Squid has a mechanism by which incoming URL's can be passed to an
external program to be rewritten and the reverse proxy subsequently
calls out to the rewritten URL
http://wiki.squid-cache.org/SquidFaq/SquidRedirectors
Is there a way to emulate this from within nginx
Thanks, Yusuf
i installed Wordpress today on nginx and everything seems ok except one
"small" issue, i don't know how to convert the rewrite rules.
So if anybody has any experience or knows how to do it i'd be gratefull
cause they have only Apache examples :(
RewriteEngine On
RewriteBase /
# Rewrite www.domain.com to domain.com
RewriteCond %{HTTP_HOST} ^www\.(.*)
RewriteRule ^(.*) http://%1/$1 [R,L]
#uploaded files
RewriteRule ^(.*)?/?files/(.*) wp-content/blogs.php?file=$2 [L]
RewriteCond %{REQUEST_FILENAME} -f [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule . - [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(wp-.*) $2 [L]
RewriteRule ^([_0-9a-zA-Z-]+/)?(.*\.php)$ $2 [L]
RewriteRule . index.php [L]
Thank you.
Hi,
I am attempting to set up nginx for load balancing. HTTP works fine,
but I'm intermittently getting corrupted output back from HTTPS. The
responses contain garbage after the actual end of the document. There
appears to be some randomness/timing to this; the amount of garbage as
well as its contents varies. In addition to Web browsers I can
replicate this with "openssl s_client" using a single HTTP 1.0
request, no keep-alive or anything.
The load balancing machine is running nginx 0.5.14 on OpenBSD. The
balanced servers are Apache 2.2.3 and 2.0.54 on Linux.
Here is a minimal nginx.conf which demonstrates the problem:
worker_processes 1;
error_log /var/log/nginx-error.log;
events {
worker_connections 1024;
}
http {
upstream acm-ssl {
server 172.22.32.80:443;
}
server {
listen 443;
server_name www-s.acm.uiuc.edu;
ssl on;
ssl_certificate /etc/nginx/www-s.acm.uiuc.edu.crt;
ssl_certificate_key /etc/nginx/www-s.acm.uiuc.edu.key;
keepalive_timeout 70;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass https://acm-ssl;
}
}
}
(And yes, I realize encrypting twice is wasteful; unfortunately we
don't yet have the ability to secure the network connection so we need
to do it this way.)
--
Nicholas Riley <njriley(a)uiuc.edu> | <http://www.uiuc.edu/ph/www/njriley>
Igor,
I'm trying to setup dynamic handling based on the subdomain asked for
in an application that is proxied to.
Basically I'm using:
upstream http://domain.tld {
...
}
server {
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect false;
proxy_max_temp_file_size 0;
...
if (!-f $request_filename) {
proxy_pass http://domain.tld;
break;
}
}
}
What I'm finding is that the requested url "subdomain.domain.tld"
doesn't pass through, instead I only get "domain.tld".
Is there a way to tell Nginx to pass this through?
I've scanned the wiki but have not found this yet in there.
Thanks,
~Wayne
I built a test nginx server on debian linux within a virtual machine on my laptop and it was quite fast. Based on the results of that simple test I built a stand alone server on an HP Proliant DL360. Everything from a software standpoint should be the same, but the performance on the real hardware is TERRIBLE. A simple index page on the server hardware takes almost a minute to load, while the same loaded from the laptop takes less than a second.
Does anyone have any ideas how a dual-Xeon server is slower than a VM on my laptop with 128mb?
Casey
--
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.441 / Virus Database: 268.18.3/694 - Release Date: 2/20/2007 1:44 PM
Hello,
In my nginx config I am attempting to set the values of two request
headers using the following configuration:
location / {
proxy_set_header X_FORWARDED_PROTO http;
proxy_set_header X_SSL_VERIFIED false;
}
The goal is to ignore whatever the client sets for these headers, and
to pass our defined values on to the upstream cluster.
It appears that these values only get set if the client leaves them
out of the request. If the client sets X_SSL_VERIFIED to true, the
backend application sees 'true'.
I wanted to clarify that this is the expected behavior and that
proxy_set_header cannot be used to override the request header values
that a client sets. If this is the case, is there any way to
accomplish this?
Thanks,
Dustin
Hi,
I was wondering: is it correct that I cannot use ssl_verify_client and
ssl_client_certificate with nginx running as imap and/or pop3 proxy?
I'd like to enforce the use of client certificates... I'm currently
doing that with stunnel, but perhaps nginx could replace that, while
also offering more flexibility in proxying... (Probably not more
efficient than stunnel.) Besides, it would be great if the script
running for authentication could check parameters of the certificate
(like a hash, or the DN)...
Regards,
Paul
Hi,
My apologies if this message was received more than once.
My nginx seems to hang after a few minutes of no requests. I am
using it to proxy to a single mongrel process in development.
I am getting the following in my error_log when I am using debug output.
2007/03/29 13:18:17 [notice] 30348#0: using the "epoll" event method
2007/03/29 13:18:17 [notice] 30348#0: nginx/0.5.15
2007/03/29 13:18:17 [notice] 30348#0: OS: Linux 2.6.20-gentoo-r3
2007/03/29 13:18:17 [notice] 30348#0: sysctl(KERN_RTSIGMAX): 0
2007/03/29 13:18:17 [notice] 30348#0: getrlimit(RLIMIT_NOFILE):
1024:1024
2007/03/29 13:18:17 [notice] 30348#0: start worker processes
2007/03/29 13:18:17 [notice] 30348#0: start worker process 30353
2007/03/29 13:18:17 [notice] 30348#0: start worker process 30354
2007/03/29 13:24:29 [notice] 30354#0: signal 28 (SIGWINCH) received,
shutting down
2007/03/29 13:24:29 [info] 30354#0: epoll_wait() failed (4:
Interrupted system call)
2007/03/29 13:24:29 [notice] 30354#0: gracefully shutting down
2007/03/29 13:24:29 [notice] 30354#0: exiting
2007/03/29 13:24:29 [notice] 30353#0: signal 28 (SIGWINCH) received,
shutting down
2007/03/29 13:24:29 [info] 30353#0: epoll_wait() failed (4:
Interrupted system call)
2007/03/29 13:24:29 [notice] 30353#0: gracefully shutting down
2007/03/29 13:24:29 [notice] 30353#0: exiting
2007/03/29 13:24:29 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:24:29 [notice] 30348#0: signal 17 (SIGCHLD) received
2007/03/29 13:24:29 [notice] 30348#0: worker process 30353 exited
with code 0
2007/03/29 13:24:29 [notice] 30348#0: worker process 30354 exited
with code 0
2007/03/29 13:24:29 [notice] 30348#0: start worker process 3236
2007/03/29 13:24:29 [notice] 30348#0: start worker process 3237
2007/03/29 13:24:29 [notice] 30348#0: signal 29 (SIGIO) received
2007/03/29 13:24:29 [notice] 3236#0: gracefully shutting down
2007/03/29 13:24:29 [notice] 3236#0: exiting
2007/03/29 13:24:29 [notice] 30348#0: signal 17 (SIGCHLD) received
2007/03/29 13:24:29 [notice] 30348#0: worker process 3236 exited with
code 0
2007/03/29 13:24:29 [notice] 30348#0: signal 29 (SIGIO) received
2007/03/29 13:24:29 [notice] 3237#0: gracefully shutting down
2007/03/29 13:24:29 [notice] 3237#0: exiting
2007/03/29 13:24:29 [notice] 30348#0: signal 17 (SIGCHLD) received
2007/03/29 13:24:29 [notice] 30348#0: worker process 3237 exited with
code 0
2007/03/29 13:24:32 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:24:36 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:24:40 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:24:42 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:24:45 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:25:09 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:25:52 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:25:53 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:26:21 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:27:08 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:27:09 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:27:14 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:27:23 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:27:31 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:28:14 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:28:15 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:28:30 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:29:30 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:29:32 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:29:33 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:29:34 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:29:36 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:29:38 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
2007/03/29 13:29:39 [notice] 30348#0: signal 28 (SIGWINCH) received,
stop accepting connections
Any ideas. Let me know what additional information would be useful.
I have attached my config (It is based on Ezra's mongrel config that
he has published elsewhere.)
# user and group to run as
user me users;
daemon off;
# number of nginx workers
worker_processes 2;
error_log /current/log/nginx_core_error.log debug;
# pid of nginx master process
pid /current/log/nginx.pid;
# Number of worker connections. 1024 is a good default
events {
worker_connections 1024;
}
# start the http module where we config http access.
http {
# pull in mime-types. You can break out your config
# into as many include's as you want to make it cleaner
include /etc/nginx/mime.types;
# set a default type for the rare situation that
# nothing matches from the mimie-type include
default_type application/octet-stream;
# configure log format
log_format main '$remote_addr - $remote_user [$time_local] $status '
'"$request" $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
# main access log
access_log /current/log/nginx_access.log main;
# main error log
error_log /current/log/nginx_error.log debug;
# no sendfile on OSX
sendfile on;
# These are good default values.
tcp_nopush on;
tcp_nodelay off;
# output compression saves bandwidth
gzip on;
gzip_http_version 1.0;
gzip_comp_level 2;
gzip_proxied any;
gzip_types text/plain text/html text/css application/x-
javascript text/xml application/xml
application/xml+rss text/javascript;
# this is where you define your mongrel clusters.
# you need one of these blocks for each cluster
# and each one needs its own name to refer to it later.
upstream mongrel {
server 127.0.0.1:3000;
}
upstream merb {
server 127.0.0.1:4000;
}
# the server directive is nginx's virtual host directive.
server {
# port to listen on. Can also be set to an IP:PORT
listen 80;
auth_basic "Restricted";
auth_basic_user_file /current/config/nginx_passwd;
# Set the max size for file uploads to 50Mb
client_max_body_size 100M;
# sets the domain[s] that this vhost server requests for
# server_name www.[engineyard].com [engineyard].com;
#server_name alpha.contraspot.com;
# doc root
root /current/public;
# vhost specific access log
access_log /current/log/nginx.vhost.access.log main;
# this rewrites all the requests to the maintenance.html
# page if it exists in the doc root. This is for capistrano's
# disable web task
if (-f $document_root/system/maintenance.html) {
rewrite ^(.*)$ /system/maintenance.html last;
break;
}
location /upload {
# needed to forward user's IP address to rails
proxy_set_header X-Real-IP $remote_addr;
# needed for HTTPS
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect false;
proxy_max_temp_file_size 0;
proxy_pass http://merb;
break;
}
location / {
# needed to forward user's IP address to rails
proxy_set_header X-Real-IP $remote_addr;
# needed for HTTPS
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect false;
proxy_max_temp_file_size 0;
# If the file exists as a static file serve it directly without
# running all the other rewite tests on it
if (-f $request_filename) {
break;
}
# check for index.html for directory index
# if its there on the filesystem then rewite
# the url to add /index.html to the end of it
# and then break to send it to the next config rules.
if (-f $request_filename/index.html) {
rewrite (.*) $1/index.html break;
}
# this is the meat of the rails page caching config
# it adds .html to the end of the url and then checks
# the filesystem for that file. If it exists, then we
# rewite the url to have explicit .html on the end
# and then send it on its way to the next config rule.
# if there is no file on the fs then it sets all the
# necessary headers and proxies to our upstream mongrels
if (-f $request_filename.html) {
rewrite (.*) $1.html break;
}
if (!-f $request_filename) {
proxy_pass http://mongrel;
break;
}
}
error_page 500 502 503 504 /500.html;
error_page 413 /413.html;
location = /500.html {
root /current/public;
}
}
}
Thanks again for all the hard work on this software.
-Curtis
Changes with nginx 0.5.16 26 Mar 2007
*) Bugfix: the C-class network was not used as hash key in the
"ip_hash" directive.
Thanks to Pavel Yarkovoy.
*) Bugfix: a segmentation fault might occur in worker process if a
charset was set in the "Content-Type" header line and the line has
trailing ";"; bug appeared in 0.3.50.
*) Bugfix: the "[alert] zero size buf" error when FastCGI server was
used and an request body written in a temporary file was multiple of
32K.
*) Bugfix: nginx could not be built on Solaris without the --with-debug
option; bug appeared in 0.5.15.
--
Igor Sysoev
http://sysoev.ru/en/