From shashi.sharma at espire.com Fri Sep 1 18:06:57 2023 From: shashi.sharma at espire.com (Shashi Kant Sharma) Date: Fri, 1 Sep 2023 18:06:57 +0000 Subject: Nginx Support required In-Reply-To: References: Message-ID: Hi All, We did not receive any update on this. Regards [cid:image001.jpg at 01D9DCED.1FF85AB0] Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified [cid:image002.png at 01D9DCED.1FF85AB0] From: Shashi Kant Sharma Sent: Friday, September 1, 2023 12:11 PM To: nginx at nginx.org Cc: Arvind Dhamija ; Suvidha Raizada Subject: RE: Nginx Support required Hello Team, Any update on this? Regards [cid:image001.jpg at 01D9DCED.1FF85AB0] Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified [cid:image002.png at 01D9DCED.1FF85AB0] From: Shashi Kant Sharma Sent: Thursday, August 31, 2023 9:02 PM To: nginx at nginx.org Cc: Arvind Dhamija >; Suvidha Raizada > Subject: Nginx Support required Hello Team, We are looking support from Nginx team as we are facing issue in upload the file size as more than 20MB file size unable to upload. Regards [cid:image001.jpg at 01D9DCED.1FF85AB0] Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified [cid:image002.png at 01D9DCED.1FF85AB0] EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 4789 bytes Desc: image001.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 46602 bytes Desc: image002.png URL: From maxim at nginx.com Fri Sep 1 18:44:09 2023 From: maxim at nginx.com (Maxim Konovalov) Date: Fri, 1 Sep 2023 11:44:09 -0700 Subject: Nginx Support required In-Reply-To: References: Message-ID: Hi, This will be addressed off the list. Maxim On 01.09.2023 11:06, Shashi Kant Sharma wrote: > Hi All, > > We did not receive any update on this. > > Regards > > ** > > ** > > ** > > > > *Shashi Kant Sharma* > > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 > > *m*+91 9910777529*t *+91 124 3843 101 > > *Email *Shashi.sharma at espire.com > **Skype For Business > > > ** > > *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * > > *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** > > *From:*Shashi Kant Sharma > *Sent:* Friday, September 1, 2023 12:11 PM > *To:* nginx at nginx.org > *Cc:* Arvind Dhamija ; Suvidha Raizada > > *Subject:* RE: Nginx Support required > > Hello Team, > > Any update on this? > > Regards > > ** > > ** > > ** > > > > *Shashi Kant Sharma* > > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 > > *m*+91 9910777529*t *+91 124 3843 101 > > *Email *Shashi.sharma at espire.com > **Skype For Business > > > ** > > *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * > > *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** > > *From:*Shashi Kant Sharma > *Sent:* Thursday, August 31, 2023 9:02 PM > *To:* nginx at nginx.org > *Cc:* Arvind Dhamija >; Suvidha Raizada > > > *Subject:* Nginx Support required > > Hello Team, > > We are looking support from Nginx team as we are facing issue in upload > the file size as more than 20MB file size unable to upload. > > Regards > > ** > > ** > > ** > > > > *Shashi Kant Sharma* > > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 > > *m*+91 9910777529*t *+91 124 3843 101 > > *Email *Shashi.sharma at espire.com > **Skype For Business > > > ** > > *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * > > *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** > > EMAIL DISCLAIMER: Information contained and transmitted by this e-mail > and including attachment thereto is proprietary or legally privileged > information to Espire Infolabs Private Limited. It is intended for the > designated recipient(s) and purpose, and may contain information that is > privileged, confidential or exempt from disclosure under applicable law. > Access to this e-mail and/or to the attachment by anyone else is > unauthorized. If you are not the intended recipient, an agent of the > intended recipient or a person responsible for delivering the > information to the intended recipient, you are notified that any use, > copying, reproduction, dissemination, disclosure, modification, > publication of this e-mail or any information contained therein in any > way or in any manner is strictly prohibited or may be unlawful. Further, > if you are not the intended recipient, please notify the sender > immediately about mis-delivery and permanently delete this e-mail and > its attachments, if any. The recipient acknowledges that the views > expressed in this e-mail are those of sender and may not necessarily > reflect those of the company. There is no guarantee that the integrity > of this communication has been maintained and nor is this communication > free of viruses, interceptions or interference. The sender or the > Company accepts no liability for damage caused by any virus transmitted > in this email or error or omissions. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx -- Maxim Konovalov From shashi.sharma at espire.com Fri Sep 1 18:47:55 2023 From: shashi.sharma at espire.com (Shashi Kant Sharma) Date: Fri, 1 Sep 2023 18:47:55 +0000 Subject: Nginx Support required In-Reply-To: References: Message-ID: Hi Maxim, Can you loop any relevant team who can assist and provide the support? Regards Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified -----Original Message----- From: Maxim Konovalov Sent: Saturday, September 2, 2023 12:14 AM To: nginx at nginx.org; unit at nginx.org Cc: Arvind Dhamija ; Suvidha Raizada ; APACServicesSales at f5.com; Shashi Kant Sharma Subject: Re: Nginx Support required THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. Hi, This will be addressed off the list. Maxim On 01.09.2023 11:06, Shashi Kant Sharma wrote: > Hi All, > > We did not receive any update on this. > > Regards > > ** > > ** > > ** > > > > *Shashi Kant Sharma* > > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 > > *m*+91 9910777529*t *+91 124 3843 101 > > *Email *Shashi.sharma at espire.com > **Skype For Business > > > ** > > *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * > > *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** > > *From:*Shashi Kant Sharma > *Sent:* Friday, September 1, 2023 12:11 PM > *To:* nginx at nginx.org > *Cc:* Arvind Dhamija ; Suvidha Raizada > > *Subject:* RE: Nginx Support required > > Hello Team, > > Any update on this? > > Regards > > ** > > ** > > ** > > > > *Shashi Kant Sharma* > > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 > > *m*+91 9910777529*t *+91 124 3843 101 > > *Email *Shashi.sharma at espire.com > **Skype For Business > > > ** > > *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * > > *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** > > *From:*Shashi Kant Sharma > *Sent:* Thursday, August 31, 2023 9:02 PM > *To:* nginx at nginx.org > *Cc:* Arvind Dhamija >; Suvidha Raizada > > > *Subject:* Nginx Support required > > Hello Team, > > We are looking support from Nginx team as we are facing issue in > upload the file size as more than 20MB file size unable to upload. > > Regards > > ** > > ** > > ** > > > > *Shashi Kant Sharma* > > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 > > *m*+91 9910777529*t *+91 124 3843 101 > > *Email *Shashi.sharma at espire.com > **Skype For Business > > > ** > > *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * > > *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** > > EMAIL DISCLAIMER: Information contained and transmitted by this e-mail > and including attachment thereto is proprietary or legally privileged > information to Espire Infolabs Private Limited. It is intended for the > designated recipient(s) and purpose, and may contain information that > is privileged, confidential or exempt from disclosure under applicable law. > Access to this e-mail and/or to the attachment by anyone else is > unauthorized. If you are not the intended recipient, an agent of the > intended recipient or a person responsible for delivering the > information to the intended recipient, you are notified that any use, > copying, reproduction, dissemination, disclosure, modification, > publication of this e-mail or any information contained therein in any > way or in any manner is strictly prohibited or may be unlawful. > Further, if you are not the intended recipient, please notify the > sender immediately about mis-delivery and permanently delete this > e-mail and its attachments, if any. The recipient acknowledges that > the views expressed in this e-mail are those of sender and may not > necessarily reflect those of the company. There is no guarantee that > the integrity of this communication has been maintained and nor is > this communication free of viruses, interceptions or interference. The > sender or the Company accepts no liability for damage caused by any > virus transmitted in this email or error or omissions. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx -- Maxim Konovalov EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. From shashi.sharma at espire.com Sat Sep 2 06:37:41 2023 From: shashi.sharma at espire.com (Shashi Kant Sharma) Date: Sat, 2 Sep 2023 06:37:41 +0000 Subject: Nginx Support required In-Reply-To: <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> References: <5934b355-13b3-b6e4-be8a-30f2ff65f5d7@nginx.com> <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> Message-ID: HI Maxim, Many thanks for response however please find hosted environment details and looking forward your support as it will not take more than 20 minutes time. In Espire environment we are using below config:- Espire UAT environment. OS - Ubuntu - 18.0 Nginx version - 1.18 Client Environment. OS - Ubuntu - 22.4 Nginx version - 1.22.1 @nginx at nginx.org: Please help on this as we need immediate support on this however my ID registerd on Nginx subscription. Please revert me on this ASAP and looking forward support on this. Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified -----Original Message----- From: Maxim Konovalov Sent: Saturday, September 2, 2023 11:51 AM To: Shashi Kant Sharma Cc: APACServicesSales at f5.com; Sapna Sharma ; Arvind Dhamija ; Suvidha Raizada ; Bhupendra Singh Subject: Re: Nginx Support required THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. Shashi, Unfortunately, unless you are F5 customers, I cannot help you. You can ask your question on nginx at nginx.org mailing list (please don't copy unit at nginx.org, it is for a different product) but please bear with the fact that it is a community discussion list, not a support channel. Maxim On 01.09.2023 23:17, Shashi Kant Sharma wrote: > Sure, > > We are using open source and once POC done then we will purchase the product with subscription however this is very important to us and Nginx work together on this issue. > > @Suvidha Raizada/@Arvind Dhamija/@Bhupendra Singh: please provide the details what we have and what we have in client side immediately. > > Regards > > > > > > Shashi Kant Sharma > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t > +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business > > CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO > 9001:2015 certified > > > > -----Original Message----- > From: Maxim Konovalov > Sent: Saturday, September 2, 2023 11:44 AM > To: Shashi Kant Sharma > Cc: Arvind Dhamija ; Suvidha Raizada > ; APACServicesSales at f5.com; Sapna Sharma > > Subject: Re: Nginx Support required > > THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. > > Hi Shashi, > > Before we proceed would you mind to share your subscription ID or any other information about F5 Inc products you bought? > > Thanks, > > Maxim > > On 01.09.2023 23:07, Shashi Kant Sharma wrote: >> Hi Maxim, >> >> Good day and hope you are doing good! >> >> Can you please share your availability today, so I can send meeting invite as we are looking for urgent support from Nginx team as last couple of days we are facing issue in upload the attachment more than 20 MB. And we are working on client environment and UAT ( Espire hosted) environment however due to technical expertise unable to close this issue. >> >> It would be highly appreciable if we can quick connect and looking forward expert support from Nginx team by today. >> >> Again, looking forward immediate response on this as good opportunity both side to get deliver it and further license purchase/renewal. >> >> Regards >> >> >> Shashi Kant Sharma >> Associate Director - IT >> >> Espire Infolabs Pvt. Ltd. >> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t >> +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business >> >> CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO >> 9001:2015 certified >> >> >> >> -----Original Message----- >> From: Maxim Konovalov >> Sent: Saturday, September 2, 2023 12:32 AM >> To: Shashi Kant Sharma >> Cc: Arvind Dhamija ; Suvidha Raizada >> ; APACServicesSales at f5.com >> Subject: Re: Nginx Support required >> >> THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. >> >> Hi Shashi, >> >> I am happy to do so! >> >> I removed nginx at nginx.org and unit at nginx.org emails from the Cc list. >> >> They are community mailing lists for our opensource projects nginx-oss and nginx-unit. There are not intended to provide support for paid users and have no any SLA's or anything like that. >> >> Am I right that you are paid customers for nginx-plus? >> >> If the above assumption is correct I recommend to go through the official support on the MyF5 portal. >> >> Any additional information about product(s) you bought, subscription ID or sales contact at F5 would be helpful for further assistance. >> >> Thanks, >> >> Maxim >> >> On 01.09.2023 11:47, Shashi Kant Sharma wrote: >>> Hi Maxim, >>> >>> Can you loop any relevant team who can assist and provide the support? >>> >>> Regards >>> >>> >>> >>> >>> >>> Shashi Kant Sharma >>> Associate Director - IT >>> >>> Espire Infolabs Pvt. Ltd. >>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t >>> +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business >>> >>> CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO >>> 9001:2015 certified >>> >>> >>> >>> -----Original Message----- >>> From: Maxim Konovalov >>> Sent: Saturday, September 2, 2023 12:14 AM >>> To: nginx at nginx.org; unit at nginx.org >>> Cc: Arvind Dhamija ; Suvidha Raizada >>> ; APACServicesSales at f5.com; Shashi Kant >>> Sharma >>> Subject: Re: Nginx Support required >>> >>> THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. >>> >>> Hi, >>> >>> This will be addressed off the list. >>> >>> Maxim >>> >>> On 01.09.2023 11:06, Shashi Kant Sharma wrote: >>>> Hi All, >>>> >>>> We did not receive any update on this. >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> *From:*Shashi Kant Sharma >>>> *Sent:* Friday, September 1, 2023 12:11 PM >>>> *To:* nginx at nginx.org >>>> *Cc:* Arvind Dhamija ; Suvidha Raizada >>>> >>>> *Subject:* RE: Nginx Support required >>>> >>>> Hello Team, >>>> >>>> Any update on this? >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> *From:*Shashi Kant Sharma >>>> *Sent:* Thursday, August 31, 2023 9:02 PM >>>> *To:* nginx at nginx.org >>>> *Cc:* Arvind Dhamija >>> >; Suvidha Raizada >>>> > >>>> *Subject:* Nginx Support required >>>> >>>> Hello Team, >>>> >>>> We are looking support from Nginx team as we are facing issue in >>>> upload the file size as more than 20MB file size unable to upload. >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> EMAIL DISCLAIMER: Information contained and transmitted by this >>>> e-mail and including attachment thereto is proprietary or legally >>>> privileged information to Espire Infolabs Private Limited. It is >>>> intended for the designated recipient(s) and purpose, and may >>>> contain information that is privileged, confidential or exempt from disclosure under applicable law. >>>> Access to this e-mail and/or to the attachment by anyone else is >>>> unauthorized. If you are not the intended recipient, an agent of >>>> the intended recipient or a person responsible for delivering the >>>> information to the intended recipient, you are notified that any >>>> use, copying, reproduction, dissemination, disclosure, >>>> modification, publication of this e-mail or any information >>>> contained therein in any way or in any manner is strictly prohibited or may be unlawful. >>>> Further, if you are not the intended recipient, please notify the >>>> sender immediately about mis-delivery and permanently delete this >>>> e-mail and its attachments, if any. The recipient acknowledges that >>>> the views expressed in this e-mail are those of sender and may not >>>> necessarily reflect those of the company. There is no guarantee >>>> that the integrity of this communication has been maintained and >>>> nor is this communication free of viruses, interceptions or interference. >>>> The sender or the Company accepts no liability for damage caused by >>>> any virus transmitted in this email or error or omissions. >>>> >>>> _______________________________________________ >>>> nginx mailing list >>>> nginx at nginx.org >>>> https://mailman.nginx.org/mailman/listinfo/nginx >>> >>> -- >>> Maxim Konovalov >>> >>> EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. >> >> -- >> Maxim Konovalov >> >> EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. > > -- > Maxim Konovalov > > EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. -- Maxim Konovalov EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. From shashi.sharma at espire.com Sat Sep 2 08:01:42 2023 From: shashi.sharma at espire.com (Shashi Kant Sharma) Date: Sat, 2 Sep 2023 08:01:42 +0000 Subject: Nginx Support required In-Reply-To: References: <5934b355-13b3-b6e4-be8a-30f2ff65f5d7@nginx.com> <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> Message-ID: Hi Maxim/Team, I am looking forward response on this. Can you please response or suggest any time for discussion today. Regards Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified -----Original Message----- From: Shashi Kant Sharma Sent: Saturday, September 2, 2023 12:08 PM To: Maxim Konovalov ; nginx at nginx.org Cc: APACServicesSales at f5.com; Sapna Sharma ; Arvind Dhamija ; Suvidha Raizada ; Bhupendra Singh Subject: RE: Nginx Support required HI Maxim, Many thanks for response however please find hosted environment details and looking forward your support as it will not take more than 20 minutes time. In Espire environment we are using below config:- Espire UAT environment. OS - Ubuntu - 18.0 Nginx version - 1.18 Client Environment. OS - Ubuntu - 22.4 Nginx version - 1.22.1 @nginx at nginx.org: Please help on this as we need immediate support on this however my ID registerd on Nginx subscription. Please revert me on this ASAP and looking forward support on this. Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified -----Original Message----- From: Maxim Konovalov Sent: Saturday, September 2, 2023 11:51 AM To: Shashi Kant Sharma Cc: APACServicesSales at f5.com; Sapna Sharma ; Arvind Dhamija ; Suvidha Raizada ; Bhupendra Singh Subject: Re: Nginx Support required THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. Shashi, Unfortunately, unless you are F5 customers, I cannot help you. You can ask your question on nginx at nginx.org mailing list (please don't copy unit at nginx.org, it is for a different product) but please bear with the fact that it is a community discussion list, not a support channel. Maxim On 01.09.2023 23:17, Shashi Kant Sharma wrote: > Sure, > > We are using open source and once POC done then we will purchase the product with subscription however this is very important to us and Nginx work together on this issue. > > @Suvidha Raizada/@Arvind Dhamija/@Bhupendra Singh: please provide the details what we have and what we have in client side immediately. > > Regards > > > > > > Shashi Kant Sharma > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t > +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business > > CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO > 9001:2015 certified > > > > -----Original Message----- > From: Maxim Konovalov > Sent: Saturday, September 2, 2023 11:44 AM > To: Shashi Kant Sharma > Cc: Arvind Dhamija ; Suvidha Raizada > ; APACServicesSales at f5.com; Sapna Sharma > > Subject: Re: Nginx Support required > > THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. > > Hi Shashi, > > Before we proceed would you mind to share your subscription ID or any other information about F5 Inc products you bought? > > Thanks, > > Maxim > > On 01.09.2023 23:07, Shashi Kant Sharma wrote: >> Hi Maxim, >> >> Good day and hope you are doing good! >> >> Can you please share your availability today, so I can send meeting invite as we are looking for urgent support from Nginx team as last couple of days we are facing issue in upload the attachment more than 20 MB. And we are working on client environment and UAT ( Espire hosted) environment however due to technical expertise unable to close this issue. >> >> It would be highly appreciable if we can quick connect and looking forward expert support from Nginx team by today. >> >> Again, looking forward immediate response on this as good opportunity both side to get deliver it and further license purchase/renewal. >> >> Regards >> >> >> Shashi Kant Sharma >> Associate Director - IT >> >> Espire Infolabs Pvt. Ltd. >> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t >> +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business >> >> CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO >> 9001:2015 certified >> >> >> >> -----Original Message----- >> From: Maxim Konovalov >> Sent: Saturday, September 2, 2023 12:32 AM >> To: Shashi Kant Sharma >> Cc: Arvind Dhamija ; Suvidha Raizada >> ; APACServicesSales at f5.com >> Subject: Re: Nginx Support required >> >> THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. >> >> Hi Shashi, >> >> I am happy to do so! >> >> I removed nginx at nginx.org and unit at nginx.org emails from the Cc list. >> >> They are community mailing lists for our opensource projects nginx-oss and nginx-unit. There are not intended to provide support for paid users and have no any SLA's or anything like that. >> >> Am I right that you are paid customers for nginx-plus? >> >> If the above assumption is correct I recommend to go through the official support on the MyF5 portal. >> >> Any additional information about product(s) you bought, subscription ID or sales contact at F5 would be helpful for further assistance. >> >> Thanks, >> >> Maxim >> >> On 01.09.2023 11:47, Shashi Kant Sharma wrote: >>> Hi Maxim, >>> >>> Can you loop any relevant team who can assist and provide the support? >>> >>> Regards >>> >>> >>> >>> >>> >>> Shashi Kant Sharma >>> Associate Director - IT >>> >>> Espire Infolabs Pvt. Ltd. >>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t >>> +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business >>> >>> CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO >>> 9001:2015 certified >>> >>> >>> >>> -----Original Message----- >>> From: Maxim Konovalov >>> Sent: Saturday, September 2, 2023 12:14 AM >>> To: nginx at nginx.org; unit at nginx.org >>> Cc: Arvind Dhamija ; Suvidha Raizada >>> ; APACServicesSales at f5.com; Shashi Kant >>> Sharma >>> Subject: Re: Nginx Support required >>> >>> THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. >>> >>> Hi, >>> >>> This will be addressed off the list. >>> >>> Maxim >>> >>> On 01.09.2023 11:06, Shashi Kant Sharma wrote: >>>> Hi All, >>>> >>>> We did not receive any update on this. >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> *From:*Shashi Kant Sharma >>>> *Sent:* Friday, September 1, 2023 12:11 PM >>>> *To:* nginx at nginx.org >>>> *Cc:* Arvind Dhamija ; Suvidha Raizada >>>> >>>> *Subject:* RE: Nginx Support required >>>> >>>> Hello Team, >>>> >>>> Any update on this? >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> *From:*Shashi Kant Sharma >>>> *Sent:* Thursday, August 31, 2023 9:02 PM >>>> *To:* nginx at nginx.org >>>> *Cc:* Arvind Dhamija >>> >; Suvidha Raizada >>>> > >>>> *Subject:* Nginx Support required >>>> >>>> Hello Team, >>>> >>>> We are looking support from Nginx team as we are facing issue in >>>> upload the file size as more than 20MB file size unable to upload. >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> EMAIL DISCLAIMER: Information contained and transmitted by this >>>> e-mail and including attachment thereto is proprietary or legally >>>> privileged information to Espire Infolabs Private Limited. It is >>>> intended for the designated recipient(s) and purpose, and may >>>> contain information that is privileged, confidential or exempt from disclosure under applicable law. >>>> Access to this e-mail and/or to the attachment by anyone else is >>>> unauthorized. If you are not the intended recipient, an agent of >>>> the intended recipient or a person responsible for delivering the >>>> information to the intended recipient, you are notified that any >>>> use, copying, reproduction, dissemination, disclosure, >>>> modification, publication of this e-mail or any information >>>> contained therein in any way or in any manner is strictly prohibited or may be unlawful. >>>> Further, if you are not the intended recipient, please notify the >>>> sender immediately about mis-delivery and permanently delete this >>>> e-mail and its attachments, if any. The recipient acknowledges that >>>> the views expressed in this e-mail are those of sender and may not >>>> necessarily reflect those of the company. There is no guarantee >>>> that the integrity of this communication has been maintained and >>>> nor is this communication free of viruses, interceptions or interference. >>>> The sender or the Company accepts no liability for damage caused by >>>> any virus transmitted in this email or error or omissions. >>>> >>>> _______________________________________________ >>>> nginx mailing list >>>> nginx at nginx.org >>>> https://mailman.nginx.org/mailman/listinfo/nginx >>> >>> -- >>> Maxim Konovalov >>> >>> EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. >> >> -- >> Maxim Konovalov >> >> EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. > > -- > Maxim Konovalov > > EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. -- Maxim Konovalov EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. From francis at daoine.org Sat Sep 2 11:16:28 2023 From: francis at daoine.org (Francis Daly) Date: Sat, 2 Sep 2023 12:16:28 +0100 Subject: Nginx Support required In-Reply-To: References: <5934b355-13b3-b6e4-be8a-30f2ff65f5d7@nginx.com> <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> Message-ID: <20230902111628.GY6038@daoine.org> On Sat, Sep 02, 2023 at 08:01:42AM +0000, Shashi Kant Sharma wrote: Hi there, > I am looking forward response on this. Can you please response or suggest any time for discussion today. For the nginx at nginx.org public list for "community" support of the open source application: if you can show what you are doing, and what you are seeing, and what you want to see instead; then there's a better chance that someone will be able to to either recognise the problem, or re-create the problem. You seem to be reporting that an upload of something bigger than 20 MB leads to some problem. It sounds like you might want to use the client_max_body_size directive (http://nginx.org/r/client_max_body_size) if you get a 413 response from nginx when you send a big file and not when you send a small file. But if your nginx accepts the current big upload, and whatever nginx sends the request to for further processing rejects it as too big, then that other thing is the thing that would need to be reconfigured to allow it. Maybe that's enough to allow you to resolve the issue? If not, if you can provide more specific details about what your system is doing, someone might be able to make an alternate suggestion. Good luck with it, f -- Francis Daly francis at daoine.org From venefax at gmail.com Sat Sep 2 16:55:11 2023 From: venefax at gmail.com (Saint Michael) Date: Sat, 2 Sep 2023 12:55:11 -0400 Subject: Nginx Support required In-Reply-To: <20230902111628.GY6038@daoine.org> References: <5934b355-13b3-b6e4-be8a-30f2ff65f5d7@nginx.com> <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> <20230902111628.GY6038@daoine.org> Message-ID: Is there any paid support that would help me fix this problem: This works: https://www.ntn24.com/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 but in the link below, the video from videomotion, fails to play: https://ntn24.1eye.us/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 The proxy should work, this is my definition server { default_type application/octet-stream; set $template_root /usr/local/openresty/nginx/html/templates; listen 38.95.11.236:443 ssl; error_log logs/error.log warn; access_log logs/access.log; server_name ntn24.1eye.us; ssl_certificate /etc/letsencrypt/live/ntn24.1eye.us/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ntn24.1eye.us/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot location / { include /etc/proxy_include.txt; proxy_cookie_domain https://ntn24.com https://ntn24.1eye.us; proxy_set_header Host "www.ntn24.com"; proxy_pass https://www.ntn24.com; proxy_redirect https://www.ntn24.com https://ntn24.1eye.us; subs_filter_types text/css text/javascript application/javascript; subs_filter "ntn24.com" "ntn24.1eye.us" gi; subs_filter "https://(.*).ntn24.com/(.*)" "https://ntn24.1eye.us/$1/$2" gi; subs_filter "https://ntn24.com" "https://ntn24.1eye.us" gi; subs_filter "https://www.ntn24.com" "https://ntn24.1eye.us" gi; subs_filter "www.ntn24.com" "ntn24.1eye.us" gi; } } the proxy_include.txt file: proxy_buffering on; resolver 127.0.0.1 ipv6=off; proxy_http_version 1.1; proxy_buffer_size 128k; proxy_busy_buffers_size 256k; proxy_buffers 4 256k; proxy_pass_header *; proxy_set_header Connection "Keep-Alive"; proxy_set_header Proxy-Connection "Keep-Alive"; #proxy_set_header User-Agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36"; #proxy_set_header User-Agent $http_user_agent; proxy_set_header X-Frame-Options sameorigin; # read here proxy_set_header X-Content-Type-Options nosniff; # read here proxy_set_header X-Xss-Protection "1; mode=block"; #read here proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header Accept-Encoding ""; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_ssl_server_name on; proxy_ssl_name $proxy_host; On Sat, Sep 2, 2023 at 7:16 AM Francis Daly wrote: > On Sat, Sep 02, 2023 at 08:01:42AM +0000, Shashi Kant Sharma wrote: > > Hi there, > > > I am looking forward response on this. Can you please response or > suggest any time for discussion today. > > For the nginx at nginx.org public list for "community" support of the open > source application: if you can show what you are doing, and what you > are seeing, and what you want to see instead; then there's a better > chance that someone will be able to to either recognise the problem, > or re-create the problem. > > You seem to be reporting that an upload of something bigger than 20 MB > leads to some problem. > > It sounds like you might want to use the client_max_body_size directive > (http://nginx.org/r/client_max_body_size) if you get a 413 response from > nginx when you send a big file and not when you send a small file. > > But if your nginx accepts the current big upload, and whatever nginx > sends the request to for further processing rejects it as too big, > then that other thing is the thing that would need to be reconfigured > to allow it. > > Maybe that's enough to allow you to resolve the issue? If not, if you > can provide more specific details about what your system is doing, > someone might be able to make an alternate suggestion. > > Good luck with it, > > f > -- > Francis Daly francis at daoine.org > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From venefax at gmail.com Sat Sep 2 17:01:05 2023 From: venefax at gmail.com (Saint Michael) Date: Sat, 2 Sep 2023 13:01:05 -0400 Subject: Nginx Support required In-Reply-To: References: <5934b355-13b3-b6e4-be8a-30f2ff65f5d7@nginx.com> <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> <20230902111628.GY6038@daoine.org> Message-ID: Is there any paid support that would help me fix this problem: This works: https://www.ntn24.com/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 but in the link below, the video from videomotion, fails to play: https://ntn24.1eye.us/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 The proxy should work, this is my definition server { default_type application/octet-stream; set $template_root /usr/local/openresty/nginx/html/templates; listen 38.95.11.236:443 ssl; error_log logs/error.log warn; access_log logs/access.log; server_name ntn24.1eye.us; ssl_certificate /etc/letsencrypt/live/ntn24.1eye.us/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/ntn24.1eye.us/privkey.pem; include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot location / { include /etc/proxy_include.txt; proxy_cookie_domain https://ntn24.com https://ntn24.1eye.us; proxy_set_header Host "www.ntn24.com"; proxy_pass https://www.ntn24.com; proxy_redirect https://www.ntn24.com https://ntn24.1eye.us; subs_filter_types text/css text/javascript application/javascript; subs_filter "ntn24.com" "ntn24.1eye.us" gi; subs_filter "https://(.*).ntn24.com/(.*)" "https://ntn24.1eye.us/$1/$2" gi; subs_filter "https://ntn24.com" "https://ntn24.1eye.us" gi; subs_filter "https://www.ntn24.com" "https://ntn24.1eye.us" gi; subs_filter "www.ntn24.com" "ntn24.1eye.us" gi; } } the proxy_include.txt file: proxy_buffering on; resolver 127.0.0.1 ipv6=off; proxy_http_version 1.1; proxy_buffer_size 128k; proxy_busy_buffers_size 256k; proxy_buffers 4 256k; proxy_pass_header *; proxy_set_header Connection "Keep-Alive"; proxy_set_header Proxy-Connection "Keep-Alive"; #proxy_set_header User-Agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36"; #proxy_set_header User-Agent $http_user_agent; proxy_set_header X-Frame-Options sameorigin; # read here proxy_set_header X-Content-Type-Options nosniff; # read here proxy_set_header X-Xss-Protection "1; mode=block"; #read here proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header Accept-Encoding ""; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_ssl_server_name on; proxy_ssl_name $proxy_host; > -------------- next part -------------- An HTML attachment was scrubbed... URL: From al-nginx at none.at Sat Sep 2 20:41:56 2023 From: al-nginx at none.at (Aleksandar Lazic) Date: Sat, 2 Sep 2023 22:41:56 +0200 Subject: Nginx Support required In-Reply-To: References: <5934b355-13b3-b6e4-be8a-30f2ff65f5d7@nginx.com> <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> <20230902111628.GY6038@daoine.org> Message-ID: <31b59cd3-4286-cc54-893d-e9cc96ba80f0@none.at> Hi Michael. On 2023-09-02 (Sa.) 19:01, Saint Michael wrote: > Is there any paid support that would help me fix this problem: You searched for this site https://www.nginx.com/products/nginx/compare-models/ nginx offers via nginx plus a product with support and more as you can see in the page above. As we used nginx plus, before it was part of F5, can I say that the support was quite good. I assume that's still the case. As Francis Daly have written is this the Mailing list of the open source nginx. @nginx team. the ml archives does not look in a good state a the messages are from Sept 2023 the last one in the archive. https://nginx.org/en/support.html https://mailman.nginx.org/pipermail/nginx/ https://marc.info/?l=nginx gmane does not resolve http://dir.gmane.org/gmane.comp.web.nginx.english Regards Alex > This works: > https://www.ntn24.com/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 > but in the link below, the video from videomotion, fails to play: > https://ntn24.1eye.us/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 > > The proxy should work, this is my definition > >  server { >         default_type  application/octet-stream; >         set $template_root /usr/local/openresty/nginx/html/templates; >         listen 38.95.11.236:443 ssl; >         error_log logs/error.log warn; >         access_log logs/access.log; >         server_name ntn24.1eye.us ; >         ssl_certificate > /etc/letsencrypt/live/ntn24.1eye.us/fullchain.pem > ; >         ssl_certificate_key > /etc/letsencrypt/live/ntn24.1eye.us/privkey.pem > ; >         include /etc/letsencrypt/options-ssl-nginx.conf; # managed by > Certbot >         ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot > >         location / { > include /etc/proxy_include.txt; > proxy_cookie_domain https://ntn24.com > https://ntn24.1eye.us ; > proxy_set_header Host "www.ntn24.com "; > proxy_pass https://www.ntn24.com ; > proxy_redirect https://www.ntn24.com > https://ntn24.1eye.us ; > > subs_filter_types text/css text/javascript application/javascript; > subs_filter "ntn24.com" "ntn24.1eye.us" gi; > subs_filter "https://(.*).ntn24.com/(.*)" "https://ntn24.1eye.us/$1/$2" gi; > subs_filter "https://ntn24.com" "https://ntn24.1eye.us" gi; > subs_filter "https://www.ntn24.com " > "https://ntn24.1eye.us " gi; > subs_filter "www.ntn24.com " "ntn24.1eye.us > " gi; > >         } > > >     } > > > the proxy_include.txt  file: > proxy_buffering on; > resolver 127.0.0.1 ipv6=off; > proxy_http_version 1.1; > proxy_buffer_size  128k; > proxy_busy_buffers_size  256k; > proxy_buffers 4 256k; > proxy_pass_header *; > proxy_set_header Connection "Keep-Alive"; > proxy_set_header Proxy-Connection "Keep-Alive"; > #proxy_set_header User-Agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 Safari/537.36"; > #proxy_set_header User-Agent $http_user_agent; > > proxy_set_header X-Frame-Options sameorigin; # read here > proxy_set_header X-Content-Type-Options nosniff; # read here > proxy_set_header X-Xss-Protection "1; mode=block"; #read here > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_set_header X-Forwarded-Proto   $scheme; > proxy_set_header Upgrade $http_upgrade; > proxy_set_header Connection $http_connection; > proxy_set_header Accept-Encoding ""; > proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Scheme $scheme; > proxy_ssl_server_name on; > proxy_ssl_name $proxy_host; > > > > > > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx From venefax at gmail.com Sat Sep 2 21:13:53 2023 From: venefax at gmail.com (Saint Michael) Date: Sat, 2 Sep 2023 17:13:53 -0400 Subject: Nginx Support required In-Reply-To: <31b59cd3-4286-cc54-893d-e9cc96ba80f0@none.at> References: <5934b355-13b3-b6e4-be8a-30f2ff65f5d7@nginx.com> <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> <20230902111628.GY6038@daoine.org> <31b59cd3-4286-cc54-893d-e9cc96ba80f0@none.at> Message-ID: Does anybody have any idea what am I doing wrong? On Sat, Sep 2, 2023 at 4:42 PM Aleksandar Lazic wrote: > Hi Michael. > > On 2023-09-02 (Sa.) 19:01, Saint Michael wrote: > > Is there any paid support that would help me fix this problem: > > You searched for this site > https://www.nginx.com/products/nginx/compare-models/ > > nginx offers via nginx plus a product with support and more as you can > see in the page above. > > As we used nginx plus, before it was part of F5, can I say that the > support was quite good. I assume that's still the case. > > As Francis Daly have written is this the Mailing list of the open source > nginx. > > @nginx team. the ml archives does not look in a good state a the > messages are from Sept 2023 the last one in the archive. > https://nginx.org/en/support.html > > https://mailman.nginx.org/pipermail/nginx/ > https://marc.info/?l=nginx > > gmane does not resolve > http://dir.gmane.org/gmane.comp.web.nginx.english > > Regards > Alex > > > This works: > > > https://www.ntn24.com/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 > > but in the link below, the video from videomotion, fails to play: > > > https://ntn24.1eye.us/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 > > > > The proxy should work, this is my definition > > > > server { > > default_type application/octet-stream; > > set $template_root /usr/local/openresty/nginx/html/templates; > > listen 38.95.11.236:443 ssl; > > error_log logs/error.log warn; > > access_log logs/access.log; > > server_name ntn24.1eye.us ; > > ssl_certificate > > /etc/letsencrypt/live/ntn24.1eye.us/fullchain.pem > > ; > > ssl_certificate_key > > /etc/letsencrypt/live/ntn24.1eye.us/privkey.pem > > ; > > include /etc/letsencrypt/options-ssl-nginx.conf; # managed by > > Certbot > > ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by > Certbot > > > > location / { > > include /etc/proxy_include.txt; > > proxy_cookie_domain https://ntn24.com > > https://ntn24.1eye.us ; > > proxy_set_header Host "www.ntn24.com "; > > proxy_pass https://www.ntn24.com ; > > proxy_redirect https://www.ntn24.com > > https://ntn24.1eye.us ; > > > > subs_filter_types text/css text/javascript application/javascript; > > subs_filter "ntn24.com" "ntn24.1eye.us" gi; > > subs_filter "https://(.*).ntn24.com/(.*)" "https://ntn24.1eye.us/$1/$2" > gi; > > subs_filter "https://ntn24.com" "https://ntn24.1eye.us" gi; > > subs_filter "https://www.ntn24.com " > > "https://ntn24.1eye.us " gi; > > subs_filter "www.ntn24.com " "ntn24.1eye.us > > " gi; > > > > } > > > > > > } > > > > > > the proxy_include.txt file: > > proxy_buffering on; > > resolver 127.0.0.1 ipv6=off; > > proxy_http_version 1.1; > > proxy_buffer_size 128k; > > proxy_busy_buffers_size 256k; > > proxy_buffers 4 256k; > > proxy_pass_header *; > > proxy_set_header Connection "Keep-Alive"; > > proxy_set_header Proxy-Connection "Keep-Alive"; > > #proxy_set_header User-Agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) > > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 > Safari/537.36"; > > #proxy_set_header User-Agent $http_user_agent; > > > > proxy_set_header X-Frame-Options sameorigin; # read here > > proxy_set_header X-Content-Type-Options nosniff; # read here > > proxy_set_header X-Xss-Protection "1; mode=block"; #read here > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > proxy_set_header X-Forwarded-Proto $scheme; > > proxy_set_header Upgrade $http_upgrade; > > proxy_set_header Connection $http_connection; > > proxy_set_header Accept-Encoding ""; > > proxy_set_header X-Real-IP $remote_addr; > > proxy_set_header X-Scheme $scheme; > > proxy_ssl_server_name on; > > proxy_ssl_name $proxy_host; > > > > > > > > > > > > > > > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > https://mailman.nginx.org/mailman/listinfo/nginx > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From shashi.sharma at espire.com Sun Sep 3 07:19:23 2023 From: shashi.sharma at espire.com (Shashi Kant Sharma) Date: Sun, 3 Sep 2023 07:19:23 +0000 Subject: Nginx Support required In-Reply-To: References: <5934b355-13b3-b6e4-be8a-30f2ff65f5d7@nginx.com> <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> Message-ID: Hi Maximum, Any update on this. Regards Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified -----Original Message----- From: nginx On Behalf Of Shashi Kant Sharma Sent: Saturday, September 2, 2023 1:32 PM To: Maxim Konovalov ; nginx at nginx.org Cc: APACServicesSales at f5.com; Sapna Sharma ; Arvind Dhamija ; Suvidha Raizada ; Bhupendra Singh Subject: RE: Nginx Support required THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. Hi Maxim/Team, I am looking forward response on this. Can you please response or suggest any time for discussion today. Regards Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified -----Original Message----- From: Shashi Kant Sharma Sent: Saturday, September 2, 2023 12:08 PM To: Maxim Konovalov ; nginx at nginx.org Cc: APACServicesSales at f5.com; Sapna Sharma ; Arvind Dhamija ; Suvidha Raizada ; Bhupendra Singh Subject: RE: Nginx Support required HI Maxim, Many thanks for response however please find hosted environment details and looking forward your support as it will not take more than 20 minutes time. In Espire environment we are using below config:- Espire UAT environment. OS - Ubuntu - 18.0 Nginx version - 1.18 Client Environment. OS - Ubuntu - 22.4 Nginx version - 1.22.1 @nginx at nginx.org: Please help on this as we need immediate support on this however my ID registerd on Nginx subscription. Please revert me on this ASAP and looking forward support on this. Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified -----Original Message----- From: Maxim Konovalov Sent: Saturday, September 2, 2023 11:51 AM To: Shashi Kant Sharma Cc: APACServicesSales at f5.com; Sapna Sharma ; Arvind Dhamija ; Suvidha Raizada ; Bhupendra Singh Subject: Re: Nginx Support required THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. Shashi, Unfortunately, unless you are F5 customers, I cannot help you. You can ask your question on nginx at nginx.org mailing list (please don't copy unit at nginx.org, it is for a different product) but please bear with the fact that it is a community discussion list, not a support channel. Maxim On 01.09.2023 23:17, Shashi Kant Sharma wrote: > Sure, > > We are using open source and once POC done then we will purchase the product with subscription however this is very important to us and Nginx work together on this issue. > > @Suvidha Raizada/@Arvind Dhamija/@Bhupendra Singh: please provide the details what we have and what we have in client side immediately. > > Regards > > > > > > Shashi Kant Sharma > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t > +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business > > CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO > 9001:2015 certified > > > > -----Original Message----- > From: Maxim Konovalov > Sent: Saturday, September 2, 2023 11:44 AM > To: Shashi Kant Sharma > Cc: Arvind Dhamija ; Suvidha Raizada > ; APACServicesSales at f5.com; Sapna Sharma > > Subject: Re: Nginx Support required > > THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. > > Hi Shashi, > > Before we proceed would you mind to share your subscription ID or any other information about F5 Inc products you bought? > > Thanks, > > Maxim > > On 01.09.2023 23:07, Shashi Kant Sharma wrote: >> Hi Maxim, >> >> Good day and hope you are doing good! >> >> Can you please share your availability today, so I can send meeting invite as we are looking for urgent support from Nginx team as last couple of days we are facing issue in upload the attachment more than 20 MB. And we are working on client environment and UAT ( Espire hosted) environment however due to technical expertise unable to close this issue. >> >> It would be highly appreciable if we can quick connect and looking forward expert support from Nginx team by today. >> >> Again, looking forward immediate response on this as good opportunity both side to get deliver it and further license purchase/renewal. >> >> Regards >> >> >> Shashi Kant Sharma >> Associate Director - IT >> >> Espire Infolabs Pvt. Ltd. >> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t >> +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business >> >> CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO >> 9001:2015 certified >> >> >> >> -----Original Message----- >> From: Maxim Konovalov >> Sent: Saturday, September 2, 2023 12:32 AM >> To: Shashi Kant Sharma >> Cc: Arvind Dhamija ; Suvidha Raizada >> ; APACServicesSales at f5.com >> Subject: Re: Nginx Support required >> >> THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. >> >> Hi Shashi, >> >> I am happy to do so! >> >> I removed nginx at nginx.org and unit at nginx.org emails from the Cc list. >> >> They are community mailing lists for our opensource projects nginx-oss and nginx-unit. There are not intended to provide support for paid users and have no any SLA's or anything like that. >> >> Am I right that you are paid customers for nginx-plus? >> >> If the above assumption is correct I recommend to go through the official support on the MyF5 portal. >> >> Any additional information about product(s) you bought, subscription ID or sales contact at F5 would be helpful for further assistance. >> >> Thanks, >> >> Maxim >> >> On 01.09.2023 11:47, Shashi Kant Sharma wrote: >>> Hi Maxim, >>> >>> Can you loop any relevant team who can assist and provide the support? >>> >>> Regards >>> >>> >>> >>> >>> >>> Shashi Kant Sharma >>> Associate Director - IT >>> >>> Espire Infolabs Pvt. Ltd. >>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t >>> +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business >>> >>> CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO >>> 9001:2015 certified >>> >>> >>> >>> -----Original Message----- >>> From: Maxim Konovalov >>> Sent: Saturday, September 2, 2023 12:14 AM >>> To: nginx at nginx.org; unit at nginx.org >>> Cc: Arvind Dhamija ; Suvidha Raizada >>> ; APACServicesSales at f5.com; Shashi Kant >>> Sharma >>> Subject: Re: Nginx Support required >>> >>> THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. >>> >>> Hi, >>> >>> This will be addressed off the list. >>> >>> Maxim >>> >>> On 01.09.2023 11:06, Shashi Kant Sharma wrote: >>>> Hi All, >>>> >>>> We did not receive any update on this. >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> *From:*Shashi Kant Sharma >>>> *Sent:* Friday, September 1, 2023 12:11 PM >>>> *To:* nginx at nginx.org >>>> *Cc:* Arvind Dhamija ; Suvidha Raizada >>>> >>>> *Subject:* RE: Nginx Support required >>>> >>>> Hello Team, >>>> >>>> Any update on this? >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> *From:*Shashi Kant Sharma >>>> *Sent:* Thursday, August 31, 2023 9:02 PM >>>> *To:* nginx at nginx.org >>>> *Cc:* Arvind Dhamija >>> >; Suvidha Raizada >>>> > >>>> *Subject:* Nginx Support required >>>> >>>> Hello Team, >>>> >>>> We are looking support from Nginx team as we are facing issue in >>>> upload the file size as more than 20MB file size unable to upload. >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> EMAIL DISCLAIMER: Information contained and transmitted by this >>>> e-mail and including attachment thereto is proprietary or legally >>>> privileged information to Espire Infolabs Private Limited. It is >>>> intended for the designated recipient(s) and purpose, and may >>>> contain information that is privileged, confidential or exempt from disclosure under applicable law. >>>> Access to this e-mail and/or to the attachment by anyone else is >>>> unauthorized. If you are not the intended recipient, an agent of >>>> the intended recipient or a person responsible for delivering the >>>> information to the intended recipient, you are notified that any >>>> use, copying, reproduction, dissemination, disclosure, >>>> modification, publication of this e-mail or any information >>>> contained therein in any way or in any manner is strictly prohibited or may be unlawful. >>>> Further, if you are not the intended recipient, please notify the >>>> sender immediately about mis-delivery and permanently delete this >>>> e-mail and its attachments, if any. The recipient acknowledges that >>>> the views expressed in this e-mail are those of sender and may not >>>> necessarily reflect those of the company. There is no guarantee >>>> that the integrity of this communication has been maintained and >>>> nor is this communication free of viruses, interceptions or interference. >>>> The sender or the Company accepts no liability for damage caused by >>>> any virus transmitted in this email or error or omissions. >>>> >>>> _______________________________________________ >>>> nginx mailing list >>>> nginx at nginx.org >>>> https://mailman.nginx.org/mailman/listinfo/nginx >>> >>> -- >>> Maxim Konovalov >>> >>> EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. >> >> -- >> Maxim Konovalov >> >> EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. > > -- > Maxim Konovalov > > EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. -- Maxim Konovalov EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. _______________________________________________ nginx mailing list nginx at nginx.org https://mailman.nginx.org/mailman/listinfo/nginx EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. From al-nginx at none.at Sun Sep 3 11:06:32 2023 From: al-nginx at none.at (Aleksandar Lazic) Date: Sun, 3 Sep 2023 13:06:32 +0200 Subject: Nginx Support required In-Reply-To: References: <5934b355-13b3-b6e4-be8a-30f2ff65f5d7@nginx.com> <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> <20230902111628.GY6038@daoine.org> <31b59cd3-4286-cc54-893d-e9cc96ba80f0@none.at> Message-ID: <84715f07-bc1d-9fc4-f74a-c1a668fbd088@none.at> Hi Michael. On 2023-09-02 (Sa.) 23:13, Saint Michael wrote: > Does anybody have any idea what am I doing wrong? You don't follow the suggestions from the response of the community member. The original Question was a Upload problem, which moves now to a Download/Video play problem. What's now the Issue? As Maxim Konovalov also have told you that this list have no SLA's. > @nginx at nginx.org: Please help on this as we need immediate support on this however my ID registerd on Nginx subscription. nginx at nginx.org is the Mailing list of the nginx-oss part therefore isn't any ID necessary. If you want paid support please follow the link below and request a nginx plus license. Maybe it's not a nginx error but more a CORS error for that URL https://mv.larepublica.co/trends/ntn . Have you tried to run the network debugging on chrome or Firefox to see what requests are done and what the response is? ``` (anonymous) @ https://ntn24.1eye.us/__assets/assets/v1.0.0.30/ntn-modals.d257a509.js:15 xhr @ https://ntn24.1eye.us/__assets/assets/v1.0.0.30/ntn-modals.d257a509.js:15 Wc @ https://ntn24.1eye.us/__assets/assets/v1.0.0.30/ntn-modals.d257a509.js:15 request @ https://ntn24.1eye.us/__assets/assets/v1.0.0.30/ntn-modals.d257a509.js:15 (anonymous) @ https://ntn24.1eye.us/__assets/assets/v1.0.0.30/ntn-modals.d257a509.js:15 (anonymous) @ https://ntn24.1eye.us/__assets/assets/v1.0.0.30/ntn-modals.d257a509.js:13 s @ https://ntn24.1eye.us/__assets/assets/v1.0.0.30/trends.480abc11.js:1 i @ https://ntn24.1eye.us/__assets/assets/v1.0.0.30/trends.480abc11.js:1 (anonymous) @ https://ntn24.1eye.us/__assets/assets/v1.0.0.30/desktop-post-video.b2e548a9.js:1 > https://mv.larepublica.co/trends/ntn ``` As you can see are the URL's on different Domains, which can cause a CORS problem. https://www.ntn24.com/noticias-actualidad/... https://ntn24.1eye.us/noticias-actualidad/... Here some suggstions for the internet search. https://html.duckduckgo.com/html?q=nginx%20cors https://enable-cors.org/server_nginx.html Here a explanation what CORS is https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy#Cross-origin_network_access https://en.wikipedia.org/wiki/Cross-origin_resource_sharing Regards Alex > On Sat, Sep 2, 2023 at 4:42 PM Aleksandar Lazic > wrote: > > Hi Michael. > > On 2023-09-02 (Sa.) 19:01, Saint Michael wrote: > > Is there any paid support that would help me fix this problem: > > You searched for this site > https://www.nginx.com/products/nginx/compare-models/ > > nginx offers via nginx plus a product with support and more as you can > see in the page above. > > As we used nginx plus, before it was part of F5, can I say that the > support was quite good. I assume that's still the case. > > As Francis Daly have written is this the Mailing list of the open > source > nginx. > > @nginx team. the ml archives does not look in a good state a the > messages are from Sept 2023 the last one in the archive. > https://nginx.org/en/support.html > > https://mailman.nginx.org/pipermail/nginx/ > https://marc.info/?l=nginx > > gmane does not resolve > http://dir.gmane.org/gmane.comp.web.nginx.english > > Regards > Alex > > > This works: > > > https://www.ntn24.com/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 > > but in the link below, the video from videomotion, fails to play: > > > https://ntn24.1eye.us/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 > > > > The proxy should work, this is my definition > > > >   server { > >          default_type  application/octet-stream; > >          set $template_root > /usr/local/openresty/nginx/html/templates; > >          listen 38.95.11.236:443 ssl; > >          error_log logs/error.log warn; > >          access_log logs/access.log; > >          server_name ntn24.1eye.us > >; > >          ssl_certificate > > /etc/letsencrypt/live/ntn24.1eye.us/fullchain.pem > > > >; > >          ssl_certificate_key > > /etc/letsencrypt/live/ntn24.1eye.us/privkey.pem > > > >; > >          include /etc/letsencrypt/options-ssl-nginx.conf; # > managed by > > Certbot > >          ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed > by Certbot > > > >          location / { > > include /etc/proxy_include.txt; > > proxy_cookie_domain https://ntn24.com > > > > https://ntn24.1eye.us > >; > > proxy_set_header Host "www.ntn24.com > >"; > > proxy_pass https://www.ntn24.com > >; > > proxy_redirect https://www.ntn24.com > > > > https://ntn24.1eye.us > >; > > > > subs_filter_types text/css text/javascript application/javascript; > > subs_filter "ntn24.com " "ntn24.1eye.us > " gi; > > subs_filter "https://(.*).ntn24.com/(.*) " > "https://ntn24.1eye.us/$1/$2 " gi; > > subs_filter "https://ntn24.com " > "https://ntn24.1eye.us " gi; > > subs_filter "https://www.ntn24.com > >" > > "https://ntn24.1eye.us > >" gi; > > subs_filter "www.ntn24.com > >" "ntn24.1eye.us > > > >" gi; > > > >          } > > > > > >      } > > > > > > the proxy_include.txt  file: > > proxy_buffering on; > > resolver 127.0.0.1 ipv6=off; > > proxy_http_version 1.1; > > proxy_buffer_size  128k; > > proxy_busy_buffers_size  256k; > > proxy_buffers 4 256k; > > proxy_pass_header *; > > proxy_set_header Connection "Keep-Alive"; > > proxy_set_header Proxy-Connection "Keep-Alive"; > > #proxy_set_header User-Agent "Mozilla/5.0 (Windows NT 10.0; > Win64; x64) > > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 > Safari/537.36"; > > #proxy_set_header User-Agent $http_user_agent; > > > > proxy_set_header X-Frame-Options sameorigin; # read here > > proxy_set_header X-Content-Type-Options nosniff; # read here > > proxy_set_header X-Xss-Protection "1; mode=block"; #read here > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > proxy_set_header X-Forwarded-Proto   $scheme; > > proxy_set_header Upgrade $http_upgrade; > > proxy_set_header Connection $http_connection; > > proxy_set_header Accept-Encoding ""; > > proxy_set_header X-Real-IP $remote_addr; > > proxy_set_header X-Scheme $scheme; > > proxy_ssl_server_name on; > > proxy_ssl_name $proxy_host; > > > > > > > > > > > > > > > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > https://mailman.nginx.org/mailman/listinfo/nginx > > From venefax at gmail.com Sun Sep 3 12:05:37 2023 From: venefax at gmail.com (Saint Michael) Date: Sun, 3 Sep 2023 08:05:37 -0400 Subject: Nginx Support required In-Reply-To: <84715f07-bc1d-9fc4-f74a-c1a668fbd088@none.at> References: <5934b355-13b3-b6e4-be8a-30f2ff65f5d7@nginx.com> <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> <20230902111628.GY6038@daoine.org> <31b59cd3-4286-cc54-893d-e9cc96ba80f0@none.at> <84715f07-bc1d-9fc4-f74a-c1a668fbd088@none.at> Message-ID: I added support for CORS as instructed but it keeps failing. The question is: if this is a full reverse proxy, and all requests come from my NGINX server, why Dailymotion sees something different than a regular user trying to connect to a video? Is there something else that I am missing in the code so 100% of requests that hit Dailymotion seem to come from the NGNX machine? These is my code proxy_buffering on; resolver 127.0.0.1 ipv6=off; proxy_http_version 1.1; proxy_buffer_size 128k; proxy_busy_buffers_size 256k; proxy_buffers 4 256k; proxy_pass_header *; proxy_set_header Connection "Keep-Alive"; proxy_set_header Proxy-Connection "Keep-Alive"; proxy_set_header X-Frame-Options sameorigin; proxy_set_header X-Content-Type-Options nosniff; proxy_set_header X-Xss-Protection "1; mode=block"; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header Accept-Encoding ""; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Scheme $scheme; proxy_ssl_server_name on; proxy_ssl_name $proxy_host; proxy_cookie_domain https://ntn24.com https://ntn24.1eye.us; proxy_set_header Host "www.ntn24.com"; proxy_pass https://www.ntn24.com; proxy_redirect https://www.ntn24.com https://ntn24.1eye.us; subs_filter_types text/css text/javascript application/javascript; subs_filter "ntn24.com" "ntn24.1eye.us" gi; subs_filter "https://(.*).ntn24.com/(.*)" "https://ntn24.1eye.us/$1/$2" gi; subs_filter "https://ntn24.com" "https://ntn24.1eye.us" gi; subs_filter "https://www.ntn24.com" "https://ntn24.1eye.us" gi; subs_filter "www.ntn24.com" "ntn24.1eye.us" gi; On Sun, Sep 3, 2023 at 7:06 AM Aleksandar Lazic wrote: > Hi Michael. > > On 2023-09-02 (Sa.) 23:13, Saint Michael wrote: > > Does anybody have any idea what am I doing wrong? > > You don't follow the suggestions from the response of the community member. > > The original Question was a Upload problem, which moves now to a > Download/Video play problem. What's now the Issue? > > As Maxim Konovalov also have told you that this list have no SLA's. > > > @nginx at nginx.org: Please help on this as we need immediate support on > this however my ID registerd on Nginx subscription. > > nginx at nginx.org is the Mailing list of the nginx-oss part therefore > isn't any ID necessary. If you want paid support please follow the link > below and request a nginx plus license. > > Maybe it's not a nginx error but more a CORS error for that URL > https://mv.larepublica.co/trends/ntn . Have you tried to run the network > debugging on chrome or Firefox to see what requests are done and what > the response is? > > > ``` > (anonymous) @ > https://ntn24.1eye.us/__assets/assets/v1.0.0.30/ntn-modals.d257a509.js:15 > xhr @ > https://ntn24.1eye.us/__assets/assets/v1.0.0.30/ntn-modals.d257a509.js:15 > Wc @ > https://ntn24.1eye.us/__assets/assets/v1.0.0.30/ntn-modals.d257a509.js:15 > request @ > https://ntn24.1eye.us/__assets/assets/v1.0.0.30/ntn-modals.d257a509.js:15 > (anonymous) @ > https://ntn24.1eye.us/__assets/assets/v1.0.0.30/ntn-modals.d257a509.js:15 > (anonymous) @ > https://ntn24.1eye.us/__assets/assets/v1.0.0.30/ntn-modals.d257a509.js:13 > s @ https://ntn24.1eye.us/__assets/assets/v1.0.0.30/trends.480abc11.js:1 > i @ https://ntn24.1eye.us/__assets/assets/v1.0.0.30/trends.480abc11.js:1 > (anonymous) @ > > https://ntn24.1eye.us/__assets/assets/v1.0.0.30/desktop-post-video.b2e548a9.js:1 > > > https://mv.larepublica.co/trends/ntn > ``` > > As you can see are the URL's on different Domains, which can cause a > CORS problem. > > https://www.ntn24.com/noticias-actualidad/... > https://ntn24.1eye.us/noticias-actualidad/... > > Here some suggstions for the internet search. > > https://html.duckduckgo.com/html?q=nginx%20cors > https://enable-cors.org/server_nginx.html > > Here a explanation what CORS is > > https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy#Cross-origin_network_access > https://en.wikipedia.org/wiki/Cross-origin_resource_sharing > > > Regards > Alex > > > On Sat, Sep 2, 2023 at 4:42 PM Aleksandar Lazic > > wrote: > > > > Hi Michael. > > > > On 2023-09-02 (Sa.) 19:01, Saint Michael wrote: > > > Is there any paid support that would help me fix this problem: > > > > You searched for this site > > https://www.nginx.com/products/nginx/compare-models/ > > > > nginx offers via nginx plus a product with support and more as you > can > > see in the page above. > > > > As we used nginx plus, before it was part of F5, can I say that the > > support was quite good. I assume that's still the case. > > > > As Francis Daly have written is this the Mailing list of the open > > source > > nginx. > > > > @nginx team. the ml archives does not look in a good state a the > > messages are from Sept 2023 the last one in the archive. > > https://nginx.org/en/support.html > > > > https://mailman.nginx.org/pipermail/nginx/ > > https://marc.info/?l=nginx > > > > gmane does not resolve > > http://dir.gmane.org/gmane.comp.web.nginx.english > > > > Regards > > Alex > > > > > This works: > > > > > > https://www.ntn24.com/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 > < > https://www.ntn24.com/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 > > > > > but in the link below, the video from videomotion, fails to play: > > > > > > https://ntn24.1eye.us/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 > < > https://ntn24.1eye.us/noticias-actualidad/crecen-las-hipotesis-alrededor-de-la-muerte-del-exjefe-del-grupo-wagner-yevgueni-prigozhin-439911 > > > > > > > > The proxy should work, this is my definition > > > > > > server { > > > default_type application/octet-stream; > > > set $template_root > > /usr/local/openresty/nginx/html/templates; > > > listen 38.95.11.236:443 ssl; > > > error_log logs/error.log warn; > > > access_log logs/access.log; > > > server_name ntn24.1eye.us > > >; > > > ssl_certificate > > > /etc/letsencrypt/live/ntn24.1eye.us/fullchain.pem > > > > > > >; > > > ssl_certificate_key > > > /etc/letsencrypt/live/ntn24.1eye.us/privkey.pem > > > > > > >; > > > include /etc/letsencrypt/options-ssl-nginx.conf; # > > managed by > > > Certbot > > > ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed > > by Certbot > > > > > > location / { > > > include /etc/proxy_include.txt; > > > proxy_cookie_domain https://ntn24.com > > > > > > https://ntn24.1eye.us > > >; > > > proxy_set_header Host "www.ntn24.com > > >"; > > > proxy_pass https://www.ntn24.com > > >; > > > proxy_redirect https://www.ntn24.com > > > > > > https://ntn24.1eye.us > > >; > > > > > > subs_filter_types text/css text/javascript application/javascript; > > > subs_filter "ntn24.com " "ntn24.1eye.us > > " gi; > > > subs_filter "https://(.*).ntn24.com/(.*) " > > "https://ntn24.1eye.us/$1/$2 " gi; > > > subs_filter "https://ntn24.com " > > "https://ntn24.1eye.us " gi; > > > subs_filter "https://www.ntn24.com > > >" > > > "https://ntn24.1eye.us > > >" gi; > > > subs_filter "www.ntn24.com > > >" "ntn24.1eye.us > > > > > >" gi; > > > > > > } > > > > > > > > > } > > > > > > > > > the proxy_include.txt file: > > > proxy_buffering on; > > > resolver 127.0.0.1 ipv6=off; > > > proxy_http_version 1.1; > > > proxy_buffer_size 128k; > > > proxy_busy_buffers_size 256k; > > > proxy_buffers 4 256k; > > > proxy_pass_header *; > > > proxy_set_header Connection "Keep-Alive"; > > > proxy_set_header Proxy-Connection "Keep-Alive"; > > > #proxy_set_header User-Agent "Mozilla/5.0 (Windows NT 10.0; > > Win64; x64) > > > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.82 > > Safari/537.36"; > > > #proxy_set_header User-Agent $http_user_agent; > > > > > > proxy_set_header X-Frame-Options sameorigin; # read here > > > proxy_set_header X-Content-Type-Options nosniff; # read here > > > proxy_set_header X-Xss-Protection "1; mode=block"; #read here > > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > > proxy_set_header X-Forwarded-Proto $scheme; > > > proxy_set_header Upgrade $http_upgrade; > > > proxy_set_header Connection $http_connection; > > > proxy_set_header Accept-Encoding ""; > > > proxy_set_header X-Real-IP $remote_addr; > > > proxy_set_header X-Scheme $scheme; > > > proxy_ssl_server_name on; > > > proxy_ssl_name $proxy_host; > > > > > > > > > > > > > > > > > > > > > > > > > > > _______________________________________________ > > > nginx mailing list > > > nginx at nginx.org > > > https://mailman.nginx.org/mailman/listinfo/nginx > > > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From teward at thomas-ward.net Sun Sep 3 16:27:46 2023 From: teward at thomas-ward.net (Thomas Ward) Date: Sun, 3 Sep 2023 16:27:46 +0000 Subject: Nginx Support required In-Reply-To: References: <5934b355-13b3-b6e4-be8a-30f2ff65f5d7@nginx.com> <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> Message-ID: Shashi, et. al: This is the nginx oss community lists. There is no dedicated support SLA here, nor is there a "can we get together for a call or discussion". Maxim indicated there would be an off-list reply to you. There is no need to continue emailing the public mailing list asking for any kind of updates or reply. However, again there is no SLA nor guarantee for a response here. If your company has NGINX Plus then there is a different way for getting official paid help. That however is not this mailing list. Thomas Sent from my Galaxy -------- Original message -------- From: Shashi Kant Sharma Date: 9/3/23 03:19 (GMT-05:00) To: nginx at nginx.org, Maxim Konovalov Cc: APACServicesSales at f5.com, Sapna Sharma , Arvind Dhamija , Suvidha Raizada , Bhupendra Singh Subject: RE: Nginx Support required Hi Maximum, Any update on this. Regards Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified -----Original Message----- From: nginx On Behalf Of Shashi Kant Sharma Sent: Saturday, September 2, 2023 1:32 PM To: Maxim Konovalov ; nginx at nginx.org Cc: APACServicesSales at f5.com; Sapna Sharma ; Arvind Dhamija ; Suvidha Raizada ; Bhupendra Singh Subject: RE: Nginx Support required THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. Hi Maxim/Team, I am looking forward response on this. Can you please response or suggest any time for discussion today. Regards Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified -----Original Message----- From: Shashi Kant Sharma Sent: Saturday, September 2, 2023 12:08 PM To: Maxim Konovalov ; nginx at nginx.org Cc: APACServicesSales at f5.com; Sapna Sharma ; Arvind Dhamija ; Suvidha Raizada ; Bhupendra Singh Subject: RE: Nginx Support required HI Maxim, Many thanks for response however please find hosted environment details and looking forward your support as it will not take more than 20 minutes time. In Espire environment we are using below config:- Espire UAT environment. OS - Ubuntu - 18.0 Nginx version - 1.18 Client Environment. OS - Ubuntu - 22.4 Nginx version - 1.22.1 @nginx at nginx.org: Please help on this as we need immediate support on this however my ID registerd on Nginx subscription. Please revert me on this ASAP and looking forward support on this. Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified -----Original Message----- From: Maxim Konovalov Sent: Saturday, September 2, 2023 11:51 AM To: Shashi Kant Sharma Cc: APACServicesSales at f5.com; Sapna Sharma ; Arvind Dhamija ; Suvidha Raizada ; Bhupendra Singh Subject: Re: Nginx Support required THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. Shashi, Unfortunately, unless you are F5 customers, I cannot help you. You can ask your question on nginx at nginx.org mailing list (please don't copy unit at nginx.org, it is for a different product) but please bear with the fact that it is a community discussion list, not a support channel. Maxim On 01.09.2023 23:17, Shashi Kant Sharma wrote: > Sure, > > We are using open source and once POC done then we will purchase the product with subscription however this is very important to us and Nginx work together on this issue. > > @Suvidha Raizada/@Arvind Dhamija/@Bhupendra Singh: please provide the details what we have and what we have in client side immediately. > > Regards > > > > > > Shashi Kant Sharma > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t > +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business > > CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO > 9001:2015 certified > > > > -----Original Message----- > From: Maxim Konovalov > Sent: Saturday, September 2, 2023 11:44 AM > To: Shashi Kant Sharma > Cc: Arvind Dhamija ; Suvidha Raizada > ; APACServicesSales at f5.com; Sapna Sharma > > Subject: Re: Nginx Support required > > THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. > > Hi Shashi, > > Before we proceed would you mind to share your subscription ID or any other information about F5 Inc products you bought? > > Thanks, > > Maxim > > On 01.09.2023 23:07, Shashi Kant Sharma wrote: >> Hi Maxim, >> >> Good day and hope you are doing good! >> >> Can you please share your availability today, so I can send meeting invite as we are looking for urgent support from Nginx team as last couple of days we are facing issue in upload the attachment more than 20 MB. And we are working on client environment and UAT ( Espire hosted) environment however due to technical expertise unable to close this issue. >> >> It would be highly appreciable if we can quick connect and looking forward expert support from Nginx team by today. >> >> Again, looking forward immediate response on this as good opportunity both side to get deliver it and further license purchase/renewal. >> >> Regards >> >> >> Shashi Kant Sharma >> Associate Director - IT >> >> Espire Infolabs Pvt. Ltd. >> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t >> +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business >> >> CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO >> 9001:2015 certified >> >> >> >> -----Original Message----- >> From: Maxim Konovalov >> Sent: Saturday, September 2, 2023 12:32 AM >> To: Shashi Kant Sharma >> Cc: Arvind Dhamija ; Suvidha Raizada >> ; APACServicesSales at f5.com >> Subject: Re: Nginx Support required >> >> THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. >> >> Hi Shashi, >> >> I am happy to do so! >> >> I removed nginx at nginx.org and unit at nginx.org emails from the Cc list. >> >> They are community mailing lists for our opensource projects nginx-oss and nginx-unit. There are not intended to provide support for paid users and have no any SLA's or anything like that. >> >> Am I right that you are paid customers for nginx-plus? >> >> If the above assumption is correct I recommend to go through the official support on the MyF5 portal. >> >> Any additional information about product(s) you bought, subscription ID or sales contact at F5 would be helpful for further assistance. >> >> Thanks, >> >> Maxim >> >> On 01.09.2023 11:47, Shashi Kant Sharma wrote: >>> Hi Maxim, >>> >>> Can you loop any relevant team who can assist and provide the support? >>> >>> Regards >>> >>> >>> >>> >>> >>> Shashi Kant Sharma >>> Associate Director - IT >>> >>> Espire Infolabs Pvt. Ltd. >>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t >>> +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business >>> >>> CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO >>> 9001:2015 certified >>> >>> >>> >>> -----Original Message----- >>> From: Maxim Konovalov >>> Sent: Saturday, September 2, 2023 12:14 AM >>> To: nginx at nginx.org; unit at nginx.org >>> Cc: Arvind Dhamija ; Suvidha Raizada >>> ; APACServicesSales at f5.com; Shashi Kant >>> Sharma >>> Subject: Re: Nginx Support required >>> >>> THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. >>> >>> Hi, >>> >>> This will be addressed off the list. >>> >>> Maxim >>> >>> On 01.09.2023 11:06, Shashi Kant Sharma wrote: >>>> Hi All, >>>> >>>> We did not receive any update on this. >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> *From:*Shashi Kant Sharma >>>> *Sent:* Friday, September 1, 2023 12:11 PM >>>> *To:* nginx at nginx.org >>>> *Cc:* Arvind Dhamija ; Suvidha Raizada >>>> >>>> *Subject:* RE: Nginx Support required >>>> >>>> Hello Team, >>>> >>>> Any update on this? >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> *From:*Shashi Kant Sharma >>>> *Sent:* Thursday, August 31, 2023 9:02 PM >>>> *To:* nginx at nginx.org >>>> *Cc:* Arvind Dhamija >>> >; Suvidha Raizada >>>> > >>>> *Subject:* Nginx Support required >>>> >>>> Hello Team, >>>> >>>> We are looking support from Nginx team as we are facing issue in >>>> upload the file size as more than 20MB file size unable to upload. >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> EMAIL DISCLAIMER: Information contained and transmitted by this >>>> e-mail and including attachment thereto is proprietary or legally >>>> privileged information to Espire Infolabs Private Limited. It is >>>> intended for the designated recipient(s) and purpose, and may >>>> contain information that is privileged, confidential or exempt from disclosure under applicable law. >>>> Access to this e-mail and/or to the attachment by anyone else is >>>> unauthorized. If you are not the intended recipient, an agent of >>>> the intended recipient or a person responsible for delivering the >>>> information to the intended recipient, you are notified that any >>>> use, copying, reproduction, dissemination, disclosure, >>>> modification, publication of this e-mail or any information >>>> contained therein in any way or in any manner is strictly prohibited or may be unlawful. >>>> Further, if you are not the intended recipient, please notify the >>>> sender immediately about mis-delivery and permanently delete this >>>> e-mail and its attachments, if any. The recipient acknowledges that >>>> the views expressed in this e-mail are those of sender and may not >>>> necessarily reflect those of the company. There is no guarantee >>>> that the integrity of this communication has been maintained and >>>> nor is this communication free of viruses, interceptions or interference. >>>> The sender or the Company accepts no liability for damage caused by >>>> any virus transmitted in this email or error or omissions. >>>> >>>> _______________________________________________ >>>> nginx mailing list >>>> nginx at nginx.org >>>> https://mailman.nginx.org/mailman/listinfo/nginx >>> >>> -- >>> Maxim Konovalov >>> >>> EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. >> >> -- >> Maxim Konovalov >> >> EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. > > -- > Maxim Konovalov > > EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. -- Maxim Konovalov EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. _______________________________________________ nginx mailing list nginx at nginx.org https://mailman.nginx.org/mailman/listinfo/nginx EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. _______________________________________________ nginx mailing list nginx at nginx.org https://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Sun Sep 3 23:04:39 2023 From: francis at daoine.org (Francis Daly) Date: Mon, 4 Sep 2023 00:04:39 +0100 Subject: Nginx Support required In-Reply-To: References: <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> <20230902111628.GY6038@daoine.org> <31b59cd3-4286-cc54-893d-e9cc96ba80f0@none.at> <84715f07-bc1d-9fc4-f74a-c1a668fbd088@none.at> Message-ID: <20230903230439.GZ6038@daoine.org> On Sun, Sep 03, 2023 at 08:05:37AM -0400, Saint Michael wrote: Hi there, > The question is: if this is a full reverse proxy, and all requests come > from my NGINX server, I suspect that the answer is "they don't". Dailymotion seems to be a video hosting site with a business model based around allowing certain web sites to link to embedded videos. You seem to want to link to embedded videos, without being one of those "certain sites". The simplest way to avoid the issue is probably for you to agree terms with the video hosting site, so that your site is allowed to embed links to all-or-some of their videos. > Is there something else that I am missing in the code so 100% of requests > that hit Dailymotion seem to come from the NGNX machine? It's not immediately clear to me why the requests should come from your nginx server. That would seem to miss the point of "outsourcing" the bandwidth requirements for video delivery away from your server -- which is presumably the purpose of using a video hosting site in the first place. If I were running a video-hosting web site based on allowing some sites to link to my videos, and not allowing others, then I would probably try to come up with a sophisticated mechanism to ensure that as many as possible "should be blocked" sources are blocked, while allowing every "should be allowed" source. And probably one of the very first checks I would do would be around the Referer header sent in the request -- if the client tells me that it is coming from a "should be blocked" source, I would probably believe it without needing to do any more sophisticated checking for this request. Cheers, f -- Francis Daly francis at daoine.org From jeff.dyke at gmail.com Mon Sep 4 01:45:29 2023 From: jeff.dyke at gmail.com (Jeff Dyke) Date: Sun, 3 Sep 2023 21:45:29 -0400 Subject: Nginx Support required In-Reply-To: <20230903230439.GZ6038@daoine.org> References: <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> <20230902111628.GY6038@daoine.org> <31b59cd3-4286-cc54-893d-e9cc96ba80f0@none.at> <84715f07-bc1d-9fc4-f74a-c1a668fbd088@none.at> <20230903230439.GZ6038@daoine.org> Message-ID: You accepted when you installed it, no one is your support, but if you ask nicely and stop with the FN demands, you may get a little help, as this nice person did. This is not what this type of software is about, and its your bad for not understanding. This is not only for you, but would like it to live on...you're not the first, you can still turn your thinking around. I can tell how much these lists have taught me over the years. On Sun, Sep 3, 2023 at 7:04 PM Francis Daly wrote: > On Sun, Sep 03, 2023 at 08:05:37AM -0400, Saint Michael wrote: > > Hi there, > > > The question is: if this is a full reverse proxy, and all requests come > > from my NGINX server, > > I suspect that the answer is "they don't". > > Dailymotion seems to be a video hosting site with a business model based > around allowing certain web sites to link to embedded videos. > > You seem to want to link to embedded videos, without being one of those > "certain sites". > > The simplest way to avoid the issue is probably for you to agree terms > with the video hosting site, so that your site is allowed to embed links > to all-or-some of their videos. > > > Is there something else that I am missing in the code so 100% of requests > > that hit Dailymotion seem to come from the NGNX machine? > > It's not immediately clear to me why the requests should come from > your nginx server. That would seem to miss the point of "outsourcing" > the bandwidth requirements for video delivery away from your server -- > which is presumably the purpose of using a video hosting site in the > first place. > > > If I were running a video-hosting web site based on allowing some sites > to link to my videos, and not allowing others, then I would probably > try to come up with a sophisticated mechanism to ensure that as many as > possible "should be blocked" sources are blocked, while allowing every > "should be allowed" source. And probably one of the very first checks > I would do would be around the Referer header sent in the request -- if > the client tells me that it is coming from a "should be blocked" source, > I would probably believe it without needing to do any more sophisticated > checking for this request. > > Cheers, > > f > -- > Francis Daly francis at daoine.org > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From Sam at SimpleSamples.info Mon Sep 4 04:57:54 2023 From: Sam at SimpleSamples.info (Sam Hobbs) Date: Sun, 3 Sep 2023 21:57:54 -0700 Subject: 502 Bad Gateway using Cloudflare and Kestrel Message-ID: <9d7bc382-7251-2c3c-510f-096f53ac2a61@SimpleSamples.info> I hope I can at  least get help diagnosing this. I have an ASP.Net Core application in a Ubuntu headless VM (DigitalOcean Droplet) using a page TLD (therefore I must use SSL) using Cloudflare. When I execute it using: dotnet domain.page.dll --launch-profile https Then use: curl -k https://127.0.0.1:5443 (the address that Kestrel is listening to) I get a page that I am expecting. Therefore Kestrel and the application seem to be working. Cloudflare is managing the domain name and I have a Cloudflare certificate in the appsettings.json file. I hope that since Kestrel is working it has accepted the certificate. When I browse to the domain from another system (over the internet) Cloudflare is saying 502 Bad Gateway and that the problem is in the server.  Is there a log somewhere showing the incoming request and more details of the error? The following is my server block. server { listen 443 ssl; listen [::]:443 ssl; #ssl_client_certificate /etc/ssl/cloudflare.crt; ssl_certificate /etc/ssl/domain.crt; ssl_certificate_key /etc/ssl/domain.pem; server_name domain.page *.domain.page; location / { proxy_passhttp://127.0.0.1:5443; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } I get the same results if I uncomment the ssl_client_certificate. Is there a way to determine with relative certainty that the 502 is caused by something in nginx and not Cloudflare or Kestrel or the application? Is there a way to get more details? If someone knows how to fix the problem regardless of where and why it is happening then that would be great help. -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Mon Sep 4 08:05:05 2023 From: francis at daoine.org (Francis Daly) Date: Mon, 4 Sep 2023 09:05:05 +0100 Subject: 502 Bad Gateway using Cloudflare and Kestrel In-Reply-To: <9d7bc382-7251-2c3c-510f-096f53ac2a61@SimpleSamples.info> References: <9d7bc382-7251-2c3c-510f-096f53ac2a61@SimpleSamples.info> Message-ID: <20230904080505.GA6038@daoine.org> On Sun, Sep 03, 2023 at 09:57:54PM -0700, Sam Hobbs wrote: Hi there, > curl -k https://127.0.0.1:5443 > > (the address that Kestrel is listening to) I get a page that I am expecting. > proxy_passhttp://127.0.0.1:5443; You probably have a space after proxy_pass in your actual config; but you probably should also have "https://" not "http://" there as well, since your upstream service is listening for https connections. > Is there a way to determine with relative certainty that the 502 is caused > by something in nginx and not Cloudflare or Kestrel or the application? Is > there a way to get more details? If someone knows how to fix the problem > regardless of where and why it is happening then that would be great help. The nginx error log should show its description of what it thinks is happening; you can change the logging level to have more details written, if that will help diagnose things. And the port-5443 service should log something like "I got a http request to a https port" wherever it writes its information. Cheers, f -- Francis Daly francis at daoine.org From shashi.sharma at espire.com Mon Sep 4 08:33:37 2023 From: shashi.sharma at espire.com (Shashi Kant Sharma) Date: Mon, 4 Sep 2023 08:33:37 +0000 Subject: Nginx Support required In-Reply-To: References: <5934b355-13b3-b6e4-be8a-30f2ff65f5d7@nginx.com> <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> Message-ID: Hi Thomas, Thanks for your email however I know Nginx plus support there and no support for Nginx. We are stuck in one issue at client side and on prem environment as unable to upload more than 20 mb. It would be highly appreciable if quick connect on team and it will not take more than 20 minutes of your time. Espire UAT environment. OS - Ubuntu - 18.0 Nginx version - 1.18 Client Environment. OS - Ubuntu - 22.4 Nginx version - 1.22.1 [cid:image001.jpg at 01D9DF37.59C4DF10] Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified [cid:image002.png at 01D9DF37.59C4DF10] From: nginx On Behalf Of Thomas Ward Sent: Sunday, September 3, 2023 9:58 PM To: nginx at nginx.org; Maxim Konovalov Cc: APACServicesSales at f5.com; Sapna Sharma ; Arvind Dhamija ; Suvidha Raizada ; Bhupendra Singh Subject: RE: Nginx Support required THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. Shashi, et. al: This is the nginx oss community lists. There is no dedicated support SLA here, nor is there a "can we get together for a call or discussion". Maxim indicated there would be an off-list reply to you. There is no need to continue emailing the public mailing list asking for any kind of updates or reply. However, again there is no SLA nor guarantee for a response here. If your company has NGINX Plus then there is a different way for getting official paid help. That however is not this mailing list. Thomas Sent from my Galaxy -------- Original message -------- From: Shashi Kant Sharma > Date: 9/3/23 03:19 (GMT-05:00) To: nginx at nginx.org, Maxim Konovalov > Cc: APACServicesSales at f5.com, Sapna Sharma >, Arvind Dhamija >, Suvidha Raizada >, Bhupendra Singh > Subject: RE: Nginx Support required Hi Maximum, Any update on this. Regards Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified -----Original Message----- From: nginx > On Behalf Of Shashi Kant Sharma Sent: Saturday, September 2, 2023 1:32 PM To: Maxim Konovalov >; nginx at nginx.org Cc: APACServicesSales at f5.com; Sapna Sharma >; Arvind Dhamija >; Suvidha Raizada >; Bhupendra Singh > Subject: RE: Nginx Support required THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. Hi Maxim/Team, I am looking forward response on this. Can you please response or suggest any time for discussion today. Regards Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified -----Original Message----- From: Shashi Kant Sharma Sent: Saturday, September 2, 2023 12:08 PM To: Maxim Konovalov >; nginx at nginx.org Cc: APACServicesSales at f5.com; Sapna Sharma >; Arvind Dhamija >; Suvidha Raizada >; Bhupendra Singh > Subject: RE: Nginx Support required HI Maxim, Many thanks for response however please find hosted environment details and looking forward your support as it will not take more than 20 minutes time. In Espire environment we are using below config:- Espire UAT environment. OS - Ubuntu - 18.0 Nginx version - 1.18 Client Environment. OS - Ubuntu - 22.4 Nginx version - 1.22.1 @nginx at nginx.org: Please help on this as we need immediate support on this however my ID registerd on Nginx subscription. Please revert me on this ASAP and looking forward support on this. Shashi Kant Sharma Associate Director - IT Espire Infolabs Pvt. Ltd. 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO 9001:2015 certified -----Original Message----- From: Maxim Konovalov > Sent: Saturday, September 2, 2023 11:51 AM To: Shashi Kant Sharma > Cc: APACServicesSales at f5.com; Sapna Sharma >; Arvind Dhamija >; Suvidha Raizada >; Bhupendra Singh > Subject: Re: Nginx Support required THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. Shashi, Unfortunately, unless you are F5 customers, I cannot help you. You can ask your question on nginx at nginx.org mailing list (please don't copy unit at nginx.org, it is for a different product) but please bear with the fact that it is a community discussion list, not a support channel. Maxim On 01.09.2023 23:17, Shashi Kant Sharma wrote: > Sure, > > We are using open source and once POC done then we will purchase the product with subscription however this is very important to us and Nginx work together on this issue. > > @Suvidha Raizada/@Arvind Dhamija/@Bhupendra Singh: please provide the details what we have and what we have in client side immediately. > > Regards > > > > > > Shashi Kant Sharma > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t > +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business > > CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO > 9001:2015 certified > > > > -----Original Message----- > From: Maxim Konovalov > > Sent: Saturday, September 2, 2023 11:44 AM > To: Shashi Kant Sharma > > Cc: Arvind Dhamija >; Suvidha Raizada > >; APACServicesSales at f5.com; Sapna Sharma > > > Subject: Re: Nginx Support required > > THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. > > Hi Shashi, > > Before we proceed would you mind to share your subscription ID or any other information about F5 Inc products you bought? > > Thanks, > > Maxim > > On 01.09.2023 23:07, Shashi Kant Sharma wrote: >> Hi Maxim, >> >> Good day and hope you are doing good! >> >> Can you please share your availability today, so I can send meeting invite as we are looking for urgent support from Nginx team as last couple of days we are facing issue in upload the attachment more than 20 MB. And we are working on client environment and UAT ( Espire hosted) environment however due to technical expertise unable to close this issue. >> >> It would be highly appreciable if we can quick connect and looking forward expert support from Nginx team by today. >> >> Again, looking forward immediate response on this as good opportunity both side to get deliver it and further license purchase/renewal. >> >> Regards >> >> >> Shashi Kant Sharma >> Associate Director - IT >> >> Espire Infolabs Pvt. Ltd. >> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t >> +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business >> >> CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO >> 9001:2015 certified >> >> >> >> -----Original Message----- >> From: Maxim Konovalov > >> Sent: Saturday, September 2, 2023 12:32 AM >> To: Shashi Kant Sharma > >> Cc: Arvind Dhamija >; Suvidha Raizada >> >; APACServicesSales at f5.com >> Subject: Re: Nginx Support required >> >> THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. >> >> Hi Shashi, >> >> I am happy to do so! >> >> I removed nginx at nginx.org and unit at nginx.org emails from the Cc list. >> >> They are community mailing lists for our opensource projects nginx-oss and nginx-unit. There are not intended to provide support for paid users and have no any SLA's or anything like that. >> >> Am I right that you are paid customers for nginx-plus? >> >> If the above assumption is correct I recommend to go through the official support on the MyF5 portal. >> >> Any additional information about product(s) you bought, subscription ID or sales contact at F5 would be helpful for further assistance. >> >> Thanks, >> >> Maxim >> >> On 01.09.2023 11:47, Shashi Kant Sharma wrote: >>> Hi Maxim, >>> >>> Can you loop any relevant team who can assist and provide the support? >>> >>> Regards >>> >>> >>> >>> >>> >>> Shashi Kant Sharma >>> Associate Director - IT >>> >>> Espire Infolabs Pvt. Ltd. >>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t >>> +91 124 3843 101 Email Shashi.sharma at espire.com Skype For Business >>> >>> CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO >>> 9001:2015 certified >>> >>> >>> >>> -----Original Message----- >>> From: Maxim Konovalov > >>> Sent: Saturday, September 2, 2023 12:14 AM >>> To: nginx at nginx.org; unit at nginx.org >>> Cc: Arvind Dhamija >; Suvidha Raizada >>> >; APACServicesSales at f5.com; Shashi Kant >>> Sharma > >>> Subject: Re: Nginx Support required >>> >>> THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents or other attachments may contain viruses/malware. Do not click on a link open or enable any file unless you trust the sender. >>> >>> Hi, >>> >>> This will be addressed off the list. >>> >>> Maxim >>> >>> On 01.09.2023 11:06, Shashi Kant Sharma wrote: >>>> Hi All, >>>> >>>> We did not receive any update on this. >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> *From:*Shashi Kant Sharma >>>> *Sent:* Friday, September 1, 2023 12:11 PM >>>> *To:* nginx at nginx.org >>>> *Cc:* Arvind Dhamija >; Suvidha Raizada >>>> > >>>> *Subject:* RE: Nginx Support required >>>> >>>> Hello Team, >>>> >>>> Any update on this? >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> *From:*Shashi Kant Sharma >>>> *Sent:* Thursday, August 31, 2023 9:02 PM >>>> *To:* nginx at nginx.org >>>> *Cc:* Arvind Dhamija >>>> >; Suvidha Raizada >>>> > >>>> *Subject:* Nginx Support required >>>> >>>> Hello Team, >>>> >>>> We are looking support from Nginx team as we are facing issue in >>>> upload the file size as more than 20MB file size unable to upload. >>>> >>>> Regards >>>> >>>> ** >>>> >>>> ** >>>> >>>> ** >>>> >>>> >>>> >>>> *Shashi Kant Sharma* >>>> >>>> Associate Director - IT >>>> >>>> Espire Infolabs Pvt. Ltd. >>>> >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 >>>> >>>> *m*+91 9910777529*t *+91 124 3843 101 >>>> >>>> *Email *Shashi.sharma at espire.com >>>> **Skype For Business >>>> >>>> >>>> ** >>>> >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * >>>> >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** >>>> >>>> EMAIL DISCLAIMER: Information contained and transmitted by this >>>> e-mail and including attachment thereto is proprietary or legally >>>> privileged information to Espire Infolabs Private Limited. It is >>>> intended for the designated recipient(s) and purpose, and may >>>> contain information that is privileged, confidential or exempt from disclosure under applicable law. >>>> Access to this e-mail and/or to the attachment by anyone else is >>>> unauthorized. If you are not the intended recipient, an agent of >>>> the intended recipient or a person responsible for delivering the >>>> information to the intended recipient, you are notified that any >>>> use, copying, reproduction, dissemination, disclosure, >>>> modification, publication of this e-mail or any information >>>> contained therein in any way or in any manner is strictly prohibited or may be unlawful. >>>> Further, if you are not the intended recipient, please notify the >>>> sender immediately about mis-delivery and permanently delete this >>>> e-mail and its attachments, if any. The recipient acknowledges that >>>> the views expressed in this e-mail are those of sender and may not >>>> necessarily reflect those of the company. There is no guarantee >>>> that the integrity of this communication has been maintained and >>>> nor is this communication free of viruses, interceptions or interference. >>>> The sender or the Company accepts no liability for damage caused by >>>> any virus transmitted in this email or error or omissions. >>>> >>>> _______________________________________________ >>>> nginx mailing list >>>> nginx at nginx.org >>>> https://mailman.nginx.org/mailman/listinfo/nginx >>> >>> -- >>> Maxim Konovalov >>> >>> EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. >> >> -- >> Maxim Konovalov >> >> EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. > > -- > Maxim Konovalov > > EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. -- Maxim Konovalov EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. _______________________________________________ nginx mailing list nginx at nginx.org https://mailman.nginx.org/mailman/listinfo/nginx EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. _______________________________________________ nginx mailing list nginx at nginx.org https://mailman.nginx.org/mailman/listinfo/nginx EMAIL DISCLAIMER: Information contained and transmitted by this e-mail and including attachment thereto is proprietary or legally privileged information to Espire Infolabs Private Limited. It is intended for the designated recipient(s) and purpose, and may contain information that is privileged, confidential or exempt from disclosure under applicable law. Access to this e-mail and/or to the attachment by anyone else is unauthorized. If you are not the intended recipient, an agent of the intended recipient or a person responsible for delivering the information to the intended recipient, you are notified that any use, copying, reproduction, dissemination, disclosure, modification, publication of this e-mail or any information contained therein in any way or in any manner is strictly prohibited or may be unlawful. Further, if you are not the intended recipient, please notify the sender immediately about mis-delivery and permanently delete this e-mail and its attachments, if any. The recipient acknowledges that the views expressed in this e-mail are those of sender and may not necessarily reflect those of the company. There is no guarantee that the integrity of this communication has been maintained and nor is this communication free of viruses, interceptions or interference. The sender or the Company accepts no liability for damage caused by any virus transmitted in this email or error or omissions. -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image001.jpg Type: image/jpeg Size: 4789 bytes Desc: image001.jpg URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: image002.png Type: image/png Size: 46602 bytes Desc: image002.png URL: From al-nginx at none.at Mon Sep 4 09:29:58 2023 From: al-nginx at none.at (Aleksandar Lazic) Date: Mon, 4 Sep 2023 11:29:58 +0200 Subject: Nginx Support required In-Reply-To: References: <5934b355-13b3-b6e4-be8a-30f2ff65f5d7@nginx.com> <88f211c0-a9d7-5b38-2115-0a589870f2ed@nginx.com> Message-ID: <06d36baa-de11-4301-367c-662acb233156@none.at> Hi Shashi Kant Sharma. On 2023-09-04 (Mo.) 10:33, Shashi Kant Sharma wrote: > Hi Thomas, > > Thanks for your email however I know Nginx plus support there and no > support for Nginx. We are stuck in one issue at client side and on prem > environment as unable to upload more  than 20 mb. Have you read the answers from the different persons in this thread? There was some suggestions how to fix your issue. > It would be highly appreciable if quick connect on team and it will not > take more than 20 minutes of your time. As you know Nginx plus how about to make a contract with F5 for Nginx support to be able tom make a call with the team. > Espire UAT environment. > OS - Ubuntu - 18.0 > Nginx version - 1.18 > > Client Environment. >  OS - Ubuntu - 22.4 > Nginx version - 1.22.1 > > *Shashi Kant Sharma* Regards Alex > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 > > *m*+91 9910777529*t *+91 124 3843 101 > > *Email *Shashi.sharma at espire.com > **Skype For Business > > > ** > > *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * > > *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** > > *From:*nginx *On Behalf Of *Thomas Ward > *Sent:* Sunday, September 3, 2023 9:58 PM > *To:* nginx at nginx.org; Maxim Konovalov > *Cc:* APACServicesSales at f5.com; Sapna Sharma ; > Arvind Dhamija ; Suvidha Raizada > ; Bhupendra Singh > *Subject:* RE: Nginx Support required > > *THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents > or other attachments may contain viruses/malware. Do not click on a link > open or enable any file unless you trust the sender. *** > > Shashi, et. al: > > This is the nginx oss community lists.  There is no dedicated support > SLA here, nor is there a "can we get together for a call or discussion". > > Maxim indicated there would be an off-list reply to you.  There is no > need to continue emailing the public mailing list asking for any kind of > updates or reply. > > However, again there is no SLA nor guarantee for a response here.  If > your company has NGINX Plus then there is a different way for getting > official paid help.  That however is not this mailing list. > > Thomas > > Sent from my Galaxy > > -------- Original message -------- > > From: Shashi Kant Sharma > > > Date: 9/3/23 03:19 (GMT-05:00) > > To: nginx at nginx.org , Maxim Konovalov > > > > Cc: APACServicesSales at f5.com , Sapna > Sharma >, > Arvind Dhamija >, Suvidha Raizada > >, > Bhupendra Singh > > > Subject: RE: Nginx Support required > > Hi Maximum, > > Any update on this. > > Regards > > > > > > Shashi Kant Sharma > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 > m +91 9910777529 t +91 124 3843 101 > Email Shashi.sharma at espire.com Skype > For Business > > CMMI level 5 Ver 1.3 Appraised (DEV + SVC) > ISO 27001:2013 & ISO 9001:2015 certified > > > > -----Original Message----- > From: nginx > > On Behalf Of Shashi Kant Sharma > Sent: Saturday, September 2, 2023 1:32 PM > To: Maxim Konovalov >; > nginx at nginx.org > Cc: APACServicesSales at f5.com ; Sapna > Sharma >; > Arvind Dhamija >; Suvidha Raizada > >; > Bhupendra Singh > > Subject: RE: Nginx Support required > > THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents > or other attachments may contain viruses/malware. Do not click on a link > open or enable any file unless you trust the sender. > > Hi Maxim/Team, > > I am looking forward response on this. Can you please response or > suggest any time for discussion today. > > Regards > > > Shashi Kant Sharma > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 > 124 3843 101 Email Shashi.sharma at espire.com > Skype For Business > > CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO > 9001:2015 certified > > > > -----Original Message----- > From: Shashi Kant Sharma > Sent: Saturday, September 2, 2023 12:08 PM > To: Maxim Konovalov >; > nginx at nginx.org > Cc: APACServicesSales at f5.com ; Sapna > Sharma >; > Arvind Dhamija >; Suvidha Raizada > >; > Bhupendra Singh > > Subject: RE: Nginx Support required > > > HI Maxim, > > Many thanks for response however please find hosted environment details > and looking forward your support as it will not take more than 20 > minutes time. > > In Espire environment we are using below config:- > > Espire UAT environment. > OS - Ubuntu - 18.0 > Nginx version - 1.18 > > Client Environment. >  OS - Ubuntu - 22.4 > Nginx version - 1.22.1 > > @nginx at nginx.org: Please help on this as we need immediate support on > this however my ID registerd on Nginx subscription. > > Please revert me on this ASAP and looking forward support on this. > > > Shashi Kant Sharma > Associate Director - IT > > Espire Infolabs Pvt. Ltd. > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t +91 > 124 3843 101 Email Shashi.sharma at espire.com > Skype For Business > > CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO > 9001:2015 certified > > > > -----Original Message----- > From: Maxim Konovalov > > Sent: Saturday, September 2, 2023 11:51 AM > To: Shashi Kant Sharma > > Cc: APACServicesSales at f5.com ; Sapna > Sharma >; > Arvind Dhamija >; Suvidha Raizada > >; > Bhupendra Singh > > Subject: Re: Nginx Support required > > THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office documents > or other attachments may contain viruses/malware. Do not click on a link > open or enable any file unless you trust the sender. > > Shashi, > > Unfortunately, unless you are F5 customers, I cannot help you. > > You can ask your question on nginx at nginx.org > mailing list (please don't copy unit at nginx.org , > it is for a different product) but please bear with the fact that it is > a community discussion list, not a support channel. > > Maxim > > On 01.09.2023 23:17, Shashi Kant Sharma wrote: > > Sure, > > > > We are using open source and once POC done then we will purchase the > product with subscription however this is very important to us and Nginx > work together on this issue. > > > > @Suvidha Raizada/@Arvind Dhamija/@Bhupendra Singh: please provide the > details what we have and what we have in client side immediately. > > > > Regards > > > > > > > > > > > > Shashi Kant Sharma > > Associate Director - IT > > > > Espire Infolabs Pvt. Ltd. > > 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t > > +91 124 3843 101 Email Shashi.sharma at espire.com > Skype For Business > > > > CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO > > 9001:2015 certified > > > > > > > > -----Original Message----- > > From: Maxim Konovalov > > > Sent: Saturday, September 2, 2023 11:44 AM > > To: Shashi Kant Sharma > > > Cc: Arvind Dhamija >; Suvidha Raizada > > >; > APACServicesSales at f5.com ; Sapna Sharma > > > > > Subject: Re: Nginx Support required > > > > THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office > documents or other attachments may contain viruses/malware. Do not click > on a link open or enable any file unless you trust the sender. > > > > Hi Shashi, > > > > Before we proceed would you mind to share your subscription ID or any > other information about F5 Inc products you bought? > > > > Thanks, > > > > Maxim > > > > On 01.09.2023 23:07, Shashi Kant Sharma wrote: > >> Hi Maxim, > >> > >> Good day and hope you are doing good! > >> > >> Can you please share your availability today, so I can send meeting > invite as we are looking for urgent support from Nginx team as last > couple of days we are facing issue in upload the attachment more than 20 > MB. And we are working on client environment and UAT ( Espire hosted) > environment however due to technical expertise unable to close this issue. > >> > >> It would be highly appreciable if we can quick connect and looking > forward expert support from Nginx team by today. > >> > >> Again, looking forward immediate response on this as good > opportunity both side to get deliver it and further license > purchase/renewal. > >> > >> Regards > >> > >> > >> Shashi Kant Sharma > >> Associate Director - IT > >> > >> Espire Infolabs Pvt. Ltd. > >> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t > >> +91 124 3843 101 Email Shashi.sharma at espire.com > Skype For Business > >> > >> CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO > >> 9001:2015 certified > >> > >> > >> > >> -----Original Message----- > >> From: Maxim Konovalov > > >> Sent: Saturday, September 2, 2023 12:32 AM > >> To: Shashi Kant Sharma > > >> Cc: Arvind Dhamija >; Suvidha Raizada > >> >; > APACServicesSales at f5.com > >> Subject: Re: Nginx Support required > >> > >> THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office > documents or other attachments may contain viruses/malware. Do not click > on a link open or enable any file unless you trust the sender. > >> > >> Hi Shashi, > >> > >> I am happy to do so! > >> > >> I removed nginx at nginx.org and > unit at nginx.org emails from the Cc list. > >> > >> They are community mailing lists for our opensource projects > nginx-oss and nginx-unit.  There are not intended to provide support for > paid users and have no any SLA's or anything like that. > >> > >> Am I right that you are paid customers for nginx-plus? > >> > >> If the above assumption is correct I recommend to go through the > official support on the MyF5 portal. > >> > >> Any additional information about product(s) you bought, subscription > ID or sales contact at F5 would be helpful for further assistance. > >> > >> Thanks, > >> > >> Maxim > >> > >> On 01.09.2023 11:47, Shashi Kant Sharma wrote: > >>> Hi Maxim, > >>> > >>> Can you loop any relevant team who can assist and provide the support? > >>> > >>> Regards > >>> > >>> > >>> > >>> > >>> > >>> Shashi Kant Sharma > >>> Associate Director - IT > >>> > >>> Espire Infolabs Pvt. Ltd. > >>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 m +91 9910777529 t > >>> +91 124 3843 101 Email Shashi.sharma at espire.com > Skype For Business > >>> > >>> CMMI level 5 Ver 1.3 Appraised (DEV + SVC) ISO 27001:2013 & ISO > >>> 9001:2015 certified > >>> > >>> > >>> > >>> -----Original Message----- > >>> From: Maxim Konovalov > > >>> Sent: Saturday, September 2, 2023 12:14 AM > >>> To: nginx at nginx.org ; unit at nginx.org > > >>> Cc: Arvind Dhamija >; Suvidha Raizada > >>> >; > APACServicesSales at f5.com ; Shashi Kant > >>> Sharma > > >>> Subject: Re: Nginx Support required > >>> > >>> THIS EMAIL IS FROM AN EXTERNAL SOURCE, Internet Links, office > documents or other attachments may contain viruses/malware. Do not click > on a link open or enable any file unless you trust the sender. > >>> > >>> Hi, > >>> > >>> This will be addressed off the list. > >>> > >>> Maxim > >>> > >>> On 01.09.2023 11:06, Shashi Kant Sharma wrote: > >>>> Hi All, > >>>> > >>>> We did not receive any update on this. > >>>> > >>>> Regards > >>>> > >>>> ** > >>>> > >>>> ** > >>>> > >>>> ** > >>>> > >>>> > >>>> > >>>> *Shashi Kant Sharma* > >>>> > >>>> Associate Director - IT > >>>> > >>>> Espire Infolabs Pvt. Ltd. > >>>> > >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 > >>>> > >>>> *m*+91 9910777529*t *+91 124 3843 101 > >>>> > >>>> *Email *Shashi.sharma at espire.com > >>>> >**Skype For Business > >>>> > > >>>> > >>>> ** > >>>> > >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * > >>>> > >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** > >>>> > >>>> *From:*Shashi Kant Sharma > >>>> *Sent:* Friday, September 1, 2023 12:11 PM > >>>> *To:* nginx at nginx.org > >>>> *Cc:* Arvind Dhamija >; Suvidha Raizada > >>>> > > >>>> *Subject:* RE: Nginx Support required > >>>> > >>>> Hello Team, > >>>> > >>>> Any update on this? > >>>> > >>>> Regards > >>>> > >>>> ** > >>>> > >>>> ** > >>>> > >>>> ** > >>>> > >>>> > >>>> > >>>> *Shashi Kant Sharma* > >>>> > >>>> Associate Director - IT > >>>> > >>>> Espire Infolabs Pvt. Ltd. > >>>> > >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 > >>>> > >>>> *m*+91 9910777529*t *+91 124 3843 101 > >>>> > >>>> *Email *Shashi.sharma at espire.com > >>>> >**Skype For Business > >>>> > > >>>> > >>>> ** > >>>> > >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * > >>>> > >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** > >>>> > >>>> *From:*Shashi Kant Sharma > >>>> *Sent:* Thursday, August 31, 2023 9:02 PM > >>>> *To:* nginx at nginx.org > > > >>>> *Cc:* Arvind Dhamija >>>> > >>; > Suvidha Raizada > >>>> >> > >>>> *Subject:* Nginx Support required > >>>> > >>>> Hello Team, > >>>> > >>>> We are looking support from Nginx team as we are facing issue in > >>>> upload the file size as more than 20MB file size unable to upload. > >>>> > >>>> Regards > >>>> > >>>> ** > >>>> > >>>> ** > >>>> > >>>> ** > >>>> > >>>> > >>>> > >>>> *Shashi Kant Sharma* > >>>> > >>>> Associate Director - IT > >>>> > >>>> Espire Infolabs Pvt. Ltd. > >>>> > >>>> 486 & 487, Udyog Vihar Phase-III Gurugram 122016 > >>>> > >>>> *m*+91 9910777529*t *+91 124 3843 101 > >>>> > >>>> *Email *Shashi.sharma at espire.com > >>>> >**Skype For Business > >>>> > > >>>> > >>>> ** > >>>> > >>>> *CMMI level 5 Ver 1.3 Appraised (DEV + SVC) * > >>>> > >>>> *ISO 27001:2013 *&*ISO 9001:2015 c*ertified** > >>>> > >>>> EMAIL DISCLAIMER: Information contained and transmitted by this > >>>> e-mail and including attachment thereto is proprietary or legally > >>>> privileged information to Espire Infolabs Private Limited. It is > >>>> intended for the designated recipient(s) and purpose, and may > >>>> contain information that is privileged, confidential or exempt > from disclosure under applicable law. > >>>> Access to this e-mail and/or to the attachment by anyone else is > >>>> unauthorized. If you are not the intended recipient, an agent of > >>>> the intended recipient or a person responsible for delivering the > >>>> information to the intended recipient, you are notified that any > >>>> use, copying, reproduction, dissemination, disclosure, > >>>> modification, publication of this e-mail or any information > >>>> contained therein in any way or in any manner is strictly > prohibited or may be unlawful. > >>>> Further, if you are not the intended recipient, please notify the > >>>> sender immediately about mis-delivery and permanently delete this > >>>> e-mail and its attachments, if any. The recipient acknowledges that > >>>> the views expressed in this e-mail are those of sender and may not > >>>> necessarily reflect those of the company. There is no guarantee > >>>> that the integrity of this communication has been maintained and > >>>> nor is this communication free of viruses, interceptions or > interference. > >>>> The sender or the Company accepts no liability for damage caused by > >>>> any virus transmitted in this email or error or omissions. > >>>> > >>>> _______________________________________________ > >>>> nginx mailing list > >>>> nginx at nginx.org > >>>> https://mailman.nginx.org/mailman/listinfo/nginx > > >>> > >>> -- > >>> Maxim Konovalov > >>> > >>> EMAIL DISCLAIMER: Information contained and transmitted by this > e-mail and including attachment thereto is proprietary or legally > privileged information to Espire Infolabs Private Limited. It is > intended for the designated recipient(s) and purpose, and may contain > information that is privileged, confidential or exempt from disclosure > under applicable law. Access to this e-mail and/or to the attachment by > anyone else is unauthorized. If you are not the intended recipient, an > agent of the intended recipient or a person responsible for delivering > the information to the intended recipient, you are notified that any > use, copying, reproduction, dissemination, disclosure, modification, > publication of this e-mail or any information contained therein in any > way or in any manner is strictly prohibited or may be unlawful. Further, > if you are not the intended recipient, please notify the sender > immediately about mis-delivery and permanently delete this e-mail and > its attachments, if any. The recipient acknowledges that the views > expressed in this e-mail are those of sender and may not necessarily > reflect those of the company. There is no guarantee that the integrity > of this communication has been maintained and nor is this communication > free of viruses, interceptions or interference. The sender or the > Company accepts no liability for damage caused by any virus transmitted > in this email or error or omissions. > >> > >> -- > >> Maxim Konovalov > >> > >> EMAIL DISCLAIMER: Information contained and transmitted by this > e-mail and including attachment thereto is proprietary or legally > privileged information to Espire Infolabs Private Limited. It is > intended for the designated recipient(s) and purpose, and may contain > information that is privileged, confidential or exempt from disclosure > under applicable law. Access to this e-mail and/or to the attachment by > anyone else is unauthorized. If you are not the intended recipient, an > agent of the intended recipient or a person responsible for delivering > the information to the intended recipient, you are notified that any > use, copying, reproduction, dissemination, disclosure, modification, > publication of this e-mail or any information contained therein in any > way or in any manner is strictly prohibited or may be unlawful. Further, > if you are not the intended recipient, please notify the sender > immediately about mis-delivery and permanently delete this e-mail and > its attachments, if any. The recipient acknowledges that the views > expressed in this e-mail are those of sender and may not necessarily > reflect those of the company. There is no guarantee that the integrity > of this communication has been maintained and nor is this communication > free of viruses, interceptions or interference. The sender or the > Company accepts no liability for damage caused by any virus transmitted > in this email or error or omissions. > > > > -- > > Maxim Konovalov > > > > EMAIL DISCLAIMER: Information contained and transmitted by this > e-mail and including attachment thereto is proprietary or legally > privileged information to Espire Infolabs Private Limited. It is > intended for the designated recipient(s) and purpose, and may contain > information that is privileged, confidential or exempt from disclosure > under applicable law. Access to this e-mail and/or to the attachment by > anyone else is unauthorized. If you are not the intended recipient, an > agent of the intended recipient or a person responsible for delivering > the information to the intended recipient, you are notified that any > use, copying, reproduction, dissemination, disclosure, modification, > publication of this e-mail or any information contained therein in any > way or in any manner is strictly prohibited or may be unlawful. Further, > if you are not the intended recipient, please notify the sender > immediately about mis-delivery and permanently delete this e-mail and > its attachments, if any. The recipient acknowledges that the views > expressed in this e-mail are those of sender and may not necessarily > reflect those of the company. There is no guarantee that the integrity > of this communication has been maintained and nor is this communication > free of viruses, interceptions or interference. The sender or the > Company accepts no liability for damage caused by any virus transmitted > in this email or error or omissions. > > -- > Maxim Konovalov > > EMAIL DISCLAIMER: Information contained and transmitted by this e-mail > and including attachment thereto is proprietary or legally privileged > information to Espire Infolabs Private Limited. It is intended for the > designated recipient(s) and purpose, and may contain information that is > privileged, confidential or exempt from disclosure under applicable law. > Access to this e-mail and/or to the attachment by anyone else is > unauthorized. If you are not the intended recipient, an agent of the > intended recipient or a person responsible for delivering the > information to the intended recipient, you are notified that any use, > copying, reproduction, dissemination, disclosure, modification, > publication of this e-mail or any information contained therein in any > way or in any manner is strictly prohibited or may be unlawful. Further, > if you are not the intended recipient, please notify the sender > immediately about mis-delivery and permanently delete this e-mail and > its attachments, if any. The recipient acknowledges that the views > expressed in this e-mail are those of sender and may not necessarily > reflect those of the company. There is no guarantee that the integrity > of this communication has been maintained and nor is this communication > free of viruses, interceptions or interference. The sender or the > Company accepts no liability for damage caused by any virus transmitted > in this email or error or omissions. > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx > > EMAIL DISCLAIMER: Information contained and transmitted by this e-mail > and including attachment thereto is proprietary or legally privileged > information to Espire Infolabs Private Limited. It is intended for the > designated recipient(s) and purpose, and may contain information that is > privileged, confidential or exempt from disclosure under applicable law. > Access to this e-mail and/or to the attachment by anyone else is > unauthorized. If you are not the intended recipient, an agent of the > intended recipient or a person responsible for delivering the > information to the intended recipient, you are notified that any use, > copying, reproduction, dissemination, disclosure, modification, > publication of this e-mail or any information contained therein in any > way or in any manner is strictly prohibited or may be unlawful. Further, > if you are not the intended recipient, please notify the sender > immediately about mis-delivery and permanently delete this e-mail and > its attachments, if any. The recipient acknowledges that the views > expressed in this e-mail are those of sender and may not necessarily > reflect those of the company. There is no guarantee that the integrity > of this communication has been maintained and nor is this communication > free of viruses, interceptions or interference. The sender or the > Company accepts no liability for damage caused by any virus transmitted > in this email or error or omissions. > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx > > > EMAIL DISCLAIMER: Information contained and transmitted by this e-mail > and including attachment thereto is proprietary or legally privileged > information to Espire Infolabs Private Limited. It is intended for the > designated recipient(s) and purpose, and may contain information that is > privileged, confidential or exempt from disclosure under applicable law. > Access to this e-mail and/or to the attachment by anyone else is > unauthorized. If you are not the intended recipient, an agent of the > intended recipient or a person responsible for delivering the > information to the intended recipient, you are notified that any use, > copying, reproduction, dissemination, disclosure, modification, > publication of this e-mail or any information contained therein in any > way or in any manner is strictly prohibited or may be unlawful. Further, > if you are not the intended recipient, please notify the sender > immediately about mis-delivery and permanently delete this e-mail and > its attachments, if any. The recipient acknowledges that the views > expressed in this e-mail are those of sender and may not necessarily > reflect those of the company. There is no guarantee that the integrity > of this communication has been maintained and nor is this communication > free of viruses, interceptions or interference. The sender or the > Company accepts no liability for damage caused by any virus transmitted > in this email or error or omissions. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx From Sam at SimpleSamples.info Mon Sep 4 15:11:29 2023 From: Sam at SimpleSamples.info (Sam Hobbs) Date: Mon, 4 Sep 2023 08:11:29 -0700 Subject: 502 Bad Gateway using Cloudflare and Kestrel In-Reply-To: <20230904080505.GA6038@daoine.org> References: <9d7bc382-7251-2c3c-510f-096f53ac2a61@SimpleSamples.info> <20230904080505.GA6038@daoine.org> Message-ID: Francis Daly wrote on 9/4/2023 1:05 AM: >> proxy_passhttp://127.0.0.1:5443; > You probably have a space after proxy_pass in your actual config; but > you probably should also have "https://" not "http://" there as well, > since your upstream service is listening for https connections. > Thank you! It works. Yes, there is a space in there. The formatting must have gotten messed up in the message you received. From David.Aldrich at EMEA.NEC.COM Wed Sep 6 15:15:11 2023 From: David.Aldrich at EMEA.NEC.COM (David Aldrich) Date: Wed, 6 Sep 2023 15:15:11 +0000 Subject: HTTP status 500 when using Nginx with Jenkins Message-ID: Hi We are using Nginx as a reverse proxy, connected to a Jenkins continuous integration server, to provide https access. Jenkins and Nginx run on the same Linux server. A certain Jenkins function is failing when accessed via https. It works correctly when accessed via http (without nginx). Therefore, we suspect that something is wrong with our Nginx configuration. In the failure condition, the browser (Edge) shows (in Developer Tools Console): POST https://jenkins-temptest./pipeline-syntax/generateSnippet 500 I don't know how to access the contents of the 500 reply. Our /etc/nginx/nginx.conf contains: user www-data; worker_processes auto; pid /run/nginx.pid; include /etc/nginx/modules-enabled/*.conf; events { worker_connections 768; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; types_hash_max_size 2048; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; } Our /etc/nginx/conf.d/ssl.conf contains: server { listen 443 ssl http2; listen [::]:443 ssl http2; # ssl on; ssl_certificate /etc/nginx/certs/jenkins-temptest.pem; ssl_certificate_key /etc/nginx/certs/jenkins-temptest.key; server_name jenkins-temptest.; location / { sendfile off; proxy_pass "http://127.0.0.1:8080"; proxy_redirect default; # proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port 443; proxy_set_header X-Forwarded-Proto $scheme; #this is the maximum upload size client_max_body_size 20m; client_body_buffer_size 128k; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_request_buffering off; # Required for HTTP CLI commands in Jenkins > 2.54 proxy_set_header Connection ""; # Clear for keepalive } location ^~ /script { return 404; } location ^~ /manage/script { return 404; } # index index.html index.htm; } Is anything obviously wrong with these? Best regards David ________________________________ David Aldrich | Consultant Engineer | NEC Telecom Modus Ltd | Olympus House, Cleeve Road, Leatherhead, Surrey, KT22 7SA, GB | t: +44 (0) 1372 381857 | m: | w: www.nec.com This email (including any attached files) is private and confidential and the exclusive property of NEC Telecom MODUS Ltd. This message is addressed exclusively to its recipient. If you have received this message by mistake, please notify the sender immediately and proceed to delete the message. Unless you have express permission to do so, please do not distribute or copy this email. Except as otherwise stated, the sender does not intend to create a legal relationship and this email shall not constitute an offer or acceptance which could give rise to a contract. View our privacy policy here : https://uk.nec.com/en_GB/emea/privacy/index.html | Registered Office: Olympus House, Business Park 5, Cleeve Road, Leatherhead, Surrey KT22 7SA | Registered in England 3493954 | From francis at daoine.org Thu Sep 7 19:22:21 2023 From: francis at daoine.org (Francis Daly) Date: Thu, 7 Sep 2023 20:22:21 +0100 Subject: HTTP status 500 when using Nginx with Jenkins In-Reply-To: References: Message-ID: <20230907192221.GB6038@daoine.org> On Wed, Sep 06, 2023 at 03:15:11PM +0000, David Aldrich wrote: Hi there, > In the failure condition, the browser (Edge) shows (in Developer Tools Console): > > POST https://jenkins-temptest./pipeline-syntax/generateSnippet 500 > > I don't know how to access the contents of the 500 reply. The Console can show the Response on the Network tab, if you select this request. But: 500 is the generic "something went wrong" message. If it was generated by nginx, there should be something in the nginx error_log about it. If it was generated by Jenkins and passed through nginx, there should be something in the Jenkins-equivalent. > Is anything obviously wrong with these? Nothing stands out as being "clearly incorrect"; so checking the logs (and maybe increasing the log level before trying again, if the message was generated by nginx) is probably the most useful next step. Good luck with it, f -- Francis Daly francis at daoine.org From baalchina at gmail.com Sat Sep 9 13:28:50 2023 From: baalchina at gmail.com (baalchina) Date: Sat, 9 Sep 2023 21:28:50 +0800 Subject: Is there anyway to filter content and return a 403 in nginx? Message-ID: Hi, I had a nginx working as reverse proxy, and all my backend are http protocol. I want to filter the content, for example, if the content has a work like 'virus', then nginx return a 403. When I looked the ngx_http_sub_module, seems it can replace the content, such as replace 'virus' to 'health', but can not return a 403? Thanks. -- from:baalchina -------------- next part -------------- An HTML attachment was scrubbed... URL: From xeioex at nginx.com Tue Sep 12 23:08:59 2023 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Tue, 12 Sep 2023 16:08:59 -0700 Subject: njs-0.8.1 Message-ID: <99d1b046-b1bf-b951-06bd-8ebab7241d55@nginx.com> Hello, I'm glad to announce a new release of NGINX JavaScript module (njs). Notable new features: - Periodic code execution: js_periodic direcrive specifies a content handler to run at regular interval. The handler receives a session object as its first argument, it also has access to global objects such as ngx. : example.conf: : location @periodics { : # to be run at 1 minute intervals in worker process 0 : js_periodic main.handler interval=60s; : : # to be run at 1 minute intervals in all worker processes : js_periodic main.handler interval=60s worker_affinity=all; : : # to be run at 1 minute intervals in worker processes 1 and 3 : js_periodic main.handler interval=60s worker_affinity=0101; : : resolver 10.0.0.1; : js_fetch_trusted_certificate /path/to/ISRG_Root_X1.pem; : } : : example.js: : async function handler(s) { : let reply = async ngx.fetch('https://nginx.org/en/docs/njs/'); : let body = async reply.text(); : : ngx.log(ngx.INFO, body); : } Learn more about njs: - Overview and introduction: https://nginx.org/en/docs/njs/ - NGINX JavaScript in Your Web Server Configuration: https://youtu.be/Jc_L6UffFOs - Extending NGINX with Custom Code: https://youtu.be/0CVhq4AUU7M - Using node modules with njs: https://nginx.org/en/docs/njs/node_modules.html - Writing njs code using TypeScript definition files: https://nginx.org/en/docs/njs/typescript.html Feel free to try it and give us feedback on: - Github: https://github.com/nginx/njs/issues - Mailing list: https://mailman.nginx.org/mailman/listinfo/nginx-devel Additional examples and howtos can be found here: - Github: https://github.com/nginx/njs-examples Changes with njs 0.8.1 12 Sep 2023 nginx modules: *) Feature: introduced js_periodic directive. The directive specifies a JS handler to run at regular intervals. *) Feature: implemented items() method for a shared dictionary. The method returns all the non-expired key-value pairs. *) Bugfix: fixed size() and keys() methods of a shared dictionary. *) Bugfix: fixed erroneous exception in r.internalRedirect() introduced in 0.8.0. Core: *) Bugfix: fixed incorrect order of keys in Object.getOwnPropertyNames(). From manuel.baesler at gmail.com Tue Sep 12 23:48:38 2023 From: manuel.baesler at gmail.com (Manuel) Date: Wed, 13 Sep 2023 01:48:38 +0200 Subject: njs-0.8.1 In-Reply-To: <99d1b046-b1bf-b951-06bd-8ebab7241d55@nginx.com> References: <99d1b046-b1bf-b951-06bd-8ebab7241d55@nginx.com> Message-ID: <42CABB4F-56A8-4146-B867-A35057EE2A95@gmail.com> Hello, thank you for all the work for njs. We will probably use it in one of our next projects. Regarding the example > let body = async reply.text(); should it be const body = await reply.next(); ? Kind regards, Manuel > Am 13.09.2023 um 01:10 schrieb Dmitry Volyntsev : > > Hello, > > I'm glad to announce a new release of NGINX JavaScript module (njs). > > Notable new features: > - Periodic code execution: > js_periodic direcrive specifies a content handler to run at regular interval. > The handler receives a session object as its first argument, it also has access > to global objects such as ngx. > > : example.conf: > : location @periodics { > : # to be run at 1 minute intervals in worker process 0 > : js_periodic main.handler interval=60s; > : > : # to be run at 1 minute intervals in all worker processes > : js_periodic main.handler interval=60s worker_affinity=all; > : > : # to be run at 1 minute intervals in worker processes 1 and 3 > : js_periodic main.handler interval=60s worker_affinity=0101; > : > : resolver 10.0.0.1; > : js_fetch_trusted_certificate /path/to/ISRG_Root_X1.pem; > : } > : > : example.js: > : async function handler(s) { > : let reply = async ngx.fetch('https://nginx.org/en/docs/njs/'); > : let body = async reply.text(); > : > : ngx.log(ngx.INFO, body); > : } > > Learn more about njs: > > - Overview and introduction: > https://nginx.org/en/docs/njs/ > - NGINX JavaScript in Your Web Server Configuration: > https://youtu.be/Jc_L6UffFOs > - Extending NGINX with Custom Code: > https://youtu.be/0CVhq4AUU7M > - Using node modules with njs: > https://nginx.org/en/docs/njs/node_modules.html > - Writing njs code using TypeScript definition files: > https://nginx.org/en/docs/njs/typescript.html > > Feel free to try it and give us feedback on: > > - Github: > https://github.com/nginx/njs/issues > - Mailing list: > https://mailman.nginx.org/mailman/listinfo/nginx-devel > > Additional examples and howtos can be found here: > > - Github: > https://github.com/nginx/njs-examples > > Changes with njs 0.8.1 12 Sep 2023 > > nginx modules: > > *) Feature: introduced js_periodic directive. > The directive specifies a JS handler to run at regular intervals. > > *) Feature: implemented items() method for a shared dictionary. > The method returns all the non-expired key-value pairs. > > *) Bugfix: fixed size() and keys() methods of a shared dictionary. > > *) Bugfix: fixed erroneous exception in r.internalRedirect() > introduced in 0.8.0. > > Core: > > *) Bugfix: fixed incorrect order of keys in > Object.getOwnPropertyNames(). > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx From xeioex at nginx.com Wed Sep 13 00:34:53 2023 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Tue, 12 Sep 2023 17:34:53 -0700 Subject: njs-0.8.1 In-Reply-To: <42CABB4F-56A8-4146-B867-A35057EE2A95@gmail.com> References: <99d1b046-b1bf-b951-06bd-8ebab7241d55@nginx.com> <42CABB4F-56A8-4146-B867-A35057EE2A95@gmail.com> Message-ID: On 12.09.2023 16:48, Manuel wrote: > Hello, > > thank you for all the work for njs. > We will probably use it in one of our next projects. > > Regarding the example > >> let body = async reply.text(); > should it be const body = await reply.next(); ? > > Kind regards, > Manuel > Hi Manuel, you you are right. It is a typo. > > >> Am 13.09.2023 um 01:10 schrieb Dmitry Volyntsev : >> >> Hello, >> >> I'm glad to announce a new release of NGINX JavaScript module (njs). >> >> Notable new features: >> - Periodic code execution: >> js_periodic direcrive specifies a content handler to run at regular interval. >> The handler receives a session object as its first argument, it also has access >> to global objects such as ngx. >> >> : example.conf: >> : location @periodics { >> : # to be run at 1 minute intervals in worker process 0 >> : js_periodic main.handler interval=60s; >> : >> : # to be run at 1 minute intervals in all worker processes >> : js_periodic main.handler interval=60s worker_affinity=all; >> : >> : # to be run at 1 minute intervals in worker processes 1 and 3 >> : js_periodic main.handler interval=60s worker_affinity=0101; >> : >> : resolver 10.0.0.1; >> : js_fetch_trusted_certificate /path/to/ISRG_Root_X1.pem; >> : } >> : >> : example.js: >> : async function handler(s) { >> : let reply = async ngx.fetch('https://nginx.org/en/docs/njs/'); >> : let body = async reply.text(); >> : >> : ngx.log(ngx.INFO, body); >> : } >> >> Learn more about njs: >> >> - Overview and introduction: >> https://nginx.org/en/docs/njs/ >> - NGINX JavaScript in Your Web Server Configuration: >> https://youtu.be/Jc_L6UffFOs >> - Extending NGINX with Custom Code: >> https://youtu.be/0CVhq4AUU7M >> - Using node modules with njs: >> https://nginx.org/en/docs/njs/node_modules.html >> - Writing njs code using TypeScript definition files: >> https://nginx.org/en/docs/njs/typescript.html >> >> Feel free to try it and give us feedback on: >> >> - Github: >> https://github.com/nginx/njs/issues >> - Mailing list: >> https://mailman.nginx.org/mailman/listinfo/nginx-devel >> >> Additional examples and howtos can be found here: >> >> - Github: >> https://github.com/nginx/njs-examples >> >> Changes with njs 0.8.1 12 Sep 2023 >> >> nginx modules: >> >> *) Feature: introduced js_periodic directive. >> The directive specifies a JS handler to run at regular intervals. >> >> *) Feature: implemented items() method for a shared dictionary. >> The method returns all the non-expired key-value pairs. >> >> *) Bugfix: fixed size() and keys() methods of a shared dictionary. >> >> *) Bugfix: fixed erroneous exception in r.internalRedirect() >> introduced in 0.8.0. >> >> Core: >> >> *) Bugfix: fixed incorrect order of keys in >> Object.getOwnPropertyNames(). >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> https://mailman.nginx.org/mailman/listinfo/nginx > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx From nothingtohide at revvy.de Sun Sep 17 13:39:19 2023 From: nothingtohide at revvy.de (Revvy) Date: Sun, 17 Sep 2023 09:39:19 -0400 Subject: Help Message-ID: <4932ded6-bc10-44d9-a8eb-a49daaed2ffe@revvy.de> I use nginx for my DNS over HTTPS and DNS over TLS. Here is my nginx.conf: user www-data; worker_processes auto; pid /run/nginx.pid; load_module /etc/nginx/modules/ngx_http_js_module.so; load_module /etc/nginx/modules/ngx_stream_js_module.so; events {     worker_connections 768; } # DNS Stream Services stream {   # Import the NJS module   js_import /etc/nginx/njs.d/dns/dns.js;   # The $dns_qname variable can be populated by preread calls, and can be used for DNS routing   js_set $dns_qname dns.get_qname;   # DNS upstream pool.   upstream dns {     zone dns 64k;     server 127.0.0.1:53;   }   # DNS(TCP) and DNS over TLS (DoT) Server   # Terminate DoT and DNS TCP, and proxy onto standard DNS   server {     listen 853 ssl;     ssl_certificate_key /etc/letsencrypt/live/revvy.de/privkey.pem;     ssl_certificate /etc/letsencrypt/live/revvy.de/fullchain.pem;     js_preread dns.preread_dns_request;     proxy_pass dns;   }   # DNS over HTTPS (gateway) Service   # Upstream can be either DNS(TCP) or DoT. If upstream is DNS, proxy_ssl should be off.   server {     listen 127.0.0.1:8053;     js_filter dns.filter_doh_request;     proxy_pass dns;   } } http {     sendfile on;     tcp_nopush on;     types_hash_max_size 2048;     variables_hash_max_size 2048;     server_names_hash_bucket_size 256;     include /etc/nginx/snippets/mime.types;     default_type application/octet-stream;     log_format main '[$time_local] $host $status $bytes_sent $uri';     fastcgi_read_timeout 300;     proxy_read_timeout 1d;     ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;     ssl_prefer_server_ciphers on;     #access_log /etc/nginx/logs/access.log main;     #access_log /etc/nginx/logs/access.log;     access_log /dev/null;     error_log /dev/null;     #error_log /etc/nginx/logs/error.log;     server_tokens off;     resolver 1.1.1.1;     include /etc/nginx/conf.d/*; } When I restart the systemd service, I am greeted with: Sep 17 13:36:52 toronto-srv-03 systemd[1]: Starting nginx.service - nginx - high performance web server... Sep 17 13:36:52 toronto-srv-03 nginx[127394]: nginx: [emerg] dlopen() "/etc/nginx/modules/ngx_http_js_module.so" failed (/etc/nginx/modules/ngx_http_js_module.so: undefined symbol: EVP_PKEY_CTX_set1_hkdf_salt) in /etc/nginx/nginx.conf:4 Sep 17 13:36:52 toronto-srv-03 systemd[1]: nginx.service: Control process exited, code=exited, status=1/FAILURE Sep 17 13:36:52 toronto-srv-03 systemd[1]: nginx.service: Failed with result 'exit-code'. Sep 17 13:36:52 toronto-srv-03 systemd[1]: Failed to start nginx.service - nginx - high performance web server. I am running on Debian 12 bookworm. From xeioex at nginx.com Sun Sep 17 16:28:24 2023 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Sun, 17 Sep 2023 09:28:24 -0700 Subject: Help In-Reply-To: <4932ded6-bc10-44d9-a8eb-a49daaed2ffe@revvy.de> References: <4932ded6-bc10-44d9-a8eb-a49daaed2ffe@revvy.de> Message-ID: <89f93aba-d676-6eb2-0ec2-57dcbde4ec00@nginx.com> On 17.09.2023 06:39, Revvy via nginx wrote: > Sep 17 13:36:52 toronto-srv-03 nginx[127394]: nginx: [emerg] dlopen() > "/etc/nginx/modules/ngx_http_js_module.so" failed > (/etc/nginx/modules/ngx_http_js_module.so: undefined symbol: > EVP_PKEY_CTX_set1_hkdf_salt) in /etc/nginx/nginx.conf:4 > > Hi Revvy, Can you please share your operation system details (name, version) and the output of the following command: nginx -V. Also, I would like to know the OpenSSL library you are using. From xeioex at nginx.com Sun Sep 17 20:17:18 2023 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Sun, 17 Sep 2023 13:17:18 -0700 Subject: Help In-Reply-To: References: <4932ded6-bc10-44d9-a8eb-a49daaed2ffe@revvy.de> <89f93aba-d676-6eb2-0ec2-57dcbde4ec00@nginx.com> Message-ID: On 17.09.2023 11:28, Revvy wrote: > > $ uname -a > Linux toronto-srv-03 6.1.0-12-amd64 #1 SMP PREEMPT_DYNAMIC Debian > 6.1.52-1 (2023-09-07) x86_64 GNU/Linux > > $ lsb_release -a > No LSB modules are available. > Distributor ID: Debian > Description:    Debian GNU/Linux 12 (bookworm) > Release:        12 > Codename:       bookworm > > $ /sbin/nginx -V > nginx version: nginx/1.24.0 > built by gcc 10.2.1 20210110 (Debian 10.2.1-6) > built with OpenSSL 1.1.1n  15 Mar 2022 > TLS SNI support enabled > configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx > --modules-path=/usr/lib/nginx/modules > --conf-path=/etc/nginx/nginx.conf > --error-log-path=/var/log/nginx/error.log > --http-log-path=/var/log/nginx/access.log > --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock > --http-client-body-temp-path=/var/cache/nginx/client_temp > --http-proxy-temp-path=/var/cache/nginx/proxy_temp > --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp > --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp > --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx > --group=nginx --with-compat --with-file-aio --with-threads > --with-http_addition_module --with-http_auth_request_module > --with-http_dav_module --with-http_flv_module > --with-http_gunzip_module --with-http_gzip_static_module > --with-http_mp4_module --with-http_random_index_module > --with-http_realip_module --with-http_secure_link_module > --with-http_slice_module --with-http_ssl_module > --with-http_stub_status_module --with-http_sub_module > --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream > --with-stream_realip_module --with-stream_ssl_module > --with-stream_ssl_preread_module --with-cc-opt='-g -O2 > -ffile-prefix-map=/data/builder/debuild/nginx-1.24.0/debian/debuild-base/nginx-1.24.0=. > -fstack-protector-strong -Wformat -Werror=format-security > -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now > -Wl,--as-needed -pie' > > $ openssl version > OpenSSL 3.0.9 30 May 2023 (Library: OpenSSL 3.0.9 30 May 2023) > > I think I see the problem now. I am using Debian /bookworm/ and the > official nginx repos for Debian /bookworm/. > > $ cat /etc/apt/sources.list.d/nginx.list > deb [signed-by=/usr/share/keyrings/nginx-archive-keyring.gpg] > http://nginx.org/packages/debian bookworm nginx > > That version is built with OpenSSL 1.1.1n and the updated Debian > bookworm version is OpenSSL 3.0.9. Is that the problem? > > Yes, this looks like the reason for a problem . > Another thing I should have mentioned is this issue only popped up > after I upgraded the nginx-module-njs and nginx packages, the same > configuration was working fine before. > > Can you, please, share the current version of njs packet  and the version you used before? > On 9/17/23 12:28, Dmitry Volyntsev wrote: >> >> On 17.09.2023 06:39, Revvy via nginx wrote: >>> Sep 17 13:36:52 toronto-srv-03 nginx[127394]: nginx: [emerg] >>> dlopen() "/etc/nginx/modules/ngx_http_js_module.so" failed >>> (/etc/nginx/modules/ngx_http_js_module.so: undefined symbol: >>> EVP_PKEY_CTX_set1_hkdf_salt) in /etc/nginx/nginx.conf:4 >>> >>> >> >> Hi Revvy, >> >> Can you please share your operation system details (name, version) >> and the output of the following command: nginx -V. Also, I would like >> to know the OpenSSL library you are using. >> From nothingtohide at revvy.de Mon Sep 18 09:53:35 2023 From: nothingtohide at revvy.de (Revvy) Date: Mon, 18 Sep 2023 05:53:35 -0400 Subject: Help Message-ID: <298d9e3f-e2dd-401a-80d8-22bdf32e4603@revvy.de> After compiling nginx 1.24.0 from the source tarball, using identical configure arguments, it just works. $ /sbin/nginx -V nginx version: nginx/1.24.0 built by gcc 12.2.0 (Debian 12.2.0-14) built with OpenSSL 3.0.9 30 May 2023 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-compat --with-file-aio --with-threads --with-http_addition_module --with-http_auth_request_module --with-http_dav_module --with-http_flv_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_mp4_module --with-http_random_index_module --with-http_realip_module --with-http_secure_link_module --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-http_sub_module --with-http_v2_module --with-mail --with-mail_ssl_module --with-stream --with-stream_realip_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-cc-opt='-g -O2 -ffile-prefix-map=/data/builder/debuild/nginx-1.24.0/debian/debuild-base/nginx-1.24.0=. -fstack-protector-strong -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fPIC' --with-ld-opt='-Wl,-z,relro -Wl,-z,now -Wl,--as-needed -pie' Checked my dpkg.log, I might've misremembered upgrading nginx, only nginx-module-njs Before I was using nginx-module-njs:amd64 1.24.0+0.8.0-1~bullseye Now nginx-module-njs:amd64 1.24.0+0.8.1-1~bookworm From bmesander at cardinalpeak.com Mon Sep 18 15:27:36 2023 From: bmesander at cardinalpeak.com (Ben Mesander) Date: Mon, 18 Sep 2023 09:27:36 -0600 Subject: module which handles POST request help Message-ID: I'm working on an nginx module which will handle POST requests. I've never written an nginx module before, but I have worked on apache modules. My goal is to have it do unbuffered reads and process the data being posted as it arrives. Initially, I'm doing just a simple blocking read of the POST body. I've simplified things down almost to the "hello world" level. When I do a POST, my module gets called, but I get a 404 not found, I am not sure why. I do see the file I post being uploaded and stored in a file in the nginx temporary file area. I do not see an entry in the access log showing the POST, again I am not sure why. How can I fix these things? Source to my module: https://github.com/benmesander/ngx-dashll-module/tree/main Results of sending a POST request: bmesander at o-bmesander-D093Y Downloads % curl -v -X POST -H "Content-Type: application/json" -d @chrome-net-export-log.json http://www:80/upload Note: Unnecessary use of -X or --request, POST is already inferred. * Trying x.x.x.x:80... * Connected to www (x.x.x.x) port 80 (#0) > POST /upload HTTP/1.1 > Host: www > User-Agent: curl/7.86.0 > Accept: */* > Content-Type: application/json > Content-Length: 777095 > * We are completely uploaded and fine * Mark bundle as not supporting multiuse < HTTP/1.1 404 Not Found < Server: nginx/1.25.3 < Date: Mon, 18 Sep 2023 15:11:35 GMT < Content-Type: text/html < Content-Length: 153 < Connection: keep-alive < 404 Not Found

404 Not Found

nginx/1.25.3
* Connection #0 to host www left intact Here is how I am building nginx & my module: auto/configure --with-debug --with-cc-opt="-fsanitize=address -DNGX_DEBUG_PALLOC=1" --with-ld-opt="-fsanitize=address" --add-module=../ ngx-dashll-module Thank you, Ben -- *Ben Mesander **C**ARDINAL**P**EAK* (303) 570-1606 | Email | Web | Company Blog | LinkedIn -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Tue Sep 19 00:45:37 2023 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 19 Sep 2023 03:45:37 +0300 Subject: module which handles POST request help In-Reply-To: References: Message-ID: Hello! On Mon, Sep 18, 2023 at 09:27:36AM -0600, Ben Mesander via nginx wrote: > I'm working on an nginx module which will handle POST requests. I've never > written an nginx module before, but I have worked on apache modules. My > goal is to have it do unbuffered reads and process the data being posted as > it arrives. Initially, I'm doing just a simple blocking read of the POST > body. I've simplified things down almost to the "hello world" level. > > When I do a POST, my module gets called, but I get a 404 not found, I am > not sure why. I do see the file I post being uploaded and stored in a file > in the nginx temporary file area. I do not see an entry in the access log > showing the POST, again I am not sure why. How can I fix these things? > > Source to my module: > https://github.com/benmesander/ngx-dashll-module/tree/main In no particular order: Your module registers an access phase handler, which means it is to either accept or reject requests for later processing with other handlers. Unless you do something to handle the request, the 404 response code is the most expected one, and likely the reason why you are getting 404 response. Your module fails to properly account for request reference counting as needed during request body reading: you fail to call ngx_http_finalize_request() after calling ngx_http_read_client_request_body() during phase processing before the content phase. Due to reference count leak the request will hang during termination, waiting for the ngx_http_finalize_request() call (which will never happen). That's why you are not seeing the request in the access log - the request is still running. Also, your module fails to properly restore phase processing after you've stopped it to read the request body: in addition to calling ngx_http_core_run_phases() you have to restore r->write_event_handler, since it can be overwritten during request body reading. In general, if you want to read the request body during the access phase, consider looking into the mirror module request body handling: http://hg.nginx.org/nginx/file/tip/src/http/modules/ngx_http_mirror_module.c#l104 If you actually want to handle such requests yourself, consider instead using a content handler. In a content handler request finalization happens automatically, and there is no need to recover phase processing, so reading the request body is more or less trivial. An example code can be seen in the development guide: http://nginx.org/en/docs/dev/development_guide.html#http_request_body Hope this helps. -- Maxim Dounin http://mdounin.ru/ From davama at gmail.com Tue Sep 19 15:06:44 2023 From: davama at gmail.com (Dave Macias) Date: Tue, 19 Sep 2023 11:06:44 -0400 Subject: dynamically redirect auth_request Message-ID: Hello, Hope you are doing well. We currently use Authelia to authenticate users but want to add a redundant Authelia server so that users can continue to access the content. Put simply our current nginx config is: server { location / { auth_request /authelia; error_page 401 =302 https://authelia1.domain.net/?rd=$target_url ; } set upstream_authelia https://authelia1.domain.net/api/verify ; location /authelia { internal; proxy_pass $upstream_authelia; } } Things I have tried: With lua-resty-upstream-healthcheck and the below upstream: upstream authelia_cluster { least_conn; server authelia1.domain.net:443; server authelia2.domain:443 backup; keepalive 60; } With this I am able to dynamically render content based on the available upstream authelia server but cannot translate that to authentication with `auth_request`. location /test { proxy_pass https://authelia_cluster/metrics; } My guess as to most simplest solution is to dynamically set the upstream_authelia variable and the error_page setting based on the available upstream authelia_cluster server but I am not sure how. Any input is much appreciated! Best, Dave -------------- next part -------------- An HTML attachment was scrubbed... URL: From davama at gmail.com Tue Sep 19 21:25:34 2023 From: davama at gmail.com (Dave Macias) Date: Tue, 19 Sep 2023 17:25:34 -0400 Subject: dynamically redirect auth_request In-Reply-To: References: Message-ID: figured it out using lua-resty-http i created a simple lua script which checks both uris and returns the correct url for the active one: local http = require "resty.http" local httpc = http.new() local res1, err1 = httpc:request_uri("https://authelia1.domain.net", { method = "GET", keepalive_timeout = 60000, keepalive_pool = 10, ssl_verify = false }) if res1.status == 200 then ngx.var.authelia_uri = 'https://authelia1.domain.net' else local res2, err2 = httpc:request_uri("https://authelia2.domain.net", { method = "GET", keepalive_timeout = 60000, keepalive_pool = 10, ssl_verify = false }) if res2.status == 200 then ngx.var.authelia_uri = 'https://authelia2.domain.net' end end then on my nginx config i have: server { location / { set $authelia_uri ""; rewrite_by_lua_file /etc/nginx/health_check.lua; add_header X-Authelia-Uri "$authelia_uri"; # just for debugging auth_request /authelia; error_page 401 =302 $authelia_uri/?rd=$target_url; } set upstream_authelia $authelia_uri/api/verify; } With this my app is protected with the active authelia server. Not sure if the best setup but it works. Thanks On Tue, Sep 19, 2023 at 11:06 AM Dave Macias wrote: > Hello, > > Hope you are doing well. > We currently use Authelia to authenticate users but want to add a > redundant Authelia server so that users can continue to access the content. > > Put simply our current nginx config is: > > server { > location / { > auth_request /authelia; > error_page 401 =302 https://authelia1.domain.net/?rd=$target_url > ; > } > set upstream_authelia https://authelia1.domain.net/api/verify > ; > location /authelia { > internal; > proxy_pass $upstream_authelia; > } > } > > Things I have tried: > > With lua-resty-upstream-healthcheck > and the > below upstream: > > upstream authelia_cluster { > least_conn; > server authelia1.domain.net:443; > server authelia2.domain:443 backup; > keepalive 60; > } > > With this I am able to dynamically render content based on the available > upstream authelia server but cannot translate that to authentication with > `auth_request`. > > location /test { > proxy_pass https://authelia_cluster/metrics; > } > > My guess as to most simplest solution is to dynamically set the > upstream_authelia variable and the error_page setting based on > the available upstream authelia_cluster server but I am not sure how. > > Any input is much appreciated! > > Best, > Dave > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bmesander at cardinalpeak.com Tue Sep 19 22:21:58 2023 From: bmesander at cardinalpeak.com (Ben Mesander) Date: Tue, 19 Sep 2023 16:21:58 -0600 Subject: module which handles POST request help (Maxim Dounin) In-Reply-To: References: Message-ID: Hi Maxim, Thank you for your helpful response! I have made (partial) changes to my code to reflect your comments. I better understand the phase mechanism now, thank you. > If you actually want to handle such requests yourself, > consider instead using a content handler. In a content handler > request finalization happens automatically, and there is no need > to recover phase processing, so reading the request body is more > or less trivial. An example code can be seen in the development > guide: > > http://nginx.org/en/docs/dev/development_guide.html#http_request_body I think in this case I definitely want to use a content handler. I will point out one item I found confusing is the example cited doesn't show how to hook up the phase handler to nginx - it will never be called. I am looking at other modules in order to understand how this is done. Best Regards, Ben -------------- next part -------------- An HTML attachment was scrubbed... URL: From lance at wordkeeper.com Wed Sep 20 16:47:48 2023 From: lance at wordkeeper.com (Lance Dockins) Date: Wed, 20 Sep 2023 11:47:48 -0500 Subject: Unnecessary Log Entry? Message-ID: Is there a reason that Nginx continuously logs the sort of message below in the info log when client_body_in_file_only is set to either "clean" or "on"? Regardless of which of those two settings you're using for that directive, the request body is always going to be buffered to a temporary file (that is the whole point of that setting). "[notice] 3951130#3951130: *769735 a client request body is buffered to a temporary file" Seems like even the info log should be suppressing that notice if you're using settings that force the request body to a temp file. Getting good info out of the info log is proving to be difficult when the log is flooded with information that is just reaffirming that you have a setting in place to do exactly what the log is saying. Certainly we can grep around it too. But it's also bloating the info logs so that isn't great either. -- Lance Dockins -------------- next part -------------- An HTML attachment was scrubbed... URL: From lance at wordkeeper.com Wed Sep 20 16:55:39 2023 From: lance at wordkeeper.com (Lance Dockins) Date: Wed, 20 Sep 2023 11:55:39 -0500 Subject: Debugging Nginx Memory Spikes on Production Servers Message-ID: Are there any best practices or processes for debugging sudden memory spikes in Nginx on production servers? We have a few very high-traffic servers that are encountering events where the Nginx process memory suddenly spikes from around 300mb to 12gb of memory before being shut down by an out-of-memory termination script. We don't have Nginx compiled with debug mode and even if we did, I'm not sure that we could enable that without overly taxing the server due to the constant high traffic load that the server is under. Since it's a server with public websites on it, I don't know that we could filter the debug log to a single IP either. Access, error, and info logs all seem to be pretty normal. Internal monitoring of the Nginx process doesn't suggest that there are major connection spikes either. Theoretically, it is possible that there is just a very large sudden burst of traffic coming in that is hitting our rate limits very hard and bumping the memory that Nginx is using until the OOM termination process closes Nginx (which would prevent Nginx from logging the traffic). We just don't have a good way to see where the memory in Nginx is being allocated when these sorts of spikes occur and are looking for any good insight into how to go about debugging that sort of thing on a production server. Any insights into how to go about troubleshooting it? -- Lance Dockins -------------- next part -------------- An HTML attachment was scrubbed... URL: From manuel.baesler at gmail.com Wed Sep 20 17:17:49 2023 From: manuel.baesler at gmail.com (Manuel) Date: Wed, 20 Sep 2023 19:17:49 +0200 Subject: Debugging Nginx Memory Spikes on Production Servers In-Reply-To: References: Message-ID: <7BA3EDD0-E24D-4CBB-A9CF-79C1625ADFA8@gmail.com> Hello, apparently you could look into dmesg. There should be a stacktrace of the process. Also you could somehow start nginx with gdb. You could also log all request and then when the server crashed try to replay them to be confident that the crash is reproducible. What does ChatGpt says? 😅 Do you run the latest nginx version? Any obscure modules / extensions? Kind regards, Manuel > Am 20.09.2023 um 18:56 schrieb Lance Dockins : > >  > Are there any best practices or processes for debugging sudden memory spikes in Nginx on production servers? We have a few very high-traffic servers that are encountering events where the Nginx process memory suddenly spikes from around 300mb to 12gb of memory before being shut down by an out-of-memory termination script. We don't have Nginx compiled with debug mode and even if we did, I'm not sure that we could enable that without overly taxing the server due to the constant high traffic load that the server is under. Since it's a server with public websites on it, I don't know that we could filter the debug log to a single IP either. > > Access, error, and info logs all seem to be pretty normal. Internal monitoring of the Nginx process doesn't suggest that there are major connection spikes either. Theoretically, it is possible that there is just a very large sudden burst of traffic coming in that is hitting our rate limits very hard and bumping the memory that Nginx is using until the OOM termination process closes Nginx (which would prevent Nginx from logging the traffic). We just don't have a good way to see where the memory in Nginx is being allocated when these sorts of spikes occur and are looking for any good insight into how to go about debugging that sort of thing on a production server. > > Any insights into how to go about troubleshooting it? > > -- > Lance Dockins > > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Wed Sep 20 18:41:34 2023 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 20 Sep 2023 21:41:34 +0300 Subject: Unnecessary Log Entry? In-Reply-To: References: Message-ID: Hello! On Wed, Sep 20, 2023 at 11:47:48AM -0500, Lance Dockins wrote: > Is there a reason that Nginx continuously logs the sort of message below in > the info log when client_body_in_file_only is set to either "clean" or > "on"? Regardless of which of those two settings you're using for that > directive, the request body is always going to be buffered to a temporary > file (that is the whole point of that setting). > > "[notice] 3951130#3951130: *769735 a client request body is buffered to a > temporary file" > > Seems like even the info log should be suppressing that notice if you're > using settings that force the request body to a temp file. That's exactly the reason why it is logged at the "notice" level, and not "warn" as it used to be under normal conditions. If you don't want to see these messages, consider configuring error_log logging level to a higher one, see http://nginx.org/r/error_log for details. -- Maxim Dounin http://mdounin.ru/ From mdounin at mdounin.ru Wed Sep 20 19:07:16 2023 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 20 Sep 2023 22:07:16 +0300 Subject: Debugging Nginx Memory Spikes on Production Servers In-Reply-To: References: Message-ID: Hello! On Wed, Sep 20, 2023 at 11:55:39AM -0500, Lance Dockins wrote: > Are there any best practices or processes for debugging sudden memory > spikes in Nginx on production servers? We have a few very high-traffic > servers that are encountering events where the Nginx process memory > suddenly spikes from around 300mb to 12gb of memory before being shut down > by an out-of-memory termination script. We don't have Nginx compiled with > debug mode and even if we did, I'm not sure that we could enable that > without overly taxing the server due to the constant high traffic load that > the server is under. Since it's a server with public websites on it, I > don't know that we could filter the debug log to a single IP either. > > Access, error, and info logs all seem to be pretty normal. Internal > monitoring of the Nginx process doesn't suggest that there are major > connection spikes either. Theoretically, it is possible that there is just > a very large sudden burst of traffic coming in that is hitting our rate > limits very hard and bumping the memory that Nginx is using until the OOM > termination process closes Nginx (which would prevent Nginx from logging > the traffic). We just don't have a good way to see where the memory in > Nginx is being allocated when these sorts of spikes occur and are looking > for any good insight into how to go about debugging that sort of thing on a > production server. > > Any insights into how to go about troubleshooting it? In no particular order: - Make sure you are monitoring connection and request numbers as reported by the stub_status module as well as memory usage. - Check 3rd party modules you are using, if there are any - try disabling them. - If you are using subrequests, such as with SSI, make sure these won't generate enormous number of subrequests. - Check your configuration for buffer sizes and connection limits, and make sure that your server can handle maximum memory allocation without invoking the OOM Killer, that is: worker_processes * worker_connections * (total amount of various buffers as allocated per connection). If not, consider reducing various parts of the equation. Hope this helps. -- Maxim Dounin http://mdounin.ru/ From lance at wordkeeper.com Thu Sep 21 03:37:10 2023 From: lance at wordkeeper.com (Lance Dockins) Date: Wed, 20 Sep 2023 22:37:10 -0500 Subject: Debugging Nginx Memory Spikes on Production Servers In-Reply-To: References: Message-ID: <4256e11a-298b-4e3c-8d02-2f415bfdd265@Canary> Thank you, Maxim. I’ve been doing some testing since I reached out earlier and I’m not sure whether I’m looking at a memory leak in Nginx/NJS or whether I’m looking at some sort of quirk in how memory stats are being reported by Nginx. All that I know is that my testing looks like a memory leak and under the right conditions, I've seen what appears to be a single Nginx worker thread run away with its memory use until my OOM monitor terminates the thread (which also seems to have some connection with memory use and file I/O). While trying to use some buffers for large file reads in NJS, I started noticing strange memory behavior in basic file operations. To keep a long story short, I use NJS to control some elements of Nginx and it seems like any form of file I/O in NJS is causing NJS to leak memory. As it stands, I'm not really using many Nginx modules to begin with but to reduce the potential for 3rd party module problems, I recompiled Nginx with nothing but Nginx and NJS. I’m using Nginx 1.23.4 and NJS 0.8.1 but I’ve seen the same behavior with earlier versions of Nginx and NJS. I’ve tried this with several different tests and I see the same thing with all variations. Any form of repeat file I/O “seems” like it is leaking memory. Here is some sample code that I used in a test. In the http block, I’ve imported a test.js script that I then use to set a variable with js_set js_set $test test.test; At the top of the server block after the minimum set of needed server definitions (server_name, etc) if ($test = 1) { return 200; } In the test.js file: function test(r){ let i = 0; while(i < 500){ i++; r.log(njs.memoryStats.size); } return 1; } export default {test} Checking the memory use in the info logs after this shows this. Start of loop: 2023/09/20 21:42:15 [info] 1394272#1394272: *113 js: 32120 2023/09/20 21:42:15 [info] 1394272#1394272: *113 js: 40312 End of loop: 2023/09/20 21:42:15 [info] 1394272#1394272: *113 js: 499064 2023/09/20 21:42:15 [info] 1394272#1394272: *113 js: 499064 If you increase the loop to higher #’s of loops, it just keeps going. Here’s the end of the loop on 10000 runs: 2023/09/20 21:57:04 [info] 1404965#1404965: *4 js: 4676984 2023/09/20 21:57:04 [info] 1404965#1404965: *4 js: 4676984 The moment that I move the r.log statements out of the loop, the start/end memory use appears to be about the same as the start of the loop memory above. So this seems to have some sort of correlation with the amount of data being written to the file. Given that Nginx log writes are supposed to be using buffered writes according to the Nginx docs, I would expect the max memory used during log writes to cap out at some much lower value. We’re not specifying a buffer size so the default of 64k should apply here but by the end of the test loop above, we’re sitting at either 0.5mb or 4.6mb depending on which of the loop sizes (1000 vs 10000) we’re looking at. The problem is that I am actually trying to sort out a memory issue that I think has to do with large file reads rather than writes and since I’m getting this sort of high memory use data when just writing to log files to test things out, it makes it appear as if the problem is both for file reads and file writes so I have no idea whether buffered file reads are using less memory than reading the entire file into memory or not. A buffered read “should” use less total memory. But since the end memory stats in any testing that I do look the same either way, I can’t tell. I’ve seen the exact same memory behavior with fs.appendFileSync. So regardless of whether I use r.log, r.error, or fs.appendFileSync to write to some file that isn’t a default Nginx log file, I’m getting this output that suggests a memory leak. So it’s not specific to log file writes. I realize that these test cases aren’t necessarily realistic as large batches of file writes (or just large file writes) from NJS are likely going to be far less common than large file reads. But either way, whether it’s a large file read that isn’t constricting its memory footprint to the buffer that it’s assigned or whether it’s file writes doing the same, it seems like a problem. So I guess my question at the moment is whether endless memory use growth being reported by njs.memoryStats.size after file writes is some sort of false positive tied to quirks in how memory use is being reported or whether this is indicative of a memory leak? Any insight would be appreicated. — Lance Dockins > On Wednesday, Sep 20, 2023 at 2:07 PM, Maxim Dounin wrote: > Hello! > > On Wed, Sep 20, 2023 at 11:55:39AM -0500, Lance Dockins wrote: > > > Are there any best practices or processes for debugging sudden memory > > spikes in Nginx on production servers? We have a few very high-traffic > > servers that are encountering events where the Nginx process memory > > suddenly spikes from around 300mb to 12gb of memory before being shut down > > by an out-of-memory termination script. We don't have Nginx compiled with > > debug mode and even if we did, I'm not sure that we could enable that > > without overly taxing the server due to the constant high traffic load that > > the server is under. Since it's a server with public websites on it, I > > don't know that we could filter the debug log to a single IP either. > > > > Access, error, and info logs all seem to be pretty normal. Internal > > monitoring of the Nginx process doesn't suggest that there are major > > connection spikes either. Theoretically, it is possible that there is just > > a very large sudden burst of traffic coming in that is hitting our rate > > limits very hard and bumping the memory that Nginx is using until the OOM > > termination process closes Nginx (which would prevent Nginx from logging > > the traffic). We just don't have a good way to see where the memory in > > Nginx is being allocated when these sorts of spikes occur and are looking > > for any good insight into how to go about debugging that sort of thing on a > > production server. > > > > Any insights into how to go about troubleshooting it? > > In no particular order: > > - Make sure you are monitoring connection and request numbers as > reported by the stub_status module as well as memory usage. > > - Check 3rd party modules you are using, if there are any - try > disabling them. > > - If you are using subrequests, such as with SSI, make sure these > won't generate enormous number of subrequests. > > - Check your configuration for buffer sizes and connection limits, > and make sure that your server can handle maximum memory > allocation without invoking the OOM Killer, that is: > worker_processes * worker_connections * (total amount of various > buffers as allocated per connection). If not, consider reducing > various parts of the equation. > > Hope this helps. > > -- > Maxim Dounin > http://mdounin.ru/ > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From lance at wordkeeper.com Thu Sep 21 03:41:13 2023 From: lance at wordkeeper.com (Lance Dockins) Date: Wed, 20 Sep 2023 22:41:13 -0500 Subject: Unnecessary Log Entry? In-Reply-To: References: Message-ID: <34fc2895-f93f-4f34-8630-fd84072c55e6@Canary> Thank you. Normally I don’t even use the info logs but while troubleshooting a memory problem, I was looking through them and noticed that even just using an error_log file at the info level was writing a ton of data despite that config. I guess I can just shut the info log back off. — Lance Dockins > On Wednesday, Sep 20, 2023 at 1:41 PM, Maxim Dounin wrote: > Hello! > > On Wed, Sep 20, 2023 at 11:47:48AM -0500, Lance Dockins wrote: > > > Is there a reason that Nginx continuously logs the sort of message below in > > the info log when client_body_in_file_only is set to either "clean" or > > "on"? Regardless of which of those two settings you're using for that > > directive, the request body is always going to be buffered to a temporary > > file (that is the whole point of that setting). > > > > "[notice] 3951130#3951130: *769735 a client request body is buffered to a > > temporary file" > > > > Seems like even the info log should be suppressing that notice if you're > > using settings that force the request body to a temp file. > > That's exactly the reason why it is logged at the "notice" level, > and not "warn" as it used to be under normal conditions. If you > don't want to see these messages, consider configuring error_log > logging level to a higher one, see http://nginx.org/r/error_log > for details. > > -- > Maxim Dounin > http://mdounin.ru/ > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From xeioex at nginx.com Thu Sep 21 06:45:15 2023 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Wed, 20 Sep 2023 23:45:15 -0700 Subject: Debugging Nginx Memory Spikes on Production Servers In-Reply-To: <4256e11a-298b-4e3c-8d02-2f415bfdd265@Canary> References: <4256e11a-298b-4e3c-8d02-2f415bfdd265@Canary> Message-ID: <276276f5-3e01-de42-5363-fc4a4468e3a3@nginx.com> On 20.09.2023 20:37, Lance Dockins wrote: > So I guess my question at the moment is whether endless memory use > growth being reported by njs.memoryStats.size after file writes is > some sort of false positive tied to quirks in how memory use is being > reported or whether this is indicative of a memory leak?  Any insight > would be appreicated. Hi Lance, The reason njs.memoryStats.size keeps growing is because NJS uses arena memory allocator linked to a current request and a new object representing memoryStats structure is returned every time njs.memoryStats is accessed. Currently NJS does not free most of the internal objects and structures until the current request is destroyed because it is not intended for a long running code. Regarding the sudden memory spikes, please share some details about JS code you are using. One place to look is to analyze the amount of traffic that goes to NJS locations and what exactly those location do. From lance at wordkeeper.com Thu Sep 21 13:50:31 2023 From: lance at wordkeeper.com (Lance Dockins) Date: Thu, 21 Sep 2023 08:50:31 -0500 Subject: Debugging Nginx Memory Spikes on Production Servers In-Reply-To: <276276f5-3e01-de42-5363-fc4a4468e3a3@nginx.com> References: <4256e11a-298b-4e3c-8d02-2f415bfdd265@Canary> <276276f5-3e01-de42-5363-fc4a4468e3a3@nginx.com> Message-ID: <051b2615-237b-4e51-b7b3-50de6cf6dee7@Canary> Thanky you, Dmitry. One question before I describe what we are doing with NJS. I did read about the VM handling process before switching from Lua to NJS and it sounded very practical but my current understanding is that there could be multiple VM’s instantiated for a single request. A js_set, js_content, and js_header_filter directive that applies to a single request, for example, would instantiate 3 VMs. And were you to need to set multiple variables with js_set, then keep adding to that # of VMs. My original understanding of that was that those VMs would be destroyed once they exited so even if you had multiple VMs instantiated per request, the memory impact would not be cumulative in a single request. Is that understanding correct? Or are you saying that each VM accumulates more and more memory until the entire request completes? As far as how we’re using NJS, we’re mostly using it for header filters, internal redirection, and access control. So there really shouldn’t be a threat to memory in most instances unless we’re not just dealing with a single request memory leak inside of a VM but also a memory leak that involves every VM that NJS instantiates just accumulating memory until the request completes. Right now, my working theory about what is most likely to be creating the memory spikes has to do with POST body analysis. Unfortunately, some of the requests that I have to deal with are POSTs that have to either be denied access or routed differently depending on the contents of the POST body. Unfortunately, these same routes can vary in the size of the POST body and I have no control over how any of that works because the way it works is controlled by third parties. One of those third parties has significant market share on the internet so we can’t really avoid dealing with it. In any case, before we switched to NJS, we were using Lua to do the same things and that gave us the advantage of doing both memory cleanup if needed and also doing easy analysis of POST body args. I was able to do this sort of thing with Lua before: local post_args, post_err = ngx.req.get_post_args() if post_args.arg_name = something then But in NJS, there’s no such POST body utility so I had to write my own. The code that I use to parse out the POST body works for both URL encoded POST bodies and multipart POST bodies, but it has to read the entire POST into a variable before I can use it. For small POSTs, that’s not a problem. For larger POSTs that contain a big attachment, it would be. Ultimately, I only care about the string key/value pairs for my purposes (not file attachments) so I was hoping to discard attachment data while parsing the body. I think that that is actually how Lua’s version of this works too. So my next thought was that I could use a Buffer and rs.readSync to read the POST body in buffer frames to keep memory minimal so that I could could discard the any file attachments from the POST body and just evaluate the key/value data that uses simple strings. But from what you’re saying, it sounds like there’s basically no difference between fs.readSync w/ a Buffer and rs.readFileSync in terms of actual memory use. So either way, with a large POST body, you’d be steamrolling the memory use in a single Nginx worker thread. When I had to deal with stuff like this in Lua, I’d just run collectgarbage() to clean up memory and it seemed to work fine. But then I also wasn’t having to parse out the POST body myself in Lua either. It’s possible that something else is going on other than that. qs.parse seems like it could get us into some trouble if the query_string that was passed was unusuall long too from what you’re saying about how memory is handled. None of the situations that I’m handling are for long running requests. They’re all designed for very fast requests that come into the servers that I manage on a constant basis. If you can shed some light on the way that VM’s and their memory are handled per my question above and any insights into what to do about this type of situation, that would help a lot. I don’t know if there are any plans to offer a POST body parsing feature in NJS for those that need to evalute POST body data like how Lua did it, but if there was some way to be able to do that at the Nginx layer instead of at the NJS layer, it seems like that could be a lot more sensitive to memory use. Right now, if my understanding is correct, the only option that I’d even have would be to just stop doing POST body handling if the POST body is above a certain total size. I guess if there was some way to forcibly free memory, that would help too. But I don’t think that that is as common of a problem as having to deal with very large query strings that some third party appends to a URL (probably maliciously) and/or a very large file upload attached to a multipart POST. So the only concern that I’d have about memory in a situation where I don’t have to worry about memory when parsing a larger file woudl be if multiple js_sets and such would just keep spawning VMs and accumulating memory during a single request. Any thoughts? — Lance Dockins > On Thursday, Sep 21, 2023 at 1:45 AM, Dmitry Volyntsev wrote: > > On 20.09.2023 20:37, Lance Dockins wrote: > > So I guess my question at the moment is whether endless memory use > > growth being reported by njs.memoryStats.size after file writes is > > some sort of false positive tied to quirks in how memory use is being > > reported or whether this is indicative of a memory leak? Any insight > > would be appreicated. > > Hi Lance, > The reason njs.memoryStats.size keeps growing is because NJS uses arena > memory allocator linked to a current request and a new object > representing memoryStats structure is returned every time > njs.memoryStats is accessed. Currently NJS does not free most of the > internal objects and structures until the current request is destroyed > because it is not intended for a long running code. > > Regarding the sudden memory spikes, please share some details about JS > code you are using. > One place to look is to analyze the amount of traffic that goes to NJS > locations and what exactly those location do. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From xeioex at nginx.com Thu Sep 21 22:01:41 2023 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Thu, 21 Sep 2023 15:01:41 -0700 Subject: Debugging Nginx Memory Spikes on Production Servers In-Reply-To: <051b2615-237b-4e51-b7b3-50de6cf6dee7@Canary> References: <4256e11a-298b-4e3c-8d02-2f415bfdd265@Canary> <276276f5-3e01-de42-5363-fc4a4468e3a3@nginx.com> <051b2615-237b-4e51-b7b3-50de6cf6dee7@Canary> Message-ID: <85519d12-0638-4cab-a21c-b8617885a13a@nginx.com> On 9/21/23 6:50 AM, Lance Dockins wrote: Hi Lance, See my comments below. > Thanky you, Dmitry. > > One question before I describe what we are doing with NJS.  I did read > about the VM handling process before switching from Lua to NJS and it > sounded very practical but my current understanding is that there > could be multiple VM’s instantiated for a single request.  A js_set, > js_content, and js_header_filter directive that applies to a single > request, for example, would instantiate 3 VMs.  And were you to need > to set multiple variables with js_set, then keep adding to that # of VMs. > > This is not correct. For js_set, js_content and js_header_filter there is only a single VM. The internalRedirect() is the exception, because a VM does not survive it, but the previous VMs will not be freed until current request is finished. BTW, a VM instance itself is pretty small in size (~2kb) so it should not be a problem if you have a reasonable number of redirects. > > My original understanding of that was that those VMs would be > destroyed once they exited so even if you had multiple VMs > instantiated per request, the memory impact would not be cumulative in > a single request.  Is that understanding correct?  Or are you saying > that each VM accumulates more and more memory until the entire request > completes? > > As far as how we’re using NJS, we’re mostly using it for header > filters, internal redirection, and access control.  So there really > shouldn’t be a threat to memory in most instances unless we’re not > just dealing with a single request memory leak inside of a VM but also > a memory leak that involves every VM that NJS instantiates just > accumulating memory until the request completes. > > Right now, my working theory about what is most likely to be creating > the memory spikes has to do with POST body analysis.  Unfortunately, > some of the requests that I have to deal with are POSTs that have to > either be denied access or routed differently depending on the > contents of the POST body.  Unfortunately, these same routes can vary > in the size of the POST body and I have no control over how any of > that works because the way it works is controlled by third parties. >  One of those third parties has significant market share on the > internet so we can’t really avoid dealing with it. > > In any case, before we switched to NJS, we were using Lua to do the > same things and that gave us the advantage of doing both memory > cleanup if needed and also doing easy analysis of POST body args.  I > was able to do this sort of thing with Lua before: > local post_args, post_err = ngx.req.get_post_args() > if post_args.arg_name = something then > > But in NJS, there’s no such POST body utility so I had to write my > own.  The code that I use to parse out the POST body works for both > URL encoded POST bodies and multipart POST bodies, but it has to read > the entire POST into a variable before I can use it.  For small POSTs, > that’s not a problem.  For larger POSTs that contain a big attachment, > it would be.  Ultimately, I only care about the string key/value pairs > for my purposes (not file attachments) so I was hoping to discard > attachment data while parsing the body. > > > Thank you for the feedback, I will add it as to a future feature list. >  I think that that is actually how Lua’s version of this works too. >  So my next thought was that I could use a Buffer and rs.readSync to > read the POST body in buffer frames to keep memory minimal so that I > could could discard the any file attachments from the POST body and > just evaluate the key/value data that uses simple strings.  But from > what you’re saying, it sounds like there’s basically no difference > between fs.readSync w/ a Buffer and rs.readFileSync in terms of actual > memory use. So either way, with a large POST body, you’d be > steamrolling the memory use in a single Nginx worker thread. When I > had to deal with stuff like this in Lua, I’d just run collectgarbage() > to clean up memory and it seemed to work fine.  But then I also wasn’t > having to parse out the POST body myself in Lua either. > > It’s possible that something else is going on other than that. >  qs.parse seems like it could get us into some trouble if the > query_string that was passed was unusuall long too from what you’re > saying about how memory is handled. > > for qs.parse() there is a limit for a number of arguments, which you can specify. > > None of the situations that I’m handling are for long running > requests.  They’re all designed for very fast requests that come into > the servers that I manage on a constant basis. > > If you can shed some light on the way that VM’s and their memory are > handled per my question above and any insights into what to do about > this type of situation, that would help a lot.  I don’t know if there > are any plans to offer a POST body parsing feature in NJS for those > that need to evalute POST body data like how Lua did it, but if there > was some way to be able to do that at the Nginx layer instead of at > the NJS layer, it seems like that could be a lot more sensitive to > memory use.  Right now, if my understanding is correct, the only > option that I’d even have would be to just stop doing POST body > handling if the POST body is above a certain total size.  I guess if > there was some way to forcibly free memory, that would help too.  But > I don’t think that that is as common of a problem as having to deal > with very large query strings that some third party appends to a URL > (probably maliciously) and/or a very large file upload attached to a > multipart POST.  So the only concern that I’d have about memory in a > situation where I don’t have to worry about memory when parsing a > larger file woudl be if multiple js_sets and such would just keep > spawning VMs and accumulating memory during a single request. > > Any thoughts? > > — > Lance Dockins > > > On Thursday, Sep 21, 2023 at 1:45 AM, Dmitry Volyntsev > wrote: > > On 20.09.2023 20:37, Lance Dockins wrote: >> So I guess my question at the moment is whether endless memory use >> growth being reported by njs.memoryStats.size after file writes is >> some sort of false positive tied to quirks in how memory use is >> being >> reported or whether this is indicative of a memory leak?  Any >> insight >> would be appreicated. > > Hi Lance, > The reason njs.memoryStats.size keeps growing is because NJS uses > arena > memory allocator linked to a current request and a new object > representing memoryStats structure is returned every time > njs.memoryStats is accessed. Currently NJS does not free most of the > internal objects and structures until the current request is > destroyed > because it is not intended for a long running code. > > Regarding the sudden memory spikes, please share some details > about JS > code you are using. > One place to look is to analyze the amount of traffic that goes to > NJS > locations and what exactly those location do. > From lance at wordkeeper.com Thu Sep 21 23:41:13 2023 From: lance at wordkeeper.com (Lance Dockins) Date: Thu, 21 Sep 2023 18:41:13 -0500 Subject: Debugging Nginx Memory Spikes on Production Servers In-Reply-To: <85519d12-0638-4cab-a21c-b8617885a13a@nginx.com> References: <4256e11a-298b-4e3c-8d02-2f415bfdd265@Canary> <276276f5-3e01-de42-5363-fc4a4468e3a3@nginx.com> <051b2615-237b-4e51-b7b3-50de6cf6dee7@Canary> <85519d12-0638-4cab-a21c-b8617885a13a@nginx.com> Message-ID: <7ae13a6e-3bb1-48ba-8e62-093abbe38d14@Canary> That’s good info. Thank you. I have been doing some additional testing since my email last night and I have seen enough evidence to believe that file I/O in NJS is basically the source of the memory issues. I did some testing with very basic commands like readFileSync and Buffer + readSync and in all cases, the memory footprint when doing file handling in NJS is massive. Just doing this: let content = fs.readFileSync(path/to//file); let parts = content.split(boundary); Resulted in memory use that was close to a minimum of 4-8x the size of the file during my testing. We do have an upper bound on files that can be uploaded and that does contain this somwhat but it’s not hard for a larger request that is 99% file attachment to use exhorbitant amounts of memory. I actually tried doing a Buffer + readSync variation on the same thing and the memory footprint was actually FAR FAR worse when I did that. The 4-8x minimum memory commit seems like a problem to me just generally. But the fact that readSync doesn’t seem to be any better on memory (much worse actually) basically means that NJS is only safe to use for processing smaller files (or POST bodies) right now. There’s just no good way to keep data that you don’t care about in a file from occupying excessive amounts of memory that can’t be reclaimed. If there is no way to improve the memory footprint when handling files (or big strings), no memory conservative way to stream a file through some sort of buffer, and no first-party utility for providing parsed POST bodies right now, then it might be worth the time to put some notes in the NJS docs that the fs module may not be appropriate for larger files (e.g. files over 1mb). For what it’s worth, I’d also love to see some examples of how to properly use fs.readSync in the NJS examples docs. There really wasn’t much out there for that for NJS (or even in a lot of the Node docs) so I can’t say that my specific test implementation for that was ideal. But that’s just above and beyond the basic problems that I’m seeing with memory use with any form of file I/O at all (since the memory problems seem to be persistent whether doing reads or even log writes). — Lance Dockins > On Thursday, Sep 21, 2023 at 5:01 PM, Dmitry Volyntsev wrote: > > On 9/21/23 6:50 AM, Lance Dockins wrote: > > Hi Lance, > > See my comments below. > > > Thanky you, Dmitry. > > > > One question before I describe what we are doing with NJS. I did read > > about the VM handling process before switching from Lua to NJS and it > > sounded very practical but my current understanding is that there > > could be multiple VM’s instantiated for a single request. A js_set, > > js_content, and js_header_filter directive that applies to a single > > request, for example, would instantiate 3 VMs. And were you to need > > to set multiple variables with js_set, then keep adding to that # of VMs. > > > > > This is not correct. For js_set, js_content and js_header_filter there > is only a single VM. > The internalRedirect() is the exception, because a VM does not survive > it, but the previous VMs will not be freed until current request is > finished. BTW, a VM instance itself is pretty small in size (~2kb) so it > should not be a problem if you have a reasonable number of redirects. > > > > > > My original understanding of that was that those VMs would be > > destroyed once they exited so even if you had multiple VMs > > instantiated per request, the memory impact would not be cumulative in > > a single request. Is that understanding correct? Or are you saying > > that each VM accumulates more and more memory until the entire request > > completes? > > > > As far as how we’re using NJS, we’re mostly using it for header > > filters, internal redirection, and access control. So there really > > shouldn’t be a threat to memory in most instances unless we’re not > > just dealing with a single request memory leak inside of a VM but also > > a memory leak that involves every VM that NJS instantiates just > > accumulating memory until the request completes. > > > > Right now, my working theory about what is most likely to be creating > > the memory spikes has to do with POST body analysis. Unfortunately, > > some of the requests that I have to deal with are POSTs that have to > > either be denied access or routed differently depending on the > > contents of the POST body. Unfortunately, these same routes can vary > > in the size of the POST body and I have no control over how any of > > that works because the way it works is controlled by third parties. > > One of those third parties has significant market share on the > > internet so we can’t really avoid dealing with it. > > > > In any case, before we switched to NJS, we were using Lua to do the > > same things and that gave us the advantage of doing both memory > > cleanup if needed and also doing easy analysis of POST body args. I > > was able to do this sort of thing with Lua before: > > local post_args, post_err = ngx.req.get_post_args() > > if post_args.arg_name = something then > > > > But in NJS, there’s no such POST body utility so I had to write my > > own. The code that I use to parse out the POST body works for both > > URL encoded POST bodies and multipart POST bodies, but it has to read > > the entire POST into a variable before I can use it. For small POSTs, > > that’s not a problem. For larger POSTs that contain a big attachment, > > it would be. Ultimately, I only care about the string key/value pairs > > for my purposes (not file attachments) so I was hoping to discard > > attachment data while parsing the body. > > > > > > > Thank you for the feedback, I will add it as to a future feature list. > > > I think that that is actually how Lua’s version of this works too. > > So my next thought was that I could use a Buffer and rs.readSync to > > read the POST body in buffer frames to keep memory minimal so that I > > could could discard the any file attachments from the POST body and > > just evaluate the key/value data that uses simple strings. But from > > what you’re saying, it sounds like there’s basically no difference > > between fs.readSync w/ a Buffer and rs.readFileSync in terms of actual > > memory use. So either way, with a large POST body, you’d be > > steamrolling the memory use in a single Nginx worker thread. When I > > had to deal with stuff like this in Lua, I’d just run collectgarbage() > > to clean up memory and it seemed to work fine. But then I also wasn’t > > having to parse out the POST body myself in Lua either. > > > > It’s possible that something else is going on other than that. > > qs.parse seems like it could get us into some trouble if the > > query_string that was passed was unusuall long too from what you’re > > saying about how memory is handled. > > > > > for qs.parse() there is a limit for a number of arguments, which you can > specify. > > > > > None of the situations that I’m handling are for long running > > requests. They’re all designed for very fast requests that come into > > the servers that I manage on a constant basis. > > > > If you can shed some light on the way that VM’s and their memory are > > handled per my question above and any insights into what to do about > > this type of situation, that would help a lot. I don’t know if there > > are any plans to offer a POST body parsing feature in NJS for those > > that need to evalute POST body data like how Lua did it, but if there > > was some way to be able to do that at the Nginx layer instead of at > > the NJS layer, it seems like that could be a lot more sensitive to > > memory use. Right now, if my understanding is correct, the only > > option that I’d even have would be to just stop doing POST body > > handling if the POST body is above a certain total size. I guess if > > there was some way to forcibly free memory, that would help too. But > > I don’t think that that is as common of a problem as having to deal > > with very large query strings that some third party appends to a URL > > (probably maliciously) and/or a very large file upload attached to a > > multipart POST. So the only concern that I’d have about memory in a > > situation where I don’t have to worry about memory when parsing a > > larger file woudl be if multiple js_sets and such would just keep > > spawning VMs and accumulating memory during a single request. > > > > Any thoughts? > > > > — > > Lance Dockins > > > > > > On Thursday, Sep 21, 2023 at 1:45 AM, Dmitry Volyntsev > > wrote: > > > > On 20.09.2023 20:37, Lance Dockins wrote: > > > So I guess my question at the moment is whether endless memory use > > > growth being reported by njs.memoryStats.size after file writes is > > > some sort of false positive tied to quirks in how memory use is > > > being > > > reported or whether this is indicative of a memory leak? Any > > > insight > > > would be appreicated. > > > > Hi Lance, > > The reason njs.memoryStats.size keeps growing is because NJS uses > > arena > > memory allocator linked to a current request and a new object > > representing memoryStats structure is returned every time > > njs.memoryStats is accessed. Currently NJS does not free most of the > > internal objects and structures until the current request is > > destroyed > > because it is not intended for a long running code. > > > > Regarding the sudden memory spikes, please share some details > > about JS > > code you are using. > > One place to look is to analyze the amount of traffic that goes to > > NJS > > locations and what exactly those location do. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From xeioex at nginx.com Fri Sep 22 00:47:06 2023 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Thu, 21 Sep 2023 17:47:06 -0700 Subject: Debugging Nginx Memory Spikes on Production Servers In-Reply-To: <7ae13a6e-3bb1-48ba-8e62-093abbe38d14@Canary> References: <4256e11a-298b-4e3c-8d02-2f415bfdd265@Canary> <276276f5-3e01-de42-5363-fc4a4468e3a3@nginx.com> <051b2615-237b-4e51-b7b3-50de6cf6dee7@Canary> <85519d12-0638-4cab-a21c-b8617885a13a@nginx.com> <7ae13a6e-3bb1-48ba-8e62-093abbe38d14@Canary> Message-ID: On 9/21/23 4:41 PM, Lance Dockins wrote: > That’s good info.  Thank you. > > I have been doing some additional testing since my email last night > and I have seen enough evidence to believe that file I/O in NJS is > basically the source of the memory issues.  I did some testing with > very basic commands like readFileSync and Buffer + readSync and in all > cases, the memory footprint when doing file handling in NJS is massive. > > Just doing this: > > let content = fs.readFileSync(path/to//file); > let parts = content.split(boundary); > > Resulted in memory use that was close to a minimum of 4-8x the size of > the file during my testing.  We do have an upper bound on files that > can be uploaded and that does contain this somwhat but it’s not hard > for a larger request that is 99% file attachment to use exhorbitant > amounts of memory. > > > Regarding the task at hand, do you check for Content-Type of the POST body? So you can exclude anything except probably application/x-www-form-urlencoded. At least what I see in lua: the handler is only looking for application/x-www-form-urlencoded and not multipart/form-data. https://github.com/openresty/lua-nginx-module/blob/c89469e920713d17d703a5f3736c9335edac22bf/src/ngx_http_lua_args.c#L171 >  I actually tried doing a Buffer + readSync variation on the same > thing and the memory footprint was actually FAR FAR worse when I did that. > > > As of now, the resulting memory consumption will depend heavily on the boundary. In worst case, for 1mb of memory file that is split into 1 character array, You will get ~16x memory consumed, because every 1 byte character will be put into a njs_value_t structure. With larger chunks the situation will be less extreme. Right now we are implementing a way to deduplicate identical strings, this may help in some situations. > The 4-8x minimum memory commit seems like a problem to me just > generally.  But the fact that readSync doesn’t seem to be any better > on memory (much worse actually) basically means that NJS is only safe > to use for processing smaller files (or POST bodies) right now. >  There’s just no good way to keep data that you don’t care about in a > file from occupying excessive amounts of memory that can’t be > reclaimed. If there is no way to improve the memory footprint when > handling files (or big strings), no memory conservative way to stream > a file through some sort of buffer, and no first-party utility for > providing parsed POST bodies right now, > then it might be worth the time to put some notes in the NJS docs that > the fs module may not be appropriate for larger files (e.g. files over > 1mb). > > For what it’s worth, I’d also love to see some examples of how to > properly use fs.readSync in the NJS examples docs.  There really > wasn’t much out there for that for NJS (or even in a lot of the Node > docs) so I can’t say that my specific test implementation for that was > ideal.  But that’s just above and beyond the basic problems that I’m > seeing with memory use with any form of file I/O at all (since the > memory problems seem to be persistent whether doing reads or even log > writes). > > — > Lance Dockins > > > On Thursday, Sep 21, 2023 at 5:01 PM, Dmitry Volyntsev > wrote: > > On 9/21/23 6:50 AM, Lance Dockins wrote: > > Hi Lance, > > See my comments below. > >> Thanky you, Dmitry. >> >> One question before I describe what we are doing with NJS.  I did >> read >> about the VM handling process before switching from Lua to NJS >> and it >> sounded very practical but my current understanding is that there >> could be multiple VM’s instantiated for a single request.  A js_set, >> js_content, and js_header_filter directive that applies to a single >> request, for example, would instantiate 3 VMs.  And were you to need >> to set multiple variables with js_set, then keep adding to that # >> of VMs. >> >> > This is not correct. For js_set, js_content and js_header_filter > there > is only a single VM. > The internalRedirect() is the exception, because a VM does not > survive > it, but the previous VMs will not be freed until current request is > finished. BTW, a VM instance itself is pretty small in size (~2kb) > so it > should not be a problem if you have a reasonable number of redirects. > > >> >> My original understanding of that was that those VMs would be >> destroyed once they exited so even if you had multiple VMs >> instantiated per request, the memory impact would not be >> cumulative in >> a single request.  Is that understanding correct?  Or are you saying >> that each VM accumulates more and more memory until the entire >> request >> completes? >> >> As far as how we’re using NJS, we’re mostly using it for header >> filters, internal redirection, and access control.  So there really >> shouldn’t be a threat to memory in most instances unless we’re not >> just dealing with a single request memory leak inside of a VM but >> also >> a memory leak that involves every VM that NJS instantiates just >> accumulating memory until the request completes. >> >> Right now, my working theory about what is most likely to be >> creating >> the memory spikes has to do with POST body analysis.  Unfortunately, >> some of the requests that I have to deal with are POSTs that have to >> either be denied access or routed differently depending on the >> contents of the POST body.  Unfortunately, these same routes can >> vary >> in the size of the POST body and I have no control over how any of >> that works because the way it works is controlled by third parties. >>  One of those third parties has significant market share on the >> internet so we can’t really avoid dealing with it. >> >> In any case, before we switched to NJS, we were using Lua to do the >> same things and that gave us the advantage of doing both memory >> cleanup if needed and also doing easy analysis of POST body args.  I >> was able to do this sort of thing with Lua before: >> local post_args, post_err = ngx.req.get_post_args() >> if post_args.arg_name = something then >> >> But in NJS, there’s no such POST body utility so I had to write my >> own.  The code that I use to parse out the POST body works for both >> URL encoded POST bodies and multipart POST bodies, but it has to >> read >> the entire POST into a variable before I can use it.  For small >> POSTs, >> that’s not a problem.  For larger POSTs that contain a big >> attachment, >> it would be.  Ultimately, I only care about the string key/value >> pairs >> for my purposes (not file attachments) so I was hoping to discard >> attachment data while parsing the body. >> >> >> > Thank you for the feedback, I will add it as to a future feature > list. > >>  I think that that is actually how Lua’s version of this works too. >>  So my next thought was that I could use a Buffer and rs.readSync to >> read the POST body in buffer frames to keep memory minimal so that I >> could could discard the any file attachments from the POST body and >> just evaluate the key/value data that uses simple strings.  But from >> what you’re saying, it sounds like there’s basically no difference >> between fs.readSync w/ a Buffer and rs.readFileSync in terms of >> actual >> memory use. So either way, with a large POST body, you’d be >> steamrolling the memory use in a single Nginx worker thread. When I >> had to deal with stuff like this in Lua, I’d just run >> collectgarbage() >> to clean up memory and it seemed to work fine.  But then I also >> wasn’t >> having to parse out the POST body myself in Lua either. >> >> It’s possible that something else is going on other than that. >>  qs.parse seems like it could get us into some trouble if the >> query_string that was passed was unusuall long too from what you’re >> saying about how memory is handled. >> >> > for qs.parse() there is a limit for a number of arguments, which > you can > specify. > >> >> None of the situations that I’m handling are for long running >> requests.  They’re all designed for very fast requests that come >> into >> the servers that I manage on a constant basis. >> >> If you can shed some light on the way that VM’s and their memory are >> handled per my question above and any insights into what to do about >> this type of situation, that would help a lot.  I don’t know if >> there >> are any plans to offer a POST body parsing feature in NJS for those >> that need to evalute POST body data like how Lua did it, but if >> there >> was some way to be able to do that at the Nginx layer instead of at >> the NJS layer, it seems like that could be a lot more sensitive to >> memory use.  Right now, if my understanding is correct, the only >> option that I’d even have would be to just stop doing POST body >> handling if the POST body is above a certain total size.  I guess if >> there was some way to forcibly free memory, that would help too. >>  But >> I don’t think that that is as common of a problem as having to deal >> with very large query strings that some third party appends to a URL >> (probably maliciously) and/or a very large file upload attached to a >> multipart POST.  So the only concern that I’d have about memory in a >> situation where I don’t have to worry about memory when parsing a >> larger file woudl be if multiple js_sets and such would just keep >> spawning VMs and accumulating memory during a single request. >> >> Any thoughts? >> >> — >> Lance Dockins >> >> >> On Thursday, Sep 21, 2023 at 1:45 AM, Dmitry Volyntsev >> wrote: >> >> On 20.09.2023 20:37, Lance Dockins wrote: >>> So I guess my question at the moment is whether endless memory use >>> growth being reported by njs.memoryStats.size after file writes is >>> some sort of false positive tied to quirks in how memory use is >>> being >>> reported or whether this is indicative of a memory leak?  Any >>> insight >>> would be appreicated. >> >> Hi Lance, >> The reason njs.memoryStats.size keeps growing is because NJS uses >> arena >> memory allocator linked to a current request and a new object >> representing memoryStats structure is returned every time >> njs.memoryStats is accessed. Currently NJS does not free most of the >> internal objects and structures until the current request is >> destroyed >> because it is not intended for a long running code. >> >> Regarding the sudden memory spikes, please share some details >> about JS >> code you are using. >> One place to look is to analyze the amount of traffic that goes to >> NJS >> locations and what exactly those location do. >> From lance at wordkeeper.com Fri Sep 22 13:34:03 2023 From: lance at wordkeeper.com (Lance Dockins) Date: Fri, 22 Sep 2023 08:34:03 -0500 Subject: Debugging Nginx Memory Spikes on Production Servers In-Reply-To: References: <4256e11a-298b-4e3c-8d02-2f415bfdd265@Canary> <276276f5-3e01-de42-5363-fc4a4468e3a3@nginx.com> <051b2615-237b-4e51-b7b3-50de6cf6dee7@Canary> <85519d12-0638-4cab-a21c-b8617885a13a@nginx.com> <7ae13a6e-3bb1-48ba-8e62-093abbe38d14@Canary> Message-ID: <3b04204b-2b38-43ac-8872-9ceb48325c47@Canary> I am checking the content type, yes. But in my case, I’m just switching between body parsing methodologies depending on the body type. I do actually have a few scenarios where I have to evaluate body data in multipart submissions, but I only actually need the parts of the multipart form that are not including attachments (basic key/value string data). I can’t say for sure that this is the common use case for POST body parsing but when I’ve read the Lua GitHub issues and various examples and discussions in the past, it has always seemed to me like the only common use cases were for url encoded POST bodies OR for the plain key/value string data (not attachments) in multipart bodies. I can’t say that I’ve seen many discussions that were asking for access to the file attachment data in POST bodies - just for what it is worth. I did notice that the boundary had an effect on memory. It seems like memory is sort of contained as long as we’re talking about an actual multipart boundary. When it’s a single char or something otherwise smaller, the memory use is extreme but that’s partly inherent to even spitting data that way. For now, I think that I’m just going to have to use a workaround that limits when POST body parsing triggers. There’s just no way to do it at all under certain conditions right now. Thank you for all of your feedback and work on NJS and for filing the POST body provision in NJS into a feature request. — Lance Dockins > On Thursday, Sep 21, 2023 at 7:47 PM, Dmitry Volyntsev wrote: > > On 9/21/23 4:41 PM, Lance Dockins wrote: > > That’s good info. Thank you. > > > > I have been doing some additional testing since my email last night > > and I have seen enough evidence to believe that file I/O in NJS is > > basically the source of the memory issues. I did some testing with > > very basic commands like readFileSync and Buffer + readSync and in all > > cases, the memory footprint when doing file handling in NJS is massive. > > > > Just doing this: > > > > let content = fs.readFileSync(path/to//file); > > let parts = content.split(boundary); > > > > Resulted in memory use that was close to a minimum of 4-8x the size of > > the file during my testing. We do have an upper bound on files that > > can be uploaded and that does contain this somwhat but it’s not hard > > for a larger request that is 99% file attachment to use exhorbitant > > amounts of memory. > > > > > > > Regarding the task at hand, do you check for Content-Type of the POST > body? So you can exclude anything except probably > application/x-www-form-urlencoded. At least what I see in lua: the > handler is only looking for application/x-www-form-urlencoded and not > multipart/form-data. > > https://github.com/openresty/lua-nginx-module/blob/c89469e920713d17d703a5f3736c9335edac22bf/src/ngx_http_lua_args.c#L171 > > > > I actually tried doing a Buffer + readSync variation on the same > > thing and the memory footprint was actually FAR FAR worse when I did that. > > > > > > > As of now, the resulting memory consumption will depend heavily on the > boundary. > > In worst case, for 1mb of memory file that is split into 1 character > array, You will get ~16x memory consumed, because every 1 byte character > will be put into a njs_value_t structure. > > With larger chunks the situation will be less extreme. Right now we are > implementing a way to deduplicate identical strings, this may help in > some situations. > > > The 4-8x minimum memory commit seems like a problem to me just > > generally. But the fact that readSync doesn’t seem to be any better > > on memory (much worse actually) basically means that NJS is only safe > > to use for processing smaller files (or POST bodies) right now. > > There’s just no good way to keep data that you don’t care about in a > > file from occupying excessive amounts of memory that can’t be > > reclaimed. If there is no way to improve the memory footprint when > > handling files (or big strings), no memory conservative way to stream > > a file through some sort of buffer, and no first-party utility for > > providing parsed POST bodies right now, > > then it might be worth the time to put some notes in the NJS docs that > > the fs module may not be appropriate for larger files (e.g. files over > > 1mb). > > > > For what it’s worth, I’d also love to see some examples of how to > > properly use fs.readSync in the NJS examples docs. There really > > wasn’t much out there for that for NJS (or even in a lot of the Node > > docs) so I can’t say that my specific test implementation for that was > > ideal. But that’s just above and beyond the basic problems that I’m > > seeing with memory use with any form of file I/O at all (since the > > memory problems seem to be persistent whether doing reads or even log > > writes). > > > > — > > Lance Dockins > > > > > > On Thursday, Sep 21, 2023 at 5:01 PM, Dmitry Volyntsev > > wrote: > > > > On 9/21/23 6:50 AM, Lance Dockins wrote: > > > > Hi Lance, > > > > See my comments below. > > > > > Thanky you, Dmitry. > > > > > > One question before I describe what we are doing with NJS. I did > > > read > > > about the VM handling process before switching from Lua to NJS > > > and it > > > sounded very practical but my current understanding is that there > > > could be multiple VM’s instantiated for a single request. A js_set, > > > js_content, and js_header_filter directive that applies to a single > > > request, for example, would instantiate 3 VMs. And were you to need > > > to set multiple variables with js_set, then keep adding to that # > > > of VMs. > > > > > > > > This is not correct. For js_set, js_content and js_header_filter > > there > > is only a single VM. > > The internalRedirect() is the exception, because a VM does not > > survive > > it, but the previous VMs will not be freed until current request is > > finished. BTW, a VM instance itself is pretty small in size (~2kb) > > so it > > should not be a problem if you have a reasonable number of redirects. > > > > > > > > > > My original understanding of that was that those VMs would be > > > destroyed once they exited so even if you had multiple VMs > > > instantiated per request, the memory impact would not be > > > cumulative in > > > a single request. Is that understanding correct? Or are you saying > > > that each VM accumulates more and more memory until the entire > > > request > > > completes? > > > > > > As far as how we’re using NJS, we’re mostly using it for header > > > filters, internal redirection, and access control. So there really > > > shouldn’t be a threat to memory in most instances unless we’re not > > > just dealing with a single request memory leak inside of a VM but > > > also > > > a memory leak that involves every VM that NJS instantiates just > > > accumulating memory until the request completes. > > > > > > Right now, my working theory about what is most likely to be > > > creating > > > the memory spikes has to do with POST body analysis. Unfortunately, > > > some of the requests that I have to deal with are POSTs that have to > > > either be denied access or routed differently depending on the > > > contents of the POST body. Unfortunately, these same routes can > > > vary > > > in the size of the POST body and I have no control over how any of > > > that works because the way it works is controlled by third parties. > > > One of those third parties has significant market share on the > > > internet so we can’t really avoid dealing with it. > > > > > > In any case, before we switched to NJS, we were using Lua to do the > > > same things and that gave us the advantage of doing both memory > > > cleanup if needed and also doing easy analysis of POST body args. I > > > was able to do this sort of thing with Lua before: > > > local post_args, post_err = ngx.req.get_post_args() > > > if post_args.arg_name = something then > > > > > > But in NJS, there’s no such POST body utility so I had to write my > > > own. The code that I use to parse out the POST body works for both > > > URL encoded POST bodies and multipart POST bodies, but it has to > > > read > > > the entire POST into a variable before I can use it. For small > > > POSTs, > > > that’s not a problem. For larger POSTs that contain a big > > > attachment, > > > it would be. Ultimately, I only care about the string key/value > > > pairs > > > for my purposes (not file attachments) so I was hoping to discard > > > attachment data while parsing the body. > > > > > > > > > > > Thank you for the feedback, I will add it as to a future feature > > list. > > > > > I think that that is actually how Lua’s version of this works too. > > > So my next thought was that I could use a Buffer and rs.readSync to > > > read the POST body in buffer frames to keep memory minimal so that I > > > could could discard the any file attachments from the POST body and > > > just evaluate the key/value data that uses simple strings. But from > > > what you’re saying, it sounds like there’s basically no difference > > > between fs.readSync w/ a Buffer and rs.readFileSync in terms of > > > actual > > > memory use. So either way, with a large POST body, you’d be > > > steamrolling the memory use in a single Nginx worker thread. When I > > > had to deal with stuff like this in Lua, I’d just run > > > collectgarbage() > > > to clean up memory and it seemed to work fine. But then I also > > > wasn’t > > > having to parse out the POST body myself in Lua either. > > > > > > It’s possible that something else is going on other than that. > > > qs.parse seems like it could get us into some trouble if the > > > query_string that was passed was unusuall long too from what you’re > > > saying about how memory is handled. > > > > > > > > for qs.parse() there is a limit for a number of arguments, which > > you can > > specify. > > > > > > > > None of the situations that I’m handling are for long running > > > requests. They’re all designed for very fast requests that come > > > into > > > the servers that I manage on a constant basis. > > > > > > If you can shed some light on the way that VM’s and their memory are > > > handled per my question above and any insights into what to do about > > > this type of situation, that would help a lot. I don’t know if > > > there > > > are any plans to offer a POST body parsing feature in NJS for those > > > that need to evalute POST body data like how Lua did it, but if > > > there > > > was some way to be able to do that at the Nginx layer instead of at > > > the NJS layer, it seems like that could be a lot more sensitive to > > > memory use. Right now, if my understanding is correct, the only > > > option that I’d even have would be to just stop doing POST body > > > handling if the POST body is above a certain total size. I guess if > > > there was some way to forcibly free memory, that would help too. > > > But > > > I don’t think that that is as common of a problem as having to deal > > > with very large query strings that some third party appends to a URL > > > (probably maliciously) and/or a very large file upload attached to a > > > multipart POST. So the only concern that I’d have about memory in a > > > situation where I don’t have to worry about memory when parsing a > > > larger file woudl be if multiple js_sets and such would just keep > > > spawning VMs and accumulating memory during a single request. > > > > > > Any thoughts? > > > > > > — > > > Lance Dockins > > > > > > > > > On Thursday, Sep 21, 2023 at 1:45 AM, Dmitry Volyntsev > > > wrote: > > > > > > On 20.09.2023 20:37, Lance Dockins wrote: > > > > So I guess my question at the moment is whether endless memory use > > > > growth being reported by njs.memoryStats.size after file writes is > > > > some sort of false positive tied to quirks in how memory use is > > > > being > > > > reported or whether this is indicative of a memory leak? Any > > > > insight > > > > would be appreicated. > > > > > > Hi Lance, > > > The reason njs.memoryStats.size keeps growing is because NJS uses > > > arena > > > memory allocator linked to a current request and a new object > > > representing memoryStats structure is returned every time > > > njs.memoryStats is accessed. Currently NJS does not free most of the > > > internal objects and structures until the current request is > > > destroyed > > > because it is not intended for a long running code. > > > > > > Regarding the sudden memory spikes, please share some details > > > about JS > > > code you are using. > > > One place to look is to analyze the amount of traffic that goes to > > > NJS > > > locations and what exactly those location do. > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From bebe at bebehei.de Mon Sep 25 17:29:11 2023 From: bebe at bebehei.de (Benedikt Heine) Date: Mon, 25 Sep 2023 19:29:11 +0200 Subject: nginx error_log as JSON Message-ID: Hi all, would it be feasible to have the nginx error log in JSON format? I personally wouldn't mind, if the message emitted by ngx.debug("msg") is still a big string. If the meta-information would be in JSON, it would save writing a custom parser for the messages. I'm currently thinking about parsing the error log into an ELK and it feels to be a PITA. For the access log, I've already configured it as escape=json and it works like a bliss with Elasticsearch and any logpipeline. I haven't any matching ticket in trac.nginx.org yet. Do you have any thoughts? Kind regards, Benedikt From lance at wordkeeper.com Tue Sep 26 15:30:21 2023 From: lance at wordkeeper.com (Lance Dockins) Date: Tue, 26 Sep 2023 10:30:21 -0500 Subject: Debugging Nginx Memory Spikes on Production Servers In-Reply-To: <3b04204b-2b38-43ac-8872-9ceb48325c47@Canary> References: <4256e11a-298b-4e3c-8d02-2f415bfdd265@Canary> <276276f5-3e01-de42-5363-fc4a4468e3a3@nginx.com> <051b2615-237b-4e51-b7b3-50de6cf6dee7@Canary> <85519d12-0638-4cab-a21c-b8617885a13a@nginx.com> <7ae13a6e-3bb1-48ba-8e62-093abbe38d14@Canary> <3b04204b-2b38-43ac-8872-9ceb48325c47@Canary> Message-ID: <3ada433a-de92-403d-9886-e04bb6d14eed@Canary> Dmitry, I’ve been testing this more and I think that there’s more going on here than I was originally thinking. I have some js_set code that I have to run to properly route and filter requests and I noticed that it was consuming around 1mb per request (which woudl then carry to later header filters and things that NJS had to do). Given that it’s just a bunch of if/then statements, that seemed very odd to me. In very concurent and high traffic environments, that’s a little much for extra memory use - particularly in environments where you’ll have a mix of requests to slower upstreams or bigger file downloads. Since it’s hard to get a totally accurate read on memory uses I did both a test of how much memory a single if statement used and a separate one over 10 if statements (and averaged out the reported memory increase) From what I can see, it looks like basic statements like these: if(r.variables.some_variable.match(/someregex or string/i){ // block content } Consumes about 17k to 20k per “if” or “match" statement minimum (even if there is nothing in the block content). I’m fairly certain that it’s mostly the string.match statements that are causing this. Since that memory isn’t freed, it just accumulates. If you have a lot of if/then statements (particularly with string matches), it’s pretty easy to burn through 1mb of memory that then carries through the entire request even for very small files unless you do a forced internalRedirect to regenerate the VM. Obviously variable declarations and assignments are going to consume more memory. That’s to be expected. But for if statements and string matches to use (but not free) the memory, seems like a little bit of a problem. If you have a complex routing table with a lot of if/thens, it’s going to create some problems (particularly if you have to do more than one js_set or add in something like js_content or header filters as well). To be clear, I’m not substituing the use of location blocks for NJS scripting. The only way to try to replicate the logic that I need in Nginx is through complex use of the Nginx if statement too (and those don’t fully replicate it) Up until now, I had assumed that string.match types of statements were just transparently calling PCRE behind the scenes so that the associated memory from the PCRE call was being freed after use. Maybe that’s not even an accurate read on how Nginx is using PCRE but that’s how I envisioned it. In any case, that lead me to a few questions. How does keepalive affect these VMs? I realize that keepalive is for the connection rather than the request, but I still wanted to confirm that VM’s are not sticking around occupying memory after the request completes due to keepavlive settings. We have a mix of fast requests and long running requests (e.g 5-10s) so if enough long running requests build up at the same time that a flood of very fast requests come in, NJS could certainly burn out a lot of memory under the current conditions as I understand it. If there were a lot of large file downloads, those would also occupy memory for the entirety of the download if I understand correctly. Is it possible to adjust the NJS codebase to free memory for the actual if condition and for string matches after they’ve run as long as they didn’t include a variable assignment inside of the actual if condition? I’m not talking about whatever is in the block content - just the actual condition. Given how likely it is for people to use basic if conditions and string matches in NJS, that seems like it might be a stopgap measure that reduces the memory footprint without having to build full garbage collection. Is there any workaround for this type of memory problem other than just to force the use of an internalRedirect to drop the existing VM and create a new one? Could it make sense to allow for a directive that would force the destruction and regeneration of a new JS VM? That wouldn’t solve the memory leak that bulids to 1mb per request but it would shorten its lifetime (which could ease memory pressure in situations where there are some long running requests holding open the requests) Thanks again for all of your feedback. — Lance Dockins > On Friday, Sep 22, 2023 at 8:34 AM, Me wrote: > I am checking the content type, yes. But in my case, I’m just switching between body parsing methodologies depending on the body type. I do actually have a few scenarios where I have to evaluate body data in multipart submissions, but I only actually need the parts of the multipart form that are not including attachments (basic key/value string data). I can’t say for sure that this is the common use case for POST body parsing but when I’ve read the Lua GitHub issues and various examples and discussions in the past, it has always seemed to me like the only common use cases were for url encoded POST bodies OR for the plain key/value string data (not attachments) in multipart bodies. I can’t say that I’ve seen many discussions that were asking for access to the file attachment data in POST bodies - just for what it is worth. > > I did notice that the boundary had an effect on memory. It seems like memory is sort of contained as long as we’re talking about an actual multipart boundary. When it’s a single char or something otherwise smaller, the memory use is extreme but that’s partly inherent to even spitting data that way. > > For now, I think that I’m just going to have to use a workaround that limits when POST body parsing triggers. There’s just no way to do it at all under certain conditions right now. > > Thank you for all of your feedback and work on NJS and for filing the POST body provision in NJS into a feature request. > > — > Lance Dockins > > > On Thursday, Sep 21, 2023 at 7:47 PM, Dmitry Volyntsev wrote: > > > > On 9/21/23 4:41 PM, Lance Dockins wrote: > > > That’s good info. Thank you. > > > > > > I have been doing some additional testing since my email last night > > > and I have seen enough evidence to believe that file I/O in NJS is > > > basically the source of the memory issues. I did some testing with > > > very basic commands like readFileSync and Buffer + readSync and in all > > > cases, the memory footprint when doing file handling in NJS is massive. > > > > > > Just doing this: > > > > > > let content = fs.readFileSync(path/to//file); > > > let parts = content.split(boundary); > > > > > > Resulted in memory use that was close to a minimum of 4-8x the size of > > > the file during my testing. We do have an upper bound on files that > > > can be uploaded and that does contain this somwhat but it’s not hard > > > for a larger request that is 99% file attachment to use exhorbitant > > > amounts of memory. > > > > > > > > > > > Regarding the task at hand, do you check for Content-Type of the POST > > body? So you can exclude anything except probably > > application/x-www-form-urlencoded. At least what I see in lua: the > > handler is only looking for application/x-www-form-urlencoded and not > > multipart/form-data. > > > > https://github.com/openresty/lua-nginx-module/blob/c89469e920713d17d703a5f3736c9335edac22bf/src/ngx_http_lua_args.c#L171 > > > > > > > I actually tried doing a Buffer + readSync variation on the same > > > thing and the memory footprint was actually FAR FAR worse when I did that. > > > > > > > > > > > As of now, the resulting memory consumption will depend heavily on the > > boundary. > > > > In worst case, for 1mb of memory file that is split into 1 character > > array, You will get ~16x memory consumed, because every 1 byte character > > will be put into a njs_value_t structure. > > > > With larger chunks the situation will be less extreme. Right now we are > > implementing a way to deduplicate identical strings, this may help in > > some situations. > > > > > The 4-8x minimum memory commit seems like a problem to me just > > > generally. But the fact that readSync doesn’t seem to be any better > > > on memory (much worse actually) basically means that NJS is only safe > > > to use for processing smaller files (or POST bodies) right now. > > > There’s just no good way to keep data that you don’t care about in a > > > file from occupying excessive amounts of memory that can’t be > > > reclaimed. If there is no way to improve the memory footprint when > > > handling files (or big strings), no memory conservative way to stream > > > a file through some sort of buffer, and no first-party utility for > > > providing parsed POST bodies right now, > > > then it might be worth the time to put some notes in the NJS docs that > > > the fs module may not be appropriate for larger files (e.g. files over > > > 1mb). > > > > > > For what it’s worth, I’d also love to see some examples of how to > > > properly use fs.readSync in the NJS examples docs. There really > > > wasn’t much out there for that for NJS (or even in a lot of the Node > > > docs) so I can’t say that my specific test implementation for that was > > > ideal. But that’s just above and beyond the basic problems that I’m > > > seeing with memory use with any form of file I/O at all (since the > > > memory problems seem to be persistent whether doing reads or even log > > > writes). > > > > > > — > > > Lance Dockins > > > > > > > > > On Thursday, Sep 21, 2023 at 5:01 PM, Dmitry Volyntsev > > > wrote: > > > > > > On 9/21/23 6:50 AM, Lance Dockins wrote: > > > > > > Hi Lance, > > > > > > See my comments below. > > > > > > > Thanky you, Dmitry. > > > > > > > > One question before I describe what we are doing with NJS. I did > > > > read > > > > about the VM handling process before switching from Lua to NJS > > > > and it > > > > sounded very practical but my current understanding is that there > > > > could be multiple VM’s instantiated for a single request. A js_set, > > > > js_content, and js_header_filter directive that applies to a single > > > > request, for example, would instantiate 3 VMs. And were you to need > > > > to set multiple variables with js_set, then keep adding to that # > > > > of VMs. > > > > > > > > > > > This is not correct. For js_set, js_content and js_header_filter > > > there > > > is only a single VM. > > > The internalRedirect() is the exception, because a VM does not > > > survive > > > it, but the previous VMs will not be freed until current request is > > > finished. BTW, a VM instance itself is pretty small in size (~2kb) > > > so it > > > should not be a problem if you have a reasonable number of redirects. > > > > > > > > > > > > > > My original understanding of that was that those VMs would be > > > > destroyed once they exited so even if you had multiple VMs > > > > instantiated per request, the memory impact would not be > > > > cumulative in > > > > a single request. Is that understanding correct? Or are you saying > > > > that each VM accumulates more and more memory until the entire > > > > request > > > > completes? > > > > > > > > As far as how we’re using NJS, we’re mostly using it for header > > > > filters, internal redirection, and access control. So there really > > > > shouldn’t be a threat to memory in most instances unless we’re not > > > > just dealing with a single request memory leak inside of a VM but > > > > also > > > > a memory leak that involves every VM that NJS instantiates just > > > > accumulating memory until the request completes. > > > > > > > > Right now, my working theory about what is most likely to be > > > > creating > > > > the memory spikes has to do with POST body analysis. Unfortunately, > > > > some of the requests that I have to deal with are POSTs that have to > > > > either be denied access or routed differently depending on the > > > > contents of the POST body. Unfortunately, these same routes can > > > > vary > > > > in the size of the POST body and I have no control over how any of > > > > that works because the way it works is controlled by third parties. > > > > One of those third parties has significant market share on the > > > > internet so we can’t really avoid dealing with it. > > > > > > > > In any case, before we switched to NJS, we were using Lua to do the > > > > same things and that gave us the advantage of doing both memory > > > > cleanup if needed and also doing easy analysis of POST body args. I > > > > was able to do this sort of thing with Lua before: > > > > local post_args, post_err = ngx.req.get_post_args() > > > > if post_args.arg_name = something then > > > > > > > > But in NJS, there’s no such POST body utility so I had to write my > > > > own. The code that I use to parse out the POST body works for both > > > > URL encoded POST bodies and multipart POST bodies, but it has to > > > > read > > > > the entire POST into a variable before I can use it. For small > > > > POSTs, > > > > that’s not a problem. For larger POSTs that contain a big > > > > attachment, > > > > it would be. Ultimately, I only care about the string key/value > > > > pairs > > > > for my purposes (not file attachments) so I was hoping to discard > > > > attachment data while parsing the body. > > > > > > > > > > > > > > > Thank you for the feedback, I will add it as to a future feature > > > list. > > > > > > > I think that that is actually how Lua’s version of this works too. > > > > So my next thought was that I could use a Buffer and rs.readSync to > > > > read the POST body in buffer frames to keep memory minimal so that I > > > > could could discard the any file attachments from the POST body and > > > > just evaluate the key/value data that uses simple strings. But from > > > > what you’re saying, it sounds like there’s basically no difference > > > > between fs.readSync w/ a Buffer and rs.readFileSync in terms of > > > > actual > > > > memory use. So either way, with a large POST body, you’d be > > > > steamrolling the memory use in a single Nginx worker thread. When I > > > > had to deal with stuff like this in Lua, I’d just run > > > > collectgarbage() > > > > to clean up memory and it seemed to work fine. But then I also > > > > wasn’t > > > > having to parse out the POST body myself in Lua either. > > > > > > > > It’s possible that something else is going on other than that. > > > > qs.parse seems like it could get us into some trouble if the > > > > query_string that was passed was unusuall long too from what you’re > > > > saying about how memory is handled. > > > > > > > > > > > for qs.parse() there is a limit for a number of arguments, which > > > you can > > > specify. > > > > > > > > > > > None of the situations that I’m handling are for long running > > > > requests. They’re all designed for very fast requests that come > > > > into > > > > the servers that I manage on a constant basis. > > > > > > > > If you can shed some light on the way that VM’s and their memory are > > > > handled per my question above and any insights into what to do about > > > > this type of situation, that would help a lot. I don’t know if > > > > there > > > > are any plans to offer a POST body parsing feature in NJS for those > > > > that need to evalute POST body data like how Lua did it, but if > > > > there > > > > was some way to be able to do that at the Nginx layer instead of at > > > > the NJS layer, it seems like that could be a lot more sensitive to > > > > memory use. Right now, if my understanding is correct, the only > > > > option that I’d even have would be to just stop doing POST body > > > > handling if the POST body is above a certain total size. I guess if > > > > there was some way to forcibly free memory, that would help too. > > > > But > > > > I don’t think that that is as common of a problem as having to deal > > > > with very large query strings that some third party appends to a URL > > > > (probably maliciously) and/or a very large file upload attached to a > > > > multipart POST. So the only concern that I’d have about memory in a > > > > situation where I don’t have to worry about memory when parsing a > > > > larger file woudl be if multiple js_sets and such would just keep > > > > spawning VMs and accumulating memory during a single request. > > > > > > > > Any thoughts? > > > > > > > > — > > > > Lance Dockins > > > > > > > > > > > > On Thursday, Sep 21, 2023 at 1:45 AM, Dmitry Volyntsev > > > > wrote: > > > > > > > > On 20.09.2023 20:37, Lance Dockins wrote: > > > > > So I guess my question at the moment is whether endless memory use > > > > > growth being reported by njs.memoryStats.size after file writes is > > > > > some sort of false positive tied to quirks in how memory use is > > > > > being > > > > > reported or whether this is indicative of a memory leak? Any > > > > > insight > > > > > would be appreicated. > > > > > > > > Hi Lance, > > > > The reason njs.memoryStats.size keeps growing is because NJS uses > > > > arena > > > > memory allocator linked to a current request and a new object > > > > representing memoryStats structure is returned every time > > > > njs.memoryStats is accessed. Currently NJS does not free most of the > > > > internal objects and structures until the current request is > > > > destroyed > > > > because it is not intended for a long running code. > > > > > > > > Regarding the sudden memory spikes, please share some details > > > > about JS > > > > code you are using. > > > > One place to look is to analyze the amount of traffic that goes to > > > > NJS > > > > locations and what exactly those location do. > > > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From xeioex at nginx.com Tue Sep 26 22:50:58 2023 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Tue, 26 Sep 2023 15:50:58 -0700 Subject: Debugging Nginx Memory Spikes on Production Servers In-Reply-To: <3ada433a-de92-403d-9886-e04bb6d14eed@Canary> References: <4256e11a-298b-4e3c-8d02-2f415bfdd265@Canary> <276276f5-3e01-de42-5363-fc4a4468e3a3@nginx.com> <051b2615-237b-4e51-b7b3-50de6cf6dee7@Canary> <85519d12-0638-4cab-a21c-b8617885a13a@nginx.com> <7ae13a6e-3bb1-48ba-8e62-093abbe38d14@Canary> <3b04204b-2b38-43ac-8872-9ceb48325c47@Canary> <3ada433a-de92-403d-9886-e04bb6d14eed@Canary> Message-ID: <7ca3ce0f-004c-4a06-961e-be267b567ca3@nginx.com> On 9/26/23 8:30 AM, Lance Dockins wrote: > Up until now, I had assumed that string.match types of statements were > just transparently calling PCRE behind the scenes so that the > associated memory from the PCRE call was being freed after use.  Maybe > that’s not even an accurate read on how Nginx is using PCRE but that’s > how I envisioned it. String.prototype.match() returns an array of matched elements. See https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/match. It means that many calls to that method that have positive matches consume memory proportional to the size of the resulting chunks. But if the match fails it should not consume (much) memory. So if you have a bunch of if/then clauses until the first match it should not be a problem (if not let me know). In general doing a routing in NJS (or any other scripting) is not recommended, because it complicates the native nginx location routing. Could you please explain what exactly you want to do with NJS RegExp what nginx cannot do with regexp locations? > > In any case, that lead me to a few questions. > > 1. How does keepalive affect these VMs?  I realize that keepalive is > for the connection rather than the request, but I still wanted to > confirm that VM’s are not sticking around occupying memory after > the request completes due to keepavlive settings. > > All the current VMs are destroyed when a current HTTP request is finalized. > 1.   We have a mix of fast requests and long running requests (e.g > 5-10s) so if enough long running requests build up at the same > time that a flood of very fast requests come in, NJS could > certainly burn out a lot of memory under the current conditions as > I understand it.  If there were a lot of large file downloads, > those would also occupy memory for the entirety of the download if > I understand correctly. > 2. Is it possible to adjust the NJS codebase to free memory for the > actual if condition and for string matches after they’ve run as > long as they didn’t include a variable assignment inside of the > actual if condition?  I’m not talking about whatever is in the > block content - just the actual condition.  Given how likely it is > for people to use basic if conditions and string matches in NJS, > that seems like it might be a stopgap measure that reduces the > memory footprint without having to build full garbage collection. > > The problem with JS Regexps is that they produce a lot of intermediary objects. Because most of the RegExp related calls end up RegExp.prototype.exec() which return a large object representing the result of PCRE matching. One way to mediate the problem could be using RegExp.prototype.test() which return just a boolean. But I need to improve it first, because right now it uses RegExp.prototype.exec() internally. The reason RegExp.prototype.test() will be easier to improve is that I can be sure that the resulting object can be freed right away. In addition to that I plan to improve the memory consumption for RegExp.prototype.exec() result, thanks for reporting. > > 1. Is there any workaround for this type of memory problem other than > just to force the use of an internalRedirect to drop the existing > VM and create a new one? > > 1. Could it make sense to allow for a directive that would force the > destruction and regeneration of a new JS VM?  That wouldn’t solve > the memory leak that bulids to 1mb per request but it would > shorten its lifetime (which could ease memory pressure in > situations where there are some long running requests holding open > the requests) > I do not think so. From lance at wordkeeper.com Wed Sep 27 01:20:41 2023 From: lance at wordkeeper.com (Lance Dockins) Date: Tue, 26 Sep 2023 20:20:41 -0500 Subject: Debugging Nginx Memory Spikes on Production Servers In-Reply-To: <7ca3ce0f-004c-4a06-961e-be267b567ca3@nginx.com> References: <4256e11a-298b-4e3c-8d02-2f415bfdd265@Canary> <276276f5-3e01-de42-5363-fc4a4468e3a3@nginx.com> <051b2615-237b-4e51-b7b3-50de6cf6dee7@Canary> <85519d12-0638-4cab-a21c-b8617885a13a@nginx.com> <7ae13a6e-3bb1-48ba-8e62-093abbe38d14@Canary> <3b04204b-2b38-43ac-8872-9ceb48325c47@Canary> <3ada433a-de92-403d-9886-e04bb6d14eed@Canary> <7ca3ce0f-004c-4a06-961e-be267b567ca3@nginx.com> Message-ID: To clarify, I am NOT using regexp as a replacement for locations. Some of the things that I need to do might be possible with locations. Most aren’t. I have to test more than just the request_uri and logically I have to use AND/OR and nested conditions. So it’s largely unfeasible with core Nginx directives. That’s why I moved to scripting alternatives. As for RegExp.test vs String.match, that’s true. I guess technically I should be using RegExp.test since I only care whether the value matches or not for most instances but it’s much uglier and harder to read. If it’s usable, though, that’s better than consuming loads of memory. As a rough test, I did just convert most of the String.match references to RegExp.test and it did reduce the memory. But it only reduced it by around 40kb. That’s certainly better but on a 1mb memory footprint, not by much. Maybe that is because of what you mentioned about the internal call to RegExp.exec, though. That would make sense if it’s only mildly different from .match under the hood. So if .test is likely to diverge from .match on consumed memory over time, that’s a better fit if you need to do a lot of things that might invoke the regex engine. I’m guessing that String.replace (which I also use in a number of places) is also running its regexes through RegExp.exec too so if that’s where some of this memory leak is coming from, improvements to that might help by a lot. For whatever it’s worth, the current math seems to play out like this: (/someregex/).test(string) is about 8kb smaller than: let regex = new RegExp(/someregex/); regex.test(string) That makes sense since one is also creating a variable but the first route seems to be the only viable option if you need to do anything that is going to touch regex under the hood. Thus far, the only reliable solution that I’ve found at reducing memory is to just carefully craft the order of if/then statements to ensure that no more string replacements or regex tests occur than absolutely have to for a given type of request. That’s made a significant dent in specific use cases but mostly it’s just been mild improvements. Between what you’ve shared about the regex internals and what I’ve seen doing basic tests around conditions (either using .match or .test), I do think that that is where the bulk of the problem is. Every time that I do anything that involves a regex (string replacement, etc), it seems to burn at least 20k. Given that, it seems like I only have a few options to be able to address this at all right now and most of them are just workarounds (e.g. moving some of these regexes to maps, maybe splitting some of the logic into a few different js_set directives and localizing those to specific contexts to make them function in a bit more of a JIT way, or using an internalRedirect just for the sake of freeing memory). I’ll to try to figure out what I can. Hopefully whatever I come up with is enough to keep Nginx from spontaneously crashing during some types of concurrent traffic load. That’s my only real goal at the moment. :) Thank you again for the feedback on all of this. It has helped to find at least a few ways to contain this even if just to improve it mildly. Every little bit seems to count for me at the moment. — Lance Dockins > On Tuesday, Sep 26, 2023 at 5:51 PM, Dmitry Volyntsev wrote: > > On 9/26/23 8:30 AM, Lance Dockins wrote: > > Up until now, I had assumed that string.match types of statements were > > just transparently calling PCRE behind the scenes so that the > > associated memory from the PCRE call was being freed after use. Maybe > > that’s not even an accurate read on how Nginx is using PCRE but that’s > > how I envisioned it. > > String.prototype.match() returns an array of matched elements. See > https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/match. > It means that many calls to that method that have positive matches > consume memory proportional to the size of the resulting chunks. But if > the match fails it should not consume (much) memory. So if you have a > bunch of if/then clauses until the first match it should not be a > problem (if not let me know). > > > In general doing a routing in NJS (or any other scripting) is not > recommended, because it complicates the native nginx location routing. > Could you please explain what exactly you want to do with NJS RegExp > what nginx cannot do with regexp locations? > > > > > In any case, that lead me to a few questions. > > > > 1. How does keepalive affect these VMs? I realize that keepalive is > > for the connection rather than the request, but I still wanted to > > confirm that VM’s are not sticking around occupying memory after > > the request completes due to keepavlive settings. > > > > > All the current VMs are destroyed when a current HTTP request is finalized. > > > > 1. We have a mix of fast requests and long running requests (e.g > > 5-10s) so if enough long running requests build up at the same > > time that a flood of very fast requests come in, NJS could > > certainly burn out a lot of memory under the current conditions as > > I understand it. If there were a lot of large file downloads, > > those would also occupy memory for the entirety of the download if > > I understand correctly. > > 2. Is it possible to adjust the NJS codebase to free memory for the > > actual if condition and for string matches after they’ve run as > > long as they didn’t include a variable assignment inside of the > > actual if condition? I’m not talking about whatever is in the > > block content - just the actual condition. Given how likely it is > > for people to use basic if conditions and string matches in NJS, > > that seems like it might be a stopgap measure that reduces the > > memory footprint without having to build full garbage collection. > > > > > The problem with JS Regexps is that they produce a lot of intermediary > objects. Because most of the RegExp related calls end up > RegExp.prototype.exec() which return a large object representing the > result of PCRE matching. > > > One way to mediate the problem could be using RegExp.prototype.test() > which return just a boolean. > But I need to improve it first, because right now it uses > RegExp.prototype.exec() internally. The reason RegExp.prototype.test() > will be easier to improve is that I can be sure that the resulting > object can be freed right away. In addition to that I plan to improve > the memory consumption for RegExp.prototype.exec() result, thanks for > reporting. > > > > > > 1. Is there any workaround for this type of memory problem other than > > just to force the use of an internalRedirect to drop the existing > > VM and create a new one? > > > > 1. Could it make sense to allow for a directive that would force the > > destruction and regeneration of a new JS VM? That wouldn’t solve > > the memory leak that bulids to 1mb per request but it would > > shorten its lifetime (which could ease memory pressure in > > situations where there are some long running requests holding open > > the requests) > > > I do not think so. > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vijaykumar.ppsg at gmail.com Sat Sep 30 19:09:20 2023 From: vijaykumar.ppsg at gmail.com (Vijay Kumar Kamannavar) Date: Sun, 1 Oct 2023 00:39:20 +0530 Subject: SSL Reuse not happening in s3 presigned urls Message-ID: Hello. I am using nginx reverse proxy for s3 presigned urls. I am running nginx as a container using nginx:1.25.2 debian image. My host has 16 Core and 32GB. Below is the nginx configuration. user nginx; worker_processes 14; pid /run/nginx.pid; worker_rlimit_nofile 40000; events { worker_connections 1024; } http { upstream s3_backend { server .s3.amazonaws.com:443; keepalive 10; } log_format combined_ssl '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' '$ssl_protocol/$ssl_cipher ' '$ssl_session_reused'; proxy_ssl_session_reuse on; proxy_ssl_server_name on; # HTTPS server block with SSL certificate and S3 reverse proxy server { listen 443 ssl; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_session_tickets off; server_name .company.com; # Path to your SSL certificate and private key ssl_certificate /etc/nginx/domain.crt; ssl_certificate_key /etc/nginx/domain.key; location /s3proxy/ { rewrite /s3proxy//(.*) /$1 break; proxy_pass https://s3_backend; proxy_redirect off; proxy_http_version 1.1; proxy_set_header "Connection" ''; proxy_set_header Host .s3.amazonaws.com; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; error_log /var/log/nginx/ssl_debug.log debug; } } } But in the log /var/log/nginx/ssl_debug.log, I see SSL Handshake every time when I request an S3 object via proxy using S3presigned URLs. Below is the log I see every time for every request. 2023/09/30 18:07:19 [debug] 36#36: *9 event timer add: 22: 60000:721858477 2023/09/30 18:07:19 [debug] 36#36: *9 http finalize request: -4, "/blob/zte3odk1ymnl at CIBC-2mb /singleurl0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIASQOYQRM4CTRY6I54%2F20230930> 2023/09/30 18:07:19 [debug] 36#36: *9 http request count:2 blk:0 2023/09/30 18:07:19 [debug] 36#36: *9 http run request: "/blob/zte3odk1ymnl at CIBC-2mb /singleurl0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIASQOYQRM4CTRY6I54%2F20230930%2Fus-eas> 2023/09/30 18:07:19 [debug] 36#36: *9 http upstream check client, write event:1, "/blob/zte3odk1ymnl at CIBC-2mb/singleurl0" 2023/09/30 18:07:19 [debug] 36#36: *9 http upstream request: "/blob/zte3odk1ymnl at CIBC-2mb /singleurl0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIASQOYQRM4CTRY6I54%2F20230930%2Fu> 2023/09/30 18:07:19 [debug] 36#36: *9 http upstream send request handler 2023/09/30 18:07:19 [debug] 36#36: *9 malloc: 000055ED330A1DD0:96 2023/09/30 18:07:19 [debug] 36#36: *9 upstream SSL server name: "s3_backend" 2023/09/30 18:07:19 [debug] 36#36: *9 set session: 0000000000000000 2023/09/30 18:07:19 [debug] 36#36: *9 tcp_nodelay 2023/09/30 18:07:19 [debug] 36#36: *9 SSL_do_handshake: -1 2023/09/30 18:07:19 [debug] 36#36: *9 SSL_get_error: 2 2023/09/30 18:07:19 [debug] 36#36: *9 SSL handshake handler: 0 2023/09/30 18:07:19 [debug] 36#36: *9 SSL_do_handshake: -1 2023/09/30 18:07:19 [debug] 36#36: *9 SSL_get_error: 2 2023/09/30 18:07:19 [debug] 36#36: *9 SSL handshake handler: 1 2023/09/30 18:07:19 [debug] 36#36: *9 SSL_do_handshake: -1 2023/09/30 18:07:19 [debug] 36#36: *9 SSL_get_error: 2 2023/09/30 18:07:19 [debug] 36#36: *9 SSL handshake handler: 0 2023/09/30 18:07:19 [debug] 36#36: *9 SSL_do_handshake: -1 2023/09/30 18:07:19 [debug] 36#36: *9 SSL_get_error: 2 2023/09/30 18:07:19 [debug] 36#36: *9 SSL handshake handler: 1 2023/09/30 18:07:19 [debug] 36#36: *9 SSL_do_handshake: -1 2023/09/30 18:07:19 [debug] 36#36: *9 SSL_get_error: 2 2023/09/30 18:07:19 [debug] 36#36: *9 SSL handshake handler: 1 2023/09/30 18:07:19 [debug] 36#36: *9 SSL_do_handshake: -1 2023/09/30 18:07:19 [debug] 36#36: *9 SSL_get_error: 2 2023/09/30 18:07:19 [debug] 36#36: *9 SSL handshake handler: 0 2023/09/30 18:07:19 [debug] 36#36: *9 save session: 000055ED330FBAC0 2023/09/30 18:07:19 [debug] 36#36: *9 SSL_do_handshake: 1 2023/09/30 18:07:19 [debug] 36#36: *9 SSL: TLSv1.2, cipher: "ECDHE-RSA-AES128-GCM-SHA256 TLSv1.2 Kx=ECDH Au=RSA Enc=AESGCM(128) Mac=AEAD" 2023/09/30 18:07:19 [debug] 36#36: *9 *http upstream ssl handshake*: "/blob/zte3odk1ymnl at CIBC-2mb /singleurl0?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=ASIASQOYQRM4CTRY6I54%2F202309> 2023/09/30 18:07:19 [debug] 36#36: *9 http upstream send request 2023/09/30 18:07:19 [debug] 36#36: *9 http upstream send request body If I run 4K clients using a simulator,I will see 100% CPU in the nginx container.I believe if we cache SSL sessions then SSL handshake for every request will be avoided hence we may not have high CPU at nginx container. Can you please help how to achieve SSL Cache? how to make sure the CPU is not high? Is there any reason why the CPU is high other than SSL Handshake. Thanks, Vijay -------------- next part -------------- An HTML attachment was scrubbed... URL: