Quantcast
Channel: Nginx Forum - Nginx Mailing List - English
Viewing all 7229 articles
Browse latest View live

nginx rewrite does not work without "permanent" directive (no replies)

December 15, 2017, 4:50 am
$
0
0
Hello!

Please would you mind helping me.

My nginx rewrite works only if I add "permanent" directive. Without it there
is no rewrite seen even in browser's network log.

I have an image cache system which works this way:

- there is a folder for uploaded images ( )

- folder for small thumbnails of uploaded images ( )

- php script (Symfony controller).

If the user requests not yet existing thumbnail for already uploaded image,
than the php script is called and it generates a thumbnail and stores it in
a corresponding folder.

For example: User requests http://site.com/files/imagecache/thumb/1.jpg,
Nginx tries to find the file or redirects to
http://site.com/www2/web/app_dev.php/image/cache?path=thumb/1.jpg

But instead I get 404 not found /files/imagecache/thumb/1.jpg - this message
is provided by Symfony (PHP), not by nginx itself.

If I add "permanent" I get Symfony controller output in browser - which is
OK. What did I do wrong?



Full nginx config with folders, symfony config and ordinary php config
follows.



Thank you in advance!



server {

..
root /home/anima/projects/sfedu/sfedu-php;

....

# SYMFONY DEV

location ~ ^/www2/web/(app_dev|config)\.php(/|$) {

fastcgi_pass
unix:/run/php/php7.0-fpm.sock;

fastcgi_split_path_info
^(.+\.php)(/.*)$;

include fastcgi_params;

fastcgi_param SCRIPT_FILENAME
$realpath_root$fastcgi_script_name;

fastcgi_param DOCUMENT_ROOT
$realpath_root;

}

# PROD

location ~ ^/www2/web/app\.php(/|$) {

fastcgi_pass
unix:/run/php/php7.0-fpm.sock;

fastcgi_split_path_info
^(.+\.php)(/.*)$;

include fastcgi_params;

fastcgi_param SCRIPT_FILENAME
$realpath_root$fastcgi_script_name;

fastcgi_param DOCUMENT_ROOT
$realpath_root;

internal;

}

location ~ ^/www2/web {

allow all;

try_files $uri /www2/web/app.php$is_args$args;

}

location ~ ^/www2 {

deny all;

}

# END OF SYMFONY BLOCK



location ~ (\.php$|\.php/|\.php\?) {

fastcgi_pass unix:/run/php/php7.0-fpm.sock;

fastcgi_index index.php;

include fastcgi_params;



set $path_info "";

set $real_script_name $fastcgi_script_name;

if ($fastcgi_script_name ~ "^(.+\.php)(/.+)$") {

set $real_script_name $1;

set $path_info $2;

}

fastcgi_param SCRIPT_FILENAME
$document_root$real_script_name;

fastcgi_param SCRIPT_NAME $real_script_name;

fastcgi_param PATH_INFO $path_info;

fastcgi_param PATH_TRANSLATED
$document_root$real_script_name;

}



location /files/imagecache {

root /home/anima/projects/http-upload;

try_files $uri @imagecache;

}



location /files {

root /home/anima/projects/http-upload;

}



location @imagecache {

rewrite ^/files/imagecache/(.*)$
/www2/web/app_dev.php/images/cache?path=$1 permanent; #Here should be no
"permanent"

}



}





Regards,

Alexander Trofimchouk.





_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Search

Moving Joomla from subdir to root -> rewrite / redirect problem (no replies)

December 15, 2017, 6:28 am
$
0
0
Dear all,

in order to have prettier URLs I have decided to move my joomla from
/web/ to /, but I want old URLs to transparently redirect.

I am struggling how to do this.

First I though of something like

location /web {
  try_files $uri $uri/ /index.php?$args;
 }

but this obviously did not work as the arguments passed to index.php
still contain the /web/   part  , which would have to go.

So I tried instead:

location / {
    rewrite ^/web/(.*)$ /$1;
  try_files $uri $uri/ /index.php?$args;
}

thinking that the first line would modify the URI, taking away the /web/
part so that in the next line the changed uri would be fed to the
try_files command.

But this only resulted in 404s.

Can someone enlighten me on where I am going wrong with this?

Thanks a lot in advance,

Johannes

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

ssl_password_file directive is duplicate (no replies)

December 15, 2017, 5:34 pm
$
0
0
Hi!

I want to use several ssl_certificate followed by ssl_certivicate_key in configuration.
Also I try to supply ssl_password_file for each pair. Assuming that each key has its own password.

I get: ssl_password_file directive is duplicate

Please advice.

NikolayNikolay




_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

curl connection refused (4 replies)

December 18, 2017, 12:58 pm
$
0
0
I have seen this a lot on google but have not been able to find a suitable
solution. My firewall is setup correctly.

I am listening on port 80

netstat -anltp
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address
State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:*
LISTEN 1114/nginx: master

curl localhost - works
curl 172.31.22.230 -works when running on the local machine

but when I try to run it from the outside, I get:

curl http://172.31.22.230/
curl: (7) Failed to connect to 172.31.22.228 port 80: Connection refused

I have made the config as simple as possible but have not figured out a way
to run
curl http://172.31.22.230 from another machine

Here is the config:

# cat nginx.conf
load_module modules/ndk_http_module.so;
load_module modules/ngx_http_lua_module.so;

user ec2-user ec2-user;

worker_processes 1;

events {
worker_connections 1024;
}


http {
include mime.types;
default_type application/octet-stream;

sendfile on;
keepalive_timeout 65;
gzip on;


server {
listen 80;

location / {
proxy_pass http://18.220.148.14;
}
}

} ## End http
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Problem with proxy_cache_path and limit (4 replies)

December 19, 2017, 5:46 am
$
0
0
nginx -v
nginx version: nginx/1.13.7

# Server globals
user www-data;
worker_processes auto;
worker_rlimit_nofile 65535;
error_log /var/log/nginx/error.log crit;
pid /var/run/nginx.pid;


# Worker config
events {
worker_connections 1024;
use epoll;
multi_accept on;
}


http {

proxy_cache_path /home/admin/cachemaster levels=1:2 keys_zone=my_cache:100m max_size=1g inactive=60m use_temp_path=off;

}

server {
listen 107.170.204.190:443;
server_name sf1.example www.sf1.example;
ssl on;
ssl_certificate /home/admin/conf/web/ssl.sf1.example.pem;
ssl_certificate_key /home/admin/conf/web/ssl.sf1.example.key;
error_log /var/log/apache2/domains/sf1.example.error.log error;

location / {
proxy_cache my_cache;
proxy_set_header X-Real-IP $remote_addr;
proxy_cache_revalidate on;
proxy_cache_min_uses 3;
proxy_cache_valid 200 301 7d;
proxy_pass https://example:443;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;

}
}

but the folder /home/admin/cachemaster fills up beyond 1gb, what am i missing

Thanks

limit_conn not working (2 replies)

December 19, 2017, 6:32 am
$
0
0
limit_conn is not working for me. I set up a test in nodejs, I'm doing GET
requests to http://localhost/, they are coming from different connections
(different origin ports), and all the connections are still open until the
very end, still, no response other than 200 is received. I double check
with wireshark.

What am I missing??

Minimal configuration I can reproduce it with: https://paste.ngx.cc/70
Source code for the test: https://paste.ngx.cc/6f
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Mailing list help (no replies)

December 19, 2017, 4:52 am
$
0
0
Hello all,

Sorry to bother, I've unsubscribed from this mailing list (In theory), did
all the steps, but I'm still gettings mails from it. What's wrong?

The volume, for now, is easily manageable, but shouldn't I be receiving
nothing if I'm unsubscribed?

Is there some admin that could help me?

Thank you in advance,

Francisco
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Centos 7 file permission problem (no replies)

December 20, 2017, 12:08 am
$
0
0
I'm setting up a web server on a Centos 7 VPS. I'm relatively sure I
have the firewalls set up properly since I can see my browser requests
in the access and error log. That said, I have file permission problem.

nginx 1.12.2
Linux servername 3.10.0-693.5.2.el7.x86_64 #1 SMP Fri Oct 20 20:32:50 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux


nginx.conf (with comments removed for brevity and my domain name remove
because google)
-------
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

events {
worker_connections 1024;
}

http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;

include /etc/nginx/mime.types;
default_type application/octet-stream;

server {
listen 80;
server_name mydomain.com www.mydomain.com;

return 301 https://$host$request_uri;
}

server {
listen 443 ssl http2;
server_name mydomain.com www.mydomain.com;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
root /usr/share/nginx/html/mydomain.com/public_html;

ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

location / {
root /usr/share/nginx/html/mydomain.com/public_html;
index index.html index.htm;
}
#
error_page 404 /404.html;
location = /40x.html {
}
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}

}

I have firefox set up with no cache and do not save history.
-------------------------------------------------------------
access log:

mypi - - [20/Dec/2017:07:46:44 +0000] "GET /index.html HTTP/2.0" 403 169
"-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101
Firefox/52.0" "-"

myip - - [20/Dec/2017:07:48:44 +0000] "GET /index.html
HTTP/2.0" 403 169 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:52.0)
Gecko/20100101 Firefox/52.0" "-"
-------------------------------
error log:

2017/12/20 07:46:44 [error] 10146#0: *48 open() "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed (13: Permission denied), client: myip, server: mydomain.com, request: "GET /index.html HTTP/2.0", host: "mydomain.com"
2017/12/20 07:48:44 [error] 10146#0: *48 open() "/usr/share/nginx/html/mydomain.com/public_html/index.html" failed (13: Permission denied), client: myip, server: mydomain.com, request: "GET /index.html HTTP/2.0", host: "mydomain.com"


Directory permissions:
For now, I made eveything 755 with ownership nginx:nginx I did chmod
and chown with the -R option

/etc/nginx:
drwxr-xr-x. 4 nginx nginx 4096 Dec 20 07:39 nginx

/usr/share/nginx:
drwxr-xr-x. 4 nginx nginx 33 Dec 15 08:47 nginx

/var/log:
drwx------. 2 nginx nginx 4096 Dec 20 07:51 nginx
--------------------------------------------------------------
systemctl status nginx
● nginx.service - The nginx HTTP and reverse proxy server
Loaded: loaded (/usr/lib/systemd/system/nginx.service; enabled; vendor preset: disabled)
Active: active (running) since Wed 2017-12-20 04:21:37 UTC; 3h 37min ago
Process: 10145 ExecReload=/bin/kill -s HUP $MAINPID (code=exited, status=0/SUCCESS)
Main PID: 9620 (nginx)
CGroup: /system.slice/nginx.service
├─ 9620 nginx: master process /usr/sbin/nginx
└─10146 nginx: worker process


Dec 20 07:18:33 servername systemd[1]: Reloaded The nginx HTTP and reverse proxy server.
--------------------------------------------------------------

ps aux | grep nginx
root 9620 0.0 0.3 71504 3848 ? Ss 04:21 0:00 nginx: master process /usr/sbin/nginx
nginx 10146 0.0 0.4 72004 4216 ? S 07:18 0:00 nginx: worker process
root 10235 0.0 0.0 112660 952 pts/1 S+ 08:01 0:00 grep ngin

-----------------------------------
firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth0
sources:
services: ssh dhcpv6-client http https
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Search

get cookie value which name contains hyphen (no replies)

December 20, 2017, 2:01 am
$
0
0
my app set a cookie which named like SESSIONID-MYAPP, i want to write the value of that cookie to log file, but i tried $cookie_SESSIONID_MYAPP, $cookie_SESSIONID-MYAPP, but i can't get what i want.

Proxy pass and URL rewrite with upstream (1 reply)

December 21, 2017, 6:58 am
$
0
0
Hi!

I'm new to nginx and I need you help do setup the way I need.
The server is nginx-1.12.2-1.el7.x86_64 (rpm) on CentOS 7.2 64.

My scenario is: all my systems are http://systems.ltda.local/NAME
(systems.ltda.local is nginx as reverse proxy)
The nginx must rewrite (or proxy, or whatever) to 4 Apaches servers
responding with the virtual host as NAME.ltda.local and the URL in the
browser must not change.

When a user types http://systems.ltda.local/phpmyadmin it goes to
nginx and nginx proxy to apache on the URL phpmyadmin.ltda.local but
the URL keeps the same on the browser.


My config:

# cat upstream.conf
upstream wpapp {
server XXX.XXX.XXX.XXX:80 fail_timeout=60;
server XXX.XXX.XXX.XXX:80 fail_timeout=60;
server XXX.XXX.XXX.XXX:80 fail_timeout=60;
server XXX.XXX.XXX.XXX:80 fail_timeout=60;
}

# cat systems.ltda.local.conf

server {
listen 80;
server_name systems.ltda.local;
access_log /var/log/nginx/systems.ltda.local_access.log;
error_log /var/log/nginx/systems.ltda.local_error.log;

location /phpmyadmin {
proxy_pass http://wpapp/;
sub_filter "http://systems.ltda.local/phpmyadmin"
"http://phpmyadmin.ltda.local";
sub_filter "http://systems.ltda.local/phpmyadmin/" "http://phpmyadmin.ltda/";
sub_filter_once off;
}

}

With this configuration, only works the URL with a trailing slash
"http://systems.ltda.local/phpmyadmin/" and not
"http://systems.ltda.local/phpmyadmin".

Best regards,
Rodrigo.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

The repository 'http://nginx.org/packages/mainline/debian xenial Release' does not have a Release file. (2 replies)

December 26, 2017, 4:16 pm
$
0
0
Hi.

I tried today to install nginx on a ubuntu 16.04.3 LTS but `apt-cache
showpkg nginx` does not show me the nginx package from nginx.org.

I followed the command on this page
http://nginx.org/en/linux_packages.html#mainline

The `apt-get update` output

####
apt-get update
Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [102
kB]
Hit:2 http://ppa.launchpad.net/ondrej/php/ubuntu xenial InRelease
Hit:3 http://de.archive.ubuntu.com/ubuntu xenial InRelease
Hit:4 http://de.archive.ubuntu.com/ubuntu xenial-updates InRelease
Hit:5 http://ppa.launchpad.net/vbernat/haproxy-1.8/ubuntu xenial
InRelease
Hit:6 http://de.archive.ubuntu.com/ubuntu xenial-backports InRelease
Ign:7 http://nginx.org/packages/mainline/debian xenial InRelease
Ign:8 http://nginx.org/packages/mainline/debian xenial Release
Hit:9 http://packages.nginx.org/unit/ubuntu xenial InRelease
Ign:10 http://nginx.org/packages/mainline/debian xenial/nginx Sources
Ign:11 http://nginx.org/packages/mainline/debian xenial/nginx amd64
Packages
Ign:12 http://nginx.org/packages/mainline/debian xenial/nginx all
Packages
Ign:13 http://nginx.org/packages/mainline/debian xenial/nginx
Translation-en_US
Ign:14 http://nginx.org/packages/mainline/debian xenial/nginx
Translation-en
Ign:10 http://nginx.org/packages/mainline/debian xenial/nginx Sources
Ign:11 http://nginx.org/packages/mainline/debian xenial/nginx amd64
Packages
Ign:12 http://nginx.org/packages/mainline/debian xenial/nginx all
Packages
Ign:13 http://nginx.org/packages/mainline/debian xenial/nginx
Translation-en_US
Ign:14 http://nginx.org/packages/mainline/debian xenial/nginx
Translation-en
Ign:10 http://nginx.org/packages/mainline/debian xenial/nginx Sources
Ign:11 http://nginx.org/packages/mainline/debian xenial/nginx amd64
Packages
Ign:12 http://nginx.org/packages/mainline/debian xenial/nginx all
Packages
Ign:13 http://nginx.org/packages/mainline/debian xenial/nginx
Translation-en_US
Ign:14 http://nginx.org/packages/mainline/debian xenial/nginx
Translation-en
Ign:10 http://nginx.org/packages/mainline/debian xenial/nginx Sources
Ign:11 http://nginx.org/packages/mainline/debian xenial/nginx amd64
Packages
Ign:12 http://nginx.org/packages/mainline/debian xenial/nginx all
Packages
Ign:13 http://nginx.org/packages/mainline/debian xenial/nginx
Translation-en_US
Ign:14 http://nginx.org/packages/mainline/debian xenial/nginx
Translation-en
Ign:10 http://nginx.org/packages/mainline/debian xenial/nginx Sources
Ign:11 http://nginx.org/packages/mainline/debian xenial/nginx amd64
Packages
Ign:12 http://nginx.org/packages/mainline/debian xenial/nginx all
Packages
Ign:13 http://nginx.org/packages/mainline/debian xenial/nginx
Translation-en_US
Ign:14 http://nginx.org/packages/mainline/debian xenial/nginx
Translation-en
Err:10 http://nginx.org/packages/mainline/debian xenial/nginx Sources
404 Not Found [IP: 206.251.255.63 80]
Ign:11 http://nginx.org/packages/mainline/debian xenial/nginx amd64
Packages
Ign:12 http://nginx.org/packages/mainline/debian xenial/nginx all
Packages
Ign:13 http://nginx.org/packages/mainline/debian xenial/nginx
Translation-en_US
Ign:14 http://nginx.org/packages/mainline/debian xenial/nginx
Translation-en
Fetched 102 kB in 5s (17.7 kB/s)
Reading package lists... Done
W: The repository 'http://nginx.org/packages/mainline/debian xenial
Release' does not have a Release file.
N: Data from such a repository can't be authenticated and is therefore
potentially dangerous to use.
N: See apt-secure(8) manpage for repository creation and user
configuration details.
E: Failed to fetch
http://nginx.org/packages/mainline/debian/dists/xenial/nginx/source/Sources
404 Not Found [IP: 206.251.255.63 80]
E: Some index files failed to download. They have been ignored, or old
ones used instead.
####

lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 16.04.3 LTS
Release: 16.04
Codename: xenial

Best regards
Aleks

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx-1.13.8 (no replies)

December 26, 2017, 8:12 am
$
0
0
Changes with nginx 1.13.8 26 Dec 2017

*) Feature: now nginx automatically preserves the CAP_NET_RAW capability
in worker processes when using the "transparent" parameter of the
"proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and
"uwsgi_bind" directives.

*) Feature: improved CPU cache line size detection.
Thanks to Debayan Ghosh.

*) Feature: new directives in vim syntax highlighting scripts.
Thanks to Gena Makhomed.

*) Bugfix: binary upgrade refused to work if nginx was re-parented to a
process with PID different from 1 after its parent process has
finished.

*) Bugfix: the ngx_http_autoindex_module incorrectly handled requests
with bodies.

*) Bugfix: in the "proxy_limit_rate" directive when used with the
"keepalive" directive.

*) Bugfix: some parts of a response might be buffered when using
"proxy_buffering off" if the client connection used SSL.
Thanks to Patryk Lesiewicz.

*) Bugfix: in the "proxy_cache_background_update" directive.

*) Bugfix: it was not possible to start a parameter with a variable in
the "${name}" form with the name in curly brackets without enclosing
the parameter into single or double quotes.


--
Maxim Dounin
http://nginx.org/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

504 gateway timeouts (1 reply)

December 27, 2017, 2:20 pm
$
0
0
I am using nginx on an ubuntu server as a proxy to a tomcat server.

The nginx server is setup for https.

I don't know how to determine what version of nginx I am using, but I
install it on the ubuntu 1.16 server using apt-get.

I have an issue that I have resolved locally on my Mac (using version 1.12
of nginx and Tomcat 7) where requests through the proxy that take more than
60 seconds were failing, they are now working.

What seemed to be the fix was adding the following to the nginx.conf file

proxy_connect_timeout 600;

proxy_send_timeout 600;

proxy_read_timeout 600;

send_timeout 600;

in the location section for my proxy.


However this same change in the ubuntu servers has no effect at all.

The way I am testing this is that I create a request that sleeps the thread
for 5 minutes before retiring a response.

Any help appreciated.

Thanks

--
Wade Girard
c: 612.363.0902
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: [nginx-announce] nginx-1.13.8 (no replies)

December 27, 2017, 5:44 pm
$
0
0
Hello Nginx users,

Now available: Nginx 1.13.8 for Windows https://kevinworthington.com/n
ginxwin1138 (32-bit and 64-bit versions)

These versions are to support legacy users who are already using Cygwin
based builds of Nginx. Officially supported native Windows binaries are at
nginx.org.

Announcements are also available here:
Twitter http://twitter.com/kworthington
Google+ https://plus.google.com/+KevinWorthington/

Thank you,
Kevin
--
Kevin Worthington
kworthington *@* (gmail] [dot} {com)
https://kevinworthington.com/
https://twitter.com/kworthington
https://plus.google.com/+KevinWorthington/


On Tue, Dec 26, 2017 at 11:10 AM, Maxim Dounin <mdounin@mdounin.ru> wrote:

> Changes with nginx 1.13.8 26 Dec
> 2017
>
> *) Feature: now nginx automatically preserves the CAP_NET_RAW
> capability
> in worker processes when using the "transparent" parameter of the
> "proxy_bind", "fastcgi_bind", "memcached_bind", "scgi_bind", and
> "uwsgi_bind" directives.
>
> *) Feature: improved CPU cache line size detection.
> Thanks to Debayan Ghosh.
>
> *) Feature: new directives in vim syntax highlighting scripts.
> Thanks to Gena Makhomed.
>
> *) Bugfix: binary upgrade refused to work if nginx was re-parented to a
> process with PID different from 1 after its parent process has
> finished.
>
> *) Bugfix: the ngx_http_autoindex_module incorrectly handled requests
> with bodies.
>
> *) Bugfix: in the "proxy_limit_rate" directive when used with the
> "keepalive" directive.
>
> *) Bugfix: some parts of a response might be buffered when using
> "proxy_buffering off" if the client connection used SSL.
> Thanks to Patryk Lesiewicz.
>
> *) Bugfix: in the "proxy_cache_background_update" directive.
>
> *) Bugfix: it was not possible to start a parameter with a variable in
> the "${name}" form with the name in curly brackets without enclosing
> the parameter into single or double quotes.
>
>
> --
> Maxim Dounin
> http://nginx.org/
> _______________________________________________
> nginx-announce mailing list
> nginx-announce@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-announce
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

NGINX and RFC7540 (http2) violation (no replies)

December 28, 2017, 11:18 am
$
0
0
Hi guys,

I was playing around with nginx and haproxy recently to decide whether to go for nginx or haproxy in a specific environment.
One of the requirements was http2 support which both pieces of software support (with nginx having supported it for a lot longer than haproxy).

However, one thing I saw, is that according to the http2 specification section 8.1.2.2 (https://tools.ietf.org/html/rfc7540#section-8.1.2.2 ), HTTP2 does not use the Connection header field to indicate connection-specific headers in the protocol.

If a client sends a Connection: keep-alive the client effectively violates the specification which surely should not happen, but in case the client actually would send the Connection header the server MUST treat the messages containing the connection header as malformed.

I saw that this is not the case for nginx in any way, which causes it to not follow the actual specification.

Can I ask why it was decided to implement it to simply “ignore” the fact that a client might violate the spec? And is there any plans to make nginx compliant with the current http2 specification?

I’ve found that both Firefox and Safari violates this very specific section, and they’re violated because servers implementing the http2 specification allowed them to do so, effectively causing the specification not to be followed.

Thanks in advance.

Best Regards,
Lucas Rolff
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Search

MAP location in conf file (no replies)

December 28, 2017, 7:08 pm
$
0
0
Presently I'm putting maps in the server location. Can they be put in
the very top to make them work for all servers? If not, I can just make
the maps into include files and insert as needed, but maybe making the
map global is more efficient.

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx using openssl chil engine (no replies)

December 29, 2017, 4:54 am
$
0
0
anyone know how to setup nginx config for using an openssl chil engine?

I have the following added as directives

main context :

ssl_engine chil;

in the server context I reference to a preloaded private key as

ssl_certificate_key engine:chil:prikeyid;

when I run "nginx -t" I get

nginx: [emrg] ENGINE_load_private_key (“prikeyid”) failed (SSL: error: 26096075:engine routines:ENGINE_load_private_key:not initialised)

What am I missing? or what do I need to check ?

Thank you
Jan _______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

unit-0.3 beta release (no replies)

December 29, 2017, 9:24 am
$
0
0
Hello,

I'm glad to announce that a new beta version of NGINX Unit has been released.

Changes with Unit 0.3 28 Dec 2017

*) Change: the Go package name changed to "nginx/unit".

*) Change: in the "limits.timeout" application option: application start
time and time in queue now are not accounted.

*) Feature: the "limits.requests" application option.

*) Feature: application request processing latency optimization.

*) Feature: HTTP keep-alive connections support.

*) Feature: the "home" Python virtual environment configuration option.

*) Feature: Python atexit hook support.

*) Feature: various Go package improvements.

*) Bugfix: various crashes fixed.

With this release we have started to build more Linux packages:

- https://unit.nginx.org/installation/#precompiled-packages

Also, here is a new blog post about some of our plans for the near future:

- https://www.nginx.com/blog/nginx-unit-progress-and-next-steps/

Happy New Year and best wishes from all of the Unit team.
Stay tuned.

wbr, Valentin V. Bartenev

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Error response body not sent if upload is incomplete (1 reply)

December 29, 2017, 12:54 pm
$
0
0
This happens using the ngx_http_uwsgi_module, but it seems this might be more generic (i.e. also affects at least upstream servers).

Here's what happens:
* I send a HTTP/1.1 POST request with a Content-Type: multipart/form-data; header and a ~600kb file
* Nginx receives the first part of the request and passes it to a uwsgi app
* The uwsgi app determines that a 403 response along with a JSON body should be returned
* Nginx sends the 403 response to the client, but only containing the headers (not the JSON body)

However, if I do everything the same way, but the uploaded file is tiny (e.g. 1 byte), I do get the error response body as expected. Non-error responses also work fine.

It seems that nginx for some reason decides to ignore the response body (but still sends the headers) if the payload hasn't finished uploading.

This looks like an inconsistent behaviour (or even a bug), but correct me know if there is something I misunderstood.

Please find curl outputs and links to other users complaining about a similar thing below.


Here's curl verbose output when uploading a bigger file:
$ curl -v -F 'content=@large_file' http://0.0.0.0:5000/
* Trying 0.0.0.0...
* TCP_NODELAY set
* Connected to 0.0.0.0 (127.0.0.1) port 5000 (#0)
> POST / HTTP/1.1
> Host: 0.0.0.0:5000
> User-Agent: curl/7.55.1
> Accept: */*
> Content-Length: 654430
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=------------------------6404e93291dc3c9f
>
< HTTP/1.1 100 Continue
< HTTP/1.1 403 FORBIDDEN
< Server: nginx/1.9.11
< Date: Fri, 29 Dec 2017 19:41:57 GMT
< Content-Type: application/json
< Content-Length: 54
< Connection: keep-alive
* HTTP error before end of send, stop sending
<
* transfer closed with 54 bytes remaining to read
* Closing connection 0
curl: (18) transfer closed with 54 bytes remaining to read

And this is curl output with the smaller fine (this is what I would expect independently of the payload size):
$ curl -v -F 'content=@tiny_file' http://0.0.0.0:5000/
* Trying 0.0.0.0...
* TCP_NODELAY set
* Connected to 0.0.0.0 (127.0.0.1) port 5000 (#0)
> POST / HTTP/1.1
> Host: 0.0.0.0:5000
> User-Agent: curl/7.55.1
> Accept: */*
> Content-Length: 205
> Expect: 100-continue
> Content-Type: multipart/form-data; boundary=------------------------8cc5b005486613a4
>
< HTTP/1.1 100 Continue
< HTTP/1.1 403 FORBIDDEN
< Server: nginx/1.9.11
< Date: Fri, 29 Dec 2017 20:12:41 GMT
< Content-Type: application/json
< Content-Length: 54
< Connection: keep-alive
* HTTP error before end of send, stop sending
<
* Closing connection 0
{"error": {"message": "Invalid key", "code": 403}}


Other users reporting similar behaviour:
https://stackoverflow.com/questions/32208360/return-a-body-through-nginx-when-theres-an-error-mid-post
https://stackoverflow.com/questions/34771225/nginx-http-error-before-end-of-send

Nginx manage multiple https website with keepalived (no replies)

December 30, 2017, 5:12 pm
$
0
0
I already submit an issue in keepalived github issue page
https://github.com/acassen/keepalived/issues/731 and stackoverflow. Paste
again for more people's help.

I want to use Nginx to manager multiple https website, refer to nginx
document http://nginx.org/en/docs/http/configuring_https_servers.html
(Name-based
HTTPS servers section), one method is to assign a separate IP for every
HTTPS servers. And in our environment, this is the only method.

Due to single-point issue, I want to use keepalived to manage master-backup
Nginx node. The logic is:

1. Setup master/backup nginx node

2. Master nginx will assign multiple vip via keepalived

3. Master nginx will be up, backup nginx is down. (due to backup nginx has
no vip, start will fail)

4. If master nginx is down, vip transfer to backup node, backup nginx start.

I test in Centos 7 with keepalived v1.3.5, but meet some issue.
Configurationmaster node

global_defs {
router_id LVS_DEVEL}

vrrp_script chk_nginx {
script "/usr/sbin/pidof nginx"
interval 3
!weight -5
rise 1
fall 2}

vrrp_instance VI_1 {
state MASTER
interface eth1
virtual_router_id 51
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.16
192.168.2.17
}
track_script {
chk_nginx
}

notify /etc/keepalived/notify_keepalived.sh
notify_stop "systemctl stop nginx"}

backup node

global_defs {
router_id LVS_DEVEL}

vrrp_script chk_nginx {
script "/usr/sbin/pidof nginx"
interval 3
!weight -5
rise 1
fall 2}

vrrp_instance VI_1 {
state BACKUP
interface eth1
virtual_router_id 51
priority 96
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.2.16
192.168.2.17
}
track_script {
chk_nginx
}

notify /etc/keepalived/notify_keepalived.sh
notify_stop "systemctl stop nginx"}

check script:

$ cat /etc/keepalived/notify_keepalived.sh#!/bin/bash
TYPE=$1
NAME=$2
STATE=$3

echo $STATE > /tmp/k.log:case $STATE in
"MASTER") systemctl start nginx
exit 0
;;
"BACKUP") systemctl stop nginx
exit 0
;;
"FAULT") systemctl stop nginx
exit 0
;;
*) echo "ipsec unknown state"
exit 1
;;esac

method 1

If unset weight, keepalived startup will check nginx pid immediately, even
I set interval and fall parameter. Master nginx won't enter master state,
all node will enter fault state. No master will elect and no active nginx
will come up.

Dec 30 04:59:00 localhost systemd: Starting LVS and VRRP High Availability
Monitor... Dec 30 04:59:00 localhost Keepalived[20039]: Starting Keepalived
v1.3.5 (03/19,2017), git commit v1.3.5-6-g6fa32f2 Dec 30 04:59:00 localhost
Keepalived[20039]: Unable to resolve default script username
'keepalived_script' - ignoring Dec 30 04:59:00 localhost Keepalived[20039]:
Opening file '/etc/keepalived/keepalived.conf'. Dec 30 04:59:00 localhost
systemd: PID file /var/run/keepalived.pid not readable (yet?) after start.
Dec 30 04:59:00 localhost Keepalived[20040]: Starting Healthcheck child
process, pid=20041 Dec 30 04:59:00 localhost Keepalived[20040]: Starting
VRRP child process, pid=20042 Dec 30 04:59:00 localhost systemd: Started
LVS and VRRP High Availability Monitor. Dec 30 04:59:00 localhost
Keepalived_healthcheckers[20041]: Opening file
'/etc/keepalived/keepalived.conf'. Dec 30 04:59:00 localhost
Keepalived_vrrp[20042]: Registering Kernel netlink reflector Dec 30
04:59:00 localhost Keepalived_vrrp[20042]: Registering Kernel netlink
command channel Dec 30 04:59:00 localhost Keepalived_vrrp[20042]:
Registering gratuitous ARP shared channel Dec 30 04:59:00 localhost
Keepalived_vrrp[20042]: Opening file '/etc/keepalived/keepalived.conf'. Dec
30 04:59:00 localhost Keepalived_vrrp[20042]: VRRP_Instance(VI_1) removing
protocol VIPs. Dec 30 04:59:00 localhost Keepalived_vrrp[20042]: WARNING -
script `systemctl` resolved by path search to `/usr/bin/systemctl`. Please
specify full path. Dec 30 04:59:00 localhost Keepalived_vrrp[20042]:
SECURITY VIOLATION - scripts are being executed but script_security not
enabled. Dec 30 04:59:00 localhost Keepalived_vrrp[20042]: Using LinkWatch
kernel netlink reflector... Dec 30 04:59:00 localhost
Keepalived_vrrp[20042]: VRRP sockpool: [ifindex(3), proto(112), unicast(0),
fd(10,11)] Dec 30 04:59:00 localhost Keepalived_vrrp[20042]:
/usr/sbin/pidof nginx exited with status 1 Dec 30 04:59:01 localhost
Keepalived_vrrp[20042]: VRRP_Instance(VI_1) Now in FAULT state Dec 30
04:59:03 localhost Keepalived_vrrp[20042]: /usr/sbin/pidof nginx exited
with status 1 Dec 30 04:59:06 localhost Keepalived_vrrp[20042]:
/usr/sbin/pidof nginx exited with status 1
method 2

If uncomment weigth, startup works fine. Master node assign vip and master
nginx startup. Backup nginx is down.

However, when I shutdown master nginx, master node priority (100-5) >
backup node (96-5). Although master nginx is down, but vip still be in
master node.
method 3

set master weight -5, set backup weigth 2.

1. Startup keepalived, master node get vip, master nginx start. Backup
nginx is down.
2. Shutdown master nginx, master node priority 95 < backup node 96,
backup node get vip, backup nginx start.
3. Shutdown backup nginx, master node priority 95 < backup node
96(98-2), backup still hold vip, no active nginx come up.

For this scenario, program startup depends on vip, how to manage HA?

Thanks.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Viewing all 7229 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>