Re: Allow internal redirect to URI x, but deny external request for x?

Hi Lewis,   the idea is to have a deployment process that places apps or whatever artifacts always in a certain distinct place that is determined once at deployment time. This will determine the address where you can reach the app in the namespace of NGINX. So, if the convention is to place

Re: Allow internal redirect to URI x, but deny external request for x?

On 08/30, j94305 wrote: > I've been following this, and I would take a slightly different approach. > > 1. Serve all apps under /{app}/releases/{version}/{path} as you have them > organized in the deployment structure in the file system. > > 2. Forget about symbolic links and other makeshift

Re: NGINX R19 Javascript bug with keyval maps

A little correction to my earlier message: IPv6 addresses also seem to work. In my test, I was checking for a dot in the key, and that excluded IPv6 addresses. However, CIDR ranges still fail. Posted at Nginx Forum: https://forum.nginx.org/read.php?2,285542,285543#msg-285543

NGINX R19 Javascript bug with keyval maps

The new R19 introduces "type=ip" keyval maps. Posting IP addresses (e.g., 1.2.3.4) seems to work from both, the API 5 REST calls and from Javascript, except IPv6 addresses are not accepted. Posting CIDR blocks (e.g., 1.2.3.0/24) works fine via the API 5 REST calls but not via Javascript. CIDR

ngx http charset module не добавляет пробел для text/plain

Не могу понять почему nginx формирует разные заголовки. Баг? Конфиг такой: include /etc/nginx/mime.types; charset "utf-8"; charset_types text/xml text/plain application/javascript application/rss+xml application/xml text/css

Re: Allow internal redirect to URI x, but deny external request for x?

On 09/03, J. Lewis Muir wrote: > On 09/02, Francis Daly wrote: > > But if "the app" involves a http request to part1.php and then a http > > request to part2.php (or: a second http request to part1.php), I don't > > think that the symlink+realpath thing will prevent those two requests > > going to

[PATCH] HTTP: added the preserve_method option to the error_page directive.

# HG changeset patch # User Thibault Charbonnier # Date 1567537546 25200 # Tue Sep 03 12:05:46 2019 -0700 # Node ID 68ba3d36bff4213e3fedc538021e8cbece85e508 # Parent 52b5ee64fe11ec267a0767cbb9874c8cae652299 HTTP: added the preserve_method option to the error_page directive. As of today,

Re: Allow internal redirect to URI x, but deny external request for x?

On 09/02, Francis Daly wrote: > nginx does not "do" php. nginx does not care what your fastcgi server > will do with the key/value pairs that it sends. nginx cares that the > fastcgi server gives a valid response to the request that nginx makes. > > Typically, your fastcgi server will use the

Re: [PATCH] ngx_conf_file: "include ./" acts relative to currently parsed file

Le 2019-09-03 16:39, Maxim Dounin a écrit : include @example.conf; include example.conf local; include example.conf -l; include example.conf relative; include example.conf from_there; include example.conf nearby; I can't say I like either of the variants. … Neither do I (although the

Re: nginx полностью загружает весь процессор при reload'e

Hello! On Tue, Sep 03, 2019 at 03:18:36PM +0500, Dmitry Sergeev wrote: > Добрый день,  спасибо за ответ. > > On 02/09/2019 22:11, Maxim Dounin wrote: > > Just in case, для работы такая конфигурация смысла не имеет - если > > тикеты выключены, то ключ для их шифрования не нужен. Ключ имеет > >

Re: Routing Http2 traffic without decrypting tls packets

On Mon, Sep 02, 2019 at 05:45:59PM +, Jayarajan, Keerthi (AT ASP RTC) wrote: > Hi, > > I'm working in blockchain project for Honeywell. We have blockchain nodes > hosted in our cloud. These nodes should connect and talk to external node and > vice versa. We are using Nginx as Reverse proxy

Re: [PATCH] ngx_conf_file: "include ./" acts relative to currently parsed file

Hello! On Fri, Aug 30, 2019 at 04:28:00PM +0200, Guillaume Outters wrote: > Le 2019-08-30 16:02, Maxim Dounin a écrit : > > > Changing this to resolve relative paths from the current included > > file instead is possible, but would be a major change - I suspect > > it will break a lot of

[njs] Added Number.prototype.toFixed().

details: https://hg.nginx.org/njs/rev/d46a332c9c4d branches: changeset: 1156:d46a332c9c4d user: Dmitry Volyntsev date: Tue Sep 03 17:31:45 2019 +0300 description: Added Number.prototype.toFixed(). This closes #29 issue on Github. diffstat: auto/sources |1 +

[nginx] Detect runaway chunks in ngx_http_parse_chunked().

details: https://hg.nginx.org/nginx/rev/52b5ee64fe11 branches: changeset: 7562:52b5ee64fe11 user: Sergey Kandaurov date: Tue Sep 03 17:26:56 2019 +0300 description: Detect runaway chunks in ngx_http_parse_chunked(). As defined in HTTP/1.1, body chunks have the following ABNF:

Re: nginx полностью загружает весь процессор при reload'e

Добрый день,  спасибо за ответ. On 02/09/2019 22:11, Maxim Dounin wrote: Just in case, для работы такая конфигурация смысла не имеет - если тикеты выключены, то ключ для их шифрования не нужен. Ключ имеет смысл задавать, если тикеты включены. С точки зрения влияния на reload - внешний ключ

Re: Как записать ключи pre-master от tls-соединений, обрабатываемых nginx?

Здравствуйте. > Hello! > > On Tue, Aug 27, 2019 at 11:50:18PM +0300, Pavel wrote: > >> Мы состоим в реестре организаторов распространения информации и >> поэтому обязаны предоставлять в надзорный орган ключи tls сессий. >> >> Для таких случаев существует механизм по перехвату вызовов