How to Edit/Delete own posted reply or topic (2 replies)

April 12, 2017, 6:45 am

≫ Next: Unable to resolve the "Access-Control-Allow-Origin" issue (4 replies)

≪ Previous: Multiple "channels" on forwarded port (with a ssh-reverse-tunnel behind) (1 reply)

$

0

0

Hi,

I need to edit one reply to a topic in this list and need to know how to perform it. I cannot see any edit or delete button.

I have been using stackoverflow where edits and delete is allowed to the users.

---

Unable to resolve the "Access-Control-Allow-Origin" issue (4 replies)

April 12, 2017, 2:54 pm

≫ Next: nginx-1.12.0 (no replies)

≪ Previous: How to Edit/Delete own posted reply or topic (2 replies)

$

0

0

Hi All.

We are facing the following issue :

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the
remote resource at https://1.2.3.4/. (Reason: CORS header 'Access-Control-
Allow-Origin' missing).

Have tried everything I could find on the google, but nothing works
(whatever I do in /etc/nginx/sites-available/default)


So, first question first, is it even possible to solve this issue on the
version, as per the information below ::

########################################################
nginx -V
nginx version: nginx/1.4.6 (Ubuntu)
built by gcc 4.8.4 (Ubuntu 4.8.4-2ubuntu1~14.04.3)
TLS SNI support enabled
configure arguments: --with-cc-opt='-g -O2 -fstack-protector
--param=ssp-buffer-size=4 -Wformat -Werror=format-security
-D_FORTIFY_SOURCE=2' --with-ld-opt='-Wl,-Bsymbolic-functions -Wl,-z,relro'
--prefix=/usr/share/nginx --conf-path=/etc/nginx/nginx.conf
--http-log-path=/var/log/nginx/access.log
--error-log-path=/var/log/nginx/error.log --lock-path=/var/lock/nginx.lock
--pid-path=/run/nginx.pid --http-client-body-temp-path=/var/lib/nginx/body
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi
--http-proxy-temp-path=/var/lib/nginx/proxy
--http-scgi-temp-path=/var/lib/nginx/scgi
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi --with-debug --with-pcre-jit
--with-ipv6 --with-http_ssl_module --with-http_stub_status_module
--with-http_realip_module --with-http_addition_module
--with-http_dav_module --with-http_flv_module --with-http_geoip_module
--with-http_gzip_static_module --with-http_image_filter_module
--with-http_mp4_module --with-http_perl_module
--with-http_random_index_module --with-http_secure_link_module
--with-http_spdy_module --with-http_sub_module --with-http_xslt_module
--with-mail --with-mail_ssl_module
--add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/headers-more-nginx-module
--add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-auth-pam
--add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-cache-purge
--add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-dav-ext-module
--add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-development-kit
--add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-echo
--add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/ngx-fancyindex
--add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-http-push
--add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-lua
--add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-upload-progress
--add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/nginx-upstream-fair
--add-module=/build/nginx-9sG_hy/nginx-1.4.6/debian/modules/ngx_http_substitutions_filter_module
##########################################################



Thanks and Regards,
Ajay
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx-1.12.0 (no replies)

April 12, 2017, 8:20 am

≫ Next: Re: [nginx-announce] nginx-1.12.0 (no replies)

≪ Previous: Unable to resolve the "Access-Control-Allow-Origin" issue (4 replies)

$

0

0

Changes with nginx 1.12.0 12 Apr 2017

*) 1.12.x stable branch.


--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: [nginx-announce] nginx-1.12.0 (no replies)

April 12, 2017, 8:54 am

≫ Next: HTTP/2 on the Upstream (5 replies)

≪ Previous: nginx-1.12.0 (no replies)

$

0

0

Hello Nginx users,

Now available: Nginx 1.12.0 for Windows
https://kevinworthington.com/nginxwin1120
(32-bit and 64-bit versions)

These versions are to support legacy users who are already using Cygwin
based builds of Nginx. Officially supported native Windows binaries are at
nginx.org.

Announcements are also available here:
Twitter http://twitter.com/kworthington
Google+ https://plus.google.com/+KevinWorthington/

Thank you,
Kevin
--
Kevin Worthington
kworthington *@* (gmail] [dot} {com)
http://kevinworthington.com/
http://twitter.com/kworthington
https://plus.google.com/+KevinWorthington/
On Wed, Apr 12, 2017 at 11:19 AM, Maxim Dounin <mdounin@mdounin.ru> wrote:

> Changes with nginx 1.12.0 12 Apr
> 2017
>
> *) 1.12.x stable branch.
>
>
> --
> Maxim Dounin
> http://nginx.org/
> _______________________________________________
> nginx-announce mailing list
> nginx-announce@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-announce
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

HTTP/2 on the Upstream (5 replies)

April 12, 2017, 5:10 pm

≫ Next: Proxying UDP: Preserve proxy port during DTLS handshake (no replies)

≪ Previous: Re: [nginx-announce] nginx-1.12.0 (no replies)

$

0

0

According to https://www.nginx.com/blog/http2-module-nginx/#QandA nginx
only supports HTTP/2 on the client side, but it is possible to configure
proxy_pass to use HTTP/2.

There is a huge benefit in supporting HTTP/2 on the Upstream, as that
will allow the Upstream servers to perform HTTP/2 Push
(https://en.wikipedia.org/wiki/HTTP/2_Server_Push).

While nginx can not know which resources should be pushed on a dynamic
page, as dynamic pages can not be simply cached across different users,
the Upstream servers can know which resources should be pushed.

I really think that nginx should reconsider its position on this matter.

In the meantime, where can I find documentation on how to configure
proxy_pass to use HTTP/2?

Thank you,

Igal Sapir
Lucee Core Developer
Lucee.org http://lucee.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Proxying UDP: Preserve proxy port during DTLS handshake (no replies)

April 12, 2017, 12:53 pm

≫ Next: weight and balancing in upstream proxy (no replies)

≪ Previous: HTTP/2 on the Upstream (5 replies)

$

0

0

Hello everyone,

TL;DR: When proxying UDP packets through nginx, is there a way for nginx to preserve its initial source port for subsequent packets? This is to be used during a DTLS handshake.

Outlined version: This issue arose when proxying UDP packets, more specifically establishing an DTLS connection for CoAP message exchange. I came across two different threads with similar subjects (https://forum.nginx.org/read.php?2,273251,273251#msg-273251 and https://forum.nginx.org/read.php?2,271957,271957#msg-271957) from which I can guess that it is not (yet) supported out of the box.

Hence, I am only using nginx to proxy the CoAP's UDP packets between client and server. This works for unencrypted CoAP, but not for CoAP over DTLS because the handshake fails. This is because nginx uses (or may use?) different source ports for every udp packet it forwards. An easy way to examine this issue is to proxy a UDP netcat connection with nginx. First message from client to server is received but subsequent messages can only be sent from server to client because netcat "locks in" on the client port from which it received the first message. The port is constant on the client side, but nginx may use different ports when proxying the packets.

I managed to get the DTLS connection to work by using the proxy_bind directive of the proxy stream module with the values "127.0.0.1:$remote_port" respectively "127.0.0.1:$server_port". It works, but I am not happy with either of it. Reason against "127.0.0.1:$server_port": Two client requests may overlap and there would be no way for the server to tell them apart. Reason against "127.0.0.1:$remote_port": Even tough unlikely, it may happen that two clients decide to use the same port from their dynamic port range. Also in this case there would be no way of telling them both apart.

I know about the "proxy_bind address [transparent]" option of the proxy module, but I would consider using this the "nuclear option" since, according to the documentation, it requires the worker processes to run with superuser rights and reconfigure the kernel routing table.

So my conclusive question is: Does nginx provide a way to preserve its chosen dynamic port when forwarding udp packets?

Regards,
Sebastian

weight and balancing in upstream proxy (no replies)

April 12, 2017, 2:52 pm

≫ Next: nginScript filesystem access (no replies)

≪ Previous: Proxying UDP: Preserve proxy port during DTLS handshake (no replies)

$

0

0

Hi,

How does nginx balances traffic to upstream with different weight? If I
have 3 servers in upstream, with weight 1, 2, 4, assuming all are healthy,
will nginx send traffic to server 1, 2, 3, 2, 3, 3, 3 or 1, 2, 2, 3, 3, 3,
3? If I have two servers with both weight 50, will nginx will 50 requests
to server 1, and then 50 to server 2, or will it calculate the ration to be
1:1 and send one after another?

Thanks!
Frank
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginScript filesystem access (no replies)

April 13, 2017, 1:16 pm

≫ Next: auth_basic and satisfy allowing all traffic (1 reply)

≪ Previous: weight and balancing in upstream proxy (no replies)

$

0

0

Hello

We'd like to move a rather complicated multilingual website over to nginx. I must determine if we can handle the somewhat involved language based redirects in nginScript middleware (javascript).

At one point I must redirect based on whether or not a file exists. In the configuration file I could do this like so:

if (-f $realpath_root$url) {
...
}

However, that doesn't help me since all the redirection logic is in a javascript function.

How can I do that same test from within the javascript function rather than in the config file?

---

auth_basic and satisfy allowing all traffic (1 reply)

April 13, 2017, 5:18 pm

≫ Next: upstream - behavior on pool exhaustion (1 reply)

≪ Previous: nginScript filesystem access (no replies)

$

0

0

Hi all -

I'm having an issue trying to get auth_basic and satisfy directives working in tandem. If I use auth_basic/auth_basic_user_file on its own, I am prompted for credentials as expected. However, if I added the satisfy/allow/deny directives above, it seems that ALL traffic is allowed in without prompting for auth.

Here's how I have it.

satisfy any;
allow 38.103.XX.XXX/32; # HQIP
allow 38.118.XX.XXX/32; # User VPN IP
deny all;

auth_basic "Site Restricted";
auth_basic_user_file includes/htpasswd.site.dev.conf;

When I look though my access logs, I see the correct client IP as well.

nginx version is 1.10.1

Thank you for your help.

Dave

upstream - behavior on pool exhaustion (1 reply)

April 14, 2017, 1:22 am

≫ Next: Unable to use a GET url-param (no replies)

≪ Previous: auth_basic and satisfy allowing all traffic (1 reply)

$

0

0

Hello,

Reading from upstream
<https://nginx.org/en/docs/http/ngx_http_upstream_module.html#upstream>
docs, on upstream pool exhaustion, every backend should be tried once, and
then if all fail the response should be crafted based on the one from the
last server attempt.
So far so good.

I recently faced a server farm which implements a dull nightly restart of
every node, not sequencing it, resulting in the possibility of having all
nodes offline at the same time.

However, I collected log entries which did not match what I was expected.
For 6 backend nodes, I got:
- log format: $status $body_bytes_sent $request_time $upstream_addr
$upstream_response_time
- log entry: 502 568 0.001 <IP address 1>:<port>, <IP address 2>:<port>,
<IP address 3>:<port>, <IP address 4>:<port>, <IP address 5>:<port>, <IP
address 6>:<port>, php-fpm 0.000, 0.000, 0.000, 0.000, 0.001, 0.000, 0.000
I got 7 entries for $upstream_addr & $upstream_response_time, instead of
the expected 6.

​Here are the interesting parts of the configuration:
upstream php-fpm {
server <machine 1>:<port> down;
server <machine 2>:<port> down;
[...]
server <machine N-5>:<port>;
server <machine N-4>:<port>;
server <machine N-3>:<port>;
server <machine N-2>:<port>;
server <machine N-1>:<port>;
server <machine N>:<port>;
keepalive 128;
}

​server {
set $fpm_pool "php-fpm$fpm_pool_ID";
[...]
location ~ \.php$ {
[...]
fastcgi_read_timeout 600;
fastcgi_keep_conn on;
fastcgi_index index.php;

include fastcgi_params;
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
[...]
fastcgi_pass $fpm_pool;
}
}

​The question is:
php-fpm being an upstream group name, how come has it been tried as a
domain name in the end?
Stated otherwise, is this because the upstream group is considered 'down',
thus somehow removed from the possibilities, and nginx trying one last time
the name as a domain name to see if something answers?
This 7th request is definitely strange to my point of view. Is it a bug or
a feature?
---
*B. R.*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Unable to use a GET url-param (no replies)

April 14, 2017, 6:14 am

≫ Next: Welcome to nginx on Debian! (1 reply)

≪ Previous: upstream - behavior on pool exhaustion (1 reply)

$

0

0

Hi All.

When I do the following call ::


https://username:password@1.2.3.4?upstream_protocol=http

I get a 500 error (on the browser-client), with the following seen in
/var/log/nginx/error.log (on nginx-server)

######################################################
2017/04/14 13:03:51 [error] 16039#16039: *1 invalid URL prefix in "://
127.0.0.1:5000", client: 182.69.5.226, server: , request: "GET
/cgi-bin/webproc HTTP/1.1", host: "1.2.3.4", referrer: "
https://1.2.3.4/?upstream_protocol=http"
######################################################


Following is the server-block section in /etc/nginx/conf.d/default.conf

######################################################
server {

listen 443 ssl;

ssl_certificate /etc/nginx/ssl/nginx.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;

location / {

auth_basic 'Restricted';
auth_basic_user_file /etc/nginx/ssl/.htpasswd;

proxy_pass $arg_upstream_protocol://127.0.0.1:
$forwarded_port;
}
}
######################################################

It definitely looks that "upstream_protocol" parameter is not being picked
up by $arg_upstream_protocol.

What am I missing?
Will be grateful for pointers.


Thanks and Regards,
Ajay
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Welcome to nginx on Debian! (1 reply)

April 18, 2017, 10:12 am

≫ Next: nginx-extras (no replies)

≪ Previous: Unable to use a GET url-param (no replies)

$

0

0

Welcome to nginx on Debian! is the default holding page

where is this stored on debian 8 jessie?

thankyou
xstation

nginx-extras (no replies)

April 18, 2017, 9:40 am

≫ Next: GPG Key ( nginx_signing.key) file does not contain the key to verify the tar file (1 reply)

≪ Previous: Welcome to nginx on Debian! (1 reply)

$

0

0

I realize this may not be the best place to ask, but thought someone may
know.

I am using nginx-extras which runs 1.10, for some very helpful lua
functionality, and nginx stable just hit the apt repositories on 1.12, does
anyone know how quickly nginx-extras may be updated to 1.12?

I would like to avoid self compilation as all machines are managed via
saltstack. and i would like to take advantage of the latest stable.

Thanks for any info, even if only historical knowledge. I'll also put this
on the ubuntu lists, but feel it will just get lost in the volume.

Best,
Jeff
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

GPG Key ( nginx_signing.key) file does not contain the key to verify the tar file (1 reply)

April 19, 2017, 9:46 am

≫ Next: Logging all requests onNginx (3 replies)

≪ Previous: nginx-extras (no replies)

$

0

0

Not able to verify the latest source of mainline and stable versions of NGINX with gpg key ( http://nginx.org/keys/nginx_signing.key ). I am using Gpg4win Kleopatra. I uploaded this nginx_signing.key file, then changed the owner trust under certificates. Then verified the source (tar file and the .asc file) by file -> decrypt/verify. The message was, the key used to sign the source is not found in the nginx_signing.key file.

Please let me know, how to I verify nginx source with GPG in windows. Thanks.

I also tried to do this by checking for the key in key servers. Not able to find the key that is used to sign the source tar file.

Logging all requests onNginx (3 replies)

April 19, 2017, 4:56 pm

≫ Next: access log request without query string (3 replies)

≪ Previous: GPG Key ( nginx_signing.key) file does not contain the key to verify the tar file (1 reply)

$

0

0

HI ,

Is there a way to log all incoming requests on Nginx .

Regardless of them being served or not .

For example, In case of surge of crawler hits , if the upstream backend
cannot perform and requests hang , nginx will not log any such failed
request .

How can we log them to have more detail on the surges of requests.

Thanks
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

---

access log request without query string (3 replies)

April 20, 2017, 8:50 pm

≫ Next: nginx access logs to mysql (6 replies)

≪ Previous: Logging all requests onNginx (3 replies)

$

0

0

Hi,

What's the best way to login the original request uri ($request_uri)
without query string? I tried $uri but it seems to be normalized and if I
have customized 404 error page /404.html, all those requests are logged as
/404.html instead of original requests uri.

Thanks!
Frank
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx access logs to mysql (6 replies)

April 20, 2017, 3:32 am

≫ Next: nginx-mail and proxy protocol (5 replies)

≪ Previous: access log request without query string (3 replies)

$

0

0

I want to parse the log file respect to a client that means to make a
report of how the client is using my application through the information
provided by a log file.

So I need to filter some url where I find an especific name of a function.
For that I thought in insert my log file to database like mysql. Could I do
that with my log file ? (I use nginx )

I tried to do that with syslog-ng but it doesn't work

Do you have any ideas?

Thanks

Sara
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx-mail and proxy protocol (5 replies)

April 20, 2017, 1:30 pm

≫ Next: request_body capture regex (no replies)

≪ Previous: nginx access logs to mysql (6 replies)

$

0

0

Hi all,

Does someone have experience with nginx-mail and the proxy protocol?

Does nginx-mail have (or will is get) support for the 'proxy_protocol'
parameter to the 'listen' directive?


Cheers,

Kees
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

request_body capture regex (no replies)

April 20, 2017, 7:30 am

≫ Next: execution error - pcre limits exceeded (-8) (4 replies)

≪ Previous: nginx-mail and proxy protocol (5 replies)

$

0

0

is it possible to capture POST data, but as soon there is a "password" then
this word and its value to mask or exclude from log.

i was trying to split request_body, but it not working correct:

map $request_body $request_body_nopwd {
"~(.*)(&|%5B)password(%5D)?\=" $1;
}

also if request dont have password it returns empty value, etc
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

execution error - pcre limits exceeded (-8) (4 replies)

April 21, 2017, 5:28 am

≫ Next: Spawning of Nginx worker process (1 reply)

≪ Previous: request_body capture regex (no replies)

$

0

0

Hello,

I have compiled nginx 1.12.0 with modsecurity on a Ubuntu 16.04 server and I'm running it as a reverse proxy in front of an Apache webserver which hosts a variety of different type of websites. After enabling modsecurity I'm starting to get a lot of the following errors in the error.log file:

execution error - pcre limits exceeded (-8)

At that point, web pages don't load correctly. Can someone help with this? I haven't found anything useful on google except some references of adjusting my php.ini file which doesn't seem to be relevant in my case.

Thanks

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx