[nginx] Upstream: suppressed the file cache slab allocator error...
details: http://hg.nginx.org/nginx/rev/063f7e75f9ef branches: changeset: 5822:063f7e75f9ef user: Roman Arutyunyan a...@nginx.com date: Fri Sep 05 18:14:59 2014 +0400 description: Upstream: suppressed the file cache slab allocator error messages. The messages ngx_slab_alloc() failed: no memory in cache keys zone from the file cache slab allocator are suppressed since the allocation is likely to succeed after the forced expiration of cache nodes. The second allocation failure is reported. diffstat: src/http/ngx_http_file_cache.c | 4 1 files changed, 4 insertions(+), 0 deletions(-) diffs (21 lines): diff -r 3f5f0ab59b35 -r 063f7e75f9ef src/http/ngx_http_file_cache.c --- a/src/http/ngx_http_file_cache.cMon Sep 01 18:20:18 2014 +0400 +++ b/src/http/ngx_http_file_cache.cFri Sep 05 18:14:59 2014 +0400 @@ -145,6 +145,8 @@ ngx_http_file_cache_init(ngx_shm_zone_t ngx_sprintf(cache-shpool-log_ctx, in cache keys zone \%V\%Z, shm_zone-shm.name); +cache-shpool-log_nomem = 0; + return NGX_OK; } @@ -698,6 +700,8 @@ ngx_http_file_cache_exists(ngx_http_file fcn = ngx_slab_calloc_locked(cache-shpool, sizeof(ngx_http_file_cache_node_t)); if (fcn == NULL) { +ngx_log_error(NGX_LOG_ALERT, ngx_cycle-log, 0, + could not allocate node%s, cache-shpool-log_ctx); rc = NGX_ERROR; goto failed; } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 1 of 2] clear err when ngx_regex_compile has allocation failure
Hello! On Sun, Aug 17, 2014 at 11:00:29PM +0300, Markus Linnala wrote: # HG changeset patch # User Markus Linnala markus.linn...@cybercom.com # Date 1408303316 -10800 # Sun Aug 17 22:21:56 2014 +0300 # Node ID d350d288cffef0e6395ae1f412842c3b55bc8d42 # Parent 0719145489f842b14765506f8856798c2203e3cc clear err when ngx_regex_compile has allocation failure diff -r 0719145489f8 -r d350d288cffe src/core/ngx_regex.c --- a/src/core/ngx_regex.cSun Aug 17 21:59:38 2014 +0300 +++ b/src/core/ngx_regex.cSun Aug 17 22:21:56 2014 +0300 @@ -149,6 +149,7 @@ rc-regex = ngx_pcalloc(rc-pool, sizeof(ngx_regex_t)); if (rc-regex == NULL) { +rc-err.len = 0; return NGX_ERROR; } @@ -159,6 +160,7 @@ if (ngx_pcre_studies != NULL) { elt = ngx_list_push(ngx_pcre_studies); if (elt == NULL) { +rc-err.len = 0; return NGX_ERROR; } This doesn't looks good, as it will result in empty errors being logged in such cases. Something like this should be more user-friendly (and it also fixes another long-standing bug): # HG changeset patch # User Maxim Dounin mdou...@mdounin.ru # Date 1409938779 -14400 # Fri Sep 05 21:39:39 2014 +0400 # Node ID f43551f64d028de939332ab9b66c3620b4259e08 # Parent 063f7e75f9efd56f3aaa3d9c24c98ed3f42348ea Core: ngx_regex_compile() error handling fixes. Now we actually return NGX_ERROR on errors, and provide an error string for memory allocation errors. Reported by Markus Linnala. diff --git a/src/core/ngx_regex.c b/src/core/ngx_regex.c --- a/src/core/ngx_regex.c +++ b/src/core/ngx_regex.c @@ -149,7 +149,8 @@ ngx_regex_compile(ngx_regex_compile_t *r rc-regex = ngx_pcalloc(rc-pool, sizeof(ngx_regex_t)); if (rc-regex == NULL) { -return NGX_ERROR; +p = regex \%V\ compilation failed: no memory; +goto failed; } rc-regex-code = re; @@ -159,7 +160,8 @@ ngx_regex_compile(ngx_regex_compile_t *r if (ngx_pcre_studies != NULL) { elt = ngx_list_push(ngx_pcre_studies); if (elt == NULL) { -return NGX_ERROR; +p = regex \%V\ compilation failed: no memory; +goto failed; } elt-regex = rc-regex; @@ -204,7 +206,7 @@ failed: rc-err.len = ngx_snprintf(rc-err.data, rc-err.len, p, rc-pattern, n) - rc-err.data; -return NGX_OK; +return NGX_ERROR; } -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 2 of 2] fix ETag allocation failure
Hello! On Sun, Aug 17, 2014 at 11:00:30PM +0300, Markus Linnala wrote: # HG changeset patch # User Markus Linnala markus.linn...@cybercom.com # Date 1408305457 -10800 # Sun Aug 17 22:57:37 2014 +0300 # Node ID 6af8cc12f3c933eed752e9ca61622d27a909ca00 # Parent d350d288cffef0e6395ae1f412842c3b55bc8d42 fix ETag allocation failure diff -r d350d288cffe -r 6af8cc12f3c9 src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c Sun Aug 17 22:21:56 2014 +0300 +++ b/src/http/ngx_http_core_module.c Sun Aug 17 22:57:37 2014 +0300 @@ -1832,14 +1832,15 @@ return NGX_ERROR; } +etag-value.data = ngx_pnalloc(r-pool, NGX_OFF_T_LEN + NGX_TIME_T_LEN + 3); +if (etag-value.data == NULL) { +etag-hash = 0; +return NGX_ERROR; +} + etag-hash = 1; ngx_str_set(etag-key, ETag); -etag-value.data = ngx_pnalloc(r-pool, NGX_OFF_T_LEN + NGX_TIME_T_LEN + 3); -if (etag-value.data == NULL) { -return NGX_ERROR; -} - I don't think that moving the allocation make sense as anyway etag-hash has to be explicitly set in the error path. Something like this should be better: # HG changeset patch # User Maxim Dounin mdou...@mdounin.ru # Date 140994 -14400 # Fri Sep 05 22:18:31 2014 +0400 # Node ID a80ee1f90b2b2c6cdee4e9b0ba2e0d48cad0f011 # Parent f43551f64d028de939332ab9b66c3620b4259e08 Fixed ETag memory allocation error handling. The etag-hash must be set to 0 to avoid an empty ETag header being returned with the 500 Internal Error page after the memory allocation failure. Reported by Markus Linnala. diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c --- a/src/http/ngx_http_core_module.c +++ b/src/http/ngx_http_core_module.c @@ -1837,6 +1837,7 @@ ngx_http_set_etag(ngx_http_request_t *r) etag-value.data = ngx_pnalloc(r-pool, NGX_OFF_T_LEN + NGX_TIME_T_LEN + 3); if (etag-value.data == NULL) { +etag-hash = 0; return NGX_ERROR; } -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] SSL: guard use of all SSL options for bug workarounds
Hello! On Wed, Sep 03, 2014 at 02:53:23PM -0700, Piotr Sikora wrote: # HG changeset patch # User Piotr Sikora pi...@cloudflare.com # Date 1409780995 25200 # Wed Sep 03 14:49:55 2014 -0700 # Node ID 9c59138cd7030a88a761856f849c581924ca1a3b # Parent 3f5f0ab59b359064db16e1aa52dfca335720dff6 SSL: guard use of all SSL options for bug workarounds. Some of the OpenSSL forks (read: BoringSSL) started removing unused, no longer necessary and/or not really working bug workarounds along with the SSL options and defines for them. Instead of fixing nginx build after each removal, be proactive and guard use of all SSL options for bug workarounds. After looking into http://trac.nginx.org/nginx/ticket/618, I'm rather sceptical about BoringSSL-related fixes. On the other hand, if they indeed remove something we use, it may be a good enough reason to reconsider the use of the flags removed. -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[emerg] duplicate listen options for X.X.X.X:80 in /usr/local/etc/nginx/nginx.conf:9
Добрый день! если делаю вот так server { listen X.X.X.X:80 accept_filter=httpready; server_name 1.local; } server { listen X.X.X.X:80 accept_filter=httpready; server_name 2.local; } то получаю ошибку. также есть забавные ситуации (spdy будет включен в обоих случаях) server { listen X.X.X.X:443 ssl spdy; server_name 1.local; } server { listen X.X.X.X:443 ssl; server_name 2.local; } и (accept_filter будет применяться в обоих случаях) server { listen X.X.X.X:80 accept_filter=httpready; server_name 1.local; } server { listen X.X.X.X:80; server_name 2.local; } есть предложение что-нибудь с этим сделать. Илья Шипицин ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: [emerg] duplicate listen options for X.X.X.X:80 in /usr/local/etc/nginx/nginx.conf:9
Today Sep 5, 2014 at 12:19 Илья Шипицин wrote: если делаю вот так server { listen X.X.X.X:80 accept_filter=httpready; server_name 1.local; } server { listen X.X.X.X:80 accept_filter=httpready; server_name 2.local; } то получаю ошибку. http://nginx.org/r/listen/ru : В директиве listen можно также указать несколько дополнительных параметров, специфичных для связанных с сокетами системных вызовов. Эти параметры можно задать в любой директиве listen, но только один раз для указанной пары адрес:порт. также есть забавные ситуации (spdy будет включен в обоих случаях) server { listen X.X.X.X:443 ssl spdy; server_name 1.local; } server { listen X.X.X.X:443 ssl; server_name 2.local; } Это свойства сокета, а не виртуального сервера. -- WNGS-RIPE ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: [emerg] duplicate listen options for X.X.X.X:80 in /usr/local/etc/nginx/nginx.conf:9
если я 2 раза (или 1 раз) укажу spdy - работать будет всегда в двух случаях и ошибки конфигурации не будет. кажется, что с фильтрами подобная логика была бы уместна. ну и, раз уж оно все равно работает во всех случаях, вероятно, имеет смысл выдавать warning, если указано не во всех (вдруг кто-то будет полагать, что в одном месте у него spdy, а в другом нет). 5 сентября 2014 г., 13:07 пользователь Oleksandr V. Typlyns'kyi wangs...@gmail.com написал: Today Sep 5, 2014 at 12:19 Илья Шипицин wrote: если делаю вот так server { listen X.X.X.X:80 accept_filter=httpready; server_name 1.local; } server { listen X.X.X.X:80 accept_filter=httpready; server_name 2.local; } то получаю ошибку. http://nginx.org/r/listen/ru : В директиве listen можно также указать несколько дополнительных параметров, специфичных для связанных с сокетами системных вызовов. Эти параметры можно задать в любой директиве listen, но только один раз для указанной пары адрес:порт. также есть забавные ситуации (spdy будет включен в обоих случаях) server { listen X.X.X.X:443 ssl spdy; server_name 1.local; } server { listen X.X.X.X:443 ssl; server_name 2.local; } Это свойства сокета, а не виртуального сервера. -- WNGS-RIPE ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
400 Bad Request при http:// в Host
Версия nginx: 1.6.1 При запросе вида GET http://somesite.ru/ HTTP/1.1 Host: http://somesite nginx отвечает вышеуказанной ошибкой (400 Bad Request) Строки в поле Host с любым мусором успешно игнорируются веб-сервером, но вот имя сайта с указанием протокола приводит к ошибке. В описании протокола есть пункт (5.2), который сообщает If Request-URI is an absoluteURI, the host is part of the Request-URI. Any Host header field value in the request MUST be ignored. Т.е. любое содержимое заголовка Host должно быть проигнорировано... На старом сервере древняя 0.6.30 спокойно воспринимает такой заголовок. Есть какая-либо возможность настроить nginx так, чтобы он не выдавал ошибку 400? Posted at Nginx Forum: http://forum.nginx.org/read.php?21,253091,253091#msg-253091 ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: 400 Bad Request при http:// в Host
On Friday 05 September 2014 05:59:08 kilgur wrote: Версия nginx: 1.6.1 При запросе вида GET http://somesite.ru/ HTTP/1.1 Host: http://somesite nginx отвечает вышеуказанной ошибкой (400 Bad Request) Строки в поле Host с любым мусором успешно игнорируются веб-сервером, но вот имя сайта с указанием протокола приводит к ошибке. В описании протокола есть пункт (5.2), который сообщает If Request-URI is an absoluteURI, the host is part of the Request-URI. Any Host header field value in the request MUST be ignored. Т.е. любое содержимое заголовка Host должно быть проигнорировано... Вы цитируете устаревший RFC, да ещё часть про роутинг, а не про корректность. На самом деле: http://tools.ietf.org/html/rfc7230#section-5.4 A server MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message that lacks a Host header field and to any request message that contains more than one Host header field or a Host header field with an invalid field-value. На старом сервере древняя 0.6.30 спокойно воспринимает такой заголовок. Есть какая-либо возможность настроить nginx так, чтобы он не выдавал ошибку 400? Нет. -- Валентин Бартенев ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: 400 Bad Request при http:// в Host
Валентин Бартенев Wrote: --- Вы цитируете устаревший RFC, да ещё часть про роутинг, а не про корректность. На самом деле: http://tools.ietf.org/html/rfc7230#section-5.4 A server MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message that lacks a Host header field and to any request message that contains more than one Host header field or a Host header field with an invalid field-value. А если у меня nginx является фронтэндом к локальному апачу, он считается прокси? :) When a proxy receives a request with an absolute-form of request-target, the proxy MUST ignore the received Host header field (if any) and instead replace it with the host information of the request-target. A proxy that forwards such a request MUST generate a new Host field-value based on the received request-target rather than forward the received Host field-value. Есть какая-либо возможность настроить nginx так, чтобы он не выдавал ошибку 400? Нет. Очень негибко... Я уже собрал nginx с поддержкой lua - проверить, передает ли nginx заголовки в header_filter_by_lua ДО отказа клиенту... ан нет, не вышло... Остается только исходники nginx'а править? Posted at Nginx Forum: http://forum.nginx.org/read.php?21,253091,253094#msg-253094 ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: 400 Bad Request при http:// в Host
On Friday 05 September 2014 07:53:52 kilgur wrote: Валентин Бартенев Wrote: --- Вы цитируете устаревший RFC, да ещё часть про роутинг, а не про корректность. На самом деле: http://tools.ietf.org/html/rfc7230#section-5.4 A server MUST respond with a 400 (Bad Request) status code to any HTTP/1.1 request message that lacks a Host header field and to any request message that contains more than one Host header field or a Host header field with an invalid field-value. А если у меня nginx является фронтэндом к локальному апачу, он считается прокси? :) Не считается. Что такое proxy четко определено в том же RFC. A proxy is a message-forwarding agent that is selected by the client, usually via local configuration rules, to receive requests for some type(s) of absolute URI and attempt to satisfy those requests via translation through the HTTP interface. Под прокси в данном случае понимается исключительно forward proxy, который прописывается на клиенте. Nginx не предназначен, и никогда не был, для использования в качестве forward proxy. When a proxy receives a request with an absolute-form of request-target, the proxy MUST ignore the received Host header field (if any) and instead replace it with the host information of the request-target. A proxy that forwards such a request MUST generate a new Host field-value based on the received request-target rather than forward the received Host field-value. Это относится к роутингу. Ignore тут касается роутинга запроса, а не его валидности. Всё это не отменяет того, что значение в заголовке должно быть при этом валидно с точки зрения заголовка. Есть какая-либо возможность настроить nginx так, чтобы он не выдавал ошибку 400? Нет. Очень негибко... Я уже собрал nginx с поддержкой lua - проверить, передает ли nginx заголовки в header_filter_by_lua ДО отказа клиенту... ан нет, не вышло... Остается только исходники nginx'а править? Правьте исходники клиента. Это будет значительно полезнее, а также не приведет к возможным проблемам с безопасностью. Фильтрация / в первую очередь необходима для того, чтобы через Host злоумышленник не имел возможности пробрасывать пути к файлам и директориям. -- Валентин Бартенев ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
nginx несколько IP
Здравствуйте Есть сервер с двумя IP с одним сетевым интерфейсом.. IP прописан альясом nginx слушает на стандартном порту по дополнительному IP, а отвечает с основного Как настроить nginx, чтобы он отвечал с того же IP, на который приходит запрос? Спасибо. Posted at Nginx Forum: http://forum.nginx.org/read.php?21,253107,253107#msg-253107 ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
NGINX SSL passthrough without certificate
We currently have a backend server that listens for SSL requests, and (using SNI) chooses to pass them on to the correct place, or alternatively will serve the requested HTTPS. Our current configuration is slow (not painfully, just slower than we'd like), and we figured having NGINX do some of the work would speed things up. Can NGINX pass through some HTTPS requests (by domain) without modifying anything (by checking SNI in the initial packet)? Most (all?) websites indicate that I should decode and encode the traffic (which is not be possible because of cases such as https://google.com/). So ultimately, what would be ideal for us is: 1. NGINX sits on network boundary, listening for SSL/TLS connections 2. When a new connection comes in, NGINX decides to pass on the TLS connection without touching it OR serve it as a regular HTTPS website (OR depends on domain) Lastly, is there any current way to achieve X-FORWARDED-FOR with HTTPS? I understand it can't go into the actual HTTPS request, but figured it could be sent BEFORE the HTTPS decode packet. (the receiving end would have to understand this also) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,253088,253088#msg-253088 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
RE: NGINX SSL passthrough without certificate
Hi, We currently have a backend server that listens for SSL requests, and (using SNI) chooses to pass them on to the correct place, or alternatively will serve the requested HTTPS. Our current configuration is slow (not painfully, just slower than we'd like), and we figured having NGINX do some of the work would speed things up. Can NGINX pass through some HTTPS requests (by domain) without modifying anything (by checking SNI in the initial packet)? Most (all?) websites indicate that I should decode and encode the traffic (which is not be possible because of cases such as https://google.com/). So ultimately, what would be ideal for us is: 1. NGINX sits on network boundary, listening for SSL/TLS connections 2. When a new connection comes in, NGINX decides to pass on the TLS connection without touching it OR serve it as a regular HTTPS website (OR depends on domain) Lastly, is there any current way to achieve X-FORWARDED-FOR with HTTPS? I understand it can't go into the actual HTTPS request, but figured it could be sent BEFORE the HTTPS decode packet. (the receiving end would have to understand this also) For all those things, haproxy is way more adequate. Regards, Lukas ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: RE: NGINX SSL passthrough without certificate
Hi Lukas, While HAProxy is able to do some of those things (not sure about X-FORWARDED-FOR workarounds?), I'd still prefer to use NGINX where possible (for other reasons, such as PageSpeed support, etc) Is NGINX able to do any of the things mentioned in the question? Specifically, can it sort by SNI hostname without becoming an SSL endpoint? If not, is there a reason why? (has it been decided by the community that it's not a good idea, or it just hasn't been developed?) I've seen a few similar questions around, but no definitive answer. Thanks, OzJD Posted at Nginx Forum: http://forum.nginx.org/read.php?2,253088,253090#msg-253090 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
RE: NGINX SSL passthrough without certificate
Hi, Hi Lukas, While HAProxy is able to do some of those things (not sure about X-FORWARDED-FOR workarounds?) Yes, haproxy supports and pushes the PROXY protocol for this exact reason. I'd still prefer to use NGINX where possible (for other reasons, such as PageSpeed support, etc) Well, you can't use PageSpeed if you forward SSL encrypted TCP traffic, can you? Perhaps you need a combination between the two? For example, SNI based routing on a first (HAProxy) layer, passing the SSL encrypted traffic either to nginx, for decryption/pagepspeed, etc or directly to a backend (based on SNI). Is NGINX able to do any of the things mentioned in the question? I don't think so, mainly because nginx' focus is http/https, not TCP forwarding. Regards, Lukas ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: RE: NGINX SSL passthrough without certificate
Lukas, I think you're right. The combination of three may be optimal at this time. I'll see what I come up with - I hadn't heard of the PROXY protocol before (was thinking of something similar though). That's made my life plenty easier! Thanks mate :-) Posted at Nginx Forum: http://forum.nginx.org/read.php?2,253088,253095#msg-253095 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
urgent need help ,ssl error ;
Hi Team, I am facing a issue regarding the ssl in nginx , find below the error logs : 2014/09/05 19:23:36 [emerg] 18774#0: SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib) 2014/09/05 19:23:36 [emerg] 18775#0: SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib) 2014/09/05 19:26:51 [emerg] 18977#0: SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib) 2014/09/05 19:26:51 [emerg] 18978#0: SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib) had donethe google but can't resolve, only you guies can help me, its very urgent. Thank Regards Vijay kr vk1dadh...@gmail.com Posted at Nginx Forum: http://forum.nginx.org/read.php?2,253088,253098#msg-253098 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: urgent need help ,ssl error ;
One most imporatant thing, we site working with https from 2 months but after configuer the sftp with openssl , it created the problem. i did the old settings of sshd_config, as it is as its worked, but still facing the issue. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,253088,253099#msg-253099 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: urgent need help ,ssl error ;
Seems like /etc/nginx/ssl/server.crt content is not correct (no start line error), maybe a bad copy paste? Melhores Cumprimentos // Best Regards --- *Miguel Clara* *IT - Sys Admin Developer* *E-mail:*miguelmcl...@gmail.com www.linkedin.com/in/miguelmclara/ On Fri, Sep 5, 2014 at 3:11 PM, vk1dadhich nginx-fo...@nginx.us wrote: Hi Team, I am facing a issue regarding the ssl in nginx , find below the error logs : 2014/09/05 19:23:36 [emerg] 18774#0: SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib) 2014/09/05 19:23:36 [emerg] 18775#0: SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib) 2014/09/05 19:26:51 [emerg] 18977#0: SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib) 2014/09/05 19:26:51 [emerg] 18978#0: SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL routines:SSL_CTX_use_PrivateKey_file:PEM lib) had donethe google but can't resolve, only you guies can help me, its very urgent. Thank Regards Vijay kr vk1dadh...@gmail.com Posted at Nginx Forum: http://forum.nginx.org/read.php?2,253088,253098#msg-253098 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx mail proxy - dovecot ssl backend
Thanks! I setup stunnel in the interim, but this will be more efficient. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,219069,253106#msg-253106 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx