Re: Potential bug in ngx_event.c

On 2019-08-30 07:19, Maxim Dounin wrote: Hello! On Fri, Aug 23, 2019 at 11:00:41AM -0700, Rian Hunter wrote: While browsing the source I noticed something that seemed wrong, even though I haven't observed any buggy behavior or have reproduced this bug myself. In ngx_event.c there is a line:

Re: Allow internal redirect to URI x, but deny external request for x?

On Fri, Aug 30, 2019 at 04:59:36PM -0500, J. Lewis Muir wrote: Hi there, > I was wishing for a way to specify a new root but with a modified > request URI. So, I tried the alias directive, and I assumed that > $document_root and $realpath_root would refer to the aliased document > root, but

Re: ssl client auth trouble

I'm a big fan of throw-away certificates, i.e., self-signed certificates you may dispose of any time. It seems, the generation of proper certificates is still a mystery to some, so let me briefly include a recipe how to create them: Create a cert-client.conf of the following form:

Re: Allow internal redirect to URI x, but deny external request for x?

I've been following this, and I would take a slightly different approach. 1. Serve all apps under /{app}/releases/{version}/{path} as you have them organized in the deployment structure in the file system. 2. Forget about symbolic links and other makeshift versioning/defaulting in the file

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/30, Francis Daly wrote: > On Fri, Aug 30, 2019 at 01:58:23PM -0500, J. Lewis Muir wrote: > > Hi there, > > > location ~ ^/my-app/(.*?[^/]\.php(?:/.*|$)) { > > alias /srv/www/my-app/current/$1; > > fastcgi_split_path_info ^(.+?\.php)(/.*)$; > > return 200 "realpath_root:

Re: Allow internal redirect to URI x, but deny external request for x?

I've been following this thread not really out of need but rather that it is really interesting. That said, I don't think for security you want to "escape" the web root. The risk is that might aid a traversal attack.   Original Message   From: hobso...@gmail.com Sent: August

Re: Allow internal redirect to URI x, but deny external request for x?

On Fri, Aug 30, 2019 at 01:58:23PM -0500, J. Lewis Muir wrote: Hi there, > location ~ ^/my-app/(.*?[^/]\.php(?:/.*|$)) { > alias /srv/www/my-app/current/$1; > fastcgi_split_path_info ^(.+?\.php)(/.*)$; > return 200 "realpath_root: $realpath_root\nfastcgi_script_name: >

Re: Allow internal redirect to URI x, but deny external request for x?

On Fri, Aug 30, 2019 at 12:33:17PM -0500, J. Lewis Muir wrote: Hi there, > I'm wishing to be able to do an internal redirect > in nginx to URL x, but deny an external request to the same URL x so > that I don't serve the same content at more than one URL. Is there a > way to do that? > > For

Re: proxy_set_header on HTTP or Server level

On Fri, Aug 30, 2019 at 01:03:57PM -0400, stmx38 wrote: Hi there, > As per documentation - > http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_set_header: > Context: http, server, location > > > These directives are inherited from the previous level if and only if > there are

Re: Reverse proxy 404 error help!

On Thu, Aug 29, 2019 at 10:54:33PM -0400, Soon Hyouk Lee wrote: Hi there, some web services are not set up to be friendly to be reverse-proxied at a different part of the local url hierarchy than they know about. Perhaps this is one of them. If you can configure the back-end server to believe

Re: stream server name question

On Mon, Aug 26, 2019 at 08:55:31PM -0400, Louis Garcia wrote: Hi there, > I am able to use $ssl_preread_server_name to get the server name. This is > with https requests. Is there a corresponding embedded variable for http > requests? No. "stream" does not know about http or https. "stream"

Re: proxy_pass redirect for address without trailing slash disregards Host port

On Sat, Aug 24, 2019 at 11:17:34AM +0200, Nuno Gonçalves wrote: Hi there, > That's not correct, the server is taking the Host domain part from the > client Host header. It's just not taking the port part. > > This inconsistency is why I believe it's a bug. Before "absolute_redirect", I would

[PATCH] Upstream keepalive: keepalive_pool_key directive.

# HG changeset patch # User Thibault Charbonnier # Date 1567193727 25200 # Fri Aug 30 12:35:27 2019 -0700 # Node ID 40abd582aafbd22c2435afed5fd3311333ca99bd # Parent a31ec2b79f9f208fecbc92020d12edb2a5207480 Upstream keepalive: keepalive_pool_key directive. This directive gives control to

RE: ssl client auth trouble

> I will search for this. Not sure how to add this info to my logs, or > whether it logs failures too? $ssl_client_verify - contains the verification status You have to define a custom log_format (http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format ) For example: log_format

Re: ssl client auth trouble

On 8/30/2019 12:33 PM, Reinis Rozitis wrote: When this is all done, and I import the p12 client certificate on my Windows PCs (tested 2) Chrome and Firefox show me the "400 Bad Request\n No required SSL certificate was sent". The very strange thing is IE11 on one of the two PCs, actually

Re: Allow internal redirect to URI x, but deny external request for x?

Hi Lewis, On 30/08/19 18:33, J. Lewis Muir wrote: Hello! I'm using nginx 1.12.2 on RHEL 7, and I've got a FastCGI web app that uses a deployment structure which uses an atomic symlink change for an atomic app deploy, and I'm wishing to be able to do an internal redirect in nginx to URL x, but

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/30, J. Lewis Muir wrote: > On 08/30, J. Lewis Muir wrote: > > I'm wondering if the fastcgi_split_path_info function or the if > > directive is what's emitting the file op message in the error log which > > would mean that one or both of $realpath_root or $fastcgi_script_name > > are not set

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/30, J. Lewis Muir wrote: > I'm wondering if the fastcgi_split_path_info function or the if > directive is what's emitting the file op message in the error log which > would mean that one or both of $realpath_root or $fastcgi_script_name > are not set to what I expect. (?) Adding return

Fwd: confirm 5f9be349e631f958ba756da43c02aa760f8cc2e3

Begin forwarded message: From: nginx-requ...@nginx.org Subject: confirm 5f9be349e631f958ba756da43c02aa760f8cc2e3 Date: 30 August 2019 at 19:24:24 BST To: rough...@hotmail.co.uk Reply-To:

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/30, J. Lewis Muir wrote: > I initially tried using the alias directive which I thought was a better > fit for what I wanted to do > > location /my-app/ { > alias /srv/www/my-app/current/; > index index.php; > } > > location /my-app/current/ { > return 404; > } > >

Allow internal redirect to URI x, but deny external request for x?

Hello! I'm using nginx 1.12.2 on RHEL 7, and I've got a FastCGI web app that uses a deployment structure which uses an atomic symlink change for an atomic app deploy, and I'm wishing to be able to do an internal redirect in nginx to URL x, but deny an external request to the same URL x so that I

proxy_set_header on HTTP or Server level

Hello, We recently made some order in our configuration to make it cleaner and readable. We have moved all reverse proxy related parameters on the HTTP level from the vhosts locations: proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header

Re: Иногда в логах проскакивает SSL write() failed

У меня такое то же иногда проскакивает, был бы признателен, если бы кто-то подсказал из-за чего это Posted at Nginx Forum: https://forum.nginx.org/read.php?21,285121,285460#msg-285460 ___ nginx-ru mailing list nginx-ru@nginx.org

rewrite

Всем привет Прошу помочь перенести редирект с IIS на NGINX Помогите плиз. как он должен выглядеть? Posted at Nginx Forum: https://forum.nginx.org/read.php?21,285459,285459#msg-285459

Re: [PATCH] ngx_conf_file: "include ./" acts relative to currently parsed file

Le 2019-08-30 16:02, Maxim Dounin a écrit : Changing this to resolve relative paths from the current included file instead is possible, but would be a major change - I suspect it will break a lot of configurations. Not sure we are going to do this. On Thu, Aug 29, 2019 at 08:04:41AM +0200,

Re: Potential bug in ngx_event.c

Hello! On Fri, Aug 23, 2019 at 11:00:41AM -0700, Rian Hunter wrote: > While browsing the source I noticed something that seemed wrong, even > though I haven't observed any buggy behavior or have reproduced this bug > myself. In ngx_event.c there is a line: > > if

ssl client auth trouble

I have been trying to configure client certificates (really just one cert for now) for two days on CentOS 7, Nginx 1.16.1, and have had very limited success. I have tried various online guides and they are mostly the same - but all have resulted in the same exact scenario.  One such guide is

Re: [PATCH] ngx_conf_file: "include ./" acts relative to currently parsed file

Hello! On Thu, Aug 29, 2019 at 08:04:41AM +0200, Guillaume Outters wrote: > Hello, > > as an Nginx user, I regularly discover new features that prove > useful if not game changers. > > However I stay puzzled (nearly since I started using it) on why > the config include system does not allow

Re: Количество одновременно ипользуемых proxy pass в в нескольких location

Hello! On Wed, Aug 21, 2019 at 01:57:10AM -0400, glareboa wrote: > Приветствую. > > Использую такую конструкцию. > > http { > ... > server { > listen 80 default_server; > ... > location /qwe/ > { >proxy_pass "http://192.168.1.2:9000;; > } > > location /qwe/ > { >proxy_pass

Re: Как записать ключи pre-master от tls-соединений, обрабатываемых nginx?

Hello! On Tue, Aug 27, 2019 at 11:50:18PM +0300, Pavel wrote: > Мы состоим в реестре организаторов распространения информации и > поэтому обязаны предоставлять в надзорный орган ключи tls сессий. > > Для таких случаев существует механизм по перехвату вызовов библиотеки > openssl:

Re: nginx полностью загружает весь процессор при reload'e

Hello! On Wed, Aug 28, 2019 at 09:18:44PM +0500, Dmitry Sergeev wrote: > Вообще мне это конечно помогло, но  не полностью. На версии 1.0.2g во > время reload'а проц грузит полностью  около 5-10 секунд (вместо 40-300 > секунд на 1.0.1u), теперь просто оно особо проблем не вызывает у >

RE: How to add Multiple sites with ipv6 and SSL on Nginx ?

> The problem is comming when I try to test both Django sites with ssllabs.com > > >Certificate #2: RSA 2048 bits (SHA256withRSA) No SNI > The error what I see is "Alternative nameswpexample.org > www.wpexample.org > MISMATCH" It is normal for clients which don't support SNI (server name

How to add Multiple sites with ipv6 and SSL on Nginx ?

I have three websites on one Linode IP and I want to add ipv6 with SSL 1. Wordpress 2. Django1 3. Django2 All of them have SSL certificates from Letsencrypt and I have test them and they working. In testing of SSL I have an error with Mismatch and in Debugging error Curl error: 51

Re: Nginx не добавляет необходимые библиотеки при сборке из исходников со сторонними модуямии

Приветствую! Если речь про сборку Nginx c модулем brotli, то как раз недавно выпустил об этом подробное видео: https://www.youtube.com/watch?v=WJUS35TQkPc 30.08.2019 2:51, analytic пишет: Для тех у кого будет такая же проблема. Я так и не понял почему checkinstall не подтягивает при сборке