Quantcast
Channel: Nginx Forum - Nginx Mailing List - English
Viewing all 7229 articles
Browse latest View live

Spawning of Nginx worker process (1 reply)

April 21, 2017, 5:48 am
$
0
0
Hi All,

When we issue a reload to Nginx binary (<binary_location> -s reload), what are the steps involved inthe spawning of new set of worker processes?

Is it something like, while the older worker processes are still running or are serving in flight requests, Nginx spawns the newer worker processes and then brings down the older processes once they have served all the accepted requests?

Also, is there any chance where one of the spawned up newer worker processes after reload, uses the PID of the older/earlier running Nginx worker process?

Thanks,
Shiv
Search

Configuration advice (no replies)

April 21, 2017, 5:18 am
$
0
0
I currently have a config that allows me to terminate TLSv1.2 and decrypt
it. Then it re-encrypts the packets with a different cert before sending to
the upstream servers. I want to "look" at the decrypted packets before they
are encrypted but I am not sure the best way to accomplish this.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Config advice / wireshark (5 replies)

April 21, 2017, 9:06 am
$
0
0
I currently have a config that allows me to terminate TLSv1.2 and decrypt
it. Then it re-encrypts the packets with a different cert before sending to
the upstream servers. I want to "look" at the decrypted packets before they
are encrypted but I am not sure the best way to accomplish this.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

[ANN] OpenResty 1.11.2.3 released (no replies)

April 21, 2017, 6:32 pm
$
0
0
Hi folks,

Long time no releases. We've been very busy setting up the OpenResty
Inc. commercial company in the US. That's why we've been quiet in the
last few months. The good news is that we now have a strong full-time
engineering team that can work on both the OpenResty open source
platform and higher-level commercial products based on that. The
OpenResty web platform will always remain open source. There's no
doubt about that ;)

Now I am excited to announce the new formal release, 1.11.2.3, of the
OpenResty web platform based on NGINX and LuaJIT:

https://openresty.org/en/download.html

Both the (portable) source code distribution and the Win32 binary
distribution are provided on this Download page.

OpenResty's official yum repositories will get updated to use the this
new version as soon as Fedora's COPR site is back online:
http://status.fedoraproject.org/

Special thanks go to all our developers and contributors!

We have the following highlights in this release:

* We greatly reduced the chance of hash collisions in LuaJIT's global
string table for x86_64 systems with SSE 4.2 support.

* We removed the standard Lua 5.1 interpreter from our bundle. We now
use LuaJIT exclusively. We will soon drop compatibility with the
standard 5.1 interpreter in the OpenResty core so that we no
longer have to maintain two parallel implementations of our Lua API (one
based on CFunction, and the one based on FFI).

* We add HTTP/HTTPS proxy support to our OPM client for restricted
network environments.

* We now includes a very new LuaJIT v2.1 version with new builtin
functions like Lua 5.3's table.move().

* New --shdict "NAME SIZE" and --resolve-ipv6 options in the "resty"
command-line utility.

* Automatic Lua bracktrace output on Lua exceptions in the "resty"
command-line utility.

* Important bug fixes regarding retries count limit in balancer_by_lua*.

* ngx.redirect() now supports 303 as well.

The complete change log since the last (formal) release, 1.11.2.2:

* change: we no longer bundle the standard Lua 5.1 interpreter
(aka the PUC-Rio Lua). now we only bundle LuaJIT.

* win32: upgraded PCRE to 8.40, zlib to 1.2.11, and OpenSSL to
1.0.2k.

* bugfix: we did not use "PATH" in "./configure --sbin-path=PATH"
when creating symlinks. thanks David Galeano for the patch.

* bugfix: default index.html: missing the "</p>" tag. thanks
Xiaoyu Chen for the patch.

* feature: applied the "safe_resolver_ipv6_option" patch to the
nginx core to avoid the "ipv6=off" option to be parsed by nginx
when it is not built with IPv6 support. thanks Thibault
Charbonnier for the patch.

* feature: now we automatically add the "-msse4.2" compilation
option for building the bundled LuaJIT when it is available.

* upgraded ngx_lua to 0.10.8.

* feature: fixed build compatibility with BoringSSL. thanks
Tom Thorogood for the patch. Note: BoringSSL is *not* an
officially supported target.

* feature: "tcpsock:connect()": allows the "options_table"
argument being nil. thanks Dejiang Zhu for the patch.

* feature: added support for the 303 status code in
ngx.redirect(). thanks Tom Thorogood for the patch.

* bugfix: C API: "ngx_http_lua_add_package_preload()" might
not take effect when lua_code_cache is off. thanks jimtan
for the patch.

* bugfix: balancer_by_lua*: the number of retres might exceed
the limit of proxy_next_upstream_tries or alike.

* bugfix: setting response headers would change the
"Content-Type" response header. thanks leafo for the report
and Ming Wen for the patch.

* bugfix: tcp cosockets: "sslhandshake()": typo in the error
message. thanks detailyang for the patch.

* bugfix: typo fix in C POST args handler debug log. thanks
Robert Paprocki for the patch.

* change: removed the use of "luaL_getn()" macro as it is no
longer available in the latest LuaJIT v2.1. thanks Datong
Sun for the patch.

* change: removed the "mmap(sbrk(0))" memory trick since glibc
leaks memory when it is forced to use "mmap()" to fulfill
"malloc()".

* doc: ngx.exit() also returns immediately in the
balancer_by_lua* context. thanks Jinhua Tan for the patch.

* doc: various wording tweaks and more code examples. thanks
Dayo Akanji for the patch.

* doc: added a note about the LRU regex cache used in the
ngx.re.* implementation of lua-resty-core.

* tests: the test suite can now work with PCRE 8.39 ~ 8.40.
thanks Andreas Lubbe for the patch.

* upgraded resty-cli to 0.17.

* optimize: removed unwanted exit status handling. thanks
Thibault Charbonnier for the patch.

* feature: generates Lua stacktraces by default for user
errors. thanks Thibault Charbonnier for the patch.

* bugfix: fixed exit code handling for nginx crashes and INT
signal interrupts. thanks Aliaxandr Rahalevich and Gordon
Gao for the report.

* feature: resty: added the --shdict "NAME SIZE" option.
thanks Thibault Charbonnier for the patch.

* feature: resty: added new command-line option
"--resolve-ipv6". thanks Thibault Charbonnier for the patch.

* upgraded opm to 0.0.3.

* "dist.ini": relaxed the github repo link check.

* feature: added support for HTTP proxies via environments
"http_proxy" and "https_proxy".

* bugfix: tar might give the permissions error 'Cannot change
ownership to uid XX, gid XX: Operation not permitted'.
thanks Jon Keys for the patch.

* upgraded lua-resty-core to 0.1.11.

* feature: "resty.core.regex": exported internal Lua helper
functions "collect_captures", "check_buf_size", and
"re_sub_compile". these functions are deliberately
undocumented and thus subject to future changes.

* change: "resty.core": made the warning louder by turning it
to an alert when LuaJIT 2.0 is used.

* bugfix: ngx.re: "split()" might enter infinite loops when
the regex is an empty string. thanks Dejiang Zhu for the
patch.

* upgraded lua-resty-lock to 0.06.

* optimize: use branch-free algorithms for variables
assignment. thanks Thibault Charbonnier for the patch.

* optimize: removed the unused shdict metatable retrieval
code. thanks Thibault Charbonnier for the patch.

* doc: various documentation improvements from Thibault
Charbonnier.

* upgraded lua-resty-lrucache to 0.06.

* bugfix: "resty.lrucache": the "get()" method incorrectly
ignored "false" values. thanks Proton for the patch.

* optimize: small tweaks from Aapo Talvensaari and Thibault
Charbonnier.

* doc: typo fixes from Gordon Gao.

* upgraded lua-resty-mysql to 0.19.

* bugfix: the 8-bit packet numbers might overflow and led to
runtime Lua exceptions. thanks Ming Wen for the patch.

* upgraded lua-resty-limit-traffic to 0.03.

* bugfix: fixed several known race conditions by switching to
"shdict:incr(k, v, init)". thanks Thibault Charbonnier for
the patch.

* optimize: use "math.max()" to reduce Lua branches. thanks
Thibault Charbonnier for the patch.

* upgraded lua-redis-parser to 0.13.

* bugfix: removed the use of the old Lua 5.0 "luaL_getn" API
function since the latest LuaJIT 2.1 just removed it.

* upgraded lua-cjson to 2.1.0.5.

* feature: supports MS C compiler older than VC2012. thanks
spacewander for the patch.

* bugfix: fixed compilation errors from the Microsoft C
compiler. thanks Tim Chen for the patch.

* bugfix: conditionally build "luaL_setfuncs()" function as
the latest LuaJIT v2.1 already includes it. thanks Datong
Sun for the patch.

* bugfix: preserve "empty_array_mt" behavior upon multiple
loadings of the module. thanks Thibault Charbonnier for the
patch.

* upgraded ngx_redis2 to 0.14.

* feature: fixed compilation errors with Nginx 1.11.6+.

* upgraded ngx_memc to 0.18.

* feature: fixed the compilation errors with nginx 1.11.6+.
thanks Hiroaki Nakamura for the patch.

* upgraded ngx_drizzle to 0.1.10.

* feature: fixed compilation issues with nginx 1.11.6+. thanks
James Christopher Adduono for the patch.

* bugfix: fixed errors and warnings with C compilers without
variadic macro support.

* upgraded LuaJIT to v2.1-20170405:
https://github.com/openresty/luajit2/tags

* feature: added the bytecode option "L" to display lua source
line numbers. thanks Dejiang Zhu for the patch.

* optimize: x64: "lj_str_new": uses randomized hash functions
based on crc32 when "-msse4.2" is used in build options.
thanks Shuxin Yang for the patch.

* optimize: "lj_str_new": tests the full hash value before
doing the full string comparison on hash collisions. thanks
Shuxin Yang for the patch.

* imported Mike Pall's latest changes:

* Add some more changes and extensions from Lua 5.2.

* Remove old Lua 5.0 compatibility defines.

* FFI: Fix FOLD rules for "int64_t" comparisons.

* ARM64: Add big-endian support.

* x64/"LJ_GC64": Fix "emit_loadk64()".

* "LJ_GC64": Fix "BC_CALLM" snapshot handling.

* x64/"LJ_GC64": Fix assembly of CNEWI with 64 bit
constant pointer.

* ARM64: Fix Nintendo Switch build.

* ARM64: Fix XLOAD/XSTORE with FP operand.

* Remove unnecessary mcode alloc pointer check.

* Limit mcode alloc probing, depending on the available
pool size.

* Fix overly restrictive range calculation in mcode
allocation.

* Fix out-of-scope goto handling in parser.

* Remove internal "__mode = "K"" and replace with safe
check.

* Fix annoying warning, due to deterministic binutils
configuration.

* DynASM: Fix warning.

* MIPS64, part 2: Add MIPS64 hard-float JIT compiler
backend.

* Fix FOLD rules for "math.abs()" and FP negation.

* Fix soft-float "math.abs()" and negation.

* x64/"LJ_GC64": Fix warning for DUALNUM build.

* x64/"LJ_GC64": Fix (currently unused) integer stores in
"asm_tvptr()".

* ARM64: Cleanup and de-cargo-cult TValue store
generation.

* MIPS: Don't use "RID_GP" as a scratch register.

* MIPS: Fix emitted code for U32 to float conversion.

* MIPS: Backport workaround for compact unwind tables.

* Make "checkptrGC()" actually work.

* ARM64: Fix AREF/HREF/UREF fusion.

* "LJ_GC64": Add build options and install instructions.

* Add some more extensions from Lua 5.2/5.3.

* Fix cross-endian jit.bcsave for MIPS target.

* ARM64: Remove unused variables in disassembler.

* ARM64: Fuse BOR/BXOR and BNOT into ORN/EON.

* Add "proto" field to "jit.util.funcinfo()".

* Add missing FOLD rule for 64 bit shift+BAND
simplification.

* ARM64: Fix code generation for S19 offsets.

* ARM64: Fuse various BAND/BSHL/BSHR/BSAR combinations.

* ARM64: Fuse FP multiply-add/sub.

* ARM64: Fuse XLOAD/XSTORE with STRREF/ADD/BSHL/CONV.

* ARM64: Reorganize operand extension definitions.

* ARM64: Add missing ldrb/strb instructions to
disassembler.

* ARM64: Fix pc-relative loads of consts. Cleanup branch
codegen.

* ARM64: Make use of tbz/tbnz and cbz/cbnz.

* Eliminate use of lightuserdata derived from static data
pointers.

* ARM64: Emit more efficient trace exits.

* Generalize deferred constant handling in backend to 64
bit.

* ARM64: Reject special case in "emit_isk13()".

* ARM64: Allow full VA range for mcode allocation.

* ARM64: Add JIT compiler backend.

* Fix amalgamated build.

* Increase range of "GG_State" loads via "IR_FLOAD" with
"REF_NIL".

* MIPS: Fix TSETR barrier.

* Report parent of stitched trace.

The HTML version of the change log with lots of helpful hyper-links
can be browsed here:

https://openresty.org/en/changelog-1011002.html

OpenResty is a full-fledged web platform
by bundling the standard Nginx core, Lua/LuaJIT, lots of
3rd-party Nginx modules and Lua libraries, as well as most of their external
dependencies. See OpenResty's homepage for details:

https://openresty.org/

We have run extensive testing on our Amazon EC2 test cluster and
ensured that all the components (including the Nginx core) play well
together. The latest test report can always be found here:

https://qa.openresty.org/

Have fun!

Best regards,
Yichun

PS 1: we've been privately building a Perl 6 dialect
compiler that can compile a large (non-strict) subset of the Perl 6
programming language into optimized and standalone Lua code targeting
the OpenResty web platform. This compiler is called fanlang. Our
initial benchmark already shows that the Lua code generated by the
fanlang compiler is significantly faster than the official/reference
implementation of Perl 6. Our fanlang compiler is already mature enough
that has already been
successfully used to build another compiler for a domain specific
language called edgelang. The edgelang compiler also emits optimized
and standalone Lua code targeting OpenResty. This release is the first
OpenResty formal version that can fully support our fanlang and edgelang
compilers. We have plans to open source a basic version of our fanlang
compiler to the community once it is fully bootstrapped by itself.

PS 2: We'll try upgrading the NGINX core in OpenResty to the latest
version in the next OpenResty release. Stay tuned!
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Upgrade to Ubuntu16.04 LTS from 14.04 LTS killed my php (3 replies)

April 22, 2017, 11:12 am
$
0
0
I had a fully functioning ubuntu 14.04 serving up via nginx a passenger/ror site with 'some' php.

The passenger/ror bit works fine after the upgrade however any attempt at accessing my php files gives a 404 Not Found error:

The error.log for nginx shows the following:

=================================

2017/04/22 11:16:22 [crit] 16531#0: *1 connect() to unix:/var/run/php/php7.0-fpm.sock failed (13: Permission denied) while connecting to upstream, client: 212.159.100.115, server: resys.gourmindia.com, request: "GET /phpinfo.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.0-fpm.sock:", host: "resys.gourmindia.com"

==================

My question is what should the /var/run/php/php7.0-fpm.sock have as permission?

ALL help gratefully received with thanks.

Purvez

Too many define location directive (no replies)

April 22, 2017, 10:40 am
$
0
0
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Hello!

I got confused and no hint(s) about map directive co-exist with
try_files directive. Is it right to think using map directive? Or any
alternative?

The goals is, I want to avoid many location like :

.... snip ...
index index.php;
try_files $uri $uri/ /index.php?q=$uri&$args;
root /var/www/api.domain.tld;

location /v2 {
try_files $uri $uri/ /v2/index.php?q=$uri&$args;
}

location /v3 {
try_files $uri $uri/ /v3/index.php?q=$uri&$args;
}

location ~ \.php$ {
fastcgi_param SCRIPT_FILENAME
$document_root$fastcgi_script_name;
... rest fastcgi stuff there ...
}
....

That config above are works fine, but too many location "/v[0-9]+" in
config file. So, if there are v4, v5, etc are exists in
/var/www/api.domain.tld, the configuration won't change.

Any helps are appreciate.
Thanks.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQI4BAEBCAAiBQJY+5SqGxxkZXdhbmdnYWJhQHh0cmVtZW5pdHJvLm9yZwAKCRDl
f9IgoCjNcN9dEACak9z+gX1b0Jp+5iEM3vMx7iQMsIGjQc7CZ2+1bjlsYfYSdNsE
6v/T8Tc6e69aiKMrDF45a3CzW84FwTYdxD6u6Wg7SgrJhFfDLF+xltSKz17xa7C2
1ZdP1YTWHsu3XSbwtoERVcaX/nVgh66jpxCvNztUdcaeCKXWXiHZ4QB/tMMdS1+9
+b9uuoPDfgJaF42C3AbpjYNI6EanmVIBADu8Nkkx5apmr/QoBYLqFNPa3ShYkdzV
CD3m7pKILlfjo10w+1as1lNH9d6fFhD8fs12hbrkBtC1r/7ZigFCvsuuENokCamg
281qQeGg8jOUL9sHJLd9/S8q8991D8hUjmRPeQcjJ6pJC77Zxb+aw6WNu+v88/cL
6ePsbBNbXZGkwbVsXAqqFLcDhzA7gUEstz5pPbCyRmP5z6CQ+ruxwb817kf38aqq
rlTL4rDkR4hYWPbsUWOIAc56hQmG0bV45cieeMIy4a5t2ZsJVYxcvcdq8Jx3aXUM
fuy7qH5+yw//ISAdwHHgW3HNxXUxZFjYJ90wUtRk+UuEHWTwC0pfljb8u55kXBxK
Qj8lR8KWsPCgf374AgOvKHzqNMScZCAssH58RwOJ8raN4DLB+JHifSvRQeGeT7ma
EXkK3ET2alGn+XxaCO3p1sCQX275UcueJW2SIKVJOsq88GIZP1E16Q3Iyw==
=7AV6
-----END PGP SIGNATURE-----
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

limit_conn with variables erroring with invalid number of connections (no replies)

April 23, 2017, 6:14 pm
$
0
0
Here is the configuration:

http {
limit_conn_zone $binary_remote_addr zone=limitapinoauth:16m;
limit_conn_zone $remote_user zone=limitapi:32m;

map $remote_user $limit_zone {
default limitapi;
'' limitapinoauth;
}

map $remote_user $limit_number {
default 100;
'' 200;
}
}

server {
limit_conn $limit_zone $limit_number;
}

When starting NGINX getting a fatal error though. Does limit_conn support using variables?

error => invalid number of connections "$limit_number"

Passive healthcheck for UDP (1 reply)

April 24, 2017, 10:48 am
$
0
0
Hi,

I'm gathering some information regarding UDP load balancing. I've come
accross this in
https://www.nginx.com/resources/admin-guide/udp-health-check/ and I'm quite
puzzled :

"NGINX can mark the server as unavailable and stop sending UDP datagrams to
it for some time if the server replies with an error or times out.
The number of consecutive failed connection attempts within a certain time
period is set with the max_fails parameter for an upstream server (default
value is 1)."

What is unclear to me is the "failed connection attempt" term. UDP being a
connectionless protocol, it's unclear what is the actual method used by
NGINX to decide whether a passive health check is successfull or not. Would
the existence of traffic from server to Nginx be a sign of success or are
other methods involved ?

Thank you

SC
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Search

invalid default_server parrameter (3 replies)

April 24, 2017, 1:14 pm
$
0
0
I have many servers sending ssl which I am trying to terminate. So I wanted
to create a statement that was a catch all instead of listening for each ip
address. I thought this would do it :

server {

listen 443 ssl default_server;

.......

}

but when I run nginx -t, I keep getting the error : nginx: [emerg] the
invalid "default_server" parameter in /etc/nginx/nginx.conf:13

Is this the correct way of doing a catch all incoming ssl traffic and what
is wrong with my syntax ?

Joel
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

timeout callback (no replies)

April 25, 2017, 6:53 am
$
0
0
Hello,

I am developing my own nginx module, I would like to use the "keepalive_timeout" option.

I tried to find a callback which signal that timeout was expired, before the nginx call ngx_http_close_connection. I am using a memory which I allocate and I would like to free it

Thanks,
Ortal Levi

Nginx Nodejs Raspberry Pi2 Bad Gateway (no replies)

April 25, 2017, 7:13 am
$
0
0
This is what my setup looks like:

INTERNET (subdomain.domain.com A Record to public IP 186....187)
Hurl.it -----POST-----> Public IP: https://186....187/API/switches?sw1?password=123456 -----> Linksys Router IP:186...187:443 Port Forward to 192...53

ONLAN (nginx setup https with ssl from letsencrypt)
192....53 RPi2 nginx config bypass 192...53:442 . ------> nodejs app.js listening on port 442

This is my nginx config file:

[code]
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name subdomain.domain.com;

ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem;

root /www/subdomain.domain.com/aism;
index index.php index.html index.htm;

error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;

# Error & Access logs
error_log /www/subdomain.domain.com/logs/error.log error;
access_log /www/subdomain.domain.com/logs/access.log;

location / {
index index.html index.php;
proxy_pass http://192.168.1.53:442;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~ /.well-known {
allow all;
}
location /public {
root /www/subdomain.domain.com/aism;
}
location ~ ^/(images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/) {
}
}[/code]

I have tested the nodejs app while on port 80 from hurl.it with the port forward config for port 80 instead and it works perfectly.

Here is the current error log:

[quote]
OST /API/switches/sw1?password=123456 HTTP/1.1", upstream: "http://192.168.1.53:442/50x.html", host: "subdomain.domain.com"
2017/04/23 20:08:38 [error] 20424#0: *4 upstream prematurely closed connection while reading response header from upstream, client: 192.168.1.56, server: subdomain.domain.com, request: "GET /aism/ HTTP/1.1", upstream: "http://192.168.1.53:442/aism/", host: "subdomain.domain.com"
2017/04/23 20:08:38 [error] 20424#0: *4 upstream prematurely closed connection while reading response header from upstream, client: 192.168.1.56, server: subdomain.domain.com, request: "GET /aism/ HTTP/1.1", upstream: "http://192.168.1.53:442/50x.html", host: "subdomain.domain.com"
2017/04/23 20:09:25 [error] 20467#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 23.20.198.108, server: subdomain.domain.com, request: "POST /API/switches/sw1?password=123456 HTTP/1.1", upstream: "http://192.168.1.53:442/API/switches/sw1?password=123456", host: "subdomain.domain.com"
[/code]

Please help!

nginx-1.13.0 (1 reply)

April 25, 2017, 2:16 pm
$
0
0
Changes with nginx 1.13.0 25 Apr 2017

*) Change: SSL renegotiation is now allowed on backend connections.

*) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
directives of the mail proxy and stream modules.

*) Feature: the "return" and "error_page" directives can now be used to
return 308 redirections.
Thanks to Simon Leblanc.

*) Feature: the "TLSv1.3" parameter of the "ssl_protocols" directive.

*) Feature: when logging signals nginx now logs PID of the process which
sent the signal.

*) Bugfix: in memory allocation error handling.

*) Bugfix: if a server in the stream module listened on a wildcard
address, the source address of a response UDP datagram could differ
from the original datagram destination address.


--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: [nginx-announce] nginx-1.13.0 (2 replies)

April 25, 2017, 11:50 am
$
0
0
Hello!

Getting a make error on 32-bit and 64-bit Cygwin:

-o objs/src/os/unix/ngx_writev_chain.o \
src/os/unix/ngx_writev_chain.c
cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g
-D FD_
SETSIZE=2048 -I src/core -I src/event -I src/event/modules -I src/os/unix
-I /us
r/include/libxml2 -I objs \
-o objs/src/os/unix/ngx_udp_send.o \
src/os/unix/ngx_udp_send.c
cc -c -pipe -O -W -Wall -Wpointer-arith -Wno-unused-parameter -Werror -g
-D FD_
SETSIZE=2048 -I src/core -I src/event -I src/event/modules -I src/os/unix
-I /us
r/include/libxml2 -I objs \
-o objs/src/os/unix/ngx_udp_sendmsg_chain.o \
src/os/unix/ngx_udp_sendmsg_chain.c
src/os/unix/ngx_udp_sendmsg_chain.c: In function `ngx_sendmsg':
src/os/unix/ngx_udp_sendmsg_chain.c:274:16: error: `struct in_pktinfo' has
no me
mber named `ipi_spec_dst'
pkt->ipi_spec_dst = sin->sin_addr;
^
objs/Makefile:847: recipe for target
'objs/src/os/unix/ngx_udp_sendmsg_chain.o'
failed
make[1]: *** [objs/src/os/unix/ngx_udp_sendmsg_chain.o] Error 1
make[1]: Leaving directory '/home/kevin.worthington/nginx-1.13.0'
Makefile:8: recipe for target 'build' failed
make: *** [build] Error 2

Any tips to fix this? Thank you for reading.

Best regards,
Kevin
--
Kevin Worthington
kworthington ( at ) gmail {dot} com
https://kevinworthington.com/
https://twitter.com/kworthington

On Tue, Apr 25, 2017 at 10:32 AM, Maxim Dounin <mdounin@mdounin.ru> wrote:

> Changes with nginx 1.13.0 25 Apr
> 2017
>
> *) Change: SSL renegotiation is now allowed on backend connections.
>
> *) Feature: the "rcvbuf" and "sndbuf" parameters of the "listen"
> directives of the mail proxy and stream modules.
>
> *) Feature: the "return" and "error_page" directives can now be used to
> return 308 redirections.
> Thanks to Simon Leblanc.
>
> *) Feature: the "TLSv1.3" parameter of the "ssl_protocols" directive.
>
> *) Feature: when logging signals nginx now logs PID of the process
> which
> sent the signal.
>
> *) Bugfix: in memory allocation error handling.
>
> *) Bugfix: if a server in the stream module listened on a wildcard
> address, the source address of a response UDP datagram could differ
> from the original datagram destination address.
>
>
> --
> Maxim Dounin
> http://nginx.org/
> _______________________________________________
> nginx-announce mailing list
> nginx-announce@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-announce
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Question about $upstream_cache_status (1 reply)

April 25, 2017, 9:26 am
$
0
0
Hi,

am I right that $upstream_cache_status primarily concerns nginx' own
upstreams like fastcgi, uwsgi etc?

Or is there a possibility to display whether an upstream varnish has had
the page cached?



Rainer
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Efficient stream proxy (1 reply)

April 25, 2017, 9:42 am
$
0
0
Hi,

I'd like to implement proxy server for internet radio streaming. And I'd like to reuse existing established connection to the upstream for all clients which listen the same "radio station"/"url".

Right now every listener creates a new connection on nginx side. Is it even possible to reuse one connection for everyone?



Thanks in advance.
Search

N00b - logging stream request / response (6 replies)

April 25, 2017, 12:12 pm
$
0
0
I am trying to log all request / response in a stream with a lua script I
found in git hub and am having issues figuring out where to put the
log_format directive. Here is what I currently have :

stream {

log_format bodylog '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $request_time '
'<"$request_body" >"$resp_body"';

lua_need_request_body on;

set $resp_body "";
body_filter_by_lua '
local resp_body = ngx.arg[1]
ngx.ctx.buffered = (ngx.ctx.buffered or "") .. resp_body
if ngx.arg[2] then
ngx.var.resp_body = ngx.ctx.buffered
end
';

.......

}
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

unable to log upstream_bytes_sent (no replies)

April 25, 2017, 11:54 am
$
0
0
I'm running nginx 1.11.9, and I get an error any time I try to use
bytes_sent, upstream_bytes_sent, or upstream_bytes_received. I've tried
logging directly in a log format, or using in a map:

<in http context>

map $request_method $chad_sent {
default $upstream_bytes_sent;
}

map $request_method $chad_received {
default $upstream_bytes_received;
}

This results in:

me@here:~/Downloads$ sudo service nginx restart
* Restarting nginx nginx

nginx: [emerg] unknown "upstream_bytes_sent" variable
nginx: configuration file /etc/nginx/nginx.conf test failed

It's unclear to me if there's something wrong with my build, or if I have
to use a stream context, or some other issue.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

N00b - "set" directive is not allowed here (1 reply)

April 25, 2017, 12:56 pm
$
0
0
I have a set directive inside an http block which I thought was valid but
when I run config -t it says the nginx: [emerg] "set" directive is not
allowed here.


http {

log_format bodylog '$remote_addr - $remote_user [$time_local] '
'"$request" $status $body_bytes_sent '
'"$http_referer" "$http_user_agent" $request_time '
'<"$request_body" >"$resp_body"';

lua_need_request_body on;

*set $resp_body "";*
body_filter_by_lua '
local resp_body = ngx.arg[1]
ngx.ctx.buffered = (ngx.ctx.buffered or "") .. resp_body
if ngx.arg[2] then
ngx.var.resp_body = ngx.ctx.buffered
end
';

......

Joel
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Blocking all URIs except for one directory (no replies)

April 25, 2017, 12:52 pm
$
0
0
Hello,

I want to secure a site using the allow/deny directives so that only
allowed networks will be able to access it. There is one "public"
directory, however, that I want to be accessible for everyone.

nginx serves as a reverse proxy on that site, and requests for URIs that
end with the suffix ".cfm" are proxied to Tomcat.

So I currently have something like:

location / {
allow 10.0.0.0/24;
deny all;
}

location /public/ {
allow all; # does that make sense?
}

location ~ \.cfm$ {
## proxy settings go here
}

Keep in mind that .cfm scripts are both in /public/ as well as in other
directories.

How can I achieve that?

Thanks,

Igal Sapir
Lucee Core Developer
Lucee.org http://lucee.org/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

remove if from code (no replies)

April 25, 2017, 1:16 pm
$
0
0
I am using Nginx 1.13 and have read that using "if" is a poor solution. I have looked through my configuration file and found one and would like to rewrite it without the "if". Does anyone know how to rewrite this snippet?

## Execute PHP Scripts using FastCGI
location ~ \.php(/.*)? {
if (!-e $request_filename) {
rewrite / /index.php last;
}

Thanks
Viewing all 7229 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>