[nginx] Upstream: suppressed the file cache slab allocator error...

2014-09-05 Thread Roman Arutyunyan 
details:   http://hg.nginx.org/nginx/rev/063f7e75f9ef
branches:  
changeset: 5822:063f7e75f9ef
user:  Roman Arutyunyan a...@nginx.com
date:  Fri Sep 05 18:14:59 2014 +0400
description:
Upstream: suppressed the file cache slab allocator error messages.

The messages ngx_slab_alloc() failed: no memory in cache keys zone
from the file cache slab allocator are suppressed since the allocation
is likely to succeed after the forced expiration of cache nodes.
The second allocation failure is reported.

diffstat:

 src/http/ngx_http_file_cache.c |  4 
 1 files changed, 4 insertions(+), 0 deletions(-)

diffs (21 lines):

diff -r 3f5f0ab59b35 -r 063f7e75f9ef src/http/ngx_http_file_cache.c
--- a/src/http/ngx_http_file_cache.cMon Sep 01 18:20:18 2014 +0400
+++ b/src/http/ngx_http_file_cache.cFri Sep 05 18:14:59 2014 +0400
@@ -145,6 +145,8 @@ ngx_http_file_cache_init(ngx_shm_zone_t 
 ngx_sprintf(cache-shpool-log_ctx,  in cache keys zone \%V\%Z,
 shm_zone-shm.name);
 
+cache-shpool-log_nomem = 0;
+
 return NGX_OK;
 }
 
@@ -698,6 +700,8 @@ ngx_http_file_cache_exists(ngx_http_file
 fcn = ngx_slab_calloc_locked(cache-shpool,
  sizeof(ngx_http_file_cache_node_t));
 if (fcn == NULL) {
+ngx_log_error(NGX_LOG_ALERT, ngx_cycle-log, 0,
+  could not allocate node%s, cache-shpool-log_ctx);
 rc = NGX_ERROR;
 goto failed;
 }

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: [PATCH 1 of 2] clear err when ngx_regex_compile has allocation failure

2014-09-05 Thread Maxim Dounin 
Hello!

On Sun, Aug 17, 2014 at 11:00:29PM +0300, Markus Linnala wrote:

 # HG changeset patch
 # User Markus Linnala markus.linn...@cybercom.com
 # Date 1408303316 -10800
 #  Sun Aug 17 22:21:56 2014 +0300
 # Node ID d350d288cffef0e6395ae1f412842c3b55bc8d42
 # Parent  0719145489f842b14765506f8856798c2203e3cc
 clear err when ngx_regex_compile has allocation failure
 
 diff -r 0719145489f8 -r d350d288cffe src/core/ngx_regex.c
 --- a/src/core/ngx_regex.cSun Aug 17 21:59:38 2014 +0300
 +++ b/src/core/ngx_regex.cSun Aug 17 22:21:56 2014 +0300
 @@ -149,6 +149,7 @@
  
  rc-regex = ngx_pcalloc(rc-pool, sizeof(ngx_regex_t));
  if (rc-regex == NULL) {
 +rc-err.len = 0;
  return NGX_ERROR;
  }
  
 @@ -159,6 +160,7 @@
  if (ngx_pcre_studies != NULL) {
  elt = ngx_list_push(ngx_pcre_studies);
  if (elt == NULL) {
 +rc-err.len = 0;
  return NGX_ERROR;
  }

This doesn't looks good, as it will result in empty errors being 
logged in such cases.

Something like this should be more user-friendly (and it also 
fixes another long-standing bug):

# HG changeset patch
# User Maxim Dounin mdou...@mdounin.ru
# Date 1409938779 -14400
#  Fri Sep 05 21:39:39 2014 +0400
# Node ID f43551f64d028de939332ab9b66c3620b4259e08
# Parent  063f7e75f9efd56f3aaa3d9c24c98ed3f42348ea
Core: ngx_regex_compile() error handling fixes.

Now we actually return NGX_ERROR on errors, and provide an error
string for memory allocation errors.

Reported by Markus Linnala.

diff --git a/src/core/ngx_regex.c b/src/core/ngx_regex.c
--- a/src/core/ngx_regex.c
+++ b/src/core/ngx_regex.c
@@ -149,7 +149,8 @@ ngx_regex_compile(ngx_regex_compile_t *r
 
 rc-regex = ngx_pcalloc(rc-pool, sizeof(ngx_regex_t));
 if (rc-regex == NULL) {
-return NGX_ERROR;
+p = regex \%V\ compilation failed: no memory;
+goto failed;
 }
 
 rc-regex-code = re;
@@ -159,7 +160,8 @@ ngx_regex_compile(ngx_regex_compile_t *r
 if (ngx_pcre_studies != NULL) {
 elt = ngx_list_push(ngx_pcre_studies);
 if (elt == NULL) {
-return NGX_ERROR;
+p = regex \%V\ compilation failed: no memory;
+goto failed;
 }
 
 elt-regex = rc-regex;
@@ -204,7 +206,7 @@ failed:
 
 rc-err.len = ngx_snprintf(rc-err.data, rc-err.len, p, rc-pattern, n)
   - rc-err.data;
-return NGX_OK;
+return NGX_ERROR;
 }
 
 

-- 
Maxim Dounin
http://nginx.org/

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: [PATCH 2 of 2] fix ETag allocation failure

2014-09-05 Thread Maxim Dounin 
Hello!

On Sun, Aug 17, 2014 at 11:00:30PM +0300, Markus Linnala wrote:

 # HG changeset patch
 # User Markus Linnala markus.linn...@cybercom.com
 # Date 1408305457 -10800
 #  Sun Aug 17 22:57:37 2014 +0300
 # Node ID 6af8cc12f3c933eed752e9ca61622d27a909ca00
 # Parent  d350d288cffef0e6395ae1f412842c3b55bc8d42
 fix ETag allocation failure
 
 diff -r d350d288cffe -r 6af8cc12f3c9 src/http/ngx_http_core_module.c
 --- a/src/http/ngx_http_core_module.c Sun Aug 17 22:21:56 2014 +0300
 +++ b/src/http/ngx_http_core_module.c Sun Aug 17 22:57:37 2014 +0300
 @@ -1832,14 +1832,15 @@
  return NGX_ERROR;
  }
  
 +etag-value.data = ngx_pnalloc(r-pool, NGX_OFF_T_LEN + NGX_TIME_T_LEN + 
 3);
 +if (etag-value.data == NULL) {
 +etag-hash = 0;
 +return NGX_ERROR;
 +}
 +
  etag-hash = 1;
  ngx_str_set(etag-key, ETag);
  
 -etag-value.data = ngx_pnalloc(r-pool, NGX_OFF_T_LEN + NGX_TIME_T_LEN + 
 3);
 -if (etag-value.data == NULL) {
 -return NGX_ERROR;
 -}
 -

I don't think that moving the allocation make sense as anyway 
etag-hash has to be explicitly set in the error path.  Something 
like this should be better:

# HG changeset patch
# User Maxim Dounin mdou...@mdounin.ru
# Date 140994 -14400
#  Fri Sep 05 22:18:31 2014 +0400
# Node ID a80ee1f90b2b2c6cdee4e9b0ba2e0d48cad0f011
# Parent  f43551f64d028de939332ab9b66c3620b4259e08
Fixed ETag memory allocation error handling.

The etag-hash must be set to 0 to avoid an empty ETag header being
returned with the 500 Internal Error page after the memory allocation
failure.

Reported by Markus Linnala.

diff --git a/src/http/ngx_http_core_module.c b/src/http/ngx_http_core_module.c
--- a/src/http/ngx_http_core_module.c
+++ b/src/http/ngx_http_core_module.c
@@ -1837,6 +1837,7 @@ ngx_http_set_etag(ngx_http_request_t *r)
 
 etag-value.data = ngx_pnalloc(r-pool, NGX_OFF_T_LEN + NGX_TIME_T_LEN + 
3);
 if (etag-value.data == NULL) {
+etag-hash = 0;
 return NGX_ERROR;
 }
 

-- 
Maxim Dounin
http://nginx.org/

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: [PATCH] SSL: guard use of all SSL options for bug workarounds

2014-09-05 Thread Maxim Dounin 
Hello!

On Wed, Sep 03, 2014 at 02:53:23PM -0700, Piotr Sikora wrote:

 # HG changeset patch
 # User Piotr Sikora pi...@cloudflare.com
 # Date 1409780995 25200
 #  Wed Sep 03 14:49:55 2014 -0700
 # Node ID 9c59138cd7030a88a761856f849c581924ca1a3b
 # Parent  3f5f0ab59b359064db16e1aa52dfca335720dff6
 SSL: guard use of all SSL options for bug workarounds.
 
 Some of the OpenSSL forks (read: BoringSSL) started removing unused,
 no longer necessary and/or not really working bug workarounds along
 with the SSL options and defines for them.
 
 Instead of fixing nginx build after each removal, be proactive
 and guard use of all SSL options for bug workarounds.

After looking into http://trac.nginx.org/nginx/ticket/618, 
I'm rather sceptical about BoringSSL-related fixes.

On the other hand, if they indeed remove something we use, it may 
be a good enough reason to reconsider the use of the flags 
removed.

-- 
Maxim Dounin
http://nginx.org/

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[emerg] duplicate listen options for X.X.X.X:80 in /usr/local/etc/nginx/nginx.conf:9

2014-09-05 Thread Илья Шипицин 
Добрый день!

если делаю вот так

server {
listen   X.X.X.X:80 accept_filter=httpready;
server_name 1.local;

}

server {
listen   X.X.X.X:80 accept_filter=httpready;
server_name 2.local;

}

то получаю ошибку.

также есть забавные ситуации


(spdy будет включен в обоих случаях)

server {
listen   X.X.X.X:443 ssl spdy;
server_name 1.local;

}

server {
listen   X.X.X.X:443 ssl;
server_name 2.local;

}

и (accept_filter будет применяться в обоих случаях)


server {
listen   X.X.X.X:80 accept_filter=httpready;
server_name 1.local;

}

server {
listen   X.X.X.X:80;
server_name 2.local;

}


есть предложение что-нибудь с этим сделать.


Илья Шипицин
___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: [emerg] duplicate listen options for X.X.X.X:80 in /usr/local/etc/nginx/nginx.conf:9

2014-09-05 Thread Oleksandr V. Typlyns'kyi 
Today Sep 5, 2014 at 12:19 Илья Шипицин wrote:

 если делаю вот так
 
 server {
 listen   X.X.X.X:80 accept_filter=httpready;
 server_name 1.local;
 }
 
 server {
 listen   X.X.X.X:80 accept_filter=httpready;
 server_name 2.local;
 }
 
 то получаю ошибку.

http://nginx.org/r/listen/ru :
В директиве listen можно также указать несколько дополнительных 
параметров, специфичных для связанных с сокетами системных вызовов. Эти 
параметры можно задать в любой директиве listen, но только один раз для 
указанной пары адрес:порт.

 также есть забавные ситуации
 
 (spdy будет включен в обоих случаях)
 
 server {
 listen   X.X.X.X:443 ssl spdy;
 server_name 1.local;
 }
 
 server {
 listen   X.X.X.X:443 ssl;
 server_name 2.local;
 }

Это свойства сокета, а не виртуального сервера.

-- 
WNGS-RIPE

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: [emerg] duplicate listen options for X.X.X.X:80 in /usr/local/etc/nginx/nginx.conf:9

2014-09-05 Thread Илья Шипицин 
если я 2 раза (или 1 раз) укажу spdy - работать будет всегда в двух
случаях и ошибки конфигурации не будет.
кажется, что с фильтрами подобная логика была бы уместна.


ну и, раз уж оно все равно работает во всех случаях, вероятно, имеет
смысл выдавать warning, если указано не во всех (вдруг кто-то будет
полагать, что в одном месте у него spdy, а в другом нет).

5 сентября 2014 г., 13:07 пользователь Oleksandr V. Typlyns'kyi
wangs...@gmail.com написал:
 Today Sep 5, 2014 at 12:19 Илья Шипицин wrote:

 если делаю вот так

 server {
 listen   X.X.X.X:80 accept_filter=httpready;
 server_name 1.local;
 }

 server {
 listen   X.X.X.X:80 accept_filter=httpready;
 server_name 2.local;
 }

 то получаю ошибку.

 http://nginx.org/r/listen/ru :
 В директиве listen можно также указать несколько дополнительных
 параметров, специфичных для связанных с сокетами системных вызовов. Эти
 параметры можно задать в любой директиве listen, но только один раз для
 указанной пары адрес:порт.

 также есть забавные ситуации

 (spdy будет включен в обоих случаях)

 server {
 listen   X.X.X.X:443 ssl spdy;
 server_name 1.local;
 }

 server {
 listen   X.X.X.X:443 ssl;
 server_name 2.local;
 }

 Это свойства сокета, а не виртуального сервера.

 --
 WNGS-RIPE

 ___
 nginx-ru mailing list
 nginx-ru@nginx.org
 http://mailman.nginx.org/mailman/listinfo/nginx-ru
___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

400 Bad Request при http:// в Host

2014-09-05 Thread kilgur 
Версия nginx: 1.6.1
При запросе вида
GET http://somesite.ru/ HTTP/1.1
Host: http://somesite
nginx отвечает вышеуказанной ошибкой (400 Bad Request)
Строки в поле Host с любым мусором успешно игнорируются веб-сервером, но
вот имя сайта с указанием протокола приводит к ошибке.

В описании протокола есть пункт (5.2), который сообщает
If Request-URI is an absoluteURI, the host is part of the Request-URI. Any
Host header field value in the request MUST be ignored.
Т.е. любое содержимое заголовка Host должно быть проигнорировано...

На старом сервере древняя 0.6.30 спокойно воспринимает такой заголовок.

Есть какая-либо возможность настроить nginx так, чтобы он не выдавал ошибку
400?

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?21,253091,253091#msg-253091

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: 400 Bad Request при http:// в Host

2014-09-05 Thread Валентин Бартенев 
On Friday 05 September 2014 05:59:08 kilgur wrote:
 Версия nginx: 1.6.1
 При запросе вида
 GET http://somesite.ru/ HTTP/1.1
 Host: http://somesite
 nginx отвечает вышеуказанной ошибкой (400 Bad Request)
 Строки в поле Host с любым мусором успешно игнорируются веб-сервером, но
 вот имя сайта с указанием протокола приводит к ошибке.
 
 В описании протокола есть пункт (5.2), который сообщает
 If Request-URI is an absoluteURI, the host is part of the Request-URI. Any
 Host header field value in the request MUST be ignored.
 Т.е. любое содержимое заголовка Host должно быть проигнорировано...

Вы цитируете устаревший RFC, да ещё часть про роутинг, а не про корректность.

На самом деле: http://tools.ietf.org/html/rfc7230#section-5.4

   A server MUST respond with a 400 (Bad Request) status code to any
   HTTP/1.1 request message that lacks a Host header field and to any
   request message that contains more than one Host header field or a
   Host header field with an invalid field-value.


 
 На старом сервере древняя 0.6.30 спокойно воспринимает такой заголовок.
 
 Есть какая-либо возможность настроить nginx так, чтобы он не выдавал ошибку
 400?
 

Нет.

--
Валентин Бартенев
___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: 400 Bad Request при http:// в Host

2014-09-05 Thread kilgur 
Валентин Бартенев Wrote:
---
 Вы цитируете устаревший RFC, да ещё часть про роутинг, а не про
 корректность.
 
 На самом деле: http://tools.ietf.org/html/rfc7230#section-5.4
 
A server MUST respond with a 400 (Bad Request) status code to any
HTTP/1.1 request message that lacks a Host header field and to any
request message that contains more than one Host header field or a
Host header field with an invalid field-value.

А если у меня nginx является фронтэндом к локальному апачу, он считается
прокси? :)

When a proxy receives a request with an absolute-form of
   request-target, the proxy MUST ignore the received Host header field
   (if any) and instead replace it with the host information of the
   request-target.  A proxy that forwards such a request MUST generate a
   new Host field-value based on the received request-target rather than
   forward the received Host field-value.


  Есть какая-либо возможность настроить nginx так, чтобы он не выдавал
 ошибку
  400?
 
 Нет.
 
Очень негибко...
Я уже собрал nginx с поддержкой lua - проверить, передает ли nginx заголовки
в header_filter_by_lua ДО отказа клиенту... ан нет, не вышло...
Остается только исходники nginx'а править?

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?21,253091,253094#msg-253094

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: 400 Bad Request при http:// в Host

2014-09-05 Thread Валентин Бартенев 
On Friday 05 September 2014 07:53:52 kilgur wrote:
 Валентин Бартенев Wrote:
 ---
  Вы цитируете устаревший RFC, да ещё часть про роутинг, а не про
  корректность.
  
  На самом деле: http://tools.ietf.org/html/rfc7230#section-5.4
  
 A server MUST respond with a 400 (Bad Request) status code to any
 HTTP/1.1 request message that lacks a Host header field and to any
 request message that contains more than one Host header field or a
 Host header field with an invalid field-value.
 
 А если у меня nginx является фронтэндом к локальному апачу, он считается
 прокси? :)

Не считается.  Что такое proxy четко определено в том же RFC.

   A proxy is a message-forwarding agent that is selected by the
   client, usually via local configuration rules, to receive requests
   for some type(s) of absolute URI and attempt to satisfy those
   requests via translation through the HTTP interface.

Под прокси в данном случае понимается исключительно forward proxy,
который прописывается на клиенте.

Nginx не предназначен, и никогда не был, для использования в качестве
forward proxy.


 
 When a proxy receives a request with an absolute-form of
request-target, the proxy MUST ignore the received Host header field
(if any) and instead replace it with the host information of the
request-target.  A proxy that forwards such a request MUST generate a
new Host field-value based on the received request-target rather than
forward the received Host field-value.

Это относится к роутингу.  Ignore тут касается роутинга запроса, а не
его валидности.  Всё это не отменяет того, что значение в заголовке должно
быть при этом валидно с точки зрения заголовка.

 
 
   Есть какая-либо возможность настроить nginx так, чтобы он не выдавал
  ошибку
   400?
  
  Нет.
  
 Очень негибко...
 Я уже собрал nginx с поддержкой lua - проверить, передает ли nginx заголовки
 в header_filter_by_lua ДО отказа клиенту... ан нет, не вышло...
 Остается только исходники nginx'а править?
 

Правьте исходники клиента.  Это будет значительно полезнее, а также не
приведет к возможным проблемам с безопасностью.

Фильтрация / в первую очередь необходима для того, чтобы через Host 
злоумышленник не имел возможности пробрасывать пути к файлам и директориям.

--
Валентин Бартенев
___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

nginx несколько IP

2014-09-05 Thread arriah 
Здравствуйте

Есть сервер с двумя IP с одним сетевым интерфейсом.. IP прописан альясом 

nginx слушает на стандартном порту по дополнительному IP, а отвечает с
основного

Как настроить nginx, чтобы он отвечал с того же IP, на который приходит
запрос?

Спасибо.

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?21,253107,253107#msg-253107

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

NGINX SSL passthrough without certificate

2014-09-05 Thread OzJD 
We currently have a backend server that listens for SSL requests, and (using
SNI) chooses to pass them on to the correct place, or alternatively will
serve the requested HTTPS.

Our current configuration is slow (not painfully, just slower than we'd
like), and we figured having NGINX do some of the work would speed things
up.

Can NGINX pass through some HTTPS requests (by domain) without modifying
anything (by checking SNI in the initial packet)? Most (all?) websites
indicate that I should decode and encode the traffic (which is not be
possible because of cases such as https://google.com/).

So ultimately, what would be ideal for us is:
1. NGINX sits on network boundary, listening for SSL/TLS connections
2. When a new connection comes in, NGINX decides to pass on the TLS
connection without touching it OR serve it as a regular HTTPS website (OR
depends on domain)

Lastly, is there any current way to achieve X-FORWARDED-FOR with HTTPS? I
understand it can't go into the actual HTTPS request, but figured it could
be sent BEFORE the HTTPS decode packet. (the receiving end would have to
understand this also)

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,253088,253088#msg-253088

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

RE: NGINX SSL passthrough without certificate

2014-09-05 Thread Lukas Tribus 
Hi,


 We currently have a backend server that listens for SSL requests, and (using
 SNI) chooses to pass them on to the correct place, or alternatively will
 serve the requested HTTPS.

 Our current configuration is slow (not painfully, just slower than we'd
 like), and we figured having NGINX do some of the work would speed things
 up.

 Can NGINX pass through some HTTPS requests (by domain) without modifying
 anything (by checking SNI in the initial packet)? Most (all?) websites
 indicate that I should decode and encode the traffic (which is not be
 possible because of cases such as https://google.com/).

 So ultimately, what would be ideal for us is:
 1. NGINX sits on network boundary, listening for SSL/TLS connections
 2. When a new connection comes in, NGINX decides to pass on the TLS
 connection without touching it OR serve it as a regular HTTPS website (OR
 depends on domain)

 Lastly, is there any current way to achieve X-FORWARDED-FOR with HTTPS? I
 understand it can't go into the actual HTTPS request, but figured it could
 be sent BEFORE the HTTPS decode packet. (the receiving end would have to
 understand this also)

For all those things, haproxy is way more adequate.



Regards,

Lukas

  
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: RE: NGINX SSL passthrough without certificate

2014-09-05 Thread OzJD 
Hi Lukas,

While HAProxy is able to do some of those things (not sure about
X-FORWARDED-FOR workarounds?), I'd still prefer to use NGINX where possible
(for other reasons, such as PageSpeed support, etc)

Is NGINX able to do any of the things mentioned in the question?
Specifically, can it sort by SNI hostname without becoming an SSL endpoint?
If not, is there a reason why? (has it been decided by the community that
it's not a good idea, or it just hasn't been developed?)

I've seen a few similar questions around, but no definitive answer.

Thanks,
OzJD

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,253088,253090#msg-253090

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

RE: NGINX SSL passthrough without certificate

2014-09-05 Thread Lukas Tribus 
Hi,


 Hi Lukas,

 While HAProxy is able to do some of those things (not sure about
 X-FORWARDED-FOR workarounds?)


Yes, haproxy supports and pushes the PROXY protocol for this exact reason.



 I'd still prefer to use NGINX where possible
 (for other reasons, such as PageSpeed support, etc)

Well, you can't use PageSpeed if you forward SSL encrypted TCP traffic,
can you? Perhaps you need a combination between the two?


For example, SNI based routing on a first (HAProxy) layer, passing the
SSL encrypted traffic either to nginx, for decryption/pagepspeed, etc or
directly to a backend (based on SNI).



 Is NGINX able to do any of the things mentioned in the question?

I don't think so, mainly because nginx' focus is http/https, not TCP
forwarding.





Regards,

Lukas

  
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: RE: NGINX SSL passthrough without certificate

2014-09-05 Thread OzJD 
Lukas,

I think you're right. The combination of three may be optimal at this time.

I'll see what I come up with - I hadn't heard of the PROXY protocol before
(was thinking of something similar though). That's made my life plenty
easier!

Thanks mate :-)

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,253088,253095#msg-253095

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

urgent need help ,ssl error ;

2014-09-05 Thread vk1dadhich 
Hi Team,

I am facing a issue regarding the ssl in nginx , find below the error logs
:


2014/09/05 19:23:36 [emerg] 18774#0:
SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL:
error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file:PEM lib)
2014/09/05 19:23:36 [emerg] 18775#0:
SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL:
error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file:PEM lib)
2014/09/05 19:26:51 [emerg] 18977#0:
SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL:
error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file:PEM lib)
2014/09/05 19:26:51 [emerg] 18978#0:
SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL:
error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL
routines:SSL_CTX_use_PrivateKey_file:PEM lib)

had donethe google but can't resolve, only you guies can help me, its very
urgent.

Thank  Regards
Vijay kr
vk1dadh...@gmail.com

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,253088,253098#msg-253098

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: urgent need help ,ssl error ;

2014-09-05 Thread vk1dadhich 
One most imporatant thing, we site working with https from 2 months but
after configuer the sftp with openssl , it created the problem. 
i did the old settings of sshd_config, as it is as its worked, but still
facing the issue.

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,253088,253099#msg-253099

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: urgent need help ,ssl error ;

2014-09-05 Thread Miguel Clara 
Seems like /etc/nginx/ssl/server.crt content is not correct (no start
line error), maybe a bad copy paste?


Melhores Cumprimentos // Best Regards
---
*Miguel Clara*
*IT - Sys Admin  Developer*
*E-mail:*miguelmcl...@gmail.com
 www.linkedin.com/in/miguelmclara/


On Fri, Sep 5, 2014 at 3:11 PM, vk1dadhich nginx-fo...@nginx.us wrote:

 Hi Team,

 I am facing a issue regarding the ssl in nginx , find below the error logs
 :


 2014/09/05 19:23:36 [emerg] 18774#0:
 SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL:
 error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL
 routines:SSL_CTX_use_PrivateKey_file:PEM lib)
 2014/09/05 19:23:36 [emerg] 18775#0:
 SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL:
 error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL
 routines:SSL_CTX_use_PrivateKey_file:PEM lib)
 2014/09/05 19:26:51 [emerg] 18977#0:
 SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL:
 error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL
 routines:SSL_CTX_use_PrivateKey_file:PEM lib)
 2014/09/05 19:26:51 [emerg] 18978#0:
 SSL_CTX_use_PrivateKey_file(/etc/nginx/ssl/server.crt) failed (SSL:
 error:0906D06C:PEM routines:PEM_read_bio:no start line error:140B0009:SSL
 routines:SSL_CTX_use_PrivateKey_file:PEM lib)

 had donethe google but can't resolve, only you guies can help me, its very
 urgent.

 Thank  Regards
 Vijay kr
 vk1dadh...@gmail.com

 Posted at Nginx Forum:
 http://forum.nginx.org/read.php?2,253088,253098#msg-253098

 ___
 nginx mailing list
 nginx@nginx.org
 http://mailman.nginx.org/mailman/listinfo/nginx

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx mail proxy - dovecot ssl backend

2014-09-05 Thread useopenid 
Thanks!  I setup stunnel in the interim, but this will be more efficient.

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,219069,253106#msg-253106

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx