Quantcast
Channel: Nginx Forum - Nginx Mailing List - English
Viewing all 7229 articles
Browse latest View live

njs-0.3.9 (no replies)

March 3, 2020, 9:42 am
$
0
0
Hello,

I'm glad to announce a new release of NGINX JavaScript module (njs).

This release proceeds to extend the coverage of ECMAScript
specifications.

Notable new features:
- Promises API for "fs" module.
: var fs = require('fs').promises;
: fs.readFile('/file/path').then(data => r.return(200, data));

- detached r.subrequest(): Running a subrequest in the log phase
: nginx.conf:
: ...
: js_set $js_log js_log;
: ...
: log_format subrequest_log "...$js_log";
: access_log /log/path.log subrequest_log;
:
: nginx.js:
: function js_log(r) {
: r.subrequest('/_log', {detached:true});
: return '';
: }

You can learn more about njs:

- Overview and introduction: http://nginx.org/en/docs/njs/
- Presentation: https://youtu.be/Jc_L6UffFOs
- Using node modules with njs:
http://nginx.org/en/docs/njs/node_modules.html

Feel free to try it and give us feedback on:

- Github: https://github.com/nginx/njs/issues
- Mailing list: http://mailman.nginx.org/mailman/listinfo/nginx-devel


Changes with njs 0.3.9 03 Mar 2020

nginx modules:

*) Feature: added detached mode for r.subrequest(). Responses to
detached subrequests are ignored. Unlike ordinary subrequests,
a detached subrequest can be created inside a variable handler.

Core:

*) Feature: added promises API for "fs" module.
Thanks to Artem S. Povalyukhin.

*) Feature: extended "fs" module. Added access(), symlink(), unlink(),
realpath() and friends.
Thanks to Artem S. Povalyukhin.

*) Improvement: introduced memory-efficient ordinary arrays.

*) Improvement: lexer refactoring.

*) Bugfix: fixed matching of native functions in backtraces.

*) Bugfix: fixed callback invocations in "fs" module.
Thanks to Artem S. Povalyukhin.

*) Bugfix: fixed Object.getOwnPropertySymbols().

*) Bugfix: fixed heap-buffer-overflow in njs_json_append_string().

*) Bugfix: fixed encodeURI() and decodeURI() according to
the specification.

*) Bugfix: fixed Number.prototype.toPrecision().

*) Bugfix: fixed handling of space argument in JSON.stringify().

*) Bugfix: fixed JSON.stringify() with Number() and String() objects.

*) Bugfix: fixed Unicode Escaping in JSON.stringify() according
to specification.

*) Bugfix: fixed non-native module importing.
Thanks to 洪志道 (Hong Zhi Dao).

*) Bugfix: fixed njs.dump() with the Date() instance in a container.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Search

Elasticsearch Native Binary Protocol through NGiNX Stream (no replies)

March 3, 2020, 11:41 pm
$
0
0
Hi,

I have tried to ask from Elasticsearch forums and googled everywhere, but with no help so I registered here.
I am using NGiNX to cover my Elasticsearch clusters and all the clients connect through them.

Everything else works fine to both the http and non-http traffic. The problem is the Liferay client using Elasticsearch Native Binary Protocol. Without NGiNX everything works right so NGiNX somehow does not understand this.

Using Elasticsearch 6.8.6
Nginx 1.15.9
Red Hat 7.7

nginx.conf
---clip----
stream {
include /etc/nginx/conf.d/elasticsearch_tcp.conf;
}

elasticsearch_tcp_conf
server {
proxy_buffer_size 16k;
listen 10.100.5.10:8090;
proxy_pass 10.20.1.10:9300;

Any ideas for what I could try please?

nginx 1.17.9-1~bionic - 400 error (no replies)

March 4, 2020, 11:56 am
$
0
0
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Issue with NGINX and proxy: HTTP/1.1 505 HTTP Version not supported (no replies)

March 6, 2020, 12:30 am
$
0
0
Hi all!
first time poster here so please excuse my manners and correct me where
i am wrong.

I use NGINX 1.16.1 on Gentoo as reverse proxy server to expose some
services to an external web site.

I am exposing many things but one is giving me headaches.

I am trying to expose the web UI of an HP network printer.

I have this in my nginx.conf (trimming lines to the ones relevant):
server {
listen 80;
access_log /var/log/nginx/localhost.access_log main;
error_log /var/log/nginx/localhost.error_log debug;

location /printer/ {
proxy_pass http://192.168.1.XX/;
}
}

I can access the printer from the proxy server, no problems, with:
curl http://192.168.1.XX

But if i try, on the same proxy server this:
curl http://127.0.0.1/printer/

I get the error:
2020/03/06 08:42:02 [debug] 12870#0: *2 connect to 192.168.1.XX:80,
fd:11 #3
2020/03/06 08:42:02 [debug] 12870#0: *2 http upstream connect: -2
2020/03/06 08:42:02 [debug] 12870#0: *2 http finalize request: -4,
"/printer/?" a:1, c:2
[snip]
2020/03/06 08:42:02 [debug] 12870#0: *2 http run request: "/printer/?"
2020/03/06 08:42:02 [debug] 12870#0: *2 http upstream check client,
write event:1, "/printer/"
2020/03/06 08:42:02 [debug] 12870#0: *2 http upstream request:
"/printer/?"
2020/03/06 08:42:02 [debug] 12870#0: *2 http upstream send request
handler
2020/03/06 08:42:02 [debug] 12870#0: *2 http upstream send request
2020/03/06 08:42:02 [debug] 12870#0: *2 http upstream send request body
[snip]
2020/03/06 08:42:02 [debug] 12870#0: *2 http upstream request:
"/printer/?"
2020/03/06 08:42:02 [debug] 12870#0: *2 http upstream process header
[snip]
2020/03/06 08:42:02 [debug] 12870#0: *2 http proxy status 505 "505 HTTP
Version not supported"
2020/03/06 08:42:02 [debug] 12870#0: *2 http proxy header:
"X-Content-Type-Options: no-sniff"
2020/03/06 08:42:02 [debug] 12870#0: *2 http proxy header:
"Cache-Control: no-cache, no-store, must-revalidate"
2020/03/06 08:42:02 [debug] 12870#0: *2 http proxy header: "Server:
gSOAP/2.7"
2020/03/06 08:42:02 [debug] 12870#0: *2 http proxy header:
"Content-Length: 0"
2020/03/06 08:42:02 [debug] 12870#0: *2 http proxy header: "Connection:
close"
2020/03/06 08:42:02 [debug] 12870#0: *2 http proxy header done
2020/03/06 08:42:02 [debug] 12870#0: *2 HTTP/1.1 505 HTTP Version not
supported^M

So my guess NGINX is doing something which the web printer does not
like...

What could i try or do?

thank you for your time and response.





--
Willy Gardiol
willy@gardiol.org
www.gardiol.org
www.trackaway.org -> Track YOUR way the way you want!
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

subrequests - huge body, mirror response from proxy_pass (no replies)

March 6, 2020, 8:13 am
$
0
0
Hi all.
I want to mirror a response from 'proxy_pass` backend. I need to send it not only back to a client but also to one more service.
I was thinking to make it by subrequest in a filter module.

There is a problem with sending subrequest body.
1) I can get a response body by 'ngx_http_read_client_request_body' or
2) I can wait for the last chain in a filter body and just save all body chunks.
and then send it as a subrequest body.
Both approaches work.

But the problem is that some response bodies are big(several Gb),
and keep whole body in RAM is not efficient.

Is there a way to send subrequest body gradually by chunks in the process of receiving them from 'proxy_pass' backed ? I need smthg like ngx_http_proxy_module does when it is sending a response to an upstream but for subrequest.
Any ideas? Thanks.

aarch64 packages for other Linux flavors (no replies)

March 9, 2020, 1:16 am
$
0
0
Hello Nginx team!

At https://nginx.org/en/linux_packages.html I see that only Ubuntu LTS
versions support and provide packages for aarch64/arm64 architecture. Is
there a chance to provide such for the other OSes too ? I am particularly
interested in the latest versions of CentOS & Alpine. I know that I could
use the packages provided by the OS but they update the version much later
than the official release.

Gracias!
Emilio
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Sub-Filter auf SignalR ASP.NET Core Hub (no replies)

March 9, 2020, 4:58 am
$
0
0
Hey,



I need your help to solve an issue with the SignalR library. For those of you how do not know: It is a library to establish an bidirectional connection between server and browser in an webapp using javascript.

On my server I have a multi-application environment, were the web application is resolved using the “webapp” location and then using a reverse proxy to the application running on localhost.

The same procedure I use for several services, where the location is “xxx-service”.



For fixing the URL’s in the server response, I use several sub_filters to align urls from “/resource” to “/webui/resource” to make links, formulars and so on going to the /webui/ location again.

The same thing I do with the SignalR hub the client connects to. These hub is going to be changed from /hub to /webui/hub.



But these results in the following error:



[2020-03-09T10:38:26.393Z] Information: Normalizing '/webui/hub' to 'https://helitest.fluent-software.de:9003/webui/hub'. <webpack://node_modules/@microsoft/signalr/dist/esm/Utils.js> Utils.js:204:39

Firefox kann keine Verbindung zu dem Server unter wss://helitest.fluent-software.de:9003/webui/hub?id=5usy9hS6jVcGhNuk5ig5cA aufbauen. <webpack://node_modules/@microsoft/signalr/dist/esm/WebSocketTransport.js> WebSocketTransport.js:88:32

[2020-03-09T10:38:27.071Z] Error: Failed to start the transport 'WebSockets': Error: There was an error with the transport. <webpack://node_modules/@microsoft/signalr/dist/esm/Utils.js> Utils.js:198:39

[2020-03-09T10:38:42.158Z] Information: SSE connected to https://helitest.fluent-software.de:9003/webui/hub?id=a6T9oscwfbe-l0CRzOvCtw <webpack://node_modules/@microsoft/signalr/dist/esm/Utils.js> Utils.js:204:39

[2020-03-09T10:38:42.175Z] Error: Connection disconnected with error 'Error: Server returned handshake error: Handshake was canceled.'. <webpack://node_modules/@microsoft/signalr/dist/esm/Utils.js> Utils.js:198:39

Error: Server returned handshake error: Handshake was canceled.



In the Access log I see an 404 Error, but don’t know how to handle them:



192.168.7.242 - - [09/Mar/2020:11:38:42 +0100] "GET /webui/hub?id=a6T9oscwfbe-l0CRzOvCtw HTTP/1.1" 200 80 "https://helitest.fluent-software.de:9003/webui/Orders" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"

192.168.7.242 - - [09/Mar/2020:11:38:42 +0100] "POST /webui/hub?id=a6T9oscwfbe-l0CRzOvCtw HTTP/1.1" 404 37 "https://helitest.fluent-software.de:9003/webui/Orders" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:73.0) Gecko/20100101 Firefox/73.0"



Any ideas how to solve that?



Kind regards,

Sebastian.



_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Prevent direct access to files but allow download from site (3 replies)

March 11, 2020, 6:23 pm
$
0
0
Good evening,
I would like to block direct access to files in a folder on my site, but allow downloading from the site.

Specifically, I want to be able to download a file from the site's html tag:

<a href="/assets/file/test.txt" download=""> Download TXT </a>

But do not allow direct access and download, using the browser or other tools such as curl or wget.
So block access to the link:

https://domain.com/assets/file/test.xt

is it possible to obtain such a result?
Thank you
Search

TLS 1.3 not offered and downgraded to a weaker protocol (1 reply)

March 11, 2020, 10:24 pm
$
0
0
Hi,

I am running nginx version: nginx/1.16.1 on CentOS Linux release 7.7.1908
(Core). I have configured *ssl_protocols TLSv1.2 TLSv1.3*; in
/etc/nginx/nginx.conf.
#nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Now when I am running testssl.sh (https://testssl.sh/) which is a Testing
TLS/SSL encryption tool, I see the below output

Testing protocols via sockets except NPN+ALPN
> SSLv2 not offered (OK)
> SSLv3 not offered (OK)
> TLS 1 not offered
> TLS 1.1 not offered
> TLS 1.2 offered (OK)
> TLS 1.3 not offered and downgraded to a weaker protocol
> NPN/SPDY h2, http/1.1 (advertised)
> ALPN/HTTP2 h2, http/1.1 (offered)


Any clue regarding "TLS 1.3 not offered and downgraded to a weaker
protocol" ? Please let me know if you need any additional information.
Thanks in advance and I look forward to hearing from you.

Best Regards,

Kaushal
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Unit 1.16.0 release (no replies)

March 12, 2020, 12:26 pm
$
0
0
Hi,

I'm glad to announce a new release of NGINX Unit.

-------------------------------------------------------------------
To all Unit package maintainers: please don't miss the new '--tmp'
configure option. It specifies the directory where the Unit daemon
stores temporary files (i.e. large request bodies) at runtime.
-------------------------------------------------------------------

In this release, we continue improving the functionality related to
proxying and static media asset handling.

Now, the new 'upstreams' object enables creating server groups
for weighted round-robin load balancing:

{
"listeners": {
"*:80": {
"pass": "upstreams/rr-lb"
}
},

"upstreams": {
"rr-lb": {
"servers": {
"192.168.0.100:8080": { },
"192.168.0.101:8080": {
"weight": 2
}
}
}
}
}


See the docs for details:

- https://unit.nginx.org/configuration/#configuration-upstreams

So far, it's rather basic, but many more proxying and load-balancing
features are planned for future releases.

By its design, the new 'fallback' option is somewhat similar to the
'try_files' directive in nginx. It allows proceeding to another
action if a file isn't available:

{
"share": "/data/www/",

"fallback": {
"pass": "applications/php"
}
}


In the example above, an attempt is made first to serve a request
with a file from the "/data/www/" directory. If there's no such
file, the request is passed to the "php" application.

Also, you can chain such fallback actions:

{
"share": "/data/www/",

"fallback": {
"share": "/data/cache/",

"fallback": {
"proxy": "http://127.0.0.1:9000"
}
}
}


More info:

- https://unit.nginx.org/configuration/#configuration-fallback

Finally, configurations you upload can use line (//) and block (/* */)
comments. Now, Unit doesn't complain; instead, it strips them from the
JSON payload. This comes in handy if you store your configuration in a
file and edit it manually.


Changes with Unit 1.16.0 12 Mar 2020

*) Feature: basic load-balancing support with round-robin.

*) Feature: a "fallback" option that performs an alternative action if a
request can't be served from the "share" directory.

*) Feature: reduced memory consumption by dumping large request bodies
to disk.

*) Feature: stripping UTF-8 BOM and JavaScript-style comments from
uploaded JSON.

*) Bugfix: negative address matching in router might work improperly in
combination with non-negative patterns.

*) Bugfix: Java Spring applications failed to run; the bug had appeared
in 1.10.0.

*) Bugfix: PHP 7.4 was broken if it was built with thread safety
enabled.

*) Bugfix: compatibility issues with some Python applications.


To keep the finger on the pulse, see our further plans in the roadmap here:

- https://github.com/orgs/nginx/projects/1

Also, good news for macOS users! Now, there's a Homebrew tap for Unit:

- https://unit.nginx.org/installation/#homebrew

Stay healthy!

wbr, Valentin V. Bartenev

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

How to establish secure connection between NGINX https upstream API (no replies)

March 12, 2020, 10:48 pm
$
0
0
Using below config, According to this,

https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/#

server {
listen 80;
server_name nginx_server_name;
#...

upstream dev {
zone dev 64k;
server backend.example.com:443;
}

location /upstream {
proxy_pass https://$upstream$request_uri;
proxy_ssl_certificate /etc/nginx/client.pem;
proxy_ssl_certificate_key /etc/nginx/client.key;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_trusted_certificate /etc/nginx/trusted_ca_cert.crt;

proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
}
}
What is below client.pem & client.key?

is this the nginx client files which needs to be created and signed with CA?
or is that a backend.example.com ssl certs?

What is trusted_ca_cert.crt;?

Is this related to backend.example.com? how can i obtain this?

Steps i did:

Created csr & key using openssl with CN as nginx_server_name
signed & Got the cert (client.crt) -> client.pem configured both client.pem
& .key in config
But getting below exception when i hit the API.

upstream SSL certificate verify error: (19:self signed certificate in
certificate chain) while SSL handshaking to upstream, client: <user_ip>,
server: <nginx_server_ip>, request: "POST /getsomething HTTP/1.1", upstream:
"https://backend.example.com:443/getsomething", host: "nginx_server_ip"



--
Sent from: http://nginx.2469901.n2.nabble.com/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

upstream SSL certificate does not match "dev_server" while SSL handshaking to upstream (no replies)

March 13, 2020, 12:12 am
$
0
0
Hi Team,
Am trying to establish encrypted communication between NGINX <-> API's
(POST, GET) with below configuration. But am facing some ssl handshake
issue.

*Config:*

upstream dev_server {
zone dev_server 64k;
server dev1.sysmac.com:443;
server dev2.sysmac.com:443;
server dev3.sysmac.com:443;
}

server {
ssl_certificate /etc/nginx/ssl/nginx-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/nginx.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
resolver 8.8.8.8 valid=300s;
resolver_timeout 5s;
ssl_session_timeout 5m;

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains;
preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

ssl_dhparam /etc/ssl/certs/dhparam.pem;

# Policy section
#
location = /_dosomething {
internal;

proxy_pass https://$upstream$request_uri;

proxy_ssl_protocols TLSv1.2 TLSv1.3;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;

proxy_ssl_trusted_certificate /etc/ssl/certs/ca-bundle.trust.crt;

proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
proxy_ssl_server_name on;
}

}

*Error:*
upstream SSL certificate does not match "dev_server" while SSL handshaking
to upstream, client: <my_test_machine_ip>, server: <nginx_server_ip>,
request: "POST /dosomething HTTP/1.1", upstream:
"https://<dev1.sysmac.com_ip>:443/dosomething", host: "<nginx_ip>"

*Verified with openssl:*
openssl s_client -servername NAME -connect dev1.sysmac.com:443 -showcerts
-CApath /etc/ssl/certs/ca-bundle.trust.crt

CONNECTED(00000003)
depth=2 C = US, O = DigiCert Inc, OU = www.digicert.com, CN = DigiCert
Global Root CA
verify return:1
depth=1 C = US, O = DigiCert Inc, CN = DigiCert SHA2 Secure Server CA
verify return:1
depth=0 C = US, ST = <bla-bla>, L = <bla-bla>, O = <bla-bla>, OU =
<bla-bla>, CN = dev5.sysmac.com
verify return:1
---
Certificate chain
0
s:/C=US/ST=<bla-bla>/L=<bla-bla>/O=<bla-bla>/OU=<bla-bla>/CN=g4t7453.houston.hpe.com
i:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
-----BEGIN CERTIFICATE-----
MIIHdzCCBl+gAwIBAgIQAblIEjggyGk4cIxk4xfU6TANBgkqhkiG9w0BAQsFADBN
MQswCQYDVQQGEw...............
-----END CERTIFICATE-----
1 s:/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
-----BEGIN CERTIFICATE-----
MIIElDCCA3ygAwIBAgIQAf2j627KdciIQ4tyS8+8kTANBgkqhkiG9w0BAQsFADBh
MQswCQYDVQQGEwJVUzEVM......
-----END CERTIFICATE-----
2 s:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
i:/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=DigiCert Global Root CA
-----BEGIN CERTIFICATE-----
MIIDrzCCApegAwIBAgIQCD.....
-----END CERTIFICATE-----
---
Server certificate
subject=/C=US/ST=<bla-bla>/L=<bla-bla>/O=<bla-bla>/OU=servers/CN=dev5.sysmac.com
issuer=/C=US/O=DigiCert Inc/CN=DigiCert SHA2 Secure Server CA
---
No client certificate CA names sent
Peer signing digest: SHA512
Server Temp Key: ECDH, P-256, 256 bits
---
SSL handshake has read 4746 bytes and written 428 bytes
---
New, TLSv1/SSLv3, Cipher is ECDHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
Protocol : TLSv1.2
Cipher : ECDHE-RSA-AES256-GCM-SHA384
Session-ID: <bla-bla>
Session-ID-ctx:
Master-Key: <bla-bla>
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - 83 b1 99 75 73 6e 7c 05-33 1b 02 70 67 68 1f b4
....usn|.3..pgh..
00a0 - 18 2b b0 1f 18 20 24 a4-ac ab e4 62 57 f6 1b 53 .+...
$....bW..S
00b0 - c3 d8 db 4b 15 cb 82 de-78 52 21 03 c6 25 24 06
....K....xR!..%$.

Start Time: 1584081168
Timeout : 300 (sec)
Verify return code: 0 (ok)
---

*Questions:*
1. All of my upstream servers has ssl certificate configured with same ssl
contains CN=dev5.sysmac.com which i can see from openssl. In such case is
this the reason am getting not found error from upstream block?

2. If not how to deal with such cases?

3. Also looking for debugging the same for ssl certificate does not match.
Do i need to especially specify ssl cert for each /dosomething block?

Please help!!!



--
Sent from: http://nginx.2469901.n2.nabble.com/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Problem installing in custom folder when Perl is enabled (1 reply)

March 13, 2020, 7:24 am
$
0
0
Hello Nginx team,

I'm facing the following problem when I try to install Nginx in a custom
folder:

....
objs/ngx_modules.o \
-ldl -lpthread -lcrypt -lpcre -lssl -lcrypto -ldl -lpthread -lz -lxml2
-lxslt -lexslt -lgd -lGeoIP \
-Wl,-E -fstack-protector-strong -L/usr/local/lib
-L/usr/lib/aarch64-linux-gnu/perl/5.26/CORE -lperl -ldl -lm -lpthread -lc
-lcrypt \
-Wl,-E
sed -e "s|%%PREFIX%%|/home/ubuntu/hg/nginx/nginx-build|" \
-e "s|%%PID_PATH%%|/home/ubuntu/hg/nginx/nginx-build/logs/nginx.pid|" \
-e "s|%%CONF_PATH%%|/home/ubuntu/hg/nginx/nginx-build/conf/nginx.conf|" \
-e "s|%%ERROR_LOG_PATH%%|/home/ubuntu/hg/nginx/nginx-build/logs/error.log|"
\
< docs/man/nginx.8 > objs/nginx.8
make[1]: Leaving directory '/home/ubuntu/hg/nginx/nginx'
make -f objs/Makefile install
make[1]: Entering directory '/home/ubuntu/hg/nginx/nginx'
cd objs/src/http/modules/perl && make install
make[2]: Entering directory
'/home/ubuntu/hg/nginx/nginx/objs/src/http/modules/perl'
"/usr/bin/perl" -MExtUtils::Command::MM -e 'cp_nonempty' -- nginx.bs
blib/arch/auto/nginx/nginx.bs 644
Manifying 1 pod document
Files found in blib/arch: installing files in blib/lib into architecture
dependent library tree
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
ERROR: Can't create '/usr/local/lib/aarch64-linux-gnu/perl/5.26.1'
Do not have write permissions on
'/usr/local/lib/aarch64-linux-gnu/perl/5.26.1'
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
at -e line 1.
Makefile:802: recipe for target 'pure_site_install' failed
make[2]: *** [pure_site_install] Error 13
make[2]: Leaving directory
'/home/ubuntu/hg/nginx/nginx/objs/src/http/modules/perl'
objs/Makefile:1795: recipe for target 'install_perl_modules' failed
make[1]: *** [install_perl_modules] Error 2
make[1]: Leaving directory '/home/ubuntu/hg/nginx/nginx'
Makefile:11: recipe for target 'install' failed
make: *** [install] Error 2
chown: cannot access '/home/ubuntu/hg/nginx/nginx-build': No such file or
directory


I do the following:

$ cd /home/ubuntu/hg/nginx
$ hg clone https://hg.nginx.org/nginx
$ cd nginx
$
../auto/configure --prefix=/home/ubuntu/hg/nginx/nginx-build
--with-http_perl_module
$ make
$ make install


If I remove " --with-http_perl_module" then the installation is
successful.
But with Perl it still tries to install at /usr/local/lib and fails with
permissions denied.
Is this a problem in Nginx or in Perl itself ?

P.S. I have some more --with-xyz modules in the configure parameters but
there are no problems with them and I didn't list them above.

Regards,
Martin
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Double RAM usage after Nginx reload (no replies)

March 13, 2020, 7:26 am
$
0
0
Any idea why the "cache manager process" uses double RAM after the reload?


System:

nginx version: nginx/1.16.1
built with OpenSSL 1.1.1d-freebsd 10 Sep 2019
TLS SNI support enabled
configure arguments: --prefix=/usr/local/etc/nginx --with-cc-opt='-I /usr/local/include' --with-ld-opt='-L /usr/local/lib' --conf-path=/usr/local/etc/nginx/nginx.conf --sbin-path=/usr/local/sbin/nginx --pid-path=/var/run/nginx.pid --error-log-path=/var/log/nginx/error.log --user=www --group=www --modules-path=/usr/local/libexec/nginx --http-client-body-temp-path=/var/tmp/nginx/client_body_temp --http-fastcgi-temp-path=/var/tmp/nginx/fastcgi_temp --http-proxy-temp-path=/var/tmp/nginx/proxy_temp --http-scgi-temp-path=/var/tmp/nginx/scgi_temp --http-uwsgi-temp-path=/var/tmp/nginx/uwsgi_temp --http-log-path=/var/log/nginx/access.log --with-http_v2_module --with-http_realip_module --with-pcre --with-http_slice_module --with-http_ssl_module --with-http_stub_status_module --with-cc-opt='-DNGX_HAVE_INET6=0 -I /usr/local/include' --without-mail_imap_module --without-mail_pop3_module --without-mail_smtp_module --with-stream_ssl_module --with-stream_ssl_preread_module --with-stream=dynamic --ad
d-dynamic-module=/usr/ports/www/nginx/work/nginx-http-auth-digest-cd86418


How to reproduce it:

1) service nginx start

2) top output:

PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
99240 www 1 20 0 926M 519M kqread 5 0:02 0.65% nginx: worker process (nginx)
4433 www 1 20 0 934M 525M kqread 4 0:00 0.00% nginx: cache manager process (nginx)

3) service nginx reload

4) top output:

PID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
49456 www 1 20 0 930M 523M kqread 6 0:03 0.11% nginx: worker process (nginx)
50868 www 1 20 0 1759M 1028M kqread 2 0:00 0.00% nginx: cache manager process (nginx)
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx and php settings (no replies)

March 14, 2020, 1:12 am
$
0
0
Hi,
I have install nginx 1.0.15 and php 5.3 on a VM running Ubuntu 14.04.
The configuration file looks like below

$ cat /usr/local/nginx/conf/nginx.conf
#user nobody;
worker_processes 1;
#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;
#pid logs/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
#log_format main '$remote_addr - $remote_user [$time_local]
"$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
server {
listen 80;
server_name localhost;
#charset koi8-r;
#access_log logs/host.access.log main;
location / {
root html;
index index.html index.htm;
}
#error_page 404 /404.html;
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
# proxy the PHP scripts to Apache listening on 127.0.0.1:80
#
#location ~ \.php$ {
# proxy_pass http://127.0.0.1;
#}
# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
#
location ~ \.php$ {
root html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
/usr/local/nginx/html/public_html/$fastcgi_script_name;
include fastcgi_params;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
# another virtual host using mix of IP-, name-, and port-based
configuration
#
#server {
# listen 8000;
# listen somename:8080;
# server_name somename alias another.alias;
# location / {
# root html;
# index index.html index.htm;
# }
#}
# HTTPS server
#
#server {
# listen 443;
# server_name localhost;
# ssl on;
# ssl_certificate cert.pem;
# ssl_certificate_key cert.key;
# ssl_session_timeout 5m;
# ssl_protocols SSLv2 SSLv3 TLSv1;
# ssl_ciphers HIGH:!aNULL:!MD5;
# ssl_prefer_server_ciphers on;
# location / {
# root html;
# index index.html index.htm;
# }
#}

}



I also have put a phpinfo.php file like this

root@fr13:/usr/local/nginx/html# cat phpinfo.php
<?php phpinfo(); ?>


When I open the browser and enter localhost/phpinfo.php, I get this message

The page you are looking for is temporarily unavailable.
Please try again later.

How can I resolve that?






Regards,
Mahmood
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Search

NGINX - {“status”:400,“message”:“Bad request”} Every alternate request getting 400 (no replies)

March 14, 2020, 6:38 am
$
0
0
I Have below nginx config and the api hit works fine every first time and
alternate hit getting 400.

nginx.conf:

http {

lua_package_path '~/lua/?.lua;;';

# Allow larger than normal headers
large_client_header_buffers 4 64k;

ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;

include /etc/nginx/gateway.conf;
}
gateway.conf

server {

listen 443 ssl;

location = /_dosomething {
internal;

# Validate oauth token and add custom nginx access_token into the
request header
access_by_lua_file /etc/nginx/api_conf.d/oauth/oauth_introspec.lua;

mirror /_NULL; # Create a copy of the request to
capture request body
client_body_in_single_buffer on; # Minimize memory copy operations on
request body
client_body_buffer_size 16k; # Largest body to keep in memory
(before writing to file)
client_max_body_size 16k;

# Policy configuration here (authentication, rate limiting, logging,
more...)

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;


proxy_pass https://$upstream$request_uri;

}

}
Am not seeing any specific errors in nginx error log too, i can see the log
before proxy pass. added below line too

error_log logs/error.log debug;
Every alternate requests are getting 400 bad request. But constant interval
requests are getting success response and if i test with 2 requests per
second then it fails with this error. am out of options. Please help.



--
Sent from: http://nginx.2469901.n2.nabble.com/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Unable to see a php page (3 replies)

March 15, 2020, 7:02 am
$
0
0
Hi,
For a test, I have installed nginx 1.0.15 with php 5.3 on an Ubuntu 14.04.
The settings related to php in nginx.conf are as below where I removed the
comments for simplicity.


server {
listen 80;
server_name localhost;
location / {
root /home/ubuntu/htdocs/;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
location ~ \.php$ {
root /home/ubuntu/htdocs/public_html;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME
/home/ubuntu/htdocs/public_html/$fastcgi_script_name;
include fastcgi_params;
}
}


The document root is here.

ubuntu@fr13:~$ ls -l htdocs/
total 36
-rw-r--r-- 1 www-data www-data 1422 مارس 15 15:28 build.xml
drwxr-xr-x 2 www-data www-data 4096 مارس 15 15:28 classes
drwxr-xr-x 2 www-data www-data 4096 مارس 15 15:28 controllers
drwxr-xr-x 2 www-data www-data 4096 مارس 15 15:35 etc
drwxr-xr-x 2 www-data www-data 4096 مارس 15 15:28 includes
-rw-r--r-- 1 www-data www-data 152 مارس 15 15:29 index.html
drwxr-xr-x 2 www-data www-data 4096 مارس 15 15:28 lib
drwxr-xr-x 6 www-data www-data 4096 مارس 15 15:28 public_html
drwxr-xr-x 2 www-data www-data 4096 مارس 15 15:28 views


The index.html is a simple welcome message.


Also

ubuntu@fr13:~$ ls -l htdocs/public_html/index.php
-rw-r--r-- 1 www-data www-data 7556 مارس 15 15:28
htdocs/public_html/index.php




When I open the browser and enter localhost, I can see the welcome message.
That means the basic functionality is fine.

However, when I enter localhost/public_html/index.php

I get this message in the browser:


The page you are looking for is temporarily unavailable.
Please try again later.


At the same time, I see this entry in /usr/local/nginx/logs/error.log

2020/03/15 15:50:20 [error] 4808#0: *5 connect() failed (111: Connection
refused) while connecting to upstream, client: 127.0.0.1, server:
localhost, request: "GET /public_html/index.php HTTP/1.1", upstream:
"fastcgi://127.0.0.1:9000", host: "localhost"


Why I get connection refused?
What else should I check for more debugging?



Regards,
Mahmood
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

How to fix ERR_RESPONSE_HEADERS_TRUNCATED error (1 reply)

March 15, 2020, 6:30 am
$
0
0
Hi all,

I am implementing a small application to test the path based routing functionality using nginx. My set up is something as below:

User<URL in Chrome with https> ->AWS Route 53(DNS resolution) -> AWS NLB (443)-> nginx(implements path based routing to different backend EC2 instances)------->http(backend ec2 instances)

SSL is terminated at the nginx. When I run directly this URL with https://<domain name>:6667 it works fine and page loads properly. But through nginx it doesnt work and I get the below error(https://<domain-URL>/rest/).

might be temporarily down or it may have moved permanently to a new web address.
ERR_RESPONSE_HEADERS_TRUNCATED

upstream app1 {
keepalive 16;
server test1.example.com:6666 max_fails=2 fail_timeout=300s;server test2.example.com:6666 max_fails=2 fail_timeout=300s;
}

upstream app1_external {
sticky name=srv_id expires=1h domain=<domain-Name> httponly secure path=/;
keepalive 16;
server test1.example.com:6667 max_fails=2 fail_timeout=300s;server test2.example.com:6667 max_fails=2 fail_timeout=300s;
}


server {
listen 443 ssl;
access_log /var/log/nginx/access.log main;
# listen [::]:443 ssl proxy_protocol;
server_name <NLB DNS> <nginx server DNS>
ssl_certificate "/etc/ssl/nginx/server.crt";
ssl_certificate_key "/etc/ssl/nginx/server.key";
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 30m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers EECDH+AESGCM:EDH+AESGCM;
ssl_prefer_server_ciphers on;

location / {
proxy_pass https://app1/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
real_ip_header X-Real-IP;
proxy_http_version 1.1;
proxy_set_header Connection "";
}

location /rest/ {
proxy_pass http://app1_external/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $scheme;
real_ip_header X-Real-IP;
proxy_http_version 1.1;
proxy_set_header Connection "";
}

}

nginx version: nginx/1.13.5
Can anyone help me in this regard how to fix this issue?

Regards
Pradeep

Error 512 after nginx setup (no replies)

March 15, 2020, 12:00 pm
$
0
0
Hi Everyone,

First time I post here, hopefully I'm not gonna broke any rule.

I setup Nginx on my Ubuntu 16.04 server to point my domain (using cloudflare) to my server where discourse.org http://discourse.org/ is installed.

Here's the default file in sites-available

server {
listen 80; listen [::]:80;
server_name stumblr.in;

return 301 https://$host$request_uri https://$host$request_uri/;
}

server {
listen 443 ssl http2;
server_name stumblr.in;

ssl_certificate /etc/letsencrypt/live/stumblr.in/fullchain.pem http://stumblr.in/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/stumblr.in/privkey.pem http://stumblr.in/privkey.pem;
include /etc/nginx/snippets/ssl.conf;

location / {
proxy_pass http://stumblr.in:2045/ http://stumblr.in:2045/;
proxy_set_header Host $http_host;
proxy_http_version 1.1;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_redirect http://stumblr.in:2045/ http://stumblr.in:2045/ https://stumblr.in https://stumblr.in/;
}
}


There's no error of Nginx but I've get 512 in browser.

Any idea what could be wrong?

Thanks in advance.
Adrian Vidican_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

SSL session cache full (no replies)

March 16, 2020, 12:38 am
$
0
0
Hi,

I have a question after reading https://trac.nginx.org/nginx/ticket/621 .
When that alert is logged in error log, what will happen to the connection?
Will the client get an error (such as HTTP 4XX), or will it work as if the
server doesn't support session resumption?
As mentioned in comment3 in that ticket, for 2-way SSL clients, this could
happen more frequently, will nginx fail the 2-way SSL handshake and give
4xx error?

Thanks!
Frank
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Viewing all 7229 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>