Re: Domains not working as expected with nginx
On Fri, Jul 08, 2022 at 12:53:39PM -0700, Jason Crews wrote: Hi there, Thanks for this. I think it says that if you ask for "http://secondarydomain.com;, you will get to > server { > server_name secondarydomain.com; that server block (unless secondarydomain.com resolves to 127.0.0.2); but if you ask for "https://secondarydomain.com;, you will get to > server { > listen 443 ssl http2; > server_name sub.maindomain.com; that server block. Which I think is what you describe for the "wordpress" side of things. Either configure a server block with ssl for secondarydomain.com; or make sure to only access secondarydomain.com over http. (And if something like wordpress redirects to https, make it stop doing that.) Hope this helps, f -- Francis Dalyfran...@daoine.org ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Domains not working as expected with nginx
server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; ssl_prefer_server_ciphers on; # server { # listen localhost:110; # server { # listen localhost:143; server { listen 127.0.0.2:80; server_name 127.0.0.2; server unix:/tmp/php-cgi.socket; server 127.0.0.1:9000; server { server_name secondarydomain.com; fastcgi_param SERVER_PROTOCOL$server_protocol; fastcgi_param SERVER_ADDR$server_addr; fastcgi_param SERVER_PORT$server_port; fastcgi_param SERVER_NAME$server_name; server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl_prefer_server_ciphers off; server_name sub.maindomain.com; server { listen 80 default_server; listen [::]:80 default_server; server { listen 443 ssl http2; listen [::]:443 ssl http2; ssl_prefer_server_ciphers off; server_name primarydomain.com www.primarydomain.com; fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on #fastcgi_pass 127.0.0.1:9000; # or whatever port your PHP-FPM listens on Jason Crews On Fri, Jul 8, 2022 at 11:07 AM Francis Daly wrote: > > On Fri, Jul 08, 2022 at 10:14:13AM -0700, Jason Crews wrote: > > Hi there, > > > I'm not sure what I've got misconfigured here, I would appreciate > > anyone who could point me in the right direction. > > Site structure: > > > > maindomain.com -> mediawiki -> works > > sub.maindomain.com -> basic php website -> works > > secondarydomain.com -> wordpress -> goes to sub.maindomain.com > > > > I've posted all of the config files on reddit: > > https://www.reddit.com/r/nginx/comments/vtuha9/domains_not_going_where_expected/ > > For each server{} block that you have, what are the "listen" directives > and what are the "server_name" directives. > > $ nginx -T | grep 'server\|listen' > > will probably give a reasonable starting point for that data. Feel > free to edit it to hide anything you consider private; but please be > consistent. If you use the same IP address in the config twice, edit it > to the same thing. If you use different IP addresses, edit them to be > different things -- anything in the 10.x network is "private enough". > > And for server_name entries, one.example.com, two.examle.com, and > *.example.net might be reasonable ways to edit thing. > > (Also: feel free not to change things if you don't consider them private.) > > And when you report something not working, please be specific about http > or https, to which particular hostname. > > (And confirm whether the hostname resolves to the IP address that nginx > is listening on.) > > Hopefully the answers to those will make it clear what is happening, > and what should be changed to make things happen the way you want them > to happen. > > Cheers, > > f > -- > Francis Dalyfran...@daoine.org > ___ > nginx mailing list -- nginx@nginx.org > To unsubscribe send an email to nginx-le...@nginx.org ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Slice module 206 requirement
Hi guys, I’m having an nginx instance where I utilise the nginx slice module to slice upstream mp4 files when using proxy_cache. However, I have an interesting origin where if sending a range request (which happens when the slice module is enabled), to a file that’s less than the slice range, the origin returns a 200 OK, but with the range related headers such as content-range, but obviously the full file is returned since it’s within the requested range. When playing the MP4s through Google Chrome and Firefox it works fine when going through the nginx proxy instance, however, it somehow breaks Safari (both on MacOS, and iOS) - I guess Safari is more strict. When playing directly through the origin it works fine in all browsers. The md5 of response from the origin remains the same, so it’s not that the response itself is an invalid MP4 file, and even if you compare the cache files on disk with a “working” origin and the “broken” origin (one sends a 206 Partial Content, another sends 200 OK) - the content of the cache files remain the same, except obviously the header section of the cache file. The origin returns a 206 status code, only if the file exceeds the slice size, so if I configure a slice size of 5 megabyte, only files above 5 megabytes will give 206s. Anything under 5 megabytes will result in a 200 OK with content-range and the correct content-length, Looking in the slice module itself I see: https://github.com/nginx/nginx/blob/master/src/http/modules/ngx_http_slice_filter_module.c#L116-L126 if (r->headers_out.status != NGX_HTTP_PARTIAL_CONTENT) { if (r == r->main) { ngx_http_set_ctx(r, NULL, ngx_http_slice_filter_module); return ngx_http_next_header_filter(r); } ngx_log_error(NGX_LOG_ERR, r->connection->log, 0, "unexpected status code %ui in slice response", r->headers_out.status); return NGX_ERROR; } This seems like the slice module expects a 206 status code to be returned, however, later in the same function https://github.com/nginx/nginx/blob/master/src/http/modules/ngx_http_slice_filter_module.c#L200-L211 if (r->headers_out.status == NGX_HTTP_PARTIAL_CONTENT) { if (ctx->start + (off_t) slcf->size <= r->headers_out.content_offset) { ctx->start = slcf->size * (r->headers_out.content_offset / slcf->size); } ctx->end = r->headers_out.content_offset + r->headers_out.content_length_n; } else { ctx->end = cr.complete_length; } There it will do an else statement if the status code isn’t 206. So would this piece of code ever be reached, since there’s the initial error? Additionally I don’t see in RFC7233 that 206 responses are an absolute requirement, additionally I don’t see content-range being prohibited/forbidden to be used for 200 OK responses. Now, if one have a secondary proxy that modifies the response headers in between the origin returning 200 OK with the Content-Range header, and then strip out the Content-Range header, the nginx slice module seems to handle it fine, so somehow the combination of 200 OK and a Content-Range header being present seems to break the slice module from functioning. I’m just curious why this happens within the slice module, and if there’s any possible solution for it (like allowing the combination of 200 OK and Content-Range, since those two would still indicate that the origin/upstream supports range requests) - obviously it would be nice to fix the upstream server but sometimes that’s sadly not possible. I know the parts of the slice module haven’t been touched for years, so obviously it works for most people, just dipping my toes here to see if there’s a possible solution other than disabling slice when an origin returns 200 OK for files smaller than the slice size. Thanks in advance Best Regards, Lucas Rolff ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: Domains not working as expected with nginx
On Fri, Jul 08, 2022 at 10:14:13AM -0700, Jason Crews wrote: Hi there, > I'm not sure what I've got misconfigured here, I would appreciate > anyone who could point me in the right direction. > Site structure: > > maindomain.com -> mediawiki -> works > sub.maindomain.com -> basic php website -> works > secondarydomain.com -> wordpress -> goes to sub.maindomain.com > > I've posted all of the config files on reddit: > https://www.reddit.com/r/nginx/comments/vtuha9/domains_not_going_where_expected/ For each server{} block that you have, what are the "listen" directives and what are the "server_name" directives. $ nginx -T | grep 'server\|listen' will probably give a reasonable starting point for that data. Feel free to edit it to hide anything you consider private; but please be consistent. If you use the same IP address in the config twice, edit it to the same thing. If you use different IP addresses, edit them to be different things -- anything in the 10.x network is "private enough". And for server_name entries, one.example.com, two.examle.com, and *.example.net might be reasonable ways to edit thing. (Also: feel free not to change things if you don't consider them private.) And when you report something not working, please be specific about http or https, to which particular hostname. (And confirm whether the hostname resolves to the IP address that nginx is listening on.) Hopefully the answers to those will make it clear what is happening, and what should be changed to make things happen the way you want them to happen. Cheers, f -- Francis Dalyfran...@daoine.org ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Re: кешировать только ответы где есть определённый Set-Cookie
Тоже вопрос на ту же тему, чтоб не плодить темы. Есть код set $no_cache 0; if ($request_method = POST){set $no_cache 1;} if ($http_host ~* success.html$){set $no_cache 1;} if ($remote_addr ~* ^(192.168.0*)$){set $no_cache 1;} # Не берется из кеша fastcgi_cache_bypass $no_cache; # Не сохраняется в кеш fastcgi_no_cache $no_cache; Ни один if не срабатывает. Куда смотреть, копать? Posted at Nginx Forum: https://forum.nginx.org/read.php?21,294681,294690#msg-294690 ___ nginx-ru mailing list -- nginx-ru@nginx.org To unsubscribe send an email to nginx-ru-le...@nginx.org
Re: Reverse proxy to traefik
On Thu, Jul 07, 2022 at 11:17:03AM -0300, Daniel A. Rodriguez wrote: Hi there, > Nginx is actually working as RP for several subdomains for which is also SSL > termination. The traefik box is out of my scope, but it has the ability to > negotiate TLS certificates for its own. That's why I need to forward just > specific subdomain TCP traffic to it. I think you are indicating that you currently have a http section with something like === server { listen nginx-ip:443 ssl; server_name one.example.com; location / { proxy_pass http://internal-one; # or maybe "https://internal-one;; } } server { listen nginx-ip:443 ssl; server_name two.example.com; location / { proxy_pass http://internal-two; # or maybe "https://internal-two;; } } === If you need your traefik server to see the original data stream from the client (such as: if your traefik server is using client certificates for authentication; I can't immediately think of any other https reason), then I suspect that in nginx terms you will need a second IP address, and have a separate nginx "stream" block that will listen on that-ip:443. If you are not using client certificates, you can still use a second IP to let traefik see the original data stream. But maybe you can "get away" with a normal http proxy_pass? I guess it depends on your use case, and I'm afraid that I do not know what your specific use case is. The short answer is: on a single IP:port, nginx either listens for stream, or for http, but not both. Cheers, f -- Francis Dalyfran...@daoine.org ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org
Domains not working as expected with nginx
I'm not sure what I've got misconfigured here, I would appreciate anyone who could point me in the right direction. Site structure: maindomain.com -> mediawiki -> works sub.maindomain.com -> basic php website -> works secondarydomain.com -> wordpress -> goes to sub.maindomain.com I've posted all of the config files on reddit: https://www.reddit.com/r/nginx/comments/vtuha9/domains_not_going_where_expected/ Not sure what's going one, any help would be appreciated. Jason Crews ___ nginx mailing list -- nginx@nginx.org To unsubscribe send an email to nginx-le...@nginx.org