RE: NGINX Config
Paul, I can attest to the speed nginx provides in front of 4D! But nginx also increases stability. Nginx will close stale connections, whereas an extremely busy 4D Server may not close stale connections, resulting in eventual crashing with thousands of http processes. David Ringsmuth From: Paul Dennis via 4D_Tech Sent: Tuesday, October 3, 2017 2:16 AM To: 4d_tech@lists.4d.com Cc: Paul Dennis Subject: Re: NGINX Config RE: Note if you enable 443 and ssl for any server you must have a cert for all servers listening on 443 you cant mix them up. To Clarify I use nginx on windows and linux in a hyper v vm to proxy to our different internal servers for web, testing etc. Each ssl is tied to a domain however if you enable ssl and 443 on the nginx instance then you must have an ssl for each domain listening on port 443. It is much faster to have nginx ssl sitting in front of 4d and have proxy to 4d on normal http. Paul -- Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html ** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com ** ** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: NGINX Config
RE: Note if you enable 443 and ssl for any server you must have a cert for all servers listening on 443 you cant mix them up. To Clarify I use nginx on windows and linux in a hyper v vm to proxy to our different internal servers for web, testing etc. Each ssl is tied to a domain however if you enable ssl and 443 on the nginx instance then you must have an ssl for each domain listening on port 443. It is much faster to have nginx ssl sitting in front of 4d and have proxy to 4d on normal http. Paul -- Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html ** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
RE: NGINX Config
SSL certificates are tied to a domain, not to physical computer. A client (browser) is not able to resolve to a physical machine. And this is a good thing! I can't imagine what will happen if clients would get information of our physicals machines even it would be the MAC address only. The browser is able to check the domain the responses come from. Regards Lutz -- Lutz Epperlein -- Agendo Gesellschaft für politische Planung mbH Köpenicker Str. 9 10997 Berlin http://www.agendo.de/ -- > -Original Message- > From: 4D_Tech [mailto:4d_tech-boun...@lists.4d.com] On Behalf Of Doug Hall via > 4D_Tech > Sent: Monday, October 2, 2017 5:31 PM > To: 4D iNug Technical <4d_tech@lists.4d.com> > Cc: Doug Hall > Subject: Re: NGINX Config > > RE: Note if you enable 443 and ssl for any server you must have a cert for > all > servers listening on 443 you cant mix them up. > > We only have the one physical server (running 4D in remote mode). You > aren't talking about the different domains being served from that one > machine are you? SSL certificates are tied to the physical server > (computer), not nginx server block/domain name, right? > > Thanks, > Doug ** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: NGINX Config
RE: Note if you enable 443 and ssl for any server you must have a cert for all servers listening on 443 you cant mix them up. We only have the one physical server (running 4D in remote mode). You aren't talking about the different domains being served from that one machine are you? SSL certificates are tied to the physical server (computer), not nginx server block/domain name, right? Thanks, Doug On Mon, Oct 2, 2017 at 1:49 AM, Paul Dennis via 4D_Tech < 4d_tech@lists.4d.com> wrote: > Hello Jason, > > I ve been doing this for years my config is simpler. Dont understand why > you > need to define the upstream and rewrite for a simple proxy. I just have a > server block (nginx jargon) as follows. > > server { > listen 443 ssl; > > server_name dashboard.xxx.com; > client_header_buffer_size 2k; > large_client_header_buffers 8 12k; > client_max_body_size 20m; > ssl_certificate > /etc/letsencrypt/live/dashboard.xxx.com/fullchain.pem; > ssl_certificate_key > /etc/letsencrypt/live/dashboard.xxx.com/privkey.pem; > > location / { > proxy_pass http://192.168.1.20:8086/; > } > > > Note if you enable 443 and ssl for any server you must have a cert for all > servers listening on 443 you cant mix them up. > > > > > > > -- > Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html > ** > 4D Internet Users Group (4D iNUG) > FAQ: http://lists.4d.com/faqnug.html > Archive: http://lists.4d.com/archives.html > Options: http://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:4d_tech-unsubscr...@lists.4d.com > ** > ** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: NGINX Config
Hello Jason, I ve been doing this for years my config is simpler. Dont understand why you need to define the upstream and rewrite for a simple proxy. I just have a server block (nginx jargon) as follows. server { listen 443 ssl; server_name dashboard.xxx.com; client_header_buffer_size 2k; large_client_header_buffers 8 12k; client_max_body_size 20m; ssl_certificate /etc/letsencrypt/live/dashboard.xxx.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/dashboard.xxx.com/privkey.pem; location / { proxy_pass http://192.168.1.20:8086/; } Note if you enable 443 and ssl for any server you must have a cert for all servers listening on 443 you cant mix them up. -- Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html ** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: NGINX Config
I appreciate your time to look this over, David and Jason. I'll definitely check out Nginx Plus, David, thanks. Jason, that's a great idea, to point it to another IP. I happen to have another development server that should do the trick. I'll give it a shot Monday morning. Y'all have a great weekend! Doug On Fri, Sep 29, 2017 at 4:32 PM, JasonH via 4D_Tech <4d_tech@lists.4d.com> wrote: > Hi Doug, > > I can't offer anything other than to say what you have looks correct to me. > I was just thinking to confirm it's a NGINX issue and not 4d / Active4D > config problem, try pointing name2.domain.com to a totally different IP > than > your 4D server. Name1 should redirect to your 4D webserver, and then name2 > to a totally different server. > > If that works, then you're configuring NGINX correctly and 4D / Active4D is > mis-configured. If you still get the same page with both requests, then > you > know something is messed up with the NGINX config. > > Good luck! > Jason > > > > -- > Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html > ** > 4D Internet Users Group (4D iNUG) > FAQ: http://lists.4d.com/faqnug.html > Archive: http://lists.4d.com/archives.html > Options: http://lists.4d.com/mailman/options/4d_tech > Unsub: mailto:4d_tech-unsubscr...@lists.4d.com > ** ** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
Re: NGINX Config
Hi Doug, I can't offer anything other than to say what you have looks correct to me. I was just thinking to confirm it's a NGINX issue and not 4d / Active4D config problem, try pointing name2.domain.com to a totally different IP than your 4D server. Name1 should redirect to your 4D webserver, and then name2 to a totally different server. If that works, then you're configuring NGINX correctly and 4D / Active4D is mis-configured. If you still get the same page with both requests, then you know something is messed up with the NGINX config. Good luck! Jason -- Sent from: http://4d.1045681.n5.nabble.com/4D-Tech-f1376241.html ** 4D Internet Users Group (4D iNUG) FAQ: http://lists.4d.com/faqnug.html Archive: http://lists.4d.com/archives.html Options: http://lists.4d.com/mailman/options/4d_tech Unsub: mailto:4d_tech-unsubscr...@lists.4d.com **
RE: NGINX Config
Doug, Post this to: https://forum.nginx.org/ David Ringsmuth From: Doug Hall via 4D_Tech Sent: Friday, September 29, 2017 12:28 PM To: 4D iNug Technical Cc: Doug Hall Subject: Re: NGINX Config I am having some problems with my Nginx reverse proxy. I'm running 4Dv15, and Active4D 6.4r3, using the 4D server shell. I have successfully configured two web roots in Active4D, which run on the same 4D Web Client, on port 8010. I have two different host names which are pointed to the same IP address. I'll call them name1.domain.com:8010 and name2.domain.com:8010. These successfully resolve to the appropriate web root within Active4D, when I put those two urls in my web browser. I set up my proxy in nginx two different ways, and neither of them consistently resolve to the right website: 1: I setup one upstream server and accessed it through proxy_pass from both server definitions: upstream 4d_webclient{ server 127.0.0.1:8010; } server { listen 80; server_name name1.domain.com; location / { root /location_1 proxy_pass http://4d_webclient; ... } } server { listen 80; server_name name2.domain.com; location / { root /location_2 proxy_pass http://4d_webclient; ... } } Please note that I'm just trying to get the reverse proxy to work. Once I do that, I'll add SSL requirements, and all the necessary rewrites to make sure people are redirected to our secured interface. The second way I did it was to create a different upstream for each website, using the DNS names for each, and then calling the appropriate upstream proxy from each server definition: upstream name1_server{ server name1.domain.com:8010; } upstream name2_server{ server name2.domain.com:8010; } ... (the same as above, except replacing 4d_webclient with name1/2_server at proxy_pass) Both ways gave the same results. After restarting my Web Client and nginx (just to make sure I start from a clean slate), both name1.domain.com and name2.domain.com resolve to the name1:domain.com:8010 website. However, if I go to name2.domain.com:8010, then both name1.domain.com and name2.domain.com will resolve to that website. Going to name1.domain.com:8010 then causes both portless addresses to resolve there, until I visit name2.domain.com:8010 directly again. Obviously, I don't understand the relationship between how nginx deals with upstream declarations and how that passes along to Active4D. Any help would be appreciated. Doug On Fri, Oct 24, 2014 at 1:31 PM, Balinder Walia wrote: > and then test by sending 100s of requests at the same time using Apache > benchmark: > > Example type: > > $ ab -n 1000 -c 5 http://www.domain.com > > from Mac/Linux Terminal > > Balinder > > On 24 October 2014 19:26, Balinder Walia wrote: > > > Brad, > > > > There are many ways to achieve it. Simplest is probably to count no of > > processes and busyness in 4D and if too busy or near enough to use all > > memory then get 4D to create 502.html file with appropriate message. Or > > create if 4D is dead just leave one 502.hm there as a default option. > > > > > > In JSON's script above see > > > > proxy_next_upstream error timeout invalid_header http_500 > > http_502 http_503 http_504; > > > > what that means if proxy failed then intercept the error and show default > > message in 502.htm > > > > So you would something like: > > > > in the main proxy block then > > > > proxy_intercept_errors on; > > error_page 403 404 502 504 = @fallback; > > break; > > > > and separate block what to do if proxy failed > > > > location @ fallback { > > proxy_set_header X-Real-IP $remote_addr; > > proxy_set_header Host $host; > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > > > root html; > > index.hm which can have 502 error message or default message about 4d > too > > busy! > > break; > > } > > > > To be honest in this day and age we should never have a downtime and > > customer should never see this unavailable error. they won't come back. > So > > I appreciate we should have a nice message on fail but setup the system > so > > it never fails. > > > > > > On 24 October 2014 18:15, Perkins, Bradley D wrote: > > > >> I'd also like to say thanks for all of these. I still use Apache but > >> wondered about NGINX. > >> > >> >Any suggestions on making the Nginx server a fail-over to a hung 4D > >> >server? > >> > >> Since I'm unfamiliar with NGINX, this may not help at all, but under > >> Apache I always modify the error files for 502 (or 503
Re: NGINX Config
I am having some problems with my Nginx reverse proxy. I'm running 4Dv15, and Active4D 6.4r3, using the 4D server shell. I have successfully configured two web roots in Active4D, which run on the same 4D Web Client, on port 8010. I have two different host names which are pointed to the same IP address. I'll call them name1.domain.com:8010 and name2.domain.com:8010. These successfully resolve to the appropriate web root within Active4D, when I put those two urls in my web browser. I set up my proxy in nginx two different ways, and neither of them consistently resolve to the right website: 1: I setup one upstream server and accessed it through proxy_pass from both server definitions: upstream 4d_webclient{ server 127.0.0.1:8010; } server { listen 80; server_name name1.domain.com; location / { root /location_1 proxy_pass http://4d_webclient; ... } } server { listen 80; server_name name2.domain.com; location / { root /location_2 proxy_pass http://4d_webclient; ... } } Please note that I'm just trying to get the reverse proxy to work. Once I do that, I'll add SSL requirements, and all the necessary rewrites to make sure people are redirected to our secured interface. The second way I did it was to create a different upstream for each website, using the DNS names for each, and then calling the appropriate upstream proxy from each server definition: upstream name1_server{ server name1.domain.com:8010; } upstream name2_server{ server name2.domain.com:8010; } ... (the same as above, except replacing 4d_webclient with name1/2_server at proxy_pass) Both ways gave the same results. After restarting my Web Client and nginx (just to make sure I start from a clean slate), both name1.domain.com and name2.domain.com resolve to the name1:domain.com:8010 website. However, if I go to name2.domain.com:8010, then both name1.domain.com and name2.domain.com will resolve to that website. Going to name1.domain.com:8010 then causes both portless addresses to resolve there, until I visit name2.domain.com:8010 directly again. Obviously, I don't understand the relationship between how nginx deals with upstream declarations and how that passes along to Active4D. Any help would be appreciated. Doug On Fri, Oct 24, 2014 at 1:31 PM, Balinder Walia wrote: > and then test by sending 100s of requests at the same time using Apache > benchmark: > > Example type: > > $ ab -n 1000 -c 5 http://www.domain.com > > from Mac/Linux Terminal > > Balinder > > On 24 October 2014 19:26, Balinder Walia wrote: > > > Brad, > > > > There are many ways to achieve it. Simplest is probably to count no of > > processes and busyness in 4D and if too busy or near enough to use all > > memory then get 4D to create 502.html file with appropriate message. Or > > create if 4D is dead just leave one 502.hm there as a default option. > > > > > > In JSON's script above see > > > > proxy_next_upstream error timeout invalid_header http_500 > > http_502 http_503 http_504; > > > > what that means if proxy failed then intercept the error and show default > > message in 502.htm > > > > So you would something like: > > > > in the main proxy block then > > > > proxy_intercept_errors on; > > error_page 403 404 502 504 = @fallback; > > break; > > > > and separate block what to do if proxy failed > > > > location @ fallback { > > proxy_set_header X-Real-IP $remote_addr; > > proxy_set_header Host $host; > > proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; > > > > root html; > > index.hm which can have 502 error message or default message about 4d > too > > busy! > > break; > > } > > > > To be honest in this day and age we should never have a downtime and > > customer should never see this unavailable error. they won't come back. > So > > I appreciate we should have a nice message on fail but setup the system > so > > it never fails. > > > > > > On 24 October 2014 18:15, Perkins, Bradley D wrote: > > > >> I'd also like to say thanks for all of these. I still use Apache but > >> wondered about NGINX. > >> > >> >Any suggestions on making the Nginx server a fail-over to a hung 4D > >> >server? > >> > >> Since I'm unfamiliar with NGINX, this may not help at all, but under > >> Apache I always modify the error files for 502 (or 503?) errors so that > >> they contain user friendly "site unavailable" messages. Those files get > >> served when Apache can't reverse proxy to 4D. > >> > >> -- Brad > >> > >> > >> ** > >> See how easy it is to extend your 4D solutions to Web and mobile. New > >> opportunities await you with 4D v14! > >> > >> 4D Internet Users Group (4D iNUG) > >> FAQ: http://lists.4d.com/faqnug.html > >> Archive: http://lists.4d.com/archives.html > >> Options: https://lists.4d.com/mailman/options/4d_tech > >> Unsub: mailto:4d_tech-unsubscr...@lists.4d.com > >> **