Deny all + Custom Error page
Hello,
I try to block wildcard sub domains as follows:
# block wildcard
server {
server_name ~^(.*)\.example\.com$ ;
root /usr/share/nginx/www;
error_page 403 /index.html;
allow 127.0.0.1;
deny all;
access_log off;
log_not_found off;
}
I always get the default 403 Forbidden site of nginx.
When deny all is removed it work as expected.
Can anybody explain?
And does anybody know a workaround?
Best Regards;
Basti
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: Deny all + Custom Error page
Here is my solution:
server {
server_name ~^(.*)\.example\.com$ ;
return 200;
deny all;
access_log off;
log_not_found off;
}
Am 06.06.2014 09:48, schrieb basti:
Hello,
I try to block wildcard sub domains as follows:
# block wildcard
server {
server_name ~^(.*)\.example\.com$ ;
root /usr/share/nginx/www;
error_page 403 /index.html;
allow 127.0.0.1;
deny all;
access_log off;
log_not_found off;
}
I always get the default 403 Forbidden site of nginx.
When deny all is removed it work as expected.
Can anybody explain?
And does anybody know a workaround?
Best Regards;
Basti
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: the http output chain is empty bug (nginx lua module)
See http://trac.nginx.org/nginx/ticket/132 Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250689,250692#msg-250692 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: the http output chain is empty bug (nginx lua module)
Hello! On Fri, Jun 06, 2014 at 06:13:15AM -0400, itpp2012 wrote: See http://trac.nginx.org/nginx/ticket/132 Unlikely it's related. -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx channel
On 6 June 2014 12:41, nginxsantos nginx-fo...@nginx.us wrote: Would be great where channels are used, I am talking about ngx_channel? Please rearrange your words into a comprehensible sentence and/or question. Thank you. ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx channel
I was not clear about the usage of ngx_channel? When each worker process is started, the function ngx_pass_open_channel is called. It is not clear to me where we do use the channels, I mean for what ? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250694,250697#msg-250697 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx channel
Hello! On Fri, Jun 06, 2014 at 08:14:25AM -0400, nginxsantos wrote: I was not clear about the usage of ngx_channel? When each worker process is started, the function ngx_pass_open_channel is called. It is not clear to me where we do use the channels, I mean for what ? Channels are used to pass control messages from master to workers. In particular, this is how master asks workers to shutdown, reopen logs and so on. It is planned that this infrastructure will also allow workers to pass various notifications from one process to others, though it's not something currently available. -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx channel
Thanks Maxim. It helps... Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250694,250700#msg-250700 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: DNS resolution of backends
Hello!
On Thu, Jun 05, 2014 at 06:20:35PM +0300, Reinis Rozitis wrote:
We run a reverse proxy to Amazon S3 service. Sometime Amazon change their
IPs and some of them may become unresponsive and render reservse proxy
unusuable. Is there options to force nginx to re-resolve IPs of backends
lets say each 5 mins ?
Give the upstream{} block the hostnames of the instances and add an resolver
( http://nginx.org/en/docs/http/ngx_http_core_module.html#resolver ).
This won't make any difference. Names of servers in upstream{}
blocks are resolved during configuration parsing, and won't be
re-resolved till next configuration parsing.
To ensure periodic hostname resolution, one have to use a
hostname (not an upstream block) in proxy_pass, and variables in
the proxy_pass directive. This way, nginx won't know a hostname
in advance, and will have to use resolver to resolve it, resulting
in a periodic hostname resolution.
(Alternatively, a special resolve flag for servers in upstream{}
blocks was recently introduced of the commercial subscription, see
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#server.
But this requires commercial subscription.)
--
Maxim Dounin
http://nginx.org/
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: Caching servers in Local ISPs !!
@itpp I am currenlty proceeding with proxy_cache method just because i had
to done this in emergency mode due to boss pressure :-|. I have a quick
question, can i make nginx to cache files for specific clients ?
Like, if our caching servers are deployed by only single ISP named ptcl.
So if ip from ptcl client is browsing video, only his requested file should
be cached not for any other client, does nginx support that ??
I know its kind of funny, but i've to complete this task :(
On Thu, Jun 5, 2014 at 12:23 AM, shahzaib shahzaib shahzaib...@gmail.com
wrote:
Also sync to a temp folder and move after completion or nginx will
attempt
to send partial files.
Oh right. Thanks for quick help and suggestion :). I'll look into wanproxy
now.
On Thu, Jun 5, 2014 at 12:19 AM, itpp2012 nginx-fo...@nginx.us wrote:
shahzaib1232 Wrote:
---
@itpp, i just used your method try_files and it worked flawlessly :).
Following is the testing config :
server {
listen 80;
server_name domain.com;
root /var/www/html/files;
location / {
location ~* (\.mp3|\.avi|\.mp4)$ {
Should i use rsync or lsync for mirroring the files between Origin and
caching server ?
Whatever works for you, I'd prefer rsync since that's easier to schedule
for
off-peek hours.
Also sync to a temp folder and move after completion or nginx will attempt
to send partial files.
see also http://wanproxy.org/
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,249997,250645#msg-250645
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: Caching servers in Local ISPs !!
shahzaib1232 Wrote: --- @itpp I am currenlty proceeding with proxy_cache method just because i had to done this in emergency mode due to boss pressure :-|. I have a quick question, can i make nginx to cache files for specific clients ? Like, if our caching servers are deployed by only single ISP named ptcl. So if ip from ptcl client is browsing video, only his requested file should be cached not for any other client, does nginx support that ?? You could do this based on some IP ranges or via https://github.com/flant/nginx-http-rdns See http://serverfault.com/questions/380642/nginx-how-to-redirect-users-with-certain-ip-to-special-page and http://www.cyberciti.biz/faq/nginx-redirect-backend-traffic-based-upon-client-ip-address/ Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249997,250707#msg-250707 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: NGINX Error when uploading images
Hello! On Fri, Jun 06, 2014 at 11:13:10AM -0400, Roy Phillips wrote: Hi all, We have a handful of users in the UK that are getting the error (screenshot attached) We narrowed it down to the ISP/Router ³Virgin BT² ISP or Home Hub 2.0. If they use another ISP or even tether to an iPhone it works. They also upgraded the Home Hub 2.0 to Home Hub 5.0 and it works. Do you know of a work around for this error by any chance? Unless you are using nginx and did something strange in the configuration, most relevant link I can think of is: http://nginx.org/en/docs/welcome_nginx_facebook.html Wikipedia article on the BT Home Hub suggests it has (or at least had) major problems with security, and this may be the reason: https://en.wikipedia.org/wiki/BT_Home_Hub#Criticism http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub/ -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Caching servers in Local ISPs !!
Thanks a lot itpp. :) I'll look into it and get back to you. Thanks again for quick solution :) On Fri, Jun 6, 2014 at 8:26 PM, itpp2012 nginx-fo...@nginx.us wrote: shahzaib1232 Wrote: --- @itpp I am currenlty proceeding with proxy_cache method just because i had to done this in emergency mode due to boss pressure :-|. I have a quick question, can i make nginx to cache files for specific clients ? Like, if our caching servers are deployed by only single ISP named ptcl. So if ip from ptcl client is browsing video, only his requested file should be cached not for any other client, does nginx support that ?? You could do this based on some IP ranges or via https://github.com/flant/nginx-http-rdns See http://serverfault.com/questions/380642/nginx-how-to-redirect-users-with-certain-ip-to-special-page and http://www.cyberciti.biz/faq/nginx-redirect-backend-traffic-based-upon-client-ip-address/ Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249997,250707#msg-250707 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: NGINX Error when uploading images
Thanks, Our application doesn’t use NGINX or our hosting provider in the USA. When the user drags and drops images in the webpage app that’s when they get the error containing NGINX. We suspect their ISP or Router uses NGINX on the backend but can’t confirm with level 1 support over there. Is that possible? Why would NGINX come up otherwise? Thank you, Roy Phillips XDAM Support 239-791-9995 r...@xdam.com http://www.xdam.com On 6/6/14, 11:45 AM, Maxim Dounin mdou...@mdounin.ru wrote: Hello! On Fri, Jun 06, 2014 at 11:13:10AM -0400, Roy Phillips wrote: Hi all, We have a handful of users in the UK that are getting the error (screenshot attached) We narrowed it down to the ISP/Router ³Virgin BT² ISP or Home Hub 2.0. If they use another ISP or even tether to an iPhone it works. They also upgraded the Home Hub 2.0 to Home Hub 5.0 and it works. Do you know of a work around for this error by any chance? Unless you are using nginx and did something strange in the configuration, most relevant link I can think of is: http://nginx.org/en/docs/welcome_nginx_facebook.html Wikipedia article on the BT Home Hub suggests it has (or at least had) major problems with security, and this may be the reason: https://en.wikipedia.org/wiki/BT_Home_Hub#Criticism http://www.gnucitizen.org/blog/bt-home-flub-pwnin-the-bt-home-hub/ -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
arch linux , swf dir and forbidden error
I use arch linux and install nginx from arch repo , every thing is OK, I want use nginx for use play flash game and swf game , i download many swf files and make swf directory in /usr/share/nginx/html and put all swf files in swf directory and after that I set 755 for swf directory and set 644 for all swf files , but when I type in browser like firefox type http://127.0.0.1/swf I see this error 403 Forbidden and I can not play sw game but when I type http://127.0.0.1/swf/pacman.swf every thing is good and I can flash game what is problem ? I set 777 ,for folder and all swf but I see that problem again and I see 403 Forbidden Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250709,250709#msg-250709 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: DNS resolution of backends
Ok thank for clarifications Max Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250669,250713#msg-250713 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: arch linux , swf dir and forbidden error
On Fri, Jun 06, 2014 at 11:57:22AM -0400, mfaridi wrote: Hi there, http://127.0.0.1/swf I see this error 403 Forbidden and I can not play sw game but when I type http://127.0.0.1/swf/pacman.swf every thing is good and I can flash game what is problem ? What does error_log say? Most likely there is no index.html file, or autoindex (http://nginx.org/r/autoindex) is not on, is my guess. f -- Francis Dalyfran...@daoine.org ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
website with login button, redirect to intranet?
Hi everyone, I would like to check whether this is possible with nginx (on ubuntu 12.04 LTS 64 bits). I have a website www.mywebpage.com.my this is just another website. There is a login button. When someone click on this login button, it would redirect them to https://erp.mywebpage.com.my. However, there are 2 scenarios will happen:- - if you are connected to our secure VPN (via OpenVPN), this redirection would be successful. - if you are not connected to the secure VPN (means the user doesn't have any access), then it will show you are not authorised to view this page. This message should appear within www.mywebpage.com.my. FYI www.mywebpage.com.my - hosted on a public facing VPS (outside office) erp.mywebpage.com.my - hosted at my office server (once connected to the secure VPN, it is as if accessing via intranet) Is this possible and any suggestions to make this work? Thanks. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250715,250715#msg-250715 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: website with login button, redirect to intranet?
Hello,
Assuming your VPN subnet is 10.10.1.0/24, In your server{} block on
erp.mywebpage.com.my you will want to put the following.
allow 10.10.1.0/24;
deny all;
error_page 403 = @403;
location @403 {
echo You are not authorized to view this page
}
On Fri, Jun 6, 2014 at 6:07 PM, ericmachine nginx-fo...@nginx.us wrote:
Hi everyone,
I would like to check whether this is possible with nginx (on ubuntu 12.04
LTS 64 bits).
I have a website
www.mywebpage.com.my
this is just another website.
There is a login button. When someone click on this login button, it would
redirect them to https://erp.mywebpage.com.my. However, there are 2
scenarios will happen:-
- if you are connected to our secure VPN (via OpenVPN), this redirection
would be successful.
- if you are not connected to the secure VPN (means the user doesn't have
any access), then it will show you are not authorised to view this page.
This message should appear within www.mywebpage.com.my.
FYI
www.mywebpage.com.my - hosted on a public facing VPS (outside office)
erp.mywebpage.com.my - hosted at my office server (once connected to the
secure VPN, it is as if accessing via intranet)
Is this possible and any suggestions to make this work?
Thanks.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,250715,250715#msg-250715
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: Difference between NGX_DIRECT_CONF and NGX_MAIN_CONF
Hello! On Fri, Jun 06, 2014 at 10:38:33AM +0800, liubin wrote: Hello: Who can tell me the Difference between NGX_DIRECT_CONF and NGX_MAIN_CONF ? If a command is NGX_DIRECT_CONF,it must be NGX_MAIN_CONF? The NGX_MAIN_CONF specifies context of the directive. The NGX_DIRECT_CONF flag for NGX_MAIN_CONF directives means that the configuration should be access directly (as created with create_conf callback), instead of passing an indirect pointer to a directive handler (allowing the directive handler to create the configuration itself). As of now, the NGX_DIRECT_CONF flag make sense for NGX_MAIN_CONF directives only. -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: nginx subrequests / background operations
Hello! On Fri, Jun 06, 2014 at 12:57:38AM -0400, Ameir Abdeldayem wrote: Hello, I am investigating the complexity of allowing for an additional parameter, expired, to proxy_cache_use_stale. Instead of a request hitting the backend with an $upstream_cache_status of EXPIRED and making the client wait for the request to complete, the client would instead be given a stale version of that cached entry, and that entry would be updated in the background. This is what the proxy_cache_use_stale updating does for years, with the only difference that the update is done by the first request instead of background. So, basically, what you are trying to optimize is a single request per a resource expiration. I would recommend you to reconsider if it actually worth the effort. I was looking into ngx_http_subrequest() as a potential route to take, but it looks like it's blocking (as in the client would have to wait for it to complete). I also looked at post_action, but it's unclear on whether it's blocking or not, and whether it'd work for this case. The post_action functionality will block a connection as well. If you want something to happen in the background, you'll have to introduce the in the background notion in the first place. Most simple approach seems to be to create a separate fake request with emulated properties and a closed connection. -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
RE: nginx subrequests / background operations
Hello Maxim, Thanks for your feedback. Yes, proxy_cache_use_stale updating does do a great job, but the first request is the first request per TTL, which relates to the problem we're facing. We run some high-profile sites, oftentimes with low TTLs (1m or so). The queries we run on the backend are very complex and time-consuming, and oftentimes take on the order of 10s to complete. Because of the low TTL, although most users get immediate responses, the user who makes the request when the entry is EXPIRED has to suffer. Additionally, each page load requests several resources through nginx, and it's happened a number of times that a single user will be the victim of hitting more than one EXPIRED entry, hitting the backend more than once (very unlucky, I know). The end result is user complaints, which would be mitigated entirely if we could serve the STALE entry before updating it. If you have any thoughts on how to improve performance in this scenario, I would love to hear them. Thanks! -Ameir ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: SPDY вместе с включенным proxy_cache_bypass (#428)
[...] начал ловить те же баги на не пропатченном Nginx на другом сервере с меньшей нагрузкой, этот патч в опен-сорсе очень бы не помешал! Код в процессе внутреннего ревью. -- Maxim Konovalov http://nginx.com ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: SPDY вместе с включенным proxy_cache_bypass (#428)
On 06 Jun 2014, at 14:27, Maxim Konovalov ma...@nginx.com wrote: [...] начал ловить те же баги на не пропатченном Nginx на другом сервере с меньшей нагрузкой, этот патч в опен-сорсе очень бы не помешал! Код в процессе внутреннего ревью. Отличная новость в пятницу, спасибо! -- Maxim Konovalov http://nginx.com ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
