From arut at nginx.com Thu Jun 1 14:29:23 2017 From: arut at nginx.com (Roman Arutyunyan) Date: Thu, 1 Jun 2017 17:29:23 +0300 Subject: [nginx-announce] nginx-1.13.1 In-Reply-To: References: <20170530151208.GX55433@mdounin.ru> Message-ID: <20170601142923.GJ77454@Romans-MacBook-Air.local> Hello Kevin, The issue is fixed by the following commit: http://hg.nginx.org/nginx/rev/716852cce913 You may apply this change manually to fix the build. On Tue, May 30, 2017 at 11:28:16AM -0400, Kevin Worthington wrote: > Hello! > > I am getting this error when trying to build on Cygwin: > > -o objs/src/os/unix/ngx_udp_send.o \ > src/os/unix/ngx_udp_send.c > cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g > -D FD_ > SETSIZE=2048 -I src/core -I src/event -I src/event/modules -I src/os/unix > -I /us > r/include/libxml2 -I objs \ > -o objs/src/os/unix/ngx_udp_sendmsg_chain.o \ > src/os/unix/ngx_udp_sendmsg_chain.c > src/os/unix/ngx_udp_sendmsg_chain.c: In function `ngx_sendmsg': > src/os/unix/ngx_udp_sendmsg_chain.c:274:16: error: `struct in_pktinfo' has > no me > mber named `ipi_spec_dst' > pkt->ipi_spec_dst = sin->sin_addr; > ^ > objs/Makefile:847: recipe for target > 'objs/src/os/unix/ngx_udp_sendmsg_chain.o' > failed > make[1]: *** [objs/src/os/unix/ngx_udp_sendmsg_chain.o] Error 1 > make[1]: Leaving directory '/home/kevin.worthington/nginx-1.13.1' > Makefile:8: recipe for target 'build' failed > make: *** [build] Error 2 > > Any help is greatly appreciated. Thanks. > > Best regards, > Kevin > -- > Kevin Worthington > kworthington AT gmail DOT com > https://kevinworthington.com/ > https://twitter.com/kworthington > > On Tue, May 30, 2017 at 11:12 AM, Maxim Dounin wrote: > > > Changes with nginx 1.13.1 30 May > > 2017 > > > > *) Feature: now a hostname can be used as the "set_real_ip_from" > > directive parameter. > > > > *) Feature: vim syntax highlighting scripts improvements. > > > > *) Feature: the "worker_cpu_affinity" directive now works on DragonFly > > BSD. > > Thanks to Sepherosa Ziehau. > > > > *) Bugfix: SSL renegotiation on backend connections did not work when > > using OpenSSL before 1.1.0. > > > > *) Workaround: nginx could not be built with Oracle Developer Studio > > 12.5. > > > > *) Workaround: now cache manager ignores long locked cache entries when > > cleaning cache based on the "max_size" parameter. > > > > *) Bugfix: client SSL connections were immediately closed if deferred > > accept and the "proxy_protocol" parameter of the "listen" directive > > were used. > > > > *) Bugfix: in the "proxy_cache_background_update" directive. > > > > *) Workaround: now the "tcp_nodelay" directive sets the TCP_NODELAY > > option before an SSL handshake. > > > > > > -- > > Maxim Dounin > > http://nginx.org/ > > _______________________________________________ > > nginx-announce mailing list > > nginx-announce at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx-announce > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -- Roman Arutyunyan From kworthington at gmail.com Thu Jun 1 17:35:47 2017 From: kworthington at gmail.com (Kevin Worthington) Date: Thu, 1 Jun 2017 13:35:47 -0400 Subject: [nginx-announce] nginx-1.13.1 In-Reply-To: <20170601142923.GJ77454@Romans-MacBook-Air.local> References: <20170530151208.GX55433@mdounin.ru> <20170601142923.GJ77454@Romans-MacBook-Air.local> Message-ID: I'll give it a try. Thanks Roman! Best regards, Kevin -- Kevin Worthington kworthington at gmail.com https://kevinworthington.com/ https://twitter.com/kworthington On Thu, Jun 1, 2017 at 10:29 AM, Roman Arutyunyan wrote: > Hello Kevin, > > The issue is fixed by the following commit: > > http://hg.nginx.org/nginx/rev/716852cce913 > > You may apply this change manually to fix the build. > > On Tue, May 30, 2017 at 11:28:16AM -0400, Kevin Worthington wrote: > > Hello! > > > > I am getting this error when trying to build on Cygwin: > > > > -o objs/src/os/unix/ngx_udp_send.o \ > > src/os/unix/ngx_udp_send.c > > cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g > > -D FD_ > > SETSIZE=2048 -I src/core -I src/event -I src/event/modules -I src/os/unix > > -I /us > > r/include/libxml2 -I objs \ > > -o objs/src/os/unix/ngx_udp_sendmsg_chain.o \ > > src/os/unix/ngx_udp_sendmsg_chain.c > > src/os/unix/ngx_udp_sendmsg_chain.c: In function `ngx_sendmsg': > > src/os/unix/ngx_udp_sendmsg_chain.c:274:16: error: `struct in_pktinfo' > has > > no me > > mber named `ipi_spec_dst' > > pkt->ipi_spec_dst = sin->sin_addr; > > ^ > > objs/Makefile:847: recipe for target > > 'objs/src/os/unix/ngx_udp_sendmsg_chain.o' > > failed > > make[1]: *** [objs/src/os/unix/ngx_udp_sendmsg_chain.o] Error 1 > > make[1]: Leaving directory '/home/kevin.worthington/nginx-1.13.1' > > Makefile:8: recipe for target 'build' failed > > make: *** [build] Error 2 > > > > Any help is greatly appreciated. Thanks. > > > > Best regards, > > Kevin > > -- > > Kevin Worthington > > kworthington AT gmail DOT com > > https://kevinworthington.com/ > > https://twitter.com/kworthington > > > > On Tue, May 30, 2017 at 11:12 AM, Maxim Dounin > wrote: > > > > > Changes with nginx 1.13.1 30 May > > > 2017 > > > > > > *) Feature: now a hostname can be used as the "set_real_ip_from" > > > directive parameter. > > > > > > *) Feature: vim syntax highlighting scripts improvements. > > > > > > *) Feature: the "worker_cpu_affinity" directive now works on > DragonFly > > > BSD. > > > Thanks to Sepherosa Ziehau. > > > > > > *) Bugfix: SSL renegotiation on backend connections did not work > when > > > using OpenSSL before 1.1.0. > > > > > > *) Workaround: nginx could not be built with Oracle Developer > Studio > > > 12.5. > > > > > > *) Workaround: now cache manager ignores long locked cache entries > when > > > cleaning cache based on the "max_size" parameter. > > > > > > *) Bugfix: client SSL connections were immediately closed if > deferred > > > accept and the "proxy_protocol" parameter of the "listen" > directive > > > were used. > > > > > > *) Bugfix: in the "proxy_cache_background_update" directive. > > > > > > *) Workaround: now the "tcp_nodelay" directive sets the TCP_NODELAY > > > option before an SSL handshake. > > > > > > > > > -- > > > Maxim Dounin > > > http://nginx.org/ > > > _______________________________________________ > > > nginx-announce mailing list > > > nginx-announce at nginx.org > > > http://mailman.nginx.org/mailman/listinfo/nginx-announce > > > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > > -- > Roman Arutyunyan > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Thu Jun 1 19:03:22 2017 From: nginx-forum at forum.nginx.org (themarcelor) Date: Thu, 01 Jun 2017 15:03:22 -0400 Subject: Help! backend tomcat server tries to perform Web Sockets handshake (HTTP 101) but Nginx never returns a response back to the client Message-ID: Hello, In a Kubernetes cluster, I have an Nginx server acting like a reverse proxy / TLS termination solution that proxypass requests to a backend Tomcat application that has some functionalities powered by Web Sockets (SockJS / Stomp). Unfortunately, the Web Sockets handshake never completes successfully. On the Client side, in my browser, I can see the following messages in the console: ``` Opening Web Socket... websockets-0.1.min.js:116 Whoops! Lost connection to https://myhost/stomp ``` Followed by a HTTP 504 Gateway Timeout websockets-0.1.min.js:72 WebSocket connection to 'wss://myhost/stomp/673/ugvpxc1lwmfjnung/websocket' failed: Error during WebSocket handshake: Unexpected response code: 504 -- On the tomcat side I have the following entry in the access log: 0:0:0:0:0:0:0:1,2017-06-01 16:53:36.915 +0000,4,GET,HTTP/1.1,"/stomp/673/ugvpxc1lwmfjnung/websocket",101,-,O,-,blablablabla,-,-,"Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36",-,,-,-,-,-,-,- Whereas, on the nginx access log I have the corresponding: 10.2.89.0 - - [01/Jun/2017:16:54:41 +0000] "GET /stomp/673/ugvpxc1lwmfjnung/websocket HTTP/1.1" 499 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36" "24.5.136.13" Now, according to what I've researched, the 499 code is presented when the client closes the connection, but I can't figure out why it would take so long for the response to return to the client. According to the timestamps from these two entries, these two events are separated by ~1 minute. What's going on here? Here a snippet from my nginx.conf, any assistance at this point is deeply appreciated: server { listen 9965 default_server ssl; listen [::]:9965 default_server ssl; resolver 127.0.0.1; server_name _; ssl_certificate /etc/ssl/certs/certificate.pem; ssl_certificate_key /etc/ssl/certs/key.pem; ssl_dhparam /etc/ssl/certs/dhparam.pem; client_max_body_size 2000M; location / { proxy_read_timeout 900; proxy_pass_header Server; proxy_http_version 1.1; proxy_set_header Host $host; #proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Upgrade 'websocket'; proxy_set_header Connection "upgrade"; proxy_pass http://localhost:15010; } -- Any ideas to troubleshoot this further? Kindest regards, -- Marcelo Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274580,274580#msg-274580 From kworthington at gmail.com Thu Jun 1 19:43:57 2017 From: kworthington at gmail.com (Kevin Worthington) Date: Thu, 1 Jun 2017 15:43:57 -0400 Subject: nginx-1.13.1 In-Reply-To: <20170530151201.GW55433@mdounin.ru> References: <20170530151201.GW55433@mdounin.ru> Message-ID: Hello Nginx users, Now available: Nginx 1.13.1 for Windows https://kevinworthington.com/nginxwin1131 (32-bit and 64-bit versions) These versions are to support legacy users who are already using Cygwin based builds of Nginx. Officially supported native Windows binaries are at nginx.org. Announcements are also available here: Twitter http://twitter.com/kworthington Google+ https://plus.google.com/+KevinWorthington/ Thank you, Kevin -- Kevin Worthington kworthington *@* (gmail] [dot} {com) http://kevinworthington.com/ http://twitter.com/kworthington https://plus.google.com/+KevinWorthington/ On Tue, May 30, 2017 at 11:12 AM, Maxim Dounin wrote: > Changes with nginx 1.13.1 30 May > 2017 > > *) Feature: now a hostname can be used as the "set_real_ip_from" > directive parameter. > > *) Feature: vim syntax highlighting scripts improvements. > > *) Feature: the "worker_cpu_affinity" directive now works on DragonFly > BSD. > Thanks to Sepherosa Ziehau. > > *) Bugfix: SSL renegotiation on backend connections did not work when > using OpenSSL before 1.1.0. > > *) Workaround: nginx could not be built with Oracle Developer Studio > 12.5. > > *) Workaround: now cache manager ignores long locked cache entries when > cleaning cache based on the "max_size" parameter. > > *) Bugfix: client SSL connections were immediately closed if deferred > accept and the "proxy_protocol" parameter of the "listen" directive > were used. > > *) Bugfix: in the "proxy_cache_background_update" directive. > > *) Workaround: now the "tcp_nodelay" directive sets the TCP_NODELAY > option before an SSL handshake. > > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From guilherme.e at gmail.com Fri Jun 2 02:00:25 2017 From: guilherme.e at gmail.com (Guilherme) Date: Thu, 1 Jun 2017 23:00:25 -0300 Subject: Same cached objects, but different body_bytes_sent Message-ID: I identified a strange behavior in my nginx/1.11.2. Same cached objects are returning different content length. In the logs below, body_bytes_sent changes intermittently between 215 and 3782 bytes. The correct length is 3782. (these objects are not being updated in this interval) xxxxxxxxxx - - [02/Jun/2017:01:29:06 +0000] "GET /img/app/bt_google_play.png HTTP/2.0" 200 *215* "xxxxxxxxxx" "Mozilla/5.0 (Linux; Android 6.0.1; SM-G600FY Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36" 42 215 10.571 "image/png" HIT xxxxxxxxxx - - [02/Jun/2017:01:29:50 +0000] "GET /img/app/bt_google_play.png HTTP/2.0" 200 *3782* "xxxxxxxxxx" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_2 like Mac OS X) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.0 Mobile/14F89 Safari/602.1" 32 3791 0.344 "image/png" HIT ** request_time is always high for the shorter requests* I'm ignoring Vary header in proxy_ignore_headers too. Any idea about this? Tks, Guilherme -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Fri Jun 2 06:40:31 2017 From: nginx-forum at forum.nginx.org (itpp2012) Date: Fri, 02 Jun 2017 02:40:31 -0400 Subject: Same cached objects, but different body_bytes_sent In-Reply-To: References: Message-ID: <2575b35a7ae41ca48041cc3b6e12e083.NginxMailingListEnglish@forum.nginx.org> Does Curl do the same thing from 2 different locations? looks like typical client behavior with partial matching (range request). Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274589,274592#msg-274592 From zchao1995 at gmail.com Fri Jun 2 06:45:22 2017 From: zchao1995 at gmail.com (Zhang Chao) Date: Thu, 1 Jun 2017 23:45:22 -0700 Subject: Same cached objects, but different body_bytes_sent In-Reply-To: References: Message-ID: Hi! Are you sure the client didn't close the connection when the body is transferring? On 2 June 2017 at 10:00:36, Guilherme (guilherme.e at gmail.com) wrote: I identified a strange behavior in my nginx/1.11.2. Same cached objects are returning different content length. In the logs below, body_bytes_sent changes intermittently between 215 and 3782 bytes. The correct length is 3782. (these objects are not being updated in this interval) xxxxxxxxxx - - [02/Jun/2017:01:29:06 +0000] "GET /img/app/bt_google_play.png HTTP/2.0" 200 *215* "xxxxxxxxxx" "Mozilla/5.0 (Linux; Android 6.0.1; SM-G600FY Build/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36" 42 215 10.571 "image/png" HIT xxxxxxxxxx - - [02/Jun/2017:01:29:50 +0000] "GET /img/app/bt_google_play.png HTTP/2.0" 200 *3782* "xxxxxxxxxx" "Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_2 like Mac OS X) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.0 Mobile/14F89 Safari/602.1" 32 3791 0.344 "image/png" HIT ** request_time is always high for the shorter requests* I'm ignoring Vary header in proxy_ignore_headers too. Any idea about this? Tks, Guilherme _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Fri Jun 2 14:51:33 2017 From: nginx-forum at forum.nginx.org (themarcelor) Date: Fri, 02 Jun 2017 10:51:33 -0400 Subject: Help! backend tomcat server tries to perform Web Sockets handshake (HTTP 101) but Nginx never returns a response back to the client In-Reply-To: References: Message-ID: Fixed. Had to replace the Classic AWS ELB with an ALB. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274580,274615#msg-274615 From guilherme.e at gmail.com Fri Jun 2 16:45:08 2017 From: guilherme.e at gmail.com (Guilherme) Date: Fri, 2 Jun 2017 13:45:08 -0300 Subject: Same cached objects, but different body_bytes_sent In-Reply-To: References: Message-ID: @itpp2012: I cant replicate the problem using curl from 2 different locations. Its not supposed to return 206 in range requests? @zhang_chao: I'm not sure about this, but its not supposed to return 499 in this case? Tks, Guilherme On Fri, Jun 2, 2017 at 3:45 AM, Zhang Chao wrote: > Hi! > > Are you sure the client didn't close the connection when the body is > transferring? > > > On 2 June 2017 at 10:00:36, Guilherme (guilherme.e at gmail.com) wrote: > > I identified a strange behavior in my nginx/1.11.2. Same cached objects > are returning different content length. In the logs below, body_bytes_sent > changes intermittently between 215 and 3782 bytes. The correct length is > 3782. (these objects are not being updated in this interval) > > xxxxxxxxxx - - [02/Jun/2017:01:29:06 +0000] "GET > /img/app/bt_google_play.png HTTP/2.0" 200 *215* "xxxxxxxxxx" "Mozilla/5.0 > (Linux; Android 6.0.1; SM-G600FY Build/MMB29M) AppleWebKit/537.36 (KHTML, > like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36" 42 215 10.571 > "image/png" HIT > xxxxxxxxxx - - [02/Jun/2017:01:29:50 +0000] "GET > /img/app/bt_google_play.png HTTP/2.0" 200 *3782* "xxxxxxxxxx" > "Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_2 like Mac OS X) > AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.0 Mobile/14F89 > Safari/602.1" 32 3791 0.344 "image/png" HIT > > ** request_time is always high for the shorter requests* > > I'm ignoring Vary header in proxy_ignore_headers too. > > Any idea about this? > > Tks, > > Guilherme > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Fri Jun 2 18:05:00 2017 From: nginx-forum at forum.nginx.org (itpp2012) Date: Fri, 02 Jun 2017 14:05:00 -0400 Subject: Same cached objects, but different body_bytes_sent In-Reply-To: References: Message-ID: <95de1cd472d0a87a3c352e679d6de4b4.NginxMailingListEnglish@forum.nginx.org> I can imagine a client only asking for the first 2xx bytes (where a 206 reply is not required) to compare against its local cache. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274589,274622#msg-274622 From murat.knecht at googlemail.com Sat Jun 3 06:31:40 2017 From: murat.knecht at googlemail.com (Murat Knecht) Date: Sat, 3 Jun 2017 14:31:40 +0800 Subject: Sometimes NGINX returns 405 on POST, when 504 GATEWAY TIMEOUT is expected Message-ID: Hey, yesterday I had a situation where NGINX *sometimes under some configurations* returned a 405 METHOD NOT ALLOWED, when it was supposed to return a 504 GATEWAY TIMEOUT. Since troubleshooting this took a while, and information that I found was fragmented, outdated, or inaccurate, I wrote a blog post about this. Maybe it helps others, including my future self, to understand and fix this behavior quicker: http://muratknecht.de/tech/why-nginx-returns-405-post-504-gateway-timeout-gotchas-error-page/ On SO, a related question was asked: https://stackoverflow.com/questions/42167669/nginx-405-not-allowed-fastcgi-timeout/44330457#44330457 Cheers, murat From dino.edwards at mydirectmail.net Sat Jun 3 13:38:11 2017 From: dino.edwards at mydirectmail.net (Dino Edwards) Date: Sat, 3 Jun 2017 13:38:11 +0000 Subject: "server" directive is not allowed here error Message-ID: <13937A461B5E0A40810939402AE476D60138F1B934@hdgexchange.deeztek.com> Hello, I'm hoping someone can help me with this nginx config issue that I'm having. I can't seem to figure out what the problem is. If I set with the a location directive "location /" it works fine. However, I seem to be having an issue with modsecurity breaking one of my applications, so I figured I split the nginx config into multiple location directives and disable modsecurity on the location with the broken application that I'm having a problem with and have it enabled on the ones that I don't have a problem with. So, let me start off with the config that actually works below: server { listen 443 ssl; server_name server.domain.tld; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; keepalive_timeout 70; ssl_certificate /etc/nginx/ssl/domain.tld.pem; ssl_certificate_key /etc/nginx/ssl/domain.tld.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_dhparam /etc/nginx/ssl/dhparam.pem; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; client_max_body_size 4G; set_real_ip_from 192.xxx.xxx.xxx; real_ip_header X-Real-IP; real_ip_recursive on; modsecurity on; location / { modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf; proxy_connect_timeout 3600; proxy_send_timeout 3600; proxy_read_timeout 3600; send_timeout 3600; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass https://server.domain.tld:9080; } } Unfortunately, in the config above modsecurity breaks one of my applications under the /web directory, so https://server.domain.tld:9080/web breaks. So, I setup the following config, where I removed "modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf" from the " location /web" directive. server { listen 443 ssl; server_name server.domain.tld; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"; keepalive_timeout 70; ssl_certificate /etc/nginx/ssl/domain.tld.pem; ssl_certificate_key /etc/nginx/ssl/domain.tld.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH'; ssl_dhparam /etc/nginx/ssl/dhparam.pem; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; client_max_body_size 4G; set_real_ip_from 192.xxx.xxx.xxx; real_ip_header X-Real-IP; real_ip_recursive on; modsecurity on; location /web { proxy_connect_timeout 3600; proxy_send_timeout 3600; proxy_read_timeout 3600; send_timeout 3600; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass https://server.domain.tld:9080:9080/web; } location /admin { modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf; proxy_connect_timeout 3600; proxy_send_timeout 3600; proxy_read_timeout 3600; send_timeout 3600; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass https://server.domain.tld:9080:9080/admin; } location /main { modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf; proxy_connect_timeout 3600; proxy_send_timeout 3600; proxy_read_timeout 3600; send_timeout 3600; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass https://server.domain.tld:9080:9080/main; } location /tasks { modsecurity_rules_file /usr/local/nginx/conf/modsecurity.conf; proxy_connect_timeout 3600; proxy_send_timeout 3600; proxy_read_timeout 3600; send_timeout 3600; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass https://server.domain.tld:9080:9080/tasks; } } However, the configuration below gives me the following error: [emerg] 19968#0: "server" directive is not allowed here in /usr/local/nginx/conf/sites-enabled/server.domain.tld-ssl:1 Googling the error, kept bring up results about the server directive being inside an http directive, which I don't obviously have or have a need for. I would appreciate some help on this. Thank you -------------- next part -------------- An HTML attachment was scrubbed... URL: From zchao1995 at gmail.com Sat Jun 3 13:47:31 2017 From: zchao1995 at gmail.com (Zhang Chao) Date: Sat, 3 Jun 2017 06:47:31 -0700 Subject: Same cached objects, but different body_bytes_sent In-Reply-To: References: Message-ID: Hi, Guilherme! The HTTP status code 499, which means client closed the connection before Nginx even sent one byte. As long as Nginx sent some bytes, 499 will not arise, and Nginx just record the code generated previously, also, i bet your log_format of your access_log is the default one provided by Nginx, it is helpless when we need to speculate whether client closed the connection. Maybe you can modify your log_format such as appending ?$http_content_length?, you can analysis this case by comparing the value of ?$http_content_length? and ?$body_bytes_sent?, of course the ?Accept-Encoding? header can never be passed. On 3 June 2017 at 00:45:09, Guilherme (guilherme.e at gmail.com) wrote: @itpp2012: I cant replicate the problem using curl from 2 different locations. Its not supposed to return 206 in range requests? @zhang_chao: I'm not sure about this, but its not supposed to return 499 in this case? Tks, Guilherme On Fri, Jun 2, 2017 at 3:45 AM, Zhang Chao wrote: > Hi! > > Are you sure the client didn't close the connection when the body is > transferring? > > > On 2 June 2017 at 10:00:36, Guilherme (guilherme.e at gmail.com) wrote: > > I identified a strange behavior in my nginx/1.11.2. Same cached objects > are returning different content length. In the logs below, body_bytes_sent > changes intermittently between 215 and 3782 bytes. The correct length is > 3782. (these objects are not being updated in this interval) > > xxxxxxxxxx - - [02/Jun/2017:01:29:06 +0000] "GET > /img/app/bt_google_play.png HTTP/2.0" 200 *215* "xxxxxxxxxx" "Mozilla/5.0 > (Linux; Android 6.0.1; SM-G600FY Build/MMB29M) AppleWebKit/537.36 (KHTML, > like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36" 42 215 10.571 > "image/png" HIT > xxxxxxxxxx - - [02/Jun/2017:01:29:50 +0000] "GET > /img/app/bt_google_play.png HTTP/2.0" 200 *3782* "xxxxxxxxxx" > "Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_2 like Mac OS X) > AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.0 Mobile/14F89 > Safari/602.1" 32 3791 0.344 "image/png" HIT > > ** request_time is always high for the shorter requests* > > I'm ignoring Vary header in proxy_ignore_headers too. > > Any idea about this? > > Tks, > > Guilherme > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From r at roze.lv Sat Jun 3 18:21:46 2017 From: r at roze.lv (Reinis Rozitis) Date: Sat, 3 Jun 2017 21:21:46 +0300 Subject: "server" directive is not allowed here error In-Reply-To: <13937A461B5E0A40810939402AE476D60138F1B934@hdgexchange.deeztek.com> References: <13937A461B5E0A40810939402AE476D60138F1B934@hdgexchange.deeztek.com> Message-ID: <002501d2dc96$42e31870$c8a94950$@roze.lv> > [emerg] 19968#0: "server" directive is not allowed here in /usr/local/nginx/conf/sites-enabled/server.domain.tld-ssl:1 > > Googling the error, kept bring up results about the server directive being inside an http directive, which I don?t obviously have or have a need for. I would appreciate some help on this. You can't have server {} block outside http {} ( http://nginx.org/en/docs/http/ngx_http_core_module.html#server ) So it has to be: http { server { // whatever goes here } } tt From yongtao_you at yahoo.com Sun Jun 4 03:44:09 2017 From: yongtao_you at yahoo.com (Yongtao You) Date: Sun, 4 Jun 2017 03:44:09 +0000 (UTC) Subject: Reverse proxy that forward requests to ALL upstream servers? References: <248163666.1505533.1496547849677.ref@mail.yahoo.com> Message-ID: <248163666.1505533.1496547849677@mail.yahoo.com> Hi, I have a rather special requirement. I need to setup a reverse proxy with multiple upstream servers, and whenever a POST request comes in, I want NGINX to forward the request to ALL the upstream servers. And the response code will be the highest (worst) one among all responses from the upstream servers. Is it doable? Thanks.Yongtao -------------- next part -------------- An HTML attachment was scrubbed... URL: From zchao1995 at gmail.com Sun Jun 4 07:09:52 2017 From: zchao1995 at gmail.com (Zhang Chao) Date: Sun, 4 Jun 2017 00:09:52 -0700 Subject: Reverse proxy that forward requests to ALL upstream servers? In-Reply-To: <248163666.1505533.1496547849677@mail.yahoo.com> References: <248163666.1505533.1496547849677.ref@mail.yahoo.com> <248163666.1505533.1496547849677@mail.yahoo.com> Message-ID: Hi! OpenResty is recommend in this case. You can combine it with the ngx_proxy module. On 4 June 2017 at 11:44:41, Yongtao You via nginx (nginx at nginx.org) wrote: Hi, I have a rather special requirement. I need to setup a reverse proxy with multiple upstream servers, and whenever a POST request comes in, I want NGINX to forward the request to ALL the upstream servers. And the response code will be the highest (worst) one among all responses from the upstream servers. Is it doable? Thanks. Yongtao _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From yongtao_you at yahoo.com Sun Jun 4 09:50:57 2017 From: yongtao_you at yahoo.com (Yongtao You) Date: Sun, 4 Jun 2017 09:50:57 +0000 (UTC) Subject: Reverse proxy that forward requests to ALL upstream servers? In-Reply-To: References: <248163666.1505533.1496547849677.ref@mail.yahoo.com> <248163666.1505533.1496547849677@mail.yahoo.com> Message-ID: <1828055330.1561621.1496569857554@mail.yahoo.com> I'll give it a try. Thanks!Yongtao On Sunday, June 4, 2017 3:09 PM, Zhang Chao wrote: #yiv7683529716 body {padding:1em;margin:auto;background:#fefefe;}#yiv7683529716 h1, #yiv7683529716 h2, #yiv7683529716 h3, #yiv7683529716 h4, #yiv7683529716 h5, #yiv7683529716 h6 {font-weight:bold;}#yiv7683529716 h1 {color:#000000;font-size:28pt;}#yiv7683529716 h2 {border-bottom:1px solid #CCCCCC;color:#000000;font-size:24px;}#yiv7683529716 h3 {font-size:18px;}#yiv7683529716 h4 {font-size:16px;}#yiv7683529716 h5 {font-size:14px;}#yiv7683529716 h6 {color:#777777;background-color:inherit;font-size:14px;}#yiv7683529716 hr {min-height:0.2em;border:0;color:#CCCCCC;background-color:#CCCCCC;display:inherit;}#yiv7683529716 p, #yiv7683529716 blockquote, #yiv7683529716 ul, #yiv7683529716 ol, #yiv7683529716 dl, #yiv7683529716 li, #yiv7683529716 table, #yiv7683529716 pre {margin:15px 0;}#yiv7683529716 a, #yiv7683529716 a:visited {color:#4183C4;background-color:inherit;text-decoration:none;}#yiv7683529716 #yiv7683529716message {border-radius:6px;border:1px solid #ccc;display:block;width:100%;min-height:60px;margin:6px 0px;}#yiv7683529716 button, #yiv7683529716 #yiv7683529716ws {font-size:12 pt;padding:4px 6px;border-radius:5px;border:1px solid #bbb;background-color:#eee;}#yiv7683529716 code, #yiv7683529716 pre, #yiv7683529716 #yiv7683529716ws, #yiv7683529716 #yiv7683529716message {font-family:Monaco;font-size:10pt;border-radius:3px;background-color:#F8F8F8;color:inherit;}#yiv7683529716 code {border:1px solid #EAEAEA;margin:0 2px;padding:0 5px;}#yiv7683529716 pre {border:1px solid #CCCCCC;overflow:auto;padding:4px 8px;}#yiv7683529716 #yiv7683529716 code {border:0;margin:0;padding:0;}#yiv7683529716 #yiv7683529716ws {background-color:#f8f8f8;}#yiv7683529716 .yiv7683529716bloop_markdown table {border-collapse:collapse;font-family:Helvetica, arial, freesans, clean, sans-serif;color:rgb(51, 51, 51);font-size:15px;line-height:25px;padding:0;}#yiv7683529716 .yiv7683529716bloop_markdown table tr {border-top:1px solid #cccccc;background-color:white;margin:0;padding:0;}#yiv7683529716 .yiv7683529716bloop_markdown table tr:nth-child {background-color:#f8f8f8;}#yiv7683529716 .yiv7683529716bloop_markdown table tr th {font-weight:bold;border:1px solid #cccccc;margin:0;padding:6px 13px;}#yiv7683529716 .yiv7683529716bloop_markdown table tr td {border:1px solid #cccccc;margin:0;padding:6px 13px;}#yiv7683529716 .yiv7683529716bloop_markdown table tr th :first-child, #yiv7683529716 table tr td :first-child {margin-top:0;}#yiv7683529716 .yiv7683529716bloop_markdown table tr th :last-child, #yiv7683529716 table tr td :last-child {margin-bottom:0;}#yiv7683529716 .yiv7683529716bloop_markdown blockquote{border-left:4px solid #dddddd;padding:0 15px;color:#777777;}#yiv7683529716 #yiv7683529716 :first-child {margin-top:0;}#yiv7683529716 #yiv7683529716 :last-child {margin-bottom:0;}#yiv7683529716 code, #yiv7683529716 pre, #yiv7683529716 #yiv7683529716ws, #yiv7683529716 #yiv7683529716message {word-wrap:normal;}#yiv7683529716 hr {display:inherit;}#yiv7683529716 .yiv7683529716bloop_markdown :first-child {}#yiv7683529716 code, #yiv7683529716 pre, #yiv7683529716 #yiv7683529716ws, #yiv7683529716 #yiv7683529716message {font-family:Menlo, Consolas, Liberation Mono, Courier, monospace;}#yiv7683529716 .yiv7683529716send {color:#77bb77;}#yiv7683529716 .yiv7683529716server {color:#7799bb;}#yiv7683529716 .yiv7683529716error {color:#AA0000;}Hi!OpenResty is recommend in this case. You can combine it with the ngx_proxy module.#yiv7683529716 body{font-family:Helvetica, Arial;font-size:13px;} On 4 June 2017 at 11:44:41, Yongtao You via nginx (nginx at nginx.org) wrote: Hi, I have arather special requirement. I need to setup a reverse proxy withmultiple upstream servers, and whenever a POST request comes in, Iwant NGINX to forward the request to ALL the upstream servers. Andthe response code will be the highest (worst) one among allresponses from the upstream servers. Is it doable? Thanks.Yongtao _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From dino.edwards at mydirectmail.net Sun Jun 4 10:28:44 2017 From: dino.edwards at mydirectmail.net (Dino Edwards) Date: Sun, 4 Jun 2017 10:28:44 +0000 Subject: "server" directive is not allowed here error In-Reply-To: <002501d2dc96$42e31870$c8a94950$@roze.lv> References: <13937A461B5E0A40810939402AE476D60138F1B934@hdgexchange.deeztek.com> <002501d2dc96$42e31870$c8a94950$@roze.lv> Message-ID: <13937A461B5E0A40810939402AE476D60138F1CF10@hdgexchange.deeztek.com> > You can't have server {} block outside http {} ( http://nginx.org/en/docs/http/ngx_http_core_module.html#server ) > So it has to be: > http { > server { > // whatever goes here > } > } That can't be right, because before I used the multiple location directives, I didn't have http and it worked fine. Regardless, I followed your advice and I got the following now: nginx: [emerg] "http" directive is not allowed here in /usr/local/nginx/conf/sites-enabled/ server.domain.tld -ssl:1 Thanks in advance From anoopalias01 at gmail.com Sun Jun 4 10:31:09 2017 From: anoopalias01 at gmail.com (Anoop Alias) Date: Sun, 4 Jun 2017 16:01:09 +0530 Subject: "server" directive is not allowed here error In-Reply-To: <13937A461B5E0A40810939402AE476D60138F1CF10@hdgexchange.deeztek.com> References: <13937A461B5E0A40810939402AE476D60138F1B934@hdgexchange.deeztek.com> <002501d2dc96$42e31870$c8a94950$@roze.lv> <13937A461B5E0A40810939402AE476D60138F1CF10@hdgexchange.deeztek.com> Message-ID: Hi Dino, I believe you have an unbalanced curly brace somewhere causing the error. You should check this in a text editor that can highlight syntax. On Sun, Jun 4, 2017 at 3:58 PM, Dino Edwards wrote: > > > You can't have server {} block outside http {} ( > http://nginx.org/en/docs/http/ngx_http_core_module.html#server ) > > > So it has to be: > > > http { > > server { > > // whatever goes here > > } > > } > > > That can't be right, because before I used the multiple location > directives, I didn't have http and it worked fine. Regardless, I followed > your advice and I got the following now: > > nginx: [emerg] "http" directive is not allowed here in > /usr/local/nginx/conf/sites-enabled/ server.domain.tld -ssl:1 > > Thanks in advance > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- *Anoop P Alias* -------------- next part -------------- An HTML attachment was scrubbed... URL: From jim at mailman-hosting.com Sun Jun 4 10:36:25 2017 From: jim at mailman-hosting.com (Jim Ohlstein) Date: Sun, 04 Jun 2017 06:36:25 -0400 Subject: "server" directive is not allowed here error In-Reply-To: <13937A461B5E0A40810939402AE476D60138F1CF10@hdgexchange.deeztek.com> References: <13937A461B5E0A40810939402AE476D60138F1B934@hdgexchange.deeztek.com> <002501d2dc96$42e31870$c8a94950$@roze.lv> <13937A461B5E0A40810939402AE476D60138F1CF10@hdgexchange.deeztek.com> Message-ID: <1496572585.1667.4.camel@mailman-hosting.com> On Sun, 2017-06-04 at 10:28 +0000, Dino Edwards wrote: > > > > You can't have server {} block outside http {} ( http://nginx.org/e > > n/docs/http/ngx_http_core_module.html#server ) > > > > So it has to be: > > > > http { > > server { > > ? // whatever goes here > > ?} > > } > > That can't be right, because before I used the multiple location > directives, I didn't have http and it worked fine. Regardless, I > followed your advice and I got the following now: > > nginx: [emerg] "http" directive is not allowed here in > /usr/local/nginx/conf/sites-enabled/ server.domain.tld -ssl:1 The "http" directive is likely in your main nginx.conf. For testing (not maintenance), you may try putting it all in one file so you can more easily find your error. Likely, as has been suggested, it is a misplaced curly brace ({ or }). > > Thanks in advance >? Jim Ohlstein Professional Mailman Hosting https://mailman-hosting.com/ From r at roze.lv Sun Jun 4 11:41:07 2017 From: r at roze.lv (Reinis Rozitis) Date: Sun, 4 Jun 2017 14:41:07 +0300 Subject: "server" directive is not allowed here error In-Reply-To: <13937A461B5E0A40810939402AE476D60138F1CF10@hdgexchange.deeztek.com> References: <13937A461B5E0A40810939402AE476D60138F1B934@hdgexchange.deeztek.com> <002501d2dc96$42e31870$c8a94950$@roze.lv> <13937A461B5E0A40810939402AE476D60138F1CF10@hdgexchange.deeztek.com> Message-ID: <002001d2dd27$7486cca0$5d9465e0$@roze.lv> > That can't be right, because before I used the multiple location directives, I > didn't have http and it worked fine. Regardless, I followed your advice and I got > the following now: As people have already pointed you probably have something like main config nginx.conf with: http { .. include sites-enabled/*; .. } where each separate config file indeed doesn't need an extra http {} but the different server{} blocks still end up being within a (single) http {}. > nginx: [emerg] "http" directive is not allowed here in > /usr/local/nginx/conf/sites-enabled/ server.domain.tld -ssl:1 Nginx includes/parses the files in the order they appear in the directory (sites-enabled/) - as it was stated you might try to check if the server file before " server.domain.tld -ssl" has a correct configuration (all the braces {} are closed etc). rr From peter_booth at me.com Sun Jun 4 12:58:15 2017 From: peter_booth at me.com (Peter Booth) Date: Sun, 04 Jun 2017 08:58:15 -0400 Subject: "server" directive is not allowed here error In-Reply-To: <002001d2dd27$7486cca0$5d9465e0$@roze.lv> References: <13937A461B5E0A40810939402AE476D60138F1B934@hdgexchange.deeztek.com> <002501d2dc96$42e31870$c8a94950$@roze.lv> <13937A461B5E0A40810939402AE476D60138F1CF10@hdgexchange.deeztek.com> <002001d2dd27$7486cca0$5d9465e0$@roze.lv> Message-ID: <884AC5B4-A1F3-4257-B946-5DE25162AA81@me.com> FWIWI have never understood the desire to have nginx configuration spread across multiple files. It just seems to invite error and make it harder to see what is going on. Perhaps if I worked for a hosting company I?d feel differently but on the sites that I have worked on, even with quite complicated, subtle caching logic the entire nginx.conf has been under 600 lines - not that different from a default Apache httpd.conf but with all configuration not 90% comments > On 4 Jun 2017, at 7:41 AM, Reinis Rozitis wrote: > >> That can't be right, because before I used the multiple location directives, I >> didn't have http and it worked fine. Regardless, I followed your advice and I got >> the following now: > > As people have already pointed you probably have something like main config nginx.conf with: > > http { > .. > include sites-enabled/*; > .. > } > > where each separate config file indeed doesn't need an extra http {} but the different server{} blocks still end up being within a (single) http {}. > > >> nginx: [emerg] "http" directive is not allowed here in >> /usr/local/nginx/conf/sites-enabled/ server.domain.tld -ssl:1 > > Nginx includes/parses the files in the order they appear in the directory (sites-enabled/) - as it was stated you might try to check if the server file before " server.domain.tld -ssl" has a correct configuration (all the braces {} are closed etc). > > rr > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From oscaretu at gmail.com Sun Jun 4 13:09:56 2017 From: oscaretu at gmail.com (oscaretu .) Date: Sun, 4 Jun 2017 15:09:56 +0200 Subject: "server" directive is not allowed here error In-Reply-To: <884AC5B4-A1F3-4257-B946-5DE25162AA81@me.com> References: <13937A461B5E0A40810939402AE476D60138F1B934@hdgexchange.deeztek.com> <002501d2dc96$42e31870$c8a94950$@roze.lv> <13937A461B5E0A40810939402AE476D60138F1CF10@hdgexchange.deeztek.com> <002001d2dd27$7486cca0$5d9465e0$@roze.lv> <884AC5B4-A1F3-4257-B946-5DE25162AA81@me.com> Message-ID: Hello, Peter. In the company where I work the file nginx.conf is bigger than 1 MB. Por each virtual server, there are lots of definitions that are almost equal. If I where the one who had to decide the file structure, I problably choose to use a different file for each virtual host, so when we have to create a new one, I just use a perl script to create the new one using some substitutions in one of the existing ones. So it is easy for my to watch the differences using a program like *meld* (or *tkdiff*, *kompare *or similar) There is a diffent approach, that is the inverse process: i've created a script that splits the whole nginx.conf file to create an individual file for each virtual host, and then I can compare a virtual host with another one using meld in a easy way. Then I delete all the individual temporal files. I think than having small files is less error-prone... Kind regards, Oscar On Sun, Jun 4, 2017 at 2:58 PM, Peter Booth wrote: > FWIWI have never understood the desire to have nginx configuration spread > across multiple files. > It just seems to invite error and make it harder to see what is going on. > > Perhaps if I worked for a hosting company I?d feel differently but on the > sites that I have worked on, > even with quite complicated, subtle caching logic the entire nginx.conf > has been under 600 lines - not > that different from a default Apache httpd.conf but with all configuration > not 90% comments > > > > On 4 Jun 2017, at 7:41 AM, Reinis Rozitis wrote: > > > >> That can't be right, because before I used the multiple location > directives, I > >> didn't have http and it worked fine. Regardless, I followed your advice > and I got > >> the following now: > > > > As people have already pointed you probably have something like main > config nginx.conf with: > > > > http { > > .. > > include sites-enabled/*; > > .. > > } > > > > where each separate config file indeed doesn't need an extra http {} but > the different server{} blocks still end up being within a (single) http {}. > > > > > >> nginx: [emerg] "http" directive is not allowed here in > >> /usr/local/nginx/conf/sites-enabled/ server.domain.tld -ssl:1 > > > > Nginx includes/parses the files in the order they appear in the > directory (sites-enabled/) - as it was stated you might try to check if the > server file before " server.domain.tld -ssl" has a correct configuration > (all the braces {} are closed etc). > > > > rr > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Oscar Fernandez Sierra oscaretu at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From anoopalias01 at gmail.com Sun Jun 4 13:15:48 2017 From: anoopalias01 at gmail.com (Anoop Alias) Date: Sun, 4 Jun 2017 18:45:48 +0530 Subject: "server" directive is not allowed here error In-Reply-To: <884AC5B4-A1F3-4257-B946-5DE25162AA81@me.com> References: <13937A461B5E0A40810939402AE476D60138F1B934@hdgexchange.deeztek.com> <002501d2dc96$42e31870$c8a94950$@roze.lv> <13937A461B5E0A40810939402AE476D60138F1CF10@hdgexchange.deeztek.com> <002001d2dd27$7486cca0$5d9465e0$@roze.lv> <884AC5B4-A1F3-4257-B946-5DE25162AA81@me.com> Message-ID: You can do nginx -T > mynginx.conf to have it in single file On Sun, Jun 4, 2017 at 6:28 PM, Peter Booth wrote: > FWIWI have never understood the desire to have nginx configuration spread > across multiple files. > It just seems to invite error and make it harder to see what is going on. > > Perhaps if I worked for a hosting company I?d feel differently but on the > sites that I have worked on, > even with quite complicated, subtle caching logic the entire nginx.conf > has been under 600 lines - not > that different from a default Apache httpd.conf but with all configuration > not 90% comments > > > > On 4 Jun 2017, at 7:41 AM, Reinis Rozitis wrote: > > > >> That can't be right, because before I used the multiple location > directives, I > >> didn't have http and it worked fine. Regardless, I followed your advice > and I got > >> the following now: > > > > As people have already pointed you probably have something like main > config nginx.conf with: > > > > http { > > .. > > include sites-enabled/*; > > .. > > } > > > > where each separate config file indeed doesn't need an extra http {} but > the different server{} blocks still end up being within a (single) http {}. > > > > > >> nginx: [emerg] "http" directive is not allowed here in > >> /usr/local/nginx/conf/sites-enabled/ server.domain.tld -ssl:1 > > > > Nginx includes/parses the files in the order they appear in the > directory (sites-enabled/) - as it was stated you might try to check if the > server file before " server.domain.tld -ssl" has a correct configuration > (all the braces {} are closed etc). > > > > rr > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- *Anoop P Alias* -------------- next part -------------- An HTML attachment was scrubbed... URL: From r at roze.lv Sun Jun 4 13:45:04 2017 From: r at roze.lv (Reinis Rozitis) Date: Sun, 4 Jun 2017 16:45:04 +0300 Subject: "server" directive is not allowed here error In-Reply-To: References: <13937A461B5E0A40810939402AE476D60138F1B934@hdgexchange.deeztek.com> <002501d2dc96$42e31870$c8a94950$@roze.lv> <13937A461B5E0A40810939402AE476D60138F1CF10@hdgexchange.deeztek.com> <002001d2dd27$7486cca0$5d9465e0$@roze.lv> <884AC5B4-A1F3-4257-B946-5DE25162AA81@me.com> Message-ID: <000501d2dd38$c5f68420$51e38c60$@roze.lv> > You can do > > nginx -T > mynginx.conf > > to have it in single file This doesn't produce a valid (immediately usable) nginx configuration though, just concats/dumps out all the various configuration files referenced from the main config. p.s. maybe it would make a sense to have a command line argument to export actually parsed (replace all the includes with actual file content) configuration. rr From smntov at gmail.com Sun Jun 4 19:56:11 2017 From: smntov at gmail.com (ST) Date: Sun, 04 Jun 2017 22:56:11 +0300 Subject: Proper way to convert an apache rewrite rule Message-ID: <1496606171.1413.6.camel@gmail.com> Hello, I'm new to nginx and try to move an old website from apache to nginx. While getting rid of the .htaccess file I've encountered following rewrite rule: RewriteCond %{QUERY_STRING} id=([^&]*) [NC,OR] RewriteCond %{QUERY_STRING} daily=([^&]*) [NC] RewriteCond %{REQUEST_URI} !mobSpecCycle [NC] RewriteCond %{REQUEST_URI} !mobSpecTheme [NC] RewriteRule ^rss\/mobSpec([^\/]+)/?$ /rss/mobSpec$1/mobSpec$1_%1.html [QSA,NC,L] Could you, please, help me to convert it to nginx "the right way"? Thank you in advance! From al-nginx at none.at Sun Jun 4 22:30:17 2017 From: al-nginx at none.at (Aleksandar Lazic) Date: Mon, 5 Jun 2017 00:30:17 +0200 Subject: Proper way to convert an apache rewrite rule In-Reply-To: <1496606171.1413.6.camel@gmail.com> References: <1496606171.1413.6.camel@gmail.com> Message-ID: <1849343311.20170605003017@none.at> Hi ST. ST wrote on 04.06.2017: > Hello, > I'm new to nginx and try to move an old website from apache to nginx. > While getting rid of the .htaccess file I've encountered following > rewrite rule: > > RewriteCond %{QUERY_STRING} id=([^&]*) [NC,OR] > RewriteCond %{QUERY_STRING} daily=([^&]*) [NC] > RewriteCond %{REQUEST_URI} !mobSpecCycle [NC] > RewriteCond %{REQUEST_URI} !mobSpecTheme [NC] > RewriteRule ^rss\/mobSpec([^\/]+)/?$ /rss/mobSpec$1/mobSpec$1_%1.html > [QSA,NC,L] > Could you, please, help me to convert it to nginx "the right way"? You have at least 2 options. https://winginx.com/en/htaccess http://nginx.org/en/docs/http/converting_rewrite_rules.html > Thank you in advance! -- Best Regards Aleks From smntov at gmail.com Mon Jun 5 12:28:09 2017 From: smntov at gmail.com (ST) Date: Mon, 05 Jun 2017 15:28:09 +0300 Subject: Redirect http:8080 to https:8443 Message-ID: <1496665689.1413.10.camel@gmail.com> Hello, I try to redirect http on port 8080 to https on port 8443 as follows, but it doesn't seem to work. http redirects to https, but the port remains the same - 8080. Why? Thank you! # redirect http to https server { listen 8080; server_name n.example.com; return 301 https://$host:8443/$request_uri; } server { listen 8443 ssl; server_name n.example.com; ... } From jim at mailman-hosting.com Mon Jun 5 12:43:17 2017 From: jim at mailman-hosting.com (Jim Ohlstein) Date: Mon, 05 Jun 2017 08:43:17 -0400 Subject: Redirect http:8080 to https:8443 In-Reply-To: <1496665689.1413.10.camel@gmail.com> References: <1496665689.1413.10.camel@gmail.com> Message-ID: <1496666597.1667.8.camel@mailman-hosting.com> On Mon, 2017-06-05 at 15:28 +0300, ST wrote: > Hello, > > I try to redirect http on port 8080 to https on port 8443 as follows, > but it doesn't seem to work. http redirects to https, but the port > remains the same - 8080. Why? > > Thank you! > > # redirect http to https > server { > ????listen 8080; > ????server_name n.example.com; > ????return 301 https://$host:8443/$request_uri; > } > > server { > ????????listen???8443 ssl; > server_name n.example.com; > ... > } This is _just a guess_, but "$host" may contain the port. Try using: return 301 https://n.example.com:8443$request_uri; -- Jim Ohlstein Professional Mailman Hosting https://mailman-hosting.com/ From miguelmclara at gmail.com Mon Jun 5 12:48:28 2017 From: miguelmclara at gmail.com (Miguel C) Date: Mon, 5 Jun 2017 13:48:28 +0100 Subject: Redirect http:8080 to https:8443 In-Reply-To: <1496666597.1667.8.camel@mailman-hosting.com> References: <1496665689.1413.10.camel@gmail.com> <1496666597.1667.8.camel@mailman-hosting.com> Message-ID: That should work, whats the output you get using curl or httpie. the same config works fine for me: $ curl -I http://127.0.0.1:8080 HTTP/1.1 301 Moved Permanently Server: nginx/1.10.0 (Ubuntu) Date: Mon, 05 Jun 2017 12:45:13 GMT Content-Type: text/html Content-Length: 194 Connection: keep-alive Location: https://127.0.0.1:8443/ <--------------------------------------- $ http -h http://127.0.0.1:8080 HTTP/1.1 301 Moved Permanently Connection: keep-alive Content-Length: 194 Content-Type: text/html Date: Mon, 05 Jun 2017 12:45:22 GMT Location: https://127.0.0.1:8443/ <-------------------------------------- Server: nginx/1.10.0 (Ubuntu) -------------- next part -------------- An HTML attachment was scrubbed... URL: From smntov at gmail.com Mon Jun 5 13:01:17 2017 From: smntov at gmail.com (ST) Date: Mon, 05 Jun 2017 16:01:17 +0300 Subject: Redirect http:8080 to https:8443 In-Reply-To: References: <1496665689.1413.10.camel@gmail.com> <1496666597.1667.8.camel@mailman-hosting.com> Message-ID: <1496667677.1413.13.camel@gmail.com> Thank you for the fast response. curl shows correct output, like yours, however in Chromium/Firefox only http redirects to https while port remains the same - 8080, so I get the error: "This site can?t provide a secure connection" If I clear cache it works sometimes... On Mon, 2017-06-05 at 13:48 +0100, Miguel C wrote: > That should work, whats the output you get using curl or httpie. > > the same config works fine for me: > > $ curl -I http://127.0.0.1:8080 > > > HTTP/1.1 301 Moved Permanently > Server: nginx/1.10.0 (Ubuntu) > Date: Mon, 05 Jun 2017 12:45:13 GMT > Content-Type: text/html > Content-Length: 194 > Connection: keep-alive > Location: https://127.0.0.1:8443/ > <--------------------------------------- > > > $ http -h http://127.0.0.1:8080 > > HTTP/1.1 301 Moved Permanently > Connection: keep-alive > Content-Length: 194 > Content-Type: text/html > Date: Mon, 05 Jun 2017 12:45:22 GMT > Location: https://127.0.0.1:8443/ > <-------------------------------------- > Server: nginx/1.10.0 (Ubuntu) > > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From blessjah at jacekowski.org Mon Jun 5 13:16:50 2017 From: blessjah at jacekowski.org (blessjah at jacekowski.org) Date: Mon, 5 Jun 2017 15:16:50 +0200 Subject: Redirect http:8080 to https:8443 In-Reply-To: <1496667677.1413.13.camel@gmail.com> References: <1496665689.1413.10.camel@gmail.com> <1496666597.1667.8.camel@mailman-hosting.com> <1496667677.1413.13.camel@gmail.com> Message-ID: <20170605131650.GA32277@jacekowski.org> On 06/05/17T16:01:17 +0300, ST wrote: > If I clear cache it works sometimes... > On Mon, 2017-06-05 at 13:48 +0100, Miguel C wrote: > > > > $ curl -I http://127.0.0.1:8080 > > > > > > HTTP/1.1 301 Moved Permanently Browsers may choose to aggresively cache 301 Moved Permanently responses. 302 Found is strongly preferred for testing. You may want to choose to stick with 302 for production use as well. Your browsers may have cached 301 already. https://stackoverflow.com/a/21396547 http://getluky.net/2010/12/14/301-redirects-cannot-be-undon/ Best regards, BlessJah From nginx-forum at forum.nginx.org Mon Jun 5 14:03:44 2017 From: nginx-forum at forum.nginx.org (rcutter) Date: Mon, 05 Jun 2017 10:03:44 -0400 Subject: Occasional successful upstreamed requests that don't get picked up In-Reply-To: <6ba71ed363ef09b512a37b17b2146723.NginxMailingListEnglish@forum.nginx.org> References: <6ba71ed363ef09b512a37b17b2146723.NginxMailingListEnglish@forum.nginx.org> Message-ID: Just to follow up on this post in case people find it in the future - we haven't found any evidence that there is an issue with NGINX or Kong. If folks experience this kind of issue, would recommend examining the network (to include tcpdumps, etc) to figure out what's really happening with dropped requests. Thanks for the reply, pbooth! -Ryan Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274267,274670#msg-274670 From smntov at gmail.com Mon Jun 5 14:13:56 2017 From: smntov at gmail.com (ST) Date: Mon, 05 Jun 2017 17:13:56 +0300 Subject: Redirect http:8080 to https:8443 In-Reply-To: <20170605131650.GA32277@jacekowski.org> References: <1496665689.1413.10.camel@gmail.com> <1496666597.1667.8.camel@mailman-hosting.com> <1496667677.1413.13.camel@gmail.com> <20170605131650.GA32277@jacekowski.org> Message-ID: <1496672036.1413.14.camel@gmail.com> Thank you very much! This solved the issue! On Mon, 2017-06-05 at 15:16 +0200, blessjah at jacekowski.org wrote: > On 06/05/17T16:01:17 +0300, ST wrote: > > If I clear cache it works sometimes... > > > On Mon, 2017-06-05 at 13:48 +0100, Miguel C wrote: > > > > > > $ curl -I http://127.0.0.1:8080 > > > > > > > > > HTTP/1.1 301 Moved Permanently > > Browsers may choose to aggresively cache 301 Moved Permanently responses. > 302 Found is strongly preferred for testing. You may want to choose to stick > with 302 for production use as well. > > Your browsers may have cached 301 already. > > https://stackoverflow.com/a/21396547 > http://getluky.net/2010/12/14/301-redirects-cannot-be-undon/ > > Best regards, > BlessJah > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From juan_barbancho_rsi at cajarural.com Mon Jun 5 14:16:55 2017 From: juan_barbancho_rsi at cajarural.com (juan_barbancho_rsi at cajarural.com) Date: Mon, 5 Jun 2017 16:16:55 +0200 Subject: Proxy parameter to nginx service Message-ID: Hi Guys, I need to use nginx to made a proxy_pass to some url, but I need to pass some proxy param in order to do not get the connection " upstream timed out (110: Connection timed out) " Some people know how I could pass the proxy envirnoment to nginx software. export http_proxy=http://USERNAME:PASSWORD at IP_PROXY:PORT_PROXY export https_proxy=http://USERNAME:PASSWORD at IP_PROXY:PORT_PROXY export ftp_proxy=http://USERNAME:PASSWORD at IP_PROXY:PORT_PROXY export no_proxy=localhost,127.0.0.0/8,127.0.1.1,127.0.1.1*,local.home, This confign run well in curl or yum. Saludos Juanp ------------ ADVERTENCIA LEGAL --------------- "Este mensaje puede contener INFORMACI?N CONFIDENCIAL, PRIVILEGIADA y/o DATOS DE CAR?CTER PERSONAL. Si usted no es el destinatario indicado en este mensaje (o el responsable de entregarlo al mismo) no debe copiar o entregar este mensaje a nadie m?s. En dicho caso le rogamos que destruya este mensaje y lo notifique al remitente. Por favor, indique inmediatamente si usted o su empresa no aceptan comunicaciones de este tipo por Internet. Las opiniones, conclusiones y dem?s informaci?n incluida en este mensaje que no est? relacionada con asuntos profesionales del Grupo Caja Rural se entender? que nunca se ha dado, ni est? respaldada por el mismo." ------------ LEGAL ADVICE --------------- "This message can contain restricted confidential information or personal data. If you are not the intended recipient (or the responsible to give it) you shouldn't copy or forward this message. If this message has been received by mistake, please, delete it and inform to addressee. If you or your company don't accept this kind of information by internet, please send us a notification inmediately. Grupo Caja Rural are not responsible for the opinions, conclusions, contents or any file attached included in this message, which were not related to professional matters.? ----------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From smntov at gmail.com Mon Jun 5 15:15:54 2017 From: smntov at gmail.com (ST) Date: Mon, 05 Jun 2017 18:15:54 +0300 Subject: back-reference from if() and rewrite? Message-ID: <1496675754.1413.27.camel@gmail.com> Hello, I need to translate following rule from apache to nginx: RewriteCond %{QUERY_STRING} id=([^&]*) [NC,OR] RewriteCond %{QUERY_STRING} daily=([^&]*) [NC] RewriteCond %{REQUEST_URI} !mobSpecCycle [NC] RewriteCond %{REQUEST_URI} !mobSpecTheme [NC] RewriteRule ^rss\/mobSpec([^\/]+)/?$ /rss/mobSpec$1/mobSpec$1_%1.html [QSA,NC,L] which, e.g. rewrites /rss/mobSpecArticle/?id=26422 into /rss/mobSpecArticle/mobSpecArticle_26422.html I started as follows if ($args ~ id=([^&]*)|daily=([^&]*)) { rewrite ^/rss\/mobSpec([^\/]+)/?$ /rss/mobSpec$1/mobSpec$1_$2.html last; } However I don't know how to backrefernce id=([^&]*) in the rewrite rule? I put $2 there, but it doesn't work... apache has %1 for back-referencing matches from the RewriteCond. 1. How do I back-referencing matches from if () in nginx within following rewrite? 2. Any ideas how I can add the last two condition? RewriteCond %{REQUEST_URI} !mobSpecCycle [NC] RewriteCond %{REQUEST_URI} !mobSpecTheme [NC] Thank you in advance! From leeon2013 at gmail.com Mon Jun 5 17:46:16 2017 From: leeon2013 at gmail.com (David Woodstuck) Date: Mon, 5 Jun 2017 13:46:16 -0400 Subject: How to proxy Message-ID: I have one proxy server(nginx) - such as nginx.mycom.com and three upstream servers - name1.mycom.com, name2.mycom.com name3.mycom.com for my one application. Contents from upstream servers have a lot of iframes which have different domains. I want to allow XSS for these different domains. I don't know how to achieve XSS for this application. For instance, when contents from name1.mycom.com has two iframes that their src are name1.mycom.com/content1 and name2.mycom.com/content2, can I do the following to achieve XSS? (1). replace name1.mycom.com/content1 with nginx.mycom.com/content1 replace name2.mycom.com/content1 with nginx.mycom.com/content2 add_header for XSS (2). When nginx.mycom.com/content1 request is coming, proxy to name1.mycom.com/content1 add_header for XSS (3). When nginx.mycom.com/content2 request is coming, proxy to name2.mycom.com/content2 add_header for XSS I only have limited knowledge of Nignx. I like to use NginxScript to achieve this goal. Can I do it in Nginx. I do appreciate your suggestion and some examples. David -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkewley at uci.edu Tue Jun 6 01:00:24 2017 From: dkewley at uci.edu (David Kewley) Date: Mon, 5 Jun 2017 18:00:24 -0700 Subject: source rpms missing? Message-ID: In http://nginx.org/packages/rhel/6/SRPMS/ I don't see nginx-1.12.0-1.el6.ngx.src.rpm as expected. Similar for RHEL 5 and 7, and for CentOS. This appears just to affect this release not (most of) the previous releases. Could the srpms be posted? If I should take a different route to raise this issue, please point me in the right direction. Thanks! David -------------- next part -------------- An HTML attachment was scrubbed... URL: From zchao1995 at gmail.com Tue Jun 6 01:42:35 2017 From: zchao1995 at gmail.com (Zhang Chao) Date: Mon, 5 Jun 2017 21:42:35 -0400 Subject: Proxy parameter to nginx service In-Reply-To: References: Message-ID: Hi I think it is tough by nguni itself, maybe you can use the ngx_lua, save the environment to Nginx variable, and use them in proxy_pass. On 5 June 2017 at 22:17:05, juan_barbancho_rsi at cajarural.com ( juan_barbancho_rsi at cajarural.com) wrote: Hi Guys, I need to use nginx to made a proxy_pass to some url, but I need to pass some proxy param in order to do not get the connection " upstream timed out (110: Connection timed out) " Some people know how I could pass the proxy envirnoment to nginx software. export http_proxy=http://USERNAME:PASSWORD at IP_PROXY:PORT_PROXY export https_proxy=http://USERNAME:PASSWORD at IP_PROXY:PORT_PROXY export ftp_proxy=http://USERNAME:PASSWORD at IP_PROXY:PORT_PROXY export no_proxy=localhost, 127.0.0.0/8,127.0.1.1,127.0.1.1*,local.home, This confign run well in curl or yum. Saludos Juanp ------------ ADVERTENCIA LEGAL --------------- "Este mensaje puede contener INFORMACI?N CONFIDENCIAL, PRIVILEGIADA y/o DATOS DE CAR?CTER PERSONAL. Si usted no es el destinatario indicado en este mensaje (o el responsable de entregarlo al mismo) no debe copiar o entregar este mensaje a nadie m?s. En dicho caso le rogamos que destruya este mensaje y lo notifique al remitente. Por favor, indique inmediatamente si usted o su empresa no aceptan comunicaciones de este tipo por Internet. Las opiniones, conclusiones y dem?s informaci?n incluida en este mensaje que no est? relacionada con asuntos profesionales del Grupo Caja Rural se entender? que nunca se ha dado, ni est? respaldada por el mismo." ------------ LEGAL ADVICE --------------- "This message can contain restricted confidential information or personal data. If you are not the intended recipient (or the responsible to give it) you shouldn't copy or forward this message. If this message has been received by mistake, please, delete it and inform to addressee. If you or your company don't accept this kind of information by internet, please send us a notification inmediately. Grupo Caja Rural are not responsible for the opinions, conclusions, contents or any file attached included in this message, which were not related to professional matters.? ----------------------------------------------- _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From dkewley at uci.edu Tue Jun 6 03:51:36 2017 From: dkewley at uci.edu (David Kewley) Date: Mon, 5 Jun 2017 20:51:36 -0700 Subject: source rpms missing? In-Reply-To: References: Message-ID: I just discovered that source rpms are also missing for the 1.13 mainline releases. David On Mon, Jun 5, 2017 at 6:00 PM, David Kewley wrote: > In http://nginx.org/packages/rhel/6/SRPMS/ I don't see > nginx-1.12.0-1.el6.ngx.src.rpm as expected. Similar for RHEL 5 and 7, and > for CentOS. This appears just to affect this release not (most of) the > previous releases. > > Could the srpms be posted? If I should take a different route to raise > this issue, please point me in the right direction. > > Thanks! > David > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From leeon2013 at gmail.com Tue Jun 6 04:27:04 2017 From: leeon2013 at gmail.com (David Woodstuck) Date: Tue, 6 Jun 2017 00:27:04 -0400 Subject: how to install nginx_substitutions_filter in existing Nginx Message-ID: I am a new Nginx user. I just install Nginx 1.12. I like to use nginx_substitutions_filter. I cannot figure out how to install nginx_substitutions_filter in previously existing Nginx. I found this url - http://www.newfreesoft.com/server/compiling_source_code_nginx_module_installation_subs_filter_1627/. Should I unstall Nginx first? Thanks, David -------------- next part -------------- An HTML attachment was scrubbed... URL: From juan_barbancho_rsi at cajarural.com Tue Jun 6 06:21:40 2017 From: juan_barbancho_rsi at cajarural.com (juan_barbancho_rsi at cajarural.com) Date: Tue, 6 Jun 2017 08:21:40 +0200 Subject: Proxy parameter to nginx service In-Reply-To: References: Message-ID: Hi, I thought that the use of proxy_pass could be the opction to pass the proxy environment var, in the ngnix.conf file. This may be at general level of only at proxy_pass level. Could be a improve for the nginx server ? Saludos Juanp ------------ ADVERTENCIA LEGAL --------------- "Este mensaje puede contener INFORMACI?N CONFIDENCIAL, PRIVILEGIADA y/o DATOS DE CAR?CTER PERSONAL. Si usted no es el destinatario indicado en este mensaje (o el responsable de entregarlo al mismo) no debe copiar o entregar este mensaje a nadie m?s. En dicho caso le rogamos que destruya este mensaje y lo notifique al remitente. Por favor, indique inmediatamente si usted o su empresa no aceptan comunicaciones de este tipo por Internet. Las opiniones, conclusiones y dem?s informaci?n incluida en este mensaje que no est? relacionada con asuntos profesionales del Grupo Caja Rural se entender? que nunca se ha dado, ni est? respaldada por el mismo." ------------ LEGAL ADVICE --------------- "This message can contain restricted confidential information or personal data. If you are not the intended recipient (or the responsible to give it) you shouldn't copy or forward this message. If this message has been received by mistake, please, delete it and inform to addressee. If you or your company don't accept this kind of information by internet, please send us a notification inmediately. Grupo Caja Rural are not responsible for the opinions, conclusions, contents or any file attached included in this message, which were not related to professional matters.? ----------------------------------------------- -------------- next part -------------- An HTML attachment was scrubbed... URL: From clicksmeh at mail.ru Tue Jun 6 07:06:57 2017 From: clicksmeh at mail.ru (=?UTF-8?B?0JDQvdGC0L7QvSDQp9C40LLQutGD0L3QvtCy?=) Date: Tue, 06 Jun 2017 10:06:57 +0300 Subject: SRP Support. Message-ID: <1496732817.79793585@f363.i.mail.ru> Hi all. Please kindly let me know if nginx (or nginx Plus) have support of SRP (Secure Remote Password Protocol) authentication? After checking nginx documentation and source code I guess the answer on my question will be ?NO?, but would like to get confirmation (may be I missed something). If SRP is not supported, then I suppose the only way to get it is to write new module by ourselves? Thank you in advance! BR/Anton. -------------- next part -------------- An HTML attachment was scrubbed... URL: From thresh at nginx.com Tue Jun 6 12:36:22 2017 From: thresh at nginx.com (Konstantin Pavlov) Date: Tue, 6 Jun 2017 15:36:22 +0300 Subject: source rpms missing? In-Reply-To: References: Message-ID: Hello, On 06/06/2017 04:00, David Kewley wrote: > In http://nginx.org/packages/rhel/6/SRPMS/ I don't see nginx-1.12.0-1.el6.ngx.src.rpm as expected. Similar for RHEL 5 and 7, and for CentOS. This appears just to affect this release not (most of) the previous releases. RHEL5 and CentOS5 are discontinued by the vendor, so don't expect SRPMS (or binary RPMS for that matter) to appear for those distributions. 6 and 7 is a different matter, though, thanks - will fix. > Could the srpms be posted? If I should take a different route to raise this issue, please point me in the right direction. You can use SRPMS from CentOS 6 until we fix the repositories: http://nginx.org/packages/centos/6/SRPMS/ - those are exactly the same source packages we use to provide RHEL binaries. Thank you, -- Join us at nginx.conf, Sept. 6-8, Portland, OR Konstantin Pavlov www.nginx.com From leeon2013 at gmail.com Tue Jun 6 13:13:55 2017 From: leeon2013 at gmail.com (David Woodstuck) Date: Tue, 6 Jun 2017 09:13:55 -0400 Subject: How to do proxy in this case Message-ID: I have one proxy server(nginx) - such as nginx.mycom.com and three upstream servers - name1.mycom.com, name2.mycom.com name3.mycom.com for my one application. Contents from upstream servers have a lot of iframes which have different domains. I want to allow XSS for these different domains. I don't know how to achieve XSS for this application. For instance, when contents from name1.mycom.com has two iframes that their src are name1.mycom.com/content1 and name2.mycom.com/content2, can I do the following to achieve XSS? (1). replace name1.mycom.com/content1 with nginx.mycom.com/content1 replace name2.mycom.com/content1 with nginx.mycom.com/content2 add_header for XSS (2). When nginx.mycom.com/content1 request is coming, proxy to name1.mycom.com/content1 add_header for XSS (3). When nginx.mycom.com/content2 request is coming, proxy to name2.mycom.com/content2 add_header for XSS I only have limited knowledge of Nignx. I like to use NginxScript to achieve this goal. Can I do it in Nginx. I do appreciate your suggestion and some examples. David -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Tue Jun 6 13:27:20 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 6 Jun 2017 16:27:20 +0300 Subject: SRP Support. In-Reply-To: <1496732817.79793585@f363.i.mail.ru> References: <1496732817.79793585@f363.i.mail.ru> Message-ID: <20170606132720.GF55433@mdounin.ru> Hello! On Tue, Jun 06, 2017 at 10:06:57AM +0300, ????? ???????? via nginx wrote: > Hi all. > Please kindly let me know if nginx (or nginx Plus) have support > of SRP (Secure Remote Password Protocol) authentication? > After checking nginx documentation and source code I guess the > answer on my question will be ?NO?, but would like to get > confirmation (may be I missed something). > If SRP is not supported, then I suppose the only way to get it > is to write new module by ourselves? No, SRP is not currently supported. BTW, you may want to check nginx-devel@ for preleminary patches about adding PSK support, which is somewhat related: http://mailman.nginx.org/pipermail/nginx-devel/2017-June/009995.html -- Maxim Dounin http://nginx.org/ From dkewley at uci.edu Tue Jun 6 15:29:27 2017 From: dkewley at uci.edu (David Kewley) Date: Tue, 6 Jun 2017 08:29:27 -0700 Subject: source rpms missing? In-Reply-To: References: Message-ID: Thanks Konstantin! I see this now: http://nginx.org/packages/centos/6/SRPMS/nginx-1.12.0-1.el6.ngx.src.rpm. Didn't see it yesterday, but maybe I was overlooking it. I did verify that the binary rpms for CentOS and RHEL are identical, so agreed that the CentOS srpm will meet my needs. David On Tue, Jun 6, 2017 at 5:36 AM, Konstantin Pavlov wrote: > Hello, > > On 06/06/2017 04:00, David Kewley wrote: > > In http://nginx.org/packages/rhel/6/SRPMS/ I don't see > nginx-1.12.0-1.el6.ngx.src.rpm as expected. Similar for RHEL 5 and 7, and > for CentOS. This appears just to affect this release not (most of) the > previous releases. > > RHEL5 and CentOS5 are discontinued by the vendor, so don't expect SRPMS > (or binary RPMS for that matter) to appear for those distributions. > > 6 and 7 is a different matter, though, thanks - will fix. > > > Could the srpms be posted? If I should take a different route to raise > this issue, please point me in the right direction. > > You can use SRPMS from CentOS 6 until we fix the repositories: > http://nginx.org/packages/centos/6/SRPMS/ - those are exactly the same > source packages we use to provide RHEL binaries. > > Thank you, > > -- > Join us at nginx.conf, Sept. 6-8, Portland, OR > Konstantin Pavlov > www.nginx.com > -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Tue Jun 6 16:39:25 2017 From: francis at daoine.org (Francis Daly) Date: Tue, 6 Jun 2017 17:39:25 +0100 Subject: Proxy parameter to nginx service In-Reply-To: References: Message-ID: <20170606163925.GB18356@daoine.org> On Mon, Jun 05, 2017 at 04:16:55PM +0200, juan_barbancho_rsi at cajarural.com wrote: Hi there, > I need to use nginx to made a proxy_pass to some url, but I need to pass > some proxy param in order to do not get the connection " upstream timed > out (110: Connection timed out) " Stock nginx does not talk to a proxy server. So you cannot do what you want in nginx without someone writing code. f -- Francis Daly francis at daoine.org From francis at daoine.org Tue Jun 6 17:21:49 2017 From: francis at daoine.org (Francis Daly) Date: Tue, 6 Jun 2017 18:21:49 +0100 Subject: how to install nginx_substitutions_filter in existing Nginx In-Reply-To: References: Message-ID: <20170606172149.GC18356@daoine.org> On Tue, Jun 06, 2017 at 12:27:04AM -0400, David Woodstuck wrote: Hi there, > I am a new Nginx user. I just install Nginx 1.12. I like to > use nginx_substitutions_filter. I cannot figure out how to install > nginx_substitutions_filter in previously existing Nginx. You (probably) don't. https://www.nginx.com/resources/admin-guide/installing-nginx-open-source/ describes how to build from source in general; https://www.nginx.com/resources/wiki/modules/substitutions/ describes how to include the modules you mention, in specific. > Should I unstall Nginx first? You can run "nginx -V" to see the "configure" arguments that were used to create your current version. Then add the extra bits that you want. Depending on precisely how you installed your current nginx, you probably *do* want to uninstall it before installing the new one. If your current nginx supports dynamic modules (1.12 does), and if this extra module you want supports being built as a dynamic module, then you may be able to build-and-add the module. I suspect that in your case, you will probably find more clear documentation on how to build-and-maintain a new nginx than how to build-and-maintain the extra module. I also suspect that, based on parallel mail threads, you probably do not need the extra module. It is still useful to know how to add a module that you want, so it is certainly worth trying it on a test system, at least. Good luck with it, f -- Francis Daly francis at daoine.org From Rafael.Cirolini at corp.terra.com Tue Jun 6 19:33:24 2017 From: Rafael.Cirolini at corp.terra.com (Rafael Cirolini) Date: Tue, 6 Jun 2017 19:33:24 +0000 Subject: Stale While Revalidate Expires Message-ID: We've just updated to 1.12 to use the stale-while-revalidate option. The application is who sends the cache-control header, like this: cache-control:max-age=180, stale-while-revalidate=60, stale-if-error=864000 If I understood how SWR works, the user shouldn't receive stale content after 180+60 seconds. But we are seing stale content after this time. X-Cache-Status: STALE Our DevOps team did a debug: 2017/05/22 15:14:31 [debug] 21376#21376: *44 http file cache expired: 4 1495476646 1495476871 2017/05/22 15:14:31 [debug] 21376#21376: *44 http upstream cache: 4 2017/05/22 15:14:31 [debug] 21376#21376: *44 http file cache send: /var/cache/nginx/d/d2/fb19e1c85db7bda5c92ce21530bf5d2d 2017/05/22 15:14:31 [debug] 21376#21376: *44 http ims:1491861925 lm:1491861925 2017/05/22 15:14:31 [debug] 21376#21376: *44 http script var: "STALE" The correct answer should be EXPIRED after the max-age+SWR time. It looks reasonble to you? Thanks. Rafael Cirolini Sup Programmatic & Digital Services Terra Global ________________________________ Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinat?rio, podem conter informa??o privilegiada ou confidencial e s?o de uso exclusivo da pessoa ou entidade de destino. Se n?o for destinat?rio desta mensagem, fica notificado de que a leitura, utiliza??o, divulga??o e/ou c?pia sem autoriza??o pode estar proibida em virtude da legisla??o vigente. Se recebeu esta mensagem por engano, pedimos que nos comunique imediatamente por esta mesma via e, em seguida, apague-a. Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener informaci?n privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted ?l destinatario indicado, queda notificado de que la lectura, utilizaci?n, divulgaci?n y/o copia sin autorizaci?n puede estar prohibida en virtud de la legislaci?n vigente. Si ha recibido este mensaje por error, le pedimos que nos lo comunique inmediatamente por esta misma v?a y proceda a su exclusi?n. The information contained in this transmissi?n is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Tue Jun 6 22:27:51 2017 From: francis at daoine.org (Francis Daly) Date: Tue, 6 Jun 2017 23:27:51 +0100 Subject: Active/Active NginX configuration In-Reply-To: <1207f84cfc6b555ab3924814ce00bf92.NginxMailingListEnglish@forum.nginx.org> References: <1207f84cfc6b555ab3924814ce00bf92.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170606222751.GD18356@daoine.org> On Tue, May 30, 2017 at 11:20:11AM -0400, kingstonsew wrote: Hi there, > I current have configured 2 NginX running on Red Had Enterprise Linux 7.3. > Both NginX will load balance a set of 4 application servers. The current > configuration for both of the NginX is active / passive by using keepalived > with a single virtual IP. > > I would like to know how to make the 2 NginX into an active/active > configuration without using round-robin DNS approach. Your active/passive setup is based on something external to nginx deciding whether the traffic goes to the nginx1 server or the nginx2 server. Your active/active setup will probably also be based on something external to nginx deciding whether the traffic goes to the nginx1 server or the nginx2 server. Probably you will want a load balancer. Many exist, including nginx: you can have a third server that reverse-proxies to either of your current servers. f -- Francis Daly francis at daoine.org From nginx-forum at forum.nginx.org Tue Jun 6 22:37:45 2017 From: nginx-forum at forum.nginx.org (ianwinter) Date: Tue, 06 Jun 2017 18:37:45 -0400 Subject: Convert Alias from apache (totally different root) Message-ID: <165fa120d454e1de5052c4a8ee57333a.NginxMailingListEnglish@forum.nginx.org> I've read the docs and understand how root and alias work within a location, but, neither can be used to convert what I've got in apache that I can see. Take the example `Alias /media /path/to/assets` in apache, the location and path are completely different (media doesn't form any part either in addition or removed). The issue in converting to a location with alias or root is monitoring is still there, or, excluded - I need a way to change the location to completely use a different document root otherwise I'm not sure how I can? location /media { root /path/to/assets; } Any advice appreciated! Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274717,274717#msg-274717 From nginx-forum at forum.nginx.org Wed Jun 7 01:41:42 2017 From: nginx-forum at forum.nginx.org (marcospaulo877) Date: Tue, 06 Jun 2017 21:41:42 -0400 Subject: Unable to start php-fpm In-Reply-To: <20120609125814.8db62a67.siefke_listen@web.de> References: <20120609125814.8db62a67.siefke_listen@web.de> Message-ID: <879f3158db12eba528d4ef922fb0aa77.NginxMailingListEnglish@forum.nginx.org> /etc/init.d/php-fpm restart Stopping php-fpm: [FAILED] Starting php-fpm: [07-Jun-2017 01:35:37] ERROR: [pool www] cannot get uid for user 'apache' [07-Jun-2017 01:35:37] ERROR: FPM initialization failed [FAILED] Posted at Nginx Forum: https://forum.nginx.org/read.php?2,225788,274718#msg-274718 From anoopalias01 at gmail.com Wed Jun 7 02:07:43 2017 From: anoopalias01 at gmail.com (Anoop Alias) Date: Wed, 7 Jun 2017 07:37:43 +0530 Subject: Unable to start php-fpm In-Reply-To: <879f3158db12eba528d4ef922fb0aa77.NginxMailingListEnglish@forum.nginx.org> References: <20120609125814.8db62a67.siefke_listen@web.de> <879f3158db12eba528d4ef922fb0aa77.NginxMailingListEnglish@forum.nginx.org> Message-ID: grep apache /etc/passwd should return something. FYI this has nothing to do with nginx On Wed, Jun 7, 2017 at 7:11 AM, marcospaulo877 wrote: > /etc/init.d/php-fpm restart > Stopping php-fpm: [FAILED] > Starting php-fpm: [07-Jun-2017 01:35:37] ERROR: [pool www] cannot get uid > for user 'apache' > [07-Jun-2017 01:35:37] ERROR: FPM initialization failed > [FAILED] > > Posted at Nginx Forum: https://forum.nginx.org/read. > php?2,225788,274718#msg-274718 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- *Anoop P Alias* -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Wed Jun 7 06:17:29 2017 From: francis at daoine.org (Francis Daly) Date: Wed, 7 Jun 2017 07:17:29 +0100 Subject: How to do proxy in this case In-Reply-To: References: Message-ID: <20170607061729.GE18356@daoine.org> On Tue, Jun 06, 2017 at 09:13:55AM -0400, David Woodstuck wrote: Hi there, > I have one proxy server(nginx) - such as nginx.mycom.com and three upstream > servers - name1.mycom.com, name2.mycom.com name3.mycom.com for my one > application. Contents from upstream servers have a lot of iframes which > have different domains. I want to allow XSS for these different domains. I > don't know how to achieve XSS for this application. If these different domains are all under your control; and if you want them to always work together as a single application; then if you configure things such that the three upstream servers have their content at different places in the url hierarchy, you can use nginx to simply reverse-proxy for all three. The browser will only ever talk to nginx using the server name nginx.mycom.com, so there is no XSS involved since there is only one S, and therefore no X. > For instance, when contents from name1.mycom.com has two iframes that their > src are name1.mycom.com/content1 and name2.mycom.com/content2, can I do the > following to achieve XSS? If you control things, I suggest it would be simpler to have all of the name1.mycom.com content below /content1; all of the name2.mycom.com content below content2; and all of the name3.mycom.com content below /content3. Then your iframes would not include the server name part, just the local part -- so your iframes would refer to /content1/ and /content2/ in this case. Your nginx conf would include fragments like location ^~ /content1/ { proxy_pass http://name1.mycom.com; } location ^~ /content2/ { proxy_pass http://name2.mycom.com; } location ^~ /content3/ { proxy_pass http://name3.mycom.com; } > (1). replace name1.mycom.com/content1 with nginx.mycom.com/content1 > replace name2.mycom.com/content1 with nginx.mycom.com/content2 > add_header for XSS You would not need to do that in the scheme above, since "name1" and "name2" should never exist in the content. > (2). When nginx.mycom.com/content1 request is coming, proxy to > name1.mycom.com/content1 That part you would do, with the config shown. > add_header for XSS That part you do not need, since there is no XSS. > (3). When nginx.mycom.com/content2 request is coming, proxy to > name2.mycom.com/content2 > add_header for XSS Same as (2). > I only have limited knowledge of Nignx. I like to use NginxScript to > achieve this goal. Can I do it in Nginx. I do appreciate your suggestion > and some examples. I would suggest avoiding the need for any kind of content rewriting, and just keeping the nginx side very simple. Get the overall system config the way you want it, and it should Just Work. Good luck with it, f -- Francis Daly francis at daoine.org From nginx-forum at forum.nginx.org Wed Jun 7 06:22:31 2017 From: nginx-forum at forum.nginx.org (prathour9) Date: Wed, 07 Jun 2017 02:22:31 -0400 Subject: How to log all headers in nginx? In-Reply-To: References: Message-ID: <8a1f240847d0b7b3331c2e34d45e2df3.NginxMailingListEnglish@forum.nginx.org> I want to log all the headers in client browser send to nginx.However known header i can log.But I want to log the all unknown headers. How can i log unknown header in nginx. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,251159,274722#msg-274722 From zchao1995 at gmail.com Wed Jun 7 06:25:04 2017 From: zchao1995 at gmail.com (Zhang Chao) Date: Tue, 6 Jun 2017 23:25:04 -0700 Subject: How to log all headers in nginx? In-Reply-To: <8a1f240847d0b7b3331c2e34d45e2df3.NginxMailingListEnglish@forum.nginx.org> References: <8a1f240847d0b7b3331c2e34d45e2df3.NginxMailingListEnglish@forum.nginx.org> Message-ID: You can traverse the list r->headers_in.headers. On 7 June 2017 at 14:22:38, prathour9 (nginx-forum at forum.nginx.org) wrote: I want to log all the headers in client browser send to nginx.However known header i can log.But I want to log the all unknown headers. How can i log unknown header in nginx. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,251159,274722#msg-274722 _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From zchao1995 at gmail.com Wed Jun 7 06:25:54 2017 From: zchao1995 at gmail.com (Zhang Chao) Date: Tue, 6 Jun 2017 23:25:54 -0700 Subject: How to log all headers in nginx? In-Reply-To: <8a1f240847d0b7b3331c2e34d45e2df3.NginxMailingListEnglish@forum.nginx.org> References: <8a1f240847d0b7b3331c2e34d45e2df3.NginxMailingListEnglish@forum.nginx.org> <8a1f240847d0b7b3331c2e34d45e2df3.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hi You can traverse the list r->headers_in.headers. On 7 June 2017 at 14:22:38, prathour9 (nginx-forum at forum.nginx.org) wrote: I want to log all the headers in client browser send to nginx.However known header i can log.But I want to log the all unknown headers. How can i log unknown header in nginx. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,251159,274722#msg-274722 _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Wed Jun 7 06:26:35 2017 From: nginx-forum at forum.nginx.org (tokers) Date: Wed, 07 Jun 2017 02:26:35 -0400 Subject: How to log all headers in nginx? In-Reply-To: <8a1f240847d0b7b3331c2e34d45e2df3.NginxMailingListEnglish@forum.nginx.org> References: <8a1f240847d0b7b3331c2e34d45e2df3.NginxMailingListEnglish@forum.nginx.org> Message-ID: You can traverse the list r->headers_in.headers. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,251159,274725#msg-274725 From nginx-forum at forum.nginx.org Wed Jun 7 06:55:11 2017 From: nginx-forum at forum.nginx.org (prathour9) Date: Wed, 07 Jun 2017 02:55:11 -0400 Subject: How to log all headers in nginx? In-Reply-To: References: Message-ID: Hi Toker,Thanks for reply.This is something i am already doing but i want nginx to do the same in nginx logging.I want to offload thit task from application to nginx. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,251159,274726#msg-274726 From nginx-forum at forum.nginx.org Wed Jun 7 06:56:17 2017 From: nginx-forum at forum.nginx.org (prathour9) Date: Wed, 07 Jun 2017 02:56:17 -0400 Subject: How to log all headers in nginx? In-Reply-To: References: Message-ID: prathour9 Wrote: ------------------------------------------------------- > Hi Toker,Thanks for reply.This is something i am already doing but i > want nginx to do the same in nginx logging.I want to offload this task > from application to nginx. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,251159,274727#msg-274727 From nginx-forum at forum.nginx.org Wed Jun 7 08:55:47 2017 From: nginx-forum at forum.nginx.org (ianwinter) Date: Wed, 07 Jun 2017 04:55:47 -0400 Subject: Convert Alias from apache (totally different root) In-Reply-To: <165fa120d454e1de5052c4a8ee57333a.NginxMailingListEnglish@forum.nginx.org> References: <165fa120d454e1de5052c4a8ee57333a.NginxMailingListEnglish@forum.nginx.org> Message-ID: <19b7121d6fe5b08d7c80e71ee9c398a6.NginxMailingListEnglish@forum.nginx.org> I think a location elsewhere (with deny/allow's) had been causing issues. I'm going to start from scratch on the server block and build it up slowly. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274717,274728#msg-274728 From francis at daoine.org Wed Jun 7 11:35:29 2017 From: francis at daoine.org (Francis Daly) Date: Wed, 7 Jun 2017 12:35:29 +0100 Subject: Convert Alias from apache (totally different root) In-Reply-To: <165fa120d454e1de5052c4a8ee57333a.NginxMailingListEnglish@forum.nginx.org> References: <165fa120d454e1de5052c4a8ee57333a.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170607113529.GF18356@daoine.org> On Tue, Jun 06, 2017 at 06:37:45PM -0400, ianwinter wrote: Hi there, > I've read the docs and understand how root and alias work within a location, > but, neither can be used to convert what I've got in apache that I can see. > > Take the example `Alias /media /path/to/assets` in apache, the location and > path are completely different (media doesn't form any part either in > addition or removed). I'm not fully sure what you mean here, but I think that the above Apache config means that a request for the url /media/file.png will be served from the file /path/to/assets/file.png. Something similar in nginx would be like location /media { alias /path/to/assets; } but it is probably better in nginx to use something like location ^~ /media/ { alias /path/to/assets/; } in case you have top-level regex locations that might interfere. > The issue in converting to a location with alias or root is monitoring is > still there, or, excluded - I need a way to change the location to > completely use a different document root otherwise I'm not sure how I can? > > location /media { root /path/to/assets; } That should lead to a request for the url /media/file.png being served from the file /path/to/assets/media/file.png. That is probably not what you want here. f -- Francis Daly francis at daoine.org From phil at pricom.com.au Wed Jun 7 13:10:50 2017 From: phil at pricom.com.au (Philip Rhoades) Date: Wed, 07 Jun 2017 23:10:50 +1000 Subject: CGI upstream problem Message-ID: <0f4bd9ab7fef9f199fd7e8c76cf67833@pricom.com.au> People, I have a number of Ruby test?.cgi scripts that work fine but this one shows an error:fb_chatbot4.cg 2017/06/07 21:32:22 [debug] 15522#0: *32 http upstream check client, write event:1, "/cgi-bin/fb_chatbot4.cgi" 2017/06/07 21:32:22 [debug] 15522#0: *32 http upstream recv(): -1 (11: Resource temporarily unavailable) Of course it is more complicated than the little test scripts but it has been working fine for a while and then stopped a few days ago without me noticing - I can't think what I might have done that has changed the situation . . The chatbot is running and listening on the right port and can be talked to via local and remote shell scripts OK . . If I run the fb_chatbot4.cgi script with test data it also works OK (instead of trying to connect from Facebook Messenger -> nginx). Anyone got suggestions about how to debug further? System: Fedora 25 x86_64 nginx-1.10.2-1.fc25.x86_64 fcgi-2.4.0-29.fc24.x86_64 fcgiwrap-1.1.0-4.20150530git99c942c.fc25.x86_64 Thanks, Phil. -- Philip Rhoades PO Box 896 Cowra NSW 2794 Australia E-mail: phil at pricom.com.au From mdounin at mdounin.ru Wed Jun 7 14:26:45 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 7 Jun 2017 17:26:45 +0300 Subject: Stale While Revalidate Expires In-Reply-To: References: Message-ID: <20170607142645.GR55433@mdounin.ru> Hello! On Tue, Jun 06, 2017 at 07:33:24PM +0000, Rafael Cirolini wrote: > We've just updated to 1.12 to use the stale-while-revalidate option. > > The application is who sends the cache-control header, like this: > cache-control:max-age=180, stale-while-revalidate=60, stale-if-error=864000 > > If I understood how SWR works, the user shouldn't receive stale content after 180+60 seconds. > > But we are seing stale content after this time. > X-Cache-Status: STALE > > Our DevOps team did a debug: > 2017/05/22 15:14:31 [debug] 21376#21376: *44 http file cache expired: 4 1495476646 1495476871 > 2017/05/22 15:14:31 [debug] 21376#21376: *44 http upstream cache: 4 > 2017/05/22 15:14:31 [debug] 21376#21376: *44 http file cache send: /var/cache/nginx/d/d2/fb19e1c85db7bda5c92ce21530bf5d2d > 2017/05/22 15:14:31 [debug] 21376#21376: *44 http ims:1491861925 lm:1491861925 > 2017/05/22 15:14:31 [debug] 21376#21376: *44 http script var: "STALE" > > The correct answer should be EXPIRED after the max-age+SWR time. > > It looks reasonble to you? The behaviour depends on whether you use "proxy_cache_use_stale updating" in your configuration or not: - If it is explicitly configured, it takes precedence over "Cache-Control: stale-while-revalidate=", and nginx will use any stale response available. - If not configured, nginx will follow "stale-while-revalidate=" specified in the response. The debug log provided suggests that the configuration uses "proxy_cache_use_stale updating" and "proxy_cache_background_update on". -- Maxim Dounin http://nginx.org/ From nginx-forum at forum.nginx.org Wed Jun 7 21:00:55 2017 From: nginx-forum at forum.nginx.org (iivan) Date: Wed, 07 Jun 2017 17:00:55 -0400 Subject: Nginx rule for subdomains: ERR_TOO_MANY_REDIRECTS In-Reply-To: References: Message-ID: Hi, do not you have any suggestions for me? ???? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274541,274751#msg-274751 From igal at lucee.org Wed Jun 7 22:25:47 2017 From: igal at lucee.org (Igal @ Lucee.org) Date: Wed, 7 Jun 2017 15:25:47 -0700 Subject: Nginx rule for subdomains: ERR_TOO_MANY_REDIRECTS In-Reply-To: References: Message-ID: <5fef23a7-830e-6d84-b091-f651de796735@lucee.org> On 5/31/2017 2:58 AM, iivan wrote: > I updated nginx to version 1.13.0 > > This rule that was working correctly right now makes me mistake in the > browser: ERR_TOO_MANY_REDIRECTS > > if ($host ~* ^(.*)\.website\.com$) { > > set $sub_domain $1; > rewrite ^/(.*)?$ > /index.cfm?event=dashboard&lista=$sub_domain&nuovoURL=$1 last; > > } ERR_TOO_MANY_REDIRECTS usually means that you have an infinite loop, which makes sense to me because you run this rule for every subdomain, including the rewritten one, causing the rewritten URL to be rewritten over and over again. You need to rewrite it to a subdomain that would not match that rule. Igal Sapir Lucee Core Developer Lucee.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From friedrich.locke at gmail.com Wed Jun 7 22:55:01 2017 From: friedrich.locke at gmail.com (Friedrich Locke) Date: Wed, 7 Jun 2017 19:55:01 -0300 Subject: freebsd+nginx+sso+krb5 Message-ID: Hi folks, thanks for your quality project. I am in need to use nginx with support for sso and kerberos authentication too. I am using freebsd as my server OS. I wonder if there is anybody in this list using fbsd+nginx+kerb+sso ? Does the nginx that comes with fbsd ports already support this scenario ? Thanks in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Thu Jun 8 07:59:19 2017 From: nginx-forum at forum.nginx.org (iivan) Date: Thu, 08 Jun 2017 03:59:19 -0400 Subject: Nginx rule for subdomains: ERR_TOO_MANY_REDIRECTS In-Reply-To: <5fef23a7-830e-6d84-b091-f651de796735@lucee.org> References: <5fef23a7-830e-6d84-b091-f651de796735@lucee.org> Message-ID: Hi Igal, Firstly, thank you for your answer. I also like to find you on this forum (I am a lucee user :) ), Can you give me a tip how to do it? Here's the full configuration file: https://gist.github.com/ivanionut/946468ce86086a55937e92c7249e3ed7 It was working correctly before the upgrade to the latest version. Ivan Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274541,274758#msg-274758 From gfrankliu at gmail.com Thu Jun 8 08:10:25 2017 From: gfrankliu at gmail.com (Frank Liu) Date: Thu, 8 Jun 2017 01:10:25 -0700 Subject: upstream 429 and non-idempotent request Message-ID: In case of upstream returning 429, I'd like to have nginx retry next upstream server. Since nginx by default won't retry non-idempotent requests, how do I force nginx to retry when receiving 429? I imagine this should be the default behavior anyway, or does nginx not care about returning code and will never retry non-idempotent? Thanks! Frank -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at der-ingo.de Thu Jun 8 14:42:19 2017 From: lists at der-ingo.de (Ingo Lafrenz) Date: Thu, 8 Jun 2017 16:42:19 +0200 Subject: back-reference from if() and rewrite? In-Reply-To: <1496675754.1413.27.camel@gmail.com> References: <1496675754.1413.27.camel@gmail.com> Message-ID: <404e102f-9450-9133-972e-3bc5349d2067@der-ingo.de> Hi, Let me give you a couple of hints (esp when you come from Apache): - stop thinking like you have apache. nginx and apache are fundamentally different when it comes to rewriting - nginx rewrites only consider the location part of the URL during matching, so whenever you need to do work based on mutliple arguments, you are in trouble with nginx (not really, it's just very different and sometimes almost impossible) - if is evil (google it! ;-)). If you need multiple ifs you are probably doing something in the webserver which should be done elsewhere (e.g. backend). - there is no need to parse arguments with regex, use the $arg_ variables of nginx (argument id will be variable $arg_id, see http://nginx.org/en/docs/varindex.html) - your back references in if don't work, because you have also back references in your rewrite, so the rewrite overwrites your if back reference variables - you can use named back references, e.g. id=(?[^&]*) which creates a variable named $id - always try to create locations with = or with ^~, use regex only if you really have to, also make sure you understand the precedence of location evaluation rules - maps are very powerful and useful in nginx. you can replace a lot of if logic with clever maps and rewrites and internal locations (see example at end) Have a look at this: # create locations for urls that should not be processed by your rewrite logic (see your question nr 2) location ^~ /rss/mobSpecCycle {} location ^~ /rss/mobSpecTheme {} # actual rewrite logic happens here location ^~ /rss/mobSpec { # only rewrite if id argument is present, otherwise you have a redirect loop if ($arg_id) { rewrite ^/rss/mobSpec([^\/]+)/$ /rss/mobSpec$1/mobSpec$1_$arg_id.html? permanent; } } I have made one simplification: I do not consider the "daily" argument, since it was not used in your example. Please take this only as a starting point, I haven't put much testing into this. Here the example with maps (map is global, not inside server block): map $uri $cacheable_uri { default "/NOCACHE"; "/catalog/" "/CACHE"; "/main/" "/CACHE"; "~^/products/.*" "/CACHE"; } and then in your server: location / { rewrite ^ $cacheable_uri$uri last; } location ^~ /CACHE/ { internal; rewrite ^/CACHE/(.*) /$1 break; proxy_cache cache_zone; # any directive you only want to make for cacheable uris proxy_pass http://backend; } location ^~ /NOCACHE/ { internal; rewrite ^/NOCACHE/(.*) /$1 break; proxy_pass http://backend; } This is just a simplified example to show how to avoid ifs using maps and rewrites. This rewrites every url and prepends it with either CACHE or NOCACHE. Then I have internal locations (you cant access them directly, only through rewrites) where I delete the prefix again, but inside the location I have specific directives. I hope that gets you started to "think in nginx way"! Good luck with nginx, you will love it! Cheers, Ingo =;-> > Hello, > > I need to translate following rule from apache to nginx: > > RewriteCond %{QUERY_STRING} id=([^&]*) [NC,OR] > RewriteCond %{QUERY_STRING} daily=([^&]*) [NC] > RewriteCond %{REQUEST_URI} !mobSpecCycle [NC] > RewriteCond %{REQUEST_URI} !mobSpecTheme [NC] > RewriteRule ^rss\/mobSpec([^\/]+)/?$ /rss/mobSpec$1/mobSpec$1_%1.html > [QSA,NC,L] > > which, e.g. rewrites > > /rss/mobSpecArticle/?id=26422 > > into > > /rss/mobSpecArticle/mobSpecArticle_26422.html > > I started as follows > > if ($args ~ id=([^&]*)|daily=([^&]*)) { > rewrite ^/rss\/mobSpec([^\/]+)/?$ /rss/mobSpec$1/mobSpec$1_$2.html > last; > } > > However I don't know how to backrefernce id=([^&]*) in the rewrite rule? > I put $2 there, but it doesn't work... apache has %1 for > back-referencing matches from the RewriteCond. > > 1. How do I back-referencing matches from if () in nginx within > following rewrite? > > 2. Any ideas how I can add the last two condition? > RewriteCond %{REQUEST_URI} !mobSpecCycle [NC] > RewriteCond %{REQUEST_URI} !mobSpecTheme [NC] > > Thank you in advance! > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Thu Jun 8 15:20:04 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 8 Jun 2017 18:20:04 +0300 Subject: upstream 429 and non-idempotent request In-Reply-To: References: Message-ID: <20170608152004.GV55433@mdounin.ru> Hello! On Thu, Jun 08, 2017 at 01:10:25AM -0700, Frank Liu wrote: > In case of upstream returning 429, I'd like to have nginx retry next > upstream server. Since nginx by default won't retry non-idempotent > requests, how do I force nginx to retry when receiving 429? I imagine this > should be the default behavior anyway, or does nginx not care about > returning code and will never retry non-idempotent? Non-idemportent requests are not retried as long as the request is already sent, regardless of a particular error. If you want nginx to retry non-idempotent requests, you can do so with "proxy_next_upstream non-idempotent;", see http://nginx.org/r/proxy_next_upstream. -- Maxim Dounin http://nginx.org/ From owen at nginx.com Thu Jun 8 16:28:27 2017 From: owen at nginx.com (Owen Garrett) Date: Thu, 8 Jun 2017 17:28:27 +0100 Subject: 2017 NGINX User Survey: Help Us Shape the Future Message-ID: <81CA4E9B-1D08-4378-89F1-47203E4486BE@nginx.com> It?s that time of year for the annual NGINX User Survey. We're always eager to hear about your experiences to help us evolve, improve and shape our product roadmap. Please take ten minutes to share your thoughts: http://survey.newkind.com/r/rSzd0p89/ Thank you in advance, Owen --- owen at nginx.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From gfrankliu at gmail.com Thu Jun 8 16:55:05 2017 From: gfrankliu at gmail.com (Frank Liu) Date: Thu, 8 Jun 2017 09:55:05 -0700 Subject: upstream 429 and non-idempotent request In-Reply-To: <20170608152004.GV55433@mdounin.ru> References: <20170608152004.GV55433@mdounin.ru> Message-ID: I fully understand the rationale of not retrying non-idempotent requests if they are already sent, but in case of 429 (maybe other cases as well), I don't see an issue of retrying even if request is sent. It would be better if we can selectively do something like "proxy_next_upstream non-idempotent-http_429;" or whatever http code that we know safe. On Thu, Jun 8, 2017 at 8:20 AM, Maxim Dounin wrote: > Hello! > > On Thu, Jun 08, 2017 at 01:10:25AM -0700, Frank Liu wrote: > > > In case of upstream returning 429, I'd like to have nginx retry next > > upstream server. Since nginx by default won't retry non-idempotent > > requests, how do I force nginx to retry when receiving 429? I imagine > this > > should be the default behavior anyway, or does nginx not care about > > returning code and will never retry non-idempotent? > > Non-idemportent requests are not retried as long as the request is > already sent, regardless of a particular error. If you want nginx > to retry non-idempotent requests, you can do so with > "proxy_next_upstream non-idempotent;", see > http://nginx.org/r/proxy_next_upstream. > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From guilherme.e at gmail.com Thu Jun 8 22:26:40 2017 From: guilherme.e at gmail.com (Guilherme) Date: Thu, 8 Jun 2017 19:26:40 -0300 Subject: Same cached objects, but different body_bytes_sent In-Reply-To: References: Message-ID: Thanks for your response, Zhang. I included content-length in log_format to see: y.y.y.y - [08/Jun/2017:22:15:46 +0000] "GET /image.jpg HTTP/2.0" 200 466 HIT "Mozilla/5.0 (Linux; Android 5.0.1; GT-I9515L Build/LRX22C) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile Safari/537.36" 44 466 2.384 "image/jpeg" 21221 x.x.x.x - [08/Jun/2017:22:15:46 +0000] "GET /image.jpg HTTP/2.0" 200 21687 HIT "Mozilla/5.0 (Linux; Android 5.0; SM-G900F Build/LRX21T) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile Safari/537.36" 41 21714 7.786 "image/jpeg" 21221 *log_format:* $remote_addr $remote_user [$time_local] "$request" $status $body_bytes_sent $upstream_cache_status "$http_user_agent" $request_length $bytes_sent $request_time "$sent_http_content_type" $sent_http_content_length'; Any idea? On Sat, Jun 3, 2017 at 10:47 AM, Zhang Chao wrote: > Hi, Guilherme! > > The HTTP status code 499, which means client closed the connection before > Nginx even sent one byte. > As long as Nginx sent some bytes, 499 will not arise, and Nginx just > record the code generated previously, also, i bet your log_format of your > access_log is the default one provided by Nginx, it is helpless when we > need to speculate whether > client closed the connection. Maybe you can modify your log_format such as > appending ?$http_content_length?, you can analysis this case by comparing > the value of ?$http_content_length? and ?$body_bytes_sent?, of course the > ?Accept-Encoding? header can never be passed. > > On 3 June 2017 at 00:45:09, Guilherme (guilherme.e at gmail.com) wrote: > > @itpp2012: > > I cant replicate the problem using curl from 2 different locations. > > Its not supposed to return 206 in range requests? > > @zhang_chao: > > I'm not sure about this, but its not supposed to return 499 in this case? > > Tks, > > Guilherme > > On Fri, Jun 2, 2017 at 3:45 AM, Zhang Chao wrote: > >> Hi! >> >> Are you sure the client didn't close the connection when the body is >> transferring? >> >> >> On 2 June 2017 at 10:00:36, Guilherme (guilherme.e at gmail.com) wrote: >> >> I identified a strange behavior in my nginx/1.11.2. Same cached objects >> are returning different content length. In the logs below, body_bytes_sent >> changes intermittently between 215 and 3782 bytes. The correct length is >> 3782. (these objects are not being updated in this interval) >> >> xxxxxxxxxx - - [02/Jun/2017:01:29:06 +0000] "GET >> /img/app/bt_google_play.png HTTP/2.0" 200 *215* "xxxxxxxxxx" >> "Mozilla/5.0 (Linux; Android 6.0.1; SM-G600FY Build/MMB29M) >> AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile >> Safari/537.36" 42 215 10.571 "image/png" HIT >> xxxxxxxxxx - - [02/Jun/2017:01:29:50 +0000] "GET >> /img/app/bt_google_play.png HTTP/2.0" 200 *3782* "xxxxxxxxxx" >> "Mozilla/5.0 (iPhone; CPU iPhone OS 10_3_2 like Mac OS X) >> AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.0 Mobile/14F89 >> Safari/602.1" 32 3791 0.344 "image/png" HIT >> >> ** request_time is always high for the shorter requests* >> >> I'm ignoring Vary header in proxy_ignore_headers too. >> >> Any idea about this? >> >> Tks, >> >> Guilherme >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> >> > -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Fri Jun 9 07:11:38 2017 From: francis at daoine.org (Francis Daly) Date: Fri, 9 Jun 2017 08:11:38 +0100 Subject: Nginx rule for subdomains: ERR_TOO_MANY_REDIRECTS In-Reply-To: References: <5fef23a7-830e-6d84-b091-f651de796735@lucee.org> Message-ID: <20170609071138.GG18356@daoine.org> On Thu, Jun 08, 2017 at 03:59:19AM -0400, iivan wrote: Hi there, > Here's the full configuration file: > https://gist.github.com/ivanionut/946468ce86086a55937e92c7249e3ed7 That shows that the "if/rewrite" that you showed previously is within "location / {}", and it rewrites to /index.cfm. What part of your config shows how nginx should handle a request for /index.cfm? > It was working correctly before the upgrade to the latest version. If you upgraded from a version that had some different defaults, that might explain the difference. (The config also suggests that you are using a third-party module; perhaps that is involved in the change in observed behaviour.) f -- Francis Daly francis at daoine.org From nginx-forum at forum.nginx.org Fri Jun 9 08:14:35 2017 From: nginx-forum at forum.nginx.org (iivan) Date: Fri, 09 Jun 2017 04:14:35 -0400 Subject: Nginx rule for subdomains: ERR_TOO_MANY_REDIRECTS In-Reply-To: <20170609071138.GG18356@daoine.org> References: <20170609071138.GG18356@daoine.org> Message-ID: <1d5f8c1cc92f86bea4a2319566e70461.NginxMailingListEnglish@forum.nginx.org> Hi Francis, to me there seems to be some bug... It's very weird that it worked first and now it does not. For example: set $sub_domain ''; if ($host ~* ^(.*)\.salva\.link$) { set $sub_domain $1; } $sub_domain is always '0'. Can you confirm me? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274541,274784#msg-274784 From smntov at gmail.com Fri Jun 9 13:07:31 2017 From: smntov at gmail.com (ST) Date: Fri, 09 Jun 2017 16:07:31 +0300 Subject: fastcgi_cache_key Message-ID: <1497013651.32506.26.camel@gmail.com> Hello, I try to understand an example configuration and have difficulties with following line: fastcgi_cache_key "$request_method|$http_if_modified_since| $http_if_none_match|$host|$request_uri"; Could somebody, please, explain what does it mean? Thank you! From mdounin at mdounin.ru Fri Jun 9 16:29:46 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 9 Jun 2017 19:29:46 +0300 Subject: Same cached objects, but different body_bytes_sent In-Reply-To: References: Message-ID: <20170609162945.GD55433@mdounin.ru> Hello! On Thu, Jun 08, 2017 at 07:26:40PM -0300, Guilherme wrote: > Thanks for your response, Zhang. > > I included content-length in log_format to see: > > y.y.y.y - [08/Jun/2017:22:15:46 +0000] "GET /image.jpg HTTP/2.0" 200 466 > HIT "Mozilla/5.0 (Linux; Android 5.0.1; GT-I9515L Build/LRX22C) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Mobile > Safari/537.36" 44 466 2.384 "image/jpeg" 21221 > x.x.x.x - [08/Jun/2017:22:15:46 +0000] "GET /image.jpg HTTP/2.0" 200 21687 > HIT "Mozilla/5.0 (Linux; Android 5.0; SM-G900F Build/LRX21T) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2272.96 Mobile > Safari/537.36" 41 21714 7.786 "image/jpeg" 21221 > > *log_format:* $remote_addr $remote_user [$time_local] "$request" $status > $body_bytes_sent $upstream_cache_status "$http_user_agent" $request_length > $bytes_sent $request_time "$sent_http_content_type" > $sent_http_content_length'; > > Any idea? The $bytes_sent and $body_bytes_sent variables reflect actual amount of bytes nginx was able to sent to the client (was able to wrote to the client's socket). It may be different from the full response size if, for example, the client closed the connection before the whole response was sent. -- Maxim Dounin http://nginx.org/ From igal at lucee.org Fri Jun 9 16:46:57 2017 From: igal at lucee.org (Igal @ Lucee.org) Date: Fri, 9 Jun 2017 09:46:57 -0700 Subject: Nginx rule for subdomains: ERR_TOO_MANY_REDIRECTS In-Reply-To: <20170609071138.GG18356@daoine.org> References: <5fef23a7-830e-6d84-b091-f651de796735@lucee.org> <20170609071138.GG18356@daoine.org> Message-ID: Hi, On 6/9/2017 12:11 AM, Francis Daly wrote: > On Thu, Jun 08, 2017 at 03:59:19AM -0400, iivan wrote: > >> Here's the full configuration file: >> https://gist.github.com/ivanionut/946468ce86086a55937e92c7249e3ed7 > That shows that the "if/rewrite" that you showed previously is within > "location / {}", and it rewrites to /index.cfm. > > What part of your config shows how nginx should handle a request for > /index.cfm? I think that that's the issue. You need to add something like ## this will not check for regular expression locations for uris that start with "/index.cfm" location ^~ /index.cfm { ## proxy request to Lucee here } Without this, requests to "anything" redirect to /index.cfm, but then the redirect to /index.cfm again matches "anything", so it redirects again to /index.cfm in an infinite loop which will show on the browser ERR_TOO_MANY_REDIRECTS. Igal From nginx-forum at forum.nginx.org Fri Jun 9 19:06:32 2017 From: nginx-forum at forum.nginx.org (iivan) Date: Fri, 09 Jun 2017 15:06:32 -0400 Subject: Nginx rule for subdomains: ERR_TOO_MANY_REDIRECTS In-Reply-To: References: Message-ID: <45b738b56fb725a1dd15b563481a4740.NginxMailingListEnglish@forum.nginx.org> Hi Igal, The lucee proxy is configured correctly: https://gist.github.com/ivanionut/c4339b4006fa1bf8e12c3ba7be9ee0bc I omitted from the gist that I posted earlier to make it as easy configuration file. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274541,274798#msg-274798 From igal at lucee.org Fri Jun 9 21:30:57 2017 From: igal at lucee.org (Igal @ Lucee.org) Date: Fri, 9 Jun 2017 14:30:57 -0700 Subject: Nginx rule for subdomains: ERR_TOO_MANY_REDIRECTS In-Reply-To: <45b738b56fb725a1dd15b563481a4740.NginxMailingListEnglish@forum.nginx.org> References: <45b738b56fb725a1dd15b563481a4740.NginxMailingListEnglish@forum.nginx.org> Message-ID: That wasn't the issue though. The issue is that you don't have a prefix location for /index.cfm as described in my previous post. Igal On 6/9/2017 12:06 PM, iivan wrote: > Hi Igal, > The lucee proxy is configured correctly: > https://gist.github.com/ivanionut/c4339b4006fa1bf8e12c3ba7be9ee0bc > I omitted from the gist that I posted earlier to make it as easy > configuration file. > > Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274541,274798#msg-274798 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From francis at daoine.org Sat Jun 10 06:39:29 2017 From: francis at daoine.org (Francis Daly) Date: Sat, 10 Jun 2017 07:39:29 +0100 Subject: Nginx rule for subdomains: ERR_TOO_MANY_REDIRECTS In-Reply-To: <1d5f8c1cc92f86bea4a2319566e70461.NginxMailingListEnglish@forum.nginx.org> References: <20170609071138.GG18356@daoine.org> <1d5f8c1cc92f86bea4a2319566e70461.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170610063929.GH18356@daoine.org> On Fri, Jun 09, 2017 at 04:14:35AM -0400, iivan wrote: Hi there, > to me there seems to be some bug... It's very weird that it worked first and > now it does not. Perhaps a bug was fixed, and it should never have worked? I think that without a specific complete problem report, it is going to be difficult to learn how things were. Does everything work as you want if you revert to your previous version of nginx? > For example: > > > set $sub_domain ''; > > if ($host ~* ^(.*)\.salva\.link$) { > set $sub_domain $1; > } > > > $sub_domain is always '0'. Can you confirm me? For me, if I use that config fragment in some supporting config, and make some suitable http requests, the only way $sub_domain is 0 is if I set Host to 0.salva.link. If you can include a complete but small config with clear instructions on how to generate the unexpected output that you see, there is a much better chance that someone else will be able to reproduce it. Back to your original problem report: nginx -T | grep 'location\|server' might show enough of your actual running config to see where a request for /index.cfm is handled. Limit the output to just the server{} block that handles the request, if you have multiple unrelated server{}s in the config. f -- Francis Daly francis at daoine.org From francis at daoine.org Sat Jun 10 06:49:32 2017 From: francis at daoine.org (Francis Daly) Date: Sat, 10 Jun 2017 07:49:32 +0100 Subject: fastcgi_cache_key In-Reply-To: <1497013651.32506.26.camel@gmail.com> References: <1497013651.32506.26.camel@gmail.com> Message-ID: <20170610064932.GI18356@daoine.org> On Fri, Jun 09, 2017 at 04:07:31PM +0300, ST wrote: Hi there, > I try to understand an example configuration and have difficulties with > following line: > > fastcgi_cache_key "$request_method|$http_if_modified_since| > $http_if_none_match|$host|$request_uri"; > > Could somebody, please, explain what does it mean? A cache key is the thing that nginx makes up out of the incoming request, in order to check whether the response is already in the cache (so that perhaps the response can be served from the cache instead of having to go to the upstream server to fetch the response). If you want one request to get the same cached response as another, they must have the same value for the cache key. If you want one request not to get the cached response from another, they should have different values for the cache key (or some other cache-avoiding config must be used). This particular directive sets the value for the cache key for requests that might otherwise be handled by a fastcgi_pass directive. The cached response will only be sent if these five values from the incoming request are identical. Does that answer the question? f -- Francis Daly francis at daoine.org From smntov at gmail.com Sat Jun 10 21:18:14 2017 From: smntov at gmail.com (ST) Date: Sun, 11 Jun 2017 00:18:14 +0300 Subject: fastcgi_cache_key In-Reply-To: <20170610064932.GI18356@daoine.org> References: <1497013651.32506.26.camel@gmail.com> <20170610064932.GI18356@daoine.org> Message-ID: <1497129494.32506.32.camel@gmail.com> Hi Francis, On Sat, 2017-06-10 at 07:49 +0100, Francis Daly wrote: > On Fri, Jun 09, 2017 at 04:07:31PM +0300, ST wrote: > > Hi there, > > > I try to understand an example configuration and have difficulties with > > following line: > > > > fastcgi_cache_key "$request_method|$http_if_modified_since| > > $http_if_none_match|$host|$request_uri"; > > > > Could somebody, please, explain what does it mean? > > A cache key is the thing that nginx makes up out of the incoming request, > in order to check whether the response is already in the cache (so that > perhaps the response can be served from the cache instead of having to > go to the upstream server to fetch the response). > > If you want one request to get the same cached response as another, they > must have the same value for the cache key. If you want one request not > to get the cached response from another, they should have different values > for the cache key (or some other cache-avoiding config must be used). > > This particular directive sets the value for the cache key for requests > that might otherwise be handled by a fastcgi_pass directive. The cached > response will only be sent if these five values from the incoming request > are identical. > > Does that answer the question? Thank you very much for the detailed answer. Now I understand what the line meant. However I'm not sure it solves my problem. Actually I was trying to translate following two lines from Apache config into nginx, however it is probably not related to fastcgi_cache_key, as I have initially assumed... Here are the two lines: RewriteRule .* - [E=HTTP_IF_MODIFIED_SINCE:%{HTTP:If-Modified-Since}] RewriteRule .* - [E=HTTP_IF_NONE_MATCH:%{HTTP:If-None-Match}] Do you know what is their equivalent in nginx? Thank you in advance! From francis at daoine.org Sun Jun 11 21:48:05 2017 From: francis at daoine.org (Francis Daly) Date: Sun, 11 Jun 2017 22:48:05 +0100 Subject: fastcgi_cache_key In-Reply-To: <1497129494.32506.32.camel@gmail.com> References: <1497013651.32506.26.camel@gmail.com> <20170610064932.GI18356@daoine.org> <1497129494.32506.32.camel@gmail.com> Message-ID: <20170611214805.GJ18356@daoine.org> On Sun, Jun 11, 2017 at 12:18:14AM +0300, ST wrote: > On Sat, 2017-06-10 at 07:49 +0100, Francis Daly wrote: > > On Fri, Jun 09, 2017 at 04:07:31PM +0300, ST wrote: Hi there, > > > I try to understand an example configuration and have difficulties with > > > following line: > > > > > > fastcgi_cache_key "$request_method|$http_if_modified_since| > > > $http_if_none_match|$host|$request_uri"; > > This particular directive sets the value for the cache key for requests > > that might otherwise be handled by a fastcgi_pass directive. The cached > > response will only be sent if these five values from the incoming request > > are identical. > Thank you very much for the detailed answer. Now I understand what the > line meant. However I'm not sure it solves my problem. Actually I was > trying to translate following two lines from Apache config into nginx, > however it is probably not related to fastcgi_cache_key, as I have > initially assumed... I confess that I do not see how the nginx line above relates to the apache lines below. But that's not important now, since there is a new question: > Here are the two lines: > RewriteRule .* - [E=HTTP_IF_MODIFIED_SINCE:%{HTTP:If-Modified-Since}] > RewriteRule .* - [E=HTTP_IF_NONE_MATCH:%{HTTP:If-None-Match}] > > Do you know what is their equivalent in nginx? By themselves, I think that the nginx equivalent is "". According to the apache docs at http://httpd.apache.org/docs/current/mod/mod_rewrite.html#rewriterule these cause two environment variables to be defined with values from the incoming request headers. Possibly some other part of the apache config or runtime makes use of those environment variables; possibly nothing uses them. If nothing uses them, the lines do not matter and can be removed. If something uses them, that something needs to be investigated to learn what it does with them. Good luck with it, f -- Francis Daly francis at daoine.org From nginx-forum at forum.nginx.org Mon Jun 12 11:35:47 2017 From: nginx-forum at forum.nginx.org (juanzi) Date: Mon, 12 Jun 2017 07:35:47 -0400 Subject: proxy_buffering off; does not work! Message-ID: <60f972d65692272407154769060aa6dc.NginxMailingListEnglish@forum.nginx.org> Hi All, I tried to set proxy_buffering off in nginx.conf to avoid the buffering time of the proxy. It was expected to work so that the proxy can immediately transfer the response message from the server to the client. But it did not work. Just several beginning packets are immediately transferred. Then the proxy received about 16/17 packets with payload size 7240Bytes and then sent a 2920Bytes packet to client. Then received several big packets from server again and then sent several big packets to client. The environment is: client------>proxy (nginx 1.10.0)------->server(nginx 1.10.0) The nginx.conf of proxy is as follows: http { include mime.types; server_tokens off; client_header_buffer_size 128k; large_client_header_buffers 4 128k; tcp_nodelay on; tcp_nopush off; postpone_output 0; server { listen 8080; root /root/share; location / { proxy_buffering off; proxy_ignore_headers X-Accel-Buffering; proxy_buffer_size 1k; #proxy_busy_buffers_size 2k; #proxy_buffers 20 2k; proxy_http_version 1.1; proxy_pass http://10.*.*.*:8080/test.wmv; //hide the ip } } } I also tried to set proxy_buffering on, and set the proxy_busy_buffers_size to 2k. I want to let proxy transfer packet immediately by using the small proxy_busy_buffers_size. But it also did not work. Does anybody know why? Anybody know how to configure to get the immediate transfer from the proxy? Thank you very much! Juan. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274808,274808#msg-274808 From smntov at gmail.com Mon Jun 12 13:36:27 2017 From: smntov at gmail.com (ST) Date: Mon, 12 Jun 2017 16:36:27 +0300 Subject: nginx equivalent for ExpiresByType / FilesMatch Message-ID: <1497274587.1357.36.camel@gmail.com> Hello, I continue to move my configuration from Apache to nginx and now need to convert following directives. Any hints? Thank you for all the previous help! 1. # set up max-age header directive for certain file types for proper caching ExpiresActive on ExpiresByType text/css A604800 ExpiresByType text/js A604800 ... 2. # force download for ceratain file types Header set Content-Disposition attachment Header set Content-type text/fb2+xml 3. Order Allow,Deny Allow from All # block certain files Order Allow,Deny Deny from All From jim at mailman-hosting.com Mon Jun 12 13:39:47 2017 From: jim at mailman-hosting.com (Jim Ohlstein) Date: Mon, 12 Jun 2017 09:39:47 -0400 Subject: nginx equivalent for ExpiresByType / FilesMatch In-Reply-To: <1497274587.1357.36.camel@gmail.com> References: <1497274587.1357.36.camel@gmail.com> Message-ID: <5c324e7b-9531-efac-ec84-d5083e37f1dd@mailman-hosting.com> Hello, On 06/12/2017 09:36 AM, ST wrote: > Hello, > > I continue to move my configuration from Apache to nginx and now need to > convert following directives. Any hints? > > Thank you for all the previous help! > > 1. > > > # set up max-age header directive for certain file types for proper > caching > ExpiresActive on > ExpiresByType text/css A604800 > ExpiresByType text/js A604800 > ... > > > 2. > > # force download for ceratain file types > > Header set Content-Disposition attachment > > > Header set Content-type text/fb2+xml > > > 3. > Order Allow,Deny > Allow from All > > # block certain files > > Order Allow,Deny > Deny from All > > > http://nginx.org/en/docs/http/ngx_http_headers_module.html http://nginx.org/en/docs/http/ngx_http_access_module.html -- Jim Ohlstein Profesional Mailman Hosting https://mailman-hosting.com From pratyush at hostindya.com Mon Jun 12 16:39:31 2017 From: pratyush at hostindya.com (Pratyush Kumar) Date: Mon, 12 Jun 2017 22:09:31 +0530 Subject: nginx equivalent for ExpiresByType / FilesMatch In-Reply-To: <1497274587.1357.36.camel@gmail.com> Message-ID: <4909f42a-50ff-42f0-98c6-314aeef7128f@email.android.com> An HTML attachment was scrubbed... URL: From frank.dias at prodea.com Mon Jun 12 20:15:50 2017 From: frank.dias at prodea.com (Frank Dias) Date: Mon, 12 Jun 2017 20:15:50 +0000 Subject: apache rewrite to nginx Message-ID: I need some help, migrating from Apache to Nginx. The following logic is in Apache, how do I convert to Nginx DocumentRoot "/var/www/default" ServerName *.diasranch.net SSLProxyEngine On ProxyPreserveHost On RewriteEngine on RewriteMap host_finder prg:/usr/local/bin/host_finder.php # Rule to handle the + character in (un)marking a voicemail and Par Cntl RewriteCond %{HTTP_HOST} ^rwa-(.*) [OR] RewriteCond %{HTTP_HOST} ^m2m-(.*) [OR] RewriteCond %{HTTP_HOST} ^dwa-(.*) RewriteRule ^(/ws/v[1-9]/dias/[^+]*)\+([^+]*)$ https://${host_finder:%{HTTP_HOST}}/$1\%2B$2 [NE,P,L] RewriteCond %{HTTP_HOST} ^rwa-(.*) [OR] RewriteCond %{HTTP_HOST} ^m2m-(.*) [OR] RewriteCond %{HTTP_HOST} ^dwa-(.*) RewriteRule ^(/ws/v[1-9]/dias/.*)\+(.*)$ $1\%2B$2 [N,NE] # The next rule catches everything else and does not use the NE flag RewriteCond %{HTTP_HOST} ^rwa-(.*) [OR] RewriteCond %{HTTP_HOST} ^m2m-(.*) [OR] RewriteCond %{HTTP_HOST} ^dwa-(.*) RewriteRule ^/(.*) https://${host_finder:%{HTTP_HOST}}/$1 [P,L] # The next rule is to defeat TRACE attecks which is a med security CVE RewriteCond %{REQUEST_METHOD} ^(TRACE|TRACK) RewriteRule .* - [F] ErrorLog logs/ssl_error_log #TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProxyProtocol all -SSLv2 -SSLv3 SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW SSLCertificateFile /etc/pki/tls/certs/star.diasranch.net.crt SSLCertificateKeyFile /etc/pki/tls/private/star.diasranch.net_key.pem SSLCertificateChainFile /etc/pki/tls/certs/star.diasranch.net.crt SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0 #CustomLog logs/ssl_request_log "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x [%r] %b" CustomLog /dev/null " " This message is confidential to Prodea unless otherwise indicated or apparent from its nature. This message is directed to the intended recipient only, who may be readily determined by the sender of this message and its contents. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering this message to the intended recipient:(a)any dissemination or copying of this message is strictly prohibited; and(b)immediately notify the sender by return message and destroy any copies of this message in any form(electronic, paper or otherwise) that you have.The delivery of this message and its information is neither intended to be nor constitutes a disclosure or waiver of any trade secrets, intellectual property, attorney work product, or attorney-client communications. The authority of the individual sending this message to legally bind Prodea is neither apparent nor implied,and must be independently verified. -------------- next part -------------- An HTML attachment was scrubbed... URL: From al-nginx at none.at Mon Jun 12 22:20:18 2017 From: al-nginx at none.at (Aleksandar Lazic) Date: Tue, 13 Jun 2017 00:20:18 +0200 Subject: apache rewrite to nginx In-Reply-To: References: Message-ID: <1608935792.20170613002018@none.at> An HTML attachment was scrubbed... URL: From igal at lucee.org Mon Jun 12 22:39:34 2017 From: igal at lucee.org (Igal @ Lucee.org) Date: Mon, 12 Jun 2017 15:39:34 -0700 Subject: nginx hogs cpu on Windows Message-ID: <65f06b63-3bf8-7dbe-d992-5cb0b32775d6@lucee.org> Hello, I've noticed a few times already that after running for some time nginx hogs a CPU thread. The machine has 8 CPU threads, so when the problem happens I see in Task Manager that nginx takes 12% or 13% (consistent with a full 1/8 of CPU power). Issuing a reload fixes the problem temporarily. c:\>nginx.exe -V nginx version: nginx/1.13.1 built by cl 16.00.40219.01 for 80x86 built with OpenSSL 1.0.2l 25 May 2017 TLS SNI support enabled configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug --prefix= --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-temp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs.msvc8/lib/pcre-8.40 --with-zlib=objs.msvc8/lib/zlib-1.2.11 --with-select_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --with-mail --with-stream --with-openssl=objs.msvc8/lib/openssl-1.0.2l --with-openssl-opt=no-asm --with-http_ssl_module --with-mail_ssl_module --with-stream_ssl_module Task Manager Performance when problem takes place: Task Manager Processes when problem takes place: Task Manager Performance after issuing reload: Looks like there is a bug somewhere. I wonder if it is limited to Windows or if it's on all distributions. Thank you, Igal Sapir Lucee Core Developer Lucee.org -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: iljklloohhfepabk.png Type: image/png Size: 25205 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: lpnfjlalclenfpio.png Type: image/png Size: 36062 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: jhmofmnifkhphgbh.png Type: image/png Size: 24159 bytes Desc: not available URL: From smntov at gmail.com Tue Jun 13 13:46:21 2017 From: smntov at gmail.com (ST) Date: Tue, 13 Jun 2017 16:46:21 +0300 Subject: Problems with setting max-age header directive Message-ID: <1497361581.1357.58.camel@gmail.com> Hello, I try to set max-age header using expires, as follows: location / { # set up max-age header directive for certain file types for proper caching location ~* \.(?:css|js|ico|gif|jpe?g|png|mp3|mpeg|wav|x-ms-wmv|eot| svg|ttf|woff|woff2)$ { expires 7d; add_header Cache-Control "public"; } location /static_files/ { expires 7d; add_header Cache-Control "public"; } try_files $uri $uri/ @nc-rewrite; } My problem are files that do not have proper extension, but need to cached and they are located in /static_files/. For some reason location /static_files/ {} is used according to logs (see bellow), but max-age/Cahe-Control is not set. Why? Thank you in advance! ----error.log----- 2017/06/13 16:43:18 [debug] 30872#0: *1 using configuration "/static_files/" From ygallego11 at hotmail.com Tue Jun 13 14:16:40 2017 From: ygallego11 at hotmail.com (Yadira Gallego) Date: Tue, 13 Jun 2017 14:16:40 +0000 Subject: Quinceanera nevada Message-ID: Hello my name is Yadira and I want to sign up my twins for the cover page, can I get information please. Thank you Sent from my iPhone From igal at lucee.org Tue Jun 13 15:36:24 2017 From: igal at lucee.org (Igal @ Lucee.org) Date: Tue, 13 Jun 2017 08:36:24 -0700 Subject: Quinceanera nevada In-Reply-To: References: Message-ID: <5bbffb95-3b75-104c-113a-b10745b7d42d@lucee.org> On 6/13/2017 7:16 AM, Yadira Gallego wrote: > Hello my name is Yadira and I want to sign up my twins for the cover page, can I get information please. Thank you You have come to the right place...?!@# From rpaprocki at fearnothingproductions.net Tue Jun 13 15:41:42 2017 From: rpaprocki at fearnothingproductions.net (Robert Paprocki) Date: Tue, 13 Jun 2017 08:41:42 -0700 Subject: Quinceanera nevada In-Reply-To: <5bbffb95-3b75-104c-113a-b10745b7d42d@lucee.org> References: <5bbffb95-3b75-104c-113a-b10745b7d42d@lucee.org> Message-ID: This kinda reminds me of http://mailman.nginx.org/pipermail/nginx/2016-June/050919.html. That thread was all kinds of wonderful. On Tue, Jun 13, 2017 at 8:36 AM, Igal @ Lucee.org wrote: > On 6/13/2017 7:16 AM, Yadira Gallego wrote: > >> Hello my name is Yadira and I want to sign up my twins for the cover >> page, can I get information please. Thank you >> > > You have come to the right place...?!@# > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From igal at lucee.org Tue Jun 13 15:54:12 2017 From: igal at lucee.org (Igal @ Lucee.org) Date: Tue, 13 Jun 2017 08:54:12 -0700 Subject: Quinceanera nevada In-Reply-To: References: <5bbffb95-3b75-104c-113a-b10745b7d42d@lucee.org> Message-ID: <4934a786-32ff-2498-e19b-95b73cdd2cc6@lucee.org> OK, now at least I understand why they posted here. I thought it was just spam. Probably the site with the cover page that features twins has some "Powered by nginx" banner. On 6/13/2017 8:41 AM, Robert Paprocki wrote: > This kinda reminds me of > http://mailman.nginx.org/pipermail/nginx/2016-June/050919.html. That > thread was all kinds of wonderful. > > On Tue, Jun 13, 2017 at 8:36 AM, Igal @ Lucee.org > wrote: > > On 6/13/2017 7:16 AM, Yadira Gallego wrote: > > Hello my name is Yadira and I want to sign up my twins for > the cover page, can I get information please. Thank you > > > You have come to the right place...?!@# > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From smntov at gmail.com Tue Jun 13 16:26:30 2017 From: smntov at gmail.com (ST) Date: Tue, 13 Jun 2017 19:26:30 +0300 Subject: several sibling location block Message-ID: <1497371190.1357.63.camel@gmail.com> Hello, I try to convert following apache related stuff: # force download for ceratain file types Header set Content-Disposition attachment Header set Content-type text/fb2+xml Header set Content-type application/x-mobipocket-ebook Header set Content-type audio/mpeg to nginx, as follows: location / { # force download for ceratain file types location ~* \.(?:fb2|mobi|mp3)$ { add_header Content-Disposition "attachment"; } location ~* \.fb2$ { add_header Content-type "text/fb2+xml"; } location ~* \.mobi$ { add_header Content-type "application/x-mobipocket-ebook"; } location ~* \.mp3$ { add_header Content-type "audio/mpeg"; } ... } Content-Disposition "attachment" seems to be added properly to the header, however not the Content-type. Why? Can several sibling location blocks that match be proceeded or only one? Thank you! From mdounin at mdounin.ru Tue Jun 13 16:30:47 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 13 Jun 2017 19:30:47 +0300 Subject: upstream 429 and non-idempotent request In-Reply-To: References: <20170608152004.GV55433@mdounin.ru> Message-ID: <20170613163046.GJ55433@mdounin.ru> Hello! On Thu, Jun 08, 2017 at 09:55:05AM -0700, Frank Liu wrote: > I fully understand the rationale of not retrying non-idempotent requests if > they are already sent, but in case of 429 (maybe other cases as well), I > don't see an issue of retrying even if request is sent. It would be better > if we can selectively do something like "proxy_next_upstream > non-idempotent-http_429;" or whatever http code that we know safe. The problem is that we don't really know if the code is safe or not. In general, non-idempotent requests are not retried as we don't know if the request was processed or not. The situation is obvious when we got a network error after sending a request: as the error might happen after the request was already processed, it is wise to refrain from retrying it. But what happen when we got a valid http error instead? For example, 502 in most cases means that there was a network error somewhere else. So, this basically means that 502 cannot be retried as well. And the other 5xx error codes are more or less identical: we never know what really happened, and can't retry. With 4xx errors it seems safe to assume that the request was not processed, and hence retrying is possible. But, for example, if error_page is used on the backend server, 404 might be returned if a network error happens and a corresponding error page cannot be found. Similarly, 429 might be returned if limit_req rejects a request to the error page. We've considered adding a logic to always retry non-idempotent requests in case of 4xx errors when non-idempotence handing was introduced. But decided to keep things simple and safe, and never retry non-idempotent requests. On the other hand, introducing configuration options to fine tune if non-idempotent requests should be retried for each proxy_next_upstream case seems to be overkill. In general, current implementation assumes the following two options: - non-idempotent requests are not retried; - there is a duplicate request protection in the application, so non-dempotent requests can be retried with "proxy_next_upstream non_idempotent;". This seems to be enough for most, if not all, use cases. If something more complex is really needed, it can be configured using error_page and additional error processing logic. -- Maxim Dounin http://nginx.org/ From gfrankliu at gmail.com Tue Jun 13 21:41:24 2017 From: gfrankliu at gmail.com (Frank Liu) Date: Tue, 13 Jun 2017 14:41:24 -0700 Subject: upstream 429 and non-idempotent request In-Reply-To: <20170613163046.GJ55433@mdounin.ru> References: <20170608152004.GV55433@mdounin.ru> <20170613163046.GJ55433@mdounin.ru> Message-ID: Hi, I fully understand the concern and complexity of different cases. Making any default assumption will have risks. That's why I suggested providing config options since users themselves know their use case and whether it is safe to retry. Thanks! Frank On Tue, Jun 13, 2017 at 9:30 AM, Maxim Dounin wrote: > Hello! > > On Thu, Jun 08, 2017 at 09:55:05AM -0700, Frank Liu wrote: > > > I fully understand the rationale of not retrying non-idempotent requests > if > > they are already sent, but in case of 429 (maybe other cases as well), I > > don't see an issue of retrying even if request is sent. It would be > better > > if we can selectively do something like "proxy_next_upstream > > non-idempotent-http_429;" or whatever http code that we know safe. > > The problem is that we don't really know if the code is safe or > not. > > In general, non-idempotent requests are not retried as we > don't know if the request was processed or not. The situation is > obvious when we got a network error after sending a request: as > the error might happen after the request was already processed, it > is wise to refrain from retrying it. > > But what happen when we got a valid http error instead? For > example, 502 in most cases means that there was a network error > somewhere else. So, this basically means that 502 cannot be > retried as well. And the other 5xx error codes are more or less > identical: we never know what really happened, and can't retry. > > With 4xx errors it seems safe to assume that the request was not > processed, and hence retrying is possible. But, for example, if > error_page is used on the backend server, 404 might be returned > if a network error happens and a corresponding error page cannot > be found. Similarly, 429 might be returned if limit_req rejects a > request to the error page. > > We've considered adding a logic to always retry non-idempotent > requests in case of 4xx errors when non-idempotence handing was > introduced. But decided to keep things simple and safe, and never > retry non-idempotent requests. On the other hand, introducing > configuration options to fine tune if non-idempotent requests > should be retried for each proxy_next_upstream case seems to be > overkill. > > In general, current implementation assumes the following two > options: > > - non-idempotent requests are not retried; > > - there is a duplicate request protection in the application, so > non-dempotent requests can be retried with "proxy_next_upstream > non_idempotent;". > > This seems to be enough for most, if not all, use cases. If > something more complex is really needed, it can be configured > using error_page and additional error processing logic. > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From igal at lucee.org Tue Jun 13 22:13:19 2017 From: igal at lucee.org (Igal @ Lucee.org) Date: Tue, 13 Jun 2017 15:13:19 -0700 Subject: nginx hogs cpu on Windows In-Reply-To: <65f06b63-3bf8-7dbe-d992-5cb0b32775d6@lucee.org> References: <65f06b63-3bf8-7dbe-d992-5cb0b32775d6@lucee.org> Message-ID: <1c7be00a-d5df-a0b6-8d86-b43b13aeeea9@lucee.org> Downgrading to 1.12.0 did not help. The server ran fine for about 12 hours and then the problem started again. On 6/12/2017 3:39 PM, Igal @ Lucee.org wrote: > > Hello, > > I've noticed a few times already that after running for some time > nginx hogs a CPU thread. The machine has 8 CPU threads, so when the > problem happens I see in Task Manager that nginx takes 12% or 13% > (consistent with a full 1/8 of CPU power). > > Issuing a reload fixes the problem temporarily. > > c:\>nginx.exe -V > nginx version: nginx/1.13.1 > built by cl 16.00.40219.01 for 80x86 > built with OpenSSL 1.0.2l 25 May 2017 > TLS SNI support enabled > configure arguments: --with-cc=cl --builddir=objs.msvc8 --with-debug > --prefix= --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid > --http-log-path=logs/access.log --error-log-path=logs/error.log > --sbin-path=nginx.exe > --http-client-body-temp-path=temp/client_body_temp > --http-proxy-temp-path=temp/proxy_temp > --http-fastcgi-temp-path=temp/fastcgi_temp > --http-scgi-temp-path=temp/scgi_temp > --http-uwsgi-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 > --with-pcre=objs.msvc8/lib/pcre-8.40 > --with-zlib=objs.msvc8/lib/zlib-1.2.11 --with-select_module > --with-http_v2_module --with-http_realip_module > --with-http_addition_module --with-http_sub_module > --with-http_dav_module --with-http_stub_status_module > --with-http_flv_module --with-http_mp4_module > --with-http_gunzip_module --with-http_gzip_static_module > --with-http_auth_request_module --with-http_random_index_module > --with-http_secure_link_module --with-http_slice_module --with-mail > --with-stream --with-openssl=objs.msvc8/lib/openssl-1.0.2l > --with-openssl-opt=no-asm --with-http_ssl_module > --with-mail_ssl_module --with-stream_ssl_module > > Task Manager Performance when problem takes place: > > Task Manager Processes when problem takes place: > > Task Manager Performance after issuing reload: > > Looks like there is a bug somewhere. I wonder if it is limited to > Windows or if it's on all distributions. > > Thank you, > > > Igal Sapir > Lucee Core Developer > Lucee.org > -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: iljklloohhfepabk.png Type: image/png Size: 25205 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: lpnfjlalclenfpio.png Type: image/png Size: 36062 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: jhmofmnifkhphgbh.png Type: image/png Size: 24159 bytes Desc: not available URL: From nginx-forum at forum.nginx.org Wed Jun 14 08:16:54 2017 From: nginx-forum at forum.nginx.org (juanzi) Date: Wed, 14 Jun 2017 04:16:54 -0400 Subject: proxy_buffering off; does not work! In-Reply-To: <60f972d65692272407154769060aa6dc.NginxMailingListEnglish@forum.nginx.org> References: <60f972d65692272407154769060aa6dc.NginxMailingListEnglish@forum.nginx.org> Message-ID: <4fede4375484e368b89ec72fbc237483.NginxMailingListEnglish@forum.nginx.org> Solved. It's not nginx's problem. It's protocol stack. Especially on windows os. I found that client(windows os) did not reply ACK timely. It always sent a ACK after received lots of packets which cause the nginx proxy do not send packets uniformly. Then I used another linux pc to act as client. It's ok. Just for reference to those who maybe need it^_^ But there is sth I can not understand that I have turned off the proxy_buffering and not set the buffers and tmp files, where did the nginx proxy put the received upstream packets which have not been sent to the client because of the delayed ack? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274808,274857#msg-274857 From nginx-forum at forum.nginx.org Wed Jun 14 13:59:18 2017 From: nginx-forum at forum.nginx.org (tory) Date: Wed, 14 Jun 2017 09:59:18 -0400 Subject: Peer closed connection in SSL handshake Message-ID: <5225147da27f9518b694ea5f09a5325e.NginxMailingListEnglish@forum.nginx.org> Hello. I want to authenticate my server using certificates on my hardware. I have created a private certificate with openssl and have completed the connection test without errors in the browser. This is the setting for nginx. server { listen 14443; listen [::]:14443; ssl on; ignore_invalid_headers off; proxy_ssl_server_name on; server_name cert.mydomain.com; root /var/service/auth; index index.html; #include /etc/nginx/mime.types; error_log /var/log/nginx/auth_ssl_err.log debug; access_log /var/log/nginx/auth_ssl_acc.log; ssl_certificate /etc/nginx/ssl/private/server.crt; ssl_certificate_key /etc/nginx/ssl/private/server_key.pem; ssl_client_certificate /etc/nginx/ssl/private/ca.crt; ssl_verify_client on; ssl_verify_depth 2; ssl_session_cache shared:SSL:5m; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; ssl_prefer_server_ciphers on; if ($request_method !~ ^(GET|HEAD|PUT|POST|DELETE|OPTIONS)$ ){ return 405; } location / { proxy_pass http://localhost:8880; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_set_header cert-expire $ssl_client_v_end; proxy_set_header cert-dn $ssl_client_s_dn; proxy_redirect default; } } I get an error when I connect to the server with a user certificate (crt file) on my hardware. Peer closed connection in SSL handshake (104: Connection reset by peer) while SSL handshaking, client: 222.110.133.193, server: 0.0.0.0:14001 Please help me with what is wrong. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274863,274863#msg-274863 From nginx-forum at forum.nginx.org Wed Jun 14 17:36:41 2017 From: nginx-forum at forum.nginx.org (frank3427) Date: Wed, 14 Jun 2017 13:36:41 -0400 Subject: apache rewrite to nginx In-Reply-To: <1608935792.20170613002018@none.at> References: <1608935792.20170613002018@none.at> Message-ID: Alex, I have a LUA version of the PHP script. I am not sure about the multiple rewrite or conditions Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274815,274870#msg-274870 From nginx-forum at forum.nginx.org Wed Jun 14 18:04:34 2017 From: nginx-forum at forum.nginx.org (frank3427) Date: Wed, 14 Jun 2017 14:04:34 -0400 Subject: apache rewrite to nginx In-Reply-To: References: Message-ID: <57d4e6d5b85ee54949157be0cc7e5be6.NginxMailingListEnglish@forum.nginx.org> so far I have come up with the following but , I have been reading that using if statements is bad. if ($http_host ~ "^rwa-(.*)"){ set $rule_0 1; set $bref_2 $2; set $bref_7 $7; } if ($http_host ~ "^m2m-(.*)"){ set $rule_0 1; set $bref_2 $2; set $bref_7 $7; } if ($http_host ~ "^dwa-(.*)"){ set $rule_0 1; set $bref_2 $2; set $bref_7 $7; } if ($rule_0 = "1"){ rewrite ^/(/ws/v[1-9]/dias/[^+]*)\+([^+]*)$ https://${host_finder:$http_host}/$1\$bref_2B$2https://$$bref_7bhost_finder:$bref_25$bref_7bHTTP_HOST$bref_7d$bref_7d/$1/$bref_2B$2 last; } if ($http_host ~ "^rwa-(.*)"){ set $rule_1 1; set $bref_2 $2; } if ($http_host ~ "^m2m-(.*)"){ set $rule_1 1; set $bref_2 $2; } if ($http_host ~ "^dwa-(.*)"){ set $rule_1 1; set $bref_2 $2; } if ($rule_1 = "1"){ rewrite ^/(/ws/v[1-9]/dias/.*)\+(.*)$ /$1\$bref_2B$2; } if ($http_host ~ "^rwa-(.*)"){ set $rule_2 1; Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274815,274871#msg-274871 From mdounin at mdounin.ru Wed Jun 14 18:14:39 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 14 Jun 2017 21:14:39 +0300 Subject: nginx hogs cpu on Windows In-Reply-To: <1c7be00a-d5df-a0b6-8d86-b43b13aeeea9@lucee.org> References: <65f06b63-3bf8-7dbe-d992-5cb0b32775d6@lucee.org> <1c7be00a-d5df-a0b6-8d86-b43b13aeeea9@lucee.org> Message-ID: <20170614181438.GT55433@mdounin.ru> Hello! On Tue, Jun 13, 2017 at 03:13:19PM -0700, Igal @ Lucee.org wrote: > Downgrading to 1.12.0 did not help. The server ran fine for about 12 > hours and then the problem started again. > > > On 6/12/2017 3:39 PM, Igal @ Lucee.org wrote: > > > > Hello, > > > > I've noticed a few times already that after running for some time > > nginx hogs a CPU thread. The machine has 8 CPU threads, so when the > > problem happens I see in Task Manager that nginx takes 12% or 13% > > (consistent with a full 1/8 of CPU power). > > > > Issuing a reload fixes the problem temporarily. Am I rigth assuming that during CPU hog nginx still working normally, that is, processes requests? If yes, this is likely a run-away event somewhere, triggered again and again (and not handled properly). This is a class of bugs sometimes happen when using level-triggered event methods, such as poll and select. It is unlikely to be seen on Unix systems, as these are usually have edge-triggered event methods available, such as kqueue and epoll. Debugging might not be trivial, especially on Windows, though debug log should help to understand what goes wrong. Note though that debug log will likely be huge, and will grow fast once the problem will start to manifest itself. Just in case, instructions on how to enable debug logging can be found here: http://nginx.org/en/docs/debugging_log.html -- Maxim Dounin http://nginx.org/ From absolutely_free at libero.it Wed Jun 14 18:55:27 2017 From: absolutely_free at libero.it (absolutely_free at libero.it) Date: Wed, 14 Jun 2017 20:55:27 +0200 (CEST) Subject: Connection timeout Message-ID: <706833156.5841.1497466527707@mail.libero.it> Hi, I am using nginx/1.12.0 as reverse proxy with Apache/2.2.15 Relevant configuration is: upstream backend { ip_hash; server 127.0.0.1:8080; # IP goes here. } server { listen 2xxxxx; # IP goes here. server_name www.somesite; # Set proxy headers for the passthrough proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #proxy_set_header X-Forwarded-For $remote_addr; # Let the Set-Cookie header through. proxy_pass_header Set-Cookie; # Max upload size: make sure this matches the php.ini in .htaccess client_max_body_size 8m; # Catch the wordpress cookies. # Must be set to blank first for when they don't exist. set $wordpress_auth ""; if ($http_cookie ~* "wordpress_logged_in_[^=]*=([^%]+)%7C") { set $wordpress_auth wordpress_logged_in_$1; } # Set the proxy cache key set $cache_key $scheme$host$uri$is_args$args; location ~* ^/account { proxy_pass http://backend; expires off; } location ~* ^/user { proxy_pass http://backend; expires off; } location ~* ^/login { proxy_pass http://backend; expires off; } location / { proxy_pass http://backend; proxy_cache main; proxy_cache_key $cache_key; proxy_cache_valid 30m; # 200, 301 and 302 will be cached. proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_504 http_404; # 2 rules to dedicate the no caching rule for logged in users. proxy_cache_bypass $wordpress_auth; # Do not cache the response. proxy_no_cache $wordpress_auth; # Do not serve response from cache. proxy_buffers 8 2m; proxy_buffer_size 10m; proxy_busy_buffers_size 10m; } } for several hours main website has been reported as "down". In fact, I noticed several messages like this in /var/log/nginx/error_log: 2017/06/10 01:20:21 [error] 2038#2038: *4778137 upstream timed out (110: Connection timed out) while reading response header from upstream, client: 15yyyyyyyyyyyy, server: www.somesite.it, request: "GET /30541-2/ HTTP/1.1", upstream: "http://127.0.0.1:8080/305dd-2/", host: "www.somesite.it", referrer: "https://www.google.it/" But, according to Apache logs, I have no errors at all, and I have access with "200 OK" all the time. So, I guess, Apache still received requests from nginx. How is it possible? thank you very muhc -------------- next part -------------- An HTML attachment was scrubbed... URL: From al-nginx at none.at Wed Jun 14 20:26:14 2017 From: al-nginx at none.at (Aleksandar Lazic) Date: Wed, 14 Jun 2017 22:26:14 +0200 Subject: apache rewrite to nginx In-Reply-To: <57d4e6d5b85ee54949157be0cc7e5be6.NginxMailingListEnglish@forum.nginx.org> References: <57d4e6d5b85ee54949157be0cc7e5be6.NginxMailingListEnglish@forum.nginx.org> Message-ID: <19810053987.20170614222614@none.at> Hi frank3427. frank3427 wrote on 14.06.2017: > so far I have come up with the following but , I have been reading that > using if statements is bad. > > if ($http_host ~ "^rwa-(.*)"){ > set $rule_0 1; > set $bref_2 $2; > set $bref_7 $7; > } > if ($http_host ~ "^m2m-(.*)"){ > set $rule_0 1; > set $bref_2 $2; > set $bref_7 $7; > } > if ($http_host ~ "^dwa-(.*)"){ > set $rule_0 1; > set $bref_2 $2; > set $bref_7 $7; > } > if ($rule_0 = "1"){ > rewrite ^/(/ws/v[1-9]/dias/[^+]*)\+([^+]*)$ > https://${host_finder:$http_host}/$1\$bref_2B$2https://$$bref_7bhost_finder:$bref_25$bref_7bHTTP_HOST$bref_7d$bref_7d/$1/$bref_2B$2 > last; > } > if ($http_host ~ "^rwa-(.*)"){ > set $rule_1 1; > set $bref_2 $2; > } > if ($http_host ~ "^m2m-(.*)"){ > set $rule_1 1; > set $bref_2 $2; > } > if ($http_host ~ "^dwa-(.*)"){ > set $rule_1 1; > set $bref_2 $2; > } > if ($rule_1 = "1"){ > rewrite ^/(/ws/v[1-9]/dias/.*)\+(.*)$ /$1\$bref_2B$2; > } > if ($http_host ~ "^rwa-(.*)"){ > set $rule_2 1; Missing '}' The config does not run in nginx and makes no sense? I have installed nginx on a plain linux added the conf to /etc/nginx/conf.d/default.conf and run nginx -t ### nginx -t nginx: [emerg] the closing bracket in "host_finder" variable is missing in /etc/nginx/conf.d/default.conf:31 nginx: configuration file /etc/nginx/nginx.conf test failed ### Please read again http://nginx.org/en/docs/http/server_names.html http://nginx.org/en/docs/njs_about.html http://nginx.org/en/docs/http/ngx_http_js_module.html https://www.nginx.com/blog/tag/nginscript/ Untested suggestion without the host_finder call. ## server { server_name ~^(?rwa|m2m|dwa)-(?.*)$; location / { rewrite ^(/ws/v[1-9]/dias/[^+]*)\+([^+]*)$ https://$prefix/$1\%2B$2 redirect; } } ## -- Best Regards Aleks From nginx-forum at forum.nginx.org Wed Jun 14 20:45:32 2017 From: nginx-forum at forum.nginx.org (frank3427) Date: Wed, 14 Jun 2017 16:45:32 -0400 Subject: apache rewrite to nginx In-Reply-To: <19810053987.20170614222614@none.at> References: <19810053987.20170614222614@none.at> Message-ID: <6d9e525d7a1ca71fc2e91ec17c3201d7.NginxMailingListEnglish@forum.nginx.org> Aleks, How does this look? server { listen *:443 ssl; server_name ~^(?rwa|m2m|dwa)-(?\w+)-(\w+)\.(?(diasranch.net))(:\d+)?$; proxy_read_timeout 86400s; proxy_buffering off; #access_log /logs/ssl_access.log; error_log /logs/ssl_error.log error; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES12 8-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECD SA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA3 84:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECD HE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AE S128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS; ssl_certificate /etc/pki/tls/certs/star.domain.crt; ssl_certificate_key /etc/pki/tls/private/star.domain.pem; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_prefer_server_ciphers on; set $rhc_ip ''; rewrite_by_lua ' local finder = require "host_finder" ngx.var.iot_ip = finder.findHost(ngx.var.routing_key, ngx.var.domain) '; location / rewrite ^(/ws/v[1-9]/dias/[^+]*)\+([^+]*)$ https://$prefix/$1\%2B$2 redirect; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $connection_upgrade; proxy_set_header Host $host; proxy_pass https://$iot_ip:443; } } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274815,274877#msg-274877 From lists at der-ingo.de Wed Jun 14 21:03:45 2017 From: lists at der-ingo.de (Ingo Schmidt) Date: Wed, 14 Jun 2017 23:03:45 +0200 Subject: several sibling location block In-Reply-To: <1497371190.1357.63.camel@gmail.com> References: <1497371190.1357.63.camel@gmail.com> Message-ID: Hi! > to nginx, as follows: > > > location / { > > # force download for ceratain file types > location ~* \.(?:fb2|mobi|mp3)$ { > add_header Content-Disposition "attachment"; > } > location ~* \.fb2$ { > add_header Content-type "text/fb2+xml"; > } > location ~* \.mobi$ { > add_header Content-type "application/x-mobipocket-ebook"; > } > location ~* \.mp3$ { > add_header Content-type "audio/mpeg"; > } > > ... > } > > Content-Disposition "attachment" seems to be added properly to the > header, however not the Content-type. Why? Can several sibling location > blocks that match be proceeded or only one? Several things to note here: - nesting is completely unnecessary here since you use the default location which always matches (if there are no other rules being more specific) - when processing a request, nginx will search for exactly one location that matches your request, following the rules described in detail in the docs: http://nginx.org/en/docs/http/ngx_http_core_module.html#location - regex locations are considered in order or appearance. Your first location is found and used, and only that one. - stop thinking apache (I believe I alread told you that? ;-)): check the mime.types file of nginx in /etc/nginx/. It comes with the installation and this is how you specify content-type headers. If the provided mapping doesn't suite you, create your own and include that instead. So you dont need all your content-type locations at all. And use the docs, they are pretty concise (sometimes you need to read a couple of times, but it almost always turns out to be accurate :-)) http://nginx.org/en/docs/ And I promise you once again, once you know how to configure nginx and once it works for you, you'll wonder how you ever could have used Apache (just my personal opinion, of course!) Cheers, Ingo =;-> -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Wed Jun 14 21:52:09 2017 From: nginx-forum at forum.nginx.org (wonderer) Date: Wed, 14 Jun 2017 17:52:09 -0400 Subject: Is post_action deprecated? Message-ID: <6c29c11dc2358c3098558e277b62f5c7.NginxMailingListEnglish@forum.nginx.org> Hi All, To start with, here's some context. From what i've read around, the post_action directive is to be used with caution. I was able to find this information following the link from this post: https://forum.nginx.org/read.php?2,262008,262012#msg-262012 I also found documentation on the directive in this book: ISBN: 9781785280337. Although it's no where to be found in the official documentation, the directive is supported and is working well for what I need to do. I need to use this directive to send some bandwidth information to my backend after a file download. 1- I'm wondering, is this directive officially deprecated and if, so is there something in the pipeline to replace it? 2- Looking at the nginx tracker (https://trac.nginx.org), I only found 1 issue (#1237) still opened that actually relate to post_action. Did I miss something? 3- What alternative do I have to post_action if basically, all I want to do is perform an additional action in the backend following a file download. Cheers! Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274880,274880#msg-274880 From smntov at gmail.com Thu Jun 15 11:02:09 2017 From: smntov at gmail.com (ST) Date: Thu, 15 Jun 2017 14:02:09 +0300 Subject: Separate logs within the same server for different server names? Message-ID: <1497524529.1357.86.camel@gmail.com> Hello, is it possible somehow to define separate logs within the same server{} for different server names (server_name one.org two.org;)? access_log /var/log/nginx$server_name/access.log; error_log /var/log/nginx$server_name/error.log; Thank you! From lucas at lucasrolff.com Thu Jun 15 11:17:41 2017 From: lucas at lucasrolff.com (Lucas Rolff) Date: Thu, 15 Jun 2017 11:17:41 +0000 Subject: Separate logs within the same server for different server names? In-Reply-To: <1497524529.1357.86.camel@gmail.com> References: <1497524529.1357.86.camel@gmail.com> Message-ID: <16DC23F7-182C-4457-AE94-A58B80A21A20@lucasrolff.com> http://nginx.org/en/docs/http/ngx_http_log_module.html "The file path can contain variables (0.7.6+), but such logs have some constraints" So yes, you can use things such as $host - but there will be a performance penalty. On 15/06/2017, 13.02, "nginx on behalf of ST" wrote: >Hello, > >is it possible somehow to define separate logs within the same server{} >for different server names (server_name one.org two.org;)? > >access_log /var/log/nginx$server_name/access.log; >error_log /var/log/nginx$server_name/error.log; > >Thank you! > >_______________________________________________ >nginx mailing list >nginx at nginx.org >http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Thu Jun 15 13:19:33 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 15 Jun 2017 16:19:33 +0300 Subject: Is post_action deprecated? In-Reply-To: <6c29c11dc2358c3098558e277b62f5c7.NginxMailingListEnglish@forum.nginx.org> References: <6c29c11dc2358c3098558e277b62f5c7.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170615131932.GY55433@mdounin.ru> Hello! On Wed, Jun 14, 2017 at 05:52:09PM -0400, wonderer wrote: > Hi All, > > To start with, here's some context. From what i've read around, the > post_action directive is to be used with caution. I was able to find this > information following the link from this post: > https://forum.nginx.org/read.php?2,262008,262012#msg-262012 > > I also found documentation on the directive in this book: ISBN: > 9781785280337. Although it's no where to be found in the official > documentation, the directive is supported and is working well for what I > need to do. > > I need to use this directive to send some bandwidth information to my > backend after a file download. > > 1- I'm wondering, is this directive officially deprecated and if, so is > there something in the pipeline to replace it? This directive never was documented, and it should not be used unless you understand what this directive does and associated risks. It is not officially supported. -- Maxim Dounin http://nginx.org/ From tkadm30 at yandex.com Thu Jun 15 17:46:42 2017 From: tkadm30 at yandex.com (Etienne Robillard) Date: Thu, 15 Jun 2017 13:46:42 -0400 Subject: Invalid HTTP_IF_NONE_MATCH request header Message-ID: <862aa8d0-507f-fae9-09f9-f7d4af98f996@yandex.com> Hi, I'm trying to implement conditional requests in Django-hotsauce and would like to use HTTP_IF_NONE_MATCH to return a 304 Not Modified response. However in nginx the value of HTTP_IF_NONE_MATCH is incorrect (a empty string is returned). Here's my nginx config: # configuration file /etc/nginx/nginx.conf: user www-data; worker_processes 4; pid /run/nginx.pid; events { worker_connections 512; multi_accept on; use epoll; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 80; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; # gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; ## # Virtual Host Configs ## include /etc/nginx/conf.d/development.conf; #include /etc/nginx/sites-enabled/*; } #mail { # # See sample authentication script at: # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript # # # auth_http localhost/auth.php; # # pop3_capabilities "TOP" "USER"; # # imap_capabilities "IMAP4rev1" "UIDPLUS"; # # server { # listen localhost:110; # protocol pop3; # proxy on; # } # # server { # listen localhost:143; # protocol imap; # proxy on; # } #} # configuration file /etc/nginx/mime.types: types { text/html html htm shtml; text/css css; text/xml xml; image/gif gif; image/jpeg jpeg jpg; application/javascript js; application/atom+xml atom; application/rss+xml rss; text/mathml mml; text/plain txt; text/vnd.sun.j2me.app-descriptor jad; text/vnd.wap.wml wml; text/x-component htc; image/png png; image/tiff tif tiff; image/vnd.wap.wbmp wbmp; image/x-icon ico; image/x-jng jng; image/x-ms-bmp bmp; image/svg+xml svg svgz; image/webp webp; application/font-woff woff; application/java-archive jar war ear; application/json json; application/mac-binhex40 hqx; application/msword doc; application/pdf pdf; application/postscript ps eps ai; application/rtf rtf; application/vnd.apple.mpegurl m3u8; application/vnd.ms-excel xls; application/vnd.ms-fontobject eot; application/vnd.ms-powerpoint ppt; application/vnd.wap.wmlc wmlc; application/vnd.google-earth.kml+xml kml; application/vnd.google-earth.kmz kmz; application/x-7z-compressed 7z; application/x-cocoa cco; application/x-java-archive-diff jardiff; application/x-java-jnlp-file jnlp; application/x-makeself run; application/x-perl pl pm; application/x-pilot prc pdb; application/x-rar-compressed rar; application/x-redhat-package-manager rpm; application/x-sea sea; application/x-shockwave-flash swf; application/x-stuffit sit; application/x-tcl tcl tk; application/x-x509-ca-cert der pem crt; application/x-xpinstall xpi; application/xhtml+xml xhtml; application/xspf+xml xspf; application/zip zip; application/octet-stream bin exe dll; application/octet-stream deb; application/octet-stream dmg; application/octet-stream iso img; application/octet-stream msi msp msm; application/vnd.openxmlformats-officedocument.wordprocessingml.document docx; application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; application/vnd.openxmlformats-officedocument.presentationml.presentation pptx; audio/midi mid midi kar; audio/mpeg mp3; audio/ogg ogg; audio/x-m4a m4a; audio/x-realaudio ra; video/3gpp 3gpp 3gp; video/mp2t ts; video/mp4 mp4; video/mpeg mpeg mpg; video/quicktime mov; video/webm webm; video/x-flv flv; video/x-m4v m4v; video/x-mng mng; video/x-ms-asf asx asf; video/x-ms-wmv wmv; video/x-msvideo avi; } # configuration file /etc/nginx/conf.d/development.conf: server { # static medias web server configuration, for development # and testing purposes. listen 80; server_name localhost; error_log /var/log/nginx/error_log; #debug #access_log /var/log/nginx/gthc.org/access.log; root /home/erob/www/isotopesoftware.ca; #autoindex on; location / { # # host and port to fastcgi server fastcgi_pass 127.0.0.1:8808; # 8808=gthc.org; 8801=tm include fastcgi_params; autoindex on; # # rewrite /CamelCase to /wiki/CamelCase # rewrite ^/(.*[A-Z][a-z]*)$ /wiki$1 last; etag on; #fastcgi_pass_header $http_if_none_match; } # debug url rewriting to the error log rewrite_log on; location /media { autoindex on; gzip on; } location /pub { autoindex on; gzip on; } location /webalizer { autoindex on; gzip on; #auth_basic "Private Property"; #auth_basic_user_file /etc/nginx/.htpasswd; allow 67.68.76.70; deny all; } location /documentation { autoindex on; gzip on; } location /moin_static184 { autoindex on; gzip on; } location /favicon.ico { empty_gif; } location /robots.txt { root /home/www/isotopesoftware.ca; } location /sitemap.xml { root /home/www/isotopesoftware.ca; } #location /public_html { # root /home/www/; # autoindex on; #} # redirect server error pages to the static page /50x.html #error_page 404 /404.html; #error_page 403 /403.html; #error_page 500 502 503 504 /50x.html; #location = /50x.html { # root /var/www/nginx-default; #} include conf.d/moinmoin.conf; #include conf.d/hgwebdir.conf; } # configuration file /etc/nginx/fastcgi_params: fastcgi_param PATH_INFO $fastcgi_script_name; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; #fastcgi_param REMOTE_USER $remote_user; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param HTTP_IF_NONE_MATCH $http_if_none_match; fastcgi_param HTTP_IF_MODIFIED_SINCE $http_if_modified_since; # PHP only, required if PHP was built with --enable-force-cgi-redirect # fastcgi_param REDIRECT_STATUS 200; fastcgi_send_timeout 90; fastcgi_read_timeout 90; fastcgi_connect_timeout 40; fastcgi_cache_valid 200 304 10m; #fastcgi_buffer_size 128k; #fastcgi_buffers 8 128k; #fastcgi_busy_buffers_size 256k; #fastcgi_temp_file_write_size 256k; # configuration file /etc/nginx/conf.d/moinmoin.conf: location /wiki { if ($uri ~ ^/wiki(.*)?){ set $wiki_url $1; } # host and port to fastcgi server fastcgi_pass 127.0.0.1:8807; # 8808=gthc.org; 8801=tm; 8807=moinmoin #include fastcgi_params; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx; fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; #fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; fastcgi_param SERVER_NAME $server_name; fastcgi_param PATH_INFO $wiki_url; fastcgi_param SCRIPT_NAME /wiki; } #location /moin_static184 { # root /home/www/isotopesoftware.ca; # autoindex on; #} Configuration: sudo nginx -V nginx version: nginx/1.12.0 built by gcc 4.9.2 (Debian 4.9.2-10) built with OpenSSL 1.0.2l 25 May 2017 TLS SNI support enabled configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log --error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-proxy-temp-path=/var/lib/nginx/proxy --http-scgi-temp-path=/var/lib/nginx/scgi --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit --with-ipv6 --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-http_auth_request_module --with-http_addition_module --with-http_dav_module --with-http_gzip_static_module --with-http_image_filter_module --with-http_sub_module --with-threads Questions: 1. Any suggestions why the value of HTTP_IF_NONE_MATCH is not defined in nginx ? 2. Why is the python script working with wsgiref but not in nginx ? Thank you in advance, Etienne From tkadm30 at yandex.com Thu Jun 15 21:45:49 2017 From: tkadm30 at yandex.com (Etienne Robillard) Date: Thu, 15 Jun 2017 17:45:49 -0400 Subject: Invalid HTTP_IF_NONE_MATCH request header In-Reply-To: <862aa8d0-507f-fae9-09f9-f7d4af98f996@yandex.com> References: <862aa8d0-507f-fae9-09f9-f7d4af98f996@yandex.com> Message-ID: Hi, I can confirm that my python script is working from the command line. The server (wsgiref) sends a ETag on the initial request with the 200 OK status code. Additional requests will have the request header If-None-Match set with the correct ETag value and a 304 Not Modified response is returned. The problem appears to be caused by a missing ETag header in the initial request when running under FastCGI and nginx only. Furthermore, I'm not sure if the "etag on" configuration option is really doing something. What do you think? Etienne Le 2017-06-15 ? 13:46, Etienne Robillard a ?crit : > Hi, > > I'm trying to implement conditional requests in Django-hotsauce and > would like to use HTTP_IF_NONE_MATCH to return a 304 Not Modified > response. However in nginx the value of HTTP_IF_NONE_MATCH is > incorrect (a empty string is returned). > > Here's my nginx config: > > # configuration file /etc/nginx/nginx.conf: > user www-data; > worker_processes 4; > pid /run/nginx.pid; > > events { > worker_connections 512; > multi_accept on; > use epoll; > } > > http { > > ## > # Basic Settings > ## > > sendfile on; > tcp_nopush on; > tcp_nodelay on; > keepalive_timeout 80; > types_hash_max_size 2048; > # server_tokens off; > > # server_names_hash_bucket_size 64; > # server_name_in_redirect off; > > include /etc/nginx/mime.types; > default_type application/octet-stream; > > ## > # SSL Settings > ## > > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE > ssl_prefer_server_ciphers on; > > ## > # Logging Settings > ## > > access_log /var/log/nginx/access.log; > error_log /var/log/nginx/error.log; > > ## > # Gzip Settings > ## > > gzip on; > gzip_disable "msie6"; > > # gzip_vary on; > # gzip_proxied any; > # gzip_comp_level 6; > # gzip_buffers 16 8k; > # gzip_http_version 1.1; > # gzip_types text/plain text/css application/json > application/javascript text/xml application/xml application/xml+rss > text/javascript; > > ## > # Virtual Host Configs > ## > > include /etc/nginx/conf.d/development.conf; > #include /etc/nginx/sites-enabled/*; > } > > > #mail { > # # See sample authentication script at: > # # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript > # > # # auth_http localhost/auth.php; > # # pop3_capabilities "TOP" "USER"; > # # imap_capabilities "IMAP4rev1" "UIDPLUS"; > # > # server { > # listen localhost:110; > # protocol pop3; > # proxy on; > # } > # > # server { > # listen localhost:143; > # protocol imap; > # proxy on; > # } > #} > > # configuration file /etc/nginx/mime.types: > > types { > text/html html htm shtml; > text/css css; > text/xml xml; > image/gif gif; > image/jpeg jpeg jpg; > application/javascript js; > application/atom+xml atom; > application/rss+xml rss; > > text/mathml mml; > text/plain txt; > text/vnd.sun.j2me.app-descriptor jad; > text/vnd.wap.wml wml; > text/x-component htc; > > image/png png; > image/tiff tif tiff; > image/vnd.wap.wbmp wbmp; > image/x-icon ico; > image/x-jng jng; > image/x-ms-bmp bmp; > image/svg+xml svg svgz; > image/webp webp; > > application/font-woff woff; > application/java-archive jar war ear; > application/json json; > application/mac-binhex40 hqx; > application/msword doc; > application/pdf pdf; > application/postscript ps eps ai; > application/rtf rtf; > application/vnd.apple.mpegurl m3u8; > application/vnd.ms-excel xls; > application/vnd.ms-fontobject eot; > application/vnd.ms-powerpoint ppt; > application/vnd.wap.wmlc wmlc; > application/vnd.google-earth.kml+xml kml; > application/vnd.google-earth.kmz kmz; > application/x-7z-compressed 7z; > application/x-cocoa cco; > application/x-java-archive-diff jardiff; > application/x-java-jnlp-file jnlp; > application/x-makeself run; > application/x-perl pl pm; > application/x-pilot prc pdb; > application/x-rar-compressed rar; > application/x-redhat-package-manager rpm; > application/x-sea sea; > application/x-shockwave-flash swf; > application/x-stuffit sit; > application/x-tcl tcl tk; > application/x-x509-ca-cert der pem crt; > application/x-xpinstall xpi; > application/xhtml+xml xhtml; > application/xspf+xml xspf; > application/zip zip; > > application/octet-stream bin exe dll; > application/octet-stream deb; > application/octet-stream dmg; > application/octet-stream iso img; > application/octet-stream msi msp msm; > > application/vnd.openxmlformats-officedocument.wordprocessingml.document > docx; > application/vnd.openxmlformats-officedocument.spreadsheetml.sheet xlsx; > application/vnd.openxmlformats-officedocument.presentationml.presentation > pptx; > > audio/midi mid midi kar; > audio/mpeg mp3; > audio/ogg ogg; > audio/x-m4a m4a; > audio/x-realaudio ra; > > video/3gpp 3gpp 3gp; > video/mp2t ts; > video/mp4 mp4; > video/mpeg mpeg mpg; > video/quicktime mov; > video/webm webm; > video/x-flv flv; > video/x-m4v m4v; > video/x-mng mng; > video/x-ms-asf asx asf; > video/x-ms-wmv wmv; > video/x-msvideo avi; > } > > # configuration file /etc/nginx/conf.d/development.conf: > server { > > # static medias web server configuration, for development > # and testing purposes. > > listen 80; > server_name localhost; > error_log /var/log/nginx/error_log; #debug > #access_log /var/log/nginx/gthc.org/access.log; > root /home/erob/www/isotopesoftware.ca; > #autoindex on; > > location / { > # # host and port to fastcgi server > fastcgi_pass 127.0.0.1:8808; # 8808=gthc.org; 8801=tm > include fastcgi_params; > autoindex on; > # # rewrite /CamelCase to /wiki/CamelCase > # rewrite ^/(.*[A-Z][a-z]*)$ /wiki$1 last; > etag on; > #fastcgi_pass_header $http_if_none_match; > } > > > # debug url rewriting to the error log > rewrite_log on; > > location /media { > autoindex on; > gzip on; > } > > location /pub { > autoindex on; > gzip on; > } > > location /webalizer { > autoindex on; > gzip on; > #auth_basic "Private Property"; > #auth_basic_user_file /etc/nginx/.htpasswd; > allow 67.68.76.70; > deny all; > } > > location /documentation { > autoindex on; > gzip on; > } > > location /moin_static184 { > autoindex on; > gzip on; > } > > location /favicon.ico { > empty_gif; > } > location /robots.txt { > root /home/www/isotopesoftware.ca; > } > location /sitemap.xml { > root /home/www/isotopesoftware.ca; > } > > #location /public_html { > # root /home/www/; > # autoindex on; > #} > # redirect server error pages to the static page /50x.html > #error_page 404 /404.html; > #error_page 403 /403.html; > #error_page 500 502 503 504 /50x.html; > #location = /50x.html { > # root /var/www/nginx-default; > #} > > include conf.d/moinmoin.conf; > #include conf.d/hgwebdir.conf; > } > > > # configuration file /etc/nginx/fastcgi_params: > fastcgi_param PATH_INFO $fastcgi_script_name; > fastcgi_param QUERY_STRING $query_string; > fastcgi_param REQUEST_METHOD $request_method; > fastcgi_param CONTENT_TYPE $content_type; > fastcgi_param CONTENT_LENGTH $content_length; > > fastcgi_param SCRIPT_NAME $fastcgi_script_name; > fastcgi_param REQUEST_URI $request_uri; > fastcgi_param DOCUMENT_URI $document_uri; > fastcgi_param DOCUMENT_ROOT $document_root; > fastcgi_param SERVER_PROTOCOL $server_protocol; > > fastcgi_param GATEWAY_INTERFACE CGI/1.1; > fastcgi_param SERVER_SOFTWARE nginx; > > fastcgi_param REMOTE_ADDR $remote_addr; > fastcgi_param REMOTE_PORT $remote_port; > #fastcgi_param REMOTE_USER $remote_user; > fastcgi_param SERVER_ADDR $server_addr; > fastcgi_param SERVER_PORT $server_port; > fastcgi_param SERVER_NAME $server_name; > > > fastcgi_param HTTP_IF_NONE_MATCH $http_if_none_match; > fastcgi_param HTTP_IF_MODIFIED_SINCE $http_if_modified_since; > > > # PHP only, required if PHP was built with --enable-force-cgi-redirect > # fastcgi_param REDIRECT_STATUS 200; > > fastcgi_send_timeout 90; > fastcgi_read_timeout 90; > fastcgi_connect_timeout 40; > fastcgi_cache_valid 200 304 10m; > #fastcgi_buffer_size 128k; > #fastcgi_buffers 8 128k; > #fastcgi_busy_buffers_size 256k; > #fastcgi_temp_file_write_size 256k; > > > # configuration file /etc/nginx/conf.d/moinmoin.conf: > > > location /wiki { > > > if ($uri ~ ^/wiki(.*)?){ > set $wiki_url $1; > } > # host and port to fastcgi server > fastcgi_pass 127.0.0.1:8807; # 8808=gthc.org; 8801=tm; > 8807=moinmoin > #include fastcgi_params; > fastcgi_param GATEWAY_INTERFACE CGI/1.1; > fastcgi_param SERVER_SOFTWARE nginx; > fastcgi_param QUERY_STRING $query_string; > fastcgi_param REQUEST_METHOD $request_method; > fastcgi_param CONTENT_TYPE $content_type; > fastcgi_param CONTENT_LENGTH $content_length; > fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; > #fastcgi_param SCRIPT_NAME $fastcgi_script_name; > fastcgi_param REQUEST_URI $request_uri; > fastcgi_param DOCUMENT_URI $document_uri; > fastcgi_param DOCUMENT_ROOT $document_root; > fastcgi_param SERVER_PROTOCOL $server_protocol; > fastcgi_param REMOTE_ADDR $remote_addr; > fastcgi_param REMOTE_PORT $remote_port; > fastcgi_param SERVER_ADDR $server_addr; > fastcgi_param SERVER_PORT $server_port; > fastcgi_param SERVER_NAME $server_name; > fastcgi_param PATH_INFO $wiki_url; > fastcgi_param SCRIPT_NAME /wiki; > } > #location /moin_static184 { > # root /home/www/isotopesoftware.ca; > # autoindex on; > #} > > Configuration: > sudo nginx -V > nginx version: nginx/1.12.0 > built by gcc 4.9.2 (Debian 4.9.2-10) > built with OpenSSL 1.0.2l 25 May 2017 > TLS SNI support enabled > configure arguments: --with-cc-opt='-g -O2 -fstack-protector-strong > -Wformat -Werror=format-security -D_FORTIFY_SOURCE=2' > --with-ld-opt=-Wl,-z,relro --prefix=/usr/share/nginx > --conf-path=/etc/nginx/nginx.conf > --http-log-path=/var/log/nginx/access.log > --error-log-path=/var/log/nginx/error.log > --lock-path=/var/lock/nginx.lock --pid-path=/run/nginx.pid > --http-client-body-temp-path=/var/lib/nginx/body > --http-fastcgi-temp-path=/var/lib/nginx/fastcgi > --http-proxy-temp-path=/var/lib/nginx/proxy > --http-scgi-temp-path=/var/lib/nginx/scgi > --http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug > --with-pcre-jit --with-ipv6 --with-http_ssl_module > --with-http_stub_status_module --with-http_realip_module > --with-http_auth_request_module --with-http_addition_module > --with-http_dav_module --with-http_gzip_static_module > --with-http_image_filter_module --with-http_sub_module --with-threads > > > Questions: > > 1. Any suggestions why the value of HTTP_IF_NONE_MATCH is not defined > in nginx ? > 2. Why is the python script working with wsgiref but not in nginx ? > > Thank you in advance, > > Etienne > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -- Etienne Robillard tkadm30 at yandex.com http://www.isotopesoftware.ca/ From francis at daoine.org Thu Jun 15 22:09:35 2017 From: francis at daoine.org (Francis Daly) Date: Thu, 15 Jun 2017 23:09:35 +0100 Subject: Invalid HTTP_IF_NONE_MATCH request header In-Reply-To: <862aa8d0-507f-fae9-09f9-f7d4af98f996@yandex.com> References: <862aa8d0-507f-fae9-09f9-f7d4af98f996@yandex.com> Message-ID: <20170615220935.GL18356@daoine.org> On Thu, Jun 15, 2017 at 01:46:42PM -0400, Etienne Robillard wrote: Hi there, > I'm trying to implement conditional requests in Django-hotsauce and > would like to use HTTP_IF_NONE_MATCH to return a 304 Not Modified > response. However in nginx the value of HTTP_IF_NONE_MATCH is > incorrect (a empty string is returned). What request do you make? Which location{} is used to handle that request? You appear to do something with HTTP_IF_NONE_MATCH in "location /" but not in "location /wiki". > 1. Any suggestions why the value of HTTP_IF_NONE_MATCH is not > defined in nginx ? Why, specifically, do you think that it is not defined? > 2. Why is the python script working with wsgiref but not in nginx ? nginx doesn't "do" python. It does (in this case) fastcgi. Perhaps that is relevant to the question? Good luck with it, f -- Francis Daly francis at daoine.org From tkadm30 at yandex.com Thu Jun 15 22:29:44 2017 From: tkadm30 at yandex.com (Etienne Robillard) Date: Thu, 15 Jun 2017 18:29:44 -0400 Subject: Invalid HTTP_IF_NONE_MATCH request header In-Reply-To: <20170615220935.GL18356@daoine.org> References: <862aa8d0-507f-fae9-09f9-f7d4af98f996@yandex.com> <20170615220935.GL18356@daoine.org> Message-ID: Hi Francis, Le 2017-06-15 ? 18:09, Francis Daly a ?crit : > > What request do you make? GET http://localhost/ > > Which location{} is used to handle that request? location / > You appear to do something with HTTP_IF_NONE_MATCH in "location /" > but not in "location /wiki". The /wiki location is handled by a separate fastcgi script. >> 1. Any suggestions why the value of HTTP_IF_NONE_MATCH is not >> defined in nginx ? > Why, specifically, do you think that it is not defined? Firefox omits to add this request header because I suspect the ETag header was missing from the initial request. >> 2. Why is the python script working with wsgiref but not in nginx ? > nginx doesn't "do" python. It does (in this case) fastcgi. Perhaps that > is relevant to the question? I always thought that a python script running under wsgiref is expected to work in fastcgi as-is, without the need to modify nginx configuration. > > Good luck with it, > > f Best regards, Etienne -- Etienne Robillard tkadm30 at yandex.com http://www.isotopesoftware.ca/ From vbart at nginx.com Thu Jun 15 22:50:30 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Fri, 16 Jun 2017 01:50:30 +0300 Subject: Invalid HTTP_IF_NONE_MATCH request header In-Reply-To: References: <862aa8d0-507f-fae9-09f9-f7d4af98f996@yandex.com> Message-ID: <1516001.H4p2RD5lhI@vbart-laptop> On Thursday 15 June 2017 17:45:49 Etienne Robillard wrote: > Hi, > > I can confirm that my python script is working from the command line. > The server (wsgiref) sends a ETag on the initial request with the 200 OK > status code. Additional requests will have the request header > If-None-Match set with the correct ETag value and a 304 Not Modified > response is returned. > > The problem appears to be caused by a missing ETag header in the initial > request when running under FastCGI and nginx only. Furthermore, I'm not > sure if the "etag on" configuration option is really doing something. > > What do you think? > [..] A quote from the documentation: | etag on | off; | | Enables or disables automatic generation of the ?ETag? response | header field for static resources. http://nginx.org/en/docs/http/ngx_http_core_module.html#etag Your script isn't a static resource, so the directive does nothing for location with fastcgi configuration. Moreover, you don't need to explicitly specify any "fastcgi_param" for request headers (i.e. HTTP_*) since they are passed automatically (if the header presents in request). See the "Parameters Passed to a FastCGI Server" paragraph here: http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#parameters wbr, Valentin V. Bartenev From francis at daoine.org Thu Jun 15 23:02:21 2017 From: francis at daoine.org (Francis Daly) Date: Fri, 16 Jun 2017 00:02:21 +0100 Subject: Invalid HTTP_IF_NONE_MATCH request header In-Reply-To: References: <862aa8d0-507f-fae9-09f9-f7d4af98f996@yandex.com> <20170615220935.GL18356@daoine.org> Message-ID: <20170615230221.GM18356@daoine.org> On Thu, Jun 15, 2017 at 06:29:44PM -0400, Etienne Robillard wrote: > Le 2017-06-15 ? 18:09, Francis Daly a ?crit : Hi there, > >What request do you make? > GET http://localhost/ Ok. > >Which location{} is used to handle that request? > location / Ok. What file-on-the-filesystem is the file you want your fastcgi server to process for this request? I don't see a "fastcgi_index" directive; maybe that does not matter in your system. > >You appear to do something with HTTP_IF_NONE_MATCH in "location /" > >but not in "location /wiki". > The /wiki location is handled by a separate fastcgi script. Ok. > >>1. Any suggestions why the value of HTTP_IF_NONE_MATCH is not > >>defined in nginx ? > >Why, specifically, do you think that it is not defined? > Firefox omits to add this request header There's your answer, then. If the client does not include a header in the http request to nginx, nginx will not include the matching param in the fastcgi request to the fastcgi server. > because I suspect the ETag > header was missing from the initial request. If that is the reason, then that's the thing to fix. I'm not exactly sure what you mean by "the initial request"; but if the client does not send something to nginx, nginx cannot do much with it. > >>2. Why is the python script working with wsgiref but not in nginx ? > >nginx doesn't "do" python. It does (in this case) fastcgi. Perhaps that > >is relevant to the question? > I always thought that a python script running under wsgiref is > expected to work in fastcgi > as-is, without the need to modify nginx configuration. Maybe it does. wsgi and fastcgi are different words. I wouldn't assume that they are interchangeable, without testing. If you can identify exactly what is happening, and what should be happening, then you have a chance to identify which specific part is failing. >From what you have written so far, the problem is with the client not making the request that you want. Note that the nginx config lines that start with "fastcgi_param HTTP_" should not be necessary. I would not be surprised if having them present breaks things, but I have not tested for that. Cheers, f -- Francis Daly francis at daoine.org From tkadm30 at yandex.com Thu Jun 15 23:39:26 2017 From: tkadm30 at yandex.com (Etienne Robillard) Date: Thu, 15 Jun 2017 19:39:26 -0400 Subject: Invalid HTTP_IF_NONE_MATCH request header In-Reply-To: <20170615230221.GM18356@daoine.org> References: <862aa8d0-507f-fae9-09f9-f7d4af98f996@yandex.com> <20170615220935.GL18356@daoine.org> <20170615230221.GM18356@daoine.org> Message-ID: <9d28835f-473e-275c-3f1f-2e5e9bfb0779@yandex.com> Le 2017-06-15 ? 19:02, Francis Daly a ?crit : > On Thu, Jun 15, 2017 at 06:29:44PM -0400, Etienne Robillard wrote: >> Le 2017-06-15 ? 18:09, Francis Daly a ?crit : > Hi there, > >>> What request do you make? >> GET http://localhost/ > Ok. > >>> Which location{} is used to handle that request? >> location / > Ok. What file-on-the-filesystem is the file you want your fastcgi server > to process for this request? I don't see a "fastcgi_index" directive; > maybe that does not matter in your system. > >>> You appear to do something with HTTP_IF_NONE_MATCH in "location /" >>> but not in "location /wiki". >> The /wiki location is handled by a separate fastcgi script. > Ok. > >>>> 1. Any suggestions why the value of HTTP_IF_NONE_MATCH is not >>>> defined in nginx ? >>> Why, specifically, do you think that it is not defined? >> Firefox omits to add this request header > There's your answer, then. If the client does not include a header in > the http request to nginx, nginx will not include the matching param > in the fastcgi request to the fastcgi server. > >> because I suspect the ETag >> header was missing from the initial request. > If that is the reason, then that's the thing to fix. I'm not exactly > sure what you mean by "the initial request"; but if the client does not > send something to nginx, nginx cannot do much with it. > > >>>> 2. Why is the python script working with wsgiref but not in nginx ? >>> nginx doesn't "do" python. It does (in this case) fastcgi. Perhaps that >>> is relevant to the question? >> I always thought that a python script running under wsgiref is >> expected to work in fastcgi >> as-is, without the need to modify nginx configuration. > Maybe it does. wsgi and fastcgi are different words. I wouldn't assume > that they are interchangeable, without testing. > > If you can identify exactly what is happening, and what should be > happening, then you have a chance to identify which specific part > is failing. > > From what you have written so far, the problem is with the client not > making the request that you want. > > Note that the nginx config lines that start with "fastcgi_param HTTP_" > should not be necessary. I would not be surprised if having them present > breaks things, but I have not tested for that. > > Cheers, > > f Thanks for your comments, Francis and Valentin. The problem was with gzip. Disabling gzip allowed the fastcgi script to pass the Etag header to the client. :) See this: https://stackoverflow.com/questions/15900548/why-browser-does-not-send-if-none-match-header Cheers, Etienne -- Etienne Robillard tkadm30 at yandex.com http://www.isotopesoftware.ca/ From stageline at gmail.com Fri Jun 16 03:57:42 2017 From: stageline at gmail.com (=?UTF-8?B?R8OhYm9yIEk=?=) Date: Fri, 16 Jun 2017 05:57:42 +0200 Subject: No subject Message-ID: -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Fri Jun 16 07:25:00 2017 From: nginx-forum at forum.nginx.org (tory) Date: Fri, 16 Jun 2017 03:25:00 -0400 Subject: Peer closed connection in SSL handshake In-Reply-To: <5225147da27f9518b694ea5f09a5325e.NginxMailingListEnglish@forum.nginx.org> References: <5225147da27f9518b694ea5f09a5325e.NginxMailingListEnglish@forum.nginx.org> Message-ID: <3df2f7d398d45d5baf80b5175fb21a53.NginxMailingListEnglish@forum.nginx.org> This topic is closed. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274863,274911#msg-274911 From codechang at outlook.com Sun Jun 18 10:31:29 2017 From: codechang at outlook.com (Chang Code) Date: Sun, 18 Jun 2017 10:31:29 +0000 Subject: How to use Nginx to get HTTPS POST from cloud vendor Message-ID: <68096315-53F5-4FB7-BCBA-21A8D57CA92C@outlook.com> Hi, I am looking detail document to learn how use Nginx to receive HTTPS POST data from below data format. I already searched documents from google but all of documents did not explain in detail for learning. Please advise. Thank you. HTTPS POST BODY { "version":"2.0", "secret":, "type":, "data": } HTTPS special data format { "apMac": , "apTags": [, ...], "observations": [ { "clientMac": , "ipv4": , "ipv6": , "seenTime": , "seenEpoch": , "ssid": , "rssi": , "manufacturer": , "os": , "location": { "lat": , "lng": , "unc": , "x": [, ...], "y": [, ...] }, },... ] } -------------- next part -------------- An HTML attachment was scrubbed... URL: From leeon2013 at gmail.com Mon Jun 19 01:59:43 2017 From: leeon2013 at gmail.com (David Woodstuck) Date: Sun, 18 Jun 2017 21:59:43 -0400 Subject: how to install nginx_substitutions_filter in existing Nginx In-Reply-To: <20170606172149.GC18356@daoine.org> References: <20170606172149.GC18356@daoine.org> Message-ID: Thank Francis for your help. I just install nginx_substitutions_filter from source. It works well as expected. I have a special requirement I will describe below. I have a host Nginx server running in port: 9000, This Nginx will proxy http://www.myserver.com:10085/. Some pages from http://www.myserver.com:10085/ have a lot of iframes whose srcs are http://www.myserver.com:10088/ and http://www.myserver.com:10089/. I cannot get access to http://www.myserver.com:10085/, http://www.myserver.com:10088/ and http://www.myserver.com:10089/. I want the pages from http://www.myserver.com:10085/ to have CORS( add_header 'Access-Control-Allow-Origin' '*'). How do I achieve this? Thanks, David On Tue, Jun 6, 2017 at 1:21 PM, Francis Daly wrote: > On Tue, Jun 06, 2017 at 12:27:04AM -0400, David Woodstuck wrote: > > Hi there, > > > I am a new Nginx user. I just install Nginx 1.12. I like to > > use nginx_substitutions_filter. I cannot figure out how to install > > nginx_substitutions_filter in previously existing Nginx. > > You (probably) don't. > > https://www.nginx.com/resources/admin-guide/installing-nginx-open-source/ > > describes how to build from source in general; > > https://www.nginx.com/resources/wiki/modules/substitutions/ > > describes how to include the modules you mention, in specific. > > > Should I unstall Nginx first? > > You can run "nginx -V" to see the "configure" arguments that were used > to create your current version. Then add the extra bits that you want. > > Depending on precisely how you installed your current nginx, you probably > *do* want to uninstall it before installing the new one. > > > If your current nginx supports dynamic modules (1.12 does), and if > this extra module you want supports being built as a dynamic module, > then you may be able to build-and-add the module. > > I suspect that in your case, you will probably find more clear > documentation on how to build-and-maintain a new nginx than how to > build-and-maintain the extra module. > > I also suspect that, based on parallel mail threads, you probably do > not need the extra module. > > It is still useful to know how to add a module that you want, so it is > certainly worth trying it on a test system, at least. > > Good luck with it, > > f > -- > Francis Daly francis at daoine.org > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From jcreek at indigital.net Mon Jun 19 13:05:00 2017 From: jcreek at indigital.net (Jeffrey Creek) Date: Mon, 19 Jun 2017 09:05:00 -0400 Subject: Proxy LDAP port TCP 389 Message-ID: I am trying to use NGINX Plus (nginx version: nginx/1.11.10 (nginx-plus-r12-p2)) as a load balancer for VMware Platform Services Controller v 6.5. Everything seems to work except port 389. Config: . . . stream { upstream ftwyin_psc_389 { zone ftwyin_psc 64k; server 192.168.183.20:389 weight=1; server 192.168.183.22:389 weight=2; } . . . server { listen 192.168.183.41:389; proxy_pass ftwyin_psc_389; status_zone status_page; } . . . I am seeing the following error in the NGINX error.log: " connect() to 192.168.183.20:389 failed (13: Permission denied) while connecting to upstream, client: 192.168.183.21, server: 192.168.183.41:389, upstream: "192.168.183.20:389"" Any ideas? -- Jeff Creek INdigital -------------- next part -------------- An HTML attachment was scrubbed... URL: From maxim at nginx.com Mon Jun 19 13:48:03 2017 From: maxim at nginx.com (Maxim Konovalov) Date: Mon, 19 Jun 2017 16:48:03 +0300 Subject: Proxy LDAP port TCP 389 In-Reply-To: References: Message-ID: Hello, On 19/06/2017 16:05, Jeffrey Creek wrote: > I am trying to use NGINX Plus (nginx version: nginx/1.11.10 > (nginx-plus-r12-p2)) as a load balancer for VMware Platform Services > Controller v 6.5. Everything seems to work except port 389. > > Config: > > . . . > stream { > upstream ftwyin_psc_389 { > zone ftwyin_psc 64k; > server 192.168.183.20:389 > weight=1; > server 192.168.183.22:389 > weight=2; > } > . . . > > server { > listen 192.168.183.41:389 ; > proxy_pass ftwyin_psc_389; > status_zone status_page; > } > . . . > > > I am seeing the following error in the NGINX error.log: > " connect() to 192.168.183.20:389 failed > (13: Permission denied) while connecting to upstream, client: > 192.168.183.21, server: 192.168.183.41:389 > , upstream: "192.168.183.20:389 > "" > > > Any ideas? Out of the blue: this is your local packet filter/firewall rules. By the way, it makes sense to approach nginx-plus support channel with such questions. Best regards, Maxim -- Maxim Konovalov From nginx-forum at forum.nginx.org Mon Jun 19 19:32:43 2017 From: nginx-forum at forum.nginx.org (Joergi) Date: Mon, 19 Jun 2017 15:32:43 -0400 Subject: How can I rewrite .php files properly? Message-ID: Hi guys, I am running a MediaWiki installation and I am using this block of rules to rewrite requests to MediaWiki: location ~ \.php { root /home/$username/www/; index index.php index.html; try_files /dummy/$uri @php; } However, this is creating the problem that wiki pages, which end on .php can no longer be accessed. Instead, nginx only responds with "File not found." What can I do to make all requests still go to MediaWiki, but to then let MediaWiki handle the actual paths? E.g. a request to MyWikiPages/File.php should still be passed to MediaWiki, but then MediaWiki should display the according wiki page. Cheers! J?rg Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274971,274971#msg-274971 From idefix at fechner.net Mon Jun 19 20:10:19 2017 From: idefix at fechner.net (Matthias Fechner) Date: Mon, 19 Jun 2017 22:10:19 +0200 Subject: How can I rewrite .php files properly? In-Reply-To: References: Message-ID: <4b41a466-f15c-331a-9d48-2a0cd5cb3153@fechner.net> Am 19.06.2017 um 21:32 schrieb Joergi: > I am running a MediaWiki installation and I am using this block of rules to > rewrite requests to MediaWiki: > > > location ~ \.php { > root /home/$username/www/; > index index.php index.html; > try_files /dummy/$uri @php; > } > I use the following configuration snippet: location / { rewrite ^/([^?]*)(?:\?(.*))? /index.php?title=$1&$2 last; } location ^~ /maintenance/ { return 403; } location ~ \.php?$ { try_files $uri =404; include fastcgi_params; fastcgi_pass php-handler; fastcgi_param HTTPS on; } Gru? Matthias -- "Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the universe trying to produce bigger and better idiots. So far, the universe is winning." -- Rich Cook From owen at nginx.com Mon Jun 19 21:45:41 2017 From: owen at nginx.com (Owen Garrett) Date: Mon, 19 Jun 2017 22:45:41 +0100 Subject: 2017 NGINX User Survey: Help Us Shape the Future [reminder] Message-ID: It?s time for the annual NGINX User Survey. We're always eager to hear about your experiences to help us evolve, improve, and shape our product roadmap. Please take ten minutes to share your thoughts: http://survey.newkind.com/r/rSzd0p89/ Thank you in advance, Owen --- owen at nginx.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Tue Jun 20 10:17:27 2017 From: nginx-forum at forum.nginx.org (guruprasads) Date: Tue, 20 Jun 2017 06:17:27 -0400 Subject: Configure Nginx for virtual hosts with same port Message-ID: <8f77ea91f557d530e6ac461f0b9dcdf2.NginxMailingListEnglish@forum.nginx.org> Hi all, I am trying to configure 3 virtual hosts for single server with same port, but php is not working for all virtual hosts. My requirement is as below, IP:port-A/ IP:port-A/local IP:port-A/viewer These 3 virtual hosts i want to configure, only html contents are displaying on browser, if i add php code its not displaying any php actions(like i written simply echo "guru";). below is my configuration file content. server { listen 80 default; listen 443 ssl; server_name $hostname; client_max_body_size 16384M; location / { root /opt/xxx/yyy/myweb/admin; index index.php index.phtml index.html index.htm; try_files $uri $uri/ /index.php$is_args$args; } location /viewer { root /opt/xxx/yyy/myweb/viewer; index index.php index.phtml index.html index.htm; try_files $uri $uri/ /index.php$is_args$args; } location /local { root /opt/xxx/yyy/myweb/local; index index.php index.phtml index.html index.htm; try_files $uri $uri/ /index.php$is_args$args; } location ~ \.php$ { root /opt/xxx/yyy/myweb/admin; try_files $uri =404; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_intercept_errors on; fastcgi_read_timeout 300; include fastcgi_params; } location ~ \.php$ { root /opt/xxx/yyy/myweb/viewer; try_files $uri =404; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_intercept_errors on; fastcgi_read_timeout 300; include fastcgi_params; } location ~ \.php$ { root /opt/xxx/yyy/myweb/local; try_files $uri =404; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_intercept_errors on; fastcgi_read_timeout 300; include fastcgi_params; } } advance thanks all. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274978,274978#msg-274978 From jim at mailman-hosting.com Tue Jun 20 10:45:18 2017 From: jim at mailman-hosting.com (Jim Ohlstein) Date: Tue, 20 Jun 2017 06:45:18 -0400 Subject: Configure Nginx for virtual hosts with same port In-Reply-To: <8f77ea91f557d530e6ac461f0b9dcdf2.NginxMailingListEnglish@forum.nginx.org> References: <8f77ea91f557d530e6ac461f0b9dcdf2.NginxMailingListEnglish@forum.nginx.org> Message-ID: <5a15f3ac-abc4-5869-5970-e9ce40aacb5a@mailman-hosting.com> Hello, On 06/20/2017 06:17 AM, guruprasads wrote: > Hi all, > > I am trying to configure 3 virtual hosts for single server with same port, > but php is not working for all virtual hosts. > > My requirement is as below, > > IP:port-A/ > IP:port-A/local > IP:port-A/viewer > > These 3 virtual hosts i want to configure, only html contents are displaying > on browser, if i add php code its not displaying any php actions(like i > written simply echo "guru";). > > below is my configuration file content. > > server { > > listen 80 default; > listen 443 ssl; > server_name $hostname; > client_max_body_size 16384M; > > location / { > root /opt/xxx/yyy/myweb/admin; > index index.php index.phtml index.html index.htm; > try_files $uri $uri/ /index.php$is_args$args; > } > > location /viewer { > root /opt/xxx/yyy/myweb/viewer; > index index.php index.phtml index.html index.htm; > try_files $uri $uri/ /index.php$is_args$args; > } > > location /local { > root /opt/xxx/yyy/myweb/local; > index index.php index.phtml index.html index.htm; > try_files $uri $uri/ /index.php$is_args$args; > } > > > location ~ \.php$ { > root /opt/xxx/yyy/myweb/admin; > try_files $uri =404; > fastcgi_pass 127.0.0.1:9000; > fastcgi_index index.php; > fastcgi_param SCRIPT_FILENAME > $document_root$fastcgi_script_name; > fastcgi_split_path_info ^(.+\.php)(/.+)$; > fastcgi_intercept_errors on; > fastcgi_read_timeout 300; > include fastcgi_params; > } > > location ~ \.php$ { > root /opt/xxx/yyy/myweb/viewer; > try_files $uri =404; > fastcgi_pass 127.0.0.1:9000; > fastcgi_index index.php; > fastcgi_param SCRIPT_FILENAME > $document_root$fastcgi_script_name; > fastcgi_split_path_info ^(.+\.php)(/.+)$; > fastcgi_intercept_errors on; > fastcgi_read_timeout 300; > include fastcgi_params; > } > > location ~ \.php$ { > root /opt/xxx/yyy/myweb/local; > try_files $uri =404; > fastcgi_pass 127.0.0.1:9000; > fastcgi_index index.php; > fastcgi_param SCRIPT_FILENAME > $document_root$fastcgi_script_name; > fastcgi_split_path_info ^(.+\.php)(/.+)$; > fastcgi_intercept_errors on; > fastcgi_read_timeout 300; > include fastcgi_params; > } > } > This configuration will never do what you expect. All PHP requests will be handled by the first "php" location. See http://nginx.org/en/docs/http/ngx_http_core_module.html#location. -- Jim Ohlstein Profesional Mailman Hosting https://mailman-hosting.com From nginx-forum at forum.nginx.org Tue Jun 20 12:25:11 2017 From: nginx-forum at forum.nginx.org (jcreek) Date: Tue, 20 Jun 2017 08:25:11 -0400 Subject: Proxy LDAP port TCP 389 In-Reply-To: References: Message-ID: Problem was SELinux. Ran the following to create a rule to allow the traffic: grep nginx /var/log/audit/audit.log | audit2allow -M ldap semodule -i ldap.pp Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274942,274981#msg-274981 From lists at lazygranch.com Wed Jun 21 00:36:38 2017 From: lists at lazygranch.com (lists at lazygranch.com) Date: Tue, 20 Jun 2017 17:36:38 -0700 Subject: block google app Message-ID: <20170620173638.44e8b1ad.lists@lazygranch.com> I would like to block the google app from directly downloading images. access.log: 200 186.155.157.9 - - [20/Jun/2017:00:35:47 +0000] "GET /images/photo.jpg HTTP/1.1" 334052 "-" "com.google.GoogleMobile/28.0.0 iPad/9.3.5 hw/iPad2_5" "-" My nginx code in the images location: if ($http_referer ~* (com.google.GoogleMobile)) { return 403; } So what I am doing wrong? From rpaprocki at fearnothingproductions.net Wed Jun 21 00:49:14 2017 From: rpaprocki at fearnothingproductions.net (Robert Paprocki) Date: Tue, 20 Jun 2017 17:49:14 -0700 Subject: block google app In-Reply-To: <20170620173638.44e8b1ad.lists@lazygranch.com> References: <20170620173638.44e8b1ad.lists@lazygranch.com> Message-ID: Do you mean $http_user_agent? > On Jun 20, 2017, at 17:36, "lists at lazygranch.com" wrote: > > I would like to block the google app from directly downloading images. > > access.log: > > 200 186.155.157.9 - - [20/Jun/2017:00:35:47 +0000] "GET /images/photo.jpg HTTP/1.1" 334052 "-" "com.google.GoogleMobile/28.0.0 iPad/9.3.5 hw/iPad2_5" "-" > > > My nginx code in the images location: > > if ($http_referer ~* (com.google.GoogleMobile)) { > return 403; > } > > So what I am doing wrong? > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From lists at lazygranch.com Wed Jun 21 01:35:47 2017 From: lists at lazygranch.com (lists at lazygranch.com) Date: Tue, 20 Jun 2017 18:35:47 -0700 Subject: block google app In-Reply-To: References: <20170620173638.44e8b1ad.lists@lazygranch.com> Message-ID: <20170620183547.50d741ea.lists@lazygranch.com> I think the ipad is the useragent. I wiped out that access.log, but here is a fresh one showing a browser (user agent) in the proper field. 200 76.20.227.211 - - [21/Jun/2017:00:48:45 +0000] "GET /images/photo.jpg HTTP/1.1" 91223 "http://www.mydomain.com/page.html" "Mozilla/5.0 (Linux; Android 6.0.1; SM-T350 B uild/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Safari/537.36" "-" I sanitize these a bit because I don't like this stuff showing up in google searches, but the basic format is the same. I use a custom log file format. On Tue, 20 Jun 2017 17:49:14 -0700 Robert Paprocki wrote: > Do you mean $http_user_agent? > > > On Jun 20, 2017, at 17:36, "lists at lazygranch.com" > > wrote: > > > > I would like to block the google app from directly downloading > > images. > > > > access.log: > > > > 200 186.155.157.9 - - [20/Jun/2017:00:35:47 +0000] > > "GET /images/photo.jpg HTTP/1.1" 334052 "-" > > "com.google.GoogleMobile/28.0.0 iPad/9.3.5 hw/iPad2_5" "-" > > > > > > My nginx code in the images location: > > > > if ($http_referer ~* (com.google.GoogleMobile)) { > > return 403; > > } > > > > So what I am doing wrong? > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From rpaprocki at fearnothingproductions.net Wed Jun 21 01:47:41 2017 From: rpaprocki at fearnothingproductions.net (Robert Paprocki) Date: Tue, 20 Jun 2017 18:47:41 -0700 Subject: block google app In-Reply-To: <20170620183547.50d741ea.lists@lazygranch.com> References: <20170620173638.44e8b1ad.lists@lazygranch.com> <20170620183547.50d741ea.lists@lazygranch.com> Message-ID: <1335C156-F524-4E06-B3EA-250575F4D6CA@fearnothingproductions.net> Well what is your log format then? We can't possibly help you if we don't have the necessary info ;) Do you want to block based on http referer? Or user agent string? Or something else entirely? The config snippet you posted indicates you are trying to block by referer. If you want to block a request based on the user agent string, you need to use the variable I noted ($http_user_agent). Sent from my iPhone > On Jun 20, 2017, at 18:35, "lists at lazygranch.com" wrote: > > I think the ipad is the useragent. I wiped out that access.log, but > here is a fresh one showing a browser (user agent) in the proper field. > > 200 76.20.227.211 - - [21/Jun/2017:00:48:45 +0000] "GET /images/photo.jpg HTTP/1.1" 91223 "http://www.mydomain.com/page.html" "Mozilla/5.0 (Linux; Android 6.0.1; SM-T350 B > uild/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Safari/537.36" "-" > > I sanitize these a bit because I don't like this stuff showing up in > google searches, but the basic format is the same. I use a custom log > file format. > > > On Tue, 20 Jun 2017 17:49:14 -0700 > Robert Paprocki wrote: > >> Do you mean $http_user_agent? >> >>> On Jun 20, 2017, at 17:36, "lists at lazygranch.com" >>> wrote: >>> >>> I would like to block the google app from directly downloading >>> images. >>> >>> access.log: >>> >>> 200 186.155.157.9 - - [20/Jun/2017:00:35:47 +0000] >>> "GET /images/photo.jpg HTTP/1.1" 334052 "-" >>> "com.google.GoogleMobile/28.0.0 iPad/9.3.5 hw/iPad2_5" "-" >>> >>> >>> My nginx code in the images location: >>> >>> if ($http_referer ~* (com.google.GoogleMobile)) { >>> return 403; >>> } >>> >>> So what I am doing wrong? >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From lists at lazygranch.com Wed Jun 21 03:56:46 2017 From: lists at lazygranch.com (lists at lazygranch.com) Date: Tue, 20 Jun 2017 20:56:46 -0700 Subject: block google app In-Reply-To: <1335C156-F524-4E06-B3EA-250575F4D6CA@fearnothingproductions.net> References: <20170620173638.44e8b1ad.lists@lazygranch.com> <20170620183547.50d741ea.lists@lazygranch.com> <1335C156-F524-4E06-B3EA-250575F4D6CA@fearnothingproductions.net> Message-ID: <20170621035646.5726295.20235.31263@lazygranch.com> I want to block by referrer. I provided a more "normal" record so that the user agent and referrer location was obvious by context.? My problem is I'm not creating the match expression correctly. I've tried spaces, parens. I haven't tried quotes. ?? ? Original Message ? From: Robert Paprocki Sent: Tuesday, June 20, 2017 6:47 PM To: nginx at nginx.org Reply To: nginx at nginx.org Subject: Re: block google app Well what is your log format then? We can't possibly help you if we don't have the necessary info ;) Do you want to block based on http referer? Or user agent string? Or something else entirely? The config snippet you posted indicates you are trying to block by referer. If you want to block a request based on the user agent string, you need to use the variable I noted ($http_user_agent). Sent from my iPhone > On Jun 20, 2017, at 18:35, "lists at lazygranch.com" wrote: > > I think the ipad is the useragent. I wiped out that access.log, but > here is a fresh one showing a browser (user agent) in the proper field. > > 200 76.20.227.211 - - [21/Jun/2017:00:48:45 +0000] "GET /images/photo.jpg HTTP/1.1" 91223 "http://www.mydomain.com/page.html" "Mozilla/5.0 (Linux; Android 6.0.1; SM-T350 B > uild/MMB29M) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.83 Safari/537.36" "-" > > I sanitize these a bit because I don't like this stuff showing up in > google searches, but the basic format is the same. I use a custom log > file format. > > > On Tue, 20 Jun 2017 17:49:14 -0700 > Robert Paprocki wrote: > >> Do you mean $http_user_agent? >> >>> On Jun 20, 2017, at 17:36, "lists at lazygranch.com" >>> wrote: >>> >>> I would like to block the google app from directly downloading >>> images. >>> >>> access.log: >>> >>> 200 186.155.157.9 - - [20/Jun/2017:00:35:47 +0000] >>> "GET /images/photo.jpg HTTP/1.1" 334052 "-" >>> "com.google.GoogleMobile/28.0.0 iPad/9.3.5 hw/iPad2_5" "-" >>> >>> >>> My nginx code in the images location: >>> >>> if ($http_referer ~* (com.google.GoogleMobile)) { >>> return 403; >>> } >>> >>> So what I am doing wrong? >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at forum.nginx.org Wed Jun 21 07:00:21 2017 From: nginx-forum at forum.nginx.org (rebaca) Date: Wed, 21 Jun 2017 03:00:21 -0400 Subject: Enabling NGINX to forward static file request to origin server if the file is absent Message-ID: <76df5765f8b371391d08ec1942e3e7bb.NginxMailingListEnglish@forum.nginx.org> BACKGROUND: ----------------------- Currently NGINX supports static file caching wherein if the file is present in the location (derived from the config), then it will serve the client directly. Else it just intimates the client that the file is not present. There is no capability to forward the request to origin server, get the the file, save it and serve it to the client AFAIK. I am not sure. Please correct me if I am wrong. I need to achieve above capability along with few more additions as described below. REQUIREMENT: ------------------------- Currently I have a requirement with the following conditions: - Both Nginx server and origin server should be on the same machine - Nginx server should provide the file statically from the static cache when the client requests it - if Nginx server does not find the static file in the static file location (generally the location path prepended by root), then it has to forward the request to the origin server asking for the file - once it gets the file, it has to save it in the said location (static file location) - after saving the file, it has to serve the same file back to the client also - care should be taken so that when multiple client requests arrive simultaneously and file cache is not present, it has to hold all the requests get the file from the origin server and then provide the files for all the clients (just like NGINX proxy handler does with proxy_cache_lock) - purging support should also be provided. IMPLEMENTATION: ---------------------------- - earlier I planned to write an NGINX module by myself but I had to take care of all the housekeeping and other stuffs already supported by static cache hander (ngx_http_static_module.c). This method seemed to be bit cumbersome - then I planned to modify the static cache module itself so that whenever it does not find the file in the said location, I can modify the code so that I can forward the request to upstream server. In the same module, once the response is obtained from the upstream server, modify the code so that the file is saved in the said location and also served to the clients. - NOTE: I am not enabling NGINX proxy handler. - I also need to support the functionality similar to proxy_cache_lock where multiple client requests are held in the queue and served QUESTION ------------------ - Please let me know if the approach I am planning serves the purpose ? - Do you have any other alternative approach. Please do let me know. - Is there any way to delegate the functionality to default handler ? (for example, if the static file is already present, in my handler can I delegate further processing to default static file cache module of NGINX) Looking forward for your valuable input Thank you Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275008,275008#msg-275008 From lists at lazygranch.com Wed Jun 21 07:12:00 2017 From: lists at lazygranch.com (lists at lazygranch.com) Date: Wed, 21 Jun 2017 00:12:00 -0700 Subject: block google app In-Reply-To: <20170621035646.5726295.20235.31263@lazygranch.com> References: <20170620173638.44e8b1ad.lists@lazygranch.com> <20170620183547.50d741ea.lists@lazygranch.com> <1335C156-F524-4E06-B3EA-250575F4D6CA@fearnothingproductions.net> <20170621035646.5726295.20235.31263@lazygranch.com> Message-ID: <20170621001200.1c533beb.lists@lazygranch.com> Actually I think I was mistaken and the field is the user agent. I will change the variable and see what happens. I did some experiments to show the pattern match works. On Tue, 20 Jun 2017 20:56:46 -0700 lists at lazygranch.com wrote: > I want to block by referrer. I provided a more "normal" record so > that the user agent and referrer location was obvious by context.? > > My problem is I'm not creating the match expression correctly. I've > tried spaces, parens. I haven't tried quotes. ?? > > ? Original Message ? > From: Robert Paprocki > Sent: Tuesday, June 20, 2017 6:47 PM > To: nginx at nginx.org > Reply To: nginx at nginx.org > Subject: Re: block google app > > Well what is your log format then? We can't possibly help you if we > don't have the necessary info ;) > > Do you want to block based on http referer? Or user agent string? Or > something else entirely? The config snippet you posted indicates you > are trying to block by referer. If you want to block a request based > on the user agent string, you need to use the variable I noted > ($http_user_agent). > > Sent from my iPhone > > > On Jun 20, 2017, at 18:35, "lists at lazygranch.com" > > wrote: > > > > I think the ipad is the useragent. I wiped out that access.log, but > > here is a fresh one showing a browser (user agent) in the proper > > field. > > > > 200 76.20.227.211 - - [21/Jun/2017:00:48:45 +0000] > > "GET /images/photo.jpg HTTP/1.1" 91223 > > "http://www.mydomain.com/page.html" "Mozilla/5.0 (Linux; Android > > 6.0.1; SM-T350 B uild/MMB29M) AppleWebKit/537.36 (KHTML, like > > Gecko) Chrome/58.0.3029.83 Safari/537.36" "-" > > > > I sanitize these a bit because I don't like this stuff showing up in > > google searches, but the basic format is the same. I use a custom > > log file format. > > > > > > On Tue, 20 Jun 2017 17:49:14 -0700 > > Robert Paprocki wrote: > > > >> Do you mean $http_user_agent? > >> > >>> On Jun 20, 2017, at 17:36, "lists at lazygranch.com" > >>> wrote: > >>> > >>> I would like to block the google app from directly downloading > >>> images. > >>> > >>> access.log: > >>> > >>> 200 186.155.157.9 - - [20/Jun/2017:00:35:47 +0000] > >>> "GET /images/photo.jpg HTTP/1.1" 334052 "-" > >>> "com.google.GoogleMobile/28.0.0 iPad/9.3.5 hw/iPad2_5" "-" > >>> > >>> > >>> My nginx code in the images location: > >>> > >>> if ($http_referer ~* (com.google.GoogleMobile)) { > >>> return 403; > >>> } > >>> > >>> So what I am doing wrong? > >>> _______________________________________________ > >>> nginx mailing list > >>> nginx at nginx.org > >>> http://mailman.nginx.org/mailman/listinfo/nginx > >> _______________________________________________ > >> nginx mailing list > >> nginx at nginx.org > >> http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mzcart at qq.com Wed Jun 21 07:26:10 2017 From: mzcart at qq.com (=?ISO-8859-1?B?R2VvcmdlIC8=?=) Date: Wed, 21 Jun 2017 15:26:10 +0800 Subject: how nginx decide which server block to use Message-ID: Hi all, i am running nginx version: nginx/1.12.0.i got following server block config as below, all request match regular expression work well,but request to server s01.example.com return 404.what's wrong? i googled for a while,most of the article said,it first try to match literal string ,then wildcard,and regular expression last. ------------------------------ server { listen 80; server_name _; access_log /data/wwwlogs/access_nginx.log combined; root /data/wwwroot/public_html; index index.html index.htm index.php; #error_page 404 /404.html; #error_page 502 /502.html; location /nginx_status { stub_status on; access_log off; allow 127.0.0.1; deny all; } location ~ [^/]\.php(/|$) { #fastcgi_pass remote_php_ip:9000; fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi.conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } location ~ /\.ht { deny all; } } server { listen [ip1]:80; server_name ~^(?[a-z0-9]+)\.(?[a-z0-9\-]+)\.(?[a-z]+); index index.html index.php; root /home/$domain.$domext/$subdomain; location / { try_files $uri $uri/ @apache =404; } location ~ (.*)\.html$ { if (!-f '$document_root/$uri') { rewrite /(.*)\.html$ /$1.php last; } try_files $uri @apache =404; } location @apache { fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location ~ .*\.(php|php5|cgi|pl)$ { fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } location ~ /\.ht { deny all; } } server { listen [ip2]:80; #server_name ~^(?[a-z0-9]+).(?[a-z0-9.]+); server_name ~^(?[a-z0-9]+)\.(?[a-z0-9\-]+)\.(?[a-z]+); #server_name ~^(?[a-z0-9]+).com; #access_log off; index index.html index.php; root /ip100/$domain.$domext/$subdomain; #add_header aa $document_root; location / { try_files $uri $uri/ @apache =404; } location ~ (.*)\.html$ { if (!-f '$document_root/$uri') { rewrite /(.*)\.html$ /$1.php last; } try_files $uri @apache =404; } location @apache { fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location ~ .*\.(php|php5|cgi|pl)$ { fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } location ~ /\.ht { deny all; } #access_log /home/wwwlogs/$subdomain.$domain.com_access.log access; #error_log /home/wwwlogs/subdomain.$domain.com_error.log error; } server { listen [ip3]:80; server_name ~^(?[a-z0-9]+)\.(?[a-z0-9\-]+)\.(?[a-z]+); index index.html index.php; root /ip155/$domain.$domext/$subdomain; #add_header aa $document_root; location / { try_files $uri $uri/ @apache =404; } location ~ (.*)\.html$ { if (!-f '$document_root/$uri') { rewrite /(.*)\.html$ /$1.php last; } try_files $uri @apache =404; } location @apache { fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location ~ .*\.(php|php5|cgi|pl)$ { fastcgi_pass unix:/dev/shm/php-cgi.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } location ~ /\.ht { deny all; } #access_log /home/wwwlogs/$subdomain.$domain.com_access.log access; #error_log /home/wwwlogs/subdomain.$domain.com_error.log error; } server { listen [ip3]:80; server_name s01.example.com; access_log off; index index.html index.htm index.php; root /data/ytginc.com/public; rewrite /([a-z]+)$ /index.php/$1; rewrite /([a-z0-9]+)/([a-z]+)/$ /index.php/$1/$2; location / { try_files $uri @apache; } location @apache { include fastcgi_conf; } location ~ .*\.(php|php5|cgi|pl)?$ { include fastcgi_conf; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ { expires 30d; access_log off; } location ~ .*\.(js|css)?$ { expires 7d; access_log off; } location ~ /\.ht { deny all; } } -------------- next part -------------- An HTML attachment was scrubbed... URL: From r at roze.lv Wed Jun 21 08:48:34 2017 From: r at roze.lv (Reinis Rozitis) Date: Wed, 21 Jun 2017 11:48:34 +0300 Subject: Enabling NGINX to forward static file request to origin server if the file is absent In-Reply-To: <76df5765f8b371391d08ec1942e3e7bb.NginxMailingListEnglish@forum.nginx.org> References: <76df5765f8b371391d08ec1942e3e7bb.NginxMailingListEnglish@forum.nginx.org> Message-ID: <5177CE175F62407D8AA3E398C571DEBD@MasterPC> > Currently NGINX supports static file caching wherein if the file is > present > in the location (derived from the config), then it will serve the client > directly. Else it just intimates the client that the file is not present. > There is no capability to forward the request to origin server, get the > the > file, save it and serve it to the client AFAIK. I am not sure. Please > correct me if I am wrong. Hello, I don't exactly understand how did you come to conclusion "There is no capability to forward the request to origin server, get the the file, save it and serve it" .. the whole purpose of the nginx cache is to do exactly that. And by using proxy_cache_lock and proxy_cache_use_stale you can finetune the behaviour. Unless by "file is present in the location" you mean a file directory/tree not created by proxy_cache_path. Even then it's possible to do something like this: server { .. root /data/cache; location / { try_files $uri $uri/ @fetch; } location @fetch { internal; proxy_pass http://yourbackend; proxy_store on; } } The proxy_store directive will physically save the file in the root. The only drawback in this approach is that there is no request coalescing (the proxy_cache_lock has no effect on proxy_store). rr From nginx-forum at forum.nginx.org Wed Jun 21 13:23:37 2017 From: nginx-forum at forum.nginx.org (rebaca) Date: Wed, 21 Jun 2017 09:23:37 -0400 Subject: Enabling NGINX to forward static file request to origin server if the file is absent In-Reply-To: <5177CE175F62407D8AA3E398C571DEBD@MasterPC> References: <5177CE175F62407D8AA3E398C571DEBD@MasterPC> Message-ID: Hi Reinis, Thanks a lot for quick and insightful response. From, Rebaca Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275008,275019#msg-275019 From nginx-forum at forum.nginx.org Wed Jun 21 13:31:03 2017 From: nginx-forum at forum.nginx.org (rebaca) Date: Wed, 21 Jun 2017 09:31:03 -0400 Subject: Is proxy_cache_purge directive not available in NGINX free version ? Message-ID: Hi I am trying to experiment with purging cache content in Nginx server. The Nginx I have is a free version (Not Nginx Plus version). As per one of the document from Nginx website, in order to enable purging on Nginx, I need to use the directive - proxy_cache_purge. But when I try to add this directive in Ngnix configuration and start the server, I get the following error: "nginx: [emerg] unknown directive "proxy_cache_purge" in /etc/nginx/nginx.conf:104" Is this directive proxy_cache_purge is not available in Nginx Free version ? If so it is available in Nginx Plus version ? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275020,275020#msg-275020 From arut at nginx.com Wed Jun 21 13:40:25 2017 From: arut at nginx.com (Roman Arutyunyan) Date: Wed, 21 Jun 2017 16:40:25 +0300 Subject: Is proxy_cache_purge directive not available in NGINX free version ? In-Reply-To: References: Message-ID: <20170621134024.GJ470@Romans-MacBook-Air.local> Hi, On Wed, Jun 21, 2017 at 09:31:03AM -0400, rebaca wrote: > Hi > > I am trying to experiment with purging cache content in Nginx server. The > Nginx I have is a free version (Not Nginx Plus version). > > As per one of the document from Nginx website, in order to enable purging on > Nginx, I need to use the directive - proxy_cache_purge. > > But when I try to add this directive in Ngnix configuration and start the > server, I get the following error: > > > "nginx: [emerg] unknown directive "proxy_cache_purge" in > /etc/nginx/nginx.conf:104" > > > Is this directive proxy_cache_purge is not available in Nginx Free version ? > If so it is available in Nginx Plus version ? Yes, the feature is only available in NGINX Plus, as stated in the documentation: "This functionality is available as part of our commercial subscription." http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_purge -- Roman Arutyunyan From jim at mailman-hosting.com Wed Jun 21 13:43:35 2017 From: jim at mailman-hosting.com (Jim Ohlstein) Date: Wed, 21 Jun 2017 09:43:35 -0400 Subject: Is proxy_cache_purge directive not available in NGINX free version ? In-Reply-To: References: Message-ID: <0296e4ed-076f-69aa-dae5-8c68398ff8a6@mailman-hosting.com> Hello, On 06/21/2017 09:31 AM, rebaca wrote: > Hi > > I am trying to experiment with purging cache content in Nginx server. The > Nginx I have is a free version (Not Nginx Plus version). > > As per one of the document from Nginx website, in order to enable purging on > Nginx, I need to use the directive - proxy_cache_purge. > > But when I try to add this directive in Ngnix configuration and start the > server, I get the following error: > > > "nginx: [emerg] unknown directive "proxy_cache_purge" in > /etc/nginx/nginx.conf:104" > > > Is this directive proxy_cache_purge is not available in Nginx Free version ? > If so it is available in Nginx Plus version ? > This functionality is, or was, available as a third party module for the community version. -- Jim Ohlstein Profesional Mailman Hosting https://mailman-hosting.com From llbgurs at gmail.com Wed Jun 21 13:54:28 2017 From: llbgurs at gmail.com (linbo liao) Date: Wed, 21 Jun 2017 21:54:28 +0800 Subject: When will primary server come back in http upstream module? Message-ID: Hi, Refer to http://nginx.org/en/docs/http/ngx_http_upstream_module.html#server , if all primary server are unavailable, backup server will handle request. I have two question? 1. What's the meaning of unavailable? 2. When will primary server come back, after fail_timeout? Thanks, Linbo -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Wed Jun 21 14:23:03 2017 From: nginx-forum at forum.nginx.org (rebaca) Date: Wed, 21 Jun 2017 10:23:03 -0400 Subject: Is proxy_cache_purge directive not available in NGINX free version ? In-Reply-To: <20170621134024.GJ470@Romans-MacBook-Air.local> References: <20170621134024.GJ470@Romans-MacBook-Air.local> Message-ID: Thanks a lot for a very quick response Regards, Rebaca Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275020,275025#msg-275025 From nginx-forum at forum.nginx.org Wed Jun 21 14:23:56 2017 From: nginx-forum at forum.nginx.org (rebaca) Date: Wed, 21 Jun 2017 10:23:56 -0400 Subject: Is proxy_cache_purge directive not available in NGINX free version ? In-Reply-To: <0296e4ed-076f-69aa-dae5-8c68398ff8a6@mailman-hosting.com> References: <0296e4ed-076f-69aa-dae5-8c68398ff8a6@mailman-hosting.com> Message-ID: <62ddb600f47c61695264135f5c02e5d4.NginxMailingListEnglish@forum.nginx.org> Thank you Jim Best Regards Rebaca Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275020,275026#msg-275026 From steven.hartland at multiplay.co.uk Wed Jun 21 15:51:55 2017 From: steven.hartland at multiplay.co.uk (Steven Hartland) Date: Wed, 21 Jun 2017 16:51:55 +0100 Subject: Peer closed connection in SSL handshake marking upstream as failed In-Reply-To: References: <66bbddaf-ac5c-986f-ea0e-e979f73f0e62@multiplay.co.uk> Message-ID: <8ee2ff6a-3f6a-6459-e9b0-6e3531364e40@multiplay.co.uk> We're seeing an 502 bad gateway responses to client on an nginx load balanced upstream due to "no live upstreams". The upstream in question has 2 servers defined with default settings running over https (proxy_pass https://myupstream). When this happens we see "no live upstreams while connecting to upstream" in the nginx error log and just prior to this: "peer closed connection in SSL handshake (54: Connection reset by peer) while SSL handshaking to upstream". We currently believe that the client closing the connection is causing the upstream to have a failure counted against it. With the defaults of max_fails=1 and fail_timeout=10 it only takes two such closes within a 10 second window to take down all upstream nodes resulting in the "no live upstreams" and hence all subsequent connections for the next 10 seconds fail instantly with 502 bad gateway. Does this explanation seem plausible, is this a bug in nginx? We're currently testing with max_fails=10 as a potential workaround. Regards Steve -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Wed Jun 21 16:09:17 2017 From: nginx-forum at forum.nginx.org (Olaf van der Spek) Date: Wed, 21 Jun 2017 12:09:17 -0400 Subject: FastCGI KeepAlive Message-ID: <259d2a09ad608e289df80c28590e1f44.NginxMailingListEnglish@forum.nginx.org> What does it take to enable KeepAlive for FastCGI upstream servers? I've set upstream { keepalive 99; } and location { fastcgi_keep_conn on; ] but nginx is still closing the connection after each request. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275028,275028#msg-275028 From mdounin at mdounin.ru Wed Jun 21 16:39:34 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 21 Jun 2017 19:39:34 +0300 Subject: Peer closed connection in SSL handshake marking upstream as failed In-Reply-To: <8ee2ff6a-3f6a-6459-e9b0-6e3531364e40@multiplay.co.uk> References: <66bbddaf-ac5c-986f-ea0e-e979f73f0e62@multiplay.co.uk> <8ee2ff6a-3f6a-6459-e9b0-6e3531364e40@multiplay.co.uk> Message-ID: <20170621163934.GA55433@mdounin.ru> Hello! On Wed, Jun 21, 2017 at 04:51:55PM +0100, Steven Hartland wrote: > We're seeing an 502 bad gateway responses to client on an nginx load > balanced upstream due to "no live upstreams". > > The upstream in question has 2 servers defined with default settings > running over https (proxy_pass https://myupstream). > > When this happens we see "no live upstreams while connecting to > upstream" in the nginx error log and just prior to this: > "peer closed connection in SSL handshake (54: Connection reset by peer) > while SSL handshaking to upstream". > > We currently believe that the client closing the connection is causing > the upstream to have a failure counted against it. > > With the defaults of max_fails=1 and fail_timeout=10 it only takes two > such closes within a 10 second window to take down all upstream nodes > resulting in the "no live upstreams" and hence all subsequent > connections for the next 10 seconds fail instantly with 502 bad gateway. > > Does this explanation seem plausible, is this a bug in nginx? Unlikely. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Wed Jun 21 16:55:11 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 21 Jun 2017 19:55:11 +0300 Subject: FastCGI KeepAlive In-Reply-To: <259d2a09ad608e289df80c28590e1f44.NginxMailingListEnglish@forum.nginx.org> References: <259d2a09ad608e289df80c28590e1f44.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170621165511.GB55433@mdounin.ru> Hello! On Wed, Jun 21, 2017 at 12:09:17PM -0400, Olaf van der Spek wrote: > What does it take to enable KeepAlive for FastCGI upstream servers? > I've set upstream { keepalive 99; } and location { fastcgi_keep_conn on; ] > but nginx is still closing the connection after each request. With FastCGI, keepalive directive in the upstream{} block and fastcgi_keep_conn in the location with fastcgi_pass should be enough. Detailed example can be found in the documentation, http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive. If it doesn't work for you, consider providing more details on your configuration and what you observe. -- Maxim Dounin http://nginx.org/ From nginx-forum at forum.nginx.org Wed Jun 21 18:21:10 2017 From: nginx-forum at forum.nginx.org (Olaf van der Spek) Date: Wed, 21 Jun 2017 14:21:10 -0400 Subject: FastCGI KeepAlive In-Reply-To: <20170621165511.GB55433@mdounin.ru> References: <20170621165511.GB55433@mdounin.ru> Message-ID: This is what I've got: upstream backend { server unix:/tmp/backend.socket; keepalive 99; } location /v2 { include fastcgi.conf; fastcgi_keep_conn on; # fastcgi_pass unix:/tmp/backend.socket; fastcgi_pass backend; } I checked with strace and it appeared to close the backend connection right away. Perhaps I made a mistake, I'll check again. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275028,275035#msg-275035 From Rafael.Cirolini at corp.terra.com Wed Jun 21 18:58:06 2017 From: Rafael.Cirolini at corp.terra.com (Rafael Cirolini) Date: Wed, 21 Jun 2017 18:58:06 +0000 Subject: Stale While Revalidate Expires In-Reply-To: <20170607142645.GR55433@mdounin.ru> References: , <20170607142645.GR55433@mdounin.ru> Message-ID: Hi Maxim, Thank so much for your response. You are correct, and the configuration of proxy_cache_use_stale updating was present. Stale while revalidate is a great option, and we use in a websites with more than 50 millions users/month. This graph is our time to waiting to delivery pages to our users. We implement stale while revalidate in the beginning of Mai and we had an improvement of 30%. [cid:179acb8c-85a4-4e56-ad12-b4953a6475bd] Abra?o, Rafael Cirolini Sup Programmatic & Digital Services Terra Global ________________________________ De: nginx em nome de Maxim Dounin Enviado: quarta-feira, 7 de junho de 2017 11:26:45 Para: nginx at nginx.org Assunto: Re: Stale While Revalidate Expires Hello! On Tue, Jun 06, 2017 at 07:33:24PM +0000, Rafael Cirolini wrote: > We've just updated to 1.12 to use the stale-while-revalidate option. > > The application is who sends the cache-control header, like this: > cache-control:max-age=180, stale-while-revalidate=60, stale-if-error=864000 > > If I understood how SWR works, the user shouldn't receive stale content after 180+60 seconds. > > But we are seing stale content after this time. > X-Cache-Status: STALE > > Our DevOps team did a debug: > 2017/05/22 15:14:31 [debug] 21376#21376: *44 http file cache expired: 4 1495476646 1495476871 > 2017/05/22 15:14:31 [debug] 21376#21376: *44 http upstream cache: 4 > 2017/05/22 15:14:31 [debug] 21376#21376: *44 http file cache send: /var/cache/nginx/d/d2/fb19e1c85db7bda5c92ce21530bf5d2d > 2017/05/22 15:14:31 [debug] 21376#21376: *44 http ims:1491861925 lm:1491861925 > 2017/05/22 15:14:31 [debug] 21376#21376: *44 http script var: "STALE" > > The correct answer should be EXPIRED after the max-age+SWR time. > > It looks reasonble to you? The behaviour depends on whether you use "proxy_cache_use_stale updating" in your configuration or not: - If it is explicitly configured, it takes precedence over "Cache-Control: stale-while-revalidate=", and nginx will use any stale response available. - If not configured, nginx will follow "stale-while-revalidate=" specified in the response. The debug log provided suggests that the configuration uses "proxy_cache_use_stale updating" and "proxy_cache_background_update on". -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx ________________________________ Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinat?rio, podem conter informa??o privilegiada ou confidencial e s?o de uso exclusivo da pessoa ou entidade de destino. Se n?o for destinat?rio desta mensagem, fica notificado de que a leitura, utiliza??o, divulga??o e/ou c?pia sem autoriza??o pode estar proibida em virtude da legisla??o vigente. Se recebeu esta mensagem por engano, pedimos que nos comunique imediatamente por esta mesma via e, em seguida, apague-a. Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener informaci?n privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted ?l destinatario indicado, queda notificado de que la lectura, utilizaci?n, divulgaci?n y/o copia sin autorizaci?n puede estar prohibida en virtud de la legislaci?n vigente. Si ha recibido este mensaje por error, le pedimos que nos lo comunique inmediatamente por esta misma v?a y proceda a su exclusi?n. The information contained in this transmissi?n is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: Captura de Tela 2017-06-21 a?s 15.47.55.png Type: image/png Size: 61095 bytes Desc: Captura de Tela 2017-06-21 a?s 15.47.55.png URL: From lists at lazygranch.com Wed Jun 21 19:40:29 2017 From: lists at lazygranch.com (lists at lazygranch.com) Date: Wed, 21 Jun 2017 12:40:29 -0700 Subject: block google app In-Reply-To: <20170621001200.1c533beb.lists@lazygranch.com> References: <20170620173638.44e8b1ad.lists@lazygranch.com> <20170620183547.50d741ea.lists@lazygranch.com> <1335C156-F524-4E06-B3EA-250575F4D6CA@fearnothingproductions.net> <20170621035646.5726295.20235.31263@lazygranch.com> <20170621001200.1c533beb.lists@lazygranch.com> Message-ID: <20170621124029.24ee82df.lists@lazygranch.com> I'm sending 403 responses now, so I screwed up by mistaking the fields in the logs. I'm going back to lurking mode again with my tail shamefully between my legs. This code in the image location section will block the google app: ------------ if ($http_user_agent ~* (com.google.GoogleMobile)) { return 403; } --------- 403 107.2.5.162 - - [21/Jun/2017:07:21:08 +0000] "GET /images/photo.jpg HTTP/1.1" 140 "-" "com.google.GoogleMobile/28.0.0 iPad/10.3.2 hw/iPad6_7" "-" From nginx-forum at forum.nginx.org Wed Jun 21 19:48:22 2017 From: nginx-forum at forum.nginx.org (Olaf van der Spek) Date: Wed, 21 Jun 2017 15:48:22 -0400 Subject: FastCGI KeepAlive In-Reply-To: <259d2a09ad608e289df80c28590e1f44.NginxMailingListEnglish@forum.nginx.org> References: <259d2a09ad608e289df80c28590e1f44.NginxMailingListEnglish@forum.nginx.org> Message-ID: > proxy_pass http://backend; Is this an error in the docs? I think the http:// here isn't right. http://nginx.org/en/docs/http/ngx_http_upstream_module.html Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275028,275038#msg-275038 From steve at greengecko.co.nz Wed Jun 21 19:48:44 2017 From: steve at greengecko.co.nz (steve) Date: Thu, 22 Jun 2017 07:48:44 +1200 Subject: add_header Message-ID: Hi folks, As a precaution against CORS, I add_header Access-Control-Allow-Origin *; outside any location{} block in my server{} definition. I have recently had a problem where I deliver .css via a CDN, and that CDN references font files also on the CDN, and this was triggering CORS, so the font wasn't loaded. The solution was to also add that header to the location{} block that I use to manage the relevant static resources. This seems rather strange. Is it supposed to work this way? Cheers, Steve -- Steve Holdoway BSc(Hons) MIITP https://www.greengecko.co.nz/ Linkedin: https://www.linkedin.com/in/steveholdoway Skype: sholdowa From r at roze.lv Wed Jun 21 20:34:12 2017 From: r at roze.lv (Reinis Rozitis) Date: Wed, 21 Jun 2017 23:34:12 +0300 Subject: add_header In-Reply-To: References: Message-ID: <54942DF7848C4C14812C59E05C3F16E8@Neiroze> > The solution was to also add that header to the location{} block that I > use to manage the relevant static resources. > This seems rather strange. Is it supposed to work this way? If your location blocks contain any add_header directives then those comming from server {} block are ignored (and you have to repeat them). rr From steve at greengecko.co.nz Wed Jun 21 20:44:11 2017 From: steve at greengecko.co.nz (steve) Date: Thu, 22 Jun 2017 08:44:11 +1200 Subject: add_header In-Reply-To: <54942DF7848C4C14812C59E05C3F16E8@Neiroze> References: <54942DF7848C4C14812C59E05C3F16E8@Neiroze> Message-ID: That'll be it then. I'd added cache control headers. Thanks for the swift reply. Mass edit coming up! Steve On 22/06/17 08:34, Reinis Rozitis wrote: >> The solution was to also add that header to the location{} block that >> I use to manage the relevant static resources. > >> This seems rather strange. Is it supposed to work this way? > > If your location blocks contain any add_header directives then those > comming from server {} block are ignored (and you have to repeat them). > > > rr > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -- Steve Holdoway BSc(Hons) MIITP https://www.greengecko.co.nz/ Linkedin: https://www.linkedin.com/in/steveholdoway Skype: sholdowa From sca at andreasschulze.de Wed Jun 21 21:41:46 2017 From: sca at andreasschulze.de (A. Schulze) Date: Wed, 21 Jun 2017 23:41:46 +0200 Subject: session ticket key rotation Message-ID: <36fd6442-9ed3-fce3-b48d-a357108a0b45@andreasschulze.de> Hello, https://nginx.org/r/ssl_session_ticket_key mention session ticket key rotation. Which process read these files? master or worker? Must it be readable for root only or nginx-user? Must I signal nginx processes the rotation? If yes, how? via SIGHUP? thanks for clarification, Andreas From francis at daoine.org Wed Jun 21 21:57:44 2017 From: francis at daoine.org (Francis Daly) Date: Wed, 21 Jun 2017 22:57:44 +0100 Subject: how nginx decide which server block to use In-Reply-To: References: Message-ID: <20170621215744.GN18356@daoine.org> On Wed, Jun 21, 2017 at 03:26:10PM +0800, George / wrote: Hi there, For the question in the Subject: line, see http://nginx.org/en/docs/http/request_processing.html#mixed_name_ip_based_servers > i am running nginx version: nginx/1.12.0.i got following server block config as below, all request match regular expression work well,but request to server s01.example.com return 404.what's wrong? i googled for a while,most of the article said,it first try to match literal string ,then wildcard,and regular expression last. > When you make a request for s01.example.com, do you connect to [ip1], [ip2], [ip3], or something else? Which server{} do you think is being used? Which server do you want nginx to use? For what it is worth, a config line like try_files $uri $uri/ @apache =404; will never try to use the @apache location. Good luck with it, f -- Francis Daly francis at daoine.org From francis at daoine.org Wed Jun 21 22:01:19 2017 From: francis at daoine.org (Francis Daly) Date: Wed, 21 Jun 2017 23:01:19 +0100 Subject: FastCGI KeepAlive In-Reply-To: References: <259d2a09ad608e289df80c28590e1f44.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170621220119.GO18356@daoine.org> On Wed, Jun 21, 2017 at 03:48:22PM -0400, Olaf van der Spek wrote: Hi there, > > proxy_pass http://backend; > > Is this an error in the docs? I think the http:// here isn't right. proxy_pass can speak http or https. The config above is the way you tell it which one to speak to this backend/upstream. It looks right to me. f -- Francis Daly francis at daoine.org From francis at daoine.org Wed Jun 21 22:09:48 2017 From: francis at daoine.org (Francis Daly) Date: Wed, 21 Jun 2017 23:09:48 +0100 Subject: how to install nginx_substitutions_filter in existing Nginx In-Reply-To: References: <20170606172149.GC18356@daoine.org> Message-ID: <20170621220948.GP18356@daoine.org> On Sun, Jun 18, 2017 at 09:59:43PM -0400, David Woodstuck wrote: Hi there, > I have a host Nginx server running in port: 9000, This Nginx will proxy > http://www.myserver.com:10085/. Some pages from > http://www.myserver.com:10085/ have a lot of iframes whose srcs are > http://www.myserver.com:10088/ and http://www.myserver.com:10089/. I cannot > get access to http://www.myserver.com:10085/, http://www.myserver.com:10088/ > and http://www.myserver.com:10089/. I want the pages from > http://www.myserver.com:10085/ to have CORS( add_header > 'Access-Control-Allow-Origin' '*'). How do I achieve this? You have nginx on port 9000 which does "proxy_pass http://www.myserver.com:10085;". You want responses from the upstream port 10085 to include this extra header. Put "add_header Access-Control-Allow-Origin *;" in the same location{} as the proxy_pass. You can test, using something like "curl -v", to confirm that the response to a request to port 9000 does not refer to port 10085 at all, and that it includes the extra header. f -- Francis Daly francis at daoine.org From nginx-forum at forum.nginx.org Thu Jun 22 07:51:21 2017 From: nginx-forum at forum.nginx.org (rebaca) Date: Thu, 22 Jun 2017 03:51:21 -0400 Subject: Nginx not caching the content when the response is just a plain text string Message-ID: <0fd5411d0f32bf29a0cf815b9d444f85.NginxMailingListEnglish@forum.nginx.org> SUMMARY: Nginx not caching the content when the response is just a plain text string DETAILS: Below shows the connection between entities: [ client ] <---> [ serverX ] <---> [ serverY ] serverX and serverY both are virtual nginx servers on same machine. serverX - proxy handler is enabled by using the directive (proxy_cache) serverY - custom handler is used which simply outputs a text which serverX forwards to the client to a particular port say 8111 Below is the sample nginx.conf fragments for each of the server ############################################################### #serverX (1st server) server { location /cache1/ { ... proxy_pass http://localhost:8111/custom/; ... } } #serverY (2nd server) server { location /custom/ { #this is to invoke my custom handler for 2nd server my_custom_module_directive; } } ############################################################### I am trying to access the link "localhost/cache1/sample.txt" which hits serverX. serverX then finds that the file is not present, takes it as MISS, and then forwards the request probably as 'localhost:8111/custom/sample.txt'. But here since "/custom/" is used as filter in location, my custom module handler gets invoked which simply puts a text string in the response body, which is then forwarded to the client. I am able to see the response in the html. The issue is every time I am accessing the file, this sample.txt is still taken, as per cache log, as a MISS (which should have been a HIT instead since previously 1st server serverX should have saved the text string as sample.txt and would have served directly) Kindly let me know why this behaviour of serverX not caching such a response from serverY (which is a text in the response body). Please let me know if you need further clarifications. PS - cache has been enabled and verified (used the directives - proxy_cache_path, proxy_cache, proxy_cache_valid) content-type and other response headers from serverY is properly assigned. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275046,275046#msg-275046 From reallfqq-nginx at yahoo.fr Thu Jun 22 08:01:45 2017 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Thu, 22 Jun 2017 10:01:45 +0200 Subject: When will primary server come back in http upstream module? In-Reply-To: References: Message-ID: 1. 'unavailable' means the server will automatically and temporarily be removed from the pool of servers managed by the upstream (same effect as manually parametering it as down) 2. the fail_timeout parameter documentation of the very section you provided a link to is pretty clear: this value both configure the duration during which the parametered amount of failure must be recorded and the time during which the server will subsequently be unavailable --- *B. R.* On Wed, Jun 21, 2017 at 3:54 PM, linbo liao wrote: > Hi, > > Refer to http://nginx.org/en/docs/http/ngx_http_upstream_module.html#server > , if all primary server are unavailable, backup server will handle request. > > I have two question? > 1. What's the meaning of unavailable? > 2. When will primary server come back, after fail_timeout? > > Thanks, > Linbo > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From reallfqq-nginx at yahoo.fr Thu Jun 22 08:07:51 2017 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Thu, 22 Jun 2017 10:07:51 +0200 Subject: session ticket key rotation In-Reply-To: <36fd6442-9ed3-fce3-b48d-a357108a0b45@andreasschulze.de> References: <36fd6442-9ed3-fce3-b48d-a357108a0b45@andreasschulze.de> Message-ID: nginx configuration is parsed/analyzed by nginx master process by design. Moreover, TLS configuration is kept at this level if I recall well. Thus, the user your master process use needs to have the rights to access the specified file. To reload nginx configuration, you will indeed need to use SIGHUP, as nginx control documentation states. --- *B. R.* On Wed, Jun 21, 2017 at 11:41 PM, A. Schulze wrote: > Hello, > > https://nginx.org/r/ssl_session_ticket_key mention session ticket key > rotation. > > Which process read these files? master or worker? > Must it be readable for root only or nginx-user? > Must I signal nginx processes the rotation? If yes, how? via SIGHUP? > > thanks for clarification, > Andreas > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From sca at andreasschulze.de Thu Jun 22 09:42:12 2017 From: sca at andreasschulze.de (A. Schulze) Date: Thu, 22 Jun 2017 11:42:12 +0200 Subject: session ticket key rotation In-Reply-To: References: <36fd6442-9ed3-fce3-b48d-a357108a0b45@andreasschulze.de> Message-ID: <20170622114212.Horde.7RK5Y09Dl4rRL7nPvq2AnqB@andreasschulze.de> B.R. via nginx: > nginx configuration is parsed/analyzed by nginx master process by design. > Moreover, TLS configuration is kept at this level if I recall well. > Thus, the user your master process use needs to have the rights to access > the specified file. > > To reload nginx configuration, you will indeed need to use SIGHUP, as nginx > control documentation states. >> Which process read these files? master or worker? >> Must it be readable for root only or nginx-user? OK, looks like master process only read the files. I changes the mode 0400, ohwner root and at least got no failure after send SIGUP nginx master process. >> Must I signal nginx processes the rotation? If yes, how? via SIGHUP? that's still my open question. which code will use the content of the files referenced by https://nginx.org/r/ssl_session_ticket_key ? Andreas From nginx-forum at forum.nginx.org Thu Jun 22 09:53:04 2017 From: nginx-forum at forum.nginx.org (jindov) Date: Thu, 22 Jun 2017 05:53:04 -0400 Subject: [nginx logging module]$Request_time almost show 0.000 with proxy cache configuration Message-ID: <0d5d7aa381a4d73bf2fecf68d91b0c46.NginxMailingListEnglish@forum.nginx.org> Hi guys, I've configured for nginx to cache static like jpeg|png. The problem is if request with MISS status, it will show a non-zero value request_time, but if a HIT request, the request_time value is 0.000. This is an nginx bug and is there anyway to resolve it. My log format ``` log_format cache '$remote_addr - [$time_local] $upstream_cache_status $upstream_addr ' '"$request" $status $body_bytes_sent $request_time ["$upstream_response_time"] "$http_referer" ' '"$http_user_agent" "$host" "$server_port" "$connection"'; ``` I read a topic about this but this is not informational. I've try to set timer_resolution to 0ms but nothing was changed Thanks Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275053,275053#msg-275053 From nginx-forum at forum.nginx.org Thu Jun 22 10:00:16 2017 From: nginx-forum at forum.nginx.org (Olaf van der Spek) Date: Thu, 22 Jun 2017 06:00:16 -0400 Subject: FastCGI KeepAlive In-Reply-To: <20170621165511.GB55433@mdounin.ru> References: <20170621165511.GB55433@mdounin.ru> Message-ID: <7970d31851982d356ae13f4ce15d31d0.NginxMailingListEnglish@forum.nginx.org> Note the connect(13, ...) and close(13) right after the response has been received. For PHP it's working, but AFAIK there's nothing in the FastCGI protocol that the backend has to do other then keeping the connection open. gettimeofday({tv_sec=1498125120, tv_usec=540583}, NULL) = 0 recvfrom(3, "GET /v2/rides HTTP/1.1\r\nHost: de"..., 1024, 0, NULL, NULL) = 561 socket(AF_UNIX, SOCK_STREAM, 0) = 13 ioctl(13, FIONBIO, [1]) = 0 epoll_ctl(10, EPOLL_CTL_ADD, 13, {EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, {u32=370685264, u64=94674334790992}}) = 0 connect(13, {sa_family=AF_UNIX, sun_path="/tmp/backend.socket"}, 110) = 0 getsockopt(13, SOL_SOCKET, SO_ERROR, [0], [4]) = 0 writev(13, [{iov_base="\1\1\0\1\0\10\0\0\0\1\1\0\0\0\0\0\1\4\0\1\3\344\4\0\17\36SCRIPT"..., iov_len=1040}], 1) = 1040 recvfrom(3, 0x7ffeb4895e57, 1, MSG_PEEK, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable) epoll_wait(10, [{EPOLLOUT, {u32=370685264, u64=94674334790992}}], 512, 60000) = 1 gettimeofday({tv_sec=1498125120, tv_usec=546097}, NULL) = 0 epoll_wait(10, [{EPOLLIN|EPOLLOUT, {u32=370685264, u64=94674334790992}}], 512, 59994) = 1 gettimeofday({tv_sec=1498125120, tv_usec=550400}, NULL) = 0 recvfrom(13, "\1\6\0\1\7[\0\0Content-Type: applicatio"..., 4096, 0, NULL, NULL) = 1915 readv(13, [{iov_base=0x561b1610558b, iov_len=2181}], 1) = -1 EAGAIN (Resource temporarily unavailable) writev(3, [{iov_base="HTTP/1.1 200 OK\r\nServer: nginx/1"..., iov_len=201}, {iov_base="712\r\n", iov_len=5}, {iov_base="\37\213\10\0\0\0\0\0\0\3\335\335Oo\334T\30\305\341}?E\325u\211\356?\277\347\274|\3"..., iov_len=1810}, {iov_base="\r\n", iov_len=2}], 4) = 2018 close(13) = 0 writev(3, [{iov_base="0\r\n\r\n", iov_len=5}], 1) = 5 write(4, "84.207.216.34 - - [22/Jun/2017:0"..., 203) = 203 recvfrom(3, 0x561b1616a130, 1024, 0, NULL, NULL) = -1 EAGAIN (Resource temporarily unavailable) epoll_wait(10, [{EPOLLIN|EPOLLOUT, {u32=370684801, u64=94674334790529}}], 512, 65000) = 1 Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275028,275054#msg-275054 From mdounin at mdounin.ru Thu Jun 22 13:36:53 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 22 Jun 2017 16:36:53 +0300 Subject: Nginx not caching the content when the response is just a plain text string In-Reply-To: <0fd5411d0f32bf29a0cf815b9d444f85.NginxMailingListEnglish@forum.nginx.org> References: <0fd5411d0f32bf29a0cf815b9d444f85.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170622133653.GG55433@mdounin.ru> Hello! On Thu, Jun 22, 2017 at 03:51:21AM -0400, rebaca wrote: [...] > I am trying to access the link "localhost/cache1/sample.txt" which hits > serverX. serverX then finds that the file is not present, takes it as MISS, > and then forwards the request probably as > 'localhost:8111/custom/sample.txt'. But here since "/custom/" is used as > filter in location, my custom module handler gets invoked which simply puts > a text string in the response body, which is then forwarded to the client. I > am able to see the response in the html. > > The issue is every time I am accessing the file, this sample.txt is still > taken, as per cache log, as a MISS (which should have been a HIT instead > since previously 1st server serverX should have saved the text string as > sample.txt and would have served directly) > > Kindly let me know why this behaviour of serverX not caching such a response > from serverY (which is a text in the response body). There may be multiple reasons to not cache a response even with cache properly configured, including: - no Cache-Control / Expires headers, and no proxy_cache_valid configured for a particular response code; - various headers which prevent caching, including Cache-Control which disables caching, Expires in the past, Set-Cookie, "Vary: *"; - incomplete or incorrect response (for example, you announce some Content-Length, but the actual body is smaller). Some additional details can be found in the documentation, see http://nginx.org/r/proxy_cache_valid. If you don't see why a particular response is not cached, a debugging log might help, see http://nginx.org/en/docs/debugging_log.html. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Thu Jun 22 13:41:51 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 22 Jun 2017 16:41:51 +0300 Subject: [nginx logging module]$Request_time almost show 0.000 with proxy cache configuration In-Reply-To: <0d5d7aa381a4d73bf2fecf68d91b0c46.NginxMailingListEnglish@forum.nginx.org> References: <0d5d7aa381a4d73bf2fecf68d91b0c46.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170622134150.GH55433@mdounin.ru> Hello! On Thu, Jun 22, 2017 at 05:53:04AM -0400, jindov wrote: > I've configured for nginx to cache static like jpeg|png. The problem is if > request with MISS status, it will show a non-zero value request_time, but if > a HIT request, the request_time value is 0.000. This is expected behaviour. When nginx is able to fully serve a request during one event loop iteration (that is, read the request, and fully send the response to the socket), $request_time will be 0, as nginx's internal time is only updated once per event loop iteration. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Thu Jun 22 13:50:50 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 22 Jun 2017 16:50:50 +0300 Subject: FastCGI KeepAlive In-Reply-To: <7970d31851982d356ae13f4ce15d31d0.NginxMailingListEnglish@forum.nginx.org> References: <20170621165511.GB55433@mdounin.ru> <7970d31851982d356ae13f4ce15d31d0.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170622135050.GI55433@mdounin.ru> Hello! On Thu, Jun 22, 2017 at 06:00:16AM -0400, Olaf van der Spek wrote: > Note the connect(13, ...) and close(13) right after the response has been > received. > For PHP it's working, but AFAIK there's nothing in the FastCGI protocol that > the backend has to do other then keeping the connection open. [...] > connect(13, {sa_family=AF_UNIX, sun_path="/tmp/backend.socket"}, 110) = 0 > getsockopt(13, SOL_SOCKET, SO_ERROR, [0], [4]) = 0 > writev(13, > [{iov_base="\1\1\0\1\0\10\0\0\0\1\1\0\0\0\0\0\1\4\0\1\3\344\4\0\17\36SCRIPT"..., > iov_len=1040}], 1) = 1040 Just a note: FCGI_KEEP_CONN flag is set here, as per "fastcgi_keep_conn on". [...] > recvfrom(13, "\1\6\0\1\7[\0\0Content-Type: applicatio"..., 4096, 0, NULL, > NULL) = 1915 > readv(13, [{iov_base=0x561b1610558b, iov_len=2181}], 1) = -1 EAGAIN > (Resource temporarily unavailable) > writev(3, [{iov_base="HTTP/1.1 200 OK\r\nServer: nginx/1"..., iov_len=201}, > {iov_base="712\r\n", iov_len=5}, > {iov_base="\37\213\10\0\0\0\0\0\0\3\335\335Oo\334T\30\305\341}?E\325u\211\356?\277\347\274|\3"..., > iov_len=1810}, {iov_base="\r\n", iov_len=2}], 4) = 2018 > close(13) = 0 And the connection is not closed by upstream server, as per FCGI_KEEP_CONN flag. It is then closed by nginx for some reason though. Unfortunately, it is not possible to tell from the trace why the connection is closed, as full upstream server response is not available. Debugging log from nginx might be helpfull here, see http://nginx.org/en/docs/debuggin_log.html. In general, FastCGI connection might not be kept open by nginx if an upstream server sent the response (closed the STDOUT stream), but the connection is in a state which require additional handling (for example, there was no END_REQUEST record). If you are using some custom FastCGI implementation, this might be the case. -- Maxim Dounin http://nginx.org/ From peter_booth at me.com Thu Jun 22 13:58:06 2017 From: peter_booth at me.com (Peter Booth) Date: Thu, 22 Jun 2017 13:58:06 +0000 (GMT) Subject: =?utf-8?B?UmU6IFtuZ2lueCBsb2dnaW5nIG1vZHVsZV0kUmVxdWVzdF90aW1lIGFsbW9z?= =?utf-8?B?dCBzaG93IDAuMDAwIHdpdGggcHJveHkgY2FjaGUgY29uZmlndXJhdGlvbg==?= Message-ID: <106169aa-679b-4c41-945c-26241aae0c70@me.com> This might not be?a bug at all. Remember that when nginx logs request time it's doing so with millisecond?precision. This is very, very coarse-grained when you consider what modern hardware is capable of. The Tech Empower benchmarks shwo that an (openresty) nginx on a quad-socket host can server more than 800,000 dynamic lua requests per second. We should expect? that static resources served from ngixn cache to be faster than this. Remember: ?- a cache hit means that the resource should also be in the linux page cache - so no physical disk read?needed. - writing a small png file from memory to the network (on a 10G ethernet ) could take a few?microsec. Depending on NIC IRQ consolidation settings this might be as much as 60/70micros. - reading the time (gettimeofday()) will itself take about 30 nanoseconds. These are al intervals that are too small to be visible to the 1ms granularity of the request_time logging. My experience has been that very busy webservers running on even five year old hardware will consistently log 0ms ?request time for cache hits. If I saw anything different I'd be wondering what was wrong with the environment. Peter On Jun 22, 2017, at 05:53 AM, jindov wrote: Hi guys, I've configured for nginx to cache static like jpeg|png. The problem is if request with MISS status, it will show a non-zero value request_time, but if a HIT request, the request_time value is 0.000. This is an nginx bug and is there anyway to resolve it. My log format ``` log_format cache '$remote_addr - [$time_local] $upstream_cache_status $upstream_addr ' '"$request" $status $body_bytes_sent $request_time ["$upstream_response_time"] "$http_referer" ' '"$http_user_agent" "$host" "$server_port" "$connection"'; ``` I read a topic about this but this is not informational. I've try to set timer_resolution to 0ms but nothing was changed Thanks Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275053,275053#msg-275053 _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Thu Jun 22 14:10:32 2017 From: nginx-forum at forum.nginx.org (Olaf van der Spek) Date: Thu, 22 Jun 2017 10:10:32 -0400 Subject: FastCGI KeepAlive In-Reply-To: <20170622135050.GI55433@mdounin.ru> References: <20170622135050.GI55433@mdounin.ru> Message-ID: <0d0c69ba3e5b419beb173319807847cf.NginxMailingListEnglish@forum.nginx.org> Thanks! I'll see if I can post the full response. The implementation is custom indeed, but I am sending FCGI_END_REQUEST. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275028,275067#msg-275067 From lucas at slcoding.com Thu Jun 22 14:15:58 2017 From: lucas at slcoding.com (Lucas Rolff) Date: Thu, 22 Jun 2017 16:15:58 +0200 Subject: [nginx logging module]$Request_time almost show 0.000 with proxy cache configuration In-Reply-To: <106169aa-679b-4c41-945c-26241aae0c70@me.com> References: <106169aa-679b-4c41-945c-26241aae0c70@me.com> Message-ID: <594BD11E.7060503@slcoding.com> > - a cache hit means that the resource should also be in the linux page cache - so no physical disk read needed. That's a very wrong assumption to make, and only makes sense in very small scale setups - and multiple terabytes of memory isn't exactly cheap, that's why we have SSD storage to handle such things, and it would still be a "HIT" even if it's not within the memory. Peter Booth wrote: > This might not be a bug at all. Remember that when nginx logs request > time it's doing so with millisecond precision. This is very, very > coarse-grained when you consider what > modern hardware is capable of. The Tech Empower benchmarks shwo that > an (openresty) nginx on > a quad-socket host can server more than 800,000 dynamic lua requests > per second. We should expect > that static resources served from ngixn cache to be faster than this. > > Remember: > - a cache hit means that the resource should also be in the linux > page cache - so no physical disk read needed. > - writing a small png file from memory to the network (on a 10G > ethernet ) could take a few microsec. Depending on NIC IRQ > consolidation settings this might be as much as 60/70micros. > - reading the time (gettimeofday()) will itself take about 30 nanoseconds. > > These are al intervals that are too small to be visible to the 1ms > granularity of the request_time logging. > > My experience has been that very busy webservers running on even five > year old hardware > will consistently log 0ms request time for cache hits. If I saw > anything different I'd be wondering > what was wrong with the environment. > > Peter > > On Jun 22, 2017, at 05:53 AM, jindov wrote: > >> Hi guys, >> >> I've configured for nginx to cache static like jpeg|png. The problem >> is if >> request with MISS status, it will show a non-zero value request_time, >> but if >> a HIT request, the request_time value is 0.000. >> This is an nginx bug and is there anyway to resolve it. >> >> My log format >> >> ``` >> log_format cache '$remote_addr - [$time_local] $upstream_cache_status >> $upstream_addr ' >> '"$request" $status $body_bytes_sent $request_time >> ["$upstream_response_time"] "$http_referer" ' >> '"$http_user_agent" "$host" "$server_port" >> "$connection"'; >> ``` >> >> I read a topic about this but this is not informational. I've try to set >> timer_resolution to 0ms but nothing was changed >> >> Thanks >> >> Posted at Nginx Forum: >> https://forum.nginx.org/read.php?2,275053,275053#msg-275053 >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Thu Jun 22 14:23:01 2017 From: nginx-forum at forum.nginx.org (Olaf van der Spek) Date: Thu, 22 Jun 2017 10:23:01 -0400 Subject: FastCGI KeepAlive In-Reply-To: <20170622135050.GI55433@mdounin.ru> References: <20170622135050.GI55433@mdounin.ru> Message-ID: <2fd34bbb11b433854a9c4a7b7037dd2a.NginxMailingListEnglish@forum.nginx.org> Does nginx use / depend on FCGI_GET_VALUES? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275028,275069#msg-275069 From jeff.dyke at gmail.com Thu Jun 22 14:47:17 2017 From: jeff.dyke at gmail.com (Jeff Dyke) Date: Thu, 22 Jun 2017 10:47:17 -0400 Subject: block google app In-Reply-To: <20170621124029.24ee82df.lists@lazygranch.com> References: <20170620173638.44e8b1ad.lists@lazygranch.com> <20170620183547.50d741ea.lists@lazygranch.com> <1335C156-F524-4E06-B3EA-250575F4D6CA@fearnothingproductions.net> <20170621035646.5726295.20235.31263@lazygranch.com> <20170621001200.1c533beb.lists@lazygranch.com> <20170621124029.24ee82df.lists@lazygranch.com> Message-ID: I'm glad you found the solution, but being a Google crawler, it would likely respect a robots.txt file with Disallow: images/*, which if it worked would allow you to remove an if clause from being evaluated on every page load. You may have already tried it. But i have a feeling you'll start to find more that are after this directory. When i was at an image heavy start up, we had every one imaginable. Best, Jeff On Wed, Jun 21, 2017 at 3:40 PM, lists at lazygranch.com wrote: > I'm sending 403 responses now, so I screwed up by mistaking the fields > in the logs. I'm going back to lurking mode again with my tail > shamefully between my legs. > > This code in the image location section will block the google app: > ------------ > if ($http_user_agent ~* (com.google.GoogleMobile)) { > return 403; > } > --------- > > 403 107.2.5.162 - - [21/Jun/2017:07:21:08 +0000] "GET /images/photo.jpg > HTTP/1.1" 140 "-" "com.google.GoogleMobile/28.0.0 iPad/10.3.2 hw/iPad6_7" > "-" > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From r1ch+nginx at teamliquid.net Thu Jun 22 15:03:17 2017 From: r1ch+nginx at teamliquid.net (Richard Stanway) Date: Thu, 22 Jun 2017 17:03:17 +0200 Subject: block google app In-Reply-To: References: <20170620173638.44e8b1ad.lists@lazygranch.com> <20170620183547.50d741ea.lists@lazygranch.com> <1335C156-F524-4E06-B3EA-250575F4D6CA@fearnothingproductions.net> <20170621035646.5726295.20235.31263@lazygranch.com> <20170621001200.1c533beb.lists@lazygranch.com> <20170621124029.24ee82df.lists@lazygranch.com> Message-ID: That user agent doesn't belong to a Google crawler - they are end-user requests from the Google App (mobile application). I'm not sure what the motivation is for blocking them but I wouldn't consider it malicious / unwanted traffic. On Thu, Jun 22, 2017 at 4:47 PM, Jeff Dyke wrote: > I'm glad you found the solution, but being a Google crawler, it would > likely respect a robots.txt file with Disallow: images/*, which if it > worked would allow you to remove an if clause from being evaluated on every > page load. > > You may have already tried it. But i have a feeling you'll start to find > more that are after this directory. When i was at an image heavy start up, > we had every one imaginable. > > Best, > Jeff > > On Wed, Jun 21, 2017 at 3:40 PM, lists at lazygranch.com < > lists at lazygranch.com> wrote: > >> I'm sending 403 responses now, so I screwed up by mistaking the fields >> in the logs. I'm going back to lurking mode again with my tail >> shamefully between my legs. >> >> This code in the image location section will block the google app: >> ------------ >> if ($http_user_agent ~* (com.google.GoogleMobile)) { >> return 403; >> } >> --------- >> >> 403 107.2.5.162 - - [21/Jun/2017:07:21:08 +0000] "GET /images/photo.jpg >> HTTP/1.1" 140 "-" "com.google.GoogleMobile/28.0.0 iPad/10.3.2 >> hw/iPad6_7" "-" >> >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Thu Jun 22 15:31:50 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 22 Jun 2017 18:31:50 +0300 Subject: FastCGI KeepAlive In-Reply-To: <2fd34bbb11b433854a9c4a7b7037dd2a.NginxMailingListEnglish@forum.nginx.org> References: <20170622135050.GI55433@mdounin.ru> <2fd34bbb11b433854a9c4a7b7037dd2a.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170622153150.GK55433@mdounin.ru> Hello! On Thu, Jun 22, 2017 at 10:23:01AM -0400, Olaf van der Spek wrote: > Does nginx use / depend on FCGI_GET_VALUES? No, it doesn't. -- Maxim Dounin http://nginx.org/ From jeff.dyke at gmail.com Thu Jun 22 15:44:49 2017 From: jeff.dyke at gmail.com (Jeff Dyke) Date: Thu, 22 Jun 2017 11:44:49 -0400 Subject: block google app In-Reply-To: References: <20170620173638.44e8b1ad.lists@lazygranch.com> <20170620183547.50d741ea.lists@lazygranch.com> <1335C156-F524-4E06-B3EA-250575F4D6CA@fearnothingproductions.net> <20170621035646.5726295.20235.31263@lazygranch.com> <20170621001200.1c533beb.lists@lazygranch.com> <20170621124029.24ee82df.lists@lazygranch.com> Message-ID: I ended up digging a bit more and found that I believe Richard to be correct in both cases. I would check the ips and see who they belong to, you may just be hurting your mobile users. On Thu, Jun 22, 2017 at 11:03 AM, Richard Stanway wrote: > That user agent doesn't belong to a Google crawler - they are end-user > requests from the Google App (mobile application). I'm not sure what the > motivation is for blocking them but I wouldn't consider it malicious / > unwanted traffic. > > On Thu, Jun 22, 2017 at 4:47 PM, Jeff Dyke wrote: > >> I'm glad you found the solution, but being a Google crawler, it would >> likely respect a robots.txt file with Disallow: images/*, which if it >> worked would allow you to remove an if clause from being evaluated on every >> page load. >> >> You may have already tried it. But i have a feeling you'll start to find >> more that are after this directory. When i was at an image heavy start up, >> we had every one imaginable. >> >> Best, >> Jeff >> >> On Wed, Jun 21, 2017 at 3:40 PM, lists at lazygranch.com < >> lists at lazygranch.com> wrote: >> >>> I'm sending 403 responses now, so I screwed up by mistaking the fields >>> in the logs. I'm going back to lurking mode again with my tail >>> shamefully between my legs. >>> >>> This code in the image location section will block the google app: >>> ------------ >>> if ($http_user_agent ~* (com.google.GoogleMobile)) { >>> return 403; >>> } >>> --------- >>> >>> 403 107.2.5.162 - - [21/Jun/2017:07:21:08 +0000] "GET /images/photo.jpg >>> HTTP/1.1" 140 "-" "com.google.GoogleMobile/28.0.0 iPad/10.3.2 >>> hw/iPad6_7" "-" >>> >>> >>> >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >>> >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at lazygranch.com Thu Jun 22 15:50:02 2017 From: lists at lazygranch.com (lists at lazygranch.com) Date: Thu, 22 Jun 2017 08:50:02 -0700 Subject: block google app In-Reply-To: References: <20170620173638.44e8b1ad.lists@lazygranch.com> <20170620183547.50d741ea.lists@lazygranch.com> <1335C156-F524-4E06-B3EA-250575F4D6CA@fearnothingproductions.net> <20170621035646.5726295.20235.31263@lazygranch.com> <20170621001200.1c533beb.lists@lazygranch.com> <20170621124029.24ee82df.lists@lazygranch.com> Message-ID: <20170622155002.5709911.82129.31407@lazygranch.com> An HTML attachment was scrubbed... URL: From peter_booth at me.com Thu Jun 22 19:17:07 2017 From: peter_booth at me.com (Peter Booth) Date: Thu, 22 Jun 2017 15:17:07 -0400 Subject: block google app In-Reply-To: <20170622155002.5709911.82129.31407@lazygranch.com> References: <20170620173638.44e8b1ad.lists@lazygranch.com> <20170620183547.50d741ea.lists@lazygranch.com> <1335C156-F524-4E06-B3EA-250575F4D6CA@fearnothingproductions.net> <20170621035646.5726295.20235.31263@lazygranch.com> <20170621001200.1c533beb.lists@lazygranch.com> <20170621124029.24ee82df.lists@lazygranch.com> <20170622155002.5709911.82129.31407@lazygranch.com> Message-ID: <9199BBF7-D8EF-426B-8B3C-FBF7293CC181@me.com> From experience this stuff is a lot harder and more nuanced than it might seem. Google's agents are well behaved and obey robots.txt. The last high traffic website I worked on had over 250 different web spiders/bots scraping it. That's 250 different user agents that didn't map to a "real" browser. Identifying them required multiple different techniques, looking at request patterns. It's not always obvious which requests are the ones that you want. Sent from my iPhone > On Jun 22, 2017, at 11:50 AM, lists at lazygranch.com wrote: > > The IP addresses from the Google app aren't those of Google. They are ISPs generally. > > What bugs me is a fair number of these IP addresses never read my web pages. Easy enough to see from access.log. They just look for photos. If I served ads, I would be furious. But what I perceive is Google provides hot linking, pure and simple. I find it annoying. So now the app is tamed. The can always click on visit page. > > At one time the Google image search, as run from the browser, would be blocked if the user clicked on the image. I have the code to stop hot linking in my conf file. But now Google does some weird thing where the image link is not to my website, but is some conglomeration of my URL embedded in a google URL. I assume there is a redirect scheme going on, but the bottom line is the browser gets the full size image without ever clicking on a html file. > > I try to be as unobtrusive as possible on my website. I don't use Google analytics. I don't serve ads. Most pages have no Javascript, so you can use no script if you want. All that said, I'm probably going to set up a scheme where if the IP hadn't read an html file within a given time period, I will 403 image requests. I'd like to do it without a session cookie. > > I don't have an issue with the Google bot reading image files for indexing. What I want is for Google to provide links to the relevant page, not serve the image directly. > > I've used the Google image search from time to time to judge the user experience, and it isn't good in general other than finding photos of famous people. > > ?Case in point, do a search on the SU-27, which is a plane recently in the news. You get a lot of SU-35s. Is this really rocket science? I assume Google has no trust in image tags. But many images have SU-35 in text, which could be read using openCV, as is done with openALPR. But I'm rambling..... > > > From: Richard Stanway > Sent: Thursday, June 22, 2017 8:03 AM > To: nginx at nginx.org > Reply To: nginx at nginx.org > Subject: Re: block google app > > That user agent doesn't belong to a Google crawler - they are end-user requests from the Google App (mobile application). I'm not sure what the motivation is for blocking them but I wouldn't consider it malicious / unwanted traffic. > >> On Thu, Jun 22, 2017 at 4:47 PM, Jeff Dyke wrote: >> I'm glad you found the solution, but being a Google crawler, it would likely respect a robots.txt file with Disallow: images/*, which if it worked would allow you to remove an if clause from being evaluated on every page load. >> >> You may have already tried it. But i have a feeling you'll start to find more that are after this directory. When i was at an image heavy start up, we had every one imaginable. >> >> Best, >> Jeff >> >>> On Wed, Jun 21, 2017 at 3:40 PM, lists at lazygranch.com wrote: >>> I'm sending 403 responses now, so I screwed up by mistaking the fields >>> in the logs. I'm going back to lurking mode again with my tail >>> shamefully between my legs. >>> >>> This code in the image location section will block the google app: >>> ------------ >>> if ($http_user_agent ~* (com.google.GoogleMobile)) { >>> return 403; >>> } >>> --------- >>> >>> 403 107.2.5.162 - - [21/Jun/2017:07:21:08 +0000] "GET /images/photo.jpg HTTP/1.1" 140 "-" "com.google.GoogleMobile/28.0.0 iPad/10.3.2 hw/iPad6_7" "-" >>> >>> >>> >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at lazygranch.com Thu Jun 22 21:29:11 2017 From: lists at lazygranch.com (lists at lazygranch.com) Date: Thu, 22 Jun 2017 14:29:11 -0700 Subject: block google app In-Reply-To: <9199BBF7-D8EF-426B-8B3C-FBF7293CC181@me.com> References: <20170620173638.44e8b1ad.lists@lazygranch.com> <20170620183547.50d741ea.lists@lazygranch.com> <1335C156-F524-4E06-B3EA-250575F4D6CA@fearnothingproductions.net> <20170621035646.5726295.20235.31263@lazygranch.com> <20170621001200.1c533beb.lists@lazygranch.com> <20170621124029.24ee82df.lists@lazygranch.com> <20170622155002.5709911.82129.31407@lazygranch.com> <9199BBF7-D8EF-426B-8B3C-FBF7293CC181@me.com> Message-ID: <20170622212911.5709911.26814.31440@lazygranch.com> An HTML attachment was scrubbed... URL: From dmarzolf at tracelink.com Thu Jun 22 22:26:50 2017 From: dmarzolf at tracelink.com (Dwight Marzolf) Date: Thu, 22 Jun 2017 18:26:50 -0400 Subject: bcrypt Message-ID: We have an installation of nginx 1.10.3 in which we are using an htpasswd file that contains bcrypt encyrpted passwords. This is a file that is used by multiple apps that require authentication. Everything I am reading online says that nginx does not support bcrypt passwords. The other apps using this file have no problem with bcrypt. So, a questions. First, is there a newer version of nginx that does support bcrypt? If not, is there some workaround that will let us somehow use our bcrypt passwords with nginx? I'm trying to avoid having either a separate htpasswd file for nginx or lowering the encryption for all our apps to something that nginx supports. regards, dwight -- *Dwight Marzolf* | Cloud Operations Developer| TraceLink Inc. 400 Riverpark Drive | Suite 200 North Reading, MA 01864 o: 978-396-6111 e: dmarzolf at tracelink.com [image: tracelink-LScloud-logo-sig-2-24-(TEST2)] *Protect patients, enable health, grow profits, ensure compliance* -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.png Type: image/png Size: 12671 bytes Desc: not available URL: From nginx-forum at forum.nginx.org Fri Jun 23 08:02:19 2017 From: nginx-forum at forum.nginx.org (jindov) Date: Fri, 23 Jun 2017 04:02:19 -0400 Subject: [nginx logging module]$Request_time almost show 0.000 with proxy cache configuration In-Reply-To: <594BD11E.7060503@slcoding.com> References: <594BD11E.7060503@slcoding.com> Message-ID: So as you guys said: it's a normal behavior of nginx and the problem is how can I monitor response time exactly?because, when I request a static link (a jpeg i.e), it take about 3s to completely download, but request_time still 0.000, and because it's a HIT request so I dont have upstream_response_time too. What metric or method that I should use to monitor my nginx reponse time performance? Thanks for quickly reply Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275053,275102#msg-275102 From gryzli.the.bugbear at gmail.com Fri Jun 23 11:31:37 2017 From: gryzli.the.bugbear at gmail.com (Gryzli Bugbear) Date: Fri, 23 Jun 2017 14:31:37 +0300 Subject: Changing upstream response headers, before nginx caching decisions Message-ID: <00c78a38-2476-8467-e8a3-7511dcf374bc@gmail.com> Hello everybody, I have the following working scheme: Client --> Nginx [caching] --> Apache [backend] Sometime the backend returns headers, which I want to modify before nginx caching engine decides how to treat them. One such example is when backend returns Vary: header. I want to achieve the following: [Apache backend returns Vary: User-Agent, Header2] --> [Nginx Modifies "Vary:" and removes User-Agent] --> [Nginx caching sees only 'Vary: Header2' (without User-Agent)] --> The final result is that Nginx cache wont take 'User-Agent' into vary considerations. (no cache object per UA). That's just an example. I would like to do such modification with other headers also (for example Cache-Control). Currently I'm already using Nginx Lua integration, but there is no hook point before the caching engine. Would be happy for any suggestions about achieving this scenario. Regards From mdounin at mdounin.ru Fri Jun 23 12:09:02 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 23 Jun 2017 15:09:02 +0300 Subject: Changing upstream response headers, before nginx caching decisions In-Reply-To: <00c78a38-2476-8467-e8a3-7511dcf374bc@gmail.com> References: <00c78a38-2476-8467-e8a3-7511dcf374bc@gmail.com> Message-ID: <20170623120901.GN55433@mdounin.ru> Hello! On Fri, Jun 23, 2017 at 02:31:37PM +0300, Gryzli Bugbear wrote: > I have the following working scheme: > > Client --> Nginx [caching] --> Apache [backend] > > > Sometime the backend returns headers, which I want to modify before > nginx caching engine decides how to treat them. One such example is when > backend returns Vary: header. > > > I want to achieve the following: > > > [Apache backend returns Vary: User-Agent, Header2] --> [Nginx Modifies > "Vary:" and removes User-Agent] --> [Nginx caching sees only 'Vary: > Header2' (without User-Agent)] --> The final result is that Nginx cache > wont take 'User-Agent' into vary considerations. (no cache object per UA). > > That's just an example. I would like to do such modification with other > headers also (for example Cache-Control). > > Currently I'm already using Nginx Lua integration, but there is no hook > point before the caching engine. > > > Would be happy for any suggestions about achieving this scenario. As of now, the only solution would be to use intemediate proxy (without caching) to modify headers returned by your backend. -- Maxim Dounin http://nginx.org/ From gryzli.the.bugbear at gmail.com Fri Jun 23 12:12:24 2017 From: gryzli.the.bugbear at gmail.com (Gryzli Bugbear) Date: Fri, 23 Jun 2017 15:12:24 +0300 Subject: Changing upstream response headers, before nginx caching decisions In-Reply-To: <20170623120901.GN55433@mdounin.ru> References: <00c78a38-2476-8467-e8a3-7511dcf374bc@gmail.com> <20170623120901.GN55433@mdounin.ru> Message-ID: Hi Maxim, Thanks for your prompt answer ! That's exactly what I'm using currently, but was thinking if there is some more elegant/performance-effective way of doing this thing. Regards On 06/23/2017 03:09 PM, Maxim Dounin wrote: > Hello! > > On Fri, Jun 23, 2017 at 02:31:37PM +0300, Gryzli Bugbear wrote: > >> I have the following working scheme: >> >> Client --> Nginx [caching] --> Apache [backend] >> >> >> Sometime the backend returns headers, which I want to modify before >> nginx caching engine decides how to treat them. One such example is when >> backend returns Vary: header. >> >> >> I want to achieve the following: >> >> >> [Apache backend returns Vary: User-Agent, Header2] --> [Nginx Modifies >> "Vary:" and removes User-Agent] --> [Nginx caching sees only 'Vary: >> Header2' (without User-Agent)] --> The final result is that Nginx cache >> wont take 'User-Agent' into vary considerations. (no cache object per UA). >> >> That's just an example. I would like to do such modification with other >> headers also (for example Cache-Control). >> >> Currently I'm already using Nginx Lua integration, but there is no hook >> point before the caching engine. >> >> >> Would be happy for any suggestions about achieving this scenario. > As of now, the only solution would be to use intemediate proxy > (without caching) to modify headers returned by your backend. > From mdounin at mdounin.ru Fri Jun 23 13:00:06 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 23 Jun 2017 16:00:06 +0300 Subject: bcrypt In-Reply-To: References: Message-ID: <20170623130005.GO55433@mdounin.ru> Hello! On Thu, Jun 22, 2017 at 06:26:50PM -0400, Dwight Marzolf wrote: > We have an installation of nginx 1.10.3 in which we are using an htpasswd > file that contains bcrypt encyrpted passwords. This is a file that is used > by multiple apps that require authentication. Everything I am reading > online says that nginx does not support bcrypt passwords. The other apps > using this file have no problem with bcrypt. So, a questions. First, is > there a newer version of nginx that does support bcrypt? If not, is there > some workaround that will let us somehow use our bcrypt passwords with > nginx? I'm trying to avoid having either a separate htpasswd file for > nginx or lowering the encryption for all our apps to something that nginx > supports. In nginx there is no native support for bcrypt passwords as produced by Apache's htpasswd. On the other hand, nginx can use all password schemes supported by crypt(3) on your OS. Many operating systems do support bcrypt-encrypted passwords in crypt(3), and if Apache's variant is not different from other implementations, it would be enough to change the prefix in the password hashes from Apache-specific $2y$ to the one supported by your OS. -- Maxim Dounin http://nginx.org/ From luky-37 at hotmail.com Fri Jun 23 13:24:19 2017 From: luky-37 at hotmail.com (Lukas Tribus) Date: Fri, 23 Jun 2017 13:24:19 +0000 Subject: AW: bcrypt In-Reply-To: <20170623130005.GO55433@mdounin.ru> References: , <20170623130005.GO55433@mdounin.ru> Message-ID: Hello, > In nginx there is no native support for bcrypt passwords as > produced by Apache's htpasswd.? On the other hand, nginx can use > all password schemes supported by crypt(3) on your OS.? Many > operating systems do support bcrypt-encrypted passwords in > crypt(3), and if Apache's variant is not different from other > implementations, it would be enough to change the prefix in the > password hashes from Apache-specific $2y$ to the one supported by > your OS. Is it a good idea though to use a very CPU intense hash like bcrypt in an event-driven webserver? Bcrypt is intentionally slow, I assume having a lot of bcrypt protected HTTP transactions would block nginx causing it to slow down severely? Lukas From mdounin at mdounin.ru Fri Jun 23 14:30:57 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 23 Jun 2017 17:30:57 +0300 Subject: bcrypt In-Reply-To: References: <20170623130005.GO55433@mdounin.ru> Message-ID: <20170623143057.GP55433@mdounin.ru> Hello! On Fri, Jun 23, 2017 at 01:24:19PM +0000, Lukas Tribus wrote: > Hello, > > > > In nginx there is no native support for bcrypt passwords as > > produced by Apache's htpasswd.? On the other hand, nginx can use > > all password schemes supported by crypt(3) on your OS.? Many > > operating systems do support bcrypt-encrypted passwords in > > crypt(3), and if Apache's variant is not different from other > > implementations, it would be enough to change the prefix in the > > password hashes from Apache-specific $2y$ to the one supported by > > your OS. > > Is it a good idea though to use a very CPU intense hash like bcrypt > in an event-driven webserver? > > Bcrypt is intentionally slow, I assume having a lot of bcrypt > protected HTTP transactions would block nginx causing it to slow > down severely? All password hashing schemes are intentionally slow. The goal of password hashing is to prevent brute-force attacks even if hashes are leaked. The question is how slow a particular hashing scheme is, and if it is acceptable for a particular use case. One of the bcrypt scheme main properties is that it allows to control number of rounds, and thus control hashing speed. With low number of rounds it is reasonably fast. For example, with 2^5 rounds (default used by htpasswd) it takes about 4 milliseconds here on a test box: $ time perl -le '$h = "foo"; for (1..1000) { $h = crypt($h, q{$2b$05$foodfsadfdfsadfsadfalkjlkkjlkjlkjlkjlkjlkjlkjljklkjlk}); }; print $h;' $2b$05$foodfsadfdfsadfsadfaleR/2BBLeLV.7NTWtyNRyAquSKRD9E4Sy real 0m3.884s user 0m3.880s sys 0m0.001s -- Maxim Dounin http://nginx.org/ From nginx-forum at forum.nginx.org Fri Jun 23 20:18:33 2017 From: nginx-forum at forum.nginx.org (ManuelRighi) Date: Fri, 23 Jun 2017 16:18:33 -0400 Subject: nginx as reverse proxy and custom 500 error In-Reply-To: <0e010640f9b29fe91a79f894c4e05858.NginxMailingListEnglish@forum.nginx.org> References: <0e010640f9b29fe91a79f894c4e05858.NginxMailingListEnglish@forum.nginx.org> Message-ID: <5d2850d3391914261131d18bc42533cb.NginxMailingListEnglish@forum.nginx.org> Hello, anyone know how to help me? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,273081,275116#msg-275116 From nginx-forum at forum.nginx.org Fri Jun 23 21:19:35 2017 From: nginx-forum at forum.nginx.org (Joergi) Date: Fri, 23 Jun 2017 17:19:35 -0400 Subject: How can I rewrite .php files properly? In-Reply-To: <4b41a466-f15c-331a-9d48-2a0cd5cb3153@fechner.net> References: <4b41a466-f15c-331a-9d48-2a0cd5cb3153@fechner.net> Message-ID: <38932a759d2c0af95a156581f0def425.NginxMailingListEnglish@forum.nginx.org> Hallo Matthias! Thanks for your post, it brought me on the right track! Additionally, I found the MediaWiki ShortURL Builder at https://shorturls.redwerks.org/. >From there I added a few more {deny all;} rules. And the result seems to be working now! Thanks again ... und viele Gr??e J?rg Posted at Nginx Forum: https://forum.nginx.org/read.php?2,274971,275117#msg-275117 From luky-37 at hotmail.com Fri Jun 23 21:37:27 2017 From: luky-37 at hotmail.com (Lukas Tribus) Date: Fri, 23 Jun 2017 21:37:27 +0000 Subject: AW: bcrypt In-Reply-To: <20170623143057.GP55433@mdounin.ru> References: <20170623130005.GO55433@mdounin.ru> , <20170623143057.GP55433@mdounin.ru> Message-ID: Hello! >?One of the bcrypt scheme main properties is that it allows to >?control number of rounds, and thus control hashing speed.? With >?low number of rounds it is reasonably fast.? For example, with 2^5 >?rounds (default used by htpasswd) it takes about 4 milliseconds >?here on a test box: Just trying to wrap my head around this: if we have 100 request per second of this, we block the event loop for 400 milliseconds every 1000 milliseconds, is that a correct understanding? Thanks, Lukas From mdounin at mdounin.ru Sat Jun 24 13:01:28 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sat, 24 Jun 2017 16:01:28 +0300 Subject: bcrypt In-Reply-To: References: <20170623130005.GO55433@mdounin.ru> <20170623143057.GP55433@mdounin.ru> Message-ID: <20170624130128.GT55433@mdounin.ru> Hello! On Fri, Jun 23, 2017 at 09:37:27PM +0000, Lukas Tribus wrote: > >?One of the bcrypt scheme main properties is that it allows to > >?control number of rounds, and thus control hashing speed.? With > >?low number of rounds it is reasonably fast.? For example, with 2^5 > >?rounds (default used by htpasswd) it takes about 4 milliseconds > >?here on a test box: > > Just trying to wrap my head around this: if we have 100 request per > second of this, we block the event loop for 400 milliseconds every > 1000 milliseconds, is that a correct understanding? Not really. It means that you block the event loop for 4 milliseconds 100 times per second. Or: you are able to handle no more than 250 requests per second on a single core / using a single nginx worker process. This may or may not be ok for a particular use case, but it's certanly comparable to phk's md5-based scheme numbers (aka "$1$", aka "$apr1$": 1.5 milliseconds per request), and much faster than sha256 / sha512 crypt schemes (24 and 75 milliseconds respectively with the default number of rounds). -- Maxim Dounin http://nginx.org/ From nginx-forum at forum.nginx.org Sat Jun 24 17:26:25 2017 From: nginx-forum at forum.nginx.org (dencochik) Date: Sat, 24 Jun 2017 13:26:25 -0400 Subject: BUY COUNTERFEIT MONEY / DOCUMENTS @ miltonreed30@gmail.com / +1(832) 779-5194 ) text or call or whatsapp Message-ID: <29b6b2cbea217760d4629b400f483ab0.NginxMailingListEnglish@forum.nginx.org> We are specialist in the production of authentic counterfeit banknotes. We produce authentic banknotes of all types Euro, US Dollar, Pound just to name a few. They are perfectly produced, indistinguishable to the touch and to the naked eye, these are called super notes and can be spent anywhere except banks. They carry different serial numbers and bypass counterfeit iodine pens and detector counterfeit machines detectable by ultraviolet able to deceive the control instruments are based on UV rays. -Notes pass chemical and UV-light tests. -We use special inks and chemicals. -We are also able to copy other elements such as parts of the notes in reief (easily detectable to touch), holograms, holographics strips on the sides, watermarks, prints logs and security threads many of which are visible only in the light. -No extra charges to be paid by the clients except given amount for the order. -All security features are available. -Email : miltonreed30 at gmail.com -Email: gotezkane at outlook.com Skype: county.earl Whatsapp # : +1(832) 779-5194 text @ +1(469) 557-1018 Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275120,275120#msg-275120 From saucebarbeque at hotmail.com Sat Jun 24 19:39:28 2017 From: saucebarbeque at hotmail.com (Barbecue Sauce) Date: Sat, 24 Jun 2017 19:39:28 +0000 Subject: nginx reverse proxy for M/Monit (not monit) Message-ID: Hello all - Apologies if this has been asked & answered already - I can't find a way to search the mailing list and I'm largely learning nginx the hard way. I have an internet-facing nginx https server reverse proxying a number of internal apps on varying servers. In general, they run http internally. To this point, I've been able to get 11 of the 12 working this way. The last one (M/Monit) is proving to be difficult... My config is below. When I go to https://nginx.serv.er/mmonit/, it comes back with a weird https://nginx.serv.er:2882/mmonit/ URL, making me think my config is just wrong. That said, the config came from the team at M/Monit... Does anyone have any ideas they could share? Thanks in advance. ### config start: add_header Cache-Control public; server_tokens off; server { include /etc/nginx/proxy.conf; listen 443 ssl; keepalive_timeout 70; server_name nginx.serv.er; ssl on; ssl_certificate /etc/ssl/localcerts/autosigned.crt; ssl_certificate_key /etc/ssl/localcerts/autosigned.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1.2; ssl_ciphers RC4:HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; add_header X-Frame-Options DENY; root /var/www/html; index index.html; auth_basic "Access Restricted"; auth_basic_user_file "/etc/nginx/.htpasswd"; #limit_conn conn_limit_per_ip 20; #limit_req zone=req_limit_per_ip burst=20 nodelay; location /mmonit/ { #proxy_set_header Host $host; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-Host $host:$server_port; #proxy_set_header X-Forwarded-Server $host; #proxy_set_header X-Forwarded-Proto $scheme; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://mmonit.server.local:2882; proxy_redirect http://mmonit.server.local:2882 /mmonit; rewrite ^/mmonit/(.*) /$1 break; proxy_cookie_path / /mmonit/; # proxy_ignore_client_abort on; # index index.csp # auth_basic "Access Restricted"; # auth_basic_user_file "/etc/nginx/.htpasswd"; access_log /var/log/nginx/mmonit.access.log; error_log /var/log/nginx/mmonit.error.log; } ###Remainder of working config snipped -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Sat Jun 24 22:08:37 2017 From: nginx-forum at forum.nginx.org (Joergi) Date: Sat, 24 Jun 2017 18:08:37 -0400 Subject: How do I exclude one folder from a try_files? Message-ID: <73f7d4f0c2c226b8cced009759af8d7b.NginxMailingListEnglish@forum.nginx.org> Hi guys, I am having a configuration, which is basically rewriting all requests, for which a fitting file cannot be found, to a central index.php file: location ~* "^/" { root /home/$username/www/; try_files $uri $uri/ /wiki/index.php$is_args$args; location ~ \.php$ { try_files $uri $uri/ /wiki/index.php$is_args$args; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/php5-fpm-$username.sock; } } Now, for one folder, wiki/images/, nothing should be rewritten at all. nginx should just try existing files, and if no file with the requested name is there, I want to get the nginx 404 error page. I tried with location ~* wiki/images/ { # Nothing here } but nginx is still changing the URL. Can someone tell me, how I can make nginx just deliver existing files from folder wiki/images/? Cheers J?rg Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275123,275123#msg-275123 From nginx-forum at forum.nginx.org Sun Jun 25 01:36:17 2017 From: nginx-forum at forum.nginx.org (alpotr) Date: Sat, 24 Jun 2017 21:36:17 -0400 Subject: Help on proxy_ssl_trusted_certificate Message-ID: <14c255c9b991b16e59af7a140dbd369b.NginxMailingListEnglish@forum.nginx.org> Hi, I am trying to validate the upstream server by enabling the proxy_ssl_trusted_certficate and proxy_ssl_verify. I've tried to build the pem in so many ways. I tried just the CA, CA + intermmediate, CA+intermmediate + server. But I still keep getting this error message. 2017/06/24 23:56:31 [error] 3512#0: *1 upstream SSL certificate verify error: (20:unable to get local issuer certificate) while SSL handshaking t o upstream, client: 127.0.0.1, server: , request: "POST / HTTP/1.1", upstream: "https://203.105.61.190:443/", host: "localhost:8443" Below is my config file and my current pem file. I've commented in and out a number of this options but they still don't work. The test website is https://test.paydollar.com. The pem file is created by downloading it through the browser. The way I tested this is by issuing a curl request like this: curl -X POST http://localhost:8443/x Config File: -------------------------------------------------- server { listen 8443; location / { # proxy_set_header Host $host; # proxy_set_header Host $remote_addr; # proxy_set_header X-Real-IP $remote_addr; # proxy_set_header X-Forwarded-Host $host; # proxy_set_header X-Forwarded-Server $host; # proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass https://test.paydollar.com; proxy_ssl_verify on; proxy_ssl_trusted_certificate /etc/nginx/conf.d/test2.pem; # proxy_ssl_name "test.paydollar.com"; # proxy_ssl_verify_depth 2; # proxy_ssl_server_name on; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } } ------------------------------------- PEM File: -----BEGIN CERTIFICATE----- MIIDxTCCAq2gAwIBAgIBADANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx EDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAYBgNVBAoT EUdvRGFkZHkuY29tLCBJbmMuMTEwLwYDVQQDEyhHbyBEYWRkeSBSb290IENlcnRp ZmljYXRlIEF1dGhvcml0eSAtIEcyMB4XDTA5MDkwMTAwMDAwMFoXDTM3MTIzMTIz NTk1OVowgYMxCzAJBgNVBAYTAlVTMRAwDgYDVQQIEwdBcml6b25hMRMwEQYDVQQH EwpTY290dHNkYWxlMRowGAYDVQQKExFHb0RhZGR5LmNvbSwgSW5jLjExMC8GA1UE AxMoR28gRGFkZHkgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjCCASIw DQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL9xYgjx+lk09xvJGKP3gElY6SKD E6bFIEMBO4Tx5oVJnyfq9oQbTqC023CYxzIBsQU+B07u9PpPL1kwIuerGVZr4oAH /PMWdYA5UXvl+TW2dE6pjYIT5LY/qQOD+qK+ihVqf94Lw7YZFAXK6sOoBJQ7Rnwy DfMAZiLIjWltNowRGLfTshxgtDj6AozO091GB94KPutdfMh8+7ArU6SSYmlRJQVh GkSBjCypQ5Yj36w6gZoOKcUcqeldHraenjAKOc7xiID7S13MMuyFYkMlNAJWJwGR tDtwKj9useiciAF9n9T521NtYJ2/LOdYq7hfRvzOxBsDPAnrSTFcaUaz4EcCAwEA AaNCMEAwDwYDVR0TAQH/BAUwAwEB/zAOBgNVHQ8BAf8EBAMCAQYwHQYDVR0OBBYE FDqahQcQZyi27/a9BUFuIMGU2g/eMA0GCSqGSIb3DQEBCwUAA4IBAQCZ21151fmX WWcDYfF+OwYxdS2hII5PZYe096acvNjpL9DbWu7PdIxztDhC2gV7+AJ1uP2lsdeu 9tfeE8tTEH6KRtGX+rcuKxGrkLAngPnon1rpN5+r5N9ss4UXnT3ZJE95kTXWXwTr gIOrmgIttRD02JDHBHNA7XIloKmf7J6raBKZV8aPEjoJpL1E/QYVN8Gb5DKj7Tjo 2GTzLH4U/ALqn83/B2gX2yKQOC16jdFU8WnjXzPKej17CuPKf1855eJ1usV2GDPO LPAvTK33sefOT6jEm0pUBsV/fdUID+Ic/n4XuKxe9tQWskMJDE32p2u0mYRlynqI 4uJEvlz36hz1 -----END CERTIFICATE----- Thanks. Alf Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275124,275124#msg-275124 From reallfqq-nginx at yahoo.fr Sun Jun 25 08:36:24 2017 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Sun, 25 Jun 2017 10:36:24 +0200 Subject: How do I exclude one folder from a try_files? In-Reply-To: <73f7d4f0c2c226b8cced009759af8d7b.NginxMailingListEnglish@forum.nginx.org> References: <73f7d4f0c2c226b8cced009759af8d7b.NginxMailingListEnglish@forum.nginx.org> Message-ID: You do not seem to be understanding what you are doing. First, all path start with '/', thus your 'location ~* wiki/images/' directive will never match anything. Second, why are you using regex locations? Prefix ones are most efficient as you do not need any special processing inside the location mask. 'location /wiki/images/' would do. 'location /' is also enough as the most generic ('catch-all') prefix location, matching all requests by default, having the lowest precedence. ?I suggest you give another look at the location directive docs.? --- *B. R.* On Sun, Jun 25, 2017 at 12:08 AM, Joergi wrote: > Hi guys, > > I am having a configuration, which is basically rewriting all requests, for > which a fitting file cannot be found, to a central index.php file: > > location ~* "^/" { > root /home/$username/www/; > try_files $uri $uri/ /wiki/index.php$is_args$args; > > location ~ \.php$ { > try_files $uri $uri/ /wiki/index.php$is_args$args; > include /etc/nginx/fastcgi_params; > fastcgi_pass unix:/var/run/php5-fpm-$username.sock; > } > } > > Now, for one folder, wiki/images/, nothing should be rewritten at all. > nginx > should just try existing files, and if no file with the requested name is > there, I want to get the nginx 404 error page. > > I tried with > > location ~* wiki/images/ { > # Nothing here > } > > but nginx is still changing the URL. > > Can someone tell me, how I can make nginx just deliver existing files from > folder wiki/images/? > > Cheers > > J?rg > > Posted at Nginx Forum: https://forum.nginx.org/read. > php?2,275123,275123#msg-275123 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Sun Jun 25 11:50:10 2017 From: nginx-forum at forum.nginx.org (Joergi) Date: Sun, 25 Jun 2017 07:50:10 -0400 Subject: How do I exclude one folder from a try_files? In-Reply-To: References: Message-ID: <5095a6871bd6cea5d66e6c2b88bdd05d.NginxMailingListEnglish@forum.nginx.org> Thanks for the notes! I am on a shared server and there already is some kind of server configuration. I sadly cannot even see this server config, but I know it contains lots of location blocks, which at least partly interfere with what I am trying to do. That is why I use modifiers to make _my_ blocks kick in instead of theirs. You might say I should change the host ... sadly it's not so easy... :-( So back to my problem: I already do have this location block in my config: location /wiki/images { # Separate location for /wiki/images try_files $uri =404; } However, the rewriting from location ~* "^/" { } is still taking place also inside folder /wiki/images. I want nginx to return the existing file or error 404. Shouldn't my block do exactly that? J?rg Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275123,275128#msg-275128 From nginx-forum at forum.nginx.org Sun Jun 25 13:24:40 2017 From: nginx-forum at forum.nginx.org (alpotr) Date: Sun, 25 Jun 2017 09:24:40 -0400 Subject: Help on proxy_ssl_trusted_certificate In-Reply-To: <14c255c9b991b16e59af7a140dbd369b.NginxMailingListEnglish@forum.nginx.org> References: <14c255c9b991b16e59af7a140dbd369b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <77ed143f4e791285b15caa3449ea1870.NginxMailingListEnglish@forum.nginx.org> HI, Ok, I changed the depth to 4 and it worked. The certificate chain is like this and the pem file contains all the certificates: 0 s:/OU=Domain Control Validated/CN=test.paydollar.com i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 1 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certs.godaddy.com/repository//CN=Go Daddy Secure Certificate Authority - G2 i:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2 2 s:/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./CN=Go Daddy Root Certificate Authority - G2 i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority 3 s:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority i:/C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification Authority Can someone please explain why this worked? Thanks. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275124,275129#msg-275129 From francis at daoine.org Sun Jun 25 18:03:27 2017 From: francis at daoine.org (Francis Daly) Date: Sun, 25 Jun 2017 19:03:27 +0100 Subject: How do I exclude one folder from a try_files? In-Reply-To: <5095a6871bd6cea5d66e6c2b88bdd05d.NginxMailingListEnglish@forum.nginx.org> References: <5095a6871bd6cea5d66e6c2b88bdd05d.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170625180327.GQ18356@daoine.org> On Sun, Jun 25, 2017 at 07:50:10AM -0400, Joergi wrote: Hi there, > I already do have this location block in my config: > > location /wiki/images { > # Separate location for /wiki/images > try_files $uri =404; > } > > However, the rewriting from location ~* "^/" { } is still taking place also > inside folder /wiki/images. I want nginx to return the existing file or > error 404. Shouldn't my block do exactly that? As suggested, read https://nginx.org/en/docs/http/ngx_http_core_module.html#location You want "^~". You don't even need "try_files" -- just make sure that "root" is correct in this location. Read the error log if the response is not what you want. The config change will not take effect until a server reload or restart is done. Good luck with it, f -- Francis Daly francis at daoine.org From nginx-forum at forum.nginx.org Sun Jun 25 20:36:50 2017 From: nginx-forum at forum.nginx.org (Joergi) Date: Sun, 25 Jun 2017 16:36:50 -0400 Subject: How do I exclude one folder from a try_files? In-Reply-To: <20170625180327.GQ18356@daoine.org> References: <20170625180327.GQ18356@daoine.org> Message-ID: Hi Francis, thank you for your helpful posts! Also thanks for the answer in my other thread from last December. I just now spotted your response there. You are right: location ^~ /wiki/images { # Separate location for /wiki/images root /home/wiki/www; } This is all I needed. I thought the root would be inherited as it is set in the location / block already. Obviously this is not the case. Thanks again! J?rg Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275123,275131#msg-275131 From georgi at serversolution.info Mon Jun 26 11:28:44 2017 From: georgi at serversolution.info (Georgi Georgiev) Date: Mon, 26 Jun 2017 14:28:44 +0300 Subject: $request_id not logged in the nginx logs Message-ID: <87C29A32-0F63-40A4-95F1-4B21227EF84B@serversolution.info> Hello, I have enabled request_id headers in nginx (which works as reverse proxy) by the following way: In nginx.co nf my log format hs included $request_id as follows: log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent $request_id "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for?'; In the ghost configs I have headers like the following: location / { ... add_header X-Request-Id $request_id; proxy_set_header X-Request-Id $request_id; I would ike to accomplish the following thing. 1. In all logs and all requests (access, error, mod security audit logs) the request_id to be logged (as it should be, but currently not work). 2. When I open the site X-Request-ID to be set in request headers, not only in response headers. Currently I have the x-request-id header only in the response headers. 3. When I have been blocked my some mod security rule with status 403 the headers to be present and the id to be logged too in the logs. Currently on 403 response I haven?t the header neither in request headers and response headers (only on normal query). Can you please explain me where I am wrong? Thank you in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From ftriboix at falcon-one.com Mon Jun 26 11:37:46 2017 From: ftriboix at falcon-one.com (Fabrice Triboix) Date: Mon, 26 Jun 2017 12:37:46 +0100 Subject: Help! 503 Service Temporarily Unavailable when trying to reverse-proxy wordpress Message-ID: Hello, I am trying to use nginx to reverse-proxy a wordpress website. The wordpress website works fine when being accessed without nginx in the middle. The problem I am having is that when accessing the home page (which is about 50k of html alone), nginx responds with "503 Service Temporarily Unavailable" responses. Using wireshark and tcpdump, it looks like what happens is that the browser starts requesting elements of the html home page (css, pictures, etc.) while the html home has not finished downloading yet. I can see using tcpdump that while the html home page is downloading, nginx responds "503 Service Temporarily Unavailable" and does not forward the subsequent requests to wordpress. The last item to be requested by the browser is the favicon, which is served properly because it is requested through the same TCP connection once the home page has finished downloading. By contrast, the other elements are requested using other TCP connections. So it looks like nginx decides to responds 503 instead of forwarding requests to wordpress because a request is being served. I am using nginx 1.9.12, it is running in a docker container; the host is Ubuntu 16.04. Please find below the config files. I can provide the logs as well if necessary. I tried firefox and chrome with the same results. Thanks a lot for any help! Fabrice nginx.conf: user nginx; worker_processes auto; error_log /var/log/nginx/error.log debug; pid /var/run/nginx.pid; worker_rlimit_nofile 1024; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; gzip off; include /etc/nginx/conf.d/*.conf; } daemon off; There is only one file in "conf.d/", which is named "default.conf": # If we receive X-Forwarded-Proto, pass it through; otherwise, pass along the # scheme used to connect to this server map $http_x_forwarded_proto $proxy_x_forwarded_proto { default $http_x_forwarded_proto; '' $scheme; } # If we receive X-Forwarded-Port, pass it through; otherwise, pass along the # server port the client connected to map $http_x_forwarded_port $proxy_x_forwarded_port { default $http_x_forwarded_port; '' $server_port; } # If we receive Upgrade, set Connection to "upgrade"; otherwise, delete any # Connection header that may have been passed to this server map $http_upgrade $proxy_connection { default upgrade; '' close; } # Apply fix for very long server names server_names_hash_bucket_size 128; # Default dhparam ssl_dhparam /etc/nginx/dhparam/dhparam.pem; # Set appropriate X-Forwarded-Ssl header map $scheme $proxy_x_forwarded_ssl { default off; https on; } gzip_types text/plain text/css application/javascript application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; log_format vhost '$host $remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent"'; access_log off; # HTTP 1.1 support proxy_http_version 1.1; proxy_buffering off; proxy_set_header Host $http_host; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $proxy_connection; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $proxy_x_forwarded_proto; proxy_set_header X-Forwarded-Ssl $proxy_x_forwarded_ssl; proxy_set_header X-Forwarded-Port $proxy_x_forwarded_port; # Mitigate httpoxy attack (see README for details) proxy_set_header Proxy ""; server { server_name _; # This is just an invalid value which will never trigger on a real hostname. listen 80; access_log /var/log/nginx/access.log vhost; return 503; } # incise.co upstream incise.co { ## Can be connect with "bridge" network # wp server 172.17.0.4:80; } server { server_name incise.co; listen 80 ; access_log /var/log/nginx/access.log vhost; location / { proxy_pass http://incise.co; } } -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Mon Jun 26 13:09:17 2017 From: nginx-forum at forum.nginx.org (tima_121) Date: Mon, 26 Jun 2017 09:09:17 -0400 Subject: "Client closed connection" when using nginx on Windows Message-ID: <375f08e521cfa54633782bf0156672af.NginxMailingListEnglish@forum.nginx.org> As part of a project I'm working on, I've been using nginx on Linux systems for a while. Currently I'm trying to run it on a Windows system. When I send a request to nginx (using a browser) it fails, and I get this error message in the error log: 2017/06/26 14:15:56 [info] 34092#16900: *1 client closed connection while waiting for request, client: xxx.xxx.xxx.xxx, server: xxx.xxx.xxx.xxx:4322 Note that this message appears immediately upon making the request, not after some timeout period. Additionally, the nginx is configured to just return a 400 error code, so nginx isn't trying to proxy to some external server. I wasn't able to detect any problems in WireShark - SYNs being exchanged, ACK returned, HTTP request, ACK, 2 more SYNs + ACK, then ~30 seconds later the connection closes (FIN). The relevant config section: server { listen xxx.xxx.xxx.xxx:4322; location / { return 400; } } Does anyone have an idea of why this happens? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275134,275134#msg-275134 From francis at daoine.org Mon Jun 26 16:21:52 2017 From: francis at daoine.org (Francis Daly) Date: Mon, 26 Jun 2017 17:21:52 +0100 Subject: How do I exclude one folder from a try_files? In-Reply-To: References: <20170625180327.GQ18356@daoine.org> Message-ID: <20170626162152.GR18356@daoine.org> On Sun, Jun 25, 2017 at 04:36:50PM -0400, Joergi wrote: Hi there, > location ^~ /wiki/images { > # Separate location for /wiki/images > root /home/wiki/www; > } > > This is all I needed. Good that you have an answer that works for you; thanks for confirming that. > I thought the root would be inherited as it is set in > the location / block already. Obviously this is not the case. Correct, it is not. Inheritance goes from http to server, from server to location, and from location to nested-location; and does not go between parallel locations. One request is handled in one location; and only the config in that location, or inherited in to it, applies. Cheers, f -- Francis Daly francis at daoine.org From francis at daoine.org Mon Jun 26 16:26:08 2017 From: francis at daoine.org (Francis Daly) Date: Mon, 26 Jun 2017 17:26:08 +0100 Subject: Help! 503 Service Temporarily Unavailable when trying to reverse-proxy wordpress In-Reply-To: References: Message-ID: <20170626162608.GS18356@daoine.org> On Mon, Jun 26, 2017 at 12:37:46PM +0100, Fabrice Triboix wrote: Hi there, > The problem I am having is that when accessing the home page (which > is about 50k of html alone), nginx responds with "503 Service > Temporarily Unavailable" responses. You have a separate server{} block that does "return 503;" and writes to the same log file. Is there any chance that *that* is the server that is handling these subsequent requests? If you do one of: * remove that server{} * change it to "return 502;" * change it to log to access503.log and reload your nginx, do you see any evidence that your "server_name incise.co;" server is not doing what you want? f -- Francis Daly francis at daoine.org From ftriboix at falcon-one.com Mon Jun 26 17:24:50 2017 From: ftriboix at falcon-one.com (Fabrice Triboix) Date: Mon, 26 Jun 2017 18:24:50 +0100 Subject: Help! 503 Service Temporarily Unavailable when trying to reverse-proxy wordpress In-Reply-To: <20170626162608.GS18356@daoine.org> References: <20170626162608.GS18356@daoine.org> Message-ID: Hi Francis, Thanks a lot for spotting that! I redirected the log for that one to an `access503.log` file, and indeed I can see requests are sent there. I looked again at the requests from the browser (chrome), and I can see something peculiar: the requests for "/" and "/favicon.ico" have a header "Host: incise.co"; however the other requests have a header "Host: 92.222.75.87". That's really weird... Could that be the cause of the problem? If yes, how come the browser sends the IP address for the "Host" header, which is after all meant to allow servicing different domains on the same IP address? Thank you so much for your help! Fabrice On 26/06/17 17:26, Francis Daly wrote: > On Mon, Jun 26, 2017 at 12:37:46PM +0100, Fabrice Triboix wrote: > > Hi there, > >> The problem I am having is that when accessing the home page (which >> is about 50k of html alone), nginx responds with "503 Service >> Temporarily Unavailable" responses. > You have a separate server{} block that does "return 503;" and writes > to the same log file. > > Is there any chance that *that* is the server that is handling these > subsequent requests? > > If you do one of: > > * remove that server{} > * change it to "return 502;" > * change it to log to access503.log > > and reload your nginx, do you see any evidence that your "server_name > incise.co;" server is not doing what you want? > > f From nginx-forum at forum.nginx.org Mon Jun 26 17:39:45 2017 From: nginx-forum at forum.nginx.org (deivid__) Date: Mon, 26 Jun 2017 13:39:45 -0400 Subject: proxy_cache and X-Accel-Redirect Message-ID: <707d6da5bd5f5cf1a8fb61c9365f6641.NginxMailingListEnglish@forum.nginx.org> Hi, I currently get requests that are resolved with an external server to a file with X-Accel-Redirect: for example: /data/asd-asd-asd -> proxied to a backend -> resolves to file.xls /data/qqq-qqq-qqq -> proxied to a backend -> resolves to file.xls /data/123-123-123 -> proxied to a backend -> resolves to image.jpeg I want to cache the resulting files with nginx, as the initial access is very costly (they are accessed over the network). On first access they should be copied to a local cache, following requests should also go to the backend but actually serve the file from cache. My current config: https://zerobin.davidventura.com.ar/?0018df75a5d31f2c#Un5Eo10lo4eRnhY7ngQiHlSTErCVH/8zjRN+qS0JSl0= Note: The files are quite large (up to 4gb) I added the proxy_cache directives to both the requests path and the internal path but none of them are working. /cache/ is never populated, and the X-*-Cache headers are not present in the response Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275138,275138#msg-275138 From peter_booth at me.com Mon Jun 26 19:14:41 2017 From: peter_booth at me.com (Peter Booth) Date: Mon, 26 Jun 2017 19:14:41 +0000 (GMT) Subject: proxy_cache and X-Accel-Redirect Message-ID: <49493f16-f8f7-4d13-93ba-b8ef7f2015a9@me.com> I've found that the easiest , most accurate way of diagnosing cache related issues is to use the incredible rebot.org service. If you can point redbot at your nginx, and also at your back end, it will?identify anything that prevenst the resource being cacehable. If your website isnt visible from the internet you can either install your own copy of redbot or use an ssh tunnell to make it visible temporarily. The next approach si to run a debug version of nginx and to step by step unpick the setup to see whats broken. Peter I wopuld suggest begiining with a small filebefore then lovinto a laregr number On Jun 26, 2017, at 01:39 PM, deivid__ wrote: Hi, I currently get requests that are resolved with an external server to a file with X-Accel-Redirect: for example: /data/asd-asd-asd -> proxied to a backend -> resolves to file.xls /data/qqq-qqq-qqq -> proxied to a backend -> resolves to file.xls /data/123-123-123 -> proxied to a backend -> resolves to image.jpeg I want to cache the resulting files with nginx, as the initial access is very costly (they are accessed over the network). On first access they should be copied to a local cache, following requests should also go to the backend but actually serve the file from cache. My current config: https://zerobin.davidventura.com.ar/?0018df75a5d31f2c#Un5Eo10lo4eRnhY7ngQiHlSTErCVH/8zjRN+qS0JSl0= Note: The files are quite large (up to 4gb) I added the proxy_cache directives to both the requests path and the internal path but none of them are working. /cache/ is never populated, and the X-*-Cache headers are not present in the response Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275138,275138#msg-275138 _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Mon Jun 26 23:16:26 2017 From: francis at daoine.org (Francis Daly) Date: Tue, 27 Jun 2017 00:16:26 +0100 Subject: Help! 503 Service Temporarily Unavailable when trying to reverse-proxy wordpress In-Reply-To: References: <20170626162608.GS18356@daoine.org> Message-ID: <20170626231626.GT18356@daoine.org> On Mon, Jun 26, 2017 at 06:24:50PM +0100, Fabrice Triboix wrote: Hi there, > I looked again at the requests from the browser (chrome), and I can > see something peculiar: the requests for "/" and "/favicon.ico" have > a header "Host: incise.co"; however the other requests have a header > "Host: 92.222.75.87". That's really weird... Could that be the cause > of the problem? Yes. > If yes, how come the browser sends the IP address > for the "Host" header, which is after all meant to allow servicing > different domains on the same IP address? Do curl -v http://incise.co/ which sends a http 301, so then do curl -v https://incise.co/ and look at the returned content. Whatever server is listening there is returning the html content with links to things below https://92.222.75.87/ Most likely, your wordpress is configured to do that. If you can configure your wordpress to start all internal links with "/" instead of "http", it will probably Just Work. Alternatively, in the nginx config that you did not show, perhaps "proxy_set_header Host $http_host;" was not present. Good luck with it, f -- Francis Daly francis at daoine.org From francis at daoine.org Mon Jun 26 23:28:51 2017 From: francis at daoine.org (Francis Daly) Date: Tue, 27 Jun 2017 00:28:51 +0100 Subject: proxy_cache and X-Accel-Redirect In-Reply-To: <707d6da5bd5f5cf1a8fb61c9365f6641.NginxMailingListEnglish@forum.nginx.org> References: <707d6da5bd5f5cf1a8fb61c9365f6641.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170626232851.GU18356@daoine.org> On Mon, Jun 26, 2017 at 01:39:45PM -0400, deivid__ wrote: Hi there, > /data/asd-asd-asd -> proxied to a backend -> resolves to file.xls > /data/qqq-qqq-qqq -> proxied to a backend -> resolves to file.xls > /data/123-123-123 -> proxied to a backend -> resolves to image.jpeg The config at the remote url you mention does not appear to include any "location /data/" block that might have the config for handling these requests. It also does not appear to include any "proxy_pass", which is necessary before using "proxy_cache". Perhaps the content that I am reading now is not the content that you wrote some time ago. Could you include the config within the email; or else describe what you want to have happen when a client makes a http request to nginx for /data/asd-asd-asd? The more specific and explicit details you include, the more chance there is that someone will be able to understand what config you want in order to meet your requirements. f -- Francis Daly francis at daoine.org From iippolitov at nginx.com Tue Jun 27 06:53:28 2017 From: iippolitov at nginx.com (Igor A. Ippolitov) Date: Tue, 27 Jun 2017 09:53:28 +0300 Subject: proxy_cache and X-Accel-Redirect In-Reply-To: <707d6da5bd5f5cf1a8fb61c9365f6641.NginxMailingListEnglish@forum.nginx.org> References: <707d6da5bd5f5cf1a8fb61c9365f6641.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello, deivid__ As you are using uwsgi_pass, you may want to try uwsgi_cache (nginx.org/r/uwsgi_cache), uwsgi_cache_path and uwsgi_cache_key directives. To make use of $upstream_status you should move your upstream to a separate block like: upstream backend1 { server unix:///tmp/backend.sock; } And then use 'backend1' inside uwsgi_pass directive like: uwsgi_pass uwsgi://backend1; On 26.06.2017 20:39, deivid__ wrote: > Hi, > I currently get requests that are resolved with an external server to a file > with X-Accel-Redirect: > > for example: > > /data/asd-asd-asd -> proxied to a backend -> resolves to file.xls > /data/qqq-qqq-qqq -> proxied to a backend -> resolves to file.xls > /data/123-123-123 -> proxied to a backend -> resolves to image.jpeg > > I want to cache the resulting files with nginx, as the initial access is > very costly (they are accessed over the network). On first access they > should be copied to a local cache, following requests should also go to the > backend but actually serve the file from cache. > > My current config: > https://zerobin.davidventura.com.ar/?0018df75a5d31f2c#Un5Eo10lo4eRnhY7ngQiHlSTErCVH/8zjRN+qS0JSl0= > > > Note: The files are quite large (up to 4gb) > > I added the proxy_cache directives to both the requests path and the > internal path but none of them are working. > > /cache/ is never populated, and the X-*-Cache headers are not present in the > response > > Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275138,275138#msg-275138 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From ftriboix at falcon-one.com Tue Jun 27 08:51:03 2017 From: ftriboix at falcon-one.com (Fabrice Triboix) Date: Tue, 27 Jun 2017 09:51:03 +0100 Subject: Help! 503 Service Temporarily Unavailable when trying to reverse-proxy wordpress In-Reply-To: <20170626231626.GT18356@daoine.org> References: <20170626162608.GS18356@daoine.org> <20170626231626.GT18356@daoine.org> Message-ID: <1ca02f2c-23fe-cbed-4f51-19f1ce08da9d@falcon-one.com> Hi Francis, You are right, most links in the wordpress html start with "http://92.222.75.87/..." so that's the problem. I'll try to get that fixed. Many thanks for your help! Fabrice On 27/06/17 00:16, Francis Daly wrote: > On Mon, Jun 26, 2017 at 06:24:50PM +0100, Fabrice Triboix wrote: > > Hi there, > >> I looked again at the requests from the browser (chrome), and I can >> see something peculiar: the requests for "/" and "/favicon.ico" have >> a header "Host: incise.co"; however the other requests have a header >> "Host: 92.222.75.87". That's really weird... Could that be the cause >> of the problem? > Yes. > >> If yes, how come the browser sends the IP address >> for the "Host" header, which is after all meant to allow servicing >> different domains on the same IP address? > Do > > curl -v http://incise.co/ > > which sends a http 301, so then do > > curl -v https://incise.co/ > > and look at the returned content. > > Whatever server is listening there is returning the html content with > links to things below https://92.222.75.87/ > > Most likely, your wordpress is configured to do that. If you can configure > your wordpress to start all internal links with "/" instead of "http", > it will probably Just Work. > > Alternatively, in the nginx config that you did not show, perhaps > "proxy_set_header Host $http_host;" was not present. > > Good luck with it, > > f From atomyuk at gmail.com Tue Jun 27 10:40:08 2017 From: atomyuk at gmail.com (=?UTF-8?B?0JDRgNGC0ZHQvCDQotC+0LzRjtC6?=) Date: Tue, 27 Jun 2017 10:40:08 +0000 Subject: rewrite in custom 404 location Message-ID: is it possible to create "if" rule with rewrite action inside custom 404 location? the task is fallback to jpg if upstream returns 404 for .webp request. i've double-checked regexp's - they seems to be write.... location ~* \.(jpg|mp4|svg|jpeg|gif|png|css|bmp|js|swf|webp|jp2|ico)$ { etag on; proxy_cache site; proxy_cache_valid 404 302 1m; expires max; proxy_cache_valid 2h; proxy_pass http://cdn; proxy_intercept_errors on; proxy_connect_timeout 5s; proxy_next_upstream error timeout http_404 http_403 http_500 http_502 http_503 http_504; error_page 404 /webp.html; } location = /webp.html { if ($request_filename ~* ^.+.webp$) { rewrite ^/(.*)\.webp$ /$1.jpg redirect; } root /var/www/; } -------------- next part -------------- An HTML attachment was scrubbed... URL: From ftriboix at falcon-one.com Tue Jun 27 14:02:16 2017 From: ftriboix at falcon-one.com (Fabrice Triboix) Date: Tue, 27 Jun 2017 15:02:16 +0100 Subject: Help! 503 Service Temporarily Unavailable when trying to reverse-proxy wordpress In-Reply-To: <1ca02f2c-23fe-cbed-4f51-19f1ce08da9d@falcon-one.com> References: <20170626162608.GS18356@daoine.org> <20170626231626.GT18356@daoine.org> <1ca02f2c-23fe-cbed-4f51-19f1ce08da9d@falcon-one.com> Message-ID: <07db646f-9564-dd54-1003-8c223397139e@falcon-one.com> I finally found out the root cause of the problem. I initially installed wordpress by accessing the server directly using its IP address (when the DNS was not up and running yet). Apparently, wordpress decides to save that into its database and serves the links based on that... I deleted the wordpress database, re-installed it by accessing the server using the host name, and voila! Everything works perfectly now! On 27/06/17 09:51, Fabrice Triboix wrote: > Hi Francis, > > You are right, most links in the wordpress html start with > "http://92.222.75.87/..." so that's the problem. > I'll try to get that fixed. > > Many thanks for your help! > > Fabrice > > On 27/06/17 00:16, Francis Daly wrote: >> On Mon, Jun 26, 2017 at 06:24:50PM +0100, Fabrice Triboix wrote: >> >> Hi there, >> >>> I looked again at the requests from the browser (chrome), and I can >>> see something peculiar: the requests for "/" and "/favicon.ico" have >>> a header "Host: incise.co"; however the other requests have a header >>> "Host: 92.222.75.87". That's really weird... Could that be the cause >>> of the problem? >> Yes. >> >>> If yes, how come the browser sends the IP address >>> for the "Host" header, which is after all meant to allow servicing >>> different domains on the same IP address? >> Do >> >> curl -v http://incise.co/ >> >> which sends a http 301, so then do >> >> curl -v https://incise.co/ >> >> and look at the returned content. >> >> Whatever server is listening there is returning the html content with >> links to things below https://92.222.75.87/ >> >> Most likely, your wordpress is configured to do that. If you can >> configure >> your wordpress to start all internal links with "/" instead of "http", >> it will probably Just Work. >> >> Alternatively, in the nginx config that you did not show, perhaps >> "proxy_set_header Host $http_host;" was not present. >> >> Good luck with it, >> >> f > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at forum.nginx.org Tue Jun 27 14:36:38 2017 From: nginx-forum at forum.nginx.org (AjaySawant) Date: Tue, 27 Jun 2017 10:36:38 -0400 Subject: Nginx 404 while accessing app Message-ID: <15f8073e95d6c13ce51885f7a10d9fa0.NginxMailingListEnglish@forum.nginx.org> I have one AngularJS application deployed on port 8080. It can be access as http://ip:8080. Now I have deployed the application on nginx and I am trying to access this application via nginx reverse proxy configuration but I am getting 404 error in nginx log as it looks like the nginx is searching the application in wrong directory. My application is in /usr/share/nginx/html directory but the reverse proxy is looking the app in /etc/nginx/html. Here is my configuration and I am using Ubuntu 16.04 server { listen 80 default_server; server_name _; location /app/ { proxy_redirect off; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8080/; } } server { listen 8080; root /usr/share/nginx/html; index index.html index.htm; server_name _; location / { try_files $uri $uri/ /index.html; } error_page 404 /404.html; error_page 403 /403.html; error_page 405 =200 $uri; } Can somebody tell me what am I doing wrong? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275154,275154#msg-275154 From zchao1995 at gmail.com Tue Jun 27 14:59:41 2017 From: zchao1995 at gmail.com (Zhang Chao) Date: Tue, 27 Jun 2017 10:59:41 -0400 Subject: Nginx 404 while accessing app In-Reply-To: <15f8073e95d6c13ce51885f7a10d9fa0.NginxMailingListEnglish@forum.nginx.org> References: <15f8073e95d6c13ce51885f7a10d9fa0.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello! I copied your configuration, it seems a internal redirection cycled, you need to modify it(e.g. change the location / to location /=). After i modified, i didn?t reproduce your problem, the root directive works well. On 27 June 2017 at 22:36:45, AjaySawant (nginx-forum at forum.nginx.org) wrote: I have one AngularJS application deployed on port 8080. It can be access as http://ip:8080. Now I have deployed the application on nginx and I am trying to access this application via nginx reverse proxy configuration but I am getting 404 error in nginx log as it looks like the nginx is searching the application in wrong directory. My application is in /usr/share/nginx/html directory but the reverse proxy is looking the app in /etc/nginx/html. Here is my configuration and I am using Ubuntu 16.04 server { listen 80 default_server; server_name _; location /app/ { proxy_redirect off; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8080/; } } server { listen 8080; root /usr/share/nginx/html; index index.html index.htm; server_name _; location / { try_files $uri $uri/ /index.html; } error_page 404 /404.html; error_page 403 /403.html; error_page 405 =200 $uri; } Can somebody tell me what am I doing wrong? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275154,275154#msg-275154 _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From zchao1995 at gmail.com Tue Jun 27 15:01:15 2017 From: zchao1995 at gmail.com (Zhang Chao) Date: Tue, 27 Jun 2017 11:01:15 -0400 Subject: Nginx 404 while accessing app In-Reply-To: <15f8073e95d6c13ce51885f7a10d9fa0.NginxMailingListEnglish@forum.nginx.org> References: <15f8073e95d6c13ce51885f7a10d9fa0.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello! I copied your configuration, it seems a internal redirection cycled, you need to modify it(e.g. change the location / to location /=). After i modified, i didn?t reproduce your problem, the root directive works well. On 27 June 2017 at 22:36:45, AjaySawant (nginx-forum at forum.nginx.org) wrote: Hello! I copied your configuration, it seems a internal redirection cycled, you need to modify it(e.g. change the location / to location /=). After i modified, i didn?t reproduce your problem, the root directive works well. -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Tue Jun 27 15:04:14 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 27 Jun 2017 18:04:14 +0300 Subject: nginx-1.13.2 Message-ID: <20170627150414.GE55433@mdounin.ru> Changes with nginx 1.13.2 27 Jun 2017 *) Change: nginx now returns 200 instead of 416 when a range starting with 0 is requested from an empty file. *) Feature: the "add_trailer" directive. Thanks to Piotr Sikora. *) Bugfix: nginx could not be built on Cygwin and NetBSD; the bug had appeared in 1.13.0. *) Bugfix: nginx could not be built under MSYS2 / MinGW 64-bit. Thanks to Orgad Shaneh. *) Bugfix: a segmentation fault might occur in a worker process when using SSI with many includes and proxy_pass with variables. *) Bugfix: in the ngx_http_v2_module. Thanks to Piotr Sikora. -- Maxim Dounin http://nginx.org/ From nginx-forum at forum.nginx.org Tue Jun 27 15:12:04 2017 From: nginx-forum at forum.nginx.org (deivid__) Date: Tue, 27 Jun 2017 11:12:04 -0400 Subject: proxy_cache and X-Accel-Redirect In-Reply-To: <20170626232851.GU18356@daoine.org> References: <20170626232851.GU18356@daoine.org> Message-ID: <3e94ab752477e2068120bb87ff28a5cc.NginxMailingListEnglish@forum.nginx.org> Francis, The /data root was an example, in my case it's /v/ What I want to do is: - get a request like /v/c85320d9ddb90c13f4a215f1f0a87b531ab33310 - proxy that to my back-end which tells nginx to serve a certain file (X-Accel-redirect). - I want to cache this file as the first access is expensive. (I want to cache *the file*, other requests can end up pointing to the same file, that's what I want to speed up). You are right that I'm not using proxy_pass; as my back-end is served by uwsgi I'm using uwsgi_pass. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275138,275163#msg-275163 From kworthington at gmail.com Tue Jun 27 15:45:12 2017 From: kworthington at gmail.com (Kevin Worthington) Date: Tue, 27 Jun 2017 11:45:12 -0400 Subject: build error for 1.13.2 Message-ID: Hello! On Cygwin 64-bit, I am getting this build error (worked fine on Cygwin 32-bit) : -o objs/src/os/unix/ngx_udp_send.o \ src/os/unix/ngx_udp_send.c cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g -D FD_ SETSIZE=2048 -I src/core -I src/event -I src/event/modules -I src/os/unix -I /us r/include/libxml2 -I objs \ -o objs/src/os/unix/ngx_udp_sendmsg_chain.o \ src/os/unix/ngx_udp_sendmsg_chain.c src/os/unix/ngx_udp_sendmsg_chain.c: In function `ngx_sendmsg': src/os/unix/ngx_udp_sendmsg_chain.c:274:16: error: `struct in_pktinfo' has no me mber named `ipi_spec_dst' pkt->ipi_spec_dst = sin->sin_addr; ^ objs/Makefile:847: recipe for target 'objs/src/os/unix/ngx_udp_sendmsg_chain.o' failed make[1]: *** [objs/src/os/unix/ngx_udp_sendmsg_chain.o] Error 1 make[1]: Leaving directory '/home/kevin.worthington/nginx-1.13.1' Makefile:8: recipe for target 'build' failed make: *** [build] Error 2 Help and/or patches are much appreciated. Thank you! Best regards, Kevin -- Kevin Worthington kworthington (at} gmail {dot) com https://kevinworthington.com/ https://twitter.com/kworthington -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Tue Jun 27 15:49:50 2017 From: nginx-forum at forum.nginx.org (deivid__) Date: Tue, 27 Jun 2017 11:49:50 -0400 Subject: proxy_cache and X-Accel-Redirect In-Reply-To: References: Message-ID: Igor: As I explained to francis ( https://forum.nginx.org/read.php?2,275138,275163#msg-275163 ), I don't want to cache what goes to uwsgi. I get a request for /v/example-uri, my back-end answers with X-accel-redirect: /nfs/file1.img (2gb). I want nginx to copy this to a local cache ( /cache/c/29/b7f54b2df7773722d382f4809d65029c or whatever ) and serve subsequent requests (that might be /v/example-7-uri or /v/qwoeiuqwoeiq but get the same response X-accel-redirect: /nfs/file1.img) from the cache. David Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275138,275167#msg-275167 From iippolitov at nginx.com Tue Jun 27 16:17:39 2017 From: iippolitov at nginx.com (Igor A. Ippolitov) Date: Tue, 27 Jun 2017 19:17:39 +0300 Subject: proxy_cache and X-Accel-Redirect In-Reply-To: References: Message-ID: <47127ae7-97b9-5899-2385-25eb994554d8@nginx.com> David, In your configuration /converted is configured to be 'internal'. Your backend should redirect to /converted/file1.img (so it will be proxied and cached as configured...) If you there is no mistake and redirect differs from configured location then here is the trouble =) Could you please verify location prefixes once again? On 27.06.2017 18:49, deivid__ wrote: > Igor: > > As I explained to francis ( > https://forum.nginx.org/read.php?2,275138,275163#msg-275163 ), I don't want > to cache what goes to uwsgi. > > I get a request for /v/example-uri, my back-end answers with > X-accel-redirect: /nfs/file1.img (2gb). > I want nginx to copy this to a local cache ( > /cache/c/29/b7f54b2df7773722d382f4809d65029c or whatever ) and serve > subsequent requests (that might be /v/example-7-uri or /v/qwoeiuqwoeiq but > get the same response X-accel-redirect: /nfs/file1.img) from the cache. > > > David > > Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275138,275167#msg-275167 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at forum.nginx.org Tue Jun 27 16:37:56 2017 From: nginx-forum at forum.nginx.org (AjaySawant) Date: Tue, 27 Jun 2017 12:37:56 -0400 Subject: Nginx 404 while accessing app In-Reply-To: References: Message-ID: <5a5ad55d7088919a8c5e3c663f49f7b8.NginxMailingListEnglish@forum.nginx.org> Thanks Toker for replying. I implemented your suggestion as given below but it is not working. I am getting same error as earlier. I am not able to understand why nginx is taking the docroot as /etc/nginx/html instead of /usr/share/nginx/html. server { listen 80 default_server; server_name _; location /app/ { proxy_redirect off; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://localhost:8080/; } } server { listen 8080; root /usr/share/nginx/html; index index.html index.htm; server_name _; location /= { try_files $uri $uri/ /index.html; } error_page 404 /404.html; error_page 403 /403.html; error_page 405 =200 $uri; } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275154,275169#msg-275169 From nginx-forum at forum.nginx.org Tue Jun 27 16:44:50 2017 From: nginx-forum at forum.nginx.org (AjaySawant) Date: Tue, 27 Jun 2017 12:44:50 -0400 Subject: Nginx 404 while accessing app In-Reply-To: <15f8073e95d6c13ce51885f7a10d9fa0.NginxMailingListEnglish@forum.nginx.org> References: <15f8073e95d6c13ce51885f7a10d9fa0.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hey, I also would like to mention you that it works if I create a symbolic link of html folder inside /etc/nginx directory which points to /usr/share/nginx/html directory. The only concern is why is it picking up from /etc/nginx/html directory even though I did not mention anything about that directory in my config. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275154,275170#msg-275170 From nginx-forum at forum.nginx.org Tue Jun 27 16:56:33 2017 From: nginx-forum at forum.nginx.org (deivid__) Date: Tue, 27 Jun 2017 12:56:33 -0400 Subject: proxy_cache and X-Accel-Redirect In-Reply-To: <47127ae7-97b9-5899-2385-25eb994554d8@nginx.com> References: <47127ae7-97b9-5899-2385-25eb994554d8@nginx.com> Message-ID: <5904fd9189f58083b88acf591aaaae38.NginxMailingListEnglish@forum.nginx.org> I mistakenly typed redirect to /nfs because it redirects to /converted which has an alias to /nfs. The files are delivered, my problem is that the cache is never populated, so following requests keep hitting the slow filesystem Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275138,275171#msg-275171 From peter_booth at me.com Tue Jun 27 17:20:05 2017 From: peter_booth at me.com (Peter Booth) Date: Tue, 27 Jun 2017 13:20:05 -0400 Subject: proxy_cache and X-Accel-Redirect In-Reply-To: <5904fd9189f58083b88acf591aaaae38.NginxMailingListEnglish@forum.nginx.org> References: <47127ae7-97b9-5899-2385-25eb994554d8@nginx.com> <5904fd9189f58083b88acf591aaaae38.NginxMailingListEnglish@forum.nginx.org> Message-ID: <0F879A71-B9B4-42D1-B151-4FFF38E76E41@me.com> David, Are the backend resources actually dynamic / created on demand, or are they "real" files that exist on a slow file system? Peter Sent from my iPhone > On Jun 27, 2017, at 12:56 PM, deivid__ wrote: > > I mistakenly typed redirect to /nfs because it redirects to /converted which > has an alias to /nfs. > > The files are delivered, my problem is that the cache is never populated, so > following requests keep hitting the slow filesystem > > Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275138,275171#msg-275171 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Tue Jun 27 17:26:55 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 27 Jun 2017 20:26:55 +0300 Subject: build error for 1.13.2 In-Reply-To: References: Message-ID: <20170627172655.GJ55433@mdounin.ru> Hello! On Tue, Jun 27, 2017 at 11:45:12AM -0400, Kevin Worthington wrote: > On Cygwin 64-bit, I am getting this build error (worked fine on Cygwin > 32-bit) : As per the path in the make output: > make[1]: Leaving directory '/home/kevin.worthington/nginx-1.13.1' you are building nginx 1.13.1. Try nginx 1.13.2 instead. -- Maxim Dounin http://nginx.org/ From nginx-forum at forum.nginx.org Tue Jun 27 18:27:00 2017 From: nginx-forum at forum.nginx.org (deivid__) Date: Tue, 27 Jun 2017 14:27:00 -0400 Subject: proxy_cache and X-Accel-Redirect In-Reply-To: <0F879A71-B9B4-42D1-B151-4FFF38E76E41@me.com> References: <0F879A71-B9B4-42D1-B151-4FFF38E76E41@me.com> Message-ID: Real files on a slow filesystem. They'll never move / go away / change / whatever. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275138,275175#msg-275175 From kworthington at gmail.com Tue Jun 27 20:44:28 2017 From: kworthington at gmail.com (Kevin Worthington) Date: Tue, 27 Jun 2017 16:44:28 -0400 Subject: build error for 1.13.2 In-Reply-To: <20170627172655.GJ55433@mdounin.ru> References: <20170627172655.GJ55433@mdounin.ru> Message-ID: Thanks Maxim, it turned out my build script was just doing something strange. I got it built. Best regards, Kevin -- Kevin Worthington kworthington (At) {gmail] . com https://kevinworthington.com/ https://twitter.com/kworthington On Tue, Jun 27, 2017 at 1:26 PM, Maxim Dounin wrote: > Hello! > > On Tue, Jun 27, 2017 at 11:45:12AM -0400, Kevin Worthington wrote: > > > On Cygwin 64-bit, I am getting this build error (worked fine on Cygwin > > 32-bit) : > > As per the path in the make output: > > > make[1]: Leaving directory '/home/kevin.worthington/nginx-1.13.1' > > you are building nginx 1.13.1. Try nginx 1.13.2 instead. > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Tue Jun 27 21:43:22 2017 From: nginx-forum at forum.nginx.org (deivid__) Date: Tue, 27 Jun 2017 17:43:22 -0400 Subject: Proxy_cache_key based on custom header Message-ID: <20766a381bbe012df461ad48cba84dc5.NginxMailingListEnglish@forum.nginx.org> Hi. I'm trying to use 2 level proxying to cache files delivered with X-Accel-Redirect. This kinda works, the only thing missing is getting the cache_key to be the filename. If `proxy_cache` is unset (or set to the default), the caching mechanism "works": - Every request gets cached (good) - Different URLs that map to the same file get mapped to different cache keys (bad) - I get the header "X-Banana" with the correct file path (good) If `proxy_cache` is set to `$sent_http_x_test_header`: - Every request gets cached (good) - All URLs map to the same cache (very bad!) - I don't get the 'X-Banana' header at all This leads me to believe that in the second case, `$sent_http_x_test_header` is empty. But it's not in the first case? Why? What can I do? Full config below: proxy_cache_path /cache/nginx levels=1:2 keys_zone=cache:10m inactive=24h; upstream backend { server unix:///tmp/streaming-backend.sock; } server { listen 443 ssl; listen [::]:443 ssl; include /etc/nginx/ssl; index index.html; server_name pilotage.streamall.pw; gzip off; proxy_cache_min_uses 1; proxy_cache cache; proxy_cache_valid 200 24h; location /v/ { rewrite /v/(.+) /$1 break; proxy_pass http://127.0.0.1:9999/; proxy_request_buffering off; # needs 1.7.11 proxy_ignore_headers X-Accel-Expires Expires Cache-Control Set-Cookie; # proxy_cache_key $sent_http_x_test_header; add_header X-Proxy-Cache $upstream_cache_status; add_header X-Banana $sent_http_x_test_header; } } server { listen 9999; location / { uwsgi_pass backend; include uwsgi_params; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /converted/ { internal; root /nfs/; add_header X-Test-Header $document_uri; } } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275178,275178#msg-275178 From georgi at serversolution.info Wed Jun 28 05:52:14 2017 From: georgi at serversolution.info (Georgi Georgiev) Date: Wed, 28 Jun 2017 08:52:14 +0300 Subject: $request_id not logged in the nginx logs In-Reply-To: <87C29A32-0F63-40A4-95F1-4B21227EF84B@serversolution.info> References: <87C29A32-0F63-40A4-95F1-4B21227EF84B@serversolution.info> Message-ID: Nobody use this variable? > On Jun 26, 2017, at 2:28 PM, Georgi Georgiev wrote: > > Hello, > I have enabled request_id headers in nginx (which works as reverse proxy) by the following way: > > In nginx.co nf my log format hs included $request_id as follows: > > log_format main '$remote_addr - $remote_user [$time_local] "$request" ' > '$status $body_bytes_sent $request_id "$http_referer" ' > '"$http_user_agent" "$http_x_forwarded_for?'; > > > In the ghost configs I have headers like the following: > location / { > ... > add_header X-Request-Id $request_id; > proxy_set_header X-Request-Id $request_id; > > I would ike to accomplish the following thing. > > 1. In all logs and all requests (access, error, mod security audit logs) the request_id to be logged (as it should be, but currently not work). > 2. When I open the site X-Request-ID to be set in request headers, not only in response headers. Currently I have the x-request-id header only in the response headers. > 3. When I have been blocked my some mod security rule with status 403 the headers to be present and the id to be logged too in the logs. Currently on 403 response I haven?t the header neither in request headers and response headers (only on normal query). > > Can you please explain me where I am wrong? Thank you in advance. -------------- next part -------------- An HTML attachment was scrubbed... URL: From liulantao at gmail.com Wed Jun 28 06:52:15 2017 From: liulantao at gmail.com (Liu Lantao) Date: Wed, 28 Jun 2017 14:52:15 +0800 Subject: $request_id not logged in the nginx logs In-Reply-To: References: <87C29A32-0F63-40A4-95F1-4B21227EF84B@serversolution.info> Message-ID: <694F2546-5B3C-4374-9679-00E692F92684@gmail.com> Please try to append ?always' at the end of ?add_header? line. http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header If the always parameter is specified (1.7.5), the header field will be added regardless of the response code. > On Jun 28, 2017, at 1:52 PM, Georgi Georgiev wrote: > > Nobody use this variable? > >> On Jun 26, 2017, at 2:28 PM, Georgi Georgiev wrote: >> >> Hello, >> I have enabled request_id headers in nginx (which works as reverse proxy) by the following way: >> >> In nginx.conf my log format hs included $request_id as follows: >> >> log_format main '$remote_addr - $remote_user [$time_local] "$request" ' >> '$status $body_bytes_sent $request_id "$http_referer" ' >> '"$http_user_agent" "$http_x_forwarded_for?'; >> >> >> In the ghost configs I have headers like the following: >> location / { >> ... >> add_header X-Request-Id $request_id; >> proxy_set_header X-Request-Id $request_id; >> >> I would ike to accomplish the following thing. >> >> 1. In all logs and all requests (access, error, mod security audit logs) the request_id to be logged (as it should be, but currently not work). >> 2. When I open the site X-Request-ID to be set in request headers, not only in response headers. Currently I have the x-request-id header only in the response headers. >> 3. When I have been blocked my some mod security rule with status 403 the headers to be present and the id to be logged too in the logs. Currently on 403 response I haven?t the header neither in request headers and response headers (only on normal query). >> >> Can you please explain me where I am wrong? Thank you in advance. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From georgi at serversolution.info Wed Jun 28 06:55:47 2017 From: georgi at serversolution.info (Georgi Georgiev) Date: Wed, 28 Jun 2017 09:55:47 +0300 Subject: $request_id not logged in the nginx logs In-Reply-To: <694F2546-5B3C-4374-9679-00E692F92684@gmail.com> References: <87C29A32-0F63-40A4-95F1-4B21227EF84B@serversolution.info> <694F2546-5B3C-4374-9679-00E692F92684@gmail.com> Message-ID: <644EC4A1-5788-49C5-A227-6EDB703C4F74@serversolution.info> Thank you! It works now, but still only in response headers, not in request headers. Is it normal behavior? Also how can I append the ID in the logs? I think that it should works by this way by default? > On Jun 28, 2017, at 9:52 AM, Liu Lantao wrote: > > Please try to append ?always' at the end of ?add_header? line. > > > http://nginx.org/en/docs/http/ngx_http_headers_module.html#add_header > > If the always parameter is specified (1.7.5), the header field will be added regardless of the response code. > > >> On Jun 28, 2017, at 1:52 PM, Georgi Georgiev wrote: >> >> Nobody use this variable? >> >>> On Jun 26, 2017, at 2:28 PM, Georgi Georgiev wrote: >>> >>> Hello, >>> I have enabled request_id headers in nginx (which works as reverse proxy) by the following way: >>> >>> In nginx.conf my log format hs included $request_id as follows: >>> >>> log_format main '$remote_addr - $remote_user [$time_local] "$request" ' >>> '$status $body_bytes_sent $request_id "$http_referer" ' >>> '"$http_user_agent" "$http_x_forwarded_for?'; >>> >>> >>> In the ghost configs I have headers like the following: >>> location / { >>> ... >>> add_header X-Request-Id $request_id; >>> proxy_set_header X-Request-Id $request_id; >>> >>> I would ike to accomplish the following thing. >>> >>> 1. In all logs and all requests (access, error, mod security audit logs) the request_id to be logged (as it should be, but currently not work). >>> 2. When I open the site X-Request-ID to be set in request headers, not only in response headers. Currently I have the x-request-id header only in the response headers. >>> 3. When I have been blocked my some mod security rule with status 403 the headers to be present and the id to be logged too in the logs. Currently on 403 response I haven?t the header neither in request headers and response headers (only on normal query). >>> >>> Can you please explain me where I am wrong? Thank you in advance. >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From iippolitov at nginx.com Wed Jun 28 09:29:20 2017 From: iippolitov at nginx.com (Igor A. Ippolitov) Date: Wed, 28 Jun 2017 12:29:20 +0300 Subject: proxy_cache and X-Accel-Redirect In-Reply-To: <5904fd9189f58083b88acf591aaaae38.NginxMailingListEnglish@forum.nginx.org> References: <47127ae7-97b9-5899-2385-25eb994554d8@nginx.com> <5904fd9189f58083b88acf591aaaae38.NginxMailingListEnglish@forum.nginx.org> Message-ID: <6a79d2fd-84a7-c219-5a6f-7c14b5969f07@nginx.com> David, It looks like you don't have any 'proxy_pass' in your /converted location at all. And proxy cache is applied to proxied replies only. Nginx assumes it's storage is fast enough to serve content and relies on OS to cache files. May be you should serve your files with Nginx instead of NFS? On 27.06.2017 19:56, deivid__ wrote: > I mistakenly typed redirect to /nfs because it redirects to /converted which > has an alias to /nfs. > > The files are delivered, my problem is that the cache is never populated, so > following requests keep hitting the slow filesystem > > Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275138,275171#msg-275171 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From francis at daoine.org Wed Jun 28 12:51:41 2017 From: francis at daoine.org (Francis Daly) Date: Wed, 28 Jun 2017 13:51:41 +0100 Subject: proxy_cache and X-Accel-Redirect In-Reply-To: <3e94ab752477e2068120bb87ff28a5cc.NginxMailingListEnglish@forum.nginx.org> References: <20170626232851.GU18356@daoine.org> <3e94ab752477e2068120bb87ff28a5cc.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170628125141.GV18356@daoine.org> On Tue, Jun 27, 2017 at 11:12:04AM -0400, deivid__ wrote: Hi there, this is partly in response to this mail, and partly in response to parallel responses in the thread. First, some background: The nginx proxy_pass directive is documented at http://nginx.org/r/proxy_pass The other directives on that page are really only useful when proxy_pass is used. The nginx uwsgi_pass directive is documented at http://nginx.org/r/uwsgi_pass The other directives on that page are really only useful when uwsgi_pass is used. You will be happier if you keep the distinction very clear in your head. > The /data root was an example, in my case it's /v/ Also in general: if the first part of your example is not the same as the second part of your example, then everyone who is not you must guess at what you might have meant. You are more likely to get a better response quicker, if you avoid the need for guesswork. > What I want to do is: > > - get a request like /v/c85320d9ddb90c13f4a215f1f0a87b531ab33310 > - proxy that to my back-end which tells nginx to serve a certain file > (X-Accel-redirect). > - I want to cache this file as the first access is expensive. (I want to > cache *the file*, other requests can end up pointing to the same file, > that's what I want to speed up). This seems to be the key: what you want is not related to proxy_cache or uwsgi_pass or X-Accel-Redirect; it is related to nginx serving a local file. You want for nginx to serve a local file from a slow, nfs-mounted file system and cache it on another, faster, local file system. nginx does not do that directly -- caching a local file would in general just make an unnecessary disk copy; and the kernel is much better placed to cache file contents in RAM. The easy option would be for you to copy the files that you care about from the slow filesystem to the faster filesystem, and just tell nginx to serve from the faster one. There are probably reasons why you do not do that. The nginx-config option is for you to configure a separate server{} which will serve content from the slow filesystem; and then in your normally-used server{} you proxy_pass to that separate server. At the place where you proxy_pass, you also either proxy_store or proxy_cache, to have a copy of the file contents on your faster filesystem where it can be served from directly the next time a matching request comes in. proxy_store and proxy_cache are different; they do different things and have different costs and benefits. They also need different configuration. One may be more suitable than the other, for the thing that you are trying to do. > You are right that I'm not using proxy_pass; as my back-end is served by > uwsgi I'm using uwsgi_pass. If you want to do any kind of caching of the response from a uwsgi_pass request, you will want to use uwsgi_cache. You probably do *not* want to do that caching in this case. f -- Francis Daly francis at daoine.org From soracchi at multidialogo.it Wed Jun 28 15:40:53 2017 From: soracchi at multidialogo.it (Andrea Soracchi) Date: Wed, 28 Jun 2017 17:40:53 +0200 (CEST) Subject: Strange issue after nginx update In-Reply-To: <7255090.1031.1498662518798.JavaMail.sorry@sorry-Dell-System-XPS-L322X> Message-ID: <2819671.1140.1498664451958.JavaMail.sorry@sorry-Dell-System-XPS-L322X> Hi, could you please help me solve this issue? I'm getting crazy! Before the nginx update my client worked perfectly: it posted files to my website without any delay. How, after nginx update (ubuntu 16.04 LTS) I've got this issue: - the client posts files successfully but the answer of the post is delayed. The more the file is bigger, the more the answer is delayed. I put a sniffer into the website' server and I noticed that the nginx receives the post but it waits to transfer the file to php-fpm process, so also the answer to the client is delayed The nginx server is: nginx/1.10.0 (Ubuntu) and its conf is: ----- user www-data; worker_processes auto; pid /run/nginx.pid; events { worker_connections 768; # multi_accept on; } http { sendfile on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; client_max_body_size 0; log_not_found off; server_name_in_redirect off; client_body_timeout 120s; autoindex off; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log info; gzip on; gzip_disable "msie6"; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; --- and website's php-fpm conf is: server { listen 80; server_name test.it; server_name_in_redirect off; autoindex off; client_max_body_size 500m; index index.html; root /home/test/test; location ~ \.(php|html|htm|php3)$ { try_files $uri 404; fastcgi_pass unix:/run/php/mdtest-fpm.sock; include fastcgi_params; } } fastcgi_params config: fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; #fastcgi_param SERVER_NAME $server_name; fastcgi_param SERVER_NAME $http_host; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; Thanks a lot, Andrea ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it -------------- next part -------------- An HTML attachment was scrubbed... URL: From pchychi at gmail.com Wed Jun 28 17:56:04 2017 From: pchychi at gmail.com (Payam Chychi) Date: Wed, 28 Jun 2017 17:56:04 +0000 Subject: Strange issue after nginx update In-Reply-To: <2819671.1140.1498664451958.JavaMail.sorry@sorry-Dell-System-XPS-L322X> References: <7255090.1031.1498662518798.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <2819671.1140.1498664451958.JavaMail.sorry@sorry-Dell-System-XPS-L322X> Message-ID: On Wed, Jun 28, 2017 at 8:41 AM Andrea Soracchi wrote: > Hi, > could you please help me solve this issue? I'm getting crazy! > > Before the nginx update my client worked perfectly: it posted files to my > website without any delay. > > How, after nginx update (ubuntu 16.04 LTS) I've got this issue: > > - the client posts files successfully but the answer of the post is > delayed. The more the file is bigger, the more the answer is delayed. > > I put a sniffer into the website' server and I noticed that the nginx > receives the post but it waits to transfer the file to php-fpm process, so > also the answer to the client is delayed > > The nginx server is: > > nginx/1.10.0 (Ubuntu) and its conf is: > > ----- > user www-data; > worker_processes auto; > pid /run/nginx.pid; > > events { > worker_connections 768; > # multi_accept on; > } > > http { > sendfile on; > tcp_nodelay on; > keepalive_timeout 65; > types_hash_max_size 2048; > client_max_body_size 0; > log_not_found off; > server_name_in_redirect off; > client_body_timeout 120s; > autoindex off; > include /etc/nginx/mime.types; > default_type application/octet-stream; > ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE > ssl_prefer_server_ciphers on; > access_log /var/log/nginx/access.log; > error_log /var/log/nginx/error.log info; > gzip on; > gzip_disable "msie6"; > gzip_types text/plain text/css application/json > application/javascript text/xml application/xml application/xml+rss > text/javascript; > include /etc/nginx/conf.d/*.conf; > include /etc/nginx/sites-enabled/*; > --- > > and website's php-fpm conf is: > > server { > listen 80; > server_name test.it; > server_name_in_redirect off; > autoindex off; > client_max_body_size 500m; > index index.html; > root /home/test/test; > location ~ \.(php|html|htm|php3)$ { > try_files $uri 404; > fastcgi_pass unix:/run/php/mdtest-fpm.sock; > include fastcgi_params; > } > } > > fastcgi_params config: > > fastcgi_param QUERY_STRING $query_string; > fastcgi_param REQUEST_METHOD $request_method; > fastcgi_param CONTENT_TYPE $content_type; > fastcgi_param CONTENT_LENGTH $content_length; > > fastcgi_param SCRIPT_NAME $fastcgi_script_name; > fastcgi_param REQUEST_URI $request_uri; > fastcgi_param DOCUMENT_URI $document_uri; > fastcgi_param DOCUMENT_ROOT $document_root; > fastcgi_param SERVER_PROTOCOL $server_protocol; > fastcgi_param REQUEST_SCHEME $scheme; > fastcgi_param HTTPS $https if_not_empty; > > fastcgi_param GATEWAY_INTERFACE CGI/1.1; > fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; > > fastcgi_param REMOTE_ADDR $remote_addr; > fastcgi_param REMOTE_PORT $remote_port; > fastcgi_param SERVER_ADDR $server_addr; > fastcgi_param SERVER_PORT $server_port; > #fastcgi_param SERVER_NAME $server_name; > fastcgi_param SERVER_NAME $http_host; > > # PHP only, required if PHP was built with --enable-force-cgi-redirect > fastcgi_param REDIRECT_STATUS 200; > > fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; > > > Thanks a lot, > Andrea > > *ANDREA SORACCHI* > *+39 329 0512704 <+393290512702>* > System Engineer > > +39 0521 24 77 91 > soracchi at netbuilder.it > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/ > nginx hi, can you show the related wireshark data, how long is the response delayed by? and anything else like retransmits or anything else? any SElinux security throtelling taking place? anything in dmesg? > > -- Payam Tarverdyan Chychi Network Security Specialist / Network Engineer -------------- next part -------------- An HTML attachment was scrubbed... URL: From soracchi at multidialogo.it Wed Jun 28 22:21:07 2017 From: soracchi at multidialogo.it (Andrea Soracchi) Date: Thu, 29 Jun 2017 00:21:07 +0200 (CEST) Subject: Strange issue after nginx update In-Reply-To: References: <7255090.1031.1498662518798.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <2819671.1140.1498664451958.JavaMail.sorry@sorry-Dell-System-XPS-L322X> Message-ID: <65421741.150391788.1498688467426.JavaMail.zimbra@netbuilder.it> Hi, I have attached part of the ettercap log . I have posted a test file of 40MB. The delay is 29 second: from the last file's chunk at 23:56:06 to the response of index2.php at 23:56:35 The nginx's log show: 192.168.18.18 - - [28/Jun/2017:23:56:35 +0200] "POST /index2.php HTTP/1.1" 200 37 "-" "Generic Client" Nothing retransmits, SElinux isn't installed and apparmor is stopped. Nothing in dmesg... Thanks a lot, ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it Da: "Payam Chychi" A: "nginx" Inviato: Mercoled?, 28 giugno 2017 19:56:04 Oggetto: Re: Strange issue after nginx update On Wed, Jun 28, 2017 at 8:41 AM Andrea Soracchi < soracchi at multidialogo.it > wrote: Hi, could you please help me solve this issue? I'm getting crazy! Before the nginx update my client worked perfectly: it posted files to my website without any delay. How, after nginx update (ubuntu 16.04 LTS) I've got this issue: - the client posts files successfully but the answer of the post is delayed. The more the file is bigger, the more the answer is delayed. I put a sniffer into the website' server and I noticed that the nginx receives the post but it waits to transfer the file to php-fpm process, so also the answer to the client is delayed The nginx server is: nginx/1.10.0 (Ubuntu) and its conf is: ----- user www-data; worker_processes auto; pid /run/nginx.pid; events { worker_connections 768; # multi_accept on; } http { sendfile on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; client_max_body_size 0; log_not_found off; server_name_in_redirect off; client_body_timeout 120s; autoindex off; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log info; gzip on; gzip_disable "msie6"; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; --- and website's php-fpm conf is: server { listen 80; server_name test.it ; server_name_in_redirect off; autoindex off; client_max_body_size 500m; index index.html; root /home/test/test; location ~ \.(php|html|htm|php3)$ { try_files $uri 404; fastcgi_pass unix:/run/php/mdtest-fpm.sock; include fastcgi_params; } } fastcgi_params config: fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; #fastcgi_param SERVER_NAME $server_name; fastcgi_param SERVER_NAME $http_host; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; Thanks a lot, Andrea ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/ nginx BQ_BEGIN BQ_END hi, can you show the related wireshark data, how long is the response delayed by? and anything else like retransmits or anything else? any SElinux security throtelling taking place? anything in dmesg? BQ_BEGIN BQ_END -- Payam Tarverdyan Chychi Network Security Specialist / Network Engineer _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- An embedded and charset-unspecified text was scrubbed... Name: ettercap_dump.txt URL: From anoopalias01 at gmail.com Thu Jun 29 04:01:35 2017 From: anoopalias01 at gmail.com (Anoop Alias) Date: Thu, 29 Jun 2017 09:31:35 +0530 Subject: Strange issue after nginx update In-Reply-To: <65421741.150391788.1498688467426.JavaMail.zimbra@netbuilder.it> References: <7255090.1031.1498662518798.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <2819671.1140.1498664451958.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <65421741.150391788.1498688467426.JavaMail.zimbra@netbuilder.it> Message-ID: give a try changing the nameservers in /etc/resolv.conf On Thu, Jun 29, 2017 at 3:51 AM, Andrea Soracchi wrote: > Hi, > > I have attached part of the ettercap log. > > I have posted a test file of 40MB. > > The delay is 29 second: > > from the last file's chunk at 23:56:06 > > to the response of index2.php at 23:56:35 > > The nginx's log show: > > 192.168.18.18 - - [28/Jun/2017:23:56:35 +0200] "POST /index2.php HTTP/1.1" > 200 37 "-" "Generic Client" > > Nothing retransmits, SElinux isn't installed and apparmor is stopped. > > Nothing in dmesg... > > Thanks a lot, > > > *ANDREA SORACCHI* > *+39 329 0512704 <+393290512702>* > System Engineer > > +39 0521 24 77 91 > soracchi at netbuilder.it > > ------------------------------ > *Da: *"Payam Chychi" > *A: *"nginx" > *Inviato: *Mercoled?, 28 giugno 2017 19:56:04 > *Oggetto: *Re: Strange issue after nginx update > > > On Wed, Jun 28, 2017 at 8:41 AM Andrea Soracchi > wrote: > >> Hi, >> could you please help me solve this issue? I'm getting crazy! >> >> Before the nginx update my client worked perfectly: it posted files to my >> website without any delay. >> >> How, after nginx update (ubuntu 16.04 LTS) I've got this issue: >> >> - the client posts files successfully but the answer of the post is >> delayed. The more the file is bigger, the more the answer is delayed. >> >> I put a sniffer into the website' server and I noticed that the nginx >> receives the post but it waits to transfer the file to php-fpm process, so >> also the answer to the client is delayed >> >> The nginx server is: >> >> nginx/1.10.0 (Ubuntu) and its conf is: >> >> ----- >> user www-data; >> worker_processes auto; >> pid /run/nginx.pid; >> >> events { >> worker_connections 768; >> # multi_accept on; >> } >> >> http { >> sendfile on; >> tcp_nodelay on; >> keepalive_timeout 65; >> types_hash_max_size 2048; >> client_max_body_size 0; >> log_not_found off; >> server_name_in_redirect off; >> client_body_timeout 120s; >> autoindex off; >> include /etc/nginx/mime.types; >> default_type application/octet-stream; >> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE >> ssl_prefer_server_ciphers on; >> access_log /var/log/nginx/access.log; >> error_log /var/log/nginx/error.log info; >> gzip on; >> gzip_disable "msie6"; >> gzip_types text/plain text/css application/json >> application/javascript text/xml application/xml application/xml+rss >> text/javascript; >> include /etc/nginx/conf.d/*.conf; >> include /etc/nginx/sites-enabled/*; >> --- >> >> and website's php-fpm conf is: >> >> server { >> listen 80; >> server_name test.it; >> server_name_in_redirect off; >> autoindex off; >> client_max_body_size 500m; >> index index.html; >> root /home/test/test; >> location ~ \.(php|html|htm|php3)$ { >> try_files $uri 404; >> fastcgi_pass unix:/run/php/mdtest-fpm.sock; >> include fastcgi_params; >> } >> } >> >> fastcgi_params config: >> >> fastcgi_param QUERY_STRING $query_string; >> fastcgi_param REQUEST_METHOD $request_method; >> fastcgi_param CONTENT_TYPE $content_type; >> fastcgi_param CONTENT_LENGTH $content_length; >> >> fastcgi_param SCRIPT_NAME $fastcgi_script_name; >> fastcgi_param REQUEST_URI $request_uri; >> fastcgi_param DOCUMENT_URI $document_uri; >> fastcgi_param DOCUMENT_ROOT $document_root; >> fastcgi_param SERVER_PROTOCOL $server_protocol; >> fastcgi_param REQUEST_SCHEME $scheme; >> fastcgi_param HTTPS $https if_not_empty; >> >> fastcgi_param GATEWAY_INTERFACE CGI/1.1; >> fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; >> >> fastcgi_param REMOTE_ADDR $remote_addr; >> fastcgi_param REMOTE_PORT $remote_port; >> fastcgi_param SERVER_ADDR $server_addr; >> fastcgi_param SERVER_PORT $server_port; >> #fastcgi_param SERVER_NAME $server_name; >> fastcgi_param SERVER_NAME $http_host; >> >> # PHP only, required if PHP was built with --enable-force-cgi-redirect >> fastcgi_param REDIRECT_STATUS 200; >> >> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; >> >> >> Thanks a lot, >> Andrea >> >> >> *ANDREA SORACCHI* >> *+39 329 0512704 <+393290512702>* >> System Engineer >> >> +39 0521 24 77 91 >> soracchi at netbuilder.it >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/ >> nginx > > > hi, > > can you show the related wireshark data, how long is the response delayed > by? and anything else like retransmits or anything else? > > any SElinux security throtelling taking place? anything in dmesg? > >> >> -- > Payam Tarverdyan Chychi > Network Security Specialist / Network Engineer > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- *Anoop P Alias* -------------- next part -------------- An HTML attachment was scrubbed... URL: From pchychi at gmail.com Thu Jun 29 04:38:09 2017 From: pchychi at gmail.com (Payam Chychi) Date: Thu, 29 Jun 2017 04:38:09 +0000 Subject: Strange issue after nginx update In-Reply-To: References: <7255090.1031.1498662518798.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <2819671.1140.1498664451958.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <65421741.150391788.1498688467426.JavaMail.zimbra@netbuilder.it> Message-ID: Are you seeing any errors in your php log? are you connecting to the hostname or ip? Also, make sure your interface is connected at full duplex. whats the output of "ethtool eth0" replace eth0 with your nic in use. not sure what else really... id say to check dns but its all local to you - Payam On Wed, Jun 28, 2017 at 9:01 PM Anoop Alias wrote: > give a try changing the nameservers in /etc/resolv.conf > > On Thu, Jun 29, 2017 at 3:51 AM, Andrea Soracchi > wrote: > >> Hi, >> >> I have attached part of the ettercap log. >> >> I have posted a test file of 40MB. >> >> The delay is 29 second: >> >> from the last file's chunk at 23:56:06 >> >> to the response of index2.php at 23:56:35 >> >> The nginx's log show: >> >> 192.168.18.18 - - [28/Jun/2017:23:56:35 +0200] "POST /index2.php >> HTTP/1.1" 200 37 "-" "Generic Client" >> >> Nothing retransmits, SElinux isn't installed and apparmor is stopped. >> >> Nothing in dmesg... >> >> Thanks a lot, >> >> >> *ANDREA SORACCHI* >> *+39 329 0512704 <+393290512702>* >> System Engineer >> >> +39 0521 24 77 91 >> soracchi at netbuilder.it >> >> ------------------------------ >> *Da: *"Payam Chychi" >> *A: *"nginx" >> *Inviato: *Mercoled?, 28 giugno 2017 19:56:04 >> *Oggetto: *Re: Strange issue after nginx update >> >> >> On Wed, Jun 28, 2017 at 8:41 AM Andrea Soracchi >> wrote: >> >>> Hi, >>> could you please help me solve this issue? I'm getting crazy! >>> >>> Before the nginx update my client worked perfectly: it posted files to >>> my website without any delay. >>> >>> How, after nginx update (ubuntu 16.04 LTS) I've got this issue: >>> >>> - the client posts files successfully but the answer of the post is >>> delayed. The more the file is bigger, the more the answer is delayed. >>> >>> I put a sniffer into the website' server and I noticed that the nginx >>> receives the post but it waits to transfer the file to php-fpm process, so >>> also the answer to the client is delayed >>> >>> The nginx server is: >>> >>> nginx/1.10.0 (Ubuntu) and its conf is: >>> >>> ----- >>> user www-data; >>> worker_processes auto; >>> pid /run/nginx.pid; >>> >>> events { >>> worker_connections 768; >>> # multi_accept on; >>> } >>> >>> http { >>> sendfile on; >>> tcp_nodelay on; >>> keepalive_timeout 65; >>> types_hash_max_size 2048; >>> client_max_body_size 0; >>> log_not_found off; >>> server_name_in_redirect off; >>> client_body_timeout 120s; >>> autoindex off; >>> include /etc/nginx/mime.types; >>> default_type application/octet-stream; >>> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: >>> POODLE >>> ssl_prefer_server_ciphers on; >>> access_log /var/log/nginx/access.log; >>> error_log /var/log/nginx/error.log info; >>> gzip on; >>> gzip_disable "msie6"; >>> gzip_types text/plain text/css application/json >>> application/javascript text/xml application/xml application/xml+rss >>> text/javascript; >>> include /etc/nginx/conf.d/*.conf; >>> include /etc/nginx/sites-enabled/*; >>> --- >>> >>> and website's php-fpm conf is: >>> >>> server { >>> listen 80; >>> server_name test.it; >>> server_name_in_redirect off; >>> autoindex off; >>> client_max_body_size 500m; >>> index index.html; >>> root /home/test/test; >>> location ~ \.(php|html|htm|php3)$ { >>> try_files $uri 404; >>> fastcgi_pass unix:/run/php/mdtest-fpm.sock; >>> include fastcgi_params; >>> } >>> } >>> >>> fastcgi_params config: >>> >>> fastcgi_param QUERY_STRING $query_string; >>> fastcgi_param REQUEST_METHOD $request_method; >>> fastcgi_param CONTENT_TYPE $content_type; >>> fastcgi_param CONTENT_LENGTH $content_length; >>> >>> fastcgi_param SCRIPT_NAME $fastcgi_script_name; >>> fastcgi_param REQUEST_URI $request_uri; >>> fastcgi_param DOCUMENT_URI $document_uri; >>> fastcgi_param DOCUMENT_ROOT $document_root; >>> fastcgi_param SERVER_PROTOCOL $server_protocol; >>> fastcgi_param REQUEST_SCHEME $scheme; >>> fastcgi_param HTTPS $https if_not_empty; >>> >>> fastcgi_param GATEWAY_INTERFACE CGI/1.1; >>> fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; >>> >>> fastcgi_param REMOTE_ADDR $remote_addr; >>> fastcgi_param REMOTE_PORT $remote_port; >>> fastcgi_param SERVER_ADDR $server_addr; >>> fastcgi_param SERVER_PORT $server_port; >>> #fastcgi_param SERVER_NAME $server_name; >>> fastcgi_param SERVER_NAME $http_host; >>> >>> # PHP only, required if PHP was built with --enable-force-cgi-redirect >>> fastcgi_param REDIRECT_STATUS 200; >>> >>> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; >>> >>> >>> Thanks a lot, >>> Andrea >>> >>> >>> *ANDREA SORACCHI* >>> *+39 329 0512704 <+393290512702>* >>> System Engineer >>> >>> +39 0521 24 77 91 >>> soracchi at netbuilder.it >>> >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/ >>> nginx >> >> >> hi, >> >> can you show the related wireshark data, how long is the response delayed >> by? and anything else like retransmits or anything else? >> >> any SElinux security throtelling taking place? anything in dmesg? >> >>> >>> -- >> Payam Tarverdyan Chychi >> Network Security Specialist / Network Engineer >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > > -- > *Anoop P Alias* > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -- Payam Tarverdyan Chychi Network Security Specialist / Network Engineer -------------- next part -------------- An HTML attachment was scrubbed... URL: From soracchi at multidialogo.it Thu Jun 29 10:01:35 2017 From: soracchi at multidialogo.it (Andrea Soracchi) Date: Thu, 29 Jun 2017 12:01:35 +0200 (CEST) Subject: Strange issue after nginx update In-Reply-To: References: <7255090.1031.1498662518798.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <2819671.1140.1498664451958.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <65421741.150391788.1498688467426.JavaMail.zimbra@netbuilder.it> Message-ID: <3523972.333.1498730493247.JavaMail.sorry@sorry-Dell-System-XPS-L322X> Hi Payam, the problem is between Nginx and Php-fpm, but I have set the debug level log to nginx and php-fpm. Nginx: 2017/06/29 10:05:14 [warn] 5252#5252: *1613 a client request body is buffered to a temporary file /var/lib/nginx/body/0000000044, client: 192.168.18.18, server: andrea.eoraptor3.netbuilder.it, request: "POST /index2.php HTTP/1.1", host: "andrea.eoraptor3.netbuilder.it" 2017/06/29 10:05:14 [debug] 5252#5252: *1613 write: 9, 0000560D636FBE70, 8192, 0 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 5488 of 8192 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 5488 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 2704 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv -2 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: 1498723634292, new: 1498723634292 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: "/index2.php?" 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http read client request body 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1368 of 2704 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 1368 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 1336 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv -2 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: 1498723634292, new: 1498723634293 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: "/index2.php?" 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http read client request body 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1336 of 1336 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 1336 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http body new buf t:1 f:0 0000560D636FBE70, pos 0000560D636FBE70, size: 8192 file: 0, size: 0 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http write client request body, bufs 0000560D636F92C0 2017/06/29 10:05:14 [debug] 5252#5252: *1613 write: 9, 0000560D636FBE70, 8192, 8192 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1400 of 8192 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 1400 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54597821 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 6792 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv -2 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54597821 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: 1498723634292, new: 1498723634293 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: "/index2.php?" ... Repeated several times ... ... 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer out: 0000560D637FE780 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer: 10, old: 1498723575096, new: 1498723575151 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request handler 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request body 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer in: 0000560D637FE780 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev: 8 of 8 2017/06/29 10:05:15 [debug] 5252#5252: *1613 sendfile: @54591488 22717 2017/06/29 10:05:15 [debug] 5252#5252: *1613 sendfile: 22717 of 22717 @54591488 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev: 11 of 11 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer out: 0000000000000000 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer del: 10: 1498723575096 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer add: 10: 300000:1498723815151 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream dummy handler 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream dummy handler 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http upstream process header 2017/06/29 10:05:40 [debug] 5252#5252: *1613 malloc: 0000560D637FF560:4096 2017/06/29 10:05:40 [debug] 5252#5252: *1613 recv: fd:10 56 of 4096 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 01 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 06 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 01 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 1D 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 03 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record length: 29 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi parser: 0 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi header: "Content-type: text/html" 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi parser: 1 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi header done 2017/06/29 10:05:40 [debug] 5252#5252: *1613 xslt filter header 2017/06/29 10:05:40 [debug] 5252#5252: *1613 HTTP/1.1 200 OK^M Php-fpm: PHPFPM [29-Jun-2017 10:05:14.699514] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 0 active children, 3 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:16.700710] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:17.701773] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:18.702842] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:19.703778] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:20.705400] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:21.706471] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:22.707537] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:23.707779] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:24.708839] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:25.710378] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:26.710841] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:27.711798] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:28.712864] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:29.713932] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:30.715523] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:31.715785] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:32.716851] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:32.716851] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:33.717931] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:34.719001] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:35.720280] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:36.720662] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:37.721725] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:38.722791] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:39.723785] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:40.725342] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 0 active children, 3 spare children, 3 running children. Spawning rate 1 Any idea? Thanks a lot, Andrea ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it ----- Original Message ----- From: "Payam Chychi" To: nginx at nginx.org Sent: Gioved?, 29 giugno 2017 6:38:09 Subject: Re: Strange issue after nginx update Are you seeing any errors in your php log? are you connecting to the hostname or ip? Also, make sure your interface is connected at full duplex. whats the output of " ethtool eth0" replace eth0 with your nic in use. not sure what else really... id say to check dns but its all local to you - Payam On Wed, Jun 28, 2017 at 9:01 PM Anoop Alias < anoopalias01 at gmail.com > wrote: give a try changing the nameservers in /etc/resolv.conf On Thu, Jun 29, 2017 at 3:51 AM, Andrea Soracchi < soracchi at multidialogo.it > wrote:
Hi, I have attached part of the ettercap log . I have posted a test file of 40MB. The delay is 29 second: from the last file's chunk at 23:56:06 to the response of index2.php at 23:56:35 The nginx's log show: 192.168.18.18 - - [28/Jun/2017:23:56:35 +0200] "POST /index2.php HTTP/1.1" 200 37 "-" "Generic Client" Nothing retransmits, SElinux isn't installed and apparmor is stopped. Nothing in dmesg... Thanks a lot, ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it Da: "Payam Chychi" < pchychi at gmail.com > A: "nginx" < nginx at nginx.org > Inviato: Mercoled?, 28 giugno 2017 19:56:04 Oggetto: Re: Strange issue after nginx update On Wed, Jun 28, 2017 at 8:41 AM Andrea Soracchi < soracchi at multidialogo.it > wrote:
Hi, could you please help me solve this issue? I'm getting crazy! Before the nginx update my client worked perfectly: it posted files to my website without any delay. How, after nginx update (ubuntu 16.04 LTS) I've got this issue: - the client posts files successfully but the answer of the post is delayed. The more the file is bigger, the more the answer is delayed. I put a sniffer into the website' server and I noticed that the nginx receives the post but it waits to transfer the file to php-fpm process, so also the answer to the client is delayed The nginx server is: nginx/1.10.0 (Ubuntu) and its conf is: ----- user www-data; worker_processes auto; pid /run/nginx.pid; events { worker_connections 768; # multi_accept on; } http { sendfile on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; client_max_body_size 0; log_not_found off; server_name_in_redirect off; client_body_timeout 120s; autoindex off; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log info; gzip on; gzip_disable "msie6"; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; --- and website's php-fpm conf is: server { listen 80; server_name test.it ; server_name_in_redirect off; autoindex off; client_max_body_size 500m; index index.html; root /home/test/test; location ~ \.(php|html|htm|php3)$ { try_files $uri 404; fastcgi_pass unix:/run/php/mdtest-fpm.sock; include fastcgi_params; } } fastcgi_params config: fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; #fastcgi_param SERVER_NAME $server_name; fastcgi_param SERVER_NAME $http_host; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; Thanks a lot, Andrea ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/ nginx
hi, can you show the related wireshark data, how long is the response delayed by? and anything else like retransmits or anything else? any SElinux security throtelling taking place? anything in dmesg?
-- Payam Tarverdyan Chychi Network Security Specialist / Network Engineer _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
-- Anoop P Alias _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
-- Payam Tarverdyan Chychi Network Security Specialist / Network Engineer -- Questo messaggio e' stato analizzato ed e' risultato non infetto. This message was scanned and is believed to be clean. _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From smntov at gmail.com Thu Jun 29 11:00:37 2017 From: smntov at gmail.com (ST) Date: Thu, 29 Jun 2017 14:00:37 +0300 Subject: Measuring nginx's efficiency Message-ID: <1498734037.1346.15.camel@gmail.com> Hello, with your help I managed to configure nginx and our website now can be accessed both - through apache and nginx. Now, how can I prove to my boss that nginx is more efficient than apache to switch to it? How do I measure its performance and compare it to that of apache? Which tools would you recommend? Thank you in advance! From vbart at nginx.com Thu Jun 29 12:09:17 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Thu, 29 Jun 2017 15:09:17 +0300 Subject: Measuring nginx's efficiency In-Reply-To: <1498734037.1346.15.camel@gmail.com> References: <1498734037.1346.15.camel@gmail.com> Message-ID: <1558053.n2rNauMJac@vbart-workstation> On Thursday 29 June 2017 14:00:37 ST wrote: > Hello, > > with your help I managed to configure nginx and our website now can be > accessed both - through apache and nginx. > > Now, how can I prove to my boss that nginx is more efficient than apache > to switch to it? How do I measure its performance and compare it to that > of apache? Which tools would you recommend? > > Thank you in advance! > I suggest wrk. https://github.com/wg/wrk wbr, Valentin V. Bartenev From smntov at gmail.com Thu Jun 29 12:32:21 2017 From: smntov at gmail.com (ST) Date: Thu, 29 Jun 2017 15:32:21 +0300 Subject: Measuring nginx's efficiency In-Reply-To: <1558053.n2rNauMJac@vbart-workstation> References: <1498734037.1346.15.camel@gmail.com> <1558053.n2rNauMJac@vbart-workstation> Message-ID: <1498739541.1346.20.camel@gmail.com> On Thu, 2017-06-29 at 15:09 +0300, Valentin V. Bartenev wrote: > On Thursday 29 June 2017 14:00:37 ST wrote: > > Hello, > > > > with your help I managed to configure nginx and our website now can be > > accessed both - through apache and nginx. > > > > Now, how can I prove to my boss that nginx is more efficient than apache > > to switch to it? How do I measure its performance and compare it to that > > of apache? Which tools would you recommend? > > > > Thank you in advance! > > > > I suggest wrk. > > https://github.com/wg/wrk > Should I stress our production system with this tool? Our system blocks users that make to many requests in a given amount of time... Also, how do I prove that static content is now served faster? Thank you. From nginx-forum at forum.nginx.org Thu Jun 29 13:08:40 2017 From: nginx-forum at forum.nginx.org (foxgab) Date: Thu, 29 Jun 2017 09:08:40 -0400 Subject: set_real_ip_from, real_ip_header directive in ngx_http_realip_module In-Reply-To: <20170228134015.GL34777@mdounin.ru> References: <20170228134015.GL34777@mdounin.ru> Message-ID: <56938245d5e0423be062aa9870e7b256.NginxMailingListEnglish@forum.nginx.org> if nginx is behind another proxy, that proxy set the X-Forwarded-for header with the real client ip, and the configration of nginx is : location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; real_ip_header X-Forwarded-For; set_real_ip_from 192.168.0.0/16; } whether the real client ip or the address of the proxy will add in the X-Forwarded-For header? will the value of $remote_addr changes only after real_ip_header directive or at the beginning of the context? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,272653,275206#msg-275206 From vbart at nginx.com Thu Jun 29 13:16:30 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Thu, 29 Jun 2017 16:16:30 +0300 Subject: Measuring nginx's efficiency In-Reply-To: <1498739541.1346.20.camel@gmail.com> References: <1498734037.1346.15.camel@gmail.com> <1558053.n2rNauMJac@vbart-workstation> <1498739541.1346.20.camel@gmail.com> Message-ID: <2509603.4cb1D1WpUi@vbart-workstation> On Thursday 29 June 2017 15:32:21 ST wrote: > On Thu, 2017-06-29 at 15:09 +0300, Valentin V. Bartenev wrote: > > On Thursday 29 June 2017 14:00:37 ST wrote: > > > Hello, > > > > > > with your help I managed to configure nginx and our website now can be > > > accessed both - through apache and nginx. > > > > > > Now, how can I prove to my boss that nginx is more efficient than apache > > > to switch to it? How do I measure its performance and compare it to that > > > of apache? Which tools would you recommend? > > > > > > Thank you in advance! > > > > > > > I suggest wrk. > > > > https://github.com/wg/wrk > > > > Should I stress our production system with this tool? Our system blocks > users that make to many requests in a given amount of time... > Also, how do I prove that static content is now served faster? > > Thank you. > Switching from Apache to nginx usually isn't about speed, but about scalability. It's all about how many users/connections you can serve from the same hardware. wbr, Valentin V. Bartenev From mdounin at mdounin.ru Thu Jun 29 15:33:02 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 29 Jun 2017 18:33:02 +0300 Subject: set_real_ip_from, real_ip_header directive in ngx_http_realip_module In-Reply-To: <56938245d5e0423be062aa9870e7b256.NginxMailingListEnglish@forum.nginx.org> References: <20170228134015.GL34777@mdounin.ru> <56938245d5e0423be062aa9870e7b256.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170629153302.GL55433@mdounin.ru> Hello! On Thu, Jun 29, 2017 at 09:08:40AM -0400, foxgab wrote: > if nginx is behind another proxy, that proxy set the X-Forwarded-for header > with the real client ip, and the configration of nginx is : > > location / { > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > real_ip_header X-Forwarded-For; > set_real_ip_from 192.168.0.0/16; > } > > whether the real client ip or the address of the proxy will add in the > X-Forwarded-For header? > will the value of $remote_addr changes only after real_ip_header directive > or at the beginning of the context? The order of the directives in the nginx configuration is not important (except a few cases where it is explicitly outlined, like location blocks with regular expressions or rewrite module instructions). Directives merely set various options for request processing, and it doesn't matter where you set the option. The realip module, when configured in a location context, changes client's address as seen by nginx right after the location configuration is choosen (and the request is processed by the rewrite module, if any), before access-related checks. That is, in the configuration above the realip module will change the client's address before the "proxy_set_header" directive will use it. As such, X-Forwarded-For as sent to the backend will include client address set by the realip module, and the above configuration will result in duplicate addresses in X-Forwarded-For. -- Maxim Dounin http://nginx.org/ From r1ch+nginx at teamliquid.net Thu Jun 29 16:47:36 2017 From: r1ch+nginx at teamliquid.net (Richard Stanway) Date: Thu, 29 Jun 2017 18:47:36 +0200 Subject: Strange issue after nginx update In-Reply-To: <3523972.333.1498730493247.JavaMail.sorry@sorry-Dell-System-XPS-L322X> References: <7255090.1031.1498662518798.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <2819671.1140.1498664451958.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <65421741.150391788.1498688467426.JavaMail.zimbra@netbuilder.it> <3523972.333.1498730493247.JavaMail.sorry@sorry-Dell-System-XPS-L322X> Message-ID: If you want to stream the upload directly to your backend, you should consider fastcgi_request_buffering[1]. The problem is most likely with your PHP backend though, you should examine why it takes so long to process the request. [1] http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_request_buffering On Thu, Jun 29, 2017 at 12:01 PM, Andrea Soracchi wrote: > Hi Payam, > > the problem is between Nginx and Php-fpm, but > > I have set the debug level log to nginx and php-fpm. > > Nginx: > > 2017/06/29 10:05:14 [warn] 5252#5252: *1613 a client request body is > buffered to a temporary file /var/lib/nginx/body/0000000044, client: > 192.168.18.18, server: andrea.eoraptor3.netbuilder.it, request: "POST > /index2.php HTTP/1.1", host: "andrea.eoraptor3.netbuilder.it" > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 write: 9, 0000560D636FBE70, > 8192, 0 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 5488 of 8192 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv > 5488 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest > 54606013 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 2704 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: > Resource temporarily unavailable) > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv > -2 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest > 54606013 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: > 1498723634292, new: 1498723634292 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: > "/index2.php?" > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http read client request body > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1368 of 2704 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv > 1368 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest > 54606013 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 1336 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: > Resource temporarily unavailable) > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv > -2 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest > 54606013 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: > 1498723634292, new: 1498723634293 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: > "/index2.php?" > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http read client request body > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1336 of 1336 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv > 1336 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http body new buf t:1 f:0 > 0000560D636FBE70, pos 0000560D636FBE70, size: 8192 file: 0, size: 0 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http write client request > body, bufs 0000560D636F92C0 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 write: 9, 0000560D636FBE70, > 8192, 8192 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1400 of 8192 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv > 1400 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest > 54597821 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 6792 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: > Resource temporarily unavailable) > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv > -2 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest > 54597821 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: > 1498723634292, new: 1498723634293 > 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: > "/index2.php?" > ... > Repeated several times > ... > ... > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev() not ready (11: > Resource temporarily unavailable) > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer out: > 0000560D637FE780 > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer: 10, old: > 1498723575096, new: 1498723575151 > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: > "/index2.php?" > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request > handler > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request > body > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer in: > 0000560D637FE780 > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev: 8 of 8 > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 sendfile: @54591488 22717 > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 sendfile: 22717 of 22717 > @54591488 > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev: 11 of 11 > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer out: > 0000000000000000 > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer del: 10: > 1498723575096 > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer add: 10: > 300000:1498723815151 > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: > "/index2.php?" > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream dummy handler > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: > "/index2.php?" > 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream dummy handler > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http upstream request: > "/index2.php?" > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http upstream process header > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 malloc: 0000560D637FF560:4096 > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 recv: fd:10 56 of 4096 > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 01 > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 06 > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 01 > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 1D > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 03 > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record length: 29 > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi parser: 0 > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi header: > "Content-type: text/html" > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi parser: 1 > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi header done > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 xslt filter header > 2017/06/29 10:05:40 [debug] 5252#5252: *1613 HTTP/1.1 200 OK^M > > > Php-fpm: > > PHPFPM > > [29-Jun-2017 10:05:14.699514] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 0 active children, 3 spare children, 3 running children. Spawning > rate 1 > > [29-Jun-2017 10:05:16.700710] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:17.701773] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:18.702842] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:19.703778] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:20.705400] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:21.706471] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:22.707537] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:23.707779] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:24.708839] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:25.710378] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:26.710841] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:27.711798] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:28.712864] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:29.713932] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:30.715523] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:31.715785] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:32.716851] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:32.716851] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:33.717931] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:34.719001] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:35.720280] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:36.720662] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:37.721725] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:38.722791] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > [29-Jun-2017 10:05:39.723785] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 1 active children, 2 spare children, 3 running children. Spawning > rate 1 > > [29-Jun-2017 10:05:40.725342] DEBUG: pid 5135, > fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] > currently 0 active children, 3 spare children, 3 running children. Spawning > rate 1 > > > Any idea? > > Thanks a lot, > Andrea > > *ANDREA SORACCHI* > *+39 329 0512704 <+393290512702>* > System Engineer > > +39 0521 24 77 91 > soracchi at netbuilder.it > > ------------------------------ > *From: *"Payam Chychi" > *To: *nginx at nginx.org > *Sent: *Gioved?, 29 giugno 2017 6:38:09 > *Subject: *Re: Strange issue after nginx update > > > Are you seeing any errors in your php log? > are you connecting to the hostname or ip? > > Also, make sure your interface is connected at full duplex. whats the > output of "ethtool eth0" replace eth0 with your nic in use. > > not sure what else really... > id say to check dns but its all local to you > > - Payam > > > On Wed, Jun 28, 2017 at 9:01 PM Anoop Alias > wrote: > >> give a try changing the nameservers in /etc/resolv.conf >> >> On Thu, Jun 29, 2017 at 3:51 AM, Andrea Soracchi < >> soracchi at multidialogo.it> wrote: >> >>> Hi, >>> >>> I have attached part of the ettercap log. >>> >>> I have posted a test file of 40MB. >>> >>> The delay is 29 second: >>> >>> from the last file's chunk at 23:56:06 >>> >>> to the response of index2.php at 23:56:35 >>> >>> The nginx's log show: >>> >>> 192.168.18.18 - - [28/Jun/2017:23:56:35 +0200] "POST /index2.php >>> HTTP/1.1" 200 37 "-" "Generic Client" >>> >>> Nothing retransmits, SElinux isn't installed and apparmor is stopped. >>> >>> Nothing in dmesg... >>> >>> Thanks a lot, >>> >>> >>> *ANDREA SORACCHI* >>> *+39 329 0512704 <+393290512702>* >>> System Engineer >>> >>> +39 0521 24 77 91 >>> soracchi at netbuilder.it >>> >>> ------------------------------ >>> *Da: *"Payam Chychi" >>> *A: *"nginx" >>> *Inviato: *Mercoled?, 28 giugno 2017 19:56:04 >>> *Oggetto: *Re: Strange issue after nginx update >>> >>> >>> On Wed, Jun 28, 2017 at 8:41 AM Andrea Soracchi < >>> soracchi at multidialogo.it> wrote: >>> >>>> Hi, >>>> could you please help me solve this issue? I'm getting crazy! >>>> >>>> Before the nginx update my client worked perfectly: it posted files to >>>> my website without any delay. >>>> >>>> How, after nginx update (ubuntu 16.04 LTS) I've got this issue: >>>> >>>> - the client posts files successfully but the answer of the post is >>>> delayed. The more the file is bigger, the more the answer is delayed. >>>> >>>> I put a sniffer into the website' server and I noticed that the nginx >>>> receives the post but it waits to transfer the file to php-fpm process, so >>>> also the answer to the client is delayed >>>> >>>> The nginx server is: >>>> >>>> nginx/1.10.0 (Ubuntu) and its conf is: >>>> >>>> ----- >>>> user www-data; >>>> worker_processes auto; >>>> pid /run/nginx.pid; >>>> >>>> events { >>>> worker_connections 768; >>>> # multi_accept on; >>>> } >>>> >>>> http { >>>> sendfile on; >>>> tcp_nodelay on; >>>> keepalive_timeout 65; >>>> types_hash_max_size 2048; >>>> client_max_body_size 0; >>>> log_not_found off; >>>> server_name_in_redirect off; >>>> client_body_timeout 120s; >>>> autoindex off; >>>> include /etc/nginx/mime.types; >>>> default_type application/octet-stream; >>>> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: >>>> POODLE >>>> ssl_prefer_server_ciphers on; >>>> access_log /var/log/nginx/access.log; >>>> error_log /var/log/nginx/error.log info; >>>> gzip on; >>>> gzip_disable "msie6"; >>>> gzip_types text/plain text/css application/json >>>> application/javascript text/xml application/xml application/xml+rss >>>> text/javascript; >>>> include /etc/nginx/conf.d/*.conf; >>>> include /etc/nginx/sites-enabled/*; >>>> --- >>>> >>>> and website's php-fpm conf is: >>>> >>>> server { >>>> listen 80; >>>> server_name test.it; >>>> server_name_in_redirect off; >>>> autoindex off; >>>> client_max_body_size 500m; >>>> index index.html; >>>> root /home/test/test; >>>> location ~ \.(php|html|htm|php3)$ { >>>> try_files $uri 404; >>>> fastcgi_pass unix:/run/php/mdtest-fpm.sock; >>>> include fastcgi_params; >>>> } >>>> } >>>> >>>> fastcgi_params config: >>>> >>>> fastcgi_param QUERY_STRING $query_string; >>>> fastcgi_param REQUEST_METHOD $request_method; >>>> fastcgi_param CONTENT_TYPE $content_type; >>>> fastcgi_param CONTENT_LENGTH $content_length; >>>> >>>> fastcgi_param SCRIPT_NAME $fastcgi_script_name; >>>> fastcgi_param REQUEST_URI $request_uri; >>>> fastcgi_param DOCUMENT_URI $document_uri; >>>> fastcgi_param DOCUMENT_ROOT $document_root; >>>> fastcgi_param SERVER_PROTOCOL $server_protocol; >>>> fastcgi_param REQUEST_SCHEME $scheme; >>>> fastcgi_param HTTPS $https if_not_empty; >>>> >>>> fastcgi_param GATEWAY_INTERFACE CGI/1.1; >>>> fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; >>>> >>>> fastcgi_param REMOTE_ADDR $remote_addr; >>>> fastcgi_param REMOTE_PORT $remote_port; >>>> fastcgi_param SERVER_ADDR $server_addr; >>>> fastcgi_param SERVER_PORT $server_port; >>>> #fastcgi_param SERVER_NAME $server_name; >>>> fastcgi_param SERVER_NAME $http_host; >>>> >>>> # PHP only, required if PHP was built with --enable-force-cgi-redirect >>>> fastcgi_param REDIRECT_STATUS 200; >>>> >>>> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; >>>> >>>> >>>> Thanks a lot, >>>> Andrea >>>> >>>> >>>> *ANDREA SORACCHI* >>>> *+39 329 0512704 <+393290512702>* >>>> System Engineer >>>> >>>> +39 0521 24 77 91 >>>> soracchi at netbuilder.it >>>> >>>> _______________________________________________ >>>> nginx mailing list >>>> nginx at nginx.org >>>> http://mailman.nginx.org/mailman/listinfo/ >>>> nginx >>> >>> >>> hi, >>> >>> can you show the related wireshark data, how long is the response >>> delayed by? and anything else like retransmits or anything else? >>> >>> any SElinux security throtelling taking place? anything in dmesg? >>> >>>> >>>> -- >>> Payam Tarverdyan Chychi >>> Network Security Specialist / Network Engineer >>> >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >>> >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >>> >> >> >> >> -- >> *Anoop P Alias* >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > > -- > Payam Tarverdyan Chychi > Network Security Specialist / Network Engineer > > -- > Questo messaggio e' stato analizzato ed e' risultato non infetto. > This message was scanned and is believed to be clean. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From pchychi at gmail.com Thu Jun 29 16:56:02 2017 From: pchychi at gmail.com (Payam Chychi) Date: Thu, 29 Jun 2017 09:56:02 -0700 Subject: Strange issue after nginx update In-Reply-To: References: <7255090.1031.1498662518798.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <2819671.1140.1498664451958.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <65421741.150391788.1498688467426.JavaMail.zimbra@netbuilder.it> <3523972.333.1498730493247.JavaMail.sorry@sorry-Dell-System-XPS-L322X> Message-ID: set your worker_process to 1 and try again -------------- next part -------------- An HTML attachment was scrubbed... URL: From smntov at gmail.com Thu Jun 29 17:38:12 2017 From: smntov at gmail.com (ST) Date: Thu, 29 Jun 2017 20:38:12 +0300 Subject: Measuring nginx's efficiency In-Reply-To: <2509603.4cb1D1WpUi@vbart-workstation> References: <1498734037.1346.15.camel@gmail.com> <1558053.n2rNauMJac@vbart-workstation> <1498739541.1346.20.camel@gmail.com> <2509603.4cb1D1WpUi@vbart-workstation> Message-ID: <1498757892.8706.33.camel@gmail.com> On Thu, 2017-06-29 at 16:16 +0300, Valentin V. Bartenev wrote: > On Thursday 29 June 2017 15:32:21 ST wrote: > > On Thu, 2017-06-29 at 15:09 +0300, Valentin V. Bartenev wrote: > > > On Thursday 29 June 2017 14:00:37 ST wrote: > > > > Hello, > > > > > > > > with your help I managed to configure nginx and our website now can be > > > > accessed both - through apache and nginx. > > > > > > > > Now, how can I prove to my boss that nginx is more efficient than apache > > > > to switch to it? How do I measure its performance and compare it to that > > > > of apache? Which tools would you recommend? > > > > > > > > Thank you in advance! > > > > > > > > > > I suggest wrk. > > > > > > https://github.com/wg/wrk > > > > > > > Should I stress our production system with this tool? Our system blocks > > users that make to many requests in a given amount of time... > > Also, how do I prove that static content is now served faster? > > > > Thank you. > > > > Switching from Apache to nginx usually isn't about speed, but about scalability. > It's all about how many users/connections you can serve from the same hardware. > Shouldn't it be also about speed, at least for static content, that no longer needs to be served through php-engine? And thus overall loading speed should be higher? From lucas at lucasrolff.com Thu Jun 29 17:43:57 2017 From: lucas at lucasrolff.com (Lucas Rolff) Date: Thu, 29 Jun 2017 17:43:57 +0000 Subject: Measuring nginx's efficiency In-Reply-To: <1498757892.8706.33.camel@gmail.com> References: <1498734037.1346.15.camel@gmail.com> <1558053.n2rNauMJac@vbart-workstation> <1498739541.1346.20.camel@gmail.com> <2509603.4cb1D1WpUi@vbart-workstation> <1498757892.8706.33.camel@gmail.com> Message-ID: <0AF4F569-22D4-449F-A869-F7D2F2C70C3D@lucasrolff.com> If your current apache configuration serves static files via the php engine, then you're doing something very wrong. You might or might not see any speed gain depending on your apache configuration, but you should see a big difference in the amount of resources used to serve traffic. As Valentin mentioned, it's about scalability majority of the time - and that in itself will decrease your costs in hardware or resources that is required to be able to serve your static traffic, and I'm sure whomever you have to prove to, why you should switch from Apache to nginx, would love to see that the cost of running your current setup might decrease to some or to huge extend. If you run wrk as suggested below, you will get a bunch of useful data that will help you chose whichever software solution is the best to use. On 29/06/2017, 19.38, "nginx on behalf of ST" wrote: >On Thu, 2017-06-29 at 16:16 +0300, Valentin V. Bartenev wrote: >> On Thursday 29 June 2017 15:32:21 ST wrote: >> > On Thu, 2017-06-29 at 15:09 +0300, Valentin V. Bartenev wrote: >> > > On Thursday 29 June 2017 14:00:37 ST wrote: >> > > > Hello, >> > > > >> > > > with your help I managed to configure nginx and our website now can be >> > > > accessed both - through apache and nginx. >> > > > >> > > > Now, how can I prove to my boss that nginx is more efficient than apache >> > > > to switch to it? How do I measure its performance and compare it to that >> > > > of apache? Which tools would you recommend? >> > > > >> > > > Thank you in advance! >> > > > >> > > >> > > I suggest wrk. >> > > >> > > https://github.com/wg/wrk >> > > >> > >> > Should I stress our production system with this tool? Our system blocks >> > users that make to many requests in a given amount of time... >> > Also, how do I prove that static content is now served faster? >> > >> > Thank you. >> > >> >> Switching from Apache to nginx usually isn't about speed, but about scalability. >> It's all about how many users/connections you can serve from the same hardware. >> > >Shouldn't it be also about speed, at least for static content, that no >longer needs to be served through php-engine? And thus overall loading >speed should be higher? > >_______________________________________________ >nginx mailing list >nginx at nginx.org >http://mailman.nginx.org/mailman/listinfo/nginx From smntov at gmail.com Thu Jun 29 18:47:09 2017 From: smntov at gmail.com (ST) Date: Thu, 29 Jun 2017 21:47:09 +0300 Subject: Measuring nginx's efficiency In-Reply-To: <0AF4F569-22D4-449F-A869-F7D2F2C70C3D@lucasrolff.com> References: <1498734037.1346.15.camel@gmail.com> <1558053.n2rNauMJac@vbart-workstation> <1498739541.1346.20.camel@gmail.com> <2509603.4cb1D1WpUi@vbart-workstation> <1498757892.8706.33.camel@gmail.com> <0AF4F569-22D4-449F-A869-F7D2F2C70C3D@lucasrolff.com> Message-ID: <1498762029.8706.51.camel@gmail.com> > If your current apache configuration serves static files via the php engine, then you're doing something very wrong. Well, this php-engine is built into apache itself... Anyway, considering only this fact, such a bad apache configuration should not be significantly slower than that of nginx? > You might or might not see any speed gain depending on your apache configuration, but you should see a big difference in the amount of resources used to serve traffic. Which ones? And how exactly can I measure this? This also might be a good point to convince my boss to switch... > As Valentin mentioned, it's about scalability majority of the time - and that in itself will decrease your costs in hardware or resources that is required to be able to serve your static traffic, and I'm sure whomever you have to prove to, why you should switch from Apache to nginx, would love to see that the cost of running your current setup might decrease to some or to huge extend. Right now we have a pretty capable dedicated server which costs ca. 40Euro per month and is an overkill for our needs. So for now resources is not an issue that much... > > If you run wrk as suggested below, you will get a bunch of useful data that will help you chose whichever software solution is the best to use. Do you think I should stress a production server? Thank you! > > > > On 29/06/2017, 19.38, "nginx on behalf of ST" wrote: > > >On Thu, 2017-06-29 at 16:16 +0300, Valentin V. Bartenev wrote: > >> On Thursday 29 June 2017 15:32:21 ST wrote: > >> > On Thu, 2017-06-29 at 15:09 +0300, Valentin V. Bartenev wrote: > >> > > On Thursday 29 June 2017 14:00:37 ST wrote: > >> > > > Hello, > >> > > > > >> > > > with your help I managed to configure nginx and our website now can be > >> > > > accessed both - through apache and nginx. > >> > > > > >> > > > Now, how can I prove to my boss that nginx is more efficient than apache > >> > > > to switch to it? How do I measure its performance and compare it to that > >> > > > of apache? Which tools would you recommend? > >> > > > > >> > > > Thank you in advance! > >> > > > > >> > > > >> > > I suggest wrk. > >> > > > >> > > https://github.com/wg/wrk > >> > > > >> > > >> > Should I stress our production system with this tool? Our system blocks > >> > users that make to many requests in a given amount of time... > >> > Also, how do I prove that static content is now served faster? > >> > > >> > Thank you. > >> > > >> > >> Switching from Apache to nginx usually isn't about speed, but about scalability. > >> It's all about how many users/connections you can serve from the same hardware. > >> > > > >Shouldn't it be also about speed, at least for static content, that no > >longer needs to be served through php-engine? And thus overall loading > >speed should be higher? > > > >_______________________________________________ > >nginx mailing list > >nginx at nginx.org > >http://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From lucas at lucasrolff.com Thu Jun 29 19:02:32 2017 From: lucas at lucasrolff.com (Lucas Rolff) Date: Thu, 29 Jun 2017 19:02:32 +0000 Subject: Measuring nginx's efficiency In-Reply-To: <1498762029.8706.51.camel@gmail.com> References: <1498734037.1346.15.camel@gmail.com> <1558053.n2rNauMJac@vbart-workstation> <1498739541.1346.20.camel@gmail.com> <2509603.4cb1D1WpUi@vbart-workstation> <1498757892.8706.33.camel@gmail.com> <0AF4F569-22D4-449F-A869-F7D2F2C70C3D@lucasrolff.com> <1498762029.8706.51.camel@gmail.com> Message-ID: > Well, this php-engine is built into apache itself Just because apache do have a built in PHP handler such as mod_dso doesn't mean it's actually used to serve static files ( I can tell you that the php engine is never hit if you serve static files) > Anyway, considering only this fact, such a bad apache configuration should not be significantly slower than that of nginx? > Which ones? Things like avoiding .htaccess, using mpm_event instead of prefork or worker, will both increase performance and decrease memory usage > And how exactly can I measure this? Benchmark Change config .... Repeat > Right now we have a pretty capable dedicated server which costs ca. 40Euro per month and is an overkill for our needs. True - but it's good to know what your stack is capable of doing in case of capacity planning, and to see whenever you should scale up your infrastructure - personally I optimize my environments even if I have plenty of resources, because I like being able to handle unexpected spikes in traffic > Do you think I should stress a production server? It's not up to me, or anyone else to decide - we do not know how your application works, and what it does - some people might be able to benchmark a server in product, others might not - it's a case by case thing in my opinion. Just be aware of the consequences by benchmarking/stress testing, such as increased server load, increased response times and possible downtime in case you push it too hard. I've personally done it plenty of times, but I do it in a controlled way and I'm fully aware of what can possibly go wrong. Best Regards, On 29/06/2017, 20.47, "nginx on behalf of ST" wrote: >> If your current apache configuration serves static files via the php engine, then you're doing something very wrong. >Well, this php-engine is built into apache itself... Anyway, considering only this fact, such a bad apache >configuration should not be significantly slower than that of nginx? > >> You might or might not see any speed gain depending on your apache configuration, but you should see a big difference in the amount of resources used to serve traffic. >Which ones? And how exactly can I measure this? This also might be a >good point to convince my boss to switch... > >> As Valentin mentioned, it's about scalability majority of the time - and that in itself will decrease your costs in hardware or resources that is required to be able to serve your static traffic, and I'm sure whomever you have to prove to, why you should switch from Apache to nginx, would love to see that the cost of running your current setup might decrease to some or to huge extend. >Right now we have a pretty capable dedicated server which costs ca. >40Euro per month and is an overkill for our needs. So for now resources >is not an issue that much... > >> >> If you run wrk as suggested below, you will get a bunch of useful data that will help you chose whichever software solution is the best to use. > >Do you think I should stress a production server? > >Thank you! > > >> >> >> >> On 29/06/2017, 19.38, "nginx on behalf of ST" wrote: >> >> >On Thu, 2017-06-29 at 16:16 +0300, Valentin V. Bartenev wrote: >> >> On Thursday 29 June 2017 15:32:21 ST wrote: >> >> > On Thu, 2017-06-29 at 15:09 +0300, Valentin V. Bartenev wrote: >> >> > > On Thursday 29 June 2017 14:00:37 ST wrote: >> >> > > > Hello, >> >> > > > >> >> > > > with your help I managed to configure nginx and our website now can be >> >> > > > accessed both - through apache and nginx. >> >> > > > >> >> > > > Now, how can I prove to my boss that nginx is more efficient than apache >> >> > > > to switch to it? How do I measure its performance and compare it to that >> >> > > > of apache? Which tools would you recommend? >> >> > > > >> >> > > > Thank you in advance! >> >> > > > >> >> > > >> >> > > I suggest wrk. >> >> > > >> >> > > https://github.com/wg/wrk >> >> > > >> >> > >> >> > Should I stress our production system with this tool? Our system blocks >> >> > users that make to many requests in a given amount of time... >> >> > Also, how do I prove that static content is now served faster? >> >> > >> >> > Thank you. >> >> > >> >> >> >> Switching from Apache to nginx usually isn't about speed, but about scalability. >> >> It's all about how many users/connections you can serve from the same hardware. >> >> >> > >> >Shouldn't it be also about speed, at least for static content, that no >> >longer needs to be served through php-engine? And thus overall loading >> >speed should be higher? >> > >> >_______________________________________________ >> >nginx mailing list >> >nginx at nginx.org >> >http://mailman.nginx.org/mailman/listinfo/nginx >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx > >_______________________________________________ >nginx mailing list >nginx at nginx.org >http://mailman.nginx.org/mailman/listinfo/nginx From lists at lazygranch.com Thu Jun 29 19:02:40 2017 From: lists at lazygranch.com (lists at lazygranch.com) Date: Thu, 29 Jun 2017 12:02:40 -0700 Subject: Measuring nginx's efficiency In-Reply-To: <0AF4F569-22D4-449F-A869-F7D2F2C70C3D@lucasrolff.com> References: <1498734037.1346.15.camel@gmail.com> <1558053.n2rNauMJac@vbart-workstation> <1498739541.1346.20.camel@gmail.com> <2509603.4cb1D1WpUi@vbart-workstation> <1498757892.8706.33.camel@gmail.com> <0AF4F569-22D4-449F-A869-F7D2F2C70C3D@lucasrolff.com> Message-ID: <20170629190240.5677141.47929.31918@lazygranch.com> Simply to reduce the attack surface, I would not use PHP if all that is served is static pages.? If you are just serving static pages, you may be able to reduce your verbs to "head" and "get". That is avoid "post." Again attack surface reduction. I put PHP in a "map" search and it is a favorite hacker target. It may seem like overkill to look for attacks on something I don't use, but all those IP addresses get logged and if a datacenter is used, then I block the entire IP space in the firewall. I call it a preemptive strike. Harmless today doesn't mean harmless forever.? ? Original Message ? From: Lucas Rolff Sent: Thursday, June 29, 2017 10:44 AM To: nginx at nginx.org Reply To: nginx at nginx.org Subject: Re: Measuring nginx's efficiency If your current apache configuration serves static files via the php engine, then you're doing something very wrong. You might or might not see any speed gain depending on your apache configuration, but you should see a big difference in the amount of resources used to serve traffic. As Valentin mentioned, it's about scalability majority of the time - and that in itself will decrease your costs in hardware or resources that is required to be able to serve your static traffic, and I'm sure whomever you have to prove to, why you should switch from Apache to nginx, would love to see that the cost of running your current setup might decrease to some or to huge extend. If you run wrk as suggested below, you will get a bunch of useful data that will help you chose whichever software solution is the best to use. On 29/06/2017, 19.38, "nginx on behalf of ST" wrote: >On Thu, 2017-06-29 at 16:16 +0300, Valentin V. Bartenev wrote: >> On Thursday 29 June 2017 15:32:21 ST wrote: >> > On Thu, 2017-06-29 at 15:09 +0300, Valentin V. Bartenev wrote: >> > > On Thursday 29 June 2017 14:00:37 ST wrote: >> > > > Hello, >> > > > >> > > > with your help I managed to configure nginx and our website now can be >> > > > accessed both - through apache and nginx. >> > > > >> > > > Now, how can I prove to my boss that nginx is more efficient than apache >> > > > to switch to it? How do I measure its performance and compare it to that >> > > > of apache? Which tools would you recommend? >> > > > >> > > > Thank you in advance! >> > > > >> > > >> > > I suggest wrk. >> > > >> > > https://github.com/wg/wrk >> > > >> > >> > Should I stress our production system with this tool? Our system blocks >> > users that make to many requests in a given amount of time... >> > Also, how do I prove that static content is now served faster? >> > >> > Thank you. >> > >> >> Switching from Apache to nginx usually isn't about speed, but about scalability. >> It's all about how many users/connections you can serve from the same hardware. >> > >Shouldn't it be also about speed, at least for static content, that no >longer needs to be served through php-engine? And thus overall loading >speed should be higher? > >_______________________________________________ >nginx mailing list >nginx at nginx.org >http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at forum.nginx.org Thu Jun 29 19:20:32 2017 From: nginx-forum at forum.nginx.org (AjaySawant) Date: Thu, 29 Jun 2017 15:20:32 -0400 Subject: Nginx redirect quey string to url Message-ID: <0766cd9c0d9a2335209ebbbd401b2ce3.NginxMailingListEnglish@forum.nginx.org> I am trying to redirect a query string to url and I am using like this but it is somehow not working. Can somebody help? rewrite ^/abc/xyz/def.php?Id=13 http://www.example.com/fhu/foo permanent; rewrite ^/abc/xyz/def.php?Id=14 http://www.example.com/fhu/bar permanent; Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275218,275218#msg-275218 From r1ch+nginx at teamliquid.net Thu Jun 29 23:22:09 2017 From: r1ch+nginx at teamliquid.net (Richard Stanway) Date: Fri, 30 Jun 2017 01:22:09 +0200 Subject: Nginx redirect quey string to url In-Reply-To: <0766cd9c0d9a2335209ebbbd401b2ce3.NginxMailingListEnglish@forum.nginx.org> References: <0766cd9c0d9a2335209ebbbd401b2ce3.NginxMailingListEnglish@forum.nginx.org> Message-ID: rewrite and location matching do not include query strings. As a quick workaround, I believe you could do something like this: if ($request_uri = "/abc/xyz/def.php?Id=13") { return 301 " http://www.example.com/fhu/foo"; } Be aware that this matches the request exactly - query string parameters must be in the same order and case. On Thu, Jun 29, 2017 at 9:20 PM, AjaySawant wrote: > I am trying to redirect a query string to url and I am using like this but > it is somehow not working. Can somebody help? > > rewrite ^/abc/xyz/def.php?Id=13 http://www.example.com/fhu/foo permanent; > rewrite ^/abc/xyz/def.php?Id=14 http://www.example.com/fhu/bar permanent; > > Posted at Nginx Forum: https://forum.nginx.org/read. > php?2,275218,275218#msg-275218 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From soracchi at multidialogo.it Thu Jun 29 23:46:12 2017 From: soracchi at multidialogo.it (Andrea Soracchi) Date: Fri, 30 Jun 2017 01:46:12 +0200 (CEST) Subject: Strange issue after nginx update In-Reply-To: References: <7255090.1031.1498662518798.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <2819671.1140.1498664451958.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <65421741.150391788.1498688467426.JavaMail.zimbra@netbuilder.it> <3523972.333.1498730493247.JavaMail.sorry@sorry-Dell-System-XPS-L322X> Message-ID: <1514956751.155023111.1498779972105.JavaMail.zimbra@netbuilder.it> Hi Richard, I have the same problem with fastcgi_request_buffering[1] set to off: *21 http read client request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv: fd:11 -1 of 1744 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv() not ready (11: Resource temporarily unavailable) 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body recv -2 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body rest 8077 2017/06/30 01:33:54 [debug] 19140#19140: *21 event timer: 11, old: 1498779354309, new: 1498779354309 2017/06/30 01:33:54 [debug] 19140#19140: *21 http run request: "/index2.php?" 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream check client, write event:1, "/index2.php" 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream recv(): -1 (11: Resource temporarily unavailable) 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream request: "/index2.php?" 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request handler 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 fastcgi output filter 2017/06/30 01:33:54 [debug] 19140#19140: *21 chain writer in: 0000000000000000 2017/06/30 01:33:54 [debug] 19140#19140: *21 http read client request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv: fd:11 -1 of 1744 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv() not ready (11: Resource temporarily unavailable) 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body recv -2 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body rest 8077 2017/06/30 01:33:54 [debug] 19140#19140: *21 event timer: 11, old: 1498779354309, new: 1498779354309 2017/06/30 01:33:54 [debug] 19140#19140: *21 http run request: "/index2.php?" 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream read request handler 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 http read client request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv: fd:11 1744 of 1744 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body recv 1744 @Payam I try worker_process to 1 but same result. The php-fpm log is free of errors... ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it Da: "Richard Stanway" A: "nginx" Inviato: Gioved?, 29 giugno 2017 18:47:36 Oggetto: Re: Strange issue after nginx update If you want to stream the upload directly to your backend, you should consider fastcgi_request_buffering[1]. The problem is most likely with your PHP backend though, you should examine why it takes so long to process the request. [1] http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_request_buffering On Thu, Jun 29, 2017 at 12:01 PM, Andrea Soracchi < soracchi at multidialogo.it > wrote: Hi Payam, the problem is between Nginx and Php-fpm, but I have set the debug level log to nginx and php-fpm. Nginx: 2017/06/29 10:05:14 [warn] 5252#5252: *1613 a client request body is buffered to a temporary file /var/lib/nginx/body/0000000044, client: 192.168.18.18, server: andrea.eoraptor3.netbuilder.it , request: "POST /index2.php HTTP/1.1", host: " andrea.eoraptor3.netbuilder.it " 2017/06/29 10:05:14 [debug] 5252#5252: *1613 write: 9, 0000560D636FBE70, 8192, 0 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 5488 of 8192 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 5488 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 2704 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv -2 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: 1498723634292, new: 1498723634292 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: "/index2.php?" 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http read client request body 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1368 of 2704 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 1368 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 1336 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv -2 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: 1498723634292, new: 1498723634293 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: "/index2.php?" 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http read client request body 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1336 of 1336 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 1336 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http body new buf t:1 f:0 0000560D636FBE70, pos 0000560D636FBE70, size: 8192 file: 0, size: 0 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http write client request body, bufs 0000560D636F92C0 2017/06/29 10:05:14 [debug] 5252#5252: *1613 write: 9, 0000560D636FBE70, 8192, 8192 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1400 of 8192 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 1400 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54597821 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 6792 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv -2 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54597821 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: 1498723634292, new: 1498723634293 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: "/index2.php?" ... Repeated several times ... ... 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer out: 0000560D637FE780 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer: 10, old: 1498723575096, new: 1498723575151 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request handler 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request body 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer in: 0000560D637FE780 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev: 8 of 8 2017/06/29 10:05:15 [debug] 5252#5252: *1613 sendfile: @54591488 22717 2017/06/29 10:05:15 [debug] 5252#5252: *1613 sendfile: 22717 of 22717 @54591488 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev: 11 of 11 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer out: 0000000000000000 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer del: 10: 1498723575096 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer add: 10: 300000:1498723815151 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream dummy handler 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream dummy handler 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http upstream process header 2017/06/29 10:05:40 [debug] 5252#5252: *1613 malloc: 0000560D637FF560:4096 2017/06/29 10:05:40 [debug] 5252#5252: *1613 recv: fd:10 56 of 4096 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 01 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 06 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 01 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 1D 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 03 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record length: 29 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi parser: 0 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi header: "Content-type: text/html" 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi parser: 1 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi header done 2017/06/29 10:05:40 [debug] 5252#5252: *1613 xslt filter header 2017/06/29 10:05:40 [debug] 5252#5252: *1613 HTTP/1.1 200 OK^M Php-fpm: PHPFPM [29-Jun-2017 10:05:14.699514] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 0 active children, 3 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:16.700710] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:17.701773] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:18.702842] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:19.703778] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:20.705400] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:21.706471] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:22.707537] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:23.707779] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:24.708839] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:25.710378] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:26.710841] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:27.711798] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:28.712864] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:29.713932] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:30.715523] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:31.715785] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:32.716851] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:32.716851] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:33.717931] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:34.719001] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:35.720280] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:36.720662] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:37.721725] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:38.722791] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:39.723785] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:40.725342] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 0 active children, 3 spare children, 3 running children. Spawning rate 1 Any idea? Thanks a lot, Andrea ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it From: "Payam Chychi" < pchychi at gmail.com > To: nginx at nginx.org Sent: Gioved?, 29 giugno 2017 6:38:09 Subject: Re: Strange issue after nginx update Are you seeing any errors in your php log? are you connecting to the hostname or ip? Also, make sure your interface is connected at full duplex. whats the output of " ethtool eth0" replace eth0 with your nic in use. not sure what else really... id say to check dns but its all local to you - Payam On Wed, Jun 28, 2017 at 9:01 PM Anoop Alias < anoopalias01 at gmail.com > wrote: BQ_BEGIN give a try changing the nameservers in /etc/resolv.conf On Thu, Jun 29, 2017 at 3:51 AM, Andrea Soracchi < soracchi at multidialogo.it > wrote: BQ_BEGIN Hi, I have attached part of the ettercap log . I have posted a test file of 40MB. The delay is 29 second: from the last file's chunk at 23:56:06 to the response of index2.php at 23:56:35 The nginx's log show: 192.168.18.18 - - [28/Jun/2017:23:56:35 +0200] "POST /index2.php HTTP/1.1" 200 37 "-" "Generic Client" Nothing retransmits, SElinux isn't installed and apparmor is stopped. Nothing in dmesg... Thanks a lot, ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it Da: "Payam Chychi" < pchychi at gmail.com > A: "nginx" < nginx at nginx.org > Inviato: Mercoled?, 28 giugno 2017 19:56:04 Oggetto: Re: Strange issue after nginx update On Wed, Jun 28, 2017 at 8:41 AM Andrea Soracchi < soracchi at multidialogo.it > wrote: BQ_BEGIN Hi, could you please help me solve this issue? I'm getting crazy! Before the nginx update my client worked perfectly: it posted files to my website without any delay. How, after nginx update (ubuntu 16.04 LTS) I've got this issue: - the client posts files successfully but the answer of the post is delayed. The more the file is bigger, the more the answer is delayed. I put a sniffer into the website' server and I noticed that the nginx receives the post but it waits to transfer the file to php-fpm process, so also the answer to the client is delayed The nginx server is: nginx/1.10.0 (Ubuntu) and its conf is: ----- user www-data; worker_processes auto; pid /run/nginx.pid; events { worker_connections 768; # multi_accept on; } http { sendfile on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; client_max_body_size 0; log_not_found off; server_name_in_redirect off; client_body_timeout 120s; autoindex off; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log info; gzip on; gzip_disable "msie6"; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; --- and website's php-fpm conf is: server { listen 80; server_name test.it ; server_name_in_redirect off; autoindex off; client_max_body_size 500m; index index.html; root /home/test/test; location ~ \.(php|html|htm|php3)$ { try_files $uri 404; fastcgi_pass unix:/run/php/mdtest-fpm.sock; include fastcgi_params; } } fastcgi_params config: fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; #fastcgi_param SERVER_NAME $server_name; fastcgi_param SERVER_NAME $http_host; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; Thanks a lot, Andrea ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/ nginx BQ_BEGIN BQ_END hi, can you show the related wireshark data, how long is the response delayed by? and anything else like retransmits or anything else? any SElinux security throtelling taking place? anything in dmesg? BQ_BEGIN BQ_END -- Payam Tarverdyan Chychi Network Security Specialist / Network Engineer _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx BQ_END -- Anoop P Alias _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx BQ_END -- Payam Tarverdyan Chychi Network Security Specialist / Network Engineer -- Questo messaggio e' stato analizzato ed e' risultato non infetto. This message was scanned and is believed to be clean. _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx BQ_END -- Questo messaggio e' stato analizzato ed e' risultato non infetto. This message was scanned and is believed to be clean. _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Thu Jun 29 23:54:30 2017 From: nginx-forum at forum.nginx.org (AjaySawant) Date: Thu, 29 Jun 2017 19:54:30 -0400 Subject: Nginx redirect quey string to url In-Reply-To: References: Message-ID: Thanks Richard for replying but somehow this is not working. I see it is being redirected to http://www.example.com/fhu but not to http://www.example.com/fhu/foo and http://www.example.com/fhu/bar. As you mentioned I have matched the case exactly. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275218,275226#msg-275226 From r1ch+nginx at teamliquid.net Fri Jun 30 00:17:08 2017 From: r1ch+nginx at teamliquid.net (Richard Stanway) Date: Fri, 30 Jun 2017 02:17:08 +0200 Subject: Strange issue after nginx update In-Reply-To: <1514956751.155023111.1498779972105.JavaMail.zimbra@netbuilder.it> References: <7255090.1031.1498662518798.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <2819671.1140.1498664451958.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <65421741.150391788.1498688467426.JavaMail.zimbra@netbuilder.it> <3523972.333.1498730493247.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <1514956751.155023111.1498779972105.JavaMail.zimbra@netbuilder.it> Message-ID: Have you enabled the slowlog and request_slowlog_timeout directives in the php-fpm pool that this request is going to? These may provide a hint as to where the problem lies. On Fri, Jun 30, 2017 at 1:46 AM, Andrea Soracchi wrote: > Hi Richard, > > I have the same problem with fastcgi_request_buffering[1] set to off: > > *21 http read client request body > 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv: fd:11 -1 of 1744 > 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv() not ready (11: > Resource temporarily unavailable) > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body recv > -2 > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body rest > 8077 > 2017/06/30 01:33:54 [debug] 19140#19140: *21 event timer: 11, old: > 1498779354309, new: 1498779354309 > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http run request: > "/index2.php?" > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream check client, > write event:1, "/index2.php" > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream recv(): -1 (11: > Resource temporarily unavailable) > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream request: > "/index2.php?" > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request > handler > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request > body > 2017/06/30 01:33:54 [debug] 19140#19140: *21 fastcgi output filter > 2017/06/30 01:33:54 [debug] 19140#19140: *21 chain writer in: > 0000000000000000 > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http read client request body > 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv: fd:11 -1 of 1744 > 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv() not ready (11: > Resource temporarily unavailable) > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body recv > -2 > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body rest > 8077 > 2017/06/30 01:33:54 [debug] 19140#19140: *21 event timer: 11, old: > 1498779354309, new: 1498779354309 > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http run request: > "/index2.php?" > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream read request > handler > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request > body > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http read client request body > 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv: fd:11 1744 of 1744 > 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body recv > 1744 > > @Payam I try worker_process to 1 but same result. > > The php-fpm log is free of errors... > > > > > *ANDREA SORACCHI* > *+39 329 0512704 <+393290512702>* > System Engineer > > +39 0521 24 77 91 > soracchi at netbuilder.it > > ------------------------------ > *Da: *"Richard Stanway" > *A: *"nginx" > *Inviato: *Gioved?, 29 giugno 2017 18:47:36 > > *Oggetto: *Re: Strange issue after nginx update > > If you want to stream the upload directly to your backend, you should > consider fastcgi_request_buffering[1]. > The problem is most likely with your PHP backend though, you should > examine why it takes so long to process the request. > > [1] http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html# > fastcgi_request_buffering > > On Thu, Jun 29, 2017 at 12:01 PM, Andrea Soracchi < > soracchi at multidialogo.it> wrote: > >> Hi Payam, >> >> the problem is between Nginx and Php-fpm, but >> >> I have set the debug level log to nginx and php-fpm. >> >> Nginx: >> >> 2017/06/29 10:05:14 [warn] 5252#5252: *1613 a client request body is >> buffered to a temporary file /var/lib/nginx/body/0000000044, client: >> 192.168.18.18, server: andrea.eoraptor3.netbuilder.it, request: "POST >> /index2.php HTTP/1.1", host: "andrea.eoraptor3.netbuilder.it" >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 write: 9, 0000560D636FBE70, >> 8192, 0 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 5488 of 8192 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body >> recv 5488 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body >> rest 54606013 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 2704 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: >> Resource temporarily unavailable) >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body >> recv -2 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body >> rest 54606013 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: >> 1498723634292, new: 1498723634292 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: >> "/index2.php?" >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http read client request body >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1368 of 2704 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body >> recv 1368 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body >> rest 54606013 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 1336 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: >> Resource temporarily unavailable) >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body >> recv -2 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body >> rest 54606013 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: >> 1498723634292, new: 1498723634293 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: >> "/index2.php?" >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http read client request body >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1336 of 1336 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body >> recv 1336 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http body new buf t:1 f:0 >> 0000560D636FBE70, pos 0000560D636FBE70, size: 8192 file: 0, size: 0 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http write client request >> body, bufs 0000560D636F92C0 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 write: 9, 0000560D636FBE70, >> 8192, 8192 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1400 of 8192 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body >> recv 1400 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body >> rest 54597821 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 6792 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: >> Resource temporarily unavailable) >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body >> recv -2 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body >> rest 54597821 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: >> 1498723634292, new: 1498723634293 >> 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: >> "/index2.php?" >> ... >> Repeated several times >> ... >> ... >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev() not ready (11: >> Resource temporarily unavailable) >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer out: >> 0000560D637FE780 >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer: 10, old: >> 1498723575096, new: 1498723575151 >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: >> "/index2.php?" >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request >> handler >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request >> body >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer in: >> 0000560D637FE780 >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev: 8 of 8 >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 sendfile: @54591488 22717 >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 sendfile: 22717 of 22717 >> @54591488 >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev: 11 of 11 >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer out: >> 0000000000000000 >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer del: 10: >> 1498723575096 >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer add: 10: >> 300000:1498723815151 >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: >> "/index2.php?" >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream dummy handler >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: >> "/index2.php?" >> 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream dummy handler >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http upstream request: >> "/index2.php?" >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http upstream process header >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 malloc: 0000560D637FF560:4096 >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 recv: fd:10 56 of 4096 >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 01 >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 06 >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 01 >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 1D >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 03 >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record length: >> 29 >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi parser: 0 >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi header: >> "Content-type: text/html" >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi parser: 1 >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi header done >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 xslt filter header >> 2017/06/29 10:05:40 [debug] 5252#5252: *1613 HTTP/1.1 200 OK^M >> >> >> Php-fpm: >> >> PHPFPM >> >> [29-Jun-2017 10:05:14.699514] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 0 active children, 3 spare children, 3 running children. Spawning >> rate 1 >> >> [29-Jun-2017 10:05:16.700710] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:17.701773] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:18.702842] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:19.703778] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:20.705400] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:21.706471] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:22.707537] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:23.707779] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:24.708839] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:25.710378] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:26.710841] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:27.711798] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:28.712864] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:29.713932] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:30.715523] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:31.715785] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:32.716851] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:32.716851] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:33.717931] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:34.719001] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:35.720280] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:36.720662] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:37.721725] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:38.722791] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> [29-Jun-2017 10:05:39.723785] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 1 active children, 2 spare children, 3 running children. Spawning >> rate 1 >> >> [29-Jun-2017 10:05:40.725342] DEBUG: pid 5135, >> fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] >> currently 0 active children, 3 spare children, 3 running children. Spawning >> rate 1 >> >> >> Any idea? >> >> Thanks a lot, >> Andrea >> >> *ANDREA SORACCHI* >> *+39 329 0512704 <+393290512702>* >> System Engineer >> >> +39 0521 24 77 91 >> soracchi at netbuilder.it >> >> ------------------------------ >> *From: *"Payam Chychi" >> *To: *nginx at nginx.org >> *Sent: *Gioved?, 29 giugno 2017 6:38:09 >> *Subject: *Re: Strange issue after nginx update >> >> >> Are you seeing any errors in your php log? >> are you connecting to the hostname or ip? >> >> Also, make sure your interface is connected at full duplex. whats the >> output of "ethtool eth0" replace eth0 with your nic in use. >> >> not sure what else really... >> id say to check dns but its all local to you >> >> - Payam >> >> >> On Wed, Jun 28, 2017 at 9:01 PM Anoop Alias >> wrote: >> >>> give a try changing the nameservers in /etc/resolv.conf >>> >>> >>> On Thu, Jun 29, 2017 at 3:51 AM, Andrea Soracchi < >>> soracchi at multidialogo.it> wrote: >>> >>>> Hi, >>>> >>>> I have attached part of the ettercap log. >>>> >>>> I have posted a test file of 40MB. >>>> >>>> The delay is 29 second: >>>> >>>> from the last file's chunk at 23:56:06 >>>> >>>> to the response of index2.php at 23:56:35 >>>> >>>> The nginx's log show: >>>> >>>> 192.168.18.18 - - [28/Jun/2017:23:56:35 +0200] "POST /index2.php >>>> HTTP/1.1" 200 37 "-" "Generic Client" >>>> >>>> Nothing retransmits, SElinux isn't installed and apparmor is stopped. >>>> >>>> Nothing in dmesg... >>>> >>>> Thanks a lot, >>>> >>>> >>>> *ANDREA SORACCHI* >>>> *+39 329 0512704 <+393290512702>* >>>> System Engineer >>>> >>>> +39 0521 24 77 91 >>>> soracchi at netbuilder.it >>>> ------------------------------ >>>> *Da: *"Payam Chychi" >>>> *A: *"nginx" >>>> *Inviato: *Mercoled?, 28 giugno 2017 19:56:04 >>>> *Oggetto: *Re: Strange issue after nginx update >>>> >>>> >>>> On Wed, Jun 28, 2017 at 8:41 AM Andrea Soracchi < >>>> soracchi at multidialogo.it> wrote: >>>> >>>>> Hi, >>>>> could you please help me solve this issue? I'm getting crazy! >>>>> >>>>> Before the nginx update my client worked perfectly: it posted files to >>>>> my website without any delay. >>>>> >>>>> How, after nginx update (ubuntu 16.04 LTS) I've got this issue: >>>>> >>>>> - the client posts files successfully but the answer of the post is >>>>> delayed. The more the file is bigger, the more the answer is delayed. >>>>> >>>>> I put a sniffer into the website' server and I noticed that the nginx >>>>> receives the post but it waits to transfer the file to php-fpm process, so >>>>> also the answer to the client is delayed >>>>> >>>>> The nginx server is: >>>>> >>>>> nginx/1.10.0 (Ubuntu) and its conf is: >>>>> >>>>> ----- >>>>> user www-data; >>>>> worker_processes auto; >>>>> pid /run/nginx.pid; >>>>> >>>>> events { >>>>> worker_connections 768; >>>>> # multi_accept on; >>>>> } >>>>> >>>>> http { >>>>> sendfile on; >>>>> tcp_nodelay on; >>>>> keepalive_timeout 65; >>>>> types_hash_max_size 2048; >>>>> client_max_body_size 0; >>>>> log_not_found off; >>>>> server_name_in_redirect off; >>>>> client_body_timeout 120s; >>>>> autoindex off; >>>>> include /etc/nginx/mime.types; >>>>> default_type application/octet-stream; >>>>> ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: >>>>> POODLE >>>>> ssl_prefer_server_ciphers on; >>>>> access_log /var/log/nginx/access.log; >>>>> error_log /var/log/nginx/error.log info; >>>>> gzip on; >>>>> gzip_disable "msie6"; >>>>> gzip_types text/plain text/css application/json >>>>> application/javascript text/xml application/xml application/xml+rss >>>>> text/javascript; >>>>> include /etc/nginx/conf.d/*.conf; >>>>> include /etc/nginx/sites-enabled/*; >>>>> --- >>>>> >>>>> and website's php-fpm conf is: >>>>> >>>>> server { >>>>> listen 80; >>>>> server_name test.it; >>>>> server_name_in_redirect off; >>>>> autoindex off; >>>>> client_max_body_size 500m; >>>>> index index.html; >>>>> root /home/test/test; >>>>> location ~ \.(php|html|htm|php3)$ { >>>>> try_files $uri 404; >>>>> fastcgi_pass unix:/run/php/mdtest-fpm.sock; >>>>> include fastcgi_params; >>>>> } >>>>> } >>>>> >>>>> fastcgi_params config: >>>>> >>>>> fastcgi_param QUERY_STRING $query_string; >>>>> fastcgi_param REQUEST_METHOD $request_method; >>>>> fastcgi_param CONTENT_TYPE $content_type; >>>>> fastcgi_param CONTENT_LENGTH $content_length; >>>>> >>>>> fastcgi_param SCRIPT_NAME $fastcgi_script_name; >>>>> fastcgi_param REQUEST_URI $request_uri; >>>>> fastcgi_param DOCUMENT_URI $document_uri; >>>>> fastcgi_param DOCUMENT_ROOT $document_root; >>>>> fastcgi_param SERVER_PROTOCOL $server_protocol; >>>>> fastcgi_param REQUEST_SCHEME $scheme; >>>>> fastcgi_param HTTPS $https if_not_empty; >>>>> >>>>> fastcgi_param GATEWAY_INTERFACE CGI/1.1; >>>>> fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; >>>>> >>>>> fastcgi_param REMOTE_ADDR $remote_addr; >>>>> fastcgi_param REMOTE_PORT $remote_port; >>>>> fastcgi_param SERVER_ADDR $server_addr; >>>>> fastcgi_param SERVER_PORT $server_port; >>>>> #fastcgi_param SERVER_NAME $server_name; >>>>> fastcgi_param SERVER_NAME $http_host; >>>>> >>>>> # PHP only, required if PHP was built with --enable-force-cgi-redirect >>>>> fastcgi_param REDIRECT_STATUS 200; >>>>> >>>>> fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; >>>>> >>>>> >>>>> Thanks a lot, >>>>> Andrea >>>>> >>>>> >>>>> *ANDREA SORACCHI* >>>>> *+39 329 0512704 <+393290512702>* >>>>> System Engineer >>>>> >>>>> +39 0521 24 77 91 >>>>> soracchi at netbuilder.it >>>>> >>>>> _______________________________________________ >>>>> nginx mailing list >>>>> nginx at nginx.org >>>>> http://mailman.nginx.org/mailman/listinfo/ >>>>> nginx >>>> >>>> >>>> hi, >>>> >>>> can you show the related wireshark data, how long is the response >>>> delayed by? and anything else like retransmits or anything else? >>>> >>>> any SElinux security throtelling taking place? anything in dmesg? >>>> >>>>> >>>>> -- >>>> Payam Tarverdyan Chychi >>>> Network Security Specialist / Network Engineer >>>> >>>> _______________________________________________ >>>> nginx mailing list >>>> nginx at nginx.org >>>> http://mailman.nginx.org/mailman/listinfo/nginx >>>> >>>> _______________________________________________ >>>> nginx mailing list >>>> nginx at nginx.org >>>> http://mailman.nginx.org/mailman/listinfo/nginx >>>> >>> >>> >>> >>> -- >>> *Anoop P Alias* >>> _______________________________________________ >>> nginx mailing list >>> nginx at nginx.org >>> http://mailman.nginx.org/mailman/listinfo/nginx >>> >> -- >> Payam Tarverdyan Chychi >> Network Security Specialist / Network Engineer >> >> -- >> Questo messaggio e' stato analizzato ed e' risultato non infetto. >> This message was scanned and is believed to be clean. >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > -- > Questo messaggio e' stato analizzato ed e' risultato non infetto. > This message was scanned and is believed to be clean. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Fri Jun 30 05:32:04 2017 From: nginx-forum at forum.nginx.org (webeau) Date: Fri, 30 Jun 2017 01:32:04 -0400 Subject: XSLT Error - parser error : Document is empty Message-ID: I have been using the same XSLT files and proxy to an xml document for several generations without any problem. Recently (~1.11) I am getting an error when I do 'nginx -t': /etc/nginx/xsl/so.xslt:1: parser error : Document is empty error xsltParseStylesheetFile : cannot parse /etc/nginx/xsl/so.xslt nginx: [error] xsltParseStylesheetFile("/etc/nginx/xsl/so.xslt") failed in /etc/nginx/sites-enabled/miconcinemas.com:220 nginx: configuration file /etc/nginx/nginx.conf test failed I have made no changes to the config or the xslt but have never seen this error before. When I use xlstproc using the same stylesheet with the url to the xml file, the transform works as expected. I am uncertain why this behavior changed. I am looking for suggestions on how I might diagnose this issue further. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275228,275228#msg-275228 From infos at opendoc.net Fri Jun 30 06:18:50 2017 From: infos at opendoc.net (Alexandre) Date: Fri, 30 Jun 2017 08:18:50 +0200 Subject: rewrite with regex to use proxy_pass Message-ID: <20170630081850.5d1d4e17@R2D2> Hello, I have a question, I wish I could parser a url and retrieve fields to inject them to another server. However, I can not. Here is my test: URL : http://mywebsite.net/folder1/folder2/hit.php?s=11111&s2=&p=home::index&x2=[box]&apvr=[5.0]&idclient=&na=&ref= location ~ ^/folder1/folder2/ { rewrite ^/folder1/folder2/hit.php?s=11111&s2=&p=(.*)::(.*)&x2=[box]&apvr=[5.0]&idclient=&na=&ref= /index.php?arg1=$1&arg2=$2 break; proxy_pass http://myinternalsrv.localdom; } In my test, I want to retrieve the pattern "home" and "index" but it does not work. Would you have an idea? Thank you very much for your information. Alex. From soracchi at multidialogo.it Fri Jun 30 08:00:40 2017 From: soracchi at multidialogo.it (Andrea Soracchi) Date: Fri, 30 Jun 2017 10:00:40 +0200 (CEST) Subject: Strange issue after nginx update In-Reply-To: References: <7255090.1031.1498662518798.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <65421741.150391788.1498688467426.JavaMail.zimbra@netbuilder.it> <3523972.333.1498730493247.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <1514956751.155023111.1498779972105.JavaMail.zimbra@netbuilder.it> Message-ID: <30825680.131.1498809638062.JavaMail.sorry@sorry-Dell-System-XPS-L322X> Hi Richard, I have enabled the slowlog but nothing is written in the log. When nginx successfully transfers to php-fpm, execution of the latter is fast. Another log? ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it ----- Original Message ----- From: "Richard Stanway" To: nginx at nginx.org Sent: Venerd?, 30 giugno 2017 2:17:08 Subject: Re: Strange issue after nginx update Have you enabled the slowlog and request_slowlog_timeout directives in the php-fpm pool that this request is going to? These may provide a hint as to where the problem lies. On Fri, Jun 30, 2017 at 1:46 AM, Andrea Soracchi < soracchi at multidialogo.it > wrote: Hi Richard, I have the same problem with fastcgi_request_buffering[1] set to off: *21 http read client request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv: fd:11 -1 of 1744 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv() not ready (11: Resource temporarily unavailable) 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body recv -2 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body rest 8077 2017/06/30 01:33:54 [debug] 19140#19140: *21 event timer: 11, old: 1498779354309, new: 1498779354309 2017/06/30 01:33:54 [debug] 19140#19140: *21 http run request: "/index2.php?" 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream check client, write event:1, "/index2.php" 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream recv(): -1 (11: Resource temporarily unavailable) 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream request: "/index2.php?" 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request handler 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 fastcgi output filter 2017/06/30 01:33:54 [debug] 19140#19140: *21 chain writer in: 0000000000000000 2017/06/30 01:33:54 [debug] 19140#19140: *21 http read client request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv: fd:11 -1 of 1744 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv() not ready (11: Resource temporarily unavailable) 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body recv -2 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body rest 8077 2017/06/30 01:33:54 [debug] 19140#19140: *21 event timer: 11, old: 1498779354309, new: 1498779354309 2017/06/30 01:33:54 [debug] 19140#19140: *21 http run request: "/index2.php?" 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream read request handler 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 http read client request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv: fd:11 1744 of 1744 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body recv 1744 @Payam I try worker_process to 1 but same result. The php-fpm log is free of errors... ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it Da: "Richard Stanway" < r1ch+nginx at teamliquid.net > A: "nginx" < nginx at nginx.org > Inviato: Gioved?, 29 giugno 2017 18:47:36 Oggetto: Re: Strange issue after nginx update If you want to stream the upload directly to your backend, you should consider fastcgi_request_buffering[1]. The problem is most likely with your PHP backend though, you should examine why it takes so long to process the request. [1] http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_request_buffering On Thu, Jun 29, 2017 at 12:01 PM, Andrea Soracchi < soracchi at multidialogo.it > wrote:
Hi Payam, the problem is between Nginx and Php-fpm, but I have set the debug level log to nginx and php-fpm. Nginx: 2017/06/29 10:05:14 [warn] 5252#5252: *1613 a client request body is buffered to a temporary file /var/lib/nginx/body/0000000044, client: 192.168.18.18, server: andrea.eoraptor3.netbuilder.it , request: "POST /index2.php HTTP/1.1", host: " andrea.eoraptor3.netbuilder.it " 2017/06/29 10:05:14 [debug] 5252#5252: *1613 write: 9, 0000560D636FBE70, 8192, 0 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 5488 of 8192 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 5488 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 2704 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv -2 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: 1498723634292, new: 1498723634292 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: "/index2.php?" 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http read client request body 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1368 of 2704 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 1368 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 1336 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv -2 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: 1498723634292, new: 1498723634293 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: "/index2.php?" 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http read client request body 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1336 of 1336 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 1336 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http body new buf t:1 f:0 0000560D636FBE70, pos 0000560D636FBE70, size: 8192 file: 0, size: 0 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http write client request body, bufs 0000560D636F92C0 2017/06/29 10:05:14 [debug] 5252#5252: *1613 write: 9, 0000560D636FBE70, 8192, 8192 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1400 of 8192 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 1400 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54597821 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 6792 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv -2 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54597821 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: 1498723634292, new: 1498723634293 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: "/index2.php?" ... Repeated several times ... ... 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer out: 0000560D637FE780 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer: 10, old: 1498723575096, new: 1498723575151 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request handler 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request body 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer in: 0000560D637FE780 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev: 8 of 8 2017/06/29 10:05:15 [debug] 5252#5252: *1613 sendfile: @54591488 22717 2017/06/29 10:05:15 [debug] 5252#5252: *1613 sendfile: 22717 of 22717 @54591488 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev: 11 of 11 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer out: 0000000000000000 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer del: 10: 1498723575096 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer add: 10: 300000:1498723815151 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream dummy handler 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream dummy handler 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http upstream process header 2017/06/29 10:05:40 [debug] 5252#5252: *1613 malloc: 0000560D637FF560:4096 2017/06/29 10:05:40 [debug] 5252#5252: *1613 recv: fd:10 56 of 4096 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 01 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 06 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 01 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 1D 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 03 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record length: 29 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi parser: 0 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi header: "Content-type: text/html" 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi parser: 1 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi header done 2017/06/29 10:05:40 [debug] 5252#5252: *1613 xslt filter header 2017/06/29 10:05:40 [debug] 5252#5252: *1613 HTTP/1.1 200 OK^M Php-fpm: PHPFPM [29-Jun-2017 10:05:14.699514] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 0 active children, 3 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:16.700710] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:17.701773] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:18.702842] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:19.703778] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:20.705400] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:21.706471] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:22.707537] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:23.707779] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:24.708839] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:25.710378] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:26.710841] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:27.711798] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:28.712864] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:29.713932] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:30.715523] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:31.715785] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:32.716851] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:32.716851] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:33.717931] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:34.719001] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:35.720280] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:36.720662] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:37.721725] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:38.722791] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:39.723785] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:40.725342] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 0 active children, 3 spare children, 3 running children. Spawning rate 1 Any idea? Thanks a lot, Andrea ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it From: "Payam Chychi" < pchychi at gmail.com > To: nginx at nginx.org Sent: Gioved?, 29 giugno 2017 6:38:09 Subject: Re: Strange issue after nginx update Are you seeing any errors in your php log? are you connecting to the hostname or ip? Also, make sure your interface is connected at full duplex. whats the output of " ethtool eth0" replace eth0 with your nic in use. not sure what else really... id say to check dns but its all local to you - Payam On Wed, Jun 28, 2017 at 9:01 PM Anoop Alias < anoopalias01 at gmail.com > wrote:
give a try changing the nameservers in /etc/resolv.conf On Thu, Jun 29, 2017 at 3:51 AM, Andrea Soracchi < soracchi at multidialogo.it > wrote:
Hi, I have attached part of the ettercap log . I have posted a test file of 40MB. The delay is 29 second: from the last file's chunk at 23:56:06 to the response of index2.php at 23:56:35 The nginx's log show: 192.168.18.18 - - [28/Jun/2017:23:56:35 +0200] "POST /index2.php HTTP/1.1" 200 37 "-" "Generic Client" Nothing retransmits, SElinux isn't installed and apparmor is stopped. Nothing in dmesg... Thanks a lot, ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it Da: "Payam Chychi" < pchychi at gmail.com > A: "nginx" < nginx at nginx.org > Inviato: Mercoled?, 28 giugno 2017 19:56:04 Oggetto: Re: Strange issue after nginx update On Wed, Jun 28, 2017 at 8:41 AM Andrea Soracchi < soracchi at multidialogo.it > wrote:
Hi, could you please help me solve this issue? I'm getting crazy! Before the nginx update my client worked perfectly: it posted files to my website without any delay. How, after nginx update (ubuntu 16.04 LTS) I've got this issue: - the client posts files successfully but the answer of the post is delayed. The more the file is bigger, the more the answer is delayed. I put a sniffer into the website' server and I noticed that the nginx receives the post but it waits to transfer the file to php-fpm process, so also the answer to the client is delayed The nginx server is: nginx/1.10.0 (Ubuntu) and its conf is: ----- user www-data; worker_processes auto; pid /run/nginx.pid; events { worker_connections 768; # multi_accept on; } http { sendfile on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; client_max_body_size 0; log_not_found off; server_name_in_redirect off; client_body_timeout 120s; autoindex off; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log info; gzip on; gzip_disable "msie6"; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; --- and website's php-fpm conf is: server { listen 80; server_name test.it ; server_name_in_redirect off; autoindex off; client_max_body_size 500m; index index.html; root /home/test/test; location ~ \.(php|html|htm|php3)$ { try_files $uri 404; fastcgi_pass unix:/run/php/mdtest-fpm.sock; include fastcgi_params; } } fastcgi_params config: fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; #fastcgi_param SERVER_NAME $server_name; fastcgi_param SERVER_NAME $http_host; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; Thanks a lot, Andrea ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/ nginx
hi, can you show the related wireshark data, how long is the response delayed by? and anything else like retransmits or anything else? any SElinux security throtelling taking place? anything in dmesg?
-- Payam Tarverdyan Chychi Network Security Specialist / Network Engineer _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
-- Anoop P Alias _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
-- Payam Tarverdyan Chychi Network Security Specialist / Network Engineer -- Questo messaggio e' stato analizzato ed e' risultato non infetto. This message was scanned and is believed to be clean. _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
-- Questo messaggio e' stato analizzato ed e' risultato non infetto. This message was scanned and is believed to be clean. _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
-- Questo messaggio e' stato analizzato ed e' risultato non infetto. This message was scanned and is believed to be clean. _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From soracchi at multidialogo.it Fri Jun 30 14:10:32 2017 From: soracchi at multidialogo.it (Andrea Soracchi) Date: Fri, 30 Jun 2017 16:10:32 +0200 (CEST) Subject: Strange issue after nginx update In-Reply-To: <30825680.131.1498809638062.JavaMail.sorry@sorry-Dell-System-XPS-L322X> References: <7255090.1031.1498662518798.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <3523972.333.1498730493247.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <1514956751.155023111.1498779972105.JavaMail.zimbra@netbuilder.it> <30825680.131.1498809638062.JavaMail.sorry@sorry-Dell-System-XPS-L322X> Message-ID: <15750487.938.1498831830132.JavaMail.sorry@sorry-Dell-System-XPS-L322X> Hi, same configuration with php7.1-fpm no problem, no delay with post!!! My application doesn't work with php7.1, I'm very very desolated. Any other idea? ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it ----- Original Message ----- From: "Andrea Soracchi" To: nginx at nginx.org Sent: Venerd?, 30 giugno 2017 10:00:40 Subject: Re: Strange issue after nginx update Hi Richard, I have enabled the slowlog but nothing is written in the log. When nginx successfully transfers to php-fpm, execution of the latter is fast. Another log? ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it ----- Original Message ----- From: "Richard Stanway" To: nginx at nginx.org Sent: Venerd?, 30 giugno 2017 2:17:08 Subject: Re: Strange issue after nginx update Have you enabled the slowlog and request_slowlog_timeout directives in the php-fpm pool that this request is going to? These may provide a hint as to where the problem lies. On Fri, Jun 30, 2017 at 1:46 AM, Andrea Soracchi < soracchi at multidialogo.it > wrote: Hi Richard, I have the same problem with fastcgi_request_buffering[1] set to off: *21 http read client request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv: fd:11 -1 of 1744 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv() not ready (11: Resource temporarily unavailable) 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body recv -2 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body rest 8077 2017/06/30 01:33:54 [debug] 19140#19140: *21 event timer: 11, old: 1498779354309, new: 1498779354309 2017/06/30 01:33:54 [debug] 19140#19140: *21 http run request: "/index2.php?" 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream check client, write event:1, "/index2.php" 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream recv(): -1 (11: Resource temporarily unavailable) 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream request: "/index2.php?" 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request handler 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 fastcgi output filter 2017/06/30 01:33:54 [debug] 19140#19140: *21 chain writer in: 0000000000000000 2017/06/30 01:33:54 [debug] 19140#19140: *21 http read client request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv: fd:11 -1 of 1744 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv() not ready (11: Resource temporarily unavailable) 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body recv -2 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body rest 8077 2017/06/30 01:33:54 [debug] 19140#19140: *21 event timer: 11, old: 1498779354309, new: 1498779354309 2017/06/30 01:33:54 [debug] 19140#19140: *21 http run request: "/index2.php?" 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream read request handler 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request 2017/06/30 01:33:54 [debug] 19140#19140: *21 http upstream send request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 http read client request body 2017/06/30 01:33:54 [debug] 19140#19140: *21 recv: fd:11 1744 of 1744 2017/06/30 01:33:54 [debug] 19140#19140: *21 http client request body recv 1744 @Payam I try worker_process to 1 but same result. The php-fpm log is free of errors... ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it Da: "Richard Stanway" < r1ch+nginx at teamliquid.net > A: "nginx" < nginx at nginx.org > Inviato: Gioved?, 29 giugno 2017 18:47:36 Oggetto: Re: Strange issue after nginx update If you want to stream the upload directly to your backend, you should consider fastcgi_request_buffering[1]. The problem is most likely with your PHP backend though, you should examine why it takes so long to process the request. [1] http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_request_buffering On Thu, Jun 29, 2017 at 12:01 PM, Andrea Soracchi < soracchi at multidialogo.it > wrote:
Hi Payam, the problem is between Nginx and Php-fpm, but I have set the debug level log to nginx and php-fpm. Nginx: 2017/06/29 10:05:14 [warn] 5252#5252: *1613 a client request body is buffered to a temporary file /var/lib/nginx/body/0000000044, client: 192.168.18.18, server: andrea.eoraptor3.netbuilder.it , request: "POST /index2.php HTTP/1.1", host: " andrea.eoraptor3.netbuilder.it " 2017/06/29 10:05:14 [debug] 5252#5252: *1613 write: 9, 0000560D636FBE70, 8192, 0 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 5488 of 8192 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 5488 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 2704 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv -2 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: 1498723634292, new: 1498723634292 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: "/index2.php?" 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http read client request body 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1368 of 2704 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 1368 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 1336 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv -2 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54606013 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: 1498723634292, new: 1498723634293 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: "/index2.php?" 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http read client request body 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1336 of 1336 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 1336 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http body new buf t:1 f:0 0000560D636FBE70, pos 0000560D636FBE70, size: 8192 file: 0, size: 0 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http write client request body, bufs 0000560D636F92C0 2017/06/29 10:05:14 [debug] 5252#5252: *1613 write: 9, 0000560D636FBE70, 8192, 8192 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 1400 of 8192 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv 1400 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54597821 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv: fd:3 -1 of 6792 2017/06/29 10:05:14 [debug] 5252#5252: *1613 recv() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body recv -2 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http client request body rest 54597821 2017/06/29 10:05:14 [debug] 5252#5252: *1613 event timer: 3, old: 1498723634292, new: 1498723634293 2017/06/29 10:05:14 [debug] 5252#5252: *1613 http run request: "/index2.php?" ... Repeated several times ... ... 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev() not ready (11: Resource temporarily unavailable) 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer out: 0000560D637FE780 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer: 10, old: 1498723575096, new: 1498723575151 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request handler 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream send request body 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer in: 0000560D637FE780 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev: 8 of 8 2017/06/29 10:05:15 [debug] 5252#5252: *1613 sendfile: @54591488 22717 2017/06/29 10:05:15 [debug] 5252#5252: *1613 sendfile: 22717 of 22717 @54591488 2017/06/29 10:05:15 [debug] 5252#5252: *1613 writev: 11 of 11 2017/06/29 10:05:15 [debug] 5252#5252: *1613 chain writer out: 0000000000000000 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer del: 10: 1498723575096 2017/06/29 10:05:15 [debug] 5252#5252: *1613 event timer add: 10: 300000:1498723815151 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream dummy handler 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:15 [debug] 5252#5252: *1613 http upstream dummy handler 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http upstream request: "/index2.php?" 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http upstream process header 2017/06/29 10:05:40 [debug] 5252#5252: *1613 malloc: 0000560D637FF560:4096 2017/06/29 10:05:40 [debug] 5252#5252: *1613 recv: fd:10 56 of 4096 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 01 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 06 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 01 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 1D 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 03 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record byte: 00 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi record length: 29 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi parser: 0 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi header: "Content-type: text/html" 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi parser: 1 2017/06/29 10:05:40 [debug] 5252#5252: *1613 http fastcgi header done 2017/06/29 10:05:40 [debug] 5252#5252: *1613 xslt filter header 2017/06/29 10:05:40 [debug] 5252#5252: *1613 HTTP/1.1 200 OK^M Php-fpm: PHPFPM [29-Jun-2017 10:05:14.699514] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 0 active children, 3 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:16.700710] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:17.701773] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:18.702842] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:19.703778] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:20.705400] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:21.706471] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:22.707537] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:23.707779] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:24.708839] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:25.710378] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:26.710841] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:27.711798] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:28.712864] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:29.713932] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:30.715523] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:31.715785] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:32.716851] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:32.716851] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:33.717931] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:34.719001] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:35.720280] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:36.720662] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:37.721725] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:38.722791] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:39.723785] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 1 active children, 2 spare children, 3 running children. Spawning rate 1 [29-Jun-2017 10:05:40.725342] DEBUG: pid 5135, fpm_pctl_perform_idle_server_maintenance(), line 379: [pool mdbeta] currently 0 active children, 3 spare children, 3 running children. Spawning rate 1 Any idea? Thanks a lot, Andrea ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it From: "Payam Chychi" < pchychi at gmail.com > To: nginx at nginx.org Sent: Gioved?, 29 giugno 2017 6:38:09 Subject: Re: Strange issue after nginx update Are you seeing any errors in your php log? are you connecting to the hostname or ip? Also, make sure your interface is connected at full duplex. whats the output of " ethtool eth0" replace eth0 with your nic in use. not sure what else really... id say to check dns but its all local to you - Payam On Wed, Jun 28, 2017 at 9:01 PM Anoop Alias < anoopalias01 at gmail.com > wrote:
give a try changing the nameservers in /etc/resolv.conf On Thu, Jun 29, 2017 at 3:51 AM, Andrea Soracchi < soracchi at multidialogo.it > wrote:
Hi, I have attached part of the ettercap log . I have posted a test file of 40MB. The delay is 29 second: from the last file's chunk at 23:56:06 to the response of index2.php at 23:56:35 The nginx's log show: 192.168.18.18 - - [28/Jun/2017:23:56:35 +0200] "POST /index2.php HTTP/1.1" 200 37 "-" "Generic Client" Nothing retransmits, SElinux isn't installed and apparmor is stopped. Nothing in dmesg... Thanks a lot, ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it Da: "Payam Chychi" < pchychi at gmail.com > A: "nginx" < nginx at nginx.org > Inviato: Mercoled?, 28 giugno 2017 19:56:04 Oggetto: Re: Strange issue after nginx update On Wed, Jun 28, 2017 at 8:41 AM Andrea Soracchi < soracchi at multidialogo.it > wrote:
Hi, could you please help me solve this issue? I'm getting crazy! Before the nginx update my client worked perfectly: it posted files to my website without any delay. How, after nginx update (ubuntu 16.04 LTS) I've got this issue: - the client posts files successfully but the answer of the post is delayed. The more the file is bigger, the more the answer is delayed. I put a sniffer into the website' server and I noticed that the nginx receives the post but it waits to transfer the file to php-fpm process, so also the answer to the client is delayed The nginx server is: nginx/1.10.0 (Ubuntu) and its conf is: ----- user www-data; worker_processes auto; pid /run/nginx.pid; events { worker_connections 768; # multi_accept on; } http { sendfile on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; client_max_body_size 0; log_not_found off; server_name_in_redirect off; client_body_timeout 120s; autoindex off; include /etc/nginx/mime.types; default_type application/octet-stream; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log info; gzip on; gzip_disable "msie6"; gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; --- and website's php-fpm conf is: server { listen 80; server_name test.it ; server_name_in_redirect off; autoindex off; client_max_body_size 500m; index index.html; root /home/test/test; location ~ \.(php|html|htm|php3)$ { try_files $uri 404; fastcgi_pass unix:/run/php/mdtest-fpm.sock; include fastcgi_params; } } fastcgi_params config: fastcgi_param QUERY_STRING $query_string; fastcgi_param REQUEST_METHOD $request_method; fastcgi_param CONTENT_TYPE $content_type; fastcgi_param CONTENT_LENGTH $content_length; fastcgi_param SCRIPT_NAME $fastcgi_script_name; fastcgi_param REQUEST_URI $request_uri; fastcgi_param DOCUMENT_URI $document_uri; fastcgi_param DOCUMENT_ROOT $document_root; fastcgi_param SERVER_PROTOCOL $server_protocol; fastcgi_param REQUEST_SCHEME $scheme; fastcgi_param HTTPS $https if_not_empty; fastcgi_param GATEWAY_INTERFACE CGI/1.1; fastcgi_param SERVER_SOFTWARE nginx/$nginx_version; fastcgi_param REMOTE_ADDR $remote_addr; fastcgi_param REMOTE_PORT $remote_port; fastcgi_param SERVER_ADDR $server_addr; fastcgi_param SERVER_PORT $server_port; #fastcgi_param SERVER_NAME $server_name; fastcgi_param SERVER_NAME $http_host; # PHP only, required if PHP was built with --enable-force-cgi-redirect fastcgi_param REDIRECT_STATUS 200; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; Thanks a lot, Andrea ANDREA SORACCHI +39 329 0512704 System Engineer +39 0521 24 77 91 soracchi at netbuilder.it _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/ nginx
hi, can you show the related wireshark data, how long is the response delayed by? and anything else like retransmits or anything else? any SElinux security throtelling taking place? anything in dmesg?
-- Payam Tarverdyan Chychi Network Security Specialist / Network Engineer _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
-- Anoop P Alias _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
-- Payam Tarverdyan Chychi Network Security Specialist / Network Engineer -- Questo messaggio e' stato analizzato ed e' risultato non infetto. This message was scanned and is believed to be clean. _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
-- Questo messaggio e' stato analizzato ed e' risultato non infetto. This message was scanned and is believed to be clean. _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
-- Questo messaggio e' stato analizzato ed e' risultato non infetto. This message was scanned and is believed to be clean. _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -- Questo messaggio e' stato analizzato ed e' risultato non infetto. This message was scanned and is believed to be clean. _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Fri Jun 30 16:26:46 2017 From: francis at daoine.org (Francis Daly) Date: Fri, 30 Jun 2017 17:26:46 +0100 Subject: Proxy_cache_key based on custom header In-Reply-To: <20766a381bbe012df461ad48cba84dc5.NginxMailingListEnglish@forum.nginx.org> References: <20766a381bbe012df461ad48cba84dc5.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20170630162646.GA3000@daoine.org> On Tue, Jun 27, 2017 at 05:43:22PM -0400, deivid__ wrote: Hi there, You will probably change your setup so that the default proxy_cache_key works for you; but for information: > If `proxy_cache` is set to `$sent_http_x_test_header`: > - Every request gets cached (good) > - All URLs map to the same cache (very bad!) > - I don't get the 'X-Banana' header at all The only useful content of proxy_cache_key is things that are known *before* the matching proxy_pass request would be made. (Otherwise, there is no way that a second request could be served from the cache, avoiding the upstream connection.) So $sent_* and $upstream_* variables should not be used, since they will be empty. Good luck with it, f -- Francis Daly francis at daoine.org From francis at daoine.org Fri Jun 30 16:34:26 2017 From: francis at daoine.org (Francis Daly) Date: Fri, 30 Jun 2017 17:34:26 +0100 Subject: Strange issue after nginx update In-Reply-To: <15750487.938.1498831830132.JavaMail.sorry@sorry-Dell-System-XPS-L322X> References: <7255090.1031.1498662518798.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <3523972.333.1498730493247.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <1514956751.155023111.1498779972105.JavaMail.zimbra@netbuilder.it> <30825680.131.1498809638062.JavaMail.sorry@sorry-Dell-System-XPS-L322X> <15750487.938.1498831830132.JavaMail.sorry@sorry-Dell-System-XPS-L322X> Message-ID: <20170630163426.GB3000@daoine.org> On Fri, Jun 30, 2017 at 04:10:32PM +0200, Andrea Soracchi wrote: Hi there, you suggest that with the old unknown version of nginx and the old unknown version of php, things worked. Now with the new updated version of nginx and the new updated version of php, things fail. And with the same updated version of nginx and a different updated version of php, things work again. The only pair there where you have one piece the same and one piece different, is new nginx and two different versions of php - one works, one fails. So you probably want to compare the php versions and their configuration to see what is different. (If you have one version of php and two versions of nginx showing one set working and one set failing, then you should compare the nginx versions for differences. But that is not what you have reported here, if I am reading it right.) Good luck with it, f -- Francis Daly francis at daoine.org From peter_booth at me.com Fri Jun 30 17:29:49 2017 From: peter_booth at me.com (Peter Booth) Date: Fri, 30 Jun 2017 13:29:49 -0400 Subject: Proxy_cache_key based on custom header In-Reply-To: <20766a381bbe012df461ad48cba84dc5.NginxMailingListEnglish@forum.nginx.org> References: <20766a381bbe012df461ad48cba84dc5.NginxMailingListEnglish@forum.nginx.org> Message-ID: <78D3996E-7A73-4AF2-9FCB-C526BBB8AF8B@me.com> I had best caching experience when I started using the openresty nginx bundle. It's a build of nginx that contains a bunch of Lua modules that make it a lean application server. With that I could create cache keys that exactly matched my (complex) business requirements Sent from my iPhone > On Jun 27, 2017, at 5:43 PM, deivid__ wrote: > > Hi. > > I'm trying to use 2 level proxying to cache files delivered with > X-Accel-Redirect. This kinda works, the only thing missing is getting the > cache_key to be the filename. > > > If `proxy_cache` is unset (or set to the default), the caching mechanism > "works": > - Every request gets cached (good) > - Different URLs that map to the same file get mapped to different cache > keys (bad) > - I get the header "X-Banana" with the correct file path (good) > > If `proxy_cache` is set to `$sent_http_x_test_header`: > - Every request gets cached (good) > - All URLs map to the same cache (very bad!) > - I don't get the 'X-Banana' header at all > > This leads me to believe that in the second case, `$sent_http_x_test_header` > is empty. But it's not in the first case? Why? What can I do? > > Full config below: > > > proxy_cache_path /cache/nginx levels=1:2 keys_zone=cache:10m inactive=24h; > > upstream backend { > server unix:///tmp/streaming-backend.sock; > } > > server { > listen 443 ssl; > listen [::]:443 ssl; > include /etc/nginx/ssl; > index index.html; > server_name pilotage.streamall.pw; > gzip off; > > proxy_cache_min_uses 1; > proxy_cache cache; > proxy_cache_valid 200 24h; > > location /v/ { > rewrite /v/(.+) /$1 break; > proxy_pass http://127.0.0.1:9999/; > > proxy_request_buffering off; # needs 1.7.11 > proxy_ignore_headers X-Accel-Expires Expires Cache-Control > Set-Cookie; > > # proxy_cache_key $sent_http_x_test_header; > add_header X-Proxy-Cache $upstream_cache_status; > add_header X-Banana $sent_http_x_test_header; > > } > > } > > server { > listen 9999; > location / { > uwsgi_pass backend; > include uwsgi_params; > > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > } > > location /converted/ { > internal; > root /nfs/; > add_header X-Test-Header $document_uri; > } > } > > Posted at Nginx Forum: https://forum.nginx.org/read.php?2,275178,275178#msg-275178 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From infos at opendoc.net Fri Jun 30 18:49:13 2017 From: infos at opendoc.net (Alexandre) Date: Fri, 30 Jun 2017 20:49:13 +0200 Subject: rewrite with regex to use proxy_pass In-Reply-To: <20170630081850.5d1d4e17@R2D2> References: <20170630081850.5d1d4e17@R2D2> Message-ID: <20170630204913.596b9ffa@R2D2> Do you have solutions for my problem ? Thank you very much. On Fri, 30 Jun 2017 08:18:50 +0200 Alexandre wrote: > Hello, > > I have a question, I wish I could parser a url and retrieve fields to > inject them to another server. > > However, I can not. Here is my test: > > URL : > http://mywebsite.net/folder1/folder2/hit.php?s=11111&s2=&p=home::index&x2=[box]&apvr=[5.0]&idclient=&na=&ref= > > location ~ ^/folder1/folder2/ { > > rewrite > ^/folder1/folder2/hit.php?s=11111&s2=&p=(.*)::(.*)&x2=[box]&apvr=[5.0]&idclient=&na=&ref= /index.php?arg1=$1&arg2=$2 > break; > > proxy_pass http://myinternalsrv.localdom; > } > > In my test, I want to retrieve the pattern "home" and "index" but it > does not work. Would you have an idea? > > Thank you very much for your information. > > Alex. > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From wandenberg at gmail.com Fri Jun 30 22:08:59 2017 From: wandenberg at gmail.com (Wandenberg Peixoto) Date: Sat, 1 Jul 2017 00:08:59 +0200 Subject: rewrite with regex to use proxy_pass In-Reply-To: <20170630204913.596b9ffa@R2D2> References: <20170630081850.5d1d4e17@R2D2> <20170630204913.596b9ffa@R2D2> Message-ID: If I'm not wrong the rewrite is applied only for the path, not for querystring. To parse the arguments using a regex use a map with $args as input or use the $arg_ARGNAME to the rewrite. On Jun 30, 2017 20:49, "Alexandre" wrote: > Do you have solutions for my problem ? > > Thank you very much. > > > On Fri, 30 Jun 2017 08:18:50 +0200 > Alexandre wrote: > > > Hello, > > > > I have a question, I wish I could parser a url and retrieve fields to > > inject them to another server. > > > > However, I can not. Here is my test: > > > > URL : > > http://mywebsite.net/folder1/folder2/hit.php?s=11111&s2=&p= > home::index&x2=[box]&apvr=[5.0]&idclient=&na=&ref= > > > > location ~ ^/folder1/folder2/ { > > > > rewrite > > ^/folder1/folder2/hit.php?s=11111&s2=&p=(.*)::(.*)&x2=[ > box]&apvr=[5.0]&idclient=&na=&ref= /index.php?arg1=$1&arg2=$2 > > break; > > > > proxy_pass http://myinternalsrv.localdom; > > } > > > > In my test, I want to retrieve the pattern "home" and "index" but it > > does not work. Would you have an idea? > > > > Thank you very much for your information. > > > > Alex. > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: