from:"George"

Re: nginx-quic socket() 0.0.0.0:80 failed (94: Socket type not supported)

2022-11-01 Thread George

Ok fixed the patch and yup working now! No more socket() 0.0.0.0:80 failed
(94: Socket type not supported) errors when listen directive is not
specifically set.

Thanks Roman!

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,295642,295646#msg-295646

___
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org

Re: nginx-quic socket() 0.0.0.0:80 failed (94: Socket type not supported)

2022-11-01 Thread George

That was a quick reply, was about to pop on Nginx slack channel :)

Tried the patch but getting

patching file src/http/ngx_http_core_module.c
patch:  malformed patch at line 18: lsopt.socklen = sizeof(struct
sockaddr_in);

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,295642,295645#msg-295645

___
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org

nginx-quic socket() 0.0.0.0:80 failed (94: Socket type not supported)

2022-11-01 Thread George

I tested nginx-quic https://quic.nginx.org/README for HTTP/3 over QUIC using
quictls openssl 1.1.1q forked library and ran into an interesting error for
non-HTTPS nginx vhost configurations. If non-HTTPS nginx vhost doesn't
specifically list the listen directive for port 80, I get this error when
running nginx -t config check

nginx: [emerg] socket() 0.0.0.0:80 failed (94: Socket type not supported)

server {

  server_name domain.com www.domain.com;
}

but if I specifically list the listen directive no error

server {
  listen 80;
  server_name domain1.com www.domain1.com;
}

Nginx was built on CentOS 7 with GCC 11.2.1 and quictls openssl 1.1.1q

nginx -V
nginx version: nginx/1.23.2 (011122-105436-centos7-d9e494b-br-6e975bc)
built by gcc 11.2.1 20220127 (Red Hat 11.2.1-9) (GCC) 
built with OpenSSL 1.1.1q+quic  5 Jul 2022
TLS SNI support enabled

This seems to only be an issue with nginx-quic built Nginx versions. If I
build a regular Nginx version without nginx-quic/quictls the non-HTTPS vhost
with no listen directive specifically listed for port 80 works fine and has
been the expected case since I started using Nginx ~11yrs ago.

So with nginx-quic, does the assumption that server{} contexts without a
specifically mentioned listen port, no longer default to port 80?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,295642,295642#msg-295642

___
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org

Re: Nginx map assigned variable usage in upstream?

2022-02-24 Thread George

I see. I am currently trying to use the $pool assigned variable for PHP-FPM
though as in

fastcgi_pass $pool;

and not proxy_pass

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,293738,293741#msg-293741

___
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org

Nginx map assigned variable usage in upstream?

2022-02-24 Thread George

I am trying use a Nginx map assigned variable in an upstream but it doesn't
seem to work?

The map is concatenated $uri$args assigning a PHP-FPM fastcgi PHP pool to
variable $pool and then setting the $pool variable in an upstream.

map $uri$args $pool {
default127.0.0.1:9000;
"~/index.php/args"  127.0.0.1:9002;  
}

upstream php {
  zone php_zone 64k;
  server $pool;
  keepalive 2;
}

But if I try this, nginx config test gives me

nginx -t
nginx: [emerg] host not found in upstream "$pool" in ...

What am I missing?

cheers

George

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,293738,293738#msg-293738

___
nginx mailing list -- nginx@nginx.org
To unsubscribe send an email to nginx-le...@nginx.org

Re: nginx-1.21.5

2021-12-30 Thread George

Maxim Dounin Wrote:
---
> Hello!
> 
> On Wed, Dec 29, 2021 at 11:30:04PM -0500, George wrote:
> 
> > Thanks for PCRE2 support!
> > 
> > From what I read Nginx 1.21.5 will default to PCRE2 if found or
> fallback to
> > PCRE if not
> > 
> > You can disable PCRE2 default by passing --without-pcre2 flag -
> which works
> > fine and
> > 
> > ldd $(which nginx)
> > 
> > shows
> > 
> > libpcre.so.1 => /usr/local/nginx-dep/lib/libpcre.so.1
> (0x7f86c7445000)
> > 
> > But is the same true, if you set --without-pcre flag with PCRE2
> library
> > installed and detected? As that seems to end up with nginx failing
> to
> > configure
> > 
> > ./configure: error: the HTTP rewrite module requires the PCRE
> library.
> > You can either disable the module by using
> --without-http_rewrite_module
> > option or you have to enable the PCRE support.
> > 
> > Why is it looking for PCRE when PCRE2 is available?
> 
> The "--without-pcre" configure option completely disables usage of 
> all versions of the PCRE library, both the original PCRE library 
> and PCRE2.
> 
> Currently there is not option to disable the original PCRE library 
> while still using PCRE2.  Note though that the original PCRE 
> library is not used as long as PCRE2 is available.  That is, the 
> only potential difference such an option might introduce is what 
> happens if PCRE2 is not available: either nginx configure will 
> fail, or fallback to using the original PCRE library.
> 
> -- 
> Maxim Dounin
> http://mdounin.ru/
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx


Thanks Maxim for the clarification :)

So far Nginx 1.21.5 with PCRE2 works fine from my tests with exception of
Nginx Lua and ModSecurity Nginx modules being incompatible right now :)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,293170,293214#msg-293214

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx-1.21.5

2021-12-29 Thread George

Thanks for PCRE2 support!

>From what I read Nginx 1.21.5 will default to PCRE2 if found or fallback to
PCRE if not

You can disable PCRE2 default by passing --without-pcre2 flag - which works
fine and

ldd $(which nginx)

shows

libpcre.so.1 => /usr/local/nginx-dep/lib/libpcre.so.1 (0x7f86c7445000)

But is the same true, if you set --without-pcre flag with PCRE2 library
installed and detected? As that seems to end up with nginx failing to
configure

./configure: error: the HTTP rewrite module requires the PCRE library.
You can either disable the module by using --without-http_rewrite_module
option or you have to enable the PCRE support.

Why is it looking for PCRE when PCRE2 is available?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,293170,293198#msg-293198

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

handling client disconnect. call-back?

2020-08-07 Thread George Nica

My understanding is that abrupt client disconnects are transparent through
nginx -- the connection to upstream is closed and the upstream should handle
that as it can. Please correct me if I am wrong.
Is there a way to use a call-back (or something similar, a redirect), in
nginx.conf, for client disconnects? This would be useful when the upstream
is not good at directly handling the disconnect (not async, and still
processing the response for the now-disconnected client). This could help
clean up resources, on a parallel channel.

Best,
George

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,289006,289006#msg-289006

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: how to configure request rate limiting by Kerberos authenticated user?

2020-08-06 Thread George Nica

Thank you Maxim.
Adding an extra variable to the spnego auth module sounds intriguing, but
also challenging because; as you mention "rate limiting happens before
access checks" and this module mainly deals with access checks until now.
Sounds like an extra level of proxying is the way ahead for now.
It would be nice if Kerberos were supported directly by nginx. :)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,288976,288990#msg-288990

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

how to configure request rate limiting by Kerberos authenticated user?

2020-08-05 Thread Nica, George

Hi,

We are currently using "limit_req_zone $binary_remote_addr" for rate limiting. 
However, some of our users are connecting from more than one IP address, using 
clients running on computer grids.
We wanted to do request rate limiting by authenticated user (in addition to the 
existing one by $binary_remote_addr).
Is there any way we could do request rate limiting based on authenticated user?
We use Kerberos for authentication, using ngx_http_auth_spnego_module 
(https://github.com/stnoonan/spnego-http-auth-nginx-module).
We tried "limit_req_zone $remote_user zone=user:10m rate=20r/s;" and "limit_req 
zone=user burst=20;" but the key was apparently empty - all requests, from all 
users, were getting limited (all bunched under one key). However, 
interestingly, $remote_user is passed fine to the upstream using 
"proxy_set_header X-Forwarded-User $remote_user;"... Apparently $remote_user 
only works for request limiting when using basic authentication.
Thank you for any suggestions/pointers.

Best,
George

--
This message, and any attachments, is for the intended recipient(s) only, may 
contain information that is privileged, confidential and/or proprietary and 
subject to important terms and conditions available at 
http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended 
recipient, please delete this message.
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: duplicate listen options for backlog directive for ip:80 and ip:443 pairs ?

2019-06-01 Thread George

I see. Thanks Maxim for the clarification. Much appreciated :)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,284368,284402#msg-284402

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

duplicate listen options for backlog directive for ip:80 and ip:443 pairs ?

2019-05-31 Thread George

I am trying to troubleshoot a duplicate listen options error that only
happens on one server and not the other.

>From docs at http://nginx.org/en/docs/http/ngx_http_core_module.html backlog
listen directive works for each ip:port pair so I should be able to set
backlog directive on listen directive once on port 80 and once on port 443.
But on one server I am not able to and can't see where the problem is coming
from ? How shall I debug this ?

--- working ---
On working Nginx 1.17.0 server I have 2 nginx vhosts that set backlog
properly and have not problems

vhost 1
listen 80 default_server backlog=2048 reuseport fastopen=256;

vhost 2
listen 443 ssl http2 reuseport backlog=2048;

--- not working ---
Now on another Nginx 1.17.0 server I have 3 nginx vhosts but nginx restarts
complain of duplicate listen options once I add vhost 3 and the error is
related for vhost 2's listen directive

nginx: [emerg] duplicate listen options for 0.0.0.0:443 in
/path/to/vhost2/vhost

vhost 1
listen 80 default_server backlog=4095 reuseport fastopen=256;

vhost 2
listen 443 ssl http2 reuseport;

vhost 3
listen 443 ssl http2 backlog=4095;

if i remove vhost 3 backlog=4095 directive there's no error though ?

--- working ---

Now if I reverse it so backlog=4095 is set in vhost 2 and not vhost 3, then
it works and nginx doesn't complain of errors ? No idea why that is the case
or if it's a bug ?

vhost 2
listen 443 ssl http2 reuseport backlog=4095;

vhost 3
listen 443 ssl http2;

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,284368,284368#msg-284368

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Google QUIC support in nginx

2019-05-31 Thread George

Roadmap suggests it is in Nginx 1.17 mainline QUIC = HTTP/3
https://trac.nginx.org/nginx/roadmap :)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,256352,284367#msg-284367

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: https://hg.nginx.org certificate error ?

2019-04-09 Thread George

yeah updated mercurial works
https://forum.nginx.org/read.php?2,283686,283694#msg-283694 though centos 7
still will use non-SNI supported mercurial 2.6.2 so folks doing hg clone for
njs repo will always have this issue.

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,283686,283695#msg-283695

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: https://hg.nginx.org certificate error ?

2019-04-09 Thread George

okay part of the problem is centos 7 uses mercurial 2.6.2 and fix is to
update to mercurial >2.7.9 for SNI support

hg --version
Mercurial Distributed SCM (version 2.6.2)
(see http://mercurial.selenic.com for more information)

Copyright (C) 2005-2012 Matt Mackall and others
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

use mercurial own centos 7 yum repo

/etc/yum.repos.d/mercurial.selenic.com.repo

[mercurial.selenic.com]
name=mercurial.selenic.com
baseurl=https://www.mercurial-scm.org/release/centos7
enabled=1
# Temporary until we get a serious signing scheme in place,
# check https://www.mercurial-scm.org/wiki/Download again
gpgcheck=0

yum -y update mercurial

hg --version
Mercurial Distributed SCM (version 4.0-rc)
(see https://mercurial-scm.org for more information)

Copyright (C) 2005-2016 Matt Mackall and others
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

now mercurial 4.0 with SNI support works

hg clone https://hg.nginx.org/njs/
destination directory: njs
requesting all changes
adding changesets
adding manifests
adding file changes
added 874 changesets with 3131 changes to 187 files
updating to branch default
162 files updated, 0 files merged, 0 files removed, 0 files unresolved

but still best to add *.nginx.org to *.nginx.com common name for
pubserv.nginx.com server's SSL cert ?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,283686,283694#msg-283694

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: https://hg.nginx.org certificate error ?

2019-04-09 Thread George

looks like hg clone is a non-SNI request so looked up pubserv.nginx.com's
SSL cert *.nginx.com common name so maybe best to add *.nginx.org as well to
pubserv.nginx.com server's SSL cert ?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,283686,283692#msg-283692

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: https://hg.nginx.org certificate error ?

2019-04-09 Thread George

testssl 3.0rc4 output for 

testssl hg.nginx.org:443

Testing server defaults (Server Hello) 

 TLS extensions (standard)"server name/#0" "renegotiation info/#65281"
"EC point formats/#11" "session ticket/#35" "heartbeat/#15" "next
protocol/#13172" "application layer protocol negotiation/#16"
 Session Ticket RFC 5077 hint 14400 seconds, session tickets keys seems to
be rotated < daily
 SSL Session ID support   yes
 Session Resumption   Tickets: yes, ID: yes
 TLS clock skew   Random values, no fingerprinting possible 
 Signature Algorithm  SHA256 with RSA
 Server key size  RSA 2048 bits
 Server key usage Digital Signature, Key Encipherment
 Server extended key usageTLS Web Server Authentication, TLS Web Client
Authentication
 Serial / Fingerprints030D311281F9B8198440D9E1F99E6DCBEA36 / SHA1
FCFED1288228D3D056CD63018F453AF21F2520E7
  SHA256
237EE7B9E1FD73D9462D1730F6C706E4636CE2D85B2372E4936B61EFE58C0111
 Common Name (CN) mailman.nginx.org (CN in response to request
w/o SNI: *.nginx.com)
 subjectAltName (SAN) hg.nginx.org mailman.nginx.com
mailman.nginx.org trac.nginx.org 
 Issuer   Let's Encrypt Authority X3 (Let's Encrypt from
US)
 Trust (hostname) Ok via SAN (SNI mandatory)
 Chain of trust   Ok   
 EV cert (experimental)   no 
 "eTLS" (visibility info) not present
 Certificate Validity (UTC)   36 >= 30 days (2019-02-14 15:18 --> 2019-05-15
15:18)
 # of certificates provided   2
 Certificate Revocation List  --
 OCSP URI http://ocsp.int-x3.letsencrypt.org
 OCSP staplingnot offered
 OCSP must staple extension   --
 DNS CAA RR (experimental)not offered
 Certificate Transparency yes (certificate extension)

of note

Common Name (CN) mailman.nginx.org (CN in response to request w/o SNI:
*.nginx.com) 
subjectAltName (SAN) hg.nginx.org mailman.nginx.com mailman.nginx.org
trac.nginx.org

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,283686,283691#msg-283691

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

https://hg.nginx.org certificate error ?

2019-04-09 Thread George

Hi when I try to clone njs repo I am getting the error below 

hg clone https://hg.nginx.org/njs/
abort: hg.nginx.org certificate error: certificate is for *.nginx.com,
nginx.com
(configure hostfingerprint
bd:90:5e:95:b4:51:d8:0b:b0:36:41:6f:99:a7:80:01:4e:cf:ee:c2 or use
--insecure to connect insecurely)

and

echo -n | openssl s_client -connect hg.nginx.org:443
CONNECTED(0003)
depth=2 O = Digital Signature Trust Co., CN = DST Root CA X3
verify return:1
depth=1 C = US, O = Let's Encrypt, CN = Let's Encrypt Authority X3
verify return:1
depth=0 CN = *.nginx.com
verify return:1
---
Certificate chain
 0 s:/CN=*.nginx.com
   i:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
 1 s:/C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3
   i:/O=Digital Signature Trust Co./CN=DST Root CA X3
---

but the web browser hg.nginx.org ssl cert has SAN ssl cert for

DNS Name=hg.nginx.org
DNS Name=mailman.nginx.com
DNS Name=mailman.nginx.org
DNS Name=trac.nginx.org

dig A hg.nginx.org +short 
206.251.255.64

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,283686,283686#msg-283686

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Fwd: Encrypted SNI

2018-10-07 Thread George

Thanks Maxim. Guess we just need to wait :)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,281512,281540#msg-281540

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Fwd: Encrypted SNI

2018-10-03 Thread George

Nginx supports BoringSSL too and it already has ESNI support apparently
https://www.theregister.co.uk/2018/07/17/encrypted_server_names/

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,281512,281517#msg-281517

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

WWW-Authenticate in 200 OK response

2018-09-14 Thread Nica, George via nginx

I am currently working on a multi-tier application, trying to use nginx as load 
balancer.
The issue is that nginx seems to be adding WWW-Authenticate in the 200 OK 
response after the Kerberos authentication has taken place, which confuses the 
client. (The client could potentially ignore it, but that's possibly another 
issue.)
Not sure this is expected... Any suggestion on how to avoid or work around this?

[2018-09-14 14:46:14.471] root INFO: @@ Connecting to: 
'http://host1:39609/url1'
send: 'GET /url1 HTTP/1.1\r\nX-Client-User-Name: uname1\r\nAccept-Encoding: 
gzip\r\nConnection: close\r\nAccept: application/json\r\nUser-Agent: 
qz.qzdev.run\r\nHost: host1:39609\r\nX-Client-Host-Name: host2\r\nContent-Type: 
application/json\r\n\r\n'
reply: 'HTTP/1.1 401 Unauthorized\r\n'
header: Server: nginx/1.14.0
header: Date: Fri, 14 Sep 2018 18:46:14 GMT
header: Content-Type: text/html
header: Content-Length: 195
header: Connection: close
header: WWW-Authenticate: Negotiate
header: WWW-Authenticate: Basic realm=""
header: Access-Control-Allow-Credentials: true
send: 'GET /url1 HTTP/1.1\r\nX-Client-User-Name: uname1\r\nAccept-Encoding: 
gzip\r\nConnection: close\r\nAccept: application/json\r\nUser-Agent: 
qz.qzdev.run\r\nHost: host1:39609\r\nX-Client-Host-Name: host2\r\nContent-Type: 
application/json\r\nAuthorization: Negotiate YII 
AghEw==\r\n\r\n'
reply: 'HTTP/1.1 200 OK\r\n'
header: Server: nginx/1.14.0
header: Date: Fri, 14 Sep 2018 18:46:14 GMT
header: Content-Type: application/json
header: Content-Length: 430908
header: Connection: close
header: WWW-Authenticate: Negotiate YI .gA==
header: WWW-Authenticate: Basic realm=""
header: Set-Cookie: session=ey...ZW4; HttpOnly; Path=/
header: Access-Control-Allow-Credentials: true
[2018-09-14 14:46:14.779] client_http_auth CRITICAL: GSSAPI failed!

Best regards,
George

--
This message, and any attachments, is for the intended recipient(s) only, may 
contain information that is privileged, confidential and/or proprietary and 
subject to important terms and conditions available at 
http://www.bankofamerica.com/emaildisclaimer.   If you are not the intended 
recipient, please delete this message.
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx reuseport duplicate listen options ?

2018-07-30 Thread George

correct meant vhost #1

'but if i had the 3 nginx vhosts where reuseport was used on vhost #3
instead of vhost #1, i get error '

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,280710,280711#msg-280711

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx reuseport duplicate listen options ?

2018-07-30 Thread George

I know that nginx reuseport is only usable per ip:port pair so I am confused
about this error.

I have 3 nginx vhosts

vhost #1

server {
  listen 443 ssl http2 default_server backlog=2048 reuseport;
}

vhost #2

server {
  listen 80 default_server backlog=2048 reuseport fastopen=256;
}

vhost #3

server {
  listen 443 ssl http2;
}

This configuration works and I see socket sharding in use on 8 cpu thread
centos 7.5 64 server 

ss -lnt | egrep -e ':80 |:443 '
LISTEN 0  2048 *:443  *:*   
  
LISTEN 0  2048 *:443  *:*   
  
LISTEN 0  2048 *:443  *:*   
  
LISTEN 0  2048 *:443  *:*   
  
LISTEN 0  2048 *:443  *:*   
  
LISTEN 0  2048 *:443  *:*   
  
LISTEN 0  2048 *:443  *:*   
  
LISTEN 0  2048 *:443  *:*   
  
LISTEN 0  2048 *:80   *:*   
  
LISTEN 0  2048 *:80   *:*   
  
LISTEN 0  2048 *:80   *:*   
  
LISTEN 0  2048 *:80   *:*   
  
LISTEN 0  2048 *:80   *:*   
  
LISTEN 0  2048 *:80   *:*   
  
LISTEN 0  2048 *:80   *:*   
  
LISTEN 0  2048 *:80   *:* 

but if i had the 3 nginx vhosts where reuseport was used on vhost #3 instead
of vhost #2, i get error 

'nginx: [emerg] duplicate listen options for 0.0.0.0:443 in'



vhost #1

server {
  listen 443 ssl http2 default_server backlog=2048;
}

vhost #2

server {
  listen 80 default_server backlog=2048 reuseport fastopen=256;
}

vhost #3

server {
  listen 443 ssl http2 reuseport;
}

nginx 1.15.3 and 1.15.2 with GCC 7.3.1/8.2 or OpenSSL 1.1.0h/1.1.1-pre8 all
result in same error 'nginx: [emerg] duplicate listen options for
0.0.0.0:443 in' ???

nginx -V
nginx version: nginx/1.15.3 (260718-233400)
built by gcc 8.2.0 (GCC) 
built with OpenSSL 1.1.1-pre8 (beta) 20 Jun 2018
TLS SNI support enabled
configure arguments: --with-ld-opt='-L/usr/local/lib -ljemalloc -Wl,-z,relro
-Wl,-rpath,/usr/local/lib' --with-cc-opt='-I/usr/local/include -m64
-march=native -DTCP_FASTOPEN=23 -g -O3 -Wno-error=strict-aliasing
-fstack-protector-strong -flto -fuse-ld=gold --param=ssp-buffer-size=4
-Wformat -Werror=format-security -Wimplicit-fallthrough=0 -fcode-hoisting
-Wno-cast-function-type -Wp,-D_FORTIFY_SOURCE=2
-Wno-deprecated-declarations' --sbin-path=/usr/local/sbin/nginx
--conf-path=/usr/local/nginx/conf/nginx.conf --build=260718-233400
--with-compat --with-http_stub_status_module --with-http_secure_link_module
--add-dynamic-module=../nginx-module-vts --with-libatomic
--with-http_gzip_static_module --add-dynamic-module=../ngx_brotli
--with-http_sub_module --with-http_addition_module
--with-http_image_filter_module=dynamic --with-http_geoip_module
--with-stream_geoip_module --with-stream_realip_module
--with-stream_ssl_preread_module --with-threads --with-stream=dynamic
--with-stream_ssl_module --with-http_realip_module
--add-dynamic-module=../ngx-fancyindex-0.4.2
--add-module=../ngx_cache_purge-2.4.2 --add-module=../ngx_devel_kit-0.3.0
--add-dynamic-module=../set-misc-nginx-module-0.32
--add-dynamic-module=../echo-nginx-module-0.61
--add-module=../redis2-nginx-module-0.15
--add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.18
--add-module=../srcache-nginx-module-0.31
--add-dynamic-module=../headers-more-nginx-module-0.33
--with-pcre=../pcre-8.42 --with-pcre-jit
--with-zlib=../zlib-cloudflare-1.3.0 --with-http_ssl_module
--with-http_v2_module --with-openssl=../openssl-1.1.1-pre8
--with-openssl-opt='enable-ec_nistp_64_gcc_128 enable-tls1_3'

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,280710,280710#msg-280710

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx 1.13.9 HTTP/2 Server Push - non-compressed assets ?

2018-02-15 Thread George

thanks Ruslan just tested your committed fixes for this in master branch and
working nicely
https://community.centminmod.com/threads/hurray-http-2-server-push-for-nginx.11910/page-2#post-59602
:)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,278481,278608#msg-278608

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx 1.13.9 HTTP/2 Server Push - non-compressed assets ?

2018-02-14 Thread George

thanks Ruslan for the update appreciate all your work and looking forward to
playing with HTTP/2 Push finally ! :)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,278481,278582#msg-278582

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx 1.13.9 HTTP/2 Server Push - non-compressed assets ?

2018-02-11 Thread George

Reported bug at https://trac.nginx.org/nginx/ticket/1478

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,278481,278488#msg-278488

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Nginx 1.13.9 HTTP/2 Server Push - non-compressed assets ?

2018-02-10 Thread George

Hi compiled Nginx 1.13.9 from master branch to try out HTTP/2 Server Push
but noticed the pushed assets loose their gzip compression and are served as
non-compressed assets ? Is that as intended ? I posted my findings at
https://community.centminmod.com/threads/hurray-http-2-server-push-for-nginx.11910/#post-59411

http2_push_preload on;
add_header Link "; rel=preload; as=style";
add_header Link "; rel=preload; as=style";

push works as I see PUSH_PROMISE frames and chrome reports push

nghttp -navs https://baremetal.doman.com/

[  0.018] recv (stream_id=13) :method: GET
[  0.018] recv (stream_id=13) :path: /css/bootstrap.min.css
[  0.018] recv (stream_id=13) :authority: baremetal.domain.com
[  0.018] recv (stream_id=13) :scheme: https
[  0.018] recv PUSH_PROMISE frame

Re: Modsecurity dynamic module with Nginx-plus

2017-08-10 Thread George

yeah just use nginx open source free version if you need compile support -
updated guide at
https://www.nginx.com/blog/compiling-and-installing-modsecurity-for-open-source-nginx/

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,276008,276018#msg-276018

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

how nginx decide which server block to use

2017-06-21 Thread George /

Hi all,


  i am running nginx version: nginx/1.12.0.i got following server block config 
as below, all request match regular expression work well,but request to server 
s01.example.com return 404.what's wrong? i googled for a while,most of the 
article said,it first try to match literal string ,then wildcard,and regular 
expression last. 


--
  server {
listen 80;
server_name _;
access_log /data/wwwlogs/access_nginx.log combined;
root /data/wwwroot/public_html;
index index.html index.htm index.php;
#error_page 404 /404.html;
#error_page 502 /502.html;
location /nginx_status {
  stub_status on;
  access_log off;
  allow 127.0.0.1;
  deny all;
}
location ~ [^/]\.php(/|$) {
  #fastcgi_pass remote_php_ip:9000;
  fastcgi_pass unix:/dev/shm/php-cgi.sock;
  fastcgi_index index.php;
  include fastcgi.conf;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
  expires 30d;
  access_log off;
}
location ~ .*\.(js|css)?$ {
  expires 7d;
  access_log off;
}
location ~ /\.ht {
  deny all;
}
  }





server {
listen [ip1]:80;
server_name 
~^(?[a-z0-9]+)\.(?[a-z0-9\-]+)\.(?[a-z]+);
index index.html index.php;


root /home/$domain.$domext/$subdomain;
location / {
try_files $uri $uri/ @apache =404;
}


location ~ (.*)\.html$ {
if (!-f '$document_root/$uri') {
  rewrite /(.*)\.html$ /$1.php last;
}
try_files $uri @apache =404;
}


location @apache {
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ .*\.(php|php5|cgi|pl)$ {
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
  expires 30d;
  access_log off;
}
location ~ .*\.(js|css)?$ {
  expires 7d;
  access_log off;
}
location ~ /\.ht {
  deny all;
}
}
 server {
listen [ip2]:80;
#server_name ~^(?[a-z0-9]+).(?[a-z0-9.]+);
server_name 
~^(?[a-z0-9]+)\.(?[a-z0-9\-]+)\.(?[a-z]+);
#server_name ~^(?[a-z0-9]+).com;
#access_log off;
index index.html index.php;


root /ip100/$domain.$domext/$subdomain;
#add_header aa $document_root;
location / {
try_files $uri $uri/ @apache =404;
}


location ~ (.*)\.html$ {
if (!-f '$document_root/$uri') {
  rewrite /(.*)\.html$ /$1.php last;
}
try_files $uri @apache =404;
}


location @apache {
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ .*\.(php|php5|cgi|pl)$ {
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
  expires 30d;
  access_log off;
}
location ~ .*\.(js|css)?$ {
  expires 7d;
  access_log off;
}
location ~ /\.ht {
  deny all;
}
#access_log  /home/wwwlogs/$subdomain.$domain.com_access.log access;
#error_log  /home/wwwlogs/subdomain.$domain.com_error.log  error;
}


 server {
listen [ip3]:80;
server_name 
~^(?[a-z0-9]+)\.(?[a-z0-9\-]+)\.(?[a-z]+);
index index.html index.php;


root /ip155/$domain.$domext/$subdomain;
#add_header aa $document_root;
location / {
try_files $uri $uri/ @apache =404;
}


location ~ (.*)\.html$ {
if (!-f '$document_root/$uri') {
  rewrite /(.*)\.html$ /$1.php last;
}
try_files $uri @apache =404;
}


location @apache {
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ .*\.(php|php5|cgi|pl)$ {
fastcgi_pass unix:/dev/shm/php-cgi.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
}
location ~ .*\.(gif|jpg|jpeg|png|bmp|swf|flv|mp4|ico)$ {
  expires 30d;
  access_log off;
}
location ~ .*\.(js|css)?$ {
  expires 7d;
  access_log off;

Re: slice module issue if redirected origin and have have fist slice

2017-06-13 Thread George .

Hi Roman,

Thank you a lot for detailed explanation.
Initially I thought that NGX_HTTP_SUBREQUEST_CLONE option to
ngx_http_subrequest (your latest fix in slice module - Slice filter: fetch
slices in cloned subrequests) was intended to make full context in
subrequest to be kept during redirects and because of minor bug it does not
work in my case.

I'll need some solution for cases like this:

1. Origin redirects us (assuming that it not under our administration and
we can't do anything)
2. Origin is missing a object and send us 404, so we have to fallback to
other origin

If you have some suggestion how to workaround this tricky situation - I be
very thankful.


George

On Tue, Jun 13, 2017 at 2:44 PM, Roman Arutyunyan <a...@nginx.com> wrote:

> Hi George,
>
> On Mon, Jun 12, 2017 at 10:02:16AM +0300, George . wrote:
> > Hi,
> > I've discovered following strange issue with http_slice_module
> > If I have a named location for internal 302 redirect and caching one
> slice
> > makes further request for whole object to brake upstream redirected
> request
> > (missing Rage header, see frame 254 in the attached capture 
> >  slice_redirect_problem.pcapng
> > <https://drive.google.com/a/ucdn.com/file/d/
> 0ByZ2nt00gtJ2NmtqVUU3OVozNXM/view?usp=drive_web>
> >  ).
>
> What happens is:
>
> - client requests 0-4m
> - nginx creates the request for the 1st slice and proxies it to 8081
> - after receiving 302, the request is redirected to
>   @fetch_from_redirected_origin and the first slice is saved in the cache
>
> Note that in @fetch_from_redirected_origin there's a completely separate
> slice context.  By this time nginx only knows what client sent.  Previous
> slice context is completely lost as well as all other modules' contexts.
> Coincidentally, it does what you expect because only the first slice was
> requested.
>
> Then you request the entire file:
>
> - client request the entire file
> - first slice is sent from the cache
> - nginx creates a subrequest for the 2nd slice: 4m-8m and proxies it to
> 8081
> - after receiving 302, the subrequest is redirected to
>   @fetch_from_redirected_origin
>
> After the redirect nginx does not have any idea that it should fetch the
> second
> slice.  Moreover, the $slice_range variable is not filled with actual
> range when
> first accessed in a subrequest (after error_page redirect it looks like the
> first access), so it remains empty.  That's why the entire file is
> requested.
> But even if the variable was valid, that would still be bad since the slice
> context is lost after error_page redirect.  You would get the whole file
> here
> instead of 4m-8m range.
>
> The takeaway is you should avoid using the slice module with redirects
> (error_page, X-Accel-Redirect) for fetching slices.  Instead you should
> proxy
> directly to the origin server.
>
> >  If there is no cached slice everything is okey  (2nd capture
> >  slice_redirect_no_problem.pcapng
> > <https://drive.google.com/a/ucdn.com/file/d/
> 0ByZ2nt00gtJ2SUpnc2VVbzBKdWc/view?usp=drive_web>
> > )
>
> No, it's not ok.  The first redirect to @fetch_from_redirected_origin leads
> to caching all file slices instead of the first one.
>
> > Problem appears in main branch and also  nginx/1.12 ... and may be in all
> > versions
> >
> > nginx version: nginx/1.13.2
> > built by gcc 4.9.2 (Debian 4.9.2-10)
> > configure arguments: --prefix=/home/george/run/nginx_hg
> > --with-http_slice_module
> >
> >
> >
> >
> > nginx.conf
> > user cdnuser cdnuser;
> > worker_processes  1;
> >
> > error_log  logs/error.log  debug;
> >
> > events {
> > worker_connections  1024;
> > }
> >
> >
> > http {
> > include   mime.types;
> > default_type  application/octet-stream;
> >
> >
> > sendfileon;
> > tcp_nopush  on;
> >
> > proxy_cache_path /home/george/run/nginx_hg/cache/
> > keys_zone=zone_uid_default:4m levels=2:1 inactive=360d max_size=18329m;
> >
> > # our redirecting origin
> > server {
> > listen   8081;
> >
> > return 302 $scheme://127.0.0.1:8082$request_uri;
> > }
> >
> > # our final origin
> > server {
> > listen   8082;
> > add_header Cache-Control "max-age=3600";
> > root /home/george/run/nginx_hg/root;
> > }
> >
> > server {
> > listen   8080;
> > server_name  localhost;
> >
> > recursive_error_pages on;
>

slice module issue if redirected origin and have have fist slice

2017-06-12 Thread George .

Hi,
I've discovered following strange issue with http_slice_module
If I have a named location for internal 302 redirect and caching one slice
makes further request for whole object to brake upstream redirected request
(missing Rage header, see frame 254 in the attached capture 
 slice_redirect_problem.pcapng
<https://drive.google.com/a/ucdn.com/file/d/0ByZ2nt00gtJ2NmtqVUU3OVozNXM/view?usp=drive_web>
 ).

 If there is no cached slice everything is okey  (2nd capture
 slice_redirect_no_problem.pcapng
<https://drive.google.com/a/ucdn.com/file/d/0ByZ2nt00gtJ2SUpnc2VVbzBKdWc/view?usp=drive_web>
)

Problem appears in main branch and also  nginx/1.12 ... and may be in all
versions

nginx version: nginx/1.13.2
built by gcc 4.9.2 (Debian 4.9.2-10)
configure arguments: --prefix=/home/george/run/nginx_hg
--with-http_slice_module




nginx.conf
user cdnuser cdnuser;
worker_processes  1;

error_log  logs/error.log  debug;

events {
worker_connections  1024;
}


http {
include   mime.types;
default_type  application/octet-stream;


sendfileon;
tcp_nopush  on;

proxy_cache_path /home/george/run/nginx_hg/cache/
keys_zone=zone_uid_default:4m levels=2:1 inactive=360d max_size=18329m;

# our redirecting origin
server {
listen   8081;

return 302 $scheme://127.0.0.1:8082$request_uri;
}

# our final origin
server {
listen   8082;
add_header Cache-Control "max-age=3600";
    root /home/george/run/nginx_hg/root;
}

server {
listen   8080;
server_name  localhost;

recursive_error_pages on;
proxy_intercept_errors on;


location / {
slice 4m;
proxy_cache   zone_uid_default;
proxy_cache_key   $uri$is_args$args$slice_range;
proxy_set_header  Range $slice_range;

proxy_passhttp://localhost:8081;

error_page 301 302 307 = @fetch_from_redirected_origin;
}

location @fetch_from_redirected_origin {
slice   4m;

internal;

set $my_upstream_http_location $upstream_http_location;

proxy_cache   zone_uid_default;
proxy_cache_key   $uri$is_args$args$slice_range;
proxy_set_header  Range $slice_range;

proxy_pass$my_upstream_http_location;
}
}
 }


How to reproduce:

1. Create some empty object in our emulated origin
mkdir /home/george/run/nginx_hg/root
dd if=/dev/zero of=/home/george/run/nginx_hg/root/some_object  bs=64M
count=1

2. Ask our caching proxy for one 4m slice, so it will be cached
curl -v -r 0-4194303 "http://127.0.0.1:8080/some_object; --header "Host:
localhost" -o /dev/null

3. See it really there
george@george ~/run/nginx_hg $ head
/home/george/run/nginx_hg/cache/81/c/00214df7041ea53dd335ed5b055bfc81
Ļ:Y˩:Y��:YVʜ�r � "593aa9cb-400"
KEY: /some_objectbytes=0-4194303
HTTP/1.1 206 Partial Content
Server: nginx/1.13.2
Date: Fri, 09 Jun 2017 14:16:20 GMT
Content-Type: application/octet-stream
Content-Length: 4194304
Last-Modified: Fri, 09 Jun 2017 13:59:39 GMT
Connection: close
ETag: "593aa9cb-400"

4. This time request the whole object
curl -v  "http://127.0.0.1:8080/some_object; --header "Host: localhost" -o
/dev/null



___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: DTLS patches

2017-05-18 Thread George

thanks Vladimir :)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,274289,274312#msg-274312

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: DTLS patches

2017-05-18 Thread George

thanks for sharing. Is it necessary to compile with --with-debug ?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,274289,274299#msg-274299

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx 1.11.12 + nginScript = failed to restart nginx server

2017-03-25 Thread George

Nginx compiles successfully with nginScript as a dynamic module.

nginx -V
nginx version: nginx/1.11.12
built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
built with LibreSSL 2.4.5
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro
-Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -mfpmath=sse -g
-O3 -fstack-protector -fuse-ld=gold --param=ssp-buffer-size=4 -Wformat
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare
-Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter
-Wno-unused-const-variable -Wno-conditional-uninitialized
-Wno-mismatched-tags -Wno-sometimes-uninitialized -Wno-parentheses-equality
-Wno-tautological-compare -Wno-self-assign -Wno-deprecated-register
-Wno-deprecated -Wno-invalid-source-encoding -Wno-pointer-sign
-Wno-parentheses -Wno-enum-conversion
-Wno-c++11-compat-deprecated-writable-strings -Wno-write-strings
-gsplit-dwarf' --sbin-path=/usr/local/sbin/nginx
--conf-path=/usr/local/nginx/conf/nginx.conf --with-http_stub_status_module
--with-http_secure_link_module --with-libatomic
--with-http_gzip_static_module --add-dynamic-module=../ngx_brotli
--with-http_sub_module --with-http_addition_module
--with-http_image_filter_module=dynamic --with-http_geoip_module
--add-dynamic-module=../njs/nginx --with-stream_geoip_module
--with-stream_realip_module --with-stream_ssl_preread_module --with-threads
--with-stream=dynamic --with-stream_ssl_module --with-http_realip_module
--add-dynamic-module=../ngx-fancyindex-0.4.0
--add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0
--add-module=../set-misc-nginx-module-0.31
--add-module=../echo-nginx-module-0.60
--add-module=../redis2-nginx-module-0.13
--add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.17
--add-module=../srcache-nginx-module-0.31
--add-module=../headers-more-nginx-module-0.32 --with-pcre=../pcre-8.40
--with-pcre-jit --with-zlib=../zlib-1.2.11 --with-http_ssl_module
--with-http_v2_module --with-openssl=../libressl-2.4.5

But I've tried both the example nginScript configurations at
https://www.nginx.com/blog/introduction-nginscript/ as well as example
posted at http://nginx.org/en/docs/http/ngx_http_js_module.html. 

But both fail to restart nginx server with no indication as to why
https://community.centminmod.com/posts/46868/

nginx -t
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

is all I see nothing else ?

loaded nginScript module as a dynamic module via include file
/usr/local/nginx/conf/dynamic-modules.conf in nginx.conf

cat /usr/local/nginx/conf/dynamic-modules.conf

load_module "modules/ngx_http_image_filter_module.so";
load_module "modules/ngx_http_fancyindex_module.so";
load_module "modules/ngx_http_brotli_filter_module.so";
load_module "modules/ngx_http_brotli_static_module.so";
load_module "modules/ngx_stream_module.so";
load_module "modules/ngx_http_js_module.so";
load_module "modules/ngx_stream_js_module.so";


nginx.conf excerpt

user  nginx nginx;
worker_processes 4;
worker_priority -10;

worker_rlimit_nofile 26;
timer_resolution 100ms;

pcre_jit on;
include /usr/local/nginx/conf/dynamic-modules.conf;


pid logs/nginx.pid;

events {
worker_connections  1;
accept_mutex off;
accept_mutex_delay 200ms;
use epoll;
#multi_accept on;
}


http {

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,273183,273183#msg-273183

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: coredump in 1.10.3

2017-03-13 Thread George .

Yes, for me it looks like memory corruption and really hard to guess with
only bt.
We will run with  in-memory debug, but we have to wait till next core. I'll
update you when we have more info.

On Mon, Mar 13, 2017 at 3:55 PM, Valentin V. Bartenev <vb...@nginx.com>
wrote:

> On Monday 13 March 2017 15:24:46 George . wrote:
> > Hi Valentin, Sorry, I've sent the mail incidentally before I complete it
> ;)
> >
> >
> > ssl_proxy_cores # ./nginx -V
> > nginx version: nginx/1.10.3
> > built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4)
> > built with OpenSSL 1.0.2g  1 Mar 2016 (running with OpenSSL 1.0.2g-fips
> 1
> > Mar 2016)
> > TLS SNI support enabled
> > configure arguments: --prefix=/cdn/nginx_ssl_proxy --with-cc-opt='-O0 -g
> > -ggdb -march=core2' --with-debug --with-http_geoip_module
> > --with-http_realip_module --with-http_ssl_module
> > --without-http_charset_module --without-http_ssi_module
> > --without-http_userid_module --without-http_autoindex_module
> > --without-http_scgi_module --without-http_uwsgi_module
> > --without-http_fastcgi_module --without-http_limit_conn_module
> > --without-http_split_clients_module --without-http_limit_req_module
> > --with-http_stub_status_module --with-http_v2_module
> >
> >
> > and some variables values :
> >
> >
> > (gdb) p q
> > $1 = (ngx_queue_t *) 0x3fb0ab0
> > (gdb) p * q
> > $2 = {prev = 0xd3210507e0f72630, next = 0x5f5ded63e9edd904}
> > (gdb) p h2c->waiting
> > $3 = {prev = 0x3ac6ea0, next = 0x3fb0ab0}
> >
> >
> > and here is the config
> >
> [..]
>
> Unfortunately, backtrace in this case is almost useless.
>
> You should enable in-memory debug log:
> http://nginx.org/en/docs/debugging_log.html
>
> Thus it will be possible to trace the events that resulted
> in segfault.
>
>   wbr, Valentin V. Bartenev
>
> ___
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: coredump in 1.10.3

2017-03-13 Thread George .

it our build from nginx repository
it a vanilla source

On Mon, Mar 13, 2017 at 3:30 PM, Thomas Ward <tew...@dark-net.net> wrote:

> Eww, that looks like a backport exploded.
>
> Do me a favor and file a bug in Ubuntu for this with `ubuntu-bug nginx` so
> the retraced can trace the core dump.
>
>
> Thomas
>
>
>
> *Sent from my iPhone.  Please excuse any typos, as they are likely to
> happen by accident.*
>
> On Mar 13, 2017, at 09:24, George . <geo...@ucdn.com> wrote:
>
>
> Hi Valentin, Sorry, I've sent the mail incidentally before I complete it
> ;)
>
> ssl_proxy_cores # ./nginx -V
> nginx version: nginx/1.10.3
> built by gcc 5.4.0 20160609 (Ubuntu 5.4.0-6ubuntu1~16.04.4)
> built with OpenSSL 1.0.2g  1 Mar 2016 (running with OpenSSL 1.0.2g-fips  1
> Mar 2016)
> TLS SNI support enabled
> configure arguments: --prefix=/cdn/nginx_ssl_proxy --with-cc-opt='-O0 -g
> -ggdb -march=core2' --with-debug --with-http_geoip_module
> --with-http_realip_module --with-http_ssl_module
> --without-http_charset_module --without-http_ssi_module
> --without-http_userid_module --without-http_autoindex_module
> --without-http_scgi_module --without-http_uwsgi_module
> --without-http_fastcgi_module --without-http_limit_conn_module
> --without-http_split_clients_module --without-http_limit_req_module
> --with-http_stub_status_module --with-http_v2_module
>
>
> and some variables values :
>
>
> (gdb) p q
> $1 = (ngx_queue_t *) 0x3fb0ab0
> (gdb) p * q
> $2 = {prev = 0xd3210507e0f72630, next = 0x5f5ded63e9edd904}
> (gdb) p h2c->waiting
> $3 = {prev = 0x3ac6ea0, next = 0x3fb0ab0}
>
>
> and here is the config
>
> nginx.conf:
>
> # SSL Proxy config for **
>
> user cdnuser cdnuser;
> worker_processes auto;
> pid /cdn/tmp/nginx_ssl_proxy.pid;
>
> #error_log logs/error.nginx.log debug;
> error_log /dev/null error;
>
> worker_rlimit_nofile 73728;
> worker_rlimit_core 10240M;
> working_directory /cdn/tmp/ssl_proxy_cores/;
>
> events {
> worker_connections 24576;
> use epoll;
> }
>
> http {
>
> include mime.types;
> default_typeapplication/octet-stream;
> reset_timedout_connection   on;
> client_header_timeout   60s;
> client_body_timeout 60s;
> send_timeout60s;
> client_header_buffer_size   16k;
> large_client_header_buffers 4 16k;
> client_body_buffer_size 1k;
> client_max_body_size1k;
> connection_pool_size512;
> server_names_hash_bucket_size   4096;
> server_names_hash_max_size  4096;
> request_pool_size   8k;
> output_buffers  1 256k;
> postpone_output 1460;
> proxy_buffers   8 8k;
>
> sendfile on;
> tcp_nopush off;
> tcp_nodelay on;
> keepalive_timeout 60 20;
> keepalive_requests 256;
> ignore_invalid_headers on;
> recursive_error_pages on;
> resolver **;
> resolver_timeout 5s;
>
> #
> # SSL
> #
>
> ssl_ciphers '*';
> ssl_prefer_server_ciphers on;
> ssl_session_timeout 15m;
> ssl_session_cache shared:SSL:50m;
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> ssl_session_tickets on;
> ssl_stapling on;
> ssl_dhparam /cdn/ssl_certs/common/dhparam2048.pem;
> ssl_buffer_size  16k;
>
> #
> # GeoIP
> #
>
> geoip_country /usr/share/GeoIP/GeoIP.dat;
> set_real_ip_from 127.0.0.1;
> real_ip_header X-Forwarded-For;
>
> #
> # Dynamic config stuff
> #
>
> variables_hash_max_size 2048;
> variables_hash_bucket_size 256;
>
> #
> # Log Formats
> #
>
> log_format cdn_ssl_log '``$connection``$connection_
> requests``$remote_addr``$geoip_city_country_code``$
> http_host``$request``$status``$request_method``$http_range``
> $bytes_sent``$body_bytes_sent``$request_time``$http_user_
> agent``$http_referer``$https``$http2``$sent_http_content_
> type``$sent_http_content_length``$sent_http_location``$
> sent_http_connection``$sent_http_keep_alive``$sent_http_
> transfer_encoding``$sent_http_cache_control``$sent_http_
> content_range``$sent_http_expires``$tcpinfo_rtt``$
> tcpinfo_rttvar``$tcpinfo_snd_cwnd``$tcpinfo_rcv_space``$
> upstream_addr``$upstream_connect_time``$upstream

Re: coredump in 1.10.3

2017-03-13 Thread George .

Hi Maxim

Unfortunately I guess it will be hard to reproduce it quickly  because it
happened on production machine with heavy traffic.
About the gdb warring - it't not a problem: causes because I've copied
binary to folder were we've collected the core itself:


-rwxr-xr-x 1 cdnuser cdnuser  4753416 Mar 13 11:24 nginx
-rw--- 1 cdnuser cdnuser 92971008 Mar 13 10:03 core
-rwxr-xr-x 1 cdnuser cdnuser  4753416 Feb 10 10:42
/cdn/nginx_ssl_proxy/sbin/nginx

diff nginx /cdn/nginx_ssl_proxy/sbin/nginx

On Mon, Mar 13, 2017 at 3:22 PM, Maxim Dounin <mdou...@mdounin.ru> wrote:

> Hello!
>
> On Mon, Mar 13, 2017 at 03:06:17PM +0200, George . wrote:
>
> > Hi all,
> >
> > We've found two different coredumps in production machines running 1.10.3
> > handing ssl and http v2 traffic.
> >
> > Here is the backtrace of version compiles with -O0 -g -ggdb
> >
> >
> >
> > warning: exec file is newer than core file.
> > [New LWP 28665]
> > [Thread debugging using libthread_db enabled]
> > Using host libthread_db library "/lib/x86_64-linux-gnu/
> libthread_db.so.1".
> > Core was generated by `nginx: worker process  '.
> > Program terminated with signal SIGSEGV, Segmentation fault.
> > #0  0x004aeecc in ngx_http_v2_state_window_update
> (h2c=0x32c8aa0,
> > pos=0x31a52fa "", end=0x31a5314 ")�") at src/http/v2/ngx_http_v2.c:2216
> >
> > warning: Source file is more recent than executable.
> > 2216ngx_queue_remove(q);
>
> Note: the warning here suggests that the core file is from a
> different executable.  The backtrace provided is likely incorrect.
> Try to reproduce the problem with the current executable to get a
> proper backtrace.
>
> It might be also be a good idea to look into "nginx -V" output and
> the configuration (first of all, to make sure there are no 3rd
> party modules used; if there are any - try to reproduce the
> problem without them), as well as to check if you are able to
> reproduce the problem with the latest mainline version.
>
> --
> Maxim Dounin
> http://nginx.org/
> ___
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: coredump in 1.10.3

2017-03-13 Thread George .

 proxy_set_header X-CDN-HTTP2 "$http2";
proxy_set_header X-CDN-HTTPS "$https";

location / {
proxy_pass http://local_rp;
error_page 301 302 307 = @redir;
}

location @redir {
internal;
set $cdn_upstream_http_location $upstream_http_location;
proxy_pass $cdn_upstream_http_location;
}

}

# other equivalent server blocks
# .
# .
# .
# .
}


On Mon, Mar 13, 2017 at 3:17 PM, Valentin V. Bartenev <vb...@nginx.com>
wrote:

> On Monday 13 March 2017 15:06:17 George . wrote:
> > Hi all,
> >
> > We've found two different coredumps in production machines running 1.10.3
> > handing ssl and http v2 traffic.
> >
> > Here is the backtrace of version compiles with -O0 -g -ggdb
> >
> [..]
>
> Do you use any 3rd-party modules or patches?  Could you show
> nginx -V output?
>
>   wbr, Valentin V. Bartenev
>
> ___
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: nginx-1.11.8

2016-12-27 Thread George

thanks Maxim working nicely here !

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,271747,271754#msg-271754

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx-1.11.6

2016-11-16 Thread George

Yeah some other nginx modules by OpenResty ran into 1.11.6 changes 

* https://github.com/openresty/redis2-nginx-module/issues/41
* https://github.com/openresty/memc-nginx-module/issues/26

the workarounds

* https://github.com/openresty/redis2-nginx-module/pull/42
* https://github.com/openresty/memc-nginx-module/pull/27

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,270963,270999#msg-270999

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Bloking Bad bots

2016-11-14 Thread George

I use nginx maps which depending on user agent either block, rate limit or
whitelist
https://community.centminmod.com/threads/blocking-bad-or-aggressive-bots.6433/

as the list gets large nginx maps just make it easier to manage

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,270930,270940#msg-270940

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

multiple php-fpm pool upstream alternating 503 & 502 errors

2016-11-09 Thread George

Was wondering if anyone could shed some light on this issue I am
experiencing only with multiple php-fpm pool setups but not with single
php-fpm pool. The issue is when a forum software like Xenforo or Invision
board uses their native forum close option to turn off the forums for guests
but still allow forum admins access, the forum via php issue a HTTP 503
status message. This seems to trip up and causes issues only for multiple
php-fpm pool upstream setups causing alternating 503 and 502 bad gateway
errors. Probably partially to do with the http_503 definition for
fastcgi_next_upstream.

The upstream settings

upstream phpbackend {
zone zone_phpbackend 64k;
ip_hash;
keepalive 5;
  server 127.0.0.1:9000 weight=50;
  server 127.0.0.1:9002 weight=50;
  server 127.0.0.1:9003 weight=50;
  server 127.0.0.1:9004 weight=50;
  server 127.0.0.1:9005 weight=50;
}

and relevant php-fpm changes made were to change

from single php-fpm pool

fastcgi_pass   127.0.0.1:9000;

to multiple php-fpm upstream pools

fastcgi_next_upstream error timeout http_500 http_503;
fastcgi_pass phpbackend;
fastcgi_keep_conn on;

I can replicate the issue with multiple php-fpm pool upstream setup by
creating a 503.php file with contents



and then refreshing the 503.php page and it will alternate between 503 and
502 errors

The access.log's alternating 503 and 502 errors excerpt

IPADDR - - [10/Nov/2016:06:07:07 +] "GET /503.php HTTP/1.1" 502 1672 "-"
"Mozilla/5.0 snipped" "-" rt=0.000 ua="phpbackend" us="502" ut="0.000"
ul="0" cs=-
IPADDR - - [10/Nov/2016:06:07:03 +] "GET /503.php HTTP/1.1" 503 1665 "-"
"Mozilla/5.0 snipped" "-" rt=0.000 ua="127.0.0.1:9004, 127.0.0.1:9002,
127.0.0.1:9005, 127.0.0.1:9003, 127.0.0.1:9000" us="502, 502, 502, 502, 503"
ut="0.000, 0.000, 0.000, 0.000, 0.000" ul="0, 0, 0, 0, 0" cs=-
IPADDR - - [10/Nov/2016:06:07:05 +] "GET /503.php HTTP/1.1" 502 1672 "-"
"Mozilla/5.0 snipped" "-" rt=0.000 ua="phpbackend" us="502" ut="0.000"
ul="0" cs=-
IPADDR - - [10/Nov/2016:06:07:07 +] "GET /503.php HTTP/1.1" 502 1672 "-"
"Mozilla/5.0 snipped" "-" rt=0.000 ua="phpbackend" us="502" ut="0.000"
ul="0" cs=-

using log format below

log_format  main_ext '$remote_addr - $remote_user [$time_local] "$request"
'
 '$status $body_bytes_sent "$http_referer" '
 '"$http_user_agent" "$http_x_forwarded_for" '
 'rt=$request_time ua="$upstream_addr" '
 'us="$upstream_status" ut="$upstream_response_time"
'
 'ul="$upstream_response_length" '
 'cs=$upstream_cache_status' ;

Using nginx 1.11.5 with PHP 5.6.27

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,270850,270850#msg-270850

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: freeing buffers after sending them

2016-10-12 Thread George .

Hi Valentin,

Than you for your fast and correct reply.

Yes, you are right, it was oversight that r->out->buf if taken from
pipe->pool, which is actually  r->pool.
What if we pfree this bufs from  r->pool? Who holds the reference after
sending these buffers (except may be in NGX_THREADS version)?


On Wed, Oct 12, 2016 at 2:30 PM, Valentin V. Bartenev <vb...@nginx.com>
wrote:

> On Wednesday 12 October 2016 13:22:08 George . wrote:
> > Hi all,
> >
> > What do you think about freeing buffers after being sent by send_chain?
> > Because we have a special case were we use 4 megabyte buffer instead of
> > nginx default 8 * 8 K and we found that these buffers are actually freed
> > after request had been finished, so if there hundreds of slow downstream
> > connection nginx will eat a lot of RAM.
> >
> > I'm just curious if I explicitly return already consumed buffer with
> > ngx_pfree  will affect something (our bunch of tests shows at least there
> > is not crash or unexpected behaviour)
> >
>
>
> Buffers are not allocated from "c->pool", so
> the code below does nothing except wasting CPU.
>
> And this is the only reason, why the patch doesn't
> break everything.
>
>   wbr, Valentin V. Bartenev
>
>
>
> >
> > @@ -284,6 +284,13 @@ ngx_http_write_filter(ngx_http_request_t *r,
> > ngx_chain_t *in)
> >
> >  chain = c->send_chain(c, r->out, limit);
> >
> > +/* free buffs that are already sent */
> > +for (cl = r->out; cl; /* void */) {
> > +ln = cl;
> > +cl = cl->next;
> > +ngx_pfree(c->pool, ln->buf);
> > +}
> > +
> >  ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
> > "http write filter %p", chain)
>
> ___
> nginx-devel mailing list
> nginx-devel@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-devel
>
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

freeing buffers after sending them

2016-10-12 Thread George .

Hi all,

What do you think about freeing buffers after being sent by send_chain?
Because we have a special case were we use 4 megabyte buffer instead of
nginx default 8 * 8 K and we found that these buffers are actually freed
after request had been finished, so if there hundreds of slow downstream
connection nginx will eat a lot of RAM.

I'm just curious if I explicitly return already consumed buffer with
ngx_pfree  will affect something (our bunch of tests shows at least there
is not crash or unexpected behaviour)


@@ -284,6 +284,13 @@ ngx_http_write_filter(ngx_http_request_t *r,
ngx_chain_t *in)

 chain = c->send_chain(c, r->out, limit);

+/* free buffs that are already sent */
+for (cl = r->out; cl; /* void */) {
+ln = cl;
+cl = cl->next;
+ngx_pfree(c->pool, ln->buf);
+}
+
 ngx_log_debug1(NGX_LOG_DEBUG_HTTP, c->log, 0,
"http write filter %p", chain)
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: nginScript + nginx 1.11.4, js_run unknown directive ?

2016-09-14 Thread George

Hi Igor thanks for the clarification. Looking forward to updated
examples/wiki for nginScript :)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269548,269559#msg-269559

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginScript + nginx 1.11.4, js_run unknown directive ?

2016-09-13 Thread George

and examples in wiki for nginxScript for js_run
https://www.nginx.com/resources/wiki/nginScript/#section-1-overview

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269548,269552#msg-269552

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginScript + nginx 1.11.4, js_run unknown directive ?

2016-09-13 Thread George

even


location /njs {
js_run "
var res;
res = $r.response;
res.status = 200;
res.send('Hello World!');
res.finish();
";
}

gives an error

nginx -t 
nginx: [emerg] unknown directive "js_run" in
/usr/local/nginx/conf/conf.d/virtual.conf:36
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269548,269551#msg-269551

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginScript + nginx 1.11.4, js_run unknown directive ?

2016-09-13 Thread George

sorry i meant from old example readme at
http://hg.nginx.org/njs/file/11d4d66851ed/README

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269548,269550#msg-269550

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginScript + nginx 1.11.4, js_run unknown directive ?

2016-09-13 Thread George

Tried compiling nginScript with nginx 1.11.4 as a dynamic module and the
README github example at https://github.com/nginx/njs/blob/master/README
gives me js_run unknown directive so looks like maybe didn't install
correctly ?

CentOS 7.2 64bit

nginx -V
nginx version: nginx/1.11.4
built by gcc 4.8.5 20150623 (Red Hat 4.8.5-4) (GCC) 
built with LibreSSL 2.4.2
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro
-Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -mfpmath=sse -g
-O3 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2'
--sbin-path=/usr/local/sbin/nginx
--conf-path=/usr/local/nginx/conf/nginx.conf --with-http_stub_status_module
--with-http_secure_link_module --add-module=../nginx-module-vts
--with-libatomic --with-http_gzip_static_module
--add-dynamic-module=../ngx_brotli
--add-dynamic-module=../ngx_pagespeed-release-1.11.33.3-beta
--with-http_sub_module --with-http_addition_module
--with-http_image_filter_module=dynamic --with-http_geoip_module
--add-dynamic-module=../njs/nginx --with-stream_geoip_module
--with-stream_realip_module --with-threads --with-stream=dynamic
--with-stream_ssl_module --with-http_realip_module
--add-dynamic-module=../ngx-fancyindex-0.4.0
--add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0
--add-module=../set-misc-nginx-module-0.31
--add-module=../echo-nginx-module-0.60
--add-module=../redis2-nginx-module-0.13
--add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.17
--add-module=../srcache-nginx-module-0.31
--add-module=../headers-more-nginx-module-0.31 --with-pcre=../pcre-8.39
--with-pcre-jit --with-http_ssl_module --with-http_v2_module
--with-openssl=../libressl-2.4.2

with loaded modules as 

load_module "modules/ngx_http_brotli_filter_module.so";
load_module "modules/ngx_http_brotli_static_module.so";
load_module "modules/ngx_http_image_filter_module.so";
load_module "modules/ngx_http_fancyindex_module.so";
load_module "modules/ngx_pagespeed.so";
load_module "modules/ngx_stream_module.so";
load_module "modules/ngx_http_js_module.so";
load_module "modules/ngx_stream_js_module.so";

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269548,269548#msg-269548

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: pcre.org down?

2016-09-04 Thread George

yeah ran into the same problem and still seems to be down right now

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269359,269379#msg-269379

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx-1.11.3

2016-07-26 Thread George

thanks Maxim works now :)

cat /usr/local/nginx/conf/dynamic-modules.conf
load_module "modules/ngx_http_image_filter_module.so";
load_module "modules/ngx_http_fancyindex_module.so";
load_module "modules/ngx_stream_module.so";
load_module "modules/ngx_stream_geoip_module.so";
load_module "modules/ngx_http_geoip_module.so";

ngxrestart
Restarting nginx (via systemctl):  [  OK  ]

nginx -V
nginx version: nginx/1.11.3
built by clang 3.4.2 (tags/RELEASE_34/dot2-final)
built with LibreSSL 2.3.6
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro
-Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -mfpmath=sse -g
-O3 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare
-Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter
-Wno-unused-const-variable -Wno-conditional-uninitialized
-Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized
-Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign
-Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding
-Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion
-Wno-c++11-compat-deprecated-writable-strings -Wno-write-strings'
--sbin-path=/usr/local/sbin/nginx
--conf-path=/usr/local/nginx/conf/nginx.conf --with-http_stub_status_module
--with-http_secure_link_module --with-openssl-opt=enable-tlsext
--add-module=../nginx-module-vts --with-libatomic --with-threads
--with-stream=dynamic --with-stream_ssl_module
--with-http_gzip_static_module --with-http_sub_module
--with-http_addition_module --with-http_image_filter_module=dynamic
--with-http_geoip_module=dynamic --with-stream_geoip_module=dynamic
--with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.0
--add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0
--add-module=../set-misc-nginx-module-0.30
--add-module=../echo-nginx-module-0.59
--add-module=../redis2-nginx-module-0.13
--add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.17
--add-module=../srcache-nginx-module-0.31
--add-module=../headers-more-nginx-module-0.30 --with-pcre=../pcre-8.39
--with-pcre-jit --with-http_ssl_module --with-http_v2_module
--with-openssl=../libressl-2.3.6

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,268473,268517#msg-268517

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx-1.11.3

2016-07-26 Thread George

trying to enable ngx_stream_geoip_module as a dynamic module and getting
this error ONLY on SOME servers and not others all compiled with same
settings ?

nginx -t
nginx: [emerg] dlopen()
"/usr/local/nginx/modules/ngx_stream_geoip_module.so" failed
(/usr/local/nginx/modules/ngx_stream_geoip_module.so: undefined symbol:
ngx_stream_add_variable) in /usr/local/nginx/conf/dynamic-modules.conf:3
nginx: configuration file /usr/local/nginx/conf/nginx.conf test failed

/usr/local/nginx/conf/dynamic-modules.conf include file in nginx.conf

load_module "modules/ngx_http_image_filter_module.so";
load_module "modules/ngx_http_fancyindex_module.so";
load_module "modules/ngx_stream_geoip_module.so";
load_module "modules/ngx_http_geoip_module.so";
load_module "modules/ngx_stream_module.so";

configure

./configure --with-ld-opt="-lrt -ljemalloc -Wl,-z,relro
-Wl,-rpath,/usr/local/lib" --with-cc-opt="-m64 -mtune=native -mfpmath=sse -g
-O3 -fstack-protector --param=ssp-buffer-size=4 -Wformat
-Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wno-sign-compare
-Wno-string-plus-int -Wno-deprecated-declarations -Wno-unused-parameter
-Wno-unused-const-variable -Wno-conditional-uninitialized
-Wno-mismatched-tags -Wno-c++11-extensions -Wno-sometimes-uninitialized
-Wno-parentheses-equality -Wno-tautological-compare -Wno-self-assign
-Wno-deprecated-register -Wno-deprecated -Wno-invalid-source-encoding
-Wno-pointer-sign -Wno-parentheses -Wno-enum-conversion
-Wno-c++11-compat-deprecated-writable-strings -Wno-write-strings"
--sbin-path=/usr/local/sbin/nginx
--conf-path=/usr/local/nginx/conf/nginx.conf --with-http_stub_status_module
--with-http_secure_link_module --with-openssl-opt="enable-tlsext"
--add-module=../nginx-module-vts --with-libatomic --with-threads
--with-stream=dynamic --with-stream_ssl_module
--with-http_gzip_static_module --with-http_sub_module
--with-http_addition_module --with-http_image_filter_module=dynamic
--with-http_geoip_module=dynamic --with-stream_geoip_module=dynamic
--with-http_realip_module --add-dynamic-module=../ngx-fancyindex-0.4.0
--add-module=../ngx_cache_purge-2.3 --add-module=../ngx_devel_kit-0.3.0
--add-module=../set-misc-nginx-module-0.30
--add-module=../echo-nginx-module-0.59
--add-module=../redis2-nginx-module-0.13
--add-module=../ngx_http_redis-0.3.7 --add-module=../memc-nginx-module-0.17
--add-module=../srcache-nginx-module-0.31
--add-module=../headers-more-nginx-module-0.30 --with-pcre=../pcre-8.39
--with-pcre-jit --with-http_ssl_module --with-http_v2_module
--with-openssl=../libressl-2.3.6
checking for OS
 + Linux 4.5.5-x86_64-linode69 x86_64
checking for C compiler ... found
 + using Clang C compiler
 + clang version: 3.4.2 (tags/RELEASE_34/dot2-final)
checking for --with-ld-opt="-lrt -ljemalloc -Wl,-z,relro
-Wl,-rpath,/usr/local/lib" ... found
checking for -Wl,-E switch ... found
checking for gcc builtin atomic operations ... found
checking for C99 variadic macros ... found
checking for gcc variadic macros ... found
checking for gcc builtin 64 bit byteswap ... found
checking for unistd.h ... found
checking for inttypes.h ... found
checking for limits.h ... found
checking for sys/filio.h ... not found
checking for sys/param.h ... found
checking for sys/mount.h ... found
checking for sys/statvfs.h ... found
checking for crypt.h ... found
checking for Linux specific features
checking for epoll ... found
checking for EPOLLRDHUP ... found
checking for EPOLLEXCLUSIVE ... not found
checking for O_PATH ... found
checking for sendfile() ... found
checking for sendfile64() ... found
checking for sys/prctl.h ... found
checking for prctl(PR_SET_DUMPABLE) ... found
checking for sched_setaffinity() ... found
checking for crypt_r() ... found
checking for sys/vfs.h ... found
checking for nobody group ... found
checking for poll() ... found
checking for /dev/poll ... not found
checking for kqueue ... not found
checking for crypt() ... not found
checking for crypt() in libcrypt ... found
checking for F_READAHEAD ... not found
checking for posix_fadvise() ... found
checking for O_DIRECT ... found
checking for F_NOCACHE ... not found
checking for directio() ... not found
checking for statfs() ... found
checking for statvfs() ... found
checking for dlopen() ... not found
checking for dlopen() in libdl ... found
checking for sched_yield() ... found
checking for SO_SETFIB ... not found
checking for SO_REUSEPORT ... found
checking for SO_ACCEPTFILTER ... not found
checking for SO_BINDANY ... not found
checking for IP_BIND_ADDRESS_NO_PORT ... not found
checking for IP_TRANSPARENT ... found
checking for IP_BINDANY ... not found
checking for IP_RECVDSTADDR ... not found
checking for IP_PKTINFO ... found
checking for IPV6_RECVPKTINFO ... found
checking for TCP_DEFER_ACCEPT ... found
checking for TCP_KEEPIDLE ... found
checking for TCP_FASTOPEN ... found
checking for TCP_INFO ... found
checking for accept4() ... found
checking for eventfd() ... found
checking for int size ... 4 bytes
checking for long size ... 8 bytes

Re: nginx-1.11.0

2016-05-24 Thread George

nice RSA + ECDSA certs support !

what's the recommended way to setup HTTP Public Key Pinning with regards to
dual SSL certificates ?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,267113,267124#msg-267124

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: [ANN] OpenResty 1.9.7.4 released

2016-03-19 Thread George

cheers agentzh thanks for that workaround for LibreSSL and
ssl_certificiate_by_lua* incompatibility :)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,265422,265450#msg-265450

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx-1.9.12

2016-02-24 Thread George

thanks I switched back to OpenSSL for now :)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,264770,264794#msg-264794

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx-1.9.12

2016-02-24 Thread George

Thanks Maxim and Nginx ! 

But no love for LibreSSL users as Nginx 1.9.12 seems to broken compilation
against LibreSSL 2.2.6 for me https://trac.nginx.org/nginx/ticket/908#ticket
?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,264770,264780#msg-264780

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Nginx HTTP/2 server push support ?

2016-02-02 Thread George

Curious if anyone has heard or knows if or when Nginx HTTP/2 support will
add server push https://http2.github.io/faq/#how-can-i-use-http2-server-push
?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,264252,264252#msg-264252

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx-1.9.10

2016-01-27 Thread George

Thanks updated to 1.9.10 fine with ngx_brotli + ngx_pagespeed 1.10 branch :)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,264158,264187#msg-264187

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: [ANNOUNCE] ngx_brotli

2015-10-15 Thread George

cheers Piotr :)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,262088,262254#msg-262254

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: [ANNOUNCE] ngx_brotli

2015-10-14 Thread George

Piotr just installed ngx_brotli on my Nginx stack and works nicely in
Firefox 44 nightly tests. However, it might have broken ngx_pagespeed
support for me in Firefox 44 nightly
https://github.com/pagespeed/ngx_pagespeed/issues/1021. 

ngx_pagspeed works fine for https on my site with Chrome, Opera and Firefox
43 dev edition as they don't support Brotli so I am assuming Firefox 44 +
brotli is what is breaking ngx_pagespeed ?

cheers

George

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,262088,262190#msg-262190

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: [ANNOUNCE] ngx_brotli

2015-10-13 Thread George

thanks Piotr for the clarification

definitely going to give ngx_brotli a spin :D

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,262088,262189#msg-262189

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: [ANNOUNCE] ngx_brotli

2015-10-10 Thread George

interesting thanks for sharing :)

so how does this interact or conflict with gzip static/gzip ? do we need to
turn off gzip/gzip static in nginx to use brotli or can both be enabled ?

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,262088,262096#msg-262096

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: http2

2015-09-19 Thread George

It's already slated for Nginx 1.9.5 community/free edition :)

Although I have been playing with HTTP/2 patches since Nginx 1.9.3 :D

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,261669,261676#msg-261676

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: wrong $bytes_sent on nginx-1.8.0 if aio threads is enabled

2015-06-26 Thread George .

Hi all,

I'd like to ask if there are  plans somebody to fix the issue with wrong
$bytes_sent  in aio threads mode. If no, is there a chance to get some hit
or direction, so I can try fix it myself and contribute to better and bug
free nginx?

Thanks in advance,

George

On Fri, May 15, 2015 at 11:37 PM, Valentin V. Bartenev vb...@nginx.com
wrote:

 On Friday 15 May 2015 17:45:44 George . wrote:
  Hi,
 
  I found following bug in  nginx-1.8.0:
 
  if   aio is configured with threads support - sometime (one in  thousands
  requests)  $bytes_sent contains only length of the header. I'm attaching
 my
  nginx.conf, build params and simple python script I'm using the reproduce
  this issue.
 
  Here is the output of test script when the problem appears:
  .
  .
  .
  received: 10170 from access_log : 10170 on 26 iteration
  127.0.0.1 - - [15/May/2015 17:27:45] GET /test HTTP/1.0 200 -
  127.0.0.1 - - [15/May/2015 17:27:47] GET /test HTTP/1.0 200 -
  received: 10170 from access_log : 10170 on 27 iteration
  127.0.0.1 - - [15/May/2015 17:27:58] GET /test HTTP/1.0 200 -
  127.0.0.1 - - [15/May/2015 17:28:00] GET /test HTTP/1.0 200 -
  received: 10170 from access_log : 10169 on 28 iteration
  test failed!!
 
  also in access_log file
 
  .
  .
  .
  10170 GET /test HTTP/1.1
  10170 GET /test HTTP/1.1
  10170 GET /test HTTP/1.1
  170 GET /test HTTP/1.1
  10170 GET /test HTTP/1.1
  10170 GET /test HTTP/1.1
  .
  .
 

 Thank you for the report.

 It caused by a race condition between sendfile() task completion
 and connection close notifications.  If the latter comes first,
 nginx logs that client prematurely closed connection.

 Unfortunately, it's not easy to fix.  I'll look at it later.

   wbr, Valentin V. Bartenev

 ___
 nginx-devel mailing list
 nginx-devel@nginx.org
 http://mailman.nginx.org/mailman/listinfo/nginx-devel

___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: Nginx LibreSSL and BoringSSL alternative to OpenSSL ?

2015-06-02 Thread George

Tested fine with ECC 256 bit and RSA 2048 bit SSL and chacha20_poly1305
https://community.centminmod.com/threads/nginx-and-libressl-alternative-to-openssl.3146/
:)

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,259325,259333#msg-259333

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx LibreSSL and BoringSSL alternative to OpenSSL ?

2015-06-02 Thread George

thanks seems with LibreSSL 2.1.6 no longer need the steps for creating 
.openssl/lib and copying files to that directory and symlink to make it
work

seems it works on Nginx 1.9.1 with LibreSSL 2.1.6 sweet !

nginx -V
nginx version: nginx/1.9.1
built by gcc 4.8.3 20140911 (Red Hat 4.8.3-9) (GCC) 
built with LibreSSL 2.1.6
TLS SNI support enabled
configure arguments: --with-ld-opt='-lrt -ljemalloc -Wl,-z,relro
-Wl,-rpath,/usr/local/lib' --with-cc-opt='-m64 -mtune=native -g -O2
-fstack-protector --param=ssp-buffer-size=4 -Wformat -Werror=format-security
-Wp,-D_FORTIFY_SOURCE=2' --sbin-path=/usr/local/sbin/nginx
--conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module
--with-http_gzip_static_module --with-http_stub_status_module
--with-http_sub_module --with-http_addition_module
--with-http_image_filter_module --with-http_secure_link_module
--with-http_flv_module --with-http_realip_module --with-http_geoip_module
--with-openssl-opt=enable-tlsext
--add-module=../ngx-fancyindex-ngx-fancyindex
--add-module=../ngx_cache_purge-2.3
--add-module=../headers-more-nginx-module-0.25
--add-module=../nginx-accesskey-2.0.3
--add-module=../nginx-http-concat-master --with-http_dav_module
--add-module=../nginx-dav-ext-module-0.0.3
--add-module=../openresty-memc-nginx-module-1518da4
--add-module=../openresty-srcache-nginx-module-ffa9ab7
--add-module=../ngx_devel_kit-0.2.19
--add-module=../set-misc-nginx-module-0.28
--add-module=../echo-nginx-module-0.57
--add-module=../lua-nginx-module-0.9.16rc1
--add-module=../lua-upstream-nginx-module-0.02
--add-module=../lua-upstream-cache-nginx-module-0.1.1
--add-module=../nginx_upstream_check_module-0.3.0
--add-module=../nginx-module-vts --with-openssl=../portable-2.1.6
--with-libatomic --with-threads --with-stream --with-stream_ssl_module
--with-pcre=../pcre-8.37 --with-pcre-jit --with-http_spdy_module
--add-module=../ngx_pagespeed-release-1.9.32.3-beta

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,259325,259331#msg-259331

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Nginx LibreSSL and BoringSSL alternative to OpenSSL ?

2015-06-01 Thread George

Currently on CentOS 6/7, I source compile my Nginx 1.9.x versions with
static OpenSSL 1.02a patched for chacha20_poly1305 but thinking about
switching to LibreSSL or BoringSSL (for equal preference group cipher
support).

The question I have is anyone else using Nginx with LibreSSL or BoringSSL on
CentOS/Redhat ? Any issues that needed working around or any features lost ?
e.g. BoringSSL and OSCP stapling support etc ?

Recommended steps for compilation with Nginx ?

thanks

George

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,259325,259325#msg-259325

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx virtual host traffic status module

2015-05-30 Thread George

Thanks for the excellent module, I have it working for my builds
https://community.centminmod.com/threads/centmin-mod-nginx-live-vhost-traffic-statistics-preview-discussion.3022/
:D

Would be great if there's some documentation on how to customise the CSS in
html mode https://github.com/vozlt/nginx-module-vts/issues/13

cheers

George

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,256699,259274#msg-259274

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

wrong $bytes_sent on nginx-1.8.0 if aio threads is enabled

2015-05-15 Thread George .

Hi,

I found following bug in  nginx-1.8.0:

if   aio is configured with threads support - sometime (one in  thousands
requests)  $bytes_sent contains only length of the header. I'm attaching my
nginx.conf, build params and simple python script I'm using the reproduce
this issue.

Here is the output of test script when the problem appears:
.
.
.
received: 10170 from access_log : 10170 on 26 iteration
127.0.0.1 - - [15/May/2015 17:27:45] GET /test HTTP/1.0 200 -
127.0.0.1 - - [15/May/2015 17:27:47] GET /test HTTP/1.0 200 -
received: 10170 from access_log : 10170 on 27 iteration
127.0.0.1 - - [15/May/2015 17:27:58] GET /test HTTP/1.0 200 -
127.0.0.1 - - [15/May/2015 17:28:00] GET /test HTTP/1.0 200 -
received: 10170 from access_log : 10169 on 28 iteration
test failed!!

also in access_log file

.
.
.
10170 GET /test HTTP/1.1
10170 GET /test HTTP/1.1
10170 GET /test HTTP/1.1
170 GET /test HTTP/1.1
10170 GET /test HTTP/1.1
10170 GET /test HTTP/1.1
.
.


Best regards,

George


nginx.conf
Description: Binary data


my_configure
Description: Binary data
#!/usr/bin/env python

import os
import time
import urllib2
import threading
from BaseHTTPServer import BaseHTTPRequestHandler

ACCESS_LOG = './run_nginx-1.8.0/access_log'

class GetHandler(BaseHTTPRequestHandler):

def do_GET(self):
# print do_GET
resp = 'a' * 1
self.send_response(200)
self.send_header('Cache-Control', 'max-age=1')
self.send_header('Content-Type', 'text/html')
self.send_header('Date', 'Thu, 24 Nov 2011 16:28:33 GMT')
self.send_header('Content-Length', len(resp))
self.end_headers()

self.wfile.write(resp)



def main():
from BaseHTTPServer import HTTPServer
server = HTTPServer(('localhost', 8081), GetHandler)

thread = threading.Thread(target = server.serve_forever)
thread.daemon = True
thread.start()
url = 'http://127.0.0.1:8080/test'

num_tests = 0
while True:

open(ACCESS_LOG, 'w').close() # empty access log file

received_total_bytes = 0
for i in xrange(1):
try:
request = urllib2.Request(url)
request.add_header('Host', 'rp-test.com')
response = urllib2.urlopen(request)
data = response.read()

received_total_bytes += len(data) + len(str(response.headers)) + 19


except urllib2.HTTPError as e:
print error, e
exit()

if len(data) + len(str(response.headers)) + 19 != 10170:
print len(data) + len(str(response.headers)) + 19, len(data), len(str(response.headers))
#print response.headers

#print 
exit(1)

time.sleep(10) # wait some time to flush access_log

access_log_total_bytes = 0
f = open(ACCESS_LOG)
for line in f.xreadlines():
bytes_sent = int(line.split(' ')[0])

access_log_total_bytes += bytes_sent

f.close()

num_tests += 1

print 'received:', received_total_bytes, 'from access_log :', access_log_total_bytes, 'on', num_tests, 'iteration'
if received_total_bytes != access_log_total_bytes:
print 'test failed!!!'
exit(1)


#os.remove(ACCESS_LOG)

return True


if __name__ == '__main__':
main()
___
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Re: Google dumps SPDY in favour of HTTP/2, any plans for nginx?

2015-04-01 Thread George

thanks Sarah

dug deeper and apparently those nginx reported header sites were behind
Google Pagespeed's service so that must of been why HTTP/2 was reported

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,256561,257778#msg-257778

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

native variable for one level above $document_root ?

2015-03-07 Thread George

At the nginx vhost level, is there a native nginx value similar to
$document_root for one directory level above $document_root ?

for example if $document_root = /home/username/public or
/home/username2/public

is there a variable I can reference at nginx vhost level that references
/home/username or /home/username2 ?

thanks

George

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,257127,257127#msg-257127

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: NGINX using 100% of the server CPU when testing with Blitz.io

2014-11-28 Thread George

maybe switch to using Wordpress Super Cache ? handled blitz.io 8000 user
stress test fine with Nginx 1.7.7, PHP-FPM 7.0.0-dev, MariaDB 10.0.x and
CentOS 7.0 = 237 million hits/day on 2GB DigitalOcean KVM VPS server
http://wordpress7.centminmod.com/74/wordpress-super-cache-benchmarks-blitz-io-load-test-237-million-hitsday/

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,255158,255213#msg-255213

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Use of boringssl equal-preference cipher groups with nginx

2014-08-23 Thread George

thanks Alex so what's the updated way to compile Nginx against BoringSSL ?

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,252640,252779#msg-252779

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx + boringSSL

2014-07-14 Thread George

Thanks for sharing :)

So SPDY/3.1 SSL works ?

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,251740,251748#msg-251748

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx 1.7.0 failed make with Phusion Passenger ?

2014-04-25 Thread George

thanks for the reply and fix :)

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,249586,249595#msg-249595

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Nginx 1.7.0 failed make with Phusion Passenger ?

2014-04-24 Thread George

Anyone experience this problem ? I have Nginx 1.5.13 working fine with
Phusion Passenger 4.0.37 source compile. But trying to update Nginx from
1.5.13 to 1.7.0 fails at make stage. I tried both Phusion Passenger 4.0.37
and 4.0.41 and it fails.

Working Nginx 1.5.13 configuration

nginx -V
nginx version: nginx/1.5.13
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) 
TLS SNI support enabled
configure arguments: --sbin-path=/usr/local/sbin
--conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module
--with-http_gzip_static_module --with-http_stub_status_module
--with-http_sub_module --with-http_addition_module
--with-http_image_filter_module --with-http_secure_link_module
--with-http_flv_module --with-http_realip_module
--with-openssl-opt=enable-tlsext
--add-module=../ngx-fancyindex-ngx-fancyindex
--add-module=../ngx_cache_purge-2.1
--add-module=../headers-more-nginx-module-0.25
--add-module=../nginx-accesskey-2.0.3
--add-module=../nginx-http-concat-master --with-http_dav_module
--add-module=../nginx-dav-ext-module-0.0.3
--add-module=/usr/local/rvm/gems/ruby-2.1.1/gems/passenger-4.0.37/ext/nginx
--with-openssl=../openssl-1.0.1g --with-libatomic --with-pcre=../pcre-8.35
--with-pcre-jit --with-http_spdy_module
--add-module=../ngx_pagespeed-release-1.7.30.4-beta

Now when updating to Nginx 1.7.0 fails at this point with both Phusion
Passenger 4.0.37 and 4.0.41

 passenger -v
Phusion Passenger version 4.0.41

error message

-o objs/addon/nginx/StaticContentHandler.o \
   
/usr/local/rvm/gems/ruby-2.1.1/gems/passenger-4.0.41/ext/nginx/StaticContentHandler.c
/usr/local/rvm/gems/ruby-2.1.1/gems/passenger-4.0.41/ext/nginx/StaticContentHandler.c:
In function 'passenger_static_content_handler':
/usr/local/rvm/gems/ruby-2.1.1/gems/passenger-4.0.41/ext/nginx/StaticContentHandler.c:72:
error: 'ngx_http_request_t' has no member named 'zero_in_uri'
make[1]: *** [objs/addon/nginx/StaticContentHandler.o] Error 1
make[1]: Leaving directory `/svr-setup/nginx-1.7.0'
make: *** [build] Error 2
*

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,249586,249586#msg-249586

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx 1.7.0 failed make with Phusion Passenger ?

2014-04-24 Thread George

grep -C10 zero_in_uri
/usr/local/rvm/gems/ruby-2.1.1/gems/passenger-4.0.41/ext/nginx/StaticContentHandler.c
if (!(r-method  (NGX_HTTP_GET|NGX_HTTP_HEAD|NGX_HTTP_POST))) {
return NGX_HTTP_NOT_ALLOWED;
}

if (r-uri.data[r-uri.len - 1] == '/') {
return NGX_DECLINED;
}

#if (PASSENGER_NGINX_MINOR_VERSION == 8  PASSENGER_NGINX_MICRO_VERSION
 38) || \
(PASSENGER_NGINX_MINOR_VERSION == 7  PASSENGER_NGINX_MICRO_VERSION
 66)
if (r-zero_in_uri) {
return NGX_DECLINED;
}
#endif

log = r-connection-log;

ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0,
   http filename: \%s\, filename-data);

clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module);

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,249586,249587#msg-249587

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Guide on switching from distro-provided nginx to nginx built from source?

2014-03-13 Thread George

Maybe this will help
http://www.howtoforge.com/using-ngx_pagespeed-with-nginx-on-debian-wheezy
and
http://www.howtoforge.com/using-ngx_pagespeed-with-nginx-on-debian-jessie-testing
- right up your alley for Debian distro :)

I personally use CentOS build via Centmin Mod Nginx as it already includes
ngx_pagespeed support out of the box
http://centminmod.com/nginx_ngx_pagespeed.html :)

As to minimal downtime and risk, easiest would be to do a test run first,
DigitalOcean VPS charged on an hourly basis is a good platform to do testing
for end users wanting to make the jump from pre-packaged Nginx builds to
source compilation. I suppose you could even automate the entire transition
and shell script something to do all the leg work.

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,248335,248342#msg-248342

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

help: How to cache video in nginx when dynamic link request

2013-10-25 Thread Yuanjianyong (George)

Hi, everybody,

Please give me a hand.

In VOD system, Nginx is reverse proxy and Lighttpd is application server with 
video files. And getting video files is the type play.jsp?videoid=123456.

Now , I want to cache video files in Nginx server from dynamic link with ?. 
How to define the Nginx configure?



Thanks  Regards

George yuan

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Turn off Nginx SPDY ?

2013-09-08 Thread George

I want to test non-SPDY vs SPDY performance for Nginx and I have Nginx
compiled with SPDY support and it's enabled by adding to listen directive
the spdy option as per
http://nginx.org/en/docs/http/ngx_http_spdy_module.html.

I thought that omitting the spdy option would disable SPDY temporarily ? But
it seems spdycheck.org still reports the https:// site supports SPDY and
browser shows site with SPDY support even with the spdy line removed from
listen directive ?

Or is only way to disable, is to recompile Nginx without SPDY support ?

cheers

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,242665,242665#msg-242665

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Turn off Nginx SPDY ?

2013-09-08 Thread George

I see i believe my problem is #2 as i have another vhost with spdy enabled
on same addr:port pairing !

Thanks Valentin :)

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,242665,242668#msg-242668

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Announcing ngx_pagespeed beta 1.5.27.1

2013-04-26 Thread George

Yup http://ngxpagespeed.com/ isn't accessible at all from my end either.

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,238650,238656#msg-238656

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

82 matches

Mail list logo