Hi,
I refactored Robs code so it can be merged with latest nginx.
Multi certificate support works only for OpenSSL = 1.0.2.
Only certificates with different crypto algorithms (ECC/RSA/DSA) can be
used b/c of OpenSSL limitations, otherwise (RSA+SHA-256 / RSA-SHA-1 for
example) only last specified
Есть еще и другое безумное поведение. Если отключить keepalive на клиенте,
то тест вообще не завершается в разумное время. Выглядит это следующим
образом. До nginx все запросы долетают, он их отдает и записывает в лог. То
есть, скажем, при 300К входящих запросах имею 300К HTTP 200 в access log'е.
I am on nginx 1.7.10 with LibreSSL 2.1.5.
This is what I see in the error log:
2015/02/03 20:23:30 [alert] 69020#0: *16 ignoring stale global SSL error
(SSL: error:14085042:SSL routines:SSL3_CTX_CTRL:called a function you should
not call) while SSL handshaking, client: [...IP...], server:
may you just try my fix? At least, it will save me time for searching in
completely wrong place.
--- nginx-1.7.10/src/http/modules/ngx_http_ssl_module.c.orig 2015-02-10
15:33:34.0 +0100
+++ nginx-1.7.10/src/http/modules/ngx_http_ssl_module.c 2015-03-17
14:55:58.282130993 +0100
@@
Yes, it's at least strange.
The reproducing configuration is rather complex task, this newer happens in
usual browsing session (and not just in parsing config, of course). I'm
still trying to limit it to something I can publish.
Posted at Nginx Forum:
Hi,
Sorry for spamming but I'm in deep trouble.
I've accidentally overwritten /etc/nginx/site-availabe/default with some
xyz file. I'm using Ubuntu 14.04. The server is still running. Is there any
way I could recover the config file.
Note: Recovering the default file is very important for me.
@itpp thanks for suggestion but the problem is , this is the invalid way of
blocking requests belong to android and the reason is , our official
android app will be releasing soon and filtering based on this user-agent
will block valid users as well. So we need something different such as,
adding
Yes that's what I understood after few tests. I will add the expire by the
PHP script.
Thanks for all the help!
Karl
On Tue, Mar 17, 2015 at 3:07 PM, Nurahmadie Nurahmadie nurahma...@gmail.com
wrote:
On Wed, Mar 18, 2015 at 3:46 AM, Karl Johnson karljohnson...@gmail.com
wrote:
Thanks for
details: http://hg.nginx.org/nginx/rev/9653092a79fd
branches:
changeset: 6013:9653092a79fd
user: Ruslan Ermilov r...@nginx.com
date: Tue Mar 17 00:26:24 2015 +0300
description:
Overflow detection in ngx_http_range_parse().
diffstat:
src/http/modules/ngx_http_range_filter_module.c
details: http://hg.nginx.org/nginx/rev/e370c5fdf4c8
branches:
changeset: 6014:e370c5fdf4c8
user: Ruslan Ermilov r...@nginx.com
date: Tue Mar 17 00:26:27 2015 +0300
description:
Overflow detection in ngx_http_parse_chunked().
diffstat:
src/http/ngx_http_parse.c | 12
Which can all be faked (eventually), build some kind of
validation/authentication system before launching your app.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,257269,257314#msg-257314
___
nginx mailing list
nginx@nginx.org
I'd use some kind of authentication based on a user logging in before
allowing use of a service, an encrypted cookie or something along that line.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,257269,257303#msg-257303
___
nginx mailing list
Maxim Dounin Wrote:
---
If you see problems with nginx 1.7.9, consider following hints
at http://wiki.nginx.org/Debugging.
I think it will not help (at least if not did by anyone who really knows
both openssl and nginx internals).
the problem
details: http://hg.nginx.org/nginx/rev/b92d5a26d55f
branches:
changeset: 6008:b92d5a26d55f
user: Ruslan Ermilov r...@nginx.com
date: Tue Mar 17 00:24:34 2015 +0300
description:
Core: expose maximum values of time_t and ngx_int_t.
These are needed to detect overflows.
diffstat:
details: http://hg.nginx.org/nginx/rev/429a8c65f0a7
branches:
changeset: 6011:429a8c65f0a7
user: Ruslan Ermilov r...@nginx.com
date: Tue Mar 17 00:26:20 2015 +0300
description:
Core: overflow detection in ngx_parse_time() (ticket #732).
diffstat:
src/core/ngx_parse.c | 53
The OpenSSL project team would like to announce the forthcoming release
of OpenSSL versions 1.0.2a, 1.0.1m, 1.0.0r and 0.9.8zf.
These releases will be made available on 19th March. They will fix a
number of security defects. The highest severity defect fixed by these
releases is classified as
@itpp, as i sent the logs above that referer_header for android requests
are empty, maybe blocking requests based on empty referer_header will
partially resolve our issue ? Following is the config i used to block empty
referer_header but in vain.
valid_referers server_names ~.;
if
and yes, upgrade to libressl 2.1.5 didn't solve this.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,256381,257315#msg-257315
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Thanks for the reply Nurahmadie.
I changed the location to ~ ^/static/ and the rewrite works again. I've
added a expires 1w; in this location to add an expire on all images in
/static but it doesn't seem to apply, images give 200 OK and never cache.
Is it the right way to do it?
location ~
Hello,
I host a website based on Laravel with Nginx 1.6.2 + PHP-FPM 5.6. Most
images on the website are in /static folder and are served to visitors with
a PHP file (see /static location).
I want to add a 30 days expire on all images of this vhost. However, when I
add the location ~*
On Wed, Mar 18, 2015 at 3:46 AM, Karl Johnson karljohnson...@gmail.com
wrote:
Thanks for the reply Nurahmadie.
I changed the location to ~ ^/static/ and the rewrite works again. I've
added a expires 1w; in this location to add an expire on all images in
/static but it doesn't seem to apply,
I am trying to configure nginx as reverse proxy that does authentication and
websockets. It proxy-passes request
to apache (/auth/wsgi) for authentication - once that succeeds, it then proxy
passes to the websocked backend,
which is a java based websocket endpoint on tomcat 8.
location
This would be a very nice addition indeed, thanks!! I guess it needs quite
a lot of testing though, ECC certs are still not really common these days.
BTW and before some of the core devs says it patches should be sent in the
email body, not as an attachment. It is much more convenient for
2 nginx 1.4.6 web servers - ocfs cluster, web root inside mounted LUN
from SAN storage
2 MariaDB 5.5 servers - galera cluster, different network segment than
nginx web servers
nginx servers each two sockets quad core xeon, 128 gb ram
Load balanced via F5 load balancer (round-robin, http
Am 17.03.2015 um 23:32 schrieb Valentin V. Bartenev vb...@nginx.com:
On Tuesday 17 March 2015 09:49:04 alexandru.eftimie wrote:
Will there be support for http/2 for upstream connections? I can't seem to
find anything about this online ( either SPDY or HTTP/2 for upstream
connections )
On Tuesday 17 March 2015 09:49:04 alexandru.eftimie wrote:
Will there be support for http/2 for upstream connections? I can't seem to
find anything about this online ( either SPDY or HTTP/2 for upstream
connections )
The problems that SPDY (and HTTP/2) is trying to solve usually do not
exist
Hi,
Is it possible somehow to let the cache ttl (in proxy_pass caching) be
defined by the client?
Unfortunately it looks like proxy_cache_valid doesn't accept variables
as input.
Thank you in advance.
--
Posted via http://www.ruby-forum.com/.
___
On Tuesday, March 17, 2015 01:24:52 PM vinay bhargav wrote:
Hi,
Sorry for spamming but I'm in deep trouble.
I've accidentally overwritten /etc/nginx/site-availabe/default with some
xyz file. I'm using Ubuntu 14.04. The server is still running. Is there any
way I could recover the config
Styopa Semenukha schreef op 17-3-2015 om 20:35:
On Tuesday, March 17, 2015 01:24:52 PM vinay bhargav wrote:
Hi,
Sorry for spamming but I'm in deep trouble.
I've accidentally overwritten /etc/nginx/site-availabe/default with some
xyz file. I'm using Ubuntu 14.04. The server is still running.
@itpp, you're right but even if we can partially solve this problem, it'll
be sufficient for us. Well, using below method worked in our case :
location ~ \.(mp4)$ {
mp4;
root /var/www/html/conversion;
expires 1d;
valid_referers
Hello!
On Mon, Mar 16, 2015 at 06:01:05PM -0400, antodas wrote:
Hello -,
I have the similar problem.. !!
I installed testlink and running using nginx.
Sometimes.. Testlink hangs .. and I need to restart NGINX to get going.
6380#6120: *524 WSARecv() failed (10054: An existing
Maxim Dounin schreef op 17-3-2015 om 14:49:
Hello!
On Tue, Mar 17, 2015 at 09:49:04AM -0400, alexandru.eftimie wrote:
Will there be support for http/2 for upstream connections? I can't seem to
find anything about this online ( either SPDY or HTTP/2 for upstream
connections )
No, and there
Hello!
On Tue, Mar 17, 2015 at 06:25:51AM -0400, rbqdg9 wrote:
Maxim Dounin Wrote:
---
If you see problems with nginx 1.7.9, consider following hints
at http://wiki.nginx.org/Debugging.
I think it will not help (at least if not did by
Will there be support for http/2 for upstream connections? I can't seem to
find anything about this online ( either SPDY or HTTP/2 for upstream
connections )
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,256561,257321#msg-257321
___
nginx
So, the alert is harmless and can be safely ignored.
The real problem - it doesnt, it always accompanied by something like:
nginx[32624] trap invalid opcode ip:47e04d sp:7fff6971ae50 error:0 in
nginx[40+a]
(exactly one invalid opcode for each function you should not call in
nginx log)
Hello!
On Tue, Mar 17, 2015 at 09:49:04AM -0400, alexandru.eftimie wrote:
Will there be support for http/2 for upstream connections? I can't seem to
find anything about this online ( either SPDY or HTTP/2 for upstream
connections )
No, and there are no plans.
--
Maxim Dounin
Коллеги, привет!
Пытаюсь тестировать различные инстансы EC2 с nginx. Установка простейшая,
Amazon Linux, nginx/1.6.2 + php-fpm 5.4. Встретился с проблемой, которую
никак не могу понять как побороть. В качестве инструмента для тестирования
– ab, weighttp, httpress, неважно, поведение идентично.
Hello!
On Tue, Mar 17, 2015 at 10:11:48AM -0400, rbqdg9 wrote:
So, the alert is harmless and can be safely ignored.
The real problem - it doesnt, it always accompanied by something like:
nginx[32624] trap invalid opcode ip:47e04d sp:7fff6971ae50 error:0 in
nginx[40+a]
(exactly one
Hello!
On Tue, Mar 17, 2015 at 03:01:09PM +0100, Daniël Mostertman wrote:
Maxim Dounin schreef op 17-3-2015 om 14:49:
Hello!
On Tue, Mar 17, 2015 at 09:49:04AM -0400, alexandru.eftimie wrote:
Will there be support for http/2 for upstream connections? I can't seem to
find anything about
I am trying to log the incomming HTTP Request with the below given
log_fromat. It is logging only '-'. could you please help what I am doing
wrong.
Thanks in advance.
nginx.conf
http {
include mime.types;
default_type application/octet-stream;
log_format postdata
Hello!
Yesterday we launched the 2015 NGINX User Survey. [1]
This survey gives us the opportunity to better understand your perspective on
NGINX today and what might make us even more valuable for you in the future.
The insights you share will be used to help plan the NGINX roadmap and
Изменения в nginx 1.7.8,
02.12.2014:
*) Изменение: теперь строки If-Modified-Since, If-Range и им
подобные в заголовке запроса клиента передаются бэкенду при
включённом кэшировании, если nginx заранее знает, что не будет
кэшировать ответ (например, при
hi,
can it be used as reverse proxy for any protocol or is it limited to
http(s) and smtp?
I'm trying to setup a reverse proxy for SNMP for the purpose opening
remote SNMP access and using the proxy for whitelisting IPs etc.
is that possible?
TIA
Igal
Will try it.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,256381,257339#msg-257339
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
The *feeling* that the problem is related to SNI is getting stronger.
This is the error log when running ssllabs.com on the server:
== stderr.log ==
2015/03/17 17:12:45 [crit] 40733#0: *925 SSL_do_handshake() failed (SSL:
error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early) while
nginx has no support for SNMP
You should be able to whitelist IP's using whatever SNMP daemon you are
using.
On 17/03/15 16:16, Igal @ Lucee.org wrote:
hi,
can it be used as reverse proxy for any protocol or is it limited to
http(s) and smtp?
I'm trying to setup a reverse proxy for SNMP
nginx has no support for SNMP
You should be able to whitelist IP's using whatever SNMP daemon you are
using.
On 17/03/15 16:16, Igal @ Lucee.org wrote:
hi,
can it be used as reverse proxy for any protocol or is it limited to
http(s) and smtp?
I'm trying to setup a reverse proxy for SNMP
fix applied.
This is what I see when running ssllabs again:
2015/03/17 18:08:33 [crit] 14508#0: *478 SSL_do_handshake() failed (SSL:
error:14094085:SSL routines:SSL3_READ_BYTES:ccs received early) while SSL
handshaking, client: 64.41.200.104, server: 0.0.0.0:443
2015/03/17 18:08:34 [crit]
48 matches
Mail list logo
