Accel-Redirect. If you can't, and you have to inspect response body returned by server1, then the "out of the box" options is to use SSI include with "set" parameter, and do appropriate processing in SSI. Or you may consider eval module by Valery Kholodkov, see here: http://grid.net.ru/nginx/eval.en.html (not sure if it's still works though) -- Maxim Dounin http://nginx.org/ From lists at ruby-forum.com Fri Aug 1 15:11:13 2014 From: lists at ruby-forum.com (Mapper Uno) Date: Fri, 01 Aug 2014 17:11:13 +0200 Subject: pid file location even after setting pid directive Message-ID: <9b531d853713af539826c393f993c56c@ruby-forum.com> Hi, I have added pid directive to nginx config. Pid /home/ubuntu/ngx.pid Nginx -t -c (conf) also succeeds. However when I run nginx, and later try to stop it with nginx -s stop, I get following error: Open failed (2 No such file or directory, /home/ubuntu/install/nginx/logs/nginx.pid Please note that nginx is installed under /home/ubuntu/install Is any other directive missing ? Thanks in advance -- Posted via http://www.ruby-forum.com/. From wandenberg at gmail.com Fri Aug 1 15:22:39 2014 From: wandenberg at gmail.com (Wandenberg Peixoto) Date: Fri, 1 Aug 2014 12:22:39 -0300 Subject: pid file location even after setting pid directive In-Reply-To: <9b531d853713af539826c393f993c56c@ruby-forum.com> References: <9b531d853713af539826c393f993c56c@ruby-forum.com> Message-ID: The configuration file used to start the server is the same been used to stop it? If you start as nginx -c /some/confi/file.conf and stop as nginx -c /some/confi/file.conf -s stop it should work. If you are only doing nginx -s stop it will use default configuration that point to another pid file On Fri, Aug 1, 2014 at 12:11 PM, Mapper Uno wrote: > Hi, > > I have added pid directive to nginx config. > > Pid /home/ubuntu/ngx.pid > > Nginx -t -c (conf) also succeeds. > > However when I run nginx, and later try to stop it with nginx -s stop, I > get following error: > > Open failed (2 No such file or directory, > /home/ubuntu/install/nginx/logs/nginx.pid > > Please note that nginx is installed under /home/ubuntu/install > > Is any other directive missing ? > > Thanks in advance > > -- > Posted via http://www.ruby-forum.com/. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sarah at nginx.com Fri Aug 1 16:21:05 2014 From: sarah at nginx.com (Sarah Novotny) Date: Fri, 1 Aug 2014 09:21:05 -0700 Subject: nginx.conf CFP closes tonight. (was Re: NGINX conference October 20-22 ...) In-Reply-To: References: Message-ID: <4F48B8B6-DBF7-4A5B-BB5E-13324C853FDF@nginx.com> Please submit any talk proposals before midnight PST tonight. https://nginx.busyconf.com/proposals/new/ If you?d like to share the reminder via twitter, please feel free to retweet this ? https://twitter.com/nginx/status/495242428652089344 sarah On Jun 30, 2014, at 1:49 PM, Sarah Novotny wrote: > > > Hi All, > > We?ve just opened a call for proposals for the first NGINX conference, nginx.conf. > Please share this CFP with those you know who have good NGINX stories to share ? > > Direct link to the CFP ? https://nginx.busyconf.com/proposals/new > > CFP closes 11:59PM PDT, August 1, 2014 > > Our goal is to help attendees learn about NGINX use cases, insights, and best practices from real-world experts like you. Here are some guidelines about what we?re looking for: > 40 minute talks on topics like: > > ? NGINX beyond serving static content > ? scaling bottlenecks in your application > ? experience developing in the NGINX ecosystem or codebase > ? a module you wrote or use > ? shared information, not marketing > > More information ? http://nginx.com/nginxconf/ > > October 20-22, 2014 > Hyatt Regency > San Francisco Airport > > Further questions can be sent to community-events at nginx.com From nginx-forum at nginx.us Fri Aug 1 19:08:11 2014 From: nginx-forum at nginx.us (itpp2012) Date: Fri, 01 Aug 2014 15:08:11 -0400 Subject: Local processing return values from fastcgi_pass In-Reply-To: <20140801145332.GS1849@mdounin.ru> References: <20140801145332.GS1849@mdounin.ru> Message-ID: <9606f6991c22c33d2e495e562f9b561e.NginxMailingListEnglish@forum.nginx.org> tnx Maxim, I'm going to try to solve this with Lua. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252200,252211#msg-252211 From agentzh at gmail.com Fri Aug 1 21:18:10 2014 From: agentzh at gmail.com (Yichun Zhang (agentzh)) Date: Fri, 1 Aug 2014 14:18:10 -0700 Subject: [ANN] Windows nginx 1.7.4.2 WhiteRabbit In-Reply-To: <2cbe4ec75cd0149c30cb7bf03e1b06bf.NginxMailingListEnglish@forum.nginx.org> References: <2cbe4ec75cd0149c30cb7bf03e1b06bf.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello! On Fri, Aug 1, 2014 at 5:03 AM, c0nw0nk wrote: > Does anyone know a way you can execute a program via the echo module or > another way with the lua module ? > You can try this: https://github.com/juce/lua-resty-shell Regards, -agentzh From agentzh at gmail.com Fri Aug 1 21:20:54 2014 From: agentzh at gmail.com (Yichun Zhang (agentzh)) Date: Fri, 1 Aug 2014 14:20:54 -0700 Subject: [ANN] Windows nginx 1.7.4.2 WhiteRabbit In-Reply-To: References: <2cbe4ec75cd0149c30cb7bf03e1b06bf.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello! On Fri, Aug 1, 2014 at 2:18 PM, Yichun Zhang (agentzh) wrote: > > You can try this: https://github.com/juce/lua-resty-shell > But for expensive image compression involved with relatively large data volumn and CPU computation, it is better to be done in a dedicated daemon process outside your online nginx server. Regards, -agentzh From nginx-forum at nginx.us Fri Aug 1 21:50:02 2014 From: nginx-forum at nginx.us (itpp2012) Date: Fri, 01 Aug 2014 17:50:02 -0400 Subject: [ANN] Windows nginx 1.7.4.2 WhiteRabbit In-Reply-To: References: Message-ID: > But for expensive image compression involved with relatively large > data volumn and CPU computation, it is better to be done in a > dedicated daemon process outside your online nginx server. Exactly, like I already wrote in http://forum.nginx.org/read.php?2,252064,252184#msg-252184 Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252064,252215#msg-252215 From nginx-forum at nginx.us Sat Aug 2 09:09:54 2014 From: nginx-forum at nginx.us (shobhit) Date: Sat, 02 Aug 2014 05:09:54 -0400 Subject: getting intermittent '502 bad gateway ' error. Message-ID: <8e8b43c6a06b1d0f9ad1b0d55408e7bb.NginxMailingListEnglish@forum.nginx.org> We are using nodejs(v 0.10.29 ) ,express,nginx( version 1.4.6) with mongodb(v 2.6.3) replicaset and getting intermittent 502 bad gateway error. pm2 logs is unable to log error though nginx aerror.log is showing recv() failed (104: Connection reset by peer) while reading response header from upstream, client: xxx.xxx.xxx.xxx, server: somedomain.com, request: "GET /img/abc.png HTTP/1.1", upstream: "http://127.0.0.1:3000/img/abc.png", host: "domain.com", referrer: "http://domain.com/admin/" and access.log is saying: "GET /url/abc.html HTTP/1.1" 502 723 "http://domain.com/admin/" "Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/33.0.1750.117 Safari/537.36" can anyone guide me with the issue? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252227,252227#msg-252227 From nginx-forum at nginx.us Sat Aug 2 11:46:28 2014 From: nginx-forum at nginx.us (franciscRO) Date: Sat, 02 Aug 2014 07:46:28 -0400 Subject: Sub-domain in variable In-Reply-To: <87a570dc36c1e0963187df5dc60a6406.NginxMailingListEnglish@forum.nginx.org> References: <5151E699.4000407@consbio.org> <87a570dc36c1e0963187df5dc60a6406.NginxMailingListEnglish@forum.nginx.org> Message-ID: What is the working form of this? I want to redirect all *.*.* to *.* (e.g. sub.domain.tld to domain.tld) because I have different domains and tdls. Any help appreciated. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,237799,252229#msg-252229 From conf at kraja.net Sat Aug 2 22:25:49 2014 From: conf at kraja.net (michal - conf) Date: Sun, 03 Aug 2014 00:25:49 +0200 Subject: rtmp plugin + flash player - timeouts? Message-ID: <53DD656D.8000001@kraja.net> Hi, i have compiled nginx with rtmp plugin (completed by ./configure --with-http_stub_status_module --add-module=/root/nginx-rtmp-module/) i start streaming to channel by FME (adobe flash media encoder) - by rtmp protocol, and i see all ok in flash player on website. but in cca 5 minutes, when i open flash player, its only loading - i mean not connect to backend. but player, what i open when i start streaming from FME, still streaming ok. my nginx.conf its here: http://37.59.6.96/config.txt its here anyone with experiences with same problem, or to (commercial) debug&fix it? thx michal From nginx-forum at nginx.us Sun Aug 3 07:55:57 2014 From: nginx-forum at nginx.us (confiq) Date: Sun, 03 Aug 2014 03:55:57 -0400 Subject: change proxy_pass protocol accordingly to x-forwarded-proto Message-ID: <14930531b0770e317d97794fbd827a02.NginxMailingListEnglish@forum.nginx.org> Hi, I have load balancer with SSL on it that connects to nginx servers. Nginx servers simply reverse proxy site X.com. The problem is that nginx servers don't have SSL certs and listing only to unsecured port but it forwards to https protocol. The question is, can I change proxy_pass URL accordingly to x-forwarded-proto header? ex: ___________ x-forwarded-proto = https { proxy_pass https://X.com } else { proxy_pass http://X.com } _______ Thanks for any suggestions Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252235,252235#msg-252235 From nginx-forum at nginx.us Sun Aug 3 09:27:10 2014 From: nginx-forum at nginx.us (itpp2012) Date: Sun, 03 Aug 2014 05:27:10 -0400 Subject: change proxy_pass protocol accordingly to x-forwarded-proto In-Reply-To: <14930531b0770e317d97794fbd827a02.NginxMailingListEnglish@forum.nginx.org> References: <14930531b0770e317d97794fbd827a02.NginxMailingListEnglish@forum.nginx.org> Message-ID: Use 'map', ea: http://danconnor.com/post/4f65ea41daac4ed031000004/https_ssl_proxying_nginx_to_nginx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252235,252238#msg-252238 From nginx-forum at nginx.us Sun Aug 3 13:29:19 2014 From: nginx-forum at nginx.us (xinghua_hi) Date: Sun, 03 Aug 2014 09:29:19 -0400 Subject: accpet_mutex cause nginx worker balance problem Message-ID: hello, I use ab to test performance. but when i turn on accept_mutex, I found the num of connection for every nginx worker is not balance. for example, I have 4 core and start 4 nginx worker. ab -n 300000 -c 1000 -k "http://XXX/" the establish connection of nginx worker (netstat -antp|grep ESTABLISHED|awk -F" " '{print $7}'|sort|uniq -c) 644 24619/nginx: 1 24620/nginx: 53 24621/nginx: 302 24622/nginx: but when I turn off accept_mutex 255 24660/nginx: 358 24661/nginx: 232 24662/nginx: 155 24663/nginx: so if my test app is cpu bound, I will find one or two core of my 4 cpu are very busy but other cores are very idle I kown accept_mutex can control accept by turn and realize worker balance by ngx_accept_disabled, but why " accpet_mutex off" seems control worker balance more well ? when accept_mutex on , one or two worker can accept connection much more than other. thanks very much Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252241,252241#msg-252241 From aflexzor at gmail.com Sun Aug 3 19:28:45 2014 From: aflexzor at gmail.com (Alex Flex) Date: Sun, 03 Aug 2014 13:28:45 -0600 Subject: whitelist 'notabot' not working in limit_conn Message-ID: <53DE8D6D.2090601@gmail.com> Iam trying to whitelist some IPs in the geo #connlimit1 so that the limit_conn doesnt apply to it. For some reason its not working... those ips are always being limited. I must be doing something obviously wrong guidance appreciated. Alex server { geo $connlimit1 { default 1; #whitelist client 21.199.62.74/32 0; 5.97.162.77/32 0; } limit_conn_zone $binary_remote_addr zone=connlimit1:10m; } http { location / { limit_conn connlimit1 8; ....; } } From mdounin at mdounin.ru Sun Aug 3 19:43:17 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 3 Aug 2014 23:43:17 +0400 Subject: accpet_mutex cause nginx worker balance problem In-Reply-To: References: Message-ID: <20140803194316.GW1849@mdounin.ru> Hello! On Sun, Aug 03, 2014 at 09:29:19AM -0400, xinghua_hi wrote: > hello, > > I use ab to test performance. but when i turn on accept_mutex, I > found the num of connection for every nginx worker is not balance. for > example, > I have 4 core and start 4 nginx worker. > > ab -n 300000 -c 1000 -k "http://XXX/" > > the establish connection of nginx worker > > (netstat -antp|grep ESTABLISHED|awk -F" " '{print $7}'|sort|uniq -c) > > 644 24619/nginx: > 1 24620/nginx: > 53 24621/nginx: > 302 24622/nginx: > > but when I turn off accept_mutex > > 255 24660/nginx: > 358 24661/nginx: > 232 24662/nginx: > 155 24663/nginx: > > so if my test app is cpu bound, I will find one or two core of my 4 cpu are > very busy but other cores are very idle > > I kown accept_mutex can control accept by turn and realize worker balance by > ngx_accept_disabled, but why " accpet_mutex off" seems control worker > balance more well ? when accept_mutex on , one or two worker can accept > connection much more than other. With accept mutex enabled, nginx only tries to accept new connections in one worker process (the one which was first to become idle). This is expected to cause disbalance in tests with small number of connections. The ngx_accept_disabled variable is mostly unrelated and only used when worker_connections are exhausted. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Sun Aug 3 19:56:39 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 3 Aug 2014 23:56:39 +0400 Subject: getting intermittent '502 bad gateway ' error. In-Reply-To: <8e8b43c6a06b1d0f9ad1b0d55408e7bb.NginxMailingListEnglish@forum.nginx.org> References: <8e8b43c6a06b1d0f9ad1b0d55408e7bb.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140803195639.GX1849@mdounin.ru> Hello! On Sat, Aug 02, 2014 at 05:09:54AM -0400, shobhit wrote: > We are using nodejs(v 0.10.29 ) ,express,nginx( version 1.4.6) with > mongodb(v 2.6.3) replicaset and getting intermittent 502 bad gateway error. > pm2 logs is unable to log error though nginx aerror.log is showing > > recv() failed (104: Connection reset by peer) while reading response > header from upstream, client: xxx.xxx.xxx.xxx, server: somedomain.com, > request: "GET /img/abc.png HTTP/1.1", upstream: > "http://127.0.0.1:3000/img/abc.png", host: "domain.com", referrer: > "http://domain.com/admin/" This means that the connection was reset by your backend. You have to look into the backend to find out what goes on there. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Mon Aug 4 02:47:26 2014 From: nginx-forum at nginx.us (xinghua_hi) Date: Sun, 03 Aug 2014 22:47:26 -0400 Subject: accpet_mutex cause nginx worker balance problem In-Reply-To: <20140803194316.GW1849@mdounin.ru> References: <20140803194316.GW1849@mdounin.ru> Message-ID: hello? I still can't understand why accept_mutex cause disbalance. In code below, multi worker will try to get mutex and the question is , why one worker can always get the mutex ? I test many times, find that one worker can always accept new connection much more than others. Thanks very much. if (ngx_use_accept_mutex) { if (ngx_accept_disabled > 0) { ngx_accept_disabled--; } else { if (ngx_trylock_accept_mutex(cycle) == NGX_ERROR) { return; } if (ngx_accept_mutex_held) { flags |= NGX_POST_EVENTS; } else { if (timer == NGX_TIMER_INFINITE || timer > ngx_accept_mutex_delay) { timer = ngx_accept_mutex_delay; } } } } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252241,252254#msg-252254 From gaoping at richinfo.cn Mon Aug 4 03:50:04 2014 From: gaoping at richinfo.cn (gaoping at richinfo.cn) Date: Mon, 4 Aug 2014 11:50:04 +0800 Subject: Proxy URL contains Chinese cause very slow access Message-ID: <201408041150041968477@richinfo.cn> Proxy URL contains Chinese cause very slow access For example:http://search1.10086.cn/search?start=1&content=%E8%AF%9D%E8%B4%B9%E5%85%85%E5%80%BC&areacode=100&areaName=%E5%8C%97%E4%BA%AC nginx/1.4.7 gaoping at richinfo.cn -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Mon Aug 4 05:53:15 2014 From: nginx-forum at nginx.us (ukr) Date: Mon, 04 Aug 2014 01:53:15 -0400 Subject: NGINX1.2.1 SNI provides wrong server certificate Message-ID: Hi there, we configured NGINX 1.2.1 on debian 7.1u1 with 5 virtual host, set up a private certification authority, generated keys for all the the virt. host and configured the hosts similar to server { listen 443; server_name server1.foo.baz.bar; ssl on; ssl_certificate /etc/nginx/ssl/server1.foo.baz.bar.pem; ssl_certificate_key /etc/nginx/ssl/server1.foo.baz.bar.key; ssl_protocols SSLv3 TLSv1 SSLv2; ssl_ciphers ALL:!ADH:!EXPORT56:!kEDH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:50m; ssl_session_timeout 5m; ... } However if we try to access server1 via curl -v -k https://server1.foo.baz.bar we get a wrong server certificate: Connected to server1.baz.bar(...) port 443 (#0) * TLS 1.0 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA * Server certificate: server2.baz.bar * Server certificate: OUR CA > GET / HTTP/1.1 > User-Agent: curl/7.30.0 > Host: server1.baz.bar > Accept: */* What is wrong in our config? Thanks in advance --ukr Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252256,252256#msg-252256 From al-nginx at none.at Mon Aug 4 09:00:12 2014 From: al-nginx at none.at (Aleksandar Lazic) Date: Mon, 04 Aug 2014 11:00:12 +0200 Subject: any plans to offer other ssllibs builds on linux_packages Message-ID: <4273698755f47851a0a99ebabe2d25e2@none.at> Dear NGINX-Team. Are there any plans to offer precompiled packages with boring- or libressl? http://nginx.org/en/linux_packages.html Best regards Aleks From miaohonghit at gmail.com Mon Aug 4 09:41:26 2014 From: miaohonghit at gmail.com (Harold.Miao) Date: Mon, 4 Aug 2014 17:41:26 +0800 Subject: [patch]nginx mp4 module about "keyframe aligning" Message-ID: hi all I use mp4 module to cut big mp4 file into little mp4 file , I found a peoblem about "keyframe aligning" so I do a patch to solve this problem pach is here : https://gist.github.com/oikomi/6194ef2ee8a5c5a55375 -- Best Regards, Harold Miao -------------- next part -------------- An HTML attachment was scrubbed... URL: From sb at nginx.com Mon Aug 4 09:41:54 2014 From: sb at nginx.com (Sergey Budnevitch) Date: Mon, 4 Aug 2014 13:41:54 +0400 Subject: any plans to offer other ssllibs builds on linux_packages In-Reply-To: <4273698755f47851a0a99ebabe2d25e2@none.at> References: <4273698755f47851a0a99ebabe2d25e2@none.at> Message-ID: <3D82C98E-AA83-498F-98C3-368314C2DB2C@nginx.com> On 04 Aug 2014, at 13:00, Aleksandar Lazic wrote: > Dear NGINX-Team. > > Are there any plans to offer precompiled packages with boring- or libressl? No, we haven't any plans. There are no official packages for both libs, and don?t know about libressl, but boring does not guarantee API or ABI stability (https://www.imperialviolet.org/2014/06/20/boringssl.html) From mdounin at mdounin.ru Mon Aug 4 10:56:27 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 4 Aug 2014 14:56:27 +0400 Subject: [patch]nginx mp4 module about "keyframe aligning" In-Reply-To: References: Message-ID: <20140804105627.GI1849@mdounin.ru> Hello! On Mon, Aug 04, 2014 at 05:41:26PM +0800, Harold.Miao wrote: > hi all > > I use mp4 module to cut big mp4 file into little mp4 file , I found a > peoblem about "keyframe aligning" > > so I do a patch to solve this problem > > pach is here : > > https://gist.github.com/oikomi/6194ef2ee8a5c5a55375 It's not clear what is the problem you are trying to solve, but from the patch I suspect that it's about seeking to a key frame instead of a frame pointed out by the start time. It's believed that it's a caller responsibility to provide correct start time. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Mon Aug 4 10:58:51 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 4 Aug 2014 14:58:51 +0400 Subject: Proxy URL contains Chinese cause very slow access In-Reply-To: <201408041150041968477@richinfo.cn> References: <201408041150041968477@richinfo.cn> Message-ID: <20140804105851.GJ1849@mdounin.ru> Hello! On Mon, Aug 04, 2014 at 11:50:04AM +0800, gaoping at richinfo.cn wrote: > Proxy URL contains Chinese cause very slow access > For example:http://search1.10086.cn/search?start=1&content=%E8%AF%9D%E8%B4%B9%E5%85%85%E5%80%BC&areacode=100&areaName=%E5%8C%97%E4%BA%AC It's highly unlikely that the problem is in nginx - as nginx doesn't care about encoded characters in a query string, it just passes them as is. You may want to look into your backend instead to find out why requests are slow. -- Maxim Dounin http://nginx.org/ From miaohonghit at gmail.com Mon Aug 4 11:37:11 2014 From: miaohonghit at gmail.com (Harold.Miao) Date: Mon, 4 Aug 2014 19:37:11 +0800 Subject: [patch]nginx mp4 module about "keyframe aligning" In-Reply-To: <20140804105627.GI1849@mdounin.ru> References: <20140804105627.GI1849@mdounin.ru> Message-ID: hi to get a precise start time for a key frame ? It is very very difficulty to caller. in addition, most people use this module to do a integer cut ,like 0s-10s 10s-20s 30s-40s... Maxim Dounin ?2014?8?4??????? > Hello! > > On Mon, Aug 04, 2014 at 05:41:26PM +0800, Harold.Miao wrote: > > > hi all > > > > I use mp4 module to cut big mp4 file into little mp4 file , I found a > > peoblem about "keyframe aligning" > > > > so I do a patch to solve this problem > > > > pach is here : > > > > https://gist.github.com/oikomi/6194ef2ee8a5c5a55375 > > It's not clear what is the problem you are trying to solve, but > from the patch I suspect that it's about seeking to a key frame > instead of a frame pointed out by the start time. It's believed > that it's a caller responsibility to provide correct start time. > > -- > Maxim Dounin > http://nginx.org/ > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Best Regards, Harold Miao -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Mon Aug 4 12:37:23 2014 From: nginx-forum at nginx.us (ukr) Date: Mon, 04 Aug 2014 08:37:23 -0400 Subject: NGINX1.2.1 SNI provides wrong server certificate In-Reply-To: References: Message-ID: <770a21c2cf497ecfb3c3a489233aa3e0.NginxMailingListEnglish@forum.nginx.org> The same behavior happens on nginx 1.7.3 Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252256,252264#msg-252264 From mdounin at mdounin.ru Mon Aug 4 13:06:02 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 4 Aug 2014 17:06:02 +0400 Subject: NGINX1.2.1 SNI provides wrong server certificate In-Reply-To: References: Message-ID: <20140804130602.GK1849@mdounin.ru> Hello! On Mon, Aug 04, 2014 at 01:53:15AM -0400, ukr wrote: > Hi there, > we configured NGINX 1.2.1 on debian 7.1u1 with 5 virtual host, set up a > private certification authority, generated keys for all the the virt. host > and configured the hosts similar to > server { > > listen 443; > server_name server1.foo.baz.bar; > > ssl on; > ssl_certificate /etc/nginx/ssl/server1.foo.baz.bar.pem; > ssl_certificate_key /etc/nginx/ssl/server1.foo.baz.bar.key; > > ssl_protocols SSLv3 TLSv1 SSLv2; > ssl_ciphers > ALL:!ADH:!EXPORT56:!kEDH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; > ssl_prefer_server_ciphers on; > ssl_session_cache shared:SSL:50m; > ssl_session_timeout 5m; > ... > } > However if we try to access server1 via curl -v -k > https://server1.foo.baz.bar > > we get a wrong server certificate: > > Connected to server1.baz.bar(...) port 443 (#0) > * TLS 1.0 connection using TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA > * Server certificate: server2.baz.bar > * Server certificate: OUR CA > > GET / HTTP/1.1 > > User-Agent: curl/7.30.0 > > Host: server1.baz.bar > > Accept: */* > > What is wrong in our config? First of all I would recommend you to test if the client you are testing with is able to use SNI. E.g., curl as available in latest OS X seems to not able to use SNI. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Mon Aug 4 13:58:29 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 4 Aug 2014 17:58:29 +0400 Subject: [patch]nginx mp4 module about "keyframe aligning" In-Reply-To: References: <20140804105627.GI1849@mdounin.ru> Message-ID: <20140804135829.GO1849@mdounin.ru> Hello! On Mon, Aug 04, 2014 at 07:37:11PM +0800, Harold.Miao wrote: > hi > > to get a precise start time for a key frame ? It is very very difficulty > to caller. > > in addition, most people use this module to do a integer cut ,like 0s-10s > 10s-20s 30s-40s... The module is was originally designed to be used in Flash-based pseudostreaming, and flash players are perfectly able to use correct seek points. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Mon Aug 4 14:49:25 2014 From: nginx-forum at nginx.us (Shobhit Mishra) Date: Mon, 04 Aug 2014 10:49:25 -0400 Subject: SSL client Authentication Message-ID: Hi !! I am using nginx as reverse proxy with HTTPS on both client side as well as server side . My ssl configuration looks like below :- ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!MD5:!ADH:!DH; ssl_prefer_server_ciphers on; keepalive_timeout 60; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ### Mutual_Authentication parameters ### ssl_verify_client on ; ssl_verify_depth 1 ; ssl_client_certificate /usr/local/ipcs/cert/ca/NewCA_Cert.pem ; The client certificate is a self signed certificate Here when I send a HTTPS request to nginx . My client receives a 400 bad request with the following error msg : "client sent no required SSL certificate while reading client request headers" However I verified using wireshark that the client is sending the certificate , same as the one given in ssl_client_certificate directive. Could anyone please let me know if there is anything wrong in the configuration or nginx doesn't accept non CA certificate. Thanks and Regards Shobhit Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252268,252268#msg-252268 From mdounin at mdounin.ru Mon Aug 4 14:57:51 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 4 Aug 2014 18:57:51 +0400 Subject: accpet_mutex cause nginx worker balance problem In-Reply-To: References: <20140803194316.GW1849@mdounin.ru> Message-ID: <20140804145751.GP1849@mdounin.ru> Hello! On Sun, Aug 03, 2014 at 10:47:26PM -0400, xinghua_hi wrote: > hello? > > I still can't understand why accept_mutex cause disbalance. In code > below, multi worker will try to get mutex and the question is , why one > worker can always get the mutex ? I test many times, find that one worker > can always accept new connection much more than others. Thanks very much. Only worker which holds the accept mutex will try to accept new connections. Other workers will only process events they already have, or try to grab accept mutex again after 500ms timeout (accept_mutex_delay[1]) if there are no other events to handle. Consider a short test on otherwise idle server like one you are doing, with many connections established during a small period of time. Assume there are 2 workers: - worker A holds accept mutex, worker B waits for 500ms timeout doing nothing; - in a short period of time 1000 connections comes in; - worker A woken up by the kernel, accepts a connection; - worker A goes back to the kernel to wait for more data; since worker B is in kernel waiting for a 500ms timeout, accept mutex is again locked by A; - worker A wokern up again, and the above repeats multiple times. More or less this continues till worker B wakes up after 500ms and tries to lock the accept mutex. If it is lucky and this happens when worker A is doing something, it will be able to lock the accept mutex. That is, further connections will be accepted by worker B. If worker B isn't lucky, then worker A will accept connections for more time. For short tests this may mean that all connections will be accepted by a single worker. (And things will be even worse if multi_accept[2] is used.) On a normally loaded server the above situation isn't likely to happen as all workers are priodically woken up by the kernel, and will try to lock accept mutex when going back to the kernel. Thus connections are distributed among all workers more or less evenly. In short tests though, accept_mutex can easily cause disbalance as described above. [1] http://nginx.org/r/accept_mutex_delay [2] http://nginx.org/r/multi_accept -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Mon Aug 4 15:06:06 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 4 Aug 2014 19:06:06 +0400 Subject: whitelist 'notabot' not working in limit_conn In-Reply-To: <53DE8D6D.2090601@gmail.com> References: <53DE8D6D.2090601@gmail.com> Message-ID: <20140804150606.GQ1849@mdounin.ru> Hello! On Sun, Aug 03, 2014 at 01:28:45PM -0600, Alex Flex wrote: > Iam trying to whitelist some IPs in the geo #connlimit1 so that the > limit_conn doesnt apply to it. For some reason its not working... those ips > are always being limited. I must be doing something obviously wrong guidance > appreciated. > > > Alex > > > server { > > geo $connlimit1 { > default 1; > #whitelist client > 21.199.62.74/32 0; > 5.97.162.77/32 0; > } > limit_conn_zone $binary_remote_addr zone=connlimit1:10m; > } > > http { > location / { limit_conn connlimit1 8; ....; } > } There are no whitelisting in your configuration. The limit_conn_zone directive uses the $binary_remote_addr variable, which is always set. To whitelist some ips, you have to use a variable which is empty for whitelisted addresses (empty values are not accounted, see http://nginx.org/r/limit_conn_zone). Example: geo $whitelist { default 0; 127.0.0.1 1; } map $whitelist $limit { 0 $binary_remote_address; 1 ""; } limit_conn_zone $limit zone=connlimit:10m; limit_conn connlimit 8; -- Maxim Dounin http://nginx.org/ From arut at nginx.com Mon Aug 4 16:55:09 2014 From: arut at nginx.com (Roman Arutyunyan) Date: Mon, 4 Aug 2014 20:55:09 +0400 Subject: rtmp plugin + flash player - timeouts? In-Reply-To: <53DD656D.8000001@kraja.net> References: <53DD656D.8000001@kraja.net> Message-ID: <1EA602C0-6E90-4CF0-87BB-ECD1324AC6FD@nginx.com> On 03 Aug 2014, at 02:25, michal - conf wrote: > Hi, > i have compiled nginx with rtmp plugin (completed by ./configure --with-http_stub_status_module --add-module=/root/nginx-rtmp-module/) > > i start streaming to channel by FME (adobe flash media encoder) - by rtmp protocol, and i see all ok in flash player on website. > > but in cca 5 minutes, when i open flash player, its only loading - i mean not connect to backend. but player, what i open when i start streaming from FME, still streaming ok. > > my nginx.conf its here: http://37.59.6.96/config.txt > > > its here anyone with experiences with same problem, or to (commercial) debug&fix it? > > thx > > michal > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > First of all, this list is not the right place to ask about the rtmp module. As for the problem - try setting 'worker processes 1?. From nginx-forum at nginx.us Mon Aug 4 23:42:20 2014 From: nginx-forum at nginx.us (badtzhou) Date: Mon, 04 Aug 2014 19:42:20 -0400 Subject: Multiple nginx instances share same proxy cache storage Message-ID: <1c944206bf7b89d54ed4a12a477f1b17.NginxMailingListEnglish@forum.nginx.org> I am thinking about setting up multiple nginx instances share single proxy cache storage using NAS, NFS or some kind of distributed file system. Cache key will be the same for all nginx instances. Will this theory work? What kind of problem will it cause(locking, cached corruption or missing metadata in the memory)? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252275,252275#msg-252275 From mdounin at mdounin.ru Tue Aug 5 00:49:04 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 5 Aug 2014 04:49:04 +0400 Subject: Multiple nginx instances share same proxy cache storage In-Reply-To: <1c944206bf7b89d54ed4a12a477f1b17.NginxMailingListEnglish@forum.nginx.org> References: <1c944206bf7b89d54ed4a12a477f1b17.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140805004904.GX1849@mdounin.ru> Hello! On Mon, Aug 04, 2014 at 07:42:20PM -0400, badtzhou wrote: > I am thinking about setting up multiple nginx instances share single proxy > cache storage using NAS, NFS or some kind of distributed file system. Cache > key will be the same for all nginx instances. > Will this theory work? What kind of problem will it cause(locking, cached > corruption or missing metadata in the memory)? As soon as a cache is loaded, nginx relies on it's memory data to manage cache (keep it under the specified size, remove inactive items and so on). As a result it won't be happy if you'll try to run multiple nginx instances working with the same cache directory. It can tolerate multiple instances working with the same cache for a short period of time (e.g., during binary upgrade). But running nginx this way intentionally is a bad idea. Besides, using NFS (as well as other NASes) for nginx cache is a bad idea due to blocking file operations. -- Maxim Dounin http://nginx.org/ From gaoping at richinfo.cn Tue Aug 5 01:10:40 2014 From: gaoping at richinfo.cn (gaoping at richinfo.cn) Date: Tue, 5 Aug 2014 09:10:40 +0800 Subject: Proxy URL contains Chinese cause very slow access References: <201408041150041968477@richinfo.cn>, <20140804105851.GJ1849@mdounin.ru> Message-ID: <201408050910397268540@richinfo.cn> Thanks for your reply is indeed a backend problem gaoping at richinfo.cn From: Maxim Dounin Date: 2014-08-04 18:58 To: nginx Subject: Re: Proxy URL contains Chinese cause very slow access Hello! On Mon, Aug 04, 2014 at 11:50:04AM +0800, gaoping at richinfo.cn wrote: > Proxy URL contains Chinese cause very slow access > For example:http://search1.10086.cn/search?start=1&content=%E8%AF%9D%E8%B4%B9%E5%85%85%E5%80%BC&areacode=100&areaName=%E5%8C%97%E4%BA%AC It's highly unlikely that the problem is in nginx - as nginx doesn't care about encoded characters in a query string, it just passes them as is. You may want to look into your backend instead to find out why requests are slow. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From gaoping at richinfo.cn Tue Aug 5 01:15:46 2014 From: gaoping at richinfo.cn (gaoping at richinfo.cn) Date: Tue, 5 Aug 2014 09:15:46 +0800 Subject: Proxy URL contains Chinese cause very slow access References: <201408041150041968477@richinfo.cn>, <20140804105851.GJ1849@mdounin.ru> Message-ID: <201408050915462477031@richinfo.cn> But the strange thing is, I set off to tcp_nodelay can solve the problem gaoping at richinfo.cn From: Maxim Dounin Date: 2014-08-04 18:58 To: nginx Subject: Re: Proxy URL contains Chinese cause very slow access Hello! On Mon, Aug 04, 2014 at 11:50:04AM +0800, gaoping at richinfo.cn wrote: > Proxy URL contains Chinese cause very slow access > For example:http://search1.10086.cn/search?start=1&content=%E8%AF%9D%E8%B4%B9%E5%85%85%E5%80%BC&areacode=100&areaName=%E5%8C%97%E4%BA%AC It's highly unlikely that the problem is in nginx - as nginx doesn't care about encoded characters in a query string, it just passes them as is. You may want to look into your backend instead to find out why requests are slow. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From miaohonghit at gmail.com Tue Aug 5 02:36:51 2014 From: miaohonghit at gmail.com (Harold.Miao) Date: Tue, 5 Aug 2014 10:36:51 +0800 Subject: [patch]nginx mp4 module about "keyframe aligning" In-Reply-To: <20140804135829.GO1849@mdounin.ru> References: <20140804105627.GI1849@mdounin.ru> <20140804135829.GO1849@mdounin.ru> Message-ID: ok, I see. I just use this module to cut big file manually and transfer it into hls. Thank you! Maxim Dounin ?2014?8?4??????? > Hello! > > On Mon, Aug 04, 2014 at 07:37:11PM +0800, Harold.Miao wrote: > > > hi > > > > to get a precise start time for a key frame ? It is very very difficulty > > to caller. > > > > in addition, most people use this module to do a integer cut ,like > 0s-10s > > 10s-20s 30s-40s... > > The module is was originally designed to be used in Flash-based > pseudostreaming, and flash players are perfectly able to use > correct seek points. > > -- > Maxim Dounin > http://nginx.org/ > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Best Regards, Harold Miao -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Tue Aug 5 13:56:01 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 5 Aug 2014 17:56:01 +0400 Subject: nginx-1.7.4 Message-ID: <20140805135601.GG1849@mdounin.ru> Changes with nginx 1.7.4 05 Aug 2014 *) Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. Thanks to Chris Boulton. *) Change: URI escaping now uses uppercase hexadecimal digits. Thanks to Piotr Sikora. *) Feature: now nginx can be build with BoringSSL and LibreSSL. Thanks to Piotr Sikora. *) Bugfix: requests might hang if resolver was used and a DNS server returned a malformed response; the bug had appeared in 1.5.8. *) Bugfix: in the ngx_http_spdy_module. Thanks to Piotr Sikora. *) Bugfix: the $uri variable might contain garbage when returning errors with code 400. Thanks to Sergey Bobrov. *) Bugfix: in error handling in the "proxy_store" directive and the ngx_http_dav_module. Thanks to Feng Gu. *) Bugfix: a segmentation fault might occur if logging of errors to syslog was used; the bug had appeared in 1.7.1. *) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and $geoip_area_code variables might not work. Thanks to Yichun Zhang. *) Bugfix: in memory allocation error handling. Thanks to Tatsuhiko Kubo and Piotr Sikora. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Aug 5 13:56:33 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 5 Aug 2014 17:56:33 +0400 Subject: nginx-1.6.1 Message-ID: <20140805135633.GK1849@mdounin.ru> Changes with nginx 1.6.1 05 Aug 2014 *) Security: pipelined commands were not discarded after STARTTLS command in SMTP proxy (CVE-2014-3556); the bug had appeared in 1.5.6. Thanks to Chris Boulton. *) Bugfix: the $uri variable might contain garbage when returning errors with code 400. Thanks to Sergey Bobrov. *) Bugfix: in the "none" parameter in the "smtp_auth" directive; the bug had appeared in 1.5.6. Thanks to Svyatoslav Nikolsky. -- Maxim Dounin http://nginx.org/en/donation.html From mdounin at mdounin.ru Tue Aug 5 13:57:05 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 5 Aug 2014 17:57:05 +0400 Subject: nginx security advisory (CVE-2014-3556) Message-ID: <20140805135705.GO1849@mdounin.ru> Hello! A bug in nginx SMTP proxy was found, which allows an attacker in a privileged network position to inject commands into SSL sessions started with the STARTTLS command, potentially making it possible to steal sensitive information sent by clients (CVE-2014-3556). The problem affects nginx 1.5.6 - 1.7.3. The problem is fixed in nginx 1.7.4, 1.6.1. Patch for the problem can be found here: http://nginx.org/download/patch.2014.starttls.txt Thanks to Chris Boulton for discovering this. -- Maxim Dounin http://nginx.org/en/donation.html From aweber at comcast.net Tue Aug 5 14:33:13 2014 From: aweber at comcast.net (AJ Weber) Date: Tue, 05 Aug 2014 10:33:13 -0400 Subject: GeoIP Organization filtering? Message-ID: <53E0EB29.8080709@comcast.net> Has anyone tried using the Maxmind GeoIP Organization database to allow/block access to directories? I am currently using the GeoIP.dat (country) file -- which I believe is "version 1" of their binary db -- and this works great. I am investigating making a more "narrow" filter of IP Addresses and think this Organization database would work well. So, again, wondering if anyone is currently using it and if you can share your general config, that would be great! Thanks in advance, AJ From nginx-forum at nginx.us Tue Aug 5 15:04:15 2014 From: nginx-forum at nginx.us (mschipperheyn) Date: Tue, 05 Aug 2014 11:04:15 -0400 Subject: nginx-1.6.1 In-Reply-To: <20140805135633.GK1849@mdounin.ru> References: <20140805135633.GK1849@mdounin.ru> Message-ID: I have been testing nginx 1.6.0 as a reverse proxy with SPDY support. I sometimes get empty responses. I have seen a bug report (http://trac.nginx.org/nginx/ticket/428) about this which seems to be in line with what I have been seeing. It's marked as fixed but there seems some confusion about whether this fix was accepted. I have also seen that various SPDY related issues were fixed in 1.7.x mainline and I was waiting for 1.6.1 in the hope that these would be retrofitted to 1.6.1. So, I would just like to do if these empty response issues have been addressed? It seems like a major stability concern. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252312,252327#msg-252327 From maxim at nginx.com Tue Aug 5 15:17:20 2014 From: maxim at nginx.com (Maxim Konovalov) Date: Tue, 05 Aug 2014 19:17:20 +0400 Subject: nginx-1.6.1 In-Reply-To: References: <20140805135633.GK1849@mdounin.ru> Message-ID: <53E0F580.1000607@nginx.com> On 8/5/14 7:04 PM, mschipperheyn wrote: > I have been testing nginx 1.6.0 as a reverse proxy with SPDY support. I > sometimes get empty responses. I have seen a bug report > (http://trac.nginx.org/nginx/ticket/428) about this which seems to be in > line with what I have been seeing. It's marked as fixed but there seems some > confusion about whether this fix was accepted. I have also seen that various > SPDY related issues were fixed in 1.7.x mainline and I was waiting for 1.6.1 > in the hope that these would be retrofitted to 1.6.1. > > So, I would just like to do if these empty response issues have been > addressed? It seems like a major stability concern. > Just install 1.7.4. -- Maxim Konovalov http://nginx.com From vbart at nginx.com Tue Aug 5 15:18:40 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Tue, 05 Aug 2014 19:18:40 +0400 Subject: nginx-1.6.1 In-Reply-To: References: <20140805135633.GK1849@mdounin.ru> Message-ID: <7182796.4o3IjWOSU2@vbart-workstation> On Tuesday 05 August 2014 11:04:15 mschipperheyn wrote: > I have been testing nginx 1.6.0 as a reverse proxy with SPDY support. I > sometimes get empty responses. I have seen a bug report > (http://trac.nginx.org/nginx/ticket/428) about this which seems to be in > line with what I have been seeing. It's marked as fixed but there seems some > confusion about whether this fix was accepted. I have also seen that various > SPDY related issues were fixed in 1.7.x mainline and I was waiting for 1.6.1 > in the hope that these would be retrofitted to 1.6.1. It was fixed in nginx 1.7.3. > > So, I would just like to do if these empty response issues have been > addressed? It seems like a major stability concern. > You should use mainline version. SPDY fix isn't a critical one, so it's unlikely to be merged in 1.6. See also: http://nginx.com/blog/nginx-1-6-1-7-released wbr, Valentin V. Bartenev From nginx-forum at nginx.us Wed Aug 6 00:24:20 2014 From: nginx-forum at nginx.us (mschipperheyn) Date: Tue, 05 Aug 2014 20:24:20 -0400 Subject: nginx-1.6.1 In-Reply-To: <7182796.4o3IjWOSU2@vbart-workstation> References: <7182796.4o3IjWOSU2@vbart-workstation> Message-ID: Ok, yeah, I'm using Trusty Tahr and I was hoping to stay on stable but as I understand it, mainline can be considered production quality. Thanks Marc Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252312,252339#msg-252339 From reallfqq-nginx at yahoo.fr Wed Aug 6 01:08:00 2014 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Wed, 6 Aug 2014 03:08:00 +0200 Subject: Why cannot the same path for cache used several times? Message-ID: What is wrong in having configured: proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=one:10m; proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=two:10m; each stanza loaded from a different .conf file (from the conf.d, included by nginx.conf)? It ends up with: [emerg] the same path name "/data/nginx/cache" used in /etc/nginx/conf.d/foo.conf:1 and in /etc/nginx/conf.d/bar.conf:1 Should not the fact of having different keys_zone be enough? --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From suraj.kumar at inmobi.com Wed Aug 6 06:44:10 2014 From: suraj.kumar at inmobi.com (Suraj Kumar) Date: Wed, 6 Aug 2014 12:14:10 +0530 Subject: ngx.shared_dict.get_keys usage Message-ID: Hi, I'm trying to use the lua module in combination with ngx.shared.DICT feature to record some statistics for nginx (and upstreams') health monitoring. When I do dict.get_keys(100), I see the following error in nginx error.log: 2014/08/06 06:27:55 [error] 13446#0: *1 lua entry thread aborted: runtime error: /opt/inmobi/nginx/customlua/logging.lua:56: bad argument #1 to 'get_keys' (userdata expected, got number) stack traceback: coroutine 0: [C]: in function 'get_keys' /opt/inmobi/nginx/customlua/logging.lua:56: in function 'get_all_plots' [string "content_by_lua"]:3: in function <[string "content_by_lua"]:1>, client: 127.0.0.1, server: , request: "GET /stat2 HTTP/1.1", host: "localhost" I'm using ngx_openresty version: ngx_openresty/1.2.4.11 Could someone please guide me how to use the get_keys method of the shared dict in nginx/lua? Cheers, -Suraj [1] Much in the spirit of http://blog.cloudflare.com/pushing-nginx-to-its-limit-with-lua -- An Onion is the Onion skin and the Onion under the skin until the Onion Skin without any Onion underneath. -- _____________________________________________________________ The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. The firm is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Wed Aug 6 06:47:11 2014 From: nginx-forum at nginx.us (itpp2012) Date: Wed, 06 Aug 2014 02:47:11 -0400 Subject: Why cannot the same path for cache used several times? In-Reply-To: References: Message-ID: B.R. Wrote: ------------------------------------------------------- > What is wrong in having configured: > > proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=one:10m; > proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=two:10m; keys_zone is memory, the other a 'file' path, I could imagine a 'cachehash' used could overwrite the other. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252340,252344#msg-252344 From suraj.kumar at inmobi.com Wed Aug 6 06:56:45 2014 From: suraj.kumar at inmobi.com (Suraj Kumar) Date: Wed, 6 Aug 2014 12:26:45 +0530 Subject: ngx.shared_dict.get_keys usage In-Reply-To: References: Message-ID: On Wed, Aug 6, 2014 at 12:14 PM, Suraj Kumar wrote: > When I do dict.get_keys(100), I see the following error in nginx error.log: > Never mind. I figured one must do dict:get_keys() and not dict.get_keys() That makes my first question and my first answer on this list on the same thread! ;) Thanks, -Suraj -- _____________________________________________________________ The information contained in this communication is intended solely for the use of the individual or entity to whom it is addressed and others authorized to receive it. It may contain confidential or legally privileged information. If you are not the intended recipient you are hereby notified that any disclosure, copying, distribution or taking any action in reliance on the contents of this information is strictly prohibited and may be unlawful. If you have received this communication in error, please notify us immediately by responding to this email and then delete it from your system. The firm is neither liable for the proper and complete transmission of the information contained in this communication nor for any delay in its receipt. -------------- next part -------------- An HTML attachment was scrubbed... URL: From oyljerry at gmail.com Wed Aug 6 06:58:16 2014 From: oyljerry at gmail.com (Jerry OELoo) Date: Wed, 6 Aug 2014 14:58:16 +0800 Subject: Why body filter not work Message-ID: Hi. I just copy the code from Evan Miller's body filter. http://www.evanmiller.org/nginx-modules-guide.html#filters-body, however, In my browser I could not see inserted string () And I found that request header. Transfer-Encoding: chunked Is anything that I am wrong. Thanks. -- Rejoice,I Desire! From smallfish.xy at gmail.com Wed Aug 6 06:59:29 2014 From: smallfish.xy at gmail.com (smallfish) Date: Wed, 6 Aug 2014 14:59:29 +0800 Subject: ngx.shared_dict.get_keys usage In-Reply-To: References: Message-ID: hmmm.. also you'd better to upgrade the openresty version. it' too old. :) -- smallfish http://chenxiaoyu.org On Wed, Aug 6, 2014 at 2:56 PM, Suraj Kumar wrote: > > On Wed, Aug 6, 2014 at 12:14 PM, Suraj Kumar > wrote: > >> When I do dict.get_keys(100), I see the following error in nginx >> error.log: >> > > Never mind. I figured one must do dict:get_keys() and not dict.get_keys() > > That makes my first question and my first answer on this list on the same > thread! ;) > > Thanks, > > -Suraj > > _____________________________________________________________ > The information contained in this communication is intended solely for the > use of the individual or entity to whom it is addressed and others > authorized to receive it. It may contain confidential or legally privileged > information. If you are not the intended recipient you are hereby notified > that any disclosure, copying, distribution or taking any action in reliance > on the contents of this information is strictly prohibited and may be > unlawful. If you have received this communication in error, please notify > us immediately by responding to this email and then delete it from your > system. The firm is neither liable for the proper and complete transmission > of the information contained in this communication nor for any delay in its > receipt. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From colet at llsys.com Wed Aug 6 11:15:37 2014 From: colet at llsys.com (Cole Tierney) Date: Wed, 6 Aug 2014 07:15:37 -0400 Subject: nginx-1.7.4 Message-ID: <9643586A-4BFE-4E35-9B08-152435D07511@llsys.com> Hello, Thanks for the update! Are there plans to update the mercurial respository? I just tried pulling changesets, recompiling, and I am still at 1.7.1. ? Cole From erickom at metropolitancollege.ac.sz Wed Aug 6 11:16:48 2014 From: erickom at metropolitancollege.ac.sz (Eric Kom) Date: Wed, 06 Aug 2014 13:16:48 +0200 Subject: php5-fpm with nginx not working Message-ID: <53E20EA0.9020607@metropolitancollege.ac.sz> Hi All, Please I have installed nginx version 1.7.4 with the php5-fpm on debien wheezy. Work fine but php do not seem to be integrated properly with the " An error occurred." on the browser below my config from the default.conf file: # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { ##root html; ##fastcgi_pass 127.0.0.1:9000; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /scripts$fastcgi_script_name; include fastcgi_params; } Please assist -- -- Kind Regards Eric Kom Senior IT Manager - Metropolitan Schools _________________________________________ / You are scrupulously honest, frank, and \ | straightforward. Therefore you have few | \ friends. / ----------------------------------------- \ \ .--. |o_o | |:_/ | // \ \ (| Kom | ) /'\_ _/`\ \___)=(___/ 2 Hennie Van Till, White River, 1240 Tel: 013 750 2255 | Fax: 013 750 0105 | Cell: 078 879 1334 erickom at kom.za.net | erickom at metropolitancollege.co.za www.kom.za.net | www.kom.za.org | www.erickom.co.za Key fingerprint: 513E E91A C243 3020 8735 09BB 2DBC 5AD7 A9DA 1EF5 -------------- next part -------------- An HTML attachment was scrubbed... URL: From maxim at nginx.com Wed Aug 6 11:19:43 2014 From: maxim at nginx.com (Maxim Konovalov) Date: Wed, 06 Aug 2014 15:19:43 +0400 Subject: nginx-1.7.4 In-Reply-To: <9643586A-4BFE-4E35-9B08-152435D07511@llsys.com> References: <9643586A-4BFE-4E35-9B08-152435D07511@llsys.com> Message-ID: <53E20F4F.5010604@nginx.com> On 8/6/14 3:15 PM, Cole Tierney wrote: > Hello, > > Thanks for the update! > > Are there plans to update the mercurial respository? I just tried pulling changesets, recompiling, and I am still at 1.7.1. > You are doing something wrong: $ hg -q clone http://hg.nginx.org/nginx tmp $ grep NGINX_VERSION tmp/src/core/nginx.h #define NGINX_VERSION "1.7.5" #define NGINX_VER "nginx/" NGINX_VERSION -- Maxim Konovalov http://nginx.com From colet at llsys.com Wed Aug 6 12:16:44 2014 From: colet at llsys.com (Cole Tierney) Date: Wed, 6 Aug 2014 08:16:44 -0400 Subject: nginx-1.7.4 In-Reply-To: References: Message-ID: <8556F4AC-A7FD-465E-ACCE-9183FF11AD5B@llsys.com> On Wed, 06 Aug 2014 15:19:43 +0400, Maxim Konovalov wrote: > On 8/6/14 3:15 PM, Cole Tierney wrote: >> Hello, >> >> Thanks for the update! >> >> Are there plans to update the mercurial respository? I just tried pulling changesets, recompiling, and I am still at 1.7.1. >> > You are doing something wrong: > > $ hg -q clone http://hg.nginx.org/nginx tmp > $ grep NGINX_VERSION tmp/src/core/nginx.h > #define NGINX_VERSION "1.7.5" > #define NGINX_VER "nginx/? NGINX_VERSION I do get 1.7.5 if clone a new copy. Strange that when I pull to my usual repo I don?t get anything past 1.7.1: hg pull pulling from http://hg.nginx.org/nginx searching for changes no changes found grep NGINX_VERSION src/core/nginx.h #define NGINX_VERSION "1.7.1" #define NGINX_VER "nginx/" NGINX_VERSION I?ll just use the new copy. Thanks for your help. -- Cole From nginx-forum at nginx.us Wed Aug 6 12:18:16 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Wed, 06 Aug 2014 08:18:16 -0400 Subject: Override Content-Type header with proxied requests In-Reply-To: References: Message-ID: Hello Appa, I am having the same issue. I want NGINX to serve all the json file from upstream as a content type of application/json.I tried with map just like you suggested but I am not able to figure out what should be inside map(That you have written below), Can you please suggest? map $upstream_http_content_type $s3_content_type { # S3 -> real... } location ~ \.json$ { proxy_hide_header Content-Type; add_header Content-Type $s3_content_type; } --Manish Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239473,252358#msg-252358 From mdounin at mdounin.ru Wed Aug 6 12:20:51 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 6 Aug 2014 16:20:51 +0400 Subject: nginx-1.7.4 In-Reply-To: <8556F4AC-A7FD-465E-ACCE-9183FF11AD5B@llsys.com> References: <8556F4AC-A7FD-465E-ACCE-9183FF11AD5B@llsys.com> Message-ID: <20140806122051.GE1849@mdounin.ru> Hello! On Wed, Aug 06, 2014 at 08:16:44AM -0400, Cole Tierney wrote: > On Wed, 06 Aug 2014 15:19:43 +0400, Maxim Konovalov wrote: > > On 8/6/14 3:15 PM, Cole Tierney wrote: > >> Hello, > >> > >> Thanks for the update! > >> > >> Are there plans to update the mercurial respository? I just tried pulling changesets, recompiling, and I am still at 1.7.1. > >> > > You are doing something wrong: > > > > $ hg -q clone http://hg.nginx.org/nginx tmp > > $ grep NGINX_VERSION tmp/src/core/nginx.h > > #define NGINX_VERSION "1.7.5" > > #define NGINX_VER "nginx/? NGINX_VERSION > > I do get 1.7.5 if clone a new copy. Strange that when I pull to my usual repo I don?t get anything past 1.7.1: > > hg pull > pulling from http://hg.nginx.org/nginx > searching for changes > no changes found > grep NGINX_VERSION src/core/nginx.h > #define NGINX_VERSION "1.7.1" > #define NGINX_VER "nginx/" NGINX_VERSION You have to update working copy as well, not just pull. Try "hg update". And there is also "-u" / "--update" flag for "hg pull" which does update automatically while pulling new changes. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Wed Aug 6 12:35:29 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Wed, 06 Aug 2014 08:35:29 -0400 Subject: Override Content-Type header with proxied requests Message-ID: <1d0575d72d18a4a90a6da9ea4ed2555e.NginxMailingListEnglish@forum.nginx.org> Please refer this page http://forum.nginx.org/read.php?2,239473,252358#msg-252358 Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252360,252360#msg-252360 From mdounin at mdounin.ru Wed Aug 6 12:46:18 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 6 Aug 2014 16:46:18 +0400 Subject: Why body filter not work In-Reply-To: References: Message-ID: <20140806124618.GF1849@mdounin.ru> Hello! On Wed, Aug 06, 2014 at 02:58:16PM +0800, Jerry OELoo wrote: > Hi. > I just copy the code from Evan Miller's body filter. > http://www.evanmiller.org/nginx-modules-guide.html#filters-body, > however, In my browser I could not see inserted string () The chapter in question doesn't looks correct - it tries to modify chain links passed to the filter (that is, chain links that belong to some other module), which is wrong thing to do. Instead, one should allocate new chain links, and construct a new chain with them. In any case though it may be better idea to test with something more suitable for testing than browser. E.g., telnet or netcat may be better. > And I found that request header. > > Transfer-Encoding: chunked > > Is anything that I am wrong. Thanks. The "Transfer-Encoding: chunked" header is correct as long as response size isn't known in advance. See here for details: http://tools.ietf.org/html/rfc7230#section-4.1 -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Wed Aug 6 13:38:48 2014 From: nginx-forum at nginx.us (c0nw0nk) Date: Wed, 06 Aug 2014 09:38:48 -0400 Subject: [ANN] Windows nginx 1.7.4.2 WhiteRabbit In-Reply-To: References: Message-ID: <83539e498a27baf11b8869a5dc8bb148.NginxMailingListEnglish@forum.nginx.org> Also itpp2012 i don't know if you remember from the last time we talked but would it be better or any difference for you to compile a 64bit Nginx instead of a 32bit ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252064,252363#msg-252363 From nginx-forum at nginx.us Wed Aug 6 13:52:53 2014 From: nginx-forum at nginx.us (itpp2012) Date: Wed, 06 Aug 2014 09:52:53 -0400 Subject: [ANN] Windows nginx 1.7.4.2 WhiteRabbit In-Reply-To: <83539e498a27baf11b8869a5dc8bb148.NginxMailingListEnglish@forum.nginx.org> References: <83539e498a27baf11b8869a5dc8bb148.NginxMailingListEnglish@forum.nginx.org> Message-ID: c0nw0nk Wrote: ------------------------------------------------------- > Also itpp2012 i don't know if you remember from the last time we > talked but would it be better or any difference for you to compile a > 64bit Nginx instead of a 32bit ? For new items/issues please open a new topic. 64bit builds are still under investigation, a basic testbuild we've done last month did not show enough gain yet. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252064,252364#msg-252364 From nginx-forum at nginx.us Wed Aug 6 14:22:10 2014 From: nginx-forum at nginx.us (crespin) Date: Wed, 06 Aug 2014 10:22:10 -0400 Subject: [PATCH] print format for nevents Message-ID: Hello, nevents is an ngx_int_t, so the print format must be "%i". Regards, yves static ngx_int_t nevents; --- a/nginx-1.7.4/src/event/modules/ngx_poll_module.c +++ b/nginx-1.7.4/src/event/modules/ngx_poll_module.c @@ -201,7 +201,7 @@ ngx_poll_del_event(ngx_event_t *ev, ngx_int_t event, ngx_uint_t flags) if (ev->index < (ngx_uint_t) nevents) { ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0, - "index: copy event %ui to %i", nevents, ev->index); + "index: copy event %i to %i", nevents, ev->index); event_list[ev->index] = event_list[nevents]; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252365,252365#msg-252365 From mdounin at mdounin.ru Wed Aug 6 16:04:53 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 6 Aug 2014 20:04:53 +0400 Subject: [PATCH] print format for nevents In-Reply-To: References: Message-ID: <20140806160453.GH1849@mdounin.ru> Hello! On Wed, Aug 06, 2014 at 10:22:10AM -0400, crespin wrote: > Hello, > > nevents is an ngx_int_t, so the print format must be "%i". Both signed and unsigned ngx_[u]int_t has the same size, so that's more about preferable representation of numbers, not about correctness of the code. In this particular case I think that %ui is better, as negative numbers shouldn't be here, and logging them with %ui will make them clearly visible as very big positive numbers. It's also what will be used in the actual poll() syscall. For future reference, please also take a look at the following link: http://nginx.org/en/docs/contributing_changes.html -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Wed Aug 6 16:28:00 2014 From: nginx-forum at nginx.us (crespin) Date: Wed, 06 Aug 2014 12:28:00 -0400 Subject: [PATCH] print format for nevents In-Reply-To: <20140806160453.GH1849@mdounin.ru> References: <20140806160453.GH1849@mdounin.ru> Message-ID: Maxim Dounin Wrote: ------------------------------------------------------- > Hello! > > On Wed, Aug 06, 2014 at 10:22:10AM -0400, crespin wrote: > > > Hello, > > > > nevents is an ngx_int_t, so the print format must be "%i". > > Both signed and unsigned ngx_[u]int_t has the same size, so that's > more about preferable representation of numbers, not about > correctness of the code. Thanks for the link. The format %d is used in another call to nevents. To be consistent, should not use %ui ? Regards, yves static ngx_int_t ngx_poll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t flags) ... ngx_log_debug2(NGX_LOG_DEBUG_EVENT, cycle->log, 0, "poll ready %d of %d", ready, nevents); Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252365,252371#msg-252371 From reallfqq-nginx at yahoo.fr Wed Aug 6 16:48:29 2014 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Wed, 6 Aug 2014 18:48:29 +0200 Subject: Why cannot the same path for cache be used several times? Message-ID: On Wed, Aug 6, 2014 at 8:47 AM, itpp2012 wrote: > keys_zone is memory, the other a 'file' path, I could imagine a 'cachehash' > used could overwrite the other. > ?I thought of that?, but learning how variables are resolved at request time, and knowing that configuration is parsed on HUP signal, I though nginx would handle cache requests from different servers/locations the same way it is dealing with them when they are coming from the same server. I have not digged into the code, and I do not know if there is such thing sa a 'cache manager' which would centralize cache management and respond to cache events. keys_zone are normally enough to avoid overwriting cache entries from other zones. Failing to do so, it would mean several keys_zone being used in the same cache are not isolated and can lead to collision... that would be catastrophic... >From the assumption that keys_zone are collision-free, it would seem reasonable to share the same cache file over several calls. IMHO, the only thing that shall fail is the use of the same keys_zone on the same file more than once. Does not that sound reasonable? ?--- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From colet at llsys.com Wed Aug 6 17:05:07 2014 From: colet at llsys.com (Cole Tierney) Date: Wed, 6 Aug 2014 13:05:07 -0400 Subject: nginx-1.7.4 In-Reply-To: References: Message-ID: on Wed, 6 Aug 2014 16:20:51 +0400, Maxim Konovalov wrote: > On Wed, Aug 06, 2014 at 08:16:44AM -0400, Cole Tierney wrote: >> On Wed, 06 Aug 2014 15:19:43 +0400, Maxim Konovalov wrote: >>> On 8/6/14 3:15 PM, Cole Tierney wrote: >>>> Hello, >>>> Thanks for the update! >>>> Are there plans to update the mercurial respository? I just tried pulling changesets, recompiling, and I am still at 1.7.1. >>>> >>> You are doing something wrong: >>> >>> $ hg -q clone http://hg.nginx.org/nginx tmp >>> $ grep NGINX_VERSION tmp/src/core/nginx.h >>> #define NGINX_VERSION "1.7.5" >>> #define NGINX_VER "nginx/? NGINX_VERSION >> >> I do get 1.7.5 if clone a new copy. Strange that when I pull to my usual repo I don't get anything past 1.7.1: >> >> hg pull >> pulling from http://hg.nginx.org/nginx >> searching for changes >> no changes found >> grep NGINX_VERSION src/core/nginx.h >> #define NGINX_VERSION "1.7.1" >> #define NGINX_VER "nginx/" NGINX_VERSION > > You have to update working copy as well, not just pull. Try "hg > update". And there is also "-u" / "--update" flag for "hg pull" > which does update automatically while pulling new changes. Thanks again. I'll make a note to use the "-u" flag next time. -- Cole From mdounin at mdounin.ru Wed Aug 6 17:19:59 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 6 Aug 2014 21:19:59 +0400 Subject: [PATCH] print format for nevents In-Reply-To: References: <20140806160453.GH1849@mdounin.ru> Message-ID: <20140806171959.GL1849@mdounin.ru> Hello! On Wed, Aug 06, 2014 at 12:28:00PM -0400, crespin wrote: > Maxim Dounin Wrote: > ------------------------------------------------------- > > Hello! > > > > On Wed, Aug 06, 2014 at 10:22:10AM -0400, crespin wrote: > > > > > Hello, > > > > > > nevents is an ngx_int_t, so the print format must be "%i". > > > > Both signed and unsigned ngx_[u]int_t has the same size, so that's > > more about preferable representation of numbers, not about > > correctness of the code. > > Thanks for the link. > > The format %d is used in another call to nevents. > To be consistent, should not use %ui ? > > Regards, > > yves > > static ngx_int_t > ngx_poll_process_events(ngx_cycle_t *cycle, ngx_msec_t timer, ngx_uint_t > flags) > ... > ngx_log_debug2(NGX_LOG_DEBUG_EVENT, cycle->log, 0, > "poll ready %d of %d", ready, nevents); Yes, %d here is certainly incorrect, as int and ngx_int_t sizes may differ. I don't think there are any platforms with poll() where this may cause problems, but nevertheless it's worth fixing. Changing this to %ui should be ok. Care to provide a patch? -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Wed Aug 6 17:37:43 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 6 Aug 2014 21:37:43 +0400 Subject: Why cannot the same path for cache be used several times? In-Reply-To: References: Message-ID: <20140806173743.GM1849@mdounin.ru> Hello! On Wed, Aug 06, 2014 at 06:48:29PM +0200, B.R. wrote: > On Wed, Aug 6, 2014 at 8:47 AM, itpp2012 wrote: > > > keys_zone is memory, the other a 'file' path, I could imagine a 'cachehash' > > used could overwrite the other. > > > > ?I thought of that?, but learning how variables are resolved at request > time, and knowing that configuration is parsed on HUP signal, I though > nginx would handle cache requests from different servers/locations the same > way it is dealing with them when they are coming from the same server. > > I have not digged into the code, and I do not know if there is such thing > sa a 'cache manager' which would centralize cache management and respond to > cache events. > > keys_zone are normally enough to avoid overwriting cache entries from other > zones. > Failing to do so, it would mean several keys_zone being used in the same > cache are not isolated and can lead to collision... that would be > catastrophic... > From the assumption that keys_zone are collision-free, it would seem > reasonable to share the same cache file over several calls. > > IMHO, the only thing that shall fail is the use of the same keys_zone on > the same file more than once. > Does not that sound reasonable? To specify a cache, you have to define: 1) Unique name for the cache, to be used in proxy_cache directives. This also the name of shared memory zone used to store the cache in-memory data. 2) Path to a directory to store cache files. Each cache is completely isolated from other caches (if any), and knows nothing about them. Therefore, the directory used to store cache files must be unique - if not, cache entries with identical keys will be mapped to the same file, and will overwrite each other. On the other hand, identical keys in different caches doesn't mean that resources match, keys are expected to be unique only within a given cache. In most cases, you'll need only one cache; just use it multiple times as appropriate with the proxy_cache directive. If you need more than one cache for some reason, you'll have to specify both unique name and unique storage path to avoid possible collisions. -- Maxim Dounin http://nginx.org/ From reallfqq-nginx at yahoo.fr Wed Aug 6 18:59:59 2014 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Wed, 6 Aug 2014 20:59:59 +0200 Subject: Why cannot the same path for cache be used several times? In-Reply-To: <20140806173743.GM1849@mdounin.ru> References: <20140806173743.GM1849@mdounin.ru> Message-ID: Thanks for your input Maxim. However either I still do not get the purpose of the zone key or I am missing something in the whole reasoning... Isn't it the zone key there to isolate requests from different sources and thus avoid collisions in the same cache path? The only case favorable for collision is, as you explained, when the same cache path *and* the same zone key are being used. If I am correct, why not allowing the same cache path to be used, provided the zone key is *always* different on each call of *_cache_path? --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Thu Aug 7 03:14:12 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Wed, 06 Aug 2014 23:14:12 -0400 Subject: Override Content-Type header with proxied requests In-Reply-To: <1d0575d72d18a4a90a6da9ea4ed2555e.NginxMailingListEnglish@forum.nginx.org> References: <1d0575d72d18a4a90a6da9ea4ed2555e.NginxMailingListEnglish@forum.nginx.org> Message-ID: <4e321c644f1c79227141cb7d613e4531.NginxMailingListEnglish@forum.nginx.org> Hello All, Can somebody answer this question? I am facing this issue from many days. --Manish Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252360,252378#msg-252378 From nginx-forum at nginx.us Thu Aug 7 03:37:42 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Wed, 06 Aug 2014 23:37:42 -0400 Subject: NGINX redirection issue Message-ID: <77f52a22b5ca560efad559c0099c9e69.NginxMailingListEnglish@forum.nginx.org> Hello All, I am facing some issue regarding nginx redirection. I want to remove .html extension from all the html pages and all the index.html pages. For example 1. http://www.aaa.com/bbb/ccc.html should show the content of http://www.aaa.com/bbb/ccc.html but the URL should show http://www.aaa.com/bbb/ccc 2. http://www.aaa.com/index.html should show the content of http://www.aaa.com/index.html but the URL should show http://www.aaa.com. There are few rewrites already there which are given below 1. Whenever you try to access the http://www.aaa.com site, it will redirect to http://www.aaa.com/aaa/bbb/ccc/ddd/index.html. http://www.aaa.com -----> http://www.aaa.com/aaa/bbb/ccc/ddd/index.html. 2. All directory lookups to 'index.html' rewrite ^(.*)/$ $1/index.html permanent; 3. All open strings to index.html rewrite ^(.*)/([^\.\?/]+)$ $1/$2/index.html permanent; Now whenever I try to implement the change, the site went into a redirect loop and gives following error in the error log. 2014/08/05 14:48:03 [error] 10392#0: *750 rewrite or internal redirection cycle while internally redirecting to "/index.html", client: 1.1.1.1, server: www.aaa.com, request: "GET /aaa/ccc HTTP/1.1", host: "www.aaa.com" Please suggest how to solve the issue --Manish Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252379,252379#msg-252379 From wandenberg at gmail.com Thu Aug 7 04:00:45 2014 From: wandenberg at gmail.com (Wandenberg Peixoto) Date: Thu, 7 Aug 2014 01:00:45 -0300 Subject: Why cannot the same path for cache be used several times? In-Reply-To: References: <20140806173743.GM1849@mdounin.ru> Message-ID: Hi, The key_zone is just the name of a shared memory area where some metadata about the cache entries will be saved. The files stored on the cache_path does not use the key_zone. They are different configurations to two different purposes. To do what you are imagining, the file stored on cache_path must have the key_zone on its name, something like /tmp/cache/*zone1*/0/00/9fc611e1a487c7a86585d509730f6000 /tmp/cache/*zone2*/0/00/9fc611e1a487c7a86585d509730f6000 Two different files saved on the same cache path, only using different key_zones. Since the key_zone is just a string on your configuration, if you now want to rename them like zone1 -> zoneA and zone2 -> zoneB and restart your server, all the content on your cache would be lost, because the paths /tmp/cache/zoneA and /tmp/cache/zoneB will be empty. You can use the key_zone name on different locations, and all objects will be saved on the same path. To have different key_zone values you have to specify different cache_path. I hope this hypothetical example helps to understand :) Regards On Wed, Aug 6, 2014 at 3:59 PM, B.R. wrote: > Thanks for your input Maxim. > > However either I still do not get the purpose of the zone key or I am > missing something in the whole reasoning... > Isn't it the zone key there to isolate requests from different sources and > thus avoid collisions in the same cache path? > The only case favorable for collision is, as you explained, when the same > cache path *and* the same zone key are being used. > > If I am correct, why not allowing the same cache path to be used, provided > the zone key is *always* different on each call of *_cache_path? > --- > *B. R.* > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wandenberg at gmail.com Thu Aug 7 04:10:22 2014 From: wandenberg at gmail.com (Wandenberg Peixoto) Date: Thu, 7 Aug 2014 01:10:22 -0300 Subject: Override Content-Type header with proxied requests In-Reply-To: <4e321c644f1c79227141cb7d613e4531.NginxMailingListEnglish@forum.nginx.org> References: <1d0575d72d18a4a90a6da9ea4ed2555e.NginxMailingListEnglish@forum.nginx.org> <4e321c644f1c79227141cb7d613e4531.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello, you can use many values on the map, take a look on its docs. One quickly example may be (not tested) map $uri $custom_content_type { default "text/html"; ~(.*\.json)$ "application/json"; } location ~ \.json$ { proxy_hide_header Content-Type; add_header Content-Type $custom_content_type; # other proxy configurations like proxy_pass } Or try to use the types {} directive which is specific to make the relationship between extensions and content-type. On Thu, Aug 7, 2014 at 12:14 AM, manish-ezest wrote: > Hello All, > > Can somebody answer this question? I am facing this issue from many days. > > --Manish > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,252360,252378#msg-252378 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Thu Aug 7 08:03:59 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 7 Aug 2014 12:03:59 +0400 Subject: NGINX redirection issue In-Reply-To: <77f52a22b5ca560efad559c0099c9e69.NginxMailingListEnglish@forum.nginx.org> References: <77f52a22b5ca560efad559c0099c9e69.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140807080359.GN1849@mdounin.ru> Hello! On Wed, Aug 06, 2014 at 11:37:42PM -0400, manish-ezest wrote: > Hello All, > > I am facing some issue regarding nginx redirection. I want to remove .html > extension from all the html pages and all the index.html pages. For example > > 1. > http://www.aaa.com/bbb/ccc.html should show the content of > http://www.aaa.com/bbb/ccc.html but the URL should show > http://www.aaa.com/bbb/ccc > > 2. http://www.aaa.com/index.html should show the content of > http://www.aaa.com/index.html but the URL should show http://www.aaa.com. This is something as simple as: location / { index index.html; try_files $uri.html $uri/ =404; } with "index index.html" being the default - that is, you don't actually need to configure it explicitly. Or like this, using only try_files instead of try_files + index: location / { try_files $uri.html $uri/index.html =404; } The only potential difference from what you describe is that this won't do a redirect to hide "/index.html" if explicitly requested by a user, but it's not clear from your description if it's something really needed. This is not something usually done. See here for details: http://nginx.org/r/index http://nginx.org/r/try_files http://nginx.org/en/docs/http/request_processing.html > There are few rewrites already there which are given below > > 1. Whenever you try to access the http://www.aaa.com site, it will redirect > to http://www.aaa.com/aaa/bbb/ccc/ddd/index.html. > http://www.aaa.com -----> http://www.aaa.com/aaa/bbb/ccc/ddd/index.html. > > 2. All directory lookups to 'index.html' > rewrite ^(.*)/$ $1/index.html permanent; > 3. All open strings to index.html > rewrite ^(.*)/([^\.\?/]+)$ $1/$2/index.html permanent; > > Now whenever I try to implement the change, the site went into a redirect > loop and gives following error in the error log. > > 2014/08/05 14:48:03 [error] 10392#0: *750 rewrite or internal redirection > cycle while internally redirecting to "/index.html", client: 1.1.1.1, > server: www.aaa.com, request: "GET /aaa/ccc HTTP/1.1", host: "www.aaa.com" > > Please suggest how to solve the issue Both rewrites you've provided will return external 301 redirects without doing internal redirects, so the loop is caused by something else in your config. You have to show your config for others to be able to help. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Thu Aug 7 13:08:10 2014 From: nginx-forum at nginx.us (crespin) Date: Thu, 07 Aug 2014 09:08:10 -0400 Subject: [PATCH] print format for nevents In-Reply-To: <20140806171959.GL1849@mdounin.ru> References: <20140806171959.GL1849@mdounin.ru> Message-ID: <2c5eb941b97cd08c9004505de61ebd1f.NginxMailingListEnglish@forum.nginx.org> Hello, here is the corresponding patch. regards, yves > Yes, %d here is certainly incorrect, as int and ngx_int_t sizes > may differ. I don't think there are any platforms with poll() > where this may cause problems, but nevertheless it's worth fixing. > Changing this to %ui should be ok. # HG changeset patch # User Yves Crespin # Date 1407414744 -7200 # Node ID c51d0d718b2177daaf14895840beb528e332418b # Parent ab48149b77a6bdbe47a8543c339cf84deeb8e341 use format %ui according to nevents type diff -r ab48149b77a6 -r c51d0d718b21 src/event/modules/ngx_poll_module.c --- a/src/event/modules/ngx_poll_module.c Wed Aug 06 23:58:44 2014 +0900 +++ b/src/event/modules/ngx_poll_module.c Thu Aug 07 14:32:24 2014 +0200 @@ -268,7 +268,7 @@ } ngx_log_debug2(NGX_LOG_DEBUG_EVENT, cycle->log, 0, - "poll ready %d of %d", ready, nevents); + "poll ready %d of %ui", ready, nevents); if (err) { if (err == NGX_EINTR) { Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252365,252383#msg-252383 From nginx-forum at nginx.us Thu Aug 7 13:16:42 2014 From: nginx-forum at nginx.us (crespin) Date: Thu, 07 Aug 2014 09:16:42 -0400 Subject: [PATCH] change nevents type in ngx_poll_module.c to ngx_uint_t Message-ID: <90ad71a99e4532a935f507917291b64f.NginxMailingListEnglish@forum.nginx.org> Hello, In ngx_epoll_module.c, nevents is defined as ngx_uint_t and ev->index is also a ngx_uint_t. So I proposed to change nevents type. I'm not sure about variable declaration: - ngx_int_t i, nready; + ngx_uint_t i; + ngx_int_t nready; ngx_uint_t found, level; It's perhaps better to group variable by type: - ngx_int_t i, nready; + ngx_int_t nready; + ngx_uint_t i, found, level; regards, yves # HG changeset patch # User Yves Crespin # Date 1407416217 -7200 # Node ID b71a279c696bcd18bd6b3c2845fe8e51d57ea1fd # Parent c51d0d718b2177daaf14895840beb528e332418b change nevents type in ngx_poll_module.c to ngx_uint_t diff -r c51d0d718b21 -r b71a279c696b src/event/modules/ngx_poll_module.c --- a/src/event/modules/ngx_poll_module.c Thu Aug 07 14:32:24 2014 +0200 +++ b/src/event/modules/ngx_poll_module.c Thu Aug 07 14:56:57 2014 +0200 @@ -22,7 +22,7 @@ static struct pollfd *event_list; -static ngx_int_t nevents; +static ngx_uint_t nevents; static ngx_str_t poll_name = ngx_string("poll"); @@ -198,7 +198,7 @@ if (e == NULL || e->index == NGX_INVALID_INDEX) { nevents--; - if (ev->index < (ngx_uint_t) nevents) { + if (ev->index < nevents) { ngx_log_debug2(NGX_LOG_DEBUG_EVENT, ev->log, 0, "index: copy event %ui to %i", nevents, ev->index); @@ -212,11 +212,11 @@ "unexpected last event"); } else { - if (c->read->index == (ngx_uint_t) nevents) { + if (c->read->index == nevents) { c->read->index = ev->index; } - if (c->write->index == (ngx_uint_t) nevents) { + if (c->write->index == nevents) { c->write->index = ev->index; } } @@ -240,7 +240,8 @@ { int ready, revents; ngx_err_t err; - ngx_int_t i, nready; + ngx_uint_t i; + ngx_int_t nready; ngx_uint_t found, level; ngx_event_t *ev, **queue; ngx_connection_t *c; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252384,252384#msg-252384 From nginx-forum at nginx.us Thu Aug 7 13:20:10 2014 From: nginx-forum at nginx.us (crespin) Date: Thu, 07 Aug 2014 09:20:10 -0400 Subject: [PATCH] use format %ui according to i type in ngx_poll_module.c Message-ID: <1d4cae0b774db39804c6f816334ec15e.NginxMailingListEnglish@forum.nginx.org> Hello, I notice a wrong format %d for ngx_uint_t variable in ngx_poll_module.c. Regards, yves # HG changeset patch # User Yves Crespin # Date 1407416683 -7200 # Node ID 97fcc94109c0ea7b929f7fa5a8c7ee95ecf7cb5c # Parent b71a279c696bcd18bd6b3c2845fe8e51d57ea1fd use format %ui according to i type diff -r b71a279c696b -r 97fcc94109c0 src/event/modules/ngx_poll_module.c --- a/src/event/modules/ngx_poll_module.c Thu Aug 07 14:56:57 2014 +0200 +++ b/src/event/modules/ngx_poll_module.c Thu Aug 07 15:04:43 2014 +0200 @@ -252,7 +252,7 @@ if (cycle->log->log_level & NGX_LOG_DEBUG_ALL) { for (i = 0; i < nevents; i++) { ngx_log_debug3(NGX_LOG_DEBUG_EVENT, cycle->log, 0, - "poll: %d: fd:%d ev:%04Xd", + "poll: %ui: fd:%d ev:%04Xd", i, event_list[i].fd, event_list[i].events); } } @@ -309,12 +309,12 @@ #if 1 ngx_log_debug4(NGX_LOG_DEBUG_EVENT, cycle->log, 0, - "poll: %d: fd:%d ev:%04Xd rev:%04Xd", + "poll: %ui: fd:%d ev:%04Xd rev:%04Xd", i, event_list[i].fd, event_list[i].events, revents); #else if (revents) { ngx_log_debug4(NGX_LOG_DEBUG_EVENT, cycle->log, 0, - "poll: %d: fd:%d ev:%04Xd rev:%04Xd", + "poll: %ui: fd:%d ev:%04Xd rev:%04Xd", i, event_list[i].fd, event_list[i].events, revents); } #endif Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252386,252386#msg-252386 From nginx-forum at nginx.us Thu Aug 7 14:05:16 2014 From: nginx-forum at nginx.us (crespin) Date: Thu, 07 Aug 2014 10:05:16 -0400 Subject: [PATCH] proposal to remove unused macro ngx_sleep() Message-ID: Hello, ngx_sleep() macro is unused. regards, yves # HG changeset patch # User Yves Crespin # Date 1407420247 -7200 # Node ID 8120c2937062998497546a3ecb38b78bb302fe34 # Parent 97fcc94109c0ea7b929f7fa5a8c7ee95ecf7cb5c remove unused ngx_sleep() macro In win32 implementation, even for a long sleep (60s), ngx_msleep() is used instead of ngx_sleep(). Implementation of |sleep()| can use |SIGALRM| and it's used in nginx. diff -r 97fcc94109c0 -r 8120c2937062 src/os/unix/ngx_time.h --- a/src/os/unix/ngx_time.h Thu Aug 07 15:04:43 2014 +0200 +++ b/src/os/unix/ngx_time.h Thu Aug 07 16:04:07 2014 +0200 @@ -60,7 +60,6 @@ #define ngx_gettimeofday(tp) (void) gettimeofday(tp, NULL); #define ngx_msleep(ms) (void) usleep(ms * 1000) -#define ngx_sleep(s) (void) sleep(s) #endif /* _NGX_TIME_H_INCLUDED_ */ Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252387,252387#msg-252387 From nginx-forum at nginx.us Thu Aug 7 15:57:03 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Thu, 07 Aug 2014 11:57:03 -0400 Subject: Override Content-Type header with proxied requests In-Reply-To: References: Message-ID: Hello wandenberg, Thank you for your response. I truly appreciate your help. I tried this options given below ######First Method############### 1. Edit nginx.conf and add map $uri $custom_content_type { default "text/html"; ~(.*\.json)$ "application/json"; } 2. Put the custom map in location directive location / { proxy_redirect off; proxy_set_header Host www-aaa.com.s3.amazonaws.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer www-aaa.com; proxy_pass http://www-aaa.com.s3.amazonaws.com/; add_header Pragma "no-cache"; proxy_cache_valid 200 302 10m; proxy_read_timeout 60s; proxy_hide_header Content-Type; add_header Content-Type $custom_content_type; } ######Second Method############### 1. Edit nginx.conf and add map $uri $custom_content_type { default "text/html"; ~(.*\.json)$ "application/json"; } 2. Put the custom map in location directive location / { proxy_redirect off; proxy_set_header Host www-aaa.com.s3.amazonaws.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer www-aaa.com; proxy_pass http://www-aaa.com.s3.amazonaws.com/; add_header Pragma "no-cache"; proxy_cache_valid 200 302 10m; proxy_read_timeout 60s; location ~ \.json$ { proxy_hide_header Content-Type; add_header Content-Type $custom_content_type; } } ##Third Method#################### 1. Enter this in server block of nginx. location ~ \.json$ { types { } default_type application/json; } ################################# 1. When I tried first method I put below content in "location / { }" and due to this the JSON file served as application/json but all other files loaded as text/html as it was default in the map directive which caused image/css to not load. I thought it would read the mime.types files and will select the appropriate Content-Type. ######################### proxy_hide_header Content-Type; add_header Content-Type $custom_content_type; ########################## 2. When I tried second and third method, I am getting 404 because it is taking docroot as /var/empty 2014/08/07 17:13:22 [error] 14205#0: *33 open() "/var/empty/aaa/bbb/ccc/ddd/eee.json" failed (2: No such file or directory), client: 5.5.5.5., server: www-aaa.com, request: "GET /aaa/bbb/ccc/ddd/eee.json HTTP/1.1", host: "www.aaa.coml" So my question is where should I put the location ~\.json block(in location / {} or in server directive)? **************my NGINX.conf******************** user nginx; worker_processes 1; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; worker_rlimit_nofile 30000; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format combined_time '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" $request_time'; access_log /var/log/nginx/access.log combined_time; include /etc/nginx/servers/*.conf; } ********************************************** ******************************VHOST SETTING***** server { listen 80; server_name www-aaa.com; add_header Cache-Control off; expires 1d; root /var/empty; error_log /var/log/nginx/www.aaa.com-error.log; access_log /var/log/nginx/www.aaa.com-access.log combined_time; location = /favicon.ico { root /www; } proxy_intercept_errors on; error_page 400 401 402 403 404 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497 500 501 502 503 504 505 506 507 = /error_page.pl; error_page 405 =200 $uri; location /error_page.pl { fastcgi_pass 127.0.0.1:8999; fastcgi_param REQUEST_URI $request_uri; fastcgi_pass_header "Status"; } location / { proxy_redirect off; proxy_set_header Host www.aaa.com.s3.amazonaws.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer www.aaa.com; proxy_pass http://www.aaa.com.s3.amazonaws.com/; } } *************************************************************************** NOTE: All my files are served from s3 bucket and not a single files are in the server. --Manish Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239473,252390#msg-252390 From nginx-forum at nginx.us Thu Aug 7 16:02:43 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Thu, 07 Aug 2014 12:02:43 -0400 Subject: NGINX redirection issue In-Reply-To: <20140807080359.GN1849@mdounin.ru> References: <20140807080359.GN1849@mdounin.ru> Message-ID: <4a80293d99d4029863be3236ac4ad323.NginxMailingListEnglish@forum.nginx.org> Hello Maxim, Thank you for your response. Here is the my nginx settings **************my NGINX.conf******************** user nginx; worker_processes 1; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; worker_rlimit_nofile 30000; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format combined_time '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" $request_time'; access_log /var/log/nginx/access.log combined_time; include /etc/nginx/servers/*.conf; } ********************************************** ******************************VHOST SETTING***** server { listen 80; server_name www-aaa.com; add_header Cache-Control off; expires 1d; root /var/empty; error_log /var/log/nginx/www.aaa.com-error.log; access_log /var/log/nginx/www.aaa.com-access.log combined_time; location = /favicon.ico { root /www; } proxy_intercept_errors on; error_page 400 401 402 403 404 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497 500 501 502 503 504 505 506 507 = /error_page.pl; error_page 405 =200 $uri; location /error_page.pl { fastcgi_pass 127.0.0.1:8999; fastcgi_param REQUEST_URI $request_uri; fastcgi_pass_header "Status"; } location / { ## Rewrite root to index of bbb folder. rewrite ^/$ http://www.aaa.com/aaaa/bbb/index.html permanent; ## Rewrite all directory lookups to 'index.html' rewrite ^(.*)/$ $1/index.html permanent; ## Rewrite all open strings to index.html rewrite ^(.*)/([^\.\?/]+)$ $1/$2/index.html permanent; proxy_redirect off; proxy_set_header Host www.aaa.com.s3.amazonaws.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer www.aaa.com; proxy_pass http://www.aaa.com.s3.amazonaws.com/; } } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252379,252391#msg-252391 From fusca14 at gmail.com Thu Aug 7 17:10:48 2014 From: fusca14 at gmail.com (Fabiano Furtado Pessoa Coelho) Date: Thu, 7 Aug 2014 14:10:48 -0300 Subject: Error compiling NGINX 1.7.4 with openssl 1.0.1i statically on RHEL7 system Message-ID: Hi... I'm trying to compile NGINX 1.7.4 com openssl 1.0.1i statically on RHEL7. I've downloaded the SPRM file from http://nginx.org/packages/mainline/rhel/7/SRPMS/nginx-1.7.4-1.el7.ngx.src.rpm and I modified the nginx.spec file to do it. I've added the line --with-openssl=/home/test/openssl \ ... and started the compilation process with the command: $ rpmbuild -v -bb rpmbuild/SPECS/nginx.spec The following error appears: "... make[4]: Leaving directory `/home/test/openssl/crypto/ts' making all in crypto/srp... make[4]: Entering directory `/home/test/openssl/crypto/srp' make[4]: warning: jobserver unavailable: using -j1. Add `+' to parent make rule. gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o srp_lib.o srp_lib.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o srp_vfy.o srp_vfy.c ar r ../../libcrypto.a srp_lib.o srp_vfy.o /bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/home/test/openssl/crypto/srp' making all in crypto/cmac... make[4]: Entering directory `/home/test/openssl/crypto/cmac' make[4]: warning: jobserver unavailable: using -j1. Add `+' to parent make rule. gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o cmac.o cmac.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o cm_ameth.o cm_ameth.c gcc -I.. -I../.. -I../modes -I../asn1 -I../evp -I../../include -DDSO_DLFCN -DHAVE_DLFCN_H -Wa,--noexecstack -m64 -DL_ENDIAN -DTERMIO -O3 -Wall -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM -c -o cm_pmeth.o cm_pmeth.c ar r ../../libcrypto.a cmac.o cm_ameth.o cm_pmeth.o /bin/ranlib ../../libcrypto.a || echo Never mind. make[4]: Leaving directory `/home/test/openssl/crypto/cmac' if [ -n "" ]; then \ (cd ..; make libcrypto.so.1.0.0); \ fi make[3]: Leaving directory `/home/test/openssl/crypto' make[2]: Leaving directory `/home/test/openssl' make[1]: *** [/home/test/openssl/.openssl/include/openssl/ssl.h] Error 2 make[1]: Leaving directory `/home/test/rpmbuild/BUILD/nginx-1.7.4' make: *** [build] Error 2 error: Bad exit status from /var/tmp/rpm-tmp.Z2WM3a (%build) RPM build errors: Bad exit status from /var/tmp/rpm-tmp.Z2WM3a (%build)" How can I solve this issue? Thanks in advance. Fabiano From wandenberg at gmail.com Thu Aug 7 17:57:32 2014 From: wandenberg at gmail.com (Wandenberg Peixoto) Date: Thu, 7 Aug 2014 14:57:32 -0300 Subject: Override Content-Type header with proxied requests In-Reply-To: References: Message-ID: Did you tried to only hide the header with proxy_hide_header Content-Type; and let nginx use the mime.types to set the content type? Do not set the add_header Content-Type manually. Let me know the result. On Thu, Aug 7, 2014 at 12:57 PM, manish-ezest wrote: > Hello wandenberg, > > Thank you for your response. I truly appreciate your help. I tried this > options given below > > ######First Method############### > 1. Edit nginx.conf and add > map $uri $custom_content_type { > default "text/html"; > ~(.*\.json)$ "application/json"; > } > > 2. Put the custom map in location directive > location / { > proxy_redirect off; > proxy_set_header Host www-aaa.com.s3.amazonaws.com; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Referer www-aaa.com; > proxy_pass http://www-aaa.com.s3.amazonaws.com/; > add_header Pragma "no-cache"; > proxy_cache_valid 200 302 10m; > proxy_read_timeout 60s; > proxy_hide_header Content-Type; > add_header Content-Type $custom_content_type; > } > > ######Second Method############### > 1. Edit nginx.conf and add > map $uri $custom_content_type { > default "text/html"; > ~(.*\.json)$ "application/json"; > } > > 2. Put the custom map in location directive > location / { > proxy_redirect off; > proxy_set_header Host www-aaa.com.s3.amazonaws.com; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Referer www-aaa.com; > proxy_pass http://www-aaa.com.s3.amazonaws.com/; > add_header Pragma "no-cache"; > proxy_cache_valid 200 302 10m; > proxy_read_timeout 60s; > location ~ \.json$ { > proxy_hide_header Content-Type; > add_header Content-Type $custom_content_type; > } > } > > ##Third Method#################### > > 1. Enter this in server block of nginx. > location ~ \.json$ { > types { } > default_type application/json; > } > > ################################# > > 1. When I tried first method I put below content in "location / { }" and > due > to this the JSON file served as application/json but all other files loaded > as text/html as it was default in the map directive which caused image/css > to not load. I thought it would read the mime.types files and will select > the appropriate Content-Type. > ######################### > proxy_hide_header Content-Type; > add_header Content-Type $custom_content_type; > ########################## > > 2. When I tried second and third method, I am getting 404 because it is > taking docroot as /var/empty > > 2014/08/07 17:13:22 [error] 14205#0: *33 open() > "/var/empty/aaa/bbb/ccc/ddd/eee.json" failed (2: No such file or > directory), > client: 5.5.5.5., server: www-aaa.com, request: "GET > /aaa/bbb/ccc/ddd/eee.json HTTP/1.1", host: "www.aaa.coml" > > So my question is where should I put the location ~\.json block(in location > / {} or in server directive)? > > **************my NGINX.conf******************** > user nginx; > worker_processes 1; > error_log /var/log/nginx/error.log notice; > pid /var/run/nginx.pid; > worker_rlimit_nofile 30000; > events { > worker_connections 1024; > } > http { > include /etc/nginx/mime.types; > default_type application/octet-stream; > > log_format main '$remote_addr - $remote_user [$time_local] $request ' > '"$status" $body_bytes_sent "$http_referer" ' > '"$http_user_agent" "$http_x_forwarded_for"'; > log_format combined_time '$remote_addr - $remote_user [$time_local]' > '"$request" $status $body_bytes_sent ' > '"$http_referer" "$http_user_agent" $request_time'; > > access_log /var/log/nginx/access.log combined_time; > include /etc/nginx/servers/*.conf; > } > ********************************************** > > ******************************VHOST SETTING***** > server { > listen 80; > server_name www-aaa.com; > add_header Cache-Control off; > expires 1d; > root /var/empty; > error_log /var/log/nginx/www.aaa.com-error.log; > access_log /var/log/nginx/www.aaa.com-access.log > combined_time; > location = /favicon.ico { > root /www; > } > proxy_intercept_errors on; > error_page 400 401 402 403 404 406 407 408 409 410 411 412 413 414 415 416 > 417 495 496 497 500 501 502 503 504 505 506 507 = /error_page.pl; > error_page 405 =200 $uri; > location /error_page.pl { > fastcgi_pass 127.0.0.1:8999; > fastcgi_param REQUEST_URI $request_uri; > fastcgi_pass_header "Status"; > } > > location / { > proxy_redirect off; > proxy_set_header Host www.aaa.com.s3.amazonaws.com; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Referer www.aaa.com; > proxy_pass http://www.aaa.com.s3.amazonaws.com/; > } > } > *************************************************************************** > > NOTE: All my files are served from s3 bucket and not a single files are in > the server. > > --Manish > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,239473,252390#msg-252390 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Thu Aug 7 18:17:32 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Thu, 07 Aug 2014 14:17:32 -0400 Subject: Override Content-Type header with proxied requests In-Reply-To: References: Message-ID: <262ee7220b55bfb635c430e46926a002.NginxMailingListEnglish@forum.nginx.org> Hi Wandenberg, As you suggested I added "proxy_hide_header Content-Type;" in location / {} directive and I am getting 200 but how would I check what is the Content-Type. I usually check with curl command. But with curl command I don't find the Content-Type since it is hidden now. Is there any other way to confirm the changes? [root at LOCALHOST ~]# curl -v http://www.aaa.com/aaa/bbb/ccc/ddd/eee/fff.json * Hostname was NOT found in DNS cache * Trying 5.5.5.5... * Connected to www.aaa.com (5.5.5.5) port 80 (#0) > GET /content/unittests/maja-test/essdev-2668/test2.json HTTP/1.1 > User-Agent: curl/7.36.0 > Host: www.aaa.com > Accept: */* > < HTTP/1.1 200 OK * Server nginx is not blacklisted < Server: nginx < Date: Thu, 07 Aug 2014 18:06:53 GMT < Content-Length: 603 < Connection: keep-alive < Keep-Alive: timeout=5 < x-amz-id-2: 6h0Xzm+Sa6+C7fPeocKD0iNJIRhm6thHqa1GJB+aOrOKwrT8T6YL2Lp2M74UlD39 < x-amz-request-id: 62A0E211E69B6F9B < x-amz-meta-md5-hash: ab9b7b2c58d3a481e172aea95b1e87a0 < Last-Modified: Fri, 25 Jul 2014 13:18:14 GMT < ETag: "ab9b7b2c58d3a481e172aea95b1e87a0" < Accept-Ranges: bytes < Expires: Fri, 08 Aug 2014 18:06:53 GMT < { JSON CONTENTS * Connection #0 to host www.aaa.com left intact } --Manish Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239473,252395#msg-252395 From nginx-forum at nginx.us Thu Aug 7 18:30:25 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Thu, 07 Aug 2014 14:30:25 -0400 Subject: Override Content-Type header with proxied requests In-Reply-To: <262ee7220b55bfb635c430e46926a002.NginxMailingListEnglish@forum.nginx.org> References: <262ee7220b55bfb635c430e46926a002.NginxMailingListEnglish@forum.nginx.org> Message-ID: <0c5791aefa1b4924d565436bc2c6000b.NginxMailingListEnglish@forum.nginx.org> Hi Wandenberg, Is there any way to show the Content-Type in the header as well? --Manish Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239473,252396#msg-252396 From nginx-forum at nginx.us Thu Aug 7 19:01:26 2014 From: nginx-forum at nginx.us (itpp2012) Date: Thu, 07 Aug 2014 15:01:26 -0400 Subject: [ANN] Windows nginx 1.7.5.1 WhiteRabbit Message-ID: <8b337487efa53df38d4f37b7a62094c6.NginxMailingListEnglish@forum.nginx.org> 19:48 7-8-2014 nginx 1.7.5.1 WhiteRabbit Based on nginx 1.7.5 (7-8-2014, last changeset 5801:ab48149b77a6) with; + Openssl-1.0.1i (CVE-2014-3508, CVE-2014-5139, CVE-2014-3509, CVE-2014-3505, CVE-2014-3506, CVE-2014-3507, CVE-2014-3510, CVE-2014-3511, CVE-2014-3512) + lua-nginx-module v0.9.11 (upgraded 6-8-2014) + Source changes back ported + Source changes add-on's back ported + Changes for nginx_basic: Source changes back ported * Scheduled release: no (openssl fixes) * Additional specifications: see 'Feature list' Builds can be found here: http://nginx-win.ecsds.eu/ Follow releases https://twitter.com/nginx4Windows Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252397,252397#msg-252397 From nginx-forum at nginx.us Thu Aug 7 20:13:38 2014 From: nginx-forum at nginx.us (talkingnews) Date: Thu, 07 Aug 2014 16:13:38 -0400 Subject: Any suggestions for active Ubuntu nginx-mainline repo? Message-ID: <6f85b666344fed3dec5de7034a8bc33d.NginxMailingListEnglish@forum.nginx.org> For a while I was quite happily using the ubuntu nginx ppa repo to get my nginx mainline fix (https://launchpad.net/~nginx/+archive/ubuntu/development) However, for some weeks now, it seems to have become inactive and "stuck" on 1.7.1. I've tried emailing some of the names connected with it - either no response, or "sorry, not involved any more". I've even tried changing to utopic branch, ie: deb http://ppa.launchpad.net/nginx/development/ubuntu utopic main deb-src http://ppa.launchpad.net/nginx/development/ubuntu utopic main but still 1.7.1. I've had a really good google around, but no luck. To be honest, I'd love a mainline build of nginx-extras that includes google pagespeed module. Yes, I know I could go down the road of compiling it all myself, but I've always ended up with a bit of a mess! Any pointers to nginx-extra Ubuntu repos bring the the 1.7.4 goodness would be appreciated! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252400,252400#msg-252400 From lists at ruby-forum.com Fri Aug 8 06:37:39 2014 From: lists at ruby-forum.com (Gabriel Arrais) Date: Fri, 08 Aug 2014 08:37:39 +0200 Subject: Use /g (global) regex modifier in map Message-ID: Is it possible somehow to use the global modifier in a regex map match? I'm trying to use the map directive to filter the query string leaving my proxy_cache_key with only known parameters. For the first test I've tried to use a map like below to just catch all parameters without really filtering them without success. In this case, the variable $args_filtered ends empty. map $args $args_filtered { "~(?[^=]*=[^&]+)/g" $list; default /; } When I try the same map, without the /g modifier at the end of the expression, the variable $args_filtered ends with only the first query string parameter in it. -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Fri Aug 8 06:49:13 2014 From: nginx-forum at nginx.us (crespin) Date: Fri, 08 Aug 2014 02:49:13 -0400 Subject: Proposal minor patch on ngx_http_upstream.c In-Reply-To: <20140602141857.GB25209@lo0.su> References: <20140602141857.GB25209@lo0.su> Message-ID: <9cbc5a4f956c2f63f246311ef485bb01.NginxMailingListEnglish@forum.nginx.org> Hello, Here is the corresponding patch. Regards, yves # HG changeset patch # User Yves Crespin # Date 1407480323 -7200 # Node ID a62fffc16af816612a4acf34c7a4781f454fa5d1 # Parent 8120c2937062998497546a3ecb38b78bb302fe34 Upstream: ngx_socket_errno can only be used if |recv()| failed if |recv()| is a success, err will have a random value. only debug message are impacted. diff -r 8120c2937062 -r a62fffc16af8 src/http/ngx_http_upstream.c --- a/src/http/ngx_http_upstream.c Thu Aug 07 16:04:07 2014 +0200 +++ b/src/http/ngx_http_upstream.c Fri Aug 08 08:45:23 2014 +0200 @@ -1145,7 +1145,7 @@ n = recv(c->fd, buf, 1, MSG_PEEK); - err = ngx_socket_errno; + err = (n == -1) ? ngx_socket_errno : 0; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, ev->log, err, "http upstream recv(): %d", n); @@ -1175,9 +1175,6 @@ } ev->error = 1; - - } else { /* n == 0 */ - err = 0; } ev->eof = 1; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250570,252403#msg-252403 From nginx-forum at nginx.us Fri Aug 8 06:56:12 2014 From: nginx-forum at nginx.us (crespin) Date: Fri, 08 Aug 2014 02:56:12 -0400 Subject: Initialize ngx_buf_t in ngx_create_temp_buf() Message-ID: <7e58804474d09d4aaa2b9c7ffeeaca66.NginxMailingListEnglish@forum.nginx.org> Hello, I don't understand why b->last is used to initialize b->end. Why it's not : b->end = b->start + size; Regards, yves # HG changeset patch # User Yves Crespin # Date 1407480933 -7200 # Node ID 74265a0edba677c967f532de789a4589436aa5fb # Parent a62fffc16af816612a4acf34c7a4781f454fa5d1 ngx_buf: initialize b->end with b->start diff -r a62fffc16af8 -r 74265a0edba6 src/core/ngx_buf.c --- a/src/core/ngx_buf.c Fri Aug 08 08:45:23 2014 +0200 +++ b/src/core/ngx_buf.c Fri Aug 08 08:55:33 2014 +0200 @@ -37,7 +37,7 @@ b->pos = b->start; b->last = b->start; - b->end = b->last + size; + b->end = b->start + size; b->temporary = 1; return b; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252404,252404#msg-252404 From nginx-forum at nginx.us Fri Aug 8 09:33:37 2014 From: nginx-forum at nginx.us (itpp2012) Date: Fri, 08 Aug 2014 05:33:37 -0400 Subject: gzip if in location example Message-ID: <6af6ace2184f70a47cc1eacfe61dc812.NginxMailingListEnglish@forum.nginx.org> Syntax: gzip on | off; Default: gzip off; Context: http, server, location, if in location Is there an example of this "if in location" usage ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252407,252407#msg-252407 From nginx-forum at nginx.us Fri Aug 8 09:50:04 2014 From: nginx-forum at nginx.us (crespin) Date: Fri, 08 Aug 2014 05:50:04 -0400 Subject: [PATCH] Implemention ngx_strstrn() is no longer exposed Message-ID: <3ea2a54c4ee947327d9cb25ee7156cc5.NginxMailingListEnglish@forum.nginx.org> Hello, Implementing ngx_strstrn () is exposed. This can be misleading. regards, yves # HG changeset patch # User Yves Crespin # Date 1407491120 -7200 # Node ID 505ec91d60fefa776bc2c7fcbd6d980cc85b6b5e # Parent 74265a0edba677c967f532de789a4589436aa5fb Implemention ngx_strstrn() is no longer exposed. The third parameter must be the length of the second string. As usual, the size is provived via sizeof(). diff -r 74265a0edba6 -r 505ec91d60fe src/core/ngx_string.c --- a/src/core/ngx_string.c Fri Aug 08 08:55:33 2014 +0200 +++ b/src/core/ngx_string.c Fri Aug 08 11:45:20 2014 +0200 @@ -655,7 +655,7 @@ /* * ngx_strstrn() and ngx_strcasestrn() are intended to search for static * substring with known length in null-terminated string. The argument n - * must be length of the second substring - 1. + * must be length of the second substring. */ u_char * @@ -675,7 +675,7 @@ } while (c1 != c2); - } while (ngx_strncmp(s1, (u_char *) s2, n) != 0); + } while (ngx_strncmp(s1, (u_char *) s2, n - 1) != 0); return --s1; } diff -r 74265a0edba6 -r 505ec91d60fe src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Fri Aug 08 08:55:33 2014 +0200 +++ b/src/http/ngx_http_request.c Fri Aug 08 11:45:20 2014 +0200 @@ -1667,7 +1667,7 @@ user_agent = h->value.data; - msie = ngx_strstrn(user_agent, "MSIE ", 5 - 1); + msie = ngx_strstrn(user_agent, "MSIE ", sizeof("MSIE") - 1); if (msie && msie + 7 < user_agent + h->value.len) { @@ -1681,7 +1681,7 @@ r->headers_in.msie6 = 1; break; case '6': - if (ngx_strstrn(msie + 8, "SV1", 3 - 1) == NULL) { + if (ngx_strstrn(msie + 8, "SV1", sizeof("SV1") - 1) == NULL) { r->headers_in.msie6 = 1; } break; @@ -1696,7 +1696,7 @@ #endif } - if (ngx_strstrn(user_agent, "Opera", 5 - 1)) { + if (ngx_strstrn(user_agent, "Opera", sizeof("Opera") - 1)) { r->headers_in.opera = 1; r->headers_in.msie = 0; r->headers_in.msie6 = 0; @@ -1704,18 +1704,18 @@ if (!r->headers_in.msie && !r->headers_in.opera) { - if (ngx_strstrn(user_agent, "Gecko/", 6 - 1)) { + if (ngx_strstrn(user_agent, "Gecko/", sizeof("Gecko/") - 1)) { r->headers_in.gecko = 1; - } else if (ngx_strstrn(user_agent, "Chrome/", 7 - 1)) { + } else if (ngx_strstrn(user_agent, "Chrome/", sizeof("Chrome/") - 1)) { r->headers_in.chrome = 1; - } else if (ngx_strstrn(user_agent, "Safari/", 7 - 1) - && ngx_strstrn(user_agent, "Mac OS X", 8 - 1)) + } else if (ngx_strstrn(user_agent, "Safari/", sizeof("Safari/") - 1) + && ngx_strstrn(user_agent, "Mac OS X", sizeof("Mac OS X") - 1)) { r->headers_in.safari = 1; - } else if (ngx_strstrn(user_agent, "Konqueror", 9 - 1)) { + } else if (ngx_strstrn(user_agent, "Konqueror", sizeof("Konqueror") - 1)) { r->headers_in.konqueror = 1; } } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252408,252408#msg-252408 From nginx-forum at nginx.us Fri Aug 8 09:54:59 2014 From: nginx-forum at nginx.us (itpp2012) Date: Fri, 08 Aug 2014 05:54:59 -0400 Subject: gzip if in location example In-Reply-To: <6af6ace2184f70a47cc1eacfe61dc812.NginxMailingListEnglish@forum.nginx.org> References: <6af6ace2184f70a47cc1eacfe61dc812.NginxMailingListEnglish@forum.nginx.org> Message-ID: This I suppose: location / { try_files $uri $uri/ =404; if ($scheme = http) { gzip on; } index index.html index.htm; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252407,252409#msg-252409 From nginx-forum at nginx.us Fri Aug 8 10:01:36 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Fri, 08 Aug 2014 06:01:36 -0400 Subject: NGINX redirection issue In-Reply-To: <4a80293d99d4029863be3236ac4ad323.NginxMailingListEnglish@forum.nginx.org> References: <20140807080359.GN1849@mdounin.ru> <4a80293d99d4029863be3236ac4ad323.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello Maxim, I am getting 499 error when I try using try files directive as you suggested. It got stuck and no response from the server. 50.50.50.50 - - [08/Aug/2014:10:12:01 +0200]"GET /aaa/bbb/ccc/index.html HTTP/1.1" 499 0 "-" "Wget/1.14 (linux-gnu)" 4.678 --Manish Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252379,252410#msg-252410 From al-nginx at none.at Fri Aug 8 10:56:30 2014 From: al-nginx at none.at (Aleksandar Lazic) Date: Fri, 08 Aug 2014 12:56:30 +0200 Subject: Any suggestions for active Ubuntu nginx-mainline repo? In-Reply-To: <6f85b666344fed3dec5de7034a8bc33d.NginxMailingListEnglish@forum.nginx.org> References: <6f85b666344fed3dec5de7034a8bc33d.NginxMailingListEnglish@forum.nginx.org> Message-ID: <188ebcbe59240e86328c6cbde9306473@none.at> Am 07-08-2014 22:13, schrieb talkingnews: > For a while I was quite happily using the ubuntu nginx ppa repo to get > my > nginx mainline fix > (https://launchpad.net/~nginx/+archive/ubuntu/development) [snipp] > Any pointers to nginx-extra Ubuntu repos bring the the 1.7.4 goodness > would > be appreciated! Why don't using the nginx one? http://nginx.org/en/linux_packages.html#mainline Cherrs aleks From mdounin at mdounin.ru Fri Aug 8 11:09:56 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 8 Aug 2014 15:09:56 +0400 Subject: Use /g (global) regex modifier in map In-Reply-To: References: Message-ID: <20140808110956.GP1849@mdounin.ru> Hello! On Fri, Aug 08, 2014 at 08:37:39AM +0200, Gabriel Arrais wrote: > Is it possible somehow to use the global modifier in a regex map match? > > I'm trying to use the map directive to filter the query string leaving > my proxy_cache_key with only known parameters. > > For the first test I've tried to use a map like below to just catch all > parameters without really filtering them without success. In this case, > the variable $args_filtered ends empty. > > map $args $args_filtered { > "~(?[^=]*=[^&]+)/g" $list; > default /; > > } > > > When I try the same map, without the /g modifier at the end of the > expression, the variable $args_filtered ends with only the first query > string parameter in it. No, it's not supported. To use "/g", one have to do regexp matching multiple times and do something with the results of each match, and this isn't something nginx knows how to do. |(In perl, this usually what happens automatically in substitution, "s///", but needs writing code when matching with "m//".) Note well that even if you'll be able to filter arguments, there is an additional problem of order of the arguments. Simpliest way to normalize arguments is to use all of them in proxy_cache_key, like this: proxy_cache_key $proxy_host$uri$is_args$arg_foo:$arg_bar; -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Fri Aug 8 12:58:03 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 8 Aug 2014 16:58:03 +0400 Subject: Initialize ngx_buf_t in ngx_create_temp_buf() In-Reply-To: <7e58804474d09d4aaa2b9c7ffeeaca66.NginxMailingListEnglish@forum.nginx.org> References: <7e58804474d09d4aaa2b9c7ffeeaca66.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140808125803.GQ1849@mdounin.ru> Hello! On Fri, Aug 08, 2014 at 02:56:12AM -0400, crespin wrote: > Hello, > > I don't understand why b->last is used to initialize b->end. > Why it's not : > b->end = b->start + size; There is no real difference, though current code produces 1 less assembly instruction at least on gcc 4.2 with -O1 / -O2: .loc 1 39 0 movl %eax, 4(%ebx) .loc 1 40 0 - addl 12(%ebp), %eax + movl 12(%ebp), %eax + addl 24(%ebx), %eax movl %eax, 28(%ebx) .loc 1 41 0 orb $1, 44(%ebx) There is no difference in code generated by gcc 4.9, as expected. Quick look shows that the code dates back to the most recent snapshot available, and at that time it just used the matching value which was set last: h->pre_start = ngx_palloc(pool, size + before + after); h->start = h->pos.p = h->last.p = h->pre_start + before; h->end = h->last.p + size; h->post_end = h->end + after; Since then the code was simplified, but using of the value that is set last seems to be still slightly beneficial in some cases. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Fri Aug 8 13:04:39 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 8 Aug 2014 17:04:39 +0400 Subject: [PATCH] Implemention ngx_strstrn() is no longer exposed In-Reply-To: <3ea2a54c4ee947327d9cb25ee7156cc5.NginxMailingListEnglish@forum.nginx.org> References: <3ea2a54c4ee947327d9cb25ee7156cc5.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140808130439.GR1849@mdounin.ru> Hello! On Fri, Aug 08, 2014 at 05:50:04AM -0400, crespin wrote: > Hello, > > Implementing ngx_strstrn () is exposed. This can be misleading. > > regards, > > yves > > > # HG changeset patch > # User Yves Crespin > # Date 1407491120 -7200 > # Node ID 505ec91d60fefa776bc2c7fcbd6d980cc85b6b5e > # Parent 74265a0edba677c967f532de789a4589436aa5fb > Implemention ngx_strstrn() is no longer exposed. > > The third parameter must be the length of the second string. > As usual, the size is provived via sizeof(). No, thanks. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Fri Aug 8 13:23:00 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Fri, 08 Aug 2014 09:23:00 -0400 Subject: Override Content-Type header with proxied requests In-Reply-To: <0c5791aefa1b4924d565436bc2c6000b.NginxMailingListEnglish@forum.nginx.org> References: <262ee7220b55bfb635c430e46926a002.NginxMailingListEnglish@forum.nginx.org> <0c5791aefa1b4924d565436bc2c6000b.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello wandenberg, This procedure is not working for internet explorer. The CSS are not loading properly. so we have to somehow get the Content-Type in the header. Is there anything we can use? --Manish Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239473,252416#msg-252416 From mdounin at mdounin.ru Fri Aug 8 14:51:47 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 8 Aug 2014 18:51:47 +0400 Subject: NGINX redirection issue In-Reply-To: <4a80293d99d4029863be3236ac4ad323.NginxMailingListEnglish@forum.nginx.org> References: <20140807080359.GN1849@mdounin.ru> <4a80293d99d4029863be3236ac4ad323.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140808145147.GT1849@mdounin.ru> Hello! On Thu, Aug 07, 2014 at 12:02:43PM -0400, manish-ezest wrote: > Hello Maxim, > > Thank you for your response. Here is the my nginx settings [...] > server { > listen 80; > server_name www-aaa.com; Note that server_name doesn't match domain in logs you've provided and in other parts of your config. [...] > proxy_intercept_errors on; > error_page 400 401 402 403 404 406 407 408 409 410 411 412 413 414 415 416 > 417 495 496 497 500 501 502 503 504 505 506 507 = /error_page.pl; > error_page 405 =200 $uri; I don't see anything in the config provided which may trigger internal redirect to "/index.html" except this "error_page 405 =200 $uri". But this shouldn't trigger a loop unless you are also using "recursive_error_pages", which is off by default. Are you sure you are looking into the right config? -- Maxim Dounin http://nginx.org/ From lists at ruby-forum.com Fri Aug 8 15:06:55 2014 From: lists at ruby-forum.com (Gabriel Arrais) Date: Fri, 08 Aug 2014 17:06:55 +0200 Subject: Use /g (global) regex modifier in map In-Reply-To: <20140808110956.GP1849@mdounin.ru> References: <20140808110956.GP1849@mdounin.ru> Message-ID: <7f80f4f7ee1f1b2eaa6866381cdd5495@ruby-forum.com> Hi Maxim, first thank you very much for your answer! Maxim Dounin wrote in post #1154662: > Hello! > ... > Note well that even if you'll be able to filter arguments, there > is an additional problem of order of the arguments. > The same problem would occur using the variable $args right? > Simpliest way to normalize arguments is to use all of them in > proxy_cache_key, like this: > > proxy_cache_key $proxy_host$uri$is_args$arg_foo:$arg_bar; > I've tried this, but it seems that nginx only catches the first occurence of the parameter, resulting in 2 different requests cached with the same key. Example: ?fq=xxxxxx&sm=0&PageNumber=1 and ?fq=xxxxxx&sm=0&PageNumber=1&fq=yyyyyyyyyy Are returning the same content. Is there a way to avoid this behavior? -- Posted via http://www.ruby-forum.com/. From mdounin at mdounin.ru Fri Aug 8 15:37:31 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 8 Aug 2014 19:37:31 +0400 Subject: [PATCH] proposal to remove unused macro ngx_sleep() In-Reply-To: References: Message-ID: <20140808153731.GU1849@mdounin.ru> Hello! On Thu, Aug 07, 2014 at 10:05:16AM -0400, crespin wrote: > Hello, > > ngx_sleep() macro is unused. > > regards, > > yves > > > # HG changeset patch > # User Yves Crespin > # Date 1407420247 -7200 > # Node ID 8120c2937062998497546a3ecb38b78bb302fe34 > # Parent 97fcc94109c0ea7b929f7fa5a8c7ee95ecf7cb5c > remove unused ngx_sleep() macro > > In win32 implementation, even for a long sleep (60s), ngx_msleep() > is used instead of ngx_sleep(). > Implementation of |sleep()| can use |SIGALRM| and it's used in nginx. I would rather not. It's sometimes useful for debugging. -- Maxim Dounin http://nginx.org/ From wandenberg at gmail.com Fri Aug 8 15:43:18 2014 From: wandenberg at gmail.com (Wandenberg Peixoto) Date: Fri, 8 Aug 2014 12:43:18 -0300 Subject: Override Content-Type header with proxied requests In-Reply-To: References: <262ee7220b55bfb635c430e46926a002.NginxMailingListEnglish@forum.nginx.org> <0c5791aefa1b4924d565436bc2c6000b.NginxMailingListEnglish@forum.nginx.org> Message-ID: One question, your backend are sending the content-type header if you made the request to it? If yes, the value is right? If not, I think the problem is on backend configuration. You can set it on the nginx using the map like I suggest, but will have to add all possible file types on the map, like map $uri $custom_content_type { default "text/html"; ~(.*\.json)$ "application/json"; ~(.*\.css)$ "text/css"; ~(.*\.js)$ "application/javascript"; # and all other formats } But I suggest to check the configuration on Backend server. On Fri, Aug 8, 2014 at 10:23 AM, manish-ezest wrote: > Hello wandenberg, > > This procedure is not working for internet explorer. The CSS are not > loading > properly. so we have to somehow get the Content-Type in the header. Is > there > anything we can use? > > --Manish > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,239473,252416#msg-252416 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Fri Aug 8 16:14:52 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 8 Aug 2014 20:14:52 +0400 Subject: Use /g (global) regex modifier in map In-Reply-To: <7f80f4f7ee1f1b2eaa6866381cdd5495@ruby-forum.com> References: <20140808110956.GP1849@mdounin.ru> <7f80f4f7ee1f1b2eaa6866381cdd5495@ruby-forum.com> Message-ID: <20140808161452.GV1849@mdounin.ru> Hello! On Fri, Aug 08, 2014 at 05:06:55PM +0200, Gabriel Arrais wrote: > Hi Maxim, first thank you very much for your answer! > > > Maxim Dounin wrote in post #1154662: > > Hello! > > ... > > Note well that even if you'll be able to filter arguments, there > > is an additional problem of order of the arguments. > > > > The same problem would occur using the variable $args right? Sure. > > Simpliest way to normalize arguments is to use all of them in > > proxy_cache_key, like this: > > > > proxy_cache_key $proxy_host$uri$is_args$arg_foo:$arg_bar; > > > > I've tried this, but it seems that nginx only catches the first > occurence of the parameter, resulting in 2 different requests cached > with the same key. > > Example: > ?fq=xxxxxx&sm=0&PageNumber=1 and > ?fq=xxxxxx&sm=0&PageNumber=1&fq=yyyyyyyyyy > > Are returning the same content. Is there a way to avoid this behavior? There is no easy one, as nginx itself doesn't know how to work with multiple arguments with the same name. You may try to build a regex to extract second argument with the given name (3rd, 4th, and so on) and include these into the cache key as well. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Fri Aug 8 16:49:07 2014 From: nginx-forum at nginx.us (matt_l) Date: Fri, 08 Aug 2014 12:49:07 -0400 Subject: Can NGINX add an empty payload Message-ID: <846423d4dc3839f3e7921dbcfc187bd9.NginxMailingListEnglish@forum.nginx.org> Hello I have taken the NGINX training but the following question was not covered. I am hoping I can get some help from the community. Thank you in advance. Can NGINX add empty (or static non empty) payload to a request when proxying to a server in the Location directive (or elsewhere) For example Client => NGINX => Server Client sends http://example.com/some/path NGINX adds -d '{"version": "1.1"}' -H "Content-Type: application/json" Server receives http://example.com/some/path -d '{"version": "1.1"}' -H "Content-Type: application/json" The reason why I am asking is because I have a client that sends requests without payload and the server expects that payload exists (even if it does not get processed) Thank you for your help Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252428,252428#msg-252428 From mdounin at mdounin.ru Fri Aug 8 17:15:58 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 8 Aug 2014 21:15:58 +0400 Subject: Can NGINX add an empty payload In-Reply-To: <846423d4dc3839f3e7921dbcfc187bd9.NginxMailingListEnglish@forum.nginx.org> References: <846423d4dc3839f3e7921dbcfc187bd9.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140808171558.GY1849@mdounin.ru> Hello! On Fri, Aug 08, 2014 at 12:49:07PM -0400, matt_l wrote: > Hello > > I have taken the NGINX training but the following question was not covered. > I am hoping I can get some help from the community. Thank you in advance. > > Can NGINX add empty (or static non empty) payload to a request when proxying > to a server in the Location directive (or elsewhere) > > For example > > Client => NGINX => Server > > Client sends http://example.com/some/path > NGINX adds -d '{"version": "1.1"}' -H "Content-Type: application/json" > Server receives http://example.com/some/path -d '{"version": "1.1"}' -H > "Content-Type: application/json" > > The reason why I am asking is because I have a client that sends requests > without payload and the server expects that payload exists (even if it does > not get processed) This should be possible with proxy_set_header and proxy_set_body, see here: http://nginx.org/r/proxy_set_body http://nginx.org/r/proxy_set_header -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Fri Aug 8 18:14:15 2014 From: nginx-forum at nginx.us (talkingnews) Date: Fri, 08 Aug 2014 14:14:15 -0400 Subject: Any suggestions for active Ubuntu nginx-mainline repo? In-Reply-To: <188ebcbe59240e86328c6cbde9306473@none.at> References: <188ebcbe59240e86328c6cbde9306473@none.at> Message-ID: <599b2ca90891cd67910a15cff47ba811.NginxMailingListEnglish@forum.nginx.org> Aleksandar Lazic Wrote: > Why don't using the nginx one? I would love to, but I tried before and I couldn't install nginx-extras, and I still don't see nginx-extras in the repo. Am I missing something? I rely heavily on several of the modules compiled into extras, so this is crucial for me. Which is why I switched to the Ubuntu repo, but now they have stopped building :( Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252412,252431#msg-252431 From lists at ruby-forum.com Fri Aug 8 18:27:54 2014 From: lists at ruby-forum.com (Gabriel Arrais) Date: Fri, 08 Aug 2014 20:27:54 +0200 Subject: Use /g (global) regex modifier in map In-Reply-To: <20140808161452.GV1849@mdounin.ru> References: <20140808110956.GP1849@mdounin.ru> <7f80f4f7ee1f1b2eaa6866381cdd5495@ruby-forum.com> <20140808161452.GV1849@mdounin.ru> Message-ID: Maxim Dounin wrote in post #1154691: > Hello! > > On Fri, Aug 08, 2014 at 05:06:55PM +0200, Gabriel Arrais wrote: > >> The same problem would occur using the variable $args right? > Sure. > >> Example: >> ?fq=xxxxxx&sm=0&PageNumber=1 and >> ?fq=xxxxxx&sm=0&PageNumber=1&fq=yyyyyyyyyy >> >> Are returning the same content. Is there a way to avoid this behavior? > > There is no easy one, as nginx itself doesn't know how to work > with multiple arguments with the same name. You may try to build > a regex to extract second argument with the given name (3rd, 4th, > and so on) and include these into the cache key as well. > I think that it would end in a complicated solution this way... Do you think that a perl code like perl_set $filtered_args ' sub { my $r = shift; my $args=$r->args; my @parts = $args =~ /[DESIRED_REGEX]/g; @parts = sort @parts; $filtered_args = join("&", @parts); return $filtered_args; } '; proxy_cache_key $host:$uri?$filtered_args; Will do the job? I'm trying it right now. Again, thank you for your time. -- Posted via http://www.ruby-forum.com/. From mdounin at mdounin.ru Fri Aug 8 18:46:57 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 8 Aug 2014 22:46:57 +0400 Subject: Use /g (global) regex modifier in map In-Reply-To: References: <20140808110956.GP1849@mdounin.ru> <7f80f4f7ee1f1b2eaa6866381cdd5495@ruby-forum.com> <20140808161452.GV1849@mdounin.ru> Message-ID: <20140808184657.GZ1849@mdounin.ru> Hello! On Fri, Aug 08, 2014 at 08:27:54PM +0200, Gabriel Arrais wrote: > Maxim Dounin wrote in post #1154691: > > Hello! > > > > On Fri, Aug 08, 2014 at 05:06:55PM +0200, Gabriel Arrais wrote: > > > >> The same problem would occur using the variable $args right? > > Sure. > > > >> Example: > >> ?fq=xxxxxx&sm=0&PageNumber=1 and > >> ?fq=xxxxxx&sm=0&PageNumber=1&fq=yyyyyyyyyy > >> > >> Are returning the same content. Is there a way to avoid this behavior? > > > > There is no easy one, as nginx itself doesn't know how to work > > with multiple arguments with the same name. You may try to build > > a regex to extract second argument with the given name (3rd, 4th, > > and so on) and include these into the cache key as well. > > > > I think that it would end in a complicated solution this way... > > Do you think that a perl code like > > perl_set $filtered_args ' > sub { > my $r = shift; > my $args=$r->args; > > my @parts = $args =~ /[DESIRED_REGEX]/g; > @parts = sort @parts; > $filtered_args = join("&", @parts); > return $filtered_args; > } > '; > proxy_cache_key $host:$uri?$filtered_args; > > Will do the job? Doing this with embedded perl snippet will be more or less trivial, yes. Note though that in case of multiple arguments with the same name it may be important to preserve their order. I also suspect that split() + grep may be better/easier than a single regular expression to match all needed arguments. -- Maxim Dounin http://nginx.org/ From lists at ruby-forum.com Fri Aug 8 19:59:47 2014 From: lists at ruby-forum.com (Gabriel Arrais) Date: Fri, 08 Aug 2014 21:59:47 +0200 Subject: Use /g (global) regex modifier in map In-Reply-To: <20140808184657.GZ1849@mdounin.ru> References: <20140808110956.GP1849@mdounin.ru> <7f80f4f7ee1f1b2eaa6866381cdd5495@ruby-forum.com> <20140808161452.GV1849@mdounin.ru> <20140808184657.GZ1849@mdounin.ru> Message-ID: Maxim Dounin wrote in post #1154708: > Hello! > > On Fri, Aug 08, 2014 at 08:27:54PM +0200, Gabriel Arrais wrote: > >> >> ?fq=xxxxxx&sm=0&PageNumber=1&fq=yyyyyyyyyy >> >> return $filtered_args; >> } >> '; >> proxy_cache_key $host:$uri?$filtered_args; >> >> Will do the job? > > Doing this with embedded perl snippet will be more or less > trivial, yes. Note though that in case of multiple arguments with > the same name it may be important to preserve their order. In our case the order is not important, so the cache performance talks louder =) > I also suspect that split() + grep may be better/easier than a > single regular expression to match all needed arguments. Yes, certainly it would be easier. Again, thank you so much for the quick responses and the attention. -- Posted via http://www.ruby-forum.com/. From kurt at x64architecture.com Fri Aug 8 20:13:42 2014 From: kurt at x64architecture.com (Kurt Cancemi) Date: Fri, 8 Aug 2014 16:13:42 -0400 Subject: Any suggestions for active Ubuntu nginx-mainline repo? In-Reply-To: <599b2ca90891cd67910a15cff47ba811.NginxMailingListEnglish@forum.nginx.org> References: <188ebcbe59240e86328c6cbde9306473@none.at> <599b2ca90891cd67910a15cff47ba811.NginxMailingListEnglish@forum.nginx.org> Message-ID: The nginx-extras package is only available in the nginx ppa. The official nginx package only provides a vanilla nginx install (no third party modules). --- Kurt Cancemi http://www.getwnmp.org On Fri, Aug 8, 2014 at 2:14 PM, talkingnews wrote: > Aleksandar Lazic Wrote: > >> Why don't using the nginx one? > > I would love to, but I tried before and I couldn't install nginx-extras, and > I still don't see nginx-extras in the repo. Am I missing something? > I rely heavily on several of the modules compiled into extras, so this is > crucial for me. Which is why I switched to the Ubuntu repo, but now they > have stopped building :( > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252412,252431#msg-252431 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Fri Aug 8 20:57:31 2014 From: nginx-forum at nginx.us (talkingnews) Date: Fri, 08 Aug 2014 16:57:31 -0400 Subject: Any suggestions for active Ubuntu nginx-mainline repo? In-Reply-To: References: Message-ID: <92eeb47b0e0bbd2c6d1bd673273b58d6.NginxMailingListEnglish@forum.nginx.org> x64architecture Wrote: ------------------------------------------------------- > The nginx-extras package is only available in the nginx ppa. The > official nginx package only provides a vanilla nginx install (no third > party modules). Ah, OK. Thank you. Bad news then. If the nginx ppa has stopped updating, then I guess the only option is for me to get familiar with custom builds. Wish me luck! :) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252412,252436#msg-252436 From kworthington at gmail.com Sat Aug 9 02:07:21 2014 From: kworthington at gmail.com (Kevin Worthington) Date: Fri, 8 Aug 2014 22:07:21 -0400 Subject: [nginx-announce] nginx-1.6.1 In-Reply-To: <20140805135643.GL1849@mdounin.ru> References: <20140805135643.GL1849@mdounin.ru> Message-ID: Hello Nginx users, Now available: Nginx 1.6.1 for Windows http://goo.gl/u4X4Pl (32-bit and 64-bit versions) These versions are to support legacy users who are already using Cygwin based builds of Nginx. Officially supported native Windows binaries are at nginx.org. Announcements are also available via: Twitter http://twitter.com/kworthington Google+ https://plus.google.com/+KevinWorthington/ Thank you, Kevin -- Kevin Worthington kworthington *@* (gmail] [dot} {com) http://kevinworthington.com/ http://twitter.com/kworthington https://plus.google.com/+KevinWorthington/ On Tue, Aug 5, 2014 at 9:56 AM, Maxim Dounin wrote: > Changes with nginx 1.6.1 05 Aug > 2014 > > *) Security: pipelined commands were not discarded after STARTTLS > command in SMTP proxy (CVE-2014-3556); the bug had appeared in > 1.5.6. > Thanks to Chris Boulton. > > *) Bugfix: the $uri variable might contain garbage when returning > errors > with code 400. > Thanks to Sergey Bobrov. > > *) Bugfix: in the "none" parameter in the "smtp_auth" directive; the > bug > had appeared in 1.5.6. > Thanks to Svyatoslav Nikolsky. > > > -- > Maxim Dounin > http://nginx.org/en/donation.html > > _______________________________________________ > nginx-announce mailing list > nginx-announce at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-announce > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kworthington at gmail.com Sat Aug 9 02:26:08 2014 From: kworthington at gmail.com (Kevin Worthington) Date: Fri, 8 Aug 2014 22:26:08 -0400 Subject: [nginx-announce] nginx-1.7.4 In-Reply-To: <20140805135609.GH1849@mdounin.ru> References: <20140805135609.GH1849@mdounin.ru> Message-ID: Hello Nginx users, Now available: Nginx 1.7.4 for Windows http://goo.gl/sj1eGt (32-bit and 64-bit versions) These versions are to support legacy users who are already using Cygwin based builds of Nginx. Officially supported native Windows binaries are at nginx.org. Announcements are also available via: Twitter http://twitter.com/kworthington Google+ https://plus.google.com/+KevinWorthington/ Thank you, Kevin -- Kevin Worthington kworthington *@* (gmail] [dot} {com) http://kevinworthington.com/ http://twitter.com/kworthington https://plus.google.com/+KevinWorthington/ On Tue, Aug 5, 2014 at 9:56 AM, Maxim Dounin wrote: > Changes with nginx 1.7.4 05 Aug > 2014 > > *) Security: pipelined commands were not discarded after STARTTLS > command in SMTP proxy (CVE-2014-3556); the bug had appeared in > 1.5.6. > Thanks to Chris Boulton. > > *) Change: URI escaping now uses uppercase hexadecimal digits. > Thanks to Piotr Sikora. > > *) Feature: now nginx can be build with BoringSSL and LibreSSL. > Thanks to Piotr Sikora. > > *) Bugfix: requests might hang if resolver was used and a DNS server > returned a malformed response; the bug had appeared in 1.5.8. > > *) Bugfix: in the ngx_http_spdy_module. > Thanks to Piotr Sikora. > > *) Bugfix: the $uri variable might contain garbage when returning > errors > with code 400. > Thanks to Sergey Bobrov. > > *) Bugfix: in error handling in the "proxy_store" directive and the > ngx_http_dav_module. > Thanks to Feng Gu. > > *) Bugfix: a segmentation fault might occur if logging of errors to > syslog was used; the bug had appeared in 1.7.1. > > *) Bugfix: the $geoip_latitude, $geoip_longitude, $geoip_dma_code, and > $geoip_area_code variables might not work. > Thanks to Yichun Zhang. > > *) Bugfix: in memory allocation error handling. > Thanks to Tatsuhiko Kubo and Piotr Sikora. > > > -- > Maxim Dounin > http://nginx.org/en/donation.html > > _______________________________________________ > nginx-announce mailing list > nginx-announce at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx-announce > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Sat Aug 9 02:34:06 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Fri, 08 Aug 2014 22:34:06 -0400 Subject: Override Content-Type header with proxied requests In-Reply-To: References: Message-ID: Hello Wandenberg, Yes, the back-end(s3 bucket) is sending Content-Type header for each request and what I heard from the developers that the header is must for the site to work properly. The issue started when I got the request of enabling content-type header of all the json files to application/json. As the default content-type in NGINX is application/octet-stream, the JSON files are served as application/octet-stream. The jquery uses content-type header to identify the JSOn files and due to the application/octet-stream content type it is not able to identify the JSOn files. I tried many options but each time one of the features(html files got downloaded, CSS not loaded, CSS problem in internet explorer) got impacted. I will try adding all the mime types to the map directive and will let you know the result. Here is my nginx.conf and vhost file for your reference **************my NGINX.conf******************** user nginx; worker_processes 1; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; worker_rlimit_nofile 30000; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format combined_time '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" $request_time'; access_log /var/log/nginx/access.log combined_time; include /etc/nginx/servers/*.conf; } ********************************************** ******************************VHOST SETTING***** server { listen 80; server_name www-aaa.com; add_header Cache-Control off; expires 1d; root /var/empty; error_log /var/log/nginx/www.aaa.com-error.log; access_log /var/log/nginx/www.aaa.com-access.log combined_time; location = /favicon.ico { root /www; } proxy_intercept_errors on; error_page 400 401 402 403 404 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497 500 501 502 503 504 505 506 507 = /error_page.pl; error_page 405 =200 $uri; location /error_page.pl { fastcgi_pass 127.0.0.1:8999; fastcgi_param REQUEST_URI $request_uri; fastcgi_pass_header "Status"; } location / { proxy_redirect off; proxy_set_header Host www.aaa.com.s3.amazonaws.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer www.aaa.com; proxy_pass http://www.aaa.com.s3.amazonaws.com/; add_header Access-Control-Allow-Origin *; } } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239473,252439#msg-252439 From nginx-forum at nginx.us Sat Aug 9 02:49:15 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Fri, 08 Aug 2014 22:49:15 -0400 Subject: NGINX redirection issue In-Reply-To: <20140808145147.GT1849@mdounin.ru> References: <20140808145147.GT1849@mdounin.ru> Message-ID: <51e7a53f26f73547ec83f5cded8f7c7a.NginxMailingListEnglish@forum.nginx.org> Hello Maxim, The server_name(website) is a dummy name as I don't want to disclose the site name. I might have mistaken while editing the name. But I ensure you that the logs I have provided is correct. I am pasting my original configuration which is working like a charm. If I change anything from it like adding try_files as you suggested, or some rewrite rule for removing .html extension in location / {} directive, causes either 499(mostly) or "750 rewrite or internal redirection cycle" error. I am not able to figure out what actually causing the issue. **************my NGINX.conf******************** user nginx; worker_processes 1; error_log /var/log/nginx/error.log notice; pid /var/run/nginx.pid; worker_rlimit_nofile 30000; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] $request ' '"$status" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format combined_time '$remote_addr - $remote_user [$time_local]' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" $request_time'; access_log /var/log/nginx/access.log combined_time; include /etc/nginx/servers/*.conf; } ********************************************** ******************************VHOST SETTING***** server { listen 80; server_name www.aaa.com; add_header Cache-Control off; expires 1d; root /var/empty; error_log /var/log/nginx/www.aaa.com-error.log; access_log /var/log/nginx/www.aaa.com-access.log combined_time; location = /favicon.ico { root /www; } proxy_intercept_errors on; error_page 400 401 402 403 404 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497 500 501 502 503 504 505 506 507 = /error_page.pl; error_page 405 =200 $uri; location /error_page.pl { fastcgi_pass 127.0.0.1:8999; fastcgi_param REQUEST_URI $request_uri; fastcgi_pass_header "Status"; } location / { ## Rewrite root to index of bbb folder. rewrite ^/$ http://www.aaa.com/aaaa/bbb/index.html permanent; ## Rewrite all directory lookups to 'index.html' rewrite ^(.*)/$ $1/index.html permanent; ## Rewrite all open strings to index.html rewrite ^(.*)/([^\.\?/]+)$ $1/$2/index.html permanent; proxy_redirect off; proxy_set_header Host www.aaa.com.s3.amazonaws.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Referer www.aaa.com; proxy_pass http://www.aaa.com.s3.amazonaws.com/; add_header Access-Control-Allow-Origin *; } } --Manish Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252379,252440#msg-252440 From dev.panky2014 at gmail.com Sat Aug 9 13:19:05 2014 From: dev.panky2014 at gmail.com (Pankaj Kaushik) Date: Sat, 9 Aug 2014 18:49:05 +0530 Subject: Regarding ERROR: XmlParseFailure Message-ID: Hi, I am getting this error : ERROR: XmlParseFailure Can anybody please let me know what is the issue? Below is my nginx.conf. map $uri $key2 { ~^(?/[^/]+)/ $key; default ""; } upstream backend { hash $key2 consistent; server 10.0.0.22:8080; server 10.0.0.23:8080; server 10.0.0.24:8080; server 10.0.0.25:8080; server 10.0.0.26:8080; } server { listen 90 default_server; location $uri { proxy_pass http://backend; } } Thanks, Panky -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev.panky2014 at gmail.com Sat Aug 9 13:38:55 2014 From: dev.panky2014 at gmail.com (Pankaj Kaushik) Date: Sat, 9 Aug 2014 19:08:55 +0530 Subject: Regarding ERROR: XmlParseFailure In-Reply-To: References: Message-ID: Hi, Also when i checked the error log, the client request is not going to any upstream server. Instead it is routing to some default location. 2014/08/09 06:31:55 [info] 32681#0: *2 client 14.102.112.84 closed keepalive connection 2014/08/09 06:36:13 [notice] 329#0: signal process started 2014/08/09 06:36:13 [notice] 32669#0: signal 1 (SIGHUP) received, reconfiguring 2014/08/09 06:36:13 [notice] 32669#0: reconfiguring 2014/08/09 06:36:13 [notice] 32669#0: using the "epoll" event method 2014/08/09 06:36:13 [notice] 32669#0: start worker processes 2014/08/09 06:36:13 [notice] 32669#0: start worker process 330 2014/08/09 06:36:14 [notice] 32681#0: gracefully shutting down 2014/08/09 06:36:14 [notice] 32681#0: exiting 2014/08/09 06:36:14 [notice] 32681#0: exit 2014/08/09 06:36:14 [notice] 32669#0: signal 17 (SIGCHLD) received 2014/08/09 06:36:14 [notice] 32669#0: worker process 32681 exited with code 0 2014/08/09 06:36:14 [notice] 32669#0: signal 29 (SIGIO) received 2014/08/09 06:36:19 [error] 330#0: *3 "/etc/nginx/html/index.html" is not found (2: No such file or directory), client: 14.102.112.84, server: , request: "GET / HTTP/1.1", host: "65.60.72.19:90" 2014/08/09 06:36:19 [info] 330#0: *3 client 14.102.112.84 closed keepalive connection Why it is happening? Thanks, Panky On Sat, Aug 9, 2014 at 6:44 PM, Pankaj Kaushik wrote: > Hi, > > I am getting this error : *ERROR: XmlParseFailure* > > Can anybody please let me know what is the issue? > > Below is my nginx.conf. > > map $uri $key2 { > ~^(?/[^/]+)/ $key; > default ""; > } > upstream backend { > hash $key2 consistent; > server 10.0.0.22:8080; > server 10.0.0.23:8080; > server 10.0.0.24:8080; > server 10.0.0.25:8080; > server 10.0.0.26:8080; > } > > server { > listen 90 default_server; > > location $uri { > proxy_pass http://backend; > } > > } > > Thanks, > Panky > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Sat Aug 9 16:18:20 2014 From: nginx-forum at nginx.us (khine) Date: Sat, 09 Aug 2014 12:18:20 -0400 Subject: nginx as a proxy to node.js application - server busy Message-ID: <307dbc00c30a2d11a00d85749c38c3cd.NginxMailingListEnglish@forum.nginx.org> I have a freebsd server running two jails on one jail i have nginx and and on the other jail i am running a node.js application. Here is the nginx.conf file: https://gist.github.com/nkhine/f620f8bdc0fb613b7b59 when viewing the site, every other request seems to time out and i get `The connection has timed out` message. is there anything obvious i am doing incorrectly? all css and javascripts are served by nginx, as i have loaded the public/views directory as read only into /var/www inside the web server jail any advice on how i can improve this is much appreciated. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252446,252446#msg-252446 From nginx-forum at nginx.us Sat Aug 9 18:19:32 2014 From: nginx-forum at nginx.us (mastercan) Date: Sat, 09 Aug 2014 14:19:32 -0400 Subject: Building nginx with TCP_FASTOPEN enabled Message-ID: <8fb9f5b7bddc4ca9ab6d185e4388d6ec.NginxMailingListEnglish@forum.nginx.org> Hello, I've tried to use "fastopen" in the listen directive but nginx gave me an error that the option is unkown. I'm using nginx 1.7.4 on Debian Wheezy 3.14.13 kernel. I've compiled nginx myself. When I run the configure command, I get: "checking for TCP_FASTOPEN ... not found" 'cat /proc/sys/net/ipv4/tcp_fastopen' gives me "3" - I also tried it with the value "2". Why does my system not support TCP fastopen? My kernel is recent enough... thank you, Can Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252447,252447#msg-252447 From francis at daoine.org Sat Aug 9 21:53:19 2014 From: francis at daoine.org (Francis Daly) Date: Sat, 9 Aug 2014 22:53:19 +0100 Subject: Regarding ERROR: XmlParseFailure In-Reply-To: References: Message-ID: <20140809215319.GI3108@daoine.org> On Sat, Aug 09, 2014 at 07:08:55PM +0530, Pankaj Kaushik wrote: Hi there, > Also when i checked the error log, the client request is not going to any > upstream server. Instead it is routing to some default location. > request: "GET / HTTP/1.1", host: "65.60.72.19:90" > Why it is happening? Your request is for "/". The only location block you have is a prefix match for the four-character string "$uri", which does not match your request, so the request is processed by the default server-level configuration. f -- Francis Daly francis at daoine.org From mdounin at mdounin.ru Sun Aug 10 00:33:00 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 10 Aug 2014 04:33:00 +0400 Subject: Building nginx with TCP_FASTOPEN enabled In-Reply-To: <8fb9f5b7bddc4ca9ab6d185e4388d6ec.NginxMailingListEnglish@forum.nginx.org> References: <8fb9f5b7bddc4ca9ab6d185e4388d6ec.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140810003300.GB1849@mdounin.ru> Hello! On Sat, Aug 09, 2014 at 02:19:32PM -0400, mastercan wrote: > Hello, > > I've tried to use "fastopen" in the listen directive but nginx gave me an > error that the option is unkown. > > I'm using nginx 1.7.4 on Debian Wheezy 3.14.13 kernel. > > I've compiled nginx myself. > When I run the configure command, I get: > "checking for TCP_FASTOPEN ... not found" > > 'cat /proc/sys/net/ipv4/tcp_fastopen' gives me "3" - I also tried it with > the value "2". > > Why does my system not support TCP fastopen? My kernel is recent enough... Try looking into objs/autoconf.err, it has details about configure test failures. Most likely, the TCP_FASTOPEN constant isn't defined since your glibc isn't recent enough, something like 2.18+ is needed. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Sun Aug 10 01:10:55 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 10 Aug 2014 05:10:55 +0400 Subject: NGINX redirection issue In-Reply-To: <51e7a53f26f73547ec83f5cded8f7c7a.NginxMailingListEnglish@forum.nginx.org> References: <20140808145147.GT1849@mdounin.ru> <51e7a53f26f73547ec83f5cded8f7c7a.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140810011055.GD1849@mdounin.ru> Hello! On Fri, Aug 08, 2014 at 10:49:15PM -0400, manish-ezest wrote: > Hello Maxim, > > The server_name(website) is a dummy name as I don't want to disclose the > site name. I might have mistaken while editing the name. But I ensure you > that the logs I have provided is correct. I am pasting my original Editing configs and logs is usually very bad idea. Instead, it's much better to reproduce the problem in a sandbox which doesn't contain information you don't want to share. > configuration which is working like a charm. If I change anything from it > like adding try_files as you suggested, or some rewrite rule for removing > .html extension in location / {} directive, causes either 499(mostly) or > "750 rewrite or internal redirection cycle" error. I am not able to figure > out what actually causing the issue. There is a number of ways to find it out, and most powerful one is debugging log, see here: http://nginx.org/en/docs/debugging_log.html [...] > proxy_pass http://www.aaa.com.s3.amazonaws.com/; Note well that try_files (and index) won't work if you don't actually have files, but proxy everything to another server. -- Maxim Dounin http://nginx.org/ From flygoast at 126.com Sun Aug 10 03:35:06 2014 From: flygoast at 126.com (flygoast) Date: Sun, 10 Aug 2014 11:35:06 +0800 (CST) Subject: Override Content-Type header with proxied requests In-Reply-To: References: Message-ID: <53860ec0.82b.147bdfbe028.Coremail.flygoast@126.com> I wrote a module to process the problem ena.https://github.com/flygoast/ngx_http_types_filter our configuration in production like this: location / { types_filter $uri; ...... proxy_pass http://down_server; } At 2014-08-09 10:34:06,manish-ezest wrote: >Hello Wandenberg, > >Yes, the back-end(s3 bucket) is sending Content-Type header for each request >and what I heard from the developers that the header is must for the site to >work properly. > >The issue started when I got the request of enabling content-type header of >all the json files to application/json. As the default content-type in NGINX >is application/octet-stream, the JSON files are served as >application/octet-stream. The jquery uses content-type header to identify >the JSOn files and due to the application/octet-stream content type it is >not able to identify the JSOn files. > >I tried many options but each time one of the features(html files got >downloaded, CSS not loaded, CSS problem in internet explorer) got impacted. > >I will try adding all the mime types to the map directive and will let you >know the result. > >Here is my nginx.conf and vhost file for your reference > >**************my NGINX.conf******************** > user nginx; > worker_processes 1; > error_log /var/log/nginx/error.log notice; > pid /var/run/nginx.pid; > worker_rlimit_nofile 30000; > events { > worker_connections 1024; > } > http { > include /etc/nginx/mime.types; > default_type application/octet-stream; > > log_format main '$remote_addr - $remote_user [$time_local] $request ' > '"$status" $body_bytes_sent "$http_referer" ' > '"$http_user_agent" "$http_x_forwarded_for"'; > log_format combined_time '$remote_addr - $remote_user [$time_local]' > '"$request" $status $body_bytes_sent ' > '"$http_referer" "$http_user_agent" $request_time'; > > access_log /var/log/nginx/access.log combined_time; > include /etc/nginx/servers/*.conf; > } > ********************************************** > > ******************************VHOST SETTING***** > server { > listen 80; > server_name www-aaa.com; > add_header Cache-Control off; > expires 1d; > root /var/empty; > error_log /var/log/nginx/www.aaa.com-error.log; > access_log /var/log/nginx/www.aaa.com-access.log > combined_time; > location = /favicon.ico { > root /www; > } > proxy_intercept_errors on; > error_page 400 401 402 403 404 406 407 408 409 410 411 412 413 414 415 416 > 417 495 496 497 500 501 502 503 504 505 506 507 = /error_page.pl; > error_page 405 =200 $uri; > location /error_page.pl { > fastcgi_pass 127.0.0.1:8999; > fastcgi_param REQUEST_URI $request_uri; > fastcgi_pass_header "Status"; > } > > location / { > proxy_redirect off; > proxy_set_header Host www.aaa.com.s3.amazonaws.com; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header Referer www.aaa.com; > proxy_pass http://www.aaa.com.s3.amazonaws.com/; > add_header Access-Control-Allow-Origin *; > } > } > >Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239473,252439#msg-252439 > >_______________________________________________ >nginx mailing list >nginx at nginx.org >http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev.panky2014 at gmail.com Sun Aug 10 04:42:32 2014 From: dev.panky2014 at gmail.com (Pankaj Kaushik) Date: Sun, 10 Aug 2014 10:12:32 +0530 Subject: Regarding ERROR: XmlParseFailure In-Reply-To: <20140809215319.GI3108@daoine.org> References: <20140809215319.GI3108@daoine.org> Message-ID: Hey Francis, > Your request is for "/". The only location block you have is a prefix > match for the four-character string "$uri", which does not match > your request, so the request is processed by the default server-level > configuration. > > I have understanding that $uri will be changed to actual uri when location block will be parsed. why is it not happening? There are two scenario in my case. My uri can contain two values one is "/" and other is let say "/abc/def" (this value is dynamic and can change according to the client request). So i want to redirect above uri values to different upstream server. How can i do this? I tried below configuration but it did not worked for uri location block. upstream backend { hash $key2 consistent; // this will be used for given bucket name based on consistent hash policy server 10.0.0.22:8080; server 10.0.0.23:8080; server 10.0.0.24:8080; server 10.0.0.25:8080; server 10.0.0.26:8080; } upstream backend_2 { server 10.0.0.22:8080; server 10.0.0.23:8080; server 10.0.0.24:8080; server 10.0.0.25:8080; server 10.0.0.26:8080; } server { listen 90 default_server; location $uri { proxy_pass http://backend; } location / { proxy_pass http://backend_2; } } Can you please suggest me right step on this? Thanks, Panky -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Sun Aug 10 11:11:37 2014 From: francis at daoine.org (Francis Daly) Date: Sun, 10 Aug 2014 12:11:37 +0100 Subject: Regarding ERROR: XmlParseFailure In-Reply-To: References: <20140809215319.GI3108@daoine.org> Message-ID: <20140810111137.GJ3108@daoine.org> On Sun, Aug 10, 2014 at 10:12:32AM +0530, Pankaj Kaushik wrote: Hi there, > I have understanding that $uri will be changed to actual uri when location > block will be parsed. Your understanding is wrong. > why is it not happening? Because your understanding is wrong. > There are two scenario in my case. > > My uri can contain two values one is "/" and other is let say "/abc/def" > (this value is dynamic and can change according to the client request). location = / { # config for when the request is exactly "/" } location / { # config for when the request is anything else that starts with "/" } http://nginx.org/r/location > So i want to redirect above uri values to different upstream server. > > How can i do this? Put the right config in the right location{}. f -- Francis Daly francis at daoine.org From krebs.seb at gmail.com Sun Aug 10 11:12:17 2014 From: krebs.seb at gmail.com (Sebastian Krebs) Date: Sun, 10 Aug 2014 13:12:17 +0200 Subject: $request_uri for subrequest Message-ID: Hi, I have problems setting up SSI with NGinx and PHP5-FPM. The problem I have is (indrectly) related to this rule fastcgi_param REQUEST_URI $request_uri; During the SSI-subrequest the variable $request_uri still points to the URI used for the initial request. Asking me, this behavior is questionable anyway. However, now I have issues finding the _real_ request uri for the subrequest, because when I use $uri instead, the request itself works, but this also uses the already rewritten. I've started with the common pattern for a Symfony2 project [1]. When I set fastcgi_param REQUEST_URI $uri$is_args$args Nginx passes the full path name /app.php/foo/bar for _every_ request, even if it's not wanted. Is there's a reliable way to determine the original subrequest uri? Is it possible, that the behaviour of $request_uri for SSI can be treated as bug? Thanks for your attention, Regards, Sebastian [1] http://symfony.com/doc/current/cookbook/configuration/web_server_configuration.html#nginx -- github.com/KingCrunch -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Sun Aug 10 11:59:02 2014 From: nginx-forum at nginx.us (mastercan) Date: Sun, 10 Aug 2014 07:59:02 -0400 Subject: Building nginx with TCP_FASTOPEN enabled In-Reply-To: <20140810003300.GB1849@mdounin.ru> References: <20140810003300.GB1849@mdounin.ru> Message-ID: Maxim Dounin Wrote: > > Try looking into objs/autoconf.err, it has details about configure > test failures. Most likely, the TCP_FASTOPEN constant isn't > defined since your glibc isn't recent enough, something like 2.18+ > is needed. > Yes, you're right. glibc was the problem. I tried to build an nginx deb package on a development machine with updated glibc libs and installed it on the production server. Unfortunately I get this error when trying to start nginx: "/lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.14' not found (required by /usr/sbin/nginx)" So I guess I must upgrade glibc on the production server as well...which might break dependencies... Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252447,252458#msg-252458 From luky-37 at hotmail.com Sun Aug 10 12:24:49 2014 From: luky-37 at hotmail.com (Lukas Tribus) Date: Sun, 10 Aug 2014 14:24:49 +0200 Subject: Building nginx with TCP_FASTOPEN enabled In-Reply-To: References: <20140810003300.GB1849@mdounin.ru>, Message-ID: > Yes, you're right. glibc was the problem. I tried to build an nginx deb > package on a development machine with updated glibc libs and installed it > on the production server. Don't upgrade libc because of this (it will mess your system up). Just define it manually when compiling nginx by passing it to the compiler: -DTCP_FASTOPEN=23 Regards, Lukas From nginx-forum at nginx.us Sun Aug 10 12:49:13 2014 From: nginx-forum at nginx.us (mastercan) Date: Sun, 10 Aug 2014 08:49:13 -0400 Subject: Building nginx with TCP_FASTOPEN enabled In-Reply-To: References: Message-ID: Lukas Tribus Wrote: > Don't upgrade libc because of this (it will mess your system up). > > Just define it manually when compiling nginx by passing it to the > compiler: > -DTCP_FASTOPEN=23 > Which command accepts the -D flag? Where exactly do I set this option? Thanks in advance Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252447,252460#msg-252460 From bernat at luffy.cx Sun Aug 10 12:53:35 2014 From: bernat at luffy.cx (Vincent Bernat) Date: Sun, 10 Aug 2014 14:53:35 +0200 Subject: Building nginx with TCP_FASTOPEN enabled In-Reply-To: (mastercan's message of "Sun, 10 Aug 2014 07:59:02 -0400") References: <20140810003300.GB1849@mdounin.ru> Message-ID: ? 10 ao?t 2014 07:59 -0400, "mastercan" ?: >> Try looking into objs/autoconf.err, it has details about configure >> test failures. Most likely, the TCP_FASTOPEN constant isn't >> defined since your glibc isn't recent enough, something like 2.18+ >> is needed. >> > > Yes, you're right. glibc was the problem. I tried to build an nginx deb > package on a development machine with updated glibc libs and installed it on > the production server. > Unfortunately I get this error when trying to start nginx: > "/lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_2.14' not found (required > by /usr/sbin/nginx)" > > So I guess I must upgrade glibc on the production server as well...which > might break dependencies... There is nothing in this feature that needs a recent glibc except the definition of TCP_FASTOPEN constant. On the machine where you compile, you can just add the constant in /usr/include/linux/tcp.h and /usr/include/netinet/tcp.h. The resulting binary will work on another machine without this modification. nginx should just define this symbol when not available. The remaining of the code is already detecting at runtime if this feature is available or not. -- Localise input and output in subroutines. - The Elements of Programming Style (Kernighan & Plauger) From nginx-forum at nginx.us Sun Aug 10 13:00:24 2014 From: nginx-forum at nginx.us (mastercan) Date: Sun, 10 Aug 2014 09:00:24 -0400 Subject: Building nginx with TCP_FASTOPEN enabled In-Reply-To: References: Message-ID: <19d5d23ba9a642a2fa94f0aa4cfd86e5.NginxMailingListEnglish@forum.nginx.org> Lukas Tribus Wrote: > > Don't upgrade libc because of this (it will mess your system up). > > Just define it manually when compiling nginx by passing it to the > compiler: > -DTCP_FASTOPEN=23 > > Thank you! This seems to define the constant. I simply added --with-cc-opt="-DTCP_FASTOPEN=23" to my configure command. I think this will work (I'm compiling it right now...) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252447,252462#msg-252462 From mdounin at mdounin.ru Sun Aug 10 13:17:09 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 10 Aug 2014 17:17:09 +0400 Subject: [PATCH] print format for nevents In-Reply-To: <2c5eb941b97cd08c9004505de61ebd1f.NginxMailingListEnglish@forum.nginx.org> References: <20140806171959.GL1849@mdounin.ru> <2c5eb941b97cd08c9004505de61ebd1f.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140810131709.GF1849@mdounin.ru> Hello! On Thu, Aug 07, 2014 at 09:08:10AM -0400, crespin wrote: > Hello, > > here is the corresponding patch. > > regards, > > yves > > > Yes, %d here is certainly incorrect, as int and ngx_int_t sizes > > may differ. I don't think there are any platforms with poll() > > where this may cause problems, but nevertheless it's worth fixing. > > Changing this to %ui should be ok. > > # HG changeset patch > # User Yves Crespin Note: missing space before "<". It's either corruption introduced by a forum interface, or a missing space in your ~/.hgrc. In either case you may want to use nginx-devel@ list for further patches, see http://nginx.org/en/docs/contributing_changes.html. > # Date 1407414744 -7200 > # Node ID c51d0d718b2177daaf14895840beb528e332418b > # Parent ab48149b77a6bdbe47a8543c339cf84deeb8e341 > use format %ui according to nevents type > > diff -r ab48149b77a6 -r c51d0d718b21 src/event/modules/ngx_poll_module.c > --- a/src/event/modules/ngx_poll_module.c Wed Aug 06 23:58:44 2014 +0900 > +++ b/src/event/modules/ngx_poll_module.c Thu Aug 07 14:32:24 2014 +0200 > @@ -268,7 +268,7 @@ > } > > ngx_log_debug2(NGX_LOG_DEBUG_EVENT, cycle->log, 0, > - "poll ready %d of %d", ready, nevents); > + "poll ready %d of %ui", ready, nevents); > > if (err) { > if (err == NGX_EINTR) { Committed with commit log modified to match style we use, and combined with other format specifier fixes from your other patch (as well as a couple of fixes in the select module). Thanks. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Sun Aug 10 13:17:21 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 10 Aug 2014 17:17:21 +0400 Subject: [PATCH] change nevents type in ngx_poll_module.c to ngx_uint_t In-Reply-To: <90ad71a99e4532a935f507917291b64f.NginxMailingListEnglish@forum.nginx.org> References: <90ad71a99e4532a935f507917291b64f.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140810131721.GG1849@mdounin.ru> Hello! On Thu, Aug 07, 2014 at 09:16:42AM -0400, crespin wrote: > Hello, > > In ngx_epoll_module.c, nevents is defined as ngx_uint_t and ev->index is > also a ngx_uint_t. > So I proposed to change nevents type. > > I'm not sure about variable declaration: > - ngx_int_t i, nready; > + ngx_uint_t i; > + ngx_int_t nready; > ngx_uint_t found, level; > > It's perhaps better to group variable by type: > - ngx_int_t i, nready; > + ngx_int_t nready; > + ngx_uint_t i, found, level; Yes, as per style used in nginx sources, variables are grouped by type. Additionally, types are sorted from shortest to longest. > # HG changeset patch > # User Yves Crespin > # Date 1407416217 -7200 > # Node ID b71a279c696bcd18bd6b3c2845fe8e51d57ea1fd > # Parent c51d0d718b2177daaf14895840beb528e332418b > change nevents type in ngx_poll_module.c to ngx_uint_t Committed with various minor changes, thanks. -- Maxim Dounin http://nginx.org/ From dev.panky2014 at gmail.com Sun Aug 10 17:10:00 2014 From: dev.panky2014 at gmail.com (Pankaj Kaushik) Date: Sun, 10 Aug 2014 22:40:00 +0530 Subject: Regarding support of server backup parameter Message-ID: Hi, I am getting below error while loading nginx configuration file. 2014/08/10 10:06:33 [emerg] 816#0: invalid parameter "backup" in /etc/nginx/nginx.conf:39 Below is the configuration file :- upstream backend { hash $key2 consistent; server 10.0.0.22:8080; server 10.0.0.23:8080 max_fails=0; server 10.0.0.24:8080; server 10.0.0.25:8080; server 10.0.0.26:8080 backup; } *I am using nginx version 1.7.4.* Can anybody help me on this? Thanks, Panky -------------- next part -------------- An HTML attachment was scrubbed... URL: From dev.panky2014 at gmail.com Sun Aug 10 17:27:24 2014 From: dev.panky2014 at gmail.com (Pankaj Kaushik) Date: Sun, 10 Aug 2014 22:57:24 +0530 Subject: Regarding proxy_next_upstream parameter Message-ID: Hi, I am trying to do failover as per below configuration :- upstream backend { hash $key2 consistent; server 10.0.0.22:8080; server 10.0.0.23:8080; server 10.0.0.24:8080; server 10.0.0.25:8080; server 10.0.0.26:8080; } upstream backend_2 { server 10.0.0.22:8080; server 10.0.0.23:8080; server 10.0.0.24:8080; server 10.0.0.25:8080; server 10.0.0.26:8080; } server { listen 90 default_server; location = / { proxy_pass http://backend_2; proxy_next_upstream error timeout http_404; } location / { proxy_pass http://backend; proxy_next_upstream error timeout http_404; } } In error logs i received following message :- 2014/08/10 09:52:16 [info] 514#0: *184 epoll_wait() reported that client prematurely closed connection, so upstream connection is closed too while sending request to upstream, client: 14.102.112.84, server: , request: "GET /mybucket4/ HTTP/1.1", upstream: "http://10.0.0.23:8080/mybucket4/", host: " 65.60.72.19:90" Can any body help me on this ? Thanks, Panky -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Sun Aug 10 18:12:27 2014 From: nginx-forum at nginx.us (TECK) Date: Sun, 10 Aug 2014 14:12:27 -0400 Subject: Specific permissions for fastcgi_temp_path? Message-ID: Hi all, I looked into /src/core/ngx_file.c and noticed that ngx_conf_set_access_slot() defines the access type. What is the variable I need to use in order to force new files to be written 0640, instead of 0600 as access defines it? I tried, without success: fastcgi_temp_path /var/lib/nginx/fastcgi 1 2; fastcgi_store_access user:rw group:r; Thank you for your help. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252469,252469#msg-252469 From nginx-forum at nginx.us Sun Aug 10 18:19:50 2014 From: nginx-forum at nginx.us (TECK) Date: Sun, 10 Aug 2014 14:19:50 -0400 Subject: Specific permissions for fastcgi_temp_path? In-Reply-To: References: Message-ID: <9cdc895952b9f795909523dd9dc184cc.NginxMailingListEnglish@forum.nginx.org> I have the same scope for directories, I need to have them defined at 0750, instead of 0700: # ls -lha /var/lib/nginx/fastcgi total 4.0K drwxr-x---. 6 nginx root 120 Aug 10 14:09 . drwxr-xr-x. 9 root root 4.0K Aug 5 20:38 .. drwx------. 3 nginx nginx 60 Aug 10 14:09 1 drwx------. 3 nginx nginx 60 Aug 10 14:09 3 drwx------. 3 nginx nginx 60 Aug 10 14:09 4 drwx------. 2 nginx root 40 Aug 10 14:09 cache IF this is not possible with an option, can you please let me know if it will suffice to modify the source code on ngx_file.c and adjust: *access = 0600; ngx_create_dir(file->name.data, 0700) -- multiple locations Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252469,252470#msg-252470 From n.sherlock at gmail.com Sun Aug 10 23:42:45 2014 From: n.sherlock at gmail.com (Nicholas Sherlock) Date: Mon, 11 Aug 2014 11:42:45 +1200 Subject: SSL client Authentication In-Reply-To: References: Message-ID: On 5 August 2014 02:49, Shobhit Mishra wrote: > However I verified using wireshark that the client is sending the > certificate , same as the one given in ssl_client_certificate directive. > But that's not the certificate that Nginx is expecting, it expects the client to send a certificate that has been *signed* by the ssl_client_certificate. You can use the openssl command line tools to verify that your client's cert is signed correctly: openssl verify -verbose -CAfile NewCA_Cert.pem client_to_verify.crt Cheers, Nicholas Sherlock -------------- next part -------------- An HTML attachment was scrubbed... URL: From n.sherlock at gmail.com Sun Aug 10 23:54:55 2014 From: n.sherlock at gmail.com (Nicholas Sherlock) Date: Mon, 11 Aug 2014 11:54:55 +1200 Subject: NGINX1.2.1 SNI provides wrong server certificate In-Reply-To: <770a21c2cf497ecfb3c3a489233aa3e0.NginxMailingListEnglish@forum.nginx.org> References: <770a21c2cf497ecfb3c3a489233aa3e0.NginxMailingListEnglish@forum.nginx.org> Message-ID: On 5 August 2014 00:37, ukr wrote: > The same behavior happens on nginx 1.7.3 > Make sure that your Nginx was built with SNI support, by using the -V switch: http://nginx.org/en/docs/http/configuring_https_servers.html#sni -------------- next part -------------- An HTML attachment was scrubbed... URL: From n.sherlock at gmail.com Mon Aug 11 00:23:01 2014 From: n.sherlock at gmail.com (Nicholas Sherlock) Date: Mon, 11 Aug 2014 12:23:01 +1200 Subject: Regarding support of server backup parameter In-Reply-To: References: Message-ID: I suspect? that the "backup" directive is not compatible with the upstream hash-based methods, only with the round-robin method. I found this old post that explains an alternate method of achieving a backup in this situation: http://nginx.2469901.n2.nabble.com/upstream-ip-hash-and-backup-td6534435.html Cheers, Nicholas Sherlock -------------- next part -------------- An HTML attachment was scrubbed... URL: From rpaprocki at fearnothingproductions.net Mon Aug 11 00:24:04 2014 From: rpaprocki at fearnothingproductions.net (Robert Paprocki) Date: Sun, 10 Aug 2014 17:24:04 -0700 Subject: Multiple nginx instances share same proxy cache storage In-Reply-To: <20140805004904.GX1849@mdounin.ru> References: <1c944206bf7b89d54ed4a12a477f1b17.NginxMailingListEnglish@forum.nginx.org> <20140805004904.GX1849@mdounin.ru> Message-ID: Any options then to support an architecture with multiple nginx nodes sharing or distributing a proxy cache between them? i.e., a HAProxy machine load balances to several nginx nodes (for failover reasons), and each of these nodes handles http proxy + proxy cache for a remote origin? If nginx handles cache info in memory, it seems that multiple instances could not be used to maintain the same cache info (something like rsyncing the cache contents between nodes thus would not work); are there any recommendations to achieve such a solution? > On Aug 4, 2014, at 17:49, Maxim Dounin wrote: > > Hello! > >> On Mon, Aug 04, 2014 at 07:42:20PM -0400, badtzhou wrote: >> >> I am thinking about setting up multiple nginx instances share single proxy >> cache storage using NAS, NFS or some kind of distributed file system. Cache >> key will be the same for all nginx instances. >> Will this theory work? What kind of problem will it cause(locking, cached >> corruption or missing metadata in the memory)? > > As soon as a cache is loaded, nginx relies on it's memory data to > manage cache (keep it under the specified size, remove inactive > items and so on). As a result it won't be happy if you'll try to run > multiple nginx instances working with the same cache directory. > It can tolerate multiple instances working with the same cache for > a short period of time (e.g., during binary upgrade). But running > nginx this way intentionally is a bad idea. > > Besides, using NFS (as well as other NASes) for nginx cache is a > bad idea due to blocking file operations. > > -- > Maxim Dounin > http://nginx.org/ > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Mon Aug 11 07:39:40 2014 From: nginx-forum at nginx.us (Keferoff) Date: Mon, 11 Aug 2014 03:39:40 -0400 Subject: Custom error page for post queries Message-ID: <60d1dea5b0e85b5a035e2f66e223ad18.NginxMailingListEnglish@forum.nginx.org> Hi! Current infrastructure: We have nginx/1.7.1 as frontend for java application. We have special requirement, when java app goes down we need response with 204 error code instead 500 or 502 and this works like in charm for GET queries but nit for POST. The question: How I need ti change my config for POST queries. The nginx.conf upstream rtb { keepalive 32; server 127.0.0.1:8085 fail_timeout=0; } server { server_name rtb.loopme.me; open_file_cache max=1000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; log_not_found off; access_log off; error_log /var/log/nginx/error.log warn; error_page 502 500 =204 @maintenance; location @maintenance { try_files $uri $uri/ /204/204.html =204; } location / { try_files $uri @rtb; } location @rtb { access_log /var/log/nginx/rtb.access.log; proxy_set_header Host $host; proxy_set_header HTTP_HOST $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header HTTP_X_FORWARDED_PROTO $scheme; proxy_set_header X-Forwarded-Proto $scheme; proxy_redirect off; proxy_max_temp_file_size 0; proxy_pass http://rtb; } Thanks in advance! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252477,252477#msg-252477 From nginx-forum at nginx.us Mon Aug 11 08:04:02 2014 From: nginx-forum at nginx.us (ukr) Date: Mon, 11 Aug 2014 04:04:02 -0400 Subject: NGINX1.2.1 SNI provides wrong server certificate In-Reply-To: References: Message-ID: <82400fb314f25d5cc6abf93153341cb0.NginxMailingListEnglish@forum.nginx.org> sbin/nginx -V nginx version: nginx/1.7.3 built by gcc 4.7.2 (Debian 4.7.2-5) TLS SNI support enabled configure arguments: --prefix=/opt/nginx-1.7.3 --user=www-data --group=www-data --with-http_ssl_module --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-pcre=/opt/pcre-8.35 --pid-path=/var/run/nginx-1.7.3.pid Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252256,252478#msg-252478 From nginx-forum at nginx.us Mon Aug 11 09:37:36 2014 From: nginx-forum at nginx.us (itpp2012) Date: Mon, 11 Aug 2014 05:37:36 -0400 Subject: Multiple nginx instances share same proxy cache storage In-Reply-To: References: Message-ID: Robert Paprocki Wrote: ------------------------------------------------------- > like rsyncing the cache contents between nodes thus would not work); > are there any recommendations to achieve such a solution? I would imagine a proxy location directive and location tag; shared memory pool1 = nginx allocated and managed shared memory pool2 = socket or tcp pool on a caching server elsewhere The problem you have is speed and concurrency of requests, rsyncing a cache requires a specific tag which needs to be respected by each instance using it or you will have a battle between instances. A better idea would be a database with a persistent connection, in memory cached again to avoid duplicate queries. ea. use the database for a central repository of cached items and local memory to avoid hitting the database more then once for each item. No disk-IO would be involved so it should also be non-blocking. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252275,252479#msg-252479 From nginx-forum at nginx.us Mon Aug 11 10:15:50 2014 From: nginx-forum at nginx.us (husseingalal) Date: Mon, 11 Aug 2014 06:15:50 -0400 Subject: upstream: ip_hash and backup In-Reply-To: <20110701055308.GF42265@mdounin.ru> References: <20110701055308.GF42265@mdounin.ru> Message-ID: <8114353d621db063853676ccc6e077b2.NginxMailingListEnglish@forum.nginx.org> Hello, i have this little solution of load balancer at the front end using nginx and two php-fpm application servers at the backend and i installed php-fpm on the load balancer as a backup application server, i wanted to use ip_hash with backup i tried your solution but it keep giving me 502 bad gateway errors. this is my configuration upstream apps { ip_hash; server 10.128.149.234:9000; server 10.128.151.32:9000; } upstream backup { server unix:/var/run/php5-fpm.sock; } server { listen 80 default_server; index index.php; root /var/www/wp; server_name .example.com; set $mreq 1; if ( $request_method = POST ){ set $mreq 0; } if ( $uri ~ "/wp-" ) { set $mreq 0; } if ($http_cookie ~* "comment_author_|wordpressuser_|wp-postpass_|wordpre ss_logged_in_" ) { set $mreq 0; } location / { default_type text/html; fastcgi_index index.php; include fastcgi_params; index index.php; if ( $mreq = 1){ add_header uri $request_uri; set $memcached_key data-$scheme://$host$request_uri; memcached_pass 104.131.208.224:11211; error_page 404 500 502 = @fallback; } if ( $uri ~ \.php$ ) { fastcgi_pass apps; error_page 502 504 = @fallbackbackup; } } location @fallback { if ( $uri ~ \.php$ ) { fastcgi_pass apps; error_page 502 504 = @fallbackbackup; } } location @fallbackbackup { fastcgi_pass backup; } } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,211408,252480#msg-252480 From mdounin at mdounin.ru Mon Aug 11 10:18:31 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 11 Aug 2014 14:18:31 +0400 Subject: Multiple nginx instances share same proxy cache storage In-Reply-To: References: <1c944206bf7b89d54ed4a12a477f1b17.NginxMailingListEnglish@forum.nginx.org> <20140805004904.GX1849@mdounin.ru> Message-ID: <20140811101831.GI1849@mdounin.ru> Hello! On Sun, Aug 10, 2014 at 05:24:04PM -0700, Robert Paprocki wrote: > Any options then to support an architecture with multiple nginx > nodes sharing or distributing a proxy cache between them? i.e., > a HAProxy machine load balances to several nginx nodes (for > failover reasons), and each of these nodes handles http proxy + > proxy cache for a remote origin? If nginx handles cache info in > memory, it seems that multiple instances could not be used to > maintain the same cache info (something like rsyncing the cache > contents between nodes thus would not work); are there any > recommendations to achieve such a solution? Distinct caches will be best from failover point of view. To maximize cache effeciency, you may consider using URI-based hashing to distribute requests between cache nodes. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Mon Aug 11 10:27:09 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 11 Aug 2014 14:27:09 +0400 Subject: Custom error page for post queries In-Reply-To: <60d1dea5b0e85b5a035e2f66e223ad18.NginxMailingListEnglish@forum.nginx.org> References: <60d1dea5b0e85b5a035e2f66e223ad18.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140811102709.GJ1849@mdounin.ru> Hello! On Mon, Aug 11, 2014 at 03:39:40AM -0400, Keferoff wrote: > Hi! > > Current infrastructure: > We have nginx/1.7.1 as frontend for java application. We have special > requirement, when java app goes down we need response with 204 error code > instead 500 or 502 and this works like in charm for GET queries but nit for > POST. > > The question: > How I need ti change my config for POST queries. [...] > error_page 502 500 =204 @maintenance; > location @maintenance { > try_files $uri $uri/ /204/204.html =204; > } The problem is that your config tries to use the /204/204.html file, and this will generate 405 error for POSTs, as static files doesn't suppport POSTs into them. (Additionally, trying to use files here doesn't make sense, as 204 responses doesn't return entities.) Use something like: error_page 502 = /204; location = /204 { return 204; } instead. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Mon Aug 11 12:31:32 2014 From: nginx-forum at nginx.us (naveenm) Date: Mon, 11 Aug 2014 08:31:32 -0400 Subject: AJP V/s Proxy pass with Nginx Message-ID: <8cb92670f0a718b2e62d0b884fcb0e7a.NginxMailingListEnglish@forum.nginx.org> Hi All, I am new to Nginx and currently we are using Apache which is having both Proxy pass and AJP configuration. When setup long back we found AJP performs faster than http. Now as we are moving to Nginx, so just checking the comparison of AJP V/s Http when setup with Nginx. Our app server is Jboss. Can someone please help me to get a comparison with pros and cons of using AJP or Http and share any facts/challenges faced while setting configs for them? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252483,252483#msg-252483 From patrick at laimbock.com Mon Aug 11 14:11:32 2014 From: patrick at laimbock.com (Patrick Laimbock) Date: Mon, 11 Aug 2014 16:11:32 +0200 Subject: NGINX1.2.1 SNI provides wrong server certificate In-Reply-To: <82400fb314f25d5cc6abf93153341cb0.NginxMailingListEnglish@forum.nginx.org> References: <82400fb314f25d5cc6abf93153341cb0.NginxMailingListEnglish@forum.nginx.org> Message-ID: <53E8CF14.1090808@laimbock.com> On 11-08-14 10:04, ukr wrote: > sbin/nginx -V > nginx version: nginx/1.7.3 > built by gcc 4.7.2 (Debian 4.7.2-5) > TLS SNI support enabled Since you are using 1.7.3, in case you missed it: 2014-08-05 nginx-1.6.1 stable and nginx-1.7.4 mainline versions have been released, with a fix for the STARTTLS vulnerability discovered by Chris Boulton (CVE-2014-3556). About your issue: maybe read http://nginx.org/en/docs/http/configuring_https_servers.html and try some of the setups described on that page and see if you can get them to work (with a client that supports SNI). HTH, Patrick From nginx-forum at nginx.us Mon Aug 11 18:13:53 2014 From: nginx-forum at nginx.us (double) Date: Mon, 11 Aug 2014 14:13:53 -0400 Subject: disable "proxy store" on "?start=1" param Message-ID: Hello, Is there a good way to disable "proxy_store", if the parameter "start=" is set? The down below configuration works, but I get an error message: "[crit] ... open() "/dev/null.0000000004" failed (13: Permission denied) while reading upstream ..." Using "set $proxy_store off;" won't work, because it is handles as a string. Thanks a lot! Marcus server { listen 80; root /home/nginx; location ~ \.mp4$ { try_files $uri @upstream; mp4; } location @upstream { set $proxy_store "/home/nginx$uri"; if ($arg_start) { set $proxy_store "/dev/null"; } proxy_pass http://upstream.com$request_uri; proxy_store $proxy_store; } } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252487,252487#msg-252487 From nginx-forum at nginx.us Mon Aug 11 20:12:06 2014 From: nginx-forum at nginx.us (itpp2012) Date: Mon, 11 Aug 2014 16:12:06 -0400 Subject: Introducing ngxLuaDB powered by nginx for Windows Message-ID: <458975a8d61eeff0887b834ac7328fe5.NginxMailingListEnglish@forum.nginx.org> Introducing ngxLuaDB (nginx Lua Database) a collection of DLL?s build against Luajit which can be used with nginx for Windows. Please note that only a few modules have been tested, for the moment this is a prove of concept (this is mainly because the usage of some modules is unknown). ngxLuaDB adds support for redis, drizzle, geoip, pagespeed, mysql, mssql, oracle, sybase, sqlite, json, odbc, etc. via external dynamic modules inside the power of nginx for Windows. (Possibly SharePoint, .net, asp and many other possible modules) Take a good look at the MySQL example how we suggest a persistent connection which is global and can be (re)used inside every worker. Enjoy, while we work on more tested, non-blocking configurations and more DLL?s. ngxLuaDB Builds can be found here: http://nginx-win.ecsds.eu/ Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252488,252488#msg-252488 From mdounin at mdounin.ru Mon Aug 11 22:37:44 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 12 Aug 2014 02:37:44 +0400 Subject: disable "proxy store" on "?start=1" param In-Reply-To: References: Message-ID: <20140811223743.GL1849@mdounin.ru> Hello! On Mon, Aug 11, 2014 at 02:13:53PM -0400, double wrote: > Hello, > > Is there a good way to disable "proxy_store", if the parameter "start=" is > set? > The down below configuration works, but I get an error message: > "[crit] ... open() "/dev/null.0000000004" failed (13: Permission denied) > while reading upstream ..." > Using "set $proxy_store off;" won't work, because it is handles as a > string. Try something like this instead: location /store/ { if ($arg_start) { rewrite ^/store/(.*) /nostore/$1 last; } proxy_pass ... proxy_store on; } location /nostore/ { # no proxy_store here proxy_pass ... } -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Tue Aug 12 07:23:38 2014 From: nginx-forum at nginx.us (ajaybodhe) Date: Tue, 12 Aug 2014 03:23:38 -0400 Subject: How to write async http web client inside nginx code? Message-ID: I am writing an application server whose code will be written as nginx module (c/c++). This server is supposed to send HTTP Requests to other servers & wait for response from them for 200-400ms. If I use libcurl to make http calls then the single thread of nginx will be blocked & event loop will not accept further requests. If I use some non blocking Libs like ASIO/LibUV then there will be two event loops running? How this problem of Async IO/Network-Req can be solved when code is written as Nginx Module? I am very new to this framework & want to get rolling ASAP. Please forgive if this is very trivial one. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252492,252492#msg-252492 From nginx-forum at nginx.us Tue Aug 12 07:25:13 2014 From: nginx-forum at nginx.us (ajaybodhe) Date: Tue, 12 Aug 2014 03:25:13 -0400 Subject: CPU Intensive Tasks inside Nginx Module Message-ID: Hello, I am writing an application server as Nginx standard module, This code is supposed to perform some CPU intensive tasks. If the single thread/master-process in Nginx doing event-loop is stuck inside this part then throughput/performance of server would drop. What is the way to execute this? Is there any coroutine/thread-pool library that can solve this issue? I am new to this platform & want to get rolling ASAP, so forgive if this is very trivial question. Thanks, Ajay. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252493,252493#msg-252493 From nginx-forum at nginx.us Tue Aug 12 09:28:36 2014 From: nginx-forum at nginx.us (insilica) Date: Tue, 12 Aug 2014 05:28:36 -0400 Subject: SSL_write() failed (SSL:) (1: operation not permitted) when serving MP4 over HTTPS Message-ID: <3d67b5c9cef67014d1512375c9270e90.NginxMailingListEnglish@forum.nginx.org> Hi, I've searched the mailing list but haven't found anything relating to this error:, the closest I found: http://trac.nginx.org/nginx/ticket/428 - however that was closed 6 weeks ago and the error I get is with/without SPDY. I can't see whether I have misconfigured something? or it may be a bug. SPDY error nginx-error.log [crit]: *12 SSL_write() failed (SSL:) (1: Operation not permitted) while processing SPDY, client: 10.0.0.2, server: 0.0.0.0:443) SSL error (no SPDY) SSL_write() failed (SSL:) (1: Operation not permitted) while sending mp4 to client, client: 10.0.0.2, server: dev.test.com, request: "GET /video/homepage.mp4?start=0 HTTP/1.1", host: "dev.test.com", referrer: "https://dev.test.com/index_test2.php" Essentially the error arises when serving an MP4 with or without SPDY over SSL. N.B. *Not* an issue over pure HTTP. Essentially the video appears, plays in a loop when served over HTTP. Over HTTPS the video playback starts OK but then stops abruptly with an error. The Setup Client <---> Varnish <---> NGINX *(I have tried disabling Varninsh, no difference) nginx-debug.log 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 317-325 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 325-345 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 345-381 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 381-389 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 389-576 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 576-592 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 592-624 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 624-640 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 640-652 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 652-668 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 668-5180 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 5180-5196 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 5196-5220 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 5220-5240 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 5240-8076 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 8076-8092 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 8092-8660 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 8660-8668 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body skip 2014/08/12 09:15:10 [debug] 1370#0: *2 http range body buf: 8668-2208998 2014/08/12 09:15:10 [debug] 1370#0: *2 http copy filter: "/video/homepage.mp4?start=0" 2014/08/12 09:15:10 [debug] 1370#0: *2 malloc: 0000000802239000:32768 2014/08/12 09:15:10 [debug] 1370#0: *2 read: 10, 0000000802239000, 32768, 168 2014/08/12 09:15:10 [debug] 1370#0: *2 http postpone filter "/video/homepage.mp4?start=0" 00000008021AAA00 2014/08/12 09:15:10 [debug] 1370#0: *2 write new buf t:1 f:1 0000000802239000, pos 0000000802239000, size: 32768 file: 168, size: 32768 2014/08/12 09:15:10 [debug] 1370#0: *2 http write filter: l:0 f:1 s:32768 2014/08/12 09:15:10 [debug] 1370#0: *2 http write filter limit 0 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy:61 create DATA frame 00000008021AFF48: len:8192 flags:0 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy:61 create DATA frame 00000008021AAB48: len:8192 flags:0 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy:61 create DATA frame 00000008021AAC50: len:8192 flags:0 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy:61 create DATA frame 00000008021AAD58: len:8192 flags:0 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy frame out: 00000008021AAD58 sid:61 prio:2 bl:0 len:8192 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy frame out: 00000008021AAC50 sid:61 prio:2 bl:0 len:8192 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy frame out: 00000008021AAB48 sid:61 prio:2 bl:0 len:8192 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy frame out: 00000008021AFF48 sid:61 prio:2 bl:0 len:8192 2014/08/12 09:15:10 [debug] 1370#0: *2 SSL buf copy: 8 2014/08/12 09:15:10 [debug] 1370#0: *2 SSL buf copy: 8192 2014/08/12 09:15:10 [debug] 1370#0: *2 SSL buf copy: 8 2014/08/12 09:15:10 [debug] 1370#0: *2 SSL buf copy: 7796 2014/08/12 09:15:10 [debug] 1370#0: *2 SSL to write: 16384 2014/08/12 09:15:10 [debug] 1370#0: *2 SSL_write: -1 2014/08/12 09:15:10 [debug] 1370#0: *2 SSL_get_error: 5 2014/08/12 09:15:10 [crit] 1370#0: *2 SSL_write() failed (SSL:) (1: Operation not permitted) while processing SPDY, client: 10.0.0.2, server: 0.0.0.0:443 2014/08/12 09:15:10 [debug] 1370#0: *2 http write filter FFFFFFFFFFFFFFFF 2014/08/12 09:15:10 [debug] 1370#0: *2 http copy filter: -1 "/video/homepage.mp4?start=0" 2014/08/12 09:15:10 [debug] 1370#0: *2 http finalize request: -1, "/video/homepage.mp4?start=0" a:1, c:1 2014/08/12 09:15:10 [debug] 1370#0: *2 http terminate request count:1 2014/08/12 09:15:10 [debug] 1370#0: *2 http terminate cleanup count:1 blk:0 2014/08/12 09:15:10 [debug] 1370#0: *2 http posted request: "/video/homepage.mp4?start=0" 2014/08/12 09:15:10 [debug] 1370#0: *2 http terminate handler count:1 2014/08/12 09:15:10 [debug] 1370#0: *2 http request count:1 blk:0 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy close stream 61, queued 3, processing 1 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy frame complete pos:00000008021E8095 end:00000008021E80A1 2014/08/12 09:15:10 [debug] 1370#0: *2 process spdy frame head:80030006 f:0 l:4 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy PING frame 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy frame complete pos:00000008021E80A1 end:00000008021E80A1 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy close stream handler 2014/08/12 09:15:10 [debug] 1370#0: *2 spdy close stream 61, queued 0, processing 1 2014/08/12 09:15:10 [debug] 1370#0: *2 http close request 2014/08/12 09:15:10 [debug] 1370#0: *2 http log handler 2014/08/12 09:15:10 [debug] 1370#0: *2 run cleanup: 00000008021AFDA0 2014/08/12 09:15:10 [debug] 1370#0: *2 file cleanup: fd:10 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 0000000802239000 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 0000000803006000 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 00000008021AB000 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 00000008021AF000, unused: 0 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 00000008021AA000, unused: 227 2014/08/12 09:15:10 [debug] 1370#0: *2 close http connection: 3 2014/08/12 09:15:10 [debug] 1370#0: *2 SSL_shutdown: 1 2014/08/12 09:15:10 [debug] 1370#0: *2 event timer del: 3: 1407835071420 2014/08/12 09:15:10 [debug] 1370#0: *2 reusable connection: 0 2014/08/12 09:15:10 [debug] 1370#0: *2 run cleanup: 0000000802101530 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 00000008021AE000, unused: 3040 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 00000008021A6000 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 0000000802231000 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 00000008021AD000 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 0000000802132000 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 0000000802106000 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 0000000802081000 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 0000000802104000 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 000000080208B000 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 00000008020E3380 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 0000000802101000, unused: 0 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 0000000802101200, unused: 0 2014/08/12 09:15:10 [debug] 1370#0: *2 free: 0000000802101500, unused: 32 2014/08/12 09:15:10 [debug] 1370#0: timer delta: 17793 2014/08/12 09:15:10 [debug] 1370#0: posted events 0000000000000000 2014/08/12 09:15:10 [debug] 1370#0: worker cycle 2014/08/12 09:15:10 [debug] 1370#0: kevent timer: -1, changes: 0 == Here is the server: ssl_certificate /usr/local/etc/nginx/ssl/test.com.crt; ssl_certificate_key /usr/local/etc/nginx/ssl/test.com.key; # Resumption ssl_session_cache shared:SSL:10m; # Timeout ssl_session_timeout 10m; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128- GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4'; ssl_prefer_server_ciphers on; server { listen 443 ssl spdy; server_name dev.test.com; ssl on; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; root /usr/local/www/dev.test.com; index index.html index.htm; #gzip off; #charset koi8-r; fastcgi_param HTTPS on; location / { try_files $uri $uri/ /index.php?$args; location ~ \.php$ { include php-fpm; } } location ~ .mp4$ { mp4; mp4_buffer_size 4M; mp4_max_buffer_size 10M; } location ~ .flv$ { flv; } location ~* (file_a|file_b|file_c)\.php$ { include php-fpm; } location /uploaddir { location ~ \.php$ {return 403;} } #access_log logs/host.access.log main; #Deny access to '.' files and directories location ~ /\. { access_log off; log_not_found off; deny all; } } Looking at the debug logs: 2014/08/12 09:15:10 [debug] 1370#0: *2 SSL_write: -1 2014/08/12 09:15:10 [debug] 1370#0: *2 SSL_get_error: 5 Could this be an nginx <-> openssl interface error? Any help or pointers would be much appreciated. Thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252494,252494#msg-252494 From nginx-forum at nginx.us Tue Aug 12 09:35:06 2014 From: nginx-forum at nginx.us (insilica) Date: Tue, 12 Aug 2014 05:35:06 -0400 Subject: SSL_write() failed (SSL:) (1: operation not permitted) when serving MP4 over HTTPS In-Reply-To: <3d67b5c9cef67014d1512375c9270e90.NginxMailingListEnglish@forum.nginx.org> References: <3d67b5c9cef67014d1512375c9270e90.NginxMailingListEnglish@forum.nginx.org> Message-ID: Sorry forgot to add the nginx version, running on FreeBSD 10.0-Rlease-p7 nginx version: nginx/1.7.4 TLS SNI support enabled configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-debug --with-ipv6 --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --with-http_flv_module --with-http_mp4_module --with-http_realip_module --with-http_stub_status_module --with-pcre --with-http_spdy_module --with-http_ssl_module Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252494,252496#msg-252496 From lists at ruby-forum.com Tue Aug 12 10:13:52 2014 From: lists at ruby-forum.com (David B.) Date: Tue, 12 Aug 2014 12:13:52 +0200 Subject: 404 on Prestashop 1.5 under nginx In-Reply-To: <11dd6835df4553fc33fe979e715af0b6.NginxMailingListEnglish@forum.nginx.org> References: <11dd6835df4553fc33fe979e715af0b6.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hi, Here is the right solution. you should not set all redirection in nginx configuration server section as some proposed. you'll have to modify the file each time you want to add a url redirection. To make it nice : You shoud 1st modify the pool of php-fpm, env[HTTP_MOD_REWRITE] = "on" This is the variable expected by Prestashop to test if rewrite is enabled Next in nginx server section add : location / { try_files $uri $uri/ /index.php?q=$request_uri; } Now when an url is passing, it will try 1st to resolv, if not exist, then will try as forder, if not it will pass it to the main controler, if an url rewrited exist it will call the right controller. Regards David -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Tue Aug 12 12:16:42 2014 From: nginx-forum at nginx.us (ajaybodhe) Date: Tue, 12 Aug 2014 08:16:42 -0400 Subject: How to call redis2-nginx-module or any other module from another module Message-ID: redis2-nginx-module is written with all location configs. Does it mean that the module can only be called from browser with some url? If I want to introduce new module into reuest processing path & call redis2-nginx-module to fetch data from redis how I can do it? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252501,252501#msg-252501 From wandenberg at gmail.com Tue Aug 12 12:34:35 2014 From: wandenberg at gmail.com (Wandenberg Peixoto) Date: Tue, 12 Aug 2014 09:34:35 -0300 Subject: How to call redis2-nginx-module or any other module from another module In-Reply-To: References: Message-ID: If you need to call redis from your code, you can take a look on redis_nginx_adapter . But, if you want to get the value from your "config" and use it there, probably you have to use some other language like perl or lua, I'm not 100% sure On Tue, Aug 12, 2014 at 9:16 AM, ajaybodhe wrote: > redis2-nginx-module is written with all location configs. > Does it mean that the module can only be called from browser with some url? > If I want to introduce new module into reuest processing path & call > redis2-nginx-module to fetch data from redis how I can do it? > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,252501,252501#msg-252501 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Aug 12 12:47:14 2014 From: nginx-forum at nginx.us (insilica) Date: Tue, 12 Aug 2014 08:47:14 -0400 Subject: SSL_write() failed (SSL:) (1: operation not permitted) when serving MP4 over HTTPS In-Reply-To: <3d67b5c9cef67014d1512375c9270e90.NginxMailingListEnglish@forum.nginx.org> References: <3d67b5c9cef67014d1512375c9270e90.NginxMailingListEnglish@forum.nginx.org> Message-ID: <81c01e54fc9f3a18ace86db213f2335b.NginxMailingListEnglish@forum.nginx.org> Just an update, I forgot to add, It seems it's possibly related to chrome? (currently running Version 33.0.1750.117) I converted the mp4 to ogv, same issue, but only in chrome, the android version of chrome refuses to load period. Firefox is fine. So probably not nginx related at all. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252494,252503#msg-252503 From nginx-forum at nginx.us Tue Aug 12 13:36:45 2014 From: nginx-forum at nginx.us (ajaybodhe) Date: Tue, 12 Aug 2014 09:36:45 -0400 Subject: How to call redis2-nginx-module or any other module from another module In-Reply-To: References: Message-ID: Thanks @wandenberg. Can you clarify more on, what do you mean by getting the value from "config" : But, if you want to get the value from your "config" and use it there, Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252501,252506#msg-252506 From wandenberg at gmail.com Tue Aug 12 14:01:02 2014 From: wandenberg at gmail.com (Wandenberg Peixoto) Date: Tue, 12 Aug 2014 11:01:02 -0300 Subject: How to call redis2-nginx-module or any other module from another module In-Reply-To: References: Message-ID: By default redis2-nginx-module execute some commands on redis and return the redis response to the client directly. So you receive something like +OK $5 world If you want to manipulate this response on you nginx.conf ("config") you have to do more work, probably using another language like lua. If you are ok with your client receiving this kind of answer you do not have to worry. On Tue, Aug 12, 2014 at 10:36 AM, ajaybodhe wrote: > Thanks @wandenberg. > > Can you clarify more on, what do you mean by getting the value from > "config" > : > > But, if you want to get the value from your "config" and use it there, > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,252501,252506#msg-252506 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Aug 12 18:16:37 2014 From: nginx-forum at nginx.us (c0nw0nk) Date: Tue, 12 Aug 2014 14:16:37 -0400 Subject: Introducing ngxLuaDB powered by nginx for Windows In-Reply-To: <458975a8d61eeff0887b834ac7328fe5.NginxMailingListEnglish@forum.nginx.org> References: <458975a8d61eeff0887b834ac7328fe5.NginxMailingListEnglish@forum.nginx.org> Message-ID: <17add3a48c19b622b286e4e4187ce552.NginxMailingListEnglish@forum.nginx.org> Fantastic work itpp2012 <3 love every realease of your builds just gets better and better i tested with my servers your builds and was able to output over 100million requests with Nginx, PHP and MySQL with a Joomla 2.5 site and it did not even break a sweat. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252488,252513#msg-252513 From nginx-forum at nginx.us Tue Aug 12 19:03:08 2014 From: nginx-forum at nginx.us (jianjun.fang2807@gmail.com) Date: Tue, 12 Aug 2014 15:03:08 -0400 Subject: Does nginx support openstack swift API? In-Reply-To: References: Message-ID: <151bae5720880c7fbca8aed6841fe05c.NginxMailingListEnglish@forum.nginx.org> Hi, hexiay, I am not sure whether this email thread is still active. However, I am encountering the similar issue you described. Based on your answer, you have found a solution, Do you mind sharing it? Or any one has the suggestion on how to configure Nginx HTTP Auth Request module to accomplish it? Thanks, JJ Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250458,252514#msg-252514 From agentzh at gmail.com Tue Aug 12 20:47:34 2014 From: agentzh at gmail.com (Yichun Zhang (agentzh)) Date: Tue, 12 Aug 2014 13:47:34 -0700 Subject: How to call redis2-nginx-module or any other module from another module In-Reply-To: References: Message-ID: Hello! On Tue, Aug 12, 2014 at 5:16 AM, ajaybodhe wrote: > redis2-nginx-module is written with all location configs. > Does it mean that the module can only be called from browser with some url? > If I want to introduce new module into reuest processing path & call > redis2-nginx-module to fetch data from redis how I can do it? > See my reply on the openresty-en mailing list here: https://groups.google.com/d/msg/openresty-en/P-A7mzgX4SU/ieuZa3GgRx4J BTW, please do not cross-post your questions between openresty-en and nginx mailing lists because most of the people on the former should be on the latter as well. Thank you for your cooperation. Best regards, -agentzh From nginx-forum at nginx.us Wed Aug 13 01:12:34 2014 From: nginx-forum at nginx.us (justink101) Date: Tue, 12 Aug 2014 21:12:34 -0400 Subject: Using proxy_ssl_verify getting error: upstream SSL certificate verify error: (20:unable to get local issuer certificate) Message-ID: I am trying to use proxy_ssl_verify on, but I am getting back 502 Bad Gateway. When I look at the logs I see: 2014/08/12 18:08:03 [error] 21007#0: *3 upstream SSL certificate verify error: (20:unable to get local issuer certificate) while SSL handshaking to upstream, client: XX.XXX.XXX.214, server: api.mydomain.io, request: "GET /v1 HTTP/1.1", upstream: "https://XXX.XXX.XXX.150:443/api/", host: "api.mydomain.io". I am using a proxy_ssl_trusted_certificate which is pointing to the valid CA trust file. Here are the significant portions of the config. location ~ ^/v1/?(?.+)? { resolver 208.67.222.222 208.67.220.220 valid=300s; resolver_timeout 10s; proxy_intercept_errors on; proxy_hide_header Vary; proxy_set_header Host "$remote_user.mydomain.io"; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass https://$remote_user.mydomain.io/api/$url; proxy_connect_timeout 10s; proxy_read_timeout 60s; proxy_ssl_session_reuse on; proxy_ssl_trusted_certificate /etc/pki/tls/certs/ca-bundle.crt; proxy_ssl_verify on; proxy_ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNU$ } The SSL certificate for the upstream is indeed valid as verified with SSL Labs. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252518,252518#msg-252518 From nginx-forum at nginx.us Wed Aug 13 01:14:29 2014 From: nginx-forum at nginx.us (justink101) Date: Tue, 12 Aug 2014 21:14:29 -0400 Subject: Using proxy_ssl_verify getting error: upstream SSL certificate verify error: (20:unable to get local issuer certificate) In-Reply-To: References: Message-ID: <540ffe76b8707223ae112a6c7f7bc195.NginxMailingListEnglish@forum.nginx.org> Sorry, the proxy_ssl_ciphers directive got cut off, in full it is: proxy_ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252518,252519#msg-252519 From nginx-forum at nginx.us Wed Aug 13 01:26:27 2014 From: nginx-forum at nginx.us (gmlopez) Date: Tue, 12 Aug 2014 21:26:27 -0400 Subject: reverse proxy images - windows Message-ID: I've configured a reverse proxy for images on a windows box however it is not working as expected. First time I send a request to the server and I get the image with an http 200 as expected. Second hit the request hangs for about a minute returning an http 304 as expected however I do not understand why the server hangs for about a minute? Next hit goes fine and then the following again hangs. I'm consistently getting the same results over and over again but I have no clue. The same configuration on a linux box works correctly so I assume this is either a bug on the windows distribution or I might have to use a different config for some reason on the windows box? Help will be greatly appreciated! Thanks! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252520,252520#msg-252520 From nginx-forum at nginx.us Wed Aug 13 06:28:27 2014 From: nginx-forum at nginx.us (bodomic) Date: Wed, 13 Aug 2014 02:28:27 -0400 Subject: add_header is not working in certain locations Message-ID: Hi all, I've got strange behavior that I don't understand in two different configs. I'll post examples below, in both of them I use add_header two times and one of them is not working while second does. Example 1: Request is: http://hostname/?region=XX #This location adds header, so it's frankly the only reason I use it in my config. If I set location to "~ .*", I'll get header set also. location = / { if ($arg_region) { add_header Set-Cookie "__geoip_country__=$arg_region;Path=/"; } proxy_pass http://backend; } #If I remove the exact match above, I'll not get header set. Even if it's the only location in whole config and all site is working from there for sure. location / { if ($arg_region) { add_header Set-Cookie "__geoip_country__=$arg_region; path=/" ;} proxy_pass http://backend; } Example 2: Request is the same and this chain of locations is recommended by drupal community. location / { #Does not work if ($arg_region) { add_header Set-Cookie "__geoip_country__=$arg_region;Path=/"; } try_files $uri @rewrite; } location @rewrite { rewrite ^ /index.php; } location ~ \.php$ { #This works if ($arg_region) { add_header Set-Cookie "__geoip_country__=$arg_region;Path=/"; } ... fastcgi_intercept_errors on; fastcgi_pass fpm-backend; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252523,252523#msg-252523 From nginx-forum at nginx.us Wed Aug 13 08:51:55 2014 From: nginx-forum at nginx.us (itpp2012) Date: Wed, 13 Aug 2014 04:51:55 -0400 Subject: reverse proxy images - windows In-Reply-To: References: Message-ID: <200218cc9b407b30334354ebd173937c.NginxMailingListEnglish@forum.nginx.org> nginx version? configuration? log entries? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252520,252526#msg-252526 From vbart at nginx.com Wed Aug 13 09:27:11 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 13 Aug 2014 13:27:11 +0400 Subject: reverse proxy images - windows In-Reply-To: References: Message-ID: <3881521.uLC5qqyuPQ@vbart-workstation> On Tuesday 12 August 2014 21:26:27 gmlopez wrote: > I've configured a reverse proxy for images on a windows box however it is > not working as expected. > > First time I send a request to the server and I get the image with an http > 200 as expected. > Second hit the request hangs for about a minute returning an http 304 as > expected however I do not understand why the server hangs for about a > minute? Next hit goes fine and then the following again hangs. I'm > consistently getting the same results over and over again but I have no > clue. > > The same configuration on a linux box works correctly so I assume this is > either a bug on the windows distribution or I might have to use a different > config for some reason on the windows box? http://nginx.org/en/docs/windows.html wbr, Valentin V. Bartenev From nginx-forum at nginx.us Wed Aug 13 10:18:49 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Wed, 13 Aug 2014 06:18:49 -0400 Subject: Override Content-Type header with proxied requests In-Reply-To: References: Message-ID: <317ea1165d729f0c923db325a6b503ee.NginxMailingListEnglish@forum.nginx.org> Hello Wandenberg, Thanks for your help. Finally it is working. I included all the mime types in a file and included inside map directive and used it in the location / {} directive with proxy hide parameter like you suggested. --Manish Posted at Nginx Forum: http://forum.nginx.org/read.php?2,239473,252532#msg-252532 From nginx-forum at nginx.us Wed Aug 13 14:37:10 2014 From: nginx-forum at nginx.us (carles.sistare) Date: Wed, 13 Aug 2014 10:37:10 -0400 Subject: Change client_body_timeout status code Message-ID: <11509161b79304cdfc2cf243c5927ca4.NginxMailingListEnglish@forum.nginx.org> Hi, I'm using client_body_timeout which returns a 408 or 503 status code, not sure. The thing is that I need this to be intercepted, somehow, and to change this status code to some ohter particular code. I wonder if this is even possible. Thanks in advance Carles Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252536,252536#msg-252536 From nginx-forum at nginx.us Wed Aug 13 15:09:01 2014 From: nginx-forum at nginx.us (gmlopez) Date: Wed, 13 Aug 2014 11:09:01 -0400 Subject: reverse proxy images - windows In-Reply-To: <200218cc9b407b30334354ebd173937c.NginxMailingListEnglish@forum.nginx.org> References: <200218cc9b407b30334354ebd173937c.NginxMailingListEnglish@forum.nginx.org> Message-ID: <1b77c8b7223161ceea993ae739bd59fc.NginxMailingListEnglish@forum.nginx.org> Sorry, I forgot to add this information. I did try 1.6.1 and 1.7.4 all with the same results. Log entries do not show anything useful apart from the request being received in access log and derived to upstream server. No errors on error log. The configuration is the default nginx config plus one virtual server and locations as the following: upstream filesvr { server localhost:8888; } server { listen localhost:8888; server_name server2; client_max_body_size 20M; charset UTF-8; location /some/images/ { alias c:/images/; } } server { listen localhost:80; server_name server1; client_max_body_size 20M; charset UTF-8; location /some/images/ { proxy_http_version 1.1; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://filesvr; } } It is worth to mention that I?m trying to get this to work on windows just for development purposes. The deployment is on linux servers and it actually works as expected. Thanks for your responses! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252520,252538#msg-252538 From nginx-forum at nginx.us Wed Aug 13 15:14:35 2014 From: nginx-forum at nginx.us (gmlopez) Date: Wed, 13 Aug 2014 11:14:35 -0400 Subject: reverse proxy images - windows In-Reply-To: <3881521.uLC5qqyuPQ@vbart-workstation> References: <3881521.uLC5qqyuPQ@vbart-workstation> Message-ID: Thanks for your reply however I do not see a clue of the problem I've described :-(. I've already been there and the only thing that concerns me is the statement "...other modules which require shared memory support do not work on Windows Vista and later versions due to address space layout randomization being enabled in these Windows versions". I wonder which are these "other modules" that do not work??? Do you have any clue about it? Please share it! Thanks again for your response! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252520,252539#msg-252539 From nginx-forum at nginx.us Wed Aug 13 15:15:56 2014 From: nginx-forum at nginx.us (gmlopez) Date: Wed, 13 Aug 2014 11:15:56 -0400 Subject: reverse proxy images - windows In-Reply-To: <1b77c8b7223161ceea993ae739bd59fc.NginxMailingListEnglish@forum.nginx.org> References: <200218cc9b407b30334354ebd173937c.NginxMailingListEnglish@forum.nginx.org> <1b77c8b7223161ceea993ae739bd59fc.NginxMailingListEnglish@forum.nginx.org> Message-ID: <041adb0769bf7140de8a4541c70a0d95.NginxMailingListEnglish@forum.nginx.org> I should have also mentioned that the windows version in which I'm experiencing this problem is Windows 7. Thanks again for your help! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252520,252540#msg-252540 From nginx-forum at nginx.us Wed Aug 13 16:22:32 2014 From: nginx-forum at nginx.us (itpp2012) Date: Wed, 13 Aug 2014 12:22:32 -0400 Subject: reverse proxy images - windows In-Reply-To: <1b77c8b7223161ceea993ae739bd59fc.NginxMailingListEnglish@forum.nginx.org> References: <200218cc9b407b30334354ebd173937c.NginxMailingListEnglish@forum.nginx.org> <1b77c8b7223161ceea993ae739bd59fc.NginxMailingListEnglish@forum.nginx.org> Message-ID: <4307aadaf710e52a2ae76722d5873d35.NginxMailingListEnglish@forum.nginx.org> Try it with IP addresses instead of names. and you are looping back into nginx with your upstream, try a real backend. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252520,252541#msg-252541 From nginx-forum at nginx.us Wed Aug 13 18:38:53 2014 From: nginx-forum at nginx.us (gmlopez) Date: Wed, 13 Aug 2014 14:38:53 -0400 Subject: reverse proxy images - windows In-Reply-To: <4307aadaf710e52a2ae76722d5873d35.NginxMailingListEnglish@forum.nginx.org> References: <200218cc9b407b30334354ebd173937c.NginxMailingListEnglish@forum.nginx.org> <1b77c8b7223161ceea993ae739bd59fc.NginxMailingListEnglish@forum.nginx.org> <4307aadaf710e52a2ae76722d5873d35.NginxMailingListEnglish@forum.nginx.org> Message-ID: Well, I thought I have tried it before without success but I decided to give it a try again and it worked. Obviously something was different. Thanks again for your help! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252520,252543#msg-252543 From al-nginx at none.at Wed Aug 13 19:23:09 2014 From: al-nginx at none.at (Aleksandar Lazic) Date: Wed, 13 Aug 2014 21:23:09 +0200 Subject: ECC Certificates and SNI Message-ID: <1b721572101b63c0e7c46ff5ca78754a@none.at> Hi. today I have setuped a second SSL VHost with ECC. Why is the default server able to offer TLS 1.2 but the second one not? /usr/sbin/nginx -c /etc/nginx/nginx.conf -V nginx version: nginx/1.7.4 built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) TLS SNI support enabled from nginx.org. Global ssl-setup: egrep -v '^(#|$)' /home/nginx/installed/conf/ssl.conf add_header Strict-Transport-Security "max-age=2628000; includeSubDomains"; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:10M; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; ssl_dhparam /etc/ssl/dh_2048.pem; ssl_trusted_certificate /home/nginx/installed/conf/ssl_dir/certs/CACert_Certs.pem; ssl_stapling on; ############ The first VHost listen 443 default_server ssl spdy; listen [::]:443 default_server ssl spdy; server_name xxxx; Check on ssllabs.com ################## Key EC 384 bits Issuer COMODO ECC Domain Validation Secure Server CA Signature algorithm SHA256withECDSA Extended Validation No Revocation information CRL, OCSP Revocation status Good (not revoked) Trusted Yes Protocols --------- TLS 1.2 Yes TLS 1.1 Yes TLS 1.0 Yes SSL 3 No SSL 2 No Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end) TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) ECDH 256 bits (eq. 3072 bits RSA) FS 128 TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) ECDH 256 bits (eq. 3072 bits RSA) FS 128 ############# The second one listen 443 ssl spdy; listen [::]:443 ssl spdy; server_name xxx; ############ Key EC 384 bits Issuer COMODO ECC Domain Validation Secure Server CA Signature algorithm SHA256withECDSA Extended Validation No Revocation information CRL, OCSP Revocation status Good (not revoked) Trusted Yes Protocols ---------- TLS 1.2 No TLS 1.1 Yes TLS 1.0 Yes SSL 3 No SSL 2 No Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and SSL 2 suites always at the end) TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) ECDH 256 bits (eq. 3072 bits RSA) FS 256 TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) ECDH 256 bits (eq. 3072 bits RSA) FS 112 TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) ECDH 256 bits (eq. 3072 bits RSA) FS 128 ############# Firefox 31.0 on gentoo is not able to connect. Chromium Version 37.0.2062.68 (287650) (64-bit) is able to connect but also only with TLS 1.1 Any Ideas what's wrong? Thanks for help Best regards Aleks From al-nginx at none.at Wed Aug 13 19:31:29 2014 From: al-nginx at none.at (Aleksandar Lazic) Date: Wed, 13 Aug 2014 21:31:29 +0200 Subject: ECC Certificates and SNI In-Reply-To: <1b721572101b63c0e7c46ff5ca78754a@none.at> References: <1b721572101b63c0e7c46ff5ca78754a@none.at> Message-ID: This is the output of the debug log. ###################### 2014/08/13 21:29:46 [debug] 915#0: *1 SSL certificate status callback 2014/08/13 21:29:46 [debug] 915#0: *1 SSL NPN advertised 2014/08/13 21:29:46 [debug] 915#0: *1 SSL_do_handshake: -1 2014/08/13 21:29:46 [debug] 915#0: *1 SSL_get_error: 1 2014/08/13 21:29:46 [crit] 915#0: *1 SSL_do_handshake() failed (SSL: error:1409B044:SSL routines:SSL3_SEND_SERVER_KEY_EXCHANGE:internal error) while SSL handshaking, client: , server: 0.0.0.0:443 2014/08/13 21:29:46 [debug] 915#0: *1 close http connection: 81 2014/08/13 21:29:46 [debug] 915#0: *1 SSL_shutdown: 1 2014/08/13 21:29:46 [debug] 915#0: *1 event timer del: 81: 1407958246379 2014/08/13 21:29:46 [debug] 915#0: *1 reusable connection: 0 2014/08/13 21:29:46 [debug] 915#0: *1 free: 0000000000D9CB60, unused: 0 2014/08/13 21:29:46 [debug] 915#0: *1 free: 0000000000EBDEC0, unused: 104 ###################### Am 13-08-2014 21:23, schrieb Aleksandar Lazic: > Hi. > > today I have setuped a second SSL VHost with ECC. > > Why is the default server able to offer TLS 1.2 but the second one not? > > > /usr/sbin/nginx -c /etc/nginx/nginx.conf -V > nginx version: nginx/1.7.4 > built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) > TLS SNI support enabled > > from nginx.org. > > Global ssl-setup: > > egrep -v '^(#|$)' /home/nginx/installed/conf/ssl.conf > > add_header Strict-Transport-Security "max-age=2628000; > includeSubDomains"; > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; > ssl_session_cache shared:SSL:10M; > ssl_session_timeout 10m; > ssl_prefer_server_ciphers on; > ssl_dhparam /etc/ssl/dh_2048.pem; > ssl_trusted_certificate > /home/nginx/installed/conf/ssl_dir/certs/CACert_Certs.pem; > ssl_stapling on; > ############ > > The first VHost > > listen 443 default_server ssl spdy; > listen [::]:443 default_server ssl spdy; > server_name xxxx; > > Check on ssllabs.com > > ################## > Key EC 384 bits > Issuer COMODO ECC Domain Validation Secure Server CA > Signature algorithm SHA256withECDSA > Extended Validation No > Revocation information CRL, OCSP > Revocation status Good (not revoked) > Trusted Yes > > > Protocols > --------- > TLS 1.2 Yes > TLS 1.1 Yes > TLS 1.0 Yes > SSL 3 No > SSL 2 No > > Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and > SSL 2 suites always at the end) > TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384 (0xc02c) ECDH 256 bits (eq. > 3072 bits RSA) FS 256 > TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256 (0xc02b) ECDH 256 bits (eq. > 3072 bits RSA) FS 128 > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA384 (0xc024) ECDH 256 bits (eq. > 3072 bits RSA) FS 256 > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 (0xc023) ECDH 256 bits (eq. > 3072 bits RSA) FS 128 > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) ECDH 256 bits (eq. > 3072 bits RSA) FS 256 > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) ECDH 256 bits (eq. > 3072 bits RSA) FS 128 > ############# > > The second one > listen 443 ssl spdy; > listen [::]:443 ssl spdy; > server_name xxx; > > ############ > Key EC 384 bits > Issuer COMODO ECC Domain Validation Secure Server CA > Signature algorithm SHA256withECDSA > Extended Validation No > Revocation information CRL, OCSP > Revocation status Good (not revoked) > Trusted Yes > > Protocols > ---------- > TLS 1.2 No > TLS 1.1 Yes > TLS 1.0 Yes > SSL 3 No > SSL 2 No > > Cipher Suites (SSL 3+ suites in server-preferred order; deprecated and > SSL 2 suites always at the end) > TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA (0xc00a) ECDH 256 bits (eq. > 3072 bits RSA) FS 256 > TLS_ECDHE_ECDSA_WITH_3DES_EDE_CBC_SHA (0xc008) ECDH 256 bits (eq. > 3072 bits RSA) FS 112 > TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA (0xc009) ECDH 256 bits (eq. > 3072 bits RSA) FS 128 > ############# > > Firefox 31.0 on gentoo is not able to connect. > Chromium Version 37.0.2062.68 (287650) (64-bit) is able to connect but > also only with TLS 1.1 > > Any Ideas what's wrong? > > Thanks for help > > Best regards > Aleks > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Wed Aug 13 19:59:21 2014 From: nginx-forum at nginx.us (Googlemo) Date: Wed, 13 Aug 2014 15:59:21 -0400 Subject: Sudden 500 Internal Server Error nginx/1.0.11 Message-ID: <35a5bd30e69bafb97c5fb23724473d1d.NginxMailingListEnglish@forum.nginx.org> Site was working fine for years... And suddenly I get this error. tried reboot server - nothing, looking into logs and I see this kinds of errors: connect() failed (110: Connection timed out) while connecting to upstream writev() failed (110: Connection timed out) while sending request to upstream recv() failed (104: Connection reset by peer) while connecting to upstream What happened..? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252546,252546#msg-252546 From nginx-forum at nginx.us Wed Aug 13 20:04:30 2014 From: nginx-forum at nginx.us (itpp2012) Date: Wed, 13 Aug 2014 16:04:30 -0400 Subject: SPDY being disabled in Chrome (temporary) Message-ID: Fyi. https://groups.google.com/forum/#!topic/spdy-dev/qFKgWBq9E3M "Yes, this is expected. Chrome SPDY support will be substantially diminished this week and should be mostly back to normal next week. " Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252547,252547#msg-252547 From nginx-forum at nginx.us Wed Aug 13 20:09:18 2014 From: nginx-forum at nginx.us (itpp2012) Date: Wed, 13 Aug 2014 16:09:18 -0400 Subject: Sudden 500 Internal Server Error nginx/1.0.11 In-Reply-To: <35a5bd30e69bafb97c5fb23724473d1d.NginxMailingListEnglish@forum.nginx.org> References: <35a5bd30e69bafb97c5fb23724473d1d.NginxMailingListEnglish@forum.nginx.org> Message-ID: 1.0.11 ?? that went out with the dinosaurs. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252546,252548#msg-252548 From francis at daoine.org Wed Aug 13 20:28:52 2014 From: francis at daoine.org (Francis Daly) Date: Wed, 13 Aug 2014 21:28:52 +0100 Subject: Sudden 500 Internal Server Error nginx/1.0.11 In-Reply-To: <35a5bd30e69bafb97c5fb23724473d1d.NginxMailingListEnglish@forum.nginx.org> References: <35a5bd30e69bafb97c5fb23724473d1d.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140813202852.GR3108@daoine.org> On Wed, Aug 13, 2014 at 03:59:21PM -0400, Googlemo wrote: Hi there, > connect() failed (110: Connection timed out) while connecting to upstream > writev() failed (110: Connection timed out) while sending request to > upstream > recv() failed (104: Connection reset by peer) while connecting to upstream > > What happened..? nginx is apparently no longer able to talk to whatever upstream you have configured. Perhaps see if anything has happened to that? f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Wed Aug 13 20:29:57 2014 From: nginx-forum at nginx.us (Googlemo) Date: Wed, 13 Aug 2014 16:29:57 -0400 Subject: Sudden 500 Internal Server Error nginx/1.0.11 In-Reply-To: References: <35a5bd30e69bafb97c5fb23724473d1d.NginxMailingListEnglish@forum.nginx.org> Message-ID: <230e8b24db86709955661e0ef3d91eef.NginxMailingListEnglish@forum.nginx.org> You aren't really helping, as I said, site was working FOR YEARS! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252546,252549#msg-252549 From francis at daoine.org Wed Aug 13 20:35:22 2014 From: francis at daoine.org (Francis Daly) Date: Wed, 13 Aug 2014 21:35:22 +0100 Subject: reverse proxy images - windows In-Reply-To: References: <3881521.uLC5qqyuPQ@vbart-workstation> Message-ID: <20140813203522.GS3108@daoine.org> On Wed, Aug 13, 2014 at 11:14:35AM -0400, gmlopez wrote: Hi there, > Thanks for your reply however I do not see a clue of the problem I've > described :-(. The second sentence says "high performance and scalability should not be expected", which seems to match what you are reporting. The third sentence says "nginx for Windows is considered to be a beta version". > I wonder which are these "other modules" that do not work??? Do you have any > clue about it? Please share it! I suspect it is that nobody cares enough about nginx on Windows to either write the code, or to encourage someone else to write the code, to make things work as well there. (Presumably, if it were simple to get things to work well, it would already have been done.) Cheers, f -- Francis Daly francis at daoine.org From nmilas at noa.gr Wed Aug 13 20:42:58 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Wed, 13 Aug 2014 23:42:58 +0300 Subject: Cannot create directory alias (with php pages) Message-ID: <53EBCDD2.5040308@noa.gr> Hello, I have a hard time trying to make a "directory alias" (in Apache terminology - sorry, I still have a lot to learn on nginx)... I have piwik.example.com, configured to run piwik analytics (it is a php site), and it works fine. I runs under nginx v1.6.1, php-fpm v5.3.3 on an updated CentOS 6.5 64bit VPS. Now, I want to create an /xhprof location, which includes php code and lives in another disk path (in: /usr/share/xhprof/xhprof_html). I can't make this work... I have tried multiple possible solutions, googled around, but it just won't work. Follows the attempted config. In this, calling http://piwik.example.com/xhprof or http://piwik.example.com/xhprof/index.php returns "404 Not Found". The error log shows: "rewrite or internal redirection cycle while internally redirecting to "/xhprof". server { listen [::]:80; server_name piwik.example.com; access_log /var/webs/wwwpiwik/log/access_log main; error_log /var/webs/wwwpiwik/log/error_log warn; root /var/webs/wwwpiwik/www/; index index.php index.html index.htm index.cgi default.html default.htm default.php; location / { try_files $uri $uri/ /index.php?$args; allow 127.0.0.1; allow ::1; allow 10.10.10.0/24; deny all; } location /xhprof { alias /usr/share/xhprof/xhprof_html; try_files $uri $uri/ /xhprof$is_args$args; allow 127.0.0.1; allow ::1; allow 10.10.10.0/24; deny all; } location ~ \.php$ { allow 127.0.0.1; allow ::1; allow 10.10.10.0/24; fastcgi_cache off; try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_intercept_errors on; fastcgi_buffer_size 384k; fastcgi_buffers 256 16k; fastcgi_busy_buffers_size 384k; fastcgi_temp_file_write_size 384k; fastcgi_read_timeout 240; fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } } I appreciate your help in correcting the /xhprof definition, in order to make it work... I also Thanks in advance, Nick From lists at ruby-forum.com Wed Aug 13 20:43:24 2014 From: lists at ruby-forum.com (Pascale Camille) Date: Wed, 13 Aug 2014 22:43:24 +0200 Subject: 'auto'rewrite link to a folder Message-ID: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> Hi all, i am looking for a 'simple rewrite rule' like typing : FOLDER.2maxi.com will point the folder /var/www/FOLDER/ and the folder is create by ngninx user, with winscp. my old vps debian6, nginx-1.2.6+php, used to work fast and perfectly with /etc/nginx/host.d/main.conf : ... server { listen 80; charset utf-8; source_charset utf-8; server_name ~^(?.+)\.2maxi\.com$; root /var/www/$user; return 301 http://~^(?.+)\.2maxi\.com$request_uri; index 2maxi.com.html index.php; error_page 405 /405.html; location = /405.html { rewrite . http://www.2maxi.com/2maxi.com.gif redirect; allow all; } error_page 400 401 402 403 404 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497 500 501 502 503 504 505 506 507 /error_page.html; location /error_page.html { rewrite . http://www.2maxi.com/ redirect; allow all; } include /etc/nginx/conf.d/cache.conf; include /etc/nginx/conf.d/deny.conf; include /etc/nginx/conf.d/php.conf; } I reinstalled my old config under actual nginx and debian 7 when i type FOLDER..2maxi.com web browser rewrote : http://~^(?.+)\.2maxi\.com -- Posted via http://www.ruby-forum.com/. From lists at ruby-forum.com Wed Aug 13 20:51:49 2014 From: lists at ruby-forum.com (Pascale Camille) Date: Wed, 13 Aug 2014 22:51:49 +0200 Subject: Cannot create directory alias (with php pages) In-Reply-To: <53EBCDD2.5040308@noa.gr> References: <53EBCDD2.5040308@noa.gr> Message-ID: hi! if it can help i just get a 'redirection cycle' error in a *.conf ... return 301 http:// ... but my problem was solved because i found in etc/nginx some default.conf that made cycling check all etc/nginx/ -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Wed Aug 13 20:53:08 2014 From: nginx-forum at nginx.us (itpp2012) Date: Wed, 13 Aug 2014 16:53:08 -0400 Subject: reverse proxy images - windows In-Reply-To: <20140813203522.GS3108@daoine.org> References: <20140813203522.GS3108@daoine.org> Message-ID: <6fb222cb22bedec125983e741e5bf417.NginxMailingListEnglish@forum.nginx.org> Francis Daly Wrote: ------------------------------------------------------- > I suspect it is that nobody cares enough about nginx on Windows to > either > write the code, or to encourage someone else to write the code, to > make > things work as well there. (Presumably, if it were simple to get > things > to work well, it would already have been done.) Where have you been? or you would have known this project http://nginx-win.ecsds.eu/ Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252520,252555#msg-252555 From nginx-forum at nginx.us Wed Aug 13 20:58:32 2014 From: nginx-forum at nginx.us (Googlemo) Date: Wed, 13 Aug 2014 16:58:32 -0400 Subject: Sudden 500 Internal Server Error nginx/1.0.11 In-Reply-To: <20140813202852.GR3108@daoine.org> References: <20140813202852.GR3108@daoine.org> Message-ID: Well, thats actually good idea... And after some tweaking with my tomcat, that was an issue! I don't know how, but tomcat stopped working and didn't restart properly! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252546,252556#msg-252556 From rva at onvaoo.com Wed Aug 13 21:39:21 2014 From: rva at onvaoo.com (Ronald Van Assche) Date: Wed, 13 Aug 2014 23:39:21 +0200 Subject: Microcache : empty pages ? Message-ID: <57526F6C-1A7C-48FD-90BA-4582419163AB@onvaoo.com> I have somme strange comportement on nginx 1.7.4 / Freebsd 9 : Some Wordpress microcached pages rendered ..EMPTY HTML pages , for about 1/20 visitors . When it happens, we have to make a forced reload of the page on the navigator (Firefox or others). configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx-error.log --user=www --group=www --with-file-aio --with-ipv6 --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx-access.log --add-module=/usr/ports/www/nginx-devel/work/ngx_cache_purge-2.1 --with-http_geoip_module --with-http_stub_status_module --with-pcre sendfile(/cache/nginx/8/f2/fa48a21dcdf1f2a9ff3d8215b0ab4f28) returned busy again nginx.conf user www; worker_processes 4; events { worker_connections 2048; multi_accept on; } http { include mime.types; default_type application/octet-stream; fastcgi_cache_path /cache/nginx levels=1:2 keys_zone=microcache:5m max_size=1000m; fastcgi_cache_key "$scheme$request_method$host$request_uri"; log_format cache_log '$remote_addr - $remote_user [$time_local] "$request" ' '$status $upstream_cache_status $body_bytes_sent "$http_referer" ' '" $http_user_agent" "$http_x_forwarded_for"'; sendfile on; sendfile_max_chunk 512K; aio sendfile; tcp_nopush on; read_ahead 256K; open_file_cache max=1000 inactive=20s; open_file_cache_valid 30s; open_file_cache_min_uses 2; open_file_cache_errors on; keepalive_timeout 120; keepalive_requests 10000; client_max_body_size 99M; gzip on; gzip_buffers 48 8k; gzip_comp_level 4; gzip_http_version 1.0; gzip_vary on; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; gzip_proxied any; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; error_log /var/log/nginx/nginx.error.log; geoip_country /usr/local/etc/nginx/geoip/GeoIP.dat; # the country IP database geoip_city /usr/local/etc/nginx/geoip/GeoLiteCity.dat; # the city IP database } The config file for this site = server { server_name mobi.********.net *******.mobi ****** net www.********.net ; # listen 80 accept_filter=httpready sndbuf=32K ; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/local/www/nginx-dist; } access_log /var/log/nginx/******.access.log cache_log; error_log /var/log/nginx/******.error.log; location = /favicon.ico { access_log off; log_not_found off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location / { root /home/www/api/wordpress; index index.php index.html; rewrite ^/?feed/rss2$ /?feed=rss2 permanent; try_files $uri $uri/ /index.php; # this serves static files that exist without running other rewrite tests if (-f $request_filename) { expires 30d; break; } # this sends all non-existing file or directory requests to index.php if (!-e $request_filename) { rewrite ^(.+)$ /index.php?q=$1 last; } } location ~ \.php$ { set $no_cache '0'; # If non GET/HEAD, don't cache & mark user as uncacheable for 1 second via cookie if ($request_method !~ ^(GET|HEAD)$) { set $no_cache '1'; } # Drop no cache cookie if need be # (for some reason, add_header fails if included in prior if-block) if ($no_cache = '1') { add_header Set-Cookie "_mcnc=1; Max-Age=2; Path=/"; add_header X-Microcachable "0"; } # Bypass cache if no-cache cookie is set if ($http_cookie ~* "_mcnc") { set $no_cache '1'; } # Bypass cache if Iphone if ($http_user_agent ~ (iPhone|Android) ) { set $no_cache '1'; } if ( $http_cookie ~* "comment_author_|wordpress_(?!test_cookie)|wp-postpass_" ) { set $no_cache '1'; } #Don't cache the following URLs if ($request_uri ~* "/(wp-admin/|wp-login.php)") { set $no_cache '1'; } # Bypass cache if flag is set if ($request_uri ~* "(/wp-admin/|/xmlrpc.php|/wp-(app|cron|login|register|mail).php|wp-.*.php|/feed/|index.php|wp-comments-popup.php|wp-links-opml.php|wp-locations.php|sitemap(_index)?.xml|[a-z0-9_-]+-sitemap([0-9]+)?.xml)") { set $no_cache "1"; } # Don't use the cache for logged in users or recent commenters if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp-postpass|wordpress_no_cache|wordpress_logged_in") { set $no_cache '1'; } add_header X-Cache $upstream_cache_status; location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ { expires 7d; } ######## fastcgi_no_cache $no_cache; fastcgi_cache_bypass $no_cache; fastcgi_cache microcache; fastcgi_cache_key $server_name|$request_uri; fastcgi_cache_valid 200 302 1h; fastcgi_cache_valid 301 1d; fastcgi_cache_min_uses 1; fastcgi_cache_use_stale updating error timeout invalid_header http_500; fastcgi_cache_bypass $http_pragma; fastcgi_pass_header Set-Cookie; fastcgi_pass_header Cookie; fastcgi_ignore_headers Cache-Control Expires Set-Cookie; fastcgi_split_path_info ^(.+\.php)(/.+)$; # fastcgi_split_path_info ^(.+\.php)(.*)$; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /home/www/api/wordpress/$fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_intercept_errors on; fastcgi_ignore_client_abort off; fastcgi_connect_timeout 120; fastcgi_send_timeout 300; fastcgi_read_timeout 300; fastcgi_buffer_size 128k; fastcgi_buffers 256 8k; fastcgi_busy_buffers_size 256k; # all replies that are greater than the FastCGI buffers and transfer data synchronously to the client set fastcgi_max_temp_file_size to 0 fastcgi_max_temp_file_size 0; fastcgi_temp_file_write_size 1024k; include fastcgi_params; } } -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Wed Aug 13 23:33:39 2014 From: francis at daoine.org (Francis Daly) Date: Thu, 14 Aug 2014 00:33:39 +0100 Subject: add_header is not working in certain locations In-Reply-To: References: Message-ID: <20140813233339.GT3108@daoine.org> On Wed, Aug 13, 2014 at 02:28:27AM -0400, bodomic wrote: Hi there, > Hi all, I've got strange behavior that I don't understand in two different > configs. I'll post examples below, in both of them I use add_header two > times and one of them is not working while second does. > > Example 1: > Request is: http://hostname/?region=XX In this case, for location matching the request is "/", so the best-match location for that will be used. > #This location adds header, so it's frankly the only reason I use it in my > config. If I set location to "~ .*", I'll get header set also. > location = / { > if ($arg_region) { > add_header Set-Cookie "__geoip_country__=$arg_region;Path=/"; > } > proxy_pass http://backend; > } > #If I remove the exact match above, I'll not get header set. Even if it's > the only location in whole config and all site is working from there for > sure. > location / { > if ($arg_region) { add_header Set-Cookie > "__geoip_country__=$arg_region; path=/" ;} > proxy_pass http://backend; > } It works for me. In this case, I do get the Set-Cookie header when I have either one of the two location{} blocks as the only location{} in the configuration. I think you say that you do not get the Set-Cookie header in the second case -- can you provide a complete, small, config that shows that? > Example 2: > Request is the same and this chain of locations is recommended by drupal > community. For these ones, I'm not sure how to set up a simple test. Note, though, that you are using "if" inside "location". Generally, it is not wise to do that unless you understand exactly what your configuration actually means. http://wiki.nginx.org/IfIsEvil for details. Is there a link to this drupal recommendation? It isn't obvious to me from the first few results for "nginx site:drupal.org" or "drupal site:nginx.org" > location / { > #Does not work > if ($arg_region) { add_header Set-Cookie > "__geoip_country__=$arg_region;Path=/"; } > try_files $uri @rewrite; > } That one seems to be "# try_files wont work due to if" on the IfIsEvil page. Cheers, f -- Francis Daly francis at daoine.org From francis at daoine.org Wed Aug 13 23:44:07 2014 From: francis at daoine.org (Francis Daly) Date: Thu, 14 Aug 2014 00:44:07 +0100 Subject: 'auto'rewrite link to a folder In-Reply-To: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> References: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> Message-ID: <20140813234407.GU3108@daoine.org> On Wed, Aug 13, 2014 at 10:43:24PM +0200, Pascale Camille wrote: Hi there, > my old vps debian6, nginx-1.2.6+php, used to work fast and perfectly > with /etc/nginx/host.d/main.conf : > return 301 http://~^(?.+)\.2maxi\.com$request_uri; Are you sure this used to work on the old server? That line suggests that it will return exactly what you report it does return. It is not obvious to me what that line is intended to do. What happens if you just remove it? f -- Francis Daly francis at daoine.org From francis at daoine.org Wed Aug 13 23:57:39 2014 From: francis at daoine.org (Francis Daly) Date: Thu, 14 Aug 2014 00:57:39 +0100 Subject: reverse proxy images - windows In-Reply-To: <6fb222cb22bedec125983e741e5bf417.NginxMailingListEnglish@forum.nginx.org> References: <20140813203522.GS3108@daoine.org> <6fb222cb22bedec125983e741e5bf417.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140813235739.GV3108@daoine.org> On Wed, Aug 13, 2014 at 04:53:08PM -0400, itpp2012 wrote: Hi there, > Where have you been? or you would have known this project > http://nginx-win.ecsds.eu/ I think it's great that someone is scratching this itch. Are there any plans or prospects to get the code changes merged into the "authoritative" source? Failing that, are there any plans to mention this project on the nginx windows information page that was linked previously? Neither are necessary, of course, but right now searching for "windows site:nginx.org" doesn't bring any obvious mention of this project. (It is there when searching for "windows nginx".) Cheers, f -- Francis Daly francis at daoine.org From lists at ruby-forum.com Thu Aug 14 07:12:39 2014 From: lists at ruby-forum.com (Pascale Camille) Date: Thu, 14 Aug 2014 09:12:39 +0200 Subject: 'auto'rewrite link to a folder In-Reply-To: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> References: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> Message-ID: hey! i confirmed it used to work greatly i was working as teacher and needed subdomain easy create or delete in one minute! avoiding me to do subdomain process... (no database site) maybe it need a custom module to be select/unselect at compilation of nginx... -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Thu Aug 14 07:14:51 2014 From: nginx-forum at nginx.us (itpp2012) Date: Thu, 14 Aug 2014 03:14:51 -0400 Subject: reverse proxy images - windows In-Reply-To: <20140813235739.GV3108@daoine.org> References: <20140813235739.GV3108@daoine.org> Message-ID: <99e5454df2ffe81312c2ae891111d4f4.NginxMailingListEnglish@forum.nginx.org> Francis Daly Wrote: ------------------------------------------------------- > Are there any plans or prospects to get the code changes merged into > the > "authoritative" source? Highly unlikely, more then 2000 lines of new code, mayor changes to the core, 3 integrated api's, I think Igor/Maxim will have a slight hearth-attack evaluating nearly a year of re-development :) > Failing that, are there any plans to mention this project on the nginx > windows information page that was linked previously? That is not up to me, nginx produce their own Windows version, you can't expect them to 'support' other versions, especially since their focus is on linux. > Neither are necessary, of course, but right now searching for "windows > site:nginx.org" doesn't bring any obvious mention of this project. (It > is there when searching for "windows nginx".) 99% of the other internet users start with Google :) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252520,252563#msg-252563 From lists at ruby-forum.com Thu Aug 14 07:34:44 2014 From: lists at ruby-forum.com (Pascale Camille) Date: Thu, 14 Aug 2014 09:34:44 +0200 Subject: full main.conf In-Reply-To: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> References: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> Message-ID: <05e7523b924dd623ba5e55eada33224c@ruby-forum.com> server { listen 80; charset utf-8; source_charset utf-8; server_name www.2maxi.com; root /var/www/www; index 2maxi.com.html index.php; error_page 405 /405.html; location = /405.html { rewrite . http://www.2maxi.com/2maxi.com.gif redirect; allow all; } error_page 400 401 402 403 404 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497 500 501 502 503 504 505 506 507 /error_page.html; location /error_page.html { rewrite . http://www.2maxi.com/ redirect; allow all; } include /etc/nginx/conf.d/cache.conf; include /etc/nginx/conf.d/deny.conf; include /etc/nginx/conf.d/php.conf; # include /etc/nginx/conf.d/limit.conf; } server { listen 80; server_name 2maxi.com 198.23.165.81 .2maxi\.com$\(?.+) www.2maxi\.com$\(?.+); return 301 http://www.2maxi.com$request_uri; } server { listen 80; charset utf-8; source_charset utf-8; server_name ~^(?.+)\.2maxi\.com$; root /var/www/$user; return 301 http://~^(?.+)\.2maxi\.com$request_uri; index 2maxi.com.html index.php; error_page 405 /405.html; location = /405.html { rewrite . http://www.2maxi.com/2maxi.com.gif redirect; allow all; } error_page 400 401 402 403 404 406 407 408 409 410 411 412 413 414 415 416 417 495 496 497 500 501 502 503 504 505 506 507 /error_page.html; location /error_page.html { rewrite . http://www.2maxi.com/ redirect; allow all; } include /etc/nginx/conf.d/cache.conf; include /etc/nginx/conf.d/deny.conf; include /etc/nginx/conf.d/php.conf; # include /etc/nginx/conf.d/limit.conf; } -- Posted via http://www.ruby-forum.com/. From francis at daoine.org Thu Aug 14 09:01:14 2014 From: francis at daoine.org (Francis Daly) Date: Thu, 14 Aug 2014 10:01:14 +0100 Subject: 'auto'rewrite link to a folder In-Reply-To: References: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> Message-ID: <20140814090114.GW3108@daoine.org> On Thu, Aug 14, 2014 at 09:12:39AM +0200, Pascale Camille wrote: Hi there, > i confirmed it used to work greatly > i was working as teacher and needed subdomain easy > create or delete in one minute! > avoiding me to do subdomain process... > (no database site) I don't see how what you provided could ever have worked as you describe. However, that does not matter: the following skeleton seems to work for me; add the rest of your config in as needed: Preparation: $ mkdir -p /tmp/www/{one,two,three} $ for i in /tmp/www/{one,two,three}; do echo "content of $i/index.html" > $i/index.html; done nginx.conf server block: server { server_name ~^(?P.+).example.com; root /tmp/www/$user; } Note that I use the "(?P<" syntax for the named capture; that's what my pcre engine needs. Then test: $ curl -H Host:one.example.com http://localhost/ content of /tmp/www/one/index.html $ curl -H Host:two.example.com http://localhost/ content of /tmp/www/two/index.html $ curl -H Host:nil.example.com http://localhost/ which gives "404 Not Found", as expected. f -- Francis Daly francis at daoine.org From nmilas at noa.gr Thu Aug 14 11:06:38 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Thu, 14 Aug 2014 14:06:38 +0300 Subject: Cannot create directory alias (with php pages) In-Reply-To: <53EBCDD2.5040308@noa.gr> References: <53EBCDD2.5040308@noa.gr> Message-ID: <53EC983E.8020203@noa.gr> On 13/8/2014 11:42 ??, Nikolaos Milas wrote: > Now, I want to create an /xhprof location, which includes php code and > lives in another disk path (in: /usr/share/xhprof/xhprof_html). I > can't make this work... I have modified configuration as follows; the /xprof location works (i.e. I can access non php files), but all php files cannot be accessed (message: 404 Not Found). Nothing is recorded in the error log. Why can't I access the php files in /usr/share/xhprof/xhprof_htmlas /xhprof/filename.php ? Please advise! ------------------------------------------------------------------------------------------ server { listen [::]:80; server_name piwik.example.com; access_log /var/webs/wwwpiwik/log/access_log main; error_log /var/webs/wwwpiwik/log/error_log warn; root /var/webs/wwwpiwik/www/; index index.php index.html index.htm index.cgi default.html default.htm default.php; location / { try_files $uri $uri/ /index.php?$args; allow 127.0.0.1; allow ::1; allow 10.10.10.0/24; deny all; } location ~ /xhprof(.+\.php)$ { alias /usr/share/xhprof/xhprof_html$1; allow 127.0.0.1; allow ::1; allow 10.10.10.0/24; deny all; fastcgi_cache off; try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_intercept_errors on; fastcgi_buffer_size 384k; fastcgi_buffers 256 16k; fastcgi_busy_buffers_size 384k; fastcgi_temp_file_write_size 384k; fastcgi_read_timeout 240; fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$1; } location ~ /xhprof(.*) { alias /usr/share/xhprof/xhprof_html$1; allow 127.0.0.1; allow ::1; allow 10.10.10.0/24; deny all; } location ~ \.php$ { allow 127.0.0.1; allow ::1; allow 10.10.10.0/24; deny all; fastcgi_cache off; try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_intercept_errors on; fastcgi_buffer_size 384k; fastcgi_buffers 256 16k; fastcgi_busy_buffers_size 384k; fastcgi_temp_file_write_size 384k; fastcgi_read_timeout 240; fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; include /etc/nginx/fastcgi_params; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } } ------------------------------------------------------------------------------------------ Thanks, Nick From francis at daoine.org Thu Aug 14 12:26:03 2014 From: francis at daoine.org (Francis Daly) Date: Thu, 14 Aug 2014 13:26:03 +0100 Subject: Cannot create directory alias (with php pages) In-Reply-To: <53EC983E.8020203@noa.gr> References: <53EBCDD2.5040308@noa.gr> <53EC983E.8020203@noa.gr> Message-ID: <20140814122603.GA3108@daoine.org> On Thu, Aug 14, 2014 at 02:06:38PM +0300, Nikolaos Milas wrote: > On 13/8/2014 11:42 ??, Nikolaos Milas wrote: Hi there, > I have modified configuration as follows; the /xprof location works > (i.e. I can access non php files), but all php files cannot be > accessed (message: 404 Not Found). Nothing is recorded in the error > log. > > Why can't I access the php files in /usr/share/xhprof/xhprof_htmlas > /xhprof/filename.php ? The request is /xhprof/filename.php; that should be handled in this location: > location ~ /xhprof(.+\.php)$ { > alias /usr/share/xhprof/xhprof_html$1; > try_files $uri =404; The combination of a regex location, alias, and try_files, probably does not do what you want. I suspect that the 404-with-no-error-log comes from this try_files line. You could (temporarily) either remove the line, or replace it with try_files "" =404; in order to get through to the next stage of the configuration. > include /etc/nginx/fastcgi_params; > fastcgi_param PATH_INFO $fastcgi_script_name; > fastcgi_pass unix:/tmp/php-fpm.sock; > include /etc/nginx/fastcgi_params; > fastcgi_param SCRIPT_FILENAME $document_root$1; alias with variables (and possibly try_files, I don't recall) probably leave some of these variables in a state you don't expect. Your fastcgi server, when it receives repeated fastcgi params, will probably only honour the first or the last one received. If you care, test so that you know, or don't send repeat params (by editing the fastcgi_params files, and only including it once). So: what file-on-the-filesystem do you want your fastcgi server to process? What variable or variables in nginx make up exactly that name? Put that in as SCRIPT_FILENAME. (It may be that $document_root is all you need here.) You can see what nginx sends by looking in the debug log; or by watching the traffic going from nginx to the fastcgi server. Or maybe your fastcgi server has its own logging. f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Thu Aug 14 12:50:07 2014 From: nginx-forum at nginx.us (bodomic) Date: Thu, 14 Aug 2014 08:50:07 -0400 Subject: add_header is not working in certain locations In-Reply-To: <20140813233339.GT3108@daoine.org> References: <20140813233339.GT3108@daoine.org> Message-ID: <3d424176ad64c43f6e376da83e4644f4.NginxMailingListEnglish@forum.nginx.org> Hi Francis, Thanks for your thoughtful entry. It seems that it is a cloudy area of buggy 'if' behaviors :) I've created empty host config with just 'location /' and 'if ... add_header' and proxy_pass - and it works fine. I'll have to retest this situation on my real server though to find out if my 'issue' is gone. As for the second case - yes, it looks like the whole set of http://wiki.nginx.org/IfIsEvil#Examples so I think that's the case of buggy behavior too. I'll try the 'What to do instead' section. But, funny to notice, in my case try_files *does* work, while 'if' does not in the same location. Config of Nginx for Drupal is here: http://wiki.nginx.org/Drupal I'm using it literally from there, just trying to add a buggy 'if' here and there. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252523,252571#msg-252571 From nmilas at noa.gr Thu Aug 14 13:04:47 2014 From: nmilas at noa.gr (Nikolaos Milas) Date: Thu, 14 Aug 2014 16:04:47 +0300 Subject: Cannot create directory alias (with php pages) In-Reply-To: <20140814122603.GA3108@daoine.org> References: <53EBCDD2.5040308@noa.gr> <53EC983E.8020203@noa.gr> <20140814122603.GA3108@daoine.org> Message-ID: <53ECB3EF.40700@noa.gr> On 14/8/2014 3:26 ??, Francis Daly wrote: > The combination of a regex location, alias, and try_files, probably does > not do what you want. > > I suspect that the 404-with-no-error-log comes from this try_files line. Thank you very much Francis, I removed the try_files line and did the modifications you suggest (esp. correction of the mistaken double inclusion of fastcgi_params you noticed), and indeed it works. (I have not tested requesting a PHP page with URL parameters yet.) I have only decided to set: fastcgi_param SCRIPT_FILENAME $request_filename; following a suggestion from here: http://blog.martinfjordvald.com/2011/01/no-input-file-specified-with-php-and-nginx/ rather than $document_root. Would you thing this setting is really preferable/correct in our case or not? Here is current configuration: location ~ /xhprof(.+\.php)$ { alias /usr/share/xhprof/xhprof_html$1; allow 127.0.0.1; allow ::1; allow 10.10.10.0/24; deny all; fastcgi_cache off; include /etc/nginx/fastcgi_params; fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_intercept_errors on; fastcgi_buffer_size 384k; fastcgi_buffers 256 16k; fastcgi_busy_buffers_size 384k; fastcgi_temp_file_write_size 384k; fastcgi_read_timeout 240; fastcgi_pass unix:/tmp/php-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $request_filename; } Thanks again, Nick From nginx-forum at nginx.us Thu Aug 14 13:24:50 2014 From: nginx-forum at nginx.us (itpp2012) Date: Thu, 14 Aug 2014 09:24:50 -0400 Subject: add_header is not working in certain locations In-Reply-To: <3d424176ad64c43f6e376da83e4644f4.NginxMailingListEnglish@forum.nginx.org> References: <20140813233339.GT3108@daoine.org> <3d424176ad64c43f6e376da83e4644f4.NginxMailingListEnglish@forum.nginx.org> Message-ID: <4fd0df4590b6786bc18d6b56e8c135f4.NginxMailingListEnglish@forum.nginx.org> Adding a few notes: IF should only be used to return a state, ea. if ... 'error_page' and nothing else because it breaks the chain of processing, when you really need IF's, nested, setting values or otherwise use Lua. For example: http://forum.nginx.org/read.php?2,251650,251777#msg-251777 The problem lays in event processing, while events are processed a single IF won't do much harm (if ever) but additional IF's can cause strange things, Event1 -> EP1 -> EP2 -> IF1 -> goto EP3 or EP4 -> IF2 (refers to the stage between EP1 and EP2) so you are passed EP2 already when another IF is thrown in, this may result in a loopback to EP2 which may end up at EP3 while your IF1 wanted to go to EP4. Or IF2 processing produced a result which overwrites the result of IF1. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252523,252573#msg-252573 From nginx-forum at nginx.us Thu Aug 14 14:07:59 2014 From: nginx-forum at nginx.us (bodomic) Date: Thu, 14 Aug 2014 10:07:59 -0400 Subject: add_header is not working in certain locations In-Reply-To: <4fd0df4590b6786bc18d6b56e8c135f4.NginxMailingListEnglish@forum.nginx.org> References: <20140813233339.GT3108@daoine.org> <3d424176ad64c43f6e376da83e4644f4.NginxMailingListEnglish@forum.nginx.org> <4fd0df4590b6786bc18d6b56e8c135f4.NginxMailingListEnglish@forum.nginx.org> Message-ID: <5702800532527fd45129e5f51ec83e65.NginxMailingListEnglish@forum.nginx.org> Thanks for your reply, I've actually found the second traitor (i.e. why second example won't work), will reply to Francis's post once more. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252523,252574#msg-252574 From nginx-forum at nginx.us Thu Aug 14 14:16:43 2014 From: nginx-forum at nginx.us (bodomic) Date: Thu, 14 Aug 2014 10:16:43 -0400 Subject: add_header is not working in certain locations In-Reply-To: <20140813233339.GT3108@daoine.org> References: <20140813233339.GT3108@daoine.org> Message-ID: <050ce526636ecd600e409fb60d49a5a1.NginxMailingListEnglish@forum.nginx.org> Actually, the second problem is described in this document too, I think I should re-read it every time I want to use IF. In my example (before posting it here) I've dropped the second IF in the same location without much thought. That's why it worked for you. That's why it worked in a separate location - I didn't move a second IF there, and again, did not pay enough attention to that. So, the problem was the second IF in the same location. This is really not an easy thing to understand, so it should be the sole recommendation of denying IFs on the top of rewrite module documentation :) Francis Daly Wrote: > http://wiki.nginx.org/IfIsEvil for details. > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252523,252575#msg-252575 From lists at ruby-forum.com Thu Aug 14 14:33:04 2014 From: lists at ruby-forum.com (Pascale Camille) Date: Thu, 14 Aug 2014 16:33:04 +0200 Subject: 'auto'rewrite link to a folder In-Reply-To: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> References: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> Message-ID: <51f8b0dc23fb9e794523d239d78155c6@ruby-forum.com> hi, thanks for mini lesson of batch command useful in futur. hum, i did what you wrote i rebuilded vps with debian 7 remove apache just fail to restart nginx editing nginx.conf so i put in /etc/nginx/sites-available/default and i am beat confused: root at www:/# curl -H Host:one.2maxi.com http://localhost/ content of /tmp/www/one/index.html root at www:/# curl -H Host:nil.2maxi.com http://localhost/ 404 Not Found

404 Not Found

nginx/1.2.1
root at www:/# so in web browser i should see content of /tmp/www/one/index.html but i have 'this page not available ... DNS lookup failed" and 2maxi.com/nil or what else gives 2maxi.com -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Thu Aug 14 14:47:28 2014 From: nginx-forum at nginx.us (bodomic) Date: Thu, 14 Aug 2014 10:47:28 -0400 Subject: 'auto'rewrite link to a folder In-Reply-To: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> References: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> Message-ID: <5d9aae30dceaceda55ee662b5b9bef35.NginxMailingListEnglish@forum.nginx.org> Hi, you may find this overkill configuration helpful: http://publications.jbfavre.org/web/nginx-vhosts-automatiques-avec-SSL-et-authentification.en Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252553,252577#msg-252577 From lists at ruby-forum.com Thu Aug 14 14:51:44 2014 From: lists at ruby-forum.com (Pascale Camille) Date: Thu, 14 Aug 2014 16:51:44 +0200 Subject: 'auto'rewrite link to a folder In-Reply-To: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> References: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> Message-ID: <0fd03ae2a2c74a85221e2638c771fc8a@ruby-forum.com> yes i already read month ago but i can not make it work i wrote to the autor, no news :( -- Posted via http://www.ruby-forum.com/. From lists at ruby-forum.com Thu Aug 14 15:55:18 2014 From: lists at ruby-forum.com (Pascale Camille) Date: Thu, 14 Aug 2014 17:55:18 +0200 Subject: 'auto'rewrite link to a folder In-Reply-To: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> References: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> Message-ID: <382b47f5ed4fc2b34a5bb02325d07e6d@ruby-forum.com> hi, @bodomic, i just did again and remembered error, in webrowser it rewrote in loop: http://198.23.139.108//www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/www.2maxi.com/ -- Posted via http://www.ruby-forum.com/. From francis at daoine.org Thu Aug 14 17:16:55 2014 From: francis at daoine.org (Francis Daly) Date: Thu, 14 Aug 2014 18:16:55 +0100 Subject: add_header is not working in certain locations In-Reply-To: <050ce526636ecd600e409fb60d49a5a1.NginxMailingListEnglish@forum.nginx.org> References: <20140813233339.GT3108@daoine.org> <050ce526636ecd600e409fb60d49a5a1.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140814171655.GC3108@daoine.org> On Thu, Aug 14, 2014 at 10:16:43AM -0400, bodomic wrote: Hi there, > Actually, the second problem is described in this document too, I think I > should re-read it every time I want to use IF. "if" is fine. It is only "if inside location" which needs care. My general guideline is: do "return ..."; or do "rewrite ... last"; or don't do it without understanding it. > In my example (before posting it here) I've dropped the second IF in the > same location without much thought. > That's why it worked for you. That's why it worked in a separate location - > I didn't move a second IF there, and again, did not pay enough attention to > that. Ah, right. Yes, it is always best to create a scratch system with a small config that reliably shows the problem you encounter (and which contains no private information), and then copy-paste exactly what is in the scratch system. That way, everyone testing things is looking at the same thing. (And the "nginx -V" output can be useful too, in case there are version or compile-time differences which matter.) > So, the problem was the second IF in the same location. I'd say that the problem was using "if" inside "location" without understanding the nginx quirks. Two or three "if"s might have been ok. One might have caused things not to work as you wanted. f -- Francis Daly francis at daoine.org From francis at daoine.org Thu Aug 14 17:23:20 2014 From: francis at daoine.org (Francis Daly) Date: Thu, 14 Aug 2014 18:23:20 +0100 Subject: 'auto'rewrite link to a folder In-Reply-To: <51f8b0dc23fb9e794523d239d78155c6@ruby-forum.com> References: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> <51f8b0dc23fb9e794523d239d78155c6@ruby-forum.com> Message-ID: <20140814172320.GD3108@daoine.org> On Thu, Aug 14, 2014 at 04:33:04PM +0200, Pascale Camille wrote: Hi there, > root at www:/# curl -H Host:one.2maxi.com http://localhost/ > content of /tmp/www/one/index.html > root at www:/# curl -H Host:nil.2maxi.com http://localhost/ > > 404 Not Found > >

404 Not Found

>
nginx/1.2.1
> > > root at www:/# So: they both say that if the request gets to nginx, nginx responds as you want it to. > so in web browser i should see > content of /tmp/www/one/index.html ...if the browser makes the request of nginx. > but i have 'this page not available ... DNS lookup failed" And that says that the browser did not know where nginx was. You need your browser to be able to turn the hostnames one.2maxi.com and nil.2maxi.com (and any others that you will use) into the IP address of your nginx server. This is usually either "set up dns right", or "populate your browser machines etc/hosts file" -- but it might be "get resolution working on your proxy server" or something else instead. It's outside the scope of nginx, but may be useful to add to DNS many individual A records, or a single wildcard one, for the hostnames that you care about. > and 2maxi.com/nil or what else gives 2maxi.com That suggests that your browser can resolve 2maxi.com to the nginx server, and hopefully it is clear from your configuration why the response was what it was. f -- Francis Daly francis at daoine.org From francis at daoine.org Thu Aug 14 17:32:15 2014 From: francis at daoine.org (Francis Daly) Date: Thu, 14 Aug 2014 18:32:15 +0100 Subject: Cannot create directory alias (with php pages) In-Reply-To: <53ECB3EF.40700@noa.gr> References: <53EBCDD2.5040308@noa.gr> <53EC983E.8020203@noa.gr> <20140814122603.GA3108@daoine.org> <53ECB3EF.40700@noa.gr> Message-ID: <20140814173215.GE3108@daoine.org> On Thu, Aug 14, 2014 at 04:04:47PM +0300, Nikolaos Milas wrote: > On 14/8/2014 3:26 ??, Francis Daly wrote: Hi there, > I have only decided to set: > > fastcgi_param SCRIPT_FILENAME $request_filename; > > following a suggestion from here: > > http://blog.martinfjordvald.com/2011/01/no-input-file-specified-with-php-and-nginx/ > > rather than $document_root. Would you thing this setting is really > preferable/correct in our case or not? I think it is both correct and preferable. The variable has the right value (because you do not care about the request "/dir/" indicating the file "/usr/share/xhprof/xhprof_html/dir/index.php"); and it is clearer than $document_root (which would normally be a directory name, if "alias" were not involved here). Cheers, f -- Francis Daly francis at daoine.org From lists at ruby-forum.com Thu Aug 14 18:27:10 2014 From: lists at ruby-forum.com (Pascale Camille) Date: Thu, 14 Aug 2014 20:27:10 +0200 Subject: 'auto'rewrite link to a folder In-Reply-To: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> References: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> Message-ID: <050006fe8d27d7bec3abba2e4b71db02@ruby-forum.com> yep you are rigth DNS declaration, so it become standard vhost... i wonder why it did work without A maybe it was not real subdomain : pointing a folder from a volatil url and rewriting this url permanetly... as my little experiment and http://publications.jbfavre.org/web/nginx-vhosts-automatiques-avec-SSL-et-authentification.en it works, but how to make it works? -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Fri Aug 15 07:22:47 2014 From: nginx-forum at nginx.us (bodomic) Date: Fri, 15 Aug 2014 03:22:47 -0400 Subject: 'auto'rewrite link to a folder In-Reply-To: <050006fe8d27d7bec3abba2e4b71db02@ruby-forum.com> References: <050006fe8d27d7bec3abba2e4b71db02@ruby-forum.com> Message-ID: <9fa448a836f79cc2beca9024be4de392.NginxMailingListEnglish@forum.nginx.org> I think your current config is too complicated now so that your regular expressions do not do what you think they should. Try a separate server setup in this manner: server { listen 80 default; server_name .example.com; set $project www; set $user www-data; if ($host ~* ^([^.]+)\.([^.]+)\.example\.com$) { set $project $1; set $user $2; } if (!-d /home/$user/sites/$project/public) { rewrite ^(.*)$ http://www.example.com permanent; } root /home/$user/sites/$project/public; index index.php index.htm index.html; } Create some dns names like user1.www.example.com (or just put them to your local hosts file) all pointing to the same host. Create folders /home/user1/sites/www/public and put index.html stating "This is a home of user1" there. Make sure you have access and error logs. It should work. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252553,252585#msg-252585 From nginx-forum at nginx.us Fri Aug 15 09:05:19 2014 From: nginx-forum at nginx.us (756323342) Date: Fri, 15 Aug 2014 05:05:19 -0400 Subject: could not find "/usr/local/nginx" after yum install nginx Message-ID: <3ffc5428b24fd3d510f797a369d49cd4.NginxMailingListEnglish@forum.nginx.org> hello,i'm new to nginx. i'm using "yum" to install nginx.i followed the instruction(http://wiki.nginx.org/Install),and added repository for nginx. After i finished it,i can't find this directory(/usr/local/nginx).but in the page(http://wiki.nginx.org/InstallOptions),it tells me that "/usr/local/nginx directory by default" i don't know why.is that possible that the Doc in wiki is for the older version? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252586,252586#msg-252586 From smallfish.xy at gmail.com Fri Aug 15 09:10:53 2014 From: smallfish.xy at gmail.com (smallfish) Date: Fri, 15 Aug 2014 17:10:53 +0800 Subject: could not find "/usr/local/nginx" after yum install nginx In-Reply-To: <3ffc5428b24fd3d510f797a369d49cd4.NginxMailingListEnglish@forum.nginx.org> References: <3ffc5428b24fd3d510f797a369d49cd4.NginxMailingListEnglish@forum.nginx.org> Message-ID: You can query the files in `nginx` rpm package, example: $ rpm -qa | grep nginx nginx-x.x.x $ rpm -ql nginx-x.x.x # blablabla -- smallfish http://chenxiaoyu.org On Fri, Aug 15, 2014 at 5:05 PM, 756323342 wrote: > hello,i'm new to nginx. > i'm using "yum" to install nginx.i followed the > instruction(http://wiki.nginx.org/Install),and added repository for nginx. > After i finished it,i can't find this directory(/usr/local/nginx).but in > the > page(http://wiki.nginx.org/InstallOptions),it tells me that > "/usr/local/nginx directory by default" > > i don't know why.is that possible that the Doc in wiki is for the older > version? > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,252586,252586#msg-252586 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From arut at nginx.com Fri Aug 15 10:56:10 2014 From: arut at nginx.com (Roman Arutyunyan) Date: Fri, 15 Aug 2014 14:56:10 +0400 Subject: Regarding proxy_next_upstream parameter In-Reply-To: References: Message-ID: On 10 Aug 2014, at 21:27, Pankaj Kaushik wrote: > Hi, > > I am trying to do failover as per below configuration :- > > upstream backend { > hash $key2 consistent; > server 10.0.0.22:8080; > server 10.0.0.23:8080; > server 10.0.0.24:8080; > server 10.0.0.25:8080; > server 10.0.0.26:8080; > } > upstream backend_2 { > server 10.0.0.22:8080; > server 10.0.0.23:8080; > server 10.0.0.24:8080; > server 10.0.0.25:8080; > server 10.0.0.26:8080; > } > > server { > listen 90 default_server; > > location = / { > proxy_pass http://backend_2; > proxy_next_upstream error timeout http_404; > } > location / { > proxy_pass http://backend; > proxy_next_upstream error timeout http_404; > } > > } > > In error logs i received following message :- > > 2014/08/10 09:52:16 [info] 514#0: *184 epoll_wait() reported that client prematurely closed connection, so upstream connection is closed too while sending request to upstream, client: 14.102.112.84, server: , request: "GET /mybucket4/ HTTP/1.1", upstream: "http://10.0.0.23:8080/mybucket4/", host: "65.60.72.19:90" > > > Can any body help me on this ? The error text explains everything. The client closes connection before receiving any response from the server while it was sending request to upstream. From lists at ruby-forum.com Fri Aug 15 15:44:32 2014 From: lists at ruby-forum.com (Pascale Camille) Date: Fri, 15 Aug 2014 17:44:32 +0200 Subject: [resolved]'auto'rewrite link to a folder In-Reply-To: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> References: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> Message-ID: <8156e5b343b98510544ac860dde5aaee@ruby-forum.com> thanks to all, 'perhaps' i solved my problem by adding in my DNS record: * CNAME 14440 2maxi.com and i used a script to create subdomain from tuxlite.com of course i'd preferred to understand what it did but no time to, site down for 4 monthes... -- Posted via http://www.ruby-forum.com/. From andre at digirati.com.br Fri Aug 15 17:33:39 2014 From: andre at digirati.com.br (Andre Nathan) Date: Fri, 15 Aug 2014 14:33:39 -0300 Subject: Problem with a reverse proxy and trailing slash redirects Message-ID: <53EE4473.3020703@digirati.com.br> Hello We have a service for our customers that allows them to test their site before they point their DNS to our servers. It works like this: we configure their websites in our backend servers as usual, and we create an entry in a zone we own. Say the customer's site is www.foo.com; we give him a temporary address at foo.tmpzone.com where he can try our services without changing his DNS records. This is done by configuring foo.tmpzone.com in Nginx, which then redirects to the backend server: server { listen 1.2.3.4:80; server_name foo.tmpzone.com; location / { proxy_pass http://4.3.2.1; proxy_redirect http://4.3.2.1/ http://$host/; proxy_set_header Host www.foo.com; } } The problem with this setup is that if one tries to access, say, foo.tmpzone.com/blah, Nginx will issue a 301 redirect adding a trailing slash, but the Location will be set to "www.foo.com/blah/". This seems to be due to the proxy_set_header directive, which is needed for the backend server to find the appropriate virtual host. Is there any way to override this behavior and have Nginx redirect to foo.tmpzone.com/blah/ instead? I tried turning on the server_name_in_redirect directive, but it didn't work. Thanks in advance, Andre -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 474 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 473 bytes Desc: OpenPGP digital signature URL: From nginx-forum at nginx.us Fri Aug 15 18:16:12 2014 From: nginx-forum at nginx.us (double) Date: Fri, 15 Aug 2014 14:16:12 -0400 Subject: Patch against server DOS Message-ID: <2849888f515319784c257ae0e40e04cc.NginxMailingListEnglish@forum.nginx.org> Hello, My NGINX got a denial of service. The machine proxied large files using "proxy_store". Someone was creating an artifical request for a rarely used file, causing NGINX to download a big file from upstream, then he immediately closed the connection. NGINX continued to download this file. Then he did the same again with some other rarely used file. Within a couple of minutes I had thousands of connections, downloading huge files from the backend. My solution was, to add a small feature: proxy_ignore_client_abort 10%; If the server did not download at least 10% from the backend-machine, he closes the connection to the backend as soon as the client closed the connection to the server, even if "proxy_store" was used. The patch: http://doppelbauer.name/abort-upstream-161.patch Thanks a lot Markus Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252594,252594#msg-252594 From Jared.McIntyre at medsimulation.com Fri Aug 15 21:01:54 2014 From: Jared.McIntyre at medsimulation.com (Jared McIntyre) Date: Fri, 15 Aug 2014 21:01:54 +0000 Subject: Disable Upstream Timeouts in Custom Module Message-ID: <564d065806484cb0b09986427e40cfc5@MSCEX2.corp.medsimulation.com> I have a custom module that is proxying an upstream TCP based server. I can manipulate the timeouts by changing the ngx_http_upstream_conf_t's read_timeout and send_timeout to increase the timeout. However, for my particular use case, it would be better if there is no artificial timeout based on the length of time between received and sent packets. As long as the TCP connection is still live, there should be no 504. Is there any way to disable the send and read timouts in their entirety? Thanks, Jared -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Aug 15 21:22:16 2014 From: nginx-forum at nginx.us (pngu) Date: Fri, 15 Aug 2014 17:22:16 -0400 Subject: help debugging nginx core dump Message-ID: Hi expert, I am running into nginx core dump issue and I need experts help in debugging. Thank you so much! we are running nginx 1.6.1 on centos 5.6 nginx version: nginx/1.6.1 built by gcc 4.1.2 20080704 (Red Hat 4.1.2-54) TLS SNI support enabled configure arguments: --prefix=/Local/ThirdParty/nginx --sbin-path=/Local/ThirdParty/nginx/nginx --conf-path=/Local/ThirdParty/nginx/conf/AOS-nginx.conf --error-log-path=/Local/ThirdParty/nginx/logs/AOS-error.log --with-http_stub_status_module --pid-path=/Local/ThirdParty/nginx/runtime/nginx.pid --lock-path=/Local/ThirdParty/nginx/runtime/nginx.lock --with-http_ssl_module --with-http_gzip_static_module --with-pcre=/home/worun/pcre-8.35 --with-openssl=/home/worun/openssl-0.9.8y --with-http_realip_module --with-debug --add-module=/home/worun/nginx-auth-ldap-0.1/ out put from the gdb core dump GNU gdb (GDB) Red Hat Enterprise Linux (7.0.1-45.0.1.el5) Copyright (C) 2009 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /Local/ThirdParty/nginx/nginx...done. [New Thread 28390] Reading symbols from /lib64/libpthread.so.0...(no debugging symbols found)...done. [Thread debugging using libthread_db enabled] Loaded symbols for /lib64/libpthread.so.0 Reading symbols from /lib64/libcrypt.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypt.so.1 Reading symbols from /usr/lib64/libldap-2.3.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libldap-2.3.so.0 Reading symbols from /lib64/libdl.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libdl.so.2 Reading symbols from /usr/lib64/libz.so.1...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libz.so.1 Reading symbols from /lib64/libc.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libc.so.6 Reading symbols from /lib64/ld-linux-x86-64.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/ld-linux-x86-64.so.2 Reading symbols from /usr/lib64/liblber-2.3.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/liblber-2.3.so.0 Reading symbols from /lib64/libresolv.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libresolv.so.2 Reading symbols from /usr/lib64/libsasl2.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libsasl2.so.2 Reading symbols from /lib64/libssl.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libssl.so.6 Reading symbols from /lib64/libcrypto.so.6...(no debugging symbols found)...done. Loaded symbols for /lib64/libcrypto.so.6 Reading symbols from /usr/lib64/libgssapi_krb5.so.2...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libgssapi_krb5.so.2 Reading symbols from /usr/lib64/libkrb5.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5.so.3 Reading symbols from /lib64/libcom_err.so.2...(no debugging symbols found)...done. Loaded symbols for /lib64/libcom_err.so.2 Reading symbols from /usr/lib64/libk5crypto.so.3...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libk5crypto.so.3 Reading symbols from /usr/lib64/libkrb5support.so.0...(no debugging symbols found)...done. Loaded symbols for /usr/lib64/libkrb5support.so.0 Reading symbols from /lib64/libkeyutils.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libkeyutils.so.1 Reading symbols from /lib64/libselinux.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libselinux.so.1 Reading symbols from /lib64/libsepol.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libsepol.so.1 Reading symbols from /lib64/libgcc_s.so.1...(no debugging symbols found)...done. Loaded symbols for /lib64/libgcc_s.so.1 warning: no loadable sections found in added symbol-file system-supplied DSO at 0x7fffe65fc000 Core was generated by `nginx: w'. Program terminated with signal 6, Aborted. #0 0x00002adaf5619265 in raise () from /lib64/libc.so.6 (gdb) bt #0 0x00002adaf5619265 in raise () from /lib64/libc.so.6 #1 0x00002adaf561ad10 in abort () from /lib64/libc.so.6 #2 0x00002adaf565399b in __libc_message () from /lib64/libc.so.6 #3 0x00002adaf565b45f in _int_free () from /lib64/libc.so.6 #4 0x00002adaf565b8bb in free () from /lib64/libc.so.6 #5 0x000000000042bbe0 in ngx_destroy_pool (pool=0x8f6f010) at src/core/ngx_palloc.c:87 #6 0x000000000047de82 in ngx_http_free_request (r=0x8f6f060, rc=0) at src/http/ngx_http_request.c:3492 #7 0x000000000047cae2 in ngx_http_set_keepalive (r=0x8f6f060) at src/http/ngx_http_request.c:2894 #8 0x000000000047c091 in ngx_http_finalize_connection (r=0x8f6f060) at src/http/ngx_http_request.c:2537 #9 0x000000000047bd38 in ngx_http_finalize_request (r=0x8f6f060, rc=0) at src/http/ngx_http_request.c:2438 #10 0x00000000004992e4 in ngx_http_upstream_finalize_request (r=0x8f6f060, u=0x8fd6a50, rc=0) at src/http/ngx_http_upstream.c:3558 #11 0x00000000004984b3 in ngx_http_upstream_process_request (r=0x8f6f060) at src/http/ngx_http_upstream.c:3159 #12 0x00000000004981f8 in ngx_http_upstream_process_upstream (r=0x8f6f060, u=0x8fd6a50) at src/http/ngx_http_upstream.c:3090 #13 0x0000000000496c86 in ngx_http_upstream_send_response (r=0x8f6f060, u=0x8fd6a50) at src/http/ngx_http_upstream.c:2493 #14 0x0000000000495168 in ngx_http_upstream_process_header (r=0x8f6f060, u=0x8fd6a50) at src/http/ngx_http_upstream.c:1735 #15 0x0000000000493a32 in ngx_http_upstream_handler (ev=0x8fa0c70) at src/http/ngx_http_upstream.c:977 #16 0x00000000004502b4 in ngx_event_process_posted (cycle=0x8f64030, posted=0x872da8) at src/event/ngx_event_posted.c:40 #17 0x000000000044ddd5 in ngx_process_events_and_timers (cycle=0x8f64030) at src/event/ngx_event.c:275 #18 0x000000000045b080 in ngx_worker_process_cycle (cycle=0x8f64030, data=0x0) at src/os/unix/ngx_process_cycle.c:816 #19 0x0000000000457b8d in ngx_spawn_process (cycle=0x8f64030, proc=0x45ae92 , data=0x0, name=0x5cb0f6 "worker process", respawn=0) at src/os/unix/ngx_process.c:198 #20 0x000000000045aaab in ngx_reap_children (cycle=0x8f64030) at src/os/unix/ngx_process_cycle.c:627 #21 0x00000000004597dc in ngx_master_process_cycle (cycle=0x8f64030) at src/os/unix/ngx_process_cycle.c:180 #22 0x0000000000428904 in main (argc=1, argv=0x7fffe6534ef8) at src/core/nginx.c:407 (gdb) (gdb) bt full #0 0x00002adaf5619265 in raise () from /lib64/libc.so.6 No symbol table info available. #1 0x00002adaf561ad10 in abort () from /lib64/libc.so.6 No symbol table info available. #2 0x00002adaf565399b in __libc_message () from /lib64/libc.so.6 No symbol table info available. #3 0x00002adaf565b45f in _int_free () from /lib64/libc.so.6 No symbol table info available. #4 0x00002adaf565b8bb in free () from /lib64/libc.so.6 No symbol table info available. #5 0x000000000042bbe0 in ngx_destroy_pool (pool=0x8f6f010) at src/core/ngx_palloc.c:87 p = 0x8f6f010 n = 0x8fd6a30 l = 0x0 c = 0x0 #6 0x000000000047de82 in ngx_http_free_request (r=0x8f6f060, rc=0) at src/http/ngx_http_request.c:3492 log = 0x8f790b0 pool = 0x8f6f010 linger = {l_onoff = -430750128, l_linger = 32767} cln = 0x0 ctx = 0x8f79180 clcf = 0x42c1b4 #7 0x000000000047cae2 in ngx_http_set_keepalive (r=0x8f6f060) at src/http/ngx_http_request.c:2894 tcp_nodelay = 10970 i = 150828568 b = 0x8f79208 f = 0x8fd7618 rev = 0x8fa0c08 wev = 0x4a27c9 c = 0x2adaf4979448 hc = 0x8f790f8 cscf = 0x7fffe65346f0 clcf = 0x8f93790 #8 0x000000000047c091 in ngx_http_finalize_connection (r=0x8f6f060) at src/http/ngx_http_request.c:2537 clcf = 0x8f93790 #9 0x000000000047bd38 in ngx_http_finalize_request (r=0x8f6f060, rc=0) at src/http/ngx_http_request.c:2438 c = 0x2adaf4979448 pr = 0x0 clcf = 0x8fd7680 #10 0x00000000004992e4 in ngx_http_upstream_finalize_request (r=0x8f6f060, u=0x8fd6a50, rc=0) at src/http/ngx_http_upstream.c:3558 flush = 0 tp = 0x86c330 #11 0x00000000004984b3 in ngx_http_upstream_process_request (r=0x8f6f060) at src/http/ngx_http_upstream.c:3159 tf = 0x100000010 p = 0x8fd6e98 u = 0x8fd6a50 #12 0x00000000004981f8 in ngx_http_upstream_process_upstream (r=0x8f6f060, u=0x8fd6a50) at src/http/ngx_http_upstream.c:3090 c = 0x2adaf4979520 #13 0x0000000000496c86 in ngx_http_upstream_send_response (r=0x8f6f060, u=0x8fd6a50) at src/http/ngx_http_upstream.c:2493 ---Type to continue, or q to quit--- tcp_nodelay = 0 n = 140737057605712 rc = 0 p = 0x8fd6e98 c = 0x2adaf4979448 clcf = 0x8f93790 #14 0x0000000000495168 in ngx_http_upstream_process_header (r=0x8f6f060, u=0x8fd6a50) at src/http/ngx_http_upstream.c:1735 n = 842 rc = 0 c = 0x2adaf4979520 #15 0x0000000000493a32 in ngx_http_upstream_handler (ev=0x8fa0c70) at src/http/ngx_http_upstream.c:977 c = 0x2adaf4979448 r = 0x8f6f060 ctx = 0x8f79180 u = 0x8fd6a50 #16 0x00000000004502b4 in ngx_event_process_posted (cycle=0x8f64030, posted=0x872da8) at src/event/ngx_event_posted.c:40 ev = 0x8fa0c70 #17 0x000000000044ddd5 in ngx_process_events_and_timers (cycle=0x8f64030) at src/event/ngx_event.c:275 flags = 3 timer = 59971 delta = 28 #18 0x000000000045b080 in ngx_worker_process_cycle (cycle=0x8f64030, data=0x0) at src/os/unix/ngx_process_cycle.c:816 worker = 0 i = 140737057607408 c = 0x0 #19 0x0000000000457b8d in ngx_spawn_process (cycle=0x8f64030, proc=0x45ae92 , data=0x0, name=0x5cb0f6 "worker process", respawn=0) at src/os/unix/ngx_process.c:198 on = 1 pid = 0 s = 0 #20 0x000000000045aaab in ngx_reap_children (cycle=0x8f64030) at src/os/unix/ngx_process_cycle.c:627 i = 0 n = 8 live = 0 ch = {command = 2, pid = 28371, slot = 0, fd = -1} ccf = 0x53ee7696 #21 0x00000000004597dc in ngx_master_process_cycle (cycle=0x8f64030) at src/os/unix/ngx_process_cycle.c:180 title = 0x8f9dbb4 "master process ./nginx" p = 0x8f9dbca "" size = 23 i = 1 n = 0 sigio = 0 set = {__val = {0 }} itv = {it_interval = {tv_sec = 0, tv_usec = 8644424}, it_value = {tv_sec = 8, tv_usec = 41}} live = 1 delay = 0 ls = 0x0 ccf = 0x8f65000 ---Type to continue, or q to quit--- #22 0x0000000000428904 in main (argc=1, argv=0x7fffe6534ef8) at src/core/nginx.c:407 i = 52 log = 0x86c180 cycle = 0x8f64030 init_cycle = {conf_ctx = 0x0, pool = 0x8f63690, log = 0x86c180, new_log = {log_level = 0, file = 0x0, connection = 0, handler = 0, data = 0x0, action = 0x0, next = 0x0}, log_use_stderr = 0, files = 0x0, free_connections = 0x0, free_connection_n = 0, reusable_connections_queue = {prev = 0x0, next = 0x0}, listening = {elts = 0x0, nelts = 0, size = 0, nalloc = 0, pool = 0x0}, paths = {elts = 0x0, nelts = 0, size = 0, nalloc = 0, pool = 0x0}, open_files = {last = 0x0, part = {elts = 0x0, nelts = 0, next = 0x0}, size = 0, nalloc = 0, pool = 0x0}, shared_memory = {last = 0x0, part = {elts = 0x0, nelts = 0, next = 0x0}, size = 0, nalloc = 0, pool = 0x0}, connection_n = 0, files_n = 0, connections = 0x0, read_events = 0x0, write_events = 0x0, old_cycle = 0x0, conf_file = {len = 43, data = 0x5c7378 "/Local/ThirdParty/nginx/conf/AOS-nginx.conf"}, conf_param = {len = 0, data = 0x0}, conf_prefix = {len = 29, data = 0x5c7378 "/Local/ThirdParty/nginx/conf/AOS-nginx.conf"}, prefix = {len = 24, data = 0x5c735e "/Local/ThirdParty/nginx/"}, lock_file = {len = 0, data = 0x0}, hostname = {len = 0, data = 0x0}} ccf = 0x8f65000 (gdb) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252597,252597#msg-252597 From francis at daoine.org Fri Aug 15 22:17:31 2014 From: francis at daoine.org (Francis Daly) Date: Fri, 15 Aug 2014 23:17:31 +0100 Subject: Problem with a reverse proxy and trailing slash redirects In-Reply-To: <53EE4473.3020703@digirati.com.br> References: <53EE4473.3020703@digirati.com.br> Message-ID: <20140815221731.GI3108@daoine.org> On Fri, Aug 15, 2014 at 02:33:39PM -0300, Andre Nathan wrote: Hi there, > The problem with this setup is that if one tries to access, say, > foo.tmpzone.com/blah, Nginx will issue a 301 redirect adding a trailing > slash, but the Location will be set to "www.foo.com/blah/". This seems > to be due to the proxy_set_header directive, which is needed for the > backend server to find the appropriate virtual host. > > Is there any way to override this behavior and have Nginx redirect to > foo.tmpzone.com/blah/ instead? I tried turning on the > server_name_in_redirect directive, but it didn't work. http://nginx.org/r/proxy_redirect f -- Francis Daly francis at daoine.org From richard at kearsley.me Fri Aug 15 22:37:15 2014 From: richard at kearsley.me (Richard Kearsley) Date: Sat, 16 Aug 2014 00:37:15 +0200 Subject: aio breaks spdy Message-ID: <53EE8B9B.7060000@kearsley.me> Hi I have been tracing an issue for the past couple of days and have narrowed down the case to when spdy is being used with aio Testing using a 1GB file download in chrome and firefox, http and https download as normal using spdy, only the first ~250k is downloaded and then a wait of exactly 60 seconds between subsequent bursts of ~250k turning 'aio off;' fixes the problem and spdy can download at the normal speed I hope someone can investigate this further Configuration details are below, if any more information is needed please let me know Many thanks Richard FreeBSD 9.2 OpenSSL 1.0.1i 6 Aug 2014 nginx version: nginx/1.7.4 built by gcc 4.2.1 20070831 patched [FreeBSD] TLS SNI support enabled configure arguments: --with-debug --with-http_ssl_module --with-http_spdy_module --with-file-aio also tried nginx/1.6.0 nginx.conf: worker_processes 1; events { worker_connections 1024; } http { include mime.types; aio on; ssl_certificate default.cer; ssl_certificate_key default.key; server { listen 80; listen 443 ssl spdy; location / { root /data; index index.html index.htm; } } } From vbart at nginx.com Fri Aug 15 23:00:58 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Sat, 16 Aug 2014 03:00:58 +0400 Subject: aio breaks spdy In-Reply-To: <53EE8B9B.7060000@kearsley.me> References: <53EE8B9B.7060000@kearsley.me> Message-ID: <4589237.9Fh4HLjcZY@vbart-laptop> On Saturday 16 August 2014 00:37:15 Richard Kearsley wrote: > Hi > I have been tracing an issue for the past couple of days and have > narrowed down the case to when spdy is being used with aio > Testing using a 1GB file download in chrome and firefox, http and https > download as normal > using spdy, only the first ~250k is downloaded and then a wait of > exactly 60 seconds between subsequent bursts of ~250k > turning 'aio off;' fixes the problem and spdy can download at the normal > speed > > I hope someone can investigate this further > Configuration details are below, if any more information is needed > please let me know > Could you provide a debug log? http://nginx.org/en/docs/debugging_log.html wbr, Valentin V. Bartenev From richard at kearsley.me Fri Aug 15 23:27:19 2014 From: richard at kearsley.me (Richard Kearsley) Date: Sat, 16 Aug 2014 01:27:19 +0200 Subject: aio breaks spdy In-Reply-To: <4589237.9Fh4HLjcZY@vbart-laptop> References: <53EE8B9B.7060000@kearsley.me> <4589237.9Fh4HLjcZY@vbart-laptop> Message-ID: <53EE9757.10706@kearsley.me> attached On 16/08/14 01:00, Valentin V. Bartenev wrote: > Could you provide a debug log? -------------- next part -------------- A non-text attachment was scrubbed... Name: debug-spdy-aio-2014-08-15-1.log Type: text/x-log Size: 286492 bytes Desc: not available URL: From reallfqq-nginx at yahoo.fr Sat Aug 16 08:21:11 2014 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Sat, 16 Aug 2014 10:21:11 +0200 Subject: Patch against server DOS In-Reply-To: <2849888f515319784c257ae0e40e04cc.NginxMailingListEnglish@forum.nginx.org> References: <2849888f515319784c257ae0e40e04cc.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello, I may have missed something, but it was to my understanding that nginx continuously send data to clients, thus fill up buffers whil the client empties it at the same time (FIFO). Thus, to me, backend upload was stopping when the allocated buffer(s) was(were) full, waiting for space being available in it(them). That is how/why, to my understanding (again), nginx was supposed to be able to handle slow clients. The intuitive solution if it was to happen to me, would have been to reduce buffer(s) size + number to ensure they fill up quickier (and thus stop downloading from upstream with the same velocity). In the end, the computation of the 'lost' resource is done: - in space with number of 'attackers' * num buffers * size buffer - in time with space calculated above / upstream sownloading speed (an average would be enough) Is not your patch redundant with existing capabilities? You just added another caluclation, competing with the one above, multiplying the above values per 10%. You could as much have reduced the settings above to meet the same result, could not you? Not talking about the risk of introducing vulnerabilities/instabilities with custom patch. What if the attacker modifies its client to ensure downloading 50% of the file (thanks to his /dev/null)? Your patch becomes useless and the resources grow back to what they used to be... on the other hand, the standard way of having modified how you handle upstream data would have been resisting, whatever amount of data any client grabs. What have I missed here? --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From rva at onvaoo.com Sat Aug 16 08:27:12 2014 From: rva at onvaoo.com (Ronald Van Assche) Date: Sat, 16 Aug 2014 10:27:12 +0200 Subject: redirect question (inception inside) Message-ID: I want to redirect /us/us/directory/filename to the /us/directory/filename directory on my Nginx server. but this if ( $request_filename ~ /us/us/.+ ) { rewrite ^(.*) http://mysiteurlt/us/$1 permanent; } wont work. How can i redirect or rewrite such url ? From nginx-forum at nginx.us Sat Aug 16 08:44:22 2014 From: nginx-forum at nginx.us (itpp2012) Date: Sat, 16 Aug 2014 04:44:22 -0400 Subject: redirect question (inception inside) In-Reply-To: References: Message-ID: Shouldn't the /us/ be removed in the rewrite? what does the logfile say where it is trying to locate to? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252606,252607#msg-252607 From me at myconan.net Sat Aug 16 08:52:17 2014 From: me at myconan.net (Edho Arief) Date: Sat, 16 Aug 2014 17:52:17 +0900 Subject: redirect question (inception inside) In-Reply-To: References: Message-ID: On Sat, Aug 16, 2014 at 5:27 PM, Ronald Van Assche wrote: > I want to redirect /us/us/directory/filename to the /us/directory/filename directory on my Nginx server. > > but this > > if ( $request_filename ~ /us/us/.+ ) { > rewrite ^(.*) http://mysiteurlt/us/$1 permanent; > } > > wont work. > > How can i redirect or rewrite such url ? location ^~ /us/us/ { rewrite ^/us(/us/.*) $1 permanent; } From rva at onvaoo.com Sat Aug 16 09:22:32 2014 From: rva at onvaoo.com (Ronald Van Assche) Date: Sat, 16 Aug 2014 11:22:32 +0200 Subject: redirect question (inception inside) In-Reply-To: References: Message-ID: <682DD9B8-F14B-4F99-BB0A-7DB02760E55E@onvaoo.com> NICE : it works more complicated one : /ue//ue/data/filename => /ue/data/filenam there is 2 / in the URL. location ^~ /ue//ue/ { rewrite ^/ue(/ue/.*) $1 permanent; } does not work :o( Le 16 ao?t 2014 ? 10:52, Edho Arief a ?crit : >> > location ^~ /us/us/ { > rewrite ^/us(/us/.*) $1 permanent; > } > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From reallfqq-nginx at yahoo.fr Sat Aug 16 09:53:14 2014 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Sat, 16 Aug 2014 11:53:14 +0200 Subject: ECC Certificates and SNI In-Reply-To: References: <1b721572101b63c0e7c46ff5ca78754a@none.at> Message-ID: Hello, The error comes from OpenSSL. >From its name, I wouldsay the constant being check is one that OpenSSL sets during handshake. >From its name too, I wouls say this applies to a SSLv3 handshake. OpenSSL has a corresponding TLSv1 constant named DTLS1_SEND_SERVER_KEY_EXCHANGE. Seems like a bug, possibly related to the (non widespread) use of ECC certificates. Before really calling out for a bug: you say SSLv3 is disabled. Please be really sure of that. Check the OpenSSL library your nginx has been linked against. I suggest you update that package on your system and retry. Try balance between sufficiently up-to-date version and avoinding versions with well-known vulnerabilities. Hope I helped, --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From me at myconan.net Sat Aug 16 10:07:59 2014 From: me at myconan.net (Edho Arief) Date: Sat, 16 Aug 2014 19:07:59 +0900 Subject: redirect question (inception inside) In-Reply-To: <682DD9B8-F14B-4F99-BB0A-7DB02760E55E@onvaoo.com> References: <682DD9B8-F14B-4F99-BB0A-7DB02760E55E@onvaoo.com> Message-ID: On Aug 16, 2014 6:22 PM, "Ronald Van Assche" wrote: > > NICE : it works > > more complicated one : > > /ue//ue/data/filename => /ue/data/filenam > there is 2 / in the URL. > > location ^~ /ue//ue/ { > rewrite ^/ue(/ue/.*) $1 permanent; > } > > does not work :o( > > try reading the documentation: http://nginx.org/r/location > > Le 16 ao?t 2014 ? 10:52, Edho Arief a ?crit : > > >> > > location ^~ /us/us/ { > > rewrite ^/us(/us/.*) $1 permanent; > > } > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From rva at onvaoo.com Sat Aug 16 10:27:16 2014 From: rva at onvaoo.com (Ronald Van Assche) Date: Sat, 16 Aug 2014 12:27:16 +0200 Subject: redirect question (inception inside) In-Reply-To: References: <682DD9B8-F14B-4F99-BB0A-7DB02760E55E@onvaoo.com> Message-ID: <7E60CE58-5309-46F5-B951-C90548EFC07B@onvaoo.com> YEP thank you : > The matching is performed against a normalized URI, after decoding the text encoded in the ?%XX? form, resolving references to relative path components ?.? and ?..?, and possible compression of two or more adjacent slashes into a single slash. so i do not have to put // in the location , and it works location ^~ /ue/ue/ { rewrite ^/ue(/ue/.*) $1 permanent; } Thank you all people here. -- Ronald, Paris. Le 16 ao?t 2014 ? 12:07, Edho Arief a ?crit : > > > > location ^~ /ue//ue/ { > > rewrite ^/ue(/ue/.*) $1 permanent; > > } > > > > does not work :o( > > > > > > try reading the documentation: http://nginx.org/r/location > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Sat Aug 16 12:29:37 2014 From: nginx-forum at nginx.us (iLinux85) Date: Sat, 16 Aug 2014 08:29:37 -0400 Subject: help cannot add mod_rewrite in nginx site configuration Message-ID: <249c41cc3dd65c8751f2d984956b820f.NginxMailingListEnglish@forum.nginx.org> hello i don't know how to add this code ===================================== rewrite "^/([0-9A-Za-z]{12})(\/.+|\.html?|)$" /dl?op=download1&id=$1&fname=$2 last; rewrite "^/embed-([0-9A-Za-z]{12})\.html$" /dl?op=embed&file_code=$1 last; rewrite "^/embed-([0-9A-Za-z]{12})-(\d+)x(\d+)\.html$" /dl?op=embed&file_code=$1&w=$2&h=$3 last; rewrite "^/embed-(\w{2,3})-([0-9A-Za-z]{12})-(\d+)x(\d+)\.html$" /dl?op=embed&file_code=$2&w=$3&h=$4&channel=$1 last; rewrite "^/vidembed-([0-9A-Za-z]{12})" /dl?op=embed2&file_code=$1 last; #rewrite "^/dl$" /dl last; ===================================== inside nginx configuration site ===================================== server { error_log /usr/local/nginx/logs/vhost-error_log warn; listen 80; server_name example.net www.example.net; #proxy_set_header X-Real-IP $remote_addr; #Remove trailing slash rewrite ^/(.*)/$ /$1 permanent; set $fcgi_index_dl_on "1"; #set $fcgi_index_on "1"; location ~ dl$ { include fastcgi.conf; limit_conn addr 2; if ( $fcgi_index_dl_on ) { root /home/tubro/public_html/cgi-bin; fastcgi_pass localhost:9011; } } # location ~* ^/(js\/|css\/|images\/|img\/|player\/|favicon\.ico|crossdomain\.xml|catalogue\.rss) { location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|js|css)$ { root /home/site/public_html; access_log off; expires 30d; } location /home/site/public_html/cgi-bin/fs.cgi { proxy_pass http://example.net/cgi-bin/fs.cgi; proxy_set_header X-Real-IP $remote_addr; charset utf-8; #limit_conn addr 30; } location / { proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; # you can increase proxy_buffers here to suppress "an upstream response # is buffered to a temporary file" warning proxy_buffers 16 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_connect_timeout 30s; proxy_redirect http://www.example.net:8070 http://www.example.net; proxy_redirect http://example.net:8070 http://example.net; proxy_pass http://192.168.1.1:8070; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #limit_conn addr 3; #limit_req zone=one burst=5; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; } ===================================== Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252614,252614#msg-252614 From vbart at nginx.com Sat Aug 16 21:19:29 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Sun, 17 Aug 2014 01:19:29 +0400 Subject: aio breaks spdy In-Reply-To: <53EE9757.10706@kearsley.me> References: <53EE8B9B.7060000@kearsley.me> <4589237.9Fh4HLjcZY@vbart-laptop> <53EE9757.10706@kearsley.me> Message-ID: <14227867.1dCWV3hn2G@vbart-laptop> On Saturday 16 August 2014 01:27:19 Richard Kearsley wrote: > attached Thank you for the report. Please, try the following patch: diff -r f1e05e533c8b src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Thu Jul 31 13:59:37 2014 +0400 +++ b/src/http/ngx_http_request.c Sun Aug 17 01:16:50 2014 +0400 @@ -2656,6 +2656,12 @@ ngx_http_writer(ngx_http_request_t *r) if (r->buffered || r->postponed || (r == r->main && c->buffered)) { +#if (NGX_HTTP_SPDY) + if (r->spdy_stream) { + return; + } +#endif + if (!wev->delayed) { ngx_add_timer(wev, clcf->send_timeout); } From richard at kearsley.me Sat Aug 16 22:04:14 2014 From: richard at kearsley.me (Richard Kearsley) Date: Sun, 17 Aug 2014 00:04:14 +0200 Subject: aio breaks spdy In-Reply-To: <14227867.1dCWV3hn2G@vbart-laptop> References: <53EE8B9B.7060000@kearsley.me> <4589237.9Fh4HLjcZY@vbart-laptop> <53EE9757.10706@kearsley.me> <14227867.1dCWV3hn2G@vbart-laptop> Message-ID: <53EFD55E.2090000@kearsley.me> Hi Tested 1.6.1 and 1.7.4 Speed is back to normal Many thanks! Richard On 16/08/14 23:19, Valentin V. Bartenev wrote: > On Saturday 16 August 2014 01:27:19 Richard Kearsley wrote: >> attached > Thank you for the report. > Please, try the following patch: > > diff -r f1e05e533c8b src/http/ngx_http_request.c > --- a/src/http/ngx_http_request.c Thu Jul 31 13:59:37 2014 +0400 > +++ b/src/http/ngx_http_request.c Sun Aug 17 01:16:50 2014 +0400 > @@ -2656,6 +2656,12 @@ ngx_http_writer(ngx_http_request_t *r) > > if (r->buffered || r->postponed || (r == r->main && c->buffered)) { > > +#if (NGX_HTTP_SPDY) > + if (r->spdy_stream) { > + return; > + } > +#endif > + > if (!wev->delayed) { > ngx_add_timer(wev, clcf->send_timeout); > } > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Sun Aug 17 04:21:41 2014 From: nginx-forum at nginx.us (justink101) Date: Sun, 17 Aug 2014 00:21:41 -0400 Subject: Using proxy_ssl_verify getting error: upstream SSL certificate verify error: (20:unable to get local issuer certificate) In-Reply-To: References: Message-ID: Setting: proxy_ssl_verify_depth 2; Fixed the issue. Can somebody explain why this is needed and why the default setting is 1? I am using a standard wildcard SSL certificate from GoDaddy. Thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252518,252620#msg-252620 From richard at kearsley.me Sun Aug 17 04:26:50 2014 From: richard at kearsley.me (Richard Kearsley) Date: Sun, 17 Aug 2014 06:26:50 +0200 Subject: listen spdy per server_name Message-ID: <53F02F0A.1070307@kearsley.me> Hi It seems that if I have 2 server {} sections, one with spdy enabled and one without, spdy is still accepted on the second server { server_name ""; listen 80; listen 443 ssl spdy; } server { server_name "something.com"; listen 80; listen 443 ssl; } a request to something.com still allows spdy, but I want it to fall back to normal https in this case Is this correct behaviour? Thanks Richard From ywsample at gmail.com Sun Aug 17 06:37:46 2014 From: ywsample at gmail.com (ywsample) Date: Sun, 17 Aug 2014 14:37:46 +0800 Subject: DNS problem Message-ID: I know nginx 1.7.4 fixes a bug about DNS resolver, but i do not quite understand why this would lead to a request hang, Because there is a timeout handling, at a specified time if there is no response the timeout callback will be called?so why here can lead to request hang? Could someone show me a example about how lead to request hang? I ask this,because i recently encountered a problem online product(it use nginx-1.7.2), may be caused by this problem -- ywsample :) -------------- next part -------------- An HTML attachment was scrubbed... URL: From vbart at nginx.com Sun Aug 17 07:23:19 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Sun, 17 Aug 2014 11:23:19 +0400 Subject: listen spdy per server_name In-Reply-To: <53F02F0A.1070307@kearsley.me> References: <53F02F0A.1070307@kearsley.me> Message-ID: <5357984.BysGLNRZkF@vbart-laptop> On Sunday 17 August 2014 06:26:50 Richard Kearsley wrote: > Hi > It seems that if I have 2 server {} sections, one with spdy enabled and > one without, spdy is still accepted on the second > > server > { > server_name ""; > listen 80; > listen 443 ssl spdy; > } > server > { > server_name "something.com"; > listen 80; > listen 443 ssl; > } > > a request to something.com still allows spdy, but I want it to fall back > to normal https in this case > Is this correct behaviour? > [..] Yes, it's expected behavior since both options works on a port basis. http://nginx.org/r/listen See also: http://mailman.nginx.org/pipermail/nginx/2014-February/042048.html wbr, Valentin V. Bartenev From mdounin at mdounin.ru Sun Aug 17 17:32:14 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 17 Aug 2014 21:32:14 +0400 Subject: Using proxy_ssl_verify getting error: upstream SSL certificate verify error: (20:unable to get local issuer certificate) In-Reply-To: References: Message-ID: <20140817173214.GQ1849@mdounin.ru> Hello! On Sun, Aug 17, 2014 at 12:21:41AM -0400, justink101 wrote: > Setting: > > proxy_ssl_verify_depth 2; > > Fixed the issue. Can somebody explain why this is needed and why the default > setting is 1? I am using a standard wildcard SSL certificate from GoDaddy. The default is in line with ssl_verify_depth (http://nginx.org/r/ssl_verify_depth) and assumes you directly control root of the certificates being verified. -- Maxim Dounin http://nginx.org/ From nima.mohammadi at ut.ac.ir Sun Aug 17 22:20:49 2014 From: nima.mohammadi at ut.ac.ir (Nima Mohammadi) Date: Mon, 18 Aug 2014 02:50:49 +0430 Subject: WebDAV with Authentication Layer Message-ID: Hi folks, I'm using Nginx as a WebDAV server using nginx-dav-ext-module. Now I needed to add an authentication layer to the WebDAV server which couldn't only be relying on a static htpasswd file. So I looked around and found the ngx_http_auth_request_module of Maxim Dounin. Now, once a request comes in, Nginx asks my web app, which is written in python using Pyramid framework, to authenticate the user. When the method is GET, PROPFIND, OPTION, DELETE, etc. it works very well, but the problem is that in case the HTTP method is PUT, it fails! I'm sure the problem isn't with the python code as the subrequest, which ngx_http_auth_request is supposed to make, doesn't even reach my web app. As soon as the auth_request line in the config file is commented, uploading files with PUT works. My configuration is as follows: server { listen 8080; root /L/; charset utf-8; location /disks/ { auth_request /auth_webservice; client_body_temp_path /tmp/client-tmp 1 2; create_full_put_path on; client_max_body_size 2000m; dav_access user:rw group:rw all:r; dav_methods PUT DELETE MKCOL COPY MOVE; dav_ext_methods PROPFIND OPTIONS; } location /auth_webservice { proxy_pass http://127.0.0.1:6543/auth/webdav; proxy_pass_request_body off; proxy_set_header Content-Length ""; proxy_set_header X-Original-URI $request_uri; proxy_set_header X-Original-Method $request_method; } location = /auth_open { return 204; } location / { uwsgi_pass unix:///tmp/uwsgi.sock; include uwsgi_params; } } It might be of interest to you to know that even when I change the auth_request to /auth_open, PUT still fails with an HTTP error 500. -------------- next part -------------- An HTML attachment was scrubbed... URL: From alex at zeitgeist.se Mon Aug 18 07:17:59 2014 From: alex at zeitgeist.se (Alex) Date: Mon, 18 Aug 2014 09:17:59 +0200 Subject: Use of boringssl equal-preference cipher groups with nginx Message-ID: Hi, I have successfully compiled nginx/1.7.4 with boringssl. One thing I am not sure if it's possible already is to take advantage of equal-preference cipher groups that Boringssl supports. For reference: https://www.imperialviolet.org/2014/02/27/tlssymmetriccrypto.html https://boringssl.googlesource.com/boringssl/+/858a88daf27975f67d9f63e18f95645be2886bfb%5E!/ "... new concept of an equal-preference group: a set of cipher suites in the server's preference order which are all ?equally good?. When choosing a cipher suite using the server preferences, the server finds its most preferable cipher suite that the client also supports and, if that is in an equal preference group, picks whichever member of the group is the client's most preferable. For example, Google servers have a cipher suite preference that includes AES-GCM and ChaCha20-Poly1305 cipher suites in an equal preference group at the top of the preference list. So if the client supports any cipher suite in that group, then the server will pick whichever was most preferable for the client." Would this already work with nginx' ssl_ciphers parameter or would nginx require further patching to support such grouping parameter? Alex From devel at jasonwoods.me.uk Mon Aug 18 10:40:07 2014 From: devel at jasonwoods.me.uk (Jason Woods) Date: Mon, 18 Aug 2014 11:40:07 +0100 Subject: proxied requests hang when DNS response has wrong ident In-Reply-To: References: <20140715114145.GA12772@lo0.su> Message-ID: <856DEDE5-E6A7-419F-A2F5-91ACD520281A@jasonwoods.me.uk> Hi, On 16 Jul 2014, at 03.01, Pramod Korathota wrote: > On 15 July 2014 21:41, Ruslan Ermilov wrote: > > > diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c > --- a/src/core/ngx_resolver.c > +++ b/src/core/ngx_resolver.c > > > > Thanks for the quick response and patch, Ruslan. I have tested a build incorporating this patch, and it behaves as expected, the resolver retrying rather than blocking behind the first request. > > I will get this build out to our production environment this week. Will report back if there are any issues. > > Thanks again! > > Pramod, > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx I'm experiencing a similar issue. I get a couple of ident mismatch errors in the error log, and then gradually over time I begin to see thousands of ESTABLISHED connections stuck with no activity. Eventually worker_connections is exhausted. I believe it could be related to this. I'm using package nginx-1.6.1-1.el6.ngx.x86_64, which is the latest stable. Has this fix been ported to 1.6.x stable yet? Is there a workaround? Thanks, Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From vbart at nginx.com Mon Aug 18 11:05:58 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 18 Aug 2014 15:05:58 +0400 Subject: proxied requests hang when DNS response has wrong ident In-Reply-To: <856DEDE5-E6A7-419F-A2F5-91ACD520281A@jasonwoods.me.uk> References: <856DEDE5-E6A7-419F-A2F5-91ACD520281A@jasonwoods.me.uk> Message-ID: <4826100.xPP9hDGEPR@vbart-workstation> On Monday 18 August 2014 11:40:07 Jason Woods wrote: [..] > > I'm experiencing a similar issue. > > I get a couple of ident mismatch errors in the error log, > and then gradually over time I begin to see thousands of > ESTABLISHED connections stuck with no activity. > Eventually worker_connections is exhausted. I believe it > could be related to this. > > I'm using package nginx-1.6.1-1.el6.ngx.x86_64, which is > the latest stable. Has this fix been ported to 1.6.x stable > yet? No, it hasn't. You should use mainline version of nginx. wbr, Valentin V. Bartenev From devel at jasonwoods.me.uk Mon Aug 18 12:45:46 2014 From: devel at jasonwoods.me.uk (Jason Woods) Date: Mon, 18 Aug 2014 13:45:46 +0100 Subject: proxied requests hang when DNS response has wrong ident In-Reply-To: <4826100.xPP9hDGEPR@vbart-workstation> References: <856DEDE5-E6A7-419F-A2F5-91ACD520281A@jasonwoods.me.uk> <4826100.xPP9hDGEPR@vbart-workstation> Message-ID: <8C594D15-CCB4-4C0C-81FE-772D3A04EA54@jasonwoods.me.uk> On 18 Aug 2014, at 12.05, Valentin V. Bartenev wrote: > On Monday 18 August 2014 11:40:07 Jason Woods wrote: > [..] >> >> I'm experiencing a similar issue. >> >> I get a couple of ident mismatch errors in the error log, >> and then gradually over time I begin to see thousands of >> ESTABLISHED connections stuck with no activity. >> Eventually worker_connections is exhausted. I believe it >> could be related to this. >> >> I'm using package nginx-1.6.1-1.el6.ngx.x86_64, which is >> the latest stable. Has this fix been ported to 1.6.x stable >> yet? > > No, it hasn't. You should use mainline version of nginx. > > wbr, Valentin V. Bartenev There's the fear there are significant changes from 1.6 to 1.7 that may introduce other problems, and would need to go through some extensive testing before we can commit. Especially as the 1.6 is labelled "stable" and the 1.7 "mainline" (and not stable) - maybe these terms aren't meant to convey the meaning they appear to though. I'll start discussion about testing 1.7 though. Any ETA on when this might be back-ported, if at all? I guess a second question is when will 1.7 become the stable? Sorry if you're the wrong person to ask! And thanks for being clear. Jason From ru at nginx.com Mon Aug 18 13:05:09 2014 From: ru at nginx.com (Ruslan Ermilov) Date: Mon, 18 Aug 2014 17:05:09 +0400 Subject: DNS problem In-Reply-To: References: Message-ID: <20140818130509.GP76822@lo0.su> On Sun, Aug 17, 2014 at 02:37:46PM +0800, ywsample wrote: > I know nginx 1.7.4 fixes a bug about DNS resolver, but i do not quite > understand why this would lead to a request hang, Because there is a > timeout handling, at a specified time if there is no response the timeout > callback will be called?so why here can lead to request hang? > > Could someone show me a example about how lead to request hang? The requests would hang for 30 seconds instead of retrying a DNS query periodically. See http://mailman.nginx.org/pipermail/nginx/2014-July/044438.html for details. > I ask this,because i recently encountered a problem online product(it use > nginx-1.7.2), may be caused by this problem From reallfqq-nginx at yahoo.fr Mon Aug 18 13:15:40 2014 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Mon, 18 Aug 2014 15:15:40 +0200 Subject: proxied requests hang when DNS response has wrong ident In-Reply-To: <8C594D15-CCB4-4C0C-81FE-772D3A04EA54@jasonwoods.me.uk> References: <856DEDE5-E6A7-419F-A2F5-91ACD520281A@jasonwoods.me.uk> <4826100.xPP9hDGEPR@vbart-workstation> <8C594D15-CCB4-4C0C-81FE-772D3A04EA54@jasonwoods.me.uk> Message-ID: On Mon, Aug 18, 2014 at 2:45 PM, Jason Woods wrote: > > There's the fear there are significant changes from 1.6 to 1.7 that may > introduce other problems, and would need to go through some extensive > testing before we can commit. Especially as the 1.6 is labelled "stable" > and the 1.7 "mainline" (and not stable) - maybe these terms aren't meant to > convey the meaning they appear to though. I'll start discussion about > testing 1.7 though. > ?That is a shared fear, I guess, since questioning about 'stable' comes regularly on topic. nginx guys regularly say you should not fear using 1.7 branch in production, however these recent days have seen a lot of bugs popping up, some of them which one could even consider critical (impacting availability of the Web server). Definitely not what you want in production. It seems the philosophy behind stable is 'no risk, few changes', thus experimental stuff will only be backported after public release/testing on 1.7 branch. Moreover, according to an answer brought 2 weeks ago , SPDY-related functionalities are not due in 1.6 branch. Maybe 1.8, once 1.7 will be considered stable enough? nginx problems do not come from basic well-tested/heavily-used core functionalities (the ones you use to fulfil a basic Web server job). They come from new abilities brought in, which might compromise the whole thing... --- *B. R.* ? -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Mon Aug 18 13:19:09 2014 From: nginx-forum at nginx.us (itpp2012) Date: Mon, 18 Aug 2014 09:19:09 -0400 Subject: proxied requests hang when DNS response has wrong ident In-Reply-To: <8C594D15-CCB4-4C0C-81FE-772D3A04EA54@jasonwoods.me.uk> References: <8C594D15-CCB4-4C0C-81FE-772D3A04EA54@jasonwoods.me.uk> Message-ID: If its only a few lines you may consider adding the patch manually. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,251779,252648#msg-252648 From vbart at nginx.com Mon Aug 18 13:22:23 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 18 Aug 2014 17:22:23 +0400 Subject: proxied requests hang when DNS response has wrong ident In-Reply-To: <8C594D15-CCB4-4C0C-81FE-772D3A04EA54@jasonwoods.me.uk> References: <4826100.xPP9hDGEPR@vbart-workstation> <8C594D15-CCB4-4C0C-81FE-772D3A04EA54@jasonwoods.me.uk> Message-ID: <1831999.Dn7z8o1SiU@vbart-workstation> On Monday 18 August 2014 13:45:46 Jason Woods wrote: [..] > There's the fear there are significant changes from 1.6 to 1.7 that may > introduce other problems, and would need to go through some extensive > testing before we can commit. Especially as the 1.6 is labelled "stable" and > the 1.7 "mainline" (and not stable) - maybe these terms aren't meant to > convey the meaning they appear to though. I'll start discussion about > testing 1.7 though. [..] It's a common misunderstanding about branches. Check this out: http://nginx.com/blog/nginx-1-6-1-7-released/ In most cases the only care you need with the mainline branch is to read the changelog before update. Also you can consider to buy nginx plus license to get the official support and thus feel yourself more confident. wbr, Valentin V. Bartenev From devel at jasonwoods.me.uk Mon Aug 18 14:54:09 2014 From: devel at jasonwoods.me.uk (Jason Woods) Date: Mon, 18 Aug 2014 15:54:09 +0100 Subject: proxied requests hang when DNS response has wrong ident In-Reply-To: <1831999.Dn7z8o1SiU@vbart-workstation> References: <4826100.xPP9hDGEPR@vbart-workstation> <8C594D15-CCB4-4C0C-81FE-772D3A04EA54@jasonwoods.me.uk> <1831999.Dn7z8o1SiU@vbart-workstation> Message-ID: <9596BF8D-BB3D-459F-8711-705868FDC70C@jasonwoods.me.uk> On 18 Aug 2014, at 14.22, Valentin V. Bartenev wrote: > On Monday 18 August 2014 13:45:46 Jason Woods wrote: > [..] >> There's the fear there are significant changes from 1.6 to 1.7 that may >> introduce other problems, and would need to go through some extensive >> testing before we can commit. Especially as the 1.6 is labelled "stable" and >> the 1.7 "mainline" (and not stable) - maybe these terms aren't meant to >> convey the meaning they appear to though. I'll start discussion about >> testing 1.7 though. > [..] > > It's a common misunderstanding about branches. > Check this out: http://nginx.com/blog/nginx-1-6-1-7-released/ > > In most cases the only care you need with the mainline branch is to read the > changelog before update. > > Also you can consider to buy nginx plus license to get the official support > and thus feel yourself more confident. > > wbr, Valentin V. Bartenev Thanks, that's a perfect explanation. The fear remains though that to fix a single small issue that is possibly a few lines changed, I would be (in essence) changing thousands upon thousands of lines, adding new features, updating features, and creating a much larger surface area for potential new bugs. Where sticking with the stable feature branch gives us what the stable feature branch is intended to do - minimise change and surface area for new issues. Reading the changelog I agree is the best approach, but if a new feature is added and it modified shared-code to support it, this might not always included in a change log. Plus some shared code, even if mentioned, unless I'm an Nginx developer likely won't know what other parts it affects. And the moment something critical is changed and fully described in the changelog (because mainline has updates to existing features) then we hit the blocker where we need to weigh up risk again - upgrade with potential for problem but benefit from bug fixes, or stick to current version and take the risk of not having bug fixes. I believe this is the reason the stable branch exists, and I'm grateful for it. I guess I could brew my own version with the patch. Unfortunately, I don't have resource to add package management to the list to ensure we keep up to date with bug fixes since we'll be leaving the nginx provided repositories (great btw! thanks). It's something I will have to weigh up though, thanks for the suggestion. Thanks for all the input. I guess the only question now, outside of philosophical discussions of risk, is whether Nginx team treat this issue as a "major bug fix". Hopefully they do and we'll get the fix soon in the stable branch. If not, I'll keep testing 1.7.x with the view to move to it soon. And we'll just flow into 1.8 which will be the next stable feature branch if the product release schedule remains the same :-) Thank you again, and if the Nginx devs/contributors are reading this, keep up the good work! Jason From nginx-forum at nginx.us Tue Aug 19 02:29:10 2014 From: nginx-forum at nginx.us (rjoshi) Date: Mon, 18 Aug 2014 22:29:10 -0400 Subject: SSL handshake fail between nginx and my tomcat with mutual authentication In-Reply-To: References: Message-ID: I have added support for two way /mutual SSL authentication support. https://github.com/nginx/nginx/pull/7 http://mailman.nginx.org/pipermail/nginx-devel/2014-August/005817.html Posted at Nginx Forum: http://forum.nginx.org/read.php?2,245971,252658#msg-252658 From nginx-forum at nginx.us Tue Aug 19 03:22:24 2014 From: nginx-forum at nginx.us (pngu) Date: Mon, 18 Aug 2014 23:22:24 -0400 Subject: help debugging nginx core dump In-Reply-To: References: Message-ID: <02ea9b82fb567fb97f05fd36c04da213.NginxMailingListEnglish@forum.nginx.org> anyone ? Help please. I am pretty much stuck. Thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252597,252660#msg-252660 From ywsample at gmail.com Tue Aug 19 05:43:06 2014 From: ywsample at gmail.com (ywsample) Date: Tue, 19 Aug 2014 13:43:06 +0800 Subject: proxied request hang when DNS server down Message-ID: http { resolver 127.0.0.1; resolver_timeout 1s; server { listen 8000; location /test { proxy_pass http://$arg_host:8080; } } server { listen 8080; ....... } } ps: other configure is normal I have recently discoverd that when DNS server down, the first proxy request return 504 and than the follow proxy request may hang forever. I use two curl simulate concurrent requests I found than the first request timeout in 1 second and exit, also it delete the timeout timer. because another request waiting dns response, so nginx retry send dns query, but dns never response(because it down), it lead to the follow request hang and also no timer relate to it; PS?base on nginx-1.7.4 -- ywsample :) -------------- next part -------------- An HTML attachment was scrubbed... URL: From luky-37 at hotmail.com Tue Aug 19 10:18:00 2014 From: luky-37 at hotmail.com (Lukas Tribus) Date: Tue, 19 Aug 2014 12:18:00 +0200 Subject: help debugging nginx core dump In-Reply-To: <02ea9b82fb567fb97f05fd36c04da213.NginxMailingListEnglish@forum.nginx.org> References: , <02ea9b82fb567fb97f05fd36c04da213.NginxMailingListEnglish@forum.nginx.org> Message-ID: > anyone ? Help please. I am pretty much stuck. Thanks - try without third party module - update the third party module lukas From vbart at nginx.com Tue Aug 19 10:34:59 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Tue, 19 Aug 2014 14:34:59 +0400 Subject: help debugging nginx core dump In-Reply-To: <02ea9b82fb567fb97f05fd36c04da213.NginxMailingListEnglish@forum.nginx.org> References: <02ea9b82fb567fb97f05fd36c04da213.NginxMailingListEnglish@forum.nginx.org> Message-ID: <1640762.rboizhiioB@vbart-workstation> On Monday 18 August 2014 23:22:24 pngu wrote: > anyone ? Help please. I am pretty much stuck. Thanks > [..] There's nothing in the backtrace indicates a problem. Most likely it's caused by the 3rd-party module. wbr, Valentin V. Bartenev From lists at ruby-forum.com Tue Aug 19 11:09:28 2014 From: lists at ruby-forum.com (Pascale Camille) Date: Tue, 19 Aug 2014 13:09:28 +0200 Subject: [resolved]'auto'rewrite link to a folder In-Reply-To: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> References: <3c271c36b0a1ce32fc19855466640908@ruby-forum.com> Message-ID: <5d47c5453ac6e14c8a517ed7108f6380@ruby-forum.com> up for me tuxlite or other script made me crazy -i could not modify script or nginx conf without crashing -as strange it is, i could not make php working ! so the last working solution for is a site that pre-build a script with my parameters : http://simpleserversetup.com/ but even with this, i had to stop remove apache service apache2 stop; aptitude -y purge apache2 apache2-utils apache2.2-bin apache2-common; apt-get autoremove; rm -rf /etc/apache2; and i modify the downloaded script addind all vhost i need this way i understood what i have done !!! -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Tue Aug 19 11:31:21 2014 From: nginx-forum at nginx.us (yury_y) Date: Tue, 19 Aug 2014 07:31:21 -0400 Subject: Big dispersion in requests execution time. Message-ID: <70e7227ab20c106e78da260a97608bd1.NginxMailingListEnglish@forum.nginx.org> Hi, I faced the following problem. Our server works under the constant load of 300-400 requests per second. >From request execution time statistics I see that in some cases "fast" request(that normally executes in few milliseconds) may hang for seconds. Here is an illustration of this problem. I execute the following GET request "http://127.0.0.1:777/fcgi/auth..."(no ssl, no dns lookup, just http on localhost) from local client(on the same sever). Usually this request executes in less then 1 millisecond, but in this case execution time is 130 milliseconds. >From tcpdump I can conclude following: 16:18:43.095716 - client sent request to nginx 16:18:43.225903 - nginx sent request to upstream 16:18:43.226178 - upstream replied to nginx 16:18:43.226235 - nginx replied to client So request was processed by upstream in less then 1 millisecond, but it took about 130 microseconds to read request from client and pass it to upstream. I observe similar behavior both for fcgi upstreams and for static requests. Does anybody have similar problems? In which direction should I investigate? <--nginx to client tcpdump---------------------> 2014-08-15 16:18:43.095653 IP 127.0.0.1.17573 > 127.0.0.1.777: Flags [S], seq 2328271692, win 65535, options [mss 16344,nop,wscale 6,sackOK,TS val 2588746027 ecr 0], length 0 2014-08-15 16:18:43.095673 IP 127.0.0.1.777 > 127.0.0.1.17573: Flags [S.], seq 1912981495, ack 2328271693, win 65535, options [mss 16344,nop,wscale 6,sackOK,TS val 858797424 ecr 2588746027], length 0 2014-08-15 16:18:43.095687 IP 127.0.0.1.17573 > 127.0.0.1.777: Flags [.], ack 1, win 1275, options [nop,nop,TS val 2588746027 ecr 858797424], length 0 2014-08-15 16:18:43.095716 IP 127.0.0.1.17573 > 127.0.0.1.777: Flags [P.], seq 1:133, ack 1, win 1275, options [nop,nop,TS val 2588746027 ecr 858797424], length 132 2014-08-15 16:18:43.195641 IP 127.0.0.1.777 > 127.0.0.1.17573: Flags [.], ack 133, win 1273, options [nop,nop,TS val 858797524 ecr 2588746027], length 0 2014-08-15 16:18:43.226235 IP 127.0.0.1.777 > 127.0.0.1.17573: Flags [P.], seq 1:250, ack 133, win 1275, options [nop,nop,TS val 858797554 ecr 2588746027], length 249 2014-08-15 16:18:43.226412 IP 127.0.0.1.17573 > 127.0.0.1.777: Flags [F.], seq 133, ack 250, win 1275, options [nop,nop,TS val 2588746157 ecr 858797554], length 0 2014-08-15 16:18:43.226440 IP 127.0.0.1.777 > 127.0.0.1.17573: Flags [.], ack 134, win 1275, options [nop,nop,TS val 858797554 ecr 2588746157], length 0 2014-08-15 16:18:43.226450 IP 127.0.0.1.777 > 127.0.0.1.17573: Flags [F.], seq 250, ack 134, win 1275, options [nop,nop,TS val 858797554 ecr 2588746157], length 0 2014-08-15 16:18:43.455652 IP 127.0.0.1.777 > 127.0.0.1.17573: Flags [F.], seq 250, ack 134, win 1275, options [nop,nop,TS val 858797784 ecr 2588746157], length 0 2014-08-15 16:18:43.715642 IP 127.0.0.1.777 > 127.0.0.1.17573: Flags [F.], seq 250, ack 134, win 1275, options [nop,nop,TS val 858798044 ecr 2588746157], length 0 2014-08-15 16:18:44.035649 IP 127.0.0.1.777 > 127.0.0.1.17573: Flags [F.], seq 250, ack 134, win 1275, options [nop,nop,TS val 858798364 ecr 2588746157], length 0 <----------------------------------------------------> <--nginx to upstream tcpdump-----------> 2014-08-15 16:18:43.225762 IP 127.0.0.1.17591 > 127.0.0.1.1300: Flags [S], seq 1606422700, win 65535, options [mss 16344,nop,wscale 6,sackOK,TS val 2588746157 ecr 0], length 0 2014-08-15 16:18:43.225785 IP 127.0.0.1.1300 > 127.0.0.1.17591: Flags [S.], seq 212542195, ack 1606422701, win 65535, options [mss 16344,nop,wscale 6,sackOK,TS val 3738538996 ecr 2588746157], length 0 2014-08-15 16:18:43.225793 IP 127.0.0.1.17591 > 127.0.0.1.1300: Flags [.], ack 1, win 1275, options [nop,nop,TS val 2588746157 ecr 3738538996], length 0 2014-08-15 16:18:43.225903 IP 127.0.0.1.17591 > 127.0.0.1.1300: Flags [P.], seq 1:577, ack 1, win 1275, options [nop,nop,TS val 2588746157 ecr 3738538996], length 576 2014-08-15 16:18:43.226178 IP 127.0.0.1.1300 > 127.0.0.1.17591: Flags [P.], seq 1:121, ack 577, win 1275, options [nop,nop,TS val 3738538996 ecr 2588746157], length 120 2014-08-15 16:18:43.226187 IP 127.0.0.1.1300 > 127.0.0.1.17591: Flags [F.], seq 121, ack 577, win 1275, options [nop,nop,TS val 3738538996 ecr 2588746157], length 0 2014-08-15 16:18:43.226198 IP 127.0.0.1.17591 > 127.0.0.1.1300: Flags [.], ack 122, win 1274, options [nop,nop,TS val 2588746157 ecr 3738538996], length 0 2014-08-15 16:18:43.226222 IP 127.0.0.1.17591 > 127.0.0.1.1300: Flags [F.], seq 577, ack 122, win 1275, options [nop,nop,TS val 2588746157 ecr 3738538996], length 0 2014-08-15 16:18:43.455643 IP 127.0.0.1.17591 > 127.0.0.1.1300: Flags [F.], seq 577, ack 122, win 1275, options [nop,nop,TS val 2588746387 ecr 3738538996], length 0 2014-08-15 16:18:43.455661 IP 127.0.0.1.1300 > 127.0.0.1.17591: Flags [R], seq 212542317, win 0, length 0 <----------------------------------------------------> <--server info------------------------------------> os: FreeBSD 9.2-RELEASE-p3 arch: amd64 number of cores: 48 ram merory size: 32GB nginx verson: 1.6.0 <----------------------------------------------------> <---nginx.conf-----------------------------------> user datauser; daemon off; worker_processes 32; events { worker_connections 1024; } http { include .../mime.types; gzip on; gzip_http_version 1.0; gzip_comp_level 2; gzip_proxied any; gzip_min_length 1100; gzip_buffers 16 8k; gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript; gzip_disable "MSIE [1-6].(?!.*SV1)"; gzip_vary on; client_max_body_size 65m; client_body_buffer_size 128k; client_body_temp_path /tmp/nginx/client_body_temp; default_type application/octet-stream; sendfile on; ... upstreams ... ... servers ... server { listen 127.0.0.1:777; location ~* ^/fcgi/(.*)$ { fastcgi_pass 127.0.0.1:1300; include fastcgi_params; rewrite ^/fcgi/(.*)$ /$1 break; } } <----------------------------------------------------> Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252668,252668#msg-252668 From nginx-forum at nginx.us Tue Aug 19 12:46:13 2014 From: nginx-forum at nginx.us (mehrmagazin) Date: Tue, 19 Aug 2014 08:46:13 -0400 Subject: how to run wordpress on nginx in windows 8 ? Message-ID: Hi I install nginx to try it on windows 8 now it run on localhost:8080 installed mysql and php on it paste wordpress folder on c:\nginx\html and browse : localhost:8080/nginx/html/wordpress but it can't find and install wordpress help me please how to install it whare to paste wordpress folder and where is root of nginx and how to browse it in browser to load and install it thanks Regards : Raha Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252672,252672#msg-252672 From nginx-forum at nginx.us Tue Aug 19 17:43:31 2014 From: nginx-forum at nginx.us (pngu) Date: Tue, 19 Aug 2014 13:43:31 -0400 Subject: help debugging nginx core dump In-Reply-To: References: Message-ID: Thanks guys. just so I have my terminology straight... I know for sure nginx-auth-ldap module is a third party module but do you consider --with-openssl=/home/worun/openssl-0.9.8y --with-http_ssl_module also a third party module ? and how about --with-pcre=/home/worun/pcre-8.35 ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252597,252675#msg-252675 From vbart at nginx.com Tue Aug 19 21:30:53 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 20 Aug 2014 01:30:53 +0400 Subject: help debugging nginx core dump In-Reply-To: References: Message-ID: <1632966.3EktdWQDtW@vbart-laptop> On Tuesday 19 August 2014 13:43:31 pngu wrote: > Thanks guys. just so I have my terminology straight... > > I know for sure nginx-auth-ldap module is a third party module but do you > consider > > --with-openssl=/home/worun/openssl-0.9.8y --with-http_ssl_module also a > third party module ? It's a standard module, see: http://nginx.org/en/docs/ > > and how about --with-pcre=/home/worun/pcre-8.35 ? > And standard option: http://nginx.org/en/docs/configure.html wbr, Valentin V. Bartenev From nima.mohammadi at ut.ac.ir Tue Aug 19 21:55:47 2014 From: nima.mohammadi at ut.ac.ir (Nima Mohammadi) Date: Wed, 20 Aug 2014 02:25:47 +0430 Subject: WebDAV with Authentication Layer In-Reply-To: References: Message-ID: I've figured out the solution to my problem. I checked the error log of nginx and saw the error below: 2014/08/20 01:55:06 [error] 3180#0: *1 client intended to send too large body: 10573964 bytes, client: 172.16.2.1, server: , request: "PUT /disks/pishte/music.mp3 HTTP/1.1", subrequest: "/auth_webservice", host: "172.16.2.128:8080" 2014/08/20 01:55:06 [error] 3180#0: *1 auth request unexpected status: 413, client: 172.16.2.1, server: , request: "PUT /disks/pishte/music.mp3 HTTP/1.1", host: "172.16.2.128:8080" But there has already been a client_max_body_size directive in the location{} block. Also auth_basic with a htpasswd file worked fine with large files. So I moved the client_max_body_size directive to the server{} block, and voila! It works now! -- Nima Mohammadi -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Aug 19 23:30:04 2014 From: nginx-forum at nginx.us (gthb) Date: Tue, 19 Aug 2014 19:30:04 -0400 Subject: Starting to redirect HTTP to HTTPS without breaking POST requests Message-ID: <6e1c83fde2505ac133a229bb0cf27a1e.NginxMailingListEnglish@forum.nginx.org> Hi, in a single server block listening on both 80 and 443 ssl, currently in production, I want to start redirecting all HTTP GET requests to HTTPS ... but keep serving non-GET requests on HTTP for a little while, so as not to bork form posts and such made by clients from pages loaded on HTTP before the change. This can probably be accomplished by either: (a) using the kludgy multi-condition if-hack (checking both $scheme = http and $request_method = GET) as in https://gist.github.com/jrom/1760790 (b) duplicating the server block, one for HTTP and one HTTPS, and adding an if ($request_method = GET) block in the HTTP one? ... but is there some neater way? Thanks, best regards, Gulli Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252683,252683#msg-252683 From unixant at gmail.com Wed Aug 20 06:41:30 2014 From: unixant at gmail.com (SmallAnt) Date: Wed, 20 Aug 2014 14:41:30 +0800 Subject: proxied request hang when DNS server down In-Reply-To: References: Message-ID: this module can help you ! HttpUpstreamJdomainModule, http://wiki.nginx.org/HttpUpstreamJdomainModule. It buffers the latest IPs of the host,even local dns server down, nginx will work well. On Tue, Aug 19, 2014 at 1:43 PM, ywsample wrote: > http { > resolver 127.0.0.1; > resolver_timeout 1s; > server { > listen 8000; > location /test { > proxy_pass http://$arg_host:8080; > } > } > server { > listen 8080; > ....... > } > } > ps: other configure is normal > > I have recently discoverd that when DNS server down, the first proxy > request return 504 and than the follow proxy request may hang forever. > I use two curl simulate concurrent requests > > I found than the first request timeout in 1 second and exit, also it > delete the timeout timer. because another request waiting dns response, so > nginx retry send dns query, but dns never response(because it down), it > lead to the follow request hang and also no timer relate to it; > > PS?base on nginx-1.7.4 > -- > ywsample :) > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ywsample at gmail.com Wed Aug 20 07:33:10 2014 From: ywsample at gmail.com (ywsample) Date: Wed, 20 Aug 2014 15:33:10 +0800 Subject: proxied request hang when DNS server down In-Reply-To: References: Message-ID: thanks but I think nginx should not always pending requests and retry dns forever?and inconsistent response to the first request and follow requests is also a problem. either all as a timeout processing, either all waiting dns response may be nginx need change this behavior 2014-08-20 14:41 GMT+08:00 SmallAnt : > this module can help you ! > HttpUpstreamJdomainModule, http://wiki.nginx.org/HttpUpstreamJdomainModule > . > > It buffers the latest IPs of the host,even local dns server down, nginx > will work well. > > > On Tue, Aug 19, 2014 at 1:43 PM, ywsample wrote: > >> http { >> resolver 127.0.0.1; >> resolver_timeout 1s; >> server { >> listen 8000; >> location /test { >> proxy_pass http://$arg_host:8080; >> } >> } >> server { >> listen 8080; >> ....... >> } >> } >> ps: other configure is normal >> >> I have recently discoverd that when DNS server down, the first proxy >> request return 504 and than the follow proxy request may hang forever. >> I use two curl simulate concurrent requests >> >> I found than the first request timeout in 1 second and exit, also it >> delete the timeout timer. because another request waiting dns response, so >> nginx retry send dns query, but dns never response(because it down), it >> lead to the follow request hang and also no timer relate to it; >> >> PS?base on nginx-1.7.4 >> -- >> ywsample :) >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- ywsample :) -------------- next part -------------- An HTML attachment was scrubbed... URL: From ru at nginx.com Wed Aug 20 07:58:44 2014 From: ru at nginx.com (Ruslan Ermilov) Date: Wed, 20 Aug 2014 11:58:44 +0400 Subject: proxied request hang when DNS server down In-Reply-To: References: Message-ID: <20140820075844.GG30504@lo0.su> On Tue, Aug 19, 2014 at 01:43:06PM +0800, ywsample wrote: > http { > resolver 127.0.0.1; > resolver_timeout 1s; > server { > listen 8000; > location /test { > proxy_pass http://$arg_host:8080; > } > } > server { > listen 8080; > ....... > } > } > ps: other configure is normal > > I have recently discoverd that when DNS server down, the first proxy > request return 504 and than the follow proxy request may hang forever. > I use two curl simulate concurrent requests > > I found than the first request timeout in 1 second and exit, also it delete > the timeout timer. because another request waiting dns response, so nginx > retry send dns query, but dns never response(because it down), it lead to > the follow request hang and also no timer relate to it; > > PS?base on nginx-1.7.4 Please try the attached patch. If you would like an attribution in a commit log, please tell me your real name. -------------- next part -------------- # HG changeset patch # User Ruslan Ermilov # Date 1408448606 -14400 # Tue Aug 19 15:43:26 2014 +0400 # Node ID f70b61673e6d536831527f3a27d0b32753180374 # Parent 18daf56f477c7f264243937cdca2e35797d9afb9 Resolver: notify all waiting requests on timeout. If a "resolver_timeout" occurs, only the first waiting request was notified. Other requests may hang forever. diff --git a/src/core/ngx_resolver.c b/src/core/ngx_resolver.c --- a/src/core/ngx_resolver.c +++ b/src/core/ngx_resolver.c @@ -664,7 +664,7 @@ ngx_resolve_name_locked(ngx_resolver_t * } ctx->event->handler = ngx_resolver_timeout_handler; - ctx->event->data = ctx; + ctx->event->data = rn; ctx->event->log = r->log; ctx->ident = -1; @@ -857,7 +857,7 @@ ngx_resolve_addr(ngx_resolver_ctx_t *ctx } ctx->event->handler = ngx_resolver_timeout_handler; - ctx->event->data = ctx; + ctx->event->data = rn; ctx->event->log = r->log; ctx->ident = -1; @@ -2790,13 +2790,20 @@ done: static void ngx_resolver_timeout_handler(ngx_event_t *ev) { - ngx_resolver_ctx_t *ctx; - - ctx = ev->data; - - ctx->state = NGX_RESOLVE_TIMEDOUT; - - ctx->handler(ctx); + ngx_resolver_ctx_t *ctx, *next; + ngx_resolver_node_t *rn; + + rn = ev->data; + ctx = rn->waiting; + + do { + ctx->state = NGX_RESOLVE_TIMEDOUT; + next = ctx->next; + + ctx->handler(ctx); + + ctx = next; + } while (ctx); } From nginx-forum at nginx.us Wed Aug 20 14:35:51 2014 From: nginx-forum at nginx.us (eComEvo) Date: Wed, 20 Aug 2014 10:35:51 -0400 Subject: How can I run more than one process on Windows? Message-ID: <15a9d85fc8789140c000b7f5d051c163.NginxMailingListEnglish@forum.nginx.org> Despite sending an async request to the server over AJAX, the server will not respond until the previous unrelated request has finished. The following code is only broken in this way on Nginx, but runs perfectly on Apache. This call will start a background process and it waits for it to complete so it can display the final result. $.ajax({ type: 'GET', async: true, url: $(this).data('route'), data: $('input[name=data]').val(), dataType: 'json', success: function (data) { /* do stuff */} error: function (data) { /* handle errors */} }); The below is called after the above, which on Apache requires 100ms to execute and repeats itself, showing progress for data being written in the background: checkStatusInterval = setInterval(function () { $.ajax({ type: 'GET', async: false, cache: false, url: '/status?process=' + element.attr('id'), dataType: 'json', success: function (data) { /* update progress bar and change status messages */ } }); }, 1000); Unfortunately, when this script is run from nginx, the above progress request never even finishes a single request until *after* the first AJAX request that sent the data gets it's own response. Basically, it appears that the nginx server can only handle 1 open request at a time on Windows. I don't have this problem at all on Linux production servers. Is there anyway to configure nginx so I can use it on my local Windows 8.1 development server? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252695,252695#msg-252695 From nginx-forum at nginx.us Wed Aug 20 15:12:13 2014 From: nginx-forum at nginx.us (itpp2012) Date: Wed, 20 Aug 2014 11:12:13 -0400 Subject: How can I run more than one process on Windows? In-Reply-To: <15a9d85fc8789140c000b7f5d051c163.NginxMailingListEnglish@forum.nginx.org> References: <15a9d85fc8789140c000b7f5d051c163.NginxMailingListEnglish@forum.nginx.org> Message-ID: eComEvo Wrote: ------------------------------------------------------- > This call will start a background process and it waits for it to > complete so it can display the final result. This is called blocking (as I already wrote on stack), to run this nonblocking your probably going to need cosockets and in order to suggest any such solution we need to see a complete config in order to replicate it. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252695,252696#msg-252696 From nginx-forum at nginx.us Wed Aug 20 20:51:24 2014 From: nginx-forum at nginx.us (itpp2012) Date: Wed, 20 Aug 2014 16:51:24 -0400 Subject: [ANN] Windows nginx 1.7.5.2 WhiteRabbit Message-ID: <6c7e6f606fb58aa793dff367aa3ff9b6.NginxMailingListEnglish@forum.nginx.org> 22:40 20-8-2014 nginx 1.7.5.2 WhiteRabbit Based on nginx 1.7.5 (20-8-2014, last changeset 5809:bb26f7ceaaf1) with; + ngx_upstream_jdomain (https://github.com/wdaike/ngx_upstream_jdomain) + https://github.com/nginx/nginx/pull/7, adding: proxy_ssl_client_certificate cert.pem; proxy_ssl_client_certificate_key cert.key; our first multi node cross compiler import ! + A very simple Web Application Firewall, see conf/nginx-simple-WAF.conf + Updated ngxLuaDB to 1.1 (on site !) the drizzle, partial openresty and dynamic library / loaded module solution + lua-nginx-module v0.9.11 (upgraded 20-8-2014) + form-input-nginx-module v0.10 (upgraded 17-8-2014) + echo-nginx-module v0.55 (upgraded 19-8-2014) + set-misc-nginx-module v0.25 (upgraded 19-8-2014) + headers-more-nginx-module v0.25 (upgraded 19-8-2014) + Source changes back ported + Source changes add-on's back ported + Changes for nginx_basic: Source changes back ported * Scheduled release: yes * Additional specifications: see 'Feature list' Builds can be found here: http://nginx-win.ecsds.eu/ Follow releases https://twitter.com/nginx4Windows Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252707,252707#msg-252707 From nginx-forum at nginx.us Wed Aug 20 21:39:23 2014 From: nginx-forum at nginx.us (mkools) Date: Wed, 20 Aug 2014 17:39:23 -0400 Subject: PHP to Apache - Friendly URLs fail with VBulletin Message-ID: <92f03986fa6a48524d419830ce8a170b.NginxMailingListEnglish@forum.nginx.org> I'm using nginx for all static web content and forward all PHP requests to Apache. This works great when I type e.g. http://domain.com/index.php. However, vbulletin will convert any link to e.g.: http://domain.com/threads/threadtopic or http://domain.com/search.php?do=getnew. So no more .php extension and when I click the topic now it just reloads the forum's main page where I already was. How can I tell nginx to also forward *.php? to apache? And how to handle the vbulletin rewrites? Do I need to move the .htaccess to nginx? Here's my .htaccess # VBulletin Mod Rewrite Friendly URLs RewriteCond %{REQUEST_FILENAME} -f [OR] RewriteCond %{REQUEST_FILENAME} -l [OR] RewriteCond %{REQUEST_FILENAME} -d RewriteRule ^.*$ - [NC,L] RewriteRule ^threads/.* showthread.php [QSA] RewriteRule ^forums/.* forumdisplay.php [QSA] RewriteRule ^members/.* member.php [QSA] Thanks!! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252709,252709#msg-252709 From nginx-forum at nginx.us Wed Aug 20 23:07:53 2014 From: nginx-forum at nginx.us (pngu) Date: Wed, 20 Aug 2014 19:07:53 -0400 Subject: help debugging nginx core dump In-Reply-To: <1632966.3EktdWQDtW@vbart-laptop> References: <1632966.3EktdWQDtW@vbart-laptop> Message-ID: <2b9f194f5faab500e03eed8d16238fd0.NginxMailingListEnglish@forum.nginx.org> hmmm.. I think the core dump was caused by the nginx-auth-ldap module. Will monitor it longer. Thanks Valentin. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252597,252710#msg-252710 From al-nginx at none.at Thu Aug 21 10:39:30 2014 From: al-nginx at none.at (Aleksandar Lazic) Date: Thu, 21 Aug 2014 12:39:30 +0200 Subject: PHP to Apache - Friendly URLs fail with VBulletin In-Reply-To: <92f03986fa6a48524d419830ce8a170b.NginxMailingListEnglish@forum.nginx.org> References: <92f03986fa6a48524d419830ce8a170b.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hi mkools. Am 20-08-2014 23:39, schrieb mkools: > I'm using nginx for all static web content and forward all PHP requests > to > Apache. This works great when I type e.g. http://domain.com/index.php. > > However, vbulletin will convert any link to e.g.: > http://domain.com/threads/threadtopic or > http://domain.com/search.php?do=getnew. > So no more .php extension and when I click the topic now it just > reloads the > forum's main page where I already was. > > How can I tell nginx to also forward *.php? to apache? And how to > handle the > vbulletin rewrites? Do I need to move the .htaccess to nginx? > > Here's my .htaccess [snipp] Have you take a look at http://nginx.org/en/docs/http/converting_rewrite_rules.html http://nginx.org/en/docs/http/ngx_http_core_module.html#try_files or the worst case ;-) http://lmgtfy.com/?q=vbulletin+nginx => First link in my response https://www.vbulletin.com/docs/html/main/preparefiles_nginx and as your now on learning and reading maybe this link will help you too. http://nginx.org/en/docs/http/request_processing.html Cheers Aleks From nginx-forum at nginx.us Thu Aug 21 11:33:46 2014 From: nginx-forum at nginx.us (vikash.jha@intelligrape.com) Date: Thu, 21 Aug 2014 07:33:46 -0400 Subject: Map Nginx Query String Message-ID: <52fa41746ee4aaf1cc136f65ddf20875.NginxMailingListEnglish@forum.nginx.org> I have a webapp e.g example.com which is mapped with embedded url in nginx. server { location / { set $args id=201; try_files $uri $uri/ $uri/index.php /index.php; } } When I visit my site **example.com and example.com/id=201** it renders same page. but when i visit **example.com/index.php** it renders different page. Is there any way to map **example.com/index.php** on the same page in which example.com is mapped? ( here example.com/id=201) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252731,252731#msg-252731 From nginx-forum at nginx.us Thu Aug 21 11:34:32 2014 From: nginx-forum at nginx.us (vikash.jha@intelligrape.com) Date: Thu, 21 Aug 2014 07:34:32 -0400 Subject: Map Nginx Query String Message-ID: <59aac5e6900d5cf63aee0d11f6b29f5a.NginxMailingListEnglish@forum.nginx.org> I have a webapp e.g example.com is mapped with some embedded url in nginx. server { location / { set $args id=201; try_files $uri $uri/ $uri/index.php /index.php; } } When I visit my site **example.com and example.com/id=201** it renders same page. but when i visit **example.com/index.php** it renders different page. Is there any way to map **example.com/index.php** on the same page in which example.com is mapped? ( here example.com/id=201) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252730,252730#msg-252730 From aashish.dattani at gmail.com Thu Aug 21 18:20:37 2014 From: aashish.dattani at gmail.com (Aashish) Date: Thu, 21 Aug 2014 23:50:37 +0530 Subject: Memory increase at reload Message-ID: Hi, I've written an nginx module that creates a few large data structures at initialization time. These data structures are part of the location configuration for that module. Whenever I do a reload, these data structures are re-created, and the new configuration points to the newly created ones. But the old data structures are not freed up and still remain in the shared memory. This is leading to a lot of memory usage over repeated reloads. Is there anyway I can avoid this memory pile-up while still being able to do multiple reloads? Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ben at indietorrent.org Fri Aug 22 01:02:43 2014 From: ben at indietorrent.org (Ben Johnson) Date: Thu, 21 Aug 2014 21:02:43 -0400 Subject: nginx: [emerg] unknown directive "upload_pass" after dist-upgrade from Ubuntu 12.04 LTS to 14.04 LTS Message-ID: <53F696B3.4090001@indietorrent.org> Hello! I performed a dist-upgrade, from Ubuntu 12.04 LTS to 14.04 LTS, and once the dust had settled, nginx refused to start with: nginx: [emerg] unknown directive "upload_pass" in /etc/nginx/sites-enabled/example.com.vhost:95 The "upload_pass" directive appears to be part of the HttpUploadModule. This module was clearly installed before the dist-upgrade, because the vhost in question functioned as expected before applying the upgrade. It is not clear which Ubuntu package includes this module. I figured, "What the hell..." and installed nginx-extras, which is supposed to include all of the most commonly used modules, yet the problem persists. It seems unlikely that the name of this directive changed. What other explanations are there? Thanks for any ideas! Full configuration provided below. -Ben # nginx -V nginx version: nginx/1.6.0 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_flv_module --with-http_geoip_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_mp4_module --with-http_perl_module --with-http_random_index_module --with-http_secure_link_module --with-http_spdy_module --with-http_sub_module --with-http_xslt_module --with-mail --with-mail_ssl_module --add-module=/build/buildd/nginx-1.6.0/debian/modules/headers-more-nginx-module --add-module=/build/buildd/nginx-1.6.0/debian/modules/nginx-auth-pam --add-module=/build/buildd/nginx-1.6.0/debian/modules/nginx-cache-purge --add-module=/build/buildd/nginx-1.6.0/debian/modules/nginx-dav-ext-module --add-module=/build/buildd/nginx-1.6.0/debian/modules/nginx-development-kit --add-module=/build/buildd/nginx-1.6.0/debian/modules/nginx-echo --add-module=/build/buildd/nginx-1.6.0/debian/modules/ngx-fancyindex --add-module=/build/buildd/nginx-1.6.0/debian/modules/nginx-http-push --add-module=/build/buildd/nginx-1.6.0/debian/modules/nginx-lua --add-module=/build/buildd/nginx-1.6.0/debian/modules/nginx-upload-progress --add-module=/build/buildd/nginx-1.6.0/debian/modules/nginx-upstream-fair --add-module=/build/buildd/nginx-1.6.0/debian/modules/ngx_http_substitutions_filter_module From ben at indietorrent.org Fri Aug 22 02:34:17 2014 From: ben at indietorrent.org (Ben Johnson) Date: Thu, 21 Aug 2014 22:34:17 -0400 Subject: nginx: [emerg] unknown directive "upload_pass" after dist-upgrade from Ubuntu 12.04 LTS to 14.04 LTS In-Reply-To: <53F696B3.4090001@indietorrent.org> References: <53F696B3.4090001@indietorrent.org> Message-ID: <53F6AC29.8060800@indietorrent.org> On 8/21/2014 9:02 PM, Ben Johnson wrote: > # nginx -V > nginx version: nginx/1.6.0 I should add also that immediately after the upgrade from version 12.04 to 14.04 of my OS, this problem was present, and my nginx version was 1.4.6. The reason for which my current config (quoted above) shows 1.6.0 is that I followed these instructions when trying to build nginx with every module I have needed in the past, in an effort to troubleshoot this problem: http://serverfault.com/questions/227480/installing-optional-nginx-modules-with-apt-get What's puzzling me most is that I only ever remember having to install the http://wiki.nginx.org/HttpUploadProgressModule in any "special way". And by "special way", I think I simply switched from Ubuntu's "nginx-core" to "nginx-extras" package when first I "got everything working". Is this module ( http://wiki.nginx.org/HttpUploadModule , to which the "upload_pass" directive applies) built into the core of nginx? I ask mostly because when I built nginx from source (the 1.6.0 version), the "extras" config section mentions nothing of the module in question (that's causing the fatal upon nginx start-up): (from "nginx-1.6.0/debian/rules"): # ... extras_configure_flags := \ $(common_configure_flags) \ --with-http_addition_module \ --with-http_dav_module \ --with-http_flv_module \ --with-http_geoip_module \ --with-http_gzip_static_module \ --with-http_image_filter_module \ --with-http_mp4_module \ --with-http_perl_module \ --with-http_random_index_module \ --with-http_secure_link_module \ --with-http_spdy_module \ --with-http_sub_module \ --with-http_xslt_module \ --with-mail \ --with-mail_ssl_module \ --add-module=$(MODULESDIR)/headers-more-nginx-module \ --add-module=$(MODULESDIR)/nginx-auth-pam \ --add-module=$(MODULESDIR)/nginx-cache-purge \ --add-module=$(MODULESDIR)/nginx-dav-ext-module \ --add-module=$(MODULESDIR)/nginx-development-kit \ --add-module=$(MODULESDIR)/nginx-echo \ --add-module=$(MODULESDIR)/ngx-fancyindex \ --add-module=$(MODULESDIR)/nginx-http-push \ --add-module=$(MODULESDIR)/nginx-lua \ --add-module=$(MODULESDIR)/nginx-upload-progress \ --add-module=$(MODULESDIR)/nginx-upstream-fair \ --add-module=$(MODULESDIR)/ngx_http_substitutions_filter_module # ... I see the line for the "HttpUploadProgressModule", as described at http://wiki.nginx.org/HttpUploadProgressModule , but this is a different module, correct? Thanks again for any assistance, -Ben From vbart at nginx.com Fri Aug 22 07:05:53 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Fri, 22 Aug 2014 11:05:53 +0400 Subject: nginx: [emerg] unknown directive "upload_pass" after dist-upgrade from Ubuntu 12.04 LTS to 14.04 LTS In-Reply-To: <53F696B3.4090001@indietorrent.org> References: <53F696B3.4090001@indietorrent.org> Message-ID: <2840547.D8BRW6TQ5S@vbart-laptop> On Thursday 21 August 2014 21:02:43 Ben Johnson wrote: > Hello! > > I performed a dist-upgrade, from Ubuntu 12.04 LTS to 14.04 LTS, and once > the dust had settled, nginx refused to start with: > > nginx: [emerg] unknown directive "upload_pass" in > /etc/nginx/sites-enabled/example.com.vhost:95 > > The "upload_pass" directive appears to be part of the HttpUploadModule. > This module was clearly installed before the dist-upgrade, because the > vhost in question functioned as expected before applying the upgrade. > > It is not clear which Ubuntu package includes this module. I figured, > "What the hell..." and installed nginx-extras, which is supposed to > include all of the most commonly used modules, yet the problem persists. > > It seems unlikely that the name of this directive changed. What other > explanations are there? > [..] This 3rd-party module was removed from the package, because it's broken and cannot be compiled with the newer versions of nginx. See: https://bugs.launchpad.net/nginx/+bug/1177719 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729003 wbr, Valentin V. Bartenev From ywsample at gmail.com Fri Aug 22 09:55:42 2014 From: ywsample at gmail.com (ywsample) Date: Fri, 22 Aug 2014 17:55:42 +0800 Subject: proxied request hang when DNS server down In-Reply-To: <20140820075844.GG30504@lo0.su> References: <20140820075844.GG30504@lo0.su> Message-ID: hi Ruslan >Please try the attached patch. If you would like an attribution >in a commit log, please tell me your real name. thanks for the patch I have a little idea, in ngx_resolver_timeout_handler function find the next timeout request and add a timer if the time interval between two requests exceeds the threshold, what do you think about it? because this patch will appear premature timeout. For example if resolver_timeout set to 5 seconds, the first request arrived at one second, another request arrived at five seconds. Then when the the first request timeout, the second request immediately returned because of they were pending for the same dns query. but the desired result is nginx will try to resend the dns query and if success the second request process normal otherwise timeout at ten second. -- ywsample :) -------------- next part -------------- An HTML attachment was scrubbed... URL: From tim at bastelfreak.de Fri Aug 22 11:49:23 2014 From: tim at bastelfreak.de (Tim) Date: Fri, 22 Aug 2014 13:49:23 +0200 Subject: unable to install nginx via nginx.org repo with centos7 Message-ID: <0d6e0e8468af66a2278789285bdf2981@online-mail.biz> Hi guys, I'm running a fresh installed CentOS7 and added your repo via http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm I get the following issue if I try to install the nginx package: [root at server]# yum install nginx Loaded plugins: fastestmirror, priorities Loading mirror speeds from cached hostfile * base: mirror.netcologne.de * epel: mirror.imt-systems.com * extras: mirror.skylink-datacenter.de * updates: mirror.23media.de 51 packages excluded due to repository priority protections Resolving Dependencies --> Running transaction check ---> Package nginx.x86_64 0:1.6.1-1.el6.ngx will be installed --> Processing Dependency: libpcre.so.0()(64bit) for package: nginx-1.6.1-1.el6.ngx.x86_64 --> Finished Dependency Resolution Error: Package: nginx-1.6.1-1.el6.ngx.x86_64 (nginx-release) Requires: libpcre.so.0()(64bit) You could try using --skip-broken to work around the problem You could try running: rpm -Va --nofiles --nodigest [root at server]# the 51 protected packages are because of the also added puppetlabs repo which got a high priority than the base one. Any Ideas about the libpcre issue? I wasn't able to find the suitable rpm via the default CentOS repos. Do you have to add it to your mirror? kind regards, Tim From thresh at nginx.com Fri Aug 22 12:04:38 2014 From: thresh at nginx.com (Konstantin Pavlov) Date: Fri, 22 Aug 2014 16:04:38 +0400 Subject: unable to install nginx via nginx.org repo with centos7 In-Reply-To: <0d6e0e8468af66a2278789285bdf2981@online-mail.biz> References: <0d6e0e8468af66a2278789285bdf2981@online-mail.biz> Message-ID: <53F731D6.4010508@nginx.com> On 22/08/2014 15:49, Tim wrote: > Hi guys, > > I'm running a fresh installed CentOS7 and added your repo via > http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm > > > I get the following issue if I try to install the nginx package: > > [root at server]# yum install nginx > Loaded plugins: fastestmirror, priorities > Loading mirror speeds from cached hostfile > * base: mirror.netcologne.de > * epel: mirror.imt-systems.com > * extras: mirror.skylink-datacenter.de > * updates: mirror.23media.de > 51 packages excluded due to repository priority protections > Resolving Dependencies > --> Running transaction check > ---> Package nginx.x86_64 0:1.6.1-1.el6.ngx will be installed Looks like the repository for CentOS 6 is enabled instead of CentOS 7. > --> Processing Dependency: libpcre.so.0()(64bit) for package: > nginx-1.6.1-1.el6.ngx.x86_64 > --> Finished Dependency Resolution > Error: Package: nginx-1.6.1-1.el6.ngx.x86_64 (nginx-release) > Requires: libpcre.so.0()(64bit) > You could try using --skip-broken to work around the problem > You could try running: rpm -Va --nofiles --nodigest > [root at server]# > > the 51 protected packages are because of the also added puppetlabs repo > which got a high priority than the base one. Any Ideas about the libpcre > issue? I wasn't able to find the suitable rpm via the default CentOS > repos. Do you have to add it to your mirror? You should check the contents of /etc/yum.repos.d/ files. The nginx.repo for CentOS7 should be like that: # nginx.repo [nginx] name=nginx repo baseurl=http://nginx.org/packages/centos/7/$basearch/ gpgcheck=0 enabled=1 -- Konstantin Pavlov From pemboa at gmail.com Fri Aug 22 13:36:36 2014 From: pemboa at gmail.com (Arthur Pemberton) Date: Fri, 22 Aug 2014 09:36:36 -0400 Subject: Frequent lockups in Nginx/php-fpm after move from Apache/mod_php Message-ID: I moved hosting of roughly 150 Wordpress sites from Apache/mod_php to Nginx/php-fpm after having tested and found measurably better performance with Nginx. (hosted on Centos 6/7) The first problem I ran into was that the server ran completely out of memory (30GB of RAM) and came to a complete crash one night, I presume when all the bots came by -- never hard this issue before. I changed from static pm to ondemand, with 10 and 25 children per pool max, each website has it's own pool. The new problem is that I start getting bad gateway errors just as regularly, as if there's no queuing of new requests. I get frequent lockups where it would seem that somehow every child in every pool is in use, and there is no queuing of requests from Nginx to php-fpm, and this state is maintained until I restart php-fpm There are no errors in besides infrequent "unable to read what child say: Bad file descriptor" which is pretty vague. This is currently on Centos 7 64bit with Nginx 1.6.0 (from nginx's repos) and php-fpm 5.5.15 (from the Remi repos) -------------- next part -------------- An HTML attachment was scrubbed... URL: From aircw2005 at gmail.com Fri Aug 22 17:36:40 2014 From: aircw2005 at gmail.com (Wei Chen) Date: Fri, 22 Aug 2014 10:36:40 -0700 Subject: Measure ram consumed by Nginx proxy cache Message-ID: Hi folks: I am currently investigating performance of our production Nginx instances. Our architecture is a Nginx process in front of 8 node.js workers. As the memory is running low, we want to determine the RAM consumed by Nginx processes only. My understanding is that Nginx cache is on disk by default, whereas Linux caches a lot of file content on memory. Is there a way to tell how much RAM Nginx uses overall for proxy cache? Thanks, -Wei From nginx-forum at nginx.us Fri Aug 22 19:10:03 2014 From: nginx-forum at nginx.us (badtzhou) Date: Fri, 22 Aug 2014 15:10:03 -0400 Subject: Range request not working for gzipped content Message-ID: <003d00942ec592288ab29cadbf3d5b33.NginxMailingListEnglish@forum.nginx.org> I found that whenever Content-Encoding: gzip is on. Nginx will return 200 instead of 206. When gzip is off, nginx will return range request normally. Is that the expected behavior for nginx? Thanks Don Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252767,252767#msg-252767 From tim at bastelfreak.de Fri Aug 22 19:58:39 2014 From: tim at bastelfreak.de (tim at bastelfreak.de) Date: Fri, 22 Aug 2014 21:58:39 +0200 Subject: unable to install nginx via nginx.org repo with centos7 In-Reply-To: <53F731D6.4010508@nginx.com> References: <0d6e0e8468af66a2278789285bdf2981@online-mail.biz> <53F731D6.4010508@nginx.com> Message-ID: <53F7A0EF.7000202@bastelfreak.de> Am 22.08.2014 um 14:04 schrieb Konstantin Pavlov: > On 22/08/2014 15:49, Tim wrote: >> Hi guys, >> >> I'm running a fresh installed CentOS7 and added your repo via >> http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm >> >> >> I get the following issue if I try to install the nginx package: >> >> [root at server]# yum install nginx >> Loaded plugins: fastestmirror, priorities >> Loading mirror speeds from cached hostfile >> * base: mirror.netcologne.de >> * epel: mirror.imt-systems.com >> * extras: mirror.skylink-datacenter.de >> * updates: mirror.23media.de >> 51 packages excluded due to repository priority protections >> Resolving Dependencies >> --> Running transaction check >> ---> Package nginx.x86_64 0:1.6.1-1.el6.ngx will be installed > > Looks like the repository for CentOS 6 is enabled instead of CentOS 7. ups. stupid me. thanks for the fast help > >> --> Processing Dependency: libpcre.so.0()(64bit) for package: >> nginx-1.6.1-1.el6.ngx.x86_64 >> --> Finished Dependency Resolution >> Error: Package: nginx-1.6.1-1.el6.ngx.x86_64 (nginx-release) >> Requires: libpcre.so.0()(64bit) >> You could try using --skip-broken to work around the problem >> You could try running: rpm -Va --nofiles --nodigest >> [root at server]# >> >> the 51 protected packages are because of the also added puppetlabs repo >> which got a high priority than the base one. Any Ideas about the libpcre >> issue? I wasn't able to find the suitable rpm via the default CentOS >> repos. Do you have to add it to your mirror? > > You should check the contents of /etc/yum.repos.d/ files. > > The nginx.repo for CentOS7 should be like that: > > # nginx.repo > > [nginx] > name=nginx repo > baseurl=http://nginx.org/packages/centos/7/$basearch/ > gpgcheck=0 > enabled=1 > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ben at indietorrent.org Fri Aug 22 21:54:22 2014 From: ben at indietorrent.org (Ben Johnson) Date: Fri, 22 Aug 2014 17:54:22 -0400 Subject: nginx: [emerg] unknown directive "upload_pass" after dist-upgrade from Ubuntu 12.04 LTS to 14.04 LTS In-Reply-To: <2840547.D8BRW6TQ5S@vbart-laptop> References: <53F696B3.4090001@indietorrent.org> <2840547.D8BRW6TQ5S@vbart-laptop> Message-ID: <53F7BC0E.2090708@indietorrent.org> On 8/22/2014 3:05 AM, Valentin V. Bartenev wrote: > On Thursday 21 August 2014 21:02:43 Ben Johnson wrote: >> Hello! >> >> I performed a dist-upgrade, from Ubuntu 12.04 LTS to 14.04 LTS, and once >> the dust had settled, nginx refused to start with: >> >> nginx: [emerg] unknown directive "upload_pass" in >> /etc/nginx/sites-enabled/example.com.vhost:95 >> >> The "upload_pass" directive appears to be part of the HttpUploadModule. >> This module was clearly installed before the dist-upgrade, because the >> vhost in question functioned as expected before applying the upgrade. >> >> It is not clear which Ubuntu package includes this module. I figured, >> "What the hell..." and installed nginx-extras, which is supposed to >> include all of the most commonly used modules, yet the problem persists. >> >> It seems unlikely that the name of this directive changed. What other >> explanations are there? >> > [..] > > This 3rd-party module was removed from the package, because it's broken and > cannot be compiled with the newer versions of nginx. > > See: > https://bugs.launchpad.net/nginx/+bug/1177719 > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729003 > > wbr, Valentin V. Bartenev Thank you kindly, Valentin. That explains it! Well, that's a real disappointment. Is it no longer possible for nginx to handle uploads in a similar manner? This was one of my favorite features of nginx: the ability to offload large file uploads from PHP onto nginx. Sadly, until I can find a comparable solution to the problem of uploading massive (2GB+) files without needing to leverage a server-side scripting language, such as PHP, I have little choice but to stick to obsoleted versions of nginx that support this module. I am eager to hear how others have dealt with this most useful module's disappearance... Thanks again, Valentin. -Ben From vbart at nginx.com Fri Aug 22 23:12:15 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Sat, 23 Aug 2014 03:12:15 +0400 Subject: nginx: [emerg] unknown directive "upload_pass" after dist-upgrade from Ubuntu 12.04 LTS to 14.04 LTS In-Reply-To: <53F7BC0E.2090708@indietorrent.org> References: <53F696B3.4090001@indietorrent.org> <2840547.D8BRW6TQ5S@vbart-laptop> <53F7BC0E.2090708@indietorrent.org> Message-ID: <4787270.sAYXIEeGid@vbart-laptop> On Friday 22 August 2014 17:54:22 Ben Johnson wrote: [..] > > Thank you kindly, Valentin. That explains it! > > Well, that's a real disappointment. Is it no longer possible for nginx > to handle uploads in a similar manner? This was one of my favorite > features of nginx: the ability to offload large file uploads from PHP > onto nginx. > [..] Could you elaborate a bit what's the ability you're speaking about? By default, nginx is good enough in offloading large file uploads. For example: location /upload { fastcgi_pass backend; fastcgi_pass_request_body off; fastcgi_param UPLOADED_FILENAME $request_body_file; client_body_in_file_only on; } With the configuration above nginx only passes the name of the uploaded file. Reference: http://nginx.org/r/fastcgi_pass_request_body http://nginx.org/r/client_body_in_file_only http://nginx.org/en/docs/http/ngx_http_core_module.html#var_request_body_file wbr, Valentin V. Bartenev From vbart at nginx.com Fri Aug 22 23:43:30 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Sat, 23 Aug 2014 03:43:30 +0400 Subject: Range request not working for gzipped content In-Reply-To: <003d00942ec592288ab29cadbf3d5b33.NginxMailingListEnglish@forum.nginx.org> References: <003d00942ec592288ab29cadbf3d5b33.NginxMailingListEnglish@forum.nginx.org> Message-ID: <6688395.byioJEyry1@vbart-laptop> On Friday 22 August 2014 15:10:03 badtzhou wrote: > I found that whenever Content-Encoding: gzip is on. Nginx will return 200 > instead of 206. When gzip is off, nginx will return range request normally. > > Is that the expected behavior for nginx? > Yes. See here for explanation: http://mailman.nginx.org/pipermail/nginx/2011-June/027712.html wbr, Valentin V. Bartenev From nginx at mfriebe.de Sat Aug 23 18:03:32 2014 From: nginx at mfriebe.de (Martin Frb) Date: Sat, 23 Aug 2014 19:03:32 +0100 Subject: Hello - and missing verification of configuration format / very tiny mem leak in limit_req config Message-ID: <53F8D774.9090603@mfriebe.de> Hi, My name is Martin. I am new to this list (obvious), and new to nginx as well. I hope this is the right place for the feedback I have, if not please correct me. Well the below may be for the bugtracker. Except: It is yet to be confirmed as bug, I was unable to find a way to register. (I do not like the concept of open id / one service = one login = one password) Here goes: Looking through the code I came across: src\http\modules\ngx_http_limit_req_module.c line 816 In function ngx_http_limit_req_zone This parses the arguments to the config directive: limit_req_zone If the line in the config has more than one entry starting with "$" then in line 816 the previous value of cfg is lost for (i = 1; i < cf->args->nelts; i++) { // line 752 ... if (value[i].data[0] == '$') { // line 811 ... ctx = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_req_ctx_t)); Of course normally this does not matter, since nginx will exit if the config cannot be parsed (and thus free all memory) Yet the below line is accepted by nginx. limit_req_zone $nginx_version $binary_remote_addr zone=addr_foo:20m ; In this case, reading the config, a single small block of memory is leaked. This should probably be fixed by giving an error that this config is malformed. Btw, it also takes limit_req_zone $nginx_version zone=addr_foo:20m zone=addr_foo:20m ; Anything, that has 3 parameters. Any parameter can be repeated. Best Regards Martin From alex at zeitgeist.se Sat Aug 23 18:38:05 2014 From: alex at zeitgeist.se (Alex) Date: Sat, 23 Aug 2014 20:38:05 +0200 Subject: Use of boringssl equal-preference cipher groups with nginx In-Reply-To: References: Message-ID: <684974AE-22FA-415B-96E7-CF4850A162CC@postfach.slogh.com> Hi again, On 2014-08-18 09:17, Alex wrote: > Hi, > > I have successfully compiled nginx/1.7.4 with boringssl. One thing I > am not sure if it's possible already is to take advantage of > equal-preference cipher groups that Boringssl supports. > > [...] > > Would this already work with nginx' ssl_ciphers parameter or would > nginx require further patching to support such grouping parameter? I feel kinda stupid that I didn't figure it out earlier. Of course it's possible out of the box with nginx/boringssl. I made a small writeup here: https://www.zeitgeist.se/2014/08/23/we-like-aes-and-chacha20-equally-thanks-to-boringssl/ Basically, you group ciphers in the ciphers list like this: [ECDHE-RSA-CHACHA20-POLY1305|ECDHE-RSA-AES128-GCM-SHA256] Best, Alex From nginx at mfriebe.de Sat Aug 23 18:54:26 2014 From: nginx at mfriebe.de (Martin Frb) Date: Sat, 23 Aug 2014 19:54:26 +0100 Subject: Documentation of limit_req Message-ID: <53F8E362.60706@mfriebe.de> About http://nginx.org/en/docs/http/ngx_http_limit_req_module.html It does not specify anything about inheritance. It appears (from reading sources) that limit_req are inherited only, if no new limit_req are specified. This is the same as for proxy_set_header and others: http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header However this is not documented on above page. Could it be added? Martin From nginx-forum at nginx.us Sat Aug 23 22:37:15 2014 From: nginx-forum at nginx.us (George) Date: Sat, 23 Aug 2014 18:37:15 -0400 Subject: Use of boringssl equal-preference cipher groups with nginx In-Reply-To: References: Message-ID: thanks Alex so what's the updated way to compile Nginx against BoringSSL ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252640,252779#msg-252779 From nginx-forum at nginx.us Sun Aug 24 05:05:50 2014 From: nginx-forum at nginx.us (AjaySawant) Date: Sun, 24 Aug 2014 01:05:50 -0400 Subject: Rewrite directory lookup to another directory Message-ID: <568beebd1050c993bbbd16d0bf8bc664.NginxMailingListEnglish@forum.nginx.org> Hello All, I am trying to add a rewrite rule to my nginx configuration. But each time it is giving me 404/302 error. My scenarios is given below 1. If someone request URL http://192.168.44.163/testa or http://192.168.44.163/testa/ then it should be redirected to http://192.168.44.163/testa/web/index.php or http://192.168.44.163/testa/web/index.html 2. If someone request any file inside testa directory it should be redirected to testa/web directory and serve the file. I tried with location /testa {} directive as well but in vain. [root at symp html]# pwd /usr/share/nginx/html [root at symp html]# ls 404.html 50x.html index.html index.php nginx-logo.png poweredby.png testa testb testc [root at symp html]# tree . ??? 404.html ??? 50x.html ??? index.html ??? index.php ??? nginx-logo.png ??? poweredby.png ??? testa ??? ??? web ??? ??? index.php ??? testb ??? ??? web ??? ??? index.php ??? testc ??? index.php 5 directories, 9 files [root at symp html]# cat /etc/nginx/nginx.conf user nginx; worker_processes 1; error_log /var/log/nginx/error.log; #error_log /var/log/nginx/error.log notice; #error_log /var/log/nginx/error.log info; pid /run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; keepalive_timeout 65; include /etc/nginx/conf.d/*.conf; index index.php index.html index.htm; server { listen 80; server_name 192.168.44.163; root /usr/share/nginx/html; access_log /var/log/nginx/192.168.44.163.access.log main; error_log /var/log/nginx/192.168.44.163.error.log; location / { } rewrite ^/testa/(.*)$ /testa/web/$1 permanent; rewrite ^/testb/(.*)$ /testb/web/$1 permanent; error_page 404 /404.html; location = /40x.html { } error_page 500 502 503 504 /50x.html; location = /50x.html { } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 location ~ \.php$ { root html; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } } } [root at symp html]# curl http://192.168.44.163/testa/ 301 Moved Permanently

301 Moved Permanently

nginx/1.6.1
[root at symp html]# curl http://192.168.44.163/testa 301 Moved Permanently

301 Moved Permanently

nginx/1.6.1
Regards, Ajay Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252780,252780#msg-252780 From nginx-forum at nginx.us Sun Aug 24 08:47:28 2014 From: nginx-forum at nginx.us (farukest) Date: Sun, 24 Aug 2014 04:47:28 -0400 Subject: How to configure rewrites or security download hashed link with expiration date Message-ID: <2eb5c1af39e6b0f844ec9414939add88.NginxMailingListEnglish@forum.nginx.org> Hi i have a video publishing website and have tons of ".mp4" videos in my website. I want to use hashing . But i couldn't understand documentation how to use this configuration. My first question : Is it possible to use this configuration in localhost, because first i should try with localhost. I can share my nginx configuration. I really need to make this configuration. Hope you can help me, thanks in advance. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252781,252781#msg-252781 From oyljerry at gmail.com Mon Aug 25 02:55:06 2014 From: oyljerry at gmail.com (Jerry OELoo) Date: Mon, 25 Aug 2014 10:55:06 +0800 Subject: Where to store global settings in filter Message-ID: Hi All: I have some settings in a json file (not in nginx.conf file), Currently, in my module filter function, I will open file, read file, close file every time filter function is called. I think this is not so good, so I think it's better call a function just one time, and save the setting in a global variable, but I do not where is a proper position in Nginx module, Thanks! -- Rejoice,I Desire! From nginx-forum at nginx.us Mon Aug 25 12:23:28 2014 From: nginx-forum at nginx.us (jakubp) Date: Mon, 25 Aug 2014 08:23:28 -0400 Subject: nginx is too strict about accept-ranges Message-ID: <344d88d96578e70edd42df3f1f317431.NginxMailingListEnglish@forum.nginx.org> Hi I am using nginx to proxy/cache requests from different origin servers, some of which I don't have access to (can't change their behaviour). Recently I stumbled upon a problem where nginx wouldn't serve partial objects (even after they are cached) although upstream server would happily do that. It happens because upstream server doesn't serve "Accept-Ranges: bytes" header. RFC7233 states that use of this header is optional so nginx might be relying on it a bit too heavily. Is there a configuration knob to make nginx ignore absence of this header (or force nginx to allow ranges)? Or a patch available to apply? If not - are there any plans to add one? Thanks, Kuba Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252795,252795#msg-252795 From mdounin at mdounin.ru Mon Aug 25 13:08:37 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 25 Aug 2014 17:08:37 +0400 Subject: nginx is too strict about accept-ranges In-Reply-To: <344d88d96578e70edd42df3f1f317431.NginxMailingListEnglish@forum.nginx.org> References: <344d88d96578e70edd42df3f1f317431.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140825130837.GB1849@mdounin.ru> Hello! On Mon, Aug 25, 2014 at 08:23:28AM -0400, jakubp wrote: > Hi > > I am using nginx to proxy/cache requests from different origin servers, some > of which I don't have access to (can't change their behaviour). Recently I > stumbled upon a problem where nginx wouldn't serve partial objects (even > after they are cached) although upstream server would happily do that. It > happens because upstream server doesn't serve "Accept-Ranges: bytes" > header. > RFC7233 states that use of this header is optional so nginx might be relying > on it a bit too heavily. > > Is there a configuration knob to make nginx ignore absence of this header > (or force nginx to allow ranges)? Or a patch available to apply? If not - > are there any plans to add one? Trivial workaround is to add the header with an additional proxy layer. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Mon Aug 25 13:20:27 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 25 Aug 2014 17:20:27 +0400 Subject: Where to store global settings in filter In-Reply-To: References: Message-ID: <20140825132026.GD1849@mdounin.ru> Hello! On Mon, Aug 25, 2014 at 10:55:06AM +0800, Jerry OELoo wrote: > Hi All: > I have some settings in a json file (not in nginx.conf file), > Currently, in my module filter function, I will open file, read file, > close file every time filter function is called. > I think this is not so good, so I think it's better call a function > just one time, and save the setting in a global variable, but I do not > where is a proper position in Nginx module, Thanks! It may be a good idea to read the json file while parsing configuration. Such things are usually done either when processing a directive which specifies a file to use, or in a configuration merge callback. E.g., XSLT filter loads stylesheets specified in the ngx_http_xslt_stylesheet() function, which is called to handle the "xslt_stylesheet" directive. See src/http/modules/ngx_http_xslt_filter_module.c for details. -- Maxim Dounin http://nginx.org/ From tim at bastelfreak.de Mon Aug 25 13:21:44 2014 From: tim at bastelfreak.de (Tim) Date: Mon, 25 Aug 2014 15:21:44 +0200 Subject: nginx permission denied for upstream unix socket Message-ID: <6b630ab4f43b75e3f76cba2d63918814@online-mail.biz> Hi, I'm running nginx under CentOS 7 as a local proxy for a puppetmaster. I get the following error for every agent trying to connect to the master: "[crit] 8543#0: *13 connect() to unix:/var/run/puppet/puppetmaster_puma.sock failed (13: Permission denied) while connecting to upstream, client: 192.168.122.189, server: , request: "PUT /production/report/master.puppet.local HTTP/1.1", upstream: "http://unix:/var/run/puppet/puppetmaster_puma.sock:/production/report/master.puppet.local", host: "master.puppet.local:8140"" But: srwxrwxrwx. 1 puppet puppet 0 25. Aug 10:35 /var/run/puppet/puppetmaster_puma.sock The socket seems to be read/write able for everyone on the system? Why throws nginx a "permission denied" massage? And here is my nginx config: # define our puma backend upstream puppetmaster_puma { server unix:/var/run/puppet/puppetmaster_puma.sock; } # define our proxy for breaking up SSL server { ssl on; ssl_certificate /var/lib/puppet/ssl/certs/master.puppet.local.pem; ssl_certificate_key /var/lib/puppet/ssl/private_keys/master.puppet.local.pem; ssl_verify_client optional; ssl_client_certificate /var/lib/puppet/ssl/ca/ca_crt.pem; listen 192.168.122.189:8140 ssl; root /var/empty; location / { proxy_pass http://puppetmaster_puma; } } nginx is running in version 1.6.1, From vbart at nginx.com Mon Aug 25 13:46:00 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 25 Aug 2014 17:46 +0400 Subject: nginx permission denied for upstream unix socket In-Reply-To: <6b630ab4f43b75e3f76cba2d63918814@online-mail.biz> References: <6b630ab4f43b75e3f76cba2d63918814@online-mail.biz> Message-ID: <3672145.lN4AUSkZNf@vbart-workstation> On Monday 25 August 2014 15:21:44 Tim wrote: > Hi, > > I'm running nginx under CentOS 7 as a local proxy for a puppetmaster. I > get the following error for every agent trying to connect to the master: > > "[crit] 8543#0: *13 connect() to > unix:/var/run/puppet/puppetmaster_puma.sock failed (13: Permission > denied) while connecting to upstream, client: 192.168.122.189, server: , > request: "PUT /production/report/master.puppet.local HTTP/1.1", > upstream: > "http://unix:/var/run/puppet/puppetmaster_puma.sock:/production/report/master.puppet.local", > host: "master.puppet.local:8140"" > > > But: > srwxrwxrwx. 1 puppet puppet 0 25. Aug 10:35 > /var/run/puppet/puppetmaster_puma.sock > > The socket seems to be read/write able for everyone on the system? Why > throws nginx a "permission denied" massage? > [..] What about the /var/run/puppet/ directory? wbr, Valentin V. Bartenev From tim at bastelfreak.de Mon Aug 25 13:51:01 2014 From: tim at bastelfreak.de (Tim) Date: Mon, 25 Aug 2014 15:51:01 +0200 Subject: nginx permission denied for upstream unix socket In-Reply-To: <3672145.lN4AUSkZNf@vbart-workstation> References: <6b630ab4f43b75e3f76cba2d63918814@online-mail.biz> <3672145.lN4AUSkZNf@vbart-workstation> Message-ID: Am 2014-08-25 15:46, schrieb Valentin V. Bartenev: > On Monday 25 August 2014 15:21:44 Tim wrote: >> Hi, >> >> I'm running nginx under CentOS 7 as a local proxy for a puppetmaster. >> I >> get the following error for every agent trying to connect to the >> master: >> >> "[crit] 8543#0: *13 connect() to >> unix:/var/run/puppet/puppetmaster_puma.sock failed (13: Permission >> denied) while connecting to upstream, client: 192.168.122.189, server: >> , >> request: "PUT /production/report/master.puppet.local HTTP/1.1", >> upstream: >> > "http://unix:/var/run/puppet/puppetmaster_puma.sock:/production/report/master.puppet.local", >> host: "master.puppet.local:8140"" >> >> >> But: >> srwxrwxrwx. 1 puppet puppet 0 25. Aug 10:35 >> /var/run/puppet/puppetmaster_puma.sock >> >> The socket seems to be read/write able for everyone on the system? Why >> throws nginx a "permission denied" massage? >> > [..] > > What about the /var/run/puppet/ directory? seems to be fine: drwxr-xr-x. 2 puppet puppet 100 25. Aug 10:35 /var/run/puppet (the nginx user is in the puppet group btw). Even setting the permissions to 777 didn't fix the issue. > > wbr, Valentin V. Bartenev > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From in-nginx at moimeme.ca Mon Aug 25 14:26:23 2014 From: in-nginx at moimeme.ca (Edwin) Date: Mon, 25 Aug 2014 10:26:23 -0400 Subject: nginx permission denied for upstream unix socket In-Reply-To: References: <6b630ab4f43b75e3f76cba2d63918814@online-mail.biz> <3672145.lN4AUSkZNf@vbart-workstation> Message-ID: <535bb8260817279f0c977b3d3093c21c@moimeme.ca> Le 2014-08-25 09:51, Tim a ?crit?: > Am 2014-08-25 15:46, schrieb Valentin V. Bartenev: >> On Monday 25 August 2014 15:21:44 Tim wrote: >>> Hi, >>> >>> I'm running nginx under CentOS 7 as a local proxy for a puppetmaster. >>> I >>> get the following error for every agent trying to connect to the >>> master: >>> >>> "[crit] 8543#0: *13 connect() to >>> unix:/var/run/puppet/puppetmaster_puma.sock failed (13: Permission >>> denied) while connecting to upstream, client: 192.168.122.189, >>> server: , >>> request: "PUT /production/report/master.puppet.local HTTP/1.1", >>> upstream: >>> >> "http://unix:/var/run/puppet/puppetmaster_puma.sock:/production/report/master.puppet.local", >>> host: "master.puppet.local:8140"" >>> >>> >>> But: >>> srwxrwxrwx. 1 puppet puppet 0 25. Aug 10:35 >>> /var/run/puppet/puppetmaster_puma.sock >>> >>> The socket seems to be read/write able for everyone on the system? >>> Why >>> throws nginx a "permission denied" massage? >>> >> [..] >> >> What about the /var/run/puppet/ directory? > > seems to be fine: > > drwxr-xr-x. 2 puppet puppet 100 25. Aug 10:35 /var/run/puppet > > (the nginx user is in the puppet group btw). Even setting the > permissions to 777 didn't fix the issue. > >> >> wbr, Valentin V. Bartenev >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx Hi, Have you checked your SELinux permissions? According to your "ls -l", you would have SELinux enabled on those files/sockets (the "." in the output). I would check SELinux settings to allow access from nginx to the socket. Sincerely, --- Edwin From tim at bastelfreak.de Mon Aug 25 14:26:38 2014 From: tim at bastelfreak.de (Tim) Date: Mon, 25 Aug 2014 16:26:38 +0200 Subject: nginx permission denied for upstream unix socket In-Reply-To: References: <6b630ab4f43b75e3f76cba2d63918814@online-mail.biz> <3672145.lN4AUSkZNf@vbart-workstation> Message-ID: <304280e03fdbfde57d7730b85a767ea9@online-mail.biz> I found the issue by myself. selinux was blocking the access to the socket. This is now fixed. Am 2014-08-25 15:51, schrieb Tim: > Am 2014-08-25 15:46, schrieb Valentin V. Bartenev: >> On Monday 25 August 2014 15:21:44 Tim wrote: >>> Hi, >>> >>> I'm running nginx under CentOS 7 as a local proxy for a puppetmaster. >>> I >>> get the following error for every agent trying to connect to the >>> master: >>> >>> "[crit] 8543#0: *13 connect() to >>> unix:/var/run/puppet/puppetmaster_puma.sock failed (13: Permission >>> denied) while connecting to upstream, client: 192.168.122.189, >>> server: , >>> request: "PUT /production/report/master.puppet.local HTTP/1.1", >>> upstream: >>> >> "http://unix:/var/run/puppet/puppetmaster_puma.sock:/production/report/master.puppet.local", >>> host: "master.puppet.local:8140"" >>> >>> >>> But: >>> srwxrwxrwx. 1 puppet puppet 0 25. Aug 10:35 >>> /var/run/puppet/puppetmaster_puma.sock >>> >>> The socket seems to be read/write able for everyone on the system? >>> Why >>> throws nginx a "permission denied" massage? >>> >> [..] >> >> What about the /var/run/puppet/ directory? > > seems to be fine: > > drwxr-xr-x. 2 puppet puppet 100 25. Aug 10:35 /var/run/puppet > > (the nginx user is in the puppet group btw). Even setting the > permissions to 777 didn't fix the issue. > >> >> wbr, Valentin V. Bartenev >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Mon Aug 25 16:28:27 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 25 Aug 2014 20:28:27 +0400 Subject: Hello - and missing verification of configuration format / very tiny mem leak in limit_req config In-Reply-To: <53F8D774.9090603@mfriebe.de> References: <53F8D774.9090603@mfriebe.de> Message-ID: <20140825162826.GJ1849@mdounin.ru> Hello! On Sat, Aug 23, 2014 at 07:03:32PM +0100, Martin Frb wrote: > Hi, > > My name is Martin. I am new to this list (obvious), and new to nginx as > well. > I hope this is the right place for the feedback I have, if not please > correct me. Well the below may be for the bugtracker. Except: It is yet to > be confirmed as bug, I was unable to find a way to register. (I do not like > the concept of open id / one service = one login = one password) > > Here goes: > > Looking through the code I came across: > src\http\modules\ngx_http_limit_req_module.c line 816 > In function ngx_http_limit_req_zone > > This parses the arguments to the config directive: limit_req_zone > > If the line in the config has more than one entry starting with "$" then in > line 816 the previous value of cfg is lost > for (i = 1; i < cf->args->nelts; i++) { // line 752 > ... > if (value[i].data[0] == '$') { // line 811 > ... > ctx = ngx_pcalloc(cf->pool, sizeof(ngx_http_limit_req_ctx_t)); > > Of course normally this does not matter, since nginx will exit if the config > cannot be parsed (and thus free all memory) In either case, it's not a memory leak. All allocations will be freed on next configuration reload. While the memory is wasted, it's not leaked. > Yet the below line is accepted by nginx. > limit_req_zone $nginx_version $binary_remote_addr zone=addr_foo:20m ; > > In this case, reading the config, a single small block of memory is leaked. > > This should probably be fixed by giving an error that this config is > malformed. > > Btw, it also takes > limit_req_zone $nginx_version zone=addr_foo:20m zone=addr_foo:20m ; > > Anything, that has 3 parameters. Any parameter can be repeated. This applies to almost all directives which take named parameters: nginx doesn't try to check for duplicates, but silently uses last value specified. Additional checks can be added to make parsing more strict, though general consensus seems to be that it isn't worth the effort. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Mon Aug 25 17:57:10 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 25 Aug 2014 21:57:10 +0400 Subject: Big dispersion in requests execution time. In-Reply-To: <70e7227ab20c106e78da260a97608bd1.NginxMailingListEnglish@forum.nginx.org> References: <70e7227ab20c106e78da260a97608bd1.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140825175710.GN1849@mdounin.ru> Hello! On Tue, Aug 19, 2014 at 07:31:21AM -0400, yury_y wrote: > Hi, > > I faced the following problem. Our server works under the constant load of > 300-400 requests per second. > From request execution time statistics I see that in some cases "fast" > request(that normally executes in few milliseconds) may hang for seconds. > > Here is an illustration of this problem. > I execute the following GET request "http://127.0.0.1:777/fcgi/auth..."(no > ssl, no dns lookup, just http on localhost) from local client(on the same > sever). > Usually this request executes in less then 1 millisecond, but in this case > execution time is 130 milliseconds. > > From tcpdump I can conclude following: > 16:18:43.095716 - client sent request to nginx > 16:18:43.225903 - nginx sent request to upstream > 16:18:43.226178 - upstream replied to nginx > 16:18:43.226235 - nginx replied to client > > So request was processed by upstream in less then 1 millisecond, but it took > about 130 microseconds to read request from client and pass it to upstream. > I observe similar behavior both for fcgi upstreams and for static requests. > > Does anybody have similar problems? In which direction should I > investigate? Most likely, the reason for such delays is that all nginx workers were busy doing some other work. In particular, this may happen with disk-bound workloads due to blocking on disk. You may try looking into top(1) output for states of nginx worker processes, it usually makes things much clearer. Some additional reading: http://nginx.org/r/sendfile_max_chunk http://nginx.org/r/aio http://nginx.org/r/output_buffers -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Mon Aug 25 18:38:18 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 25 Aug 2014 22:38:18 +0400 Subject: Change client_body_timeout status code In-Reply-To: <11509161b79304cdfc2cf243c5927ca4.NginxMailingListEnglish@forum.nginx.org> References: <11509161b79304cdfc2cf243c5927ca4.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140825183818.GO1849@mdounin.ru> Hello! On Wed, Aug 13, 2014 at 10:37:10AM -0400, carles.sistare wrote: > Hi, > I'm using client_body_timeout which returns a 408 or 503 status code, not > sure. > The thing is that I need this to be intercepted, somehow, and to change this > status code to some ohter particular code. On client_body_timeout nginx will return 408. Much like any other error, it can be changed using the error_page directive, see http://nginx.org/r/error_page. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Mon Aug 25 20:51:42 2014 From: nginx-forum at nginx.us (tristanb) Date: Mon, 25 Aug 2014 16:51:42 -0400 Subject: Image serving via nginx are too slow, why ? Message-ID: Hello, Before posting, i've done a lot of google search, and i found other similar issue without any solutions. So, Why nginx is slow serving files in my case ? Part 1. The hardware Intel Xeon E5-1620v2 4c/8t 3,7 GHz 32 Go DDR3 ECC 1600MHz 3xSSD Intel 160Go 1 Gbps The load average is 0.13 I've been reproducing the "slow loading image effect" with all kind of traffic situation from 0 to a lot. I got 2 new servers load balanced, I disabled the 2nd server, and it had no effect at all. Part2. The software Nginx 1.6.1 PHP-FPM 5.5.16 Varnish 4, but the cache is disabled for all requests in the .vcl My nginx configuration can be found on this gist : https://gist.github.com/tristanbes/ade26d83ce154f7d2630 My nginx vhost can be found there : https://gist.github.com/tristanbes/f15e9269cf63b5a52340 You can "feel" the problem for example here: http://bentm.webfactional.com/ It's not my website, but I took it from a post describing the same problem. A 2 Mo PDF takes 8 sec to load on any connection internet (from 20Mbps @work to my personal fiber 1Gbps) http://i.imgur.com/cxYRm8c.png I'm sure I did tweaked too much without really knowing which side effect it could have. Can you help me on this please ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252816,252816#msg-252816 From dewanggaba at xtremenitro.org Tue Aug 26 01:12:18 2014 From: dewanggaba at xtremenitro.org (Dewangga) Date: Tue, 26 Aug 2014 08:12:18 +0700 Subject: Image serving via nginx are too slow, why ? In-Reply-To: References: Message-ID: <53FBDEF2.4030209@xtremenitro.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Did you try using aio? Try turn off sendfile and tcp_nopush also. Here is my patch http://fpaste.org/128456/40901547/raw/ On 8/26/2014 03:51, tristanb wrote: > Hello, > > Before posting, i've done a lot of google search, and i found other > similar issue without any solutions. So, Why nginx is slow serving > files in my case ? > > Part 1. The hardware > > Intel Xeon E5-1620v2 4c/8t 3,7 GHz 32 Go DDR3 ECC 1600MHz 3xSSD > Intel 160Go 1 Gbps > > The load average is 0.13 I've been reproducing the "slow loading > image effect" with all kind of traffic situation from 0 to a lot. I > got 2 new servers load balanced, I disabled the 2nd server, and it > had no effect at all. > > Part2. The software > > Nginx 1.6.1 PHP-FPM 5.5.16 Varnish 4, but the cache is disabled for > all requests in the .vcl > > My nginx configuration can be found on this gist : > https://gist.github.com/tristanbes/ade26d83ce154f7d2630 My nginx > vhost can be found there : > https://gist.github.com/tristanbes/f15e9269cf63b5a52340 > > You can "feel" the problem for example here: > http://bentm.webfactional.com/ > > It's not my website, but I took it from a post describing the same > problem. > > A 2 Mo PDF takes 8 sec to load on any connection internet (from > 20Mbps @work to my personal fiber 1Gbps) > http://i.imgur.com/cxYRm8c.png > > I'm sure I did tweaked too much without really knowing which side > effect it could have. Can you help me on this please ? > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,252816,252816#msg-252816 > > _______________________________________________ nginx mailing list > nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJT+97xAAoJEF1+odKB6YIx39YIAJKyIHFf7uGpj2j4vMYOqMZA BK3dY1IpLQXpJE8WJwghvLmrLguM8WffE2facAo4YZsxvGUIce1+3qFwsWaSqJXy 7RM1pwWs6hDw+LhzyJYdtPLt/xnbdGiXQAPyAKD8OE51U1EFskVkLILr+MwTahLS UeexniI5+yfLpGP4KEbg2fWu7WJh7wljAzvFwsgI2VqnleI7TQbUNVwylwzMmkd3 luODSyKcDIDW9aCN5Kh0U9DVIpx0nBJE+NyASZsBHgNxawRF8YdPtN9mI7b8Rvb2 DSO2fa8U4rKMwJDGRYA61xuq01AJigLUcgcRs5+hoNnmYpHNzVmEjWg34IbEwac= =l542 -----END PGP SIGNATURE----- From nginx-forum at nginx.us Tue Aug 26 08:03:21 2014 From: nginx-forum at nginx.us (tristanb) Date: Tue, 26 Aug 2014 04:03:21 -0400 Subject: Image serving via nginx are too slow, why ? In-Reply-To: <53FBDEF2.4030209@xtremenitro.org> References: <53FBDEF2.4030209@xtremenitro.org> Message-ID: <9f0aa1c3a131868df8bce415d60e5e73.NginxMailingListEnglish@forum.nginx.org> Thanks for your message, I applyed your patched, restarted varnish, nginx and php5-fpm and it's still the same. Browing with browser cache off feels like the image are downloaded and displayed in a "progressive way" because of the slowlyness. Another example too is this PDF of 3Mo who takes >3 minutes to display : http://goo.gl/og3xG5 Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252816,252820#msg-252820 From lucas at slcoding.com Tue Aug 26 08:15:42 2014 From: lucas at slcoding.com (Lucas Rolff) Date: Tue, 26 Aug 2014 10:15:42 +0200 Subject: Image serving via nginx are too slow, why ? In-Reply-To: <9f0aa1c3a131868df8bce415d60e5e73.NginxMailingListEnglish@forum.nginx.org> References: <53FBDEF2.4030209@xtremenitro.org> <9f0aa1c3a131868df8bce415d60e5e73.NginxMailingListEnglish@forum.nginx.org> Message-ID: <53FC422E.7020702@slcoding.com> Takes me 2.65 seconds to load the PDF with no caching. tristanb wrote: > Thanks for your message, > > I applyed your patched, restarted varnish, nginx and php5-fpm and it's still > the same. > Browing with browser cache off feels like the image are downloaded and > displayed in a "progressive way" because of the slowlyness. > > Another example too is this PDF of 3Mo who takes>3 minutes to display : > http://goo.gl/og3xG5 > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252816,252820#msg-252820 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Tue Aug 26 08:30:44 2014 From: nginx-forum at nginx.us (tristanb) Date: Tue, 26 Aug 2014 04:30:44 -0400 Subject: Image serving via nginx are too slow, why ? In-Reply-To: <53FC422E.7020702@slcoding.com> References: <53FC422E.7020702@slcoding.com> Message-ID: Damn, I tested this on 3 different connection from 3 different providers (all based in France though, where the server are) - 20mbps ADSL by Orange - 1Gbps fiber by Free - 50 Mbps fiber by SFR Where are you based, what are you connexion specs please ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252816,252822#msg-252822 From lucas at slcoding.com Tue Aug 26 08:39:03 2014 From: lucas at slcoding.com (Lucas Rolff) Date: Tue, 26 Aug 2014 10:39:03 +0200 Subject: Image serving via nginx are too slow, why ? In-Reply-To: References: <53FC422E.7020702@slcoding.com> Message-ID: <53FC47A7.2000905@slcoding.com> I've been testing from a 10 megabit connection in Netherlands, 100mbit connection in netherlands, 500 mbit connection in netherlands, 500mbit connection in France, 100mbit connection in france and a 250 megabit connection in france, a 20 megabit connection in UK. Can ask people from Denmark to do the same test. But seems rather fast for all connections I've tested from. - Lucas R tristanb wrote: > Damn, I tested this on 3 different connection from 3 different providers > (all based in France though, where the server are) > - 20mbps ADSL by Orange > - 1Gbps fiber by Free > - 50 Mbps fiber by SFR > > Where are you based, what are you connexion specs please ? > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252816,252822#msg-252822 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From devel at jasonwoods.me.uk Tue Aug 26 08:47:49 2014 From: devel at jasonwoods.me.uk (Jason Woods) Date: Tue, 26 Aug 2014 09:47:49 +0100 Subject: Bugfix: requests might hang if resolver was used [...] Message-ID: Hi, Where do I need to ask if a bug fix will be treated as major and ported to the 1.6 feature stable branch? Specifically, the following is having a significant impact for us, and makes using resolver extremely unstable with proxy_pass and variables. *) Bugfix: requests might hang if resolver was used and a DNS server returned a malformed response; the bug had appeared in 1.5.8. We're testing 1.7 mainline, but I would expect that due to existence and availability of 1.6, things like this would be fixed in that branch too, since it's still a "current" version? Thanks! Jason -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Aug 26 08:48:41 2014 From: nginx-forum at nginx.us (kay) Date: Tue, 26 Aug 2014 04:48:41 -0400 Subject: custom error pages for retun directive Message-ID: <5b100801f943b37889be4d94e6d06f27.NginxMailingListEnglish@forum.nginx.org> It is not possible to set custom error page. For example /usr/share/nginx/404.html contains "test": server { error_page 404 /404.html; if ($request_method = "GET") return 404; } location / { proxy_pass http://localhost:8080; } location /404.html { /usr/share/nginx/404.html; } } curl -v 127.0.0.1 * About to connect() to 127.0.0.1 port 80 (#0) * Trying 127.0.0.1... connected * Connected to 127.0.0.1 (127.0.0.1) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: 127.0.0.1 > Accept: */* > < HTTP/1.1 404 Not Found < Server: nginx < Date: Tue, 26 Aug 2014 08:45:26 GMT < Content-Type: text/html < Content-Length: 162 < Connection: keep-alive < Keep-Alive: timeout=20 < 404 Not Found

404 Not Found

nginx
* Connection #0 to host 127.0.0.1 left intact * Closing connection #0 But if I'll make rewrite rule: server { error_page 404 /404.html; if ($request_method = "GET") rewrite ^ /404.html last; } location / { proxy_pass http://localhost:8080; } location /404.html { /usr/share/nginx/404.html; } } I'll get: curl -v 127.0.0.1 * About to connect() to 127.0.0.1 port 80 (#0) * Trying 127.0.0.1... connected * Connected to 127.0.0.1 (127.0.0.1) port 80 (#0) > GET / HTTP/1.1 > User-Agent: curl/7.19.7 (x86_64-redhat-linux-gnu) libcurl/7.19.7 NSS/3.14.0.0 zlib/1.2.3 libidn/1.18 libssh2/1.4.2 > Host: 127.0.0.1 > Accept: */* > < HTTP/1.1 200 OK < Server: nginx < Date: Tue, 26 Aug 2014 08:46:25 GMT < Content-Type: text/html < Content-Length: 5 < Last-Modified: Tue, 26 Aug 2014 08:42:47 GMT < Connection: keep-alive < Keep-Alive: timeout=20 < ETag: "53fc4887-5" < Accept-Ranges: bytes < test * Connection #0 to host 127.0.0.1 left intact * Closing connection #0 But I'll get 200 OK. Is it possible to get cutsom 404 error page with 404 error code using "return 404" directive? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252825,252825#msg-252825 From nginx-forum at nginx.us Tue Aug 26 08:52:01 2014 From: nginx-forum at nginx.us (tristanb) Date: Tue, 26 Aug 2014 04:52:01 -0400 Subject: Image serving via nginx are too slow, why ? In-Reply-To: <53FC47A7.2000905@slcoding.com> References: <53FC47A7.2000905@slcoding.com> Message-ID: <876a94c5792815ddf7fce58c8523bbc7.NginxMailingListEnglish@forum.nginx.org> Thanks, you really helped me, i'm gonna call my hosting provider to figure it out. I'm glad the nginx is not the cause here ;-) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252816,252827#msg-252827 From nginx-forum at nginx.us Tue Aug 26 08:59:27 2014 From: nginx-forum at nginx.us (tristanb) Date: Tue, 26 Aug 2014 04:59:27 -0400 Subject: Image serving via nginx are too slow, why ? In-Reply-To: References: <53FC422E.7020702@slcoding.com> Message-ID: <99e1c1b7bb7c60423b61a062e0362c75.NginxMailingListEnglish@forum.nginx.org> A last thing, can you provide a traceroute please ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252816,252828#msg-252828 From lucas at slcoding.com Tue Aug 26 09:08:33 2014 From: lucas at slcoding.com (Lucas Rolff) Date: Tue, 26 Aug 2014 11:08:33 +0200 Subject: Image serving via nginx are too slow, why ? In-Reply-To: <99e1c1b7bb7c60423b61a062e0362c75.NginxMailingListEnglish@forum.nginx.org> References: <53FC422E.7020702@slcoding.com> <99e1c1b7bb7c60423b61a062e0362c75.NginxMailingListEnglish@forum.nginx.org> Message-ID: <53FC4E91.2020004@slcoding.com> NL example: mtr admin.yproximite.fr HOST: server1 Loss% Snt Last Avg Best Wrst StDev 1. hosted.by.leaseweb.com 0.0% 2 0.5 0.5 0.5 0.5 0.0 2. te0-7-0-3.hvc3.evo.leaseweb. 0.0% 2 0.7 0.7 0.6 0.7 0.1 3. ix-5-1-1-0.thar1.HNN-Amsterd 0.0% 2 0.3 0.3 0.3 0.3 0.0 4. if-10-2.tcore2.AV2-Amsterdam 0.0% 2 1.3 1.3 1.3 1.3 0.0 5. if-2-2.tcore1.AV2-Amsterdam. 0.0% 2 2.9 2.5 2.1 2.9 0.6 6. be3044.agr21.ams03.atlas.cog 0.0% 2 2.9 4.1 2.9 5.4 1.8 7. be2440.ccr42.ams03.atlas.cog 0.0% 2 2.0 4.8 2.0 7.5 3.9 8. be2266.ccr42.par01.atlas.cog 0.0% 2 11.3 12.5 11.3 13.8 1.7 9. be2309.ccr21.par04.atlas.cog 0.0% 2 11.5 11.5 11.5 11.5 0.0 10. 149.6.164.222 0.0% 2 13.6 13.7 13.6 13.8 0.1 11. dedibox-1-t.intf.routers.pro 0.0% 2 13.4 13.5 13.4 13.6 0.2 12. 49e-s46-1-a9k2.dc3.poneytele 0.0% 2 12.5 12.1 11.7 12.5 0.6 13. 88-190-234-137.rev.poneytele 0.0% 2 13.2 13.0 12.8 13.2 0.2 France: HOST: minecraft Loss% Snt Last Avg Best Wrst StDev 1. 5.135.139.252 0.0% 2 0.4 0.3 0.3 0.4 0.1 2. rbx-g1-a9.fr.eu 0.0% 2 6.7 3.8 0.9 6.7 4.1 3. th2-g1-a9.fr.eu 0.0% 2 4.5 4.5 4.5 4.5 0.0 4. ??? 100.0 2 0.0 0.0 0.0 0.0 0.0 5. ??? 100.0 2 0.0 0.0 0.0 0.0 0.0 6. cbv-crs8-1-be1005.routers.pr 0.0% 2 8.0 6.8 5.6 8.0 1.7 7. bzn-9k-4-be1005.intf.routers 0.0% 2 5.1 5.2 5.1 5.3 0.1 8. dedibox-2-t.intf.routers.pro 0.0% 2 5.5 5.3 5.1 5.5 0.3 9. 195.154.1.146 0.0% 2 5.2 5.2 5.2 5.2 0.0 10. 49e-s46-1-a9k2.dc3.poneytele 0.0% 2 5.1 5.1 5.1 5.1 0.0 11. 88-190-234-137.rev.poneytele 0.0% 2 4.8 4.8 4.8 4.8 0.0 NL2: HOST: Lucass-MacBook-Pro.local Loss% Snt Last Avg Best Wrst StDev 1.|-- 10.4.13.252 0.0% 2 1.0 1.2 1.0 1.4 0.3 2.|-- 87.255.57.222 0.0% 2 1.5 1.5 1.5 1.5 0.0 3.|-- adm-b4-link.telia.net 0.0% 2 1.2 1.3 1.2 1.4 0.2 4.|-- adm-bb4-link.telia.net 0.0% 2 1.3 1.4 1.3 1.4 0.1 5.|-- adm-b5-link.telia.net 0.0% 2 1.7 2.1 1.7 2.5 0.6 6.|-- cogent-ic-130765-adm-b3.c 0.0% 2 2.4 3.1 2.4 3.9 1.1 7.|-- be2312.ccr42.ams03.atlas. 0.0% 2 2.9 2.9 2.9 2.9 0.0 8.|-- be2266.ccr42.par01.atlas. 0.0% 2 12.1 12.1 12.1 12.1 0.0 9.|-- be2309.ccr21.par04.atlas. 0.0% 2 13.7 13.9 13.7 14.1 0.3 10.|-- 149.6.165.198 0.0% 2 12.1 12.2 12.1 12.2 0.0 11.|-- dedibox-1-t.intf.routers. 0.0% 2 14.4 13.6 12.7 14.4 1.2 12.|-- 49e-s46-1-a9k2.dc3.poneyt 0.0% 2 12.8 12.7 12.5 12.8 0.2 13.|-- 88-190-234-137.rev.poneyt 0.0% 2 12.2 12.3 12.2 12.4 0.1 NL3: HOST: api Loss% Snt Last Avg Best Wrst StDev 1. 82.196.14.1 0.0% 2 1.4 1.0 0.5 1.4 0.7 2. 83.231.213.61 0.0% 2 1.4 1.4 1.4 1.4 0.0 3. te0-7-0-3.agr21.ams03.atlas. 0.0% 2 0.9 1.0 0.9 1.1 0.2 4. be2434.ccr41.ams03.atlas.cog 0.0% 2 1.1 1.3 1.1 1.5 0.3 5. be2265.ccr41.par01.atlas.cog 0.0% 2 12.0 12.0 12.0 12.0 0.1 6. be2308.ccr21.par04.atlas.cog 0.0% 2 12.5 12.5 12.5 12.6 0.0 7. 149.6.165.214 0.0% 2 10.8 10.8 10.7 10.8 0.0 8. dedibox-1-t.intf.routers.pro 0.0% 2 12.6 12.6 12.6 12.7 0.0 9. 49e-s46-1-a9k2.dc3.poneytele 0.0% 2 11.3 11.3 11.3 11.3 0.1 10. 88-190-234-137.rev.poneytele 0.0% 2 12.3 12.3 12.3 12.3 0.0 tristanb wrote: > A last thing, can you provide a traceroute please ? > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252816,252828#msg-252828 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Tue Aug 26 09:23:43 2014 From: nginx-forum at nginx.us (tristanb) Date: Tue, 26 Aug 2014 05:23:43 -0400 Subject: Image serving via nginx are too slow, why ? In-Reply-To: <53FC4E91.2020004@slcoding.com> References: <53FC4E91.2020004@slcoding.com> Message-ID: <435fa6ce0037bd67e0a65a6b6f562983.NginxMailingListEnglish@forum.nginx.org> Thank you so much ;-) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252816,252831#msg-252831 From mdounin at mdounin.ru Tue Aug 26 11:59:43 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 26 Aug 2014 15:59:43 +0400 Subject: custom error pages for retun directive In-Reply-To: <5b100801f943b37889be4d94e6d06f27.NginxMailingListEnglish@forum.nginx.org> References: <5b100801f943b37889be4d94e6d06f27.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140826115943.GR1849@mdounin.ru> Hello! On Tue, Aug 26, 2014 at 04:48:41AM -0400, kay wrote: > It is not possible to set custom error page. For example > /usr/share/nginx/404.html contains "test": > > server { > error_page 404 /404.html; > > if ($request_method = "GET") > return 404; > } > > location / { > proxy_pass http://localhost:8080; > } > > location /404.html { > /usr/share/nginx/404.html; > } > } [...] > Is it possible to get cutsom 404 error page with 404 error code using > "return 404" directive? The request processing with the above configuration is as follows: - if (...) matches, 404 returned; - error_page redirects the request to /404.html; - if (...) again matches, 404 returned; - recursive_error_pages is off, so builtin 404 page is returned. As you can see, the problem is that "if (...)" specified at server level matches again after the redirect. To fix things, move the if into the "location /", it will prevent if from matching requests to /404.html: location / { if ($request_method = "GET") { return 404; } proxy_pass http://localhost:8080; } location = /404.html { # static file } -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Tue Aug 26 12:41:31 2014 From: nginx-forum at nginx.us (kay) Date: Tue, 26 Aug 2014 08:41:31 -0400 Subject: custom error pages for retun directive In-Reply-To: <20140826115943.GR1849@mdounin.ru> References: <20140826115943.GR1849@mdounin.ru> Message-ID: How can "if in location" influence productivity? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252825,252844#msg-252844 From maxim at nginx.com Tue Aug 26 13:18:26 2014 From: maxim at nginx.com (Maxim Konovalov) Date: Tue, 26 Aug 2014 17:18:26 +0400 Subject: Bugfix: requests might hang if resolver was used [...] In-Reply-To: References: Message-ID: <53FC8922.1030807@nginx.com> Hi Jason, On 8/26/14 12:47 PM, Jason Woods wrote: > Hi, > > Where do I need to ask if a bug fix will be treated as major and > ported to the 1.6 feature stable branch? > > Specifically, the following is having a significant impact for us, > and makes using resolver extremely unstable with proxy_pass and > variables. > > *) Bugfix: requests might hang if resolver was used and a DNS server > returned a malformed response; the bug had appeared in 1.5.8. > > We're testing 1.7 mainline, but I would expect that due to existence > and availability of 1.6, things like this would be fixed in that > branch too, since it's still a "current" version? > We are working now on the another bugfix in the nginx resolver code and will consider backporting these patches to 1.6.2 (ETA ~2 weeks). -- Maxim Konovalov http://nginx.com From mdounin at mdounin.ru Tue Aug 26 13:53:00 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 26 Aug 2014 17:53:00 +0400 Subject: custom error pages for retun directive In-Reply-To: References: <20140826115943.GR1849@mdounin.ru> Message-ID: <20140826135300.GW1849@mdounin.ru> Hello! On Tue, Aug 26, 2014 at 08:41:31AM -0400, kay wrote: > How can "if in location" influence productivity? There is no difference from performance point of view. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Tue Aug 26 16:50:08 2014 From: nginx-forum at nginx.us (c0nw0nk) Date: Tue, 26 Aug 2014 12:50:08 -0400 Subject: Nginx Windows | Keepalive timeouts location based Message-ID: I can't tell if this is working or not so i thought i would just ask and perhaps someone can inform me but with nginx keep alive timeouts can we set different timeout values per each location or file type being accessed ? Example : location ~ \.flv$ { flv; keepalive_timeout 60s; } location ~ \.mp4$ { keepalive_timeout 3600s; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252851,252851#msg-252851 From semenukha at gmail.com Tue Aug 26 16:58:02 2014 From: semenukha at gmail.com (Styopa Semenukha) Date: Tue, 26 Aug 2014 12:58:02 -0400 Subject: Nginx Windows | Keepalive timeouts location based In-Reply-To: References: Message-ID: <2509563.C4GagaQ5Qh@tornado> On Tuesday, August 26, 2014 12:50:08 PM c0nw0nk wrote: > I can't tell if this is working or not so i thought i would just ask and > perhaps someone can inform me but with nginx keep alive timeouts can we set > different timeout values per each location or file type being accessed ? > > Example : > location ~ \.flv$ { > flv; > keepalive_timeout 60s; > } > location ~ \.mp4$ { > keepalive_timeout 3600s; > } > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,252851,252851#msg-252851 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx Yes, we can: http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_timeout > Context: http, server, location -- Best regards, Styopa Semenukha. From nginx-forum at nginx.us Tue Aug 26 16:58:33 2014 From: nginx-forum at nginx.us (itpp2012) Date: Tue, 26 Aug 2014 12:58:33 -0400 Subject: Nginx Windows | Keepalive timeouts location based In-Reply-To: References: Message-ID: <8621b6ede2c9240b81e449a49b5b2267.NginxMailingListEnglish@forum.nginx.org> You should be able to test this with curl -k, see the curl manpage. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252851,252852#msg-252852 From mdounin at mdounin.ru Tue Aug 26 17:02:09 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 26 Aug 2014 21:02:09 +0400 Subject: Nginx Windows | Keepalive timeouts location based In-Reply-To: References: Message-ID: <20140826170209.GD1849@mdounin.ru> Hello! On Tue, Aug 26, 2014 at 12:50:08PM -0400, c0nw0nk wrote: > I can't tell if this is working or not so i thought i would just ask and > perhaps someone can inform me but with nginx keep alive timeouts can we set > different timeout values per each location or file type being accessed ? > > Example : > location ~ \.flv$ { > flv; > keepalive_timeout 60s; > } > location ~ \.mp4$ { > keepalive_timeout 3600s; > } Yes, this will work. The keepalive timer is set when nginx finishes processing of a request and switches the connection to the keepalive state. The request configurations determines the timeout value to be used. Most notably, this allows to disable keepalive after some specific requests. -- Maxim Dounin http://nginx.org/ From jon.clayton at rackspace.com Tue Aug 26 18:14:32 2014 From: jon.clayton at rackspace.com (Jon Clayton) Date: Tue, 26 Aug 2014 13:14:32 -0500 Subject: Help with 1.6.0-1~precise Message-ID: <53FCCE88.1060501@rackspace.com> I'm trying to troubleshoot an issue with existing servers vs new servers for one of my environments, and one of the only differences I've stumbled across is a version bump in nginx. Older servers are running 1.6.0-1~precise on Ubuntu 12.04 and newer builds are using 1.6.1-1~precise. I was hoping to downgrade one of the new nodes experiencing issues to 1.6.0-1~precise, but don't see it still available in your repository. Would it be possible to get a copy of the deb file that used to be present in your repos? I did attempt to grab the deb file from an existing server, but the cache has already been cleared so I don't have that available. Any help would be appreciated. -------------- next part -------------- An HTML attachment was scrubbed... URL: From chigga101 at gmail.com Tue Aug 26 21:40:28 2014 From: chigga101 at gmail.com (Matthew Ngaha) Date: Tue, 26 Aug 2014 22:40:28 +0100 Subject: Can't get https to work Message-ID: I'm trying Nginx with Django on my localhost. I "Include" a django.conf in my main nginx.conf and in this included conf the "server" "listens" for both http & https and sends either requests upstream to django. My browser reports this error: http://bpaste.net/show/855f9e401b7e Here's my django.conf http://bpaste.net/show/521d3f71495e Any ideas? From kyprizel at gmail.com Tue Aug 26 21:56:44 2014 From: kyprizel at gmail.com (kyprizel) Date: Wed, 27 Aug 2014 01:56:44 +0400 Subject: Can't get https to work In-Reply-To: References: Message-ID: Try to use 192.168.1.102:443. On Wed, Aug 27, 2014 at 1:40 AM, Matthew Ngaha wrote: > I'm trying Nginx with Django on my localhost. I "Include" a > django.conf in my main nginx.conf and in this included conf the > "server" "listens" for both http & https and sends either requests > upstream to django. My browser reports this error: > > http://bpaste.net/show/855f9e401b7e > > Here's my django.conf > > http://bpaste.net/show/521d3f71495e > > Any ideas? > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From chigga101 at gmail.com Tue Aug 26 22:29:37 2014 From: chigga101 at gmail.com (Matthew Ngaha) Date: Tue, 26 Aug 2014 23:29:37 +0100 Subject: Can't get https to work In-Reply-To: References: Message-ID: I feel really stupid now:( Thanks that fixed it. On Tue, Aug 26, 2014 at 10:56 PM, kyprizel wrote: > Try to use 192.168.1.102:443. > > > On Wed, Aug 27, 2014 at 1:40 AM, Matthew Ngaha wrote: >> >> I'm trying Nginx with Django on my localhost. I "Include" a >> django.conf in my main nginx.conf and in this included conf the >> "server" "listens" for both http & https and sends either requests >> upstream to django. My browser reports this error: >> >> http://bpaste.net/show/855f9e401b7e >> >> Here's my django.conf >> >> http://bpaste.net/show/521d3f71495e >> >> Any ideas? >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Wed Aug 27 03:01:58 2014 From: nginx-forum at nginx.us (kay) Date: Tue, 26 Aug 2014 23:01:58 -0400 Subject: custom error pages for retun directive In-Reply-To: <20140826135300.GW1849@mdounin.ru> References: <20140826135300.GW1849@mdounin.ru> Message-ID: <1e9ecd67be26ffee232ecc6de7532bbc.NginxMailingListEnglish@forum.nginx.org> Thanks! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252825,252880#msg-252880 From nginx-forum at nginx.us Wed Aug 27 12:01:31 2014 From: nginx-forum at nginx.us (nginxsantos) Date: Wed, 27 Aug 2014 08:01:31 -0400 Subject: Compression with Caching Message-ID: <704135653fae52d961b4a0d543d4c7c3.NginxMailingListEnglish@forum.nginx.org> How can use these two together. Suppose I got an uncompressed response from the backend/webserver. I want Nginx to compress the response before storing in the cache. Looks like Nginx is first storing the response in the cache and then doing a compression before sending the response to the client. How can we achieve this, any configuration? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252885,252885#msg-252885 From shahzaib.cb at gmail.com Wed Aug 27 12:21:44 2014 From: shahzaib.cb at gmail.com (shahzaib shahzaib) Date: Wed, 27 Aug 2014 17:21:44 +0500 Subject: Combining proxy_store and proxy_cache values !! Message-ID: Hi, I am using proxy_store on edge server to replicate mp4 files from origin server when user request for the video file. The reason i am not using proxy_cache is, when user seeks through the mp4 video,proxy_cache keeps on downloading whole video file with different Keys if multiple users accessing single video with different cache Keys i.e http://file.video.com?start=32 http://file.video.com?start=54 The problem with proxy_store is, its not much flexible as proxy_cache has different variables to adjust and most useful is proxy_cache_min_use. I need proxy_store to check for requested file and if file is requested first time it should be serve from origin server instead of downloading the whole file. Can i use some option like proxy_cache_min_use for proxy_store ? If not, is there some other way for it ? Regards. Shahzaib -------------- next part -------------- An HTML attachment was scrubbed... URL: From shahzaib.cb at gmail.com Wed Aug 27 15:48:19 2014 From: shahzaib.cb at gmail.com (shahzaib shahzaib) Date: Wed, 27 Aug 2014 20:48:19 +0500 Subject: zero size buf in output !! Message-ID: We're facing following error on edge server with nginx-1.6.1, using proxy_store on edge. 2014/08/27 20:35:05 [alert] 5701#0: *21244 zero size buf in output t:0 r:0 f:0 0000000002579840 0000000002579840-000000000257A840 0000000000000000 0-0 while sending to client, client: 119.160.118.123, server: storage4.content.com, request: "GET /files/videos/2013/06/30/137256108550d07-m.mp4 HTTP/1.1", upstream: " http://82.2.37.87:80/files/videos/2013/06/30/137256108550d07-m.mp4", host: " storage4.content.com" 2014/08/27 20:35:28 [alert] 5687#0: *26261 zero size buf in output t:0 r:0 f:0 0000000004F5F2D0 0000000004F5F2D0-0000000004F602D0 0000000000000000 0-0 while sending to client, client: 121.52.147.68, server: storage9.content.com, request: "GET /files/videos/2014/04/21/1398060531bb2e3-360.mp4 HTTP/1.1", upstream: " http://9.7.248.180:80/files/videos/2014/04/21/1398060531bb2e3-360.mp4", host: "storage9.content.com", referrer: " http://files.com/video/2618018/aashiqui-3-new-songs" nginx version: nginx/1.6.1 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --user=nginx --group=nginx --with-http_flv_module --with-http_mp4_module Regards. Shahzaib -------------- next part -------------- An HTML attachment was scrubbed... URL: From mohammad.dhedhi at droidcloud.mobi Wed Aug 27 16:51:08 2014 From: mohammad.dhedhi at droidcloud.mobi (Mohammad Dhedhi) Date: Wed, 27 Aug 2014 11:51:08 -0500 Subject: OCSP stapling for client certificates Message-ID: Hi, I was able to setup nignx with client certificate authentication and OCSP stapling. I however noticed that OCSP is used only for the nginx server ssl certificate. It does not use OCSP for validating client certificates to see if a client is using a revoked certificate or not. Is ssl_crl the only way to checked for revoked client certificates or can nginx be configured to use OCSP for client certificates ? Thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Wed Aug 27 16:55:54 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 27 Aug 2014 20:55:54 +0400 Subject: OCSP stapling for client certificates In-Reply-To: References: Message-ID: <20140827165554.GW1849@mdounin.ru> Hello! On Wed, Aug 27, 2014 at 11:51:08AM -0500, Mohammad Dhedhi wrote: > Hi, > > I was able to setup nignx with client certificate authentication and OCSP > stapling. I however noticed that OCSP is used only for the nginx server ssl > certificate. > > It does not use OCSP for validating client certificates to see if a client > is using a revoked certificate or not. Is ssl_crl the only way to checked > for revoked client certificates or can nginx be configured to use OCSP for > client certificates ? No, nginx doesn't support OCSP-based validation of client certificates, it only supports OCSP stapling. If you want to check revocation of client certificates, the only available option is to use ssl_crl. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Wed Aug 27 17:16:24 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 27 Aug 2014 21:16:24 +0400 Subject: zero size buf in output !! In-Reply-To: References: Message-ID: <20140827171624.GX1849@mdounin.ru> Hello! On Wed, Aug 27, 2014 at 08:48:19PM +0500, shahzaib shahzaib wrote: > We're facing following error on edge server with nginx-1.6.1, using > proxy_store on edge. > > 2014/08/27 20:35:05 [alert] 5701#0: *21244 zero size buf in output t:0 r:0 > f:0 0000000002579840 0000000002579840-000000000257A840 0000000000000000 0-0 > while sending to client, client: 119.160.118.123, server: > storage4.content.com, request: "GET > /files/videos/2013/06/30/137256108550d07-m.mp4 HTTP/1.1", upstream: " > http://82.2.37.87:80/files/videos/2013/06/30/137256108550d07-m.mp4", host: " > storage4.content.com" > 2014/08/27 20:35:28 [alert] 5687#0: *26261 zero size buf in output t:0 r:0 > f:0 0000000004F5F2D0 0000000004F5F2D0-0000000004F602D0 0000000000000000 0-0 > while sending to client, client: 121.52.147.68, server: storage9.content.com, > request: "GET /files/videos/2014/04/21/1398060531bb2e3-360.mp4 HTTP/1.1", > upstream: " > http://9.7.248.180:80/files/videos/2014/04/21/1398060531bb2e3-360.mp4", > host: "storage9.content.com", referrer: " > http://files.com/video/2618018/aashiqui-3-new-songs" > > nginx version: nginx/1.6.1 > built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) > configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx > --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log > --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid > --lock-path=/var/run/nginx.lock > --http-client-body-temp-path=/var/cache/nginx/client_temp > --http-proxy-temp-path=/var/cache/nginx/proxy_temp --user=nginx > --group=nginx --with-http_flv_module --with-http_mp4_module You may want to try 1.7.4 to see if it helps (there are some potentially related changes in nginx 1.7.3). If it doesn't, providing debug log may be helpful. See http://wiki.nginx.org/Debugging for more hints. -- Maxim Dounin http://nginx.org/ From arut at nginx.com Wed Aug 27 17:18:28 2014 From: arut at nginx.com (Roman Arutyunyan) Date: Wed, 27 Aug 2014 21:18:28 +0400 Subject: Combining proxy_store and proxy_cache values !! In-Reply-To: References: Message-ID: <0A75F685-AC85-44D7-9EE0-493528412800@nginx.com> Hi, On 27 Aug 2014, at 16:21, shahzaib shahzaib wrote: > Hi, > > I am using proxy_store on edge server to replicate mp4 files from origin server when user request for the video file. The reason i am not using proxy_cache is, when user seeks through the mp4 video,proxy_cache keeps on downloading whole video file with different Keys if multiple users accessing single video with different cache Keys i.e > > http://file.video.com?start=32 > http://file.video.com?start=54 The mp4 module does not work with the nginx cache. You can either proxy the mp4 module output from the backend or serve the entire cached mp4 file without using the mp4 module. > The problem with proxy_store is, its not much flexible as proxy_cache has different variables to adjust and most useful is proxy_cache_min_use. > > I need proxy_store to check for requested file and if file is requested first time it should be serve from origin server instead of downloading the whole file. Can i use some option like proxy_cache_min_use for proxy_store ? If not, is there some other way for it ? ` When you use proxy_cache_min_uses an empty cache entry is created in memory which holds the counter. With proxy_store there?s nothing like that. Nginx just saves the input to a file. It looks like there?s no easy way to do what you want. From vbart at nginx.com Wed Aug 27 17:24:02 2014 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 27 Aug 2014 21:24:02 +0400 Subject: aio breaks spdy In-Reply-To: <53EFD55E.2090000@kearsley.me> References: <53EE8B9B.7060000@kearsley.me> <14227867.1dCWV3hn2G@vbart-laptop> <53EFD55E.2090000@kearsley.me> Message-ID: <2363351.UNhHK8slJp@vbart-workstation> On Sunday 17 August 2014 00:04:14 Richard Kearsley wrote: > Hi > > Tested 1.6.1 and 1.7.4 > Speed is back to normal > Thank you for testing. The fix was committed: http://hg.nginx.org/nginx/rev/11790b461a6f and likely will be released with 1.7.5. wbr, Valentin V. Bartenev From nginx-forum at nginx.us Wed Aug 27 17:37:44 2014 From: nginx-forum at nginx.us (ricardo.ekm) Date: Wed, 27 Aug 2014 13:37:44 -0400 Subject: Error when configuring reverse proxy to HTTPs Message-ID: Hi All, I'm trying to configure a reverse proxy in Nginx, which receives a HTTP request and call a HTTPS URL. When we change the config to call a HTTP it works fine, however it doesn't work with HTTPS. The http_ssl_module is installed. Here is the error: Invalid URL

Invalid URL

The requested URL "/buy-later/buy-later/?customerId=123123", is invalid.

Reference #9.9cd8f648.1409160431.4f0536 References: Message-ID: <53FE24B0.8000207@kearsley.me> Hi The error you supplied appears to be coming from the backend itself so the proxy_pass is actually working Check with your backend logs to find out if the url requested is not what you expected.. and why the url is invalid Richard On 27/08/14 18:37, ricardo.ekm wrote: > Hi All, > I'm trying to configure a reverse proxy in Nginx, which receives a HTTP > request and call a HTTPS URL. When we change the config to call a HTTP it > works fine, however it doesn't work with HTTPS. The http_ssl_module is > installed. > > Here is the error: > > Invalid URL > >

Invalid URL

> The requested URL > "/buy-later/buy-later/?customerId=123123", is > invalid.

> Reference #9.9cd8f648.1409160431.4f0536 > > Here goes the current version: > nginx version: nginx/1.4.6 (Ubuntu) > built by gcc 4.8.2 (Ubuntu 4.8.2-16ubuntu6) > TLS SNI support enabled > configure arguments: --with-cc-opt='-g -O2 -fstack-protector > --param=ssp-buffer-size=4 -Wformat -Werror=format-security > -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro' > --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf > --http-log-path=/var/log/nginx/access.log > --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock > --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body > --http-fastcgi-temp-path=/var/lib/nginx/fastcgi > --http-proxy-temp-path=/var/lib/nginx/proxy > --http-scgi-temp-path=/var/lib/nginx/scgi > --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit > --with-ipv6 --with-http_ssl_module --with-http_stub_status_module > --with-http_realip_module --with-http_addition_module --with-http_dav_module > --with-http_geoip_module --with-http_gzip_static_module > --with-http_image_filter_module --with-http_spdy_module > --with-http_sub_module --with-http_xslt_module --with-mail > --with-mail_ssl_module > > > Here goes the config: > server { > listen 80; > server_name localhost; > > location /api/v1/buy-later { > proxy_pass https://checkout.mysite.com.br/buy-later/buy-later; > proxy_set_header Host $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-for $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto $scheme; > proxy_set_header User-Agent $http_user_agent; > } > } > > Any help is appreciated. Thanks! > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252902,252902#msg-252902 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Wed Aug 27 18:39:19 2014 From: nginx-forum at nginx.us (c0nw0nk) Date: Wed, 27 Aug 2014 14:39:19 -0400 Subject: [ANN] Windows nginx 1.7.5.2 WhiteRabbit In-Reply-To: <6c7e6f606fb58aa793dff367aa3ff9b6.NginxMailingListEnglish@forum.nginx.org> References: <6c7e6f606fb58aa793dff367aa3ff9b6.NginxMailingListEnglish@forum.nginx.org> Message-ID: <3bb2d237ca9a46e97e40f845cadfe68d.NginxMailingListEnglish@forum.nginx.org> itpp2012 can you compile your Nginx with Perl i have a few .pl scripts i cant run because of the missing perl module :( Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252707,252906#msg-252906 From nginx-forum at nginx.us Wed Aug 27 19:22:39 2014 From: nginx-forum at nginx.us (itpp2012) Date: Wed, 27 Aug 2014 15:22:39 -0400 Subject: [ANN] Windows nginx 1.7.5.2 WhiteRabbit In-Reply-To: <3bb2d237ca9a46e97e40f845cadfe68d.NginxMailingListEnglish@forum.nginx.org> References: <6c7e6f606fb58aa793dff367aa3ff9b6.NginxMailingListEnglish@forum.nginx.org> <3bb2d237ca9a46e97e40f845cadfe68d.NginxMailingListEnglish@forum.nginx.org> Message-ID: <29a3777e0857573c42efa51413963f6c.NginxMailingListEnglish@forum.nginx.org> To be short, no, use Lua, its not that difficult to convert to Lua (and make it non-blocking). There is a fastcgi shell for perl out there from 2002 which needs to be rewritten for todays demands, when thats done you can run perl just like php(cgi). Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252707,252907#msg-252907 From nginx-forum at nginx.us Wed Aug 27 19:30:32 2014 From: nginx-forum at nginx.us (ricardo.ekm) Date: Wed, 27 Aug 2014 15:30:32 -0400 Subject: Error when configuring reverse proxy to HTTPs In-Reply-To: <53FE24B0.8000207@kearsley.me> References: <53FE24B0.8000207@kearsley.me> Message-ID: <37feb4a5c39d633b3288d74d866d93dd.NginxMailingListEnglish@forum.nginx.org> Yes, you're right. The problem was in the backend. We fixed it up and it worked. Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252902,252908#msg-252908 From nginx-forum at nginx.us Wed Aug 27 19:37:17 2014 From: nginx-forum at nginx.us (c0nw0nk) Date: Wed, 27 Aug 2014 15:37:17 -0400 Subject: [ANN] Windows nginx 1.7.5.2 WhiteRabbit In-Reply-To: <29a3777e0857573c42efa51413963f6c.NginxMailingListEnglish@forum.nginx.org> References: <6c7e6f606fb58aa793dff367aa3ff9b6.NginxMailingListEnglish@forum.nginx.org> <3bb2d237ca9a46e97e40f845cadfe68d.NginxMailingListEnglish@forum.nginx.org> <29a3777e0857573c42efa51413963f6c.NginxMailingListEnglish@forum.nginx.org> Message-ID: <3123fd1480fee4af1b2cf8ad04176e20.NginxMailingListEnglish@forum.nginx.org> Yeah i was looking for that script but could not find it. But if converting to lua is easy please elaborate and share how i can convert the following to a lua script. http://documentation.hwdmediashare.co.uk/w/images/6/66/Ubr_upload-2.1.5.zip Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252707,252909#msg-252909 From nginx-forum at nginx.us Wed Aug 27 19:55:50 2014 From: nginx-forum at nginx.us (itpp2012) Date: Wed, 27 Aug 2014 15:55:50 -0400 Subject: [ANN] Windows nginx 1.7.5.2 WhiteRabbit In-Reply-To: <3123fd1480fee4af1b2cf8ad04176e20.NginxMailingListEnglish@forum.nginx.org> References: <6c7e6f606fb58aa793dff367aa3ff9b6.NginxMailingListEnglish@forum.nginx.org> <3bb2d237ca9a46e97e40f845cadfe68d.NginxMailingListEnglish@forum.nginx.org> <29a3777e0857573c42efa51413963f6c.NginxMailingListEnglish@forum.nginx.org> <3123fd1480fee4af1b2cf8ad04176e20.NginxMailingListEnglish@forum.nginx.org> Message-ID: <1fbd3ecd253a500b015733bf3ca7a6b4.NginxMailingListEnglish@forum.nginx.org> Try google and learn Lua, otherwise open a new topic maybe someone can assist you. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252707,252910#msg-252910 From al-nginx at none.at Thu Aug 28 10:30:47 2014 From: al-nginx at none.at (Aleksandar Lazic) Date: Thu, 28 Aug 2014 12:30:47 +0200 Subject: [ANN] Windows nginx 1.7.5.2 WhiteRabbit In-Reply-To: <3123fd1480fee4af1b2cf8ad04176e20.NginxMailingListEnglish@forum.nginx.org> References: <6c7e6f606fb58aa793dff367aa3ff9b6.NginxMailingListEnglish@forum.nginx.org> <3bb2d237ca9a46e97e40f845cadfe68d.NginxMailingListEnglish@forum.nginx.org> <29a3777e0857573c42efa51413963f6c.NginxMailingListEnglish@forum.nginx.org> <3123fd1480fee4af1b2cf8ad04176e20.NginxMailingListEnglish@forum.nginx.org> Message-ID: <62cca7d33033125223730b68bbe2f799@none.at> Am 27-08-2014 21:37, schrieb c0nw0nk: > Yeah i was looking for that script but could not find it. But if > converting > to lua is easy please elaborate and share how i can convert the > following to > a lua script. > > http://documentation.hwdmediashare.co.uk/w/images/6/66/Ubr_upload-2.1.5.zip This isn't the authors file, isn't it? How about to get the version from author http://uber-uploader.sourceforge.net/ Maybe he have already ported his script to another language ;-) Cheers al From nginx-forum at nginx.us Thu Aug 28 17:50:23 2014 From: nginx-forum at nginx.us (mehtad) Date: Thu, 28 Aug 2014 13:50:23 -0400 Subject: upstream sent invalid chunked response In-Reply-To: <20140224110454.GR33573@mdounin.ru> References: <20140224110454.GR33573@mdounin.ru> Message-ID: <1d253c2027492733328e2ed70d325c1d.NginxMailingListEnglish@forum.nginx.org> Did you happen to find any solutions for this? We are experiencing the same issue. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,247883,252933#msg-252933 From nginx-forum at nginx.us Fri Aug 29 14:08:57 2014 From: nginx-forum at nginx.us (manish-ezest) Date: Fri, 29 Aug 2014 10:08:57 -0400 Subject: NGINX redirection issue In-Reply-To: <20140810011055.GD1849@mdounin.ru> References: <20140810011055.GD1849@mdounin.ru> Message-ID: Hello Maxim, I tried enabling debug mode but still I am not able to figure out the issue and its possible solutions. I disabled this rewrites which are rewriting to index.html ## Rewrite all directory lookups to 'index.html' #rewrite ^(.*)/$ $1/index.html permanent; ## Rewrite all open strings to index.html #rewrite ^(.*)/([^\.\?/]+)$ $1/$2/index.html permanent; and added this one as you suggested but now it is going to www.google.com(very strange) location / { index index.html; try_files $uri.html $uri/ =404; } Error Log Content 2014/08/29 09:40:28 [error] 935#0: *64 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 11.11.11.11, server: www.aaa.com, request: "GET /favicon.ico HTTP/1.1", upstream: "fastcgi://127.0.0.1:8999", host: "www.aaa.com" 2014/08/29 09:40:38 [error] 935#0: *64 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 11.11.11.11, server: www.aaa.com, request: "GET /favicon.ico HTTP/1.1", upstream: "fastcgi://127.0.0.1:8999", host: "www.aaa.com" 2014/08/29 09:40:48 [error] 935#0: *64 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 11.11.11.11, server: www.aaa.com, request: "GET /favicon.ico HTTP/1.1", upstream: "fastcgi://127.0.0.1:8999", host: "www.aaa.com" 2014/08/29 09:40:58 [error] 935#0: *64 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 11.11.11.11, server: www.aaa.com, request: "GET /favicon.ico HTTP/1.1", upstream: "fastcgi://127.0.0.1:8999", host: "www.aaa.com" 2014/08/29 09:41:08 [error] 935#0: *64 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 11.11.11.11, server: www.aaa.com, request: "GET /favicon.ico HTTP/1.1", upstream: "fastcgi://127.0.0.1:8999", host: "www.aaa.com" 2014/08/29 09:44:15 [error] 957#0: *73 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 11.11.11.11, server: www.aaa.com, request: "GET /images/icons/product/chrome-48.png HTTP/1.1", upstream: "fastcgi://127.0.0.1:8999", host: "www.aaa.com", referrer: "http://www.aaa.com/bbb/ccc/index.html" 2014/08/29 09:44:15 [error] 957#0: *74 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 11.11.11.11, server: www.aaa.com, request: "GET /images/srpr/logo9w.png HTTP/1.1", upstream: "fastcgi://127.0.0.1:8999", host: "www.aaa.com", referrer: "http://www.aaa.com/bbb/ccc/index.html" 2014/08/29 09:44:15 [error] 957#0: *75 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 11.11.11.11, server: www.aaa.com, request: "GET /xjs/_/js/k=xjs.hp.en_US.QgXXqNe9H8s.O/m=sb_he,pcc/rt=j/d=1/t=zcms/rs=AItRSTMZ4gjPthsSL3eRaZarMVJV0YA7aQ HTTP/1.1", upstream: "fastcgi://127.0.0.1:8999", host: "www.aaa.com", referrer: "http://www.aaa.com/bbb/ccc/index.html" 2014/08/29 09:44:15 [error] 957#0: *76 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 11.11.11.11, server: www.aaa.com, request: "GET /images/srpr/nav_logo80.png HTTP/1.1", upstream: "fastcgi://127.0.0.1:8999", host: "www.aaa.com", referrer: "http://www.aaa.com/bbb/ccc/index.html" Access Log Content 11.11.11.11 - - [29/Aug/2014:09:44:32 +0200]"GET /images/icons/product/chrome-48.png HTTP/1.1" 499 0 "http://www.aaa.com/bbb/ccc/index.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" 26.375 11.11.11.11 - - [29/Aug/2014:09:44:32 +0200]"GET /images/srpr/logo9w.png HTTP/1.1" 499 0 "http://www.aaa.com/bbb/ccc/index.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" 26.221 11.11.11.11 - - [29/Aug/2014:09:44:32 +0200]"GET /xjs/_/js/k=xjs.hp.en_US.QgXXqNe9H8s.O/m=sb_he,pcc/rt=j/d=1/t=zcms/rs=AItRSTMZ4gjPthsSL3eRaZarMVJV0YA7aQ HTTP/1.1" 499 0 "http://www.aaa.com/bbb/ccc/index.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" 26.222 11.11.11.11 - - [29/Aug/2014:09:44:32 +0200]"GET /images/srpr/nav_logo80.png HTTP/1.1" 499 0 "http://www.aaa.com/bbb/ccc/index.html" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.143 Safari/537.36" 26.222 Regards, Manish Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252379,252939#msg-252939 From nginx-forum at nginx.us Fri Aug 29 15:55:08 2014 From: nginx-forum at nginx.us (gthb) Date: Fri, 29 Aug 2014 11:55:08 -0400 Subject: Hide a request cookie in proxy_pass Message-ID: <0b4aedbcadab6b1a782a0e98ea60851b.NginxMailingListEnglish@forum.nginx.org> Hi, is it possible to hide one request cookie (but not all, so proxy_set_header Cookie "" is not the way) when proxying to an upstream server? The use case is: * website foo.com uses a hosted service on a subdomain, e.g. blog.foo.com hosted by Wordpress.com * horror: MSIE will send all foo.com cookies to the subdomain too, leaking sessions (not just to Wordpress.com but to everyone because blog.foo.com does not support HTTPS), and there's no way to tell it not to * proposed workaround: serve blog.foo.com yourself, using Nginx, HTTPS-only, proxying to the hosted service (as foo.wordpress.com, which does support HTTPS), and stripping out the parent-domain request cookies Is there a way to do this with Nginx? A way to rewrite the Cookie header to strip out selected cookies? Or is the only way out of this to avoid the subdomain cookie situation altogether, either by running www.foo.com instead of foo.com, or by abandoning the subdomain and using e.g. foo.com/blog/ instead? Thanks, Gulli Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252944,252944#msg-252944 From nginx-forum at nginx.us Fri Aug 29 17:21:57 2014 From: nginx-forum at nginx.us (double) Date: Fri, 29 Aug 2014 13:21:57 -0400 Subject: patch for mp4_limit_rate + mp4_limit_rate_after Message-ID: <8d51b85b313c93aaefe6c80767af3355.NginxMailingListEnglish@forum.nginx.org> This patch adds two features: mp4_limit_rate 1.1; # multiplied by average bitrage mp4_limit_rate_after 15s; # time http://doppelbauer.name/nginx-1.6.1-mp4_limit_rate.patch Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252946,252946#msg-252946 From mdounin at mdounin.ru Fri Aug 29 17:27:25 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 29 Aug 2014 21:27:25 +0400 Subject: Hide a request cookie in proxy_pass In-Reply-To: <0b4aedbcadab6b1a782a0e98ea60851b.NginxMailingListEnglish@forum.nginx.org> References: <0b4aedbcadab6b1a782a0e98ea60851b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140829172725.GQ1849@mdounin.ru> Hello! On Fri, Aug 29, 2014 at 11:55:08AM -0400, gthb wrote: > Hi, > > is it possible to hide one request cookie (but not all, so proxy_set_header > Cookie "" is not the way) when proxying to an upstream server? > > The use case is: > > * website foo.com uses a hosted service on a subdomain, e.g. blog.foo.com > hosted by Wordpress.com > > * horror: MSIE will send all foo.com cookies to the subdomain too, leaking > sessions (not just to Wordpress.com but to everyone because blog.foo.com > does not support HTTPS), and there's no way to tell it not to > > * proposed workaround: serve blog.foo.com yourself, using Nginx, HTTPS-only, > proxying to the hosted service (as foo.wordpress.com, which does support > HTTPS), and stripping out the parent-domain request cookies > > Is there a way to do this with Nginx? A way to rewrite the Cookie header to > strip out selected cookies? With proxy_set_header you can change the header to any value, including one with a particular cookie removed. The tricky part is to construct new value for the original header. Something like this should work: set $new_cookie $http_cookie; if ($http_cookie ~ "(.*)(?:^|;)\s*secret=[^;]+(.*)") { set $new_cookie $1$2; } proxy_pset_header Cookie $new_cookie; (Note that the above is completely untested.) -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Fri Aug 29 18:07:05 2014 From: nginx-forum at nginx.us (lspasam) Date: Fri, 29 Aug 2014 14:07:05 -0400 Subject: proxy_connect_timeout maximum Message-ID: <6b1d74f58a49f84dc5a44c2f4d68035b.NginxMailingListEnglish@forum.nginx.org> Hello, I am receiving "upstream timed out (110: Connection timed out) while connecting to upstream, client" errors. They are comet calls and I wonder if increasing the proxy_connect_timeout will help. i have increased proxy_send_timeout and proxy_read_timeout to 6000 and have turned off proxy_buffering. The docs say that the proxy_connect_timeout cannot "usually" exceed 75s. All my searches regarding nginx and comet return config files that have proxy_connect_timeout values exceeding 75s. Is there a max value for this? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252948,252948#msg-252948 From nginx-forum at nginx.us Sat Aug 30 00:21:31 2014 From: nginx-forum at nginx.us (nginxfanboy) Date: Fri, 29 Aug 2014 20:21:31 -0400 Subject: Nginx using with https :( Message-ID: <0a3f55687ff469041db98c57dd3e049d.NginxMailingListEnglish@forum.nginx.org> When i open my Website with https:// I become a Download with a Binary file :-( In the Binary File is my Website xD. The Certificate are accept by my Browser but it don't work. Also I become a 404 Message and a Download >.< My /etc/nginx/nginx.conf http://paste.debian.net/118297/ I'm using Debian Wheezy http://www11.pic-upload.de/30.08.14/1w933omc9zru.png http://www11.pic-upload.de/30.08.14/94uw6r6b3rn.png Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252951,252951#msg-252951 From dewanggaba at xtremenitro.org Sat Aug 30 00:24:49 2014 From: dewanggaba at xtremenitro.org (Dewangga) Date: Sat, 30 Aug 2014 07:24:49 +0700 Subject: Nginx using with https :( In-Reply-To: <0a3f55687ff469041db98c57dd3e049d.NginxMailingListEnglish@forum.nginx.org> References: <0a3f55687ff469041db98c57dd3e049d.NginxMailingListEnglish@forum.nginx.org> Message-ID: <540119D1.6080906@xtremenitro.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Your configuration looks like uncomplete, are you using fpm or httpd as reverse proxy? This line shows your php was un-processed. ... snip ... location / { root /usr/share/nginx/www; index index.php index.html; } ... snip ... On 8/30/2014 07:21, nginxfanboy wrote: > When i open my Website with https:// I become a Download with a > Binary file :-( In the Binary File is my Website xD. The > Certificate are accept by my Browser but it don't work. Also I > become a 404 Message and a Download >.< My /etc/nginx/nginx.conf > http://paste.debian.net/118297/ I'm using Debian Wheezy > > http://www11.pic-upload.de/30.08.14/1w933omc9zru.png > http://www11.pic-upload.de/30.08.14/94uw6r6b3rn.png > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,252951,252951#msg-252951 > > _______________________________________________ nginx mailing list > nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJUARnQAAoJEF1+odKB6YIx9OoH/j/uaTd/xH0xyCav5ueoxCNR oM72371K9uBYmN25cyOVSKiMwaXe8wXh6k6jURCzJ36pEET6aH97LsV6xh1bozCH f+ZgjylPn1GPUsLpgKdk6vlXim39IFWqF0q0Y0zNJe6BQ/Ac/a0uLG04NpZ3wh2g 6h8iKgCvB8LncSkRSUUH4vCFxuPGQvx6BAz7Gk0UIfAzaw2deQfeEJLnIT/Sexha mv4ghbxUoZXTJfj9jXY1JloRmFjm9TdoHiEa3oYHNSwjYfKkvW6q+WrRGx79+F9y 2KbLWpX1xKfaTBQ/Gi/RP6T2tssvLNE7wILwrRpCbdcwyhrv2gnChpVC+JsNaoc= =ULPE -----END PGP SIGNATURE----- From nginx-forum at nginx.us Sat Aug 30 01:39:46 2014 From: nginx-forum at nginx.us (nginxfanboy) Date: Fri, 29 Aug 2014 21:39:46 -0400 Subject: Nginx using with https :( In-Reply-To: <540119D1.6080906@xtremenitro.org> References: <540119D1.6080906@xtremenitro.org> Message-ID: <972552f923090c0c85d69bc925edfd7b.NginxMailingListEnglish@forum.nginx.org> I'm using FPM and it works with my normal Config. See here :) http://paste.debian.net/118317/ http://image-upload.de/image/IwopSE/779b6e16ae.png I believe it's work because of the insanity of my two config files xD. /etc/nginx/sites-available/defaulthttp://paste.debian.net/118318/ or /etc/nginx/sites-enabled/default http://paste.debian.net/118319/ Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252951,252953#msg-252953 From dewanggaba at xtremenitro.org Sat Aug 30 02:10:40 2014 From: dewanggaba at xtremenitro.org (Dewangga) Date: Sat, 30 Aug 2014 09:10:40 +0700 Subject: Nginx using with https :( In-Reply-To: <972552f923090c0c85d69bc925edfd7b.NginxMailingListEnglish@forum.nginx.org> References: <540119D1.6080906@xtremenitro.org> <972552f923090c0c85d69bc925edfd7b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <540132A0.3000308@xtremenitro.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Yes of course your http configuration works fine because of this configuration : location ~ .php$ { fastcgi_split_path_info ^(.+.php)(/.+)$; # fastcgi_pass 127.0.0.1:9000; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; include fastcgi_params; } from your /etc/nginx/sites-enabled/default, or you can try this patch http://paste.fedoraproject.org/129733/64596140/raw/ On 8/30/2014 08:39, nginxfanboy wrote: > I'm using FPM and it works with my normal Config. See here :) > > http://paste.debian.net/118317/ > > http://image-upload.de/image/IwopSE/779b6e16ae.png > > I believe it's work because of the insanity of my two config files > xD. > > /etc/nginx/sites-available/defaulthttp://paste.debian.net/118318/ > > or > > /etc/nginx/sites-enabled/default http://paste.debian.net/118319/ > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,252951,252953#msg-252953 > > _______________________________________________ nginx mailing list > nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJUATKgAAoJEF1+odKB6YIxpZcH/AslpCVrtG1jMO1/7KhzS/zc ENn+PmITqrF5PAjhU0ppan2503hvQcY2hR5lncd50fSJYoIpQYaUxt+odTWPhIbF 9A5yWGIZrfTkCvB0DwTXYtMAAtR4n5KFDDeRVlbg3GfJlljc93Y6fOz7+3+1noLg VyQObIq6EXmXs6cMNq4Ewvie78usPwaOWPRl8nJG47z+B3vkzt49v5r13QmNyEa2 hCK+p9doIlX/lBcVwDZCp+1ukKedgj61H4IDd49BdNKlzUCaCNHHyzo9hBAmJ1vF 3pDZ3ie06UgazoTkhX8WfjbBGN43qCpz8XE376RvKmN9YBmDoOaEuFGvMBaQfZY= =dJL1 -----END PGP SIGNATURE----- From nginx-forum at nginx.us Sat Aug 30 02:57:20 2014 From: nginx-forum at nginx.us (nginxfanboy) Date: Fri, 29 Aug 2014 22:57:20 -0400 Subject: Nginx using with https :( In-Reply-To: <0a3f55687ff469041db98c57dd3e049d.NginxMailingListEnglish@forum.nginx.org> References: <0a3f55687ff469041db98c57dd3e049d.NginxMailingListEnglish@forum.nginx.org> Message-ID: So now i have one config file with Content. /etc/nginx/nginx.conf http://paste.debian.net/118297/ Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252951,252955#msg-252955 From dewanggaba at xtremenitro.org Sat Aug 30 03:01:53 2014 From: dewanggaba at xtremenitro.org (Dewangga) Date: Sat, 30 Aug 2014 10:01:53 +0700 Subject: Nginx using with https :( In-Reply-To: References: <0a3f55687ff469041db98c57dd3e049d.NginxMailingListEnglish@forum.nginx.org> Message-ID: <54013EA1.9090700@xtremenitro.org> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Did you try my patch? On 8/30/2014 09:57, nginxfanboy wrote: > So now i have one config file with Content. /etc/nginx/nginx.conf > > http://paste.debian.net/118297/ > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,252951,252955#msg-252955 > > _______________________________________________ nginx mailing list > nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx > -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iQEcBAEBAgAGBQJUAT6gAAoJEF1+odKB6YIxufoH/3VlSM06s9EdI7ExoE1zvZLd Onqv8BJa2oUbVWbe3q/ggCgszKyJfbdfHYVCwyo+uQ2C+w66XDLjNJ+AqBSOAlFP OuIcBsc8FF2le093e45MvcaiSoMgM7sQDcwHDZK7t6mSWueM4RSRbMe4xYLMF5rO 11A1DGEUvIIh4PIwaZ7k/7c+ROOILREc+qWMKcHzlYJ8hP97laS94UwnaYvI06x+ lnrd53MmGld9KfIe3y2XXRScxvSI1ptyelKtwq0mzFas3keiC5NbRTRIultpeY+I LxGuqO/MPOEvc8uPvM0hdZZXmnz9gLH9vAgeraCNu5BemZ8TJoTv0/+b8FHcXrI= =NM3+ -----END PGP SIGNATURE----- From nginx-forum at nginx.us Sat Aug 30 16:25:46 2014 From: nginx-forum at nginx.us (nginxfanboy) Date: Sat, 30 Aug 2014 12:25:46 -0400 Subject: Nginx using with https :( In-Reply-To: <54013EA1.9090700@xtremenitro.org> References: <54013EA1.9090700@xtremenitro.org> Message-ID: With your config i become this message by a restart :( root at cseipel:/etc/nginx# service nginx restart Restarting nginx: nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/nginx.conf:72 nginx: configuration file /etc/nginx/nginx.conf test failed Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252951,252960#msg-252960 From miguelmclara at gmail.com Sat Aug 30 18:06:50 2014 From: miguelmclara at gmail.com (Miguel Clara) Date: Sat, 30 Aug 2014 19:06:50 +0100 Subject: Nginx using with https :( In-Reply-To: References: <54013EA1.9090700@xtremenitro.org> Message-ID: You have a duplicated ssl_certificate directive as the message says... and it even states the line "72" I was reading back on the thread and I wonder if you applied the patch correctly... can you re-paste the config? Melhores Cumprimentos // Best Regards ----------------------------------------------- *Miguel Clara* *IT - Sys Admin & Developer* *E-mail: *miguelmclara at gmail.com www.linkedin.com/in/miguelmclara/ On Sat, Aug 30, 2014 at 5:25 PM, nginxfanboy wrote: > With your config i become this message by a restart :( > > root at cseipel:/etc/nginx# service nginx restart > Restarting nginx: nginx: [emerg] "ssl_certificate" directive is duplicate > in > /etc/nginx/nginx.conf:72 > nginx: configuration file /etc/nginx/nginx.conf test failed > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,252951,252960#msg-252960 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: linkedin.png Type: image/png Size: 655 bytes Desc: not available URL: From nginx-forum at nginx.us Sun Aug 31 01:08:09 2014 From: nginx-forum at nginx.us (nginxfanboy) Date: Sat, 30 Aug 2014 21:08:09 -0400 Subject: Nginx using with https :( In-Reply-To: <0a3f55687ff469041db98c57dd3e049d.NginxMailingListEnglish@forum.nginx.org> References: <0a3f55687ff469041db98c57dd3e049d.NginxMailingListEnglish@forum.nginx.org> Message-ID: /etc/nginx/sites-available/default http://paste.debian.net/118482/ /etc/nginx/nginx.conf http://paste.debian.net/118483/ I believe I'm near on my destination. My error Message is now Restarting nginx: nginx: [emerg] SSL_CTX_use_certificate_chain_file("/etc/nginx/example.com.csr") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib) nginx: configuration file /etc/nginx/nginx.conf test failed by root at cseipel:/etc/nginx/sites-available# service nginx restart Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252951,252964#msg-252964 From mdounin at mdounin.ru Sun Aug 31 01:30:59 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 31 Aug 2014 05:30:59 +0400 Subject: proxy_connect_timeout maximum In-Reply-To: <6b1d74f58a49f84dc5a44c2f4d68035b.NginxMailingListEnglish@forum.nginx.org> References: <6b1d74f58a49f84dc5a44c2f4d68035b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20140831013059.GR1849@mdounin.ru> Hello! On Fri, Aug 29, 2014 at 02:07:05PM -0400, lspasam wrote: > Hello, > I am receiving "upstream timed out (110: Connection timed out) while > connecting to upstream, client" errors. They are comet calls and I wonder if > increasing the proxy_connect_timeout will help. i have increased Unlikely. The default is 60 seconds, and it's enough for TCP 3-way handshake even in case of very distant servers. If a handshake can't complete within 60 seconds, it means that there is something wrong with your backend server - e.g. the server is overloaded and can't accept new connections. > proxy_send_timeout and proxy_read_timeout to 6000 and have turned off > proxy_buffering. The docs say that the proxy_connect_timeout cannot > "usually" exceed 75s. All my searches regarding nginx and comet return > config files that have proxy_connect_timeout values exceeding 75s. Is there > a max value for this? Maximum value for proxy_connect_timeout is determined by OS settings. Under traditional BSD it's 75s, and on FreeBSD it can be changed using the net.inet.tcp.keepinit sysctl. On modern Linuxes the default seems to be 20s, and should be possible to change it by setting retry count in net.ipv4.tcp_syn_retries. As previously noted though, it's highly unlikely that changing this will help. You should look into what happens with your backend instead. -- Maxim Dounin http://nginx.org/ From miguelmclara at gmail.com Sun Aug 31 01:31:29 2014 From: miguelmclara at gmail.com (Miguel Clara) Date: Sun, 31 Aug 2014 02:31:29 +0100 Subject: Nginx using with https :( In-Reply-To: References: <0a3f55687ff469041db98c57dd3e049d.NginxMailingListEnglish@forum.nginx.org> Message-ID: Have you created those certs? Weren't you using: ssl_certificate /etc/nginx/server.crt; ssl_certificate_key /etc/nginx/server.key; It seems you just removed the comments on the default config to see if it would magically work, but the cert files don't exist, that just an example! Please don't try everything until it works... the patch dewanggaba gave should do it, all you need it to have the cert/key created (I'm assuming self signed certificates, if you don't know how to do it just google it, first hits should give you enough info) Melhores Cumprimentos // Best Regards ----------------------------------------------- *Miguel Clara* *IT - Sys Admin & Developer* *E-mail: *miguelmclara at gmail.com www.linkedin.com/in/miguelmclara/ On Sun, Aug 31, 2014 at 2:08 AM, nginxfanboy wrote: > /etc/nginx/sites-available/default > > http://paste.debian.net/118482/ > > /etc/nginx/nginx.conf > > http://paste.debian.net/118483/ > > I believe I'm near on my destination. > My error Message is now > > Restarting nginx: nginx: [emerg] > SSL_CTX_use_certificate_chain_file("/etc/nginx/example.com.csr") failed > (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line > error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib) > nginx: configuration file /etc/nginx/nginx.conf test failed > > > by root at cseipel:/etc/nginx/sites-available# service nginx restart > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,252951,252964#msg-252964 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: linkedin.png Type: image/png Size: 655 bytes Desc: not available URL: From mdounin at mdounin.ru Sun Aug 31 02:45:41 2014 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 31 Aug 2014 06:45:41 +0400 Subject: NGINX redirection issue In-Reply-To: References: <20140810011055.GD1849@mdounin.ru> Message-ID: <20140831024541.GS1849@mdounin.ru> Hello! On Fri, Aug 29, 2014 at 10:08:57AM -0400, manish-ezest wrote: > Hello Maxim, > > I tried enabling debug mode but still I am not able to figure out the issue > and its possible solutions. > > I disabled this rewrites which are rewriting to index.html > ## Rewrite all directory lookups to 'index.html' > #rewrite ^(.*)/$ $1/index.html permanent; > > ## Rewrite all open strings to index.html > #rewrite ^(.*)/([^\.\?/]+)$ $1/$2/index.html permanent; > > and added this one as you suggested but now it is going to > www.google.com(very strange) > > location / { > index index.html; > try_files $uri.html $uri/ =404; > } > > Error Log Content > > 2014/08/29 09:40:28 [error] 935#0: *64 upstream timed out (110: Connection > timed out) while reading response header from upstream, client: 11.11.11.11, > server: www.aaa.com, request: "GET /favicon.ico HTTP/1.1", upstream: > "fastcgi://127.0.0.1:8999", host: "www.aaa.com" > 2014/08/29 09:40:38 [error] 935#0: *64 upstream timed out (110: Connection > timed out) while reading response header from upstream, client: 11.11.11.11, > server: www.aaa.com, request: "GET /favicon.ico HTTP/1.1", upstream: > "fastcgi://127.0.0.1:8999", host: "www.aaa.com" > 2014/08/29 09:40:48 [error] 935#0: *64 upstream timed out (110: Connection > timed out) while reading response header from upstream, client: 11.11.11.11, > server: www.aaa.com, request: "GET /favicon.ico HTTP/1.1", upstream: > "fastcgi://127.0.0.1:8999", host: "www.aaa.com" > 2014/08/29 09:40:58 [error] 935#0: *64 upstream timed out (110: Connection > timed out) while reading response header from upstream, client: 11.11.11.11, > server: www.aaa.com, request: "GET /favicon.ico HTTP/1.1", upstream: > "fastcgi://127.0.0.1:8999", host: "www.aaa.com" > 2014/08/29 09:41:08 [error] 935#0: *64 upstream timed out (110: Connection > timed out) while reading response header from upstream, client: 11.11.11.11, > server: www.aaa.com, request: "GET /favicon.ico HTTP/1.1", upstream: > "fastcgi://127.0.0.1:8999", host: "www.aaa.com" [...] >From the logs it looks like the loop is caused by error_page you use, and recursive_error_pages set somewhere in your configuration. As long as your error handler script times out (likely because it can't cope with load), nginx tries to call it again, then again, then again. This continues till nginx reaches the redirections limit and logs the message about it. Find where recursive_error_pages is set and switch it off - or, rather, just remove it from the configuration. As previously said, the default is correct and should not be changed unless you understand what you are doing. This should resolve your problem. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Sun Aug 31 03:37:03 2014 From: nginx-forum at nginx.us (nginxfanboy) Date: Sat, 30 Aug 2014 23:37:03 -0400 Subject: Nginx using with https :( In-Reply-To: <0a3f55687ff469041db98c57dd3e049d.NginxMailingListEnglish@forum.nginx.org> References: <0a3f55687ff469041db98c57dd3e049d.NginxMailingListEnglish@forum.nginx.org> Message-ID: I solve my Problem here the config. /etc/nginx/sites-available/default http://paste.debian.net/118487/ /etc/nginx/nginx.conf http://paste.debian.net/118488/ And so i create my certificate :) openssl req -new -x509 -nodes -out /etc/ssl/certs/SITENAME.crt -keyout /etc/ssl/private/SITENAME.key Posted at Nginx Forum: http://forum.nginx.org/read.php?2,252951,252968#msg-252968 From miguelmclara at gmail.com Sun Aug 31 04:17:37 2014 From: miguelmclara at gmail.com (Miguel Clara) Date: Sun, 31 Aug 2014 05:17:37 +0100 Subject: Nginx using with https :( In-Reply-To: References: <0a3f55687ff469041db98c57dd3e049d.NginxMailingListEnglish@forum.nginx.org> Message-ID: The config Could use a some polish but you'll get there. Glad you could understand what was wrong ;) Melhores Cumprimentos // Best Regards ----------------------------------------------- *Miguel Clara* *IT - Sys Admin & Developer* *E-mail: *miguelmclara at gmail.com www.linkedin.com/in/miguelmclara/ On Sun, Aug 31, 2014 at 4:37 AM, nginxfanboy wrote: > I solve my Problem here the config. > > /etc/nginx/sites-available/default > http://paste.debian.net/118487/ > > /etc/nginx/nginx.conf > http://paste.debian.net/118488/ > > And so i create my certificate :) > > openssl req -new -x509 -nodes -out /etc/ssl/certs/SITENAME.crt -keyout > /etc/ssl/private/SITENAME.key > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,252951,252968#msg-252968 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: linkedin.png Type: image/png Size: 655 bytes Desc: not available URL: From al-nginx at none.at Sun Aug 31 15:23:38 2014 From: al-nginx at none.at (Aleksandar Lazic) Date: Sun, 31 Aug 2014 17:23:38 +0200 Subject: ECC Certificates and SNI In-Reply-To: References: <1b721572101b63c0e7c46ff5ca78754a@none.at> Message-ID: Dear B. R. It looks like this is a firefox isssue. With chomium 38 and curl and s_client I was able to connect. ########## openssl version -a OpenSSL 1.0.1 14 Mar 2012 built on: Thu Aug 7 13:42:02 UTC 2014 platform: debian-amd64 options: bn(64,64) rc4(16x,int) des(idx,cisc,16,int) blowfish(idx) compiler: cc -fPIC -DOPENSSL_PIC -DZLIB -DOPENSSL_THREADS -D_REENTRANT -DDSO_DLFCN -DHAVE_DLFCN_H -m64 -DL_ENDIAN -DTERMIO -g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Werror=format-security -D_FORTIFY_SOURCE=2 -Wl,-Bsymbolic-functions -Wl,-z,relro -Wa,--noexecstack -Wall -DOPENSSL_NO_TLS1_2_CLIENT -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 -DMD32_REG_T=int -DOPENSSL_IA32_SSE2 -DOPENSSL_BN_ASM_MONT -DOPENSSL_BN_ASM_MONT5 -DOPENSSL_BN_ASM_GF2m -DSHA1_ASM -DSHA256_ASM -DSHA512_ASM -DMD5_ASM -DAES_ASM -DVPAES_ASM -DBSAES_ASM -DWHIRLPOOL_ASM -DGHASH_ASM /usr/sbin/nginx -c /etc/nginx/nginx.conf -V nginx version: nginx/1.7.4 built by gcc 4.6.3 (Ubuntu/Linaro 4.6.3-1ubuntu5) TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Wformat-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6 ldd /usr/sbin/nginx linux-vdso.so.1 => (0x00007fff54dfe000) libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fdac5938000) libcrypt.so.1 => /lib/x86_64-linux-gnu/libcrypt.so.1 (0x00007fdac56ff000) libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007fdac54c1000) libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fdac5263000) libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fdac4e88000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fdac4c70000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fdac48b1000) /lib64/ld-linux-x86-64.so.2 (0x00007fdac5b63000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fdac46ad000) ldd $(which openssl) linux-vdso.so.1 => (0x00007fffdddfe000) libssl.so.1.0.0 => /lib/x86_64-linux-gnu/libssl.so.1.0.0 (0x00007fbd557c6000) libcrypto.so.1.0.0 => /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 (0x00007fbd553eb000) libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fbd5502b000) libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007fbd54e27000) libz.so.1 => /lib/x86_64-linux-gnu/libz.so.1 (0x00007fbd54c10000) /lib64/ld-linux-x86-64.so.2 (0x00007fbd55a32000) ######### cheers a l Am 16-08-2014 11:53, schrieb B.R.: > Hello, > > The error comes from OpenSSL. > > From its name, I wouldsay the constant being check is one that OpenSSL sets during handshake. > From its name too, I wouls say this applies to a SSLv3 handshake. OpenSSL has a corresponding TLSv1 constant named DTLS1_SEND_SERVER_KEY_EXCHANGE. > Seems like a bug, possibly related to the (non widespread) use of ECC certificates. > > Before really calling out for a bug: you say SSLv3 is disabled. Please be really sure of that. > > Check the OpenSSL library your nginx has been linked against. I suggest you update that package on your system and retry. > Try balance between sufficiently up-to-date version and avoinding versions with well-known vulnerabilities. > > Hope I helped, > > --- > B. R. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx [1] Links: ------ [1] http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: