Hi guys
a novice here so go easy on me with this question:
having multiple 'listen' with IPs or, just one 'listen' with a hostname
which resolves to more than one IP - is it possible to tell Nginx not
fail when one of IPs is absent, does not exist?
many thanks, L.
Hello,
Is there a way to log individual websocket messages going through a nginx
server setup to proxy websocket as explained here
https://nginx.org/en/docs/http/websocket.html ?
-Chinmay
I had a wordpress blog and was working on Apache. I migrated the blog to
Nginx + php-fpm. But i have a problem with this.
My blog has RSS with example.com/feed URL , and i could see the feeds with
paged like this example -> http://www.kodcu.com/feed/?paged=45.
But in Nginx, this paged RSS urls dont work with my config. /feed and
/feed/?paged=X URLs shows top 10 content.
My nginx.conf same as below. How can i handle this problem?
user root root;
worker_processes 2;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 2;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
error_log /var/log/nginx/error.log;
access_log off;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/html text/plain text/css application/json
application/x-javascript text/xml application/xml application/xml+rss
text/javascript;
##
# Virtual Host Configs
##
index index.php index.html index.htm;
## See here: http://wiki.nginx.org/WordPress
server {
server_name example.comwww.example.com;
root /var/www/example.com;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location / {
# This is cool because no php is touched for static content
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
}
}
Posted at Nginx Forum: http://forum.nginx.org/read.php?2,238692,238692#msg-238692
Hi,
I am running the nginx version: nginx/1.20.2 as a reverse proxy server on
CentOS Linux release 7.9.2009 (Core). Is there a way to purge the cache
without restarting the nginx server? I am reading a blog which says to use
nginx bypass purge cache method instead of manually purging Nginx cache
using the below method.
$sudo rm -rf /var/cache/nginx/*
Please let me know the best recommended way to purge cache. Thanks in
advance. I look forward to hearing from you.
Best Regards,
Kaushal
Dear,
I have a reverse-proxy in front of my two servers: web (apache2) and
email (nginx-iredmail).
The proxy-reverse is perfectly working with my web server running
Apache2, but I am not able to make it working for my email server.
The reverse-proxy and the email server are both running with the same
version of Nginx (1.9).
I have tried many configs without any success.
My last one:
***********************************************************************
server {
listen 446;
server_name email.domain.ltd;
location / {
proxy_pass https://email_server_ip:446;
proxy_ssl_certificate /etc/ssl/certs/cert.chained.crt;
proxy_ssl_certificate_key /etc/ssl/private/private.key;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_trusted_certificate /etc/ssl/certs/cert.chained.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
error_log /var/log/nginx/error-proxy.log;
access_log /var/log/nginx/access-proxy.log;
}
}
Can I please have some help ??
Thx
--
Cordialement,
Thierry e-mail : lenaigst(a)maelenn.org
PGP Key: 0xB7E3B9CD
Inside nginx blog: "Managing request headers" , there is a method:
search_headers_in which can search for arbitrary headers, however this
method use ngx_strcasecmp( "ngx_strcasecmp(u_char *s1, u_char *s2)") which
assume the input s1 must be '\0' terminated.
so inside the code below, this function may get wrong result , beause name
is not '\0\ terminated.
"
if (len != h[i].key.len || ngx_strcasecmp(name, h[i].key.data) != 0) {
/* This header doesn't match. */
continue;
}
"
the right way use "search_headers_in" is:
ngx_strsearch_header2;
ngx_str_t search_header=ngx_string("to_be_searched");
search_header2.data=ngx_pnlloc(search_header.len+1);
search_header2.len=search_header.len;
search_headers_in(r, search_header2.data, search_header2.len);
==========================
static ngx_table_elt_t *
search_headers_in(ngx_http_request_t *r, u_char *name, size_t len) {
ngx_list_part_t *part;
ngx_table_elt_t *h;
ngx_uint_t i;
/*
Get the first part of the list. There is usual only one part.
*/
part = &r->headers_in.headers.part;
h = part->elts;
/*
Headers list array may consist of more than one part,
so loop through all of it
*/
for (i = 0; /* void */ ; i++) {
if (i >= part->nelts) {
if (part->next == NULL) {
/* The last part, search is done. */
break;
}
part = part->next;
h = part->elts;
i = 0;
}
/*
Just compare the lengths and then the names case insensitively.
*/
if (len != h[i].key.len || ngx_strcasecmp(name, h[i].key.data) != 0)
{
/* This header doesn't match. */
continue;
}
/*
Ta-da, we got one!
Note, we'v stop the search at the first matched header
while more then one header may fit.
*/
return &h[i];
}
/*
No headers was found
*/
return NULL;
}
=============================
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,293970,293970#msg-293970
Hi Everyone,
I'm examining a webapp which had a scan looking for security related
errata and vulnerabilities. The app is hosted on Google Cloud (GPC)
and the webserver is Nginx. Only the app was scanned. GPC and Nginx
were not scanned.
The scan produced an interesting finding I have not seen before. The
finding is, a HTTP Request using a fake Host: header produces a DNS
lookup. I think the concern is a DNS amplification attack (or maybe
just some extra traffic).
I think this is how the errata or attack works. Below, theHost: header
is different from the hostname at the TLS layer.
echo -e "GET / HTTP/1.1\r\nHost:www.fake-example.com\r\n\r\n" | \
openssl s_client -connect www.example.com:443 -servername www.example.com
My question is, is Nginx expected to perform a lookup for www.fake-example.com?
(At this point I have not ruled out GPC doing the DNS lookup. Nginx
has a public mailing list, so it is easier to start here than trying
to use Google {non-}support).
Jeff
Hi guys,
for security problems on my server, I should create a reverse proxy that
allows only those who use the dns provided by me to be able to pass.
practically I make a list with the incoming dns and I pass only those to my
main server behind the reverse.
is it possible to do this?
thank you all
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,293951,293951#msg-293951
Hello,
I am using nginx/1.16.1 on CentOS Linux 7. I am using map directive for
managing a large number of redirects from one server to another server :
map $request_uri $new_uri {
include /etc/nginx/conf/redirect.map;
include /etc/nginx/conf/documentation.map;
}
In /etc/nginx/conf/documentation.map, I have 1200 redirections like those
below (the first one works, the second one doesn't).
'/Documentation/Security.html#External'
'https://support.communigate.com/en/guides/communigate-pro-manual/system-adm…';
'/Documentation/Helpers.html#AppHelpers'
'https://support.communigate.com/en/guides/communigate-pro-manual/applicatio…;'
If I try to use
https://communigate.com/documentation/Helpers.html#AppHelpers (first
redirection), I have "page not found (404)" and the logs are :
162.158.50.134 - - [12/Apr/2022:07:48:17 +0000] "GET
/documentation//Helpers.html HTTP/2.0" 301 0 "-" "Mozilla/5.0 (X11; Linux
x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75
Safari/537.36"
162.158.50.134 - - [12/Apr/2022:07:48:17 +0000] "GET
/documentation/Helpers.html HTTP/2.0" 404 45842 "-" "Mozilla/5.0 (X11; Linux
x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75
Safari/537.36"
If I try to use
https://communigate.com/documentation//Security.html#External (second
redirection), I have the page and the logs are :
141.101.68.139 - - [12/Apr/2022:07:50:26 +0000] "GET
/documentation//Security.html HTTP/2.0" 301 0 "-" "Mozilla/5.0 (X11; Linux
x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75
Safari/537.36"
141.101.68.139 - - [12/Apr/2022:07:50:26 +0000] "GET
/documentation/Security.html HTTP/2.0" 301 162 "-" "Mozilla/5.0 (X11; Linux
x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4896.75
Safari/537.36"
If I try to access from my nginx server to the destination URL
https://support.communigate.com/en/guides/communigate-pro-manual/system-adm…
or
I have tested there is no synthax error in my configuration file with :
# nginx -c /etc/nginx/nginx.conf -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
I also tried systemctl reload/restart nginx without results.
Do you know how can I debug that ? Is there a way to check what are the
requests done to destination host by my nginx server ?
Thanks in advance for your help.
Gilles
Posted at Nginx Forum: https://forum.nginx.org/read.php?2,293930,293930#msg-293930
Hi Scott,
hope you're doing well.
The error_log directive is documented well [1].
There's no format of error messages.
While I'm here I'd recommend to keep 72 characters per line, that helps
a lot to read emails, thank you.
References:
[1] https://nginx.org/en/docs/ngx_core_module.html#error_log
--
Sergey A. Osokin
In-Reply-To: <MW3PR12MB44274FA60D2AB99FB5860213F4ED9(a)MW3PR12MB4427.namprd12.prod.outlook.com>
On Tue, Apr 12, 2022 at 03:29:57PM +0000, Scott Snow wrote:
> Is there documentation for the format of error messages nginx posted to error_log?
> Specifically, following the level in square brackets are two numbers separated by '#'; what do these represent?
> For instance, the message on the page Advanced Configuration with Snippets | NGINX Ingress Controller<https://docs.nginx.com/nginx-ingress-controller/configuration/ingress-resou…> begins with "[emerg] 31:31:"
> Why I'm asking is for purposes of documentation; a system using nginx routes these messages to syslog; the design document for the module responsible for publishing the messages gives the format and examples. The example for nginx errors begins:
> <131>Oct 24 18:17:47 imx7d-zoll-resus nginx: 2018/10/24 18:17:47 [error] 3105#0: *11 connect() failed (111: Connection refused) while connecting ...
>
> We have a format and examples for each of syslog-ng, gunicorn access, gunicorn error, and nginx access.