Question about the url rewrite before pass

2016-09-21 Thread Bill Yuan 
​Hello,

i am looking for a proxy which can "bounce" the request, which is not a
classic proxy.

I want it works in this way.
e.g. a proxy is running a 192.168.1.1
and when i want to open www.yahoo.com, i just need call
http://192.168.1.1/www.yahoo.com
the proxy can pickup the the host "www.yahoo.com" from the URI, and
retrieve the info for me​,

so it need to get the new $host from $location, and remove the $host from
the $location before proxy pass it.

it is doable via nginx?

Regards
Bill


​
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: access_log format $remote_user anonymous question

2016-09-21 Thread itpp2012 
Its just an attempt to gain access, ignore it, we get 1000's a day.

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269734,269741#msg-269741

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: access_log format $remote_user anonymous question

2016-09-21 Thread c0nw0nk 
Thanks for the information so based of what that resource says and from what
I understand surely that field should only say "anonymous" or "username" if
on those files / folders in my Nginx config I use "auth_basic" ?

http://nginx.org/en/docs/http/ngx_http_auth_basic_module.html

The fact they are inputting that header unlike everyone else just alerts
me.

Because I don't use auth_basic anywhere would anything bad happen if I did
the following.

if($remote_user != "^$") { #Block requests where the user is not empty /
missing
return 444;
}

Their IP is also listed on stopforumspam's database what also raises
suspicion further https://www.stopforumspam.com/ipcheck/176.57.129.88

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269734,269740#msg-269740

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Подменить Status code

2016-09-21 Thread jtiq 
Maxim Dounin Wrote:
---
> Hello!
> 
> On Wed, Sep 21, 2016 at 03:05:33PM -0400, jtiq wrote:
> 
> > Maxim Dounin Wrote:
> > ---
> > > Hello!
> > > 
> > > On Wed, Sep 21, 2016 at 03:53:46AM -0400, jtiq wrote:
> > > 
> > > > вообщем надо, чтобы не было 206 кода, но были кусочки
> > > > на главном сервере nginx диапазон байтов принимает через
> аргумент
> > > > ($arg_range), а на сервер отдачи передаётся с помощью заголовков
> > > > 
> > > > proxy_set_header Accept-Ranges "bytes";
> > > > proxy_set_header Range "bytes=$arg_range";
> > > > 
> > > > а суть заключается в том, что нужно кэшировать аякс запросы на
> > > получение
> > > > кусочков, для я так понял нужен 200 код ответа от сервера
> > > 
> > > Для подобной задачи я в своё время написал модуль bytes, его можно
> 
> > > взять где-то тут:
> > > 
> > > http://mdounin.ru/hg/ngx_http_bytes_filter_module/
> > > 
> > > Позволяет получить из полного ответа заданный диапазон в виде 
> > > 200-го ответа.  Соответственно можно использовать на бекенде - 
> > > тогда на фронтенд будут вытягиваться только нужные диапазоны.  Или
> 
> > > на фронтенде - тогда будут качаться ответы целиком, и их можно 
> > > будет кешировать и уже потом нарезать на куски.
> > 
> > можете скинуть пример конфига для proxy_pass?
> 
> В наиболее простом варианте - как-то так:
> 
> location / {
> bytes on;
> proxy_pass http://backend;
> }
> 
> Кеш при необходимости ровно так же, как и обычно.
> Описание модуля и примеры использования есть в README,
> http://mdounin.ru/hg/ngx_http_bytes_filter_module/file/tip/README.
> 
> -- 
> Maxim Dounin
> http://nginx.org/
> 
> ___
> nginx-ru mailing list
> nginx-ru@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-ru


я кэш хочу сделать на стороне клиента, а какой параметр и как передавать в
урл?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?21,269693,269739#msg-269739

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: access_log format $remote_user anonymous question

2016-09-21 Thread itpp2012 
http://nginx.org/en/docs/http/ngx_http_core_module.html#variables

$remote_user
user name supplied with the Basic authentication

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269734,269738#msg-269738

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Подменить Status code

2016-09-21 Thread Maxim Dounin 
Hello!

On Wed, Sep 21, 2016 at 03:05:33PM -0400, jtiq wrote:

> Maxim Dounin Wrote:
> ---
> > Hello!
> > 
> > On Wed, Sep 21, 2016 at 03:53:46AM -0400, jtiq wrote:
> > 
> > > вообщем надо, чтобы не было 206 кода, но были кусочки
> > > на главном сервере nginx диапазон байтов принимает через аргумент
> > > ($arg_range), а на сервер отдачи передаётся с помощью заголовков
> > > 
> > > proxy_set_header Accept-Ranges "bytes";
> > > proxy_set_header Range "bytes=$arg_range";
> > > 
> > > а суть заключается в том, что нужно кэшировать аякс запросы на
> > получение
> > > кусочков, для я так понял нужен 200 код ответа от сервера
> > 
> > Для подобной задачи я в своё время написал модуль bytes, его можно 
> > взять где-то тут:
> > 
> > http://mdounin.ru/hg/ngx_http_bytes_filter_module/
> > 
> > Позволяет получить из полного ответа заданный диапазон в виде 
> > 200-го ответа.  Соответственно можно использовать на бекенде - 
> > тогда на фронтенд будут вытягиваться только нужные диапазоны.  Или 
> > на фронтенде - тогда будут качаться ответы целиком, и их можно 
> > будет кешировать и уже потом нарезать на куски.
> 
> можете скинуть пример конфига для proxy_pass?

В наиболее простом варианте - как-то так:

location / {
bytes on;
proxy_pass http://backend;
}

Кеш при необходимости ровно так же, как и обычно.
Описание модуля и примеры использования есть в README,
http://mdounin.ru/hg/ngx_http_bytes_filter_module/file/tip/README.

-- 
Maxim Dounin
http://nginx.org/

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: Start nginx worker process with same user as master process

2016-09-21 Thread steve 

Hi,

On 09/21/2016 05:51 PM, Sushma wrote:

Thanks for the details.
I have explicitly changed permissions for directories as required.
But the problem I am facing here is nginx reload fails due to permission
denied for proxy_temp folder.
I had explicitly changed permissions for this folder so that it could be
accesssed by user abc (user with which nginx is running).
However, when buffering happens, I see that the folder permissions are
changed to be owned by nginx user. Hence my reload fails due to permissions
issues.
Is there something I am missing here? Does nginx remember the user with
which it was installed and is that why these folder permissions are
changing?


You need to restart nginx, not reload it.

--
Steve Holdoway BSc(Hons) MIITP
http://www.greengecko.co.nz
Linkedin: http://www.linkedin.com/in/steveholdoway
Skype: sholdowa

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

access_log format $remote_user anonymous question

2016-09-21 Thread c0nw0nk 
So in my access logs all my other logs the $remote_user is empty.

But for only this one single IP that keeps making requests the $remote_user
has a value.

CF-Real-IP: 176.57.129.88 - CF-Server: 10.108.22.151 - anonymous
[21/Sep/2016:18:54:52 +0100]  "GET
/media/files/29/96/2b/701f56b345ce531192645ddb532a8fd7.mp4 HTTP/1.1"
Status:503 206 "http://www.networkflare.com/; "Mozilla/5.0 (;FW 2.0.7070.p;
Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729;
.NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; Tablet PC 2.0;
rv:11.0) like Gecko"

Why is the $remote_user value on this person anonymous where everyone else
it is empty ?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269734,269734#msg-269734

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Подменить Status code

2016-09-21 Thread jtiq 
Maxim Dounin Wrote:
---
> Hello!
> 
> On Wed, Sep 21, 2016 at 03:53:46AM -0400, jtiq wrote:
> 
> > вообщем надо, чтобы не было 206 кода, но были кусочки
> > на главном сервере nginx диапазон байтов принимает через аргумент
> > ($arg_range), а на сервер отдачи передаётся с помощью заголовков
> > 
> > proxy_set_header Accept-Ranges "bytes";
> > proxy_set_header Range "bytes=$arg_range";
> > 
> > а суть заключается в том, что нужно кэшировать аякс запросы на
> получение
> > кусочков, для я так понял нужен 200 код ответа от сервера
> 
> Для подобной задачи я в своё время написал модуль bytes, его можно 
> взять где-то тут:
> 
> http://mdounin.ru/hg/ngx_http_bytes_filter_module/
> 
> Позволяет получить из полного ответа заданный диапазон в виде 
> 200-го ответа.  Соответственно можно использовать на бекенде - 
> тогда на фронтенд будут вытягиваться только нужные диапазоны.  Или 
> на фронтенде - тогда будут качаться ответы целиком, и их можно 
> будет кешировать и уже потом нарезать на куски.
> 
> -- 
> Maxim Dounin
> http://nginx.org/
> 
> ___
> nginx-ru mailing list
> nginx-ru@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-ru

можете скинуть пример конфига для proxy_pass?

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?21,269693,269733#msg-269733

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

[PATCH] - flastmod SSI command

2016-09-21 Thread Rastislav Stanik 
Hi.

I'm new here and I subscribed because recently I wanted to switch
some little personal web server from apache to nginx and found
out that "flastmod" SSI command is not supported by nginx.
This command is supported by Apache
http://httpd.apache.org/docs/current/mod/mod_include.html#element.flastmod
as well as IIS
https://msdn.microsoft.com/en-us/library/ms525105%28v=vs.90%29.aspx

So I tried to implement that. The patch/changeset is in the attachment.
I would appreciate any feedback which would help to get that eventually
included in official nginx code.
--
bye
rastos
# HG changeset patch
# User Rastislav Stanik 
# Date 1474145684 -7200
#  Sat Sep 17 22:54:44 2016 +0200
# Node ID f12b9f072e00182c8e12f24a4b8fa323c0d28080
# Parent  52367732bcbc87430e8276424356aaec3c2b6a87
add handling of flastmod SSI directive

Add handling of SSI directive 'flastmod'. The directive
takes a single argument 'file' and is replaced with
modification time of the specified file. The filename
is accepted/rejected based on the same rules as for the
SSI directive 'include'.
The time string is constructed based on SSI directive config timefmt.
Failure to obtain the modification time is logged.

diff -r 52367732bcbc -r f12b9f072e00 
src/http/modules/ngx_http_ssi_filter_module.c
--- a/src/http/modules/ngx_http_ssi_filter_module.c Fri Sep 16 15:13:24 
2016 +0300
+++ b/src/http/modules/ngx_http_ssi_filter_module.c Sat Sep 17 22:54:44 
2016 +0200
@@ -85,6 +85,8 @@
 
 static ngx_int_t ngx_http_ssi_include(ngx_http_request_t *r,
 ngx_http_ssi_ctx_t *ctx, ngx_str_t **params);
+static ngx_int_t ngx_http_ssi_flastmod(ngx_http_request_t *r,
+ngx_http_ssi_ctx_t *ctx, ngx_str_t **params);
 static ngx_int_t ngx_http_ssi_stub_output(ngx_http_request_t *r, void *data,
 ngx_int_t rc);
 static ngx_int_t ngx_http_ssi_set_variable(ngx_http_request_t *r, void *data,
@@ -223,6 +225,8 @@
 #define  NGX_HTTP_SSI_INCLUDE_SET  3
 #define  NGX_HTTP_SSI_INCLUDE_STUB 4
 
+#define  NGX_HTTP_SSI_FLASTMOD_FILE0
+
 #define  NGX_HTTP_SSI_ECHO_VAR 0
 #define  NGX_HTTP_SSI_ECHO_DEFAULT 1
 #define  NGX_HTTP_SSI_ECHO_ENCODING2
@@ -247,6 +251,10 @@
 { ngx_null_string, 0, 0, 0 }
 };
 
+static ngx_http_ssi_param_t  ngx_http_ssi_flastmod_params[] = {
+{ ngx_string("file"), NGX_HTTP_SSI_FLASTMOD_FILE, 0, 0 }
+};
+
 
 static ngx_http_ssi_param_t  ngx_http_ssi_echo_params[] = {
 { ngx_string("var"), NGX_HTTP_SSI_ECHO_VAR, 1, 0 },
@@ -308,7 +316,8 @@
ngx_http_ssi_block_params, 0, 0, 0 },
 { ngx_string("endblock"), ngx_http_ssi_endblock,
ngx_http_ssi_no_params, 0, 1, 0 },
-
+{ ngx_string("flastmod"), ngx_http_ssi_flastmod,
+   ngx_http_ssi_flastmod_params, 0, 0, 0 },
 { ngx_null_string, NULL, NULL, 0, 0, 0 }
 };
 
@@ -2197,6 +2206,97 @@
 return NGX_OK;
 }
 
+static ngx_int_t
+ngx_http_ssi_flastmod(ngx_http_request_t *r, ngx_http_ssi_ctx_t *ctx,
+ngx_str_t **params)
+{
+ngx_str_t   *file;
+ngx_str_t   current_path;
+ngx_uint_t  flags;
+ngx_int_t   rc;
+ngx_str_t   args;
+size_t  root;
+struct stat st_buf;
+u_char *endpos;
+char *statpath;
+struct tm mod_time;
+
+file = params[NGX_HTTP_SSI_FLASTMOD_FILE];
+
+if (file == NULL) {
+ngx_log_error(NGX_LOG_ERR, r->connection->log, 0,
+  "no parameter in \"flastmod\" SSI command");
+return NGX_HTTP_SSI_ERROR;
+}
+
+rc = ngx_http_ssi_evaluate_string(r, ctx, file, 0);
+
+if (rc != NGX_OK) {
+return rc;
+}
+
+ngx_log_debug1(NGX_LOG_DEBUG_HTTP, r->connection->log, 0,
+   "ssi flastmod: \"%V\"", file);
+
+ngx_str_null();
+flags = NGX_HTTP_LOG_UNSAFE;
+
+if (ngx_http_parse_unsafe_uri(r, file, , ) != NGX_OK) {
+return NGX_HTTP_SSI_ERROR;
+}
+
+root=0;
+ngx_http_map_uri_to_path(r, _path, , 0);
+// in worst case we will append the flastmod file at the end of the 
current pathname and add terminating zero
+statpath=ngx_pcalloc(r->pool,current_path.len+file->len+1);
+if (!statpath) {
+return NGX_HTTP_SSI_ERROR;
+}
+// write the current pathname to 'statpath'
+strncpy(statpath,current_path.data,current_path.len);
+endpos=statpath+current_path.len;
+// find the last slash
+for (;endpos>current_path.data && !ngx_path_separator(*endpos);endpos--)
+;
+// append the flastmod file after last slash
+strncpy(endpos+1,file->data,file->len);
+*(endpos+1+file->len)='\0'; // zero terminate the string so that we can 
pass it to stat(2)
+
+if (0==stat(statpath,_buf)) {
+if (gmtime_r(_buf.st_mtim.tv_sec,_time)) {
+char *result=NULL;
+ngx_uint_t len=0;
+ngx_buf_t *b=NULL;
+
+result = ngx_pcalloc(r->pool, NGX_HTTP_SSI_MAX_FLASTMOD);
+if (result) {

Will nginx be relinked to pick up openssl-1.0.2i?

2016-09-21 Thread Tim 
Hi all,

This may not be the right list but do you know if the Windows nginx binaries 
will be relinked to pick up the new openssl-1.0.2 which will be released 
tomorrow (Sept 22)?

Tim
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Transmission remote GUI proxy_protocol broken header

2016-09-21 Thread Francis Daly 
On Wed, Sep 21, 2016 at 04:05:22AM -0400, adrhc wrote:
> Hi, the log come from nginx error log. I simply start the Transmission
> remote GUI and I get only this in error log:

This looks to me that the thing that is writing to nginx, is not writing
what nginx expects to read.

What is the thing writing to nginx? (stunnel, I think)

What should it be writing? (plain http after a proxy_protocol line,
I think. How is it configured?)

What version of proxy_protocol is stunnel writing?

For the rest of the requests -- the log files should show, in order, what
requests are made and what responses are received. If there's a break,
it is probably just before the first request that is not in the logs.

> By the way, wile still transmission fails, with the same setup the web
> client https://adrhc.go.ro/transmission/ works fine. So maybe transmission
> is behaving/requesting somehow different comparing to a browser - I opened a
> token on transmission's site too.

Is "transmission" something other than a https client?

If it is trying to speak something other than http wrapped in tls,
it is unlikely that nginx will be able to process the requests.

f
-- 
Francis Dalyfran...@daoine.org

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: listen proxy_protocol and rewrite redirect scheme

2016-09-21 Thread Francis Daly 
On Wed, Sep 21, 2016 at 03:25:04AM -0400, adrhc wrote:

Hi there,

> Indeed the solution might look strange but it works (test it with e.g. https
> or http ://adrhc.go.ro/ffp).

It is good that it works.

The http redirect there does not include the port; the https redirect
does include the port, and it is the default port for https.

I'm just a bit surprised that "port_in_redirect off" does not also
work. But that's ok -- I'm often surprised.

> Would be nicer if would exists a variable like let's say $override_ssl which
> to force nginx consider it run a ssl request with all the consequences.

That variable will probably only exist after someone shows a need for it,
and after someone does the work to write the code.

I think that your use case is reasonable -- hide nginx-doing-http
behind an external ssl terminator -- but I don't know what is the set
of conditions under which you would want this ssl-rewrite to happen,
and how you would go about configuring that.

(You want it sort-of per-server, but not really, since you only want
it if proxy_protocol is in use and indicates that the initial request
was https.)

It looks like nobody else has had that particular use case, and was
willing to put the effort in to make it an nginx configurable.

> Again I thank you for your support.

You're welcome. The patch you have, you can carry for as long as you need,
so it not being added to stock nginx should not block you at all.

Cheers,

f
-- 
Francis Dalyfran...@daoine.org

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Start nginx worker process with same user as master process

2016-09-21 Thread Francis Daly 
On Wed, Sep 21, 2016 at 01:51:18AM -0400, Sushma wrote:

Hi there,

> I have explicitly changed permissions for directories as required.
> But the problem I am facing here is nginx reload fails due to permission
> denied for proxy_temp folder.
> I had explicitly changed permissions for this folder so that it could be
> accesssed by user abc (user with which nginx is running).
> However, when buffering happens, I see that the folder permissions are
> changed to be owned by nginx user. Hence my reload fails due to permissions
> issues.

What I can I do to recreate this issue?

What small configuration file can be used to show this problem?

Copy-paste, do not re-type, because that can introduce changes.

For this proxy_temp folder, what is the "ls -ld" or "ls -ldZ" output
for every component of it?

That is:

ls -ldZ /
ls -ldz /usr
ls -ldZ /usr/local

and so forth.

> Is there something I am missing here? Does nginx remember the user with
> which it was installed and is that why these folder permissions are
> changing?

It shouldn't.

Have you any other processes running that check or change folder
permissions? Or does a containing folder have a setting which says that
everything new inside it must have certain ownership?

f
-- 
Francis Dalyfran...@daoine.org

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

nginx reverse proxy causing TCP queuing spikes

2016-09-21 Thread Grant 
I've been struggling with http response time slowdowns and
corresponding spikes in my TCP Queuing graph in munin.  I'm using
nginx as a reverse proxy to apache which then hands off to my backend,
and I think the proxy_read_timeout line in my nginx config is at least
contributing to the issue.  Here is all of my proxy config:

proxy_read_timeout 60m;
proxy_pass http://127.0.0.1:8080;

I think this means I'm leaving connections open for 60 minutes after
the last server response which sounds like a bad thing.  However, some
of my admin pages need to run for a long time while they wait for the
server-side stuff to execute.  I only use the proxy_read_timeout
directive on my admin locations and I'm experiencing the TCP spikes
and http slowdowns during the exact hours that the admin stuff is in
use.

- Grant

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Подменить Status code

2016-09-21 Thread Maxim Dounin 
Hello!

On Wed, Sep 21, 2016 at 03:53:46AM -0400, jtiq wrote:

> вообщем надо, чтобы не было 206 кода, но были кусочки
> на главном сервере nginx диапазон байтов принимает через аргумент
> ($arg_range), а на сервер отдачи передаётся с помощью заголовков
> 
> proxy_set_header Accept-Ranges "bytes";
> proxy_set_header Range "bytes=$arg_range";
> 
> а суть заключается в том, что нужно кэшировать аякс запросы на получение
> кусочков, для я так понял нужен 200 код ответа от сервера

Для подобной задачи я в своё время написал модуль bytes, его можно 
взять где-то тут:

http://mdounin.ru/hg/ngx_http_bytes_filter_module/

Позволяет получить из полного ответа заданный диапазон в виде 
200-го ответа.  Соответственно можно использовать на бекенде - 
тогда на фронтенд будут вытягиваться только нужные диапазоны.  Или 
на фронтенде - тогда будут качаться ответы целиком, и их можно 
будет кешировать и уже потом нарезать на куски.

-- 
Maxim Dounin
http://nginx.org/

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: Подменить Status code

2016-09-21 Thread Илья Шипицин 
покажите конфиг полностью ?

21 сентября 2016 г., 16:56 пользователь jtiq 
написал:

> Илья Шипицин Wrote:
> ---
> > location / {
> > return 200;
> > }
> >
> > 21 сентября 2016 г., 1:32 пользователь jtiq
> > 
> > написал:
> >
> > > Илья Шипицин Wrote:
> > > ---
> > > > сервер отдает 206, потому что сервер сказал Accept-Ranges, чем
> > клиент
> > > > воспользовался.
> > > >
> > > > 20 сентября 2016 г., 21:37 пользователь jtiq
> > > > 
> > > > написал:
> > > >
> > > > > Здравствуйте.
> > > > >
> > > > > Можно ли подменить Status code от проксируемого сервера?
> > > > >
> > > > > Он отдаёт "206 Partial Content", а надо обычный "200 OK"
> > > > >
> > > > > Posted at Nginx Forum: https://forum.nginx.org/read.
> > > > > php?21,269693,269693#msg-269693
> > > > >
> > > > > ___
> > > > > nginx-ru mailing list
> > > > > nginx-ru@nginx.org
> > > > > http://mailman.nginx.org/mailman/listinfo/nginx-ru
> > > > ___
> > > > nginx-ru mailing list
> > > > nginx-ru@nginx.org
> > > > http://mailman.nginx.org/mailman/listinfo/nginx-ru
> > >
> > > ну это то понятно, а как то можно заставить nginx отдать 200 ok?
> > >
> > > Posted at Nginx Forum: https://forum.nginx.org/read.
> > > php?21,269693,269706#msg-269706
> > >
> > > ___
> > > nginx-ru mailing list
> > > nginx-ru@nginx.org
> > > http://mailman.nginx.org/mailman/listinfo/nginx-ru
> > >
> > ___
> > nginx-ru mailing list
> > nginx-ru@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx-ru
>
> выдаёт ошибку 500
>
> Posted at Nginx Forum: https://forum.nginx.org/read.
> php?21,269693,269723#msg-269723
>
> ___
> nginx-ru mailing list
> nginx-ru@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-ru
>
___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: Подменить Status code

2016-09-21 Thread jtiq 
Илья Шипицин Wrote:
---
> location / {
> return 200;
> }
> 
> 21 сентября 2016 г., 1:32 пользователь jtiq
> 
> написал:
> 
> > Илья Шипицин Wrote:
> > ---
> > > сервер отдает 206, потому что сервер сказал Accept-Ranges, чем
> клиент
> > > воспользовался.
> > >
> > > 20 сентября 2016 г., 21:37 пользователь jtiq
> > > 
> > > написал:
> > >
> > > > Здравствуйте.
> > > >
> > > > Можно ли подменить Status code от проксируемого сервера?
> > > >
> > > > Он отдаёт "206 Partial Content", а надо обычный "200 OK"
> > > >
> > > > Posted at Nginx Forum: https://forum.nginx.org/read.
> > > > php?21,269693,269693#msg-269693
> > > >
> > > > ___
> > > > nginx-ru mailing list
> > > > nginx-ru@nginx.org
> > > > http://mailman.nginx.org/mailman/listinfo/nginx-ru
> > > ___
> > > nginx-ru mailing list
> > > nginx-ru@nginx.org
> > > http://mailman.nginx.org/mailman/listinfo/nginx-ru
> >
> > ну это то понятно, а как то можно заставить nginx отдать 200 ok?
> >
> > Posted at Nginx Forum: https://forum.nginx.org/read.
> > php?21,269693,269706#msg-269706
> >
> > ___
> > nginx-ru mailing list
> > nginx-ru@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx-ru
> >
> ___
> nginx-ru mailing list
> nginx-ru@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-ru

выдаёт ошибку 500

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?21,269693,269723#msg-269723

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: What is "seconds with milliseconds resolution"

2016-09-21 Thread Mark McDonnell 
Thanks Santiago, that actually makes perfect sense.

Think I just needed the words read back to me in a different order or
something lol ¯\_(ツ)_/¯

On Wed, Sep 21, 2016 at 11:39 AM, Santiago Vila  wrote:

> On Wed, Sep 21, 2016 at 11:19:43AM +0100, Mark McDonnell wrote:
>
> > I'm not sure I really understand the `msec` embedded variable.
> >
> > I'm getting the value back as `1474452771.178`
>
> That would be the number of seconds since the "epoch" (1970-01-01 00:00
> UTC),
> similar to "date +%s" but more accurate.
>
> > It's described as "seconds with milliseconds resolution", but I'm not
> sure
> > what that really means (maths isn't a strong skill for me).
>
> It just means the number is a number of seconds (i.e. the second is
> the unit of measure), and you can expect the number to have three
> decimal places after the point.
>
> > How do I convert the number into seconds?
>
> The number is already in seconds :-)
>
> ___
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>



-- 

Mark McDonnell | BuzzFeed | Senior Software Engineer | @integralist

https://keybase.io/integralist 40 Argyll Street, 2nd Floor, London, W1F 7EB
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: What is "seconds with milliseconds resolution"

2016-09-21 Thread Santiago Vila 
On Wed, Sep 21, 2016 at 11:19:43AM +0100, Mark McDonnell wrote:

> I'm not sure I really understand the `msec` embedded variable.
> 
> I'm getting the value back as `1474452771.178`

That would be the number of seconds since the "epoch" (1970-01-01 00:00 UTC),
similar to "date +%s" but more accurate.

> It's described as "seconds with milliseconds resolution", but I'm not sure
> what that really means (maths isn't a strong skill for me).

It just means the number is a number of seconds (i.e. the second is
the unit of measure), and you can expect the number to have three
decimal places after the point.

> How do I convert the number into seconds?

The number is already in seconds :-)

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

What is "seconds with milliseconds resolution"

2016-09-21 Thread Mark McDonnell 
Hello,

I'm not sure I really understand the `msec` embedded variable.

I'm getting the value back as `1474452771.178`

It's described as "seconds with milliseconds resolution", but I'm not sure
what that really means (maths isn't a strong skill for me).

How do I convert the number into seconds?
So I can get a better idea of the relation of this value.

Thanks

M.
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: ssl handshake fail when proxy between two tomcat with mutual authentication

2016-09-21 Thread bhagt 
Hi all,

I have configured nginx to do mutual authentication to a loadbalancer
(ssl-offloading) which sends the http traffic to a webserver with virtual
hosts.

Keep getting the following error:

SSL_do_handshake() failed (SSL: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure:SSL alert number 40)
while SSL handshaking to upstream

if run nginx in debug mode i only see a small ssl client-hello.

But if i use openssl:

openssl s_client -state -debug -showcerts -verify 0 -connect :443

i can see the handshake.

Any help/lead would be appreciated.

Regards,

Bhagt

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,241171,269719#msg-269719

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Подменить Status code

2016-09-21 Thread Илья Шипицин 
location / {
return 200;
}

21 сентября 2016 г., 1:32 пользователь jtiq 
написал:

> Илья Шипицин Wrote:
> ---
> > сервер отдает 206, потому что сервер сказал Accept-Ranges, чем клиент
> > воспользовался.
> >
> > 20 сентября 2016 г., 21:37 пользователь jtiq
> > 
> > написал:
> >
> > > Здравствуйте.
> > >
> > > Можно ли подменить Status code от проксируемого сервера?
> > >
> > > Он отдаёт "206 Partial Content", а надо обычный "200 OK"
> > >
> > > Posted at Nginx Forum: https://forum.nginx.org/read.
> > > php?21,269693,269693#msg-269693
> > >
> > > ___
> > > nginx-ru mailing list
> > > nginx-ru@nginx.org
> > > http://mailman.nginx.org/mailman/listinfo/nginx-ru
> > ___
> > nginx-ru mailing list
> > nginx-ru@nginx.org
> > http://mailman.nginx.org/mailman/listinfo/nginx-ru
>
> ну это то понятно, а как то можно заставить nginx отдать 200 ok?
>
> Posted at Nginx Forum: https://forum.nginx.org/read.
> php?21,269693,269706#msg-269706
>
> ___
> nginx-ru mailing list
> nginx-ru@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx-ru
>
___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: Transmission remote GUI proxy_protocol broken header

2016-09-21 Thread adrhc 
Hi, the log come from nginx error log. I simply start the Transmission
remote GUI and I get only this in error log:
2016/09/21 10:32:13 [error] 3909#0: *327 broken header: "> :
    X,u \kc  ;   J=ޛXfoVr_<0 , ( $  
 k j i h 9 8 7 6 2 . * &     = 5   / + ' #    g @ ? 
> 3 2 1 0 E D C B 1 - ) %     < /   A            
 
  
    g    127.0.0.1    
           
   
 #   
     " while reading PROXY protocol,
client: 127.0.0.1, server: 127.0.0.1:443

As you can see there's no url in log but I guess it asks first for:
POST https://adrhc.go.ro/transmission/rpc with Authorization and
X-Transmission-Session-Id headers.
I tried that and I get:
{"arguments":{},"result":"no method name"}
so seems to work.
After this request I guess it asks for e.g.:
GET
/announce?info_hash=..._id=...=...=0=0=809472758=80=...=1=1=1=started
HTTP/1.1", host: "tracker.publichd.eu"
and may be this is where it fails.

About the "simple reproducible test case" the patch from my previous post
where you helped me https://forum.nginx.org/read.php?2,269623 only affect
Location header in redirects (while the port is exactly 443) so I'm sure it
has no impact; if by any means would have an impact that would be a 404 http
code because the redirect would go to the http:80 alternative of my web site
and there I have no /transmission location; or the redirect would go to
http:443 with no ssl so again 404.

On the other hand in order to know where to place the request stunnel is
doing it's stuff based on sni - though I doubt it's breaking something.

By the way, wile still transmission fails, with the same setup the web
client https://adrhc.go.ro/transmission/ works fine. So maybe transmission
is behaving/requesting somehow different comparing to a browser - I opened a
token on transmission's site too.

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269662,269717#msg-269717

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx не отвечает на запросы

2016-09-21 Thread Mikanoshi 
Maxim Dounin Wrote:
---
> Всмысле - как и ранее, после ручного массажирования зависшего 
> процесса?
> 
> Попробуйте ещё выключить reset_timedout_connections, возможно 
> умудрились сломать SO_LINGER.  Судя по стеку и каналу ожидания - 
> ждёт оно как раз в части обработки SO_LINGER, тут:
> 
> http://fxr.watson.org/fxr/source/kern/uipc_socket.c?v=FREEBSD11#L871

Да, оживает от трейса.

Ещё часов 9 для уверенности должно пройти, но похоже отключение
reset_timedout_connection помогло, пока ни одного зависшего процесса, вместо
этого в логе ошибки:

2016/09/21 00:48:27 [info] 60348#0: close() socket 44 failed (54: Connection
reset by peer)
2016/09/21 01:02:57 [info] 60347#0: close() socket 54 failed (54: Connection
reset by peer)
2016/09/21 03:51:18 [info] 60347#0: close() socket 48 failed (54: Connection
reset by peer)
2016/09/21 05:13:45 [info] 60347#0: close() socket 54 failed (54: Connection
reset by peer)
2016/09/21 07:29:33 [info] 60346#0: close() socket 47 failed (54: Connection
reset by peer)
2016/09/21 10:13:40 [info] 60346#0: close() socket 46 failed (54: Connection
reset by peer)

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?21,269501,269715#msg-269715

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru

Re: listen proxy_protocol and rewrite redirect scheme

2016-09-21 Thread adrhc 
Indeed the solution might look strange but it works (test it with e.g. https
or http ://adrhc.go.ro/ffp).
Would be nicer if would exists a variable like let's say $override_ssl which
to force nginx consider it run a ssl request with all the consequences.
Again I thank you for your support.

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?2,269623,269714#msg-269714

___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Re: 403 Forbidden

2016-09-21 Thread misha_shar53 
Иван, большое спасибо. Наконец понял. Извини за тупость.
То что это не к nginx я догадался. Просто думал что кто нибудь еще с этой
проблемой сталкивался.
С уважением Михаил.

Posted at Nginx Forum: 
https://forum.nginx.org/read.php?21,119063,269712#msg-269712

___
nginx-ru mailing list
nginx-ru@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-ru