Quantcast
Channel: Nginx Forum - Nginx Mailing List - English
Viewing all 7229 articles
Browse latest View live

Nginx reload intermittenlty fails when protocol specified in proxy_pass directive is specified as HTTPS (no replies)

November 20, 2017, 5:49 am
$
0
0
I am trying to use nginx as a reverse proxy with upstream SSL. For this, I am using the below directive in the nginx configuration file

proxy_pass https://<upstream_block_file_name>;

where "<upstream_block_file_name>" is another file which has the list of upstream servers.

upstream <upstream_block_file_name> {
server <IP_address_of_upstream_server>:<Port> weight=1;
keepalive 100;
}

With this configuration if I try to reload the Nginx configuration, it fails intermittently with the below error message

nginx: [emerg] host not found in upstream \"<upstream_block_file_name>\"

However, if I changed the protocol mentioned in the proxy_pass directive from https to http, then the reload goes through.

Could anyone please explain what mistake I might be doing here?

Thanks in advance.
Search

Nginx reload intermittenlty fails when protocol specified in proxy_pass directive is specified as HTTPS (no replies)

November 20, 2017, 9:46 am
$
0
0
I am trying to use nginx as a reverse proxy with upstream SSL. For this, I am using the below directive in the nginx configuration file

proxy_pass https://<upstream_block_file_name>;

where "<upstream_block_file_name>" is another file which has the list of upstream servers.

upstream <upstream_block_file_name> {
server <IP_address_of_upstream_server>:<Port> weight=1;
keepalive 100;
}

With this configuration if I try to reload the Nginx configuration, it fails intermittently with the below error message

nginx: [emerg] host not found in upstream \"<upstream_block_file_name>\"

However, if I changed the protocol mentioned in the proxy_pass directive from https to http, then the reload goes through.

Could anyone please explain what mistake I might be doing here?

Thanks in advance.

nginx-1.13.7 (no replies)

November 21, 2017, 7:28 am
$
0
0
Changes with nginx 1.13.7 21 Nov 2017

*) Bugfix: in the $upstream_status variable.

*) Bugfix: a segmentation fault might occur in a worker process if a
backend returned a "101 Switching Protocols" response to a
subrequest.

*) Bugfix: a segmentation fault occurred in a master process if a shared
memory zone size was changed during a reconfiguration and the
reconfiguration failed.

*) Bugfix: in the ngx_http_fastcgi_module.

*) Bugfix: nginx returned the 500 error if parameters without variables
were specified in the "xslt_stylesheet" directive.

*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using a zlib library variant from Intel.

*) Bugfix: the "worker_shutdown_timeout" directive did not work when
using mail proxy and when proxying WebSocket connections.


--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: [nginx-announce] nginx-1.13.7 (no replies)

November 21, 2017, 9:42 am
$
0
0
Hello Nginx users,

Now available: Nginx 1.13.7 for Windows https://kevinworthington.com/n
ginxwin1137 (32-bit and 64-bit versions)

These versions are to support legacy users who are already using Cygwin
based builds of Nginx. Officially supported native Windows binaries are at
nginx.org.

Announcements are also available here:
Twitter http://twitter.com/kworthington
Google+ https://plus.google.com/+KevinWorthington/

Thank you,
Kevin
--
Kevin Worthington
kworthington *@* (gmail] [dot} {com)
https://kevinworthington.com/
https://twitter.com/kworthington
https://plus.google.com/+KevinWorthington/

On Tue, Nov 21, 2017 at 10:26 AM, Maxim Dounin <mdounin@mdounin.ru> wrote:

> Changes with nginx 1.13.7 21 Nov
> 2017
>
> *) Bugfix: in the $upstream_status variable.
>
> *) Bugfix: a segmentation fault might occur in a worker process if a
> backend returned a "101 Switching Protocols" response to a
> subrequest.
>
> *) Bugfix: a segmentation fault occurred in a master process if a
> shared
> memory zone size was changed during a reconfiguration and the
> reconfiguration failed.
>
> *) Bugfix: in the ngx_http_fastcgi_module.
>
> *) Bugfix: nginx returned the 500 error if parameters without variables
> were specified in the "xslt_stylesheet" directive.
>
> *) Workaround: "gzip filter failed to use preallocated memory" alerts
> appeared in logs when using a zlib library variant from Intel.
>
> *) Bugfix: the "worker_shutdown_timeout" directive did not work when
> using mail proxy and when proxying WebSocket connections.
>
>
> --
> Maxim Dounin
> http://nginx.org/
> _______________________________________________
> nginx-announce mailing list
> nginx-announce@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-announce
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Set Expires Header only if upstream has not already set an Expires (no replies)

November 22, 2017, 1:44 am
$
0
0
Hello,
I would like to add an Expires Header only to upstream content that has
not already set an Expires header. Is there an easy way to do that with
nginx?

I thought about trying to add a header_filter_by_lua checking the
Expires header and set the necessary value if not already set. Is there
an easier way to do the same?

Cheers,
Thomas
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx seems to treat %3F as "?" (no replies)

November 22, 2017, 7:36 am
$
0
0
Hello,

I have following redirection rule defined:

location ~ "^/(.*)\.html[^\?]+" {
return 301 /$1.html;
}

so that everything besides "?" after an URL gets truncated:
like
example.com/test.html%D1%80%D0%BE%D1%80%D0%BB -> example.com/test.html

however it doesn't work when "?" is url encoded into %3F. I would like
example.com/test.html%3F to redirect to example.com/test.html

Is it possible somehow?

Thank you!

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx reload issues (no replies)

November 22, 2017, 10:30 am
$
0
0
Hi,

I have a centos7 server as a reverse proxy. When I either make a change to an existing v.hosts file or create a new one and test the set up with "nginx -t", and it works, I trigger the changes with either "systemctl reload nginx" or "nginx -s reload". Unfortunately this seems to no longer reload the new config? If I actually restart the Nginx server itself ("systemctl restart nginx") it works but obviously this breaks current connections. There are no errors in the log files

Any ideas as to what may be causing the problem?


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Nginx + SSL problem for old browsers (1 reply)

November 23, 2017, 7:18 am
$
0
0
Hello everybody,

I have one single website running a RapidSSL certificate, that doesn't work on old mobile phones and browsers, like Symbian. My customer, however, insist in having this site with SSL fully compatible with old browsers.

I am already using and old cipher for old browsers generated at https://mozilla.github.io/server-side-tls/ssl-config-generator/

However, still doesn't work.

Just in case, on the same server I serve lot of other SSL certificates, all sharing the same IP.

This is my current Nginx configuration for this site :

# SSL config
listen 443 ssl;
ssl on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:ECDHE-RSA-DES-CBC3-SHA:ECDHE-ECDSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:DES-CBC3-SHA:HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP';
ssl_prefer_server_ciphers On;
ssl_dhparam /etc/nginx/dhparams.pem;
ssl_certificate /etc/nginx/ssl.crt/www.mysite.com.crt;
ssl_certificate_key /etc/nginx/ssl.key/www.mysite.com.key;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 10m;
# SSL config

Thanks
Search

Migrating from Varnish (5 replies)

November 23, 2017, 9:54 am
$
0
0
Hi all,

I've been using Varnish for 4 years now, but quite frankly I'm tired of
using it for HTTP traffic and Nginx for SSL offloading when Nginx can just
handle it all. One of the main issues I'm running into with the transition
is related to cache purging, and setting custom expiry TTL's per
zone/domain. My questions are:

- Does anyone have any recent working documentation on supported
modules/Lua scripts which can achieve wildcard purges as well as specific
URL purges?

- How should I go about defining custom cache TTL's for: frontpage,
dynamic, and static content requests? Currently I have Varnish configured
to set the ttl's based on request headers which are added in the config
with regex matches against the host being accessed.

Any other caveats or suggestions I should possibly know of?

--Andrei
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Please take me off the mailing list (1 reply)

November 23, 2017, 6:50 pm
$
0
0
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Cannot build 1.12.x on MSYS2/MinGW64 (1 reply)

November 24, 2017, 5:16 am
$
0
0
Hi,

The build fails without this patch. Is there a chance for this to be merged to the 1.12 branch?
https://hg.nginx.org/nginx/rev/4a343228c55e

ngx_http_upstream_test_next u->peer.tries > 1 (no replies)

November 24, 2017, 12:23 am
$
0
0
assume all servers always fail in upstream

nginx would call ngx_http_upstream_next when u->peer.tries > 1, and call ngx_http_upstream_finalize_request directly when u->peer.tries == 1

it would not pass NGX_PEER_FAILED to u->peer.free

so how peer->fails increase when last retry fail?

Re: real time notifications django app (no replies)

November 25, 2017, 3:40 am
$
0
0
Hi,

Could it be possible to use Django and asyncio to receive asynchronous
redis messages and store them into a ZODB database? (ClientStorage)

Is it possible to implement PUSH notifications with uWSGI backend and
redis server ?

Thank you,

Etienne


Le 2017-11-25 à 05:02, Etienne Robillard a écrit :
> Hi,
>
> I would like to implement a simple web client for sending asynchronous
> messages from RabbitMQ or Redis to a ClientStorage server with
> asyncio. This code should ideally run under Python 3.5.3 and WSGI.
>
> Design ideas:
>
> - ZODBController class: this will need refactoring
>
> - Support PostgreSQL schemas in the future
>
> - Make the code compatible with WSGI environments
>
>
> What do you think?
>
>
> Regards,
>
> Etienne
>

--
Etienne Robillard
tkadm30@yandex.com
http://www.isotopesoftware.ca/

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Please take me off the mailing list (1 reply)

November 25, 2017, 3:02 pm
$
0
0
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

ngx_msec_t is 32bit on ARM (no replies)

November 25, 2017, 4:44 pm
$
0
0
I'm trying to compile nginx on for a raspberry pi

src/core/ngx_times.c

time_t sec;
ngx_uint_t msec;
struct timeval tv;

ngx_gettimeofday(&tv);
sec = tv.tv_sec;
msec = tv.tv_usec / 1000;
ngx_current_msec = (ngx_msec_t) sec * 1000 + msec;

ngx_current_msec is defined as a ngx_msec_t which in turn is ngx_uint_t. In an rpi is not big enough to hold Unix epoc in millis. (sec * 1000)

nginx code does compile, but my tests fail: they have hardcoded values for the epoc.

Is this deliberate? I guess its cropping the high order bits? So millis comparisons might work but timestamps generated from this value might not?
Search

cts-submit (no replies)

November 26, 2017, 5:20 am
$
0
0
Hello,

experiments with nginx-ct ¹) show that I need a tool to submit a certificate to some public logs.
cts-submit ²) seems useful. But it require me to install php on every host :-/

I know there are also python implementations. but
is anybody aware of an implementation in *plain posix shell + openssl* ?

Andreas



¹) https://github.com/grahamedgecombe/nginx-ct
²) https://github.com/jbvignaud/cts-submit
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

constant X-Cache-Status:MISS on woff files (no replies)

November 27, 2017, 3:26 am
$
0
0
I have a problem with cacheing.

Following location in my config - perfectly handles all the extensions jpeg, jpg and stuff.

location ~* \.(?:ico|pdf|flv|jpg|jpeg|png|gif|swf|x-html|woff|woff2|ttf|eot|map)$ {
gzip off;
expires 30d;
log_not_found off;
access_log off;
add_header Cache-Control "public";
add_header Access-Control-Allow-Origin *;
add_header X-Cache-Status $upstream_cache_status;

proxy_cache img_cache_main;
proxy_buffers 2048 64k;
proxy_buffer_size 128k;
proxy_set_header Host "HOSTNAME";

proxy_ignore_headers Cache-Control Vary Expires Set-Cookie X-Accel-Expires;
proxy_cache_valid 404 1m;

aio threads=default;
aio_write on;
output_buffers 16 1024k;
sendfile on;

proxy_pass http://HOSTNAME_appserver;
}


Unfortunately i get MISS on all woff files :/

upstream zone size (no replies)

November 28, 2017, 2:00 am
$
0
0
What is a reasonable value for upstream zone size? I'm just shooting in the dark with 64k right now. Running 64bit Linux. The official NGINX documentation does not elaborate on it, and I can't find anything useful on Google.

upstream backends {
zone example_zone 64k;
keepalive 8l;

server 10.20.30.2 max_fails=3 fail_timeout=30s;
}

Nginx cache returns MISS after a few hours, can't be set up to cache "forever" (2 replies)

November 28, 2017, 4:44 am
$
0
0
Hi,

I am trying to cache files "forever". Unfortunately in about 2-6 hours the cache starts to return MISS again. This is the setting:

---

proxy_cache_path /var/cache/nginx-cache levels=1:2 keys_zone=mycache:10m max_size=20g inactive=10y;

proxy_cache_valid 10y;

"Expires" header returned by the upstream is set to the year 2027 and "Cache-Control" to max-age=315360000 (i.e. 10 years).

---

I suppose, if was the expiry time the reason, it would have return EXPIRED, but not MISS.

The cache fills up to ~5 GB (from allowed 20 GB), so the space should not be the problem.

I have tried to remove all cached files and restart nginx, but it did not help.

For testing I use plain curl GET requests (without ETag, Vary, etc. headers) - always the same.

Thank you for any hint,
Jan Molic
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Fwd: Problem with CAS on nginx configuration (no replies)

November 28, 2017, 7:46 am
$
0
0
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Viewing all 7229 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>