i'm searching for an way to anonymize the ip address in the logfiles
of nginx. I already changed the ip to "127.0.0.1", but then i can't
check for unique visitors.
There is a mond_anonstats modul available for apache, the same ip hash
would be really nice for nginx.
I'm using Nginx to serve a file called crossdomain.xml, that file is used by
Flash client to allow socket crossdomain Policy. It's a trick that many
people are using instead of having a dedicated app to server that file. The
trick is to return that xml file when nginx get a bad request. Since a
recent version ( 1.4.7+ ) it seems that a bad request replies include HTTP
headers and therefore breaking the Flash client ( instead of returning only
the data without headers ). Is there a way to remove those headers? Also I
searched in the changelog and didn't find any hints about that change?
Example: perl -e 'printf "<policy-file-request/>%c",0' | nc test.com 843
HTTP/1.1 400 Bad Request
Date: Tue, 10 Jun 2014 18:44:00 GMT
<!DOCTYPE cross-domain-policy SYSTEM
<allow-access-from domain="*" secure="false" to-ports="*"/>
<site-control permitted-cross-domain-policies="master-only" />
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250772,250772#msg-250772
I see that nGinx supports configuration to perform OCSP validation of
server side certificates and staple the validation response to the client.
My question is whether nGinx supports OCSP validation of client presented
I seem to hit a dead end with documentation for that question. Would be
helpful if someone could answer this.
Thanks in advance for your time.
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,245958,245958#msg-245958
I just started with a small company that's got a bunch of web apps being
served up from a bunch of different web servers. Some are 'appliances',
most are Apache.
It's a mess of an infrastrucutre -- slow and . My long term plan is to
convert to one lighter weight platform with commercial support
available. Although I haven't used it myself for anything in production
yet, after a bunch of reading and some fooling around on my own, I'm 99%
sure it's going to be Nginx.
In the short term -- like the boss wants it yesterday! -- I need to put
everything behind two factor authentication and enable SSL. Right now,
every web app is directly exposed to the web with single-factor auth
In principle, I think I can solve this in one nginx instance. Setting
nginx up to listen on one IP, and serve up separate SSL certificates for
each web app is brilliantly easy in nginx! Works perfectly. SO that
part's basically done.
The auth piece has me scratching my head -- and I hope somebody here can
provide some guidance.
What I want to do is have all access to the webapps FIRST go through a
two factor authentication webpage in nginx. The two factors I need are
(1) a simple password known to the user, and (2) a
ONLY on correct & timely enter of both do I want the user passed through
to the webapp on one of those servers I mentioned. But once they do,
the 'authentication site' should become trabsparent and not interfere at
all with the session, etc.
I'm not sure how to:
(1) implement Google AUthenticator integration in Nginx. I've looked
for something built-in, or some plugin, which would be fantastic. But
I've haven't found anything reliable yet.
(2) make sure that after Authentication is OK to make everything
transparent to & from the webapps behind the nginx instance. Is this
proxying? I'm pretty sure I need to pass some sort of variables, but is
there some setting that bundles up everything so it's fully transparent?
Are there any built-in ways -- and better yet, good tutorials! -- that
exist alrady for these? I doubt I've thought up anything new here, so
I'm hoping someone's already posted some know-how.
THanks a bunch for any help!
Thanks to everyone in advance!
I have a cron that runs the following:
mv $NGINX_ACCESS_LOG $ACCESS_LOG_DROPBOX/$LOG_FILENAME
kill -USR1 `cat $NGINX_PID`
My questions is during time between the mv and the kill, is there any log
writes that are being discarded or are they being stacked in memory and
dumped into the new access.log after it is recreated?
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250214,250214#msg-250214
Hello we are running nginx 1.2.7 with this in conf:
output_buffers 5 5m;
That works well, BUT if I reload server configuration with nginx -s reload
Memory consumptions for few hours(clients use long lived(few hours) tcp
connections). Is this behavior correct? Can we avoid this? We have to had as
twice much RAM to be able to restart nginx under load.
Sincerely Petr Holik
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,248163,248163#msg-248163
(Warning this is Linux only)
Hi all, the attached path adds support for unix socket in abstract namespace.
They are special sockets without filesystem correspondence (so you can use
them without thinking about permissions or in chroot). In netstat they are
reported with a '@' prefix.
For example (using uWSGI):
uwsgi -s @funnysock
unix 2 [ ACC ] STREAM LISTENING 23813 @funnysock
After applying the patch you can connect to it with
I hope it can be useful
Roberto De Ioris
I would like to use NGINX as a reverse proxy and pass https requests to a
back-end server without having to install certificates on the NGINX reverse
proxy because the backend servers are already set up to handle https
How would the configuration look like for this purpose?
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,234641,234641#msg-234641
How do I go about logging all of the headers client browser has sent in
Nginx? I also want to log response header. Note that I am using nginx as
After going through documentation, I understand that I can log a specific
header, but I want to log all of the headers.