Quantcast
Channel: Nginx Forum - Nginx Mailing List - English
Viewing all 7229 articles
Browse latest View live

Strange log output from access.log (1 reply)

March 17, 2020, 8:51 am
$
0
0
Has anyone seen this kind of output before, and why it is happening?

10.8.0.1 - - [17/Mar/2020:16:37:07 +0100] "GET /admin.php?content=8204;menu=040044;product_id=236431 HTTP/2.0" 200 18324 "https://app.tdom.net/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php/admin.php?text_string=7613052442458&lang=1&active=1&search.x=25&search.y=7&manufacturer=69&year=0&season=0&collection=0&price=0&stocktype=1&stocksum=&id_string=&erp_id_string=&supplier_item_no_string=&_qf__productSearchForm=&_qfe__submit=1&content=8210&menu=040044" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0" "-"
Search

Study on annotating implementation and design choices, and technical debt (no replies)

March 17, 2020, 9:26 am
$
0
0
Dear all,

As software engineering research teams at the University of Sannio
(Italy) and Eindhoven University of Technology (The Netherlands) we
are interested in investigating the protocol used by developers while
they have to annotate implementation and design choices during their
normal development activities. More specifically, we are looking at
whether, where and what kind of annotations developers usually use
trying to be focused more on those annotations mainly aimed at
highlighting that the code is not in the right shape (e.g., comments
for annotating delayed or intended work activities such as TODO,
FIXME, hack, workaround, etc). In the latter case, we are looking at
what is the content of the above annotations, as well as how they
usually behave while evolving the code that has been previously
annotated.

When answering the survey, in case your annotation practices are
different in different open source projects you may contribute, please
refer to how you behave for the projects where you have been
contacted.

Filling out the survey will take about 5 minutes.

Please note that your identity and personal data will not be
disclosed, while we plan to use the aggregated results and anonymized
responses as part of a scientific publication.

If you have any questions about the questionnaire or our research,
please do not hesitate to contact us.

You can find the survey link here:
https://forms.gle/NQULdWRVvXYeMc1r6

Thanks and regards,

Fiorella Zampetti (fzampetti@unisannio.it)
Gianmarco Fucci (gianmarcofucci94@gmail.com)
Alexander Serebrenik (a.serebrenik@tue.nl)
Massimiliano Di Penta (dipenta@unisannio.it)
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

openssl 1.1.1e 14095126:SSL routines:ssl3_read_n (2 replies)

March 18, 2020, 6:52 am
$
0
0
Logging getting swamped with:

[crit] 1808#2740: *20747 SSL_read() failed (SSL: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading) while keepalive

Related to: https://github.com/openssl/openssl/issues/10880
and this commit: https://github.com/openssl/openssl/commit/db943f43a60d1b5b1277e4b5317e8f288e7a0a3a

Question: does this need to be resolved in openssl or nginx ?

ssl_dhparam with Wildcard SSL (no replies)

March 19, 2020, 2:42 am
$
0
0
Hello,

I want to use a Wildcard SSL on several servers.

"ssl_certificate" and "ssl_certificate_key" are same CRT file and KEY file, but for "ssl_dhparam", each server have its private dhparam file? or use the same dhparam file? please help, thanks.

Nginx SSL reverse proxy with independent authentication for each backend web server (no replies)

March 19, 2020, 8:26 am
$
0
0
Hi people,

I wanna use NGINX as a SSL reverse proxy for several backends Apache web
servers which listens on port TCP/8080 and TCP/9090.

The NGINX reverse proxy must have one independent authentication for each
backend web server:

NGINX -- Auth 1 --- Web server 1 ports 8080/9090
-- Auth 2 --- Web server 2 ports 8080/9090
-- Auth 3 --- Web server 3 ports 8080/9090
etc.

Is it possible to do this???

Can you give me some info o link in this way ???

Thanks a lot and regards !!!
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Question about root path for php-fpm (no replies)

March 19, 2020, 10:46 am
$
0
0
Hi
I am following a document but something seems to be a typo and I want to be
sure about that.

1) It says:
In the webserver root directory, we will install the Olio PHP application,
we will call this directory $APP_DIR:
o cd /webserver/root/dir (e.g. /home/username/htdocs/ created when we
installed Nginx).


So, I set
location / {
root /home/ub/htdocs;
index index.html index.htm;
}




2) It says:
The nginx.conf configuration file must be set with the correct port number
to access PHP-FPM. Open the file nginx.conf and make sure the following
lines exist:
location ~ \.php$ {
root /path/to/root (e.g /home/username/htdocs/public_html );
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $APP_DIR/$fastcgi_script_name; (e.g.,
/home/username/htdocs/public_html/$fastcgi_script_name)
include fastcgi_params; }



Currently, I have this folder structure

$ ls ~/htdocs/
build.xml classes controllers etc includes index.html lib
public_html views
$ ls ~/htdocs/public_html/index*
/home/ub/htdocs/public_html/index.php


If I open browser and enter localhost, I can see the content of
~/htdocs/index.html. So, the first step is fine.


The fastcgi_param says $APP_DIR. So, I should write /home/ub/htdocs but the
"e.g." part says /home/ub/htdocs/public_html

I am not sure if the root in the second step is /home/ub/htdocs or
/home/ub/htdocs/public_html
?


Can someone help. Thanks.



Regards,
Mahmood
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Establish TCP connection to upstream when client connection made to listener (no replies)

March 20, 2020, 6:58 am
$
0
0
Hi

I'm looking for when a client establishes a TCP connection to an IP and
port, that NGINX is listening on, that NGINX, without waiting on data
being transmitted from the client to NGINX, would establish a TCP
connection to the upstream.

If such a capability were to exist I'd have thought it'd be documented
either at http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html
or http://nginx.org/en/docs/stream/ngx_stream_core_module.html. So from
what I gather the capability does not exist in NGINX and it's quite
likely considered a good thing, NGINX won't establish a backend
connection (tying up resources) simply based on an in bound connection.

Trouble with this though, NGINX then can't fully support reverse
proxying protocols where the server provides a response upon TCP
connection eg. SSH2, MySQL. You're instead dependent on the client
handling the lack of initial server response and that after the client
sends its first lot of data it'll then receive the server's initial
response.

I've checked the way HAProxy works and it either by default establishes
the backend TCP connection upon connection to the frontend or there's
some switch I unknowingly flipped.

Presumably this isn't anything new, so please feel free to point me
towards whatever I've failed to find myself and I'm interested in
hearing others thoughts and experience with this aspect of NGINX if you
have time to share.

Cheers

Phillip

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

[ANN] OpenResty 1.15.8.3 released (no replies)

March 21, 2020, 1:16 am
$
0
0
Hi there,

OpenResty 1.15.8.3 is a patch release addressing recent security
vulnerabilities in both the Nginx core and the ngx_http_lua module.

The (portable) source code distribution, the Win32/Win64 binary
distributions, and the pre-built binary Linux packages for Ubuntu,
Debian, Fedora, CentOS, RHEL, OpenSUSE, Amazon Linux are provided on
this page:

https://openresty.org/en/download.html

We also upgraded PCRE to 8.44 and OpenSSL to 1.1.0l for our
binary packages.

This is the third OpenResty release based on the nginx 1.15.8 core.

Acknowledgments
Thanks the HackerOne team for reporting the memory content leak
vulnerabilities.

Thanks Thibault Charbonnier and Dejiang Zhu for helping this
release.

Full Changelog
Complete change logs since the last (formal) release, 1.15.8.2, can
be browsed in the page Change Log for 1.15.8.x:

https://openresty.org/en/changelog-1015008.html

Feedback
Feedback on this release is more than welcome. Feel free to create
new [GitHub issues](https://github.com/openresty/openresty/issues)
or send emails to one of our mailing lists.

The Next Release
The next release will be OpenResty 1.17.8.1 based on the recent
nginx 1.17.8 core and its RC1 version is already out for community
testing. See

https://openresty.org/en/ann-1017008001rc1.html

Thanks!

Best regards,
Yichun
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Search

unable to get local issuer certificate (no replies)

March 23, 2020, 3:08 am
$
0
0
Hi,


I´m running nginx/1.17.8 as a ReverseProxy, executed as Docker container via docker-compose.yaml.

version: '2'
services:
proxy:
image: nginx:1.17
container_name: nginx
restart: always
ports:
- "443:8443"
- "80:8080"

volumes:
- /data/nginx-conf:/etc/nginx/conf.d/

networks:
- webgateway

networks:
webgateway:
driver: bridge
driver_opts:
com.docker.network.driver.mtu: 1300


It´s configured to run secured, which is working fine. The servers being proxied are availabe at https, but currently the verification is turned off.The certificate used by the server is also valid, it´s a chain being built upon server->intermediate-root CA.


When turning it on, I always get

=> nginx | 2020/03/19 12:37:50 [error] 6#6: *1 upstream SSL certificate verify error: (20:unable to get local issuer certificate) while SSL handshaking to upstream, client: 141.77.119.231, server: tam-ci.mygroup.net, request: “GET /sonarqube/ HTTP/2.0”, upstream: "https://10.248..117.61:443/sonarqube/", host: “tam-ci.mygroup.net”

Here´s my configuration:


location /sonarqube/ {
proxy_pass https://cvm23801.mygroup.net$request_uri;

# TODO needed here ?
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

# verify the Traefik certificate

# TODO need to use own client certificate ???
#proxy_ssl_certificate /etc/nginx/conf.d/tam-ci.pem;
#proxy_ssl_certificate_key /etc/nginx/conf.d/tam-ci.key;

proxy_ssl_trusted_certificate /etc/nginx/conf.d/mygroup-ca.pem;

proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;

#proxy_ssl_name tam-ci.bmwgroup.net;
proxy_ssl_verify on;
#proxy_ssl_server_name off;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;

proxy_read_timeout 1800;
proxy_connect_timeout 1800;
proxy_send_timeout 1800;
send_timeout 1800;
}


Any idea why I always see this error ? Or how to fix it?
The proxy_ssl_trusted_certificate is a valid certificate chain containing an Intermediata as well as a root certificate (in one file)

Thanx in advance,

Torsten
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

openssl 1.1.1d SSL_read() failed in error log (no replies)

March 23, 2020, 6:30 am
$
0
0
I use openssl 1.1.1d, SSL_read() failed in error log.
not often, a few, but what does this mean, thanks.

[crit] ... SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection
[crit] ... SSL_read() failed (SSL: error:14191044:SSL routines:tls1_enc:internal error) while processing HTTP/2 connection

USR2 signal not work, failed to upgrade executable (no replies)

March 24, 2020, 5:38 am
$
0
0
Hello,

Both nginx_new and nginx_old are good, after USR2 signal be sent to the master process, it can not start new master process. I use these steps:

1. cp -f nginx_new nginx_old
2. kill -USR2 $( cat /usr/local/nginx/logs/nginx.pid )
3. ps aux | grep nginx
no new master process, only old master process, error.log show:

[emerg] 19205#0: bind() to 0.0.0.0:80 failed (98: Address already in use)
nginx: [emerg] bind() to 0.0.0.0:80 failed (98: Address already in use)
[emerg] 19205#0: still could not bind()
nginx: [emerg] still could not bind()

Please help, thanks.

Nginx load balancing to keep sessions between IIS servers (no replies)

March 24, 2020, 3:01 pm
$
0
0
I have set up a load balancer with NGINX for two IIS web servers that works with sessions. Here is the NGINX configuration file I have created for the load balancing:

#Log Format
log_format upstreamlog '$server_name to: $upstream_addr [$request] '
'upstream_response_time $upstream_response_time '
'msec $msec request_time $request_time';

#Upstream
upstream mybalancer {
ip_hash;
server server1.com:80;
server server2.com:80;
}

#Server
server {
listen 80;
listen [::]:80;
server_name server3.com;

access_log /var/log/nginx/access.log upstreamlog;

location / {
proxy_pass http://mybalancer;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}

When I make a request to server3.com it gets redirected -for example- to server1.com. Next I make the login, go to a specific page, let's say: server1.com/welcome/maps. Everything is ok.

Now I turn off server1.com, and NGINX redirects me to server2.com, but prompts me to the login page.

My question:

It's possible to configure NGINX to keep the same sessions when one server goes down? This means that -in my example- NGINX could redirect me to server2.com/welcome/maps with the same session.

PD:

I have read on other posts about setting this options:

proxy_cookie_path ~*^/.* /;
add_header "Set-Cookie" "lb=$upstream_http_X_Loadbalance_ID";

but does not works.

svg broken ! (no replies)

March 25, 2020, 7:52 am
$
0
0
Hi,

We've setup Nginx as Edge node. Website is running fine from edge (caching
& proxying requests to origin as required) . However, proxying requests for
..svg showing the following error while origin ndoe loads it fine.

https://i.imgur.com/oYNl7UP.png

Mime-type is also configured in nginx for svg on edge side but issue still
persists:

image/svg+xml svg svgz;

Here is the directive for svg:

https://pastebin.com/1JStJTBC

===========================
Thanks in advance.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

SSL_read() failed on Nginx built with new OpenSSL 1.1.1e (no replies)

March 25, 2020, 8:36 pm
$
0
0
(Please excuse my English)

I built Nginx 1.16.1 (current stable version) with OpenSSL 1.1.1e(newly released), PCRE 8.44 and Zlib 1.2.11.
However, sometimes(not always) the below error logs are generated.


2020/03/26 09:53:19 [crit] 24020#24020: *6 SSL_read() failed (SSL: error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading) while keepalive, client: 68.183.***.***, server: 0.0.0.0:443



The Nginx built with OpenSSL 1.1.1d does not generate the error logs. I don't know how I can fix this problem.
Belows are my Nginx build configuration and nginx.conf.



--*--*--*--*--*--

./configure --with-cc-opt='-g -O2 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2' \
--with-ld-opt='-Wl,-Bsymbolic-functions -fPIE -pie -Wl,-z,relro -Wl,-z,now' \
--prefix=/nginx --user=www-data --group=www-data \
--error-log-path=/nginx/srv/nginx-error.log --http-log-path=/nginx/srv/nginx-access.log \
--pid-path=/nginx/srv/nginx.pid --lock-path=/nginx/srv/nginx.lock \
--with-zlib=../zlib-1.2.11 --with-pcre=../pcre-8.44 --with-openssl=../openssl-1.1.1e \
--with-pcre-jit --with-file-aio --with-threads --with-http_v2_module \
--without-http_uwsgi_module --without-http_scgi_module \
--without-mail_pop3_module --without-mail_imap_module --without-mail_smtp_module \
--with-http_ssl_module --without-http_memcached_module \
--with-http_gunzip_module --with-http_gzip_static_module



--*--*--*--*--*--

worker_processes auto;

events {
worker_connections 1024;
}

http {
include mime.types;
default_type application/octet-stream;

log_format main '$time_iso8601 $remote_addr $status $body_bytes_sent "$request" $remote_user "$http_referer" "$http_user_agent" "$http_x_forwarded_for"';

server_tokens off;
client_max_body_size 10m;
client_body_buffer_size 128k;
client_body_temp_path /var/tmp/ngx_client_body_temp;
proxy_temp_path /var/tmp/ngx_proxy_temp;
fastcgi_temp_path /var/tmp/ngx_proxy_temp;
merge_slashes on;
charset utf-8;
tcp_nopush on;
tcp_nodelay on;
sendfile on;
sendfile_max_chunk 1m;
keepalive_timeout 70s;

gzip on;
gzip_comp_level 5;
gzip_proxied any;
gzip_min_length 1000;
gzip_disable "MSIE [1-6]\.(?!.*SV1)";
gzip_types text/plain text/css text/javascript application/javascript text/x-js application/json application/x-javascript application/octet-stream text/mathml text/xml application/xml application/atom+xml application/rss+xml;
gzip_vary on;
gzip_buffers 16 8k;

server {
server_name myserver.com;
listen 443 ssl http2;
keepalive_timeout 70;

#ref : http://nginx.org/en/docs/http/configuring_https_servers.html

ssl_certificate /etc/letsencrypt/live/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;

ssl_session_cache shared:le_nginx_SSL:50m;
ssl_session_timeout 1d;
ssl_session_tickets off;
ssl_ecdh_curve X25519:sect571r1:secp521r1:secp384r1;
ssl_early_data on;


error_page 400 401 402 403 404 500 502 503 504 /err.html;
location = /err.html {
root /nginx/www;
add_header Set-Cookie "ErrorCode=${status}; path=/;" always;
internal;
}

location / {
root /nginx/www;
index index.html;
try_files $uri $uri/index.html =404;
aio threads;

location ~ \.(css|js|ico|png|gif)$ {
access_log off;
}
}
}
}

Re: 2 locations, 2 _different_ cache valid settings, but same cache & pass-through (no replies)

March 27, 2020, 1:24 am
$
0
0
On Tue, Mar 24, 2020 at 11:15:59PM +0000, randyorbs wrote:

Hi there,

> 4. use _different_ cache valid settings...
> location /foo {
> proxy_pass "http://myhost.io/go";
> proxy_cache shared_cache;
> proxy_cache_valid any 5m;
> }
> location /bar {
> proxy_pass "http://myhost.io/go";
> proxy_cache shared_cache;
> proxy_cache_valid any 10m;
> }
>
> What I have found is that I can request /foo, then /bar and the /bar result will be an immediate HIT on the cache, which is good - the keys are the same and they are both aware of the cache. However, now that I've requested /bar any requests to /foo will result in cache HITs for 10 minutes instead of the 5 minutes I want. If I never hit /bar, then /foo will cache HIT for the correct 5 minutes.
>
> Any thoughts on how I can use NGINX to configure my way into a solution for my unusual (?) use-case?

The nginx cache file structure includes the validity period within the
stored object file.

The system does not care how the object file got there; it cares about
the file name and file contents.

So, "no".

(At least, not without writing your own special-case caching system.)

What is the thing that you want to achieve? Perhaps there is an alternate
way to get to the same desired end result.

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Search

NGINX on windows (5 replies)

March 27, 2020, 10:34 am
$
0
0
HI All,

I'm just wondering what the current limitations on worker_connections are in Windows? Is it 1024 as I can see in some discussions or is it able to be set higher?

Thanks.

Nginx Truncating Logs (1 reply)

March 27, 2020, 11:44 am
$
0
0
Hi,
I am using Java application with NGINX. When my request have large size response body, nginx truncates that logs in access.log file. I have used proxy_buffering off; but that didn't work. Kindly suggest.

NGINX version : 1.10.3

Configure NGINX to deny web socket connections except for certain paths (1 reply)

April 1, 2020, 6:44 am
$
0
0
This will sound a little odd, but we have an NGINX reverse proxy acting as an SSL termination point for a remote desktop web gateway from Microsoft.

Currently, the primary Web Client ingress point is protected by SSL Client Certificates - you must have a valid SSL CLient Certificate to get to the web component.

However, RDWeb from Microsoft still has to establish WSS connections (`wss://...`) to the RD Gateway component - a separate server. The tricky part about this is it uses *only* `wss`. This works fine if the web frontend is open to all, but we want to restrict it so that only one WSS pathway can actually be used and no other WSS requests work.

When attempting to make this work, we've been trying various configurations of location matching ultimately ending with the WSS connections all failing except when passed through directly WITHOUT any restrictions (that is, `location / { ... }` is globally permitted for the gateway component.)

Is there a way to configure NGINX so that it tests the requested wss path *first* before it hands off to the backend, thereby determining if it's permitted or rejected?

proxy_cache_path 'inactive' vs http cache-control / expires headers? (no replies)

April 2, 2020, 9:32 am
$
0
0
I've been doing some experimenting with nginx's proxy caching and
slowly working the kinks out.

From what I read, the cache-control & expires headers take precedence
over the 'proxy_cache_valid' setting, which is great as certain pages
are valid for several hours at a time.

However, I am noticing still a high amount of cache misses... Upon
further investigation I'm thinking (haven't tested it yet) that the
'proxy_cache_path' inactive setting (currently at its default of 10m)
is taking precedence over the above cache-control settings...

Is there any way to tie the 'inactive' time to the cache-control
header expiration time so that pages that are cached in a certain
time-window are always kept and not deleted until after the header
expiration time?
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: (SSL: error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:SSL alert number 50) while reading response header from upstream (no replies)

April 3, 2020, 3:46 am
$
0
0
Hello!

On Thu, Apr 02, 2020 at 01:26:02PM +0000, Liam Moncur wrote:

> Hey,
> I am seeing an issue where nginx seems to get stuck in a loop soon after the above error. From the debug I am seeing:
>
> 2020/04/02 14:09:10 [error] 12875#12875: *338 SSL_read() failed (SSL: error:1409441A:SSL routines:ssl3_read_bytes:tlsv1 alert decode error:SSL alert number 50) while reading response header from upstream, client: 2a00:23c6:8238:6501:54e9:28f4:54e:1a91, server: www.findafishingboat.com, request: "GET /boat-list/fishing-boats-for-sale-over-15m HTTP/2.0", upstream: "https://194.39.167.98:443/boat-list/fishing-boats-for-sale-over-15m", host: "www.findafishingboat.com"
>
> Then shortly after I get a loop of the following:
>
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: -2 "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http output filter "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 lua capture body filter, uri "/boat-list/fishing-boats-for-sale-over-15m"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http postpone filter "/boat-list/fishing-boats-for-sale-over-15m?" 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter: l:0 f:0 s:0
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter limit 0
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: -2 "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http output filter "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http copy filter: "/boat-list/fishing-boats-for-sale-over-15m?"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 lua capture body filter, uri "/boat-list/fishing-boats-for-sale-over-15m"
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http postpone filter "/boat-list/fishing-boats-for-sale-over-15m?" 0000000000000000
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter: l:0 f:0 s:0
> 2020/04/02 14:09:10 [debug] 12875#12875: *338 http write filter limit 0
>
> Any thoughts would be lovely.

First of all, check OpenSSL version you are using.
Running "nginx -V" will show all needed details.

--
Maxim Dounin
http://mdounin.ru/
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Viewing all 7229 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>