Quantcast
Channel: Nginx Forum - Nginx Mailing List - English
Viewing all 7229 articles
Browse latest View live

WWW-Authenticate in 200 OK response (no replies)

September 14, 2018, 2:00 pm
$
0
0
I am currently working on a multi-tier application, trying to use nginx as load balancer.
The issue is that nginx seems to be adding WWW-Authenticate in the 200 OK response after the Kerberos authentication has taken place, which confuses the client. (The client could potentially ignore it, but that's possibly another issue.)
Not sure this is expected... Any suggestion on how to avoid or work around this?

[2018-09-14 14:46:14.471] root INFO: @@@@@@ Connecting to: 'http://host1:39609/url1'
send: 'GET /url1 HTTP/1.1\r\nX-Client-User-Name: uname1\r\nAccept-Encoding: gzip\r\nConnection: close\r\nAccept: application/json\r\nUser-Agent: qz.qzdev.run\r\nHost: host1:39609\r\nX-Client-Host-Name: host2\r\nContent-Type: application/json\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Server: nginx/1.14.0
header: Date: Fri, 14 Sep 2018 18:46:14 GMT
header: Content-Type: text/html
header: Content-Length: 195
header: Connection: close
header: WWW-Authenticate: Negotiate
header: WWW-Authenticate: Basic realm=""
header: Access-Control-Allow-Credentials: true
send: 'GET /url1 HTTP/1.1\r\nX-Client-User-Name: uname1\r\nAccept-Encoding: gzip\r\nConnection: close\r\nAccept: application/json\r\nUser-Agent: qz.qzdev.run\r\nHost: host1:39609\r\nX-Client-Host-Name: host2\r\nContent-Type: application/json\r\nAuthorization: Negotiate YII........................ AghEw==\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Server: nginx/1.14.0
header: Date: Fri, 14 Sep 2018 18:46:14 GMT
header: Content-Type: application/json
header: Content-Length: 430908
header: Connection: close
header: WWW-Authenticate: Negotiate YI .....gA==
header: WWW-Authenticate: Basic realm=""
header: Set-Cookie: session=ey...ZW4; HttpOnly; Path=/
header: Access-Control-Allow-Credentials: true
[2018-09-14 14:46:14.779] client_http_auth CRITICAL: GSSAPI failed!

Best regards,
George

----------------------------------------------------------------------
This message, and any attachments, is for the intended recipient(s) only, may contain information that is privileged, confidential and/or proprietary and subject to important terms and conditions available at http://www.bankofamerica.com/emaildisclaimer. If you are not the intended recipient, please delete this message.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Search

How to use dynamic IP in resolver directive when NGINX installed on Multi Nodes Openshift cluster (no replies)

September 17, 2018, 5:20 am
$
0
0
Hi,

We're from Amdocs and trying to install NGINX reverse proxy server on openshift cluster (6 nodes), and as part of its configuration, we must specify the DNS IP to directive - 'resolver' (because proxy_pass has some parameters).
Nginx.conf:
Location ~ {
resolver DNS_IP valid=5s;
proxy_pass .....
}
But - since it's OCP cluster (multiple machines), we don't know which IP to give - as it depends on which node the nginx pod was started (in /etc/resolv.conf - it has the relevant node IP). Also - we cannot put all IPs in parameters.
We ask for advice to:

1. How we can force nginx to user /etc/resolv.conf even if proxy_pass has parameters. This will solve our issues.

2. If #1 is not possible, which display name we can put for resolver within open-shift cluster ? for example - in K8S, we solved the issue by using kube-dns:
resolver kube-dns.kube-system.svc.cluster.local valid=5s;

Which string is relevant for DNS inside open-shift cluster ?

Please assist.


Thanks,
Marwan

This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement,

you may review at https://www.amdocs.com/about/email-disclaimer https://www.amdocs.com/about/email-disclaimer
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

A fatal 301 redirect... (1 reply)

September 17, 2018, 3:22 pm
$
0
0
I did use wrongly a 301 redirect....

I have corrected now, but the redirect remains.

I use wget :

nous@pcouderc:~$ wget https://www.ppp.fr
--2018-09-17 23:52:44--  https://www.ppp.fr/
Resolving www.ppp.fr (www.ppp.fr)... 2a01:e34:eeaf:c5f0::fee6:854e,
78.234.252.95
Connecting to www.ppp.fr
(www.ppp.fr)|2a01:e34:eeaf:c5f0::fee6:854e|:443... connected.
HTTP request sent, awaiting response... 301 Moved Permanently
Location: https://test.ppp.fr/ [following]
--2018-09-17 23:52:44--  https://test.ppp.fr/
Resolving test.ppp.fr (test.ppp.fr)... 2a01:e34:eeaf:c5f0::fee6:854e,
78.234.252.95
Connecting to test.ppp.fr
(test.ppp.fr)|2a01:e34:eeaf:c5f0::fee6:854e|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: unspecified [text/html]
Saving to: ‘index.html.3’....

In access.log :

2a01:e34:eeaf:c5f0::feb1:b1c9 - - [18/Sep/2018:00:04:34 +0200] "GET /
HTTP/2.0" 200 21511 "-" "Mozilla/5.0 (X11; Linux x86_64)
AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81 Safari/537.36"
2a01:e34:eeaf:c5f0::feb1:b1c9 - - [18/Sep/2018:00:04:34 +0200] "GET
/fuveau.png HTTP/2.0" 404 271 "https://test.ppp.fr/" "Mozilla/5.0 (X11;
Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/69.0.3497.81
Safari/537.36"


I am pretty sure that I have removed the fatal redirect, and I have
checked that   the only 301 remaining are on port 80 :
    location / {
        return 301 https://$server_name$request_uri;
    }

So I suppose there is a cache somewhere where nginx keeps its secret and
fatal 301 ? How can I remove it ?

Thanks

PC
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

(no subject) (no replies)

September 18, 2018, 12:56 am
$
0
0
Hi,

I am trying to compile nginx 1.15.3 (mainline) with OpenSSL 1.1.1

# ./configure --prefix=/etc/nginx --sbin-path=/usr/sbin/nginx
--with-openssl=./openssl-1.1.1

# make DESTDIR=/opt/test install

But this error out with
---------------
cc: error: ./openssl-1.1.1/.openssl/lib/libssl.a: No such file or directory
cc: error: ./openssl-1.1.1/.openssl/lib/libcrypto.a: No such file or
directory
make[1]: *** [objs/nginx] Error 1
------------------

I could find that the openssl-1.1.1/.openssl directory is not created but
instead

/opt/test/$nginxsrcpath/openssl-1.1.1/.openssl

That is if the nginx src is in /root/nginx-1.15.3/

The directory .openssl will be
/opt/test/root/nginx-1.15.3/openssl-1.1.1/.openssl/

The make DESTDIR=/opt/test install works fine in nginx 1.13.x with
OpenSSL 1.0.2p
I am not sure the change is caused by nginx 1.15.3 or openssl-1.1.1 to be
honest



--
*Anoop P Alias*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

No live upstreams with a single upstream (no replies)

September 18, 2018, 3:02 am
$
0
0
While running a load test that injects 10k TPS across 3 Nginx instances, we are seeing spikes of errors where Nginx returns HTTP 502 and logs the message 'no live upstreams while connecting to upstream'. There are no other errors logged e.g. connection errors.

Also, we have a single upstream virtual IP (we use iptables to balance load across the backend) and according to the docs the upstream should never be marked as down in this case:

'If there is only a single server in a group, max_fails, fail_timeout and slow_start parameters are ignored, and such a server will never be considered unavailable'

Testing locally with our config confirms this and I cannot reproduce the 'no live upstreams while connecting to upstream' message when simulating connection and read errors with a single upstream.

To debug I tried enabling debug logs but under load that degraded performance too much. I also traced the worker process with strace and didn't find any socket or other other errors during the 502 spike.

I was able to create this issue on Nginx 1.12.2 and 1.15.3.

So given that we don't see any source error and we have a single upstream, I'm interested to know what other scenarios could result in a 502 with the log message 'no live upstreams while connecting to upstream'?

Osticket With nginx proxy_pass. (no replies)

September 18, 2018, 11:26 am
$
0
0
Dears, i need a help.
My Osticket (/_support ticket system_/) not work with nginx front-end.
The system report the error: _Valid CSRF Token Required_ when login in
system, but when i try acess a enviroment across the url(httpd):
http://192.168.1.51:8015 the system work fine.
Below my configfile in nginx.

#
####TICKET ###
#

       server {
       listen       80;
       server_name   ticket.oduvaldocozzi.intranet;
       location / {
       proxy_pass http://192.168.1.51:8015;
        root /opt/www/ticket.oduvaldocozzi.intranet/public_html/upload;
                 }
       location ~ \ {

       }

}

--
Att,
BR-RJ.
Togy Silva Ocozzy
e-mail: rjtogy1966@gmail.com
LABS OCOZZI PE.



---
Este email foi escaneado pelo Avast antivírus.
https://www.avast.com/antivirus
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

404 error on yum nginx repository (no replies)

September 18, 2018, 6:38 pm
$
0
0
Seems like maybe something is broken on the nginx packages download.

For example, if I curl this endpoint I get a set of results from 31-Jul-2018

$ curl https://nginx.org/packages/rhel/7/x86_64/repodata/
<html>
<head><title>Index of /packages/rhel/7/x86_64/repodata/</title></head>
<body bgcolor="white">
<h1>Index of /packages/rhel/7/x86_64/repodata/</h1><hr><pre><a
href="../">../</a>
<a
href="431ec3b5d8c38dcb75ae6aad1e2044707c26b097cdd032e9230fe657799940c1-other.xml.gz">431ec3b5d8c38dcb75ae6aad1e2044707c26b097cdd032e..&gt;</a>
31-Jul-2018 12:16 8164
<a
href="4a825688a214584c3c5b655627ca3ef7340a67848b7ab8ed1bedd3fced3fc2f5-primary.sqlite.bz2">4a825688a214584c3c5b655627ca3ef7340a67848b7ab8e..&gt;</a>
31-Jul-2018 12:16 35734
<a
href="5dd555d317e17e2612f394576dc02326d7c06d18a15c102b24070efe69a09d06-filelists.sqlite.bz2">5dd555d317e17e2612f394576dc02326d7c06d18a15c102..&gt;</a>
31-Jul-2018 12:16 47533
<a
href="76f331ccb392cffc4fa30e0f60985c38fa69c8d953bca55b8a298162218056a9-primary.xml.gz">76f331ccb392cffc4fa30e0f60985c38fa69c8d953bca55..&gt;</a>
31-Jul-2018 12:16 12976
<a
href="8f5762215a64dd640a999e379e0fbffddf11c88e631c03b16b09864fc54c1a3c-other.sqlite.bz2">8f5762215a64dd640a999e379e0fbffddf11c88e631c03b..&gt;</a>
31-Jul-2018 12:16 19018
<a
href="c84d99af13732489a23f8b73fe9382b2a921e72644d66bd5c4709945d61352c7-filelists.xml.gz">c84d99af13732489a23f8b73fe9382b2a921e72644d66bd..&gt;</a>
31-Jul-2018 12:16 33396
<a href="repomd.xml">repomd.xml</a>
31-Jul-2018 12:16 2986
<a href="repomd.xml.asc">repomd.xml.asc</a>
31-Jul-2018 12:16 473
</pre><hr></body>
</html>

If I curl again I get a different set of results from 18-Sep-2018:

$ curl https://nginx.org/packages/rhel/7/x86_64/repodata/
<html>
<head><title>Index of /packages/rhel/7/x86_64/repodata/</title></head>
<body bgcolor="white">
<h1>Index of /packages/rhel/7/x86_64/repodata/</h1><hr><pre><a
href="../">../</a>
<a
href="0d104237ac1bdb053e7b601b4acb01cf249d0eb38842dd4e3c9e50ca6e1db292-filelists.xml.gz">0d104237ac1bdb053e7b601b4acb01cf249d0eb38842dd4..&gt;</a>
18-Sep-2018 16:27 34060
<a
href="20335881f90eb6dee86c4e5dde27efe4b280a5ce155f32d5982da721099a7590-primary.sqlite.bz2">20335881f90eb6dee86c4e5dde27efe4b280a5ce155f32d..&gt;</a>
18-Sep-2018 16:27 36166
<a
href="a698a3a644ea96503bace90f338282ae9ff4404820579a8a0b8f1b59f7f63fd3-primary.xml.gz">a698a3a644ea96503bace90f338282ae9ff4404820579a8..&gt;</a>
18-Sep-2018 16:27 13207
<a
href="ce1b99cc8d85853931a96a8b6c3f0270b4330f3034c22fed206e549d83ae534c-filelists.sqlite.bz2">ce1b99cc8d85853931a96a8b6c3f0270b4330f3034c22fe..&gt;</a>
18-Sep-2018 16:27 48828
<a
href="db9cdcedd470676185618a343302143eb4a7e5e9da3b996cb9d706171e3f9456-other.sqlite.bz2">db9cdcedd470676185618a343302143eb4a7e5e9da3b996..&gt;</a>
18-Sep-2018 16:27 19211
<a
href="fa18e6d14529bfa9446c346447ac7ae7135b175d93b5ab455aa71c4eed2c8ea6-other.xml.gz">fa18e6d14529bfa9446c346447ac7ae7135b175d93b5ab4..&gt;</a>
18-Sep-2018 16:27 8282
<a href="repomd.xml">repomd.xml</a>
18-Sep-2018 16:27 2986
<a href="repomd.xml.asc">repomd.xml.asc</a>
18-Sep-2018 16:27 473
</pre><hr></body>
</html>

The result is that you download the repomd.xml from whatever is returning
the first set of results, but then you try to download
5dd555d317e17e2612f394576dc02326d7c06d18a15c102b24070efe69a09d06-filelists.sqlite.bz2
but it gets handled by by whatever is returning the second set of results,
you get a 404.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

identifying last request on a tcp connection. (no replies)

September 18, 2018, 11:19 pm
$
0
0
I've been trying to identify the last HTTP request from a buffer of 10 requests sent on a TCP connection in nginx. I've tried to use the header_in field in the ngx_http_request_t by checking if the pos field for the header_in is equal to the last field. This condition holds true twice, once on the first request and then on the last request. My program intends to break out once the last request is identified and hence, has been breaking after encountering the first request because of this check.

Can someone help me identify the problem with my approach and point to the right solution? Thanks!
Search

Deny access to hidden files and directories (and their content) (no replies)

September 19, 2018, 1:26 am
$
0
0
I believe my current rexexp match isn’t proper because it’s missing an anchor from the pattern:

location ~ /\. {
deny all;
}

What would be more appropriate? Would this work?

location ~ /\..*$

--
Palvelin.fi Hostmaster
postmaster@palvelin.fi

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Errors suggesting nginx isn't started as root (no replies)

September 19, 2018, 2:02 am
$
0
0
Why am I getting these log warn/emerg? Running Nginx 1.14.0 on Ubuntu 18.04.

root@k2:~# whoami
root

root@k2:~# service nginx restart

root@k2:~# tail /var/log/nginx/error.log
2018/09/19 11:38:47 [warn] 22399#22399: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:21
2018/09/19 11:38:47 [emerg] 22399#22399: SSL_CTX_use_PrivateKey_file("/etc/ssl/private/nginx-selfsigned.key") failed (SSL: error:0200100D:system library:fopen:Permission denied:fopen('/etc/ssl/private/nginx-selfsigned.key','r') error:20074002:BIO routines:file_ctrl:system lib error:140B0002:SSL routines:SSL_CTX_use_PrivateKey_file:system lib)

root@k2:~# ls -lh /etc/ssl/private/ |grep nginx
-rw-r----- 1 root ssl-cert 1.7K Jul 8 17:12 nginx-selfsigned.key

root@k2:~# cat /etc/nginx/nginx.conf |grep ^user
user www-data;

root@k2:~# ps -auxw |grep nginx
root 22317 0.0 0.2 359680 9300 ? Ss 11:38 0:00 nginx: master process /usr/sbin/nginx -g daemon on; master_process on;
www-data 22322 0.0 0.3 361980 15356 ? S 11:38 0:00 nginx: worker process
www-data 22323 0.2 0.4 362244 18984 ? S 11:38 0:00 nginx: worker process
www-data 22326 0.0 0.3 361980 14760 ? S 11:38 0:00 nginx: cache manager process
www-data 22327 0.0 0.3 361980 14760 ? S 11:38 0:00 nginx: cache loader process


--
Palvelin.fi Hostmaster
postmaster@palvelin.fi

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Understood Diretive Location and Regex (concept question). (2 replies)

September 19, 2018, 4:10 am
$
0
0
Dears, in me Lab i have nginx work fine, but i dont understood the
diretive location with regex "~ /\. " "~*  \." and
"~ \.php$" bellow examples in me enviroment.



location ~ /\. {
deny all;
access_log off;
log_not_found off;
}

location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}



location ~ /\. {
deny all;
access_log off;
log_not_found off;
}

--
Att,
BR-RJ.
Togy Silva Ocozzy
e-mail: rjtogy1966@gmail.com
LABS OCOZZI PE.



---
Este email foi escaneado pelo Avast antivírus.
https://www.avast.com/antivirus
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx urgent query (no replies)

September 19, 2018, 6:12 am
$
0
0
Hi Team,



I have a question on Nginx open source.

So, we have a nginx web server being used as kubernetes pod in production
as reverse proxy and web layer.

We wanted to leverage the upstream hash module for session stickiness. We
tried a POC locally by recompiling the Nginx with additional module -
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#hash. and it
worked well.



However for production and other higher environments wanted to know if we
have any nginx docker image/container with above http upstream module
please which can pulled?

I tried searching in docker hub, couldn’t find any.



Any pointers would be highly helpful!



Thanks,

Devika

On Wed, Sep 19, 2018 at 6:29 PM Devika Awasthi <awasthi.dvk@gmail.com>
wrote:

> Hi Team,
>
>
>
> I have a question on Nginx open source.
>
> So, we have a nginx web server being used as kubernetes pod in production
> as reverse proxy and web layer.
>
> We wanted to leverage the upstream hash module for session stickiness. We
> tried a POC locally by recompiling the Nginx with additional module -
> http://nginx.org/en/docs/http/ngx_http_upstream_module.html#hash. and it
> worked well.
>
>
>
> However for production and other higher environments wanted to know if we
> have any nginx docker image/container with above http upstream module
> please which can pulled?
>
> I tried searching in docker hub, couldn’t find any.
>
>
>
> Any pointers would be highly helpful!
>
>
>
> Thanks,
>
> Devika
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Custom nginx QoS plugin running before SSL handshake (no replies)

September 19, 2018, 7:52 am
$
0
0
Hello everyone,

We are using a custom Nginx plugin to tag (setsockopt) response (per domain) traffic from Nginx with QoS DSCP flag and that is working fine, however we are seeing that SSL handshake responses are not getting tagged. Once handshake is done the rest of the responses are tagged as expected.

If I am reading development documentation correctly I would somehow need to tag traffic before stage ngx_http_init_connection() which initiates SSL handshake?
Is this at all possible from Nginx plugin? If so, can you, please, point me in the right direction?

Thank you in advance,
Sibin
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

400 errors after upgrading to 1.14.0 (1 reply)

September 19, 2018, 3:14 pm
$
0
0
Our service uses 2-way ssl with our clients connecting to our systems. With each new client we add their intermediate and root CA chain to the concatenated certificates file used by ssl_client_certificate. We recently upgraded to 1.14.0 (and the included modules) and now some, but not all of our customers are unable to connect getting 400 errors. We've tried changing the order of the certificates in the concatenated file but that didn't help. It is happening across different certificate chains but not all. And all of them worked fine prior to the upgrade.

Has anyone else encountered this or is there something we should be doing different in how we set up these certificates?

Thanks

Nginx as Reverse Proxy for multiple servers binded to proxy using UNIX sockets - how to reached in LAN (no replies)

September 20, 2018, 11:36 pm
$
0
0
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Search

Unit 1.4 release (no replies)

September 21, 2018, 7:06 am
$
0
0
Hello,

I'm glad to announce a new release of NGINX Unit.

The key feature of the new version is dynamically configurable TLS support
with certificate storage API that provides detailed information about your
certificate chains, including common and alternative names as well as
expiration dates.

See the documentation for details:

- https://unit.nginx.org/configuration/#ssl-tls-and-certificates

This is just our first step in TLS support. More configuration options
and various TLS-related features will be added in the future.

Full-featured HTTP/2 support is also in our sights.


Changes with Unit 1.4 20 Sep 2018

*) Change: the control API maps the configuration object only at
"/config/".

*) Feature: TLS support for client connections.

*) Feature: TLS certificates storage control API.

*) Feature: Unit library (libunit) to streamline language module
integration.

*) Feature: "408 Request Timeout" responses while closing HTTP
keep-alive connections.

*) Feature: improvements in OpenBSD support. Thanks to David Carlier.

*) Bugfix: a segmentation fault might have occurred after
reconfiguration.

*) Bugfix: building on systems with non-default locale might be broken.

*) Bugfix: "header_read_timeout" might not work properly.

*) Bugfix: header fields values with non-ASCII bytes might be handled
incorrectly in Python 3 module.


In a few weeks, we are going to add preliminary Node.js support. It's almost
ready; our QA engineers are already testing it.

Now we are also working on Java module, WebSockets support, flexible request
routing, and serving of static media assets.

Please also welcome Artem Konev, who joined our team as a technical writer.
He has already started improving documentation on the website and updated
it with the configuration options currently available:

- https://hg.nginx.org/unit-docs/

Of course, the website still leaves much to be desired, so Artem will strive
to provide industry-grade documentation for Unit. You are welcome to join
this effort with your ideas, suggestions, and edits: just send a pull request
or open an issue in our documentation repository on GitHub:

- https://github.com/nginx/unit-docs/


Stay tuned!

wbr, Valentin V. Bartenev

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

GeoIP2 Maxmind Module Support for Nginx (2 replies)

September 21, 2018, 8:32 am
$
0
0
Hi ,

As of now we are using "nginx-module-geoip-1.10.0-1.el7.ngx.x86_64.rpm" available at repository
https://nginx.org/packages/rhel/7/x86_64/RPMS/

Cant find rpm for geoip2 module .

Please suggest from were to get the rpm package of geoip2 module as we are using nginx-1-10.2 rpm.

1.15.3 nginx core dumps -- with proxy_pass http://127.0.0.1:8080 (no replies)

September 23, 2018, 11:37 am
$
0
0
Any help much appreciated. This is my last closure step to move from apache to nginx (using tomcat with proxy_pass.) Thanks in advance!

curl -v http://localhost:8080 or curl -v http://127.0.0.1:8080 work. If I remove proxy_pass statement, it works but goes to normal index.html

/usr/local/nginx/sbin/nginx -V
nginx version: nginx/1.15.3
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-28) (GCC)
built with OpenSSL 1.1.0i 14 Aug 2018
TLS SNI support enabled
configure arguments: --add-module=../modsecurity-2.9.2/nginx/modsecurity --with-cc-opt=-fno-optimize-sibling-calls


Here is the core dump

[Thread debugging using libthread_db enabled]
Using host libthread_db library "/lib64/libthread_db.so.1".
Core was generated by `nginx: worker process '.
Program terminated with signal 11, Segmentation fault.
#0 ngx_http_upstream_copy_allow_ranges (r=0xad66d0, h=0x7ffc3003a970, offset=<optimized out>) at src/http/ngx_http_upstream.c:5176
5176 if (r->upstream->conf->force_ranges) {
Missing separate debuginfos, use: debuginfo-install GeoIP-1.5.0-11.el7.x86_64 apr-1.4.8-3.el7_4.1.x86_64 apr-util-1.5.2-6.el7.x86_64 expat-2.1.0-10.el7_3.x86_64 glibc-2.17-222.el7.x86_64 libdb-5.3.21-24.el7.x86_64 libuuid-2.23.2-52.el7_5.1.x86_64 libxml2-2.9.1-6.el7_2.3.x86_64 nss-softokn-freebl-3.36.0-5.el7_5.x86_64 pcre-8.32-17.el7.x86_64 xz-libs-5.2.2-1.el7.x86_64 zlib-1.2.7-17.el7.x86_64
(gdb) backtrace
#0 ngx_http_upstream_copy_allow_ranges (r=0xad66d0, h=0x7ffc3003a970, offset=<optimized out>) at src/http/ngx_http_upstream.c:5176
#1 0x00000000004c5f66 in ngx_http_modsecurity_save_headers_out_visitor (data=0xad66d0, key=<optimized out>, value=<optimized out>)
at ../modsecurity-2.9.2/nginx/modsecurity/ngx_http_modsecurity.c:795
#2 0x00007fd2b216c1ad in apr_table_vdo () from /lib64/libapr-1.so.0
#3 0x00007fd2b216c26f in apr_table_do () from /lib64/libapr-1.so.0
#4 0x00000000004c7898 in ngx_http_modsecurity_save_headers_out (r=0xad66d0)
at ../modsecurity-2.9.2/nginx/modsecurity/ngx_http_modsecurity.c:737
#5 ngx_http_modsecurity_body_filter (r=<optimized out>, in=<optimized out>)
at ../modsecurity-2.9.2/nginx/modsecurity/ngx_http_modsecurity.c:1220
#6 0x000000000045843a in ngx_output_chain (ctx=ctx@entry=0xad8520, in=in@entry=0x7ffc3003ad00) at src/core/ngx_output_chain.c:74
#7 0x00000000004b15ad in ngx_http_copy_filter (r=0xad66d0, in=0x7ffc3003ad00) at src/http/ngx_http_copy_filter_module.c:152
#8 0x00000000004a8863 in ngx_http_range_body_filter (r=0xad66d0, in=<optimized out>)
at src/http/modules/ngx_http_range_filter_module.c:635
#9 0x0000000000489360 in ngx_http_output_filter (r=r@entry=0xad66d0, in=in@entry=0x7ffc3003ad00)
at src/http/ngx_http_core_module.c:1770
#10 0x000000000048ca94 in ngx_http_send_special (r=r@entry=0xad66d0, flags=flags@entry=1) at src/http/ngx_http_request.c:3386
#11 0x000000000049bf13 in ngx_http_upstream_finalize_request (r=r@entry=0xad66d0, u=u@entry=0xad7a70, rc=<optimized out>, rc@entry=0)
at src/http/ngx_http_upstream.c:4436
#12 0x000000000049cc0d in ngx_http_upstream_process_request (r=r@entry=0xad66d0, u=u@entry=0xad7a70)
at src/http/ngx_http_upstream.c:4007
#13 0x000000000049cdd1 in ngx_http_upstream_process_upstream (r=r@entry=0xad66d0, u=u@entry=0xad7a70)
at src/http/ngx_http_upstream.c:3919
#14 0x000000000049e8cd in ngx_http_upstream_send_response (u=0xad7a70, r=0xad66d0) at src/http/ngx_http_upstream.c:3232
#15 ngx_http_upstream_process_header (r=0xad66d0, u=0xad7a70) at src/http/ngx_http_upstream.c:2429
#16 0x000000000049bf92 in ngx_http_upstream_handler (ev=<optimized out>) at src/http/ngx_http_upstream.c:1281
#17 0x000000000047a914 in ngx_epoll_process_events (cycle=<optimized out>, timer=<optimized out>, flags=<optimized out>)
at src/event/modules/ngx_epoll_module.c:902
#18 0x0000000000471e39 in ngx_process_events_and_timers (cycle=cycle@entry=0xad26c0) at src/event/ngx_event.c:242
#19 0x0000000000478cf4 in ngx_worker_process_cycle (cycle=0xad26c0, data=<optimized out>) at src/os/unix/ngx_process_cycle.c:750
#20 0x0000000000477432 in ngx_spawn_process (cycle=cycle@entry=0xad26c0, proc=proc@entry=0x478c83 <ngx_worker_process_cycle>,
data=data@entry=0x0, name=name@entry=0x6a9fe5 "worker process", respawn=respawn@entry=-3) at src/os/unix/ngx_process.c:199
#21 0x0000000000477fbb in ngx_start_worker_processes (cycle=cycle@entry=0xad26c0, n=1, type=type@entry=-3)
at src/os/unix/ngx_process_cycle.c:359
#22 0x00000000004793f1 in ngx_master_process_cycle (cycle=cycle@entry=0xad26c0) at src/os/unix/ngx_process_cycle.c:131
#23 0x00000000004548e5 in main (argc=<optimized out>, argv=<optimized out>) at src/core/nginx.c:382
(gdb)

Enabling "Transfer-Encoding : chunked" (no replies)

September 24, 2018, 6:53 am
$
0
0
In order to support CMAF and Low latency for HLS streaming through Nginx, it is required change in content header.

Instead of "Content-Length" in Header , expected value by player is "Transfer-Encoding : chunked" so that for a 6 sec chunk of media segment player will start streaming fetching data in 200 msec part wise and thus streaming will have low latency . This is supported by HTTP 1.1

Tried below parameter to enable same in Nginx Configuration
chunked_transfer_encoding on;

But its not adding the same in header.

Please suggest better way to do it.
https://gist.github.com/CMCDragonkai/6bfade6431e9ffb7fe88

Nginx with windows auth (no replies)

September 24, 2018, 9:38 am
$
0
0
Is this possible in the free version or only paid products?

Brian
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Viewing all 7229 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>