From christian at staudte.it  Sun Apr  4 20:13:46 2021
From: christian at staudte.it (Christian Staudte)
Date: Sun, 4 Apr 2021 22:13:46 +0200
Subject: limit_req_zone for IPv6 subnets
Message-ID: <86bc3beb-0d00-908e-5c6f-2cfc5377aaf7@staudte.it>

Hello,

regarding rate limiting in IPv6 configurations I see the following
problem: As normally a subnet between a /56 and a /64 is assigned to a
client by an ISP, and both $binary_remote_addr and $remote_addr always
contain the whole IPv6 address, a single client can always spoof the
rate limiter by simply choosing another IPv6 address from his own subnet.

Currently I have two options to avoid this:
a) Disabling IPv6 (well, not really considering that)
b) Using application-level rate limiting in PHP which is awkwardly slow

Did I miss some configuration options or some dirty hack to do the rate
limit matching for example on /64 subnets, or is this simply not
possible in nginx?

Regards, Chris

From teward at thomas-ward.net  Sun Apr  4 22:57:58 2021
From: teward at thomas-ward.net (Thomas Ward)
Date: Sun, 04 Apr 2021 18:57:58 -0400
Subject: limit_req_zone for IPv6 subnets
In-Reply-To: <86bc3beb-0d00-908e-5c6f-2cfc5377aaf7@staudte.it>
Message-ID: <4FD8MV70Hwz2GcT@mail.syn-ack.link>

I dont think limit_req works on CIDR rather individual IPs.? At least per the description of the module for limiting requests, it works on a single IP level not on a CIDR range level and I don't immediately see a way to make that happen - whether IPv4 or IPv6.Sent from my T-Mobile 4G LTE Device
-------- Original message --------From: Christian Staudte <christian at staudte.it> Date: 4/4/21  16:14  (GMT-05:00) To: nginx at nginx.org Subject: limit_req_zone for IPv6 subnets Hello,regarding rate limiting in IPv6 configurations I see the followingproblem: As normally a subnet between a /56 and a /64 is assigned to aclient by an ISP, and both $binary_remote_addr and $remote_addr alwayscontain the whole IPv6 address, a single client can always spoof therate limiter by simply choosing another IPv6 address from his own subnet.Currently I have two options to avoid this:a) Disabling IPv6 (well, not really considering that)b) Using application-level rate limiting in PHP which is awkwardly slowDid I miss some configuration options or some dirty hack to do the ratelimit matching for example on /64 subnets, or is this simply notpossible in nginx?Regards, Chris_______________________________________________nginx mailing listnginx at nginx.orghttp://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210404/359040fb/attachment.htm>

From mdounin at mdounin.ru  Sun Apr  4 23:13:36 2021
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Mon, 5 Apr 2021 02:13:36 +0300
Subject: limit_req_zone for IPv6 subnets
In-Reply-To: <86bc3beb-0d00-908e-5c6f-2cfc5377aaf7@staudte.it>
References: <86bc3beb-0d00-908e-5c6f-2cfc5377aaf7@staudte.it>
Message-ID: <YGpIIJUtltpe0ezf@mdounin.ru>

Hello!

On Sun, Apr 04, 2021 at 10:13:46PM +0200, Christian Staudte wrote:

> regarding rate limiting in IPv6 configurations I see the following
> problem: As normally a subnet between a /56 and a /64 is assigned to a
> client by an ISP, and both $binary_remote_addr and $remote_addr always
> contain the whole IPv6 address, a single client can always spoof the
> rate limiter by simply choosing another IPv6 address from his own subnet.
> 
> Currently I have two options to avoid this:
> a) Disabling IPv6 (well, not really considering that)
> b) Using application-level rate limiting in PHP which is awkwardly slow
> 
> Did I miss some configuration options or some dirty hack to do the rate
> limit matching for example on /64 subnets, or is this simply not
> possible in nginx?

You can use anything as a key in limit_req_zone, including your 
own variables.  If you want to limit IPv6 addresses per /64 
subnets, something like this should work:

map $binary_remote_addr $subnet {
    "~^(\C{8})"         $1;
    default             $binary_remote_addr;
}

limit_req_zone $subnet zone=one:10m rate=1r/s;

-- 
Maxim Dounin
http://mdounin.ru/

From christian at staudte.it  Mon Apr  5 11:46:17 2021
From: christian at staudte.it (Christian Staudte)
Date: Mon, 5 Apr 2021 13:46:17 +0200
Subject: limit_req_zone for IPv6 subnets
In-Reply-To: <YGpIIJUtltpe0ezf@mdounin.ru>
References: <86bc3beb-0d00-908e-5c6f-2cfc5377aaf7@staudte.it>
 <YGpIIJUtltpe0ezf@mdounin.ru>
Message-ID: <35e4111a-539b-881e-1e4c-1b22f14d2cba@staudte.it>

Hi,

On 05.04.21 01:13, Maxim Dounin wrote:
> You can use anything as a key in limit_req_zone, including your 
> own variables.  If you want to limit IPv6 addresses per /64 
> subnets, something like this should work:
> 
> map $binary_remote_addr $subnet {
>     "~^(\C{8})"         $1;
>     default             $binary_remote_addr;
> }
> 
> limit_req_zone $subnet zone=one:10m rate=1r/s;

This seems to work, very nice! That should definitely be added to the
docs and maybe also to the blog post
(https://www.nginx.com/blog/rate-limiting-nginx/).

Regards, Chris

From osa at freebsd.org.ru  Mon Apr  5 16:47:25 2021
From: osa at freebsd.org.ru (Sergey A. Osokin)
Date: Mon, 5 Apr 2021 19:47:25 +0300
Subject: nginx-1.19.9
In-Reply-To: <YGM9DmFXiv+PaLQx@mdounin.ru>
References: <YGM9DmFXiv+PaLQx@mdounin.ru>
Message-ID: <YGs/HXk1QnZFlERp@FreeBSD.org.ru>

Hi there,

FreeBSD ports tree is under Subversion to Git transition, https://wiki.freebsd.org/git.
For those who interested to test this release with FreeBSD ports/packages
system, please visit http://github.com/osokin/nginx-devel.

Thanks.

--
Sergey

On Tue, Mar 30, 2021 at 06:00:30PM +0300, Maxim Dounin wrote:
> Changes with nginx 1.19.9                                        30 Mar 2021
> 
>     *) Bugfix: nginx could not be built with the mail proxy module, but
>        without the ngx_mail_ssl_module; the bug had appeared in 1.19.8.
> 
>     *) Bugfix: "upstream sent response body larger than indicated content
>        length" errors might occur when working with gRPC backends; the bug
>        had appeared in 1.19.1.
> 
>     *) Bugfix: nginx might not close a connection till keepalive timeout
>        expiration if the connection was closed by the client while
>        discarding the request body.
> 
>     *) Bugfix: nginx might not detect that a connection was already closed
>        by the client when waiting for auth_delay or limit_req delay, or when
>        working with backends.
> 
>     *) Bugfix: in the eventport method.
> 
> 
> -- 
> Maxim Dounin
> http://nginx.org/
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

From demitrious at automattic.com  Wed Apr  7 22:07:34 2021
From: demitrious at automattic.com (Demitrious Kelly)
Date: Wed, 7 Apr 2021 15:07:34 -0700
Subject: Capturing Encoded Location Variable Data
Message-ID: <E45467F5-A04E-4D15-964E-396136D88B10@automattic.com>

Hello,

Given the following two location configurations:

location ~ ^/test/named/(?<foo>.+)$ {
  return 200 $foo;
}

location ~ ^/test/numbered/(.+)$ {
  set $foo $1;
  return 200 $foo;
}
Are the following two results expected?

# curl http://127.0.0.1:8088/test/named/%D7%94%D7%98%D7%99%D7%95%D7%9C
?????

# curl http://127.0.0.1:8088/test/numbered/%D7%94%D7%98%D7%99%D7%95%D7%9C
%D7%94%D7%98%D7%99%D7%95%D7%9C

I have not been able do find any documentation, yet, explaining why these two methods of capturing the same data yield different results.

Thanks in advance!
DK


From mdounin at mdounin.ru  Wed Apr  7 23:13:58 2021
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Thu, 8 Apr 2021 02:13:58 +0300
Subject: Capturing Encoded Location Variable Data
In-Reply-To: <E45467F5-A04E-4D15-964E-396136D88B10@automattic.com>
References: <E45467F5-A04E-4D15-964E-396136D88B10@automattic.com>
Message-ID: <YG48tpDtvJVl3ZVo@mdounin.ru>

Hello!

On Wed, Apr 07, 2021 at 03:07:34PM -0700, Demitrious Kelly wrote:

> Given the following two location configurations:
> 
> location ~ ^/test/named/(?<foo>.+)$ {
>   return 200 $foo;
> }
> 
> location ~ ^/test/numbered/(.+)$ {
>   set $foo $1;
>   return 200 $foo;
> }
> Are the following two results expected?
> 
> # curl http://127.0.0.1:8088/test/named/%D7%94%D7%98%D7%99%D7%95%D7%9C
> ?????
> 
> # curl http://127.0.0.1:8088/test/numbered/%D7%94%D7%98%D7%99%D7%95%D7%9C
> %D7%94%D7%98%D7%99%D7%95%D7%9C
> 
> I have not been able do find any documentation, yet, explaining why these two methods of capturing the same data yield different results.

It's a bug, see https://trac.nginx.org/nginx/ticket/348.

-- 
Maxim Dounin
http://mdounin.ru/

From demitrious at automattic.com  Thu Apr  8 00:16:20 2021
From: demitrious at automattic.com (Demitrious Kelly)
Date: Wed, 7 Apr 2021 17:16:20 -0700
Subject: Fwd: Capturing Encoded Location Variable Data
References: <YG48tpDtvJVl3ZVo@mdounin.ru>
Message-ID: <975222A7-0E57-43B2-844D-C8581BFB1E16@automattic.com>

Thanks very much.  It was not an easy thing to google to get from symptom to bug report :) From the text in the ticket it sounds like the named capture functions as intended and if this bug gets fixed the numeric capture example will be made to work the same as named does?

Cheers!
DK

> Begin forwarded message:
> 
> From: Maxim Dounin <mdounin at mdounin.ru>
> Subject: Re: Capturing Encoded Location Variable Data
> Date: April 7, 2021 at 4:13:58 PM PDT
> To: nginx at nginx.org
> Reply-To: nginx at nginx.org
> 
> Hello!
> 
> On Wed, Apr 07, 2021 at 03:07:34PM -0700, Demitrious Kelly wrote:
> 
>> Given the following two location configurations:
>> 
>> location ~ ^/test/named/(?<foo>.+)$ {
>>  return 200 $foo;
>> }
>> 
>> location ~ ^/test/numbered/(.+)$ {
>>  set $foo $1;
>>  return 200 $foo;
>> }
>> Are the following two results expected?
>> 
>> # curl http://127.0.0.1:8088/test/named/%D7%94%D7%98%D7%99%D7%95%D7%9C
>> ?????
>> 
>> # curl http://127.0.0.1:8088/test/numbered/%D7%94%D7%98%D7%99%D7%95%D7%9C
>> %D7%94%D7%98%D7%99%D7%95%D7%9C
>> 
>> I have not been able do find any documentation, yet, explaining why these two methods of capturing the same data yield different results.
> 
> It's a bug, see https://trac.nginx.org/nginx/ticket/348 <https://trac.nginx.org/nginx/ticket/348>.
> 
> -- 
> Maxim Dounin
> http://mdounin.ru/ <http://mdounin.ru/>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org <mailto:nginx at nginx.org>
> http://mailman.nginx.org/mailman/listinfo/nginx <http://mailman.nginx.org/mailman/listinfo/nginx>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210407/a0553d7f/attachment-0001.htm>

From nginx-forum at forum.nginx.org  Thu Apr  8 09:54:42 2021
From: nginx-forum at forum.nginx.org (xdrew)
Date: Thu, 08 Apr 2021 05:54:42 -0400
Subject: init module callback called twice
Message-ID: <9af40dbeefd2c143ae6ad24877ba16e8.NginxMailingListEnglish@forum.nginx.org>

Hello,

I'm developing a little custom module for nginx, and I need to execute some
user code once my module is loaded. I do this by attaching to the hook in
ngx_module_t structure:

ngx_module_t  ngx_http_hello_world_module = {
...
    NULL,                                  /* init master */
    init_module,                         /* init module */
    NULL,                                  /* init process */
...
}

static ngx_int_t init_module(ngx_cycle_t *cycle) {
ngx_log_stderr (0, "Initializing module") ; }

Surprisingly my callback is called twice. First time it follows log message

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: Initializing module

and then 

nginx: configuration file /etc/nginx/nginx.conf test is successful
nginx: Initializing module

Is there a way to recognize that I'm called in some different context (e.g.
some value from ngx_cycle_t structure)?
Or may be I'm doing something completely wrong?

Thanks
Andrew

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291171,291171#msg-291171


From mdounin at mdounin.ru  Thu Apr  8 13:04:34 2021
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Thu, 8 Apr 2021 16:04:34 +0300
Subject: Fwd: Capturing Encoded Location Variable Data
In-Reply-To: <975222A7-0E57-43B2-844D-C8581BFB1E16@automattic.com>
References: <YG48tpDtvJVl3ZVo@mdounin.ru>
 <975222A7-0E57-43B2-844D-C8581BFB1E16@automattic.com>
Message-ID: <YG7/Yj7BMWbCMmGn@mdounin.ru>

Hello!

On Wed, Apr 07, 2021 at 05:16:20PM -0700, Demitrious Kelly wrote:

> Thanks very much.  It was not an easy thing to google to get 
> from symptom to bug report :) From the text in the ticket it 
> sounds like the named capture functions as intended and if this 
> bug gets fixed the numeric capture example will be made to work 
> the same as named does?

Yes.

-- 
Maxim Dounin
http://mdounin.ru/

From mdounin at mdounin.ru  Thu Apr  8 13:10:37 2021
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Thu, 8 Apr 2021 16:10:37 +0300
Subject: init module callback called twice
In-Reply-To: <9af40dbeefd2c143ae6ad24877ba16e8.NginxMailingListEnglish@forum.nginx.org>
References: <9af40dbeefd2c143ae6ad24877ba16e8.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <YG8AzWUj4K25OBtZ@mdounin.ru>

Hello!

On Thu, Apr 08, 2021 at 05:54:42AM -0400, xdrew wrote:

> Hello,
> 
> I'm developing a little custom module for nginx, and I need to execute some
> user code once my module is loaded. I do this by attaching to the hook in
> ngx_module_t structure:
> 
> ngx_module_t  ngx_http_hello_world_module = {
> ...
>     NULL,                                  /* init master */
>     init_module,                         /* init module */
>     NULL,                                  /* init process */
> ...
> }
> 
> static ngx_int_t init_module(ngx_cycle_t *cycle) {
> ngx_log_stderr (0, "Initializing module") ; }
> 
> Surprisingly my callback is called twice. First time it follows log message
> 
> nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
> nginx: Initializing module
> 
> and then 
> 
> nginx: configuration file /etc/nginx/nginx.conf test is successful
> nginx: Initializing module
> 
> Is there a way to recognize that I'm called in some different context (e.g.
> some value from ngx_cycle_t structure)?
> Or may be I'm doing something completely wrong?

What you observe is perfectly expected: the module initialization 
callback is called once per configuration parsing, and your output 
seems to be from running a startup script which does something 
like "nginx -t; nginx", which starts nginx twice: once to test the 
configuration, and again to actually start nginx.

-- 
Maxim Dounin
http://mdounin.ru/

From nginx-forum at forum.nginx.org  Thu Apr  8 13:48:41 2021
From: nginx-forum at forum.nginx.org (xdrew)
Date: Thu, 08 Apr 2021 09:48:41 -0400
Subject: init module callback called twice
In-Reply-To: <YG8AzWUj4K25OBtZ@mdounin.ru>
References: <YG8AzWUj4K25OBtZ@mdounin.ru>
Message-ID: <60e911c086bc32974d943a7407940106.NginxMailingListEnglish@forum.nginx.org>

Thanks Maxim, this makes perfect sense! However the part of the question
still stands: is there a way from ngx_cycle_t structure or from some global
structure to figure out in which mode nginx is running - testing the
configuration or actually starting?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291171,291194#msg-291194


From mdounin at mdounin.ru  Thu Apr  8 15:20:26 2021
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Thu, 8 Apr 2021 18:20:26 +0300
Subject: init module callback called twice
In-Reply-To: <60e911c086bc32974d943a7407940106.NginxMailingListEnglish@forum.nginx.org>
References: <YG8AzWUj4K25OBtZ@mdounin.ru>
 <60e911c086bc32974d943a7407940106.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <YG8fOsigHMZn3/CX@mdounin.ru>

Hello!

On Thu, Apr 08, 2021 at 09:48:41AM -0400, xdrew wrote:

> Thanks Maxim, this makes perfect sense! However the part of the question
> still stands: is there a way from ngx_cycle_t structure or from some global
> structure to figure out in which mode nginx is running - testing the
> configuration or actually starting?

In most casses a properly written module shouldn't care.  If for 
some reason your module should, there is the ngx_test_config 
global variable which makes it possible to check if nginx is 
testing a configuration rather than parsing a new configuration 
when starting or reloading.

-- 
Maxim Dounin
http://mdounin.ru/

From nginx-forum at forum.nginx.org  Thu Apr  8 15:37:19 2021
From: nginx-forum at forum.nginx.org (anish10dec)
Date: Thu, 08 Apr 2021 11:37:19 -0400
Subject: Alert:  ignore long locked inactive cache entry
Message-ID: <906f6c37747f19cb5984ab3dd957ba4d.NginxMailingListEnglish@forum.nginx.org>

Hi Team,

Intermittently there are multiple below errors reported in error.log file.

[alert] 41456#41456: ignore long locked inactive cache entry
efcd5613750302a2657fca63c07fc777, count:1

This comes  momentarily with a spike of 50-90 K such errors in a minute time
span. 

During this period server load and cpu utilization increases to Maximum
dropping all the traffic with 0% Idle CPU and Load rising to more than 100.

This happens for 5 min after which server comes back into normal state.

Please help What causes this alert and how to avoid this scenario

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291199,291199#msg-291199


From osa at freebsd.org.ru  Thu Apr  8 16:09:01 2021
From: osa at freebsd.org.ru (Sergey A. Osokin)
Date: Thu, 8 Apr 2021 19:09:01 +0300
Subject: Alert:  ignore long locked inactive cache entry
In-Reply-To: <906f6c37747f19cb5984ab3dd957ba4d.NginxMailingListEnglish@forum.nginx.org>
References: <906f6c37747f19cb5984ab3dd957ba4d.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <YG8qneFw640F1+SV@FreeBSD.org.ru>

Hi,

thanks for the report.

On Thu, Apr 08, 2021 at 11:37:19AM -0400, anish10dec wrote:
> Hi Team,
> 
> Intermittently there are multiple below errors reported in error.log file.
> 
> [alert] 41456#41456: ignore long locked inactive cache entry
> efcd5613750302a2657fca63c07fc777, count:1
> 
> This comes  momentarily with a spike of 50-90 K such errors in a minute time
> span. 
> 
> During this period server load and cpu utilization increases to Maximum
> dropping all the traffic with 0% Idle CPU and Load rising to more than 100.
> 
> This happens for 5 min after which server comes back into normal state.
> 
> Please help What causes this alert and how to avoid this scenario

Could you please share `nginx -V' output.  There was a fix long time ago,
with 1.1.16 for a similar issue.

Thank you.

--
Sergey Osokin

From nginx-forum at forum.nginx.org  Thu Apr  8 18:58:01 2021
From: nginx-forum at forum.nginx.org (bouvierh)
Date: Thu, 08 Apr 2021 14:58:01 -0400
Subject: Plain text token in config!
Message-ID: <6d8032c55ae4dc13151359eb607fb758.NginxMailingListEnglish@forum.nginx.org>

Hello!

I currently use Nginx as a reverse proxy for my backend services. 

Nginx authenticates itself to the backend services using a Token that is
generated by a process every 10 minutes and that process is writing the
token in the config file and reloading nginx regularly:

location / {
    proxy_set_header    Authorization "PLAIN TEXT TOKEN WRITTEN BY PROCESS";
         
    proxy_pass https://backend;
 }

I would like to avoid having a token in plain text. Is there a way to avoid
that?
I though of the following options:
- Use env var: But that is impossible nginx doesn't support it
- Query the token by having the process establish a local server. Could work
but how can the process return the result as a variable to nginx?
- Pass the config in memory instead of writing it to a file. Could be a
simple option but I didn't find a way to do that.

Do you have any idea how I can achieve that?

Thank you!
Hugues

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291202,291202#msg-291202


From osa at freebsd.org.ru  Thu Apr  8 19:43:30 2021
From: osa at freebsd.org.ru (Sergey A. Osokin)
Date: Thu, 8 Apr 2021 22:43:30 +0300
Subject: Plain text token in config!
In-Reply-To: <6d8032c55ae4dc13151359eb607fb758.NginxMailingListEnglish@forum.nginx.org>
References: <6d8032c55ae4dc13151359eb607fb758.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <YG9c4tkp7Kewl8U2@FreeBSD.org.ru>

Hi Hugues,

hope you're doing well.

On Thu, Apr 08, 2021 at 02:58:01PM -0400, bouvierh wrote:
> Hello!
> 
> I currently use Nginx as a reverse proxy for my backend services. 
> 
> Nginx authenticates itself to the backend services using a Token that is
> generated by a process every 10 minutes and that process is writing the
> token in the config file and reloading nginx regularly:
> 
> location / {
>     proxy_set_header    Authorization "PLAIN TEXT TOKEN WRITTEN BY PROCESS";
>          
>     proxy_pass https://backend;
>  }
> 
> I would like to avoid having a token in plain text. Is there a way to avoid
> that?
> I though of the following options:
> - Use env var: But that is impossible nginx doesn't support it

NGINX does support environment variables, please see details
http://nginx.org/en/docs/ngx_core_module.html#env

> - Query the token by having the process establish a local server. Could work
> but how can the process return the result as a variable to nginx?

That probably depends on how a response looks like.  It's possible to
use NGINX JavaScript module to parse or modify a response.

> - Pass the config in memory instead of writing it to a file. Could be a
> simple option but I didn't find a way to do that.

Some tricks are available with NGINX Plus distribution because of the key-value
module, http://nginx.org/en/docs/http/ngx_http_keyval_module.html.

-- 
Sergey Osokin

From nginx-forum at forum.nginx.org  Thu Apr  8 20:36:47 2021
From: nginx-forum at forum.nginx.org (uragnorson)
Date: Thu, 08 Apr 2021 16:36:47 -0400
Subject: location not working
Message-ID: <7466011fb64d1f491ef0c6f9cd5b99ae.NginxMailingListEnglish@forum.nginx.org>

On RHEL I have, 

location / {
root /usr/share/nginx.html;
}

location /dist/ { 
alias /usr/share/nginx/html/dist/;
}

I am able to navigate to http://server/dist but in dist the index.html is
looking for http://server/js but it should be http:/server/dist/js is there
a way to add the extra "dist" ?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291204,291204#msg-291204


From nginx-forum at forum.nginx.org  Fri Apr  9 00:21:21 2021
From: nginx-forum at forum.nginx.org (bouvierh)
Date: Thu, 08 Apr 2021 20:21:21 -0400
Subject: Plain text token in config!
In-Reply-To: <YG9c4tkp7Kewl8U2@FreeBSD.org.ru>
References: <YG9c4tkp7Kewl8U2@FreeBSD.org.ru>
Message-ID: <bb0a16497fdc770398a4f855885ea863.NginxMailingListEnglish@forum.nginx.org>

Thanks for your help!! Are there any other ways that I might have missed?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291202,291205#msg-291205


From nginx-forum at forum.nginx.org  Fri Apr  9 06:14:59 2021
From: nginx-forum at forum.nginx.org (bouvierh)
Date: Fri, 09 Apr 2021 02:14:59 -0400
Subject: Plain text token in config!
In-Reply-To: <YG9c4tkp7Kewl8U2@FreeBSD.org.ru>
References: <YG9c4tkp7Kewl8U2@FreeBSD.org.ru>
Message-ID: <ac10e4e725f55905c3d25a13c60f39b2.NginxMailingListEnglish@forum.nginx.org>

Thanks for your help!! Are there any other ways that I might have missed?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291202,291206#msg-291206


From francis at daoine.org  Fri Apr  9 06:55:09 2021
From: francis at daoine.org (Francis Daly)
Date: Fri, 9 Apr 2021 07:55:09 +0100
Subject: location not working
In-Reply-To: <7466011fb64d1f491ef0c6f9cd5b99ae.NginxMailingListEnglish@forum.nginx.org>
References: <7466011fb64d1f491ef0c6f9cd5b99ae.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20210409065509.GP16474@daoine.org>

On Thu, Apr 08, 2021 at 04:36:47PM -0400, uragnorson wrote:

Hi there,

> location / {
> root /usr/share/nginx.html;
> }
> 
> location /dist/ { 
> alias /usr/share/nginx/html/dist/;
> }

Because, in this case, the "location" part matches the end of the "alias"
part, you could instead choose to use "root" here as well.

http://nginx.org/r/alias

> I am able to navigate to http://server/dist but in dist the index.html is
> looking for http://server/js but it should be http:/server/dist/js is there
> a way to add the extra "dist" ?

The easiest way would be to change the index.html.

If it refers to http://server/js or to /js, make it instead refer to js.

Failing that, you could try setting up extra location{}s or redirects
to handle this one exception; but I imagine that will turn in to "just
one more exception as well...", multiple times.

Cheers,

	f
-- 
Francis Daly        francis at daoine.org

From nginx at netdirect.fr  Mon Apr 12 09:30:30 2021
From: nginx at netdirect.fr (Artur)
Date: Mon, 12 Apr 2021 11:30:30 +0200
Subject: Rewrite with regex
Message-ID: <474176bd-f01c-9901-db7b-b05c9e0ca817@netdirect.fr>

Hello !

I have the following setup :

location / {
?try_files $uri $uri/ @shortnames;
}
location @shortnames {
?rewrite "^/([a-zA-Z0-9]{1,32})$" /index.php?short_name=$1 last;
?return 404;
}

I filter the 'shortnames' URI to have a format similar to /dfg6df4g64
with minimum and maximum size, only digits and letters allowed. Working
well.

I want to add hyphen in the 'shortnames' so /ad5-ff56 or
/5f9-dfdf4-55f-ddfg are allowed ( but not /-ff4fg or /dgfgdf- ).
The regex that matches these conditions is something like (without the
size match) : ^/([a-zA-Z0-9]+([-][a-zA-Z0-9])*)$
However there is no match and rewrite fails.

My current setup is a Debain 10 server with nginx-full (14.2.2) installed.

Any idea on how I can solve this problem, please ?

-- 

Best regards,
Artur


From nginx at netdirect.fr  Mon Apr 12 10:02:32 2021
From: nginx at netdirect.fr (Artur)
Date: Mon, 12 Apr 2021 12:02:32 +0200
Subject: Rewrite with regex
In-Reply-To: <474176bd-f01c-9901-db7b-b05c9e0ca817@netdirect.fr>
References: <474176bd-f01c-9901-db7b-b05c9e0ca817@netdirect.fr>
Message-ID: <c4867b4f-6a06-70f3-4f0b-912ac022eb84@netdirect.fr>

This seems to work :

rewrite "^/((?:[a-zA-Z0-9]+(?:[-][a-zA-Z0-9])*)+)$"
/index.php?short_name=$1 last;

However, I suppose there is no way to check the size of $1 here.

Le 12/04/2021 ? 11:30, Artur a ?crit?:
> Hello !
>
> I have the following setup :
>
> location / {
> ?try_files $uri $uri/ @shortnames;
> }
> location @shortnames {
> ?rewrite "^/([a-zA-Z0-9]{1,32})$" /index.php?short_name=$1 last;
> ?return 404;
> }
>
> I filter the 'shortnames' URI to have a format similar to /dfg6df4g64
> with minimum and maximum size, only digits and letters allowed. Working
> well.
>
> I want to add hyphen in the 'shortnames' so /ad5-ff56 or
> /5f9-dfdf4-55f-ddfg are allowed ( but not /-ff4fg or /dgfgdf- ).
> The regex that matches these conditions is something like (without the
> size match) : ^/([a-zA-Z0-9]+([-][a-zA-Z0-9])*)$
> However there is no match and rewrite fails.
>
> My current setup is a Debain 10 server with nginx-full (14.2.2) installed.
>
> Any idea on how I can solve this problem, please ?

-- 

Best regards,
Artur


From francis at daoine.org  Mon Apr 12 10:19:42 2021
From: francis at daoine.org (Francis Daly)
Date: Mon, 12 Apr 2021 11:19:42 +0100
Subject: Rewrite with regex
In-Reply-To: <c4867b4f-6a06-70f3-4f0b-912ac022eb84@netdirect.fr>
References: <474176bd-f01c-9901-db7b-b05c9e0ca817@netdirect.fr>
 <c4867b4f-6a06-70f3-4f0b-912ac022eb84@netdirect.fr>
Message-ID: <20210412101942.GA27756@daoine.org>

On Mon, Apr 12, 2021 at 12:02:32PM +0200, Artur wrote:

Hi there,

> This seems to work :
> 
> rewrite "^/((?:[a-zA-Z0-9]+(?:[-][a-zA-Z0-9])*)+)$"
> /index.php?short_name=$1 last;
> 
> However, I suppose there is no way to check the size of $1 here.

So far, it looks like you want to allow either:

* 1 letter-or-number

or

* 1 letter-or-number, then 0-to-30 letter-or-number-or-hyphen, then
1 letter-or-number

and it's probably simplest to do that as two separate "rewrite" rules.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org

From nginx at netdirect.fr  Mon Apr 12 12:21:15 2021
From: nginx at netdirect.fr (Artur)
Date: Mon, 12 Apr 2021 14:21:15 +0200
Subject: Rewrite with regex
In-Reply-To: <20210412101942.GA27756@daoine.org>
References: <474176bd-f01c-9901-db7b-b05c9e0ca817@netdirect.fr>
 <c4867b4f-6a06-70f3-4f0b-912ac022eb84@netdirect.fr>
 <20210412101942.GA27756@daoine.org>
Message-ID: <ff96f62e-4367-4ab2-75aa-a7af99831718@netdirect.fr>

Le 12/04/2021 ? 12:19, Francis Daly a ?crit?:
> On Mon, Apr 12, 2021 at 12:02:32PM +0200, Artur wrote:
>
> Hi there,
>
>> This seems to work :
>>
>> rewrite "^/((?:[a-zA-Z0-9]+(?:[-][a-zA-Z0-9])*)+)$"
>> /index.php?short_name=$1 last;
>>
>> However, I suppose there is no way to check the size of $1 here.
> So far, it looks like you want to allow either:
>
> * 1 letter-or-number
>
> or
>
> * 1 letter-or-number, then 0-to-30 letter-or-number-or-hyphen, then
> 1 letter-or-number
No, + means 1 or more.
> and it's probably simplest to do that as two separate "rewrite" rules.

In fact it works as is. The only problem is that there is no simple way
to check the total string length.
But having several rewrite rules may be also a good idea.

Is it possible to check the size of $uri ?

-- 

Best regards,
Artur


From francis at daoine.org  Mon Apr 12 12:46:47 2021
From: francis at daoine.org (Francis Daly)
Date: Mon, 12 Apr 2021 13:46:47 +0100
Subject: Rewrite with regex
In-Reply-To: <ff96f62e-4367-4ab2-75aa-a7af99831718@netdirect.fr>
References: <474176bd-f01c-9901-db7b-b05c9e0ca817@netdirect.fr>
 <c4867b4f-6a06-70f3-4f0b-912ac022eb84@netdirect.fr>
 <20210412101942.GA27756@daoine.org>
 <ff96f62e-4367-4ab2-75aa-a7af99831718@netdirect.fr>
Message-ID: <20210412124647.GB27756@daoine.org>

On Mon, Apr 12, 2021 at 02:21:15PM +0200, Artur wrote:
> Le 12/04/2021 ? 12:19, Francis Daly a ?crit?:
> > On Mon, Apr 12, 2021 at 12:02:32PM +0200, Artur wrote:

Hi there,

> In fact it works as is. The only problem is that there is no simple way
> to check the total string length.
> But having several rewrite rules may be also a good idea.

You had

  rewrite "^/([a-zA-Z0-9]{1,32})$" /index.php?short_name=$1 last;

For brevity here, let's just use "lower case letter" instead of "letter
or number", so effectively you had

  rewrite "^/([a-z]{1,32})$" /index.php?short_name=$1 last;

and now you want to also allow "-" anywhere except the start or end.

Does 

  rewrite "^/([a-z][-a-z]{0,30}[a-z])$" ...

do what you want in most cases?

And does

  rewrite "^/([a-z])$" ...

do what you want in the other cases?

	f
-- 
Francis Daly        francis at daoine.org

From nginx at netdirect.fr  Mon Apr 12 13:01:12 2021
From: nginx at netdirect.fr (Artur)
Date: Mon, 12 Apr 2021 15:01:12 +0200
Subject: Rewrite with regex
In-Reply-To: <20210412124647.GB27756@daoine.org>
References: <474176bd-f01c-9901-db7b-b05c9e0ca817@netdirect.fr>
 <c4867b4f-6a06-70f3-4f0b-912ac022eb84@netdirect.fr>
 <20210412101942.GA27756@daoine.org>
 <ff96f62e-4367-4ab2-75aa-a7af99831718@netdirect.fr>
 <20210412124647.GB27756@daoine.org>
Message-ID: <db641d4a-1864-4fe2-9092-e296ccd23107@netdirect.fr>

Le 12/04/2021 ? 14:46, Francis Daly a ?crit?:
>
> Does 
>
>   rewrite "^/([a-z][-a-z]{0,30}[a-z])$" ...
>
> do what you want in most cases?

No, because it allows these cases I don't want :

- a-----b
- a---b---c---d

By the way, the regex I sent before don't work correctly.
It should be (still testing for errors...) :

rewrite "^/([a-zA-Z0-9]+(?:-[a-zA-Z0-9]+)*)$" /index.php?short_name=$1 last;

-- 

Best regards,
Artur


From francis at daoine.org  Mon Apr 12 21:12:13 2021
From: francis at daoine.org (Francis Daly)
Date: Mon, 12 Apr 2021 22:12:13 +0100
Subject: Rewrite with regex
In-Reply-To: <db641d4a-1864-4fe2-9092-e296ccd23107@netdirect.fr>
References: <474176bd-f01c-9901-db7b-b05c9e0ca817@netdirect.fr>
 <c4867b4f-6a06-70f3-4f0b-912ac022eb84@netdirect.fr>
 <20210412101942.GA27756@daoine.org>
 <ff96f62e-4367-4ab2-75aa-a7af99831718@netdirect.fr>
 <20210412124647.GB27756@daoine.org>
 <db641d4a-1864-4fe2-9092-e296ccd23107@netdirect.fr>
Message-ID: <20210412211213.GD27756@daoine.org>

On Mon, Apr 12, 2021 at 03:01:12PM +0200, Artur wrote:
> Le 12/04/2021 ? 14:46, Francis Daly a ?crit?:

Hi there,

> > Does 
> >
> >   rewrite "^/([a-z][-a-z]{0,30}[a-z])$" ...
> >
> > do what you want in most cases?
> 
> No, because it allows these cases I don't want :
> 
> - a-----b
> - a---b---c---d

That's reasonable.

You'll probably find it easier to come up with the regex or regexes that
you want, if you can list all of the requirements.

That will make it easier to demonstrate that they are or are not met by
a suggested solution.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org

From nginx-forum at forum.nginx.org  Tue Apr 13 00:17:14 2021
From: nginx-forum at forum.nginx.org (bouvierh)
Date: Mon, 12 Apr 2021 20:17:14 -0400
Subject: How to create a share variable between 2 server blocks
Message-ID: <2befe45cb1c59c13dba24dfe7d443e01.NginxMailingListEnglish@forum.nginx.org>

Hello!

On a previous post I asked how I could get give a token to my Nginx server
with having to put it in plain text in the config.
One suggestion was to send to token in a request and use the javascript
module to extract it.
This is what I have been trying:
load_module modules/ngx_http_js_module.so;

events { }

http {
    js_include
/iotedge/edge-modules/api-proxy-module/templates/hello_world.js;

    proxy_buffers 32 160k;  
    proxy_buffer_size 160k;
    proxy_read_timeout 3600;
    error_log /dev/stdout info;
    access_log /dev/stdout;


    js_var $test;

    server {
        listen 80 default_server;

        location / {
            js_content hello;
        }
    }

    server {
        listen 8000 default_server;

        location / {
            js_content change;
        }
    }
}



function hello(r) {
    r.return(200, r.variables['test']);
}

function change(r) {
    r.variables['test'] = 2;
    r.return(200, r.variables['test']);
}

curl http://127.0.0.1:8000 returns correctly 2.
curl http://127.0.0.1 returns 1, even after curl http://127.0.0.1:8000 was
called.
It seems that the test variable is reset to 1 everytime. If there a way to
make it persistent.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291224,291224#msg-291224


From nginx-forum at forum.nginx.org  Tue Apr 13 09:47:07 2021
From: nginx-forum at forum.nginx.org (vybralk)
Date: Tue, 13 Apr 2021 05:47:07 -0400
Subject: Replace location paramter
Message-ID: <b5763ffa03047aa922fb645c7eaae005.NginxMailingListEnglish@forum.nginx.org>

i have ngnix in front of java web server. My request is correctly send by
ngnix to java web, which redirect user request to another url as user is not
authenticated. It set location header to following value

location =
https://login.server.com/oidc/2/auth?response_type=code&client_id=123&scope=openid+profile+email+params&redirect_uri=https://internal.server.com:8443/ords/apex_authentication.callback&state=123123123123asdfsadfasdf

but the server name isn't correct as it is accessible under different name
from internet. I need to change it.

I have tried to replace the response header with sub_filter, rewrite
directive but without success. I have tried to search solution usign google
but all the cases which i have found are replacing/modifing incoming request
but not the response.

Is there a way how to replace text in response location header? Is nginx
capable to do that ?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291230,291230#msg-291230


From francis at daoine.org  Tue Apr 13 12:29:12 2021
From: francis at daoine.org (Francis Daly)
Date: Tue, 13 Apr 2021 13:29:12 +0100
Subject: Replace location paramter
In-Reply-To: <b5763ffa03047aa922fb645c7eaae005.NginxMailingListEnglish@forum.nginx.org>
References: <b5763ffa03047aa922fb645c7eaae005.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <20210413122912.GF27756@daoine.org>

On Tue, Apr 13, 2021 at 05:47:07AM -0400, vybralk wrote:

Hi there,

> i have ngnix in front of java web server. My request is correctly send by
> ngnix to java web, which redirect user request to another url as user is not
> authenticated. It set location header to following value
> 
> location =
> https://login.server.com/oidc/2/auth?response_type=code&client_id=123&scope=openid+profile+email+params&redirect_uri=https://internal.server.com:8443/ords/apex_authentication.callback&state=123123123123asdfsadfasdf
> 
> but the server name isn't correct as it is accessible under different name
> from internet. I need to change it.

Does "proxy_redirect" do what you want?

http://nginx.org/r/proxy_redirect

	f
-- 
Francis Daly        francis at daoine.org

From nginx-forum at forum.nginx.org  Tue Apr 13 14:13:11 2021
From: nginx-forum at forum.nginx.org (xdrew)
Date: Tue, 13 Apr 2021 10:13:11 -0400
Subject: launching a user thread from a module
Message-ID: <ef58d9d11b8152b33bcced5cbb102d6c.NginxMailingListEnglish@forum.nginx.org>

Hello,

I'd like to spawn a single custom thread as a part of my nginx module. The
idea is that it can be used to perform some periodic tasks, asynchronously
and independently from HTTP requests. (In other words, I use nginx/module as
a framework.) And here I faced with a problem: when I launch my thread in
different module hooks, it got killed as soon as parent process exits. So
naturally I should be doing this from the master process context, i.e. in
init_master hook - which is not implemented, according to the documentation.
Is there another place which I can use to launch a user thread?

Thanks
Andrew

P.S. I also tried to offload my thread function as a task to a nginx-managed
thread_pool, but this also did not work, as it seems in the stages where I
try to use thread_pool (init_module, postconfig), it is not yet fully
initialized and a call to ngx_thread_task_post crashes when accessing some
queue structure which is zero at that moment.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291244,291244#msg-291244


From mdounin at mdounin.ru  Tue Apr 13 15:41:47 2021
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 13 Apr 2021 18:41:47 +0300
Subject: nginx-1.19.10
Message-ID: <YHW7uzwuwQRlz7En@mdounin.ru>

Changes with nginx 1.19.10                                       13 Apr 2021

    *) Change: the default value of the "keepalive_requests" directive was
       changed to 1000.

    *) Feature: the "keepalive_time" directive.

    *) Feature: the $connection_time variable.

    *) Workaround: "gzip filter failed to use preallocated memory" alerts
       appeared in logs when using zlib-ng.


-- 
Maxim Dounin
http://nginx.org/

From nginx-forum at forum.nginx.org  Wed Apr 14 16:48:52 2021
From: nginx-forum at forum.nginx.org (kay)
Date: Wed, 14 Apr 2021 12:48:52 -0400
Subject: nginx DNS doesn't update the upstream IP
Message-ID: <51b3d73b9d14b0dcf282a86117c6cb15.NginxMailingListEnglish@forum.nginx.org>

We tested with a default "resolver 8.8.8.8;" and "resolver 8.8.8.8 30s;"
options. Both keep using the outdated IP address until you run "nginx -s
reload". The upstream is AWS LoadBalancer, which changes IPs quite
frequently.

I'm using nginx 1.19.3. Any clue what could be wrong?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291252,291252#msg-291252


From osa at freebsd.org.ru  Wed Apr 14 16:55:15 2021
From: osa at freebsd.org.ru (Sergey A. Osokin)
Date: Wed, 14 Apr 2021 19:55:15 +0300
Subject: nginx DNS doesn't update the upstream IP
In-Reply-To: <51b3d73b9d14b0dcf282a86117c6cb15.NginxMailingListEnglish@forum.nginx.org>
References: <51b3d73b9d14b0dcf282a86117c6cb15.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <YHcec51R0ZCfIf0G@FreeBSD.org.ru>

Hi,

On Wed, Apr 14, 2021 at 12:48:52PM -0400, kay wrote:
> We tested with a default "resolver 8.8.8.8;" and "resolver 8.8.8.8 30s;"
> options. Both keep using the outdated IP address until you run "nginx -s
> reload". The upstream is AWS LoadBalancer, which changes IPs quite
> frequently.
> 
> I'm using nginx 1.19.3. Any clue what could be wrong?

Could you provide some light how exactly it's been tested.

Thanks.

-- 
Sergey Osokin

From gk at leniwiec.biz  Wed Apr 14 16:55:38 2021
From: gk at leniwiec.biz (Grzegorz Kulewski)
Date: Wed, 14 Apr 2021 18:55:38 +0200
Subject: nginx DNS doesn't update the upstream IP
In-Reply-To: <51b3d73b9d14b0dcf282a86117c6cb15.NginxMailingListEnglish@forum.nginx.org>
References: <51b3d73b9d14b0dcf282a86117c6cb15.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <6facc4a0-f0ce-0a10-86df-c59e23cf0f4b@leniwiec.biz>

W dniu 14.04.2021 o?18:48, kay pisze:
> We tested with a default "resolver 8.8.8.8;" and "resolver 8.8.8.8 30s;"
> options. Both keep using the outdated IP address until you run "nginx -s
> reload". The upstream is AWS LoadBalancer, which changes IPs quite
> frequently.
> 
> I'm using nginx 1.19.3. Any clue what could be wrong?

You should probably paste at least proxy_pass and upstream directives from your configuration.

Please note that nginx open source does not dynamically resolve hosts from server directives in upstream - only those from proxy_pass.

From nginx-forum at forum.nginx.org  Wed Apr 14 17:19:08 2021
From: nginx-forum at forum.nginx.org (kay)
Date: Wed, 14 Apr 2021 13:19:08 -0400
Subject: nginx DNS doesn't update the upstream IP
In-Reply-To: <51b3d73b9d14b0dcf282a86117c6cb15.NginxMailingListEnglish@forum.nginx.org>
References: <51b3d73b9d14b0dcf282a86117c6cb15.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <b63a73ddf83e208cc236f9a95b84db3a.NginxMailingListEnglish@forum.nginx.org>

Here is an example of the proxy_pass config, we don't use IP's

proxy_pass https://example.com;

When "example.com" changes the IP address, it is not reflected in nginx.
We're using k8s pods. Sometime one or two pods have stale DNS cache. Other
pods work fine...

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291252,291255#msg-291255


From nginx-forum at forum.nginx.org  Wed Apr 14 17:26:35 2021
From: nginx-forum at forum.nginx.org (kay)
Date: Wed, 14 Apr 2021 13:26:35 -0400
Subject: nginx DNS doesn't update the upstream IP
In-Reply-To: <b63a73ddf83e208cc236f9a95b84db3a.NginxMailingListEnglish@forum.nginx.org>
References: <51b3d73b9d14b0dcf282a86117c6cb15.NginxMailingListEnglish@forum.nginx.org>
 <b63a73ddf83e208cc236f9a95b84db3a.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <834ac394e20517552959d595e9c07bfc.NginxMailingListEnglish@forum.nginx.org>

Probably I also need to mention that "example.com" has more than one IP
address (in our case 2)

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291252,291256#msg-291256


From mdounin at mdounin.ru  Wed Apr 14 20:18:02 2021
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Wed, 14 Apr 2021 23:18:02 +0300
Subject: nginx DNS doesn't update the upstream IP
In-Reply-To: <b63a73ddf83e208cc236f9a95b84db3a.NginxMailingListEnglish@forum.nginx.org>
References: <51b3d73b9d14b0dcf282a86117c6cb15.NginxMailingListEnglish@forum.nginx.org>
 <b63a73ddf83e208cc236f9a95b84db3a.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <YHdN+g6Bx4Frweqp@mdounin.ru>

Hello!

On Wed, Apr 14, 2021 at 01:19:08PM -0400, kay wrote:

> Here is an example of the proxy_pass config, we don't use IP's
> 
> proxy_pass https://example.com;
> 
> When "example.com" changes the IP address, it is not reflected in nginx.
> We're using k8s pods. Sometime one or two pods have stale DNS cache. Other
> pods work fine...

That's exactly how it is expected to work: names in the 
configuration are resolved during configuration parsing.  If you 
want to re-resolve names, you have to reload the configuration.

Alternatively, you can configure proxy_pass using variables.  As 
documented in http://nginx.org/r/proxy_pass:

: Parameter value can contain variables. In this case, if an 
: address is specified as a domain name, the name is searched among 
: the described server groups, and, if not found, is determined 
: using a resolver.

Hope this helps.

-- 
Maxim Dounin
http://mdounin.ru/

From nginx-forum at forum.nginx.org  Thu Apr 15 19:27:06 2021
From: nginx-forum at forum.nginx.org (rafael.silva)
Date: Thu, 15 Apr 2021 15:27:06 -0400
Subject: NGINX persistent connection
Message-ID: <0ba372520047a7650002ab1bedd4fc16.NginxMailingListEnglish@forum.nginx.org>

Hi.

Is it possible for me to persist a connection?

Reason... I use NGINX with Swarm, proxy_pass with resolved.
When I have a service with multiple containers, the service cloudcmd does
not work because it does not accept replication, because swith each request,
Swarm delivers a different IP.

Is it possible to do an upstream that takes an IP and fixes it until it is
down? I tried to use keepalived but it didn't work well.

I tried to do this configuration, but kept picking up multiples IP
https://www.nginx.com/blog/dns-service-discovery-nginx-plus/

My code:
http {
  ...
  resolver 127.0.0.11 valid=5s;
  ...
  server {
    set $upstream site;
    location /cloudcmd/ {
      proxy_pass http://site:8000;
    }
    location {
      proxy_pass http://site;
    }
}

Thanks.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291271,291271#msg-291271


From lee.iitb at gmail.com  Fri Apr 16 05:50:30 2021
From: lee.iitb at gmail.com (Thomas Stephen Lee)
Date: Fri, 16 Apr 2021 11:20:30 +0530
Subject: Help needed with Nginx SRPM script
Message-ID: <CAG7s96Wt2PQK+MKab4URW2bqcOj=ZCf7PTjM1fWE8c5a_+hOVg@mail.gmail.com>

Hi,

I have the following script on RHEL 7


--------------Script Start---------------------

OPENSSL="openssl-1.1.1k"
NGINX_VERSION="1.19.10-1"

rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-$NGINX_VERSION.el7.ngx.src.rpm

sed -i "/Source12: .*/a Source100:
https://www.openssl.org/source/$OPENSSL.tar.gz"
/home/builder/rpmbuild/SPECS/nginx.spec
sed -i "s|--with-http_ssl_module|--with-http_ssl_module
--with-openssl=$OPENSSL |g" /home/builder/rpmbuild/SPECS/nginx.spec
sed -i '/%setup -q/a tar zxf %{SOURCE100}'
/home/builder/rpmbuild/SPECS/nginx.spec
sed -i '/.*Requires: openssl.*/d' /home/builder/rpmbuild/SPECS/nginx.spec
sed -i 's|%define WITH_LD_OPT .*|%define WITH_LD_OPT ""|g'
/home/builder/rpmbuild/SPECS/nginx.spec
sed -i 's| -fPIC||g' /home/builder/rpmbuild/SPECS/nginx.spec

spectool -g -R /home/builder/rpmbuild/SPECS/nginx.spec

rpmbuild -ba /home/builder/rpmbuild/SPECS/nginx.spec

--------------Script End---------------------

This Script worked with

NGINX_VERSION="1.19.9-1"

but does not work with

NGINX_VERSION="1.19.10-1"

Can you please help me with what is wrong?
I have been using this script which I got from GitHub, for the past two years.

Thanks

---
Lee

From defan at nginx.com  Fri Apr 16 06:34:58 2021
From: defan at nginx.com (Andrei Belov)
Date: Fri, 16 Apr 2021 09:34:58 +0300
Subject: Help needed with Nginx SRPM script
In-Reply-To: <CAG7s96Wt2PQK+MKab4URW2bqcOj=ZCf7PTjM1fWE8c5a_+hOVg@mail.gmail.com>
References: <CAG7s96Wt2PQK+MKab4URW2bqcOj=ZCf7PTjM1fWE8c5a_+hOVg@mail.gmail.com>
Message-ID: <DA3ACBB0-2D8E-4B12-918A-9F1176A875E6@nginx.com>


> On 16 Apr 2021, at 08:50, Thomas Stephen Lee <lee.iitb at gmail.com> wrote:
> 
> Hi,
> 
> I have the following script on RHEL 7
> 
> 
> --------------Script Start---------------------
> 
> OPENSSL="openssl-1.1.1k"
> NGINX_VERSION="1.19.10-1"
> 
> rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-$NGINX_VERSION.el7.ngx.src.rpm
> 
> sed -i "/Source12: .*/a Source100:
> https://www.openssl.org/source/$OPENSSL.tar.gz"
> /home/builder/rpmbuild/SPECS/nginx.spec
> sed -i "s|--with-http_ssl_module|--with-http_ssl_module
> --with-openssl=$OPENSSL |g" /home/builder/rpmbuild/SPECS/nginx.spec
> sed -i '/%setup -q/a tar zxf %{SOURCE100}'
> /home/builder/rpmbuild/SPECS/nginx.spec
> sed -i '/.*Requires: openssl.*/d' /home/builder/rpmbuild/SPECS/nginx.spec
> sed -i 's|%define WITH_LD_OPT .*|%define WITH_LD_OPT ""|g'
> /home/builder/rpmbuild/SPECS/nginx.spec
> sed -i 's| -fPIC||g' /home/builder/rpmbuild/SPECS/nginx.spec
> 
> spectool -g -R /home/builder/rpmbuild/SPECS/nginx.spec
> 
> rpmbuild -ba /home/builder/rpmbuild/SPECS/nginx.spec
> 
> --------------Script End---------------------
> 
> This Script worked with
> 
> NGINX_VERSION="1.19.9-1"
> 
> but does not work with
> 
> NGINX_VERSION="1.19.10-1"
> 
> Can you please help me with what is wrong?
> I have been using this script which I got from GitHub, for the past two years.

The script itself seems a bit hacky. If you would like to use nginx with openssl 1.1.1,
you should consider switching to e.g. CentOS/RHEL 8 where it's available out of the box.

Alternatively, you can use publicly available packaging sources [1] to do such kind of
modifications - this way you'll be able to add any customizations without using SRPMs
at all.

If none of the above options seem suitable, you can just modify single line of the script
to make it work with 1.19.10 SRPM, but there's no any guarantee it won't break again
in future:

sed -i '/%setup -q/a tar zxf %{SOURCE100}' /home/builder/rpmbuild/SPECS/nginx.spec

should be:

sed -i '/%autosetup -p1/a tar zxf %{SOURCE100}' /home/builder/rpmbuild/SPECS/nginx.spec

A relevant piece was recently changed in our spec [2].

Hope this helps,

-- Andrei


[1] https://hg.nginx.org/pkg-oss
[2] https://hg.nginx.org/pkg-oss/rev/96441fe2b7d9#l9.26


From lee.iitb at gmail.com  Fri Apr 16 10:00:00 2021
From: lee.iitb at gmail.com (Thomas Stephen Lee)
Date: Fri, 16 Apr 2021 15:30:00 +0530
Subject: Help needed with Nginx SRPM script
In-Reply-To: <DA3ACBB0-2D8E-4B12-918A-9F1176A875E6@nginx.com>
References: <CAG7s96Wt2PQK+MKab4URW2bqcOj=ZCf7PTjM1fWE8c5a_+hOVg@mail.gmail.com>
 <DA3ACBB0-2D8E-4B12-918A-9F1176A875E6@nginx.com>
Message-ID: <CAG7s96VOpZQ65+9YXH1Y+s_m++-YQ7-2HQQwtSRA8R1NWSuEMw@mail.gmail.com>

Thanks a lot, Andrei.

That worked well.

I had the same problem in RHEL 8.

below is the modified script for EL8

--------------Script Start---------------------

OPENSSL="openssl-1.1.1k"
NGINX_VERSION="1.19.10-1"

rpm -ivh http://nginx.org/packages/mainline/centos/8/SRPMS/nginx-$NGINX_VERSION.el8.ngx.src.rpm

sed -i "/Source12: .*/a Source100:
https://www.openssl.org/source/$OPENSSL.tar.gz"
/home/builder/rpmbuild/SPECS/nginx.spec
sed -i "s|--with-http_ssl_module|--with-http_ssl_module
--with-openssl=$OPENSSL |g" /home/builder/rpmbuild/SPECS/nginx.spec
sed -i '/%autosetup -p1/a tar zxf %{SOURCE100}'
/home/builder/rpmbuild/SPECS/nginx.spec
sed -i '/.*Requires: openssl.*/d' /home/builder/rpmbuild/SPECS/nginx.spec
sed -i 's|%define WITH_LD_OPT .*|%define WITH_LD_OPT ""|g'
/home/builder/rpmbuild/SPECS/nginx.spec
sed -i 's| -fPIC||g' /home/builder/rpmbuild/SPECS/nginx.spec

spectool -g -R /home/builder/rpmbuild/SPECS/nginx.spec

rpmbuild -ba /home/builder/rpmbuild/SPECS/nginx.spec

--------------Script End---------------------

Thanks again.

---
Lee

On Fri, Apr 16, 2021 at 12:05 PM Andrei Belov <defan at nginx.com> wrote:
>
>
> > On 16 Apr 2021, at 08:50, Thomas Stephen Lee <lee.iitb at gmail.com> wrote:
> >
> > Hi,
> >
> > I have the following script on RHEL 7
> >
> >
> > --------------Script Start---------------------
> >
> > OPENSSL="openssl-1.1.1k"
> > NGINX_VERSION="1.19.10-1"
> >
> > rpm -ivh http://nginx.org/packages/mainline/centos/7/SRPMS/nginx-$NGINX_VERSION.el7.ngx.src.rpm
> >
> > sed -i "/Source12: .*/a Source100:
> > https://www.openssl.org/source/$OPENSSL.tar.gz"
> > /home/builder/rpmbuild/SPECS/nginx.spec
> > sed -i "s|--with-http_ssl_module|--with-http_ssl_module
> > --with-openssl=$OPENSSL |g" /home/builder/rpmbuild/SPECS/nginx.spec
> > sed -i '/%setup -q/a tar zxf %{SOURCE100}'
> > /home/builder/rpmbuild/SPECS/nginx.spec
> > sed -i '/.*Requires: openssl.*/d' /home/builder/rpmbuild/SPECS/nginx.spec
> > sed -i 's|%define WITH_LD_OPT .*|%define WITH_LD_OPT ""|g'
> > /home/builder/rpmbuild/SPECS/nginx.spec
> > sed -i 's| -fPIC||g' /home/builder/rpmbuild/SPECS/nginx.spec
> >
> > spectool -g -R /home/builder/rpmbuild/SPECS/nginx.spec
> >
> > rpmbuild -ba /home/builder/rpmbuild/SPECS/nginx.spec
> >
> > --------------Script End---------------------
> >
> > This Script worked with
> >
> > NGINX_VERSION="1.19.9-1"
> >
> > but does not work with
> >
> > NGINX_VERSION="1.19.10-1"
> >
> > Can you please help me with what is wrong?
> > I have been using this script which I got from GitHub, for the past two years.
>
> The script itself seems a bit hacky. If you would like to use nginx with openssl 1.1.1,
> you should consider switching to e.g. CentOS/RHEL 8 where it's available out of the box.
>
> Alternatively, you can use publicly available packaging sources [1] to do such kind of
> modifications - this way you'll be able to add any customizations without using SRPMs
> at all.
>
> If none of the above options seem suitable, you can just modify single line of the script
> to make it work with 1.19.10 SRPM, but there's no any guarantee it won't break again
> in future:
>
> sed -i '/%setup -q/a tar zxf %{SOURCE100}' /home/builder/rpmbuild/SPECS/nginx.spec
>
> should be:
>
> sed -i '/%autosetup -p1/a tar zxf %{SOURCE100}' /home/builder/rpmbuild/SPECS/nginx.spec
>
> A relevant piece was recently changed in our spec [2].
>
> Hope this helps,
>
> -- Andrei
>
>
> [1] https://hg.nginx.org/pkg-oss
> [2] https://hg.nginx.org/pkg-oss/rev/96441fe2b7d9#l9.26
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

From defan at nginx.com  Fri Apr 16 10:11:19 2021
From: defan at nginx.com (Andrei Belov)
Date: Fri, 16 Apr 2021 13:11:19 +0300
Subject: Help needed with Nginx SRPM script
In-Reply-To: <CAG7s96VOpZQ65+9YXH1Y+s_m++-YQ7-2HQQwtSRA8R1NWSuEMw@mail.gmail.com>
References: <CAG7s96Wt2PQK+MKab4URW2bqcOj=ZCf7PTjM1fWE8c5a_+hOVg@mail.gmail.com>
 <DA3ACBB0-2D8E-4B12-918A-9F1176A875E6@nginx.com>
 <CAG7s96VOpZQ65+9YXH1Y+s_m++-YQ7-2HQQwtSRA8R1NWSuEMw@mail.gmail.com>
Message-ID: <2BD2BB90-95C8-4B15-AE79-4B51955A9174@nginx.com>


> On 16 Apr 2021, at 13:00, Thomas Stephen Lee <lee.iitb at gmail.com> wrote:
> 
> Thanks a lot, Andrei.
> 
> That worked well.
> 
> I had the same problem in RHEL 8.
> 
> below is the modified script for EL8

Glad to hear it's working for you now.

Out of curiosity - in case of RHEL8, what's the point of rebuilding nginx with openssl
1.1.1k? The 1.1.1g which is available there should receive all the security updates,
etc during the life-cycle of RHEL.

Thanks!


-- Andrei


From nginx-forum at forum.nginx.org  Fri Apr 16 11:06:56 2021
From: nginx-forum at forum.nginx.org (kay)
Date: Fri, 16 Apr 2021 07:06:56 -0400
Subject: nginx DNS doesn't update the upstream IP
In-Reply-To: <YHdN+g6Bx4Frweqp@mdounin.ru>
References: <YHdN+g6Bx4Frweqp@mdounin.ru>
Message-ID: <008f492c84790ebefaec0ba76de252ca.NginxMailingListEnglish@forum.nginx.org>

Thanks for the hint! I haven't worked with domain names in proxy_pass before
and was sure that they're resolved dynamically. I changed the config to:

set $upstream_var example.com;
proxy_pass https://$upstream_var;

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291252,291286#msg-291286


From lee.iitb at gmail.com  Fri Apr 16 12:00:00 2021
From: lee.iitb at gmail.com (Thomas Stephen Lee)
Date: Fri, 16 Apr 2021 17:30:00 +0530
Subject: Help needed with Nginx SRPM script
In-Reply-To: <2BD2BB90-95C8-4B15-AE79-4B51955A9174@nginx.com>
References: <CAG7s96Wt2PQK+MKab4URW2bqcOj=ZCf7PTjM1fWE8c5a_+hOVg@mail.gmail.com>
 <DA3ACBB0-2D8E-4B12-918A-9F1176A875E6@nginx.com>
 <CAG7s96VOpZQ65+9YXH1Y+s_m++-YQ7-2HQQwtSRA8R1NWSuEMw@mail.gmail.com>
 <2BD2BB90-95C8-4B15-AE79-4B51955A9174@nginx.com>
Message-ID: <CAG7s96U6BZ-u4q0=40ZY5q=O90305wEG_M2=_JxnUPE+joFjbA@mail.gmail.com>

Hi Andrei,

You are right about RHEL 8.
The OpenSSL update in RHEL OpenSSL comes within days of release by the
OpenSSL people.
But it takes a bit more time for CentOS 8.
So we use this script for both RHEL and CentOS.

Thanks

---
Lee

On Fri, Apr 16, 2021 at 3:41 PM Andrei Belov <defan at nginx.com> wrote:
>
>
> > On 16 Apr 2021, at 13:00, Thomas Stephen Lee <lee.iitb at gmail.com> wrote:
> >
> > Thanks a lot, Andrei.
> >
> > That worked well.
> >
> > I had the same problem in RHEL 8.
> >
> > below is the modified script for EL8
>
> Glad to hear it's working for you now.
>
> Out of curiosity - in case of RHEL8, what's the point of rebuilding nginx with openssl
> 1.1.1k? The 1.1.1g which is available there should receive all the security updates,
> etc during the life-cycle of RHEL.
>
> Thanks!
>
>
> -- Andrei
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

From jaderhs5 at gmail.com  Fri Apr 16 17:41:15 2021
From: jaderhs5 at gmail.com (Jader H. Silva)
Date: Fri, 16 Apr 2021 14:41:15 -0300
Subject: HTTP/2 prioritization is intermittent and often ineffective
Message-ID: <CAKy9XyDiHqLb54K4mgZgySi1rYYiCgx8geU4d25moar0HjSzqQ@mail.gmail.com>

Hello all.

I believe I am having a similar issue as the one explained in this ticket
https://trac.nginx.org/nginx/ticket/1763 (HTTP/2 prioritization is
intermittent and often ineffective).

Are there any known workarounds or is this issue still a WIP?

--
Jader H.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210416/3e555a7a/attachment.htm>

From mdounin at mdounin.ru  Fri Apr 16 20:28:17 2021
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Fri, 16 Apr 2021 23:28:17 +0300
Subject: HTTP/2 prioritization is intermittent and often ineffective
In-Reply-To: <CAKy9XyDiHqLb54K4mgZgySi1rYYiCgx8geU4d25moar0HjSzqQ@mail.gmail.com>
References: <CAKy9XyDiHqLb54K4mgZgySi1rYYiCgx8geU4d25moar0HjSzqQ@mail.gmail.com>
Message-ID: <YHnzYa/5zf1Njixp@mdounin.ru>

Hello!

On Fri, Apr 16, 2021 at 02:41:15PM -0300, Jader H. Silva wrote:

> Hello all.
> 
> I believe I am having a similar issue as the one explained in this ticket
> https://trac.nginx.org/nginx/ticket/1763 (HTTP/2 prioritization is
> intermittent and often ineffective).
> 
> Are there any known workarounds or is this issue still a WIP?

As already explained in the ticket, the issue is that HTTP/2 
prioritization does not work when the data is already in the 
socket buffers, so the readily available "workaround" is to keep 
socket buffers small.

-- 
Maxim Dounin
http://mdounin.ru/

From tommys_project at yahoo.co.jp  Sat Apr 17 04:40:26 2021
From: tommys_project at yahoo.co.jp (tommys_project at yahoo.co.jp)
Date: Sat, 17 Apr 2021 13:40:26 +0900 (JST)
Subject: SSI configulations issues
References: <1955666420.183783.1618634426412.JavaMail.yahoo.ref@mail.yahoo.co.jp>
Message-ID: <1955666420.183783.1618634426412.JavaMail.yahoo@mail.yahoo.co.jp>

Hi,

I work on configuring for ssi on my environments but got errors like this once I check test.html with the following configulations:

Updated on: (none) [an error occurred while processing the directive]

Can you help me to fix the issues?


OS: Linux 4.9.0 Debian 9
nginx version: 1.14.1

------- test.html -------
<html>
? <head>
? ? <title>Sample SSI</title>
? </head>
? <body>
? ? Updated on:
? ? <!--#echo var="LAST_MODIFIED"-->
<!--#exec cmd="/bin/ls"-->
? </body>
</html>


------- /etc/nginx/nginx.conf -------
user? nginx nginx;
worker_processes? 1;

#error_log? logs/error.log;
#error_log? logs/error.log? notice;
#error_log? logs/error.log? info;

#pid? ? ? ? logs/nginx.pid;


events {
? ? worker_connections? 1024;
}


http {
? ? include? ? ? ?mime.types;
? ? default_type? application/octet-stream;
? ? server_tokens off;

? ? #log_format? main? '$remote_addr - $remote_user [$time_local] "$request" '
? ? #? ? ? ? ? ? ? ? ? '$status $body_bytes_sent "$http_referer" '
? ? #? ? ? ? ? ? ? ? ? '"$http_user_agent" "$http_x_forwarded_for"';

? ? #access_log? logs/access.log? main;

? ? sendfile? ? ? ? on;
? ? #tcp_nopush? ? ?on;

? ? #keepalive_timeout? 0;
? ? keepalive_timeout? 65;

? ? #gzip? on;
? ? include /etc/nginx/sites-enabled/*;

? ? # Cloudflare IP address List for CDN
? ? set_real_ip_from 173.245.48.0/20;
? ? set_real_ip_from 103.21.244.0/22;
? ? set_real_ip_from 103.22.200.0/22;
? ? set_real_ip_from 103.31.4.0/22;
? ? set_real_ip_from 141.101.64.0/18;
? ? set_real_ip_from 108.162.192.0/18;
? ? set_real_ip_from 190.93.240.0/20;
? ? set_real_ip_from 188.114.96.0/20;
? ? set_real_ip_from 197.234.240.0/22;
? ? set_real_ip_from 198.41.128.0/17;
? ? set_real_ip_from 162.158.0.0/15;
? ? set_real_ip_from 104.16.0.0/12;
? ? set_real_ip_from 172.64.0.0/13;
? ? set_real_ip_from 131.0.72.0/22;
? ? set_real_ip_from 2400:cb00::/32;
? ? set_real_ip_from 2606:4700::/32;
? ? set_real_ip_from 2803:f800::/32;
? ? set_real_ip_from 2405:b500::/32;
? ? set_real_ip_from 2405:8100::/32;
? ? set_real_ip_from 2a06:98c0::/29;
? ? set_real_ip_from 2c0f:f248::/32;
? ? real_ip_header CF-Connecting-IP;

}


------- /etc/nginx/sites-available/default -------
server {
? ? listen? ? ? ?80;
? ? server_name? www.mydomain.com;

? ? #charset koi8-r;

? ? #access_log? logs/host.access.log? main;
? ? access_log? /var/log/nginx/access.log;
? ? error_log? ?/var/log/nginx/error.log;

? ? location / {
? ? ? ? root? ?/var/www/html;
? ? ? ? ssi? on;
? ? ? ? ssi_last_modified on;
? ? ? ? index? index.php index.cgi index.html index.htm default.html default.htm;
? ? }
? ? location ~ ^/~(.+?)(/.*)?\.(php)$ {
? ? ? ? alias /home/$1/public_html$2.$3;
? ? ? ? fastcgi_pass? ?127.0.0.1:9000;
? ? ? ? fastcgi_index? index.php;
? ? ? ? fastcgi_param? SCRIPT_FILENAME $document_root;
? ? ? ? include? ? ? ? /etc/nginx/fastcgi_params;
? ? }

? ? location ~ ^/~(.+?)(/.*)?\.(pl|cgi)$ {
? ? ? ? alias /home/$1/public_html$2.$3;
? ? ? ? fastcgi_pass? ?127.0.0.1:8999;
? ? ? ? fastcgi_index? index.cgi;
? ? ? ? fastcgi_param? SCRIPT_FILENAME $document_root;
? ? ? ? include? ? ? ? /etc/nginx/fastcgi_params;
? ? }

? ? location ~ ^/~(.+?)(/.*)?$ {
? ? ? ? alias /home/$1/public_html$2;
? ? ? ? ssi? on;
? ? ? ? ssi_last_modified on;
? ? ? ? index? index.php index.cgi index.html index.htm default.html default.htm;
? ? ? ? autoindex on;
? ? }

? ? location ~ \.php$ {
? ? ? ? root? ? ? ? ? ?/var/www/html;
? ? ? ? fastcgi_pass? ?127.0.0.1:9000;
? ? ? ? fastcgi_index? index.php;
? ? ? ? fastcgi_param? SCRIPT_FILENAME $document_root$fastcgi_script_name;
? ? ? ? include? ? ? ? /etc/nginx/fastcgi_params;
? ? }

? ? location ~ \.pl|cgi$ {
? ? ? ? root? ? ? ? ? ?/var/www/html;
? ? ? ? fastcgi_pass? ?127.0.0.1:8999;
? ? ? ? fastcgi_index? index.cgi;
? ? ? ? fastcgi_param? SCRIPT_FILENAME $document_root$fastcgi_script_name;
? ? ? ? include? ? ? ? /etc/nginx/fastcgi_params;
? ? }

? ? error_page? 404? ? ? ? ? ? ? /404.html;
? ? location = /404.html {
? ? ? ? root /var/www/error_pages; internal;
? ? }

? ? # redirect server error pages to the static page /50x.html
? ? #
? ? error_page? ?500 502 503 504? /50x.html;
? ? location = /50x.html {
? ? ? ? root? ?/var/www/error_pages;
? ? }

? ? # proxy the PHP scripts to Apache listening on 127.0.0.1:80
? ? #
? ? #location ~ \.php$ {
? ? #? ? proxy_pass? ?http://127.0.0.1;
? ? #}

? ? # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
? ? #
? ? #location ~ \.php$ {
? ? #? ? root? ? ? ? ? ?html;
? ? #? ? fastcgi_pass? ?127.0.0.1:9000;
? ? #? ? fastcgi_index? index.php;
? ? #? ? fastcgi_param? SCRIPT_FILENAME? /scripts$fastcgi_script_name;
? ? #? ? include? ? ? ? fastcgi_params;
? ? #}

? ? # deny access to .htaccess files, if Apache's document root
? ? # concurs with nginx's one
? ? #
? ? #location ~ /\.ht {
? ? #? ? deny? all;
? ? #}
}
server {
? ? listen? ? ? ?80;
? ? server_name? mydomain.com;
? ? return 301 http://www.mydomain.com$request_uri;
}

server {
? ? listen? ? ? ?80;
? ? server_name? mail.mydomain.com;
? ? return 400;
}

server {
? ? listen? ? ? ?80;
? ? server_name? rdns.mydomain.com;
? ? return 400;
}

Regards,
Yusui


From francis at daoine.org  Sat Apr 17 09:27:32 2021
From: francis at daoine.org (Francis Daly)
Date: Sat, 17 Apr 2021 10:27:32 +0100
Subject: SSI configulations issues
In-Reply-To: <1955666420.183783.1618634426412.JavaMail.yahoo@mail.yahoo.co.jp>
References: <1955666420.183783.1618634426412.JavaMail.yahoo.ref@mail.yahoo.co.jp>
 <1955666420.183783.1618634426412.JavaMail.yahoo@mail.yahoo.co.jp>
Message-ID: <20210417092732.GH27756@daoine.org>

On Sat, Apr 17, 2021 at 01:40:26PM +0900, tommys_project at yahoo.co.jp wrote:

Hi there,

> I work on configuring for ssi on my environments but got errors like this once I check test.html with the following configulations:
> 
> Updated on: (none) [an error occurred while processing the directive]

https://nginx.org/en/docs/http/ngx_http_ssi_module.html

"(none)" is because nginx-ssi does not set LAST_MODIFIED.

"[an error occurred" is because nginx-ssi does not do "#exec".

> Can you help me to fix the issues?

One web site with useful-looking information is
https://www.gilesorr.com/blog/nginx-ssi.html and links from there.

That describes what one old version of nginx was seen to do, and describes some manual workarounds that mattered to the author.

They may or may not apply in your case.

Possibly the things that you want, can't be done in stock
nginx-ssi. Possibly they can be done with an additional tool, or an
alternate tool.

	f
-- 
Francis Daly        francis at daoine.org

From tommys_project at yahoo.co.jp  Sat Apr 17 13:32:21 2021
From: tommys_project at yahoo.co.jp (tommys_project at yahoo.co.jp)
Date: Sat, 17 Apr 2021 22:32:21 +0900 (JST)
Subject: SSI configulations issues
References: <1901806018.218450.1618666341974.JavaMail.yahoo.ref@mail.yahoo.co.jp>
Message-ID: <1901806018.218450.1618666341974.JavaMail.yahoo@mail.yahoo.co.jp>

Hi Francis,

Thank you for the information.

> 2021?4?17?(?) 18:27 Francis Daly <francis at daoine.org>:
> On Sat, Apr 17, 2021 at 01:40:26PM +0900, tommys_project at yahoo.co.jp wrote:
>?
> Hi there,
>?
> > I work on configuring for ssi on my environments but got errors like this once I check test.html with the following configulations:
> >?
> > Updated on: (none) [an error occurred while processing the directive]
>?
> https://nginx.org/en/docs/http/ngx_http_ssi_module.html
>?
> "(none)" is because nginx-ssi does not set LAST_MODIFIED.
>?
> "[an error occurred" is because nginx-ssi does not do "#exec".

I should install ngx_http_ssi_module?
I was not able to install ngx_http_ssi_module because it looks there is not option for installing ssi modules like --with-http_ssi_module at compiling nginx.
"ssi_last_modified on" is written at location but is it not enough?

> One web site with useful-looking information is
> https://www.gilesorr.com/blog/nginx-ssi.html and links from there.
>?
> That describes what one old version of nginx was seen to do, and describes some manual workarounds that mattered to the author.
>?
> They may or may not apply in your case.
>?
> Possibly the things that you want, can't be done in stock
> nginx-ssi. Possibly they can be done with an additional tool, or an
> alternate tool.

LAST_MODIFIED is displayed at my environments without issues once I changed LAST_MODIFIED to DATE_GMT as that website says!
However looks #exec I need is not supported...

Only some ssi commands for apache are available on nginx for now?


Regards,
Yusui


From francis at daoine.org  Sat Apr 17 14:21:22 2021
From: francis at daoine.org (Francis Daly)
Date: Sat, 17 Apr 2021 15:21:22 +0100
Subject: SSI configulations issues
In-Reply-To: <1901806018.218450.1618666341974.JavaMail.yahoo@mail.yahoo.co.jp>
References: <1901806018.218450.1618666341974.JavaMail.yahoo.ref@mail.yahoo.co.jp>
 <1901806018.218450.1618666341974.JavaMail.yahoo@mail.yahoo.co.jp>
Message-ID: <20210417142122.GI27756@daoine.org>

On Sat, Apr 17, 2021 at 10:32:21PM +0900, tommys_project at yahoo.co.jp wrote:
> > 2021?4?17?(?) 18:27 Francis Daly <francis at daoine.org>:
> > On Sat, Apr 17, 2021 at 01:40:26PM +0900, tommys_project at yahoo.co.jp wrote:

Hi there,

> > > I work on configuring for ssi on my environments but got errors like this once I check test.html with the following configulations:
> > >?
> > > Updated on: (none) [an error occurred while processing the directive]
> >?
> > https://nginx.org/en/docs/http/ngx_http_ssi_module.html
> >?
> > "(none)" is because nginx-ssi does not set LAST_MODIFIED.
> >?
> > "[an error occurred" is because nginx-ssi does not do "#exec".
> 
> I should install ngx_http_ssi_module?
> I was not able to install ngx_http_ssi_module because it looks there is not option for installing ssi modules like --with-http_ssi_module at compiling nginx.

The module is installed and working. You would get a different error
message if it were not.

(You would have to add --without-http_ssi_module at configure/compile
time to remove it.)

> "ssi_last_modified on" is written at location but is it not enough?

That works, but does not do what you want. It does not make the
apache-like LAST_MODIFIED variable have the value you want.

> LAST_MODIFIED is displayed at my environments without issues once I changed LAST_MODIFIED to DATE_GMT as that website says!

I think DATE_GMT shows "now", not anything to do with a modified
timestamp.

> However looks #exec I need is not supported...
> 
> Only some ssi commands for apache are available on nginx for now?

Correct.

"""Currently, the list of supported SSI commands is incomplete."""

I think it will not change, until someone is inspired to write the code.

If you need "full" ssi, you probably need something other than nginx.

	f
-- 
Francis Daly        francis at daoine.org

From nginx-forum at forum.nginx.org  Sat Apr 17 15:59:13 2021
From: nginx-forum at forum.nginx.org (Trecolom)
Date: Sat, 17 Apr 2021 11:59:13 -0400
Subject: Nginx warning - upstream sent more data.
Message-ID: <4776e7cb7f58d72b7a9657b079bc1f6d.NginxMailingListEnglish@forum.nginx.org>

I have a bunch of Nginx + PHP8.0-fpm installed in the north. When crawlers
visit a page and the request contains the If-Modified-Since header, but the
page has not changed, the site returns the "304 Not Modified" header. If the
request protocol is HTTP / 2.0, everything works correctly, but if the
request protocol is HTTP / 1.1, a warning appears in the Nginx logs:

[warn] 910 # 910: * 21961 upstream sent more data than specified in
"Content-Length" header while reading upstream, client: 66.249.76.145,
server: site.com, request: "GET /category/page-title.html HTTP / 1.1 ",
upstream:" fastcgi: // unix: /var/www/php-fpm/12345.sock: ",
host:"site.com"

The site engine does not give Nginx the Content-Length header for sure and
there is no content. I tested this by making requests to the site with the
If-Modified-Since header via CURL.

Why is Nginx showing this warning? Is this an Nginx bug?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291303,291303#msg-291303


From tommys_project at yahoo.co.jp  Sat Apr 17 16:21:14 2021
From: tommys_project at yahoo.co.jp (tommys_project at yahoo.co.jp)
Date: Sun, 18 Apr 2021 01:21:14 +0900 (JST)
Subject: SSI configulations issues
References: <415960389.217327.1618676474133.JavaMail.yahoo.ref@mail.yahoo.co.jp>
Message-ID: <415960389.217327.1618676474133.JavaMail.yahoo@mail.yahoo.co.jp>

Hi Francis,

Thank you so much.
I see. I am relieved to hear the module has been installed with default options.
However I decided to use PHP instead of SSI and to disable SSI after all because #exec is? unavailable and ssi puts load on the server.

I deleted "ssi? on;" and "ssi_last_modified on;" from the configulations and execute "sudo systemctl restart nginx" but looks ssi is still enabled and test.html outputs values as ssi...

What should I do to restore to being disabled?

Regards,
Yusui

2021?4?17?(?) 23:21 Francis Daly <francis at daoine.org>:
>
> On Sat, Apr 17, 2021 at 10:32:21PM +0900, tommys_project at yahoo.co.jp wrote:
> > > 2021?4?17?(?) 18:27 Francis Daly <francis at daoine.org>:
> > > On Sat, Apr 17, 2021 at 01:40:26PM +0900, tommys_project at yahoo.co.jp wrote:
>
> Hi there,
>
> > > > I work on configuring for ssi on my environments but got errors like this once I check test.html with the following configulations:
> > > >?
> > > > Updated on: (none) [an error occurred while processing the directive]
> > >?
> > > https://nginx.org/en/docs/http/ngx_http_ssi_module.html
> > >?
> > > "(none)" is because nginx-ssi does not set LAST_MODIFIED.
> > >?
> > > "[an error occurred" is because nginx-ssi does not do "#exec".
> >
> > I should install ngx_http_ssi_module?
> > I was not able to install ngx_http_ssi_module because it looks there is not option for installing ssi modules like --with-http_ssi_module at compiling nginx.
>
> The module is installed and working. You would get a different error
> message if it were not.
>
> (You would have to add --without-http_ssi_module at configure/compile
> time to remove it.)
>
> > "ssi_last_modified on" is written at location but is it not enough?
>
> That works, but does not do what you want. It does not make the
> apache-like LAST_MODIFIED variable have the value you want.
>
> > LAST_MODIFIED is displayed at my environments without issues once I changed LAST_MODIFIED to DATE_GMT as that website says!
>
> I think DATE_GMT shows "now", not anything to do with a modified
> timestamp.
>
> > However looks #exec I need is not supported...
> >
> > Only some ssi commands for apache are available on nginx for now?
>
> Correct.
>
> """Currently, the list of supported SSI commands is incomplete."""
>
> I think it will not change, until someone is inspired to write the code.
>
> If you need "full" ssi, you probably need something other than nginx.
>
>? ? ? ? ?f
> --
> Francis Daly? ? ? ? francis at daoine.org
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From francis at daoine.org  Sat Apr 17 17:32:45 2021
From: francis at daoine.org (Francis Daly)
Date: Sat, 17 Apr 2021 18:32:45 +0100
Subject: SSI configulations issues
In-Reply-To: <415960389.217327.1618676474133.JavaMail.yahoo@mail.yahoo.co.jp>
References: <415960389.217327.1618676474133.JavaMail.yahoo.ref@mail.yahoo.co.jp>
 <415960389.217327.1618676474133.JavaMail.yahoo@mail.yahoo.co.jp>
Message-ID: <20210417173245.GJ27756@daoine.org>

On Sun, Apr 18, 2021 at 01:21:14AM +0900, tommys_project at yahoo.co.jp wrote:

Hi there,

> I deleted "ssi? on;" and "ssi_last_modified on;" from the configulations and execute "sudo systemctl restart nginx" but looks ssi is still enabled and test.html outputs values as ssi...
> 
> What should I do to restore to being disabled?

The config you showed first had "ssi on" in two places.

If you remove both, and successfully restart the nginx that is reading
that config file, then nginx should not be looking for <!--# ssi
directives anywhere.

"nginx -T" should test the config, and print what config it is actually
reading. Maybe the output of that will show why things are working the
way that they are?

	f
-- 
Francis Daly        francis at daoine.org

From tommys_project at yahoo.co.jp  Sun Apr 18 00:57:41 2021
From: tommys_project at yahoo.co.jp (tommys_project at yahoo.co.jp)
Date: Sun, 18 Apr 2021 09:57:41 +0900 (JST)
Subject: SSI configulations issues
References: <1962991552.223029.1618707461732.JavaMail.yahoo.ref@mail.yahoo.co.jp>
Message-ID: <1962991552.223029.1618707461732.JavaMail.yahoo@mail.yahoo.co.jp>

Hi Francis,

Yes I removed both and successfully restarted.
I got results of nginx -T as the following but looks nginx does not load ssi settings at all..
Unchanged configulation files during I tried ssi setting were chopped from the following results because of too long.

root at host:~# nginx -T|grep -i ssi
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
? ? application/vnd.openxmlformats-officedocument.wordprocessingml.document
? ? ssl_session_cache? ? shared:SSL:1m;
? ? ssl_session_timeout? 5m;
? ? ssl_session_cache? ? shared:SSL:1m;
? ? ssl_session_timeout? 5m;
? ? ssl_session_cache? ? shared:SSL:1m;
? ? ssl_session_timeout? 5m;
? ? ssl_session_cache? ? shared:SSL:1m;
? ? ssl_session_timeout? 5m;;
root at host:~# nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:

user? nginx nginx;
worker_processes? 1;

#error_log? logs/error.log;
#error_log? logs/error.log? notice;
#error_log? logs/error.log? info;

#pid? ? ? ? logs/nginx.pid;


events {
? ? worker_connections? 1024;
}


http {
? ? include? ? ? ?mime.types;
? ? default_type? application/octet-stream;
? ? server_tokens off;

? ? #log_format? main? '$remote_addr - $remote_user [$time_local] "$request" '
? ? #? ? ? ? ? ? ? ? ? '$status $body_bytes_sent "$http_referer" '
? ? #? ? ? ? ? ? ? ? ? '"$http_user_agent" "$http_x_forwarded_for"';

? ? #access_log? logs/access.log? main;

? ? sendfile? ? ? ? on;
? ? #tcp_nopush? ? ?on;

? ? #keepalive_timeout? 0;
? ? keepalive_timeout? 65;

? ? #gzip? on;
? ? include /etc/nginx/sites-enabled/*;

? ? # Cloudflare IP address List for CDN
? ? set_real_ip_from 173.245.48.0/20;
? ? set_real_ip_from 103.21.244.0/22;
? ? set_real_ip_from 103.22.200.0/22;
? ? set_real_ip_from 103.31.4.0/22;
? ? set_real_ip_from 141.101.64.0/18;
? ? set_real_ip_from 108.162.192.0/18;
? ? set_real_ip_from 190.93.240.0/20;
? ? set_real_ip_from 188.114.96.0/20;
? ? set_real_ip_from 197.234.240.0/22;
? ? set_real_ip_from 198.41.128.0/17;
? ? set_real_ip_from 162.158.0.0/15;
? ? set_real_ip_from 104.16.0.0/12;
? ? set_real_ip_from 172.64.0.0/13;
? ? set_real_ip_from 131.0.72.0/22;
? ? set_real_ip_from 2400:cb00::/32;
? ? set_real_ip_from 2606:4700::/32;
? ? set_real_ip_from 2803:f800::/32;
? ? set_real_ip_from 2405:b500::/32;
? ? set_real_ip_from 2405:8100::/32;
? ? set_real_ip_from 2a06:98c0::/29;
? ? set_real_ip_from 2c0f:f248::/32;
? ? real_ip_header CF-Connecting-IP;

}

# configuration file /etc/nginx/mime.types:

types {
? ? text/html? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? html htm shtml;
? ? text/css? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?css;
? ? text/xml? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?xml;
? ? image/gif? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? gif;
? ? image/jpeg? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?jpeg jpg;
? ? application/javascript? ? ? ? ? ? ? ? ? ? ? ? ? ?js;
? ? application/atom+xml? ? ? ? ? ? ? ? ? ? ? ? ? ? ?atom;
? ? application/rss+xml? ? ? ? ? ? ? ? ? ? ? ? ? ? ? rss;

? ? text/mathml? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? mml;
? ? text/plain? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?txt;
? ? text/vnd.sun.j2me.app-descriptor? ? ? ? ? ? ? ? ?jad;
? ? text/vnd.wap.wml? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?wml;
? ? text/x-component? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?htc;

? ? image/png? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? png;
? ? image/svg+xml? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? svg svgz;
? ? image/tiff? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tif tiff;
? ? image/vnd.wap.wbmp? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?wbmp;
? ? image/webp? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?webp;
? ? image/x-icon? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?ico;
? ? image/x-jng? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? jng;
? ? image/x-ms-bmp? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?bmp;

? ? font/woff? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? woff;
? ? font/woff2? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?woff2;

? ? application/java-archive? ? ? ? ? ? ? ? ? ? ? ? ?jar war ear;
? ? application/json? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?json;
? ? application/mac-binhex40? ? ? ? ? ? ? ? ? ? ? ? ?hqx;
? ? application/msword? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?doc;
? ? application/pdf? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? pdf;
? ? application/postscript? ? ? ? ? ? ? ? ? ? ? ? ? ?ps eps ai;
? ? application/rtf? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? rtf;
? ? application/vnd.apple.mpegurl? ? ? ? ? ? ? ? ? ? m3u8;
? ? application/vnd.google-earth.kml+xml? ? ? ? ? ? ?kml;
? ? application/vnd.google-earth.kmz? ? ? ? ? ? ? ? ?kmz;
? ? application/vnd.ms-excel? ? ? ? ? ? ? ? ? ? ? ? ?xls;
? ? application/vnd.ms-fontobject? ? ? ? ? ? ? ? ? ? eot;
? ? application/vnd.ms-powerpoint? ? ? ? ? ? ? ? ? ? ppt;
? ? application/vnd.oasis.opendocument.graphics? ? ? odg;
? ? application/vnd.oasis.opendocument.presentation? odp;
? ? application/vnd.oasis.opendocument.spreadsheet? ?ods;
? ? application/vnd.oasis.opendocument.text? ? ? ? ? odt;
? ? application/vnd.openxmlformats-officedocument.presentationml.presentation
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?pptx;
? ? application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?xlsx;
? ? application/vnd.openxmlformats-officedocument.wordprocessingml.document
? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?docx;
? ? application/vnd.wap.wmlc? ? ? ? ? ? ? ? ? ? ? ? ?wmlc;
? ? application/x-7z-compressed? ? ? ? ? ? ? ? ? ? ? 7z;
? ? application/x-cocoa? ? ? ? ? ? ? ? ? ? ? ? ? ? ? cco;
? ? application/x-java-archive-diff? ? ? ? ? ? ? ? ? jardiff;
? ? application/x-java-jnlp-file? ? ? ? ? ? ? ? ? ? ?jnlp;
? ? application/x-makeself? ? ? ? ? ? ? ? ? ? ? ? ? ?run;
? ? application/x-perl? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?pl pm;
? ? application/x-pilot? ? ? ? ? ? ? ? ? ? ? ? ? ? ? prc pdb;
? ? application/x-rar-compressed? ? ? ? ? ? ? ? ? ? ?rar;
? ? application/x-redhat-package-manager? ? ? ? ? ? ?rpm;
? ? application/x-sea? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? sea;
? ? application/x-shockwave-flash? ? ? ? ? ? ? ? ? ? swf;
? ? application/x-stuffit? ? ? ? ? ? ? ? ? ? ? ? ? ? sit;
? ? application/x-tcl? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? tcl tk;
? ? application/x-x509-ca-cert? ? ? ? ? ? ? ? ? ? ? ?der pem crt;
? ? application/x-xpinstall? ? ? ? ? ? ? ? ? ? ? ? ? xpi;
? ? application/xhtml+xml? ? ? ? ? ? ? ? ? ? ? ? ? ? xhtml;
? ? application/xspf+xml? ? ? ? ? ? ? ? ? ? ? ? ? ? ?xspf;
? ? application/zip? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? zip;

? ? application/octet-stream? ? ? ? ? ? ? ? ? ? ? ? ?bin exe dll;
? ? application/octet-stream? ? ? ? ? ? ? ? ? ? ? ? ?deb;
? ? application/octet-stream? ? ? ? ? ? ? ? ? ? ? ? ?dmg;
? ? application/octet-stream? ? ? ? ? ? ? ? ? ? ? ? ?iso img;
? ? application/octet-stream? ? ? ? ? ? ? ? ? ? ? ? ?msi msp msm;

? ? audio/midi? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?mid midi kar;
? ? audio/mpeg? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?mp3;
? ? audio/ogg? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ogg;
? ? audio/x-m4a? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? m4a;
? ? audio/x-realaudio? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ra;

? ? video/3gpp? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?3gpp 3gp;
? ? video/mp2t? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?ts;
? ? video/mp4? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? mp4;
? ? video/mpeg? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?mpeg mpg;
? ? video/quicktime? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? mov;
? ? video/webm? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?webm;
? ? video/x-flv? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? flv;
? ? video/x-m4v? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? m4v;
? ? video/x-mng? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? mng;
? ? video/x-ms-asf? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?asx asf;
? ? video/x-ms-wmv? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?wmv;
? ? video/x-msvideo? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? avi;
}

# configuration file /etc/nginx/fastcgi_params:

fastcgi_param? QUERY_STRING? ? ? ?$query_string;
fastcgi_param? REQUEST_METHOD? ? ?$request_method;
fastcgi_param? CONTENT_TYPE? ? ? ?$content_type;
fastcgi_param? CONTENT_LENGTH? ? ?$content_length;

fastcgi_param? SCRIPT_NAME? ? ? ? $fastcgi_script_name;
fastcgi_param? REQUEST_URI? ? ? ? $request_uri;
fastcgi_param? DOCUMENT_URI? ? ? ?$document_uri;
fastcgi_param? DOCUMENT_ROOT? ? ? $document_root;
fastcgi_param? SERVER_PROTOCOL? ? $server_protocol;
fastcgi_param? REQUEST_SCHEME? ? ?$scheme;
fastcgi_param? HTTPS? ? ? ? ? ? ? $https if_not_empty;

fastcgi_param? GATEWAY_INTERFACE? CGI/1.1;
fastcgi_param? SERVER_SOFTWARE? ? nginx/$nginx_version;

fastcgi_param? REMOTE_ADDR? ? ? ? $remote_addr;
fastcgi_param? REMOTE_PORT? ? ? ? $remote_port;
fastcgi_param? SERVER_ADDR? ? ? ? $server_addr;
fastcgi_param? SERVER_PORT? ? ? ? $server_port;
fastcgi_param? SERVER_NAME? ? ? ? $server_name;

# PHP only, required if PHP was built with --enable-force-cgi-redirect
fastcgi_param? REDIRECT_STATUS? ? 200;

# configuration file /etc/nginx/sites-enabled/default:
server {
? ? listen? ? ? ?80;
? ? server_name? www.mydomain.com;

? ? #charset koi8-r;

? ? #access_log? logs/host.access.log? main;
? ? access_log? /var/log/nginx/access.log;
? ? error_log? ?/var/log/nginx/error.log;

? ? location / {
? ? ? ? root? ?/var/www/html;
? ? ? ? index? index.php index.cgi index.html index.htm default.html default.htm;
? ? }
? ? location ~ ^/~(.+?)(/.*)?\.(php)$ {
? ? ? ? alias /home/$1/public_html$2.$3;
? ? ? ? fastcgi_pass? ?127.0.0.1:9000;
? ? ? ? fastcgi_index? index.php;
? ? ? ? fastcgi_param? SCRIPT_FILENAME $document_root;
? ? ? ? include? ? ? ? /etc/nginx/fastcgi_params;
? ? }

? ? location ~ ^/~(.+?)(/.*)?\.(pl|cgi)$ {
? ? ? ? alias /home/$1/public_html$2.$3;
? ? ? ? fastcgi_pass? ?127.0.0.1:8999;
? ? ? ? fastcgi_index? index.cgi;
? ? ? ? fastcgi_param? SCRIPT_FILENAME $document_root;
? ? ? ? include? ? ? ? /etc/nginx/fastcgi_params;
? ? }

? ? location ~ ^/~(.+?)(/.*)?$ {
? ? ? ? alias /home/$1/public_html$2;
? ? ? ? index? index.php index.cgi index.html index.htm default.html default.htm;
? ? ? ? autoindex on;
? ? }

? ? location ~ \.php$ {
? ? ? ? root? ? ? ? ? ?/var/www/html;
? ? ? ? fastcgi_pass? ?127.0.0.1:9000;
? ? ? ? fastcgi_index? index.php;
? ? ? ? fastcgi_param? SCRIPT_FILENAME $document_root$fastcgi_script_name;
? ? ? ? include? ? ? ? /etc/nginx/fastcgi_params;
? ? }

? ? location ~ \.pl|cgi$ {
? ? ? ? root? ? ? ? ? ?/var/www/html;
? ? ? ? fastcgi_pass? ?127.0.0.1:8999;
? ? ? ? fastcgi_index? index.cgi;
? ? ? ? fastcgi_param? SCRIPT_FILENAME $document_root$fastcgi_script_name;
? ? ? ? include? ? ? ? /etc/nginx/fastcgi_params;
? ? }

? ? error_page? 404? ? ? ? ? ? ? /404.html;
? ? location = /404.html {
? ? ? ? root /var/www/error_pages; internal;
? ? }

? ? # redirect server error pages to the static page /50x.html
? ? #
? ? error_page? ?500 502 503 504? /50x.html;
? ? location = /50x.html {
? ? ? ? root? ?/var/www/error_pages;
? ? }

? ? # proxy the PHP scripts to Apache listening on 127.0.0.1:80
? ? #
? ? #location ~ \.php$ {
? ? #? ? proxy_pass? ?http://127.0.0.1;
? ? #}

? ? # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
? ? #
? ? #location ~ \.php$ {
? ? #? ? root? ? ? ? ? ?html;
? ? #? ? fastcgi_pass? ?127.0.0.1:9000;
? ? #? ? fastcgi_index? index.php;
? ? #? ? fastcgi_param? SCRIPT_FILENAME? /scripts$fastcgi_script_name;
? ? #? ? include? ? ? ? fastcgi_params;
? ? #}

? ? # deny access to .htaccess files, if Apache's document root
? ? # concurs with nginx's one
? ? #
? ? #location ~ /\.ht {
? ? #? ? deny? all;
? ? #}
}
server {
? ? listen? ? ? ?80;
? ? server_name? mydomain.com;
? ? return 301 http://www.mydomain.com$request_uri;
}

server {
? ? listen? ? ? ?80;
? ? server_name? mail.mydomain.com;
? ? return 400;
}

server {
? ? listen? ? ? ?80;
? ? server_name? yt.mydomain.com;
? ? return 400;
}


2021?4?18?(?) 2:33 Francis Daly <francis at daoine.org>:
>
> On Sun, Apr 18, 2021 at 01:21:14AM +0900, tommys_project at yahoo.co.jp wrote:
> > I deleted "ssi? on;" and "ssi_last_modified on;" from the configulations and execute "sudo systemctl restart nginx" but looks ssi is still enabled and test.html outputs values as ssi...
> >
> > What should I do to restore to being disabled?
>
> The config you showed first had "ssi on" in two places.
>
> If you remove both, and successfully restart the nginx that is reading
> that config file, then nginx should not be looking for <!--# ssi
> directives anywhere.
>
> "nginx -T" should test the config, and print what config it is actually
> reading. Maybe the output of that will show why things are working the
> way that they are?
>
>? ? ? ? ?f
> --
> Francis Daly? ? ? ? francis at daoine.org
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

Regards,
Yusui


From nginx-forum at forum.nginx.org  Sun Apr 18 08:06:54 2021
From: nginx-forum at forum.nginx.org (Trecolom)
Date: Sun, 18 Apr 2021 04:06:54 -0400
Subject: Nginx warning - upstream sent more data.
In-Reply-To: <4776e7cb7f58d72b7a9657b079bc1f6d.NginxMailingListEnglish@forum.nginx.org>
References: <4776e7cb7f58d72b7a9657b079bc1f6d.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <eb5afc268f8554bf493b0af024a16e72.NginxMailingListEnglish@forum.nginx.org>

I have already found an error in the site engine code. The problem was that
I did not expect that the CMC developers would make a gross mistake - they
would give data before the header() function.

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291303,291309#msg-291309


From tommys_project at yahoo.co.jp  Sun Apr 18 12:43:19 2021
From: tommys_project at yahoo.co.jp (tommys_project at yahoo.co.jp)
Date: Sun, 18 Apr 2021 21:43:19 +0900 (JST)
Subject: SSI configulations issues
In-Reply-To: <1962991552.223029.1618707461732.JavaMail.yahoo@mail.yahoo.co.jp>
References: <1962991552.223029.1618707461732.JavaMail.yahoo.ref@mail.yahoo.co.jp>
 <1962991552.223029.1618707461732.JavaMail.yahoo@mail.yahoo.co.jp>
Message-ID: <2004146338.266473.1618749799493.JavaMail.yahoo@mail.yahoo.co.jp>

Hi Francis,

I am sorry. I saw it has been disabled after clearing my google chrome caches.
It was not enough to simply reloading the pages.

Thank you for helping me

Regards,
Yusui

----- Original Message -----
> From: "tommys_project at yahoo.co.jp" <tommys_project at yahoo.co.jp>
> To: "nginx at nginx.org" <nginx at nginx.org>
> Cc: 
> Date: 2021/4/18, Sun 09:57
> Subject: Re: SSI configulations issues
> 
> Hi Francis,
> 
> Yes I removed both and successfully restarted.
> I got results of nginx -T as the following but looks nginx does not load ssi 
> settings at all..
> Unchanged configulation files during I tried ssi setting were chopped from the 
> following results because of too long.
> 
> root at host:~# nginx -T|grep -i ssi
> nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
> nginx: configuration file /etc/nginx/nginx.conf test is successful
> ? ? application/vnd.openxmlformats-officedocument.wordprocessingml.document
> ? ? ssl_session_cache? ? shared:SSL:1m;
> ? ? ssl_session_timeout? 5m;
> ? ? ssl_session_cache? ? shared:SSL:1m;
> ? ? ssl_session_timeout? 5m;
> ? ? ssl_session_cache? ? shared:SSL:1m;
> ? ? ssl_session_timeout? 5m;
> ? ? ssl_session_cache? ? shared:SSL:1m;
> ? ? ssl_session_timeout? 5m;;
> root at host:~# nginx -T
> nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
> nginx: configuration file /etc/nginx/nginx.conf test is successful
> # configuration file /etc/nginx/nginx.conf:
> 
> user? nginx nginx;
> worker_processes? 1;
> 
> #error_log? logs/error.log;
> #error_log? logs/error.log? notice;
> #error_log? logs/error.log? info;
> 
> #pid? ? ? ? logs/nginx.pid;
> 
> 
> events {
> ? ? worker_connections? 1024;
> }
> 
> 
> http {
> ? ? include? ? ? ?mime.types;
> ? ? default_type? application/octet-stream;
> ? ? server_tokens off;
> 
> ? ? #log_format? main? '$remote_addr - $remote_user [$time_local] 
> "$request" '
> ? ? #? ? ? ? ? ? ? ? ? '$status $body_bytes_sent "$http_referer" 
> '
> ? ? #? ? ? ? ? ? ? ? ? '"$http_user_agent" 
> "$http_x_forwarded_for"';
> 
> ? ? #access_log? logs/access.log? main;
> 
> ? ? sendfile? ? ? ? on;
> ? ? #tcp_nopush? ? ?on;
> 
> ? ? #keepalive_timeout? 0;
> ? ? keepalive_timeout? 65;
> 
> ? ? #gzip? on;
> ? ? include /etc/nginx/sites-enabled/*;
> 
> ? ? # Cloudflare IP address List for CDN
> ? ? set_real_ip_from 173.245.48.0/20;
> ? ? set_real_ip_from 103.21.244.0/22;
> ? ? set_real_ip_from 103.22.200.0/22;
> ? ? set_real_ip_from 103.31.4.0/22;
> ? ? set_real_ip_from 141.101.64.0/18;
> ? ? set_real_ip_from 108.162.192.0/18;
> ? ? set_real_ip_from 190.93.240.0/20;
> ? ? set_real_ip_from 188.114.96.0/20;
> ? ? set_real_ip_from 197.234.240.0/22;
> ? ? set_real_ip_from 198.41.128.0/17;
> ? ? set_real_ip_from 162.158.0.0/15;
> ? ? set_real_ip_from 104.16.0.0/12;
> ? ? set_real_ip_from 172.64.0.0/13;
> ? ? set_real_ip_from 131.0.72.0/22;
> ? ? set_real_ip_from 2400:cb00::/32;
> ? ? set_real_ip_from 2606:4700::/32;
> ? ? set_real_ip_from 2803:f800::/32;
> ? ? set_real_ip_from 2405:b500::/32;
> ? ? set_real_ip_from 2405:8100::/32;
> ? ? set_real_ip_from 2a06:98c0::/29;
> ? ? set_real_ip_from 2c0f:f248::/32;
> ? ? real_ip_header CF-Connecting-IP;
> 
> }
> 
> # configuration file /etc/nginx/mime.types:
> 
> types {
> ? ? text/html? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? html htm shtml;
> ? ? text/css? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?css;
> ? ? text/xml? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?xml;
> ? ? image/gif? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? gif;
> ? ? image/jpeg? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?jpeg jpg;
> ? ? application/javascript? ? ? ? ? ? ? ? ? ? ? ? ? ?js;
> ? ? application/atom+xml? ? ? ? ? ? ? ? ? ? ? ? ? ? ?atom;
> ? ? application/rss+xml? ? ? ? ? ? ? ? ? ? ? ? ? ? ? rss;
> 
> ? ? text/mathml? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? mml;
> ? ? text/plain? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?txt;
> ? ? text/vnd.sun.j2me.app-descriptor? ? ? ? ? ? ? ? ?jad;
> ? ? text/vnd.wap.wml? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?wml;
> ? ? text/x-component? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?htc;
> 
> ? ? image/png? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? png;
> ? ? image/svg+xml? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? svg svgz;
> ? ? image/tiff? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?tif tiff;
> ? ? image/vnd.wap.wbmp? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?wbmp;
> ? ? image/webp? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?webp;
> ? ? image/x-icon? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?ico;
> ? ? image/x-jng? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? jng;
> ? ? image/x-ms-bmp? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?bmp;
> 
> ? ? font/woff? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? woff;
> ? ? font/woff2? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?woff2;
> 
> ? ? application/java-archive? ? ? ? ? ? ? ? ? ? ? ? ?jar war ear;
> ? ? application/json? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?json;
> ? ? application/mac-binhex40? ? ? ? ? ? ? ? ? ? ? ? ?hqx;
> ? ? application/msword? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?doc;
> ? ? application/pdf? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? pdf;
> ? ? application/postscript? ? ? ? ? ? ? ? ? ? ? ? ? ?ps eps ai;
> ? ? application/rtf? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? rtf;
> ? ? application/vnd.apple.mpegurl? ? ? ? ? ? ? ? ? ? m3u8;
> ? ? application/vnd.google-earth.kml+xml? ? ? ? ? ? ?kml;
> ? ? application/vnd.google-earth.kmz? ? ? ? ? ? ? ? ?kmz;
> ? ? application/vnd.ms-excel? ? ? ? ? ? ? ? ? ? ? ? ?xls;
> ? ? application/vnd.ms-fontobject? ? ? ? ? ? ? ? ? ? eot;
> ? ? application/vnd.ms-powerpoint? ? ? ? ? ? ? ? ? ? ppt;
> ? ? application/vnd.oasis.opendocument.graphics? ? ? odg;
> ? ? application/vnd.oasis.opendocument.presentation? odp;
> ? ? application/vnd.oasis.opendocument.spreadsheet? ?ods;
> ? ? application/vnd.oasis.opendocument.text? ? ? ? ? odt;
> ? ? application/vnd.openxmlformats-officedocument.presentationml.presentation
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?pptx;
> ? ? application/vnd.openxmlformats-officedocument.spreadsheetml.sheet
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?xlsx;
> ? ? application/vnd.openxmlformats-officedocument.wordprocessingml.document
> ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?docx;
> ? ? application/vnd.wap.wmlc? ? ? ? ? ? ? ? ? ? ? ? ?wmlc;
> ? ? application/x-7z-compressed? ? ? ? ? ? ? ? ? ? ? 7z;
> ? ? application/x-cocoa? ? ? ? ? ? ? ? ? ? ? ? ? ? ? cco;
> ? ? application/x-java-archive-diff? ? ? ? ? ? ? ? ? jardiff;
> ? ? application/x-java-jnlp-file? ? ? ? ? ? ? ? ? ? ?jnlp;
> ? ? application/x-makeself? ? ? ? ? ? ? ? ? ? ? ? ? ?run;
> ? ? application/x-perl? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?pl pm;
> ? ? application/x-pilot? ? ? ? ? ? ? ? ? ? ? ? ? ? ? prc pdb;
> ? ? application/x-rar-compressed? ? ? ? ? ? ? ? ? ? ?rar;
> ? ? application/x-redhat-package-manager? ? ? ? ? ? ?rpm;
> ? ? application/x-sea? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? sea;
> ? ? application/x-shockwave-flash? ? ? ? ? ? ? ? ? ? swf;
> ? ? application/x-stuffit? ? ? ? ? ? ? ? ? ? ? ? ? ? sit;
> ? ? application/x-tcl? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? tcl tk;
> ? ? application/x-x509-ca-cert? ? ? ? ? ? ? ? ? ? ? ?der pem crt;
> ? ? application/x-xpinstall? ? ? ? ? ? ? ? ? ? ? ? ? xpi;
> ? ? application/xhtml+xml? ? ? ? ? ? ? ? ? ? ? ? ? ? xhtml;
> ? ? application/xspf+xml? ? ? ? ? ? ? ? ? ? ? ? ? ? ?xspf;
> ? ? application/zip? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? zip;
> 
> ? ? application/octet-stream? ? ? ? ? ? ? ? ? ? ? ? ?bin exe dll;
> ? ? application/octet-stream? ? ? ? ? ? ? ? ? ? ? ? ?deb;
> ? ? application/octet-stream? ? ? ? ? ? ? ? ? ? ? ? ?dmg;
> ? ? application/octet-stream? ? ? ? ? ? ? ? ? ? ? ? ?iso img;
> ? ? application/octet-stream? ? ? ? ? ? ? ? ? ? ? ? ?msi msp msm;
> 
> ? ? audio/midi? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?mid midi kar;
> ? ? audio/mpeg? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?mp3;
> ? ? audio/ogg? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ogg;
> ? ? audio/x-m4a? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? m4a;
> ? ? audio/x-realaudio? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ra;
> 
> ? ? video/3gpp? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?3gpp 3gp;
> ? ? video/mp2t? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?ts;
> ? ? video/mp4? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? mp4;
> ? ? video/mpeg? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?mpeg mpg;
> ? ? video/quicktime? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? mov;
> ? ? video/webm? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?webm;
> ? ? video/x-flv? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? flv;
> ? ? video/x-m4v? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? m4v;
> ? ? video/x-mng? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? mng;
> ? ? video/x-ms-asf? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?asx asf;
> ? ? video/x-ms-wmv? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ?wmv;
> ? ? video/x-msvideo? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? avi;
> }
> 
> # configuration file /etc/nginx/fastcgi_params:
> 
> fastcgi_param? QUERY_STRING? ? ? ?$query_string;
> fastcgi_param? REQUEST_METHOD? ? ?$request_method;
> fastcgi_param? CONTENT_TYPE? ? ? ?$content_type;
> fastcgi_param? CONTENT_LENGTH? ? ?$content_length;
> 
> fastcgi_param? SCRIPT_NAME? ? ? ? $fastcgi_script_name;
> fastcgi_param? REQUEST_URI? ? ? ? $request_uri;
> fastcgi_param? DOCUMENT_URI? ? ? ?$document_uri;
> fastcgi_param? DOCUMENT_ROOT? ? ? $document_root;
> fastcgi_param? SERVER_PROTOCOL? ? $server_protocol;
> fastcgi_param? REQUEST_SCHEME? ? ?$scheme;
> fastcgi_param? HTTPS? ? ? ? ? ? ? $https if_not_empty;
> 
> fastcgi_param? GATEWAY_INTERFACE? CGI/1.1;
> fastcgi_param? SERVER_SOFTWARE? ? nginx/$nginx_version;
> 
> fastcgi_param? REMOTE_ADDR? ? ? ? $remote_addr;
> fastcgi_param? REMOTE_PORT? ? ? ? $remote_port;
> fastcgi_param? SERVER_ADDR? ? ? ? $server_addr;
> fastcgi_param? SERVER_PORT? ? ? ? $server_port;
> fastcgi_param? SERVER_NAME? ? ? ? $server_name;
> 
> # PHP only, required if PHP was built with --enable-force-cgi-redirect
> fastcgi_param? REDIRECT_STATUS? ? 200;
> 
> # configuration file /etc/nginx/sites-enabled/default:
> server {
> ? ? listen? ? ? ?80;
> ? ? server_name? www.mydomain.com;
> 
> ? ? #charset koi8-r;
> 
> ? ? #access_log? logs/host.access.log? main;
> ? ? access_log? /var/log/nginx/access.log;
> ? ? error_log? ?/var/log/nginx/error.log;
> 
> ? ? location / {
> ? ? ? ? root? ?/var/www/html;
> ? ? ? ? index? index.php index.cgi index.html index.htm default.html 
> default.htm;
> ? ? }
> ? ? location ~ ^/~(.+?)(/.*)?\.(php)$ {
> ? ? ? ? alias /home/$1/public_html$2.$3;
> ? ? ? ? fastcgi_pass? ?127.0.0.1:9000;
> ? ? ? ? fastcgi_index? index.php;
> ? ? ? ? fastcgi_param? SCRIPT_FILENAME $document_root;
> ? ? ? ? include? ? ? ? /etc/nginx/fastcgi_params;
> ? ? }
> 
> ? ? location ~ ^/~(.+?)(/.*)?\.(pl|cgi)$ {
> ? ? ? ? alias /home/$1/public_html$2.$3;
> ? ? ? ? fastcgi_pass? ?127.0.0.1:8999;
> ? ? ? ? fastcgi_index? index.cgi;
> ? ? ? ? fastcgi_param? SCRIPT_FILENAME $document_root;
> ? ? ? ? include? ? ? ? /etc/nginx/fastcgi_params;
> ? ? }
> 
> ? ? location ~ ^/~(.+?)(/.*)?$ {
> ? ? ? ? alias /home/$1/public_html$2;
> ? ? ? ? index? index.php index.cgi index.html index.htm default.html 
> default.htm;
> ? ? ? ? autoindex on;
> ? ? }
> 
> ? ? location ~ \.php$ {
> ? ? ? ? root? ? ? ? ? ?/var/www/html;
> ? ? ? ? fastcgi_pass? ?127.0.0.1:9000;
> ? ? ? ? fastcgi_index? index.php;
> ? ? ? ? fastcgi_param? SCRIPT_FILENAME $document_root$fastcgi_script_name;
> ? ? ? ? include? ? ? ? /etc/nginx/fastcgi_params;
> ? ? }
> 
> ? ? location ~ \.pl|cgi$ {
> ? ? ? ? root? ? ? ? ? ?/var/www/html;
> ? ? ? ? fastcgi_pass? ?127.0.0.1:8999;
> ? ? ? ? fastcgi_index? index.cgi;
> ? ? ? ? fastcgi_param? SCRIPT_FILENAME $document_root$fastcgi_script_name;
> ? ? ? ? include? ? ? ? /etc/nginx/fastcgi_params;
> ? ? }
> 
> ? ? error_page? 404? ? ? ? ? ? ? /404.html;
> ? ? location = /404.html {
> ? ? ? ? root /var/www/error_pages; internal;
> ? ? }
> 
> ? ? # redirect server error pages to the static page /50x.html
> ? ? #
> ? ? error_page? ?500 502 503 504? /50x.html;
> ? ? location = /50x.html {
> ? ? ? ? root? ?/var/www/error_pages;
> ? ? }
> 
> ? ? # proxy the PHP scripts to Apache listening on 127.0.0.1:80
> ? ? #
> ? ? #location ~ \.php$ {
> ? ? #? ? proxy_pass? ?http://127.0.0.1; 
> ? ? #}
> 
> ? ? # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
> ? ? #
> ? ? #location ~ \.php$ {
> ? ? #? ? root? ? ? ? ? ?html;
> ? ? #? ? fastcgi_pass? ?127.0.0.1:9000;
> ? ? #? ? fastcgi_index? index.php;
> ? ? #? ? fastcgi_param? SCRIPT_FILENAME? /scripts$fastcgi_script_name;
> ? ? #? ? include? ? ? ? fastcgi_params;
> ? ? #}
> 
> ? ? # deny access to .htaccess files, if Apache's document root
> ? ? # concurs with nginx's one
> ? ? #
> ? ? #location ~ /\.ht {
> ? ? #? ? deny? all;
> ? ? #}
> }
> server {
> ? ? listen? ? ? ?80;
> ? ? server_name? mydomain.com;
> ? ? return 301 http://www.mydomain.com$request_uri; 
> }
> 
> server {
> ? ? listen? ? ? ?80;
> ? ? server_name? mail.mydomain.com;
> ? ? return 400;
> }
> 
> server {
> ? ? listen? ? ? ?80;
> ? ? server_name? yt.mydomain.com;
> ? ? return 400;
> }
> 
> 
> 2021?4?18?(?) 2:33 Francis Daly <francis at daoine.org>:
>> 
>>  On Sun, Apr 18, 2021 at 01:21:14AM +0900, tommys_project at yahoo.co.jp wrote:
>>  > I deleted "ssi? on;" and "ssi_last_modified on;" 
> from the configulations and execute "sudo systemctl restart nginx" but 
> looks ssi is still enabled and test.html outputs values as ssi...
>>  >
>>  > What should I do to restore to being disabled?
>> 
>>  The config you showed first had "ssi on" in two places.
>> 
>>  If you remove both, and successfully restart the nginx that is reading
>>  that config file, then nginx should not be looking for <!--# ssi
>>  directives anywhere.
>> 
>>  "nginx -T" should test the config, and print what config it is 
> actually
>>  reading. Maybe the output of that will show why things are working the
>>  way that they are?
>> 
>> ? ? ? ? ?f
>>  --
>>  Francis Daly? ? ? ? francis at daoine.org
>>  _______________________________________________
>>  nginx mailing list
>>  nginx at nginx.org
>>  http://mailman.nginx.org/mailman/listinfo/nginx 
> 
> Regards,
> Yusui
> 


From satayepic at gmail.com  Sun Apr 18 23:03:19 2021
From: satayepic at gmail.com (Satay Epic)
Date: Sun, 18 Apr 2021 16:03:19 -0700
Subject: DNS load balancing issue
In-Reply-To: <8ec551028f688343155f4b84e364326a.NginxMailingListEnglish@forum.nginx.org>
References: <f4956ce9-8956-8965-5ffb-b73d18f6fada@nginx.com>
 <8ec551028f688343155f4b84e364326a.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <CADohWC-ZjLEmr8hyv4ywxTsgrVjbgCijMrsz-HM-1VRA0PpJ5A@mail.gmail.com>

Anyone?

On Wed, Feb 19, 2020, 5:25 PM satay <nginx-forum at forum.nginx.org> wrote:

> Hi Maxim,
>
> Thanks for responding. I agree with your recommendation.  I guess a direct
> upgrade from 1.12  to 1.16 (free community version) is possible and
> shouldn't break it.
>
> I'm preferring 1.61 since it's the latest stable version.  Beside the
> upgrade, do you recommend any performance tuning should be done?
>
> Thanks
>
>
> FYI - This is the error I see in the "dns.log" occurring frequently.
>
> 2020/02/19 16:47:28 [error] 19509#0: *4852298929 no live upstreams while
> connecting to upstream, udp client: x.x.x.x, server: 0.0.0.0:53, upstream:
> "dns_servers", bytes from/to client:50/0, bytes from/to upstream:0/0
>
> This is the nginx.conf ---
>
>
> worker_processes auto;
> error_log /var/log/nginx/error.log;
>
> include /usr/share/nginx/modules/*.conf;
>
> events {
> }
>
> stream {
>     upstream dns_servers {
>         server x.x.x.x:53 fail_timeout=60s;
>         server x.x.x.x:53 fail_timeout=60s;
>         server x.x.x.x:53 fail_timeout=60s;
>     }
>     server {
>         listen 53  udp;
>         listen 53; #tcp
>         proxy_pass dns_servers;
>         error_log  /var/log/nginx/dns.log info;
>         proxy_responses 1;
>         proxy_timeout   5s;
>     }
> }
>
> http {
> index index.html;
> server {
> listen 80 default_server;
> server_name _;
> access_log /var/log/nginx/access.log;
> server_name_in_redirect off;
> root  /var/www/default/htdocs;
> allow x.x.x.x;
> deny all;
> location /nginx_status {
>     stub_status on;
>     access_log off;
> }
> }
> }
>
> Posted at Nginx Forum:
> https://forum.nginx.org/read.php?2,287053,287069#msg-287069
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210418/53412a0a/attachment-0001.htm>

From francis at daoine.org  Mon Apr 19 09:15:47 2021
From: francis at daoine.org (Francis Daly)
Date: Mon, 19 Apr 2021 10:15:47 +0100
Subject: SSI configulations issues
In-Reply-To: <2004146338.266473.1618749799493.JavaMail.yahoo@mail.yahoo.co.jp>
References: <1962991552.223029.1618707461732.JavaMail.yahoo.ref@mail.yahoo.co.jp>
 <1962991552.223029.1618707461732.JavaMail.yahoo@mail.yahoo.co.jp>
 <2004146338.266473.1618749799493.JavaMail.yahoo@mail.yahoo.co.jp>
Message-ID: <20210419091547.GK27756@daoine.org>

On Sun, Apr 18, 2021 at 09:43:19PM +0900, tommys_project at yahoo.co.jp wrote:

Hi there,

> I am sorry. I saw it has been disabled after clearing my google chrome caches.
> It was not enough to simply reloading the pages.

Great that you have it working in a consistent way!

I was going to suggest that perhaps there was a second nginx binary,
or a second nginx config file, that the systemctl system was using.

But "clear the cache" or "test using curl, to avoid the cache", is always
good to check first.

Thank you for sharing the outcome with the list; that should help the
next person who sees the same problem.

And good luck with the php system to do for you what the nginx ssi system
does not do.

Cheers,

	f
-- 
Francis Daly        francis at daoine.org

From mdounin at mdounin.ru  Tue Apr 20 14:52:29 2021
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Tue, 20 Apr 2021 17:52:29 +0300
Subject: nginx-1.20.0
Message-ID: <YH7qrQR2y34GHBw3@mdounin.ru>

Changes with nginx 1.20.0                                        20 Apr 2021

    *) 1.20.x stable branch.


-- 
Maxim Dounin
http://nginx.org/

From tommys_project at yahoo.co.jp  Tue Apr 20 15:18:59 2021
From: tommys_project at yahoo.co.jp (tommys_project at yahoo.co.jp)
Date: Wed, 21 Apr 2021 00:18:59 +0900 (JST)
Subject: SSI configulations issues
References: <82870999.410924.1618931939496.JavaMail.yahoo.ref@mail.yahoo.co.jp>
Message-ID: <82870999.410924.1618931939496.JavaMail.yahoo@mail.yahoo.co.jp>

Hi?Francis,

Thank you for your advices.
I didn't know curl can avoid caches. I will try it.

Regards,
Yusui

2021?4?19?(?) 18:16 Francis Daly <francis at daoine.org>:
>
> On Sun, Apr 18, 2021 at 09:43:19PM +0900, tommys_project at yahoo.co.jp wrote:
>
> Hi there,
>
> > I am sorry. I saw it has been disabled after clearing my google chrome caches.
> > It was not enough to simply reloading the pages.
>
> Great that you have it working in a consistent way!
>
> I was going to suggest that perhaps there was a second nginx binary,
> or a second nginx config file, that the systemctl system was using.
>
> But "clear the cache" or "test using curl, to avoid the cache", is always
> good to check first.
>
> Thank you for sharing the outcome with the list; that should help the
> next person who sees the same problem.
>
> And good luck with the php system to do for you what the nginx ssi system
> does not do.
>
> Cheers,
>
> ? ? ? ? f
> --
> Francis Daly ? ? ? ?francis at daoine.org
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


From nginx-forum at forum.nginx.org  Wed Apr 21 12:39:22 2021
From: nginx-forum at forum.nginx.org (truffle)
Date: Wed, 21 Apr 2021 08:39:22 -0400
Subject: fastcgi_param SCRIPT_FILENAME - not config seems to work
Message-ID: <6c89064192ed3cb3eeda284ce6be8f11.NginxMailingListEnglish@forum.nginx.org>

Sorry for this noob question, but frustration is eating me.
I'm trying to set up my php app for 2 straight days, and no config seems to
work to load it properly.

My config:

server {
    server_name mydomain.com;
    ...
    ...

    fastcgi_param HTTPS on;

    location /app  {
        index index.php;
		alias /var/www/app;

		location ~ \.php$ {
		    try_files $uri =404;
		    include /etc/nginx/fastcgi_params;
	        include /etc/nginx/fastcgi.conf;

	        fastcgi_index index.php;
		    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
		    fastcgi_pass unix:/var/run/nginx/php-fastcgi.sock;
		}
    }
}

But I also tried a number of other placement and combinations.

This will result (probably obviously) in a "No input file specified."
SCRIPT_FILENAME will never be taken unless I change it explicitly to
/var/www/app/index.php (and in that case only that file loads, 404ing all
other php files out).

What could be the issue? Where could I even debug this? (in terms of what
file nginx is trying to feed php-fpm)

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291334,291334#msg-291334


From nginx-forum at forum.nginx.org  Wed Apr 21 16:28:20 2021
From: nginx-forum at forum.nginx.org (truffle)
Date: Wed, 21 Apr 2021 12:28:20 -0400
Subject: fastcgi_param SCRIPT_FILENAME - not config seems to work
In-Reply-To: <6c89064192ed3cb3eeda284ce6be8f11.NginxMailingListEnglish@forum.nginx.org>
References: <6c89064192ed3cb3eeda284ce6be8f11.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <be49bcc67bc7e9b229c39d1fd147b5df.NginxMailingListEnglish@forum.nginx.org>

Ok, as expected, this was extremely stupid.
location /app { index index.php; root /var/www; }
When specifying location, the path should be set with root NOT containing
the /location

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291334,291337#msg-291337


From nginx-forum at forum.nginx.org  Thu Apr 22 08:51:59 2021
From: nginx-forum at forum.nginx.org (kkobylyanskiy)
Date: Thu, 22 Apr 2021 04:51:59 -0400
Subject: Nginx cache file is too small
Message-ID: <c157bc155645f955bb1392c50fa87914.NginxMailingListEnglish@forum.nginx.org>

Hi, 
I'm using Nginx as a reverse-proxy to cache my POST request and wrote the
following config:

http {
    gzip on;
    gzip_proxied any;
    gzip_types text/plain application/json;
    gzip_min_length 1000;
    proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=FLOWS:100m
inactive=24h max_size=2g use_temp_path=off;
    server {
        listen 3200;
        location /api/flows-page-v1 {
            proxy_pass              http://app:3000/api/flows-page-v1;
            proxy_set_header        Host $host;
            proxy_buffering         on;
            proxy_cache             FLOWS;
            proxy_cache_methods     POST;
            proxy_cache_key         "$request_uri|$request_body";
            proxy_cache_valid       200 1d;
            client_body_buffer_size 512k;
            proxy_buffers           6 128k;
            proxy_buffer_size       512k;
            proxy_busy_buffers_size 512k;
            proxy_cache_use_stale   error timeout invalid_header updating
                                    http_500 http_502 http_503 http_504;
            add_header X-Cached     $upstream_cache_status;
        }
    }
} 
I'm getting the following error when trying so send a request for the second
time after the first on is cached:

[crit] 20#20: *2 cache file
"/var/cache/nginx/6/fb/bee5677b8b46add7cfef279105773fb6" is too small
I logged in to the container and verified that this file contains cached
content.

>From the source code it seems like the following fragment causes this error
and therefore cache MISS (nginx/src/http/ngx_http_file_cache.c):

if ((size_t) n < c->header_start) {
    ngx_log_error(NGX_LOG_CRIT, r->connection->log, 0,
                  "cache file \"%s\" is too small", c->file.name.data);
    return NGX_DECLINED;
}

I already found the similar question -
https://forum.nginx.org/read.php?2,271756 but the answer doesn't seem to be
related to my situation: I run nginx in docker-compose, therefore there is
no any temporary files left in the cache directories, as well as the other
nginx process.

What should I do to avoid this error?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291344,291344#msg-291344


From nginx-forum at forum.nginx.org  Thu Apr 22 12:10:42 2021
From: nginx-forum at forum.nginx.org (kkobylyanskiy)
Date: Thu, 22 Apr 2021 08:10:42 -0400
Subject: Nginx cache file is too small
In-Reply-To: <c157bc155645f955bb1392c50fa87914.NginxMailingListEnglish@forum.nginx.org>
References: <c157bc155645f955bb1392c50fa87914.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <4a8fb7bfb7b090ad9dfc90ef82449d24.NginxMailingListEnglish@forum.nginx.org>

It seems like the this error happens only if request body > 64k

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291344,291347#msg-291347


From mdounin at mdounin.ru  Thu Apr 22 14:20:08 2021
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Thu, 22 Apr 2021 17:20:08 +0300
Subject: Nginx cache file is too small
In-Reply-To: <c157bc155645f955bb1392c50fa87914.NginxMailingListEnglish@forum.nginx.org>
References: <c157bc155645f955bb1392c50fa87914.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <YIGGGMr7DfsWOTAw@mdounin.ru>

Hello!

On Thu, Apr 22, 2021 at 04:51:59AM -0400, kkobylyanskiy wrote:

> I'm using Nginx as a reverse-proxy to cache my POST request and wrote the
> following config:

[...]

>             proxy_cache_key         "$request_uri|$request_body";

[...]

>             client_body_buffer_size 512k;

[...]

> I'm getting the following error when trying so send a request for the second
> time after the first on is cached:
> 
> [crit] 20#20: *2 cache file
> "/var/cache/nginx/6/fb/bee5677b8b46add7cfef279105773fb6" is too small
> I logged in to the container and verified that this file contains cached
> content.

This is not going to work, since cache header is limited to 64k 
due to the unsigned short type being used in the on-disk format 
for header_start and body_start offsets.  The cache header 
includes the cache key, which in you case can be up to 512k or 
even larger.

Thanks for reporting this.  This probably needs some explicit 
checks to fail in an obvious way instead of silently producing 
corrupted files and complaining later.

To make this work, consider either limiting the request body to 
something less than 64k, or using a request body hash in the cache 
key instead of the full request body.  The latter can be done 
using embedded perl or njs, see here:

http://nginx.org/r/perl_set
http://nginx.org/r/js_set

-- 
Maxim Dounin
http://mdounin.ru/

From rejaine at bhz.jamef.com.br  Fri Apr 23 13:08:16 2021
From: rejaine at bhz.jamef.com.br (Rejaine Silveira Monteiro)
Date: Fri, 23 Apr 2021 10:08:16 -0300
Subject: powerbi report server with nginx reverse proxy (authentication
 problem)
Message-ID: <CAMTrDfXKuaLbgjLT9Y4gg7-9B-GNULgS6nLKhY_MQ-+o3+qOPQ@mail.gmail.com>

is there any way to make the AD authentication used by the PowerBI Report
Server behind Nginx work?
According to this article:
https://community.powerbi.com/t5/Report-Server/PBIRS-behind-nginx/m-p/1021522
Nginx does not support forwarding authentication in the free version, due
to incompatibility with NTLM.   Is there any other alternative?

-- 
*Esta mensagem pode conter informa??es confidenciais ou privilegiadas, 
sendo seu sigilo protegido por lei. Se voc? n?o for o destinat?rio ou a 
pessoa autorizada a receber esta mensagem, n?o pode usar, copiar ou 
divulgar as informa??es nela contidas ou tomar qualquer a??o baseada nessas 
informa??es. Se voc? recebeu esta mensagem por engano, por favor avise 
imediatamente ao remetente, respondendo o e-mail e em seguida apague-o. 
Agradecemos sua coopera??o.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210423/f81e8fae/attachment.htm>

From L.Meren at f5.com  Fri Apr 23 17:13:43 2021
From: L.Meren at f5.com (Libby Meren)
Date: Fri, 23 Apr 2021 17:13:43 +0000
Subject: NGINX Livestream
Message-ID: <07B49C45-50DE-402E-864A-A4088F0C0846@f5.com>

Hi there,

The NGINX team is doing a YouTube livestream on April 28, focusing on the latest release of NJS (NGINX?s JavaScript module). During the livestream they?ll show how to extend NGINX with custom code using NJS, answering questions live. Presenting is Dmitry Volyntsev, the lead developer for NJS, along with Liam Crilly and Timo Stark.

Link: https://www.youtube.com/watch?v=0CVhq4AUU7M
Timing: 7:30am PDT, 10:30am EDT, 8:00pm IST, 4:30pm CET ? April 28

We hope to see you there. If you can?t make it, the recording will be posted to the same location shortly after.

Thanks,

Libby Meren



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210423/267e9bd0/attachment.htm>

From mdskarag at gmail.com  Fri Apr 23 20:24:07 2021
From: mdskarag at gmail.com (=?UTF-8?B?zqPPhM6xz43Pgc6/z4IgzprOsc+BzrHOs866zr/Pjc69zrfPgg==?=)
Date: Fri, 23 Apr 2021 23:24:07 +0300
Subject: IP TV
Message-ID: <CABXy=ZLwf6B8UMEAQBqSQXiYh-pSwKSkfuPRzpc+7LPPEh0eOA@mail.gmail.com>

Dear sirs as from Saturday 17/04 while trying to access from my ip
81.2.130.23 the following server
http://cabine23.com:8800 for my duplex tv ? get error in streaming. I would
like to know if there are maybe issues by mistakes  from my ip or it is
added to a blacklist or a possible threat.
My Isp in Nictech communicationd  and is an official provider in Greece
By any means I would like your guidence in getting things straight again.
Thank you in advance
STAVROS  Karagkounis Md
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210423/2fce5749/attachment.htm>

From kaushalshriyan at gmail.com  Sun Apr 25 08:07:28 2021
From: kaushalshriyan at gmail.com (Kaushal Shriyan)
Date: Sun, 25 Apr 2021 13:37:28 +0530
Subject: Seeing ^(.*/)index\.php/(.*)" does not match in nginx error log file.
Message-ID: <CAD7Ssm_Hc3-Wc0mFw5UDJkYpM0RFnLS2-RHB30TBGksuKv3ygg@mail.gmail.com>

Hi,

I am running Nginx version: nginx/1.20.0 on CentOS Linux release 7.9.2009
(Core). I am seeing the below information in the Nginx error file.

2021/04/25 07:47:40 [notice] 15635#15635: *5 "^(.*/)index\.php/(.*)" does
> not match
> "/themes/contrib/bootstrap_barrio/css/components/node.css?qs338m", client:
> 35.18.123.1, server: dactest.mydomain.com, request: "GET
> /themes/contrib/bootstrap_barrio/css/components/node.css?qs338m HTTP/1.1",
> host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
> 2021/04/25 07:47:40 [notice] 15634#15634: *6 "^(.*/)index\.php/(.*)" does
> not match
> "/sites/default/files/color/dacmarketplace-72c280ec/colors.css?qs338m",
> client: 35.18.123.1, server: dactest.mydomain.com, request: "GET
> /sites/default/files/color/dacmarketplace-72c280ec/colors.css?qs338m
> HTTP/1.1", host: "dactest.mydomain.com", referrer: "
> https://dactest.mydomain.com/"
> 2021/04/25 07:47:40 [notice] 15634#15634: *9 "^(.*/)index\.php/(.*)" does
> not match
> "/themes/contrib/bootstrap_barrio/css/colors/messages/messages-white.css?qs338m",
> client: 35.18.123.1, server: dactest.mydomain.com, request: "GET
> /themes/contrib/bootstrap_barrio/css/colors/messages/messages-white.css?qs338m
> HTTP/1.1", host: "dactest.mydomain.com", referrer: "
> https://dactest.mydomain.com/"
> 2021/04/25 07:47:40 [notice] 15634#15634: *9 "^(.*/)index\.php/(.*)" does
> not match "/themes/custom/dacmarketplace/js/popper.min.js?qs338m", client:
> 35.18.123.1, server: dactest.mydomain.com, request: "GET
> /themes/custom/dacmarketplace/js/popper.min.js?qs338m HTTP/1.1", host: "
> dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
> 2021/04/25 07:47:40 [notice] 15634#15634: *6 "^(.*/)index\.php/(.*)" does
> not match "/themes/custom/dacmarketplace/js/bootstrap.min.js?qs338m",
> client: 35.18.123.1, server: dactest.mydomain.com, request: "GET
> /themes/custom/dacmarketplace/js/bootstrap.min.js?qs338m HTTP/1.1", host: "
> dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"


I have attached both the log files and /etc/nginx/nginx.conf file in this
email thread. Please let me know if you need any additional information.
Any help will be highly appreciated. Thanks in Advance. I look forward to
hearing from you.

Best Regards,

Kaushal
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210425/3ddcf4d0/attachment-0001.htm>
-------------- next part --------------
2021/04/25 07:46:57 [notice] 15632#15632: using the "epoll" event method
2021/04/25 07:46:57 [notice] 15632#15632: nginx/1.20.0
2021/04/25 07:46:57 [notice] 15632#15632: built by gcc 4.8.5 20150623 (Red Hat 4.8.5-44) (GCC)
2021/04/25 07:46:57 [notice] 15632#15632: OS: Linux 3.10.0-1160.15.2.el7.x86_64
2021/04/25 07:46:57 [notice] 15632#15632: getrlimit(RLIMIT_NOFILE): 1024:4096
2021/04/25 07:46:57 [notice] 15633#15633: start worker processes
2021/04/25 07:46:57 [notice] 15633#15633: start worker process 15634
2021/04/25 07:46:57 [notice] 15633#15633: start worker process 15635
2021/04/25 07:47:07 [notice] 15634#15634: *1 "^(.*/)index\.php/(.*)" does not match "/", client: 35.205.72.231, server: dactest.mydomain.com, request: "GET / HTTP/1.1", host: "dactest.mydomain.com"
2021/04/25 07:47:07 [notice] 15634#15634: *1 "^(.*/)index\.php/(.*)" does not match "/", client: 35.205.72.231, server: dactest.mydomain.com, request: "GET / HTTP/1.1", host: "dactest.mydomain.com"
2021/04/25 07:47:13 [notice] 15635#15635: *3 "^(.*/)index\.php/(.*)" does not match "/", client: 35.240.151.105, server: dactest.mydomain.com, request: "GET / HTTP/1.1", host: "dactest.mydomain.com"
2021/04/25 07:47:13 [notice] 15635#15635: *3 "^(.*/)index\.php/(.*)" does not match "/", client: 35.240.151.105, server: dactest.mydomain.com, request: "GET / HTTP/1.1", host: "dactest.mydomain.com"
2021/04/25 07:47:38 [notice] 15635#15635: *5 "^(.*/)index\.php/(.*)" does not match "/", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET / HTTP/1.1", host: "dactest.mydomain.com"
2021/04/25 07:47:38 [notice] 15635#15635: *5 "^(.*/)index\.php/(.*)" does not match "/", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET / HTTP/1.1", host: "dactest.mydomain.com"
2021/04/25 07:47:39 [notice] 15634#15634: *7 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/align.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/align.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *6 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/ajax-progress.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/ajax-progress.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *7 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/autocomplete-loading.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/autocomplete-loading.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *6 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/fieldgroup.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/fieldgroup.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *9 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/container-inline.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/container-inline.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *10 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/clearfix.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/clearfix.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *7 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/details.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/details.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *6 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/hidden.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/hidden.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15635#15635: *11 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/item-list.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/item-list.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *9 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/js.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/js.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *7 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/position-container.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/position-container.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *10 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/nowrap.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/nowrap.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15635#15635: *11 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/progress.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/progress.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *6 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/reset-appearance.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/reset-appearance.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *9 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/resize.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/resize.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *7 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/sticky-header.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/sticky-header.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:39 [notice] 15634#15634: *10 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/system-status-counter.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/system-status-counter.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:40 [notice] 15635#15635: *11 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/system-status-report-counters.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/system-status-report-counters.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:40 [notice] 15634#15634: *6 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/system-status-report-general-info.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/system-status-report-general-info.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:40 [notice] 15634#15634: *9 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/tabledrag.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/tabledrag.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:40 [notice] 15634#15634: *7 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/tablesort.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/tablesort.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:40 [notice] 15634#15634: *10 "^(.*/)index\.php/(.*)" does not match "/core/modules/system/css/components/tree-child.module.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /core/modules/system/css/components/tree-child.module.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:40 [notice] 15635#15635: *11 "^(.*/)index\.php/(.*)" does not match "/modules/contrib/ckeditor_accordion/css/ckeditor-accordion.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /modules/contrib/ckeditor_accordion/css/ckeditor-accordion.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:40 [notice] 15635#15635: *5 "^(.*/)index\.php/(.*)" does not match "/themes/contrib/bootstrap_barrio/css/components/node.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /themes/contrib/bootstrap_barrio/css/components/node.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:40 [notice] 15634#15634: *6 "^(.*/)index\.php/(.*)" does not match "/sites/default/files/color/dacmarketplace-72c280ec/colors.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /sites/default/files/color/dacmarketplace-72c280ec/colors.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:40 [notice] 15634#15634: *9 "^(.*/)index\.php/(.*)" does not match "/themes/contrib/bootstrap_barrio/css/colors/messages/messages-white.css?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /themes/contrib/bootstrap_barrio/css/colors/messages/messages-white.css?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:40 [notice] 15634#15634: *9 "^(.*/)index\.php/(.*)" does not match "/themes/custom/dacmarketplace/js/popper.min.js?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /themes/custom/dacmarketplace/js/popper.min.js?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:40 [notice] 15634#15634: *6 "^(.*/)index\.php/(.*)" does not match "/themes/custom/dacmarketplace/js/bootstrap.min.js?qs338m", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /themes/custom/dacmarketplace/js/bootstrap.min.js?qs338m HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:40 [notice] 15635#15635: *5 "^(.*/)index\.php/(.*)" does not match "/themes/custom/dacmarketplace/images/temp/homepage_banner_0.jpg", client: 35.18.123.1, server: dactest.mydomain.com, request: "GET /themes/custom/dacmarketplace/images/temp/homepage_banner_0.jpg HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:48 [notice] 15634#15634: *6 "^(.*/)index\.php/(.*)" does not match "/eumcollector/beacons/browser/v1/AD-AAB-ABC-CHS/adrum", client: 35.18.123.1, server: dactest.mydomain.com, request: "POST /eumcollector/beacons/browser/v1/AD-AAB-ABC-CHS/adrum HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:47:48 [notice] 15634#15634: *6 "^(.*/)index\.php/(.*)" does not match "/eumcollector/beacons/browser/v1/AD-AAB-ABC-CHS/adrum", client: 35.18.123.1, server: dactest.mydomain.com, request: "POST /eumcollector/beacons/browser/v1/AD-AAB-ABC-CHS/adrum HTTP/1.1", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:49:27 [notice] 15635#15635: *13 "^(.*/)index\.php/(.*)" does not match "/", client: 35.199.126.168, server: dactest.mydomain.com, request: "GET / HTTP/1.1", host: "dactest.mydomain.com"
2021/04/25 07:49:27 [notice] 15635#15635: *13 "^(.*/)index\.php/(.*)" does not match "/", client: 35.199.126.168, server: dactest.mydomain.com, request: "GET / HTTP/1.1", host: "dactest.mydomain.com"
[root at oneapimarketplace-dev-vm1 nginx]# cat /var/log/nginx/error.log | grep -i warn
2021/04/25 07:47:07 [warn] 15634#15634: *1 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/1/00/0000000001 while reading upstream, client: 35.205.72.231, server: dactest.mydomain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dactest.mydomain.com"
2021/04/25 07:47:13 [warn] 15635#15635: *3 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/2/00/0000000002 while reading upstream, client: 35.240.151.105, server: dactest.mydomain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dactest.mydomain.com"
2021/04/25 07:47:38 [warn] 15635#15635: *5 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/3/00/0000000003 while reading upstream, client: 35.18.123.1, server: dactest.mydomain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dactest.mydomain.com"
2021/04/25 07:47:49 [warn] 15634#15634: *6 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/4/00/0000000004 while reading upstream, client: 35.18.123.1, server: dactest.mydomain.com, request: "POST /eumcollector/beacons/browser/v1/AD-AAB-ABC-CHS/adrum HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dactest.mydomain.com", referrer: "https://dactest.mydomain.com/"
2021/04/25 07:49:27 [warn] 15635#15635: *13 an upstream response is buffered to a temporary file /var/cache/nginx/fastcgi_temp/5/00/0000000005 while reading upstream, client: 35.199.126.168, server: dactest.mydomain.com, request: "GET / HTTP/1.1", upstream: "fastcgi://127.0.0.1:9000", host: "dactest.mydomain.com"
[root at oneapimarketplace-dev-vm1 nginx]#
-------------- next part --------------
A non-text attachment was scrubbed...
Name: devnginx.conf
Type: application/octet-stream
Size: 12576 bytes
Desc: not available
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210425/3ddcf4d0/attachment-0001.obj>

From mdounin at mdounin.ru  Sun Apr 25 14:24:34 2021
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Sun, 25 Apr 2021 17:24:34 +0300
Subject: Seeing ^(.*/)index\.php/(.*)" does not match in nginx error log
 file.
In-Reply-To: <CAD7Ssm_Hc3-Wc0mFw5UDJkYpM0RFnLS2-RHB30TBGksuKv3ygg@mail.gmail.com>
References: <CAD7Ssm_Hc3-Wc0mFw5UDJkYpM0RFnLS2-RHB30TBGksuKv3ygg@mail.gmail.com>
Message-ID: <YIV7otnZIKq5Qh5M@mdounin.ru>

Hello!

On Sun, Apr 25, 2021 at 01:37:28PM +0530, Kaushal Shriyan wrote:

> I am running Nginx version: nginx/1.20.0 on CentOS Linux release 7.9.2009
> (Core). I am seeing the below information in the Nginx error file.
> 
> > 2021/04/25 07:47:40 [notice] 15635#15635: *5 "^(.*/)index\.php/(.*)" does
> > not match

[...]

> I have attached both the log files and /etc/nginx/nginx.conf file in this
> email thread. Please let me know if you need any additional information.
> Any help will be highly appreciated. Thanks in Advance. I look forward to
> hearing from you.

You've asked nginx to log at the "debug" level, so it is expected
to log everything.  This includes the information about rewrite 
rule processing, normally available with the rewrite_log switched 
on (see http://nginx.org/r/rewrite_log).

If you don't see a lot of additional debug logging as well, this 
means that your nginx isn't built with debugging, so using the 
"debug" level is mostly meaningless.  Switching to the "info" 
level will likely do what you expect: no information about rewrite 
rule processing will be logged unless rewrite_log is switched on.

-- 
Maxim Dounin
http://mdounin.ru/

From francis at daoine.org  Mon Apr 26 10:20:38 2021
From: francis at daoine.org (Francis Daly)
Date: Mon, 26 Apr 2021 11:20:38 +0100
Subject: IP TV
In-Reply-To: <CABXy=ZLwf6B8UMEAQBqSQXiYh-pSwKSkfuPRzpc+7LPPEh0eOA@mail.gmail.com>
References: <CABXy=ZLwf6B8UMEAQBqSQXiYh-pSwKSkfuPRzpc+7LPPEh0eOA@mail.gmail.com>
Message-ID: <20210426102038.GA6772@daoine.org>

On Fri, Apr 23, 2021 at 11:24:07PM +0300, ??????? ??????????? wrote:

Hi there,

I'm afraid that there is nothing that the nginx people can do to help
this.

> the following server
> http://cabine23.com:8800 for my duplex tv ? get error in streaming. I would
> like to know if there are maybe issues by mistakes  from my ip or it is
> added to a blacklist or a possible threat.

It looks like whoever runs the cabine23.com web server has not configured
their server correctly.

Only they can fix this, by configuring their server the way they want
it to be.

If you have some way of contacting whoever runs that server (or perhaps
whoever provides the service that you are trying to use), maybe they
will be able to change things on their side.


Their web site show the "Welcome to nginx!" page, which is what the web
server they use shows when it has been turned on, but not configured.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org

From nginx-forum at forum.nginx.org  Mon Apr 26 12:50:33 2021
From: nginx-forum at forum.nginx.org (stephan13360)
Date: Mon, 26 Apr 2021 08:50:33 -0400
Subject: NGINX Plus Repo with Certs from Freemium Controller
Message-ID: <bc13f1e99d8b6af7f0bfb3a231d2d96e.NginxMailingListEnglish@forum.nginx.org>

Hi,

I started a NGINX Controller Trial andd used the Freemium non expiring
Association token to activate my controller lisence. This worked fine .and
my contorlelr shows as activated
.

I then followd this guide to download the cert and key for the nginx plus
repo:
https://docs.nginx.com/nginx-controller/admin-guides/install/get-n-plus-cert-and-key/
This also worked.
I then followed the nginx plus Installation guide:
https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/
I added the cert and key to /etc/ssl/nginx/ and downloaded the
/etc/apt/apt.conf.d/90nginx file to the apt conf dir. I know apt-get uses
the cert/key because I get an error when moving the cert/key to another
place.

But when i run apt-get update I get:
Err:6 https://plus-pkgs.nginx.com/ubuntu focal InRelease
  403  Forbidden

Any Idea of why my SSL Client cert/Key that I downlaoded from my correctly
lisenced controller is not accepted?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291366,291366#msg-291366


From ceo.teo.en.ming at gmail.com  Mon Apr 26 14:01:55 2021
From: ceo.teo.en.ming at gmail.com (Turritopsis Dohrnii Teo En Ming)
Date: Mon, 26 Apr 2021 22:01:55 +0800
Subject: Testing
Message-ID: <CAMEJMGEVV3cUzy4OYXzihsMULtrof4U33XXY_e15x+kh=svHrw@mail.gmail.com>

-----BEGIN EMAIL SIGNATURE-----

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

********************************************************************************************

Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's
Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts
at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan
(5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-----END EMAIL SIGNATURE-----

From ceo.teo.en.ming at gmail.com  Mon Apr 26 14:03:13 2021
From: ceo.teo.en.ming at gmail.com (Turritopsis Dohrnii Teo En Ming)
Date: Mon, 26 Apr 2021 22:03:13 +0800
Subject: How to Easily Set Up a Full-Featured Linux Mail Server on Ubuntu
 18.04.5 LTS with iRedMail 1.4.0
Message-ID: <CAMEJMGGuno0xKEmqVKmMYJ6vhiXz0Tg73JW5zOGKCWncP1-rFQ@mail.gmail.com>

Subject: How to Easily Set Up a Full-Featured Linux Mail Server on
Ubuntu 18.04.5 LTS with iRedMail 1.4.0

Good day from Singapore,

I followed linuxbabe.com's Xiao Guoan's guide and successfully setup a
full featured Linux mail server on Ubuntu 18.04.5 LTS with IRedMail
1.4.0.

Author: Mr. Turritopsis Dohrnii Teo En Ming (TARGETED INDIVIDUAL)
Country: Singapore
Date: 25 April 2021 Sunday

Type of Publication: PDF Manual
Document Version: 20210425.01 (1st release)

***IMPORTANT NOTICE*** Please note that Turritopsis Dohrnii Teo En
Ming?s guide is based on Xiao Guoan?s guide at linuxbabe.com.

Reference Guide Used by Teo En Ming: How to Easily Set Up a
Full-Featured Mail Server on Ubuntu 18.04 with iRedMail
Link: https://www.linuxbabe.com/mail-server/ubuntu-18-04-iredmail-email-server
Original Author: Xiao Guoan

The following is a list of open-source software that will be
automatically installed and configured by iRedMail.

? Postfix SMTP server
? Dovecot IMAP server
? Nginx web server to serve the admin panel and webmail
? OpenLDAP, MySQL/MariaDB, or PostgreSQL for storing user information
? Amavised-new for DKIM signing and verification
? SpamAssassin for anti-spam
? ClamAV for anti-virus
? Roundcube webmail
? SOGo groupware, providing webmail, calendar (CalDAV), contacts
(CardDAV), tasks and ActiveSync services.
? Fail2ban for protecting SSH
? mlmmj mailing list manager
? Netdata server monitoring
? iRedAPD Postfix policy server for greylisting

Redundant Download Links for Teo En Ming's PDF Manual:

[1] https://drive.google.com/file/d/1un8sLLmNSMIt7V6blWCvJEgwGvxMbd4B/view?usp=sharing

[2] https://drive.google.com/file/d/1i0vY7kfYkobu563qoI3_qCZg7G7BFoYR/view?usp=sharing

[3] https://drive.google.com/file/d/1U9MFN1EklLbA8TMweLV5ntiSJuBBVkpQ/view?usp=sharing

[4] https://www.docdroid.net/dW70KtS/iredmail-setup-1st-release-pdf

[5] https://www.mediafire.com/file/evar7j28knqyoj6/IRedMail+Setup+1st+Release.pdf/file

[6] https://www.scribd.com/document/504932780/IRedMail-Setup-1st-Release

Mr. Turritopsis Dohrnii Teo En Ming, 43 years old as of 26 April 2021,
is a TARGETED INDIVIDUAL living in Singapore. He is an IT Consultant
with a System Integrator (SI)/computer firm in Singapore. He is an IT
enthusiast.





-----BEGIN EMAIL SIGNATURE-----

The Gospel for all Targeted Individuals (TIs):

[The New York Times] Microwave Weapons Are Prime Suspect in Ills of
U.S. Embassy Workers

Link:
https://www.nytimes.com/2018/09/01/science/sonic-attack-cuba-microwave.html

********************************************************************************************

Singaporean Targeted Individual Mr. Turritopsis Dohrnii Teo En Ming's
Academic Qualifications as at 14 Feb 2019 and refugee seeking attempts
at the United Nations Refugee Agency Bangkok (21 Mar 2017), in Taiwan
(5 Aug 2019) and Australia (25 Dec 2019 to 9 Jan 2020):

[1] https://tdtemcerts.wordpress.com/

[2] https://tdtemcerts.blogspot.sg/

[3] https://www.scribd.com/user/270125049/Teo-En-Ming

-----END EMAIL SIGNATURE-----

From osa at freebsd.org.ru  Mon Apr 26 14:53:45 2021
From: osa at freebsd.org.ru (Sergey A. Osokin)
Date: Mon, 26 Apr 2021 17:53:45 +0300
Subject: NGINX Plus Repo with Certs from Freemium Controller
In-Reply-To: <bc13f1e99d8b6af7f0bfb3a231d2d96e.NginxMailingListEnglish@forum.nginx.org>
References: <bc13f1e99d8b6af7f0bfb3a231d2d96e.NginxMailingListEnglish@forum.nginx.org>
Message-ID: <YIbT+YAX2pxGPH2I@FreeBSD.org.ru>

Hi there,

hope you're doing well.

This mailing list is related to NGINX OSS product, so I'd recommend to
contact to NGINX Sales team, https://www.nginx.com/contact-sales/

Thank you.

-- 
Sergey Osokin

On Mon, Apr 26, 2021 at 08:50:33AM -0400, stephan13360 wrote:
> Hi,
> 
> I started a NGINX Controller Trial andd used the Freemium non expiring
> Association token to activate my controller lisence. This worked fine .and
> my contorlelr shows as activated
> .
> 
> I then followd this guide to download the cert and key for the nginx plus
> repo:
> https://docs.nginx.com/nginx-controller/admin-guides/install/get-n-plus-cert-and-key/
> This also worked.
> I then followed the nginx plus Installation guide:
> https://docs.nginx.com/nginx/admin-guide/installing-nginx/installing-nginx-plus/
> I added the cert and key to /etc/ssl/nginx/ and downloaded the
> /etc/apt/apt.conf.d/90nginx file to the apt conf dir. I know apt-get uses
> the cert/key because I get an error when moving the cert/key to another
> place.
> 
> But when i run apt-get update I get:
> Err:6 https://plus-pkgs.nginx.com/ubuntu focal InRelease
>   403  Forbidden
> 
> Any Idea of why my SSL Client cert/Key that I downlaoded from my correctly
> lisenced controller is not accepted?
> 
> Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291366,291366#msg-291366
> 
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx

From krikkiteer at gmail.com  Tue Apr 27 10:35:58 2021
From: krikkiteer at gmail.com (Charlie Kilo)
Date: Tue, 27 Apr 2021 12:35:58 +0200
Subject: upgrading binary failed - execve - too long argument list
Message-ID: <CAAHW1mi5osgGKbUqEAtFv4=257edPNX+5-EGoWJ9JPYsT5gi_A@mail.gmail.com>

Hi everyone,
i'm trying to upgrade an nginx-binary while running.
When i do kill -s USR2 <pid>, i get the following error in the logs..

11:40:38 [alert] 52701#0: execve() failed while executing new binary
process "/opt/sbin/nginx" (7: Argument list too long)

Anybody knows what exactly is in those arguments ? We have ~ 20-55 worker
processes if that might be related..
nginx-version is 1.18.0, os: debian buster

thanks everyone in advance!
chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210427/197d6df2/attachment.htm>

From oguzyarimtepe at gmail.com  Tue Apr 27 11:49:04 2021
From: oguzyarimtepe at gmail.com (=?UTF-8?B?T8SfdXogWWFyxLFtdGVwZQ==?=)
Date: Tue, 27 Apr 2021 14:49:04 +0300
Subject: any datagroup type solution for nginx
Message-ID: <CAKtWOTQ0=xaLwQfz+bLPuST2xZGa1iHA-VXUU_GXSiRkrhUNmA@mail.gmail.com>

I have large list of paths going to same backend:

location ~ /xxx { proxy_pass http://backend_foo; }
location ~ /yyy { proxy_pass http://backend_foo; }
location ~ /zzz { proxy_pass http://backend_foo; }
location ~ /mmm { proxy_pass http://backend_foo; }
....

The number of paths are 3254. So writing them line by line doesn't look so
nice to me. any other more performance solution? Maybe with lua and in
memory solution?

-- 
O?uz Yar?mtepe
http://about.me/oguzy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210427/519a9e11/attachment.htm>

From francis at daoine.org  Wed Apr 28 12:16:54 2021
From: francis at daoine.org (Francis Daly)
Date: Wed, 28 Apr 2021 13:16:54 +0100
Subject: upgrading binary failed - execve - too long argument list
In-Reply-To: <CAAHW1mi5osgGKbUqEAtFv4=257edPNX+5-EGoWJ9JPYsT5gi_A@mail.gmail.com>
References: <CAAHW1mi5osgGKbUqEAtFv4=257edPNX+5-EGoWJ9JPYsT5gi_A@mail.gmail.com>
Message-ID: <20210428121654.GB6772@daoine.org>

On Tue, Apr 27, 2021 at 12:35:58PM +0200, Charlie Kilo wrote:

Hi there,

I don't know the answer here, but...

> i'm trying to upgrade an nginx-binary while running.
> When i do kill -s USR2 <pid>, i get the following error in the logs..
> 
> 11:40:38 [alert] 52701#0: execve() failed while executing new binary
> process "/opt/sbin/nginx" (7: Argument list too long)

https://wiki.debian.org/CommonErrorMessages/ArgumentListTooLong (last
modified in 2009) says that that happens when execve() "is unable to
fit the supplied argument list and environment into the 128K buffer".

> Anybody knows what exactly is in those arguments ? We have ~ 20-55 worker
> processes if that might be related..

Does "ps -ef" (possibly "| grep nginx") show the arguments involved?

And, with the right permissions,

wc -c /proc/*/environ 2>/dev/null | sort -rn | less

can show you the size of each process environment that you can read. If
you know the process id (PID) involved, you can just "wc -c" that one
directly.

That might hint at whether there is actually something very big involved,
or whether something else has gone wrong and the wrong error message is
being reported.

Good luck with it,

	f
-- 
Francis Daly        francis at daoine.org

From ESpeake at dmp.com  Wed Apr 28 19:52:48 2021
From: ESpeake at dmp.com (Eric Speake)
Date: Wed, 28 Apr 2021 19:52:48 +0000
Subject: Redirect url request to a new site is not working.
Message-ID: <2c2bf3683a06494bb5d7dd4618fc07c1@dmp.com>


I need to redirect https://mysite.com/meeting to https://new.mysite.com/events/meet/meeting

Here us what I have in my config:

location ~* / {

     #Custom Redirects
     rewrite ^(/meeting.*) https://new.mysite.com/events/meet$1 permanent;
}

I have tried a few other tweaks, but nothing is working. I know I'm missing something simple.

Thanks,
Eric

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210428/2f865fb1/attachment.htm>

From mdounin at mdounin.ru  Wed Apr 28 21:13:31 2021
From: mdounin at mdounin.ru (Maxim Dounin)
Date: Thu, 29 Apr 2021 00:13:31 +0300
Subject: upgrading binary failed - execve - too long argument list
In-Reply-To: <CAAHW1mi5osgGKbUqEAtFv4=257edPNX+5-EGoWJ9JPYsT5gi_A@mail.gmail.com>
References: <CAAHW1mi5osgGKbUqEAtFv4=257edPNX+5-EGoWJ9JPYsT5gi_A@mail.gmail.com>
Message-ID: <YInP+8tRi//1qWiO@mdounin.ru>

Hello!

On Tue, Apr 27, 2021 at 12:35:58PM +0200, Charlie Kilo wrote:

> Hi everyone,
> i'm trying to upgrade an nginx-binary while running.
> When i do kill -s USR2 <pid>, i get the following error in the logs..
> 
> 11:40:38 [alert] 52701#0: execve() failed while executing new binary
> process "/opt/sbin/nginx" (7: Argument list too long)
> 
> Anybody knows what exactly is in those arguments ? We have ~ 20-55 worker
> processes if that might be related..
> nginx-version is 1.18.0, os: debian buster

The only notable thing I can think of is the list of open 
listening sockets, which is passed in the NGINX environment 
variable to the new process.

There should be plenty of space even with a lot of listening 
sockets though, given the default limit of 2M on Linux.  Even with 
"listen ... reuseport", when a separate listening socket 
is created for each worker process, it does not look like the 
limit can be easily reached: 2M should be enough for about 300k 
listening sockets, so with 55 worker processes it is about 5k 
listening sockets with reuseport.

How many listening sockets do you have?  Do they use "listen ...  
reuseport" option?  What "getconf ARG_MAX" and "ulimit -s" show on 
your system?  Any 3rd party modules (and what "nginx -V" shows)?

-- 
Maxim Dounin
http://mdounin.ru/

From osa at freebsd.org.ru  Wed Apr 28 21:21:03 2021
From: osa at freebsd.org.ru (Sergey A. Osokin)
Date: Thu, 29 Apr 2021 00:21:03 +0300
Subject: Redirect url request to a new site is not working.
In-Reply-To: <2c2bf3683a06494bb5d7dd4618fc07c1@dmp.com>
References: <2c2bf3683a06494bb5d7dd4618fc07c1@dmp.com>
Message-ID: <YInRv9Fc0NRYHDcd@FreeBSD.org.ru>

Hi Eric,

hope you're doing well these days.

On Wed, Apr 28, 2021 at 07:52:48PM +0000, Eric Speake wrote:
> 
> I need to redirect https://mysite.com/meeting to https://new.mysite.com/events/meet/meeting

...

The following one should work:

    location ~ ^/meeting {
        return 301 https://new.mysite.com/events/meet$request_uri;
    }

-- 
Sergey Osokin

From me at mheard.com  Wed Apr 28 22:57:28 2021
From: me at mheard.com (Mathew Heard)
Date: Thu, 29 Apr 2021 08:57:28 +1000
Subject: upgrading binary failed - execve - too long argument list
In-Reply-To: <YInP+8tRi//1qWiO@mdounin.ru>
References: <CAAHW1mi5osgGKbUqEAtFv4=257edPNX+5-EGoWJ9JPYsT5gi_A@mail.gmail.com>
 <YInP+8tRi//1qWiO@mdounin.ru>
Message-ID: <CAE5sJtQsJhAkWTzf6rBT=_n9ymw_emQvNEedkjAFzRNc+b2WJg@mail.gmail.com>

At-least on my system ARG_MAX depends on the size of ulimit.

# getconf ARG_MAX
2097152
# ulimit -s unlimited
# getconf ARG_MAX
4611686018427387903

Meaning no kernel recompilation should be necessary to adjust the maximum
argument space.

On Thu, 29 Apr 2021 at 07:13, Maxim Dounin <mdounin at mdounin.ru> wrote:

> Hello!
>
> On Tue, Apr 27, 2021 at 12:35:58PM +0200, Charlie Kilo wrote:
>
> > Hi everyone,
> > i'm trying to upgrade an nginx-binary while running.
> > When i do kill -s USR2 <pid>, i get the following error in the logs..
> >
> > 11:40:38 [alert] 52701#0: execve() failed while executing new binary
> > process "/opt/sbin/nginx" (7: Argument list too long)
> >
> > Anybody knows what exactly is in those arguments ? We have ~ 20-55 worker
> > processes if that might be related..
> > nginx-version is 1.18.0, os: debian buster
>
> The only notable thing I can think of is the list of open
> listening sockets, which is passed in the NGINX environment
> variable to the new process.
>
> There should be plenty of space even with a lot of listening
> sockets though, given the default limit of 2M on Linux.  Even with
> "listen ... reuseport", when a separate listening socket
> is created for each worker process, it does not look like the
> limit can be easily reached: 2M should be enough for about 300k
> listening sockets, so with 55 worker processes it is about 5k
> listening sockets with reuseport.
>
> How many listening sockets do you have?  Do they use "listen ...
> reuseport" option?  What "getconf ARG_MAX" and "ulimit -s" show on
> your system?  Any 3rd party modules (and what "nginx -V" shows)?
>
> --
> Maxim Dounin
> http://mdounin.ru/
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210429/0f378c78/attachment.htm>

From nginx-forum at forum.nginx.org  Thu Apr 29 18:50:06 2021
From: nginx-forum at forum.nginx.org (bouvierh)
Date: Thu, 29 Apr 2021 14:50:06 -0400
Subject: Caching  auth_request!
Message-ID: <8b7d5e7e6e94558349aa1ab085162c7d.NginxMailingListEnglish@forum.nginx.org>

Hello,

I am caching the result of auth_request. This is the simplified code:
       proxy_cache_path /var/cache/nginx levels=1 keys_zone=token_cache:1m
max_size=2m
                 inactive=60m use_temp_path=off;

        location /devices {
            auth_request /auth;
            auth_request_set $token $upstream_http_x_token;
            proxy_set_header    Authorization $token;
            set $endpoint https://upstream;
            proxy_pass $endpoint;

        }

        location = /auth {
            proxy_cache token_cache;
            proxy_cache_valid any 30m;
            proxy_cache_key   "$request_uri";
            set $endpoint http://127.0.0.1:6001;
            proxy_pass http://auth_server;
        }

I can see that my requests are being cached
when I do:  curl  https://10.0.2.6:443/devices 
however, caching is useless because the auth server is requested every
time.

What is really strange is that when I curl the auth server directly, it
behaves as expected:
curl  https://10.0.2.6:443/auth
Then the auth_server is hit only after the cache expires

Has anyone experienced the same issue?

Posted at Nginx Forum: https://forum.nginx.org/read.php?2,291390,291390#msg-291390


From krikkiteer at gmail.com  Fri Apr 30 06:27:55 2021
From: krikkiteer at gmail.com (Charlie Kilo)
Date: Fri, 30 Apr 2021 08:27:55 +0200
Subject: upgrading binary failed - execve - too long argument list
In-Reply-To: <CAAHW1mi5osgGKbUqEAtFv4=257edPNX+5-EGoWJ9JPYsT5gi_A@mail.gmail.com>
References: <CAAHW1mi5osgGKbUqEAtFv4=257edPNX+5-EGoWJ9JPYsT5gi_A@mail.gmail.com>
Message-ID: <CAAHW1mgYHwjM+xHn=TybrQ+n4qF=yHUJuaphoW-7AGoPDPxD+g@mail.gmail.com>

Thanks a lot for the hints so far.. to provide the further info and answer
the questions..

getconf ARG_MAX shows 2097152
ulimit -s shows 8192
setting it to unlimited, doesn't change anything (also not with prlimit)
wc -c /proc/<pid>/environ shows 1949

it seems on a regular machine we have around 1200 listening sockets
and do indeed use "reuseport"

nginx -V shows
nginx version: nginx/1.18.0
built with OpenSSL 1.1.1j  16 Feb 2021
TLS SNI support enabled
configure arguments: --with-ipv6 --with-file-aio
--with-http_ssl_module --with-http_v2_module --with-http_realip_module
--with-http_stub_status_module --with-http_gzip_static_module
--with-http_sub_module --without-http_scgi_module --with-stream
--with-stream_ssl_module --with-stream_realip_module
--with-stream_geoip_module --with-stream_ssl_preread_module
--with-http_slice_module --add-module=../lua-nginx-module-0.10.15
--add-module=../headers-more-v0.25
--add-module=../ngx-devel-kit-master
--add-module=../dist/nginx-rtmp-module
--add-module=../build/nginx_upstream_check_module
--conf-path=/etc/nginx.conf --with-mail --with-mail_ssl_module
--without-mail_pop3_module --with-cc-opt='-D_FORTIFY_SOURCE=1
-fstack-protector -fstack-clash-protection -pipe -march=westmere
-mtune=intel -O3 -I/build/nginx/boringssl/.compat/include -g'
--with-ld-opt='-Wl,-z,relro,-z,now,-lgmp -ldl'



On Tue, Apr 27, 2021 at 12:35 PM Charlie Kilo <krikkiteer at gmail.com> wrote:

> Hi everyone,
> i'm trying to upgrade an nginx-binary while running.
> When i do kill -s USR2 <pid>, i get the following error in the logs..
>
> 11:40:38 [alert] 52701#0: execve() failed while executing new binary
> process "/opt/sbin/nginx" (7: Argument list too long)
>
> Anybody knows what exactly is in those arguments ? We have ~ 20-55 worker
> processes if that might be related..
> nginx-version is 1.18.0, os: debian buster
>
> thanks everyone in advance!
> chris
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210430/c2909bc8/attachment.htm>

From krikkiteer at gmail.com  Fri Apr 30 09:14:48 2021
From: krikkiteer at gmail.com (Charlie Kilo)
Date: Fri, 30 Apr 2021 11:14:48 +0200
Subject: upgrading binary failed - execve - too long argument list
In-Reply-To: <CAAHW1mgYHwjM+xHn=TybrQ+n4qF=yHUJuaphoW-7AGoPDPxD+g@mail.gmail.com>
References: <CAAHW1mi5osgGKbUqEAtFv4=257edPNX+5-EGoWJ9JPYsT5gi_A@mail.gmail.com>
 <CAAHW1mgYHwjM+xHn=TybrQ+n4qF=yHUJuaphoW-7AGoPDPxD+g@mail.gmail.com>
Message-ID: <CAAHW1mgVGwVZ5zizK6vFix-gsBKWMYHA-46DopO5hP-UDbCQkA@mail.gmail.com>

correction.. if i count with
ss -l -t |grep http | wc -l
we have around 58340 listening sockets.. at least on that machine..


On Fri, Apr 30, 2021 at 8:27 AM Charlie Kilo <krikkiteer at gmail.com> wrote:

> Thanks a lot for the hints so far.. to provide the further info and answer
> the questions..
>
> getconf ARG_MAX shows 2097152
> ulimit -s shows 8192
> setting it to unlimited, doesn't change anything (also not with prlimit)
> wc -c /proc/<pid>/environ shows 1949
>
> it seems on a regular machine we have around 1200 listening sockets and do indeed use "reuseport"
>
> nginx -V shows
> nginx version: nginx/1.18.0
> built with OpenSSL 1.1.1j  16 Feb 2021
> TLS SNI support enabled
> configure arguments: --with-ipv6 --with-file-aio --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_sub_module --without-http_scgi_module --with-stream --with-stream_ssl_module --with-stream_realip_module --with-stream_geoip_module --with-stream_ssl_preread_module --with-http_slice_module --add-module=../lua-nginx-module-0.10.15 --add-module=../headers-more-v0.25 --add-module=../ngx-devel-kit-master --add-module=../dist/nginx-rtmp-module --add-module=../build/nginx_upstream_check_module --conf-path=/etc/nginx.conf --with-mail --with-mail_ssl_module --without-mail_pop3_module --with-cc-opt='-D_FORTIFY_SOURCE=1 -fstack-protector -fstack-clash-protection -pipe -march=westmere -mtune=intel -O3 -I/build/nginx/boringssl/.compat/include -g' --with-ld-opt='-Wl,-z,relro,-z,now,-lgmp -ldl'
>
>
>
> On Tue, Apr 27, 2021 at 12:35 PM Charlie Kilo <krikkiteer at gmail.com>
> wrote:
>
>> Hi everyone,
>> i'm trying to upgrade an nginx-binary while running.
>> When i do kill -s USR2 <pid>, i get the following error in the logs..
>>
>> 11:40:38 [alert] 52701#0: execve() failed while executing new binary
>> process "/opt/sbin/nginx" (7: Argument list too long)
>>
>> Anybody knows what exactly is in those arguments ? We have ~ 20-55 worker
>> processes if that might be related..
>> nginx-version is 1.18.0, os: debian buster
>>
>> thanks everyone in advance!
>> chris
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20210430/aa6d67a3/attachment.htm>