Re: Request for a "no capture" rewrite directive enhancement

[B.R.]

Yup the location directive uses the PCRE library to interpret regex.
Its docs doesn't mention that the regex are PCRE, but the hint is given
away on the build from sources page.

It reminds me that not so long ago I mixed up named captures and
subpatterns syntax trying to play with PCRE in location... but that is
another story ;o)

Glad I could help!
---
*B. R.*


On Thu, May 29, 2014 at 4:09 AM, Peter Mescalchin <
peter.mescalc...@gmail.com> wrote:

> Fantastic Igor - I didn't know that you could do named captures in Nginx -
> good to know.
>
> That solves it rather nicely.
>
> And thanks B.R. - yep, that syntax is part of PCRE.
>
>
>   Pete
>
>
>
> > I think Igor is suggesting PERL named captures.
> >
> > Although, it appears to me the correct syntax would rather be
> (?...),
> > as perlre docs  >state.
> > Then, just use you first syntax (omitting the 'set' directives).
> > ---
> > *B. R.*
> >
> >
> > On Wed, May 28, 2014 at 12:02 PM, Igor Sysoev  wrote:
> >
> > > On 28 May 2014, at 08:55, Peter Mescalchin  gmail.com>
> > > wrote:
> > >
> > > Thanks Igor,
> > >
> > >I had explored that method already, sadly (as you know) "alias" is
> > > given as an absolute path meaning I can't use this block of config
> within
> > > multiple virtual hosts which I include; - would have to re-write this
> same
> > > block of config for each Virtual host modifying the alias path prefix.
> > >
> > > And since alias man page explicitly states that $document_root can't be
> > > used it's not possible to complete this config in a reusable way. (e.g.
> > > alias $document_root/path/to/$1/$2; would be perfect).
> > >
> > > Alas, I think what I have (storing the captures in temp vars) is the
> only
> > > real solution thus far.
> > >
> > > Unless the penny hasn't dropped in my head? :)
> > >
> > >
> > > Then you can set these variable directly in regex:
> > > location ~
> "^/[a-f0-9]{16}/(css|js)/(.+)” {
> > >
> > >
> > > --
> > > Igor Sysoev
> > > http://nginx.com
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Request for a "no capture" rewrite directive enhancement

[Peter Mescalchin]

Fantastic Igor - I didn't know that you could do named captures in Nginx -
good to know.

That solves it rather nicely.

And thanks B.R. - yep, that syntax is part of PCRE.


  Pete



> I think Igor is suggesting PERL named captures.
>
> Although, it appears to me the correct syntax would rather be
(?...),
> as perlre docs state.
> Then, just use you first syntax (omitting the 'set' directives).
> ---
> *B. R.*
>
>
> On Wed, May 28, 2014 at 12:02 PM, Igor Sysoev  wrote:
>
> > On 28 May 2014, at 08:55, Peter Mescalchin 
> > wrote:
> >
> > Thanks Igor,
> >
> >I had explored that method already, sadly (as you know) "alias" is
> > given as an absolute path meaning I can't use this block of config
within
> > multiple virtual hosts which I include; - would have to re-write this
same
> > block of config for each Virtual host modifying the alias path prefix.
> >
> > And since alias man page explicitly states that $document_root can't be
> > used it's not possible to complete this config in a reusable way. (e.g.
> > alias $document_root/path/to/$1/$2; would be perfect).
> >
> > Alas, I think what I have (storing the captures in temp vars) is the
only
> > real solution thus far.
> >
> > Unless the penny hasn't dropped in my head? :)
> >
> >
> > Then you can set these variable directly in regex:
> > location ~
"^/[a-f0-9]{16}/(css|js)/(.+)” {
> >
> >
> > --
> > Igor Sysoev
> > http://nginx.com
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: NGINX: Reverse Proxy (SSL) with non-ssl backend

[Steve Wilson]

It's late and I'm about to go to bed so I've not checked the docs on
this but ...

add_header Front-End-Https   on;

I suspect this is meant to be proxy_add_header and meant so php can
detect the client is accessing via https.

If my memory is correct on this it's likely that php could be sending a
redirect (302) to https:... which your browser's following, hence the
seeming page refresh.

It might be worth creating a php page with the magical  and
accessing it through nginx and apache to see if there's anything
obvious, and the "Front-End-Https" header when through nginx.

Steve.

On 26/05/2014 10:11, Nelson Manuel Marques wrote:
> 
> Hi,
> 
> I currently run a small system which consists on an Apache HTTP with PHP 
> (8080) backend (no SSL on localhost) with a Varnish HTTP accelerator on Port 
> 9000 (localhost) and a NGINX reverse proxy (SSL).
> 
> I am facing a small issue with this setup, mainly, when I select checkboxes 
> and friends and hit submit (ex; application setup) nothing happens… Boxes get 
> unticket and I remain in the same screen. If bind Apache or Varnish on all 
> interfaces and hit their ports directly, everything works. I believe this 
> might be an issue with my nginx setup.
> 
> My nginx configuration (vhost, nginx.conf is the default):
> 
> 
> 
> server {
> listen80;
> server_name   foobar.local;
> return 301https://foobar.local/$request_uri;
> }
> 
> server {
> listen443 ssl;
> server_name   foobar.local;
># virtual host error and access logs in /var/log/nginx
> access_log/var/log/nginx/foobar.local-access.log;
> error_log /var/log/nginx/foobar.local.vm-error.log;
> # gzip compression configuration
> gzip  on;
> gzip_comp_level   7;
> gzip_min_length   1000;
> gzip_proxied  any;
> # SSL configuration; generated cert
> keepalive_timeout 60;
> ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers 
> ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DS
> S;
> ssl_certificate   /etc/nginx/certs/self-ssl.crt;
> ssl_certificate_key   /etc/nginx/certs/self-ssl.key;
> ssl_session_cache shared:SSL:5m;
> ssl_session_timeout   5m;
> ssl_prefer_server_ciphers  on;
> 
> client_max_body_size 2M;
> 
> location / {
> proxy_pass http://127.0.0.1:8080/;
> add_header Front-End-Https   on;
> proxy_next_upstreamerror timeout invalid_header http_500 
> http_502 http_503 http_504;
> #proxy_set_header   Accept-Encoding   "";
> proxy_set_header   Host$http_host;
> proxy_set_header   X-Real-IP   $remote_addr;
> proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
> allow all;
> proxy_ignore_client_abort on;
> proxy_redirect off;
> }
> }
> 
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> 

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: NGINX: Reverse Proxy (SSL) with non-ssl backend

[Francis Daly]

On Mon, May 26, 2014 at 10:11:27AM +0100, Nelson Manuel Marques wrote:

Hi there,

> I am facing a small issue with this setup, mainly, when I select checkboxes 
> and friends and hit submit (ex; application setup) nothing happens…

Can you rephrase this in the form of "I make this http request and I
get that http response but I expect this other http response"?

Or: what do the nginx logs say about how the incoming request was handled?

f
-- 
Francis Dalyfran...@daoine.org

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx add trailing slash with wrong port

[Francis Daly]

On Sat, May 24, 2014 at 02:53:21PM -0400, luc2 wrote:

Hi there,

> nginx rewrites :
> 
> > http://localhost:8081/files
> 
> to :
> 
> > http://localhost:81/files/ # wrong port !

> is it possible to configure nginx to behave like apache ?

No.

If your use case is restricted to one of the two mentioned below, then
you might be able to fake it adequately.

nginx does not have a config option to do what you seem to want, which
is "use the incoming http Host: header value in any generated Location:
response header".

Using "port_in_redirect", you can auto-include either no port at all,
or whichever port the connection actually came to nginx on (which will
be one of the ports listed or implied in the "listen" directives).

If you don't want to patch the code to add your use case, then

* if you have a fixed list of redirections, you could add a number of
locations of the form

  location = /dir1 { return 301 $scheme://$http_host/dir1/; }

* or if there is exactly one host/port that you will always want to return
(e.g. server:8081), then you could

  port_in_redirect off;
  server_name_in_redirect on;
  server_name server:8081;

But otherwise, I don't think it can be done.

f
-- 
Francis Dalyfran...@daoine.org

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Header Vary: Accept-Encoding - security risk ?

[chili_confits]

Dear list,

I have enabled gzip with
  ...
  gzip on;
  gzip_http_version 1.0;
  gzip_vary on;
  ...
to satisfy incoming HTTP 1.0 requests.

In a very similiar setup which got OWASP-evaluated, I read this - marked as
a defect:
"The web server sent a Vary header, which indicates that server-driven
negotiation was done to determine which content should be delivered. This
may indicate that different content is available based on the headers in the
HTTP request."
IMHO this is a false positive ...

This is what I send:
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 27 May 2014 17:55:23 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
Content-Length: ...
...

What do you think ?

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,250449,250449#msg-250449

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Can anyone tell me how to delete spam pages on the wiki?

[sarah.novotny]

hi!

thanks for the offer for help.  send me an email sa...@nginx.com and i’ll get 
you set up.

sarah


From: talkingnews nginx-fo...@nginx.us
Reply: nginx@nginx.org nginx@nginx.org
Date: May 28, 2014 at 11:29:17 AM
To: nginx@nginx.org nginx@nginx.org
Subject:  Can anyone tell me how to delete spam pages on the wiki?  

Click this:  
http://wiki.nginx.org/index.php?title=Special:Search&limit=500&offset=0&redirs=1&profile=default&search=a+
  

See the problem?! I stopped counting at 500 pages. It gets kinda tedious  
searching for info to end up wading through wedding dress and SEO spam and  
finding out "how to finger you woman".  

I can't seem to do anything except "blank" the pages - my wiki username is  
talkingnews. If someone can give me "the power", I promise not to be  
malicious, but when I get a spare 10 minutes from time to time I'll go  
through and delete 100 or so spams.  

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,250445,250445#msg-250445  

___  
nginx mailing list  
nginx@nginx.org  
http://mailman.nginx.org/mailman/listinfo/nginx  
-- 
sarah.novotny

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Can anyone tell me how to delete spam pages on the wiki?

[talkingnews]

Click this:
http://wiki.nginx.org/index.php?title=Special:Search&limit=500&offset=0&redirs=1&profile=default&search=a+

See the problem?! I stopped counting at 500 pages. It gets kinda tedious
searching for info to end up wading through wedding dress and SEO spam and
finding out "how to finger you woman".

I can't seem to do anything except "blank" the pages - my wiki username is
talkingnews. If someone can give me "the power", I promise not to be
malicious, but when I get a spare 10 minutes from time to time I'll go
through and delete 100 or so spams.

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,250445,250445#msg-250445

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Etags and Load-balanced environmetn

[Maxim Dounin]

Hello!

On Wed, May 28, 2014 at 06:55:17PM +0200, Lau Buru wrote:

> Hi,
> 
> I've got 3 NGinx servers running under a load balancer. I've got ETags
> successfuly configured but the problem is that each server presents
> different ETag tag for the same content:
> 
>   ETag: "531ee076-6b"
>   ETag: "531edf6a-6b"
>   ETag: "531ede5f-6b"
>   ETag: "531edd4f-6b"

That's because you've failed to sync file modification time between 
servers.

> I've read that NGinx is using inode for calculating the ETag so it's
> obvious that we will never get the same ETag for the same file in
> different servers. I know I could get this if I use shared disk but this
> is not an option for me.

You've read something totally wrong.  If you can remember where 
you read it, add the source to your blacklist (and you may also 
share it for others to do the same).

> I wonder if it's on schedule to implement FileEtag directive as exists
> in Apache (http://httpd.apache.org/docs/2.0/mod/core.html#fileetag),
> this would solve these kind of problems.

The default and the only option is to use file modification time 
and size.  Problems with inode number are well known and were 
avoided in nginx from the initial introduction of the entity tags 
support.

-- 
Maxim Dounin
http://nginx.org/

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Etags and Load-balanced environmetn

[Lau Buru]

Hi,

I've got 3 NGinx servers running under a load balancer. I've got ETags
successfuly configured but the problem is that each server presents
different ETag tag for the same content:

  ETag: "531ee076-6b"
  ETag: "531edf6a-6b"
  ETag: "531ede5f-6b"
  ETag: "531edd4f-6b"

I've read that NGinx is using inode for calculating the ETag so it's
obvious that we will never get the same ETag for the same file in
different servers. I know I could get this if I use shared disk but this
is not an option for me.

I wonder if it's on schedule to implement FileEtag directive as exists
in Apache (http://httpd.apache.org/docs/2.0/mod/core.html#fileetag),
this would solve these kind of problems.

Thanks a lot,
Lau Buru

-- 
Posted via http://www.ruby-forum.com/.

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Request for a "no capture" rewrite directive enhancement

[Igor Sysoev]

On 28 May 2014, at 19:39, B.R.  wrote:

> I think Igor is suggesting PERL named captures.
> 
> Although, it appears to me the correct syntax would rather be (?...), 
> as perlre docs state.
> Then, just use you first syntax (omitting the 'set' directives).


You a re right, I have mistaken.


--   
Igor Sysoev
http://nginx.com

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Request for a "no capture" rewrite directive enhancement

[B.R.]

I think Igor is suggesting PERL named captures.

Although, it appears to me the correct syntax would rather be (?...),
as perlre docs state.
Then, just use you first syntax (omitting the 'set' directives).
---
*B. R.*


On Wed, May 28, 2014 at 12:02 PM, Igor Sysoev  wrote:

> On 28 May 2014, at 08:55, Peter Mescalchin 
> wrote:
>
> Thanks Igor,
>
>I had explored that method already, sadly (as you know) "alias" is
> given as an absolute path meaning I can't use this block of config within
> multiple virtual hosts which I include; - would have to re-write this same
> block of config for each Virtual host modifying the alias path prefix.
>
> And since alias man page explicitly states that $document_root can't be
> used it's not possible to complete this config in a reusable way. (e.g.
> alias $document_root/path/to/$1/$2; would be perfect).
>
> Alas, I think what I have (storing the captures in temp vars) is the only
> real solution thus far.
>
> Unless the penny hasn't dropped in my head? :)
>
>
> Then you can set these variable directly in regex:
> location ~ "^/[a-f0-9]{16}/(css|js)/(.+)” {
>
>
> --
> Igor Sysoev
> http://nginx.com
>
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Caching servers in Local ISPs !!

[shahzaib shahzaib]

Right. I'll proceed with my research and get back to you with better
approach . :)
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Request for a "no capture" rewrite directive enhancement

[Igor Sysoev]

On 28 May 2014, at 08:55, Peter Mescalchin  wrote:

> Thanks Igor,
> 
>I had explored that method already, sadly (as you know) "alias" is given 
> as an absolute path meaning I can't use this block of config within multiple 
> virtual hosts which I include; - would have to re-write this same block of 
> config for each Virtual host modifying the alias path prefix.
> 
> And since alias man page explicitly states that $document_root can't be used 
> it's not possible to complete this config in a reusable way. (e.g. alias 
> $document_root/path/to/$1/$2; would be perfect).
> 
> Alas, I think what I have (storing the captures in temp vars) is the only 
> real solution thus far.
> 
> Unless the penny hasn't dropped in my head? :)

Then you can set these variable directly in regex:
location ~ "^/[a-f0-9]{16}/(css|js)/(.+)” {


--   
Igor Sysoev
http://nginx.com

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Caching servers in Local ISPs !!

[itpp2012]

shahzaib1232 Wrote:
---
> Thanks itpp. So according to you the more preferable way is
> non-caching
> replication of main content servers to local ISP servers and than run
> rsync
> periodically for replication. So if file not found in local ISP nginx,
> it
> should forward request to main content server using try_files method ?
> 
> @itpp22, proxy_cache is eating too much memory and cpu on local testing.
1
> nginx process was using 1G of Ram and load-avg reached to 22, eventually
> local server got killed.

> Local server specs are : 8cores and 4G ram.

> Looks like proxy_cache will not be suitable method for 3000+ concerrent
> connections on local ISP caching server.

A HLD should have pointed that out :)
You should change your thinking what caching actually is, just because some
functionality is called 'caching' it doesn't mean anything else is not.

If exist do {
present local via local interfaces
} else {
present remote via remote interfaces
}

Another (none-nginx) process (provisioning) controls which remote components
flows to local (or is removed) via provisioning interfaces.

Look at something simple like a filesystem with replication, in it's basics
it's not a cache but more a glorified 2way rsync solution. However global
files are always local to be determined to which resource you are connecting
to, yet the filesystem doesn't need to cache much no matter how many files
it serves, which doesn't defer much from how nxing would work.

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,249997,250423#msg-250423

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Caching servers in Local ISPs !!

[shahzaib shahzaib]

@itpp22, proxy_cache is eating too much memory and cpu on local testing. 1
nginx process was using 1G of Ram and load-avg reached to 22, eventually
local server got killed.

Local server specs are : 8cores and 4G ram.

Looks like proxy_cache will not be suitable method for 3000+ concerrent
connections on local ISP caching server.
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Caching servers in Local ISPs !!

[shahzaib shahzaib]

Thanks itpp. So according to you the more preferable way is non-caching
replication of main content servers to local ISP servers and than run rsync
periodically for replication. So if file not found in local ISP nginx, it
should forward request to main content server using try_files method ?


On Tue, May 27, 2014 at 6:41 PM, itpp2012  wrote:

> Of course this will work but when nginx restarts or the cache gets
> damaged/corrupted the whole shebang starts again And you can't control
> the cached files versus try_files and a normal filesystem.
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,249997,250395#msg-250395
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx