subject:"RE\: NGINX Config"

RE: NGINX Config

2017-10-03 Thread David Ringsmuth via 4D_Tech

Paul,

I can attest to the speed nginx provides in front of 4D!

But nginx also increases stability. 

Nginx will close stale connections, whereas an extremely busy 4D Server may not 
close stale connections, resulting in eventual crashing with thousands of http 
processes.

David Ringsmuth

From: Paul Dennis via 4D_Tech
Sent: Tuesday, October 3, 2017 2:16 AM
To: 4d_tech@lists.4d.com
Cc: Paul Dennis
Subject: Re: NGINX Config

RE: Note if you enable 443 and ssl for any server you must have a cert for
all servers listening on 443 you cant mix them up. 

To Clarify I use nginx on windows and linux in a hyper v vm to proxy to our
different internal servers for web, testing etc. Each ssl is tied to a
domain however if you enable ssl and 443 on the nginx instance then you 
must have an ssl for each domain listening on port 443. 

It is much faster to have nginx ssl sitting in front of 4d and have proxy to
4d on normal http.
Paul



--
Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
**
4D Internet Users Group (4D iNUG)
FAQ:  http://lists.4d.com/faqnug.html
Archive:  http://lists.4d.com/archives.html
Options: http://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

**
4D Internet Users Group (4D iNUG)
FAQ:  http://lists.4d.com/faqnug.html
Archive:  http://lists.4d.com/archives.html
Options: http://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: NGINX Config

2017-10-03 Thread Paul Dennis via 4D_Tech

RE: Note if you enable 443 and ssl for any server you must have a cert for
all servers listening on 443 you cant mix them up. 

To Clarify I use nginx on windows and linux in a hyper v vm to proxy to our
different internal servers for web, testing etc. Each ssl is tied to a
domain however if you enable ssl and 443 on the nginx instance then you 
must have an ssl for each domain listening on port 443. 

It is much faster to have nginx ssl sitting in front of 4d and have proxy to
4d on normal http.
Paul



--
Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
**
4D Internet Users Group (4D iNUG)
FAQ:  http://lists.4d.com/faqnug.html
Archive:  http://lists.4d.com/archives.html
Options: http://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: NGINX Config

2017-10-02 Thread Epperlein, Lutz (agendo) via 4D_Tech

SSL certificates are tied to a domain, not to physical computer. A client 
(browser) is not able to resolve to a physical machine. And this is a good 
thing! I can't imagine what will happen if clients would get information of our 
physicals machines even it would be the MAC address only.

The browser is able to check the domain the responses come from.

Regards
Lutz

--  
Lutz Epperlein  
--
Agendo Gesellschaft für politische Planung mbH
Köpenicker Str. 9
10997 Berlin
http://www.agendo.de/
--



> -Original Message-
> From: 4D_Tech [mailto:4d_tech-boun...@lists.4d.com] On Behalf Of Doug Hall via
> 4D_Tech
> Sent: Monday, October 2, 2017 5:31 PM
> To: 4D iNug Technical <4d_tech@lists.4d.com>
> Cc: Doug Hall <doughall...@gmail.com>
> Subject: Re: NGINX Config
> 
> RE: Note if you enable 443 and ssl for any server you must have a cert for
> all
> servers listening on 443 you cant mix them up.
> 
> We only have the one physical server (running 4D in remote mode). You
> aren't talking about the different domains being served from that one
> machine are you? SSL certificates are tied to the physical server
> (computer), not nginx server block/domain name, right?
> 
> Thanks,
> Doug
**
4D Internet Users Group (4D iNUG)
FAQ:  http://lists.4d.com/faqnug.html
Archive:  http://lists.4d.com/archives.html
Options: http://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: NGINX Config

2017-10-02 Thread Doug Hall via 4D_Tech

RE: Note if you enable 443 and ssl for any server you must have a cert for
all
servers listening on 443 you cant mix them up.

We only have the one physical server (running 4D in remote mode). You
aren't talking about the different domains being served from that one
machine are you? SSL certificates are tied to the physical server
(computer), not nginx server block/domain name, right?

Thanks,
Doug

On Mon, Oct 2, 2017 at 1:49 AM, Paul Dennis via 4D_Tech <
4d_tech@lists.4d.com> wrote:

> Hello Jason,
>
> I ve been doing this for years my config is simpler. Dont understand why
> you
> need to define the upstream and rewrite for a simple proxy. I just have a
> server block (nginx jargon) as follows.
>
> server {
> listen   443 ssl;
>
> server_name  dashboard.xxx.com;
> client_header_buffer_size 2k;
> large_client_header_buffers 8 12k;
> client_max_body_size 20m;
> ssl_certificate
> /etc/letsencrypt/live/dashboard.xxx.com/fullchain.pem;
> ssl_certificate_key
> /etc/letsencrypt/live/dashboard.xxx.com/privkey.pem;
>
> location / {
> proxy_pass   http://192.168.1.20:8086/;
> }
>
>
> Note if you enable 443 and ssl for any server you must have a cert for all
> servers listening on 443 you cant mix them up.
>
>
>
>
>
>
> --
> Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
> **
> 4D Internet Users Group (4D iNUG)
> FAQ:  http://lists.4d.com/faqnug.html
> Archive:  http://lists.4d.com/archives.html
> Options: http://lists.4d.com/mailman/options/4d_tech
> Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
> **
>
**
4D Internet Users Group (4D iNUG)
FAQ:  http://lists.4d.com/faqnug.html
Archive:  http://lists.4d.com/archives.html
Options: http://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: NGINX Config

2017-10-02 Thread Paul Dennis via 4D_Tech

Hello Jason,

I ve been doing this for years my config is simpler. Dont understand why you
need to define the upstream and rewrite for a simple proxy. I just have a
server block (nginx jargon) as follows.

server {
listen   443 ssl;

server_name  dashboard.xxx.com;
client_header_buffer_size 2k;
large_client_header_buffers 8 12k;
client_max_body_size 20m;
ssl_certificate
/etc/letsencrypt/live/dashboard.xxx.com/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/dashboard.xxx.com/privkey.pem;

location / {
proxy_pass   http://192.168.1.20:8086/;
}


Note if you enable 443 and ssl for any server you must have a cert for all
servers listening on 443 you cant mix them up.






--
Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
**
4D Internet Users Group (4D iNUG)
FAQ:  http://lists.4d.com/faqnug.html
Archive:  http://lists.4d.com/archives.html
Options: http://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

Re: NGINX Config

2017-09-29 Thread JasonH via 4D_Tech

Hi Doug,

I can't offer anything other than to say what you have looks correct to me. 
I was just thinking to confirm it's a NGINX issue and not 4d / Active4D
config problem, try pointing name2.domain.com to a totally different IP than
your 4D server.  Name1 should redirect to your 4D webserver, and then name2
to a totally different server.

If that works, then you're configuring NGINX correctly and 4D / Active4D is
mis-configured.  If you still get the same page with both requests, then you
know something is messed up with the NGINX config.

Good luck!
Jason



--
Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html
**
4D Internet Users Group (4D iNUG)
FAQ:  http://lists.4d.com/faqnug.html
Archive:  http://lists.4d.com/archives.html
Options: http://lists.4d.com/mailman/options/4d_tech
Unsub:  mailto:4d_tech-unsubscr...@lists.4d.com
**

RE: NGINX Config

2017-09-29 Thread David Ringsmuth via 4D_Tech

Doug,

Post this to: https://forum.nginx.org/

David Ringsmuth

From: Doug Hall via 4D_Tech
Sent: Friday, September 29, 2017 12:28 PM
To: 4D iNug Technical
Cc: Doug Hall
Subject: Re: NGINX Config

I am having some problems with my Nginx reverse proxy. I'm running 4Dv15,
and Active4D 6.4r3, using the 4D server shell. I have successfully
configured two web roots in Active4D, which run on the same 4D Web Client,
on port 8010. I have two different host names which are pointed to the same
IP address. I'll call them name1.domain.com:8010 and name2.domain.com:8010.
These successfully resolve to the appropriate web root within Active4D,
when I put those two urls in my web browser.

I set up my proxy in nginx two different ways, and neither of them
consistently resolve to the right website:

1: I setup one upstream server and accessed it through proxy_pass from both
server definitions:

upstream 4d_webclient{
server 127.0.0.1:8010;
}

server {
listen 80;
server_name name1.domain.com;

location / {
   root   /location_1
   proxy_pass http://4d_webclient;
   ...
}
}

server {
listen 80;
server_name name2.domain.com;

location / {
   root /location_2
   proxy_pass http://4d_webclient;
   ...
}
}

Please note that I'm just trying to get the reverse proxy to work. Once I
do that, I'll add SSL requirements, and all the necessary rewrites to make
sure people are redirected to our secured interface.

The second way I did it was to create a different upstream for each
website, using the DNS names for each, and then calling the appropriate
upstream proxy from each server definition:

upstream name1_server{
server name1.domain.com:8010;
}

upstream name2_server{
   server name2.domain.com:8010;
}

... (the same as above, except replacing 4d_webclient with name1/2_server
at proxy_pass)

Both ways gave the same results. After restarting my Web Client and nginx
(just to make sure I start from a clean slate), both name1.domain.com and
name2.domain.com resolve to the name1:domain.com:8010 website. However, if
I go to name2.domain.com:8010, then both name1.domain.com and
name2.domain.com will resolve to that website. Going to
name1.domain.com:8010 then causes both portless addresses to resolve there,
until I visit name2.domain.com:8010 directly again.

Obviously, I don't understand the relationship between how nginx deals with
upstream declarations and how that passes along to Active4D. Any help would
be appreciated.

Doug

On Fri, Oct 24, 2014 at 1:31 PM, Balinder Walia <balinder.wa...@gmail.com>
wrote:

> and then test by sending 100s of requests at the same time using Apache
> benchmark:
>
> Example type:
>
> $ ab -n 1000 -c 5 http://www.domain.com
>
> from Mac/Linux Terminal
>
> Balinder
>
> On 24 October 2014 19:26, Balinder Walia <balinder.wa...@gmail.com> wrote:
>
> > Brad,
> >
> > There are many ways to achieve it. Simplest is probably to count no of
> > processes and busyness in 4D and if too busy or near enough to use all
> > memory then get 4D to create 502.html file with appropriate message. Or
> > create if 4D is dead just leave one 502.hm there as a default option.
> >
> >
> > In JSON's script above see
> >
> >  proxy_next_upstream error timeout invalid_header http_500
> > http_502 http_503 http_504;
> >
> > what that means if proxy failed then intercept the error and show default
> > message in 502.htm
> >
> > So you would something like:
> >
> > in the main proxy block then
> >
> > proxy_intercept_errors on;
> > error_page 403 404 502 504 = @fallback;
> > break;
> >
> > and separate block what to do if proxy failed
> >
> > location @ fallback {
> > proxy_set_header X-Real-IP $remote_addr;
> > proxy_set_header Host $host;
> > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> >
> > root html;
> > index.hm which can have 502 error message or default message about 4d
> too
> > busy!
> > break;
> > }
> >
> > To be honest in this day and age we should never have a downtime and
> > customer should never see this unavailable error. they won't come back.
> So
> > I appreciate we should have a nice message on fail but setup the system
> so
> > it never fails.
> >
> >
> > On 24 October 2014 18:15, Perkins, Bradley D <bperk...@lanl.gov> wrote:
> >
> >> I'd also like to say thanks for all of these. I still use Apache but
> >> wondered about NGINX.
> >>
> >> >Any suggestions on making the Nginx server a fail-over to a hung 4D
> >> >server?
> >>
> >> Since I'm unfamiliar with NGINX, this may not help at all, but under
> >> Apach

Re: NGINX Config

2017-09-29 Thread Doug Hall via 4D_Tech

I am having some problems with my Nginx reverse proxy. I'm running 4Dv15,
and Active4D 6.4r3, using the 4D server shell. I have successfully
configured two web roots in Active4D, which run on the same 4D Web Client,
on port 8010. I have two different host names which are pointed to the same
IP address. I'll call them name1.domain.com:8010 and name2.domain.com:8010.
These successfully resolve to the appropriate web root within Active4D,
when I put those two urls in my web browser.

I set up my proxy in nginx two different ways, and neither of them
consistently resolve to the right website:

1: I setup one upstream server and accessed it through proxy_pass from both
server definitions:

upstream 4d_webclient{
server 127.0.0.1:8010;
}

server {
listen 80;
server_name name1.domain.com;

location / {
   root   /location_1
   proxy_pass http://4d_webclient;
   ...
}
}

server {
listen 80;
server_name name2.domain.com;

location / {
   root /location_2
   proxy_pass http://4d_webclient;
   ...
}
}

Please note that I'm just trying to get the reverse proxy to work. Once I
do that, I'll add SSL requirements, and all the necessary rewrites to make
sure people are redirected to our secured interface.

The second way I did it was to create a different upstream for each
website, using the DNS names for each, and then calling the appropriate
upstream proxy from each server definition:

upstream name1_server{
server name1.domain.com:8010;
}

upstream name2_server{
   server name2.domain.com:8010;
}

... (the same as above, except replacing 4d_webclient with name1/2_server
at proxy_pass)

Both ways gave the same results. After restarting my Web Client and nginx
(just to make sure I start from a clean slate), both name1.domain.com and
name2.domain.com resolve to the name1:domain.com:8010 website. However, if
I go to name2.domain.com:8010, then both name1.domain.com and
name2.domain.com will resolve to that website. Going to
name1.domain.com:8010 then causes both portless addresses to resolve there,
until I visit name2.domain.com:8010 directly again.

Obviously, I don't understand the relationship between how nginx deals with
upstream declarations and how that passes along to Active4D. Any help would
be appreciated.

Doug

On Fri, Oct 24, 2014 at 1:31 PM, Balinder Walia 
wrote:

> and then test by sending 100s of requests at the same time using Apache
> benchmark:
>
> Example type:
>
> $ ab -n 1000 -c 5 http://www.domain.com
>
> from Mac/Linux Terminal
>
> Balinder
>
> On 24 October 2014 19:26, Balinder Walia  wrote:
>
> > Brad,
> >
> > There are many ways to achieve it. Simplest is probably to count no of
> > processes and busyness in 4D and if too busy or near enough to use all
> > memory then get 4D to create 502.html file with appropriate message. Or
> > create if 4D is dead just leave one 502.hm there as a default option.
> >
> >
> > In JSON's script above see
> >
> >  proxy_next_upstream error timeout invalid_header http_500
> > http_502 http_503 http_504;
> >
> > what that means if proxy failed then intercept the error and show default
> > message in 502.htm
> >
> > So you would something like:
> >
> > in the main proxy block then
> >
> > proxy_intercept_errors on;
> > error_page 403 404 502 504 = @fallback;
> > break;
> >
> > and separate block what to do if proxy failed
> >
> > location @ fallback {
> > proxy_set_header X-Real-IP $remote_addr;
> > proxy_set_header Host $host;
> > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> >
> > root html;
> > index.hm which can have 502 error message or default message about 4d
> too
> > busy!
> > break;
> > }
> >
> > To be honest in this day and age we should never have a downtime and
> > customer should never see this unavailable error. they won't come back.
> So
> > I appreciate we should have a nice message on fail but setup the system
> so
> > it never fails.
> >
> >
> > On 24 October 2014 18:15, Perkins, Bradley D  wrote:
> >
> >> I'd also like to say thanks for all of these. I still use Apache but
> >> wondered about NGINX.
> >>
> >> >Any suggestions on making the Nginx server a fail-over to a hung 4D
> >> >server?
> >>
> >> Since I'm unfamiliar with NGINX, this may not help at all, but under
> >> Apache I always modify the error files for 502 (or 503?) errors so that
> >> they contain user friendly "site unavailable" messages. Those files get
> >> served when Apache can't reverse proxy to 4D.
> >>
> >> -- Brad
> >>
> >>
> >> **
> >> See how easy it is to extend your 4D solutions to Web and mobile. New
> >> opportunities await you with 4D v14!
> >>
> >> 4D Internet Users Group (4D iNUG)
> >> FAQ:  http://lists.4d.com/faqnug.html
> >> Archive:  http://lists.4d.com/archives.html
> >> Options: https://lists.4d.com/mailman/options/4d_tech
> >> Unsub:

RE: NGINX Config

Re: NGINX Config

RE: NGINX Config

Re: NGINX Config

Re: NGINX Config

Re: NGINX Config

RE: NGINX Config

Re: NGINX Config

8 matches

Site Navigation

Mail list logo

Footer information