From igal at lucee.org Sun Oct 1 22:47:23 2017 From: igal at lucee.org (Igal @ Lucee.org) Date: Sun, 1 Oct 2017 15:47:23 -0700 Subject: Nginx CPU Issue : Remain at 100% In-Reply-To: References: <10538001.t6D0DEl2ps@vbart-laptop> Message-ID: Hello, On 9/30/2017 12:43 AM, Yogesh Sharma wrote: > Thank you Valentin. Will give a chance. > > On Fri, 29 Sep 2017 at 5:20 PM, Valentin V. Bartenev > wrote: > > On Friday, 29 Sep 2017 14:38:58 MSK Yogesh Sharma wrote: > > Team, > > > > I am using nginx as Reverse proxy, where I see that once CPU > goes up for > > Nginx it never comes down and remain there forever until we kill > that > > worker. We tried tweaking worker_processes to number of cpu we > have, but it > > did not helped. > I wonder if this is the same issue that I reported a few months ago at https://www.mail-archive.com/search?l=nginx at nginx.org&q=subject:%22nginx+hogs+cpu+on+Windows%22&o=newest&f=1 I've actually missed Maxim's reply and haven't noticed it until now.? I did not experience the issue lately, but I'll be sure to follow Maxim's advice if it happens again. Igal -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Sun Oct 1 23:39:49 2017 From: francis at daoine.org (Francis Daly) Date: Mon, 2 Oct 2017 00:39:49 +0100 Subject: limit_conn is dropping valid connections and causing memory leaks on nginx reload In-Reply-To: <599c564bab9d7b70a8729e87c47a710b.NginxMailingListEnglish@forum.nginx.org> References: <599c564bab9d7b70a8729e87c47a710b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20171001233949.GY20907@daoine.org> On Sat, Sep 30, 2017 at 06:05:15AM -0400, Dejan Grofelnik Pelzel wrote: Hi there, I don't have an answer for you. I don't understand what precisely you are reporting. It may help others to understand what you are reporting if you can show a nginx.conf and test case that displays the behaviour that you report. > We are running the nginx 1.13.5 with HTTP/2 in a proxy_pass proxy_cache > configuration with clients having relatively long open connections. Our For example: if you see the failure with http/2 and also with plain https; and maybe even also with just http; then that means that the test nginx.conf can be simpler -- remove as much as possible in your test environment while still demonstrating the problem. > system does automatic reloads for any new configuration and we recently > introduced a limit_conn to some of the config files. I suspect that rapid repeated reloads is not an expected use case for nginx; but I guess that it should work if you have the resources available. > We used the following configuration as recommended by pretty much any > example: > limit_conn_zone $binary_remote_addr zone=1234con:10m; > limit_conn zone1234con 10; If you can copy-paste a nginx.conf that shows the problem, that should make it easier for someone else to recreate the test. The output of "nginx -V" will probably be useful too, in case the problem cannot easily be seen by someone else using their compiled version. Good luck with it, f -- Francis Daly francis at daoine.org From vbart at nginx.com Mon Oct 2 12:53:56 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 02 Oct 2017 15:53:56 +0300 Subject: limit_conn is dropping valid connections and causing memory leaks on nginx reload In-Reply-To: <599c564bab9d7b70a8729e87c47a710b.NginxMailingListEnglish@forum.nginx.org> References: <599c564bab9d7b70a8729e87c47a710b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <1774260.cAftf3v8fj@vbart-workstation> On Saturday 30 September 2017 06:05:15 Dejan Grofelnik Pelzel wrote: > Hello, > > We are running the nginx 1.13.5 with HTTP/2 in a proxy_pass proxy_cache > configuration with clients having relatively long open connections. Our > system does automatic reloads for any new configuration and we recently > introduced a limit_conn to some of the config files. After that, I've > started noticing a rapid drop in connections and outgoing network every-time > the system would perform a configuration reload. Even stranger, on every > reload the memory usage would go up for about 1-2GB until ultimately > everything crashed if the reloads were too frequent. The memory usage did go > down after old workers were released, but that could take up to 30 minutes, > while the configuration could get reloaded up to twice per minute. > > We used the following configuration as recommended by pretty much any > example: > limit_conn_zone $binary_remote_addr zone=1234con:10m; > limit_conn zone1234con 10; > > I was able to verify the connection drop by doing a simple ab test, for > example, I would run ab -c 100 -n -k 1000 https://127.0.0.1/file.bin > 990 of the connections went through, however, 10 would still be active. > Immediately after the reload, those would get dropped as well. Adding -r > option would help the problem, but that doesn't fix our problem. > > Finally, after I tried to create a workaround, I've configured the limit > zone to: > limit_conn_zone "v$binary_remote_addr" zone=1234con:10m; > > Suddenly everything magically started to work. The connections were not > being dropped, the limit worked as expected and even more surprisingly the > memory usage was not going up anymore. I've been tearing my hair out almost > all day yesterday trying to figure this out. While I was very happy to see > this resolved, I am now confused as to why nginx behaves in such a way. > > I'm thinking this might likely be a bug, so I'm just wondering if anyone > could explain why it is happening or has a similar problem. > > Thank you! > Have you checked error log? wbr, Valentin V. Bartenev From nikolai at lusan.id.au Mon Oct 2 19:28:28 2017 From: nikolai at lusan.id.au (Nikolai Lusan) Date: Tue, 03 Oct 2017 05:28:28 +1000 Subject: Using map directive for multiple virtual hosts Message-ID: <1506972508.4963.30.camel@lusan.id.au> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, I have a requirement to rewrite incoming URL requests for multiple virtual hosts, each with a unique (possibly overlapping) set of incoming requests. We have each vhost in a server block, but since the map directive lives in the http block I think that the behaviour we are currently seeing is a result of having multiple map declarations not working - currently the first virtual host with a configured map is working as expected, subsequent maps are just returning the default. Each of our server directives, and it's associated map, are living in one file per hostname. These files are included using a globbed include in the main nginx.conf files http directive. So the configuration looks something like this (these are abbreviated examples with all the php processing stuff pulled out of it) nginx.conf: http { include /etc/nginx/mime.types; default_type application/octet-stream; access_log /var/log/nginx/access.log; log_format main '$status $request'; sendfile on; server_tokens on; ... include /etc/nginx/our-sites/*; } /etc/nginx/our-sites/site1.com: map $request_uri $new_uri_site1 { /store/product1 /store/new_products; /contact/us /contact/about; /services/consulting /contact/consulting; } server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl on; access_log /var/log/nginx/site1.com.access-tls.log combined; error_log /var/log/nginx/site1.com.error-tls.log; server_name site1.com; root /var/www/site1.com; index index.php; location / { try_files $uri $uri/ index.php?part=$uri&$args; } ... } /etc/nginx/our-sites/site2.com: map $request_uri $new_uri_site2 { /contact/us /contact/about; /services /contact/consulting; /people /staff/all; } server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl on; access_log /var/log/nginx/site2.com.access-tls.log combined; error_log /var/log/nginx/site2.com.error-tls.log; server_name site2.com; root /var/www/site2.com; index index.php; location / { try_files $uri $uri/ index.php?section=$uri; } ... } Apart from moving the map directives inside each relevant server block as rewrite rules does anyone know of a working solution for this situation? - -- Nikolai Lusan Email: nikolai at lusan.id.au Phone: 0425 661 620 -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEVfd4GW6z4nsBxdLo4ZaDRV2VL6QFAlnSk1wACgkQ4ZaDRV2V L6Sy0w//fkjJGg5BNHT92bsgNgZQFYO1wHsx5AoWwFUm4vdYeKCjlaHppID/u5U2 BbBP0WhDTi+nlH1vf7I9JWjSzWcgmRYkmS81JtJKBULM4GILl9OEB90IETGOkQSt DO43KyeWfJ6joGCb7OqA1MVVApmvlUzyWkiR9v84qSalF7iGcGVOB0Ru4r95iAka priuY1SLJToQF9MBjEexX72xh8gTjgJstFBtB1ENHsaV0nxDGo18j7z1I8SUIwPB cWrxCEsLoz2aJiMqP+hQm5uuTd0bvdLILvwJ7q+akVPdPVJeQ6YbGoX9TD9Micap wEHbgFVGCL5tmTLQDzq4OtA1Qxb5xBZUgOlNsWFGJB43VHk/+zGFKlOZsbadAmhL 1SnqLuVx2J6QmWlhzZnChj7NLPalvZBDw8KrantYdIszIRRmxG2II4KTwO6GqS0H p96yXKIEOVLkf0mC9FjWINrhN5FOa4h2Fxua1VYuwth66MGz12w+Qh8MHoaJvCTW qyotERM1kUsEiGUFKSN334uvr034WCNOZacLn0yJF74Cfr/NsAQlAk6uS784XLI+ QoAjh+qjhuuZHnicq1oCCXpakQfwj3kSPjOFy70Rfw/hJuTzsiv66cVrvrztRaBD 5ARnMZtGXIVyfQ/eNGtWnBiV3J3GKabIB9wO+WQ1jmDOwZImFgQ= =ZjS6 -----END PGP SIGNATURE----- From nginx-forum at forum.nginx.org Mon Oct 2 22:23:37 2017 From: nginx-forum at forum.nginx.org (halfpastjohn) Date: Mon, 02 Oct 2017 18:23:37 -0400 Subject: How to grab a value from a request Message-ID: <31c0ef6ed5f86812b79b0010a2fb2c88.NginxMailingListEnglish@forum.nginx.org> I'm setting up nginx as a proxy router for various APIs. How can I take a specific value form the incoming request and dynamically populate it into the upstream? Request: https://api.domain.com/[resource]/v2/ Upstream: https://app.domain.com/api/[resource]/v2/ I this case, I want to take [resource] from the request and populate it into the corresponding [resource] of the upstream path. Thanks Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276652,276652#msg-276652 From francis at daoine.org Mon Oct 2 23:40:01 2017 From: francis at daoine.org (Francis Daly) Date: Tue, 3 Oct 2017 00:40:01 +0100 Subject: Using map directive for multiple virtual hosts In-Reply-To: <1506972508.4963.30.camel@lusan.id.au> References: <1506972508.4963.30.camel@lusan.id.au> Message-ID: <20171002234001.GZ20907@daoine.org> On Tue, Oct 03, 2017 at 05:28:28AM +1000, Nikolai Lusan wrote: Hi there, > I have a requirement to rewrite incoming URL requests for multiple > virtual hosts, each with a unique (possibly overlapping) set of incoming > requests. We have each vhost in a server block, but since the map directive > lives in the http block I think that the behaviour we are currently seeing > is a result of having multiple map declarations not working - currently the > first virtual host with a configured map is working as expected, subsequent > maps are just returning the default. What request do you make? What response do you get? What response do you want instead? > So the configuration looks something like this (these are abbreviated > examples with all the php processing stuff pulled out of it) I think you may have abbreviated these a bit too much. You never try to use $new_uri_site1 or $new_uri_site2. > /etc/nginx/our-sites/site1.com: > map $request_uri $new_uri_site1 { > /store/product1 /store/new_products; > /contact/us /contact/about; > /services/consulting /contact/consulting; > } > Apart from moving the map directives inside each relevant server block as > rewrite rules does anyone know of a working solution for this situation? http://nginx.org/r/map map does not go inside server{}. Can you give a specific example of a response from nginx that is not what you want? f -- Francis Daly francis at daoine.org From francis at daoine.org Mon Oct 2 23:43:24 2017 From: francis at daoine.org (Francis Daly) Date: Tue, 3 Oct 2017 00:43:24 +0100 Subject: How to grab a value from a request In-Reply-To: <31c0ef6ed5f86812b79b0010a2fb2c88.NginxMailingListEnglish@forum.nginx.org> References: <31c0ef6ed5f86812b79b0010a2fb2c88.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20171002234324.GA20907@daoine.org> On Mon, Oct 02, 2017 at 06:23:37PM -0400, halfpastjohn wrote: Hi there, > I'm setting up nginx as a proxy router for various APIs. How can I take a > specific value form the incoming request and dynamically populate it into > the upstream? In general, you can use map (http://nginx.org/r/map) with named regex captures. In this specific case: > Request: https://api.domain.com/[resource]/v2/ > Upstream: https://app.domain.com/api/[resource]/v2/ location / { proxy_pass https://app.domain.com/api/; } might do exactly what you want. f -- Francis Daly francis at daoine.org From francis at daoine.org Tue Oct 3 00:06:51 2017 From: francis at daoine.org (Francis Daly) Date: Tue, 3 Oct 2017 01:06:51 +0100 Subject: 404 on try_files In-Reply-To: References: Message-ID: <20171003000651.GB20907@daoine.org> On Thu, Sep 21, 2017 at 09:18:45AM -0700, Nathan Zabaldo wrote: Hi there, > The $request_uri > > /h_32/w_36/test.jpg > > needs to be routed to > > /index.php/img/i/h_32/w_36/test.jpg What does "routed to" mean, specifically? nginx can proxy_pass to a http server or fastcgi_pass to a fastcgi server or do an internal rewrite to another url. It might be useful for you to think in nginx terms when you are using nginx. > index.php will route the request to the "img" controller and "i" method, > then process the image and return it. However, my MVC works off of the > REQUEST_URI. So simply rewriting the url will not work. The REQUEST_URI > needs to modified. When your fastcgi server gets multiple fastcgi_param entries with the same "key", does it use the first, the last, or a random one? What fastcgi_param values are you sending? (The debug log, or tcpdump of the network traffic, should show you.) > You can see in the last location block that I'm passing in the modified > REQUEST_URI, but Nginx is trying to open /var/www/vhosts/ > ezrshop.com/htdocs/h_32/w_36/test.jpg (see **Error Logs** below) and > throwing a 404. > > Shouldn't Nginx be trying to send it for processing to index.php?? Why the > 404? Can you show the complete nginx.conf that leads to this response? Perhaps there is some other configuration that is being used here. > In a browser, if I go directly to > https://www.example.com/img/i/h_32/w_36/test.jpg the page comes up just > fine. If I try to go to https://www.example.com/h_32/w_36/test.jpg in my > browser I get 404 and the **Error Logs** you can see below. > > root /var/www/vhosts/example.com/htdocs; > index index.php index.html; > > set $request_url $request_uri; > > location ~ (h|w|fm|trim|fit|pad|border|or|bg)_.*\.(jpg|png)$ { What values do you want $1 and $2 to have here? What values do they actually have? (Hint: $2 is either "jpg" or "png".) > if ($request_uri !~ "/img/i/") { > set $request_url /index.php/img/i$1.$2; > } You've used "if" inside "location" without using something like "return". That may not do what you hope it will do. > try_files $uri $uri/ /index.php/img/i$1.$2; > } > > location / { > try_files $uri $uri/ /index.php$uri?$args; > } > > location ~ ^(.+\.php)(.*)$ { > fastcgi_pass 127.0.0.1:9000; > fastcgi_param CI_ENV production; #CI environment constant > fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; > include fastcgi_params; Does that "include" include a value for REQUEST_URI? > fastcgi_param REQUEST_URI $request_url; > } f -- Francis Daly francis at daoine.org From nginx-forum at forum.nginx.org Tue Oct 3 03:51:33 2017 From: nginx-forum at forum.nginx.org (rnmx18) Date: Mon, 02 Oct 2017 23:51:33 -0400 Subject: Proxy buffering and slow clients related issues Message-ID: <712fbafb368a941206f869d7be9a97e1.NginxMailingListEnglish@forum.nginx.org> Hi, We are trying to use NGINX for caching service in low bandwidth, high latency mobile networks. The service is to stream 10-sec video segments of different types ranging from 2MB to 50MB. NGINX proxy_buffering configuration is as follows: proxy_buffering on; proxy_buffer_size 4k; proxy_buffers 64 4k; proxy_busy_buffers_size 128k; proxy_temp_file_write_size 64k; The slow clients results in NGINX buffering of the response and writing data to disk as part of temporary buffering. The disk IO is causing higher TTFB and higher load time for video download. We have tried to configure the proxy_max_temp_file_size to 0 to disable the buffering. This change results in interrupts not being balanced as shown below in the top command output - core0 and core15 is using 100%. top - 13:53:04 up 6 days, 2:31, 5 users, load average: 6.42, 4.35, 3.84 Tasks: 370 total, 6 running, 364 sleeping, 0 stopped, 0 zombie %Cpu0 : 0.0 us, 0.0 sy, 0.0 ni, 0.0 id, 0.0 wa, 0.0 hi,100.0 si, 0.0 st %Cpu1 : 7.9 us, 10.3 sy, 0.0 ni, 79.7 id, 0.0 wa, 0.0 hi, 2.1 si, 0.0 st %Cpu2 : 18.7 us, 14.8 sy, 0.0 ni, 49.0 id, 0.0 wa, 0.0 hi, 17.5 si, 0.0 st %Cpu3 : 18.7 us, 11.5 sy, 0.0 ni, 52.7 id, 0.0 wa, 0.0 hi, 17.2 si, 0.0 st %Cpu4 : 20.1 us, 12.4 sy, 0.0 ni, 47.1 id, 0.0 wa, 0.0 hi, 20.5 si, 0.0 st %Cpu5 : 22.2 us, 12.3 sy, 0.0 ni, 45.6 id, 0.0 wa, 0.0 hi, 19.9 si, 0.0 st %Cpu6 : 15.1 us, 13.0 sy, 0.0 ni, 68.5 id, 0.0 wa, 0.0 hi, 3.4 si, 0.0 st %Cpu7 : 9.6 us, 10.7 sy, 0.0 ni, 77.7 id, 0.3 wa, 0.0 hi, 1.7 si, 0.0 st %Cpu8 : 9.9 us, 12.0 sy, 0.0 ni, 75.3 id, 0.0 wa, 0.0 hi, 2.7 si, 0.0 st %Cpu9 : 11.7 us, 11.7 sy, 0.0 ni, 73.5 id, 0.0 wa, 0.0 hi, 3.1 si, 0.0 st %Cpu10 : 10.0 us, 11.0 sy, 0.0 ni, 74.9 id, 0.0 wa, 0.0 hi, 4.1 si, 0.0 st %Cpu11 : 5.5 us, 12.3 sy, 0.0 ni, 80.9 id, 0.0 wa, 0.0 hi, 1.4 si, 0.0 st %Cpu12 : 1.7 us, 3.7 sy, 0.0 ni, 93.6 id, 0.0 wa, 0.0 hi, 1.0 si, 0.0 st %Cpu13 : 2.0 us, 3.7 sy, 0.0 ni, 93.6 id, 0.0 wa, 0.0 hi, 0.7 si, 0.0 st %Cpu14 : 1.4 us, 2.4 sy, 0.0 ni, 95.3 id, 0.7 wa, 0.0 hi, 0.3 si, 0.0 st %Cpu15 : 0.0 us, 0.0 sy, 0.0 ni, 0.0 id, 0.0 wa, 0.0 hi,100.0 si, 0.0 st %Cpu16 : 18.0 us, 10.9 sy, 0.0 ni, 55.5 id, 0.0 wa, 0.0 hi, 15.6 si, 0.0 st %Cpu17 : 18.8 us, 11.9 sy, 0.0 ni, 48.8 id, 0.0 wa, 0.0 hi, 20.4 si, 0.0 st %Cpu18 : 6.4 us, 6.8 sy, 0.0 ni, 85.1 id, 0.0 wa, 0.0 hi, 1.7 si, 0.0 st %Cpu19 : 3.8 us, 6.5 sy, 0.0 ni, 86.3 id, 0.0 wa, 0.0 hi, 3.4 si, 0.0 st %Cpu20 : 1.7 us, 5.1 sy, 0.0 ni, 92.2 id, 0.3 wa, 0.0 hi, 0.7 si, 0.0 st %Cpu21 : 2.4 us, 3.0 sy, 0.0 ni, 93.9 id, 0.0 wa, 0.0 hi, 0.7 si, 0.0 st %Cpu22 : 1.0 us, 4.0 sy, 0.0 ni, 93.9 id, 0.0 wa, 0.0 hi, 1.0 si, 0.0 st %Cpu23 : 1.3 us, 3.7 sy, 0.0 ni, 94.6 id, 0.0 wa, 0.0 hi, 0.3 si, 0.0 st KiB Mem : 11523494+total, 27725092 free, 10556008 used, 76953848 buff/cache KiB Swap: 16777212 total, 16675408 free, 101804 used. 83445760 avail Mem Couple of queries: a) Why do we get unbalanced interrupts when buffering is disabled? b) How to configure NGINX to throttle the upstream read and avoid temp buffering? Thanks Rajesh Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276656,276656#msg-276656 From nginx-forum at forum.nginx.org Tue Oct 3 04:47:53 2017 From: nginx-forum at forum.nginx.org (sachin.shetty@gmail.com) Date: Tue, 03 Oct 2017 00:47:53 -0400 Subject: Info messages in the log: Connection reset by peer) while sending to client Message-ID: <6aaaf716bbff4de7cea7d8982e6fe1a6.NginxMailingListEnglish@forum.nginx.org> Hi, I had an upstream defined in my config with keepalive 60. But the server is a legacy one and does not handle keep alive properly. So I removed the keepalive attribute and the errors I was seeing on the client from the upstream went away. But now I see a ton these info log lines: 2017/10/03 04:37:51 [info] 1933#0: *6091340 recv() failed (104: Connection reset by peer) while sending to client, client: 164.40.242.212, server: kong, request: "POST /public-api/v1/fs/Shared/functional_tests_2017_10_03_06_37_49_068 HTTP/1.1", upstream: "http://10.116.4.42:7280/public-api/v1/fs/Shared/functional_tests_2017_10_03_06_37_49_068", host: "wdio.qa-egnyte.com" I dont see any functional errors in our system, and the info log seems harmless, but I was still curious to understand what this means and if it has any side effects at scale. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276657,276657#msg-276657 From zchao1995 at gmail.com Tue Oct 3 06:05:03 2017 From: zchao1995 at gmail.com (Zhang Chao) Date: Tue, 3 Oct 2017 14:05:03 +0800 Subject: Info messages in the log: Connection reset by peer) while sending to client In-Reply-To: <6aaaf716bbff4de7cea7d8982e6fe1a6.NginxMailingListEnglish@forum.nginx.org> References: <6aaaf716bbff4de7cea7d8982e6fe1a6.NginxMailingListEnglish@forum.nginx.org> Message-ID: HI! I think this log message is?irrelevant with the keepalive directive inside your upstream configuration block, it just tell you the connection was reset by the client side. On 3 October 2017 at 12:48:02, sachin.shetty at gmail.com (nginx-forum at forum.nginx.org) wrote: Hi, I had an upstream defined in my config with keepalive 60. But the server is a legacy one and does not handle keep alive properly. So I removed the keepalive attribute and the errors I was seeing on the client from the upstream went away. But now I see a ton these info log lines: 2017/10/03 04:37:51 [info] 1933#0: *6091340 recv() failed (104: Connection reset by peer) while sending to client, client: 164.40.242.212, server: kong, request: "POST /public-api/v1/fs/Shared/functional_tests_2017_10_03_06_37_49_068 HTTP/1.1", upstream: "http://10.116.4.42:7280/public-api/v1/fs/Shared/functional_tests_2017_10_03_06_37_49_068", host: "wdio.qa-egnyte.com" I dont see any functional errors in our system, and the info log seems harmless, but I was still curious to understand what this means and if it has any side effects at scale. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276657,276657#msg-276657 _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Tue Oct 3 09:50:48 2017 From: nginx-forum at forum.nginx.org (sachin.shetty@gmail.com) Date: Tue, 03 Oct 2017 05:50:48 -0400 Subject: Info messages in the log: Connection reset by peer) while sending to client In-Reply-To: References: Message-ID: <7251e0368e7ad10b0082bbb1e3a44412.NginxMailingListEnglish@forum.nginx.org> Hi, The message in the logs started coming after I removed the "keepalive 60" from the upstream block. The message is connection reset by peer and not client, so i am a bit worried. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276657,276659#msg-276659 From mdounin at mdounin.ru Tue Oct 3 13:11:23 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 3 Oct 2017 16:11:23 +0300 Subject: Proxy buffering and slow clients related issues In-Reply-To: <712fbafb368a941206f869d7be9a97e1.NginxMailingListEnglish@forum.nginx.org> References: <712fbafb368a941206f869d7be9a97e1.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20171003131123.GH16067@mdounin.ru> Hello! On Mon, Oct 02, 2017 at 11:51:33PM -0400, rnmx18 wrote: > Hi, > > We are trying to use NGINX for caching service in low bandwidth, high > latency mobile networks. The service is to stream 10-sec video segments of > different types ranging from 2MB to 50MB. > > NGINX proxy_buffering configuration is as follows: > > proxy_buffering on; > proxy_buffer_size 4k; > proxy_buffers 64 4k; > proxy_busy_buffers_size 128k; > proxy_temp_file_write_size 64k; > > The slow clients results in NGINX buffering of the response and writing data > to disk as part of temporary buffering. The disk IO is causing higher TTFB > and higher load time for video download. > > We have tried to configure the proxy_max_temp_file_size to 0 to disable the > buffering. This change results in interrupts not being balanced as shown > below in the top command output - core0 and core15 is using 100%. > > top - 13:53:04 up 6 days, 2:31, 5 users, load average: 6.42, 4.35, 3.84 > Tasks: 370 total, 6 running, 364 sleeping, 0 stopped, 0 zombie > %Cpu0 : 0.0 us, 0.0 sy, 0.0 ni, 0.0 id, 0.0 wa, 0.0 hi,100.0 si, 0.0 > st [...] > Couple of queries: > a) Why do we get unbalanced interrupts when buffering is disabled? Try looking on what runs on these CPUs. Given that it's "100.0 si", I would suggest that it is your NIC interrupt threads trying to cope with load. > b) How to configure NGINX to throttle the upstream read and avoid temp > buffering? With proxy_max_temp_file_size set to 0 nginx won't buffer anything to disk, and will read from upstream up to available proxy_buffers. As long as configured buffers are full, nginx will stop reading from the upstream server till at least one buffer is free. That is, nginx will read from the upstream at a rate controlled by bandwidth of connected clients. You can use normal client limiting mechanisms such as limit_rate and limit_conn if the rate observed is too high. Additionly, the proxy_limit_rate directive can be used to control rate limiting of connections to upstream servers, see http://nginx.org/r/proxy_limit_rate. Though this is primary useful when you don't disable disk buffering but rather have to keep it enabled, for example, when using cache. -- Maxim Dounin http://nginx.org/ From nginx-forum at forum.nginx.org Tue Oct 3 15:29:44 2017 From: nginx-forum at forum.nginx.org (halfpastjohn) Date: Tue, 03 Oct 2017 11:29:44 -0400 Subject: How to grab a value from a request In-Reply-To: <20171002234324.GA20907@daoine.org> References: <20171002234324.GA20907@daoine.org> Message-ID: I'm sorry i don't quite follow. How is your example using the map directive? Just for clarity, here is what I'm trying to do. location /[resource]/v2/ { proxy_pass http://app.domain.com/api/[resource]/v2; } In fact, the location bit will be hardcoded with the actual resource, I just need the proxy_pass to grab that value and pop it into its path. So more something like this: location /users/v2/ { proxy_pass http://app.domain.com/api/{{users}}/v2; } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276652,276661#msg-276661 From r at roze.lv Tue Oct 3 16:10:17 2017 From: r at roze.lv (Reinis Rozitis) Date: Tue, 3 Oct 2017 19:10:17 +0300 Subject: How to grab a value from a request In-Reply-To: References: <20171002234324.GA20907@daoine.org> Message-ID: <56DB108ED149495588A056BDB5C2455D@Neiroze> > I'm sorry i don't quite follow. How is your example using the map > directive? > Just for clarity, here is what I'm trying to do. > location /[resource]/v2/ { > proxy_pass http://app.domain.com/api/[resource]/v2; > } Well in general it's something like: location ~ ^/(.*)/v2/ { proxy_pass http://app.domain.com/api/$1/v2; } Depending on if there are other url parts and/or variables the other way would be just to use rewrite within matching location block (or just globaly if every request is proxied). For example: location /users/v2/ { rewrite ^/(.*)/v2/ /api/$1/v2 break; proxy_pass http://app.domain.com; } rr From nginx-forum at forum.nginx.org Tue Oct 3 17:41:06 2017 From: nginx-forum at forum.nginx.org (halfpastjohn) Date: Tue, 03 Oct 2017 13:41:06 -0400 Subject: How to grab a value from a request In-Reply-To: <56DB108ED149495588A056BDB5C2455D@Neiroze> References: <56DB108ED149495588A056BDB5C2455D@Neiroze> Message-ID: <2b253fa883919075c8e9f89021f70ba1.NginxMailingListEnglish@forum.nginx.org> Would this work? location ~ ^/users/v2/ { proxy_pass http://app.domain.com/api/$1/v2; } Would $1 resolve as users or does it need to be inside ()? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276652,276664#msg-276664 From nginx-forum at forum.nginx.org Tue Oct 3 18:00:39 2017 From: nginx-forum at forum.nginx.org (halfpastjohn) Date: Tue, 03 Oct 2017 14:00:39 -0400 Subject: duplicate upstream server marked as down Message-ID: <7ba22baf58c0e9b6984e1f96796f4c86.NginxMailingListEnglish@forum.nginx.org> Can i have two, identical, server hostnames in an upstream, with one of them marked as "down"? Like this: resolver 10.0.0.8; upstream backend { server backend.example.com down resolve; server backend.example.com/api/v2/; } The reason being is that i need to route to the second one (with the longer path), but i also need to resolve the hostname. Unfortunately it won't resolve when there is additional pathing tacked onto the end. So, i'm hoping that this will allow the hostname to be resolved but only send traffic to the full path. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276665,276665#msg-276665 From nginx-forum at forum.nginx.org Wed Oct 4 06:39:35 2017 From: nginx-forum at forum.nginx.org (akmanocha) Date: Wed, 04 Oct 2017 02:39:35 -0400 Subject: HTTP Status Code 463 Message-ID: <260f53d44b79883eec60e3d2c19a58a3.NginxMailingListEnglish@forum.nginx.org> Hi, I am getting a strange error while using nginx as reverse proxy. >From my upstream I get a response like in acess logs - {"time": "2017-10-04T11:51:37+05:30", "remote_addr": "52.76.220.40", "remote_user": "-", "body_bytes_sent": "0", "request_time": "0.002", "status": "463", "request": "GET / HTTP/1.1", "request_method": "GET", "request_header": "-", "request_body": "-", "http_referer": "-", "http_user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36", "application": "nb-qa-nearbuy-nginx", "xforwarder": "52.76.85.66, 52.76.85.66, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40","host":"www.iwanto.in","http_HEADER":"-"} No logs in error logs- Could not find anything on net about status code 463 Looks like an issue with xforwarder has some issues? Why so many repeated IPs? Has anybody else encountered the same issues? Rgs Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276667,276667#msg-276667 From francis at daoine.org Wed Oct 4 07:16:18 2017 From: francis at daoine.org (Francis Daly) Date: Wed, 4 Oct 2017 08:16:18 +0100 Subject: How to grab a value from a request In-Reply-To: References: <20171002234324.GA20907@daoine.org> Message-ID: <20171004071618.GC20907@daoine.org> On Tue, Oct 03, 2017 at 11:29:44AM -0400, halfpastjohn wrote: Hi there, > I'm sorry i don't quite follow. How is your example using the map directive? It isn't. If you want to pick pieces from the request, you can use "map". However, what you have described so far as your use case does not need to pick pieces from the request. > Just for clarity, here is what I'm trying to do. > > location /[resource]/v2/ { > proxy_pass http://app.domain.com/api/[resource]/v2; > } > > In fact, the location bit will be hardcoded with the actual resource, I just If you can hardcode the location bit, you can hardcode exactly the same thing in the proxy_pass bit, no? > location /users/v2/ { > proxy_pass http://app.domain.com/api/{{users}}/v2; Make that be proxy_pass http://app.domain.com/api/users/v2/; and it should Just Work, no? f -- Francis Daly francis at daoine.org From nginx-forum at forum.nginx.org Wed Oct 4 08:32:41 2017 From: nginx-forum at forum.nginx.org (Dingo) Date: Wed, 04 Oct 2017 04:32:41 -0400 Subject: Reverse cache not working on start pages Message-ID: <267d8da089f0431bd920f59ccc01f1e0.NginxMailingListEnglish@forum.nginx.org> Hi! I am unable to get reverse cache working on startpages. I am using Ubuntu 16.04 with everything updated. I have tried this example: https://www.nginx.com/resources/wiki/start/topics/examples/reverseproxycachingexample/ http { proxy_cache_path /data/nginx/cache levels=1:2 keys_zone=STATIC:10m inactive=24h max_size=1g; server { location / { proxy_pass http://1.2.3.4; proxy_set_header Host $host; # proxy_cache STATIC; proxy_cache_valid 200 1d; proxy_cache_use_stale error timeout invalid_header updating http_500 http_502 http_503 http_504; } } } It works fine with the row "proxy_cache STATIC" disabled, but when I enable it, I can not get any startpages woking. If I use http://asiteonmyiisserver.com, it will only show the default IIS page, but if I type: http://asiteonmyiisserver.com/idex.html it will work. What also works is http://asiteonmyiisserver.com/products, and so on. I also have one other server that only hosts one site (apache server) with no host headers involved, and that one works even with the startpage. I am totally lost when it comes Nginx, so this could be something really simple. I have searched a lot on the Internet and only found one guy with the same problem. The server pointed to by proxy_pass is an IIS-server hosting mostly wordpress domains on a single IP using host headers. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276670,276670#msg-276670 From nginx-forum at forum.nginx.org Wed Oct 4 09:42:10 2017 From: nginx-forum at forum.nginx.org (Dingo) Date: Wed, 04 Oct 2017 05:42:10 -0400 Subject: Reverse cache not working on start pages In-Reply-To: <267d8da089f0431bd920f59ccc01f1e0.NginxMailingListEnglish@forum.nginx.org> References: <267d8da089f0431bd920f59ccc01f1e0.NginxMailingListEnglish@forum.nginx.org> Message-ID: <067ad68f6ad39736b85557c325f5b9ca.NginxMailingListEnglish@forum.nginx.org> A small update to my problem: I started Wireshark and saw that there was no any requests going to my server as long as I used the cache. The problem seems to be in the cached content. I changed: proxy_cache_valid 200 1d; to proxy_cache_valid 200 1m; But I don't seem to get any updates to the cache. No traffic between my Nginx and IIS, everything is still fetched from the cache. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276670,276671#msg-276671 From nginx-forum at forum.nginx.org Wed Oct 4 10:01:35 2017 From: nginx-forum at forum.nginx.org (Dingo) Date: Wed, 04 Oct 2017 06:01:35 -0400 Subject: Reverse cache not working on start pages In-Reply-To: <067ad68f6ad39736b85557c325f5b9ca.NginxMailingListEnglish@forum.nginx.org> References: <267d8da089f0431bd920f59ccc01f1e0.NginxMailingListEnglish@forum.nginx.org> <067ad68f6ad39736b85557c325f5b9ca.NginxMailingListEnglish@forum.nginx.org> Message-ID: <5166a4e052f8673165df9d5c82951cdd.NginxMailingListEnglish@forum.nginx.org> Another update: I finally deleted /data/nginx/cache/*, and now everything seems to be working. It looks like Nginx don't bother about what cache timeout I use. If it is 1 day, as in the example from nginx.org, everything that was cached at that time will be remembered for 1 day. I have no clue why my startpages was not working, but they are now that I deleted the cache. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276670,276673#msg-276673 From nginx-forum at forum.nginx.org Wed Oct 4 12:01:48 2017 From: nginx-forum at forum.nginx.org (soulseekah) Date: Wed, 04 Oct 2017 08:01:48 -0400 Subject: nginx null bytes on static image Message-ID: <9333fe2b8bb6e3af725ae0bc7e7d0822.NginxMailingListEnglish@forum.nginx.org> nginx/1.12.1 Creating new files with PHP (image resizing) works fine, the new files are served well. Then suddenly after a couple of days the file is returned as a sequence of NULL bytes Content-Length long. HTTP/1.1 200 OK Server: nginx/1.12.1 Date: Wed, 04 Oct 2017 11:33:57 GMT Content-Type: image/jpeg Content-Length: 8915 Last-Modified: Sun, 01 Oct 2017 19:30:46 GMT Connection: keep-alive ETag: "59d14266-22d3" Expires: Thu, 31 Dec 2037 23:55:55 GMT Cache-Control: max-age=315360000 Accept-Ranges: bytes 00000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000010: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 00000020: 0000 0000 0000 0000 0000 0000 0000 0000 ................ ** snip ** 000022c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ 000022d0: 0000 00 Looking at the file via SSH under the nginx user the file is fine: sudo -u nginx cat path/to/file.jpg | xxd 00000000: ffd8 ffe0 0010 4a46 4946 0001 0100 0001 ......JFIF...... 00000010: 0001 0000 fffe 003b 4352 4541 544f 523a .......;CREATOR: 00000020: 2067 642d 6a70 6567 2076 312e 3020 2875 gd-jpeg v1.0 (u 00000030: 7369 6e67 2049 4a47 204a 5045 4720 7636 sing IJG JPEG v6 00000040: 3229 2c20 7175 616c 6974 7920 3d20 3832 2), quality = 82 00000050: 0aff db00 4300 0604 0405 0404 0605 0505 ....C........... Any ideas what may be going wrong? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276676,276676#msg-276676 From nginx-forum at forum.nginx.org Wed Oct 4 13:38:15 2017 From: nginx-forum at forum.nginx.org (manas86) Date: Wed, 04 Oct 2017 09:38:15 -0400 Subject: How to set up nginx as a 2-factor authentication portal that becomes transparent once auth'd? In-Reply-To: <1365807719.11946.140661217079830.54641F7E@webmail.messagingengine.com> References: <1365807719.11946.140661217079830.54641F7E@webmail.messagingengine.com> Message-ID: <8f89628b0b94ce0c8335496af19cfc37.NginxMailingListEnglish@forum.nginx.org> Hi Did you find any solution ? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,238332,276678#msg-276678 From mdounin at mdounin.ru Wed Oct 4 14:24:43 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 4 Oct 2017 17:24:43 +0300 Subject: HTTP Status Code 463 In-Reply-To: <260f53d44b79883eec60e3d2c19a58a3.NginxMailingListEnglish@forum.nginx.org> References: <260f53d44b79883eec60e3d2c19a58a3.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20171004142443.GO16067@mdounin.ru> Hello! On Wed, Oct 04, 2017 at 02:39:35AM -0400, akmanocha wrote: > Hi, > > I am getting a strange error while using nginx as reverse proxy. > > From my upstream I get a response like in acess logs - > > {"time": "2017-10-04T11:51:37+05:30", "remote_addr": "52.76.220.40", > "remote_user": "-", "body_bytes_sent": "0", "request_time": "0.002", > "status": "463", "request": "GET / HTTP/1.1", "request_method": "GET", > "request_header": "-", "request_body": "-", "http_referer": "-", > "http_user_agent": "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 > (KHTML, like Gecko) Chrome/36.0.1985.67 Safari/537.36", "application": > "nb-qa-nearbuy-nginx", "xforwarder": "52.76.85.66, 52.76.85.66, > 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, > 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, > 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, > 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, > 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, 52.76.220.40, > 52.76.220.40, 52.76.220.40, 52.76.220.40, > 52.76.220.40","host":"www.iwanto.in","http_HEADER":"-"} > > No logs in error logs- > > Could not find anything on net about status code 463 > Looks like an issue with xforwarder has some issues? Why so many repeated > IPs? Has anybody else encountered the same issues? nginx itself never returns 463, it is something non-standard likely returned by your backend. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Wed Oct 4 14:47:18 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 4 Oct 2017 17:47:18 +0300 Subject: nginx null bytes on static image In-Reply-To: <9333fe2b8bb6e3af725ae0bc7e7d0822.NginxMailingListEnglish@forum.nginx.org> References: <9333fe2b8bb6e3af725ae0bc7e7d0822.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20171004144718.GP16067@mdounin.ru> Hello! On Wed, Oct 04, 2017 at 08:01:48AM -0400, soulseekah wrote: > nginx/1.12.1 > > Creating new files with PHP (image resizing) works fine, the new files are > served well. Then suddenly after a couple of days the file is returned as a > sequence of NULL bytes Content-Length long. > > HTTP/1.1 200 OK > Server: nginx/1.12.1 > Date: Wed, 04 Oct 2017 11:33:57 GMT > Content-Type: image/jpeg > Content-Length: 8915 > Last-Modified: Sun, 01 Oct 2017 19:30:46 GMT > Connection: keep-alive > ETag: "59d14266-22d3" > Expires: Thu, 31 Dec 2037 23:55:55 GMT > Cache-Control: max-age=315360000 > Accept-Ranges: bytes > > 00000000: 0000 0000 0000 0000 0000 0000 0000 0000 ................ > 00000010: 0000 0000 0000 0000 0000 0000 0000 0000 ................ > 00000020: 0000 0000 0000 0000 0000 0000 0000 0000 ................ > ** snip ** > 000022c0: 0000 0000 0000 0000 0000 0000 0000 0000 ................ > 000022d0: 0000 00 > > Looking at the file via SSH under the nginx user the file is fine: > > sudo -u nginx cat path/to/file.jpg | xxd > > 00000000: ffd8 ffe0 0010 4a46 4946 0001 0100 0001 ......JFIF...... > 00000010: 0001 0000 fffe 003b 4352 4541 544f 523a .......;CREATOR: > 00000020: 2067 642d 6a70 6567 2076 312e 3020 2875 gd-jpeg v1.0 (u > 00000030: 7369 6e67 2049 4a47 204a 5045 4720 7636 sing IJG JPEG v6 > 00000040: 3229 2c20 7175 616c 6974 7920 3d20 3832 2), quality = 82 > 00000050: 0aff db00 4300 0604 0405 0404 0605 0505 ....C........... > > Any ideas what may be going wrong? I would suggest that there is something wrong at the OS level. In particular, you may want to take a look at the filesystem used and/or check if switching off sendfile fixes things. -- Maxim Dounin http://nginx.org/ From nginx-forum at forum.nginx.org Wed Oct 4 15:19:11 2017 From: nginx-forum at forum.nginx.org (pankaj@releasemanager.in) Date: Wed, 04 Oct 2017 11:19:11 -0400 Subject: Support Request for Preserving Proxied server original Chunk sizes In-Reply-To: References: Message-ID: Were you able to work around this issue of rechunking based on network performance and bandwidth ? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276367,276682#msg-276682 From nginx-forum at forum.nginx.org Wed Oct 4 15:29:23 2017 From: nginx-forum at forum.nginx.org (pankaj@releasemanager.in) Date: Wed, 04 Oct 2017 11:29:23 -0400 Subject: Nginx splitting one single request's into multiple requests to upstream. (version 1.13.3) In-Reply-To: References: Message-ID: <18b6dca9ef4071b74131e64e5e4f3625.NginxMailingListEnglish@forum.nginx.org> Pbooth, Basically, i am receiving a complete json doc as a chunk from one app server which is then proxied to another app which is handing each chunk as a complete request. The problem is when you put nginx in between the document is sometime divided in multiple chunks or multiple chunks are merge into one chunk and transmitted to upstream app server. I have tried various configuration options but couldn't identify which configuration exactly controls this rechunking while proxying or max size of the chunk so there's never a case when two json docs are sent to the app in a single chunk. Ideally it should sent the chunk as is to upstream as recieved. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276545,276683#msg-276683 From mdounin at mdounin.ru Wed Oct 4 15:39:00 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 4 Oct 2017 18:39:00 +0300 Subject: Reverse cache not working on start pages In-Reply-To: <5166a4e052f8673165df9d5c82951cdd.NginxMailingListEnglish@forum.nginx.org> References: <267d8da089f0431bd920f59ccc01f1e0.NginxMailingListEnglish@forum.nginx.org> <067ad68f6ad39736b85557c325f5b9ca.NginxMailingListEnglish@forum.nginx.org> <5166a4e052f8673165df9d5c82951cdd.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20171004153900.GR16067@mdounin.ru> Hello! On Wed, Oct 04, 2017 at 06:01:35AM -0400, Dingo wrote: > Another update: > > I finally deleted /data/nginx/cache/*, and now everything seems to be > working. It looks like Nginx don't bother about what cache timeout I use. If > it is 1 day, as in the example from nginx.org, everything that was cached at > that time will be remembered for 1 day. I have no clue why my startpages was > not working, but they are now that I deleted the cache. Cache validity time is determened when loading a response from the backend based on the response headers and the configuration active at that time. Any futher changes to the configuration have no effect. So what you did is basically correct: if you are making major changes to your caching configuration, you may need to clear the cache manually. -- Maxim Dounin http://nginx.org/ From r at roze.lv Wed Oct 4 15:51:46 2017 From: r at roze.lv (Reinis Rozitis) Date: Wed, 4 Oct 2017 18:51:46 +0300 Subject: How to grab a value from a request In-Reply-To: <2b253fa883919075c8e9f89021f70ba1.NginxMailingListEnglish@forum.nginx.org> References: <56DB108ED149495588A056BDB5C2455D@Neiroze> <2b253fa883919075c8e9f89021f70ba1.NginxMailingListEnglish@forum.nginx.org> Message-ID: > Would this work? > > location ~ ^/users/v2/ { > proxy_pass http://app.domain.com/api/$1/v2; > } No. > Would $1 resolve as users or does it need to be inside ()? For capturing (PCRE) a block into variable you need (). You can also use named variables if the pattern/configuration becomes more complex ( for example http://nginx.org/en/docs/http/server_names.html#regex_names ) rr From peter_booth at me.com Wed Oct 4 15:57:18 2017 From: peter_booth at me.com (Peter Booth) Date: Wed, 04 Oct 2017 11:57:18 -0400 Subject: Reverse cache not working on start pages In-Reply-To: <20171004153900.GR16067@mdounin.ru> References: <267d8da089f0431bd920f59ccc01f1e0.NginxMailingListEnglish@forum.nginx.org> <067ad68f6ad39736b85557c325f5b9ca.NginxMailingListEnglish@forum.nginx.org> <5166a4e052f8673165df9d5c82951cdd.NginxMailingListEnglish@forum.nginx.org> <20171004153900.GR16067@mdounin.ru> Message-ID: I found it useful to define a dropCache location that will delete the cache on request. I did this with a shell script that I invoked with lua (via openresty) but I imagine there are multiple ways to do this. Sent from my iPhone > On Oct 4, 2017, at 11:39 AM, Maxim Dounin wrote: > > Hello! > >> On Wed, Oct 04, 2017 at 06:01:35AM -0400, Dingo wrote: >> >> Another update: >> >> I finally deleted /data/nginx/cache/*, and now everything seems to be >> working. It looks like Nginx don't bother about what cache timeout I use. If >> it is 1 day, as in the example from nginx.org, everything that was cached at >> that time will be remembered for 1 day. I have no clue why my startpages was >> not working, but they are now that I deleted the cache. > > Cache validity time is determened when loading a response from the > backend based on the response headers and the configuration active > at that time. Any futher changes to the configuration have no > effect. > > So what you did is basically correct: if you are making major > changes to your caching configuration, you may need to clear the > cache manually. > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From mdounin at mdounin.ru Wed Oct 4 16:04:56 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 4 Oct 2017 19:04:56 +0300 Subject: Nginx splitting one single request's into multiple requests to upstream. (version 1.13.3) In-Reply-To: <18b6dca9ef4071b74131e64e5e4f3625.NginxMailingListEnglish@forum.nginx.org> References: <18b6dca9ef4071b74131e64e5e4f3625.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20171004160456.GS16067@mdounin.ru> Hello! On Wed, Oct 04, 2017 at 11:29:23AM -0400, pankaj at releasemanager.in wrote: > Pbooth, > > Basically, i am receiving a complete json doc as a chunk from one app server > which is then proxied to another app which is handing each chunk as a > complete request. The problem is when you put nginx in between the document > is sometime divided in multiple chunks or multiple chunks are merge into one > chunk and transmitted to upstream app server. > > I have tried various configuration options but couldn't identify which > configuration exactly controls this rechunking while proxying or max size of > the chunk so there's never a case when two json docs are sent to the app in > a single chunk. Ideally it should sent the chunk as is to upstream as > recieved. By saying "chunk" you mean HTTP chunk, as in chunked transfer encoding, https://tools.ietf.org/html/rfc7230#section-4.1? If yes, you have to basic options: - rewrite your app to don't do that. Transfer encodings are specific to a particular connection, and intermediate HTTP proxies are free to recode message bodies. And there is no way to avoid this in nginx when using http proxying. - re-think your proxing configuration to avoid HTTP proxies between apps in question. For example, TCP proxying as available in nginx stream module should work fine. -- Maxim Dounin http://nginx.org/ From nginx-forum at forum.nginx.org Wed Oct 4 16:36:46 2017 From: nginx-forum at forum.nginx.org (k78rc) Date: Wed, 04 Oct 2017 12:36:46 -0400 Subject: unable to setup HTTPS reverse proxy Message-ID: <0955d0f7a7d65419721a372869b47828.NginxMailingListEnglish@forum.nginx.org> Hi, I am struggling in order to setup nginx as reverse proxy with HTTPS. In current test setup I installed nginx on a CentOS 7 machine (host 192.168.1.115) and apache within a docker container. Everything works fine as long as I use HTTP only. However if I enable SSL, my browser always ends up in getting response code 400 (bad request). ssl_certificate "/etc/nginx/cert.crt"; ssl_certificate_key "/etc/nginx/cert.key"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 1m; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; server { listen 443 ssl; server_name .hello.com; location / { proxy_pass http://127.0.0.1:8000; } } In error.log I read: 2017/10/04 17:40:06 [info] 5695#0: *27 client sent invalid request while reading client request line, client: 192.168.1.120, server: , request: "CONNECT alpha.hello.com:443 HTTP/1.1" On the other hand, if I run in a terminal: openssl s_client -connect 192.168.1.115:443 and then I enter GET https://alpha.hello.com/ I get the expected content (in this case error.log just prints 2017/10/04 18:15:41 [debug] 15843#0: *40 http request line: "GET https://alpha.ciao.com/" ) By the way, I tried different browsers, but the proxy configuration should be pretty simple: I always set 192.168.1.115:443 as HTTPS/SSL proxy or as proxy for all protocols (actually I aim to use HTTPS only) What is my mistake? Is anything missing in nginx configuration? Is there a proxy setup in the browser I am not aware of? Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276690,276690#msg-276690 From mdounin at mdounin.ru Wed Oct 4 17:01:07 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 4 Oct 2017 20:01:07 +0300 Subject: unable to setup HTTPS reverse proxy In-Reply-To: <0955d0f7a7d65419721a372869b47828.NginxMailingListEnglish@forum.nginx.org> References: <0955d0f7a7d65419721a372869b47828.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20171004170107.GU16067@mdounin.ru> Hello! On Wed, Oct 04, 2017 at 12:36:46PM -0400, k78rc wrote: > Hi, > > I am struggling in order to setup nginx as reverse proxy with HTTPS. > In current test setup I installed nginx on a CentOS 7 machine (host > 192.168.1.115) and apache within a docker container. > Everything works fine as long as I use HTTP only. > However if I enable SSL, my browser always ends up in getting response code > 400 (bad request). > > ssl_certificate "/etc/nginx/cert.crt"; > ssl_certificate_key "/etc/nginx/cert.key"; > ssl_session_cache shared:SSL:1m; > ssl_session_timeout 1m; > ssl_ciphers HIGH:!aNULL:!MD5; > ssl_prefer_server_ciphers on; > > server { > listen 443 ssl; > server_name .hello.com; > > location / { > proxy_pass http://127.0.0.1:8000; > } > } > > In error.log I read: > > 2017/10/04 17:40:06 [info] 5695#0: *27 client sent invalid request while > reading client request line, client: 192.168.1.120, server: , request: > "CONNECT alpha.hello.com:443 HTTP/1.1" The message suggests that your browser thinks that nginx is a forward proxy and tries to use it as such. This won't work. Check your browser settings. [...] > By the way, I tried different browsers, but the proxy configuration should > be pretty simple: I always set 192.168.1.115:443 as HTTPS/SSL proxy or as > proxy for all protocols (actually I aim to use HTTPS only) > > What is my mistake? Is anything missing in nginx configuration? Is there a > proxy setup in the browser I am not aware of? For reverse proxy you should not configure anything in your browser, it is basically an internal part of a http server. In browser settings you configure _forward_ proxies, and this is not something nginx is expected to be used for. -- Maxim Dounin http://nginx.org/ From nginx-forum at forum.nginx.org Wed Oct 4 19:24:58 2017 From: nginx-forum at forum.nginx.org (pankaj@releasemanager.in) Date: Wed, 04 Oct 2017 15:24:58 -0400 Subject: Nginx splitting one single request's into multiple requests to upstream. (version 1.13.3) In-Reply-To: <20171004160456.GS16067@mdounin.ru> References: <20171004160456.GS16067@mdounin.ru> Message-ID: <2f5f62059370e690f0dcc1876c50472f.NginxMailingListEnglish@forum.nginx.org> Maxim, totally agree on your statement and options. But still i was wondering if there's any configuration directive that limit's the buffer of rechunked packet until the app is updated to handle it in a more graceful manner. thanks, P Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276545,276697#msg-276697 From peter_booth at me.com Wed Oct 4 19:53:50 2017 From: peter_booth at me.com (Peter Booth) Date: Wed, 04 Oct 2017 15:53:50 -0400 Subject: Nginx splitting one single request's into multiple requests to upstream. (version 1.13.3) In-Reply-To: <2f5f62059370e690f0dcc1876c50472f.NginxMailingListEnglish@forum.nginx.org> References: <20171004160456.GS16067@mdounin.ru> <2f5f62059370e690f0dcc1876c50472f.NginxMailingListEnglish@forum.nginx.org> Message-ID: <0516AD38-988A-460E-88ED-9E51F8E739DC@me.com> I can say that Maxim's idea of using tcp proxying with the streams module Is very simple to configure - just a couple of lines, and tremendously useful. Sent from my iPhone > On Oct 4, 2017, at 3:24 PM, pankaj at releasemanager.in wrote: > > Maxim, > > totally agree on your statement and options. > > But still i was wondering if there's any configuration directive that > limit's the buffer of rechunked packet until the app is updated to handle it > in a more graceful manner. > > thanks, > > P > > Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276545,276697#msg-276697 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at forum.nginx.org Wed Oct 4 23:53:06 2017 From: nginx-forum at forum.nginx.org (k78rc) Date: Wed, 04 Oct 2017 19:53:06 -0400 Subject: unable to setup HTTPS reverse proxy In-Reply-To: <20171004170107.GU16067@mdounin.ru> References: <20171004170107.GU16067@mdounin.ru> Message-ID: Oh, now that you tell me it looks quite obvious. Thank you very much for your help! Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276690,276699#msg-276699 From nginx-forum at forum.nginx.org Thu Oct 5 11:29:13 2017 From: nginx-forum at forum.nginx.org (rnmx18) Date: Thu, 05 Oct 2017 07:29:13 -0400 Subject: Using request URI path to store cached files instead of MD5 hash-based path Message-ID: Hi, If proxy caching is enabled, NGINX is saving the files under subdirectories of the proxy_cache_path, based on the MD5 hash of the cache-key and the levels parameter value. Is it possible to change this behaviour through configuration to cache the files using the request URI path itself, say, under the host-name directory under the proxy_cache_path. For example, if the proxy_cache_path is /tmp/cache1 and the request is http://www.example.com/movies/file1.mp4, then can the file get cached as /tmp/cache1/www.example.com/movies/file1.mp4 I think such a direct way of defining cached file paths would help in finding or locating specific content in cache. Also, it would be helpful in purging content from cache, even using wild-carded expressions. However, I seem to be missing the key benefit of why files are stored based on MD5 hash based paths. Could someone explain the reason for using MD5 hash based file paths? Also, with vanilla-NGINX, if there is no configurable way to use direct request URI paths, is there any external module which could help me to get this functionality? Thanks Rajesh Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276700,276700#msg-276700 From nginx-forum at forum.nginx.org Thu Oct 5 12:57:14 2017 From: nginx-forum at forum.nginx.org (soulseekah) Date: Thu, 05 Oct 2017 08:57:14 -0400 Subject: nginx null bytes on static image In-Reply-To: <9333fe2b8bb6e3af725ae0bc7e7d0822.NginxMailingListEnglish@forum.nginx.org> References: <9333fe2b8bb6e3af725ae0bc7e7d0822.NginxMailingListEnglish@forum.nginx.org> Message-ID: <0afa54ee7ba5fbf820ea8d3abf541cd6.NginxMailingListEnglish@forum.nginx.org> Thanks. Turning off sendfile worked, but a small test program in C on the same filesystem doesn't yield this behavior. What else could I test to reproduce this and confirm OS or filesystem issues? Thanks for your time and ideas. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276676,276704#msg-276704 From mdounin at mdounin.ru Thu Oct 5 13:39:11 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 5 Oct 2017 16:39:11 +0300 Subject: nginx null bytes on static image In-Reply-To: <0afa54ee7ba5fbf820ea8d3abf541cd6.NginxMailingListEnglish@forum.nginx.org> References: <9333fe2b8bb6e3af725ae0bc7e7d0822.NginxMailingListEnglish@forum.nginx.org> <0afa54ee7ba5fbf820ea8d3abf541cd6.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20171005133911.GB16067@mdounin.ru> Hello! On Thu, Oct 05, 2017 at 08:57:14AM -0400, soulseekah wrote: > Thanks. Turning off sendfile worked, but a small test program in C on the > same filesystem doesn't yield this behavior. > What else could I test to reproduce this and confirm OS or filesystem > issues? If you are able to reproduce the problem again by enabling sendfile in nginx, you may want to trace relevant syscalls nginx does and try to reproduce exactly the same in your C test program. In particular, something like O_DIRECT, non-blocking mode on sockets, or sendfile() headers/trailers might be important. -- Maxim Dounin http://nginx.org/ From nginx-forum at forum.nginx.org Thu Oct 5 18:25:44 2017 From: nginx-forum at forum.nginx.org (shiz) Date: Thu, 05 Oct 2017 14:25:44 -0400 Subject: conflicting rules Message-ID: <8cf78883139acf13805f2f4d9db044c9.NginxMailingListEnglish@forum.nginx.org> Hello, I exclude the stylesheets and javascript from the logs to alleviate them. However I would want to make an exception for awstats. So far the following doesn't work. Any help? location ~* ^.+\.(css|js)$|^/(css|Scripts|uploads)/ { expires -1; access_log off; log_not_found off; } location ~* ^/Scripts/awstats_misc_tracker.js { access_log on; } Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276715,276715#msg-276715 From igal at lucee.org Thu Oct 5 18:29:38 2017 From: igal at lucee.org (Igal @ Lucee.org) Date: Thu, 5 Oct 2017 11:29:38 -0700 Subject: conflicting rules In-Reply-To: <8cf78883139acf13805f2f4d9db044c9.NginxMailingListEnglish@forum.nginx.org> References: <8cf78883139acf13805f2f4d9db044c9.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hi, On 10/5/2017 11:25 AM, shiz wrote: > I exclude the stylesheets and javascript from the logs to alleviate them. > However I would want to make an exception for awstats. > > So far the following doesn't work. Any help? > > location ~* ^/Scripts/awstats_misc_tracker.js { > access_log on; > } Use an exact match for that URL instead of a Regex, i.e. location = /Scripts/awstats_misc_tracker.js { access_log on; } See also http://nginx.org/en/docs/http/ngx_http_core_module.html#location Igal Sapir Lucee Core Developer Lucee.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Thu Oct 5 18:40:03 2017 From: nginx-forum at forum.nginx.org (shiz) Date: Thu, 05 Oct 2017 14:40:03 -0400 Subject: conflicting rules In-Reply-To: References: Message-ID: Thanks, unfortunately it does not work grep awstat nginx/access.log |wc -l 0 Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276715,276718#msg-276718 From igal at lucee.org Thu Oct 5 18:41:14 2017 From: igal at lucee.org (Igal @ Lucee.org) Date: Thu, 5 Oct 2017 11:41:14 -0700 Subject: conflicting rules In-Reply-To: References: Message-ID: <91275317-8ea4-6772-2a14-eb7291d304e6@lucee.org> On 10/5/2017 11:40 AM, shiz wrote: > Thanks, unfortunately it does not work Did you reload the config after you modified it? Igal Sapir Lucee Core Developer Lucee.org -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Thu Oct 5 18:50:48 2017 From: nginx-forum at forum.nginx.org (shiz) Date: Thu, 05 Oct 2017 14:50:48 -0400 Subject: conflicting rules In-Reply-To: <91275317-8ea4-6772-2a14-eb7291d304e6@lucee.org> References: <91275317-8ea4-6772-2a14-eb7291d304e6@lucee.org> Message-ID: <4ac93e0c4391af81c8647838864152d9.NginxMailingListEnglish@forum.nginx.org> yes of course I've reordered them too: location = /Scripts/awstats_misc_tracker.js { access_log on; } location ~* ^.+\.(css|js)$|^/(css|Scripts|uploads)/ { expires 50d; access_log off; log_not_found off; add_header Cache-Control "public"; } nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful service nginx reload Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276715,276720#msg-276720 From nginx-forum at forum.nginx.org Thu Oct 5 19:15:17 2017 From: nginx-forum at forum.nginx.org (shiz) Date: Thu, 05 Oct 2017 15:15:17 -0400 Subject: conflicting rules In-Reply-To: <8cf78883139acf13805f2f4d9db044c9.NginxMailingListEnglish@forum.nginx.org> References: <8cf78883139acf13805f2f4d9db044c9.NginxMailingListEnglish@forum.nginx.org> Message-ID: <3e76f4793bf5af1c22a0ba4a6c54dca6.NginxMailingListEnglish@forum.nginx.org> 1 - If I disable that section #location ~* ^.+\.(css|js)$|^/(css|Scripts|uploads)/ { #expires -1; #access_log off; #log_not_found off; #} location = /Scripts/awstats_misc_tracker.js { access_log on; } the javascript are shown in the log. /Scripts/awstats_misc_tracker.js isn't though. 2 - Now if also disable that section, /Scripts/awstats_misc_tracker.js is finally showing so something else must be conflicting #location = /Scripts/awstats_misc_tracker.js { #access_log on; #} ~:/var/log# grep awstat nginx/access.log xx.xx.xx.xxx - - [05/Oct/2017:12:08:31 -0700] "GET /Scripts/awstats_misc_tracker.js HTTP/1.0" Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276715,276721#msg-276721 From igal at lucee.org Thu Oct 5 19:18:52 2017 From: igal at lucee.org (Igal @ Lucee.org) Date: Thu, 5 Oct 2017 12:18:52 -0700 Subject: conflicting rules In-Reply-To: <3e76f4793bf5af1c22a0ba4a6c54dca6.NginxMailingListEnglish@forum.nginx.org> References: <8cf78883139acf13805f2f4d9db044c9.NginxMailingListEnglish@forum.nginx.org> <3e76f4793bf5af1c22a0ba4a6c54dca6.NginxMailingListEnglish@forum.nginx.org> Message-ID: And you're sure about the CaSe, right?? I notice that everything is lowercase for you except for the Scripts directory. On 10/5/2017 12:15 PM, shiz wrote: > 1 - If I disable that section > > > #location ~* ^.+\.(css|js)$|^/(css|Scripts|uploads)/ { > #expires -1; > #access_log off; > #log_not_found off; > #} > > location = /Scripts/awstats_misc_tracker.js { > access_log on; > } > > the javascript are shown in the log. /Scripts/awstats_misc_tracker.js isn't > though. > > 2 - Now if also disable that section, /Scripts/awstats_misc_tracker.js is > finally showing so something else must be conflicting > > #location = /Scripts/awstats_misc_tracker.js { > #access_log on; > #} > > ~:/var/log# grep awstat nginx/access.log > xx.xx.xx.xxx - - [05/Oct/2017:12:08:31 -0700] "GET > /Scripts/awstats_misc_tracker.js HTTP/1.0" > > Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276715,276721#msg-276721 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at forum.nginx.org Thu Oct 5 19:22:56 2017 From: nginx-forum at forum.nginx.org (shiz) Date: Thu, 05 Oct 2017 15:22:56 -0400 Subject: conflicting rules In-Reply-To: References: Message-ID: <9d301d5137f7b76d720292a9091fe9ef.NginxMailingListEnglish@forum.nginx.org> I'm positive. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276715,276723#msg-276723 From francis at daoine.org Thu Oct 5 20:31:21 2017 From: francis at daoine.org (Francis Daly) Date: Thu, 5 Oct 2017 21:31:21 +0100 Subject: conflicting rules In-Reply-To: References: Message-ID: <20171005203121.GD20907@daoine.org> On Thu, Oct 05, 2017 at 02:40:03PM -0400, shiz wrote: Hi there, > Thanks, unfortunately it does not work > > grep awstat nginx/access.log |wc -l > 0 http://nginx.org/r/access_log Look in the log file called "on", not in the log file called "nginx/access.log". f -- Francis Daly francis at daoine.org From nginx-forum at forum.nginx.org Thu Oct 5 20:50:03 2017 From: nginx-forum at forum.nginx.org (shiz) Date: Thu, 05 Oct 2017 16:50:03 -0400 Subject: conflicting rules In-Reply-To: <8cf78883139acf13805f2f4d9db044c9.NginxMailingListEnglish@forum.nginx.org> References: <8cf78883139acf13805f2f4d9db044c9.NginxMailingListEnglish@forum.nginx.org> Message-ID: <18da1f7e5843317a4764474667416166.NginxMailingListEnglish@forum.nginx.org> Hey, nice catch, thanks so much! access_log on is not defeating access_log off; replaced the directive with: location = /Scripts/awstats_misc_tracker.js { } Thanks to both of you. Solved. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276715,276725#msg-276725 From nginx-forum at forum.nginx.org Fri Oct 6 07:05:52 2017 From: nginx-forum at forum.nginx.org (rnmx18) Date: Fri, 06 Oct 2017 03:05:52 -0400 Subject: Multiple upstream_cache_status headers in response in a dual-cache configuration Message-ID: <881c1ce07cd091b545007084b4c47a47.NginxMailingListEnglish@forum.nginx.org> Hi, To realize a distributed caching layer based of disk-speed and storage, I have prepared the following configuration with an SSD-cache and HDD-cache. http { add_header X-UpStream-Server-Cache-Status $upstream_cache_status; # proxy caching configurations proxy_cache_path /tmp/myssd1 keys_zone=myssd1:1m levels=1:2 inactive=60m; proxy_cache_path /tmp/myhdd1 keys_zone=myhdd1:10m levels=1:2 inactive=60m; proxy_cache_key "$request_uri"; upstream mylocalhdd { server 127.0.0.1:82; } upstream myorigin { server 192.168.1.35:80; } # Server-block1 - will cache in SSD if we get a minimum of 5 requests. server { listen 80; server_name example.com www.example.com; # Look up in ssd cache. If not found, goto hdd cache. location / { proxy_pass http://mylocalhdd; proxy_cache myssd1; proxy_cache_min_uses 5; } } # Server-block2 (acting as local upstream) - will fetch from origin and cache in HDD server { listen 82; server_name example.com www.example.com; # Look up in hdd cache. If not found, goto origin location / { proxy_pass http://myorigin; proxy_cache myhdd1; } } } The smaller, yet faster SSD-cache will store content only if I get at least 5 requests for the URL. On the other hand, the larger HDD cache will every request. The flow is straight-forward: i) Client's first request is handled by server at port 80 ii) It looks in SSD cache. Upon a cache-miss, it proxies to local upstream at port 82. iii) The local server at port 82, looks in HDD cache. upon cache miss, it fetches from origin, and adds to HDD-cache and sends the response back to first server. iv) Server1 does not add content yet to SSD-cache (as min_uses is not reached), and sends response to client. v) For the next 3 requests, the server1 would see an SSD-cache-miss, but server2 produces an HDD-cache-hit. vi) For the 5th request, the server1, will also add the response in SSD-cache, as min_uses criteria is met. vii) For the 6th request onwards, the server1 itself will serve the request from SSD-cache itself. No request is sent to local upstream. I have added $upstream_cache_status in the response. For the first request, I see the header twice in the response: This seem to correspond to MISS in both front-end SSD-cache and back-end HDD-cache. < X-UpStream-Server-Cache-Status: MISS < X-UpStream-Server-Cache-Status: MISS For the next 4 requests, I see the following: This seems to correspond to MISS in the from-end SSD-cache and HIT in the back-end HDD-cache. < X-UpStream-Server-Cache-Status: HIT < X-UpStream-Server-Cache-Status: MISS For the 6th request, I see the following: < X-UpStream-Server-Cache-Status: HIT < X-UpStream-Server-Cache-Status: HIT Why am I getting the header twice for the 6th request. In this case, the request is HIT by the SSD cache itself, and there is no request sent to local upstream also. So, shouldn't I be getting only one instance of the header in the response? Thanks Rajesh Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276727,276727#msg-276727 From nevis2us at gmail.com Fri Oct 6 11:16:07 2017 From: nevis2us at gmail.com (=?UTF-8?B?0JDQu9C10LrRgdCw0L3QtNGAINCa0LjRgNC40LvQu9C+0LI=?=) Date: Fri, 6 Oct 2017 14:16:07 +0300 Subject: subversion behind nginx Message-ID: Hi, I have 2 almost identical vhost definitions: 1. https://svn.iproducts.test location /repos/ { set $dest $http_destination; if ($http_destination ~ ^https://(.*)$) { set $dest http://$1; } proxy_set_header Destination $dest; proxy_pass http://127.0.0.1:80/repos/; } 2. https://svn-test.iproducts.test location / { set $dest $http_destination; if ($http_destination ~ ^https://(.*)$) { set $dest http://$1; } proxy_set_header Destination $dest; proxy_pass http://127.0.0.1:80/repos/; } The first one works and the second one doesn't and I don't understand why. The only difference is the uri in location. Please advise. Details below. I'm using the following commands to test the configs: 1. svn list https://svn.iproducts.test/repos/wordpress branches/ tags/ trunk/ vendor/ 2. svn list https://svn-test.iproducts.test/wordpress ... svn: PROPFIND of '/repos/wordpress/!svn/vcc/default': authorization failed: Could not authenticate to server: rejected Basic challenge ( https://svn-test.iproducts.test) In the apache logs the first 3 lines are identical but the second PROPFIND has '/repos/repos' instead of '/repos' and fails: ==> /var/log/httpd/access_log <== 127.0.0.1 - - [06/Oct/2017:13:43:54 +0300] "OPTIONS /repos/wordpress HTTP/1.0" 401 460 "-" "SVN/1.6.11 (r934486) neon/0.29.3" 127.0.0.1 - xxxxx [06/Oct/2017:13:43:54 +0300] "OPTIONS /repos/wordpress HTTP/1.0" 200 195 "-" "SVN/1.6.11 (r934486) neon/0.29.3" 127.0.0.1 - xxxxx [06/Oct/2017:13:43:54 +0300] "PROPFIND /repos/wordpress HTTP/1.0" 207 661 "-" "SVN/1.6.11 (r934486) neon/0.29.3" 127.0.0.1 - xxxxx [06/Oct/2017:13:43:54 +0300] "PROPFIND /repos/wordpress/!svn/vcc/default HTTP/1.0" 207 415 "-" "SVN/1.6.11 (r934486) neon/0.29.3" ... ==> /var/log/httpd/access_log <== 127.0.0.1 - - [06/Oct/2017:13:40:49 +0300] "OPTIONS /repos/wordpress HTTP/1.0" 401 460 "-" "SVN/1.6.11 (r934486) neon/0.29.3" 127.0.0.1 - xxxxx [06/Oct/2017:13:40:52 +0300] "OPTIONS /repos/wordpress HTTP/1.0" 200 195 "-" "SVN/1.6.11 (r934486) neon/0.29.3" 127.0.0.1 - xxxxx [06/Oct/2017:13:40:52 +0300] "PROPFIND /repos/wordpress HTTP/1.0" 207 661 "-" "SVN/1.6.11 (r934486) neon/0.29.3" ==> /var/log/httpd/error_log <== [Fri Oct 06 13:40:52 2017] [error] [client 127.0.0.1] access to /repos/repos/wordpress/!svn/vcc/default failed, reason: verification of user id 'xxxxx' not configured ==> /var/log/httpd/access_log <== 127.0.0.1 - xxxxx [06/Oct/2017:13:40:52 +0300] "PROPFIND /repos/repos/wordpress/!svn/vcc/default HTTP/1.0" 401 460 "-" "SVN/1.6.11 (r934486) neon/0.29.3" -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Fri Oct 6 11:26:42 2017 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 6 Oct 2017 14:26:42 +0300 Subject: Multiple upstream_cache_status headers in response in a dual-cache configuration In-Reply-To: <881c1ce07cd091b545007084b4c47a47.NginxMailingListEnglish@forum.nginx.org> References: <881c1ce07cd091b545007084b4c47a47.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20171006112642.GG16067@mdounin.ru> Hello! On Fri, Oct 06, 2017 at 03:05:52AM -0400, rnmx18 wrote: [...] > For the 6th request, I see the following: > > < X-UpStream-Server-Cache-Status: HIT > < X-UpStream-Server-Cache-Status: HIT > > Why am I getting the header twice for the 6th request. In this case, the > request is HIT by the SSD cache itself, and there is no request sent to > local upstream also. That's because the cached response already contains the header in it. -- Maxim Dounin http://nginx.org/ From r at roze.lv Fri Oct 6 11:39:03 2017 From: r at roze.lv (Reinis Rozitis) Date: Fri, 6 Oct 2017 14:39:03 +0300 Subject: Multiple upstream_cache_status headers in response in a dual-cache configuration In-Reply-To: <881c1ce07cd091b545007084b4c47a47.NginxMailingListEnglish@forum.nginx.org> References: <881c1ce07cd091b545007084b4c47a47.NginxMailingListEnglish@forum.nginx.org> Message-ID: <000001d33e97$b59fd110$20df7330$@roze.lv> > Why am I getting the header twice for the 6th request. In this case, the > request is HIT by the SSD cache itself, and there is no request sent to local > upstream also. > > So, shouldn't I be getting only one instance of the header in the response? Nginx saves the object with all the headers from origin. Since your "ssd cache" makes a request to "mylocalhdd" which returns the object with the X-UpStream-Server-Cache-Status then nginx returns the original object + adds an extra header (coming from the "ssd cache" server block). To hide second header you probably need to use proxy_hide_header in the "ssd cache" block . rr From nginx-forum at forum.nginx.org Fri Oct 6 12:26:19 2017 From: nginx-forum at forum.nginx.org (rnmx18) Date: Fri, 06 Oct 2017 08:26:19 -0400 Subject: Multiple upstream_cache_status headers in response in a dual-cache configuration In-Reply-To: <000001d33e97$b59fd110$20df7330$@roze.lv> References: <000001d33e97$b59fd110$20df7330$@roze.lv> Message-ID: Hi, Thank you Maxim and Reinis for your replies. I verified that when the response from backend-hdd-cache gets cached in the front-end ssd-cache, the response includes the X-Upstream-Server-Cache-Status header added from the hdd-cache-upstream.Hence, I am seeing two headers in a response served by my ssd-cache - one from the cached file, and one added by the front-end-proxy. Yes, by adding proxy_hide_header, I was able to avoid the second header in the response to client. One more question: Is there any mechanism to avoid or exclude the X-Upstream-Server-Cache-Status header (or in general, any specific headers) from being added in the metadata header of the cached file? Thanks, Rajesh Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276727,276732#msg-276732 From lucas at lucasrolff.com Fri Oct 6 13:24:45 2017 From: lucas at lucasrolff.com (Lucas Rolff) Date: Fri, 6 Oct 2017 13:24:45 +0000 Subject: Using request URI path to store cached files instead of MD5 hash-based path In-Reply-To: References: Message-ID: <4BC54DE1-E1F0-4523-B882-CBF3079A00E7@lucasrolff.com> Hi, > Is it possible to change this behaviour through configuration to cache the files using the request URI path itself, say, under the host-name directory under the proxy_cache_path. No, it?s not possible to do that with proxy_cache, you can however do it with proxy_store ( http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_store ). > I think such a direct way of defining cached file paths would help in finding or locating specific content in cache You can already find cached file paths by calculating the md5 hash yourself, it?s rather easy. > Also, it would be helpful in purging content from cache, even using wild-carded expressions. You can easily purge the cache, just not wildcard expressions, for that you?d need the plus version of nginx. > However, I seem to be missing the key benefit of why files are stored based on MD5 hash based paths One of the benefits I can think of, is that fact that you only deal with a-z0-9 characters, using ascii characters ensures compatibility with every system, it?s lightweight since you only have to deal with a small set of characters, where if you would use $request_uri as an example you?d have to use UTF-8 or similar, it makes lookups a lot heavier to do, and there could be compatibility issues with characters, and the fact that $request_uri includes query strings as well, you?d end up with very weird filenames. At same time, it wouldn?t surprise me that it?s a lot more efficient for nginx to have a consistent filename length when indexing data, you know that every file on the filesystem will be 32 characters long, you know exactly how much memory each file takes in memory, and you wouldn?t run into the problem where people have a request uri of a few hundred or even thousands of characters and possibly 10s or 100s of sub-directories. I?m pretty sure that nginx decided to use an md5 hash due to a lot of benefits over storing it as proxy_store currently does. Maybe Maxim or someone else with extensive knowledge about the codebase and its design decisions can share briefly why. Best Regards, Lucas Rolff On 05/10/2017, 13.29, "nginx on behalf of rnmx18" wrote: Hi, If proxy caching is enabled, NGINX is saving the files under subdirectories of the proxy_cache_path, based on the MD5 hash of the cache-key and the levels parameter value. Is it possible to change this behaviour through configuration to cache the files using the request URI path itself, say, under the host-name directory under the proxy_cache_path. For example, if the proxy_cache_path is /tmp/cache1 and the request is http://www.example.com/movies/file1.mp4, then can the file get cached as /tmp/cache1/www.example.com/movies/file1.mp4 I think such a direct way of defining cached file paths would help in finding or locating specific content in cache. Also, it would be helpful in purging content from cache, even using wild-carded expressions. However, I seem to be missing the key benefit of why files are stored based on MD5 hash based paths. Could someone explain the reason for using MD5 hash based file paths? Also, with vanilla-NGINX, if there is no configurable way to use direct request URI paths, is there any external module which could help me to get this functionality? Thanks Rajesh Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276700,276700#msg-276700 _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx From duanemulder at rattyshack.ca Fri Oct 6 13:50:34 2017 From: duanemulder at rattyshack.ca (duanemulder at rattyshack.ca) Date: Fri, 06 Oct 2017 09:50:34 -0400 Subject: subversion behind nginx In-Reply-To: References: Message-ID: <20171006135034.7958615.95674.1666@rattyshack.ca> An HTML attachment was scrubbed... URL: From smart.imran003 at gmail.com Fri Oct 6 14:00:26 2017 From: smart.imran003 at gmail.com (Syed Imran) Date: Fri, 6 Oct 2017 19:30:26 +0530 Subject: Nginx configuration with artifactory Message-ID: Hi, I have a VM with ip 10.130.0.198 (ssh will work within vpn) And I have another ip XXX.XXX.XXX.XXX (public ip, visible to all in internet). So I have a load balancer configuration as below, Reaching to 80 port of XXX.XXX.XXX.XXX will internally reach 10.130.0.198 80 Reaching to 443 port of XXX.XXX.XXX.XXX will internally reach 10.130.0.198 80 And externally Reaching to http port will be redirected to https port for XXX.XXX.XXX.XXX Now below is my nginx configuration file. server { listen 80 ; server_name 10.130.0.198; if ($http_x_forwarded_proto = '') { set $http_x_forwarded_proto $scheme; } ## Application specific logs ## access_log /var/log/nginx/artifactory.net.nokia.com-access.log timing; ## error_log /var/log/nginx/artifactory.net.nokia.com-error.log; rewrite ^/$ /artifactory/webapp/ redirect; rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect; chunked_transfer_encoding on; client_max_body_size 0; location /artifactory/ { proxy_read_timeout 900; proxy_pass_header Server; proxy_cookie_path ~*^/.* /; proxy_pass http://10.130.0.198:8081/artifactory/; proxy_set_header X-Artifactory-Override-Base-Url $http_x_forwarded_proto://$host:$server_port/artifactory; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Proto $http_x_forwarded_proto; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } My artifactory application in deployed using docker in port 8081. But when I do a docker login, nginx always returns 405 not found. But the web UI works find with both the ip?s. Is there anything wrong with my nginx configuration. Can someone help. Thanks, Syed -------------- next part -------------- An HTML attachment was scrubbed... URL: From shahzaib.cb at gmail.com Fri Oct 6 14:17:39 2017 From: shahzaib.cb at gmail.com (shahzaib mushtaq) Date: Fri, 6 Oct 2017 19:17:39 +0500 Subject: Block specific request pattern !! Message-ID: Hi, We're serving mp4 files over NGINX with added security hash+ttl but there's some kind of leechers accessing videos with following pattern but not getting blocked: https://domain.com/files/videos/2017/10/04/15071356364fc6b-720.mp4?h=n_Saa78MV6BJTcoRHwHelA&ttl=1507303734& ?*/WhileYouWereSleeping56.mp4* ============================================================ As you can see the highlighted part of request is abnormal, there should be nothing included after ttl value, requests are supposed to be served with following pattern : https://domain.com/files/videos/2017/10/04/15071356364fc6b-720.mp4?h=n_Saa78MV6BJTcoRHwHelA&ttl=1507303734& ? Is there a way we can block the requests not ending up on ttl value ? Thanks. Shahzaib -------------- next part -------------- An HTML attachment was scrubbed... URL: From nevis2us at gmail.com Fri Oct 6 15:09:42 2017 From: nevis2us at gmail.com (=?UTF-8?B?0JDQu9C10LrRgdCw0L3QtNGAINCa0LjRgNC40LvQu9C+0LI=?=) Date: Fri, 6 Oct 2017 18:09:42 +0300 Subject: subversion behind nginx In-Reply-To: <20171006135034.7958615.95674.1666@rattyshack.ca> References: <20171006135034.7958615.95674.1666@rattyshack.ca> Message-ID: Thanks for your answer, I suspected as much. Is there a more detailed explanation of why the paths must match? Can it be helped with rewrite rules, additional headers or changing subversion settings? I can move subversion to / on an apache host but it's gonna be twice as slow and the grand idea is to speed up subversion operations moving it to a non-ssl backend. 2017-10-06 16:50 GMT+03:00 : > Hello > > With svn behind nginx you cannot change the path. The second location > needs to be /repos as well > > =D > > Sent from the last QNX powered smartphone > *From: *????????? ???????? > *Sent: *Friday, October 6, 2017 7:16 AM > *To: *nginx at nginx.org > *Reply To: *nginx at nginx.org > *Subject: *subversion behind nginx > > Hi, I have 2 almost identical vhost definitions: > > 1. https://svn.iproducts.test > > location /repos/ { > > set $dest $http_destination; > if ($http_destination ~ ^https://(.*)$) { > set $dest http://$1; > } > > proxy_set_header Destination $dest; > proxy_pass http://127.0.0.1:80/repos/; > } > > 2. https://svn-test.iproducts.test > > location / { > > set $dest $http_destination; > if ($http_destination ~ ^https://(.*)$) { > set $dest http://$1; > } > > proxy_set_header Destination $dest; > proxy_pass http://127.0.0.1:80/repos/; > } > > The first one works and the second one doesn't and I don't understand why. > The only difference is the uri in location. Please advise. Details below. > > > I'm using the following commands to test the configs: > > 1. svn list https://svn.iproducts.test/repos/wordpress > branches/ > tags/ > trunk/ > vendor/ > > 2. svn list https://svn-test.iproducts.test/wordpress > ... > svn: PROPFIND of '/repos/wordpress/!svn/vcc/default': authorization > failed: Could not authenticate to server: rejected Basic challenge ( > https://svn-test.iproducts.test) > > > In the apache logs the first 3 lines are identical but the second PROPFIND > has '/repos/repos' instead of '/repos' and fails: > > ==> /var/log/httpd/access_log <== > 127.0.0.1 - - [06/Oct/2017:13:43:54 +0300] "OPTIONS /repos/wordpress > HTTP/1.0" 401 460 "-" "SVN/1.6.11 (r934486) neon/0.29.3" > 127.0.0.1 - xxxxx [06/Oct/2017:13:43:54 +0300] "OPTIONS /repos/wordpress > HTTP/1.0" 200 195 "-" "SVN/1.6.11 (r934486) neon/0.29.3" > 127.0.0.1 - xxxxx [06/Oct/2017:13:43:54 +0300] "PROPFIND /repos/wordpress > HTTP/1.0" 207 661 "-" "SVN/1.6.11 (r934486) neon/0.29.3" > > 127.0.0.1 - xxxxx [06/Oct/2017:13:43:54 +0300] "PROPFIND > /repos/wordpress/!svn/vcc/default HTTP/1.0" 207 415 "-" "SVN/1.6.11 > (r934486) neon/0.29.3" > > ... > > ==> /var/log/httpd/access_log <== > 127.0.0.1 - - [06/Oct/2017:13:40:49 +0300] "OPTIONS /repos/wordpress > HTTP/1.0" 401 460 "-" "SVN/1.6.11 (r934486) neon/0.29.3" > 127.0.0.1 - xxxxx [06/Oct/2017:13:40:52 +0300] "OPTIONS /repos/wordpress > HTTP/1.0" 200 195 "-" "SVN/1.6.11 (r934486) neon/0.29.3" > 127.0.0.1 - xxxxx [06/Oct/2017:13:40:52 +0300] "PROPFIND /repos/wordpress > HTTP/1.0" 207 661 "-" "SVN/1.6.11 (r934486) neon/0.29.3" > > ==> /var/log/httpd/error_log <== > [Fri Oct 06 13:40:52 2017] [error] [client 127.0.0.1] access to > /repos/repos/wordpress/!svn/vcc/default failed, reason: verification of > user id 'xxxxx' not configured > > ==> /var/log/httpd/access_log <== > 127.0.0.1 - xxxxx [06/Oct/2017:13:40:52 +0300] "PROPFIND > /repos/repos/wordpress/!svn/vcc/default HTTP/1.0" 401 460 "-" "SVN/1.6.11 > (r934486) neon/0.29.3" > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at forum.nginx.org Fri Oct 6 15:40:46 2017 From: nginx-forum at forum.nginx.org (joseph-pg) Date: Fri, 06 Oct 2017 11:40:46 -0400 Subject: Secure connection failed on Firefox Message-ID: Hi, I'm currently testing nginx 1.13.6 x64 on my development machine, which is Windows 10 1703 x64, and sometimes I got a "Secure connection failed" error on Firefox (55.x and 56). If I hit the reload button (F5) repeatedly, the page will eventually load. Dev tools shows: 200 OK, size 0, and transferred -. nginx debug log doesn't show anything weird. Things that I observed: 1. 1.13.5 works fine 2. Chrome on Android works fine I've tested 5a3ab1b5804b, 46ddff109e72, and 924b6ef942bf and they have the same problem. Configuration is pretty much default with HTTPS and HTTP/2 server blocks. Thanks, Joseph Aditya P. G. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276738,276738#msg-276738 From luky-37 at hotmail.com Fri Oct 6 16:15:11 2017 From: luky-37 at hotmail.com (Lukas Tribus) Date: Fri, 6 Oct 2017 16:15:11 +0000 Subject: AW: Secure connection failed on Firefox In-Reply-To: References: Message-ID: Hello, > I'm currently testing nginx 1.13.6 x64 on my development machine, which is There is no 1.13.6. > I've tested 5a3ab1b5804b, 46ddff109e72, and 924b6ef942bf and they have the > same problem. Ah so you are running directly from the development tree. In that case, I suggest to bisect it to the offending commit. Try 12cadc4669a7 first of all, if that also fails try 019b91bd21cc, if that also fails try a0e472a2c4f1. > Configuration is pretty much default with HTTPS and HTTP/2 server blocks. If that turns out to be a regression, I assume the configuration will still be necessary, even if it is pretty much default. regards, lukas From francis at daoine.org Fri Oct 6 19:04:49 2017 From: francis at daoine.org (Francis Daly) Date: Fri, 6 Oct 2017 20:04:49 +0100 Subject: Nginx configuration with artifactory In-Reply-To: References: Message-ID: <20171006190449.GF20907@daoine.org> On Fri, Oct 06, 2017 at 07:30:26PM +0530, Syed Imran wrote: Hi there, > My artifactory application in deployed using docker in port 8081. > But when I do a docker login, nginx always returns 405 not found. But the > web UI works find with both the ip?s. Does nginx return 405, or does nginx return "not found"? The distinction might matter. > Is there anything wrong with my nginx configuration. Can someone help. There appear to be two "artifactory" documents relating to nginx -- https://www.jfrog.com/confluence/display/RTF/Configuring+a+Reverse+Proxy and https://www.jfrog.com/confluence/display/RTF/Configuring+NGINX Do things work if you use exactly the configuration that they suggest? If so, then you can start making changes to see where it starts to break. Good luck with it, f -- Francis Daly francis at daoine.org From francis at daoine.org Fri Oct 6 19:18:13 2017 From: francis at daoine.org (Francis Daly) Date: Fri, 6 Oct 2017 20:18:13 +0100 Subject: Block specific request pattern !! In-Reply-To: References: Message-ID: <20171006191813.GG20907@daoine.org> On Fri, Oct 06, 2017 at 07:17:39PM +0500, shahzaib mushtaq wrote: Hi there, > We're serving mp4 files over NGINX with added security hash+ttl but there's > some kind of leechers accessing videos with following pattern but not > getting blocked: You seem to suggest that you have some blocking configured, and that it does not do all that you want. What blocking do you have configured? It may be simplest to adjust that, rather than try to add something new. > https://domain.com/files/videos/2017/10/04/15071356364fc6b-720.mp4?h=n_Saa78MV6BJTcoRHwHelA&ttl=1507303734& > ?*/WhileYouWereSleeping56.mp4* > https://domain.com/files/videos/2017/10/04/15071356364fc6b-720.mp4?h=n_Saa78MV6BJTcoRHwHelA&ttl=1507303734& > ? The two question marks in the url looks odd to me; but it is in both your "bad" and "good" ones, so maybe it is normal. > Is there a way we can block the requests not ending up on ttl value ? You have $query_string, which is the same as $args. If you can define a regex pattern which matches everything you want, you can return failure for everything else. Perhaps ($args !~ "&ttl=[0-9]*&\?$") is a suitable test condition in your environment. Good luck with it, f -- Francis Daly francis at daoine.org From lucas at lucasrolff.com Fri Oct 6 19:32:51 2017 From: lucas at lucasrolff.com (Lucas Rolff) Date: Fri, 6 Oct 2017 19:32:51 +0000 Subject: Directive inheritance Message-ID: <3058D818-89A6-47B2-92E2-3AB3287AE536@lucasrolff.com> Hi guys, I do a lot of nginx configuration which contains plenty of ?location? blocks, however ? I often see myself duplicating a lot of directives throughout my configuration which can sadly make a single nginx server block about 400 lines long, often due to repeated settings. Not only is it a mess with big files (at least they?re generated automatically), but I also have the feeling I waste some memory if I keep redefining the settings again and again (or is nginx smart enough to ?deduplicate? settings whenever possible?) My configs usually look something like server { location / { // sendfile, client_body_buffer_size, proxy_* settings, add_header repeated location ~* \.(?:htm|html)$ { // sendfile, client_body_buffer_size, proxy_* settings, add_header repeated } location ~* \.(?:manifest|appcache|xml|json)$ { // sendfile, client_body_buffer_size, proxy_* settings, add_header repeated } } } I know that there?s some settings such as proxy_pass which can?t inherit from the parent location or server block, however ? is there any semi-easy way to figure out if a directive in nginx or it?s modules gets inherited or not? (I don?t mind digging around in some nginx source code) I could try to remove a bunch of directives from the lower location directives and see if things still work, however it would be very time consuming. Reading the docs of nginx and it?s directive, *sometimes* the docs say whether a directive gets inherited or not, but it?s not always complete ? such as sendfile for example, as far as I know it gets inherited, but it doesn?t say in the docs. The directives I mostly use are things like: proxy_* Sendfile Client_body_buffer_size Add_header Expires (these differs for each location block I have) I wonder if someone either knows a good way to figure out, or any document on the web that goes extensively into explaining what (might) inherit based on general design patterns. Also if anyone can either confirm or deny whether duplicating the directives actually increase memory usage ? because if it has next to no additional resource usage ? then I could save some time. The amount of zones/server blocks are currently small, but I?d like to be able to scale it to thousands on fairly common hardware. Best Regards, -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Fri Oct 6 20:22:52 2017 From: francis at daoine.org (Francis Daly) Date: Fri, 6 Oct 2017 21:22:52 +0100 Subject: Directive inheritance In-Reply-To: <3058D818-89A6-47B2-92E2-3AB3287AE536@lucasrolff.com> References: <3058D818-89A6-47B2-92E2-3AB3287AE536@lucasrolff.com> Message-ID: <20171006202252.GH20907@daoine.org> On Fri, Oct 06, 2017 at 07:32:51PM +0000, Lucas Rolff wrote: Hi there, > I know that there?s some settings such as proxy_pass which can?t inherit from the parent location or server block, however ? is there any semi-easy way to figure out if a directive in nginx or it?s modules gets inherited or not? (I don?t mind digging around in some nginx source code) > I wonder if someone either knows a good way to figure out, or any document on the web that goes extensively into explaining what (might) inherit based on general design patterns. My quick response, without doing too much research, is: * "rewrite" module directives (if, return) don't inherit * "handler" directives (proxy_pass, fastcgi_pass) don't inherit * pretty much anything else that is valid in "location" does inherit (That's probably not correct, but could be a good starting point for experimentation.) And be aware that inheritance is by replacement, or not at all -- so one "add_header" in a location means that the only "add_header" relevant to that location is the one that is there; while no "add_header" in a location means that all of the ones inherited from server{} are relevant. If you want the full details, it's a matter of Read The Fine Source -- each module has a "_module_ctx" which includes a function typically named "_merge_loc_conf" which shows how each directive is set if it is not defined in this location: unset, set to a default value, or inherited from the previous level. f -- Francis Daly francis at daoine.org From lucas at lucasrolff.com Fri Oct 6 20:38:54 2017 From: lucas at lucasrolff.com (Lucas Rolff) Date: Fri, 06 Oct 2017 22:38:54 +0200 Subject: Directive inheritance In-Reply-To: <20171006202252.GH20907@daoine.org> References: <3058D818-89A6-47B2-92E2-3AB3287AE536@lucasrolff.com> <20171006202252.GH20907@daoine.org> Message-ID: <59D7E9DE.4010707@lucasrolff.com> Hi Francis, Thank you a lot for your response - from a directive point of view - I don't use a lot of different headers in that sense, it's really just some settings that I would want to avoid repeating again and again - I like clean configs - and generally speaking I really want to inherit as much as possible from the initial server, or even http context when possible - all I change usually can be things like the expires header, the proxy_cache_valid directive, or adding an additional header (CORS for example). I do use some of the openresty modules such as the ngx_headers_more module, and it's pretty explicit about it's inheritance. And thank you for the pointer regarding the _module_ctx and _merge_loc_conf functions, it gave me enough information regarding the http_proxy module as an example - it seem as long as there a "offsetof(ngx_http_proxy_loc_conf_t" - then it can be inherited, or it's a coincidence that it's missing the "offsetoff" for all directives that doesn't inherit in that module from top of my head. Thanks again! Francis Daly wrote: > On Fri, Oct 06, 2017 at 07:32:51PM +0000, Lucas Rolff wrote: > > Hi there, > >> I know that there?s some settings such as proxy_pass which can?t inherit from the parent location or server block, however ? is there any semi-easy way to figure out if a directive in nginx or it?s modules gets inherited or not? (I don?t mind digging around in some nginx source code) > >> I wonder if someone either knows a good way to figure out, or any document on the web that goes extensively into explaining what (might) inherit based on general design patterns. > > My quick response, without doing too much research, is: > > * "rewrite" module directives (if, return) don't inherit > * "handler" directives (proxy_pass, fastcgi_pass) don't inherit > * pretty much anything else that is valid in "location" does inherit > > (That's probably not correct, but could be a good starting point for > experimentation.) > > And be aware that inheritance is by replacement, or not at all -- so one > "add_header" in a location means that the only "add_header" relevant > to that location is the one that is there; while no "add_header" in a > location means that all of the ones inherited from server{} are relevant. > > > If you want the full details, it's a matter of Read The Fine Source -- > each module has a "_module_ctx" which includes a function typically named > "_merge_loc_conf" which shows how each directive is set if it is not > defined in this location: unset, set to a default value, or inherited > from the previous level. > > f -------------- next part -------------- An HTML attachment was scrubbed... URL: From pluknet at nginx.com Fri Oct 6 21:16:25 2017 From: pluknet at nginx.com (Sergey Kandaurov) Date: Sat, 7 Oct 2017 00:16:25 +0300 Subject: Secure connection failed on Firefox In-Reply-To: References: Message-ID: <5276999C-07C3-4C25-B405-DB86FDBC33CC@nginx.com> > On 6 Oct 2017, at 18:40, joseph-pg wrote: > > Hi, > I'm currently testing nginx 1.13.6 x64 on my development machine, which is > Windows 10 1703 x64, and sometimes I got a "Secure connection failed" error > on Firefox (55.x and 56). If I hit the reload button (F5) repeatedly, the > page will eventually load. > > Dev tools shows: 200 OK, size 0, and transferred -. nginx debug log doesn't > show anything weird. > > Things that I observed: > 1. 1.13.5 works fine > 2. Chrome on Android works fine > > I've tested 5a3ab1b5804b, 46ddff109e72, and 924b6ef942bf and they have the > same problem. > > Configuration is pretty much default with HTTPS and HTTP/2 server blocks. Please check if reverting 12cadc4669a7 helps. -- Sergey Kandaurov From peter_booth at me.com Sat Oct 7 01:27:27 2017 From: peter_booth at me.com (Peter Booth) Date: Fri, 06 Oct 2017 21:27:27 -0400 Subject: Multiple upstream_cache_status headers in response in a dual-cache configuration In-Reply-To: <881c1ce07cd091b545007084b4c47a47.NginxMailingListEnglish@forum.nginx.org> References: <881c1ce07cd091b545007084b4c47a47.NginxMailingListEnglish@forum.nginx.org> Message-ID: <60BC6B3D-EDAC-44BA-964B-B0A952B9AD76@me.com> Why do you want to "realize a distributed caching layer based on disk-speed and storage?? Providing that you are running nginx on a healthy host running linux then your HDD-cache be faster (or the seem speed) as your SSD-cache. This because the cached file will be written though the Linux page cache, just as reads will return the file from Linux page cache and not touch either of the disks. This means that the effective performance of your server is largely decoupled from the physical performance of the physical drives. Of course you should monitor your host to ensure that it has sufficient memory and that no major page faults are occurring (sar -B should return 0.0) Peter > On Oct 6, 2017, at 3:05 AM, rnmx18 wrote: > > Hi, > > To realize a distributed caching layer based of disk-speed and storage, I > have prepared the following configuration with an SSD-cache and HDD-cache. > > http { > > add_header X-UpStream-Server-Cache-Status $upstream_cache_status; > > # proxy caching configurations > proxy_cache_path /tmp/myssd1 keys_zone=myssd1:1m levels=1:2 > inactive=60m; > > proxy_cache_path /tmp/myhdd1 keys_zone=myhdd1:10m levels=1:2 > inactive=60m; > > proxy_cache_key "$request_uri"; > > upstream mylocalhdd { > server 127.0.0.1:82; > } > > upstream myorigin { > server 192.168.1.35:80; > } > > # Server-block1 - will cache in SSD if we get a minimum of 5 requests. > server { > listen 80; > server_name example.com www.example.com; > > # Look up in ssd cache. If not found, goto hdd cache. > location / { > proxy_pass http://mylocalhdd; > proxy_cache myssd1; > proxy_cache_min_uses 5; > } > } > > # Server-block2 (acting as local upstream) - will fetch from origin and > cache in HDD > server { > listen 82; > server_name example.com www.example.com; > > # Look up in hdd cache. If not found, goto origin > location / { > proxy_pass http://myorigin; > proxy_cache myhdd1; > } > } > > } > > The smaller, yet faster SSD-cache will store content only if I get at least > 5 requests for the URL. On the other hand, the larger HDD cache will every > request. > > The flow is straight-forward: > > i) Client's first request is handled by server at port 80 > ii) It looks in SSD cache. Upon a cache-miss, it proxies to local upstream > at port 82. > iii) The local server at port 82, looks in HDD cache. upon cache miss, it > fetches from origin, and adds to HDD-cache and sends the response back to > first server. > iv) Server1 does not add content yet to SSD-cache (as min_uses is not > reached), and sends response to client. > v) For the next 3 requests, the server1 would see an SSD-cache-miss, but > server2 produces an HDD-cache-hit. > vi) For the 5th request, the server1, will also add the response in > SSD-cache, as min_uses criteria is met. > vii) For the 6th request onwards, the server1 itself will serve the request > from SSD-cache itself. No request is sent to local upstream. > > I have added $upstream_cache_status in the response. > > For the first request, I see the header twice in the response: This seem to > correspond to MISS in both front-end SSD-cache and back-end HDD-cache. > > < X-UpStream-Server-Cache-Status: MISS > < X-UpStream-Server-Cache-Status: MISS > > For the next 4 requests, I see the following: This seems to correspond to > MISS in the from-end SSD-cache and HIT in the back-end HDD-cache. > > < X-UpStream-Server-Cache-Status: HIT > < X-UpStream-Server-Cache-Status: MISS > > For the 6th request, I see the following: > > < X-UpStream-Server-Cache-Status: HIT > < X-UpStream-Server-Cache-Status: HIT > > Why am I getting the header twice for the 6th request. In this case, the > request is HIT by the SSD cache itself, and there is no request sent to > local upstream also. > > So, shouldn't I be getting only one instance of the header in the response? > > Thanks > Rajesh > > Posted at Nginx Forum: https://forum.nginx.org/read.php?2,276727,276727#msg-276727 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From yks0000 at gmail.com Sat Oct 7 04:53:50 2017 From: yks0000 at gmail.com (Yogesh Sharma) Date: Sat, 07 Oct 2017 04:53:50 +0000 Subject: Nginx CPU Issue : Remain at 100% In-Reply-To: References: <10538001.t6D0DEl2ps@vbart-laptop>

404 Not Found

403 Forbidden

nginx/1.13.7 $ curl http://127.0.0.1:8080/test/ ok $ curl http://127.0.0.1:8080/api/ 401 Authorization Required

401 Authorization Required

nginx/1.13.7 $ curl --basic --user foo:foo http://127.0.0.1:8080/api/ ok Just tested with the following configuration: server { listen 8080 auth_request /auth; location / { proxy_pass http://localhost:8082; } location /test/ { auth_request off; proxy_pass http://localhost:8082; } location /api/ { auth_request "off"; auth_basic "Restricted access"; auth_basic_user_file /path/to/htpasswd; proxy_pass http://localhost:8082; } location = /auth { return 403; } } server { listen 8082; return 200 ok\n; } Note that in the request to /api/, where auth_basic is configured, you have to request specify username and password, or the request will be rejected by auth_basic. -- Maxim Dounin http://nginx.org/ From c.schoepplein at musin.de Fri Oct 13 12:47:51 2017 From: c.schoepplein at musin.de (Christian Schoepplein) Date: Fri, 13 Oct 2017 14:47:51 +0200 Subject: WebDAV behind a nginx reverse proxy In-Reply-To: References: <20171012124158.jnngibjrehe7xagg@cs.outpost.musin.de> Message-ID: <20171013124751.btsbgsuwxwuzyjce@cs.outpost.musin.de> On Thu, Oct 12, 2017 at 10:37:11PM +0300, Reinis Rozitis wrote: >> This is my current vhost for the webdav access on the nginx rev. proxy: >[..] >> If I switch the vhost to listen on port 80 without ssl, everything is >> fine and files can be renamed or moved via webdav. > >If it works on http but not with ssl it might indicate that either this >configuration part doesn't work as expected: > >set $dest $http_destination; > >if ($http_destination ~ "^https://(.+)") { > set $dest http://$1; >} >proxy_set_header Destination $dest; [...] >> Also every hint how to debug such kind of problems are highly wellcome > >One way to debug would be using something like tcpdump either on the nginx or >apache host to inspect the http headers passed and/or adding them to access >logs to see what goes wrong. I've checked the headers with tcpdump now and I think I've found the problem, but I do not know how to solve it. The Destination header looks like this: Destination: http://webdav-ca0609-muenchen.musin.de This is the address that the users are using from the internet. But the Destination header should look like this: Destination: http://webdav.ca0609.muenchen.musin.de This is the internal address of the server. Can I put some rewrite roule inside the block where I set the http_destination? Something like this: set $dest $http_destination; > if ($http_destination ~ "^https://(.+)") { rewrite ... set $dest http://... } proxy_set_header Destination $dest; Has someone a hint how the block should look like? Currently I am just to stupid to find the right rewrite roule and also I have no idea how to pass the right URI to the $dest variable. >As far as I understand you are using nginx as an SSL offloader? Yes. nginx is the reverse proxy in front of 300 servers that offer different services, one service is webdav. From the internet to the nginx https is used and to the backends just http. Because we want to use a wildcard certificate for *.musin.de the adresses reachable from the internet are a-b-muenchen.musin.de, but the internal adresses are a.b.muenchen.musin.de. Thats the reason why I need to rewrite the addresses :-(. The whole setup is not the best, I know, but its evolved over years and some things can not be changed easily :-(. >Is there anything else you do on the proxy? Yes, I do additional reverse proxying for some other http(s) services which are running on internal machines, fortunatly all those services do not need rewriting of addresses and are working fine. I can move all those services to another machine, if that makes things easier. >If not maybe it's more easy to use the stream module ( >http://nginx.org/en/docs/stream/ngx_stream_core_module.html ) and ssl offload >on tcp level rather than deal with the http/headers between (though there is >a drawback of not getting the real client ip (in a http header) on the >backend server / hope for PROXY protocol support for backends one day). Hmm, I'll take a look and think about it, maybe having a seperate machine and using the streaming module si really the better solution. Cheers, Schoepp -- Christian Schoepplein Landeshauptstadt Muenchen Referat fuer Bildung und Sport Zentrum fuer Informationstechnologie im Bildungsbereich (ZIB) - Netze und Servermanagement Postanschrift: Bueroanschrift: Landeshauptstadt Muenchen Landeshauptstadt Muenchen Referat fuer Bildung und Sport Referat fuer Bildung und Sport Postfach Bayerstr. 28 (Raum 5.326) 80313 Muenchen 80335 Muenchen T: +49 (0)89 233-85906 E: c.schoepplein (at) musin.de I: http://www.zib.musin.de Elektronische Kommunikation mit der Landeshauptstadt Muenchen, siehe: http://www.muenchen.de/ekomm Bitte denken Sie an die Umwelt, bevor Sie diese E-Mail ausdrucken. Pro Blatt sparen Sie durchschnittlich 15g Holz, 260ml Wasser, 0,05kWh Strom und 5g CO2. From sovrevage at gmail.com Fri Oct 13 16:14:45 2017 From: sovrevage at gmail.com (=?UTF-8?B?U3RpYW4gw5h2cmV2w6VnZQ==?=) Date: Fri, 13 Oct 2017 11:14:45 -0500 Subject: auth_request off; ignored when combined with auth_basic; In-Reply-To: <20171013091408.GM75166@mdounin.ru> References: <20171013091408.GM75166@mdounin.ru> Message-ID: Thanks a bunch. When still being redirected now I found the culprit: location @error401 { return 302 /security/; } Which of course will redirect before auth basic will work. Thanks again and pardon my ignorance :o Br, Stian On 13 October 2017 at 04:14, Maxim Dounin wrote: > Hello! > > On Fri, Oct 13, 2017 at 12:47:11AM -0500, Stian ?vrev?ge wrote: > >> Hi list, >> >> I have a server {} block that is protected with auth_request; on the top level. >> >> auth_request is used for a interactive login process. >> >> I have some endpoints that will receive data from other software, and >> must instead be protected by auth_basic. However, "auth_request off;" >> is ignored in these location{} blocks IF there is also a auth_basic >> statement in the block. >> >> This works without logging in: >> location /test/ { >> auth_request off; >> proxy_pass http://localhost:88/; >> } >> >> This is automatically redirected back to /security/ for login (as >> defined by auth_request in server{} block. >> location /api/ { >> auth_request "off"; >> auth_basic "Restricted access"; >> auth_basic_user_file /etc/htpasswd; >> proxy_pass http://localhost:88/; >> } >> >> I see online references to a "satisfy any" directive that apparently >> worked a few years ago, but it does not anymore, and others are >> reporting similar problems: >> https://stackoverflow.com/questions/42301559/nginx-with-auth-request-and-auth-basic > > Works fine here: > > $ curl http://127.0.0.1:8080/ > > 403 Forbidden > >

403 Forbidden

nginx/1.13.7 > > > $ curl http://127.0.0.1:8080/test/ > ok > $ curl http://127.0.0.1:8080/api/ > > 401 Authorization Required > >

401 Authorization Required

nginx/1.13.7 > > > $ curl --basic --user foo:foo http://127.0.0.1:8080/api/ > ok > > Just tested with the following configuration: > > server { > listen 8080 > > auth_request /auth; > > location / { > proxy_pass http://localhost:8082; > } > > location /test/ { > auth_request off; > proxy_pass http://localhost:8082; > } > > location /api/ { > auth_request "off"; > auth_basic "Restricted access"; > auth_basic_user_file /path/to/htpasswd; > proxy_pass http://localhost:8082; > } > > location = /auth { > return 403; > } > } > > server { > listen 8082; > return 200 ok\n; > } > > Note that in the request to /api/, where auth_basic is configured, > you have to request specify username and password, or the request > will be rejected by auth_basic. > > -- > Maxim Dounin > http://nginx.org/ > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From sovrevage at gmail.com Fri Oct 13 16:39:50 2017 From: sovrevage at gmail.com (=?UTF-8?B?U3RpYW4gw5h2cmV2w6VnZQ==?=) Date: Fri, 13 Oct 2017 11:39:50 -0500 Subject: auth_request off; ignored when combined with auth_basic; In-Reply-To: References: <20171013091408.GM75166@mdounin.ru> Message-ID: Quick follow-up. I tried negating the 401 redirect at the /api/ endpoint but got an error: named location "@error401" can be on the server level only Any suggestion on how I can enforce a side-wide redirect to /security/ except the 2-3 endpoints that have basic auth? Br, Stian On 13 October 2017 at 11:14, Stian ?vrev?ge wrote: > Thanks a bunch. When still being redirected now I found the culprit: > > location @error401 { > return 302 /security/; > } > > Which of course will redirect before auth basic will work. > > Thanks again and pardon my ignorance :o > > Br, > Stian > > On 13 October 2017 at 04:14, Maxim Dounin wrote: >> Hello! >> >> On Fri, Oct 13, 2017 at 12:47:11AM -0500, Stian ?vrev?ge wrote: >> >>> Hi list, >>> >>> I have a server {} block that is protected with auth_request; on the top level. >>> >>> auth_request is used for a interactive login process. >>> >>> I have some endpoints that will receive data from other software, and >>> must instead be protected by auth_basic. However, "auth_request off;" >>> is ignored in these location{} blocks IF there is also a auth_basic >>> statement in the block. >>> >>> This works without logging in: >>> location /test/ { >>> auth_request off; >>> proxy_pass http://localhost:88/; >>> } >>> >>> This is automatically redirected back to /security/ for login (as >>> defined by auth_request in server{} block. >>> location /api/ { >>> auth_request "off"; >>> auth_basic "Restricted access"; >>> auth_basic_user_file /etc/htpasswd; >>> proxy_pass http://localhost:88/; >>> } >>> >>> I see online references to a "satisfy any" directive that apparently >>> worked a few years ago, but it does not anymore, and others are >>> reporting similar problems: >>> https://stackoverflow.com/questions/42301559/nginx-with-auth-request-and-auth-basic >> >> Works fine here: >> >> $ curl http://127.0.0.1:8080/ >> >> 403 Forbidden >> >>

403 Forbidden

nginx/1.13.7 >> >> >> $ curl http://127.0.0.1:8080/test/ >> ok >> $ curl http://127.0.0.1:8080/api/ >> >> 401 Authorization Required >> >>

401 Authorization Required

Message-ID: Hi Zhang, If I pass* --with-http_gzip_filter_module* , the configure script throws me an error unknown option. Googling suggested that you don't need to add this module it's provided by Nginx by default. On Mon, Oct 30, 2017 at 4:24 PM Zhang Chao wrote: > Hi! > > gzip is a directive defined by ngx_http_gzip_filter_module while you only > link the ngx_http_gzip_static_module. > > > On 30 October 2017 at 18:34:15, nik mur (nikhil6018 at gmail.com) wrote: > > *http_ssl_module* > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From vbart at nginx.com Tue Oct 31 13:51:31 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Tue, 31 Oct 2017 16:51:31 +0300 Subject: [Module] ngx_http_gzip issue : unknown directive "gzip" In-Reply-To: References: Message-ID: <4952394.jikkrLoDxI@vbart-workstation> On Monday 30 October 2017 10:33:55 nik mur wrote: > Hi, > > Recently I upgraded my nginx to 1.12 version from 1.10 branch. > > The build from source went through without any issues, but while starting > Nginx I am receiving this error: > > *>>[emerg] 342#342: unknown directive "gzip" in > /usr/local/apps/nginx/etc/conf.d/gzip.conf:2* > [..] You should check your full configuration. It's unclear where this "gzip" directive is included. Please note, there's no such directive in mail and stream modules. wbr, Valentin V. Bartenev From nikhil6018 at gmail.com Tue Oct 31 14:02:25 2017 From: nikhil6018 at gmail.com (nik mur) Date: Tue, 31 Oct 2017 14:02:25 +0000 Subject: [Module] ngx_http_gzip issue : unknown directive "gzip" In-Reply-To: <4952394.jikkrLoDxI@vbart-workstation> References: <4952394.jikkrLoDxI@vbart-workstation> Message-ID: Hi Valentin, My Nginx installs in /usr/local/apps So the gzip.conf file is included from the nginx.conf in the /usr/local/apps/nginx/etc/ directory, so no issues there. This is very strange behavior no errors while building and even the error logs are not helpful, the same structure and configure script works for 1.10 and below. I am really banging my head over this, would be really helpful if you or anyone can point me in the right direction to debug this. On Tue, Oct 31, 2017 at 7:21 PM Valentin V. Bartenev wrote: > On Monday 30 October 2017 10:33:55 nik mur wrote: > > Hi, > > > > Recently I upgraded my nginx to 1.12 version from 1.10 branch. > > > > The build from source went through without any issues, but while starting > > Nginx I am receiving this error: > > > > *>>[emerg] 342#342: unknown directive "gzip" in > > /usr/local/apps/nginx/etc/conf.d/gzip.conf:2* > > > [..] > > You should check your full configuration. It's unclear where this "gzip" > directive is included. > > Please note, there's no such directive in mail and stream modules. > > wbr, Valentin V. Bartenev > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vbart at nginx.com Tue Oct 31 14:13:33 2017 From: vbart at nginx.com (Valentin V. Bartenev) Date: Tue, 31 Oct 2017 17:13:33 +0300 Subject: why delta only include the execution time of ngx_process_events not ngx_event_process_posted (Zhang Chao) In-Reply-To: References: Message-ID: <1551515.h7q2v3zecH@vbart-workstation> On Sunday 29 October 2017 21:35:15 yang chen wrote: > Thanks for your reply, why calling the ngx_event_expire_timers is > unnecessary when ngx_process_events handler returns so quickly that the > millisecond precision is not enough to display the calling time(less than > 1ms maybe). > > ngx_process_events handler returns quickly which doesn't > mean ngx_event_process_posted return quickly, maybe it excute for 2 ms or > more First of all, ngx_process_events() is the function that actually _waits_ and updates process time. So, there's no sense to move the calculation of delta elsewhere, since ngx_current_msec will be the same anyway. In most cases the time is spend by waiting on kernel for events, not by processing the events and executing handlers. Normally ngx_event_process_posted should not spend 2ms, otherwise that would result in less than 500 rps, which can only indicate blocking issue or overload. wbr, Valentin V. Bartenev From jarkko.torppa at elisa.fi Tue Oct 31 14:25:48 2017 From: jarkko.torppa at elisa.fi (Torppa Jarkko) Date: Tue, 31 Oct 2017 14:25:48 +0000 Subject: when client->server socket is closed also server->client is closed and request is aborted ? In-Reply-To: References:

Message-ID: Indeed that was it (uwsgi_ignore_client_abort on) I kinda feel that this should be on by default for http/1.0 and connection: close clients. The client that I had trouble with was org.apache.xmlrpc.client java class From: nginx [mailto:nginx-bounces at nginx.org] On Behalf Of Richard Stanway via nginx Sent: 26. lokakuuta 2017 16:33 To: nginx at nginx.org Cc: Richard Stanway Subject: Re: when client->server socket is closed also server->client is closed and request is aborted ? Look at http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_ignore_client_abort or http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_ignore_client_abort etc depending on what you're doing with the request. On Thu, Oct 26, 2017 at 1:07 PM, Torppa Jarkko