Quantcast
Channel: Nginx Forum - Nginx Mailing List - English
Viewing all 7229 articles
Browse latest View live

Nginx crashing my site when adding new config (no replies)

August 19, 2020, 11:53 am
$
0
0
Hello,

I am trying to create a config for a process called Isso, when I do create the config as you can see below Nginx crashes my site. If I remove the Isso Nginx config my site comes back online.
```
nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: en
Active: failed (Result: exit-code) since Wed 2020-08-19 18:04:04 UTC; 11s ago
Docs: man:nginx(8)
Process: 8596 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 -
Process: 20499 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process
Main PID: 335 (code=exited, status=0/SUCCESS)
```

My Nginx config located in /etc/nginx/sites-available and linked to sites-enabled.

```
server {
listen 80;
listen [::]:80;
server_name isso.mydomain.tld;
return 301 https://isso.mydomain.tld$request_uri;

access_log /dev/null;
error_log /dev/null;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name isso.mydomain.tld;

access_log /var/log/nginx/isso-access.log;
error_log /var/log/nginx/isso-error.log;

ssl_certificate /etc/nginx/https/fullchain.pem;
ssl_certificate_key /etc/nginx/https/key.pem;


location / {
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:8080;
}
}
```
Search

Nginx Hackathon! (1 reply)

August 20, 2020, 3:46 pm
$
0
0
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Multiple MAP implementation issue (1 reply)

August 21, 2020, 2:46 pm
$
0
0
I have this map statements

=== This works well ======

map http_header1 var1 {
default "abc"
1a "def"
1b "ghi"

}

map http_header2 var2 {
default "123"
2a "445"
2b "678"
}

map http_header3 finalvar {
default "xxxx"
aaaa $var1
bbbb $var2
}

==========


Now I need to do regex on http_header3..

if I change the last map statement to..

map http_header3 finalvar {
default "xxxx"
~aaaa $var1
~bbbb $var2
}


This causes ERROR too much redirects.. so im confused...

Any input is appreciated.

How to hide Kernel Info & also compile the nginx (1 reply)

August 22, 2020, 7:18 am
$
0
0
Hello,
I have hosted Nginx 1.16.1 on Ubuntu 16.04. Have configured SSL from
LetsEncrypt. Everything is running fine. Only port 80 and 443 are allowed.

During security testing, I see that kernel information is exposed on
domain.Is there any way to hide kernel information using Nginx ?

Can I compile nginx on Ubuntu 16.04 and reuse it on other deployments? Or
do I need to compile every time ? Please advise.

More details at https://bit.ly/30juXpv/plugins/nessus/11936

Is this an attack or a normal request? (no replies)

August 24, 2020, 4:24 am
$
0
0
Hello everyone,

I’m new in the webserver world, and I have a very basic knowledge about
Nginx, so I want apologize in advance if I'm making a stupid question.

I have a very basic webserver hosting a WordPress webpage and in the past 3
days I have receiving thousands of below request:

5.122.236.249 - - [24/Aug/2020:12:30:41 +0200]
"\x1E\x80\xEBol\xDF\x86z\x84\xA4A^\xAF;\xA1\x98\x1B\x0E\xB7\x88\xD3h\x8FyW\xE4\x0F=.\x15\xF7f:9\xF7\xC3\xBB\xB1}n\xA5\x88\x8B\xE7\xF4\x5C\x80\x98=\xE2X\xC8\xD4\x1Bv/\xDC3yAI\xEE\xE6\xFA\xB1\xF3\x90]\x9EG\xFD\x9B\xAB\x9B:\xA7q\x82*\xE1:\x1A
5.122.236.249 - - [24/Aug/2020:12:30:41 +0200] "P\xCE
\x9C\xA9\xB6pS\xD6#1\x84\x22\xB0s\xB8\xAA\x09\x06Ex\xDD\x88\x11\xFC\x0E\xDB\x04\x18~*\xE7h\xD2H\xD422\x83,\xB3u\xDF|\xED\x8BP\x9Box\xA4\x042\xFBz\xAAh\xF9\x14^\x96\xDD\x1D\xF6\xDD*\xF4"
400 173 "-" "-”

This comes from a hundred of different IPs and in many requests at same
time.

Is this kind of DDOS attack or a legitimate request(which my server returns
400 for them)?

If is an attack, has a specific name that I can search and try to
understand it better and mitigate it?

Thank so much for the help.

Best Regards,
Donda


--
Att.
Anderson Donda

*" **Mar calmo não cria bom marinheiro, muito menos bom capitão.**"*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Cache Volume utilized at around 50 % with proxy_cache_min_uses (no replies)

August 25, 2020, 4:41 am
$
0
0
With use of proxy_cache_min_uses volume of cache is getting settled up at around 50% utilization.
No matter what is the volume allocated in max_size its not filling up further beyond 50%.
If the proxy_cache_min_uses is removed the cache gets filled up with max_size allocated volume.

No of files in cache directory is far less beyond the size allocated in key zone. Its getting capped up near 20 Lakhs whereas allocated key zone could have accommodate around 80 L files with below configuration

proxy_cache_path /cache/contentcache keys_zone=content:1000m levels=1:2 max_size=1000g inactive=7d use_temp_path=off;

proxy_cache_min_uses 2;

Cache volume is utilized with above configuration is around 550 GB which is not growing beyond and as inactive is set to 7d so this would have been effective only after 7 days when content should have got deleted if not accessed within 7 days time period.

Writing all the objects on disk is causing high i/o so using proxy_cache_min_uses would have been beneficial with utilizing cache optimally and high cache hit ratio

ת����[PATCH] HTTP/2: check stream identifier other than 0 for GOAWAY frame (no replies)

August 26, 2020, 1:58 am
$
0
0
Hi all,
   This is a patch for HTTP/2 GOAWAY frame process, please refer to the detail.
thanks._______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Selecting a TLS library for Nginx in 2020 (no replies)

August 27, 2020, 1:53 am
$
0
0
I compile Nginx from mainline source and update shortly after each patch/point release. As part of the compile process, I obtain the current OpenSSL source and bake that in with these compile flags:

--with-openssl-opt="enable-ec_nistp_64_gcc_128 shared no-ssl2 no-ssl3 no-weak-ssl-ciphers -fstack-protector-strong" \
--with-openssl=../../openssl-source/openssl-OpenSSL_$openssl_source_version

I understand Nginx can be compiled with other TLS libraries. I also understand this might be 'there be dragons' territory.

I use OpenSSL because it appears to work for my use case. However, I am researching alternative TLS libraries to perhaps use with Nginx.

Heartbleed (2014) alerted me to the issue(s) with OpenSSL and although some time has passed, I am aware that projects like LibreSSL were borne out of a necessity to improve code quality. TLS 1.3 support in LibreSSL is improving, and that's my impetus to investigate a potential change.

If you compile Nginx with a TLS library -- whether it's OpenSSL or not -- I would be grateful if you could tell me what vendor/flavour you use, and a brief note about why you selected it.

Thank you, and best wishes to you from rainy Cornwall, United Kingdom.
Search

Re: NGINX PHP FPM - Download prompt when accessing directories (1 reply)

August 31, 2020, 1:02 am
$
0
0
On Sun, Aug 30, 2020 at 04:43:27PM +0000, Laura Smith wrote:

Hi there,

> I have a largely working NGINX config as below.  The only problem is that when "/administrator" or "/administrator/" or "administrator/foo.php" is called, I always get prompted to download the PHP file rather than it be executed by PHP FPM.  Meanwhile, calls to "/" or "/foo.php" operate as expected  (i.e. executed correctly by PHP FPM).
>

In nginx, one request is handled in one location{}.

Your

>       location ^~ /administrator/ {

will handle all requests that start with /administrator/; that location
does not do any special handling of php requests; all it will do is
serve files from the filesystem.

Depending on how you want the requests handled, possibly removing the
"^~" will work (that would mean that any requests that match other
regex-location{}s will not be handled in this location); or possibly
creating a nested regex location for "~php" within this location will
work (with contents very like the "main" php location).


(Your config seems to want basic authentication for "file" requests,
but not for "php" requests; that may well be what you intend.) (And the
limit_except lines seem redundant with the "if ($request_method" line;
but if what you have works, it works.)

Good luck with it,

f
--
Francis Daly francis@daoine.org
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

How do I add text to a response from a remote URL in NGINX? (no replies)

August 31, 2020, 12:49 am
$
0
0
Hi,

I have the following server in NGINX and it works fine. But, I am wondering is it possible to add text to a response from a remote URL where hosts my before_body.txt and after_body.txt? Is there any way to tackle this? Is it possible at all?

server {
listen 80;

root /storage/path;
index index.html;

server_name test.domain.com;

location / {
try_files $uri $uri/ =404;
add_before_body /src/before_body.txt;
add_after_body /src/after_body.txt;
autoindex on;
}

location /src/ {
alias /storage/path/content/;
}
}

Nginx TCP/UDP Load Balancer (no replies)

August 31, 2020, 3:15 am
$
0
0
Hi, I have 2 turn server. I would like to use Nginx for load balancer them. But I have a problem. When I use the AWS ELB it works perfectly. If I try with Nginx, I got an error.

Remote addr should be client_ip. Nginx, send itself IP address to coturn server.

There are 2 output from AWS ELB and Nginx

AWS Output:

13: handle_udp_packet: New UDP endpoint: local addr coturn_ip:3478 coturn, remote addr client_ip:54203

Nginx Output:

96: handle_udp_packet: New UDP endpoint: local addr coturn_ip:3478, remote addr nginx_ip:59902

repeated reloads lead to unresponsive server (2 replies)

August 31, 2020, 9:07 am
$
0
0
we observe that after several days in service, where the server is reloaded several hundred times a day, it eventually stops responding.

a reload completes, but still all connections time out.
a restart corrects the issue.

is there a limit to the number of times a server permits a reload before it is necessary to restart it.
when the problem starts, entries like the following appear in the nginx error log

ter process /usr/sbin/nginx -g daemon on; master_process on;: /build/nginx-5J5hor/nginx-1.18.0/debian/modules/nchan/src/store/memory/memst\
ore.c:701: nchan_store_init_worker: Assertion `procslot_found == 1' failed.
2020/08/31 12:07:18 [alert] 1451759#1451759: worker process 1500846 exited on signal 6 (core dumped)
2020/08/31 12:07:18 [alert] 1451759#1451759: shared memory zone "memstore" was locked by 1500846

i see no mention of this issue here. but i did note

https://github.com/slact/nchan/issues/446

versions:
root@nl12:~# uname -a
Linux nl12.dydra.com 5.4.0-42-generic #46-Ubuntu SMP Fri Jul 10 00:24:02 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
root@nl12:~# which nginx
/usr/sbin/nginx
root@nl12:~# /usr/sbin/nginx -v
nginx version: nginx/1.18.0 (Ubuntu)

transforming static files (no replies)

August 31, 2020, 10:40 am
$
0
0
i have a bunch of files on a local filesystem (ok, it's NAS) that I serve
up using an nginx docker image, just pointing the doc root to the system i
want to share.

that's fine for my xml files. the users can browse and see then on the
filesystem.

i also have some .bin files that can be converted using a custom java api.
how can i easily hook the bin files to processed through a command on the
system?

java -jar MyTranscoder.jar myInputFile.bin
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Rewrite .htaccess on nginx (no replies)

September 1, 2020, 12:34 pm
$
0
0
i want to do this in nginx

Options All -Indexes
RewriteEngine on

RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]


when converting it as it appears in several forums it gives me this script

user nobody;
worker_processes 1;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;








events {
worker_connections 1024;
}


http {
include mime.types;
default_type application/octet-stream;

#log_format main '$remote_addr - $remote_user [$time_local] "$request" '
# '$status $body_bytes_sent "$http_referer" '
# '"$http_user_agent" "$http_x_forwarded_for"';

#access_log logs/access.log main;

sendfile on;
#tcp_nopush on;

autoindex off;

autoindex off;

location / {
if (!-e $request_filename){
rewrite ^(.*)$ index.php?url=$1 break;
}
}



#keepalive_timeout 0;
keepalive_timeout 65;

#gzip on;

include "C:/laragon/etc/nginx/php_upstream.conf";
include "C:/laragon/etc/nginx/sites-enabled/*.conf";
client_max_body_size 2000M;
server_names_hash_bucket_size 64;





}


DOES NOT START NGIX AND I GET THE FOLLOWING ERROR

SERVICE NGINX CANNOT START RASON :

NGINX EMERG LOCATION IS NOT ALLOWED HERE IN C.\LARAGON\BIN\NGINX\NGINX1.14.0/CONF/NGINX.CONF:37

HELPPPP ME PLEASE

Does NGINX read auth_basic_user_file on every connection? (no replies)

September 2, 2020, 10:28 pm
$
0
0
Hi.

How does NGINX process auth_basic_user_file?

1) Does it read it in entirety on every connection?

2) Does it read it line by line on every connection and stops when a match is found?

3) Does it read it full on start and re-reads it only if the file is changed?

If its either 1 or 2, then is it not very inefficient to read a file on just every connection? If the file has fairly large number of entries (5-10mb), will it not affect the performance of web server in general? There should be some "indexed" approach to this.

Thanks.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Search

nginx last version on windows (no replies)

September 2, 2020, 11:18 pm
$
0
0
hi
today i'm start using nginx 1.19.2

trying to create upload files

and i got this
2020/09/03 08:02:21 [emerg] 8252#1152: unknown directive "upload_pass" in C:\nginx-1.19.2/conf/vhost/ug04.cn.center.conf:43

my config

server
{
listen 82;
server_name 192.168.1.2;
index index.html index.htm index.php;
root /nginx-1.19.2/html/center/manager/sites/cp;

client_max_body_size 500m;
location /nginx-1.19.2/html/center/manager/app/cp/views {
upload_pass /nginx-1.19.2/html/center/upload;
upload_store /dev/shm;

upload_store_access user:r;

upload_set_form_field $upload_field_name[name] "$upload_file_name";
upload_set_form_field $upload_field_name[content_type] "$upload_content_type";
upload_set_form_field $upload_field_name[path] "$upload_tmp_path";

upload_aggregate_form_field "$upload_field_name[md5]" "$upload_file_md5";
upload_aggregate_form_field "$upload_field_name[size]" "$upload_file_size";
upload_pass_form_field "^.*$";
upload_cleanup 400 404 499 500-505;
}


i search like a 2 day and fail with it i found upload module but i can't install it in windows
any idea ?
thanks

Worker process core dumped (3 replies)

September 3, 2020, 5:42 am
$
0
0
version: 1.17.8

debug log:
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
2020/09/03 14:09:21 [error] 320#320: *873195 upstream timed out (110: Connection timed out) while connecting to upstream, client: 10.68.23.2, server: , request: "POST /api/hmf-controller/v1/cometd/handshake HTTP/1.1", upstream: "http://172.30.8.71:12280/api/hmf-controller/v1/cometd/handshake", host: "10.226.208.117:28001", referrer: "https://10.226.208.117:28001/uportal/framework/default.html"
2020/09/03 14:09:21 [debug] 320#320: *873195 finalize http upstream request: 504
2020/09/03 14:09:21 [debug] 320#320: *873195 finalize http proxy request
2020/09/03 14:09:21 [debug] 320#320: *873195 close http upstream connection: 359
2020/09/03 14:09:21 [debug] 320#320: *873195 free: 0000000000E1A110, unused: 48
2020/09/03 14:09:21 [debug] 320#320: *873195 reusable connection: 0
2020/09/03 14:09:21 [debug] 320#320: *873195 http finalize request: 504, "/api/hmf-controller/v1/cometd/handshake?" a:1, c:1
2020/09/03 14:09:21 [debug] 320#320: *873195 http special response: 504, "/api/hmf-controller/v1/cometd/handshake?"
2020/09/03 14:09:21 [debug] 320#320: *873195 headers more header filter, uri "/api/hmf-controller/v1/cometd/handshake"
2020/09/03 14:09:21 [debug] 320#320: *873195 lua header filter for user lua code, uri "/api/hmf-controller/v1/cometd/handshake"
2020/09/03 14:09:21 [debug] 320#320: *873195 code cache lookup (key='header_filter_by_lua_nhli_08c8ad024deaf339a3f72ac205896eb4', ref=3)
2020/09/03 14:09:21 [debug] 320#320: *873195 code cache hit (key='header_filter_by_lua_nhli_08c8ad024deaf339a3f72ac205896eb4', ref=3)
2020/09/03 14:09:21 [debug] 320#320: shmtx lock
2020/09/03 14:09:21 [debug] 320#320: shmtx unlock
2020/09/03 14:09:21 [debug] 320#320: shmtx lock
2020/09/03 14:09:21 [debug] 320#320: shmtx unlock
2020/09/03 14:09:21 [debug] 320#320: *873195 [lua] base_plugin.lua:36: header_filter(): executing plugin "msb_admin_controller": header_filter
2020/09/03 14:09:21 [debug] 320#320: *873195 [lua] base_plugin.lua:36: header_filter(): executing plugin "hide-dexmesh-error-stack": header_filter
2020/09/03 14:09:21 [debug] 320#320: *873195 [lua] base_plugin.lua:36: header_filter(): executing plugin "addheaders": header_filter
2020/09/03 14:09:21 [debug] 320#320: *873195 [lua] base_plugin.lua:36: header_filter(): executing plugin "divide": header_filter
2020/09/03 14:09:21 [debug] 320#320: *873195 [lua] base_plugin.lua:36: header_filter(): executing plugin "redirect-transformer-plugin": header_filter
2020/09/03 14:09:21 [debug] 320#320: *873195 [lua] base_plugin.lua:36: header_filter(): executing plugin "auth-plugin": header_filter
2020/09/03 14:09:21 [debug] 320#320: shmtx lock
2020/09/03 14:09:21 [debug] 320#320: shmtx unlock
2020/09/03 14:09:21 [debug] 320#320: shmtx lock
2020/09/03 14:09:21 [debug] 320#320: shmtx unlock
2020/09/03 14:09:21 [debug] 320#320: *873195 lua capture header filter, uri "/api/hmf-controller/v1/cometd/handshake"
2020/09/03 14:09:21 [debug] 320#320: *873195 HTTP/1.1 504 Gateway Time-out
2020/09/03 14:09:21 [debug] 320#320: *873195 write new buf t:1 f:0 0000000001C340D8, pos 0000000001C340D8, size: 348 file: 0, size: 0
2020/09/03 14:09:21 [debug] 320#320: *873195 http write filter: l:0 f:0 s:348
2020/09/03 14:09:21 [debug] 320#320: *873195 http output filter "/api/hmf-controller/v1/cometd/handshake?"
2020/09/03 14:09:21 [debug] 320#320: *873195 http copy filter: "/api/hmf-controller/v1/cometd/handshake?"
2020/09/03 14:09:21 [debug] 320#320: *873195 lua capture body filter, uri "/api/hmf-controller/v1/cometd/handshake"
2020/09/03 14:09:21 [debug] 320#320: *873195 http postpone filter "/api/hmf-controller/v1/cometd/handshake?" 0000000001C343C0
2020/09/03 14:09:21 [debug] 320#320: *873195 write old buf t:1 f:0 0000000001C340D8, pos 0000000001C340D8, size: 348 file: 0, size: 0
2020/09/03 14:09:21 [debug] 320#320: *873195 write new buf t:0 f:0 0000000000000000, pos 0000000000A64620, size: 114 file: 0, size: 0
2020/09/03 14:09:21 [debug] 320#320: *873195 write new buf t:0 f:0 0000000000000000, pos 0000000000A65960, size: 41 file: 0, size: 0
2020/09/03 14:09:21 [debug] 320#320: *873195 write new buf t:0 f:0 0000000000000000, pos 0000000000A657C0, size: 402 file: 0, size: 0
2020/09/03 14:09:21 [debug] 320#320: *873195 http write filter: l:1 f:0 s:905
2020/09/03 14:09:21 [debug] 320#320: *873195 http write filter limit 0
2020/09/03 14:09:21 [debug] 320#320: *873195 malloc: 0000000001AE0030:16384
2020/09/03 14:09:21 [debug] 320#320: *873195 SSL buf copy: 348
2020/09/03 14:09:21 [debug] 320#320: *873195 SSL buf copy: 114
2020/09/03 14:09:21 [debug] 320#320: *873195 SSL buf copy: 41
2020/09/03 14:09:21 [debug] 320#320: *873195 SSL buf copy: 402
2020/09/03 14:09:21 [debug] 320#320: *873195 SSL to write: 905
2020/09/03 14:09:21 [debug] 320#320: *873195 SSL_write: 905
2020/09/03 14:09:21 [debug] 320#320: *873195 http write filter 0000000000000000
2020/09/03 14:09:21 [debug] 320#320: *873195 http copy filter: 0 "/api/hmf-controller/v1/cometd/handshake?"
2020/09/03 14:09:21 [debug] 320#320: *873195 http finalize request: 0, "/api/hmf-controller/v1/cometd/handshake?" a:1, c:1
2020/09/03 14:09:21 [debug] 320#320: *873195 set http keepalive handler
2020/09/03 14:09:21 [debug] 320#320: *873195 http close request
2020/09/03 14:09:21 [debug] 320#320: *873195 lua request cleanup: forcible=0
2020/09/03 14:09:21 [debug] 320#320: *873195 lua log handler, uri:"/api/hmf-controller/v1/cometd/handshake" c:1
2020/09/03 14:09:21 [debug] 320#320: *873195 code cache lookup (key='nhlf_9c4416184f27253b6f5f86c35c6afc6b', ref=4)
2020/09/03 14:09:21 [debug] 320#320: *873195 code cache hit (key='nhlf_9c4416184f27253b6f5f86c35c6afc6b', ref=4)
2020/09/03 14:09:21 [info] 320#320: *873195 [lua] logger.lua:27: 5382af7ecb49a6a9ce6f006cf859799b {"matched":"hmf-controller","auth-plugin add Z-EXTENT":true,"svc_type":"api"} while logging request, client: 10.68.23.2, server: , request: "POST /api/hmf-controller/v1/cometd/handshake HTTP/1.1", upstream: "http://172.30.8.71:12280/api/hmf-controller/v1/cometd/handshake", host: "10.226.208.117:28001", referrer: "https://10.226.208.117:28001/uportal/framework/default.html"
2020/09/03 14:09:21 [debug] 320#320: fetching key "ranoss|hmf-controller|v1|172.30.8.71:12280-2-start_time" in shared dict "metrics"
2020/09/03 14:09:21 [debug] 320#320: shmtx lock
2020/09/03 14:09:21 [debug] 320#320: shmtx unlock
2020/09/03 14:09:21 [debug] 320#320: shmtx lock
2020/09/03 14:09:21 [debug] 320#320: shmtx unlock
2020/09/03 14:09:21 [debug] 320#320: shmtx lock
2020/09/03 14:09:21 [debug] 320#320: shmtx unlock
2020/09/03 14:09:21 [debug] 320#320: shmtx lock
2020/09/03 14:09:21 [debug] 320#320: shmtx unlock
2020/09/03 14:09:21 [debug] 320#320: *873195 [lua] base_plugin.lua:40: log(): executing plugin "msb_admin_controller": log
2020/09/03 14:09:21 [debug] 320#320: *873195 [lua] base_plugin.lua:40: log(): executing plugin "hide-dexmesh-error-stack": log
2020/09/03 14:09:21 [debug] 320#320: *873195 [lua] base_plugin.lua:40: log(): executing plugin "addheaders": log
2020/09/03 14:09:21 [debug] 320#320: *873195 [lua] base_plugin.lua:40: log(): executing plugin "divide": log
2020/09/03 14:09:21 [debug] 320#320: *873195 [lua] base_plugin.lua:40: log(): executing plugin "redirect-transformer-plugin": log
2020/09/03 14:09:21 [debug] 320#320: *873195 [lua] base_plugin.lua:40: log(): executing plugin "auth-plugin": log
2020/09/03 14:09:21 [debug] 320#320: shmtx lock
2020/09/03 14:09:21 [debug] 320#320: shmtx unlock
2020/09/03 14:09:21 [debug] 320#320: fetching key "circuitbreaker.ranoss.hmf-controller.v1.2020-09-03T01:06:36Z.172.30.8.71:12280.status" in shared dict "circuitbreaker"
2020/09/03 14:09:21 [debug] 320#320: shmtx lock
2020/09/03 14:09:21 [debug] 320#320: shmtx unlock
2020/09/03 14:09:21 [debug] 320#320: *873195 http log handler
2020/09/03 14:09:21 [debug] 320#320: *873195 http map started
2020/09/03 14:09:21 [debug] 320#320: *873195 http script var: "504"
2020/09/03 14:09:21 [debug] 320#320: *873195 http map: "504" "1"
2020/09/03 14:09:21 [debug] 320#320: *873195 http script var: "1"
2020/09/03 14:09:21 [debug] 320#320: *873195 posix_memalign: 0000000001343E90:4096 @16
2020/09/03 14:09:21 [debug] 320#320: *873195 run cleanup: 0000000001C32EB8
2020/09/03 14:09:21 [debug] 320#320: lua release ngx.ctx at ref 121
2020/09/03 14:09:21 [debug] 320#320: *873195 free: 0000000001C315F0, unused: 0
2020/09/03 14:09:21 [debug] 320#320: *873195 free: 0000000001C32600, unused: 0
2020/09/03 14:09:21 [debug] 320#320: *873195 free: 0000000001C33610, unused: 189
2020/09/03 14:09:21 [debug] 320#320: *873195 free: 0000000001343E90, unused: 3568
2020/09/03 14:09:21 [debug] 320#320: *873195 free: 0000000000C404B0
2020/09/03 14:09:21 [debug] 320#320: *873195 hc free: 0000000000000000
2020/09/03 14:09:21 [debug] 320#320: *873195 hc busy: 0000000000000000 0
2020/09/03 14:09:21 [debug] 320#320: *873195 free: 0000000001AE0030
2020/09/03 14:09:28 [alert] 46#46: worker process 320 exited on signal 11 (core dumped)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

coredump backtrace:
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Program terminated with signal SIGSEGV, Segmentation fault.
#0 ngx_http_set_keepalive (r=0x1c31640) at src/http/ngx_http_request.c:3178
3178 if (r->headers_out.persist_front_end_connection && !c->tcp_keepalive) {
(gdb) bt
#0 ngx_http_set_keepalive (r=0x1c31640) at src/http/ngx_http_request.c:3178
#1 ngx_http_finalize_connection (r=0x1c31640) at src/http/ngx_http_request.c:2720
#2 0x00000000004aca34 in ngx_http_upstream_handler (ev=0x15431d0) at src/http/ngx_http_upstream.c:1290
#3 0x0000000000478776 in ngx_event_expire_timers () at src/event/ngx_event_timer.c:94
#4 0x0000000000478405 in ngx_process_events_and_timers (cycle=cycle@entry=0xdf7540) at src/event/ngx_event.c:271
#5 0x000000000048120d in ngx_worker_process_cycle (cycle=0xdf7540, data=<optimized out>) at src/os/unix/ngx_process_cycle.c:821
#6 0x000000000047f7de in ngx_spawn_process (cycle=cycle@entry=0xdf7540, proc=0x4811c0 <ngx_worker_process_cycle>, data=0x0, name=0x74ad49 "worker process",
respawn=respawn@entry=6) at src/os/unix/ngx_process.c:199
#7 0x0000000000482873 in ngx_reap_children (cycle=0xdf7540) at src/os/unix/ngx_process_cycle.c:688
#8 ngx_master_process_cycle (cycle=0xdf7540, cycle@entry=0xb041a0) at src/os/unix/ngx_process_cycle.c:181
#9 0x0000000000455e79 in main (argc=<optimized out>, argv=<optimized out>) at src/core/nginx.c:385
(gdb) p r
$1 = (ngx_http_request_t *) 0x1c31640
(gdb) p c
$2 = (ngx_connection_t *) 0x7fb482641fa8
(gdb) p *r
Cannot access memory at address 0x1c31640
(gdb) p *c
$3 = {data = 0x13f5f50, read = 0x14587a0, write = 0x1542db0, fd = 168, recv = 0x489bf0 <ngx_ssl_recv>, send = 0x4890e0 <ngx_ssl_write>,
recv_chain = 0x48a2f0 <ngx_ssl_recv_chain>, send_chain = 0x489420 <ngx_ssl_send_chain>, listening = 0x11e21a0, sent = 905, log = 0x13f5ef0, pool = 0x13f5e90, type = 1,
sockaddr = 0x13f5ee0, socklen = 16, addr_text = {len = 10, data = 0x13f5f40 "10.68.23.2.2"}, proxy_protocol = 0x0, ssl = 0x13f5fa8, udp = 0x0,
local_sockaddr = 0x13f6060, local_socklen = 16, buffer = 0x13f6000, queue = {prev = 0x0, next = 0x0}, number = 873195, requests = 15, buffered = 0, log_error = 2,
timedout = 0, error = 0, destroyed = 1, idle = 0, reusable = 0, close = 0, shared = 0, sendfile = 1, sndlowat = 0, tcp_nodelay = 1, tcp_nopush = 0, need_last_buf = 0,
tcp_keepalive = 0, logged = 0, sendfile_task = 0x0}
(gdb)
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------


It looks like the "r" is not accessable, but I remember the "request" objects are pre-allocated NOT in the heap?

Unable to proxy pass to https backend on nginx (no replies)

September 6, 2020, 7:15 am
$
0
0
I am unable to reverse proxy to my https backend. what am i doing wrong? I am using the same set of cert for the backend and frontend as I am running them both on the same machine. I got my certificates from zerossl. Here is the error I get :

curl --cacert /etc/ssl/certs/ca_bundle.crt https://www.ravi.guru

<html>
<head><title>502 Bad Gateway</title></head>
<body>
<center><h1>502 Bad Gateway</h1></center>
<hr><center>nginx/1.16.1</center>
</body>
</html>
In my /var/log/nginx/error.log I get this:

2020/09/06 01:50:53 [error] 2603#0: *4 upstream SSL certificate verify error: (2:unable to get > issuer certificate) while SSL handshaking to upstream, client: 192.168.103.15, server: www.ravi.guru, request: "GET / HTTP/1.1", upstream: "https://192.168.103.15:8080/", host: "www.ravi.guru"

When I connect to backend directly, all goes well:

curl --cacert /etc/ssl/certs/ca_bundle.crt https://www.ravi.guru:8080

hi


my index.html is a file with an entry "hi"

===============
Here is my config file
===============


server {
listen 443 http2 ssl;
server_name www.ravi.guru;
ssl_certificate /etc/ssl/certs/certificate.crt;
ssl_certificate_key /etc/ssl/private/private.key;
ssl_trusted_certificate /etc/ssl/certs/ca_bundle.crt;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;


location / {
proxy_pass https://www.ravi.guru:8080;
proxy_ssl_certificate /etc/ssl/certs/certificate.crt;
proxy_ssl_certificate_key /etc/ssl/private/private.key;
proxy_ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
proxy_ssl_trusted_certificate /etc/ssl/certs/ca_bundle.crt;
proxy_ssl_verify on;
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
}
}
server {
listen 8080 http2 ssl;
#listen [::]:443 http2 ssl;

server_name www.ravi.guru;

ssl_certificate /etc/ssl/certs/certificate.crt;
ssl_certificate_key /etc/ssl/private/private.key;
ssl_trusted_certificate /etc/ssl/certs/ca_bundle.crt;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
root /var/www/ravi.guru/html;

index index.html index.htm index.nginx-debian.html;
}

configuration test ignores custom resolver (no replies)

September 6, 2020, 10:04 pm
$
0
0
Hi everyone!

Unfortunately, I can't find information about how Nginx tests
configuration files.

In my case I have a two internal DNS zones, .develop and .test.

On global http section I added my resolver:

...

http {
    resolver 192.168.140.249 valid=300s;
    resolver_timeout 1s;

...

And I use proxy_pass directive with DNS name likeproxy_pass
http://front-dev.develop;

I expect, that Nginx start to use resolver for upstream name resolving
on test config stage.

But everything go wrong...

On strace output I see, that on start Nginx uses system resolver,
ignoring custom resolver from config.

Can anyone help with this? What I do wrong?

Regards,

Anton.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Could backup request (or hedged requests ) be supported ? (no replies)

September 7, 2020, 8:44 pm
$
0
0
Hi:
In my work, I use nginx as a http proxy between diffreent services. As we
know, Envoy is also a very famous proxy. I have noticed that envoy has a
function called 'hedged requests'
https://www.envoyproxy.io/docs/envoy/v1.12.2/intro/arch_overview/http/http_routing#request-hedging
. This means that Envoy will race multiple simultaneous upstream requests
and return the response associated with the first acceptable response
headers to the downstream.
so ,could nginx support this function ? I have tried to do some change in
ngx_http_upstream.c. But I found that too much code needs to be changed to
accomplish this function, it's too difficult for me.
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Viewing all 7229 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>