Re: [PATCH] Configure: call make distclean for zlib only if Makefile exists
Hey, Configure: call make distclean for zlib only if Makefile exists. This change allows to build nginx against git checkout of zlib. Actually, it looks that only our amd64-optimized version [1] doesn't ship with Makefile, the original repository [2] has a minimal one with distclean target, so feel free to ignore this patch (although, I still think it's a good practice to check if the Makefile exists before calling make). [1] https://github.com/cloudflare/zlib/commits/gcc.amd64 [2] https://github.com/madler/zlib Best regards, Piotr Sikora ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] nginx-1.6.0-RELEASE
details: http://hg.nginx.org/nginx/rev/daa5384fd526 branches: stable-1.6 changeset: 5671:daa5384fd526 user: Maxim Dounin mdou...@mdounin.ru date: Thu Apr 24 16:52:24 2014 +0400 description: nginx-1.6.0-RELEASE diffstat: docs/xml/nginx/changes.xml | 14 ++ 1 files changed, 14 insertions(+), 0 deletions(-) diffs (24 lines): diff --git a/docs/xml/nginx/changes.xml b/docs/xml/nginx/changes.xml --- a/docs/xml/nginx/changes.xml +++ b/docs/xml/nginx/changes.xml @@ -5,6 +5,20 @@ change_log title=nginx +changes ver=1.6.0 date=24.04.2014 + +change +para lang=ru +Стабильная ветка 1.6.x. +/para +para lang=en +1.6.x stable branch. +/para +/change + +/changes + + changes ver=1.5.13 date=08.04.2014 change type=change ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] release-1.6.0 tag
details: http://hg.nginx.org/nginx/rev/622887a470d3 branches: stable-1.6 changeset: 5672:622887a470d3 user: Maxim Dounin mdou...@mdounin.ru date: Thu Apr 24 16:52:24 2014 +0400 description: release-1.6.0 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff --git a/.hgtags b/.hgtags --- a/.hgtags +++ b/.hgtags @@ -369,3 +369,4 @@ b798fc020e3a84ef68e6c9f47865a319c826d33c f995a10d4c7e9a817157a6ce7b753297ad32897e release-1.5.11 97b47d95e4449cbde976657cf8cbbc118351ffe0 release-1.5.12 fd722b890eabc600394349730a093f50dac31639 release-1.5.13 +daa5384fd526a9c18fff4f5135646743628f6bc7 release-1.6.0 ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] release-1.7.0 tag
details: http://hg.nginx.org/nginx/rev/1b0c55d38d0b branches: changeset: 5674:1b0c55d38d0b user: Maxim Dounin mdou...@mdounin.ru date: Thu Apr 24 16:54:23 2014 +0400 description: release-1.7.0 tag diffstat: .hgtags | 1 + 1 files changed, 1 insertions(+), 0 deletions(-) diffs (8 lines): diff --git a/.hgtags b/.hgtags --- a/.hgtags +++ b/.hgtags @@ -369,3 +369,4 @@ b798fc020e3a84ef68e6c9f47865a319c826d33c f995a10d4c7e9a817157a6ce7b753297ad32897e release-1.5.11 97b47d95e4449cbde976657cf8cbbc118351ffe0 release-1.5.12 fd722b890eabc600394349730a093f50dac31639 release-1.5.13 +d161d68df8be32e5cbf72b07db1a707714827803 release-1.7.0 ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[nginx] Version bump.
details: http://hg.nginx.org/nginx/rev/1710bf72243e branches: changeset: 5675:1710bf72243e user: Valentin Bartenev vb...@nginx.com date: Thu Apr 24 20:50:10 2014 +0400 description: Version bump. diffstat: src/core/nginx.h | 4 ++-- 1 files changed, 2 insertions(+), 2 deletions(-) diffs (14 lines): diff -r 1b0c55d38d0b -r 1710bf72243e src/core/nginx.h --- a/src/core/nginx.h Thu Apr 24 16:54:23 2014 +0400 +++ b/src/core/nginx.h Thu Apr 24 20:50:10 2014 +0400 @@ -9,8 +9,8 @@ #define _NGINX_H_INCLUDED_ -#define nginx_version 1007000 -#define NGINX_VERSION 1.7.0 +#define nginx_version 1007001 +#define NGINX_VERSION 1.7.1 #define NGINX_VER nginx/ NGINX_VERSION #define NGINX_VAR NGINX ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH 1 of 2] HTTP: Add client source port to any error that is logged
# HG changeset patch # User Quanah Gibson-Mount qua...@zimbra.com # Date 1398357557 18000 # Node ID 4b7d2e503c06758330aabcc21ffbbab77f09568e # Parent 1b0c55d38d0b7ba69dcad79760a3fadc30696a9d HTTP: Add client source port to any error that is logged For TRAC ticket 531 diff -r 1b0c55d38d0b -r 4b7d2e503c06 src/http/ngx_http_request.c --- a/src/http/ngx_http_request.c Thu Apr 24 16:54:23 2014 +0400 +++ b/src/http/ngx_http_request.c Thu Apr 24 11:39:17 2014 -0500 @@ -3548,6 +3548,11 @@ u_char *p; ngx_http_request_t *r; ngx_http_log_ctx_t *ctx; +ngx_uint_t remote_port=0; +struct sockaddr_in *sin; +#if (NGX_HAVE_INET6) +struct sockaddr_in6*sin6; +#endif if (log-action) { p = ngx_snprintf(buf, len, while %s, log-action); @@ -3557,15 +3562,32 @@ ctx = log-data; -p = ngx_snprintf(buf, len, , client: %V, ctx-connection-addr_text); -len -= p - buf; - r = ctx-request; - if (r) { +switch (r-connection-sockaddr-sa_family) { +#if (NGX_HAVE_INET6) +case AF_INET6: +sin6 = (struct sockaddr_in6 *) r-connection-sockaddr; +remote_port = ntohs(sin6-sin6_port); +break; +#endif + +default: /* AF_INET */ +sin = (struct sockaddr_in *) r-connection-sockaddr; +remote_port = ntohs(sin-sin_port); +break; +} + +if (remote_port remote_port 65536) { + p = ngx_snprintf(buf, len, , client: %V:%ui, ctx-connection-addr_text,remote_port); +} else { + p = ngx_snprintf(buf, len, , client: %V, ctx-connection-addr_text); +} +len -= p - buf; + return r-log_handler(r, ctx-current_request, p, len); - } else { +p = ngx_snprintf(buf, len, , client: %V, ctx-connection-addr_text); p = ngx_snprintf(p, len, , server: %V, ctx-connection-listening-addr_text); } ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
[PATCH 0 of 2] TRAC 531 - Add source port logging for HTTP(S) error logging and all proxied email client connections
The following patches ensure that the source port is logged for all client connections. This is to resolve TRAC issue 531. Belgium is mandating that the source port be logged for all client connections for Carrier Grade NAT. This may soon extend to the entire European Union. ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 1 of 2] HTTP: Add client source port to any error that is logged
Hello! On Thu, Apr 24, 2014 at 12:19:46PM -0500, Quanah Gibson-Mount wrote: # HG changeset patch # User Quanah Gibson-Mount qua...@zimbra.com # Date 1398357557 18000 # Node ID 4b7d2e503c06758330aabcc21ffbbab77f09568e # Parent 1b0c55d38d0b7ba69dcad79760a3fadc30696a9d HTTP: Add client source port to any error that is logged For TRAC ticket 531 I tend to say No, thanks. If needed due to local regulations, $remote_port can be added to log_format. -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 1 of 2] HTTP: Add client source port to any error that is logged
--On April 24, 2014 at 9:37:54 PM +0400 Maxim Dounin mdou...@mdounin.ru wrote: I tend to say No, thanks. If needed due to local regulations, $remote_port can be added to log_format. $remote_port in the log format section only covers errors logged to the access log, it does not cover errors in the error log. The submitted patch handles the error log. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 1 of 2] HTTP: Add client source port to any error that is logged
--On April 24, 2014 at 10:41:43 AM -0700 Quanah Gibson-Mount qua...@zimbra.com wrote: --On April 24, 2014 at 9:37:54 PM +0400 Maxim Dounin mdou...@mdounin.ru wrote: I tend to say No, thanks. If needed due to local regulations, $remote_port can be added to log_format. $remote_port in the log format section only covers errors logged to the access log, accesses even.. :P --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 2 of 2] MAIL: Always log the source port of the client
Hello! On Thu, Apr 24, 2014 at 12:19:47PM -0500, Quanah Gibson-Mount wrote: # HG changeset patch # User Quanah Gibson-Mount qua...@zimbra.com # Date 1398359069 18000 # Node ID 3c908c40acd15c8df020f95309b98d45f2b5e5de # Parent 4b7d2e503c06758330aabcc21ffbbab77f09568e MAIL: Always log the source port of the client For TRAC 531 Much like http-related counterpart, this looks like a hack for me. We may consider adding port to the client connected messages (not sure), but I don't think we have to do anything beyond that. -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 1 of 2] HTTP: Add client source port to any error that is logged
Hello! On Thu, Apr 24, 2014 at 10:41:43AM -0700, Quanah Gibson-Mount wrote: --On April 24, 2014 at 9:37:54 PM +0400 Maxim Dounin mdou...@mdounin.ru wrote: I tend to say No, thanks. If needed due to local regulations, $remote_port can be added to log_format. $remote_port in the log format section only covers errors logged to the access log, it does not cover errors in the error log. The submitted patch handles the error log. I understand the difference, thank you. The ticket in question only talked about error_log in context of mail module, where is no separate access logging to meet the alleged regulations. -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 1 of 2] HTTP: Add client source port to any error that is logged
--On April 24, 2014 at 9:56:48 PM +0400 Maxim Dounin mdou...@mdounin.ru wrote: $remote_port in the log format section only covers errors logged to the access log, it does not cover errors in the error log. The submitted patch handles the error log. I understand the difference, thank you. The ticket in question only talked about error_log in context of mail module, where is no separate access logging to meet the alleged regulations. Yes, that is true, but why only implement a partial solution? With CGN, only logging the IP is fairly useless in all cases. To truly get useful information going forward, the IP + PORT of the client should logged in all cases. --Quanah -- Quanah Gibson-Mount Principal Software Engineer Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 1 of 2] HTTP: Add client source port to any error that is logged
Hello! On Thu, Apr 24, 2014 at 11:06:29AM -0700, Quanah Gibson-Mount wrote: --On April 24, 2014 at 9:56:48 PM +0400 Maxim Dounin mdou...@mdounin.ru wrote: $remote_port in the log format section only covers errors logged to the access log, it does not cover errors in the error log. The submitted patch handles the error log. I understand the difference, thank you. The ticket in question only talked about error_log in context of mail module, where is no separate access logging to meet the alleged regulations. Yes, that is true, but why only implement a partial solution? With CGN, only logging the IP is fairly useless in all cases. To truly get useful information going forward, the IP + PORT of the client should logged in all cases. Access log certainly can be configured to provide enough enformation to match any given error log message to a port if needed. There is no need to implement anything, solution is already here. And, by asking about why implement a partical solution you are overlooking the fact that proposed solution is partial as well - it doesn't change c-addr_text to ensure proper logging in all places (this would be a bad idea for other reasons, but it's another question), but rather tries to hack on the http error logging code to introduce remote port logging. This is far from being a complete solution. -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 1 of 2] HTTP: Add client source port to any error that is logged
--On April 24, 2014 at 10:26:07 PM +0400 Maxim Dounin mdou...@mdounin.ru wrote: Yes, that is true, but why only implement a partial solution? With CGN, only logging the IP is fairly useless in all cases. To truly get useful information going forward, the IP + PORT of the client should logged in all cases. Access log certainly can be configured to provide enough enformation to match any given error log message to a port if needed. There is no need to implement anything, solution is already here. The error log currently only provides the IP. While I'm guessing you could do things like correlate timestamps, it's still going to be a pain. Having the port readily available everywhere makes tracking a specific user much easier to do. And, by asking about why implement a partical solution you are overlooking the fact that proposed solution is partial as well - it doesn't change c-addr_text to ensure proper logging in all places (this would be a bad idea for other reasons, but it's another question), but rather tries to hack on the http error logging code to introduce remote port logging. This is far from being a complete solution. I'm certainly willing to address any deficiencies, but I'd want to make sure it would follow whatever you want in the product before investing more time on it. ;) For now it meets the needs of our customer in Belgium who has to start dealing with the legal requirements of client port logging sooner than later. --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH 2 of 2] MAIL: Always log the source port of the client
--On April 24, 2014 at 9:47:39 PM +0400 Maxim Dounin mdou...@mdounin.ru wrote: Hello! Much like http-related counterpart, this looks like a hack for me. We may consider adding port to the client connected messages (not sure), but I don't think we have to do anything beyond that. For our end clients, who have to actually examine particular error messages, it is useful to have the port logged in any of the connection data. If the current solution is hackish, I'm happy to work out something more acceptable if you want to note what that would be. ;) --Quanah -- Quanah Gibson-Mount Server Architect Zimbra, Inc Zimbra :: the leader in open source messaging and collaboration ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [nginx] Adding Support for Weak ETags
Hi Maxim, Is the draft patch the same as the one that your posted in the previous thread, or has more work been done since then? -Aaron Peschel On Mon, Apr 21, 2014 at 5:26 AM, Maxim Dounin mdou...@mdounin.ru wrote: Hello! On Thu, Apr 17, 2014 at 05:39:40PM -0700, Aaron Peschel wrote: Hello, I am interested in getting support for Weak ETags into the mainline. There was some discussion previously in here previously that developed a quick patch to add support. What additional functionality would be required and what steps should be followed to get weak etag functionality added to nginx? I am willing to do the work, I just need some help with heading in the right direction. I had a quick draft patch sitting in my patchqueue since previous discussion (see [1]) to downgrade strict etags to weak ones. It needs more work though, as I'm not yet happy with the code. I hope I'll be able to find some time and finish it in 1.7.x. [1] http://mailman.nginx.org/pipermail/nginx-devel/2013-November/004523.html -- Maxim Dounin http://nginx.org/ ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Configure: call make distclean for zlib only if Makefile exists
Slightly off-topic, does cloudflare have a nginx fork publicly available? I only saw lua-nginx-cache-module On Thu, Apr 24, 2014 at 10:16 PM, Piotr Sikora pi...@cloudflare.com wrote: Hey, Configure: call make distclean for zlib only if Makefile exists. This change allows to build nginx against git checkout of zlib. Actually, it looks that only our amd64-optimized version [1] doesn't ship with Makefile, the original repository [2] has a minimal one with distclean target, so feel free to ignore this patch (although, I still think it's a good practice to check if the Makefile exists before calling make). [1] https://github.com/cloudflare/zlib/commits/gcc.amd64 [2] https://github.com/madler/zlib Best regards, Piotr Sikora ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: [PATCH] Configure: call make distclean for zlib only if Makefile exists
Hello! On Thu, Apr 24, 2014 at 7:47 PM, Ryan Brown wrote: Slightly off-topic, does cloudflare have a nginx fork publicly available? No. Actually we've been trying hard not to diverge from the official nginx core too far. That's why we've been working hard on the openresty bundle project: http://openresty.org I only saw lua-nginx-cache-module This module is actually not really ready and we haven't used it yet in CloudFlare's online system. Regards, -agentzh ___ nginx-devel mailing list nginx-devel@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-devel
Re: Хитрый учет скачиваемых по прямым ссылкам файлов (nginx + piwik)
Илья Шипицин Wrote: --- можно через Lua снимать статистику (модуль сторонний, использовать его или нет, решайте сами) Не совсем понял зачем мне lua, если я уже без него обошелся. В чем преимущество перед моей конфигурацией? Где учет рефереров? Как мне в Вашей конфигурации передавать количество закачанных файлов в piwik? Posted at Nginx Forum: http://forum.nginx.org/read.php?21,249507,249514#msg-249514 ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: Хитрый учет скачиваемых по прямым ссылкам файлов (nginx + piwik)
вы уж как-нибудь определитесь, либо заранее спасибо всем откликнувшимся, либо не совсем понял, зачем мне Lua 24 апреля 2014 г., 13:09 пользователь iprok nginx-fo...@nginx.us написал: Илья Шипицин Wrote: --- можно через Lua снимать статистику (модуль сторонний, использовать его или нет, решайте сами) Не совсем понял зачем мне lua, если я уже без него обошелся. В чем преимущество перед моей конфигурацией? Где учет рефереров? Как мне в Вашей конфигурации передавать количество закачанных файлов в piwik? Posted at Nginx Forum: http://forum.nginx.org/read.php?21,249507,249514#msg-249514 ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: не держит сессию
поставил последний апач который есть на данный момент в сети официальный mod_realip/mod_rpaf и тптд апач уже не съедает зато есть встроенный модуль mod_remoteip он настроен , но с ним такая же ерунда в nginxe пробывал proxy_set_header X-Forwarded-For $remote_addr; и proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; всеравно итог один , может всетаки конфиг у меня с ошибкой ? Posted at Nginx Forum: http://forum.nginx.org/read.php?21,249465,249522#msg-249522 ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: nginx-1.6.0
2014-04-24 17:14 GMT+04:00 Maxim Dounin mdou...@mdounin.ru: Изменения в nginx 1.6.0 24.04.2014 *) Стабильная ветка 1.6.x. Стесняюсь спросить - релиз под новый LTS ожидается? ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: nginx и снова icecast2 = в чем разница?
Hello! On Thu, Apr 24, 2014 at 09:20:45AM -0400, den68 wrote: Собственно определенный вид мобильных клиентов онлайн радио, при прямом коннекте на icecast2 прекрасно работают, а через nginx - нет. приводить длинные конфиги не буду, но: location: default_type audio/mpeg; chunked_transfer_encoding off; proxy_buffering off; далее стандартно прокси итд. nginx самый что есть последний, с него и начали с проблемой бороться... собственно суть разницы ответов icecast и nginx: HTTP/1.0 200 OK Accept-Ranges: none Content-Type: audio/mpeg icy-br:32 ice-audio-info: channels=2;samplerate=44100;bitrate=32 icy-description: icy-genre: icy-name: icy-pub:1 icy-url: Server: id01 Cache-Control: no-cache Pragma: no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT HTTP/1.1 200 OK Server: nginx/1.5.13 Date: Thu, 24 Apr 2014 13:04:24 GMT Content-Type: audio/mpeg Connection: close Accept-Ranges: none icy-br: 32 ice-audio-info: channels=2;samplerate=44100;bitrate=32 icy-description: icy-genre: icy-name: icy-pub: 1 icy-url: Cache-Control: no-cache Pragma: no-cache Expires: Mon, 26 Jul 1997 05:00:00 GMT разница в ответах очевидна - Connection: close И это правильно, он там нужен, т.к. анонсированная версия ответа - HTTP/1.1, длины нет, а chunked использовать запрещено конфигом. вопрос, как забороть? Я бы попробовал для начала выкинуть chunked_transfer_encoding из конфига. Если не поможет - написать авторам определенного вида мобильных клиентов онлайн радио, это явно их косяк. -- Maxim Dounin http://nginx.org/ ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: nginx-1.6.0
Hello! On Thu, Apr 24, 2014 at 05:38:37PM +0400, Aleksandr Sytar wrote: 2014-04-24 17:14 GMT+04:00 Maxim Dounin mdou...@mdounin.ru: Изменения в nginx 1.6.0 24.04.2014 *) Стабильная ветка 1.6.x. Стесняюсь спросить - релиз под новый LTS ожидается? ENOPARSE. Всмысле - пакеты для Ubuntu 14.04? Ожидаются. -- Maxim Dounin http://nginx.org/ ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: nginx и снова icecast2 = в чем разница?
Спасибо за ответ, сейчас попробуем Posted at Nginx Forum: http://forum.nginx.org/read.php?21,249540,249544#msg-249544 ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: не видит директорию
Hello! On Thu, Apr 24, 2014 at 10:59:13AM -0400, horsement wrote: c таким конфигом не видит веб-файлы в директорий с:\appserv\htdosc Что такое веб-файлы и в чём выражется не видит? -- Maxim Dounin http://nginx.org/ ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: не видит директорию
ну вышеже указана директория location / { root C:/APPServ/htdocs; index index.php; } темболее если раскоментировать location ~ \.php$ { fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME C:/APPServ/htdocs$fastcgi_script_name; он тоже показывает 404 Posted at Nginx Forum: http://forum.nginx.org/read.php?21,249546,249554#msg-249554 ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: не видит директорию
а простите дурака , спасибо за совет , он помог а есть какая нибудь оптимизация к nginxе в связке с php-cg чтобы при нагрузки на сервер php-cgi.exe не крешил ? Posted at Nginx Forum: http://forum.nginx.org/read.php?21,249546,249556#msg-249556 ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: не видит директорию
а какой именно юниксовая ос подойдет под веб и бд-mysql Posted at Nginx Forum: http://forum.nginx.org/read.php?21,249546,249567#msg-249567 ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: не видит директорию
а какой именно юниксовая ос подойдет под веб и бд-mysql выбирайте ubuntu 14.04 server - такая же попса, как винда. ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: не видит директорию
Hello, horsement! On Thu, Apr 24, 2014 at 02:00:36PM -0400 nginx-fo...@nginx.us wrote about Re: не видит директорию: а какой именно юниксовая ос подойдет под веб и бд-mysql Лучше всего подходит тот, которому сможете обепечить должное обслуживание. -- Lystopad Aleksandr ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: nginx-1.7.0
В письме от Чт, 24 апреля 2014 17:15:39 пользователь Maxim Dounin написал: Изменения в nginx 1.7.0 24.04.2014 *) Добавление: проверка SSL-сертификатов бэкендов. Отключаемая, надеюсь? *) Добавление: поддержка SNI при работе с бэкендами по SSL. *) Добавление: переменная $ssl_server_name. *) Добавление: параметр if директивы access_log. -- Best regsrds, mva signature.asc Description: This is a digitally signed message part. ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Re: nginx-1.7.0
On Fri, Apr 25, 2014 at 09:33:55AM +0700, Vadim A. Misbakh-Soloviov wrote: В письме от Чт, 24 апреля 2014 17:15:39 пользователь Maxim Dounin написал: Изменения в nginx 1.7.0 24.04.2014 *) Добавление: проверка SSL-сертификатов бэкендов. Отключаемая, надеюсь? http://nginx.org/ru/docs/http/ngx_http_proxy_module.html#proxy_ssl_verify *) Добавление: поддержка SNI при работе с бэкендами по SSL. *) Добавление: переменная $ssl_server_name. *) Добавление: параметр if директивы access_log. -- Best regsrds, mva ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru ___ nginx-ru mailing list nginx-ru@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-ru
Pass filename and type to backend server
Hi, I am trying to upload a file to an nginx server and then have it passed on to the backend server after upload completes. I am able to set it up as described here (https://coderwall.com/p/swgfvw) and see that the file is being uploaded. However I am not able to get the file name and type to my backend server. Could someone please tell me if I am missing something here? Any help is much appreciated. BTW this question is also at https://superuser.com/questions/745300/nginx-pass-filetype-to-backend-server . Thanks! ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: map module - mass hosting
Thank You for explanation and advise. Maxim Dounin Wrote: --- Hello! On Wed, Apr 23, 2014 at 09:27:33AM -0400, beatnut wrote: [...] Searching within a map is basically identical to searching for appropriate server{} block, both use the same internal mechanism (ngx_hash). As long as you don't use regular expressions, lookup complexity is O(1). So using for example: .example.com or example.* have more complexity or it shoud have full list of subdomains for better performance: www.example.com example.com example.somedomain.com While wildcards require more work on each lookup, complexity is still O(1). Note that regular expressions != wildcard names. Distinct server{} blocks might be more CPU-efficient due to no need to evaluate variables and dynamically allocate memory for resulting strings on each request. My configuration include one file with server{} per domain. exaple.com.conf example2.conf etc The main improvement i'd like to implement is to have one file with php config like fastcgi.conf above and then include it in every server{} Map module gives me this opportunity. This is not something I would recommend to do. If you have server{} block per domain, you should have enough data to write configuration without introducing another map ($document_root, $server_name, and so on). Please also see this FAQ article: http://nginx.org/en/docs/faq/variables_in_config.html -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249475,249513#msg-249513 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: help sendmsg() failed in error log
On Thursday 24 April 2014 11:04:05 yanghq wrote: hello when test my reverse proxy server, I found sendmsg() failed (9: Bad file descriptor) while reading response header from upstream in error.log. Is there any clue about it? Since nginx doesn't use sendmsg() for upstream servers, it's very likely that the clue is somewhere around 3rd-party modules. wbr, Valentin V. Bartenev ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Old topic ssl private key with passphrase
Hello! On Wed, Apr 23, 2014 at 08:32:57PM +0200, Aleksandar Lazic wrote: Hi. Am 23-04-2014 18:19, schrieb Maxim Dounin: Hello! On Wed, Apr 23, 2014 at 05:34:10PM +0200, Aleksandar Lazic wrote: Dear nginx developers. What is necessary that you take hands on the topic 'private key passphrase'? [snipp] Igor explained his position on this more than once: unless you are actually using something external to enter key passwords, there is no difference with unencrypted keys from security point of view (assuming proper access rights are used for keys). And as far as we know, no or almost no users of Apache's SSLPassPhraseDialog use it this way, most just use echo 'password' or something like. Full ack ;-/ I also agree that this is a very hard task. So the question is: why do you need it? If you want to get a specific certificate for some standars. Well, that's not about security either, and completely non-technical. I've seen certifications requiring to use software with known remote code execution vulnerabilities, and I'm quite sceptical about doing something just because of certification requirements, without understanding the reasons behind them (if any). Anyway, if you know a standard which requires storing of keys in password-protected forms only - please point it out. (I'm aware of at least one more or less valid answer which almost convinced me that we should add it, but it's not about security, but rather about social engineering.) Maybe some standards could be a valid reason. https://en.wikipedia.org/wiki/PCI_DSS https://www.pcisecuritystandards.org/pdfs/pci_ssc_quick_guide.pdf e. g. 8.2 Employ at least one of these to authenticate all users: password or passphrase; or two-factor authentication (e.g., token devices, smart cards, biometrics, public keys). This doesn't look related at all. It's about authentication of users, not about storage of private keys. -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Old topic ssl private key with passphrase
Hi. Am 24-04-2014 10:54, schrieb Maxim Dounin: Hello! On Wed, Apr 23, 2014 at 08:32:57PM +0200, Aleksandar Lazic wrote: Hi. Am 23-04-2014 18:19, schrieb Maxim Dounin: [snipp] I also agree that this is a very hard task. So the question is: why do you need it? If you want to get a specific certificate for some standars. Well, that's not about security either, and completely non-technical. I've seen certifications requiring to use software with known remote code execution vulnerabilities, and I'm quite sceptical about doing something just because of certification requirements, without understanding the reasons behind them (if any). Anyway, if you know a standard which requires storing of keys in password-protected forms only - please point it out. Okay. BR Aleks ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
nginx-1.6.0
Changes with nginx 1.6.0 24 Apr 2014 *) 1.6.x stable branch. -- Maxim Dounin http://nginx.org/en/donation.html ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
nginx-1.7.0
Changes with nginx 1.7.0 24 Apr 2014 *) Feature: backend SSL certificate verification. *) Feature: support for SNI while working with SSL backends. *) Feature: the $ssl_server_name variable. *) Feature: the if parameter of the access_log directive. -- Maxim Dounin http://nginx.org/en/donation.html ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Disable Reverse Proxy for Failover
I turned on all the logging error_log logs/error.log; error_log logs/error.log notice; error_log logs/error.log info; Nothing shows up when I try this. I just get a 502 Bad Gateway response in my browser. Thanks, Jason ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: [nginx-announce] nginx-1.6.0
Hello Nginx users, Now available: Nginx 1.6.0 for Windows http://goo.gl/aWPxCn (32-bit and 64-bit versions) These versions are to support legacy users who are already using Cygwin based builds of Nginx. Officially supported native Windows binaries are at nginx.org. Announcements are also available via: Twitter http://twitter.com/kworthington Google+ https://plus.google.com/+KevinWorthington/ Thank you, Kevin -- Kevin Worthington kworthington *@* (gmail] [dot} {com) http://kevinworthington.com/ http://twitter.com/kworthington https://plus.google.com/+KevinWorthington/ On Thu, Apr 24, 2014 at 9:14 AM, Maxim Dounin mdou...@mdounin.ru wrote: Changes with nginx 1.6.0 24 Apr 2014 *) 1.6.x stable branch. -- Maxim Dounin http://nginx.org/en/donation.html ___ nginx-announce mailing list nginx-annou...@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-announce ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: [nginx-announce] nginx-1.7.0
Hello Nginx users, Now available: Nginx 1.7.0 for Windows http://goo.gl/rYXbPx (32-bit and 64-bit versions) These versions are to support legacy users who are already using Cygwin based builds of Nginx. Officially supported native Windows binaries are at nginx.org. Announcements are also available via: Twitter http://twitter.com/kworthington Google+ https://plus.google.com/+KevinWorthington/ Thank you, Kevin -- Kevin Worthington kworthington *@* (gmail] [dot} {com) http://kevinworthington.com/ http://twitter.com/kworthington https://plus.google.com/+KevinWorthington/ On Thu, Apr 24, 2014 at 9:15 AM, Maxim Dounin mdou...@mdounin.ru wrote: Changes with nginx 1.7.0 24 Apr 2014 *) Feature: backend SSL certificate verification. *) Feature: support for SNI while working with SSL backends. *) Feature: the $ssl_server_name variable. *) Feature: the if parameter of the access_log directive. -- Maxim Dounin http://nginx.org/en/donation.html ___ nginx-announce mailing list nginx-annou...@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx-announce ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Local and Remote User Authentication
Hi All, We have nginx1.4.7 with ngx_http_auth_request_module and ngx_http_auth_basic_module besides few other modules. There are few other modules also, but have mentioned above two modules only due to relevance to this discussion. Our application requires to have local user (meaning - store user name and passwd and authenticate at our server) and remote user (meaning - delegate authentication to remote servers like Radius/TACACS+, in this case, our application is aware of only user name and which remote server to send authentication request). The goal is to configure nginx as following: 1. Configure nginx to prompt username/passwd 2. Once user enters username and passwd, get access to these fields and pass to our web application which looks at local database and decides whether user is local or remote. 3. If user is local, authenticate using ngx_http_auth_basic_module (htpasswd style) 4. If user is remote, delegate authentication to remote server using ngx_http_auth_request_module 5. Once authentication is successful (either in step 3 or step 4), pass control back to our application for some book-keeping 6. Let authenticated user access application Any suggestions how do we configure nginx to achieve above? please share your thoughts/ideas/sample configs etc. Regards, Hari ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
rate limit by method
Is there any way I can impose a rate limit on a location or back-end by HTTP method? Specifically I would like to limit the number of POST requests that a single client IP can perform within a given timespan. ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: rate limit by method
Hello! On Thu, Apr 24, 2014 at 11:07:26AM -0700, Jeroen Ooms wrote: Is there any way I can impose a rate limit on a location or back-end by HTTP method? Specifically I would like to limit the number of POST requests that a single client IP can perform within a given timespan. I believe more or less the same question was discussed a couple of weeks ago: http://mailman.nginx.org/pipermail/nginx/2014-April/043034.html -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
[ANN] Windows nginx 1.7.1.1 Snowman
21:28 24-4-2014 nginx 1.7.1.1 Snowman Based on nginx 1.7.1 (24-4-2014) with; + lua-upstream-nginx-module v0.1 (upgraded 24-4-2014) + Streaming with nginx-rtmp-module, v1.1.4 (upgraded 24-4-2014) + New development tree nginx export 1.7 + Naxsi WAF v0.53-1 (upgraded 17-4-2014) + Source changes back ported + Source changes add-on's back ported + Changes for nginx_basic: Source changes back ported * Additional specifications: see 'Feature list' Builds can be found here: http://nginx-win.ecsds.eu/ Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249574,249574#msg-249574 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Nginx Websocket proxy dropping frames
Connecting to my websocket server directly works (Chrome or Firefox). Connecting via the Nginx websocket proxy connects, but drops frames. Here is an example of the JSON messages: -- {login : { username: user, password : pass}} -- {loginReply : { state: ok}} -- {someSetting1 : { something: something}} -- {someSetting2 : { something: something}} **DROPPED** -- {someSetting3 : { something: something}} **DROPPED** Those last three messages are sent immediately after login, but the last two don't make it to the websocket server (~90% of the time). Subsequent messages, work fine, as if nothing was missing. I have tried Nginx 1.4.7, 1.5.13 1.6 location /websocket { proxy_pass http://localhost:8001; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection upgrade; proxy_read_timeout 86400; } I have tried proxy_buffering off and on. Anything else I should try? The problem occurs ~30% of the time on my powerful x86 machine, and ~90% on my two less powerful ARM machines (one is a Raspberry Pi, and the other a much faster dual core). Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249575,249575#msg-249575 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx Websocket proxy dropping frames
Logs? --- *B. R.* ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Nginx 1.7.0 failed make with Phusion Passenger ?
Anyone experience this problem ? I have Nginx 1.5.13 working fine with Phusion Passenger 4.0.37 source compile. But trying to update Nginx from 1.5.13 to 1.7.0 fails at make stage. I tried both Phusion Passenger 4.0.37 and 4.0.41 and it fails. Working Nginx 1.5.13 configuration nginx -V nginx version: nginx/1.5.13 built by gcc 4.4.7 20120313 (Red Hat 4.4.7-4) (GCC) TLS SNI support enabled configure arguments: --sbin-path=/usr/local/sbin --conf-path=/usr/local/nginx/conf/nginx.conf --with-http_ssl_module --with-http_gzip_static_module --with-http_stub_status_module --with-http_sub_module --with-http_addition_module --with-http_image_filter_module --with-http_secure_link_module --with-http_flv_module --with-http_realip_module --with-openssl-opt=enable-tlsext --add-module=../ngx-fancyindex-ngx-fancyindex --add-module=../ngx_cache_purge-2.1 --add-module=../headers-more-nginx-module-0.25 --add-module=../nginx-accesskey-2.0.3 --add-module=../nginx-http-concat-master --with-http_dav_module --add-module=../nginx-dav-ext-module-0.0.3 --add-module=/usr/local/rvm/gems/ruby-2.1.1/gems/passenger-4.0.37/ext/nginx --with-openssl=../openssl-1.0.1g --with-libatomic --with-pcre=../pcre-8.35 --with-pcre-jit --with-http_spdy_module --add-module=../ngx_pagespeed-release-1.7.30.4-beta Now when updating to Nginx 1.7.0 fails at this point with both Phusion Passenger 4.0.37 and 4.0.41 passenger -v Phusion Passenger version 4.0.41 error message -o objs/addon/nginx/StaticContentHandler.o \ /usr/local/rvm/gems/ruby-2.1.1/gems/passenger-4.0.41/ext/nginx/StaticContentHandler.c /usr/local/rvm/gems/ruby-2.1.1/gems/passenger-4.0.41/ext/nginx/StaticContentHandler.c: In function 'passenger_static_content_handler': /usr/local/rvm/gems/ruby-2.1.1/gems/passenger-4.0.41/ext/nginx/StaticContentHandler.c:72: error: 'ngx_http_request_t' has no member named 'zero_in_uri' make[1]: *** [objs/addon/nginx/StaticContentHandler.o] Error 1 make[1]: Leaving directory `/svr-setup/nginx-1.7.0' make: *** [build] Error 2 * Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249586,249586#msg-249586 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Nginx 1.7.0 failed make with Phusion Passenger ?
grep -C10 zero_in_uri /usr/local/rvm/gems/ruby-2.1.1/gems/passenger-4.0.41/ext/nginx/StaticContentHandler.c if (!(r-method (NGX_HTTP_GET|NGX_HTTP_HEAD|NGX_HTTP_POST))) { return NGX_HTTP_NOT_ALLOWED; } if (r-uri.data[r-uri.len - 1] == '/') { return NGX_DECLINED; } #if (PASSENGER_NGINX_MINOR_VERSION == 8 PASSENGER_NGINX_MICRO_VERSION 38) || \ (PASSENGER_NGINX_MINOR_VERSION == 7 PASSENGER_NGINX_MICRO_VERSION 66) if (r-zero_in_uri) { return NGX_DECLINED; } #endif log = r-connection-log; ngx_log_debug1(NGX_LOG_DEBUG_HTTP, log, 0, http filename: \%s\, filename-data); clcf = ngx_http_get_module_loc_conf(r, ngx_http_core_module); Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249586,249587#msg-249587 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx