Re: Nginx не отвечает на запросы

[Mikanoshi]

Отключил оба модуля сторонних - то же самое, виснет.

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?21,269501,269606#msg-269606

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

how to get common name from client cert in TLS connection instead of HTTPS

[Albert Zhang]

how to get common name from client cert in TLS connection instead of HTTPS. I 
am using TLS not https and want to get common name from client cert using nginx 
plus ami on was, 
I am using AWS elb(ssl)+nginx client certificate ssl I know use 
$ssl_client_s_dn but how to get/compare the value here is my config:
stream {
upstream stream_backend {
 server 10.252.1.131:1983;
 server 10.252.1.131:2983;
}
server {
listen4443 ssl;
proxy_passstream_backend;
 proxy_ssl on;
proxy_ssl_certificate /etc/ssl/certs/server.crt;
proxy_ssl_certificate_key /etc/ssl/certs/server.key;
proxy_ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;
proxy_ssl_ciphers HIGH:!aNULL:!MD5;
#  proxy_ssl_client_certificate /etc/ssl/certs/ca.pem;
proxy_ssl_trusted_certificate /etc/ssl/certs/ca.pem;
#proxy_ssl_session_reuse on;
proxy_ssl_verify   on;
proxy_ssl_verify_depth 4;
#proxy_ssl_verify_client optional;
ssl_certificate   /etc/ssl/certs/server.crt;
ssl_certificate_key   /etc/ssl/certs/server.key;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers   HIGH:!aNULL:!MD5;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout   4h;
ssl_handshake_timeout 30s;
 }

}

albert

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

purge cache on put/post request

[caviar34]

Здравствуйте. Хочется настроить nginx следующим образом:
- Приходит GET - кэшируем, либо отдаем из кэша.
- Приходит PUT, удаляем весь кэш, пропускаем запрос на бэкенд.

Смотрю в сторону встроенного perl, в правильную ли сторону смотрю?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?21,269604,269604#msg-269604

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: we need an explicit max_fails flag to allow origin error through?

[Maxim Dounin]

Hello!

On Thu, Sep 15, 2016 at 02:55:47PM +0100, Mark McDonnell wrote:

> We have an upstream that we know is serving a 500 error.
> 
> We've noticed that NGINX is serving up a nginx specific "502 Bad Gateway"
> page instead of showing the actual Apache origin error that we'd expect to
> come through.
> 
> To solve this we've added `max_fail: 0` onto the upstream server (there is
> only one server inside the upstream block) and now the original apache
> error page comes through.
> 
> I'm not sure why that is for two reasons:
> 
> 
>1. because max_fail should have no effect on the behaviour of something
>like proxy_intercept_errors (which is disabled/off by default, meaning any
>errors coming from an upstream should be proxied 'as is' to the client)

When all servers in the upstream block are marked failed and/or 
nginx failed to get a valid answer from any of the working 
servers, nginx will just return 502 himself.  And this is probably 
what happens in your case.

>2. because max_fail should (according to nginx's docs) be a no-op... "If
>there is only a single server in a group, max_fails, fail_timeout and
>slow_start parameters are ignored, and such a server will never be
>considered unavailable"

The "max_fails" parameter is expected to be a nop with only one 
server in the upstream block and assuming standard balancers.

Note though, that:

- non-standard balancers may behave differently;

- backup servers are counted - if you have backup servers, nginx 
  will honor max_fails;

- if a name is used in the "server" directive, and the name 
  resolves to multiple addresses, this means multiple servers 
  from nginx point of view.

The latter can be easily hit by using names like "localhost" in 
the configuration.

Note well that just 500 error from an upstream server is not 
something that nginx will consider to be an error unless you've 
explicitly configured it using proxy_next_upstream, see 
http://nginx.org/r/proxy_next_upstream.

The behaviour you describe suggests that your configuration has 
both "proxy_next_upstream http_500" and multiple servers.

-- 
Maxim Dounin
http://nginx.org/

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

[njs] Fixed compilation of nginx njs module without stream or http.

[Roman Arutyunyan]

details:   http://hg.nginx.org/njs/rev/16cc1aaf4e47
branches:  
changeset: 174:16cc1aaf4e47
user:  Roman Arutyunyan 
date:  Thu Sep 15 17:34:34 2016 +0300
description:
Fixed compilation of nginx njs module without stream or http.

Additionally, support for nginx versions without dynamic modules is now dropped.

diffstat:

 nginx/config |  14 +++---
 1 files changed, 3 insertions(+), 11 deletions(-)

diffs (38 lines):

diff -r 1745fcf4a5cc -r 16cc1aaf4e47 nginx/config
--- a/nginx/config  Thu Sep 15 10:52:01 2016 +0300
+++ b/nginx/config  Thu Sep 15 17:34:34 2016 +0300
@@ -1,6 +1,6 @@
 ngx_addon_name="ngx_js_module"
 
-if test -n "$ngx_module_link"; then
+if [ $HTTP != NO ]; then
 ngx_module_type=HTTP
 ngx_module_name=ngx_http_js_module
 ngx_module_incs="$ngx_addon_dir/../nxt $ngx_addon_dir/../njs"
@@ -8,7 +8,9 @@ if test -n "$ngx_module_link"; then
 ngx_module_libs="PCRE $ngx_addon_dir/../build/libnjs.a -lm"
 
 . auto/module
+fi
 
+if [ $STREAM != NO ]; then
 ngx_module_type=STREAM
 ngx_module_name=ngx_stream_js_module
 ngx_module_incs="$ngx_addon_dir/../nxt $ngx_addon_dir/../njs"
@@ -16,16 +18,6 @@ if test -n "$ngx_module_link"; then
 ngx_module_libs="PCRE $ngx_addon_dir/../build/libnjs.a -lm"
 
 . auto/module
-else
-USE_PCRE=YES
-
-HTTP_MODULES="$HTTP_MODULES ngx_http_js_module"
-STREAM_MODULES="$STREAM_MODULES ngx_stream_js_module"
-CORE_INCS="$CORE_INCS $ngx_addon_dir/../nxt $ngx_addon_dir/../njs"
-NGX_ADDON_SRCS="$NGX_ADDON_SRCS \
-$ngx_addon_dir/ngx_http_js_module.c \
-$ngx_addon_dir/ngx_stream_js_module.c"
-CORE_LIBS="$CORE_LIBS $ngx_addon_dir/../build/libnjs.a -lm"
 fi
 
 LINK_DEPS="$LINK_DEPS $ngx_addon_dir/../build/libnjs.a"

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

we need an explicit max_fails flag to allow origin error through?

[Mark McDonnell]

Hello,

We have an upstream that we know is serving a 500 error.

We've noticed that NGINX is serving up a nginx specific "502 Bad Gateway"
page instead of showing the actual Apache origin error that we'd expect to
come through.

To solve this we've added `max_fail: 0` onto the upstream server (there is
only one server inside the upstream block) and now the original apache
error page comes through.

I'm not sure why that is for two reasons:


   1. because max_fail should have no effect on the behaviour of something
   like proxy_intercept_errors (which is disabled/off by default, meaning any
   errors coming from an upstream should be proxied 'as is' to the client)

   2. because max_fail should (according to nginx's docs) be a no-op... "If
   there is only a single server in a group, max_fails, fail_timeout and
   slow_start parameters are ignored, and such a server will never be
   considered unavailable"

​Does​ any one have any further insights here?

Thanks.

M.

-- 

Mark McDonnell | BuzzFeed | Senior Software Engineer | @integralist

https://keybase.io/integralist 40 Argyll Street, 2nd Floor, London, W1F 7EB
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

[nginx] Version bump.

[Vladimir Homutov]

details:   http://hg.nginx.org/nginx/rev/4bce3edfac2c
branches:  
changeset: 6691:4bce3edfac2c
user:  Vladimir Homutov 
date:  Thu Sep 15 14:56:26 2016 +0300
description:
Version bump.

diffstat:

 src/core/nginx.h |  4 ++--
 1 files changed, 2 insertions(+), 2 deletions(-)

diffs (14 lines):

diff -r 9a4934f07bb4 -r 4bce3edfac2c src/core/nginx.h
--- a/src/core/nginx.h  Tue Sep 13 18:39:24 2016 +0300
+++ b/src/core/nginx.h  Thu Sep 15 14:56:26 2016 +0300
@@ -9,8 +9,8 @@
 #define _NGINX_H_INCLUDED_
 
 
-#define nginx_version  1011004
-#define NGINX_VERSION  "1.11.4"
+#define nginx_version  1011005
+#define NGINX_VERSION  "1.11.5"
 #define NGINX_VER  "nginx/" NGINX_VERSION
 
 #ifdef NGX_BUILD

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[nginx] Stream: phases.

[Vladimir Homutov]

details:   http://hg.nginx.org/nginx/rev/3908156a51fa
branches:  
changeset: 6693:3908156a51fa
user:  Roman Arutyunyan 
date:  Thu Sep 15 14:55:54 2016 +0300
description:
Stream: phases.

diffstat:

 src/stream/ngx_stream.c   |  110 
 src/stream/ngx_stream.h   |   57 +++-
 src/stream/ngx_stream_access_module.c |   11 +-
 src/stream/ngx_stream_core_module.c   |  102 +++
 src/stream/ngx_stream_handler.c   |  198 -
 src/stream/ngx_stream_limit_conn_module.c |   12 +-
 src/stream/ngx_stream_log_module.c|8 +-
 src/stream/ngx_stream_realip_module.c |8 +-
 src/stream/ngx_stream_ssl_module.c|  108 -
 9 files changed, 428 insertions(+), 186 deletions(-)

diffs (864 lines):

diff -r 56fc55e32f23 -r 3908156a51fa src/stream/ngx_stream.c
--- a/src/stream/ngx_stream.c   Thu Sep 15 14:55:46 2016 +0300
+++ b/src/stream/ngx_stream.c   Thu Sep 15 14:55:54 2016 +0300
@@ -12,6 +12,10 @@
 
 
 static char *ngx_stream_block(ngx_conf_t *cf, ngx_command_t *cmd, void *conf);
+static ngx_int_t ngx_stream_init_phases(ngx_conf_t *cf,
+ngx_stream_core_main_conf_t *cmcf);
+static ngx_int_t ngx_stream_init_phase_handlers(ngx_conf_t *cf,
+ngx_stream_core_main_conf_t *cmcf);
 static ngx_int_t ngx_stream_add_ports(ngx_conf_t *cf, ngx_array_t *ports,
 ngx_stream_listen_t *listen);
 static char *ngx_stream_optimize_servers(ngx_conf_t *cf, ngx_array_t *ports);
@@ -219,6 +223,10 @@ ngx_stream_block(ngx_conf_t *cf, ngx_com
 }
 }
 
+if (ngx_stream_init_phases(cf, cmcf) != NGX_OK) {
+return NGX_CONF_ERROR;
+}
+
 for (m = 0; cf->cycle->modules[m]; m++) {
 if (cf->cycle->modules[m]->type != NGX_STREAM_MODULE) {
 continue;
@@ -239,6 +247,9 @@ ngx_stream_block(ngx_conf_t *cf, ngx_com
 
 *cf = pcf;
 
+if (ngx_stream_init_phase_handlers(cf, cmcf) != NGX_OK) {
+return NGX_CONF_ERROR;
+}
 
 if (ngx_array_init(, cf->temp_pool, 4, 
sizeof(ngx_stream_conf_port_t))
 != NGX_OK)
@@ -259,6 +270,105 @@ ngx_stream_block(ngx_conf_t *cf, ngx_com
 
 
 static ngx_int_t
+ngx_stream_init_phases(ngx_conf_t *cf, ngx_stream_core_main_conf_t *cmcf)
+{
+if (ngx_array_init(>phases[NGX_STREAM_POST_ACCEPT_PHASE].handlers,
+   cf->pool, 1, sizeof(ngx_stream_handler_pt))
+!= NGX_OK)
+{
+return NGX_ERROR;
+}
+
+if (ngx_array_init(>phases[NGX_STREAM_PREACCESS_PHASE].handlers,
+   cf->pool, 1, sizeof(ngx_stream_handler_pt))
+!= NGX_OK)
+{
+return NGX_ERROR;
+}
+
+if (ngx_array_init(>phases[NGX_STREAM_ACCESS_PHASE].handlers,
+   cf->pool, 1, sizeof(ngx_stream_handler_pt))
+!= NGX_OK)
+{
+return NGX_ERROR;
+}
+
+#if (NGX_STREAM_SSL)
+if (ngx_array_init(>phases[NGX_STREAM_SSL_PHASE].handlers,
+   cf->pool, 1, sizeof(ngx_stream_handler_pt))
+!= NGX_OK)
+{
+return NGX_ERROR;
+}
+#endif
+
+if (ngx_array_init(>phases[NGX_STREAM_LOG_PHASE].handlers,
+   cf->pool, 1, sizeof(ngx_stream_handler_pt))
+!= NGX_OK)
+{
+return NGX_ERROR;
+}
+
+return NGX_OK;
+}
+
+
+static ngx_int_t
+ngx_stream_init_phase_handlers(ngx_conf_t *cf,
+ngx_stream_core_main_conf_t *cmcf)
+{
+ngx_int_t j;
+ngx_uint_ti, n;
+ngx_stream_handler_pt*h;
+ngx_stream_phase_handler_t   *ph;
+ngx_stream_phase_handler_pt   checker;
+
+n = 1 /* content phase */;
+
+for (i = 0; i < NGX_STREAM_LOG_PHASE; i++) {
+n += cmcf->phases[i].handlers.nelts;
+}
+
+ph = ngx_pcalloc(cf->pool,
+ n * sizeof(ngx_stream_phase_handler_t) + sizeof(void *));
+if (ph == NULL) {
+return NGX_ERROR;
+}
+
+cmcf->phase_engine.handlers = ph;
+n = 0;
+
+for (i = 0; i < NGX_STREAM_LOG_PHASE; i++) {
+h = cmcf->phases[i].handlers.elts;
+
+switch (i) {
+
+case NGX_STREAM_CONTENT_PHASE:
+ph->checker = ngx_stream_core_content_phase;
+n++;
+ph++;
+
+continue;
+
+default:
+checker = ngx_stream_core_generic_phase;
+}
+
+n += cmcf->phases[i].handlers.nelts;
+
+for (j = cmcf->phases[i].handlers.nelts - 1; j >= 0; j--) {
+ph->checker = checker;
+ph->handler = h[j];
+ph->next = n;
+ph++;
+}
+}
+
+return NGX_OK;
+}
+
+
+static ngx_int_t
 ngx_stream_add_ports(ngx_conf_t *cf, ngx_array_t *ports,
 ngx_stream_listen_t *listen)
 {
diff -r 56fc55e32f23 -r 3908156a51fa src/stream/ngx_stream.h
--- a/src/stream/ngx_stream.h   Thu Sep 15 14:55:46 2016 +0300
+++ b/src/stream/ngx_stream.h   Thu Sep 15 14:55:54 2016 +0300
@@ -115,17 +115,48 @@ typedef struct {

[nginx] Stream: ssl_preread module.

[Vladimir Homutov]

details:   http://hg.nginx.org/nginx/rev/060d71292b69
branches:  
changeset: 6695:060d71292b69
user:  Vladimir Homutov 
date:  Thu Sep 15 14:56:51 2016 +0300
description:
Stream: ssl_preread module.

The ssl_preread module extracts information from the SSL Client Hello message
without terminating SSL.  Currently, only $ssl_preread_server_name variable
is supported, which contains server name from the SNI extension.

diffstat:

 auto/modules   |   10 +
 auto/options   |4 +
 src/stream/ngx_stream_ssl_preread_module.c |  448 +
 3 files changed, 462 insertions(+), 0 deletions(-)

diffs (500 lines):

diff -r ea9dfe2f62e7 -r 060d71292b69 auto/modules
--- a/auto/modules  Thu Sep 15 14:56:02 2016 +0300
+++ b/auto/modules  Thu Sep 15 14:56:51 2016 +0300
@@ -1120,6 +1120,16 @@ if [ $STREAM != NO ]; then
 
 . auto/module
 fi
+
+if [ $STREAM_SSL_PREREAD = YES ]; then
+ngx_module_name=ngx_stream_ssl_preread_module
+ngx_module_deps=
+ngx_module_srcs=src/stream/ngx_stream_ssl_preread_module.c
+ngx_module_libs=
+ngx_module_link=$STREAM_SSL_PREREAD
+
+. auto/module
+fi
 fi
 
 
diff -r ea9dfe2f62e7 -r 060d71292b69 auto/options
--- a/auto/options  Thu Sep 15 14:56:02 2016 +0300
+++ b/auto/options  Thu Sep 15 14:56:51 2016 +0300
@@ -126,6 +126,7 @@ STREAM_RETURN=YES
 STREAM_UPSTREAM_HASH=YES
 STREAM_UPSTREAM_LEAST_CONN=YES
 STREAM_UPSTREAM_ZONE=YES
+STREAM_SSL_PREREAD=NO
 
 DYNAMIC_MODULES=
 
@@ -301,6 +302,8 @@ use the \"--with-mail_ssl_module\" optio
 --with-stream_geoip_module)  STREAM_GEOIP=YES   ;;
 --with-stream_geoip_module=dynamic)
  STREAM_GEOIP=DYNAMIC   ;;
+--with-stream_ssl_preread_module)
+ STREAM_SSL_PREREAD=YES ;;
 --without-stream_limit_conn_module)
  STREAM_LIMIT_CONN=NO   ;;
 --without-stream_access_module)  STREAM_ACCESS=NO   ;;
@@ -508,6 +511,7 @@ cat << END
   --with-stream_realip_moduleenable ngx_stream_realip_module
   --with-stream_geoip_module enable ngx_stream_geoip_module
   --with-stream_geoip_module=dynamic enable dynamic ngx_stream_geoip_module
+  --with-stream_ssl_preread_module   enable ngx_stream_ssl_preread_module
   --without-stream_limit_conn_module disable ngx_stream_limit_conn_module
   --without-stream_access_module disable ngx_stream_access_module
   --without-stream_geo_moduledisable ngx_stream_geo_module
diff -r ea9dfe2f62e7 -r 060d71292b69 src/stream/ngx_stream_ssl_preread_module.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +
+++ b/src/stream/ngx_stream_ssl_preread_module.cThu Sep 15 14:56:51 
2016 +0300
@@ -0,0 +1,448 @@
+
+/*
+ * Copyright (C) Nginx, Inc.
+ */
+
+
+#include 
+#include 
+#include 
+
+
+typedef struct {
+ngx_flag_t  enabled;
+} ngx_stream_ssl_preread_srv_conf_t;
+
+
+typedef struct {
+size_t  left;
+size_t  size;
+u_char *pos;
+u_char *dst;
+u_char  buf[4];
+ngx_str_t   host;
+ngx_log_t  *log;
+ngx_pool_t *pool;
+ngx_uint_t  state;
+} ngx_stream_ssl_preread_ctx_t;
+
+
+static ngx_int_t ngx_stream_ssl_preread_handler(ngx_stream_session_t *s);
+static ngx_int_t ngx_stream_ssl_preread_parse_record(
+ngx_stream_ssl_preread_ctx_t *ctx, u_char *pos, u_char *last);
+static ngx_int_t ngx_stream_ssl_preread_server_name_variable(
+ngx_stream_session_t *s, ngx_stream_variable_value_t *v, uintptr_t data);
+static ngx_int_t ngx_stream_ssl_preread_add_variables(ngx_conf_t *cf);
+static void *ngx_stream_ssl_preread_create_srv_conf(ngx_conf_t *cf);
+static char *ngx_stream_ssl_preread_merge_srv_conf(ngx_conf_t *cf, void 
*parent,
+void *child);
+static ngx_int_t ngx_stream_ssl_preread_init(ngx_conf_t *cf);
+
+
+static ngx_command_t  ngx_stream_ssl_preread_commands[] = {
+
+{ ngx_string("ssl_preread"),
+  NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_FLAG,
+  ngx_conf_set_flag_slot,
+  NGX_STREAM_SRV_CONF_OFFSET,
+  offsetof(ngx_stream_ssl_preread_srv_conf_t, enabled),
+  NULL },
+
+  ngx_null_command
+};
+
+
+static ngx_stream_module_t  ngx_stream_ssl_preread_module_ctx = {
+ngx_stream_ssl_preread_add_variables,   /* preconfiguration */
+ngx_stream_ssl_preread_init,/* postconfiguration */
+
+NULL,   /* create main configuration */
+NULL,   /* init main configuration */
+
+ngx_stream_ssl_preread_create_srv_conf, /* create server configuration */
+ngx_stream_ssl_preread_merge_srv_conf   /* merge server configuration */
+};
+
+
+ngx_module_t  ngx_stream_ssl_preread_module = {
+NGX_MODULE_V1,
+

[nginx] Stream: preread phase.

[Vladimir Homutov]

details:   http://hg.nginx.org/nginx/rev/ea9dfe2f62e7
branches:  
changeset: 6694:ea9dfe2f62e7
user:  Vladimir Homutov 
date:  Thu Sep 15 14:56:02 2016 +0300
description:
Stream: preread phase.

In this phase, head of a stream is read and analysed before proceeding to the
content phase.  Amount of data read is controlled by the module implementing
the phase, but not more than defined by the "preread_buffer_size" directive.
The time spent on processing preread is controlled by the "preread_timeout"
directive.

The typical preread phase module will parse the beginning of a stream and set
variable that may be used by the content phase, for example to make routing
decision.

diffstat:

 src/stream/ngx_stream.c |   11 +++
 src/stream/ngx_stream.h |5 +
 src/stream/ngx_stream_core_module.c |  130 +++-
 3 files changed, 145 insertions(+), 1 deletions(-)

diffs (225 lines):

diff -r 3908156a51fa -r ea9dfe2f62e7 src/stream/ngx_stream.c
--- a/src/stream/ngx_stream.c   Thu Sep 15 14:55:54 2016 +0300
+++ b/src/stream/ngx_stream.c   Thu Sep 15 14:56:02 2016 +0300
@@ -302,6 +302,13 @@ ngx_stream_init_phases(ngx_conf_t *cf, n
 }
 #endif
 
+if (ngx_array_init(>phases[NGX_STREAM_PREREAD_PHASE].handlers,
+   cf->pool, 1, sizeof(ngx_stream_handler_pt))
+!= NGX_OK)
+{
+return NGX_ERROR;
+}
+
 if (ngx_array_init(>phases[NGX_STREAM_LOG_PHASE].handlers,
cf->pool, 1, sizeof(ngx_stream_handler_pt))
 != NGX_OK)
@@ -343,6 +350,10 @@ ngx_stream_init_phase_handlers(ngx_conf_
 
 switch (i) {
 
+case NGX_STREAM_PREREAD_PHASE:
+checker = ngx_stream_core_preread_phase;
+break;
+
 case NGX_STREAM_CONTENT_PHASE:
 ph->checker = ngx_stream_core_content_phase;
 n++;
diff -r 3908156a51fa -r ea9dfe2f62e7 src/stream/ngx_stream.h
--- a/src/stream/ngx_stream.h   Thu Sep 15 14:55:54 2016 +0300
+++ b/src/stream/ngx_stream.h   Thu Sep 15 14:56:02 2016 +0300
@@ -122,6 +122,7 @@ typedef enum {
 #if (NGX_STREAM_SSL)
 NGX_STREAM_SSL_PHASE,
 #endif
+NGX_STREAM_PREREAD_PHASE,
 NGX_STREAM_CONTENT_PHASE,
 NGX_STREAM_LOG_PHASE
 } ngx_stream_phases;
@@ -181,6 +182,8 @@ typedef struct {
 ngx_uint_t line;
 
 ngx_flag_t tcp_nodelay;
+size_t preread_buffer_size;
+ngx_msec_t preread_timeout;
 
 ngx_log_t *error_log;
 
@@ -280,6 +283,8 @@ typedef struct {
 void ngx_stream_core_run_phases(ngx_stream_session_t *s);
 ngx_int_t ngx_stream_core_generic_phase(ngx_stream_session_t *s,
 ngx_stream_phase_handler_t *ph);
+ngx_int_t ngx_stream_core_preread_phase(ngx_stream_session_t *s,
+ngx_stream_phase_handler_t *ph);
 ngx_int_t ngx_stream_core_content_phase(ngx_stream_session_t *s,
 ngx_stream_phase_handler_t *ph);
 
diff -r 3908156a51fa -r ea9dfe2f62e7 src/stream/ngx_stream_core_module.c
--- a/src/stream/ngx_stream_core_module.c   Thu Sep 15 14:55:54 2016 +0300
+++ b/src/stream/ngx_stream_core_module.c   Thu Sep 15 14:56:02 2016 +0300
@@ -91,6 +91,20 @@ static ngx_command_t  ngx_stream_core_co
   offsetof(ngx_stream_core_srv_conf_t, tcp_nodelay),
   NULL },
 
+{ ngx_string("preread_buffer_size"),
+  NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
+  ngx_conf_set_size_slot,
+  NGX_STREAM_SRV_CONF_OFFSET,
+  offsetof(ngx_stream_core_srv_conf_t, preread_buffer_size),
+  NULL },
+
+{ ngx_string("preread_timeout"),
+  NGX_STREAM_MAIN_CONF|NGX_STREAM_SRV_CONF|NGX_CONF_TAKE1,
+  ngx_conf_set_msec_slot,
+  NGX_STREAM_SRV_CONF_OFFSET,
+  offsetof(ngx_stream_core_srv_conf_t, preread_timeout),
+  NULL },
+
   ngx_null_command
 };
 
@@ -153,7 +167,7 @@ ngx_stream_core_generic_phase(ngx_stream
 
 /*
  * generic phase checker,
- * used by all phases, except for content
+ * used by all phases, except for preread and content
  */
 
 ngx_log_debug1(NGX_LOG_DEBUG_STREAM, s->connection->log, 0,
@@ -186,6 +200,112 @@ ngx_stream_core_generic_phase(ngx_stream
 
 
 ngx_int_t
+ngx_stream_core_preread_phase(ngx_stream_session_t *s,
+ngx_stream_phase_handler_t *ph)
+{
+size_t   size;
+ssize_t  n;
+ngx_int_trc;
+ngx_connection_t*c;
+ngx_stream_core_srv_conf_t  *cscf;
+
+c = s->connection;
+
+c->log->action = "prereading client data";
+
+cscf = ngx_stream_get_module_srv_conf(s, ngx_stream_core_module);
+
+if (c->read->timedout) {
+rc = NGX_STREAM_OK;
+
+} else if (c->read->timer_set) {
+rc = NGX_AGAIN;
+
+} else {
+rc = ph->handler(s);
+}
+
+while (rc == NGX_AGAIN) {
+
+if (c->buffer == NULL) {
+c->buffer = ngx_create_temp_buf(c->pool, 

[nginx] Stream: filters.

[Vladimir Homutov]

details:   http://hg.nginx.org/nginx/rev/56fc55e32f23
branches:  
changeset: 6692:56fc55e32f23
user:  Roman Arutyunyan 
date:  Thu Sep 15 14:55:46 2016 +0300
description:
Stream: filters.

diffstat:

 auto/modules|6 +-
 auto/sources|1 +
 src/event/modules/ngx_iocp_module.c |2 +
 src/event/ngx_event.h   |1 +
 src/event/ngx_event_accept.c|1 +
 src/event/ngx_event_connect.c   |1 +
 src/os/unix/ngx_darwin_init.c   |1 +
 src/os/unix/ngx_freebsd_init.c  |1 +
 src/os/unix/ngx_linux_init.c|1 +
 src/os/unix/ngx_os.h|3 +
 src/os/unix/ngx_posix_init.c|1 +
 src/os/unix/ngx_solaris_init.c  |1 +
 src/os/unix/ngx_udp_sendmsg_chain.c |  245 +
 src/os/win32/ngx_os.h   |2 +
 src/os/win32/ngx_win32_init.c   |2 +
 src/stream/ngx_stream.c |3 +
 src/stream/ngx_stream.h |   10 +
 src/stream/ngx_stream_handler.c |4 +
 src/stream/ngx_stream_proxy_module.c|  228 ++
 src/stream/ngx_stream_return_module.c   |   55 +++--
 src/stream/ngx_stream_upstream.h|   10 +
 src/stream/ngx_stream_write_filter_module.c |  273 
 22 files changed, 744 insertions(+), 108 deletions(-)

diffs (truncated from 1269 to 1000 lines):

diff -r 4bce3edfac2c -r 56fc55e32f23 auto/modules
--- a/auto/modules  Thu Sep 15 14:56:26 2016 +0300
+++ b/auto/modules  Thu Sep 15 14:55:46 2016 +0300
@@ -973,7 +973,8 @@ if [ $STREAM != NO ]; then
  ngx_stream_core_module \
  ngx_stream_log_module \
  ngx_stream_proxy_module \
- ngx_stream_upstream_module"
+ ngx_stream_upstream_module \
+ ngx_stream_write_filter_module"
 ngx_module_incs="src/stream"
 ngx_module_deps="src/stream/ngx_stream.h \
  src/stream/ngx_stream_variables.h \
@@ -988,7 +989,8 @@ if [ $STREAM != NO ]; then
  src/stream/ngx_stream_log_module.c \
  src/stream/ngx_stream_proxy_module.c \
  src/stream/ngx_stream_upstream.c \
- src/stream/ngx_stream_upstream_round_robin.c"
+ src/stream/ngx_stream_upstream_round_robin.c \
+ src/stream/ngx_stream_write_filter_module.c"
 
 . auto/module
 
diff -r 4bce3edfac2c -r 56fc55e32f23 auto/sources
--- a/auto/sources  Thu Sep 15 14:56:26 2016 +0300
+++ b/auto/sources  Thu Sep 15 14:55:46 2016 +0300
@@ -167,6 +167,7 @@ UNIX_SRCS="$CORE_SRCS $EVENT_SRCS \
 src/os/unix/ngx_send.c \
 src/os/unix/ngx_writev_chain.c \
 src/os/unix/ngx_udp_send.c \
+src/os/unix/ngx_udp_sendmsg_chain.c \
 src/os/unix/ngx_channel.c \
 src/os/unix/ngx_shmem.c \
 src/os/unix/ngx_process.c \
diff -r 4bce3edfac2c -r 56fc55e32f23 src/event/modules/ngx_iocp_module.c
--- a/src/event/modules/ngx_iocp_module.c   Thu Sep 15 14:56:26 2016 +0300
+++ b/src/event/modules/ngx_iocp_module.c   Thu Sep 15 14:55:46 2016 +0300
@@ -93,6 +93,8 @@ ngx_os_io_t ngx_iocp_io = {
 NULL,
 ngx_udp_overlapped_wsarecv,
 NULL,
+NULL,
+NULL,
 ngx_overlapped_wsasend_chain,
 0
 };
diff -r 4bce3edfac2c -r 56fc55e32f23 src/event/ngx_event.h
--- a/src/event/ngx_event.h Thu Sep 15 14:56:26 2016 +0300
+++ b/src/event/ngx_event.h Thu Sep 15 14:55:46 2016 +0300
@@ -430,6 +430,7 @@ extern ngx_os_io_t  ngx_io;
 #define ngx_send ngx_io.send
 #define ngx_send_chain   ngx_io.send_chain
 #define ngx_udp_send ngx_io.udp_send
+#define ngx_udp_send_chain   ngx_io.udp_send_chain
 
 
 #define NGX_EVENT_MODULE  0x544E5645  /* "EVNT" */
diff -r 4bce3edfac2c -r 56fc55e32f23 src/event/ngx_event_accept.c
--- a/src/event/ngx_event_accept.c  Thu Sep 15 14:56:26 2016 +0300
+++ b/src/event/ngx_event_accept.c  Thu Sep 15 14:55:46 2016 +0300
@@ -467,6 +467,7 @@ ngx_event_recvmsg(ngx_event_t *ev)
 *log = ls->log;
 
 c->send = ngx_udp_send;
+c->send_chain = ngx_udp_send_chain;
 
 c->log = log;
 c->pool->log = log;
diff -r 4bce3edfac2c -r 56fc55e32f23 src/event/ngx_event_connect.c
--- a/src/event/ngx_event_connect.c Thu Sep 15 14:56:26 2016 +0300
+++ b/src/event/ngx_event_connect.c Thu Sep 15 14:55:46 2016 +0300
@@ -166,6 +166,7 @@ ngx_event_connect_peer(ngx_peer_connecti
 } else { /* type == SOCK_DGRAM */
 c->recv = ngx_udp_recv;
 c->send = ngx_send;
+c->send_chain = ngx_udp_send_chain;
 }
 
 c->log_error = pc->log_error;
diff -r 4bce3edfac2c -r 56fc55e32f23 

Proxy_cache with variable

[Jugurtha]

Hello dream team,

I have problem when i use "proxy_cache" with a variable ! Using
"proxy_cache_purge" (call to proxy_cache) directive with a variable seems to
change that variable's value.
Tested on the last version nginx/1.11.4 (on Sles11 SP3) 

I would change my name cache dynamically

The following conf is OK :  (the file is purged) 


server {
   .
   location ~ /purge(/.*) {
allow  127.0.0.1;
deny   all;

set $cacheSelect carto;
#echo  "Zone:$cacheSelect";//Display carto
proxy_cache_purge $cacheSelect $host$1$is_args$args;  
//Return code 200 => File purged from the cache
}

...
}



But if i use "map" or "if" for change the cache variable, the problem
appears :

For example this URL : test.com/purge/librairies/test.js  => I make sure the
file exists in the cache before



map $uri $select_cache {
 default 'carto';
 ~*/tuiles/ 'tuiles';
 ~*/librairies/ 'librairies';
}

server {
   .
   location ~ /purge(/.*) {
allow  127.0.0.1;
deny   all;

set $cacheSelect carto;  //carto is the default value
if ($uri ~ /librairies/(.*)$ ) {
set $cacheSelect librairies;
}

 echo  "Zone:$cacheSelect";   //Display  librairies
 echo  "Zone:$select_cache";   //Display  librairies

#proxy_cache_purge $select_cache $host$1$is_args$args;  ==>
Return 404 (file not found in cache)
proxy_cache_purge $cacheSelect $host$1$is_args$args;  ==>
Return 404 (file not found in cache)
}
...
}

I feel that when I use "if" or "map" in my conf it does not work anymore

Thank you for your help

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269590,269590#msg-269590

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

[njs] Style: express requirement to use PCRE via $ngx_module_libs.

[Ruslan Ermilov]

details:   http://hg.nginx.org/njs/rev/1745fcf4a5cc
branches:  
changeset: 173:1745fcf4a5cc
user:  Ruslan Ermilov 
date:  Thu Sep 15 10:52:01 2016 +0300
description:
Style: express requirement to use PCRE via $ngx_module_libs.

diffstat:

 nginx/config |  8 
 1 files changed, 4 insertions(+), 4 deletions(-)

diffs (32 lines):

diff -r efd2f95aaeb4 -r 1745fcf4a5cc nginx/config
--- a/nginx/config  Tue Sep 13 16:59:27 2016 +0300
+++ b/nginx/config  Thu Sep 15 10:52:01 2016 +0300
@@ -1,13 +1,11 @@
 ngx_addon_name="ngx_js_module"
 
-USE_PCRE=YES
-
 if test -n "$ngx_module_link"; then
 ngx_module_type=HTTP
 ngx_module_name=ngx_http_js_module
 ngx_module_incs="$ngx_addon_dir/../nxt $ngx_addon_dir/../njs"
 ngx_module_srcs="$ngx_addon_dir/ngx_http_js_module.c"
-ngx_module_libs="$ngx_addon_dir/../build/libnjs.a -lm"
+ngx_module_libs="PCRE $ngx_addon_dir/../build/libnjs.a -lm"
 
 . auto/module
 
@@ -15,10 +13,12 @@ if test -n "$ngx_module_link"; then
 ngx_module_name=ngx_stream_js_module
 ngx_module_incs="$ngx_addon_dir/../nxt $ngx_addon_dir/../njs"
 ngx_module_srcs="$ngx_addon_dir/ngx_stream_js_module.c"
-ngx_module_libs="$ngx_addon_dir/../build/libnjs.a -lm"
+ngx_module_libs="PCRE $ngx_addon_dir/../build/libnjs.a -lm"
 
 . auto/module
 else
+USE_PCRE=YES
+
 HTTP_MODULES="$HTTP_MODULES ngx_http_js_module"
 STREAM_MODULES="$STREAM_MODULES ngx_stream_js_module"
 CORE_INCS="$CORE_INCS $ngx_addon_dir/../nxt $ngx_addon_dir/../njs"

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: Run time php variable change

[Tseveendorj Ochirlantuu]

Great. Thank you.

On Thu, Sep 15, 2016 at 4:45 PM, basti  wrote:

> It should work per location. I have nothing found in the docs at the
> moment.
> But be warned if you use more than one value here you must do something
> like
>
> fastcgi_param  PHP_VALUE "register_globals=0
> display_errors=0";
>
> or
>
> fastcgi_param  PHP_VALUE "register_globals=0\ndisplay_errors=0";
>
> On 15.09.2016 09:26, Tseveendorj Ochirlantuu wrote:
> > Hello,
> >
> > Basti thank you for help.
> >
> > Does this override system wide or it applied to /foo location ?
> >
> > Best regards,
> > Tseveen
> >
> > On Thu, Sep 15, 2016 at 4:20 PM, basti  > > wrote:
> >
> > Hello,
> >
> > you can use "fastcgi_param PHP_VALUE" to change PHP values.
> >
> > For example:
> >
> > location /foo {
> >
> >location ~ ^(.*.\.php)(.*)$ {
> >   fastcgi_buffers 4 256k;
> >   fastcgi_buffer_size 128k;
> >   fastcgi_param PHP_VALUE "max_execution_time = 60";
> >}
> > }
> >
> > Best Regards,
> > Basti
> >
> >
> > On 15.09.2016 02:41, Tseveendorj Ochirlantuu wrote:
> > > Hello,
> > >
> > > I try to explain what I want to do. I have website which is needed
> php
> > > max_execution_time should be different on action.
> > >
> > > default max_execution_time = 30 seconds
> > >
> > > but I need to increase execution time 60 seconds on some location
> > or action
> > >
> > > http://example.com/request
> > >
> > > Is it possible to do that on nginx to php-fpm ?
> > >
> > > Regards
> > >
> > >
> > > ___
> > > nginx mailing list
> > > nginx@nginx.org 
> > > http://mailman.nginx.org/mailman/listinfo/nginx
> > 
> > >
> >
> > ___
> > nginx mailing list
> > nginx@nginx.org 
> > http://mailman.nginx.org/mailman/listinfo/nginx
> > 
> >
> >
> >
> >
> > ___
> > nginx mailing list
> > nginx@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> >
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Run time php variable change

[basti]

It should work per location. I have nothing found in the docs at the
moment.
But be warned if you use more than one value here you must do something like

fastcgi_param  PHP_VALUE "register_globals=0
display_errors=0";

or

fastcgi_param  PHP_VALUE "register_globals=0\ndisplay_errors=0";

On 15.09.2016 09:26, Tseveendorj Ochirlantuu wrote:
> Hello,
> 
> Basti thank you for help.
> 
> Does this override system wide or it applied to /foo location ?
> 
> Best regards,
> Tseveen
> 
> On Thu, Sep 15, 2016 at 4:20 PM, basti  > wrote:
> 
> Hello,
> 
> you can use "fastcgi_param PHP_VALUE" to change PHP values.
> 
> For example:
> 
> location /foo {
> 
>location ~ ^(.*.\.php)(.*)$ {
>   fastcgi_buffers 4 256k;
>   fastcgi_buffer_size 128k;
>   fastcgi_param PHP_VALUE "max_execution_time = 60";
>}
> }
> 
> Best Regards,
> Basti
> 
> 
> On 15.09.2016 02:41, Tseveendorj Ochirlantuu wrote:
> > Hello,
> >
> > I try to explain what I want to do. I have website which is needed php
> > max_execution_time should be different on action.
> >
> > default max_execution_time = 30 seconds
> >
> > but I need to increase execution time 60 seconds on some location
> or action
> >
> > http://example.com/request
> >
> > Is it possible to do that on nginx to php-fpm ?
> >
> > Regards
> >
> >
> > ___
> > nginx mailing list
> > nginx@nginx.org 
> > http://mailman.nginx.org/mailman/listinfo/nginx
> 
> >
> 
> ___
> nginx mailing list
> nginx@nginx.org 
> http://mailman.nginx.org/mailman/listinfo/nginx
> 
> 
> 
> 
> 
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> 

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Run time php variable change

[Tseveendorj Ochirlantuu]

Hello,

Basti thank you for help.

Does this override system wide or it applied to /foo location ?

Best regards,
Tseveen

On Thu, Sep 15, 2016 at 4:20 PM, basti  wrote:

> Hello,
>
> you can use "fastcgi_param PHP_VALUE" to change PHP values.
>
> For example:
>
> location /foo {
>
>location ~ ^(.*.\.php)(.*)$ {
>   fastcgi_buffers 4 256k;
>   fastcgi_buffer_size 128k;
>   fastcgi_param PHP_VALUE "max_execution_time = 60";
>}
> }
>
> Best Regards,
> Basti
>
>
> On 15.09.2016 02:41, Tseveendorj Ochirlantuu wrote:
> > Hello,
> >
> > I try to explain what I want to do. I have website which is needed php
> > max_execution_time should be different on action.
> >
> > default max_execution_time = 30 seconds
> >
> > but I need to increase execution time 60 seconds on some location or
> action
> >
> > http://example.com/request
> >
> > Is it possible to do that on nginx to php-fpm ?
> >
> > Regards
> >
> >
> > ___
> > nginx mailing list
> > nginx@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx
> >
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Run time php variable change

[basti]

Hello,

you can use "fastcgi_param PHP_VALUE" to change PHP values.

For example:

location /foo {

   location ~ ^(.*.\.php)(.*)$ {
  fastcgi_buffers 4 256k;
  fastcgi_buffer_size 128k;
  fastcgi_param PHP_VALUE "max_execution_time = 60";
   }
}

Best Regards,
Basti


On 15.09.2016 02:41, Tseveendorj Ochirlantuu wrote:
> Hello,
> 
> I try to explain what I want to do. I have website which is needed php
> max_execution_time should be different on action.
> 
> default max_execution_time = 30 seconds
> 
> but I need to increase execution time 60 seconds on some location or action
> 
> http://example.com/request
> 
> Is it possible to do that on nginx to php-fpm ?
> 
> Regards
> 
> 
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> 

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: no live upstreams and NO previous error

[drookie]

Oh, solved. Upstreams do respond with 500.

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269577,269584#msg-269584

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: no live upstreams and NO previous error

[drookie]

(yup, it's still the author of the original post, but my other browser just
remembers another set of credentials).

If I increase verbosity of the error_log, I'm seeing additional messages in
log, like 

upstream server temporarily disabled while reading response header from


but this message doesn't explain why the upstream server was disabled. I
understand that the error occured, but what exaclty ? I'm used to see
timeouts instead, or some other explicit problem. This looks totally
mysterios for me. Could someone shine some light on it ?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269577,269583#msg-269583

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re-balancing Upstreams in TCP Loadbalancer

[Balaji Viswanathan]

Hello Nginx Users,

I am running nginx as a TCP load balancer. I am trying to find a way to
redistribute client TCP connections to upstream servers, specifically,
rebalance the load on the upstream servers (on some event) when clients are
using persistent TCP connections.

The scenario is as follows

Application protocol -  Clients and Servers use a stateful application
protocol on top of TCP which is resilient to TCP disconnections. ie., the
client and server do application level acks and so, if some 'unit' of work
is not completely transferred. it will get retransfered by the client.

Persistent TCP connections - . The client opens TCP connections which are
persistent. With few bytes being transferred intermittently. Getting the
latest data quickly is of importance, hence i would like to avoid frequent
(re)connections (both due to connection setup overhead and varying resource
usage). Typical connection last for days.

Maintenance/Downtime - When one of the upstream servers is shutdown for
maintenance, all it's client connections break, clients reconnect and
switch to one of the remaining active upstream servers. When the upstream
is brought back up post maintenance, the load isnt redistributed. ie.,
existing connections (since they are persistent) remain with other servers.
Only new connections can go to the new server. This is more pronounced in 2
upstream server setup...where all connections switch between
serverskind of like thundering herd problem.

I would like to have the ability to terminate some/all client connections
explicitly and have them reconnect back. I understand that with nginx
maintaining 2 connections for every client, there might not be a 'clean'
time to close the connection, but since there is an application ack on
top...an unclean termination is acceptable. I currently have to restart
nginx to rebalance the upstreams  which effectively is the same.

Restarting all upstream servers and synchronizing their startup is
non-trivial. So is signalling all clients(1000s) to close and reconnect. In
Nginx, i can achieve this partially by disabling keepalive on nginx listen
port (so_keepalive=off) and then having least_conn as the load-balancer
method on my upstream. However, this is not desirable in steady state (see
persistent TCP connections above), and even though connections get evenly
distributed...the load might no be...as idle and busy clients will end up
with different upstreams.

Nginx plus features like,  "On the fly configuration" upstream_conf allows
one to change the upstream configuration, but it doesnt affect existing
connections, even if a server is marked as down. "Draining of sessions" is
only applicable to http requests and not to TCP connections.

Did anyone else face such a problem? How did you resolve it? Any pointers
will be much appreciated.

thanks,
balaji

-- 
--
Balaji Viswanathan
Bangalore
India
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx