Re: Memory issue

[JohnCarne]

Uprgraded to last nginx version :
memory still increase it seems

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,273274,273411#msg-273411

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Limit number of connections to server

[Payam Chychi]

You can also use ulimit but simple iptable/ipfw/pf will do the job


On Tue, Apr 4, 2017 at 3:13 PM  wrote:

> You would probably want to also limit the number of connections per IP
> address, else one IP could lock up the entire site.
>
>
>   Original Message
> From: Valentin V. Bartenev
> Sent: Tuesday, April 4, 2017 1:58 PM
> To: nginx@nginx.org
> Reply To: nginx@nginx.org
> Subject: Re: Limit number of connections to server
>
> On Tuesday 04 April 2017 17:22:58 Kamil Gorlo wrote:
> > Hi,
> >
> > is there a way to limit total number of open connections per listening
> port
> > in Nginx? I know that there is limit_conn module but as far as I
> understand
> > it only works on "request" layer, which means connections are counted
> only
> > when request headers have been already read.
> >
> > I have problem when number of SSL connections to my server is very high
> > (CPU is 100% and server becomes unresponsive), and I would like to "cut"
> > new connections after some defined threshold is exceeded. It would
> possibly
> > save some CPU cycles needed to handle SSL handshake, etc.
> >
> > Is it possible?
> >
>
> You should use system firewall. Most of *nix systems have one out of the
> box.
>
> wbr, Valentin V. Bartenev
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
-- 
Payam Tarverdyan Chychi
Network Security Specialist / Network Engineer
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Limit number of connections to server

[lists]

You would probably want to also limit the number of connections per IP address, 
else one IP could lock up the entire site.


  Original Message  
From: Valentin V. Bartenev
Sent: Tuesday, April 4, 2017 1:58 PM
To: nginx@nginx.org
Reply To: nginx@nginx.org
Subject: Re: Limit number of connections to server

On Tuesday 04 April 2017 17:22:58 Kamil Gorlo wrote:
> Hi,
> 
> is there a way to limit total number of open connections per listening port
> in Nginx? I know that there is limit_conn module but as far as I understand
> it only works on "request" layer, which means connections are counted only
> when request headers have been already read.
> 
> I have problem when number of SSL connections to my server is very high
> (CPU is 100% and server becomes unresponsive), and I would like to "cut"
> new connections after some defined threshold is exceeded. It would possibly
> save some CPU cycles needed to handle SSL handshake, etc.
> 
> Is it possible?
> 

You should use system firewall. Most of *nix systems have one out of the box.

wbr, Valentin V. Bartenev

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Proxy Pass

[Aleksandar Lazic]

Hi.

Am 04-04-2017 17:02, schrieb Antonio Nappa:


Hello, in another of my experiments I would like to redirect to a
completely different website the request, I had a look at the
proxy_pass directive and the corresponding module, and I see that
a location handler is set, which means it will hook as the only
content handler.
My question is, could I do the same as proxy_pass dinamically and
not at config time? For example in the rewrite phase as you would
do with the ngx_http_internal_redirect.


Could proxy_redirect

http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_redirect

be a solution?

Regards
Aleks


Thanks

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: Nginx redirect preserving source hostname

[Francis Daly]

On Mon, Apr 03, 2017 at 02:17:19PM +0600, Игнатенко Максим wrote:

Hi there,

> I have an NGINX as reverse proxy with PHP-fpm. Nginx is set up for
> serving www.somehost.com. I added another host www.anotherhost.com.
> Now I need to setup redirect in this way: If user type
> www.anotherhost.com then it redirects to www.somehost.com/someurl,
> but url in browser bar shouldn't change.

> Is it possible to redirect preserving url ?

A "redirect" is an "external rewrite", which asks the browser to make
a new request, and therefore change the url the browser shows.

If you want the browser not to make a new request, you need to handle
the request internally, within nginx, possibly by means of a proxy_pass
(if the desired resource is only available in another server{}).

Good luck with it,

f
-- 
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Limit number of connections to server

[Valentin V. Bartenev]

On Tuesday 04 April 2017 17:22:58 Kamil Gorlo wrote:
> Hi,
> 
> is there a way to limit total number of open connections per listening port
> in Nginx? I know that there is limit_conn module but as far as I understand
> it only works on "request" layer, which means connections are counted only
> when request headers have been already read.
> 
> I have problem when number of SSL connections to my server is very high
> (CPU is 100% and server becomes unresponsive), and I would like to "cut"
> new connections after some defined threshold is exceeded. It would possibly
> save some CPU cycles needed to handle SSL handshake, etc.
> 
> Is it possible?
> 

You should use system firewall.  Most of *nix systems have one out of the box.

  wbr, Valentin V. Bartenev

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: No referrer header on leacher's site !!

[Francis Daly]

On Tue, Apr 04, 2017 at 04:39:23PM +0500, shahzaib mushtaq wrote:

Hi there,

> Thanks for quick response. Well its reverse, he's putting our HTTPS video
> link on his HTTP website. Could that create issue as well? If yes, what's
> the fix of it.

nginx does not know (or care) what the linking site does. All it can
see is the request made to it.

The browser entirely controls what request headers the browser sends.

If you want to deny all requests that have no Referer header, you can
do that.

If you want to deny only some requests that have no Referer header,
you will need to tell nginx which requests to deny and which requests to
allow. But before you can do that, you will have to know how to identify
the requests in one of the sets.

f
-- 
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

CentOS 6 - не работает service nginx upgrade

[Gena Makhomed]

Здравствуйте!

CentOS 6 64-bit, nginx из официального репозитория mainline.
При обновлении nginx через yum update с версии 1.11.12 до 1.11.13
не сработала команда service nginx upgrade

Вручную запускаю service nginx upgrade - тоже ничего не работает.

Как выяснилось, причина в том, что service nginx status возвращает
"nginx dead but pid file exists" и завершается с кодом ошибки 1.

Но самое интересное в том, что nginx жив и нормально работает:

# cat /var/run/nginx.pid
13212

# pstree -cp
init(1)─┬─nginx(13212)─┬─nginx(13213)
│  ├─nginx(13214)
│  ├─nginx(13215)
│  ├─nginx(13216)
│  ├─nginx(13217)
│  ├─nginx(13219)
│  ├─nginx(13220)
│  └─nginx(13221)

# ps aux | grep nginx
root 13212  0.0  0.0  50144  1376 ?Ss   Mar30   0:00 nginx: 
master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
nginx13213  0.5  0.3  61812 15056 ?S<   Mar30  43:15 nginx: 
worker process
nginx13214  0.5  0.3  62028 15336 ?S<   Mar30  42:12 nginx: 
worker process
nginx13215  0.5  0.3  61796 15040 ?S<   Mar30  41:27 nginx: 
worker process
nginx13216  0.5  0.3  61776 15028 ?S<   Mar30  41:44 nginx: 
worker process
nginx13217  0.5  0.3  61880 15088 ?S<   Mar30  44:11 nginx: 
worker process
nginx13219  0.9  0.3  63048 16268 ?S<   Mar30  75:42 nginx: 
worker process
nginx13220  0.6  0.3  62284 15504 ?S<   Mar30  53:42 nginx: 
worker process
nginx13221  1.0  0.3  62848 16196 ?S<   Mar30  86:39 nginx: 
worker process


Нашел, причина глюка в том, что:

# echo $(readlink /proc/13212/exe | sed -e 's/\s*(deleted)$//')
(deleted)/usr/sbin/nginx

это фрагмент из функции __pids_var_run() из /etc/init.d/functions
sed ожидает что текст (deleted) будет после имени бинарника,
но тут текст (deleted) оказывается перед именем бинарника
и вся логика работы функции __pids_var_run() ломается.

if [ -n "$binary" ] ; then
local b=$(readlink /proc/$p/exe | sed -e 's/\s*(deleted)$//')
[ "$b" != "$binary" ] && continue
fi
pid="$pid $p"

(deleted)/usr/sbin/nginx не равно /usr/sbin/nginx
и поэтому __pids_var_run() думает что процесса нет.

Получается, что ошибка в файле /etc/rc.d/init.d/functions
из базового пакета initscripts-9.03.53-1.el6.centos.2.x86_64
из состава CentOS 6 / RHEL6 ?

Или же этот глюк специфичен только для OpenVZ версии ядра,
и на нормальном ядре из состава CentOS 6 все нормально?

--
Best regards,
 Gena

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: No referrer header on leacher's site !!

[Richard Stanway]

With the controls sites have over the referrer header, it's not very
effective as an access control mechanism. You can use something like
http://nginx.org/en/docs/http/ngx_http_secure_link_module.html
instead.

On Tue, Apr 4, 2017 at 1:39 PM, shahzaib mushtaq  wrote:
> Hi,
>
> Thanks for quick response. Well its reverse, he's putting our HTTPS video
> link on his HTTP website. Could that create issue as well? If yes, what's
> the fix of it.
>
> Again thanks for your help.
>
> On Tue, Apr 4, 2017 at 4:32 PM, nanaya  wrote:
>>
>> Hi,
>>
>> On Tue, Apr 4, 2017, at 20:24, shahzaib mushtaq wrote:
>> > Hi,
>> >
>> > We came across a website who is playing our video links remotely. Since
>> > we've hotlinking protection enabled based on referrer headers so i
>> > checked
>> > the request header by playing that video & found out that *referrer
>> > header
>> > was missing* in the browser's requests header tab.
>> >
>>
>> If your site isn't https but his site is, some browsers by default don't
>> send referrer header. There are also various other referrer policies
>> with varying level of support:
>>
>> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
>>
>> http://caniuse.com/#search=referrer%20policy
>> ___
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
>
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Limit number of connections to server

[Kamil Gorlo]

Hi,

is there a way to limit total number of open connections per listening port
in Nginx? I know that there is limit_conn module but as far as I understand
it only works on "request" layer, which means connections are counted only
when request headers have been already read.

I have problem when number of SSL connections to my server is very high
(CPU is 100% and server becomes unresponsive), and I would like to "cut"
new connections after some defined threshold is exceeded. It would possibly
save some CPU cycles needed to handle SSL handshake, etc.

Is it possible?

Regards,
Kamil
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: [nginx-announce] nginx-1.11.13

[Kevin Worthington]

Hello Nginx users,

Now available: Nginx 1.11.13 for Windows
https://kevinworthington.com/nginxwin3
(32-bit and 64-bit versions)

These versions are to support legacy users who are already using Cygwin
based builds of Nginx. Officially supported native Windows binaries are at
nginx.org.

Announcements are also available here:
Twitter http://twitter.com/kworthington
Google+ https://plus.google.com/+KevinWorthington/

Thank you,
Kevin
--
Kevin Worthington
kworthington *@* (gmail]  [dot} {com)
http://kevinworthington.com/
http://twitter.com/kworthington
https://plus.google.com/+KevinWorthington/

On Tue, Apr 4, 2017 at 11:15 AM, Maxim Dounin  wrote:

> Changes with nginx 1.11.13   04 Apr
> 2017
>
> *) Feature: the "http_429" parameter of the "proxy_next_upstream",
>"fastcgi_next_upstream", "scgi_next_upstream", and
>"uwsgi_next_upstream" directives.
>Thanks to Piotr Sikora.
>
> *) Bugfix: in memory allocation error handling.
>
> *) Bugfix: requests might hang when using the "sendfile" and
>"timer_resolution" directives on Linux.
>
> *) Bugfix: requests might hang when using the "sendfile" and
> "aio_write"
>directives with subrequests.
>
> *) Bugfix: in the ngx_http_v2_module.
>Thanks to Piotr Sikora.
>
> *) Bugfix: a segmentation fault might occur in a worker process when
>using HTTP/2.
>
> *) Bugfix: requests might hang when using the "limit_rate",
>"sendfile_max_chunk", "limit_req" directives, or the $r->sleep()
>embedded perl method with subrequests.
>
> *) Bugfix: in the ngx_http_slice_module.
>
>
> --
> Maxim Dounin
> http://nginx.org/
> ___
> nginx-announce mailing list
> nginx-annou...@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-announce
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx-1.11.13

[Maxim Dounin]

Changes with nginx 1.11.13   04 Apr 2017

*) Feature: the "http_429" parameter of the "proxy_next_upstream",
   "fastcgi_next_upstream", "scgi_next_upstream", and
   "uwsgi_next_upstream" directives.
   Thanks to Piotr Sikora.

*) Bugfix: in memory allocation error handling.

*) Bugfix: requests might hang when using the "sendfile" and
   "timer_resolution" directives on Linux.

*) Bugfix: requests might hang when using the "sendfile" and "aio_write"
   directives with subrequests.

*) Bugfix: in the ngx_http_v2_module.
   Thanks to Piotr Sikora.

*) Bugfix: a segmentation fault might occur in a worker process when
   using HTTP/2.

*) Bugfix: requests might hang when using the "limit_rate",
   "sendfile_max_chunk", "limit_req" directives, or the $r->sleep()
   embedded perl method with subrequests.

*) Bugfix: in the ngx_http_slice_module.


-- 
Maxim Dounin
http://nginx.org/
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx-1.11.13

[Maxim Dounin]

Изменения в nginx 1.11.13 04.04.2017

*) Добавление: параметр http_429 в директивах proxy_next_upstream,
   fastcgi_next_upstream, scgi_next_upstream и uwsgi_next_upstream.
   Спасибо Piotr Sikora.

*) Исправление: в обработке ошибок выделения памяти.

*) Исправление: при использовании директив sendfile и timer_resolution
   на Linux запросы могли зависать.

*) Исправление: при использовании с подзапросами директив sendfile и
   aio_write запросы могли зависать.

*) Исправление: в модуле ngx_http_v2_module.
   Спасибо Piotr Sikora.

*) Исправление: при использовании HTTP/2 в рабочем процессе мог
   произойти segmentation fault.

*) Исправление: запросы могли зависать при использовании с подзапросами
   директив limit_rate, sendfile_max_chunk, limit_req или метода
   $r->sleep() встроенного перла.

*) Исправление: в модуле ngx_http_slice_module.


-- 
Maxim Dounin
http://nginx.org/
___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

[nginx-ru-announce] nginx-1.11.13

[Maxim Dounin]

Изменения в nginx 1.11.13 04.04.2017

*) Добавление: параметр http_429 в директивах proxy_next_upstream,
   fastcgi_next_upstream, scgi_next_upstream и uwsgi_next_upstream.
   Спасибо Piotr Sikora.

*) Исправление: в обработке ошибок выделения памяти.

*) Исправление: при использовании директив sendfile и timer_resolution
   на Linux запросы могли зависать.

*) Исправление: при использовании с подзапросами директив sendfile и
   aio_write запросы могли зависать.

*) Исправление: в модуле ngx_http_v2_module.
   Спасибо Piotr Sikora.

*) Исправление: при использовании HTTP/2 в рабочем процессе мог
   произойти segmentation fault.

*) Исправление: запросы могли зависать при использовании с подзапросами
   директив limit_rate, sendfile_max_chunk, limit_req или метода
   $r->sleep() встроенного перла.

*) Исправление: в модуле ngx_http_slice_module.


-- 
Maxim Dounin
http://nginx.org/
___
nginx-ru-announce mailing list
nginx-ru-announce@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru-announce

[nginx-announce] nginx-1.11.13

[Maxim Dounin]

Changes with nginx 1.11.13   04 Apr 2017

*) Feature: the "http_429" parameter of the "proxy_next_upstream",
   "fastcgi_next_upstream", "scgi_next_upstream", and
   "uwsgi_next_upstream" directives.
   Thanks to Piotr Sikora.

*) Bugfix: in memory allocation error handling.

*) Bugfix: requests might hang when using the "sendfile" and
   "timer_resolution" directives on Linux.

*) Bugfix: requests might hang when using the "sendfile" and "aio_write"
   directives with subrequests.

*) Bugfix: in the ngx_http_v2_module.
   Thanks to Piotr Sikora.

*) Bugfix: a segmentation fault might occur in a worker process when
   using HTTP/2.

*) Bugfix: requests might hang when using the "limit_rate",
   "sendfile_max_chunk", "limit_req" directives, or the $r->sleep()
   embedded perl method with subrequests.

*) Bugfix: in the ngx_http_slice_module.


-- 
Maxim Dounin
http://nginx.org/
___
nginx-announce mailing list
nginx-announce@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-announce

[nginx] release-1.11.13 tag

[Maxim Dounin]

details:   http://hg.nginx.org/nginx/rev/29ba1d6a2da9
branches:  
changeset: 6968:29ba1d6a2da9
user:  Maxim Dounin 
date:  Tue Apr 04 18:01:57 2017 +0300
description:
release-1.11.13 tag

diffstat:

 .hgtags |  1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diffs (8 lines):

diff --git a/.hgtags b/.hgtags
--- a/.hgtags
+++ b/.hgtags
@@ -411,3 +411,4 @@ 20a45c768e5ed26b740679d0e22045c98727c3cc
 1ad0999a7ded3d4fb01c7acf8ff57c80b643da7e release-1.11.10
 d8b321a876d6254e9e98795e3b194ef053290354 release-1.11.11
 7f394e433f0003222aa6531931ecc0b24740d5e4 release-1.11.12
+3d0e8655f897959e48cc74e87670bb5492a58871 release-1.11.13
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Proxy Pass

[Antonio Nappa]

Hello, in another of my experiments I would like to redirect to a
completely different website the request, I had a look at the proxy_pass
directive and the corresponding module, and I see that a location handler
is set, which means it will hook as the only content handler. My question
is, could I do the same as proxy_pass dinamically and not at config time?
For example in the rewrite phase as you would do with the
ngx_http_internal_redirect.



Thanks
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[nginx] nginx-1.11.13-RELEASE

[Maxim Dounin]

details:   http://hg.nginx.org/nginx/rev/3d0e8655f897
branches:  
changeset: 6967:3d0e8655f897
user:  Maxim Dounin 
date:  Tue Apr 04 18:01:57 2017 +0300
description:
nginx-1.11.13-RELEASE

diffstat:

 docs/xml/nginx/changes.xml |  91 ++
 1 files changed, 91 insertions(+), 0 deletions(-)

diffs (101 lines):

diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml
--- a/docs/xml/nginx/changes.xml
+++ b/docs/xml/nginx/changes.xml
@@ -5,6 +5,97 @@
 
 
 
+
+
+
+
+параметр http_429 в директивах proxy_next_upstream, fastcgi_next_upstream,
+scgi_next_upstream и uwsgi_next_upstream.
+Спасибо Piotr Sikora.
+
+
+the "http_429" parameter of the "proxy_next_upstream", "fastcgi_next_upstream",
+"scgi_next_upstream", and "uwsgi_next_upstream" directives.
+Thanks to Piotr Sikora.
+
+
+
+
+
+в обработке ошибок выделения памяти.
+
+
+in memory allocation error handling.
+
+
+
+
+
+при использовании директив sendfile и timer_resolution на Linux
+запросы могли зависать.
+
+
+requests might hang
+when using the "sendfile" and "timer_resolution" directives on Linux.
+
+
+
+
+
+при использовании с подзапросами директив sendfile и aio_write
+запросы могли зависать.
+
+
+requests might hang
+when using the "sendfile" and "aio_write" directives with subrequests.
+
+
+
+
+
+в модуле ngx_http_v2_module.
+Спасибо Piotr Sikora.
+
+
+in the ngx_http_v2_module.
+Thanks to Piotr Sikora.
+
+
+
+
+
+при использовании HTTP/2 в рабочем процессе мог произойти segmentation fault.
+
+
+a segmentation fault might occur in a worker process when using HTTP/2.
+
+
+
+
+
+запросы могли зависать
+при использовании с подзапросами директив limit_rate, sendfile_max_chunk,
+limit_req или метода $r->sleep() встроенного перла.
+
+
+requests might hang
+when using the "limit_rate", "sendfile_max_chunk", "limit_req" directives,
+or the $r->sleep() embedded perl method with subrequests.
+
+
+
+
+
+в модуле ngx_http_slice_module.
+
+
+in the ngx_http_slice_module.
+
+
+
+
+
+
 
 
 
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: sub filter и ssl

[A7exius]

> Вы уверены, что заменяемый фрагмент есть в ответе и совпадает
> с точностью до байта в случае работы по https?

я их брал из браузера - из исходников страницы, побайтно не сравнивал, т.к.
непонятно откуда разные байты будут? (сейчас попробую взять с https страницы
- вдруг действительно байтик другой где-то)
Но на вид две строки (по http и https) - абсолютно идентичны.

> Каким образом вы включаете https?
добавляют в конфиг (пути и значения тут стер):
listen 443  ssl;
ssl_staplingon;
ssl_ecdh_curve  secp384r1;
ssl_prefer_server_ciphers   on;
ssl_protocols   TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers
"EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_session_cache   shared:SSL:30m;
ssl_session_timeout 15m;
ssl_trusted_certificate bundle.crt;
ssl_certificate cert.crt;
ssl_certificate_key cert.key;
ssl_dhparam dh.pem;
add_header  Strict-Transport-Security   "max-age=15;
preload";
add_header  Public-Key-Pins 'pin-sha256="";
pin-sha256=""; pin-sha256=""; max-age=15 ';

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?21,273389,273392#msg-273392

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: sub filter и ssl

[Валентин Бартенев]

On Tuesday 04 April 2017 10:12:44 A7exius wrote:
> Да проксирует, так получилось что на этом сервер есть и php-fpm и apach.
> Пробовал и туда (fastcgi_pass) и туда (proxy_pass) с одинаковым результатом
> - пока нет https все работает.
> При proxy_pass ставил заголовок 
> proxy_set_header Accept-Encoding "";
> proxy_cache off;
> proxy_pass http://backend1;
> gzip off;
> 
> Сам sub_filter выглядит так:
>  sub_filter 'name="Login" tabindex="4" 'name="Login" tabindex="4"
> autocomplete="off" ';
>  sub_filter_types "*";
>  sub_filter_once off;
> 
> Все это работает только в случае когда сайт остается по http, а сайт по
> https делается отдельным конфигом и proxy_pass к сайту по http.
> Но это не должно так быть!
> 

Вы уверены, что заменяемый фрагмент есть в ответе и совпадает
с точностью до байта в случае работы по https?

Каким образом вы включаете https?

--
Валентин Бартенев
___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: sub filter и ssl

[A7exius]

Да проксирует, так получилось что на этом сервер есть и php-fpm и apach.
Пробовал и туда (fastcgi_pass) и туда (proxy_pass) с одинаковым результатом
- пока нет https все работает.
При proxy_pass ставил заголовок 
proxy_set_header Accept-Encoding "";
proxy_cache off;
proxy_pass http://backend1;
gzip off;

Сам sub_filter выглядит так:
 sub_filter 'name="Login" tabindex="4" 'name="Login" tabindex="4"
autocomplete="off" ';
 sub_filter_types "*";
 sub_filter_once off;

Все это работает только в случае когда сайт остается по http, а сайт по
https делается отдельным конфигом и proxy_pass к сайту по http.
Но это не должно так быть!

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?21,273389,273390#msg-273390

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: sub filter и ssl

[Валентин Бартенев]

On Tuesday 04 April 2017 09:29:44 A7exius wrote:
> добрый день
> Подскажите с чем может быть связано - делаю sub_filter на сайте - без
> переменных и регекса, просто "значение1" на "значение2".
> сам sub_filter находится в секции server.
> Сайт работает по http на 80-м порту и все корректно меняется и видно в
> браузере.
> Ничего не меняя в конфиге сервера/сайта, добавляю в конфиг работу на https,
> после чего sub_filter перестает работать.
> Отключаю https - работает) 
> Пытался ставить sub_filter в различных location, но результат такой же.
> 

У вас nginx видимо куда-то проксирует на некий бекенд?

Клиенты могут использовать другие заголовки запроса по https,
что может повлиять на ответы вашего бекенда, например он может
начать сжимать.

--
Валентин Бартенев
___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

sub filter и ssl

[A7exius]

добрый день
Подскажите с чем может быть связано - делаю sub_filter на сайте - без
переменных и регекса, просто "значение1" на "значение2".
сам sub_filter находится в секции server.
Сайт работает по http на 80-м порту и все корректно меняется и видно в
браузере.
Ничего не меняя в конфиге сервера/сайта, добавляю в конфиг работу на https,
после чего sub_filter перестает работать.
Отключаю https - работает) 
Пытался ставить sub_filter в различных location, но результат такой же.

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?21,273388,273388#msg-273388

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: Nginx map module regex in file

[Maxim Dounin]

Hello!

On Tue, Apr 04, 2017 at 01:01:19PM +0530, Jagannath Naidu wrote:

> I am trying to redirect some urls to a different document path. My
> configuration file is as follows
> 
> 
>  /etc/nginx/conf.d/site.conf 
> *map_hash_max_size 2048;*
> *map_hash_bucket_size 128;*
> *map $uri $new {*
> *include list_4;*
> *}*
> resolver  127.0.0.1;
> server {
> listen 81;
> server_name abcexample.com;
> access_log /var/log/nginx/abcexample-access.log main;
> error_log  /var/log/nginx/abcexample-error.log;
> location / {
> *if ($new) {*
> *  rewrite ^ $new redirect;*
> *}*
>   proxy_pass http://127.0.0.1:8000;
> }
> 
> # /etc/nginx/list_4 ##
> /abc/1.html /abc/hello;
> /max/1.html /max/;
> ~^/xyz/(?.*)$ /xyz/123;
> *~^//abcdef(?.*)$ //b/$abc;*
> 
> *~^/kaka/(?.*)$ /tata/$abc;*
> 
> 
> Note:
> line 1,2 and 3 redirects are working fine.
> But line 4 and 5 are not working.
> 
> 
> *root@Hell1:~# curl -I abcexample.com//abcef111.html
>  *
> HTTP/1.1 302 Moved Temporarily
> Server: nginx
> Date: Tue, 04 Apr 2017 07:08:47 GMT
> Content-Type: text/html
> Content-Length: 154
> *Location: http://abcdexample.com//b/$abc
> *
> Connection: keep-alive
> 
> My Question is:
> What changes do I have to do in list_4 file to get results as follows
> *Location: http://abcdexample.com/news/b/111.html
>  *

Check your nginx version.

You are trying to use a combination of text and variables as a 
resulting value of the map.  This is supported only in nginx 
1.11.0+, see http://nginx.org/r/map.

-- 
Maxim Dounin
http://nginx.org/
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Binary upgrade with systemd

[Marc Soda]

It seems that it’s working as designed.  I thought the old master would exit 
automatically.  But it sticks around in case you want to fail back.

Thanks and sorry for the noise.


> On Apr 4, 2017, at 7:41 AM, Marc Soda  wrote:
> 
> I sent WINCH to the old master.  In this case 32277.
> 
> After sending WINCH, I can send QUIT to the old master and it exits.  
> Everything looks fine at that point.  But it seems a little odd to have to do 
> this.
> 
>> On Apr 4, 2017, at 4:43 AM, Lucas Rolff > > wrote:
>> 
>> Hello Marc,
>> 
>> For which PID do you send the WINCH signal?
>> 
>> 
>> From: nginx > on 
>> behalf of Marc Soda >
>> Reply-To: "nginx@nginx.org " > >
>> Date: Tuesday, 4 April 2017 at 04.04
>> To: "nginx@nginx.org " > >
>> Subject: Binary upgrade with systemd
>> 
>> Hello,
>> 
>> I’m using nginx 1.10.3 custom built on Ubuntu 16.04.  I’m also using the 
>> recommended systemd service file:
>> 
>> [Unit]
>> Description=The NGINX HTTP and reverse proxy server
>> After=syslog.target network.target remote-fs.target nss-lookup.target
>> 
>> [Service]
>> Type=forking
>> PIDFile=/run/nginx.pid
>> ExecStartPre=/usr/sbin/nginx -t
>> ExecStart=/usr/sbin/nginx
>> ExecReload=/bin/kill -s HUP $MAINPID
>> ExecStop=/bin/kill -s QUIT $MAINPID
>> PrivateTmp=true
>> 
>> [Install]
>> WantedBy=multi-user.target
>> 
>> I’m try to do a no downtime upgrade with the USR2 and WINCH signals.  Here 
>> is my process list before:
>> 
>> root 32277  0.0  0.4 1056672 71148 ?   Ss   21:51   0:00 nginx: 
>> master process /usr/local/nginx/sbin/nginx
>> www  32278  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32279  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32280  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32281  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32282  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32283  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32288  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32289  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32290  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32291  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32292  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32293  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32294  0.0  0.4 1056672 72212 ?   S21:51   0:00  \_ nginx: 
>> cache manager process
>> 
>> and here it is after sending USR2:
>> 
>> root 32277  0.0  0.4 1056672 71868 ?   Ss   21:51   0:00 nginx: 
>> master process /usr/local/nginx/sbin/nginx
>> www  32278  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32279  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32280  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32281  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32282  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32283  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32288  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32289  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32290  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32291  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32292  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32293  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
>> worker process
>> www  32294  0.0  0.4 1056672 72212 ?   S21:51   0:00  \_ nginx: 
>> cache manager process
>> root 32461  5.5  0.5 1056676 82316 ?   S22:01   0:00  \_ nginx: 
>> master process /usr/local/nginx/sbin/nginx
>> www  32465  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ 
>> nginx: worker process
>> www  32466  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ 
>> nginx: worker process
>> www  32467  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ 
>> 

Re: Binary upgrade with systemd

[Lucas Rolff]

According to the documentation: 
http://nginx.org/en/docs/control.html#upgrade


You'd have to send the QUIT signal to finish off upgrading (replacing) 
the binary during runtime.


Marc Soda wrote:

I sent WINCH to the old master.  In this case 32277.

After sending WINCH, I can send QUIT to the old master and it exits. 
 Everything looks fine at that point.  But it seems a little odd to 
have to do this.


On Apr 4, 2017, at 4:43 AM, Lucas Rolff > wrote:


Hello Marc,

For which PID do you send the WINCH signal?


From: nginx > on behalf of Marc Soda 
>
Reply-To: "nginx@nginx.org " >

Date: Tuesday, 4 April 2017 at 04.04
To: "nginx@nginx.org " >

Subject: Binary upgrade with systemd

Hello,

I’m using nginx 1.10.3 custom built on Ubuntu 16.04.  I’m also
using the recommended systemd service file:

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

I’m try to do a no downtime upgrade with the USR2 and WINCH
signals.  Here is my process list before:

root 32277  0.0  0.4 1056672 71148 ?   Ss   21:51   0:00
nginx: master process /usr/local/nginx/sbin/nginx
www  32278  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32279  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32280  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32281  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32282  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32283  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32288  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32289  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32290  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32291  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32292  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32293  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32294  0.0  0.4 1056672 72212 ?   S21:51   0:00
 \_ nginx: cache manager process

and here it is after sending USR2:

root 32277  0.0  0.4 1056672 71868 ?   Ss   21:51   0:00
nginx: master process /usr/local/nginx/sbin/nginx
www  32278  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32279  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32280  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32281  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32282  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32283  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32288  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32289  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32290  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32291  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32292  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32293  0.0  0.4 1057924 73152 ?   S<   21:51   0:00
 \_ nginx: worker process
www  32294  0.0  0.4 1056672 72212 ?   S21:51   0:00
 \_ nginx: cache manager process
root 32461  5.5  0.5 1056676 82316 ?   S22:01   0:00
 \_ nginx: master process /usr/local/nginx/sbin/nginx
www  32465  0.0  0.4 1057928 73052 ?   S<   22:01   0:00
 \_ nginx: worker process
www  32466  0.0  0.4 1057928 73052 ?   S<   22:01   0:00
 \_ nginx: worker process
www  32467  0.0  0.4 1057928 73052 ?   S<   22:01   0:00
 \_ nginx: worker process
www  32468  0.0  0.4 1057928 73052 ?   S<   22:01  

Re: Binary upgrade with systemd

[Marc Soda]

I sent WINCH to the old master.  In this case 32277.

After sending WINCH, I can send QUIT to the old master and it exits.  
Everything looks fine at that point.  But it seems a little odd to have to do 
this.

> On Apr 4, 2017, at 4:43 AM, Lucas Rolff  wrote:
> 
> Hello Marc,
> 
> For which PID do you send the WINCH signal?
> 
> 
> From: nginx > on 
> behalf of Marc Soda >
> Reply-To: "nginx@nginx.org "  >
> Date: Tuesday, 4 April 2017 at 04.04
> To: "nginx@nginx.org "  >
> Subject: Binary upgrade with systemd
> 
> Hello,
> 
> I’m using nginx 1.10.3 custom built on Ubuntu 16.04.  I’m also using the 
> recommended systemd service file:
> 
> [Unit]
> Description=The NGINX HTTP and reverse proxy server
> After=syslog.target network.target remote-fs.target nss-lookup.target
> 
> [Service]
> Type=forking
> PIDFile=/run/nginx.pid
> ExecStartPre=/usr/sbin/nginx -t
> ExecStart=/usr/sbin/nginx
> ExecReload=/bin/kill -s HUP $MAINPID
> ExecStop=/bin/kill -s QUIT $MAINPID
> PrivateTmp=true
> 
> [Install]
> WantedBy=multi-user.target
> 
> I’m try to do a no downtime upgrade with the USR2 and WINCH signals.  Here is 
> my process list before:
> 
> root 32277  0.0  0.4 1056672 71148 ?   Ss   21:51   0:00 nginx: 
> master process /usr/local/nginx/sbin/nginx
> www  32278  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32279  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32280  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32281  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32282  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32283  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32288  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32289  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32290  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32291  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32292  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32293  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32294  0.0  0.4 1056672 72212 ?   S21:51   0:00  \_ nginx: 
> cache manager process
> 
> and here it is after sending USR2:
> 
> root 32277  0.0  0.4 1056672 71868 ?   Ss   21:51   0:00 nginx: 
> master process /usr/local/nginx/sbin/nginx
> www  32278  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32279  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32280  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32281  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32282  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32283  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32288  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32289  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32290  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32291  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32292  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32293  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
> worker process
> www  32294  0.0  0.4 1056672 72212 ?   S21:51   0:00  \_ nginx: 
> cache manager process
> root 32461  5.5  0.5 1056676 82316 ?   S22:01   0:00  \_ nginx: 
> master process /usr/local/nginx/sbin/nginx
> www  32465  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ 
> nginx: worker process
> www  32466  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ 
> nginx: worker process
> www  32467  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ 
> nginx: worker process
> www  32468  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ 
> nginx: worker process
> www  32469  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ 
> nginx: worker process
> www  32470  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ 
> nginx: worker process
> www  32471  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ 
> 

Re: No referrer header on leacher's site !!

[shahzaib mushtaq]

Hi,

Thanks for quick response. Well its reverse, he's putting our HTTPS video
link on his HTTP website. Could that create issue as well? If yes, what's
the fix of it.

Again thanks for your help.

On Tue, Apr 4, 2017 at 4:32 PM, nanaya  wrote:

> Hi,
>
> On Tue, Apr 4, 2017, at 20:24, shahzaib mushtaq wrote:
> > Hi,
> >
> > We came across a website who is playing our video links remotely. Since
> > we've hotlinking protection enabled based on referrer headers so i
> > checked
> > the request header by playing that video & found out that *referrer
> > header
> > was missing* in the browser's requests header tab.
> >
>
> If your site isn't https but his site is, some browsers by default don't
> send referrer header. There are also various other referrer policies
> with varying level of support:
>
> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
>
> http://caniuse.com/#search=referrer%20policy
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: No referrer header on leacher's site !!

[nanaya]

Hi,

On Tue, Apr 4, 2017, at 20:24, shahzaib mushtaq wrote:
> Hi,
> 
> We came across a website who is playing our video links remotely. Since
> we've hotlinking protection enabled based on referrer headers so i
> checked
> the request header by playing that video & found out that *referrer
> header
> was missing* in the browser's requests header tab.
> 

If your site isn't https but his site is, some browsers by default don't
send referrer header. There are also various other referrer policies
with varying level of support:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

http://caniuse.com/#search=referrer%20policy
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

No referrer header on leacher's site !!

[shahzaib mushtaq]

Hi,

We came across a website who is playing our video links remotely. Since
we've hotlinking protection enabled based on referrer headers so i checked
the request header by playing that video & found out that *referrer header
was missing* in the browser's requests header tab.

Then to generate same issue on our end, i statically added the video link
in player on different domain & tried to play that video remotely which was
successfully forbidden & browser *had referrer header *as well.

Please have a note that he didn't embedded the video from our website, he's
putting direct mp4 links & they are being played without any referrer
header in the requests.

Thanks for your help in advance !!

Regards.
Shahzaib
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

[njs] Version 0.1.10.

[Igor Sysoev]

details:   http://hg.nginx.org/njs/rev/b1456ef3e002
branches:  
changeset: 338:b1456ef3e002
user:  Igor Sysoev 
date:  Tue Apr 04 13:23:11 2017 +0300
description:
Version 0.1.10.

diffstat:

 CHANGES  |  9 +
 Makefile |  2 +-
 2 files changed, 10 insertions(+), 1 deletions(-)

diffs (26 lines):

diff -r 7e6460db39ad -r b1456ef3e002 CHANGES
--- a/CHANGES   Tue Apr 04 13:23:10 2017 +0300
+++ b/CHANGES   Tue Apr 04 13:23:11 2017 +0300
@@ -1,3 +1,12 @@
+
+Changes with nJScript 0.1.10 04 Apr 2017
+
+*) Feature: nested functions and function closures.
+
+*) Feature: Array.of(), Array.prototype.fill(), Array.prototype.find(),
+   Array.prototype.findIndex() methods.
+
+*) Bugfix: miscellaneous bugs and segmentation faults have been fixed.
 
 Changes with nJScript 0.1.9  01 Feb 2017
 
diff -r 7e6460db39ad -r b1456ef3e002 Makefile
--- a/Makefile  Tue Apr 04 13:23:10 2017 +0300
+++ b/Makefile  Tue Apr 04 13:23:11 2017 +0300
@@ -1,5 +1,5 @@
 
-NJS_VER =  0.1.9
+NJS_VER =  0.1.10
 
 NXT_LIB =  nxt
 
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[njs] Added tag 0.1.10 for changeset b1456ef3e002

[Igor Sysoev]

details:   http://hg.nginx.org/njs/rev/5a5b70cbbde9
branches:  
changeset: 339:5a5b70cbbde9
user:  Igor Sysoev 
date:  Tue Apr 04 13:24:09 2017 +0300
description:
Added tag 0.1.10 for changeset b1456ef3e002

diffstat:

 .hgtags |  1 +
 1 files changed, 1 insertions(+), 0 deletions(-)

diffs (8 lines):

diff -r b1456ef3e002 -r 5a5b70cbbde9 .hgtags
--- a/.hgtags   Tue Apr 04 13:23:11 2017 +0300
+++ b/.hgtags   Tue Apr 04 13:24:09 2017 +0300
@@ -8,3 +8,4 @@ 44b524f7e313369cd062a387511ea6fdc427875f
 15dc54100400f99c3ec044d8fb0175dd3d69adcb 0.1.7
 a29f29d481125db6101ecdc23dc20187c143cdc9 0.1.8
 5bd2833988222900f60ad9b330ebc44df3b30662 0.1.9
+b1456ef3e002376d9d146a8a02acf6a4a21748e9 0.1.10
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[njs] Moving njs_array_prototype_fill() to appropriate place.

[Igor Sysoev]

details:   http://hg.nginx.org/njs/rev/f62632793238
branches:  
changeset: 336:f62632793238
user:  Igor Sysoev 
date:  Tue Apr 04 11:00:49 2017 +0300
description:
Moving njs_array_prototype_fill() to appropriate place.

diffstat:

 njs/njs_array.c |  126 
 1 files changed, 63 insertions(+), 63 deletions(-)

diffs (143 lines):

diff -r a4e6f27ce598 -r f62632793238 njs/njs_array.c
--- a/njs/njs_array.c   Tue Apr 04 10:56:33 2017 +0300
+++ b/njs/njs_array.c   Tue Apr 04 11:00:49 2017 +0300
@@ -1214,6 +1214,69 @@ done:
 
 
 static njs_ret_t
+njs_array_prototype_fill(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs,
+njs_index_t unused)
+{
+nxt_int_ti, start, end, length;
+njs_array_t  *array;
+
+vm->retval = args[0];
+
+if (nargs < 2 || !njs_is_array([0])) {
+return NXT_OK;
+}
+
+array = args[0].data.u.array;
+length = array->length;
+
+if (length == 0) {
+return NXT_OK;
+}
+
+start = 0;
+end = length;
+
+if (nargs > 2) {
+start = args[2].data.u.number;
+
+if (start > length) {
+start = length;
+}
+
+if (start < 0) {
+start += length;
+
+if (start < 0) {
+start = 0;
+}
+}
+
+   if (nargs > 3) {
+   end = args[3].data.u.number;
+
+   if (end > length) {
+   end = length;
+   }
+
+   if (end < 0) {
+   end += length;
+
+   if (end < 0) {
+   end = 0;
+   }
+   }
+   }
+}
+
+for (i = start; i < end; i++) {
+array->start[i] = args[1];
+}
+
+return NXT_OK;
+}
+
+
+static njs_ret_t
 njs_array_prototype_for_each(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs,
 njs_index_t unused)
 {
@@ -1352,69 +1415,6 @@ njs_array_prototype_every_continuation(n
 
 
 static njs_ret_t
-njs_array_prototype_fill(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs,
-njs_index_t unused)
-{
-nxt_int_ti, start, end, length;
-njs_array_t  *array;
-
-vm->retval = args[0];
-
-if (nargs < 2 || !njs_is_array([0])) {
-return NXT_OK;
-}
-
-array = args[0].data.u.array;
-length = array->length;
-
-if (length == 0) {
-return NXT_OK;
-}
-
-start = 0;
-end = length;
-
-if (nargs > 2) {
-start = args[2].data.u.number;
-
-if (start > length) {
-start = length;
-}
-
-if (start < 0) {
-start += length;
-
-if (start < 0) {
-start = 0;
-}
-}
-
-   if (nargs > 3) {
-   end = args[3].data.u.number;
-
-   if (end > length) {
-   end = length;
-   }
-
-   if (end < 0) {
-   end += length;
-
-   if (end < 0) {
-   end = 0;
-   }
-   }
-   }
-}
-
-for (i = start; i < end; i++) {
-array->start[i] = args[1];
-}
-
-return NXT_OK;
-}
-
-
-static njs_ret_t
 njs_array_prototype_filter(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs,
 njs_index_t unused)
 {
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[njs] Style fixes and small miscellaneous changes.

[Igor Sysoev]

details:   http://hg.nginx.org/njs/rev/7e6460db39ad
branches:  
changeset: 337:7e6460db39ad
user:  Igor Sysoev 
date:  Tue Apr 04 13:23:10 2017 +0300
description:
Style fixes and small miscellaneous changes.

diffstat:

 njs/njs_array.c|  2 +-
 njs/njs_function.c |  4 ++--
 njs/njs_parser.c   |  2 +-
 3 files changed, 4 insertions(+), 4 deletions(-)

diffs (45 lines):

diff -r f62632793238 -r 7e6460db39ad njs/njs_array.c
--- a/njs/njs_array.c   Tue Apr 04 11:00:49 2017 +0300
+++ b/njs/njs_array.c   Tue Apr 04 13:23:10 2017 +0300
@@ -2044,7 +2044,7 @@ njs_array_prototype_sort_continuation(nj
 sort->current++;
 n = sort->current;
 
-} while (sort->current < array->length);
+} while (n < array->length);
 }
 
 vm->retval = args[0];
diff -r f62632793238 -r 7e6460db39ad njs/njs_function.c
--- a/njs/njs_function.cTue Apr 04 11:00:49 2017 +0300
+++ b/njs/njs_function.cTue Apr 04 13:23:10 2017 +0300
@@ -162,7 +162,7 @@ njs_function_frame(njs_vm_t *vm, njs_fun
 nxt_bool_t ctor)
 {
 size_t size;
-nxt_uint_t n, max_args, closures;;
+nxt_uint_t n, max_args, closures;
 njs_value_t*value, *bound;
 njs_frame_t*frame;
 njs_native_frame_t *native_frame;
@@ -594,7 +594,7 @@ njs_function_activate(njs_vm_t *vm, njs_
 cont->retval = retval;
 
 cont->return_address = vm->current
-   + sizeof(njs_vmcode_function_call_t);;
+   + sizeof(njs_vmcode_function_call_t);
 vm->current = (u_char *) njs_continuation_nexus;
 
 return NJS_APPLIED;
diff -r f62632793238 -r 7e6460db39ad njs/njs_parser.c
--- a/njs/njs_parser.c  Tue Apr 04 11:00:49 2017 +0300
+++ b/njs/njs_parser.c  Tue Apr 04 13:23:10 2017 +0300
@@ -178,7 +178,7 @@ njs_parser_scope_begin(njs_vm_t *vm, njs
 if (type == NJS_SCOPE_FUNCTION) {
 scope->next_index[0] = type;
 scope->next_index[1] = NJS_SCOPE_CLOSURE + nesting
-   + sizeof(njs_value_t);;
+   + sizeof(njs_value_t);
 
 } else {
 if (type == NJS_SCOPE_GLOBAL) {
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[njs] Array.prototype.findIndex() method.

[Igor Sysoev]

details:   http://hg.nginx.org/njs/rev/26e0ebd97454
branches:  
changeset: 331:26e0ebd97454
user:  Andrey Zelenkov 
date:  Tue Apr 04 06:16:49 2017 +0300
description:
Array.prototype.findIndex() method.

diffstat:

 njs/njs_array.c  |  58 
 njs/test/njs_unit_test.c |  44 
 2 files changed, 102 insertions(+), 0 deletions(-)

diffs (136 lines):

diff -r 52d53653ac52 -r 26e0ebd97454 njs/njs_array.c
--- a/njs/njs_array.c   Tue Apr 04 06:10:10 2017 +0300
+++ b/njs/njs_array.c   Tue Apr 04 06:16:49 2017 +0300
@@ -100,6 +100,8 @@ static njs_ret_t njs_array_prototype_fil
 njs_value_t *args, nxt_uint_t nargs, njs_index_t unused);
 static njs_ret_t njs_array_prototype_find_continuation(njs_vm_t *vm,
 njs_value_t *args, nxt_uint_t nargs, njs_index_t unused);
+static njs_ret_t njs_array_prototype_find_index_continuation(njs_vm_t *vm,
+njs_value_t *args, nxt_uint_t nargs, njs_index_t unused);
 static njs_ret_t njs_array_prototype_map_continuation(njs_vm_t *vm,
 njs_value_t *args, nxt_uint_t nargs, njs_index_t unused);
 static nxt_noinline uint32_t njs_array_prototype_map_index(njs_array_t *array,
@@ -1531,6 +1533,54 @@ njs_array_prototype_find_continuation(nj
 }
 
 
+static njs_ret_t
+njs_array_prototype_find_index(njs_vm_t *vm, njs_value_t *args,
+nxt_uint_t nargs, njs_index_t unused)
+{
+nxt_int_t ret;
+njs_array_iter_t  *iter;
+
+ret = njs_array_iterator_args(vm, args, nargs);
+if (nxt_slow_path(ret != NXT_OK)) {
+return ret;
+}
+
+iter = njs_vm_continuation(vm);
+iter->u.cont.function = njs_array_prototype_find_index_continuation;
+iter->retval.data.truth = 0;
+
+return njs_array_prototype_find_index_continuation(vm, args, nargs, 
unused);
+}
+
+
+static njs_ret_t
+njs_array_prototype_find_index_continuation(njs_vm_t *vm, njs_value_t *args,
+nxt_uint_t nargs, njs_index_t unused)
+{
+double index;
+njs_array_iter_t   *iter;
+
+iter = njs_vm_continuation(vm);
+index = iter->index;
+
+if (!njs_is_true(>retval)) {
+iter->index++;
+
+if (iter->index < iter->length
+&& iter->index < args[0].data.u.array->length)
+{
+return njs_array_prototype_find_apply(vm, iter, args, nargs);
+}
+
+index = -1;
+}
+
+njs_number_set(>retval, index);
+
+return NXT_OK;
+}
+
+
 static nxt_noinline njs_ret_t
 njs_array_prototype_find_apply(njs_vm_t *vm, njs_array_iter_t *iter,
 njs_value_t *args, nxt_uint_t nargs)
@@ -2147,6 +2197,14 @@ static const njs_object_prop_t  njs_arra
  njs_continuation_size(njs_array_find_t), 0),
 },
 
+/* ES6. */
+{
+.type = NJS_METHOD,
+.name = njs_string("findIndex"),
+.value = njs_native_function(njs_array_prototype_find_index,
+ njs_continuation_size(njs_array_iter_t), 0),
+},
+
 {
 .type = NJS_METHOD,
 .name = njs_string("map"),
diff -r 52d53653ac52 -r 26e0ebd97454 njs/test/njs_unit_test.c
--- a/njs/test/njs_unit_test.c  Tue Apr 04 06:10:10 2017 +0300
+++ b/njs/test/njs_unit_test.c  Tue Apr 04 06:16:49 2017 +0300
@@ -2927,6 +2927,50 @@ static njs_unit_test_t  njs_test[] =
   nxt_string("undefined") },
 
 { nxt_string("var a = [];"
+ "a.findIndex(function(v, i, a) { return v > 1 })"),
+  nxt_string("-1") },
+
+{ nxt_string("var a = [,NaN,0,-1];"
+ "a.findIndex(function(v, i, a) { return v > 1 })"),
+  nxt_string("-1") },
+
+{ nxt_string("var a = [,NaN,0,-1,2];"
+ "a.findIndex(function(v, i, a) { return v > 1 })"),
+ nxt_string("4") },
+
+{ nxt_string("var a = [1,2,3,-1,5];"
+ "a.findIndex(function(v, i, a) { return v > 1 })"),
+  nxt_string("1") },
+
+{ nxt_string("var a = [,1,,-1,5];"
+ "a.findIndex(function(v, i, a) { return v > 1 })"),
+  nxt_string("4") },
+
+{ nxt_string("var a = [,1,,-1,5,6];"
+ "a.findIndex(function(v, i, a) { return v > 1 })"),
+  nxt_string("4") },
+
+{ nxt_string("[].findIndex(function(v) { return (v === undefined) })"),
+  nxt_string("-1") },
+
+{ nxt_string("[,].findIndex(function(v) { return (v === undefined) })"),
+  nxt_string("0") },
+
+{ nxt_string("[1,2,,3].findIndex(function(el){return el === undefined})"),
+  nxt_string("2") },
+
+{ nxt_string("[,2,,3].findIndex(function(el){return el === undefined})"),
+  nxt_string("0") },
+
+{ nxt_string("var a = [1,2,3,4,5,6];"
+ "a.findIndex(function(v, i, a) { a.shift(); return v == 3 
})"),
+  nxt_string("1") },
+
+{ nxt_string("var a = [1,2,3,4,5,6];"
+ "a.findIndex(function(v, i, a) { a.shift(); return v == 4 
})"),
+  nxt_string("-1") },
+
+{ nxt_string("var a = [];"
  "a.map(function(v, 

[njs] Moving common code to njs_array_iterator_args().

[Igor Sysoev]

details:   http://hg.nginx.org/njs/rev/a4e6f27ce598
branches:  
changeset: 335:a4e6f27ce598
user:  Igor Sysoev 
date:  Tue Apr 04 10:56:33 2017 +0300
description:
Moving common code to njs_array_iterator_args().

diffstat:

 njs/njs_array.c |  5 +
 1 files changed, 1 insertions(+), 4 deletions(-)

diffs (43 lines):

diff -r 9d211a93c491 -r a4e6f27ce598 njs/njs_array.c
--- a/njs/njs_array.c   Tue Apr 04 10:52:24 2017 +0300
+++ b/njs/njs_array.c   Tue Apr 04 10:56:33 2017 +0300
@@ -1266,7 +1266,6 @@ njs_array_prototype_some(njs_vm_t *vm, n
 
 iter = njs_vm_continuation(vm);
 iter->u.cont.function = njs_array_prototype_some_continuation;
-iter->retval.data.truth = 0;
 
 return njs_array_prototype_some_continuation(vm, args, nargs, unused);
 }
@@ -1429,7 +1428,6 @@ njs_array_prototype_filter(njs_vm_t *vm,
 
 filter = njs_vm_continuation(vm);
 filter->iter.u.cont.function = njs_array_prototype_filter_continuation;
-filter->iter.retval.data.truth = 0;
 
 filter->array = njs_array_alloc(vm, 0, NJS_ARRAY_SPARE);
 if (nxt_slow_path(filter->array == NULL)) {
@@ -1490,7 +1488,6 @@ njs_array_prototype_find(njs_vm_t *vm, n
 
 find = njs_vm_continuation(vm);
 find->iter.u.cont.function = njs_array_prototype_find_continuation;
-find->iter.retval.data.truth = 0;
 
 return njs_array_prototype_find_continuation(vm, args, nargs, unused);
 }
@@ -1547,7 +1544,6 @@ njs_array_prototype_find_index(njs_vm_t 
 
 iter = njs_vm_continuation(vm);
 iter->u.cont.function = njs_array_prototype_find_index_continuation;
-iter->retval.data.truth = 0;
 
 return njs_array_prototype_find_index_continuation(vm, args, nargs, 
unused);
 }
@@ -1770,6 +1766,7 @@ njs_array_iterator_args(njs_vm_t *vm, nj
 
 iter = njs_vm_continuation(vm);
 iter->length = args[0].data.u.array->length;
+iter->retval.data.truth = 0;
 iter->index = NJS_ARRAY_INVALID_INDEX;
 
 return NXT_OK;
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[njs] Global variables may be accessed incorrectly by nested functions.

[Igor Sysoev]

details:   http://hg.nginx.org/njs/rev/251aa4b128ea
branches:  
changeset: 333:251aa4b128ea
user:  Igor Sysoev 
date:  Tue Apr 04 10:47:02 2017 +0300
description:
Global variables may be accessed incorrectly by nested functions.

diffstat:

 njs/njs_variable.c   |  6 +-
 njs/test/njs_unit_test.c |  4 
 2 files changed, 9 insertions(+), 1 deletions(-)

diffs (30 lines):

diff -r ada17c8bdd5a -r 251aa4b128ea njs/njs_variable.c
--- a/njs/njs_variable.cTue Apr 04 10:47:12 2017 +0300
+++ b/njs/njs_variable.cTue Apr 04 10:47:02 2017 +0300
@@ -322,7 +322,11 @@ njs_variable_get(njs_vm_t *vm, njs_parse
 goto not_found;
 }
 
-n = (node->scope->nesting != vs.scope->nesting);
+n = 0;
+
+if (vs.scope->type > NJS_SCOPE_GLOBAL) {
+n = (node->scope->nesting != vs.scope->nesting);
+}
 
 var = vs.variable;
 index = var->index;
diff -r ada17c8bdd5a -r 251aa4b128ea njs/test/njs_unit_test.c
--- a/njs/test/njs_unit_test.c  Tue Apr 04 10:47:12 2017 +0300
+++ b/njs/test/njs_unit_test.c  Tue Apr 04 10:47:02 2017 +0300
@@ -4319,6 +4319,10 @@ static njs_unit_test_t  njs_test[] =
  "var y = f(); y()"),
   nxt_string("6") },
 
+{ nxt_string("var x; var y = 4;"
+ "function f() { function h() { x = 3; return y; } }"),
+  nxt_string("undefined") },
+
 /* Recursive fibonacci. */
 
 { nxt_string("function fibo(n) {"
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

[njs] Array.prototype.find() method.

[Igor Sysoev]

details:   http://hg.nginx.org/njs/rev/52d53653ac52
branches:  
changeset: 330:52d53653ac52
user:  Andrey Zelenkov 
date:  Tue Apr 04 06:10:10 2017 +0300
description:
Array.prototype.find() method.

Also introduced njs_array_iterator_sparse_apply() function.

diffstat:

 njs/njs_array.c  |  106 +++
 njs/test/njs_unit_test.c |   43 +++
 2 files changed, 149 insertions(+), 0 deletions(-)

diffs (197 lines):

diff -r c46da90ca064 -r 52d53653ac52 njs/njs_array.c
--- a/njs/njs_array.c   Sun Apr 02 12:36:05 2017 +0300
+++ b/njs/njs_array.c   Tue Apr 04 06:10:10 2017 +0300
@@ -58,6 +58,12 @@ typedef struct {
 
 typedef struct {
 njs_array_iter_titer;
+njs_value_t value;
+} njs_array_find_t;
+
+
+typedef struct {
+njs_array_iter_titer;
 njs_array_t *array;
 } njs_array_map_t;
 
@@ -92,6 +98,8 @@ static njs_ret_t njs_array_prototype_eve
 njs_value_t *args, nxt_uint_t nargs, njs_index_t unused);
 static njs_ret_t njs_array_prototype_filter_continuation(njs_vm_t *vm,
 njs_value_t *args, nxt_uint_t nargs, njs_index_t unused);
+static njs_ret_t njs_array_prototype_find_continuation(njs_vm_t *vm,
+njs_value_t *args, nxt_uint_t nargs, njs_index_t unused);
 static njs_ret_t njs_array_prototype_map_continuation(njs_vm_t *vm,
 njs_value_t *args, nxt_uint_t nargs, njs_index_t unused);
 static nxt_noinline uint32_t njs_array_prototype_map_index(njs_array_t *array,
@@ -102,6 +110,8 @@ static nxt_noinline uint32_t njs_array_i
 njs_array_iter_t *iter);
 static nxt_noinline njs_ret_t njs_array_iterator_apply(njs_vm_t *vm,
 njs_array_iter_t *iter, njs_value_t *args, nxt_uint_t nargs);
+static nxt_noinline njs_ret_t njs_array_prototype_find_apply(njs_vm_t *vm,
+njs_array_iter_t *iter, njs_value_t *args, nxt_uint_t nargs);
 static njs_ret_t njs_array_prototype_reduce_continuation(njs_vm_t *vm,
 njs_value_t *args, nxt_uint_t nargs, njs_index_t unused);
 static njs_ret_t njs_array_prototype_reduce_right_continuation(njs_vm_t *vm,
@@ -1465,6 +1475,94 @@ njs_array_prototype_filter_continuation(
 
 
 static njs_ret_t
+njs_array_prototype_find(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs,
+njs_index_t unused)
+{
+nxt_int_t ret;
+njs_array_find_t  *find;
+
+ret = njs_array_iterator_args(vm, args, nargs);
+if (nxt_slow_path(ret != NXT_OK)) {
+return ret;
+}
+
+find = njs_vm_continuation(vm);
+find->iter.u.cont.function = njs_array_prototype_find_continuation;
+find->iter.retval.data.truth = 0;
+
+return njs_array_prototype_find_continuation(vm, args, nargs, unused);
+}
+
+
+static njs_ret_t
+njs_array_prototype_find_continuation(njs_vm_t *vm, njs_value_t *args,
+nxt_uint_t nargs, njs_index_t unused)
+{
+njs_array_t*array;
+njs_array_iter_t   *iter;
+njs_array_find_t   *find;
+const njs_value_t  *retval;
+
+retval = _value_void;
+
+find = njs_vm_continuation(vm);
+iter = >iter;
+
+if (!njs_is_true(>retval)) {
+array = args[0].data.u.array;
+iter->index++;
+
+if (iter->index < iter->length && iter->index < array->length) {
+/* GC: find->value */
+find->value = array->start[iter->index];
+
+return njs_array_prototype_find_apply(vm, iter, args, nargs);
+}
+
+} else {
+if (njs_is_valid(>value)) {
+retval = >value;
+}
+}
+
+vm->retval = *retval;
+
+return NXT_OK;
+}
+
+
+static nxt_noinline njs_ret_t
+njs_array_prototype_find_apply(njs_vm_t *vm, njs_array_iter_t *iter,
+njs_value_t *args, nxt_uint_t nargs)
+{
+uint32_t   n;
+const njs_value_t  *value;
+njs_value_targuments[4];
+
+/* GC: array elt, array */
+
+value = (nargs > 2) ? [2] : _value_void;
+arguments[0] = *value;
+
+n = iter->index;
+value = [0].data.u.array->start[n];
+
+if (!njs_is_valid(value)) {
+value = _value_void;
+}
+
+arguments[1] = *value;
+
+njs_number_set([2], n);
+
+arguments[3] = args[0];
+
+return njs_function_apply(vm, args[1].data.u.function, arguments, 4,
+  (njs_index_t) >retval);
+}
+
+
+static njs_ret_t
 njs_array_prototype_map(njs_vm_t *vm, njs_value_t *args, nxt_uint_t nargs,
 njs_index_t unused)
 {
@@ -2041,6 +2139,14 @@ static const njs_object_prop_t  njs_arra
  njs_continuation_size(njs_array_filter_t), 0),
 },
 
+/* ES6. */
+{
+.type = NJS_METHOD,
+.name = njs_string("find"),
+.value = njs_native_function(njs_array_prototype_find,
+ njs_continuation_size(njs_array_find_t), 0),
+},
+
 {
 .type = NJS_METHOD,
 .name = njs_string("map"),
diff -r c46da90ca064 -r 52d53653ac52 njs/test/njs_unit_test.c
--- a/njs/test/njs_unit_test.c  Sun Apr 02 12:36:05 2017 

[njs] Function declaration should return "undefined".

[Igor Sysoev]

details:   http://hg.nginx.org/njs/rev/ada17c8bdd5a
branches:  
changeset: 332:ada17c8bdd5a
user:  Igor Sysoev 
date:  Tue Apr 04 10:47:12 2017 +0300
description:
Function declaration should return "undefined".

diffstat:

 njs/njs_generator.c  |  7 ---
 njs/test/njs_unit_test.c |  6 ++
 2 files changed, 10 insertions(+), 3 deletions(-)

diffs (33 lines):

diff -r 26e0ebd97454 -r ada17c8bdd5a njs/njs_generator.c
--- a/njs/njs_generator.c   Tue Apr 04 06:16:49 2017 +0300
+++ b/njs/njs_generator.c   Tue Apr 04 10:47:12 2017 +0300
@@ -1261,9 +1261,10 @@ njs_generate_stop_statement(njs_vm_t *vm
 stop->code.retval = NJS_VMCODE_NO_RETVAL;
 
 index = NJS_INDEX_NONE;
-
-if (node->right != NULL) {
-index = node->right->index;
+node = node->right;
+
+if (node != NULL && node->token != NJS_TOKEN_FUNCTION) {
+index = node->index;
 }
 
 if (index == NJS_INDEX_NONE) {
diff -r 26e0ebd97454 -r ada17c8bdd5a njs/test/njs_unit_test.c
--- a/njs/test/njs_unit_test.c  Tue Apr 04 06:16:49 2017 +0300
+++ b/njs/test/njs_unit_test.c  Tue Apr 04 10:47:12 2017 +0300
@@ -4199,6 +4199,12 @@ static njs_unit_test_t  njs_test[] =
 { nxt_string("function () { } f()"),
   nxt_string("SyntaxError: Unexpected token \"(\" in 1") },
 
+{ nxt_string("function f() { }"),
+  nxt_string("undefined") },
+
+{ nxt_string("var x; function f() { }"),
+  nxt_string("undefined") },
+
 { nxt_string("function f() { } f()"),
   nxt_string("undefined") },
 
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: Allow /.well-known/acme-challenge but deny dot files

[nanaya]

Hi,

On Tue, Apr 4, 2017, at 17:45, Anoop Alias wrote:
> You can put it above the other deny location
> # Allow "Well-Known URIs" as per RFC 5785
> location ~* ^/.well-known/ {
> allow all;
> }
> 

Or use "^~" because it's of higher precedence compared to "~".

> If the longest matching prefix location has the “^~” modifier then regular 
> expressions are not checked. 

http://nginx.org/r/location

location ^~ /.well-known/ { }
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Allow /.well-known/acme-challenge but deny dot files

[Anoop Alias]

You can put it above the other deny location
# Allow "Well-Known URIs" as per RFC 5785
location ~* ^/.well-known/ {
allow all;
}



On Tue, Apr 4, 2017 at 2:06 PM, Martin Wolfert 
wrote:

> Hi,
>
> try this:
>
> # Allow access to the letsencrypt ACME Challenge
> location ~ /\.well-known\/acme-challenge {
> allow all;
> }
>
> Best,
> Martin
>
>
>
> Am 04.04.2017 um 10:33 schrieb basti:
>
>> Hello,
>>
>> at the Moment I use this config
>>
>> # Deny access to all .invisible files.
>> location ~ /\. { deny  all; access_log off; log_not_found off; }
>>
>>
>> Now I need access to Let's Encrypt acme-challenge and add this to my
>> config before deny all .invisible files, now it looks like
>>
>> ...
>> # Allow Let's Encrypt acme-challenge
>> location /.well-known/acme-challenge { allow all; access_log on; }
>>
>> # Deny access to all .invisible files.
>> location ~ /\. { deny  all; access_log off; log_not_found off; }
>> ...
>>
>> I have reload nginx but I have no access to
>> http://example.com/.well-known/acme-challenge
>>
>> Log say "access forbidden by rule."
>> Is there a way to allow /.well-known/ and deny all other?
>>
>> Best Regards,
>> basti
>> ___
>> nginx mailing list
>> nginx@nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



-- 
*Anoop P Alias*
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Binary upgrade with systemd

[Lucas Rolff]

Hello Marc,

For which PID do you send the WINCH signal?


From: nginx > on behalf 
of Marc Soda >
Reply-To: "nginx@nginx.org" 
>
Date: Tuesday, 4 April 2017 at 04.04
To: "nginx@nginx.org" 
>
Subject: Binary upgrade with systemd

Hello,

I’m using nginx 1.10.3 custom built on Ubuntu 16.04.  I’m also using the 
recommended systemd service file:

[Unit]
Description=The NGINX HTTP and reverse proxy server
After=syslog.target network.target remote-fs.target nss-lookup.target

[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/bin/kill -s HUP $MAINPID
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true

[Install]
WantedBy=multi-user.target

I’m try to do a no downtime upgrade with the USR2 and WINCH signals.  Here is 
my process list before:

root 32277  0.0  0.4 1056672 71148 ?   Ss   21:51   0:00 nginx: master 
process /usr/local/nginx/sbin/nginx
www  32278  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32279  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32280  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32281  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32282  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32283  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32288  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32289  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32290  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32291  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32292  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32293  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32294  0.0  0.4 1056672 72212 ?   S21:51   0:00  \_ nginx: 
cache manager process

and here it is after sending USR2:

root 32277  0.0  0.4 1056672 71868 ?   Ss   21:51   0:00 nginx: master 
process /usr/local/nginx/sbin/nginx
www  32278  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32279  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32280  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32281  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32282  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32283  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32288  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32289  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32290  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32291  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32292  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32293  0.0  0.4 1057924 73152 ?   S<   21:51   0:00  \_ nginx: 
worker process
www  32294  0.0  0.4 1056672 72212 ?   S21:51   0:00  \_ nginx: 
cache manager process
root 32461  5.5  0.5 1056676 82316 ?   S22:01   0:00  \_ nginx: 
master process /usr/local/nginx/sbin/nginx
www  32465  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ nginx: 
worker process
www  32466  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ nginx: 
worker process
www  32467  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ nginx: 
worker process
www  32468  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ nginx: 
worker process
www  32469  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ nginx: 
worker process
www  32470  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ nginx: 
worker process
www  32471  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ nginx: 
worker process
www  32472  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ nginx: 
worker process
www  32473  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ nginx: 
worker process
www  32474  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ nginx: 
worker process
www  32475  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ nginx: 
worker process
www  32476  0.0  0.4 1057928 73052 ?   S<   22:01   0:00  \_ nginx: 
worker process
www  32477  0.0  

Re: Allow /.well-known/acme-challenge but deny dot files

[Martin Wolfert]

Hi,

try this:

# Allow access to the letsencrypt ACME Challenge
location ~ /\.well-known\/acme-challenge {
allow all;
}

Best,
Martin


Am 04.04.2017 um 10:33 schrieb basti:

Hello,

at the Moment I use this config

# Deny access to all .invisible files.
location ~ /\. { deny  all; access_log off; log_not_found off; }


Now I need access to Let's Encrypt acme-challenge and add this to my
config before deny all .invisible files, now it looks like

...
# Allow Let's Encrypt acme-challenge
location /.well-known/acme-challenge { allow all; access_log on; }

# Deny access to all .invisible files.
location ~ /\. { deny  all; access_log off; log_not_found off; }
...

I have reload nginx but I have no access to
http://example.com/.well-known/acme-challenge

Log say "access forbidden by rule."
Is there a way to allow /.well-known/ and deny all other?

Best Regards,
basti
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx


___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Allow /.well-known/acme-challenge but deny dot files

[basti]

Hello,

at the Moment I use this config

# Deny access to all .invisible files.
location ~ /\. { deny  all; access_log off; log_not_found off; }


Now I need access to Let's Encrypt acme-challenge and add this to my
config before deny all .invisible files, now it looks like

...
# Allow Let's Encrypt acme-challenge
location /.well-known/acme-challenge { allow all; access_log on; }

# Deny access to all .invisible files.
location ~ /\. { deny  all; access_log off; log_not_found off; }
...

I have reload nginx but I have no access to
http://example.com/.well-known/acme-challenge

Log say "access forbidden by rule."
Is there a way to allow /.well-known/ and deny all other?

Best Regards,
basti
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Вопрос по TLS и аутентификации

[Evgeniy Berdnikov]

On Mon, Apr 03, 2017 at 11:35:30PM -0400, DemDA wrote:
> А, кстати, волею плюшевого димки винда
> попала в реестр российского ПО.

 Чаво? Ссылку, pls (хоть это здесь явный оффтоп).

 Я нашёл только такое упоминание винды в связи с реестром:
 https://www.pcweek.ru/business/blog/foss/9482.php
-- 
 Eugene Berdnikov
___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Nginx map module regex in file

[Jagannath Naidu]

Hi,

I am trying to redirect some urls to a different document path. My
configuration file is as follows


 /etc/nginx/conf.d/site.conf 
*map_hash_max_size 2048;*
*map_hash_bucket_size 128;*
*map $uri $new {*
*include list_4;*
*}*
resolver  127.0.0.1;
server {
listen 81;
server_name abcexample.com;
access_log /var/log/nginx/abcexample-access.log main;
error_log  /var/log/nginx/abcexample-error.log;
location / {
*if ($new) {*
*  rewrite ^ $new redirect;*
*}*
  proxy_pass http://127.0.0.1:8000;
}

# /etc/nginx/list_4 ##
/abc/1.html /abc/hello;
/max/1.html /max/;
~^/xyz/(?.*)$ /xyz/123;
*~^//abcdef(?.*)$ //b/$abc;*

*~^/kaka/(?.*)$ /tata/$abc;*


Note:
line 1,2 and 3 redirects are working fine.
But line 4 and 5 are not working.


*root@Hell1:~# curl -I abcexample.com//abcef111.html
 *
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 04 Apr 2017 07:08:47 GMT
Content-Type: text/html
Content-Length: 154
*Location: http://abcdexample.com//b/$abc
*
Connection: keep-alive

My Question is:
What changes do I have to do in list_4 file to get results as follows
*Location: http://abcdexample.com/news/b/111.html
 *


Thanks in advance
- Jagan
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Вопрос по TLS и аутентификации

[Илья Шипицин]

4 апреля 2017 г., 12:17 пользователь Evgeniy Berdnikov 
написал:

> On Mon, Apr 03, 2017 at 09:52:01PM -0400, DemDA wrote:
> > Максим, здравствуйте! Спасибо за ответ.  ssl_verify_depth задавал. Но, к
> > сожалению, это не возымело эффекта. Сегодня буду исследовать вопрос в
> > сторону обновления OpenSSL до версии выше 1.0.2. Что касается Вашего
> > замечания относительно  "В указанный в директиве файл можно положить
> > произвольное количество доверенных сертификатов." - не совсем понятно.
> > Несколько файлов не подсунешь. Пробовал соединить их catом в один - все
> > равно используется только первый из сцепленного файла.
>

еще openssl не любит BEM
(не совсем понимаю почему)


>
>  А там в результате cat'а структура правильная? Помнится, Comodo выдавал
>  сертификаты, которые с виду PEM, но в конце файла перевода строки нет.
>  Поэтому результат тупого cat'а к употреблению оказывается непригоден,
>  хотя каждый сертификат по отдельности openssl'ем читается.
> --
>  Eugene Berdnikov
> ___
> nginx-ru mailing list
> nginx-ru@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-ru
>
___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: Вопрос по TLS и аутентификации

[Evgeniy Berdnikov]

On Mon, Apr 03, 2017 at 09:52:01PM -0400, DemDA wrote:
> Максим, здравствуйте! Спасибо за ответ.  ssl_verify_depth задавал. Но, к
> сожалению, это не возымело эффекта. Сегодня буду исследовать вопрос в
> сторону обновления OpenSSL до версии выше 1.0.2. Что касается Вашего
> замечания относительно  "В указанный в директиве файл можно положить
> произвольное количество доверенных сертификатов." - не совсем понятно.
> Несколько файлов не подсунешь. Пробовал соединить их catом в один - все
> равно используется только первый из сцепленного файла.

 А там в результате cat'а структура правильная? Помнится, Comodo выдавал
 сертификаты, которые с виду PEM, но в конце файла перевода строки нет.
 Поэтому результат тупого cat'а к употреблению оказывается непригоден,
 хотя каждый сертификат по отдельности openssl'ем читается.
-- 
 Eugene Berdnikov
___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru