<div dir="ltr"><div class="gmail_default" style="font-size:small">nginx -V<br>nginx version: openresty/<a href="http://1.21.4.1">1.21.4.1</a><br>built by gcc 11.3.0 (Ubuntu 11.3.0-1ubuntu1~22.04) <br>built with OpenSSL 3.0.2 15 Mar 2022<br>TLS SNI support enabled<br>configure arguments: --prefix=/usr/local/openresty/nginx --with-cc-opt=-O2 --add-module=../ngx_devel_kit-0.3.1 --add-module=../echo-nginx-module-0.62 --add-module=../xss-nginx-module-0.06 --add-module=../ngx_coolkit-0.2 --add-module=../set-misc-nginx-module-0.33 --add-module=../form-input-nginx-module-0.12 --add-module=../encrypted-session-nginx-module-0.09 --add-module=../srcache-nginx-module-0.32 --add-module=../ngx_lua-0.10.21 --add-module=../ngx_lua_upstream-0.07 --add-module=../headers-more-nginx-module-0.33 --add-module=../array-var-nginx-module-0.05 --add-module=../memc-nginx-module-0.19 --add-module=../redis2-nginx-module-0.15 --add-module=../redis-nginx-module-0.3.9 --add-module=../rds-json-nginx-module-0.15 --add-module=../rds-csv-nginx-module-0.09 --add-module=../ngx_stream_lua-0.0.11 --with-ld-opt=-Wl,-rpath,/usr/local/openresty/luajit/lib --add-module=/usr/src/openresty-1.21.4.1/../ngx_http_substitutions_filter_module --with-http_ssl_module --with-http_stub_status_module --with-http_realip_module --with-stream --with-stream_ssl_module --with-stream_ssl_preread_module<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 23, 2023 at 10:43 PM Dan Swaney <<a href="mailto:justdan23@gmail.com">justdan23@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Saint, can you also run 'nginx -V' and drop your build configuration here in this thread?</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 23, 2023 at 10:41 PM Dan Swaney <<a href="mailto:justdan23@gmail.com" target="_blank">justdan23@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>To use HTTP2, you have to configure the build to include it. Same goes for Kerberos GSSAPI SPNEGO Authentication support with the SPNEGO Module for NGINX.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><font face="monospace">nginx version: nginx/1.23.3<br>built by cl 19.34.31937 for x64<br><b style="background-color:rgb(255,255,255)">built with OpenSSL 3.1.0-beta1-dev</b><br>TLS SNI support enabled<br>configure arguments: --with-cc=cl --builddir=objs --with-debug --prefix=. --conf-path=conf/nginx.conf --pid-path=logs/nginx.pid --http-log-path=logs/access.log --error-log-path=logs/error.log --sbin-path=nginx.exe --http-client-body-temp-path=temp/client_body_temp --http-proxy-temp-path=temp/proxy_temp --http-fastcgi-temp-path=temp/fastcgi_temp --http-scgi-temp-path=temp/scgi_temp --http-uwsgi-temp-path=temp/uwsgi_temp --with-cc-opt=-DFD_SETSIZE=1024 --with-pcre=objs/lib/pcre2 --with-zlib=objs/lib/zlib --with-select_module <b style="background-color:rgb(0,255,0)">--with-http_v2_module</b> --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_stub_status_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_auth_request_module --with-http_random_index_module --with-http_secure_link_module --with-http_slice_module --with-mail --with-stream --with-http_ssl_module --with-mail_ssl_module --with-stream_ssl_module --with-openssl=objs/lib/openssl --add-module=objs/lib/spnego-http-auth-nginx-module --with-cc-opt='-I objs/lib/krb5/objs/include'</font><br></blockquote><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 23, 2023 at 10:30 PM Saint Michael <<a href="mailto:venefax@gmail.com" target="_blank">venefax@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-size:small">I enabled http2 but it fails</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">nginx: [emerg] the "http2" parameter requires ngx_http_v2_module in /etc/federico/x3x.conf:17<br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 23, 2023 at 10:25 PM Saint Michael <<a href="mailto:venefax@gmail.com" target="_blank">venefax@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-size:small">can we add that at the top level? like a global value?</div><div class="gmail_default" style="font-size:small"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 23, 2023 at 10:17 PM Dan Swaney <<a href="mailto:justdan23@gmail.com" target="_blank">justdan23@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">See my earlier response above for details. It works when you reduce the ssl_buffer_size to 4k. You can try 8k for performance.<div>(Correction: use the 'server' section for this setting.)</div><div><br></div><div><font face="monospace">server {</font></div><div><font face="monospace"> ...</font></div><div><font face="monospace"> ssl_buffer_size 4k;</font> <br></div><div><font face="monospace">}</font></div><div><font face="monospace"><br></font></div><div><font face="monospace">Reference to setting is on this page:</font></div><blockquote style="margin:0px 0px 0px 40px;border:none;padding:0px"><div><a href="https://haydenjames.io/nginx-tuning-tips-tls-ssl-https-ttfb-latency/" target="_blank">https://haydenjames.io/nginx-tuning-tips-tls-ssl-https-ttfb-latency/</a></div></blockquote><div><br></div><div>The bug happens to be within the OpenSSL library I believe, but I found when reducing the buffer size to 4k, it worked for my test.<br>There is a bug when it operates with the default of 16k and it fails to write out the response in 16k chunks, but does work with 4k chunks.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 23, 2023 at 10:06 PM Saint Michael <<a href="mailto:venefax@gmail.com" target="_blank">venefax@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-size:small">Please read this, it's from 2011/11/04, and it hasn't been fixed :</div><div class="gmail_default" style="font-size:small"><a href="https://tech.blog.aknin.name/2011/11/04/nginxgzip-module-might-silently-corrupt-data-upon-backend-failure/" target="_blank">https://tech.blog.aknin.name/2011/11/04/nginxgzip-module-might-silently-corrupt-data-upon-backend-failure/</a><br></div><div class="gmail_default" style="font-size:small"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 23, 2023 at 9:43 PM Dan Swaney <<a href="mailto:justdan23@gmail.com" target="_blank">justdan23@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Ah-ah...I caught the NGINX failure in the SSL response:<br><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><font face="monospace">2023/02/23 21:24:49 [debug] 4768#4528: *1 http filename: "./html/images/image001.jpg"<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 add cleanup: 000002DC83A7CBE8<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http static fd: 732<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http set discard body<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http map started<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 parse header: "Cookie: SessionId SessionId="<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http map started<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http map: "" ""<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http script var: ""<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http map: "" ""<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http script copy: "SessionId SessionId="<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http script var: ""<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http script copy: ";AuthId="<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http script var: "SessionId SessionId="<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http script copy: " SessionId="<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http script var: "ab3e389a16b819b5477309665cfcc4672f47d5657e1c154381c6eb8336963721"<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http script copy: "; Domain=<a href="http://win10-web-svr.dreamstone.com" target="_blank">win10-web-svr.dreamstone.com</a>; Path=/; HttpOnly; Secure"<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 HTTP/1.1 200 OK<br>Server: nginx/1.23.3<br>Date: Fri, 24 Feb 2023 02:24:49 GMT<br>Content-Type: application/octetstream<br><b style="background-color:rgb(0,255,0)">Content-Length: 123197</b><br>Last-Modified: Wed, 30 Nov 2022 19:41:21 GMT<br>Connection: keep-alive<br>ETag: "6387b1e1-1e13d"<br>Strict-Transport-Security: max-age=15768000; preload<br>X-Frame-Options: SAMEORIGIN<br>X-XSS-Protection: 1<br>X-Content-Type-Options: nosniff<br>Referred-Policy: strict-origin<br>Set-Cookie: SessionId SessionId=;AuthId=SessionId SessionId= SessionId=ab3e389a16b819b5477309665cfcc4672f47d5657e1c154381c6eb8336963721; Domain=<a href="http://win10-web-svr.dreamstone.com" target="_blank">win10-web-svr.dreamstone.com</a>; Path=/; HttpOnly; Secure<br>Accept-Ranges: bytes<br><br>2023/02/23 21:24:49 [debug] 4768#4528: *1 write new buf t:1 f:0 000002DC83A7E2F0, pos 000002DC83A7E2F0, size: 626 file: 0, size: 0<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http write filter: l:0 f:0 s:626<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http output filter "/images/image001.jpg?"<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http copy filter: "/images/image001.jpg?"<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 malloc: 000002DC83A87340:32768<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http postpone filter "/images/image001.jpg?" 000002DC83A7E658<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 write old buf t:1 f:0 000002DC83A7E2F0, pos 000002DC83A7E2F0, size: 626 file: 0, size: 0<br><span style="background-color:rgb(0,255,0)">2023/02/23 21:24:49 [debug] 4768#4528: *1 write new buf t:1 f:0 000002DC83A87340, pos 000002DC83A87340, size: 32768 file: 0, size: 0</span><br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http write filter: l:0 f:1 s:33394<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http write filter limit 2097152<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 malloc: 000002DC83A8F350:16384<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 SSL buf copy: 626<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 SSL buf copy: 15758<br><b><font style="background-color:rgb(0,255,0)" color="#000000">2023/02/23 21:24:49 [debug] 4768#4528: *1 SSL to write: 16384</font></b><br>2023/02/23 21:24:49 [debug] 4768#4528: ssl remove session: B87DD7B9:32<br>2023/02/23 21:24:49 [debug] 4768#4528: shmtx lock<br>2023/02/23 21:24:49 [debug] 4768#4528: shmtx unlock<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 SSL_write: -1<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 SSL_get_error: 1<br><b><font color="#ff0000">2023/02/23 21:24:49 [crit] 4768#4528: *1 SSL_write() failed (SSL: error:0A0C0103:SSL routines::internal error) while sending response to client, client: 192.168.80.130, server: <a href="http://win10-web-svr.dreamstone.com" target="_blank">win10-web-svr.dreamstone.com</a>, request: "GET /images/image001.jpg HTTP/1.1", host: "<a href="http://win10-web-svr.dreamstone.com" target="_blank">win10-web-svr.dreamstone.com</a>", referrer: "<a href="https://win10-web-svr.dreamstone.com/" target="_blank">https://win10-web-svr.dreamstone.com/</a>"<br></font></b>2023/02/23 21:24:49 [debug] 4768#4528: *1 http write filter FFFFFFFFFFFFFFFF<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http copy filter: -1 "/images/image001.jpg?"<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http finalize request: -1, "/images/image001.jpg?" a:1, c:1<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http terminate request count:1<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http terminate cleanup count:1 blk:0<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http posted request: "/images/image001.jpg?"<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http terminate handler count:1<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http request count:1 blk:0<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http close request<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 http log handler<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 run cleanup: 000002DC83A7CBE8<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 file cleanup: fd:732<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 free: 000002DC83A87340<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 free: 000002DC83A7BC00, unused: 0<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 free: 000002DC83A7DC20, unused: 1167<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 close http connection: 500<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 select del event fd:500 ev:768<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 reusable connection: 0<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 free: 000002DC83A647C0<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 free: 000002DC83A8F350<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 free: 000002DC8332EAB0, unused: 12<br>2023/02/23 21:24:49 [debug] 4768#4528: *1 free: 000002DC83A7DA10, unused: 384</font><br></blockquote></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 23, 2023 at 9:32 PM Dan Swaney <<a href="mailto:justdan23@gmail.com" target="_blank">justdan23@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I tried to reproduce it with a simple web page and I'm seeing the issue which I believe you are having.<div><br></div><div>By default, NGINX seems to default to some limit of 15k on responses of images returned directly.</div><div><br></div><div>While the error.log in debug mode shows it constructs the response with the right content length, it fails to return a response if the file is over 15k.</div><div><br></div><div>I'm using a build I did from NGINX 1.23.3. While I know I have returned files larger than this in proxy mode. This seems to be happening in normal web server page mode.</div><div><br></div><div><img src="cid:ii_lehwhvfp3" alt="image.png" width="562" height="304"><br></div><div><br></div><div><br></div><div>I even tried to increase it by adding:</div><div><br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><font face="monospace"> location / {<br> root html;<br> index index.html index.htm favicon.ico;<br> <br> types {<br> text/html html;<br> image/gif gif;<br> application/octetstream jpg;<br> application/octetstream png;<br> }<br> <br> set $max_image_size 50000;<br> client_max_body_size 50000;<br> }</font><br></blockquote></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 23, 2023 at 8:09 PM Dan Swaney <<a href="mailto:justdan23@gmail.com" target="_blank">justdan23@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div>Try this:</div><ol><li>At the very top of your nginx.conf file, add a definition:<br><br> error_log logs/error.log debug;<br><br></li><li>Within your nginx install directory (where nginx.exe exists), create a 'logs' folder if one does not exist.</li><li>Restart nginx.exe (if running as a Windows Service with NSSM, then restart the service).</li><li>If NGINX does not start...</li><ul><li>Check the 'error.log' as it will tell you if your nginx.conf has something weird in it that it doesn't like.</li></ul><li>If NGINX started successfully...</li><ul><li>Run your test from your client browser.</li><li>Go back to the Server and check your 'error.log' and look for the URL request. </li><li>It will show you everything it does with routing or looking for files.</li></ul></ol></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 23, 2023 at 7:22 PM Saint Michael <<a href="mailto:venefax@gmail.com" target="_blank">venefax@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-size:small">Now it remains broken and I have no idea how to fix it. I guess is caching bad copies of the pictures.</div><div class="gmail_default" style="font-size:small">I re-uploaded the two images.</div><div class="gmail_default" style="font-size:small">Kindly let me know if this is "normal"</div><div class="gmail_default" style="font-size:small"><img src="cid:ii_lehsds9s2" alt="image.png" width="562" height="346"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 23, 2023 at 7:08 PM Dan Swaney <<a href="mailto:justdan23@gmail.com" target="_blank">justdan23@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Now your image001.jpg is returning your home page:<div><img src="cid:ii_lehr3yag1" alt="image.png" width="562" height="299"><br></div><div><br></div><div>If I had to guess, your location routing is re-routing all sub-urls to your base URL at '/' which is defaulting to your index.html (or whatever you have set for your default).</div><div>The tip was when it returns the content type as 'text/html' instead of 'image/jpg'.</div><div><br></div><div>As Maxim cited, your 'location' directives are for routing URL paths and not files. Think of the external viewed URL and the internal routed URL location.</div><div><br></div><div>Looking at your previous cited partial nginx.conf:<br><ul><li>root /static/duc/; </li><ul><li>I usually define this in my 'location' base section only and drop the initial '/' if it is relative to where NGINX is running.</li><ul><li>I then don't need it in any other 'location' sections for sub-folders which have different security.</li></ul><li>You have it defined in your 'server' section.</li></ul></ul><ul><li>default_type 'text/html; charset=UTF-8';</li><ul><li>I usually define this at the top of my 'http' section.</li><ul><li>Normally I use 'default_type application/octet-stream;'</li></ul><li>You have it defined in your 'server' section.</li><li>I see it returning your images as 'text/html'.<br><br></li></ul><li>try_files $uri $uri/ /index.html;<br></li><ul><li>I usually define a default 'index' if at the root and nothing else is added.</li><ul><li>For example: 'index index.html;'</li></ul><li>Remove the try_files like recommended earlier.</li><li>If you need to restrict access to specific folder URL mappings, then define a location of the URL mapping and add one line...</li><ul><li>'deny all;'</li><li>Otherwise leave it open to all sub URLs by doing nothing more but use a single 'location /' rule.</li></ul></ul></ul></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Feb 23, 2023 at 6:15 PM Dan Swaney <<a href="mailto:justdan23@gmail.com" target="_blank">justdan23@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">I just ran your test and it works fine from Chrome and in Visual Studio Code:<br><br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">> wget <a href="https://x3x.us/index_files/image001.jpg" target="_blank">https://x3x.us/index_files/image001.jpg</a><br>StatusCode : 200<br>StatusCode : 200<br>StatusDescription : OK<br>Content : {255, 216, 255, 224...}<br>RawContent : HTTP/1.1 200 OK<br> Connection: keep-alive<br> Strict-Transport-Security: max-age=31536000; includeSubDomains<br> Accept-Ranges: bytes<br> Content-Length: 8834<br> Content-Type: image/jpeg<br> Date: Thu, 23 Feb 2023 23...<br>Headers : {[Connection, keep-alive], [Strict-Transport-Security, max-age=31536000; includeSubDomains], [Accept-Ranges, bytes], <br> [Content-Length, 8834]...}<br>RawContentLength : 8834</blockquote><div><br></div><img src="cid:ii_lehq2tei0" alt="image.png" width="494" height="112"><br><div> </div><div><div><br></div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Feb 22, 2023 at 7:36 PM Saint Michael <<a href="mailto:venefax@gmail.com" target="_blank">venefax@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-size:small">a) The error does not have a single line.</div><div class="gmail_default" style="font-size:small">b) restarting does not fix it</div><div class="gmail_default" style="font-size:small">c) my nginx is no acting as proxy</div><div class="gmail_default" style="font-size:small">d) it happened twice and both times I fixed it by turning gzip off, restarting, and back on.</div><div class="gmail_default" style="font-size:small">e) I also noticed that I requested the image file with wget, get a full HTML file for the whole document, but named as if it were the image file.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">wget <a href="https://x3x.us/index_files/image001.jpg" target="_blank">https://x3x.us/index_files/image001.jpg</a><br></div><div class="gmail_default" style="font-size:small">but `stat image001.jpg' showed it was the entire text HTML file.</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">http {<br>client_max_body_size 1500M;<br> include mime.types;<br> # default_type application/octet-stream;<br><br> #log_format main '$remote_addr - $remote_user [$time_local] "$request" '<br> # '$status $body_bytes_sent "$http_referer" '<br> # '"$http_user_agent" "$http_x_forwarded_for"';<br><br> #access_log logs/access.log main;<br> sendfile on;<br> tcp_nopush on;<br> tcp_nodelay on;<br>gzip on;<br>gzip_vary on;<br>gzip_min_length 10240;<br>gzip_proxied expired no-cache no-store private auth;<br>gzip_types text/plain text/css text/xml text/javascript application/x-javascript application/xml;<br>gzip_disable "MSIE [1-6]\.";<br> #keepalive_timeout 0;<br> keepalive_timeout 65;<br> types_hash_max_size 2048;<br>proxy_headers_hash_max_size 1024;<br>proxy_headers_hash_bucket_size 128;<br> #gzip on;<br> # error_log /var/log/nginx/error.log debug;<br><br>error_log /var/log/nginx/error.log error;<br>error_log /var/log/nginx/error.log crit;<br><br> access_log /var/log/nginx/access.log;<br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">server {<br> add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;<br> default_type 'text/html; charset=UTF-8';<br> listen <a href="http://208.78.161.6:80" target="_blank">208.78.161.6:80</a>;<br> server_name <a href="http://x3x.us" target="_blank">x3x.us</a>;<br><br> # Redirect all domains to <a href="https://x3x.us" target="_blank">https://x3x.us</a><br> if ($scheme != "https") {<br> return 301 <a href="https://x3x.us" target="_blank">https://x3x.us</a>$request_uri;<br> }<br>}<br><br>server {<br> add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;<br> default_type 'text/html; charset=UTF-8';<br> listen <a href="http://208.78.161.6:443" target="_blank">208.78.161.6:443</a> ssl;<br> server_name <a href="http://x3x.us" target="_blank">x3x.us</a>;<br><br> ssl_certificate /etc/letsencrypt/live/<a href="http://x3x.us/fullchain.pem" target="_blank">x3x.us/fullchain.pem</a>;<br> ssl_certificate_key /etc/letsencrypt/live/<a href="http://x3x.us/privkey.pem" target="_blank">x3x.us/privkey.pem</a>;<br><br>root /static/duc/;<br><br> location / {<br><br>try_files $uri $uri/ /index.html;<br><br><br>}<br><br>} #server<br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">} #http </div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small"><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Feb 22, 2023 at 7:17 PM Maxim Dounin <<a href="mailto:mdounin@mdounin.ru" target="_blank">mdounin@mdounin.ru</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello!<br>
<br>
On Wed, Feb 22, 2023 at 02:46:29PM -0500, Saint Michael wrote:<br>
<br>
> It's not a misconfiguration, is a huge bug.<br>
> A wasted two days of sleep for something that is 100% a bug.<br>
> Please read here:<br>
> <a href="https://laracasts.com/discuss/channels/general-discussion/homestead-nginx-serving-wrong-images-and-only-cut-in-the-middle" rel="noreferrer" target="_blank">https://laracasts.com/discuss/channels/general-discussion/homestead-nginx-serving-wrong-images-and-only-cut-in-the-middle</a><br>
> He mentions the same exact problem and also he points to<br>
> <a href="https://tech.blog.aknin.name/2011/11/04/nginxgzip-module-might-silently-corrupt-data-upon-backend-failure/" rel="noreferrer" target="_blank">https://tech.blog.aknin.name/2011/11/04/nginxgzip-module-might-silently-corrupt-data-upon-backend-failure/</a><br>
> where the author says that Niginx will not fix it.<br>
> So he already tried he was rebuffed.<br>
<br>
The fun fact is that the referenced article doesn't state "will <br>
not fix", but rather "not a top priority". Further, proper error <br>
propagation is available in nginx for about 10 years now, since <br>
2013 (<a href="http://hg.nginx.org/nginx/rev/d3eab5e2df5f" rel="noreferrer" target="_blank">http://hg.nginx.org/nginx/rev/d3eab5e2df5f</a>, nginx 1.5.3). <br>
Quoting CHANGES:<br>
<br>
*) Change: now after receiving an incomplete response from a backend<br>
server nginx tries to send an available part of the response to a<br>
client, and then closes client connection.<br>
<br>
As long as nginx have an information about an error, it will <br>
preserve this information and propagate it to the client.<br>
<br>
Also note that it is only expected to make a difference if you are <br>
using nginx as a proxy, not to directly serve files. And only in <br>
case of errors. That is, if you are seeing the behaviour <br>
described, it might be a good idea to focus on the errors in the <br>
first place.<br>
<br>
I don't think it's anyhow related though, as switching gzip off <br>
and back on, as seems to be "the fix" described in the first link, <br>
is not going to help with anything. The important part is likely <br>
"restarted the server", so I would rather assume that "the server" <br>
(not sure if it refers to nginx or the whole server) was using an <br>
incorrect configuration and/or was out of some resources, and <br>
restart fixed it.<br>
<br>
Summing the above, if you want to find out what goes wrong in your <br>
case - you may want to provide more details. If you don't, nobody <br>
will be able to do it, unfortunately.<br>
<br>
The most basic thing I would recommend in the first place is to <br>
look into nginx error log, it is likely to contain important <br>
information if something goes wrong.<br>
<br>
-- <br>
Maxim Dounin<br>
<a href="http://mdounin.ru/" rel="noreferrer" target="_blank">http://mdounin.ru/</a><br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="https://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">https://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="https://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">https://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div>
</blockquote></div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="https://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">https://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="https://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">https://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div>
</blockquote></div>
</blockquote></div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="https://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">https://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="https://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">https://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="https://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">https://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div>
</blockquote></div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="https://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">https://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div>
</blockquote></div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="https://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">https://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div>