From pluknet at nginx.com Wed Oct 2 16:17:57 2024 From: pluknet at nginx.com (Sergey Kandaurov) Date: Wed, 2 Oct 2024 20:17:57 +0400 Subject: nginx-1.27.2 Message-ID: <3A170064-E500-4A62-8A95-99F19327AFA6@nginx.com> Changes with nginx 1.27.2 02 Oct 2024 *) Feature: SSL certificates, secret keys, and CRLs are now cached on start or during reconfiguration. *) Feature: client certificate validation with OCSP in the stream module. *) Feature: OCSP stapling support in the stream module. *) Feature: the "proxy_pass_trailers" directive in the ngx_http_proxy_module. *) Feature: the "ssl_client_certificate" directive now supports certificates with auxiliary information. *) Change: now the "ssl_client_certificate" directive is not required for client SSL certificates verification. -- Sergey Kandaurov From xeioex at nginx.com Wed Oct 2 21:58:26 2024 From: xeioex at nginx.com (Dmitry Volyntsev) Date: Wed, 2 Oct 2024 14:58:26 -0700 Subject: njs-0.8.6 Message-ID: Hello, I'm glad to announce a new release of NGINX JavaScript module (njs). This release introduced the QuickJS engine support in nginx modules. Read more here: https://nginx.org/en/docs/njs/engine.html Notable new features: - QuickJS in nginx: : nginx.conf: : location /engine { :     js_engine qjs; :     js_content main.entry; : } : : main.js: : function entry(r) { :     let  m = new Map(); :     m.set(1, "QJS"); :     r.return(200, "Hello from " + m.get(1)); : } Learn more about njs: - Overview and introduction:       https://nginx.org/en/docs/njs/ - NGINX JavaScript in Your Web Server Configuration:       https://youtu.be/Jc_L6UffFOs - Extending NGINX with Custom Code:       https://youtu.be/0CVhq4AUU7M - Using node modules with njs:       https://nginx.org/en/docs/njs/node_modules.html - Writing njs code using TypeScript definition files:       https://nginx.org/en/docs/njs/typescript.html Feel free to try it and give us feedback on: - Github:       https://github.com/nginx/njs/issues Additional examples and howtos can be found here: - Github:       https://github.com/nginx/njs-examples Changes with njs 0.8.6                                            02 Oct 2024     nginx modules:     *) Feature: introduced QuickJS engine.     *) Feature: added optional nocache flag for js_set directive.        Thanks to Thomas P.     *) Feature: exposed capture group variables in HTTP module.        Thanks to Thomas P.     Core:     *) Feature: added Buffer module for QuickJS engine.     *) Bugfix: fixed handling of empty labelled statement in a function.     *) Bugfix: fixed Function constructor handling when called without        arguments.     *) Bugfix: fixed Buffer.prototype.writeInt8() and friends.     *) Bugfix: fixed Buffer.prototype.writeFloat() and friends.     *) Bugfix: fixed Buffer.prototype.lastIndexOf().     *) Bugfix: fixed Buffer.prototype.write().     *) Bugfix: fixed maybe-uninitialized warnings in error creation.     *) Bugfix: fixed 'ctx.codepoint' initialization in UTF-8 decoding.     *) Bugfix: fixed 'length' initialization in Array.prototype.pop().     *) Bugfix: fixed handling of encode arg in fs.readdir() and        fs.realpath(). From nmilas at noa.gr Tue Oct 15 13:33:05 2024 From: nmilas at noa.gr (Nikolaos Milas) Date: Tue, 15 Oct 2024 16:33:05 +0300 Subject: WordPress Website not rendered properly via nginx reverse proxy Message-ID: <27498e22-5b6c-472b-92b2-0fd93d959423@noa.gr> Hello, We are using nginx on a server as a reverse proxy and it works fine serving multiple websites. Now I am trying to reverse proxy another one, a WP website, in the same way, but it won't render correctly. I can only see the main page areas and only some text at some places, but most content, including images, is missing. What may be wrong? I have checked error logs but I don't see anything logged. Any suggestions will be most appreciated. In the config below, the original site (http://example.private.noa.gr) works without issues (it is rendered properly), but the proxied one (https://example.noa.gr) does not. Here is the config: =========================================================== server {     listen       80;     listen       [::]:80;     server_name  example.noa.gr;     return 301 https://example.noa.gr/$request_uri;     access_log  /var/log/example_http_access_log main;     error_log /var/log/example_http_error_log warn; } server {     listen       443 ssl;     listen       [::]:443 ssl;     server_name  example.noa.gr;     allow 127.0.0.1;     allow ::1;     allow 10.10.0.0/16;     deny all;     ssl_certificate /etc/pki/tls/certs/star_noa_gr_cert-current.crt;     ssl_certificate_key /etc/pki/tls/private/star_noa_gr-1243437.key;     access_log  /var/log/example_https_access_log main;     error_log /var/log/example_https_error_log warn;     client_max_body_size 50M;     location / {         proxy_pass http://example.private.noa.gr:80/;         proxy_set_header Host example.private.noa.gr;         proxy_set_header X-Forwarded-Host   $http_host;         proxy_set_header X-Forwarded-Server $http_host;         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;         proxy_set_header X-Forwarded-Proto  $scheme;         proxy_set_header X-Real-IP          $remote_addr;         proxy_buffer_size                   16k;         proxy_max_temp_file_size            2048m;         proxy_buffers                       8 16k;     } } =========================================================== (Note: the buffer directives were added to avoid the "an upstream response is buffered to a temporary file" error.) Thanks in advance. Best regards, Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4466 bytes Desc: S/MIME Cryptographic Signature URL: From nginx-4dk5spqe at compilenix.org Tue Oct 15 14:11:57 2024 From: nginx-4dk5spqe at compilenix.org (Kevin Weis) Date: Tue, 15 Oct 2024 16:11:57 +0200 Subject: WordPress Website not rendered properly via nginx reverse proxy In-Reply-To: <27498e22-5b6c-472b-92b2-0fd93d959423@noa.gr> References: <27498e22-5b6c-472b-92b2-0fd93d959423@noa.gr> Message-ID: Hi Nick, have you tried to remove the trailing slash from the upstream url? Turning: "proxy_pass http://example.private.noa.gr:80/;" info: "proxy_pass http://example.private.noa.gr:80;" If this resloves your issue, you can find the details in the docs here: https://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass -- Best regards Kevin Weis Pronouns: he / him https://compilenix.org From nmilas at noa.gr Tue Oct 15 21:19:30 2024 From: nmilas at noa.gr (Nikolaos Milas) Date: Wed, 16 Oct 2024 00:19:30 +0300 Subject: WordPress Website not rendered properly via nginx reverse proxy In-Reply-To: References: <27498e22-5b6c-472b-92b2-0fd93d959423@noa.gr> Message-ID: On 15/10/2024 5:11 μ.μ., Kevin Weis via nginx wrote: > have you tried to remove the trailing slash from the upstream url? Hi Kevin, Thanks for the hint. I tried that but no, removing the trailing slash did not change anything. Any other hints will be welcome! Thanks again, Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4466 bytes Desc: S/MIME Cryptographic Signature URL: From nmilas at noa.gr Tue Oct 15 22:06:35 2024 From: nmilas at noa.gr (Nikolaos Milas) Date: Wed, 16 Oct 2024 01:06:35 +0300 Subject: WordPress Website not rendered properly via nginx reverse proxy In-Reply-To: References: <27498e22-5b6c-472b-92b2-0fd93d959423@noa.gr> Message-ID: <208f5132-6ec5-40f4-9053-4bdd79461b7d@noa.gr> On 16/10/2024 12:19 π.μ., Nikolaos Milas via nginx wrote: > ... > I tried that but no, removing the trailing slash did not change anything. > ... I found that the problem is that, as the proxied page is rendered over SSL, browsers are auto-blocking parts of the page as non-secure. This is due, I guess, to the fact that multiple page items are probably hardcoded as http rather than as https links or as absolute rather than as relative paths (images etc). I'll have to ask the developer to check the app throughout. Sorry for the fuss. All the best, Nick -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4466 bytes Desc: S/MIME Cryptographic Signature URL: From r1ch+nginx at teamliquid.net Tue Oct 15 22:53:43 2024 From: r1ch+nginx at teamliquid.net (Richard Stanway) Date: Wed, 16 Oct 2024 00:53:43 +0200 Subject: WordPress Website not rendered properly via nginx reverse proxy In-Reply-To: <208f5132-6ec5-40f4-9053-4bdd79461b7d@noa.gr> References: <27498e22-5b6c-472b-92b2-0fd93d959423@noa.gr> <208f5132-6ec5-40f4-9053-4bdd79461b7d@noa.gr> Message-ID: You could consider adding a CSP header to cause clients to automatically fetch those resources over HTTPS: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/upgrade-insecure-requests On Wed, 16 Oct 2024 at 00:06, Nikolaos Milas via nginx wrote: > On 16/10/2024 12:19 π.μ., Nikolaos Milas via nginx wrote: > > > ... > > I tried that but no, removing the trailing slash did not change anything. > > ... > > I found that the problem is that, as the proxied page is rendered over > SSL, browsers are auto-blocking parts of the page as non-secure. > > This is due, I guess, to the fact that multiple page items are probably > hardcoded as http rather than as https links or as absolute rather than > as relative paths (images etc). > > I'll have to ask the developer to check the app throughout. > > Sorry for the fuss. > > All the best, > Nick > > _______________________________________________ > nginx mailing list > nginx at nginx.org > https://mailman.nginx.org/mailman/listinfo/nginx > -------------- next part -------------- An HTML attachment was scrubbed... URL: