401 Authorization Required

From sirtcp at gmail.com Wed Jun 1 13:26:55 2016 From: sirtcp at gmail.com (Muhammad Yousuf Khan) Date: Wed, 1 Jun 2016 18:26:55 +0500 Subject: Buitwith.com showing apache and nginx both. In-Reply-To: <20160531202421.GE2852@daoine.org> References: <20160531202421.GE2852@daoine.org> Message-ID: Thanks for the tip Francis, really appreciate. Thanks, MYK On Wed, Jun 1, 2016 at 1:24 AM, Francis Daly wrote: > On Tue, May 31, 2016 at 07:04:30PM +0500, Muhammad Yousuf Khan wrote: > > Hi there, > > > When i scan my site with builtwith.com it is showing that i am using > both > > nginx and apache. > > When you scan your site with builtwith.com, what do your nginx logs say > the requests were? > > When you make those same requests yourself, what responses do you get? > > Pay particular attention to the http headers. > > > Any idea why? > > Perhaps builtwith.com makes a request that your nginx is configured to > reverse-proxy to an apache server, without hiding the Server header. > > Perhaps builtwith.com scanned your site previously, and show all > historical answers. > > Perhaps builtwith.com uses heuristics which are wrong for your site. > > f > -- > Francis Daly francis at daoine.org > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From larry.martell at gmail.com Wed Jun 1 20:45:29 2016 From: larry.martell at gmail.com (Larry Martell) Date: Wed, 1 Jun 2016 16:45:29 -0400 Subject: checking headers In-Reply-To: <20160531230619.GF2852@daoine.org> References:

<20160531134557.GB2852@daoine.org> <20160531153828.GC2852@daoine.org> <20160531201948.GD2852@daoine.org> <20160531230619.GF2852@daoine.org> Message-ID: On Tue, May 31, 2016 at 7:06 PM, Francis Daly wrote: > On Tue, May 31, 2016 at 04:48:19PM -0400, Larry Martell wrote: >> On Tue, May 31, 2016 at 4:19 PM, Francis Daly wrote: >> > On Tue, May 31, 2016 at 12:33:56PM -0400, Larry Martell wrote: > > Hi there, > >> > It sounds like your design is that your client sends a http request to >> > port 8004; the http service there returns a 301 redirect to a url on port >> > 8000 and includes a particular response header; and you want your client >> > to follow the redirect by making a new request to port 8000 and include a >> > request header that mirrors the particular response header that you sent. >> >> With the django app, what you are saying is correct. >> >> > If you are using the client that you wrote, then you can make sure that >> > it does that. >> > >> > If you are using a general http client, it is unlikely to do that. >> >> I am knida new to all this. The apps were written by someone who quit >> and then this was all dropped in my lap. Francis, I really appreciate the time you took to send such a complete and thoughtful reply. > It might be instructive for you to find out *why* they quit. I'll never know for sure, as he was gone before I got there. But I have some pretty good guesses. > If it was related to them being required to implement a design which they > knew can't possibly work, it would be good for you to learn that early. He was the one who designed and built it, and it seems overly complicated to me. But I like to give people the benefit of the doubt and think he had his reasons. > But that's beside the point, here. > >> I thought I was clear on what >> a client and server were in life, in this app it's somewhat screwy. > > Probably a good thing you can do for you, is take a pencil and paper > and write down the intended data flow of this application. Yes, that was one of the first things I did when I took the job. I understand the flow, but I don't understand why it was done in the way it was. > Until you are happy that the design is right, you probably can't accept > responsibility for implementing it. It's implemented already and it functionally works, but it has no security or authentication at all. That is what I was asked to add. And they wanted it done ASAP since they were hanging out naked. > In general, the app is a chain of events. At each point, one client is > making one request of one server. > > When you can see the data flow design, it will be clearer to you. > >> What is behind port 8000 is nginx routing to some Angular code that >> sends a request out. So the Angular code, although client side, is >> acting like a server in that it is invoked in response to a request. > > I don't follow all of those words, but that's ok: I don't have to. Initially I didn't find it confusing, but perhaps that is from my ignorance. But when I talked to people about it they were always confused. I didn't see why there were so confused, but then it struck me - the Angular code acts like a server and in everyone's mind, that is not what client side code does. I was trying in the Angular code to get info on the request it was serving. But from Angular's point of view, it wasn't serving a request - it was just being invoked and it sends out a request. The fact that it was invoked because nginx got a request on port 8000 was not known to Angular. So me trying to do server type things (like look a the request headers) made no sense in client side code. >> Then it turns about and acts like a client and sends a request out. >> So, who's the server here? nginx? > > Whatever is making the request is the client at this instant; whatever > is receiving the request is the server at this instant. > >> There are 2 approved ways to send a request to port 8000. One is from >> an app we wrote that is in C++ and it directly sends the request to >> port 8000. These requests are always previously authenticated and are >> good to go. The second is from a django endpoint listening on 8004. It >> does some authentication and if all is good, redirects to 8000. So >> with both of these cases I want to request to port 8000 to go through. >> >> Then, of course, there are myriad other ways for a request to get port >> 8000 - from a browser, curl, wget, etc. In all of these cases I want >> the request to be blocked and return a 401. > > nginx on port 8000 does not care whether the request came from your C++ > app or from my curl command. > > All it cares about is what it is configured to do: which is to accept a > http request that includes the "I promise I am authorised" token. > > browser, curl, wget, etc, can all include that token, without touching > your django app or your C++ program. Yes, I realize all that. I was going for some short term security by obscurity. Anything is better then the nothing they had. > If that is your design, and the authorisation actually matters for > anything, then your design is broken and you need to re-design. What I ended up doing was to embed the auth info in the URL parameters and then encrypt that. Got me by for the moment. Down the road I'll do something better. >> I was hoping to do this with a custom header, but that appears not to >> work. Can anyone recommend another way to achieve this? > > One possibility might be to use auth_request > (http://nginx.org/r/auth_request) within nginx to authorise-and-return > the content in one step (as far as the client is concerned) in nginx. > > Another possibility might be to use "X-Accel-Redirect" from the > reverse-proxied authorisation-checker. Again, from the client perspective, > the request with credentials results in the desired response directly. Thanks I will look into those solutions. > The current two-step process of one request with credentials which are > checked, returning a "I am authorised" token; followed by another request > with that token which the second server does not authenticate at all; > leads to you being able to use "curl" to pretend to be authorised. Yes, if someone knew what header field and value to use. >> > Perhaps an alternate design involving reverse-proxying would be valid? >> >> How would that help me? > > As above, nginx could reverse-proxy to the authorisation checker; or > alternatively the django app could reverse-proxy to nginx; and then you > could put in external (firewall?) rules which mean that only your C++ > app and your django app can get to nginx on port 8000. > > Good luck with it, Thanks again! -Larry From lists at ruby-forum.com Thu Jun 2 17:51:06 2016 From: lists at ruby-forum.com (Gabriel Arrais) Date: Thu, 02 Jun 2016 19:51:06 +0200 Subject: Map is not matching correctly against upstream custom header Message-ID: Hi, I'm trying to configure my proxy cache settings based in a response custom header, using proxy_no_cache and proxy_cache_bypass directives. First question: is it possible at all? Second question: If it is, why this map is always hitting the default value? map $sent_http_x_my_custom_header $no_cache { default 0; 1 0; true 0; false 1; "~*false" 1; } .... location ~ ^/ { ... proxy_no_cache $no_cache;^M proxy_cache_bypass $no_cache;^M } I've already tried the map with $sent_http_x_my_custom_header, $upstream_http_x_my_custom_header and $http_x_my_custom_header. It's always the same result. obs: I've already tried with if but if is resolved in request time so it didn't work. Thank you in advance. -- Posted via http://www.ruby-forum.com/. From mdounin at mdounin.ru Thu Jun 2 18:26:21 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 2 Jun 2016 21:26:21 +0300 Subject: Map is not matching correctly against upstream custom header In-Reply-To: References: Message-ID: <20160602182621.GM36620@mdounin.ru> Hello! On Thu, Jun 02, 2016 at 07:51:06PM +0200, Gabriel Arrais wrote: > Hi, I'm trying to configure my proxy cache settings based in a response > custom > header, using proxy_no_cache and proxy_cache_bypass directives. > > First question: is it possible at all? > Second question: If it is, why this map is always hitting the default > value? > > map $sent_http_x_my_custom_header $no_cache { > default 0; > 1 0; > true 0; > false 1; > "~*false" 1; > } > > .... > > location ~ ^/ { > ... > proxy_no_cache $no_cache;^M > proxy_cache_bypass $no_cache;^M > } > > I've already tried the map with $sent_http_x_my_custom_header, > $upstream_http_x_my_custom_header and $http_x_my_custom_header. It's > always the same result. > > obs: I've already tried with if but if is resolved in request time so it > didn't work. The problem is that you are trying to lookup response headers when there is no response yet. Both "if" and "proxy_cache_bypass" are checked before the request is sent to a backend, and hence they can't do anything good. Additionally, map{} results are always cached, and when you try to lookup it again via "proxy_no_cache" it just return a previously cached value (the one computed when there were no response yet). Consider removing "proxy_cache_bypass" from your cofiguration. Just map $upstream_http_x_my_custom_header $no_cache { ... } proxy_no_cache $no_cache; is expected to work fine. -- Maxim Dounin http://nginx.org/ From lists at ruby-forum.com Thu Jun 2 19:12:58 2016 From: lists at ruby-forum.com (Gabriel Arrais) Date: Thu, 02 Jun 2016 21:12:58 +0200 Subject: Map is not matching correctly against upstream custom header In-Reply-To: <20160602182621.GM36620@mdounin.ru> References: <20160602182621.GM36620@mdounin.ru> Message-ID: <8624346c0f1cbae78b7ad2133625a30c@ruby-forum.com> Maxim Dounin wrote in post #1183769: > Hello! > > On Thu, Jun 02, 2016 at 07:51:06PM +0200, Gabriel Arrais wrote: > >> 1 0; >> proxy_cache_bypass $no_cache;^M >> } >> >> I've already tried the map with $sent_http_x_my_custom_header, >> $upstream_http_x_my_custom_header and $http_x_my_custom_header. It's >> always the same result. >> >> obs: I've already tried with if but if is resolved in request time so it >> didn't work. > > The problem is that you are trying to lookup response headers when > there is no response yet. Both "if" and "proxy_cache_bypass" are > checked before the request is sent to a backend, and hence they > can't do anything good. > > Additionally, map{} results are always cached, and when you try to > lookup it again via "proxy_no_cache" it just return a previously > cached value (the one computed when there were no response yet). > > Consider removing "proxy_cache_bypass" from your cofiguration. > Just > > map $upstream_http_x_my_custom_header $no_cache { > ... > } > > proxy_no_cache $no_cache; > > is expected to work fine. > > -- > Maxim Dounin > http://nginx.org/ Hello Maxim! Thank you very much for the response, I think that I can't remove the "proxy_cache_bypass" from my configuration because other mecanisms are using this directive, in other situations.. I will try to use two different variables for proxy_no_cache and proxy_cache_bypass. Again, thank you! -- Posted via http://www.ruby-forum.com/. From thaisdauto at hotmail.com Fri Jun 3 03:04:45 2016 From: thaisdauto at hotmail.com (=?iso-8859-1?Q?Tha=EDs_Dauto?=) Date: Fri, 3 Jun 2016 03:04:45 +0000 Subject: Problem Message-ID: I know that you are the hosting company 's website: www.empresascnpj.com because there on page one even has the link to get in touch with you . As there is no way to contact them and there responsaliza you as their support , I want you to remove IMMEDIATELY a link that contains my ex cnpj . I 've given this low cnpj ! And I never allowed that this site and show exisse my personal data , as it has done . Exposing myself to anyone who look for my name on the internet ! I want to remove my data from this site ! I did not authorize !!!!!!! I was clear? Or I'll look for my rights , next to my lawyer! Page! http://www.empresascnpj.com/s/empresa/sam-estetica-me/22509539000103 -------------- next part -------------- An HTML attachment was scrubbed... URL: From thaisdauto at hotmail.com Fri Jun 3 03:07:04 2016 From: thaisdauto at hotmail.com (=?iso-8859-1?Q?Tha=EDs_Dauto?=) Date: Fri, 3 Jun 2016 03:07:04 +0000 Subject: Problem In-Reply-To: References: Message-ID: Immediately!!!! ________________________________ De: nginx em nome de Tha?s Dauto Enviado: sexta-feira, 3 de junho de 2016 00:04 Para: nginx at nginx.org Assunto: Problem I know that you are the hosting company 's website: www.empresascnpj.com because there on page one even has the link to get in touch with you . As there is no way to contact them and there responsaliza you as their support , I want you to remove IMMEDIATELY a link that contains my ex cnpj . I 've given this low cnpj ! And I never allowed that this site and show exisse my personal data , as it has done . Exposing myself to anyone who look for my name on the internet ! I want to remove my data from this site ! I did not authorize !!!!!!! I was clear? Or I'll look for my rights , next to my lawyer! Page! http://www.empresascnpj.com/s/empresa/sam-estetica-me/22509539000103 -------------- next part -------------- An HTML attachment was scrubbed... URL: From rpaprocki at fearnothingproductions.net Fri Jun 3 03:21:27 2016 From: rpaprocki at fearnothingproductions.net (Robert Paprocki) Date: Thu, 2 Jun 2016 20:21:27 -0700 Subject: Problem In-Reply-To: References: Message-ID: <83D70D08-E304-41AC-AF0E-1469A3655A30@fearnothingproductions.net> Oh man you guys. Immediately. Next to his lawyer. > On Jun 2, 2016, at 20:07, Tha?s Dauto wrote: > > Immediately!!!! > > > > > De: nginx em nome de Tha?s Dauto > Enviado: sexta-feira, 3 de junho de 2016 00:04 > Para: nginx at nginx.org > Assunto: Problem > > I know that you are the hosting company 's website: www.empresascnpj.com because there on page one even has the link to get in touch with you . As there is no way to contact them and there responsaliza you as their support , I want you to remove IMMEDIATELY a link that contains my ex cnpj . I 've given this low cnpj ! And I never allowed that this site and show exisse my personal data , as it has done . Exposing myself to anyone who look for my name on the internet ! I want to remove my data from this site ! I did not authorize !!!!!!! I was clear? Or I'll look for my rights , next to my lawyer! > > Page! http://www.empresascnpj.com/s/empresa/sam-estetica-me/22509539000103 > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From thaisdauto at hotmail.com Fri Jun 3 03:25:35 2016 From: thaisdauto at hotmail.com (=?iso-8859-1?Q?Tha=EDs_Dauto?=) Date: Fri, 3 Jun 2016 03:25:35 +0000 Subject: Problem In-Reply-To: <83D70D08-E304-41AC-AF0E-1469A3655A30@fearnothingproductions.net> References: , <83D70D08-E304-41AC-AF0E-1469A3655A30@fearnothingproductions.net> Message-ID: I just want to remove the website link I sent. ________________________________ De: nginx em nome de Robert Paprocki Enviado: sexta-feira, 3 de junho de 2016 00:21 Para: nginx at nginx.org Assunto: Re: Problem Oh man you guys. Immediately. Next to his lawyer. On Jun 2, 2016, at 20:07, Tha?s Dauto > wrote: Immediately!!!! ________________________________ De: nginx > em nome de Tha?s Dauto > Enviado: sexta-feira, 3 de junho de 2016 00:04 Para: nginx at nginx.org Assunto: Problem I know that you are the hosting company 's website: www.empresascnpj.com because there on page one even has the link to get in touch with you . As there is no way to contact them and there responsaliza you as their support , I want you to remove IMMEDIATELY a link that contains my ex cnpj . I 've given this low cnpj ! And I never allowed that this site and show exisse my personal data , as it has done . Exposing myself to anyone who look for my name on the internet ! I want to remove my data from this site ! I did not authorize !!!!!!! I was clear? Or I'll look for my rights , next to my lawyer! Page! http://www.empresascnpj.com/s/empresa/sam-estetica-me/22509539000103 _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From thaisdauto at hotmail.com Fri Jun 3 03:29:38 2016 From: thaisdauto at hotmail.com (=?iso-8859-1?Q?Tha=EDs_Dauto?=) Date: Fri, 3 Jun 2016 03:29:38 +0000 Subject: No subject Message-ID: You are the webmaster. Host that site . So can remove. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rpaprocki at fearnothingproductions.net Fri Jun 3 03:40:40 2016 From: rpaprocki at fearnothingproductions.net (Robert Paprocki) Date: Thu, 2 Jun 2016 20:40:40 -0700 Subject: Problem In-Reply-To: References: <83D70D08-E304-41AC-AF0E-1469A3655A30@fearnothingproductions.net> Message-ID: <09C562A4-A622-43A4-9235-BB094CAC6514@fearnothingproductions.net> This is NOT the appropriate address to send these requests. This is a public mailing list for Nginx users. Nginx is an open source web server, not a web master or web hosting company. > On Jun 2, 2016, at 20:25, Tha?s Dauto wrote: > > > I just want to remove the website link I sent. > > > > > > De: nginx em nome de Robert Paprocki > Enviado: sexta-feira, 3 de junho de 2016 00:21 > Para: nginx at nginx.org > Assunto: Re: Problem > > Oh man you guys. Immediately. Next to his lawyer. > > On Jun 2, 2016, at 20:07, Tha?s Dauto wrote: > >> Immediately!!!! >> >> >> >> >> De: nginx em nome de Tha?s Dauto >> Enviado: sexta-feira, 3 de junho de 2016 00:04 >> Para: nginx at nginx.org >> Assunto: Problem >> >> I know that you are the hosting company 's website: www.empresascnpj.com because there on page one even has the link to get in touch with you . As there is no way to contact them and there responsaliza you as their support , I want you to remove IMMEDIATELY a link that contains my ex cnpj . I 've given this low cnpj ! And I never allowed that this site and show exisse my personal data , as it has done . Exposing myself to anyone who look for my name on the internet ! I want to remove my data from this site ! I did not authorize !!!!!!! I was clear? Or I'll look for my rights , next to my lawyer! >> >> Page! http://www.empresascnpj.com/s/empresa/sam-estetica-me/22509539000103 >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From thaisdauto at hotmail.com Fri Jun 3 03:50:35 2016 From: thaisdauto at hotmail.com (=?iso-8859-1?Q?Tha=EDs_Dauto?=) Date: Fri, 3 Jun 2016 03:50:35 +0000 Subject: Problem In-Reply-To: <09C562A4-A622-43A4-9235-BB094CAC6514@fearnothingproductions.net> References: <83D70D08-E304-41AC-AF0E-1469A3655A30@fearnothingproductions.net> , <09C562A4-A622-43A4-9235-BB094CAC6514@fearnothingproductions.net> Message-ID: I would like then to know what is the appropriate address !? And I would like further to know why nginx is on the homepage of the website " empresacnpj " main to support and problems , and as webmaster. Site moreover, that contains my data without my permission . ________________________________ De: nginx em nome de Robert Paprocki Enviado: sexta-feira, 3 de junho de 2016 00:40 Para: nginx at nginx.org Assunto: Re: Problem This is NOT the appropriate address to send these requests. This is a public mailing list for Nginx users. Nginx is an open source web server, not a web master or web hosting company. On Jun 2, 2016, at 20:25, Tha?s Dauto > wrote: I just want to remove the website link I sent. ________________________________ De: nginx > em nome de Robert Paprocki > Enviado: sexta-feira, 3 de junho de 2016 00:21 Para: nginx at nginx.org Assunto: Re: Problem Oh man you guys. Immediately. Next to his lawyer. On Jun 2, 2016, at 20:07, Tha?s Dauto > wrote: Immediately!!!! ________________________________ De: nginx > em nome de Tha?s Dauto > Enviado: sexta-feira, 3 de junho de 2016 00:04 Para: nginx at nginx.org Assunto: Problem I know that you are the hosting company 's website: www.empresascnpj.com because there on page one even has the link to get in touch with you . As there is no way to contact them and there responsaliza you as their support , I want you to remove IMMEDIATELY a link that contains my ex cnpj . I 've given this low cnpj ! And I never allowed that this site and show exisse my personal data , as it has done . Exposing myself to anyone who look for my name on the internet ! I want to remove my data from this site ! I did not authorize !!!!!!! I was clear? Or I'll look for my rights , next to my lawyer! Page! http://www.empresascnpj.com/s/empresa/sam-estetica-me/22509539000103 _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From jim at ohlste.in Fri Jun 3 04:25:42 2016 From: jim at ohlste.in (Jim Ohlstein) Date: Fri, 3 Jun 2016 00:25:42 -0400 Subject: Problem In-Reply-To: References: <83D70D08-E304-41AC-AF0E-1469A3655A30@fearnothingproductions.net> <09C562A4-A622-43A4-9235-BB094CAC6514@fearnothingproductions.net> Message-ID: <7D008911-0E84-4FA7-B395-AAD6559B771D@ohlste.in> You're really pretty dense but I'll try. You're in the wrong place. There. That's it. We don't know why someone put information on THEIR website. Try figuring out who actually hosts it, and complain to them. We can't help you so please stop bothering us. Jim Ohlstein > On Jun 2, 2016, at 11:50 PM, Tha?s Dauto wrote: > > > I would like then to know what is the appropriate address !? And I would like further to know why nginx is on the homepage > of the website " empresacnpj " main to support and problems , and as webmaster. Site moreover, that contains my data without my permission . > > > > > De: nginx em nome de Robert Paprocki > Enviado: sexta-feira, 3 de junho de 2016 00:40 > Para: nginx at nginx.org > Assunto: Re: Problem > > This is NOT the appropriate address to send these requests. This is a public mailing list for Nginx users. Nginx is an open source web server, not a web master or web hosting company. > > On Jun 2, 2016, at 20:25, Tha?s Dauto wrote: > >> >> I just want to remove the website link I sent. >> >> >> >> >> De: nginx em nome de Robert Paprocki >> Enviado: sexta-feira, 3 de junho de 2016 00:21 >> Para: nginx at nginx.org >> Assunto: Re: Problem >> >> Oh man you guys. Immediately. Next to his lawyer. >> >> On Jun 2, 2016, at 20:07, Tha?s Dauto wrote: >> >>> Immediately!!!! >>> >>> >>> >>> De: nginx em nome de Tha?s Dauto >>> Enviado: sexta-feira, 3 de junho de 2016 00:04 >>> Para: nginx at nginx.org >>> Assunto: Problem >>> >>> I know that you are the hosting company 's website: www.empresascnpj.com because there on page one even has the link to get in touch with you . As there is no way to contact them and there responsaliza you as their support , I want you to remove IMMEDIATELY a link that contains my ex cnpj . I 've given this low cnpj ! And I never allowed that this site and show exisse my personal data , as it has done . Exposing myself to anyone who look for my name on the internet ! I want to remove my data from this site ! I did not authorize !!!!!!! I was clear? Or I'll look for my rights , next to my lawyer! >>> >>> Page! http://www.empresascnpj.com/s/empresa/sam-estetica-me/22509539000103 >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at lazygranch.com Fri Jun 3 04:33:14 2016 From: lists at lazygranch.com (lists at lazygranch.com) Date: Fri, 03 Jun 2016 00:33:14 -0400 Subject: Problem In-Reply-To: <09C562A4-A622-43A4-9235-BB094CAC6514@fearnothingproductions.net> References: <83D70D08-E304-41AC-AF0E-1469A3655A30@fearnothingproductions.net> <09C562A4-A622-43A4-9235-BB094CAC6514@fearnothingproductions.net> Message-ID: <20160603043314.5451859.33870.4071@lazygranch.com> An HTML attachment was scrubbed... URL: From shilei at qiyi.com Fri Jun 3 06:55:15 2016 From: shilei at qiyi.com (=?gb2312?B?yq/A2g==?=) Date: Fri, 3 Jun 2016 06:55:15 +0000 Subject: How to reproduce issue CVE-2016-4450? Message-ID: Hi, I am working on the fixing of issue CVE-2016-4450, it seems that if the request body is neither saved in the memory nor in file, it might crash when save the request body to the temp file. Could you instruct me what kind of request body can trigger this issue? I want to reproduce it, and evaluate the whether upgrade our nginx server. Refer to CVE-2016-4450: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file (CVE-2016-4450). Thanks! ? ? ????????????? [????logo] ????? ??????????????2???????17? ???100080 ????86 138 1180 3496 ??? ????86 10 6267 7000 ???shilei at qiyi.com ???www.iQIYI.com www.ppstream.com -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 25521 bytes Desc: image001.jpg URL: From wangsamp at gmail.com Fri Jun 3 07:32:15 2016 From: wangsamp at gmail.com (Oleksandr V. Typlyns'kyi) Date: Fri, 3 Jun 2016 10:32:15 +0300 (EEST) Subject: How to reproduce issue CVE-2016-4450? In-Reply-To: References: Message-ID: Today Jun 3, 2016 at 06:55 ?? wrote: > Hi, > > I am working on the fixing of issue CVE-2016-4450, it seems that if the request body is neither saved in the memory nor in file, it might crash when save the request body to the temp file. > Could you instruct me what kind of request body can trigger this issue? I want to reproduce it, and evaluate the whether upgrade our nginx server. Chunked WebDAV PUT: https://trac.nginx.org/nginx/ticket/981 -- WNGS-RIPE From maxim at nginx.com Fri Jun 3 07:39:47 2016 From: maxim at nginx.com (Maxim Konovalov) Date: Fri, 3 Jun 2016 10:39:47 +0300 Subject: Problem In-Reply-To: <20160603043314.5451859.33870.4071@lazygranch.com> References: <83D70D08-E304-41AC-AF0E-1469A3655A30@fearnothingproductions.net> <09C562A4-A622-43A4-9235-BB094CAC6514@fearnothingproductions.net> <20160603043314.5451859.33870.4071@lazygranch.com> Message-ID: <43872302-db51-a576-0209-0142c709442c@nginx.com> On 6/3/16 7:33 AM, lists at lazygranch.com wrote: > Perhaps in a future release of Nginx, the error pages should not > contain any reference to nginx. That is the only way I can figure > out this person came up with the idea of complaining to the list. > (Assuming this isn't spam to encourage use to click on that website > link.) > Actually, a number of such complains is still surprisingly low. > I think another mistake is to have the error page indicate the rev > of nginx. That is an easy way for someone to spot a vulnerable rev > of the nginx on a server. > -- Maxim Konovalov From reallfqq-nginx at yahoo.fr Fri Jun 3 10:42:52 2016 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Fri, 3 Jun 2016 12:42:52 +0200 Subject: Problem In-Reply-To: <43872302-db51-a576-0209-0142c709442c@nginx.com> References: <83D70D08-E304-41AC-AF0E-1469A3655A30@fearnothingproductions.net> <09C562A4-A622-43A4-9235-BB094CAC6514@fearnothingproductions.net> <20160603043314.5451859.33870.4071@lazygranch.com> <43872302-db51-a576-0209-0142c709442c@nginx.com> Message-ID: xD Maxim. I would have put 'hopefully' along with 'surprisingly' though... just to convince myself such dumbness is marginal. To lists at lazygranch.com, nginx version can already be removed with the help of the server_tokens directive. Why that is not the default brings back the eternal difficulties around changing defaults, compatbility and stability, debate I (re)initiated around some other 'odd' defaults. Anyway, we are drifting away from the original subject, which is... Oh yeah, stupidity. And next to his lawyer. (And huge font size.) --- *B. R.* On Fri, Jun 3, 2016 at 9:39 AM, Maxim Konovalov wrote: > On 6/3/16 7:33 AM, lists at lazygranch.com wrote: > > Perhaps in a future release of Nginx, the error pages should not > > contain any reference to nginx. That is the only way I can figure > > out this person came up with the idea of complaining to the list. > > (Assuming this isn't spam to encourage use to click on that website > > link.) > > > Actually, a number of such complains is still surprisingly low. > > > I think another mistake is to have the error page indicate the rev > > of nginx. That is an easy way for someone to spot a vulnerable rev > > of the nginx on a server. > > > > -- > Maxim Konovalov > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pb.rakesh90 at gmail.com Fri Jun 3 11:57:07 2016 From: pb.rakesh90 at gmail.com (RAKESH P B) Date: Fri, 3 Jun 2016 17:27:07 +0530 Subject: Enable the Etag for dynamic content Message-ID: Hi All, I'm using ngnx version nginx/1.10.1, php application in back end connected via unix socket. We are planning to enable the cache behavior for dynamic contents using cache control headers and etag. We have tried below below method to enable the etag, but none of the method working as expected. 1. Compiled the nginx source code (1.10.0) with dynamic etag module. 2. upstream configuration is used to to connect via unix socket instead of location method. Any suggestions will be helpful -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Fri Jun 3 14:08:02 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 3 Jun 2016 17:08:02 +0300 Subject: Enable the Etag for dynamic content In-Reply-To: References: Message-ID: <20160603140802.GP36620@mdounin.ru> Hello! On Fri, Jun 03, 2016 at 05:27:07PM +0530, RAKESH P B wrote: > Hi All, > > I'm using ngnx version nginx/1.10.1, php application in back end connected > via unix socket. We are planning to enable the cache behavior for dynamic > contents using cache control headers and etag. We have tried below below > method to enable the etag, but none of the method working as expected. > > > 1. Compiled the nginx source code (1.10.0) with dynamic etag module. > 2. upstream configuration is used to to connect via unix socket instead of > location method. > > Any suggestions will be helpful Try generating entity tags in your application instead. -- Maxim Dounin http://nginx.org/ From zxcvbn4038 at gmail.com Fri Jun 3 17:05:18 2016 From: zxcvbn4038 at gmail.com (CJ Ess) Date: Fri, 3 Jun 2016 13:05:18 -0400 Subject: Problem In-Reply-To: <43872302-db51-a576-0209-0142c709442c@nginx.com> References: <83D70D08-E304-41AC-AF0E-1469A3655A30@fearnothingproductions.net> <09C562A4-A622-43A4-9235-BB094CAC6514@fearnothingproductions.net> <20160603043314.5451859.33870.4071@lazygranch.com> <43872302-db51-a576-0209-0142c709442c@nginx.com> Message-ID: I once knew a guy who convinced someone they had hacked their site by making a DNS entry to 127.0.0.1. So when the guy tried to access the "other" site his passwords worked, all his files were there, it was even running the same software! He made changes on his site and they instantly appeared on the "other" site. He deleted files off the "other" site and they were removed from his site - obviously in retaliation!. So after an hour or so of trying to figure out how his server is being accessed the guy just goes completely ballistic and starts calling the police and then the FBI (this was in the US). The FBI did investigate and visited the prankster in person. He explained what loopback was and how the prank worked, and the FBI agents thought it was pretty funny - they do have a sense of humor after all. On Fri, Jun 3, 2016 at 3:39 AM, Maxim Konovalov wrote: > On 6/3/16 7:33 AM, lists at lazygranch.com wrote: > > Perhaps in a future release of Nginx, the error pages should not > > contain any reference to nginx. That is the only way I can figure > > out this person came up with the idea of complaining to the list. > > (Assuming this isn't spam to encourage use to click on that website > > link.) > > > Actually, a number of such complains is still surprisingly low. > > > I think another mistake is to have the error page indicate the rev > > of nginx. That is an easy way for someone to spot a vulnerable rev > > of the nginx on a server. > > > > -- > Maxim Konovalov > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From thaisdauto at hotmail.com Fri Jun 3 18:18:21 2016 From: thaisdauto at hotmail.com (=?iso-8859-1?Q?Tha=EDs_Dauto?=) Date: Fri, 3 Jun 2016 18:18:21 +0000 Subject: Problem In-Reply-To: References: <83D70D08-E304-41AC-AF0E-1469A3655A30@fearnothingproductions.net> <09C562A4-A622-43A4-9235-BB094CAC6514@fearnothingproductions.net> <20160603043314.5451859.33870.4071@lazygranch.com> <43872302-db51-a576-0209-0142c709442c@nginx.com>, Message-ID: Hi I do not want to receive these emails . I received a lot of emails and none were really to me or to help me in what I said. So now I want to stop receiving these emails . I sent an email to " nginx at nginx.org " I sent my personal email , I use to serious things , I would like to know why the email is that web page !? https://forum.nginx.org/read.php?2,267331,267333 exposing my email and the material contained therein , the google search ! And I just looked for a " nginx " to get an error page of google searches, page which contained and still contains some personal documents. Look I'm trying to do the easy method , but I think I'll have to get justice. ________________________________ De: nginx em nome de CJ Ess Enviado: sexta-feira, 3 de junho de 2016 14:05 Para: nginx at nginx.org Assunto: Re: Problem I once knew a guy who convinced someone they had hacked their site by making a DNS entry to 127.0.0.1. So when the guy tried to access the "other" site his passwords worked, all his files were there, it was even running the same software! He made changes on his site and they instantly appeared on the "other" site. He deleted files off the "other" site and they were removed from his site - obviously in retaliation!. So after an hour or so of trying to figure out how his server is being accessed the guy just goes completely ballistic and starts calling the police and then the FBI (this was in the US). The FBI did investigate and visited the prankster in person. He explained what loopback was and how the prank worked, and the FBI agents thought it was pretty funny - they do have a sense of humor after all. On Fri, Jun 3, 2016 at 3:39 AM, Maxim Konovalov > wrote: On 6/3/16 7:33 AM, lists at lazygranch.com wrote: > Perhaps in a future release of Nginx, the error pages should not > contain any reference to nginx. That is the only way I can figure > out this person came up with the idea of complaining to the list. > (Assuming this isn't spam to encourage use to click on that website > link.) > Actually, a number of such complains is still surprisingly low. > I think another mistake is to have the error page indicate the rev > of nginx. That is an easy way for someone to spot a vulnerable rev > of the nginx on a server. > -- Maxim Konovalov _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From thaisdauto at hotmail.com Fri Jun 3 18:21:45 2016 From: thaisdauto at hotmail.com (=?iso-8859-1?Q?Tha=EDs_Dauto?=) Date: Fri, 3 Jun 2016 18:21:45 +0000 Subject: Okay? Message-ID: I want my e- mails are deleted from this website. https://forum.nginx.org/read.php?2,267331,267333 I sent an e- mail . By hotmail. And I did not ask to publish the google search , exposing me ! -------------- next part -------------- An HTML attachment was scrubbed... URL: From rva at onvaoo.com Fri Jun 3 18:23:59 2016 From: rva at onvaoo.com (Rva@onvaoo.com) Date: Fri, 3 Jun 2016 20:23:59 +0200 Subject: Okay? In-Reply-To: References: Message-ID: <3AB7E82E-CB7A-401F-AC5F-DB188082C125@onvaoo.com> Can you give us your exact location (GPS ) this is for the drone action > On 03 Jun 2016, at 20:21, Tha?s Dauto wrote: > > I want my e- mails are deleted from this website. https://forum.nginx.org/read.php?2,267331,267333 I sent an e- mail . By hotmail. And I did not ask to publish the google search , exposing me ! > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From thaisdauto at hotmail.com Fri Jun 3 18:26:01 2016 From: thaisdauto at hotmail.com (=?iso-8859-1?Q?Tha=EDs_Dauto?=) Date: Fri, 3 Jun 2016 18:26:01 +0000 Subject: Okay? In-Reply-To: <3AB7E82E-CB7A-401F-AC5F-DB188082C125@onvaoo.com> References: , <3AB7E82E-CB7A-401F-AC5F-DB188082C125@onvaoo.com> Message-ID: I will not give my location , for whom I do not even know ! ________________________________ De: nginx em nome de Rva at onvaoo.com Enviado: sexta-feira, 3 de junho de 2016 15:23 Para: nginx at nginx.org Assunto: Re: Okay? Can you give us your exact location (GPS ) this is for the drone action On 03 Jun 2016, at 20:21, Tha?s Dauto > wrote: I want my e- mails are deleted from this website. https://forum.nginx.org/read.php?2,267331,267333 I sent an e- mail . By hotmail. And I did not ask to publish the google search , exposing me ! _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From rpaprocki at fearnothingproductions.net Fri Jun 3 18:27:15 2016 From: rpaprocki at fearnothingproductions.net (Robert Paprocki) Date: Fri, 3 Jun 2016 11:27:15 -0700 Subject: Okay? In-Reply-To: References: <3AB7E82E-CB7A-401F-AC5F-DB188082C125@onvaoo.com> Message-ID: Dare I say, it's time for some moderation on this list? On Fri, Jun 3, 2016 at 11:26 AM, Tha?s Dauto wrote: > I will not give my location , for whom I do not even know ! > > > > > > ------------------------------ > *De:* nginx em nome de Rva at onvaoo.com < > rva at onvaoo.com> > *Enviado:* sexta-feira, 3 de junho de 2016 15:23 > *Para:* nginx at nginx.org > *Assunto:* Re: Okay? > > Can you give us your exact location (GPS ) this is for the drone action > > > On 03 Jun 2016, at 20:21, Tha?s Dauto wrote: > > I want my e- mails are deleted from this website. https://forum.nginx.org/read.php?2,267331,267333 I sent an e- mail . By hotmail. And I did not ask to publish the google search , exposing me ! > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From thaisdauto at hotmail.com Fri Jun 3 18:27:54 2016 From: thaisdauto at hotmail.com (=?iso-8859-1?Q?Tha=EDs_Dauto?=) Date: Fri, 3 Jun 2016 18:27:54 +0000 Subject: Okay? In-Reply-To: References: , <3AB7E82E-CB7A-401F-AC5F-DB188082C125@onvaoo.com>, Message-ID: What I want is simple. I sent a private email from my personal hotmail. And everything is published in google searches. I want you to remove ! ________________________________ De: nginx em nome de Tha?s Dauto Enviado: sexta-feira, 3 de junho de 2016 15:26 Para: nginx at nginx.org Assunto: Re: Okay? I will not give my location , for whom I do not even know ! ________________________________ De: nginx em nome de Rva at onvaoo.com Enviado: sexta-feira, 3 de junho de 2016 15:23 Para: nginx at nginx.org Assunto: Re: Okay? Can you give us your exact location (GPS ) this is for the drone action On 03 Jun 2016, at 20:21, Tha?s Dauto > wrote: I want my e- mails are deleted from this website. https://forum.nginx.org/read.php?2,267331,267333 I sent an e- mail . By hotmail. And I did not ask to publish the google search , exposing me ! _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From thaisdauto at hotmail.com Fri Jun 3 18:29:44 2016 From: thaisdauto at hotmail.com (=?iso-8859-1?Q?Tha=EDs_Dauto?=) Date: Fri, 3 Jun 2016 18:29:44 +0000 Subject: Okay? In-Reply-To: References: <3AB7E82E-CB7A-401F-AC5F-DB188082C125@onvaoo.com> , Message-ID: What? ________________________________ De: nginx em nome de Robert Paprocki Enviado: sexta-feira, 3 de junho de 2016 15:27 Para: nginx at nginx.org Assunto: Re: Okay? Dare I say, it's time for some moderation on this list? On Fri, Jun 3, 2016 at 11:26 AM, Tha?s Dauto > wrote: I will not give my location , for whom I do not even know ! ________________________________ De: nginx > em nome de Rva at onvaoo.com > Enviado: sexta-feira, 3 de junho de 2016 15:23 Para: nginx at nginx.org Assunto: Re: Okay? Can you give us your exact location (GPS ) this is for the drone action On 03 Jun 2016, at 20:21, Tha?s Dauto > wrote: I want my e- mails are deleted from this website. https://forum.nginx.org/read.php?2,267331,267333 I sent an e- mail . By hotmail. And I did not ask to publish the google search , exposing me ! _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From rpaprocki at fearnothingproductions.net Fri Jun 3 18:30:06 2016 From: rpaprocki at fearnothingproductions.net (Robert Paprocki) Date: Fri, 3 Jun 2016 11:30:06 -0700 Subject: Okay? In-Reply-To: References: <3AB7E82E-CB7A-401F-AC5F-DB188082C125@onvaoo.com> Message-ID: You sent an email to a public mailing list. Public mailing lists are archived for... public use. What did you expect was going to happen? Continuing to berate this list will accomplish nothing. May I also point you to: https://en.wikipedia.org/wiki/Streisand_effect On Fri, Jun 3, 2016 at 11:27 AM, Tha?s Dauto wrote: > > What I want is simple. I sent a private email from my personal hotmail. > And everything is published in google searches. I want you to remove ! > > > > > ------------------------------ > *De:* nginx em nome de Tha?s Dauto < > thaisdauto at hotmail.com> > *Enviado:* sexta-feira, 3 de junho de 2016 15:26 > > *Para:* nginx at nginx.org > *Assunto:* Re: Okay? > > > I will not give my location , for whom I do not even know ! > > > > > > ------------------------------ > *De:* nginx em nome de Rva at onvaoo.com < > rva at onvaoo.com> > *Enviado:* sexta-feira, 3 de junho de 2016 15:23 > *Para:* nginx at nginx.org > *Assunto:* Re: Okay? > > Can you give us your exact location (GPS ) this is for the drone action > > > On 03 Jun 2016, at 20:21, Tha?s Dauto wrote: > > I want my e- mails are deleted from this website. https://forum.nginx.org/read.php?2,267331,267333 I sent an e- mail . By hotmail. And I did not ask to publish the google search , exposing me ! > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From thaisdauto at hotmail.com Fri Jun 3 18:36:33 2016 From: thaisdauto at hotmail.com (=?iso-8859-1?Q?Tha=EDs_Dauto?=) Date: Fri, 3 Jun 2016 18:36:33 +0000 Subject: Okay? In-Reply-To: References: <3AB7E82E-CB7A-401F-AC5F-DB188082C125@onvaoo.com> , Message-ID: I want to remove my emails the internet . I do not want anything in my google searches. Only I sent these emails to " nginx " because they are on a page that contains my data on Google as well. And I sent asking to remove . Now other emails are on display. I want to cut them this page. https://forum.nginx.org/read.php?2,267331,267333 can you help me ? ________________________________ De: nginx em nome de Robert Paprocki Enviado: sexta-feira, 3 de junho de 2016 15:30 Para: nginx at nginx.org Assunto: Re: Okay? You sent an email to a public mailing list. Public mailing lists are archived for... public use. What did you expect was going to happen? Continuing to berate this list will accomplish nothing. May I also point you to: https://en.wikipedia.org/wiki/Streisand_effect [http://upload.wikimedia.org/wikipedia/commons/thumb/f/f6/Streisand_Estate.jpg/300px-Streisand_Estate.jpg] Streisand effect - Wikipedia, the free encyclopedia en.wikipedia.org The Streisand effect is the phenomenon whereby an attempt to hide, remove, or censor a piece of information has the unintended consequence of publicizing the ... On Fri, Jun 3, 2016 at 11:27 AM, Tha?s Dauto > wrote: What I want is simple. I sent a private email from my personal hotmail. And everything is published in google searches. I want you to remove ! ________________________________ De: nginx > em nome de Tha?s Dauto > Enviado: sexta-feira, 3 de junho de 2016 15:26 Para: nginx at nginx.org Assunto: Re: Okay? I will not give my location , for whom I do not even know ! ________________________________ De: nginx > em nome de Rva at onvaoo.com > Enviado: sexta-feira, 3 de junho de 2016 15:23 Para: nginx at nginx.org Assunto: Re: Okay? Can you give us your exact location (GPS ) this is for the drone action On 03 Jun 2016, at 20:21, Tha?s Dauto > wrote: I want my e- mails are deleted from this website. https://forum.nginx.org/read.php?2,267331,267333 I sent an e- mail . By hotmail. And I did not ask to publish the google search , exposing me ! _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Fri Jun 3 09:23:15 2016 From: nginx-forum at forum.nginx.org (Peter Fulier) Date: Fri, 03 Jun 2016 05:23:15 -0400 Subject: FIPS native support Message-ID: <021646498529cdde09eb3c3391635a61.NginxMailingListEnglish@forum.nginx.org> Hello All, could you please advise if/when the nginx will be officially/natively supporting FIPS mode in the future (eg similar way as the Apache HTTP does with directive SSLFIPS) ? Many thanks for your help/answer Kind regards, Peter Peter Fulier Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267347,267347#msg-267347 From nginx-forum at forum.nginx.org Thu Jun 2 08:01:12 2016 From: nginx-forum at forum.nginx.org (Harkonnen) Date: Thu, 02 Jun 2016 04:01:12 -0400 Subject: "pid" directive is duplicate in /etc/nginx/nginx.conf Message-ID: <15bad2b9e6e3ea639f3d0fe3eec80549.NginxMailingListEnglish@forum.nginx.org> Hi, I'm trying to set up a very simple nginx web server on top of an archlinux distribution. Here is my nginx.conf : user http; worker_processes 1; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; } it's a very simple one, no nested includes other than mime.types. But when I try to start my server, I have the following error : "pid" directive is duplicate in /etc/nginx/nginx.conf And I don't know why, as there are no other "pid" directive. If I comment the "pid" line, it's ok. Can you explain me what am I missing ? Thanks in advance Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267309,267309#msg-267309 From nginx-forum at forum.nginx.org Thu Jun 2 04:05:17 2016 From: nginx-forum at forum.nginx.org (davidjb) Date: Thu, 02 Jun 2016 00:05:17 -0400 Subject: Module: Configuring upstream params (eg fastcgi_param) per request In-Reply-To: <9a6fbba09081e44ecf72c31f21f9d9a4.NginxMailingListEnglish@forum.nginx.org> References: <9a6fbba09081e44ecf72c31f21f9d9a4.NginxMailingListEnglish@forum.nginx.org> Message-ID: <41e5aa2ab2f8d4d35c4f4d6e2958114c.NginxMailingListEnglish@forum.nginx.org> Anyone have any thoughts? Even if it's just to say "this isn't possible". Cheers, David Posted at Nginx Forum: https://forum.nginx.org/read.php?2,266934,267307#msg-267307 From jim at ohlste.in Fri Jun 3 18:59:59 2016 From: jim at ohlste.in (Jim Ohlstein) Date: Fri, 3 Jun 2016 14:59:59 -0400 Subject: Okay? In-Reply-To: References: <3AB7E82E-CB7A-401F-AC5F-DB188082C125@onvaoo.com> Message-ID: <6DBCC648-4A85-4DB4-919D-30B9C3BB10AC@ohlste.in> I could. But I won't. These emails are posted to several websites. If you want them to stop appearing at those sites, stop sending them. I'd also suggest that you consult a psychiatrist and get back on your medication. Jim Ohlstein > On Jun 3, 2016, at 2:36 PM, Tha?s Dauto wrote: > > I want to remove my emails the internet . I do not want anything in my google searches. Only I sent these emails to " nginx " because they are on a page that contains my data on Google as well. And I sent asking to remove . Now other emails are on display. I want to cut them this page. https://forum.nginx.org/read.php?2,267331,267333 can you help me ? > > > > De: nginx em nome de Robert Paprocki > Enviado: sexta-feira, 3 de junho de 2016 15:30 > Para: nginx at nginx.org > Assunto: Re: Okay? > > You sent an email to a public mailing list. Public mailing lists are archived for... public use. What did you expect was going to happen? Continuing to berate this list will accomplish nothing. May I also point you to: https://en.wikipedia.org/wiki/Streisand_effect > > Streisand effect - Wikipedia, the free encyclopedia > en.wikipedia.org > The Streisand effect is the phenomenon whereby an attempt to hide, remove, or censor a piece of information has the unintended consequence of publicizing the ... > > >> On Fri, Jun 3, 2016 at 11:27 AM, Tha?s Dauto wrote: >> >> What I want is simple. I sent a private email from my personal hotmail. And everything is published in google searches. I want you to >> remove ! >> >> >> >> >> De: nginx em nome de Tha?s Dauto >> Enviado: sexta-feira, 3 de junho de 2016 15:26 >> >> Para: nginx at nginx.org >> Assunto: Re: Okay? >> >> I will not give my location , for whom I do not even know ! >> >> >> >> >> De: nginx em nome de Rva at onvaoo.com >> Enviado: sexta-feira, 3 de junho de 2016 15:23 >> Para: nginx at nginx.org >> Assunto: Re: Okay? >> >> Can you give us your exact location (GPS ) this is for the drone action >> >> >>> On 03 Jun 2016, at 20:21, Tha?s Dauto wrote: >>> >>> I want my e- mails are deleted from this website. https://forum.nginx.org/read.php?2,267331,267333 I sent an e- mail . By hotmail. And I did not ask to publish the google search , exposing me ! >>> >>> >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From feldan1 at gmail.com Fri Jun 3 19:05:57 2016 From: feldan1 at gmail.com (Lorne Wanamaker) Date: Fri, 3 Jun 2016 15:05:57 -0400 Subject: Okay? In-Reply-To: <6DBCC648-4A85-4DB4-919D-30B9C3BB10AC@ohlste.in> References: <3AB7E82E-CB7A-401F-AC5F-DB188082C125@onvaoo.com> <6DBCC648-4A85-4DB4-919D-30B9C3BB10AC@ohlste.in> Message-ID: Well this is entertaining, lol. On Fri, Jun 3, 2016 at 2:59 PM, Jim Ohlstein wrote: > I could. But I won't. > > These emails are posted to several websites. If you want them to stop > appearing at those sites, stop sending them. I'd also suggest that you > consult a psychiatrist and get back on your medication. > > Jim Ohlstein > > On Jun 3, 2016, at 2:36 PM, Tha?s Dauto wrote: > > I want to remove my emails the internet . I do not want anything in my google searches. Only I sent these emails to " nginx " because they are on a page that contains my data on Google as well. And I sent asking to remove . Now other emails are on display. I want to cut them this page. https://forum.nginx.org/read.php?2,267331,267333 can you help me ? > > > > > ------------------------------ > *De:* nginx em nome de Robert Paprocki < > rpaprocki at fearnothingproductions.net> > *Enviado:* sexta-feira, 3 de junho de 2016 15:30 > *Para:* nginx at nginx.org > *Assunto:* Re: Okay? > > You sent an email to a public mailing list. Public mailing lists are > archived for... public use. What did you expect was going to happen? > Continuing to berate this list will accomplish nothing. May I also point > you to: https://en.wikipedia.org/wiki/Streisand_effect > > Streisand effect - Wikipedia, the free encyclopedia > > en.wikipedia.org > The Streisand effect is the phenomenon whereby an attempt to hide, remove, > or censor a piece of information has the unintended consequence of > publicizing the ... > > > On Fri, Jun 3, 2016 at 11:27 AM, Tha?s Dauto > wrote: > >> >> What I want is simple. I sent a private email from my personal hotmail. >> And everything is published in google searches. I want you to remove ! >> >> >> >> >> ------------------------------ >> *De:* nginx em nome de Tha?s Dauto < >> thaisdauto at hotmail.com> >> *Enviado:* sexta-feira, 3 de junho de 2016 15:26 >> >> *Para:* nginx at nginx.org >> *Assunto:* Re: Okay? >> >> >> I will not give my location , for whom I do not even know ! >> >> >> >> >> >> ------------------------------ >> *De:* nginx em nome de Rva at onvaoo.com < >> rva at onvaoo.com> >> *Enviado:* sexta-feira, 3 de junho de 2016 15:23 >> *Para:* nginx at nginx.org >> *Assunto:* Re: Okay? >> >> Can you give us your exact location (GPS ) this is for the drone action >> >> >> On 03 Jun 2016, at 20:21, Tha?s Dauto wrote: >> >> I want my e- mails are deleted from this website. https://forum.nginx.org/read.php?2,267331,267333 I sent an e- mail . By hotmail. And I did not ask to publish the google search , exposing me ! >> >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From kurt at x64architecture.com Fri Jun 3 19:36:18 2016 From: kurt at x64architecture.com (Kurt Cancemi) Date: Fri, 3 Jun 2016 15:36:18 -0400 Subject: "pid" directive is duplicate in /etc/nginx/nginx.conf In-Reply-To: <15bad2b9e6e3ea639f3d0fe3eec80549.NginxMailingListEnglish@forum.nginx.org> References: <15bad2b9e6e3ea639f3d0fe3eec80549.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello, See here https://bugs.archlinux.org/task/46500 . Kurt Cancemi https://www.x64architecture .com > On Jun 2, 2016, at 04:01, Harkonnen wrote: > > Hi, > > I'm trying to set up a very simple nginx web server on top of an archlinux > distribution. Here is my nginx.conf : > > user http; > worker_processes 1; > error_log /var/log/nginx/error.log; > pid /var/run/nginx.pid; > > events { > worker_connections 1024; > } > > http { > include mime.types; > default_type application/octet-stream; > } > > it's a very simple one, no nested includes other than mime.types. But when I > try to start my server, I have the following error : > > "pid" directive is duplicate in /etc/nginx/nginx.conf > > And I don't know why, as there are no other "pid" directive. If I comment > the "pid" line, it's ok. > > Can you explain me what am I missing ? > > Thanks in advance > > Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267309,267309#msg-267309 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From kurt at x64architecture.com Fri Jun 3 19:37:51 2016 From: kurt at x64architecture.com (Kurt Cancemi) Date: Fri, 3 Jun 2016 15:37:51 -0400 Subject: "pid" directive is duplicate in /etc/nginx/nginx.conf In-Reply-To: <15bad2b9e6e3ea639f3d0fe3eec80549.NginxMailingListEnglish@forum.nginx.org> References: <15bad2b9e6e3ea639f3d0fe3eec80549.NginxMailingListEnglish@forum.nginx.org> Message-ID: <390C8CD7-240E-4A4A-A0F4-9AFBF84EFBF7@x64architecture.com> Hello, See here https://bugs.archlinux.org/task/46500. Kurt Cancemi https://www.x64architecture.com > On Jun 2, 2016, at 04:01, Harkonnen wrote: > > Hi, > > I'm trying to set up a very simple nginx web server on top of an archlinux > distribution. Here is my nginx.conf : > > user http; > worker_processes 1; > error_log /var/log/nginx/error.log; > pid /var/run/nginx.pid; > > events { > worker_connections 1024; > } > > http { > include mime.types; > default_type application/octet-stream; > } > > it's a very simple one, no nested includes other than mime.types. But when I > try to start my server, I have the following error : > > "pid" directive is duplicate in /etc/nginx/nginx.conf > > And I don't know why, as there are no other "pid" directive. If I comment > the "pid" line, it's ok. > > Can you explain me what am I missing ? > > Thanks in advance > > Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267309,267309#msg-267309 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From agentzh at gmail.com Sat Jun 4 05:39:46 2016 From: agentzh at gmail.com (Yichun Zhang (agentzh)) Date: Fri, 3 Jun 2016 22:39:46 -0700 Subject: [ANN] OpenResty 1.9.15.1 released Message-ID: Hi folks, I am happy to announce the new formal release, 1.9.15.1, of the OpenResty web platform based on NGINX and LuaJIT: https://openresty.org/en/download.html Both the (portable) source code distribution and the Win32 binary distribution are provided on this Download page. The highlights of this release are: 1. New NGINX 1.9.15 core. 2. LuaJIT now supports (almost) the full 2GB address space for its GC-managed memory per VM instance on x86_64 (as compared to the previous 1GB memory limit on x86_64). 3. the new restydoc command-line utility. Ensure you have added /bin to your PATH environment, as in export PATH=/usr/local/openresty/bin:$PATH assuming your are using the default OpenResty prefix (/usr/local/openresty). Then you can try the following commands from your terminal: restydoc -s listen restydoc -s content_by_lua restydoc resty.lrucache restydoc -s ngx.re.match ngx_lua restydoc ngx_proxy restydoc ngx_stream_proxy restydoc -s '$request_uri' Hopefully you'll have fun with this tool :) Special thanks go to all our developers and contributors! Complete list of changes since the last (formal) release, 1.9.7.5: * upgraded the Nginx core to 1.9.15. * see the changes here: http://nginx.org/en/CHANGES * bugfix: applied the patch for nginx security advisory (CVE-2016-4450) to the nginx 1.9.15 core. * feature: added restydoc documentation indexes for the official nginx core and most of the official openresty components. * upgraded ngx_lua to 0.10.5. * bugfix: use of ssl_certificate_by_lua* in the "http {}" scope could lead to process crashes. thanks Andreas Lubbe for the report. * bugfix: ngx.print("") did not trigger response header sending. * feature: linux x64: now we try limiting the growth of the data segment of the nginx processes to preserve as much lowest address space for LuaJIT as possible. thanks Shuxin Yang for the help. * bugfix: init_worker_by_lua* did not honor "http {}" top-level configurations like lua_ssl_verify_depth and lua_ssl_trusted_certificate. thanks Vladimir Shaykovskiy for the report. * bugfix: ngx.exit() could not be used in the context of balancer_by_lua* when lua-resty-core was used. * bugfix: *_by_lua_block: fixed Lua long bracket parsing at buffer boundaries. thanks Maxim Ivanov and Tom Thorogood for the report. * bugfix: ngx.req.append_body() might enter infinite loops when ngx.req.init_body() has not specified a buffer size and the request header "Content-Length" is 0 (or client_body_buffer_size is configured to 0). thanks Hai for the report and Dejiang Zhu for the patch. * bugfix: ngx.re.match: the 5th argument hid the 4th one. thanks iorichina for the report and rako9000 for the original patch. * bugfix: ngx.worker.id() should return "nil" in non-worker processes like nginx's cache managers. thanks Weixie Cui for the patch. * bugfix: fixed a memory leak in cert_pem_to_der(), caught by valgrind. * bugfix: ignore unexpected closing long-brackets in *_by_lua_block directives. thanks Thibault Charbonnier for the patch. * bugfix: changing peers in balancer_by_lua* might lead to stale values of $upstream_addr. * bugfix: clear errors in ngx.ssl and ngx.ocsp functions to avoid flooding nginx error logs. thanks Hamish for the original patch. * bugfix: tcpsock:sslhandshake() did not correctly check argument count. thanks Ilya Shipitsin for the report. * bugfix: tcpsock:sslhandshake() accepts up to 5 arguments now (including the object itself). * bugfix: assignment to ngx.status might not affect subsequent ngx.status reads when error_page had already taken place. thanks wangwei4514 for the report. * refactor: refactored the implementation of the ngx.semaphore API. thanks Weixie Cui for the patch. * doc: typo fixes from Christos Trochalakis. * upgraded lua-resty-core to 0.1.6. * feature: implemented ngx.worker.id() and ngx.worker.count() with FFI. thanks Yuansheng Wang for the patch. * bugfix: Lua's tail-call optimization might unexpectedly make ngx.semaphore objects get garbage-collected prematurely even when there're still waiters. this could happen when lua_check_client_abort is enabled. thanks Dejiang Zhu for the patch. * doc: ngx.semaphore: documented the "timeout" argument of "wait()" in more detail. * doc: typo fixes from Alessandro Ghedini. * doc: formatting fixes from ms2008. * upgraded lua-resty-redis to 0.24. * bugfix: added a "tostring()" call to avoid the "attempt to concatenate local 'prefix' (a nil value)" error in Lua function "_read_reply()". * optimize: we now alway call "tostring()" upon args in Redis query methods. * optimize: reduced Lua string concatenations in redis query composition. * upgraded lua-resty-dns to 0.16. * bugfix: when the "AD" and "CD" bits are set in the DNS responses as per RFC 2065, they would erroneously be treated as a part of the error code ("RCODE"). thanks Celebi Lui for the report and patch. * upgraded lua-resty-memcached to 0.14. * optimize: reduced table.concat() calls while constructing memcached requests, which can lead to fewer Lua string creation operations. * bugfix: "get()" did not return server error responses. thanks Lorenz Bauer for the report. * bugfix: "gets()" did not return server error responses. thanks Lorenz Bauer for the report. * bugfix: "get()": simplified the error messages so that the caller can check the error more easily. * feature: "set_timeout()" now returns the result of the operation. thanks Guanlan Dai for the report. * upgraded lua-resty-mysql to 0.16. * bugfix: "close()": we did not send the "COM_QUIT" packet to the MySQL server. thanks Andreas Fischer for the report. * bugfix: fixed the Lua exception "attempt to concatenate field 'state' (a nil value)". thanks heyuanlong for the report. * doc: typo fixes from Boris Nagaev. * upgraded resty-cli to 0.12. * feature: "resty": multiple "-e" options, along with the file argument, are supported. * feature: added new command-line utility, restydoc, for viewing OpenResty/Nginx documentation on the terminal (inspired by Perl's "perldoc" utility) via "groff" (used by "man" as well). * feature: added new command-line utility, md2pod.pl, for converting GitHub-flavored Markdown source to Perl's POD format. * feature: added new command-line utility, restydoc-index, for generating the documentation indexes by scanning Markdown and POD document files in user-specified directories, which can be used by the restydoc tool. * feature: added new command-line utility, nginx-xml2pod, for converting NGINX's official XML-formatted documentation to Perl's POD format. * bugfix: "resty": the "--valgrind" command-line option was broken. * upgraded lua-cjson to 2.1.0.4. * feature: added the "cjson.as_array" metamethod to enforce empty array encoding. thanks Thibault Charbonnier for the patch. * bugfix: fixed the 16 decimal number encoding assertion. thanks Thibault Charbonnier for the patch. * doc: added proper documentation for OpenResty's fork of lua-cjson. thanks Thibault Charbonnier for the patch. * upgraded LuaJIT to v2.1-20160517: https://github.com/openresty/luajit2/tags * imported Mike Pall's latest changes: * Rollback due to "HREFK" + load fwd must restore guardemit state. * Always merge snapshots without instructions inbetween. * FFI: Parse "#line NN" and "#NN". * MIPS: Switch to dual-number mode. Fix soft-float interpreter. * PS4: Switch default build to amalgamated and "LJ_GC64" mode. * MIPS: Add soft-float support to JIT compiler backend. * Don't allocate unused 2nd result register in JIT compiler backend. * Use internal implementation for converting FP numbers to strings. * MIPS soft-float: Fix code generation for HREF. * ARM: Fix build problem with external frame unwinding. * Fix display of "NULL" (light)userdata in "-jdump". * x64/LJ_GC64: Fix JIT glue code in interpreter. * x86: Detect "BMI2" instruction support. * x86: Generate "BMI2" shifts and rotates, if available. * MIPS: Fix use of ffgccheck delay slots in interpreter. * Windows/x64/LJ_GC64: Fix "math.frexp()" and "math.modf()". * Cygwin: Allow cross-builds to non-Cygwin targets. * Fix recording of "select(n, ...)" with off-trace varargs. * x86: Improve disassembly of BMI2 instructions. * x64/LJ_GC64: Fix "BC_UCLO" check for fast-path. * MIPS: Fix "BC_ISNEXT" fallback path. * Rewrite memory block allocator. Use a mix of linear probing and pseudo-random probing. Workaround for 1GB "MAP_32BIT" limit on Linux/x64. Now 2GB with "!LJ_GC64". Enforce 128TB "LJ_GC64" limit for > 47 bit memory layouts (ARM64). * x86/x64: Search for exit jumps with instruction length decoder. * Fix handling of non-numeric strings in arithmetic coercions. * Fix GCC 6 -Wmisleading-indentation warnings. * Constrain value range of "lj_ir_kptr()" to unsigned 32 bit pointers. * upgraded ngx_srcache to 0.31. * bugfix: this module should not depend on builtin modules like ngx_http_ssi and ngx_http_addition to pull in the ngx_http_postpone module to function properly. thanks Dejiang Zhu for the original patch. * feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the "--with-dynamic-module=PATH" option of "./configure". thanks Hiroaki Nakamura for the original patch. * bugfix: fixed errors and warnings with C compilers without variadic macro support. * doc: clarified what "0s" means for the default expiration time. thanks matlloyd for the patch. * doc: documented the memcached maximum key length and the set_md5 directive. thanks J?r?my Lal for the patch. * upgraded ngx_form_input to 0.12. * bugfix: avoided use of C global variables in configuration phase since it might cause problems in failed HUP reloads. * feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the "--with-dynamic-module=PATH" option of "./configure". * upgraded ngx_devel_kit to 0.3.0. * feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the "--with-dynamic-module=PATH" option of "./configure". thanks Andrei Belov for the patch. * bugfix: compiler errors: comparison between signed and unsigned integer expressions. thanks Xiaochen Wang for the patch. * doc: added the new section "Modules using NDK". * upgraded ngx_encrypted_session to 0.05. * feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the "--with-dynamic-module=PATH" option of "./configure". * upgraded ngx_headers_more to 0.30. * feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the "--with-dynamic-module=PATH" option of "./configure". thanks Sjir Bagmeijer for the original patch. * upgraded ngx_echo to 0.59. * feature: added support for nginx 1.9.11+ when no nginx builtin modules pull in the ngx_http_postpone module. * feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the "--with-dynamic-module=PATH" option of "./configure". * bugfix: fixed warnings with C compilers without variadic macro support. * upgraded ngx_memc to 0.17. * feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the "--with-dynamic-module=PATH" option of "./configure". * bugfix: fixed errors and warnings with C compilers without variadic macro support. * upgraded ngx_redis2 to 0.13. * feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the "--with-dynamic-module=PATH" option of "./configure". * bugfix: fixed errors and warnings with C compilers without variadic macro support. * upgraded ngx_iconv to 0.14. * feature: this module can now be compiled as a dynamic module with NGINX 1.9.11+ via the "--with-dynamic-module=PATH" option of "./configure". The HTML version of the change log with lots of helpful hyper-links can be browsed here: https://openresty.org/en/changelog-1009015.html OpenResty (aka. ngx_openresty) is a full-fledged web platform by bundling the standard Nginx core, Lua/LuaJIT, lots of 3rd-party Nginx modules and Lua libraries, as well as most of their external dependencies. See OpenResty's homepage for details: https://openresty.org/ We have run extensive testing on our Amazon EC2 test cluster and ensured that all the components (including the Nginx core) play well together. The latest test report can always be found here: https://qa.openresty.org/ Enjoy! -agentzh From reallfqq-nginx at yahoo.fr Sat Jun 4 17:53:47 2016 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Sat, 4 Jun 2016 19:53:47 +0200 Subject: Problem In-Reply-To: References: <83D70D08-E304-41AC-AF0E-1469A3655A30@fearnothingproductions.net> <09C562A4-A622-43A4-9235-BB094CAC6514@fearnothingproductions.net> <20160603043314.5451859.33870.4071@lazygranch.com> <43872302-db51-a576-0209-0142c709442c@nginx.com> Message-ID: Rhetorical questions: Are you a troll? Or simply deeply troubled and paranoid? Emails you send to a public mailing list are: 1. Sent to every subscriber (there is a link to unsubscribe at the bottom of every message: http://mailman.nginx.org/mailman/listinfo/nginx) 2. Archived in different ways (at the top of the previously linked page there are archives, forum.nginx.org is another spot to find them, sorted as a forum) None of us can help you with your original problem, since you simply are at the wrong place. You chose to write to the user mailling list of the nginx technology, using an email address of your choice. No-one pumped you for any of this. ?Please, get justice (and bring me some, I am short on it).? --- *B. R.* On Fri, Jun 3, 2016 at 8:18 PM, Tha?s Dauto wrote: > Hi > > I do not want to receive these emails . I received a lot of emails and none were really to me or to help me in what I said. So now I want to stop receiving these emails . I sent an email to " nginx at nginx.org " I sent my personal email , I use to serious things , I would like to know why the email is that web page !? https://forum.nginx.org/read.php?2,267331,267333 exposing my email and the material contained therein , the google search ! And I just looked for a " nginx " to get an error page of google searches, page which contained and still contains some personal documents. Look I'm trying to do the easy method , but I think I'll have to get justice. > > > > > > ------------------------------ > *De:* nginx em nome de CJ Ess < > zxcvbn4038 at gmail.com> > *Enviado:* sexta-feira, 3 de junho de 2016 14:05 > *Para:* nginx at nginx.org > *Assunto:* Re: Problem > > I once knew a guy who convinced someone they had hacked their site by > making a DNS entry to 127.0.0.1. So when the guy tried to access the > "other" site his passwords worked, all his files were there, it was even > running the same software! He made changes on his site and they instantly > appeared on the "other" site. He deleted files off the "other" site and > they were removed from his site - obviously in retaliation!. So after an > hour or so of trying to figure out how his server is being accessed the guy > just goes completely ballistic and starts calling the police and then the > FBI (this was in the US). The FBI did investigate and visited the prankster > in person. He explained what loopback was and how the prank worked, and the > FBI agents thought it was pretty funny - they do have a sense of humor > after all. > > > On Fri, Jun 3, 2016 at 3:39 AM, Maxim Konovalov wrote: > >> On 6/3/16 7:33 AM, lists at lazygranch.com wrote: >> > Perhaps in a future release of Nginx, the error pages should not >> > contain any reference to nginx. That is the only way I can figure >> > out this person came up with the idea of complaining to the list. >> > (Assuming this isn't spam to encourage use to click on that website >> > link.) >> > >> Actually, a number of such complains is still surprisingly low. >> >> > I think another mistake is to have the error page indicate the rev >> > of nginx. That is an easy way for someone to spot a vulnerable rev >> > of the nginx on a server. >> > >> >> -- >> Maxim Konovalov >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Sat Jun 4 23:17:26 2016 From: nginx-forum at forum.nginx.org (ZaneCEO) Date: Sat, 04 Jun 2016 19:17:26 -0400 Subject: Issue with HTTP/2 and async file upload from Safari on iOS Message-ID: <96d68b45d3960171c30dff44322a550b.NginxMailingListEnglish@forum.nginx.org> Hi guys, I'm at my first deploy of Nginx with php-fpm after 10+ years of love with Apache and mod_php. So far so (very) good. I just have a peculiar issue with Safari on iOS. As you can read here http://stackoverflow.com/questions/37635277/safari-on-ios-fails-to-ajax-upload-some-image-file-cannot-connect-to-server , my webapp allows the user to select an image, client-resize it via JS and then upload it via jQuery. The problem is that Safari on iOS 9 sometimes fails the upload with the error POST , Could not connect to the server. I just found out that when I disabled the HTTP/2 form my server config the issue vanishes. Is this a known issue somehow? Is there any other solution that doesn't require me to go nuclear on HTTP/2? Thanks for your help! Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267385,267385#msg-267385 From lucas at slcoding.com Sat Jun 4 23:30:29 2016 From: lucas at slcoding.com (Lucas Rolff) Date: Sun, 05 Jun 2016 01:30:29 +0200 Subject: Issue with HTTP/2 and async file upload from Safari on iOS In-Reply-To: <96d68b45d3960171c30dff44322a550b.NginxMailingListEnglish@forum.nginx.org> References: <96d68b45d3960171c30dff44322a550b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <57536495.7030902@slcoding.com> https://trac.nginx.org/nginx/ticket/979 https://trac.nginx.org/nginx/ticket/959 It's a known bug > ZaneCEO > 5 June 2016 at 01:17 > Hi guys, > I'm at my first deploy of Nginx with php-fpm after 10+ years of love with > Apache and mod_php. So far so (very) good. > > I just have a peculiar issue with Safari on iOS. As you can read here > http://stackoverflow.com/questions/37635277/safari-on-ios-fails-to-ajax-upload-some-image-file-cannot-connect-to-server > , my webapp allows the user to select an image, client-resize it via > JS and > then upload it via jQuery. > > The problem is that Safari on iOS 9 sometimes fails the upload with the > error > > POST , Could not connect to the server. > > I just found out that when I disabled the HTTP/2 form my server config the > issue vanishes. > > Is this a known issue somehow? Is there any other solution that doesn't > require me to go nuclear on HTTP/2? > > Thanks for your help! > > Posted at Nginx Forum: > https://forum.nginx.org/read.php?2,267385,267385#msg-267385 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Sun Jun 5 15:32:35 2016 From: nginx-forum at forum.nginx.org (b4a456fb-1402) Date: Sun, 05 Jun 2016 11:32:35 -0400 Subject: nginx fastcgi_cache not freeing deleted items causing excessive disk usage Message-ID: Hello, I'm using nginx 1.10.0 and the nginx_fastcgi_cache option. I've noticed that with a high amount of requests per second (I'm not sure when it occurs exactly, but we have ~2500RPS with about 2Gbit/s of outgoing traffic responses) there is an issue with the fastcgi_cache files not being freed. lsof shows a huge amount of files as (deleted) but the space it not being freed. Eventually the entire partition fills up like this. The keys_zone and max_size are both set to 500m The fastcgi_cache_valid is set to 1m Even when the server is idle for a while (30+ minutes) the space is not being freed. Obviously restarting nginx manually immediately frees the space. Is this a bug or is there a setting I can use to perform some sort of garbage collection? Cheers, Niels Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267401,267401#msg-267401 From odyssey471 at gmail.com Mon Jun 6 01:08:08 2016 From: odyssey471 at gmail.com (=?UTF-8?B?5Zub5bym?=) Date: Mon, 6 Jun 2016 09:08:08 +0800 Subject: I think we can add a new section called 'ssl' Message-ID: Hello, When the nginx-1.11.0 released,'ssl_certficate' and 'ssl_certificate_key' options can be use several times to load different kinds of certificates.But,if you use the module 'nginx-ct' to enable 'Certificate Transperancy' policy(the module allow you to submit your certificate to 'Certificate Transperancy Logs' server and get the 'SCT' which can be used to sent to browser to enable 'Certificate Transperancy'.And it added two options:'ssl_ct on/off;' and 'ssl_ct_static_scts /path/to/sct/directory;')So,if you use ECDSA and RSA dual-certificates,you can only put SCT of each other in a directory.In chrome 50,you will see '1 vaild SCT,1 invaild SCT',and in some lower version chrome,you click the 'Lock' on the left of the address bar,it will display a red 'Lock' with a '?' in the pop-up menu,although the text beside is 'The server provides a valid certificate, and provide a valid Certificate Transperancy information'. And it also says:'Your connection is not private connection.' So,why don't we add a section called 'ssl'?It can allow us to have some different settings according to the type of certificates.Likes follow: ssl{ ssl_certificate ...; ssl_certificate_key ...; ssl_ct on; ssl_ct_static_sct /path/to/ecc/sct; } ssl{ ssl_certificate ...; ssl_certificate_key ...; ssl_ct on; ssl_ct_static_sct /path/to/rsa/sct; } How do you think of my advice? Thank you. P.S:My mother tongue is not English,so if there are some grammar errors in my e-mail,please forgive,thanks. -------------- next part -------------- An HTML attachment was scrubbed... URL: From shilei at qiyi.com Mon Jun 6 01:50:28 2016 From: shilei at qiyi.com (=?gb2312?B?yq/A2g==?=) Date: Mon, 6 Jun 2016 01:50:28 +0000 Subject: How to reproduce issue CVE-2016-4450? Message-ID: <29becfcbde1f47f5ac55ed8cd210cf70@EXCH04.iqiyi.pps> Thank you very much for the quick response. So can I say that if the nginx do not read the request body, it will not have the ?CVE-2016-4450? issue? Thanks! From: ?? Sent: Friday, June 03, 2016 2:55 PM To: 'nginx at nginx.org' Subject: How to reproduce issue CVE-2016-4450? Hi, I am working on the fixing of issue CVE-2016-4450, it seems that if the request body is neither saved in the memory nor in file, it might crash when save the request body to the temp file. Could you instruct me what kind of request body can trigger this issue? I want to reproduce it, and evaluate the whether upgrade our nginx server. Refer to CVE-2016-4450: A problem was identified in nginx code responsible for saving client request body to a temporary file. A specially crafted request might result in worker process crash due to a NULL pointer dereference while writing client request body to a temporary file (CVE-2016-4450). Thanks! ? ? ????????????? [????logo] ????? ??????????????2???????17? ???100080 ????86 138 1180 3496 ??? ????86 10 6267 7000 ???shilei at qiyi.com ???www.iQIYI.com www.ppstream.com -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 25521 bytes Desc: image001.jpg URL: From nginx-forum at forum.nginx.org Mon Jun 6 07:53:43 2016 From: nginx-forum at forum.nginx.org (ZaneCEO) Date: Mon, 06 Jun 2016 03:53:43 -0400 Subject: Issue with HTTP/2 and async file upload from Safari on iOS In-Reply-To: <57536495.7030902@slcoding.com> References: <57536495.7030902@slcoding.com> Message-ID: Thank you very much!! At least now I know what's going on! Let's wait for a patch... Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267385,267408#msg-267408 From maxim at nginx.com Mon Jun 6 08:01:46 2016 From: maxim at nginx.com (Maxim Konovalov) Date: Mon, 6 Jun 2016 11:01:46 +0300 Subject: Issue with HTTP/2 and async file upload from Safari on iOS In-Reply-To: References: <57536495.7030902@slcoding.com> Message-ID: <5003877e-277d-01d7-4ffd-c154195a6e7e@nginx.com> On 6/6/16 10:53 AM, ZaneCEO wrote: > Thank you very much!! At least now I know what's going on! Let's wait for a > patch... > It was fixed in 1.11.0 two weeks ago. -- Maxim Konovalov From sca at andreasschulze.de Mon Jun 6 10:00:37 2016 From: sca at andreasschulze.de (A. Schulze) Date: Mon, 06 Jun 2016 12:00:37 +0200 Subject: Issue with HTTP/2 and async file upload from Safari on iOS In-Reply-To: <5003877e-277d-01d7-4ffd-c154195a6e7e@nginx.com> References: <57536495.7030902@slcoding.com> <5003877e-277d-01d7-4ffd-c154195a6e7e@nginx.com> Message-ID: <20160606120037.Horde.DUQpGcg66Of5WsVyGP52G7L@andreasschulze.de> Hello, I'm using horde and observe similar errors since some weeks. Unsure if the same problem would be the reason. Maxim Konovalov: > It was fixed in 1.11.0 two weeks ago. I found one patch 'preread_buffer.patch" attachtd to https://trac.nginx.org/nginx/ticket/959 That patch looks not trivial (to me) Would it be possible to publish a version for nginx-1.10.1, too I would try if that solve the errors I observe. Thanks Andreas From maxim at nginx.com Mon Jun 6 10:05:42 2016 From: maxim at nginx.com (Maxim Konovalov) Date: Mon, 6 Jun 2016 13:05:42 +0300 Subject: Issue with HTTP/2 and async file upload from Safari on iOS In-Reply-To: <20160606120037.Horde.DUQpGcg66Of5WsVyGP52G7L@andreasschulze.de> References: <57536495.7030902@slcoding.com> <5003877e-277d-01d7-4ffd-c154195a6e7e@nginx.com> <20160606120037.Horde.DUQpGcg66Of5WsVyGP52G7L@andreasschulze.de> Message-ID: <6f572b19-fbe6-3979-1b93-a13b4340ad23@nginx.com> On 6/6/16 1:00 PM, A. Schulze wrote: > > Hello, > > I'm using horde and observe similar errors since some weeks. > Unsure if the same problem would be the reason. > > Maxim Konovalov: >> It was fixed in 1.11.0 two weeks ago. > > I found one patch 'preread_buffer.patch" attachtd to > https://trac.nginx.org/nginx/ticket/959 > That patch looks not trivial (to me) > Would it be possible to publish a version for nginx-1.10.1, too > > I would try if that solve the errors I observe. > Why don't you just try 1.11.1? The code difference between it and 1.10.1 (already released a week ago) is marginal. -- Maxim Konovalov From mdounin at mdounin.ru Mon Jun 6 10:29:41 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 6 Jun 2016 13:29:41 +0300 Subject: I think we can add a new section called 'ssl' In-Reply-To: References: Message-ID: <20160606102941.GS36620@mdounin.ru> Hello! On Mon, Jun 06, 2016 at 09:08:08AM +0800, ?? wrote: > Hello, > When the nginx-1.11.0 released,'ssl_certficate' and 'ssl_certificate_key' > options can be use several times to load different kinds of > certificates.But,if you use the module 'nginx-ct' to enable 'Certificate > Transperancy' policy(the module allow you to submit your certificate to > 'Certificate Transperancy Logs' server and get the 'SCT' which can be used > to sent to browser to enable 'Certificate Transperancy'.And it added two > options:'ssl_ct on/off;' and 'ssl_ct_static_scts > /path/to/sct/directory;')So,if you use ECDSA and RSA dual-certificates,you > can only put SCT of each other in a directory.In chrome 50,you will see '1 > vaild SCT,1 invaild SCT',and in some lower version chrome,you click the > 'Lock' on the left of the address bar,it will display a red 'Lock' with a > '?' in the pop-up menu,although the text beside is 'The server provides a > valid certificate, and provide a valid Certificate Transperancy > information'. > And it also says:'Your connection is not private connection.' > > So,why don't we add a section called 'ssl'?It can allow us to have some > different settings according to the type of certificates.Likes follow: > ssl{ > > ssl_certificate ...; > > ssl_certificate_key ...; > > ssl_ct on; > > ssl_ct_static_sct /path/to/ecc/sct; > > } > ssl{ > > ssl_certificate ...; > ssl_certificate_key ...; > ssl_ct on; > ssl_ct_static_sct /path/to/rsa/sct; > > } > How do you think of my advice? Rather, I would think about somehow selecting different server{} blocks based on SSL options (e.g., ciphers supported by a client). -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Mon Jun 6 10:45:29 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 6 Jun 2016 13:45:29 +0300 Subject: nginx fastcgi_cache not freeing deleted items causing excessive disk usage In-Reply-To: References: Message-ID: <20160606104529.GT36620@mdounin.ru> Hello! On Sun, Jun 05, 2016 at 11:32:35AM -0400, b4a456fb-1402 wrote: > Hello, > > I'm using nginx 1.10.0 and the nginx_fastcgi_cache option. I've noticed that > with a high amount of requests per second (I'm not sure when it occurs > exactly, but we have ~2500RPS with about 2Gbit/s of outgoing traffic > responses) there is an issue with the fastcgi_cache files not being freed. > lsof shows a huge amount of files as (deleted) but the space it not being > freed. Eventually the entire partition fills up like this. > > The keys_zone and max_size are both set to 500m > The fastcgi_cache_valid is set to 1m > > Even when the server is idle for a while (30+ minutes) the space is not > being freed. Obviously restarting nginx manually immediately frees the > space. > > Is this a bug or is there a setting I can use to perform some sort of > garbage collection? The fact that a file is shown as "deleted" indicates that it was deleted but is still open. This may happen due to legitimate reasons - e.g., the file was deleted, but is current being served to a client and hence it is still open. But if you see no changes with 30+ minutes without load, there is likely a problem somewhere. You may try debugging it further. Some basic things to consider: - Make sure you are not using open_file_cache with some insane parameters. If you use open_file_cache, comment it out and check if you are still able to reproduce the problem. - Check if "nginx -V" shows any 3rd party modules. If it does, try reproducing the problem without them. - When leaving the server idle, wait to make sure all client connections are actually closed on socket level by clients - that is, no connections in the ESTABLISHED state. Check lsof when this happens. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Mon Jun 6 13:13:04 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 6 Jun 2016 16:13:04 +0300 Subject: Module: Configuring upstream params (eg fastcgi_param) per request In-Reply-To: <41e5aa2ab2f8d4d35c4f4d6e2958114c.NginxMailingListEnglish@forum.nginx.org> References: <9a6fbba09081e44ecf72c31f21f9d9a4.NginxMailingListEnglish@forum.nginx.org> <41e5aa2ab2f8d4d35c4f4d6e2958114c.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20160606131304.GV36620@mdounin.ru> Hello! On Thu, Jun 02, 2016 at 12:05:17AM -0400, davidjb wrote: > Anyone have any thoughts? Even if it's just to say "this isn't possible". When working with multiple servers within a single upstream{} block, nginx creates a request only once. If a server fails, nginx will re-try the same request to a different server. So it's not possible to supply different parameters for different servers - because the request is already created. If you want to send different requests, you have to use other mechanisms available in nginx, such as error_page fallback. Then it will be possible to create another request with different headers / FastCGI parameters. -- Maxim Dounin http://nginx.org/ From odyssey471 at gmail.com Mon Jun 6 13:20:09 2016 From: odyssey471 at gmail.com (=?UTF-8?B?5Zub5bym?=) Date: Mon, 6 Jun 2016 21:20:09 +0800 Subject: I think we can add a new section called 'ssl' In-Reply-To: <20160606102941.GS36620@mdounin.ru> References: <20160606102941.GS36620@mdounin.ru> Message-ID: Hello, That's a good idea.BoringSSL supports Equivalent encryption algorithm group,likes follow: [ECDHE_ECDSA_CHACHA20_POLY1305_SHA384|ECDHE_ECDSA_AES_128_GCM_SHA384]:... Cipher suites which are included by [] are equivalent,when TLS handshaking,the feature can choose the best cipher suites by clients' platform. But it is hard to complie nginx with boringssl,and it dosen't support OCSP Stapling,that's too bad. I think your idea will be interesting if it can be come true. 2016-06-06 18:29 GMT+08:00 Maxim Dounin : > Hello! > > On Mon, Jun 06, 2016 at 09:08:08AM +0800, ?? wrote: > > > Hello, > > When the nginx-1.11.0 released,'ssl_certficate' and 'ssl_certificate_key' > > options can be use several times to load different kinds of > > certificates.But,if you use the module 'nginx-ct' to enable 'Certificate > > Transperancy' policy(the module allow you to submit your certificate to > > 'Certificate Transperancy Logs' server and get the 'SCT' which can be > used > > to sent to browser to enable 'Certificate Transperancy'.And it added two > > options:'ssl_ct on/off;' and 'ssl_ct_static_scts > > /path/to/sct/directory;')So,if you use ECDSA and RSA > dual-certificates,you > > can only put SCT of each other in a directory.In chrome 50,you will see > '1 > > vaild SCT,1 invaild SCT',and in some lower version chrome,you click the > > 'Lock' on the left of the address bar,it will display a red 'Lock' with a > > '?' in the pop-up menu,although the text beside is 'The server provides a > > valid certificate, and provide a valid Certificate Transperancy > > information'. > > And it also says:'Your connection is not private connection.' > > > > So,why don't we add a section called 'ssl'?It can allow us to have some > > different settings according to the type of certificates.Likes follow: > > ssl{ > > > > ssl_certificate ...; > > > > ssl_certificate_key ...; > > > > ssl_ct on; > > > > ssl_ct_static_sct /path/to/ecc/sct; > > > > } > > ssl{ > > > > ssl_certificate ...; > > ssl_certificate_key ...; > > ssl_ct on; > > ssl_ct_static_sct /path/to/rsa/sct; > > > > } > > How do you think of my advice? > > Rather, I would think about somehow selecting different server{} > blocks based on SSL options (e.g., ciphers supported by a client). > > -- > Maxim Dounin > http://nginx.org/ > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From ahall at autodist.com Mon Jun 6 13:35:41 2016 From: ahall at autodist.com (Alex Hall) Date: Mon, 6 Jun 2016 09:35:41 -0400 Subject: allow/deny by name? Message-ID: Hi all, Is there a way to allow or deny based on name? For instance, I currently have my site restricted to intranet traffic only, but I need to allow a remote SMTP server access. Can I do something like allow smtp.mysmtp.com; Thanks. -- Alex Hall Automatic Distributors, IT department ahall at autodist.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From kbuchs at frontlinetechnologies.com Mon Jun 6 13:46:51 2016 From: kbuchs at frontlinetechnologies.com (Kevin Buchs) Date: Mon, 6 Jun 2016 13:46:51 +0000 Subject: Configuring Nginx OS to perform advanced web proxy function Message-ID: Hello, I am certainly a newbie at Nginx. We have a need to implement a web proxy which performs the following functions: 1) Receive HTTPS SOAP transactions from 40 other source servers and receive those on ports in the range 56000-56100 2) The port number will be mapped to a specific destination server (100 destinations) 3) The SSL transaction should be decrypted and the HTTP header edited to alter the hostname (and remove port specifier) 4) Pass on the SOAP transaction via SSL to the destination server selected by the port number, with NATing for the source IP port. 5) Receive the return messages and reverse the process with them back to the originating source server. I am told by Nginx support this can be readily done with Nginx. If anyone can provide pointers, suggestions or other help, it would be greatly appreciated. Kevin Buchs | Senior Systems Engineer Frontline Technologies | 200 West Monroe, Chicago, IL 60606 | p: 484.328.4110 | kbuchs at frontlinetechnologies.com | www.FrontlineTechnologies.com This email may contain information that is confidential or attorney-client privileged and may constitute inside information. The contents of this email are intended only for the recipient(s) listed above. If you are not the intended recipient, you are directed not to read, disclose, distribute or otherwise use this transmission. If you have received this email in error, please notify the sender immediately and delete the transmission. Delivery of this message is not intended to waive any applicable privileges. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rpaprocki at fearnothingproductions.net Mon Jun 6 14:06:51 2016 From: rpaprocki at fearnothingproductions.net (Robert Paprocki) Date: Mon, 6 Jun 2016 07:06:51 -0700 Subject: Configuring Nginx OS to perform advanced web proxy function In-Reply-To: References: Message-ID: <437BCD59-8811-4A4B-B22F-1CFB5028F9CE@fearnothingproductions.net> > On Jun 6, 2016, at 06:46, Kevin Buchs wrote: > > Hello, > > I am certainly a newbie at Nginx. We have a need to implement a web proxy which performs the following functions: ... > I am told by Nginx support this can be readily done with Nginx. If anyone can provide pointers, suggestions or other help, it would be greatly appreciated. Have you tried looking through any of the documentation or existing literature to build your config? https://nginx.org/en/docs/ If you have a specific problem or are running into undocumented issues a public forum may be able to help, but I don't think spoon feeding will help. Sounds like you essentially want a reverse proxy. https://nginx.org/en/docs/http/ngx_http_proxy_module.html may be a good place to start. -------------- next part -------------- An HTML attachment was scrubbed... URL: From reallfqq-nginx at yahoo.fr Mon Jun 6 18:20:00 2016 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Mon, 6 Jun 2016 20:20:00 +0200 Subject: Issue with HTTP/2 and async file upload from Safari on iOS In-Reply-To: <6f572b19-fbe6-3979-1b93-a13b4340ad23@nginx.com> References: <57536495.7030902@slcoding.com> <5003877e-277d-01d7-4ffd-c154195a6e7e@nginx.com> <20160606120037.Horde.DUQpGcg66Of5WsVyGP52G7L@andreasschulze.de> <6f572b19-fbe6-3979-1b93-a13b4340ad23@nginx.com> Message-ID: The problem is, if (s)he is using the official packages, he will get the updates of the mainline channel, thus differing more and more from the stable channel which is supposed to be cheaper on features but with usable ones. My 2 cents, --- *B. R.* On Mon, Jun 6, 2016 at 12:05 PM, Maxim Konovalov wrote: > On 6/6/16 1:00 PM, A. Schulze wrote: > > > > Hello, > > > > I'm using horde and observe similar errors since some weeks. > > Unsure if the same problem would be the reason. > > > > Maxim Konovalov: > >> It was fixed in 1.11.0 two weeks ago. > > > > I found one patch 'preread_buffer.patch" attachtd to > > https://trac.nginx.org/nginx/ticket/959 > > That patch looks not trivial (to me) > > Would it be possible to publish a version for nginx-1.10.1, too > > > > I would try if that solve the errors I observe. > > > Why don't you just try 1.11.1? > > The code difference between it and 1.10.1 (already released a week > ago) is marginal. > > -- > Maxim Konovalov > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gfrankliu at gmail.com Tue Jun 7 21:03:55 2016 From: gfrankliu at gmail.com (Frank Liu) Date: Tue, 7 Jun 2016 14:03:55 -0700 Subject: Passive health check in stream_proxy module Message-ID: How does passive health check work in stream_proxy module? especially for UDP which is connectionless. How does nginx detect if it is a failed connection and retry next? Thanks! Frank -------------- next part -------------- An HTML attachment was scrubbed... URL: From medvedev.yp at gmail.com Tue Jun 7 22:45:23 2016 From: medvedev.yp at gmail.com (Yuriy Medvedev) Date: Wed, 8 Jun 2016 01:45:23 +0300 Subject: Passive health check in stream_proxy module In-Reply-To: References: Message-ID: Hi, https://www.nginx.com/resources/admin-guide/load-balancer/ 2016-06-08 0:03 GMT+03:00 Frank Liu : > How does passive health check work in stream_proxy module? especially for > UDP which is connectionless. How does nginx detect if it is a failed > connection and retry next? > > Thanks! > Frank > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gfrankliu at gmail.com Tue Jun 7 23:16:39 2016 From: gfrankliu at gmail.com (Frank Liu) Date: Tue, 7 Jun 2016 16:16:39 -0700 Subject: Passive health check in stream_proxy module In-Reply-To: References:

Message-ID: I checked that page before sending the email. The "Passive Health Monitoring" section of that page wasn't clear on how nginx would consider a "failed attempt", especially in case of UDP where there is no "handshake". On Tue, Jun 7, 2016 at 3:45 PM, Yuriy Medvedev wrote: > Hi, https://www.nginx.com/resources/admin-guide/load-balancer/ > > 2016-06-08 0:03 GMT+03:00 Frank Liu : > >> How does passive health check work in stream_proxy module? especially for >> UDP which is connectionless. How does nginx detect if it is a failed >> connection and retry next? >> >> Thanks! >> Frank >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From arut at nginx.com Wed Jun 8 21:46:24 2016 From: arut at nginx.com (Roman Arutyunyan) Date: Thu, 9 Jun 2016 00:46:24 +0300 Subject: Passive health check in stream_proxy module In-Reply-To: References:

Message-ID: <20160608214624.GD36442@Romans-MacBook-Air.local> Hi Frank, On Tue, Jun 07, 2016 at 04:16:39PM -0700, Frank Liu wrote: > I checked that page before sending the email. > The "Passive Health Monitoring" section of that page wasn't clear on how > nginx would consider a "failed attempt", especially in case of UDP where > there is no "handshake". > > On Tue, Jun 7, 2016 at 3:45 PM, Yuriy Medvedev > wrote: > > > Hi, https://www.nginx.com/resources/admin-guide/load-balancer/ > > > > 2016-06-08 0:03 GMT+03:00 Frank Liu : > > > >> How does passive health check work in stream_proxy module? especially for > >> UDP which is connectionless. How does nginx detect if it is a failed > >> connection and retry next? There are two types of such errors. If proxy_responses is not zero, ICMP Destination Unreachable signals a UDP error. This results in socket read error. If proxy_responses is not default, proxy_timeout expiration is considered a UDP connection error too. -- Roman Arutyunyan From nginx at netdirect.fr Fri Jun 10 08:08:14 2016 From: nginx at netdirect.fr (Artur) Date: Fri, 10 Jun 2016 10:08:14 +0200 Subject: Reverse proxy tuning Message-ID: Hello ! I have a nginx reverse proxy http/https for a node.js application with websockets (an extract of the nginx config follows). I would like to know if there is a way to : - force nginx to retry connection to the same upstream if there is any problem with the initial request to the upstream (timeout, reading/writing timeouts, ...) - do not blacklist an upstream if any error occurs - do not retry on another upstream - adjust timeouts on communications between nginx and upstreams (connexion, read, write, ...) I tested some parameters in the 'tests' block below but i'm not sure that there is any other paramater I can play with. http { upstream application { server 127.0.0.1:3030; server 127.0.0.1:3031; server 127.0.0.1:3032; } } server { location /nodejs/application/ { proxy_pass http://application; proxy_redirect off; # prevents 502 bad gateway error proxy_buffers 8 32k; proxy_buffer_size 64k; # enables WS support proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; # tests proxy_connect_timeout 75s; proxy_read_timeout 300s; proxy_send_timeout 300s; proxy_next_upstream off; } } Thank you for your feedback. -- Best regards, Artur. From reallfqq-nginx at yahoo.fr Fri Jun 10 17:34:42 2016 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Fri, 10 Jun 2016 19:34:42 +0200 Subject: Reverse proxy tuning In-Reply-To: References: Message-ID: RTFM: - upstream module (specifically the server directive) - *_next_upstream & *_*_timeout directives, for each backend communication module and type of timeout ?The names are so close to your requests I suspect you have not made your part of the deal .? --- *B. R.* On Fri, Jun 10, 2016 at 10:08 AM, Artur wrote: > Hello ! > > I have a nginx reverse proxy http/https for a node.js application with > websockets (an extract of the nginx config follows). > > I would like to know if there is a way to : > > - force nginx to retry connection to the same upstream if there is any > problem with the initial request to the upstream (timeout, > reading/writing timeouts, ...) > > - do not blacklist an upstream if any error occurs > > - do not retry on another upstream > > - adjust timeouts on communications between nginx and upstreams > (connexion, read, write, ...) > > I tested some parameters in the 'tests' block below but i'm not sure > that there is any other paramater I can play with. > > http { > upstream application { > server 127.0.0.1:3030; > server 127.0.0.1:3031; > server 127.0.0.1:3032; > } > } > > server { > location /nodejs/application/ { > proxy_pass http://application; > proxy_redirect off; > > # prevents 502 bad gateway error > proxy_buffers 8 32k; > proxy_buffer_size 64k; > > # enables WS support > proxy_http_version 1.1; > proxy_set_header Upgrade $http_upgrade; > proxy_set_header Connection $connection_upgrade; > > # tests > proxy_connect_timeout 75s; > proxy_read_timeout 300s; > proxy_send_timeout 300s; > proxy_next_upstream off; > } > } > > Thank you for your feedback. > > -- > > Best regards, > Artur. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Mon Jun 13 07:00:16 2016 From: nginx-forum at forum.nginx.org (gitl) Date: Mon, 13 Jun 2016 03:00:16 -0400 Subject: ssl session id and spdy/http2 traffic Message-ID: I have noticed that the variables ssl_session_id and ssl_session_reused are always empty for http2 traffic (and for spdy before that). Under http 1.1 they are set as expected and documented. What's the reason for this? Why not list the ID of the single connection that is used for the multiplexing? A big reason why I am logging both variables is to make sure that ssl connections are being reused for http2 and to be able to check if the ssl cache overruns. If the those two variables are not available, what do you suggest to use instead? Thanks! Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267548,267548#msg-267548 From nginx-forum at forum.nginx.org Tue Jun 14 07:55:57 2016 From: nginx-forum at forum.nginx.org (aanchalj) Date: Tue, 14 Jun 2016 03:55:57 -0400 Subject: worker_connections are not enough In-Reply-To: <20120521154910.GN31671@mdounin.ru> References: <20120521154910.GN31671@mdounin.ru> Message-ID: <920c4e39a3cd483ba7806eacbbb41178.NginxMailingListEnglish@forum.nginx.org> So in this case the worker_connections should be set to at least (2 + 4 + 4) = 10. But what should be the optimal value for this? What are the implications of using a high number of worker connections in this case? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,226691,267552#msg-267552 From nginx-forum at forum.nginx.org Tue Jun 14 08:09:06 2016 From: nginx-forum at forum.nginx.org (aanchalj) Date: Tue, 14 Jun 2016 04:09:06 -0400 Subject: Trying to Understand Upstream Keepalive In-Reply-To: <9812cc7c3c328792aa8c6a38ca41a438.NginxMailingListEnglish@forum.nginx.org> References: <9812cc7c3c328792aa8c6a38ca41a438.NginxMailingListEnglish@forum.nginx.org> Message-ID: <23d0cc66025177ddb3f0c692703869fc.NginxMailingListEnglish@forum.nginx.org> As stated in http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive that "It should be particularly noted that the keepalive directive does not limit the total number of connections to upstream servers that an nginx worker process can open. The connections parameter should be set to a number small enough to let upstream servers process new incoming connections as well." I want to understand if a new client comes, why can't they use existing keep-alive connections? Do they need to create a new connection with upstream? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,249924,267553#msg-267553 From azfarhashmi at gmail.com Tue Jun 14 09:31:56 2016 From: azfarhashmi at gmail.com (Azfar Hashmi) Date: Tue, 14 Jun 2016 13:31:56 +0400 Subject: Cant load perl module Message-ID: Hi, I just upgraded nginx to 1.10.1 but I am getting below error. nginx: [emerg] unknown directive "perl_modules" in /etc/nginx/nginx.conf:90 My package is already compiled with perl (nginx -V), I am on Wheezy and using dotdeb. -------------- next part -------------- An HTML attachment was scrubbed... URL: From medvedev.yp at gmail.com Tue Jun 14 10:23:27 2016 From: medvedev.yp at gmail.com (Yuriy Medvedev) Date: Tue, 14 Jun 2016 13:23:27 +0300 Subject: Cant load perl module In-Reply-To: References:

Message-ID: Hi, please show output nginx -V 14 ???? 2016 ?. 12:32 ???????????? "Azfar Hashmi" ???????: Hi, I just upgraded nginx to 1.10.1 but I am getting below error. nginx: [emerg] unknown directive "perl_modules" in /etc/nginx/nginx.conf:90 My package is already compiled with perl (nginx -V), I am on Wheezy and using dotdeb. _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From azfarhashmi at gmail.com Tue Jun 14 10:34:17 2016 From: azfarhashmi at gmail.com (Azfar Hashmi) Date: Tue, 14 Jun 2016 14:34:17 +0400 Subject: Cant load perl module In-Reply-To: References:

Message-ID: Below is the output of nginx -V nginx version: nginx/1.10.1 built with OpenSSL 1.0.1k 8 Jan 2015 (running with OpenSSL 1.0.1t 3 May 2016) TLS SNI support enabled configure arguments: --add-module=/usr/src/builddir/debian/modules/naxsi/naxsi_src --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_v2_module --with-http_dav_module --with-file-aio --with-threads --with-http_addition_module --with-http_flv_module --with-http_geoip_module=dynamic --with-http_gunzip_module --with-http_gzip_static_module --with-http_image_filter_module=dynamic --with-http_mp4_module --with-http_perl_module=dynamic --with-http_random_index_module --with-http_secure_link_module --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module --add-module=/usr/src/builddir/debian/modules/headers-more-nginx-module --add-dynamic-module=/usr/src/builddir/debian/modules/nginx-auth-pam --add-module=/usr/src/builddir/debian/modules/nginx-cache-purge --add-module=/usr/src/builddir/debian/modules/nginx-dav-ext-module --add-dynamic-module=/usr/src/builddir/debian/modules/nginx-development-kit --add-module=/usr/src/builddir/debian/modules/nginx-echo --add-module=/usr/src/builddir/debian/modules/ngx-fancyindex --add-module=/usr/src/builddir/debian/modules/nginx-push-stream-module --add-dynamic-module=/usr/src/builddir/debian/modules/nginx-lua --add-module=/usr/src/builddir/debian/modules/nginx-upload-progress --add-module=/usr/src/builddir/debian/modules/nginx-upstream-fair --add-module=/usr/src/builddir/debian/modules/ngx_http_substitutions_filter_module --add-module=/usr/src/builddir/debian/modules/nginx-auth-ldap --add-module=/usr/src/builddir/debian/modules/ngx_http_pinba_module --add-module=/usr/src/builddir/debian/modules/ngx_pagespeed --add-module=/usr/src/builddir/debian/modules/nginx-x-rid-header --add-module=/usr/src/builddir/debian/modules/nginx-rtmp-module --with-ld-opt=-lossp-uuid On Tue, Jun 14, 2016 at 2:23 PM, Yuriy Medvedev wrote: > Hi, please show output nginx -V > 14 ???? 2016 ?. 12:32 ???????????? "Azfar Hashmi" > ???????: > > Hi, > > I just upgraded nginx to 1.10.1 but I am getting below error. > > nginx: [emerg] unknown directive "perl_modules" in /etc/nginx/nginx.conf:90 > > My package is already compiled with perl (nginx -V), I am on Wheezy and > using dotdeb. > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From medvedev.yp at gmail.com Tue Jun 14 10:55:07 2016 From: medvedev.yp at gmail.com (Yuriy Medvedev) Date: Tue, 14 Jun 2016 13:55:07 +0300 Subject: Cant load perl module In-Reply-To: References:

Message-ID: > > --with-http_perl_module=dynamic You must include dynamic module in nginx main config file. Use load_module 2016-06-14 13:34 GMT+03:00 Azfar Hashmi : > Below is the output of nginx -V > > > nginx version: nginx/1.10.1 > built with OpenSSL 1.0.1k 8 Jan 2015 (running with OpenSSL 1.0.1t 3 May > 2016) > TLS SNI support enabled > configure arguments: > --add-module=/usr/src/builddir/debian/modules/naxsi/naxsi_src > --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat > -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro > -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf > --http-log-path=/var/log/nginx/access.log > --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock > --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules > --http-client-body-temp-path=/var/lib/nginx/body > --http-fastcgi-temp-path=/var/lib/nginx/fastcgi > --http-proxy-temp-path=/var/lib/nginx/proxy > --http-scgi-temp-path=/var/lib/nginx/scgi > --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit > --with-ipv6 --with-http_ssl_module --with-http_stub_status_module > --with-http_realip_module --with-http_auth_request_module > --with-http_v2_module --with-http_dav_module --with-file-aio --with-threads > --with-http_addition_module --with-http_flv_module > --with-http_geoip_module=dynamic --with-http_gunzip_module > --with-http_gzip_static_module --with-http_image_filter_module=dynamic > --with-http_mp4_module --with-http_perl_module=dynamic > --with-http_random_index_module --with-http_secure_link_module > --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic > --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module > --add-module=/usr/src/builddir/debian/modules/headers-more-nginx-module > --add-dynamic-module=/usr/src/builddir/debian/modules/nginx-auth-pam > --add-module=/usr/src/builddir/debian/modules/nginx-cache-purge > --add-module=/usr/src/builddir/debian/modules/nginx-dav-ext-module > --add-dynamic-module=/usr/src/builddir/debian/modules/nginx-development-kit > --add-module=/usr/src/builddir/debian/modules/nginx-echo > --add-module=/usr/src/builddir/debian/modules/ngx-fancyindex > --add-module=/usr/src/builddir/debian/modules/nginx-push-stream-module > --add-dynamic-module=/usr/src/builddir/debian/modules/nginx-lua > --add-module=/usr/src/builddir/debian/modules/nginx-upload-progress > --add-module=/usr/src/builddir/debian/modules/nginx-upstream-fair > --add-module=/usr/src/builddir/debian/modules/ngx_http_substitutions_filter_module > --add-module=/usr/src/builddir/debian/modules/nginx-auth-ldap > --add-module=/usr/src/builddir/debian/modules/ngx_http_pinba_module > --add-module=/usr/src/builddir/debian/modules/ngx_pagespeed > --add-module=/usr/src/builddir/debian/modules/nginx-x-rid-header > --add-module=/usr/src/builddir/debian/modules/nginx-rtmp-module > --with-ld-opt=-lossp-uuid > > > On Tue, Jun 14, 2016 at 2:23 PM, Yuriy Medvedev > wrote: > >> Hi, please show output nginx -V >> 14 ???? 2016 ?. 12:32 ???????????? "Azfar Hashmi" >> ???????: >> >> Hi, >> >> I just upgraded nginx to 1.10.1 but I am getting below error. >> >> nginx: [emerg] unknown directive "perl_modules" in >> /etc/nginx/nginx.conf:90 >> >> My package is already compiled with perl (nginx -V), I am on Wheezy and >> using dotdeb. >> >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From azfarhashmi at gmail.com Tue Jun 14 11:24:08 2016 From: azfarhashmi at gmail.com (Azfar Hashmi) Date: Tue, 14 Jun 2016 15:24:08 +0400 Subject: Cant load perl module In-Reply-To: References:

Message-ID: Thank you. got it working. On Tue, Jun 14, 2016 at 2:55 PM, Yuriy Medvedev wrote: > --with-http_perl_module=dynamic > > You must include dynamic module in nginx main config file. Use load_module > > > 2016-06-14 13:34 GMT+03:00 Azfar Hashmi : > >> Below is the output of nginx -V >> >> >> nginx version: nginx/1.10.1 >> built with OpenSSL 1.0.1k 8 Jan 2015 (running with OpenSSL 1.0.1t 3 May >> 2016) >> TLS SNI support enabled >> configure arguments: >> --add-module=/usr/src/builddir/debian/modules/naxsi/naxsi_src >> --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat >> -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-z,relro >> -Wl,-z,now' --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf >> --http-log-path=/var/log/nginx/access.log >> --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock >> --pid-path=/run/nginx.pid --modules-path=/usr/lib/nginx/modules >> --http-client-body-temp-path=/var/lib/nginx/body >> --http-fastcgi-temp-path=/var/lib/nginx/fastcgi >> --http-proxy-temp-path=/var/lib/nginx/proxy >> --http-scgi-temp-path=/var/lib/nginx/scgi >> --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit >> --with-ipv6 --with-http_ssl_module --with-http_stub_status_module >> --with-http_realip_module --with-http_auth_request_module >> --with-http_v2_module --with-http_dav_module --with-file-aio --with-threads >> --with-http_addition_module --with-http_flv_module >> --with-http_geoip_module=dynamic --with-http_gunzip_module >> --with-http_gzip_static_module --with-http_image_filter_module=dynamic >> --with-http_mp4_module --with-http_perl_module=dynamic >> --with-http_random_index_module --with-http_secure_link_module >> --with-http_sub_module --with-http_xslt_module=dynamic --with-mail=dynamic >> --with-mail_ssl_module --with-stream=dynamic --with-stream_ssl_module >> --add-module=/usr/src/builddir/debian/modules/headers-more-nginx-module >> --add-dynamic-module=/usr/src/builddir/debian/modules/nginx-auth-pam >> --add-module=/usr/src/builddir/debian/modules/nginx-cache-purge >> --add-module=/usr/src/builddir/debian/modules/nginx-dav-ext-module >> --add-dynamic-module=/usr/src/builddir/debian/modules/nginx-development-kit >> --add-module=/usr/src/builddir/debian/modules/nginx-echo >> --add-module=/usr/src/builddir/debian/modules/ngx-fancyindex >> --add-module=/usr/src/builddir/debian/modules/nginx-push-stream-module >> --add-dynamic-module=/usr/src/builddir/debian/modules/nginx-lua >> --add-module=/usr/src/builddir/debian/modules/nginx-upload-progress >> --add-module=/usr/src/builddir/debian/modules/nginx-upstream-fair >> --add-module=/usr/src/builddir/debian/modules/ngx_http_substitutions_filter_module >> --add-module=/usr/src/builddir/debian/modules/nginx-auth-ldap >> --add-module=/usr/src/builddir/debian/modules/ngx_http_pinba_module >> --add-module=/usr/src/builddir/debian/modules/ngx_pagespeed >> --add-module=/usr/src/builddir/debian/modules/nginx-x-rid-header >> --add-module=/usr/src/builddir/debian/modules/nginx-rtmp-module >> --with-ld-opt=-lossp-uuid >> >> >> On Tue, Jun 14, 2016 at 2:23 PM, Yuriy Medvedev >> wrote: >> >>> Hi, please show output nginx -V >>> 14 ???? 2016 ?. 12:32 ???????????? "Azfar Hashmi" >>> ???????: >>> >>> Hi, >>> >>> I just upgraded nginx to 1.10.1 but I am getting below error. >>> >>> nginx: [emerg] unknown directive "perl_modules" in >>> /etc/nginx/nginx.conf:90 >>> >>> My package is already compiled with perl (nginx -V), I am on Wheezy and >>> using dotdeb. >>> >>> >>> >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >>> >>> >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >>> >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vbart at nginx.com Tue Jun 14 12:12:55 2016 From: vbart at nginx.com (Valentin V. Bartenev) Date: Tue, 14 Jun 2016 15:12:55 +0300 Subject: Trying to Understand Upstream Keepalive In-Reply-To: <23d0cc66025177ddb3f0c692703869fc.NginxMailingListEnglish@forum.nginx.org> References: <9812cc7c3c328792aa8c6a38ca41a438.NginxMailingListEnglish@forum.nginx.org> <23d0cc66025177ddb3f0c692703869fc.NginxMailingListEnglish@forum.nginx.org> Message-ID: <1775928.MK1CvVKr6N@vbart-workstation> On Tuesday 14 June 2016 04:09:06 aanchalj wrote: > As stated in > http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive that > "It should be particularly noted that the keepalive directive does not limit > the total number of connections to upstream servers that an nginx worker > process can open. The connections parameter should be set to a number small > enough to let upstream servers process new incoming connections as well." I > want to understand if a new client comes, why can't they use existing > keep-alive connections? Do they need to create a new connection with > upstream? > [..] It's about the case when all of the existing keep-alive connections are already in use and processing other client requests. wbr, Valentin V. Bartenev From nginx-forum at forum.nginx.org Tue Jun 14 13:23:40 2016 From: nginx-forum at forum.nginx.org (madvas) Date: Tue, 14 Jun 2016 09:23:40 -0400 Subject: nginx big bug In-Reply-To: References: <20120307190924.GD67687@mdounin.ru> Message-ID: 8712#14268: *2060 WSARecv() failed (10054: An existing connection was forcibly closed by the remote host) while reading response header from upstream, client:0.xx.xx.0 Can any one help me on this. I have site A , site B. Site B is front end with nginx... I am getting this error 10/3 times of request. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,223594,267563#msg-267563 From nginx-forum at forum.nginx.org Tue Jun 14 13:24:59 2016 From: nginx-forum at forum.nginx.org (madvas) Date: Tue, 14 Jun 2016 09:24:59 -0400 Subject: 10054: An existing connection was forcibly closed by the remote host Message-ID: <42b94aba28ed83dd4a92a08ab347ec43.NginxMailingListEnglish@forum.nginx.org> 8712#14268: *2060 WSARecv() failed (10054: An existing connection was forcibly closed by the remote host) while reading response header from upstream, client:0.xx.xx.0 Can any one help me on this please. I have site A , site B. Site B is front end with nginx... I am getting this error 10/3 times of request. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267564,267564#msg-267564 From mdounin at mdounin.ru Tue Jun 14 14:28:28 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 14 Jun 2016 17:28:28 +0300 Subject: ssl session id and spdy/http2 traffic In-Reply-To: References: Message-ID: <20160614142828.GD36620@mdounin.ru> Hello! On Mon, Jun 13, 2016 at 03:00:16AM -0400, gitl wrote: > I have noticed that the variables ssl_session_id and ssl_session_reused are > always empty for http2 traffic (and for spdy before that). Under http 1.1 > they are set as expected and documented. > What's the reason for this? Why not list the ID of the single connection > that is used for the multiplexing? > A big reason why I am logging both variables is to make sure that ssl > connections are being reused for http2 and to be able to check if the ssl > cache > overruns. If the those two variables are not available, what do you suggest > to use instead? The $ssl_session_id and $ssl_session_reused variables are available with HTTP/2 much like with normal HTTP. There are couple of nuances though: - $ssl_session_id is not available when using session tickets, at least till a session is actually reused, see detailed explanation at http://trac.nginx.org/nginx/ticket/927#comment:1; - in HTTP/2 connections are usually kept open for a long time, and you aren't likely to see actual SSL session reuse due to this - in most cases you will see just another request in an already opened connection. -- Maxim Dounin http://nginx.org/ From nginx-forum at forum.nginx.org Tue Jun 14 14:44:32 2016 From: nginx-forum at forum.nginx.org (philipp) Date: Tue, 14 Jun 2016 10:44:32 -0400 Subject: error log truncates important infos Message-ID: <5c61de5a539359209fac937b142e1766.NginxMailingListEnglish@forum.nginx.org> We have error logs like this: 2016/06/14 12:47:45 [error] 21036#21036: *378143 FastCGI sent in stderr: "PHP message: PHP Notice: Undefined index: model_name in /data/example.com/module/SalesFloor/view/partial/flyout/product.phtml on line 20 PHP message: PHP Notice: Undefined index: model_name in /data/example.com/module/SalesFloor/view/partial/flyout/product.phtml on line 21 PHP message: PHP Notice: Undefined index: model_name in /data/example.com/module/SalesFloor/view/partial/flyout/product.phtml on line 23 PHP message: PHP Notice: Undefined index: reducedprice in /data/example.com/module/SalesFloor/view/partial/flyout/product.phtml on line 24 PHP message: PHP Notice: Undefined index: currentprice in /data/example.com/module/SalesFloor/view/partial/flyout/product.phtml on line 24" while reading response header from upstream, client: 127.0.0.1, server: example.com, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/var/run/php-fpm-example.com.sock:", host: "127.0.0.1" For us the most important parts are the values in the last line like client, server and so on. Sometimes we see erros like this: 2016/06/14 12:47:23 [error] 31450#31450: *177931 FastCGI sent in stderr: "PHP message: PHP Notice: pg_execute(): Cannot set connection to blocking mode in /data/example.com/vendor/zendframework/zend-db/src/Adapter/Driver/Pgsql/Statement.php on line 228 PHP message: PHP Fatal error: Uncaught exception 'Zend\Db\Adapter\Exception\InvalidQueryException' with message 'FATAL: terminating connection due to administrator command SSL connection has been closed unexpectedly' in /data/example.com/vendor/zendframework/zend-db/src/Adapter/Driver/Pgsql/Statement.php:235 Stack trace: #0 /data/example.com/vendor/zendframework/zend-db/src/TableGateway/AbstractTableGateway.php(238): Zend\Db\Adapter\Driver\Pgsql\Statement->execute() #1 /data/example.com/vendor/zendframework/zend-db/src/TableGateway/AbstractTableGateway.php(208): Zend\Db\TableGateway\AbstractTableGateway->executeSelect(Object(Zend\Db\Sql\Select)) #2 /data/example.com/corporate/XYZ/src/XYZ/Table/Table.php(758): Zend\Db\TableGateway\AbstractTableGateway->selectWith(Object(Zend\Db\Sql\Select)) #3 /data/example.com/module/Product/src/Product/Table/Product.php(835): XYZ\Table\Table->selectWith(Object(Zend\Db\Sql\Select)) #4 /data/example.com/module/Product/src/Product/DataService/ProductDataService.php(232): Product\Table\P... PHP message: PHP Notice: pg_prepare(): Cannot set connection to blocking mode in /data/example.com/vendor/zendframework/zend-db/src/Adapter/Driver/Pgsql/Statement.php on line 179 PHP message: PHP Notice: pg_execute(): Cannot set connection to blocking mode in /data/example.com/vendor/zendframework/zend-db/src/Adapter/Driver/Pgsql/Statement.php on line 228 PHP message: PHP Fatal error: Uncaught exception 'Zend\Db\Adapter\Exception\InvalidQueryException' with message 'FATAL: terminating connection due to administrator command SSL connection has been closed unexpectedly' in /data/example.com/vendor/zendframework/zend-db/src/Adapter/Driver/Pgsql/Statement.php:235 Stack trace: #0 /data/example.com/vendor/zendframework/zend-db/src/TableGateway/AbstractTableGateway.php(238): Z It looks like they are truncated. We miss a lot of important information like client ip and so on. Is this a known limitation or bug in nginx? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267568,267568#msg-267568 From rpaprocki at fearnothingproductions.net Tue Jun 14 14:52:25 2016 From: rpaprocki at fearnothingproductions.net (Robert Paprocki) Date: Tue, 14 Jun 2016 07:52:25 -0700 Subject: error log truncates important infos In-Reply-To: <5c61de5a539359209fac937b142e1766.NginxMailingListEnglish@forum.nginx.org> References: <5c61de5a539359209fac937b142e1766.NginxMailingListEnglish@forum.nginx.org> Message-ID: <3803533F-CFB6-4EA1-A638-4B57570F1F00@fearnothingproductions.net> Error logs have a hard coded length limit of 2048 bytes iirc, to prevent runaway log entries. You might be better off configuring your app to dump stack traces instead of relying on a proxy. > On Jun 14, 2016, at 07:44, philipp wrote: > > We have error logs like this: > > 2016/06/14 12:47:45 [error] 21036#21036: *378143 FastCGI sent in stderr: > "PHP message: PHP Notice: Undefined index: model_name in > /data/example.com/module/SalesFloor/view/partial/flyout/product.phtml on > line 20 > PHP message: PHP Notice: Undefined index: model_name in > /data/example.com/module/SalesFloor/view/partial/flyout/product.phtml on > line 21 > PHP message: PHP Notice: Undefined index: model_name in > /data/example.com/module/SalesFloor/view/partial/flyout/product.phtml on > line 23 > PHP message: PHP Notice: Undefined index: reducedprice in > /data/example.com/module/SalesFloor/view/partial/flyout/product.phtml on > line 24 > PHP message: PHP Notice: Undefined index: currentprice in > /data/example.com/module/SalesFloor/view/partial/flyout/product.phtml on > line 24" while reading response header from upstream, client: 127.0.0.1, > server: example.com, request: "GET / HTTP/1.1", upstream: > "fastcgi://unix:/var/run/php-fpm-example.com.sock:", host: "127.0.0.1" > > For us the most important parts are the values in the last line like client, > server and so on. > > Sometimes we see erros like this: > > 2016/06/14 12:47:23 [error] 31450#31450: *177931 FastCGI sent in stderr: > "PHP message: PHP Notice: pg_execute(): Cannot set connection to blocking > mode in > /data/example.com/vendor/zendframework/zend-db/src/Adapter/Driver/Pgsql/Statement.php > on line 228 > PHP message: PHP Fatal error: Uncaught exception > 'Zend\Db\Adapter\Exception\InvalidQueryException' with message 'FATAL: > terminating connection due to administrator command > SSL connection has been closed unexpectedly' in > /data/example.com/vendor/zendframework/zend-db/src/Adapter/Driver/Pgsql/Statement.php:235 > Stack trace: > #0 > /data/example.com/vendor/zendframework/zend-db/src/TableGateway/AbstractTableGateway.php(238): > Zend\Db\Adapter\Driver\Pgsql\Statement->execute() > #1 > /data/example.com/vendor/zendframework/zend-db/src/TableGateway/AbstractTableGateway.php(208): > Zend\Db\TableGateway\AbstractTableGateway->executeSelect(Object(Zend\Db\Sql\Select)) > #2 /data/example.com/corporate/XYZ/src/XYZ/Table/Table.php(758): > Zend\Db\TableGateway\AbstractTableGateway->selectWith(Object(Zend\Db\Sql\Select)) > #3 /data/example.com/module/Product/src/Product/Table/Product.php(835): > XYZ\Table\Table->selectWith(Object(Zend\Db\Sql\Select)) > #4 > /data/example.com/module/Product/src/Product/DataService/ProductDataService.php(232): > Product\Table\P... > PHP message: PHP Notice: pg_prepare(): Cannot set connection to blocking > mode in > /data/example.com/vendor/zendframework/zend-db/src/Adapter/Driver/Pgsql/Statement.php > on line 179 > PHP message: PHP Notice: pg_execute(): Cannot set connection to blocking > mode in > /data/example.com/vendor/zendframework/zend-db/src/Adapter/Driver/Pgsql/Statement.php > on line 228 > PHP message: PHP Fatal error: Uncaught exception > 'Zend\Db\Adapter\Exception\InvalidQueryException' with message 'FATAL: > terminating connection due to administrator command > SSL connection has been closed unexpectedly' in > /data/example.com/vendor/zendframework/zend-db/src/Adapter/Driver/Pgsql/Statement.php:235 > Stack trace: > #0 > /data/example.com/vendor/zendframework/zend-db/src/TableGateway/AbstractTableGateway.php(238): > Z > > It looks like they are truncated. We miss a lot of important information > like client ip and so on. Is this a known limitation or bug in nginx? > > Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267568,267568#msg-267568 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Tue Jun 14 14:59:20 2016 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 14 Jun 2016 17:59:20 +0300 Subject: error log truncates important infos In-Reply-To: <5c61de5a539359209fac937b142e1766.NginxMailingListEnglish@forum.nginx.org> References: <5c61de5a539359209fac937b142e1766.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20160614145920.GE36620@mdounin.ru> Hello! On Tue, Jun 14, 2016 at 10:44:32AM -0400, philipp wrote: [...] > Sometimes we see erros like this: [...] > It looks like they are truncated. We miss a lot of important information > like client ip and so on. Is this a known limitation or bug in nginx? This is a known limitation. To allow error logging without any memory allocations, a 2048-bytes buffer is used. This limits maximum length of error log lines accordingly. -- Maxim Dounin http://nginx.org/ From jbrock at everettcc.edu Tue Jun 14 15:01:36 2016 From: jbrock at everettcc.edu (Jeremiah Brock) Date: Tue, 14 Jun 2016 08:01:36 -0700 Subject: Drupal 7 and Coldfusion Proxy Message-ID: Good morning everyone! I have an issue that I am hoping is just a simple error on my part and the collective wisdom of the gurus here might solve it. My setup : RHEL 7, Nginx 1.10, PHP 7 and Drupal 7 My issue : trying to serve seamless paths for both Drupal and ColdFusion without having to specify every possible path that coldfusion applications exist in. I was hoping index.cfm would be automatically used via the index parameters but apparently only when try_files contains $uri/. However that breaks drupal paths that aren't physical folders... The following config works - but as you can see the regex listing for coldfusion application paths is less than stellar... root /var/www/drupal; index index.html index.php index.cfm; location / { try_files $uri /index.php?$query_string; # For Drupal >= 7 } location @rewrite { rewrite ^/(.*)$ /index.php?q=$1; } location ~ ^/sites/.*/files/styles/ { try_files $uri @rewrite; } location ~* \.php$ { ## # Fastcgi cache ## set $skip_cache 1; if ($cache_uri != "null cache") { add_header X-Cache-Debug "$cache_uri $cookie_nocache $arg_nocache$arg_comment $http_pragma $http_authorization"; set $skip_cache 0; } fastcgi_cache_bypass $skip_cache; fastcgi_cache evcccache; fastcgi_cache_key $scheme$host$request_uri$request_method; fastcgi_cache_valid any 5m; #fastcgi_cache_use_stale updating; fastcgi_cache_bypass $http_pragma; fastcgi_cache_use_stale updating error timeout invalid_header http_500; try_files $uri $uri/ =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; include fastcgi_params; fastcgi_read_timeout 300; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass unix:/var/run/php-fpm.sock; fastcgi_intercept_errors on; } # ColdFusion Proxy ################## #find /var/www/drupal -type f -name 'index.cfm' |sed 's#$.*$/.*#\1#' |sort -u location ~* \.(cfm|cfc)$ { proxy_pass https://coldfusion_servers; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_intercept_errors on; } location ~* ^(/longpath/someapp|/anotherpath/anotherapp|/yetanotherpath/andanotherapp|anotherapppath/etcapp) { proxy_pass https://coldfusion_servers; proxy_redirect off; proxy_set_header Host $host; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Real-IP $remote_addr; proxy_intercept_errors on; } ~Jeremy -- Jeremiah Brock IT Web, Data and Development Services / Information Security 425-259-8707 jbrock at everettcc.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: From ben+nginx at list-subs.com Tue Jun 14 17:28:55 2016 From: ben+nginx at list-subs.com (Ben) Date: Tue, 14 Jun 2016 18:28:55 +0100 Subject: REST URLs and NGINX (config help needed) Message-ID: <4cfc19ed-dd40-52c9-5826-82b543dfc6a3@list-subs.com> Hi, Based on scraps found in the NGINX docs, I have a semi-working config that looks as follows : ##### location /demo { allow 10.0.0.0/8; deny all; try_files $uri @pdemo; } location @pdemo { fastcgi_param SCRIPT_FILENAME /path/to/demo.php; fastcgi_param SCRIPT_NAME /demo.php; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_param QUERY_STRING $args; include fastcgi_params; } ##### I say this config is "semi-working" because : A base-call to http://example.com/demo returns the hello-world output from my PHP router. No problems there. But, if I call, say, http://example.com/demo/hello/x, the PHP router doesn't match the route (despite expecting hello/x as the path). If it helps, I'm using bramus router and my configured paths are as follows : $router->get('/', function() { echo "hello world"}; $router->get('hello/(\w+)', function($name) {echo "hello".$name}; However bramus returns a 404, and it doesn't matter if I prefix the hello path with a forwad slash in bramus. Therefore I am guessing my nginx config is broken ? From me at myconan.net Tue Jun 14 18:09:13 2016 From: me at myconan.net (Edho Arief) Date: Wed, 15 Jun 2016 03:09:13 +0900 Subject: REST URLs and NGINX (config help needed) In-Reply-To: <4cfc19ed-dd40-52c9-5826-82b543dfc6a3@list-subs.com> References: <4cfc19ed-dd40-52c9-5826-82b543dfc6a3@list-subs.com> Message-ID: <1465927753.3189057.637586129.7EF72E66@webmail.messagingengine.com> Hi On Wed, Jun 15, 2016, at 02:28, Ben wrote: > Hi, > > Based on scraps found in the NGINX docs, I have a semi-working config > that looks as follows : > > ##### > location /demo { > allow 10.0.0.0/8; > deny all; > try_files $uri @pdemo; > } > location @pdemo { > fastcgi_param SCRIPT_FILENAME /path/to/demo.php; > fastcgi_param SCRIPT_NAME /demo.php; > fastcgi_param PATH_INFO $fastcgi_path_info; > fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; > fastcgi_param QUERY_STRING $args; > include fastcgi_params; > } > > ##### > > > I say this config is "semi-working" because : > > A base-call to http://example.com/demo returns the hello-world output > from my PHP router. No problems there. > > But, if I call, say, http://example.com/demo/hello/x, the PHP router > doesn't match the route (despite expecting hello/x as the path). > > If it helps, I'm using bramus router and my configured paths are as > follows : > Looks like the logic for getting base path is a bit interesting. Try this for related line: fastcgi_param SCRIPT_NAME /demo/; From francis at daoine.org Tue Jun 14 21:59:34 2016 From: francis at daoine.org (Francis Daly) Date: Tue, 14 Jun 2016 22:59:34 +0100 Subject: Drupal 7 and Coldfusion Proxy In-Reply-To: References: Message-ID: <20160614215934.GH2852@daoine.org> On Tue, Jun 14, 2016 at 08:01:36AM -0700, Jeremiah Brock wrote: Hi there, > My issue : trying to serve seamless paths for both Drupal and > ColdFusion without having to specify every possible path that coldfusion > applications exist in. You may find it easiest to have a simple split in your url hierarchy -- perhaps have everything that should be handled by drupal be below /drupal/; or have everything that should be handled by coldfusion be below /coldfusion/; or do both of them. nginx is not magic. If you mix your urls with no easy way to know which should be handled by drupal and which by coldfusion and which by something else, then you end up with a complicated way to tell nginx how it should handle each request. > I was hoping index.cfm would be automatically used > via the index parameters but apparently only when try_files contains > $uri/. However that breaks drupal paths that aren't physical folders... I don't fully follow what you mean by that paragraph. I suspect that that does not matter. A request comes in. You want nginx to handle it in a particular way. The way you tell nginx how to handle it is by writing in nginx.conf. > The following config works - but as you can see the regex listing for > coldfusion application paths is less than stellar... That is: > location ~* > ^(/longpath/someapp|/anotherpath/anotherapp|/yetanotherpath/andanotherapp|anotherapppath/etcapp) That suggests that a request for /longpath/something should be handled by drupal and not by coldfusion, yes? And (with the rest of your config) a request for /longpath/someapp/a.php should be handled by drupal too. If you want to mix urls in a complicated way, you're going to have to unmix them in a complicated way in nginx.conf. If you don't want to unmix them in a complicated way in nginx.conf, the easiest thing to do is not to mix them in a complicated way in the first place. I suppose you *could* (at the cost of significant efficiency, I suspect) proxy everything to coldfusion, and then handle any 404 responses by trying drupal. That might lead to a smaller or less-frequently-updated nginx.conf. But if you have the option to reorganise at least one of the "upstream" url hierarchies, I'd suggest doing that instead. Good luck with it, f -- Francis Daly francis at daoine.org From francis at daoine.org Tue Jun 14 22:04:36 2016 From: francis at daoine.org (Francis Daly) Date: Tue, 14 Jun 2016 23:04:36 +0100 Subject: 10054: An existing connection was forcibly closed by the remote host In-Reply-To: <42b94aba28ed83dd4a92a08ab347ec43.NginxMailingListEnglish@forum.nginx.org> References: <42b94aba28ed83dd4a92a08ab347ec43.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20160614220436.GI2852@daoine.org> On Tue, Jun 14, 2016 at 09:24:59AM -0400, madvas wrote: Hi there, > 8712#14268: *2060 WSARecv() failed (10054: An existing connection was > forcibly closed by the remote host) while reading response header from > upstream, client:0.xx.xx.0 If that error message is in nginx's error log, it suggests that nginx thinks that something else closed the connection. What is "upstream", in your case? Does it have any logs to indicate a problem? An old reply to the other thread you mailed this to indicated that it may have been using a php server with not enough php children available. f -- Francis Daly francis at daoine.org From jbrock at everettcc.edu Tue Jun 14 22:11:08 2016 From: jbrock at everettcc.edu (Jeremiah Brock) Date: Tue, 14 Jun 2016 15:11:08 -0700 Subject: Drupal 7 and Coldfusion Proxy In-Reply-To: <20160614215934.GH2852@daoine.org> References: <20160614215934.GH2852@daoine.org> Message-ID: Thank you for the response Francis. Unfortunately - I don't have the luxury of separating out via a hierarchy. I have determined that what I am wanting to do is just simply not possible : ( . ~Jeremy On Tue, Jun 14, 2016 at 2:59 PM, Francis Daly wrote: > On Tue, Jun 14, 2016 at 08:01:36AM -0700, Jeremiah Brock wrote: > > Hi there, > > > My issue : trying to serve seamless paths for both Drupal and > > ColdFusion without having to specify every possible path that coldfusion > > applications exist in. > > You may find it easiest to have a simple split in your url hierarchy > -- perhaps have everything that should be handled by drupal be below > /drupal/; or have everything that should be handled by coldfusion be > below /coldfusion/; or do both of them. > > nginx is not magic. > > If you mix your urls with no easy way to know which should be handled by > drupal and which by coldfusion and which by something else, then you end > up with a complicated way to tell nginx how it should handle each request. > > > I was hoping index.cfm would be automatically used > > via the index parameters but apparently only when try_files contains > > $uri/. However that breaks drupal paths that aren't physical folders... > > I don't fully follow what you mean by that paragraph. > > I suspect that that does not matter. > > A request comes in. You want nginx to handle it in a particular way. The > way you tell nginx how to handle it is by writing in nginx.conf. > > > The following config works - but as you can see the regex listing for > > coldfusion application paths is less than stellar... > > That is: > > > location ~* > > > ^(/longpath/someapp|/anotherpath/anotherapp|/yetanotherpath/andanotherapp|anotherapppath/etcapp) > > That suggests that a request for /longpath/something should be handled > by drupal and not by coldfusion, yes? > > And (with the rest of your config) a request for /longpath/someapp/a.php > should be handled by drupal too. > > If you want to mix urls in a complicated way, you're going to have to > unmix them in a complicated way in nginx.conf. > > If you don't want to unmix them in a complicated way in nginx.conf, > the easiest thing to do is not to mix them in a complicated way in the > first place. > > > I suppose you *could* (at the cost of significant efficiency, I suspect) > proxy everything to coldfusion, and then handle any 404 responses by > trying drupal. That might lead to a smaller or less-frequently-updated > nginx.conf. > > But if you have the option to reorganise at least one of the "upstream" > url hierarchies, I'd suggest doing that instead. > > Good luck with it, > > f > -- > Francis Daly francis at daoine.org > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Jeremiah Brock IT Web, Data and Development Services / Information Security 425-259-8707 jbrock at everettcc.edu -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Tue Jun 14 23:20:00 2016 From: nginx-forum at forum.nginx.org (webdel) Date: Tue, 14 Jun 2016 19:20:00 -0400 Subject: Response from proxy server buffered in memory? Message-ID: <3dfc425a06333db5b07ce1b8b0e60f57.NginxMailingListEnglish@forum.nginx.org> I configured nginx as reverse proxy to an application server java disabling the proxy buffering: proxy_buffering off; proxy_request_buffering off; I noticed that when a client makes a request to the java server (e.g. download a file), nginx buffered the response in memory (around 3Mb). I would like to configure nginx so as not buffered the response (or at least minimize this buffer) it is possible? Thanks, Danilo Limatola Esterno Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267583,267583#msg-267583 From nginx-forum at forum.nginx.org Tue Jun 14 23:37:07 2016 From: nginx-forum at forum.nginx.org (Supersmile2009) Date: Tue, 14 Jun 2016 19:37:07 -0400 Subject: Mapping non-empty $query_string Message-ID: <0a52bc338460029a249aec4c8bdfcacf.NginxMailingListEnglish@forum.nginx.org> Hi! I'm running a Wordpress based website on my server, I've set up fastcgi cache recently. Now I want to get rid of evil-ifs, that are used to detect cache skipping cases, and replace them with map. I managed to convert all common ifs except this one, if ($query_string != "") { set $skip_cache 1; } I'm trying to replace it with non-evil map in http section. #skip cache if query string has at least one character map $query_string $skip_cache { "~.+" "1"; } For some reason it doesn't work as intended. It starts bypassing cache on ALL pages except main page. Thanks for any help. Alex Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267584,267584#msg-267584 From igor at sysoev.ru Wed Jun 15 05:58:55 2016 From: igor at sysoev.ru (Igor Sysoev) Date: Wed, 15 Jun 2016 08:58:55 +0300 Subject: Mapping non-empty $query_string In-Reply-To: <0a52bc338460029a249aec4c8bdfcacf.NginxMailingListEnglish@forum.nginx.org> References: <0a52bc338460029a249aec4c8bdfcacf.NginxMailingListEnglish@forum.nginx.org> Message-ID: On 15 Jun 2016, at 02:37, Supersmile2009 wrote: > Hi! > I'm running a Wordpress based website on my server, I've set up fastcgi > cache recently. Now I want to get rid of evil-ifs, that are used to detect > cache skipping cases, and replace them with map. > > I managed to convert all common ifs except this one, > > if ($query_string != "") { > set $skip_cache 1; > } > > I'm trying to replace it with non-evil map in http section. > > #skip cache if query string has at least one character > map $query_string $skip_cache { > "~.+" "1"; > } > > For some reason it doesn't work as intended. It starts bypassing cache on > ALL pages except main page. map $query_string $skip_cache { "" 0; default 1; } -- Igor Sysoev http://nginx.com From nginx-forum at forum.nginx.org Wed Jun 15 12:12:18 2016 From: nginx-forum at forum.nginx.org (Supersmile2009) Date: Wed, 15 Jun 2016 08:12:18 -0400 Subject: Mapping non-empty $query_string In-Reply-To: References: Message-ID: <7c65d20d84d84b08786104cd59ae11d0.NginxMailingListEnglish@forum.nginx.org> Already tried it, same result. Main page hits the cache, everything else - bypasses. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267584,267590#msg-267590 From nginx-forum at forum.nginx.org Wed Jun 15 13:51:43 2016 From: nginx-forum at forum.nginx.org (philipp) Date: Wed, 15 Jun 2016 09:51:43 -0400 Subject: error log truncates important infos In-Reply-To: <20160614145920.GE36620@mdounin.ru> References: <20160614145920.GE36620@mdounin.ru> Message-ID: Hmm I understand that limitation. But an attacker or a bad application can hide the important information which we need to identify the source of the problem. What about limiting the fastcgi output to 1024 bytes and appending this info with max 1024 bytes. client: 127.0.0.1, server: example.com, upstream: "fastcgi://unix:/var/run/php-fpm-example.com.sock:", host: "127.0.0.1" , request: "GET / HTTP/1.1" [fastcgi - output max 1024][request info: client, server, upstream, host, request - max 1024] This would ensure that client, server and upstream are always provided. Host and Request can be filled with "user generated" content, so you should put it to the end. This would ensure that an attacker cannot hide the important fields. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,267568,267592#msg-267592 From rpaprocki at fearnothingproductions.net Wed Jun 15 15:53:47 2016 From: rpaprocki at fearnothingproductions.net (Robert Paprocki) Date: Wed, 15 Jun 2016 08:53:47 -0700 Subject: error log truncates important infos In-Reply-To: References: <20160614145920.GE36620@mdounin.ru> Message-ID: If you're allowing user-generated output to be written directly to your logs without any sort of sanitation, you've got bigger problems to worry about :p Again, it doesn't really make sense to have your fcgi error sent here- why can't your fcgi process log elsewhere, and leaving the nginx error log for nginx issues? On Wed, Jun 15, 2016 at 6:51 AM, philipp wrote: > Hmm I understand that limitation. But an attacker or a bad application can > hide the important information which we need to identify the source of the > problem. > > What about limiting the fastcgi output to 1024 bytes and appending this > info > with max 1024 bytes. > client: 127.0.0.1, server: example.com, upstream: > "fastcgi://unix:/var/run/php-fpm-example.com.sock:", host: "127.0.0.1" , > request: "GET / HTTP/1.1" > > [fastcgi - output max 1024][request info: client, server, upstream, host, > request - max 1024] > > This would ensure that client, server and upstream are always provided. > Host > and Request can be filled with "user generated" content, so you should put > it to the end. This would ensure that an attacker cannot hide the important > fields. > > Posted at Nginx Forum: > https://forum.nginx.org/read.php?2,267568,267592#msg-267592 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From reallfqq-nginx at yahoo.fr Wed Jun 15 17:16:37 2016 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Wed, 15 Jun 2016 19:16:37 +0200 Subject: Mapping non-empty $query_string In-Reply-To: <7c65d20d84d84b08786104cd59ae11d0.NginxMailingListEnglish@forum.nginx.org> References: