Re: Domains not working as expected with nginx
On Fri, Jul 08, 2022 at 12:53:39PM -0700, Jason Crews wrote:
Hi there,
Thanks for this.
I think it says that if you ask for "http://secondarydomain.com;, you
will get to
> server {
> server_name secondarydomain.com;
that server block (unless secondarydomain.com resolves to 127.0.0.2);
but if you ask for "https://secondarydomain.com;, you will get to
> server {
> listen 443 ssl http2;
> server_name sub.maindomain.com;
that server block.
Which I think is what you describe for the "wordpress" side of things.
Either configure a server block with ssl for secondarydomain.com;
or make sure to only access secondarydomain.com over http. (And if
something like wordpress redirects to https, make it stop doing that.)
Hope this helps,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org
Re: Domains not working as expected with nginx
server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
ssl_prefer_server_ciphers on;
# server {
# listen localhost:110;
# server {
# listen localhost:143;
server {
listen 127.0.0.2:80;
server_name 127.0.0.2;
server unix:/tmp/php-cgi.socket;
server 127.0.0.1:9000;
server {
server_name secondarydomain.com;
fastcgi_param SERVER_PROTOCOL$server_protocol;
fastcgi_param SERVER_ADDR$server_addr;
fastcgi_param SERVER_PORT$server_port;
fastcgi_param SERVER_NAME$server_name;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_prefer_server_ciphers off;
server_name sub.maindomain.com;
server {
listen 80 default_server;
listen [::]:80 default_server;
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_prefer_server_ciphers off;
server_name primarydomain.com www.primarydomain.com;
fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on
#fastcgi_pass 127.0.0.1:9000; # or whatever port your
PHP-FPM listens on
Jason Crews
On Fri, Jul 8, 2022 at 11:07 AM Francis Daly wrote:
>
> On Fri, Jul 08, 2022 at 10:14:13AM -0700, Jason Crews wrote:
>
> Hi there,
>
> > I'm not sure what I've got misconfigured here, I would appreciate
> > anyone who could point me in the right direction.
> > Site structure:
> >
> > maindomain.com -> mediawiki -> works
> > sub.maindomain.com -> basic php website -> works
> > secondarydomain.com -> wordpress -> goes to sub.maindomain.com
> >
> > I've posted all of the config files on reddit:
> > https://www.reddit.com/r/nginx/comments/vtuha9/domains_not_going_where_expected/
>
> For each server{} block that you have, what are the "listen" directives
> and what are the "server_name" directives.
>
> $ nginx -T | grep 'server\|listen'
>
> will probably give a reasonable starting point for that data. Feel
> free to edit it to hide anything you consider private; but please be
> consistent. If you use the same IP address in the config twice, edit it
> to the same thing. If you use different IP addresses, edit them to be
> different things -- anything in the 10.x network is "private enough".
>
> And for server_name entries, one.example.com, two.examle.com, and
> *.example.net might be reasonable ways to edit thing.
>
> (Also: feel free not to change things if you don't consider them private.)
>
> And when you report something not working, please be specific about http
> or https, to which particular hostname.
>
> (And confirm whether the hostname resolves to the IP address that nginx
> is listening on.)
>
> Hopefully the answers to those will make it clear what is happening,
> and what should be changed to make things happen the way you want them
> to happen.
>
> Cheers,
>
> f
> --
> Francis Dalyfran...@daoine.org
> ___
> nginx mailing list -- nginx@nginx.org
> To unsubscribe send an email to nginx-le...@nginx.org
___
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org
Slice module 206 requirement
Hi guys,
I’m having an nginx instance where I utilise the nginx slice module to slice
upstream mp4 files when using proxy_cache.
However, I have an interesting origin where if sending a range request (which
happens when the slice module is enabled), to a file that’s less than the slice
range, the origin returns a 200 OK, but with the range related headers such as
content-range, but obviously the full file is returned since it’s within the
requested range.
When playing the MP4s through Google Chrome and Firefox it works fine when
going through the nginx proxy instance, however, it somehow breaks Safari (both
on MacOS, and iOS) - I guess Safari is more strict.
When playing directly through the origin it works fine in all browsers.
The md5 of response from the origin remains the same, so it’s not that the
response itself is an invalid MP4 file, and even if you compare the cache files
on disk with a “working” origin and the “broken” origin (one sends a 206
Partial Content, another sends 200 OK) - the content of the cache files remain
the same, except obviously the header section of the cache file.
The origin returns a 206 status code, only if the file exceeds the slice size,
so if I configure a slice size of 5 megabyte, only files above 5 megabytes will
give 206s. Anything under 5 megabytes will result in a 200 OK with
content-range and the correct content-length,
Looking in the slice module itself I see:
https://github.com/nginx/nginx/blob/master/src/http/modules/ngx_http_slice_filter_module.c#L116-L126
if (r->headers_out.status != NGX_HTTP_PARTIAL_CONTENT) {
if (r == r->main) {
ngx_http_set_ctx(r, NULL, ngx_http_slice_filter_module);
return ngx_http_next_header_filter(r);
}
ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
"unexpected status code %ui in slice response",
r->headers_out.status);
return NGX_ERROR;
}
This seems like the slice module expects a 206 status code to be returned,
however, later in the same function
https://github.com/nginx/nginx/blob/master/src/http/modules/ngx_http_slice_filter_module.c#L200-L211
if (r->headers_out.status == NGX_HTTP_PARTIAL_CONTENT) {
if (ctx->start + (off_t) slcf->size <= r->headers_out.content_offset) {
ctx->start = slcf->size
* (r->headers_out.content_offset / slcf->size);
}
ctx->end = r->headers_out.content_offset
+ r->headers_out.content_length_n;
} else {
ctx->end = cr.complete_length;
}
There it will do an else statement if the status code isn’t 206.
So would this piece of code ever be reached, since there’s the initial error?
Additionally I don’t see in RFC7233 that 206 responses are an absolute
requirement, additionally I don’t see content-range being prohibited/forbidden
to be used for 200 OK responses.
Now, if one have a secondary proxy that modifies the response headers in
between the origin returning 200 OK with the Content-Range header, and then
strip out the Content-Range header, the nginx slice module seems to handle it
fine, so somehow the combination of 200 OK and a Content-Range header being
present seems to break the slice module from functioning.
I’m just curious why this happens within the slice module, and if there’s any
possible solution for it (like allowing the combination of 200 OK and
Content-Range, since those two would still indicate that the origin/upstream
supports range requests) - obviously it would be nice to fix the upstream
server but sometimes that’s sadly not possible.
I know the parts of the slice module haven’t been touched for years, so
obviously it works for most people, just dipping my toes here to see if there’s
a possible solution other than disabling slice when an origin returns 200 OK
for files smaller than the slice size.
Thanks in advance
Best Regards,
Lucas Rolff
___
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org
Re: Domains not working as expected with nginx
On Fri, Jul 08, 2022 at 10:14:13AM -0700, Jason Crews wrote:
Hi there,
> I'm not sure what I've got misconfigured here, I would appreciate
> anyone who could point me in the right direction.
> Site structure:
>
> maindomain.com -> mediawiki -> works
> sub.maindomain.com -> basic php website -> works
> secondarydomain.com -> wordpress -> goes to sub.maindomain.com
>
> I've posted all of the config files on reddit:
> https://www.reddit.com/r/nginx/comments/vtuha9/domains_not_going_where_expected/
For each server{} block that you have, what are the "listen" directives
and what are the "server_name" directives.
$ nginx -T | grep 'server\|listen'
will probably give a reasonable starting point for that data. Feel
free to edit it to hide anything you consider private; but please be
consistent. If you use the same IP address in the config twice, edit it
to the same thing. If you use different IP addresses, edit them to be
different things -- anything in the 10.x network is "private enough".
And for server_name entries, one.example.com, two.examle.com, and
*.example.net might be reasonable ways to edit thing.
(Also: feel free not to change things if you don't consider them private.)
And when you report something not working, please be specific about http
or https, to which particular hostname.
(And confirm whether the hostname resolves to the IP address that nginx
is listening on.)
Hopefully the answers to those will make it clear what is happening,
and what should be changed to make things happen the way you want them
to happen.
Cheers,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org
Re: кешировать только ответы где есть определённый Set-Cookie
Тоже вопрос на ту же тему, чтоб не плодить темы.
Есть код
set $no_cache 0;
if ($request_method = POST){set $no_cache 1;}
if ($http_host ~* success.html$){set $no_cache 1;}
if ($remote_addr ~* ^(192.168.0*)$){set $no_cache 1;}
# Не берется из кеша
fastcgi_cache_bypass $no_cache;
# Не сохраняется в кеш
fastcgi_no_cache $no_cache;
Ни один if не срабатывает. Куда смотреть, копать?
Posted at Nginx Forum:
https://forum.nginx.org/read.php?21,294681,294690#msg-294690
___
nginx-ru mailing list -- nginx-ru@nginx.org
To unsubscribe send an email to nginx-ru-le...@nginx.org
Re: Reverse proxy to traefik
On Thu, Jul 07, 2022 at 11:17:03AM -0300, Daniel A. Rodriguez wrote:
Hi there,
> Nginx is actually working as RP for several subdomains for which is also SSL
> termination. The traefik box is out of my scope, but it has the ability to
> negotiate TLS certificates for its own. That's why I need to forward just
> specific subdomain TCP traffic to it.
I think you are indicating that you currently have a http section with
something like
===
server {
listen nginx-ip:443 ssl;
server_name one.example.com;
location / {
proxy_pass http://internal-one;
# or maybe "https://internal-one;;
}
}
server {
listen nginx-ip:443 ssl;
server_name two.example.com;
location / {
proxy_pass http://internal-two;
# or maybe "https://internal-two;;
}
}
===
If you need your traefik server to see the original data stream from the
client (such as: if your traefik server is using client certificates for
authentication; I can't immediately think of any other https reason),
then I suspect that in nginx terms you will need a second IP address,
and have a separate nginx "stream" block that will listen on that-ip:443.
If you are not using client certificates, you can still use a second IP
to let traefik see the original data stream. But maybe you can "get away"
with a normal http proxy_pass?
I guess it depends on your use case, and I'm afraid that I do not know
what your specific use case is.
The short answer is: on a single IP:port, nginx either listens for stream,
or for http, but not both.
Cheers,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org
Domains not working as expected with nginx
I'm not sure what I've got misconfigured here, I would appreciate anyone who could point me in the right direction. Site structure: maindomain.com -> mediawiki -> works sub.maindomain.com -> basic php website -> works secondarydomain.com -> wordpress -> goes to sub.maindomain.com I've posted all of the config files on reddit: https://www.reddit.com/r/nginx/comments/vtuha9/domains_not_going_where_expected/ Not sure what's going one, any help would be appreciated. Jason Crews ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
