do not fail when ssl cert not present. (3 replies)

June 18, 2015, 2:24 pm

≫ Next: conditionally setting a cookie help (no replies)

≪ Previous: Trying to mirror nginx repository for centos6/7 (8 replies)

$

0

0

I tried to not fail the nginx server if ssl cert is not available.
However the directive is not even allowed inside a statement.

if (-f /var/www/x/etc/ssl.crt)
{
ssl_certificate /var/www/x/etc/ssl.crt;
ssl_certificate_key /var/www/x/etc/ssl.key;
}


Also i do not believe its proper to fail the entire server if one
server block fails.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

---

conditionally setting a cookie help (no replies)

June 18, 2015, 8:32 am

≫ Next: Fwd: How can i have multiple nginx plus servers route to the same app servers with sticky sessions on? (1 reply)

≪ Previous: do not fail when ssl cert not present. (3 replies)

$

0

0

Hi All,

I'm having trouble setting a cookie conditionally based upon
an upstream variable The hope is to cache an auth token in an
encrypted session and only go to the backend auth token generator once.

I have something like this but it seems set-cookie happens no matter what,
so I alternate between 'my_login=1848430=' and 'my_login='.

location = /auth {
set_decode_base32 $b32 $cookie_my_login;
set_decrypt_session $auth_tok $b32;

if ($auth_tok != '') {
return 200;
}

include fastcgi_params;
fastcgi_pass unix:/tmp/fcgi_auth_tok_gen.sock;
}

location / {
root /var/www;
index index.html index.htm;

auth_request /auth;
auth_request_set $new_auth_tok $upstream_http_auth_tok;

if ($new_auth_tok != false) {
set_encrypt_session $enc_auth_tok $new_auth_tok;
set_encode_base32 $b32 $enc_auth_tok;
add_header Set-Cookie 'my_login=$b32';
}
}

Ideas?
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Fwd: How can i have multiple nginx plus servers route to the same app servers with sticky sessions on? (1 reply)

June 18, 2015, 11:12 am

≫ Next: Nginx is killing my threads (no replies)

≪ Previous: conditionally setting a cookie help (no replies)

$

0

0

I have multiple nginx instances behind an AWS elastic load balancer. In the
nginx config files, I am using ip_hash to force sticky sessions when
connecting upstream. Is there a way to sync the route tables between the
multiple nginx servers, so that no matter which nginx server handles the
request, the traffic is sent to the same backend application server.

When I first set this scenario up, I had no problems. But after heavy
testing with multiple clients from different parts of the world, I was able
to verify that the multiple nginx servers were not choosing the same
backend application servers to route to.

I attached a drawing that explains the architecture visually.

Matt
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Nginx is killing my threads (no replies)

June 18, 2015, 10:25 am

≫ Next: Trouble with stream directive (2 replies)

≪ Previous: Fwd: How can i have multiple nginx plus servers route to the same app servers with sticky sessions on? (1 reply)

$

0

0

I have an application in C++ we originally made for Windows using Microsoft's http lib, that I have ported to be cross-platform using nginx. To keep it working mostly the same (rewriting as little as possible), I made it as a lib that gets loaded by a module I made for nginx that communicates with it via a C interface with simple functions (startup, shutdown, callEndpoint). It works for any calls that don't depend on threads, but anything that depends on the worker threads that we create (not using nginx's apis) doesn't work. When I attach to either of the nginx processes with gdb and do `info threads`, I only see one thread each.

I set our function that loads the lib, then calls startup(), which launches these worker threads, as the "init module" function. The handle for the lib remains so many of the calls work just fine. But the threads are gone, so anything that depends on these worker threads doesn't function (it freezes actually). Is there a way to let my module start threads without having to use nginx's api or otherwise drastically change my architecture?

Trouble with stream directive (2 replies)

June 19, 2015, 3:45 am

≫ Next: Server info in SSL handshake? (1 reply)

≪ Previous: Nginx is killing my threads (no replies)

$

0

0

I'm trying to test the TCP load balancing function in 1.9.2, but am having some problems getting a very basic configuration working. TIA

ubuntu@dev:~$ cat /etc/nginx/stream.d/test.conf
stream {

server {
listen 12345;
proxy_pass mybackend:12345;
}
}
ubuntu@dev:~$ sudo nginx -t
nginx: [emerg] "stream" directive is not allowed here in /etc/nginx/stream.d/test.conf:1
nginx: configuration file /etc/nginx/nginx.conf test failed


ubuntu@dev:~$ nginx -V
nginx version: nginx/1.9.2
built by gcc 4.8.2 (Ubuntu 4.8.2-19ubuntu1)
built with OpenSSL 1.0.1f 6 Jan 2014
TLS SNI support enabled
configure arguments: --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --pid-path=/var/run/nginx.pid --lock-path=/var/run/nginx.lock --http-client-body-temp-path=/var/cache/nginx/client_temp --http-proxy-temp-path=/var/cache/nginx/proxy_temp --http-fastcgi-temp-path=/var/cache/nginx/fastcgi_temp --http-uwsgi-temp-path=/var/cache/nginx/uwsgi_temp --http-scgi-temp-path=/var/cache/nginx/scgi_temp --user=nginx --group=nginx --with-http_ssl_module --with-http_realip_module --with-http_addition_module --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_stub_status_module --with-http_auth_request_module --with-threads --with-stream --with-stream_ssl_module --with-mail --with-mail_ssl_module --with-file-aio --with-http_spdy_module --with-cc-opt='-g -O2 -fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,--as-needed' --with-ipv6

Server info in SSL handshake? (1 reply)

June 19, 2015, 6:12 am

≫ Next: set_encrypt_session after access phase? (no replies)

≪ Previous: Trouble with stream directive (2 replies)

$

0

0

Hi, today I was watching traffic on port 443 for other reasons
and I saw a line go by that had unusual information, looking
a little bit like server info headers (I saw "nginx" and the version
number and a couple other info I think maybe "REMOTE_ADDR"
or something like it). Its port 443 so it surprised me -- does
some server info leak out during the SSL handshake?

I saw it at least twice but now it isn't coming back and I wasn't
able to capture it. :(

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

set_encrypt_session after access phase? (no replies)

June 19, 2015, 7:22 am

≫ Next: Nginx URL Fallback setup with internal redirection in reverse-proxy settings (1 reply)

≪ Previous: Server info in SSL handshake? (1 reply)

$

0

0

On Thu, Jun 18, 2015 at 11:29 AM, Vader Mader <vader8765@gmail.com> wrote:
>
> I'm having trouble setting a cookie conditionally based upon
> an upstream variable The hope is to cache an auth token in an
> encrypted session and only go to the backend auth token generator once.


I managed to figure out how to use map to set the cookie:

map $new_auth_tok $cond_cookie_k {
'' '';
default "my_login=";
}

map $new_auth_tok $cond_cookie_v {
'' '';
default $b32_session;
}

add_header Set-Cookie $cond_cookie_k$cond_cookie_v;

However, my problem is that set_encrypt_session actually runs in the
rewrite phase before my authentication back end like this:

location / {
root /var/www;
index index.html index.htm;

set_encrypt_session $enc_auth_tok $new_auth_tok;
set_encode_base32 $b32 $enc_auth_tok;

auth_request /auth;
auth_request_set $new_auth_tok $upstream_http_auth_tok;

add_header Set-Cookie $cond_cookie_k$cond_cookie_v;
}

Is there any way to encrypt after the access phase?

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Nginx URL Fallback setup with internal redirection in reverse-proxy settings (1 reply)

June 19, 2015, 12:54 pm

≫ Next: [ANNOUNCE] nginx-http-stub-requests (no replies)

≪ Previous: set_encrypt_session after access phase? (no replies)

$

0

0

Hi
List Members Gurus

I have installed and configured a virtual
host using NGINX in Ubuntu 14.04 Now I want to add couple of
functionalities like--

Set up Nginx config so that any URL address which is not found, goes
to a fallback path with internal redirection (NO change or redirection
in browser URL).

Assuming the following:
Fallback path needed for configuration:
http://myvirtualhost/fallback_directory/fallbackhandler.php
Anything typed after http://localhost when not found, should hit the
fallback path (internal redirection, meaning NO change or redirection
in browser address bar). The
fallback path is given above
(http://app_servers/fallback_directory/fallbackhandler.php) which
needs to be setup in Nginx config.

For example, when i visits www.test.com/not_existing_directory/ and
not_existing_directory doesn't exist, it should hit the fallback path
while still retaining www.test.com/not_existing_directory/ in browser
address bar.

Please point me to NGINX resources and a steps that will be required
so that I can grasp NGINX quickly to do the above task.

Thanks in advance
Ashish

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

---

[ANNOUNCE] nginx-http-stub-requests (no replies)

June 19, 2015, 11:29 pm

≫ Next: Request limit calculation (no replies)

≪ Previous: Nginx URL Fallback setup with internal redirection in reverse-proxy settings (1 reply)

$

0

0

Hi all,

I'm pleased to announce a new module called stub-requests.

It allows you to see a table of all the currently running requests including duration, ip, uri and more.

The source, install instructions and an example can be found on: https://github.com/atomx/nginx-http-stub-requests

Cheers,
Erik

Request limit calculation (no replies)

June 19, 2015, 11:48 pm

≫ Next: Nginx not logging to socket. (no replies)

≪ Previous: [ANNOUNCE] nginx-http-stub-requests (no replies)

$

0

0

Hello, I'm John and I'm a nginx noob.
I was wondering how the request limit reach is calculated when using limit_req_zone and limit_req.My problem is that, in development, I'm not concatenating static files such as .js and .css files. And so the browser does about 27 requests when the first page is loaded. I've set up a rate of 50r/s, but out of 27, about 18 requests receive a 503 response and I don't understand why, since the rate isn't exceeded.
My config looks something like this. I have a link to this from the sites-enabled folder.
limit_req_zone $binary_remote_addr zone=one:10m rate=50r/s;
server {    listen 443 ssl;        ssl_certificate ...;    ssl_certificate_key ...;    server_name localhost;       server_tokens off;         gzip_types *;    root ...;
    limit_req zone=one;
    location = / {                        index index.html;    }
    location = /index.html {        ...    }
    location / {        ...    }}   
If I use limit_req_zone $binary_remote_addr zone=one:10m rate=10r/s;with limit_req zone=one burst=50 nodelay;
it works OK.
I was wondering why I would have to specify a burst in order for this to work.
Thank you!
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Nginx not logging to socket. (no replies)

June 21, 2015, 5:20 am

≫ Next: Understanding alias (used as rewrite) (2 replies)

≪ Previous: Request limit calculation (no replies)

$

0

0

Hallo!

Using rsyslog I have set up a logging socket and confirmed that its working
by piping in some stuff to "logger -u /dev/log"
nginx/1.8.0 does not seem to be dumping in logs however. The nginx config
is below..

I'm probably doing something dumb. This is the first time I set this up.

Cheers,

Andrew

# For more information on configuration, see:

# * Official English Documentation: http://nginx.org/en/docs/

# * Official Russian Documentation: http://nginx.org/ru/docs/


user nginx;

worker_processes 4;

#error_log /var/log/nginx/error.log debug;

error_log syslog:server=unix:/dev/log debug;

pid /run/nginx.pid;


events {

worker_connections 1024;

}


http {


# Log to Rsyslog socket


log_format syslog '$remote_addr $host:$server_port "$request" $status
$body_bytes_sent "$http_referer" "$http_user_agent"';

access_log syslog:server=unix:/dev/log syslog;


# log_format main '$remote_addr - $remote_user [$time_local]
"$request" '

# '$status $body_bytes_sent "$http_referer" '

# '"$http_user_agent" "$http_x_forwarded_for"';

#

# access_log /var/log/nginx/access.log main;


sendfile on;

tcp_nopush on;

tcp_nodelay on;

keepalive_timeout 65;

types_hash_max_size 2048;


include /etc/nginx/mime.types;

default_type application/octet-stream;


# Load modular configuration files from the /etc/nginx/conf.d directory..

# See http://nginx.org/en/docs/ngx_core_module.html#include

# for more information.

include /etc/nginx/conf.d/*.conf;


}





--
Otter Networks UG
http://otternetworks.de
fon: +49 30 54 88 5197
Gotenstraße 17
10829 Berlin



--
Otter Networks UG
http://otternetworks.de
fon: +49 30 54 88 5197
Gotenstraße 17
10829 Berlin
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Understanding alias (used as rewrite) (2 replies)

June 22, 2015, 1:34 pm

≫ Next: PCRE (2 replies)

≪ Previous: Nginx not logging to socket. (no replies)

$

0

0

Hi, I'm confused about the details of "alias" used as
a kind of rewrite (which should be more efficient as
I understand it, as long as its appropriately used).

I found I can do this:

location = /path/number/one.html {
alias /some/other/path/script.php;
include fastcgi.conf;
}

So I was confucsed why this not working:

location ^~ /my-long-prefix-goes-here {
alias /another/different/path/anotherscript.php;
include fastcgi.conf;
}

In other words, alias of exact location match does
a cheap "rewrite" perfectly. But now I want to match
addresses like:

/my-long-prefix-goes-here
/my-long-prefix-goes-herexxx
/my-long-prefix-goes-here/
/my-long-prefix-goes-here/filename

Only the first one works, the others are 404. Is
Nginx adding the tail end of the matched prefix
to the aliased location? I tried to make my alias:

alias /another/different/path/anotehrscript.php?;

so the stuff on the end turns into a query arg which
php can ignore. But that didn't work.

I also tried to use regex to match the location:

location ~ ^/my-long-prefix-goes-here {

But now NONE of the addresses work - even the
exact match is 404. Why??

I found this was the only way to make it work:

root /another/different/path;
rewrite ^(.*)$ /anotehrscript.php break;

In this situation is rewrite the only solution?

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

PCRE (2 replies)

June 22, 2015, 4:01 pm

≫ Next: Static Content on Different Server Isn't Loaded?? (no replies)

≪ Previous: Understanding alias (used as rewrite) (2 replies)

$

0

0

Hi Experts,

I am working on NGINX-1.6.3 version. Installation is successful using latest pcre, pcre-devel packages too..

While accessing the service, static contents were not loaded.
As suggested in google, I tried configuring as below where the static contents are available @ "http://livetests123/livetest/WEB-INF/classes/static/"

server {
listen 80;
server_name livetest.corp.com;

location ~"*\.(js|jpg|png|css)$" {
root http://livetests123/livetest/;
expires 30d;
}

location /{
proxy_pass http://livetest123/livetest/login/;
}
}

On the first step while starting Nginx, I could see below message about PCRE
nginx: [emerg] using regex ""*\.(js|jpg|png|css)$"" requires PCRE library

I have confirmed again with yum install PCRE that the "latest version is already installed and nothing to do" message in return.

Pls. assist for the below queries:

(1) How to fix the issue - nginx: [emerg] using regex ""*\.(js|jpg|png|css)$"" requires PCRE library
(2) Post which, how to configure in achievint static content available @ "http://livetests123/livetest/WEB-INF/classes/static/"?


Best regards,
Maddy

Static Content on Different Server Isn't Loaded?? (no replies)

June 22, 2015, 5:35 am

≫ Next: NTLM or HTTP Digest authentication to Parent proxy (no replies)

≪ Previous: PCRE (2 replies)

$

0

0

Hi Team,

I have static content available on the remote server (say NODE 02) and PATH: ../livetest/WEB-INF/static/classes/
under which I have /image, /js, /styles folders

I have installed nginx-1.8.0 on server (Say Node 01).

While accessing the application, the static contents are not getting loaded.

Pls. suggest?

I tried below option:

location ~*\.(js|jpg|png|css)$ {
root /WEB-INF/classes/static/;
http://<DNS_NODE_02>/livetest/WEB-INF/classes/static/classes;
expires 30d;
}


The resultant in access.log shows that the path is weird

/var/gvp/Nginx/nginx-1.8.0/http://<DNS_NODE_02>/livetest/WEB-INF/classes/static/classes/livetest/....


Best regards,
Maddy

NTLM or HTTP Digest authentication to Parent proxy (no replies)

June 22, 2015, 4:02 pm

≫ Next: solaris use eventport proxy upstream bug (no replies)

≪ Previous: Static Content on Different Server Isn't Loaded?? (no replies)

$

0

0

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

---

solaris use eventport proxy upstream bug (no replies)

June 22, 2015, 11:06 pm

≫ Next: High load due to reload (no replies)

≪ Previous: NTLM or HTTP Digest authentication to Parent proxy (no replies)

$

0

0

environment: solaris11 + http proxy + upstream + keepalive + method get

first request ok

second request will hangup,after eventport del event
there is no event add NGX_READ_EVENT or NGX_WRITE_EVENT
here is my patch

--- ngx_event_connect.c.src 2015-06-23 12:00:49.232424329 +0800
+++ ngx_event_connect.c 2015-06-23 12:01:17.644539000 +0800
@@ -24,6 +24,11 @@

rc = pc->get(pc, pc->data);
if (rc != NGX_OK) {
+ c = pc->connection;
+ rev = c->read;
+ wev = c->write;
+ rc = -1;
+ goto register_event;
return rc;
}

@@ -195,6 +200,8 @@
return NGX_OK;
}

+register_event:
+
if (ngx_event_flags & NGX_USE_CLEAR_EVENT) {




Sorry for my poor English

High load due to reload (no replies)

June 23, 2015, 2:16 am

≫ Next: when work processor will auto restart? (1 reply)

≪ Previous: solaris use eventport proxy upstream bug (no replies)

$

0

0

Hi guys,



I have a small problem with a nginx system that acts as a loadbalancing
proxy. We do have lots of vhosts and ssl certificates and each time we do a
/etc/init.d/nginx reload, the load of our server goes up to 20 due to
swapping.

Is there any other way to reload nginx to get aware of ssl or vhost changes
without getting high loads?



Jürgen



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

when work processor will auto restart? (1 reply)

June 23, 2015, 6:16 am

≫ Next: SSL on/off on same port and IP (no replies)

≪ Previous: High load due to reload (no replies)

$

0

0

Hi,



I found that sometimes the nginx work processor will auto restart with no
reload/restart command executed.

When the nginx run some days, found that the pid of work processor changed
but maser pid not changed.

I want to know when nginx will auto restart the work processor?





Best regards

Smith



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

SSL on/off on same port and IP (no replies)

June 23, 2015, 7:52 am

≫ Next: Nginx and Apach2 (1 reply)

≪ Previous: when work processor will auto restart? (1 reply)

$

0

0

Hi,

consider the following very simple nginx config:
http {
server {
listen 127.0.0.1:123;
server_name abc;
}
server {
listen 127.0.0.1:123 ssl;
server_name xyz;
ssl_certificate...;
}
}

In words:
I instruct nginx to listen on the same port and IP, one time without
ssl, one time with ssl. IMHO this is a broken config, however nginx
accepts it.

What would you say? Should nginx reject such a config? Right now you
only get an error at request time.

It gets even worse, if the 2nd server is configured with the ssl
directive instead of "listen ssl":
server {
listen 127.0.0.1:123;
server_name xyz;
ssl on;
ssl_certificate...;
}

In that case you don't even see an error in the logs anymore and clients
can't connect via https anymore.

Cheers, Ingo =;->

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Nginx and Apach2 (1 reply)

June 23, 2015, 8:26 am

≫ Next: Convert Apache .htaccess rewrite to nginx (no replies)

≪ Previous: SSL on/off on same port and IP (no replies)

$

0

0

I have nginx and apache2 in the same Ubuntu Server 14.04 and i want to use nginx as proxy server. My idea is when people write www.mysite.com, nginx redirect to apache and i can do that, but the problem is that apache is in port 81 and when nginx redirect, the url show www.mysite.com:81/mysite. I just want people to see www.mysite.com, without :81/mysite.

Tanks,
Sérgio Marques