Re: Caching servers in Local ISPs !!
Thanks for replying guyz. Can i use nginx (origin and edge) ? As the question in following link. http://stackoverflow.com/questions/10024981/distributed-cached-mp4-pseudostreaming-seeking-with-nginx If i use the origin and edge method, i think i'll change my application codes to redirect local country traffic to edge webservers (ISP caching server for video files) and that edge server will check if the requested file is not in cache and it'll fetch the requested video file from origin web-server located in U.S and cache it to local. For this procedure, I'll have to configure DNS A entries against local ISP caching servers and put those DNS to my application code to stream videos from those LOCAL CACHING SERVERS for specific country. Please correct me if i am wrong. On Sat, May 10, 2014 at 9:24 AM, Steve Holdoway st...@greengecko.co.nzwrote: You might want to look at lsyncd - a GZSOC project - to ease the synchronisation. I have had good results with it. Steve On Sat, 2014-05-10 at 00:22 +0500, shahzaib shahzaib wrote: @itpp thanks for replying. So on easy note, i would have to assign those machines the preferred dns and use rsync on regular basis in order to make identical data between local caching machines and main front end content servers ? What if a client request a video which is not in local caching server ? Does nginx has the configuration for it to check the files locally and then forward the request to main content servers if requested file is not cached locally ? I need a bit of guidance in order to configure nginx this way. Shahzaib On Fri, May 9, 2014 at 11:49 PM, itpp2012 nginx-fo...@nginx.us wrote: Its quite simple, think of it this way, a DNS entry does not have to point to the same IP everywhere. Place your cache machines at a ISP, have them assign its IP to your preferred dns name, thats about it. The rest like distribution works like a reverse riverbed with a master mirror, rsync or the likes. And of course this can all be done with nginx at all locations. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249997,25#msg-25 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -- Steve Holdoway BSc(Hons) MIITP http://www.greengecko.co.nz Linkedin: http://www.linkedin.com/in/steveholdoway Skype: sholdowa ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: subs filter error
That's the only upstream I'm aware of that works with proxies. On 09/05/2014 23:05, Jonathan Matthews wrote: On 9 May 2014 13:36, Tom McLoughlin m...@tommehm.com wrote: I keep getting this error every time someone loads a page. subs filter header ignored, this may be a compressed response. while reading response header from upstream, client: xx.xx.xx.xx, server: , request: GET /search/sharepoint/0/7/0 HTTP/1.1, upstream: http://194.71.107.80:80/search/sharepoint/0/7/0;, host: tpb.rtbt.me, referrer: http://tpb.rtbt.me/search/sharepoint/0/99/; So why not stop the upstream responding with a compressed response? I know how to do this for TPB, having written a *14* line nginx config to do exactly the same thing, reverse proxying TPB for .. academic reasons. But you're trying to make money off them, so I don't feel like sharing. I'll let you figure it out. It's really not difficult. J ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Caching servers in Local ISPs !!
See http://en.wikipedia.org/wiki/Content_delivery_network and http://en.wikipedia.org/wiki/File:Akamaiprocess.png Make yourself a HLD (high level design) before getting to technology. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249997,250007#msg-250007 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Strange advisory
I just saw something strange on http://nginx.org/en/security_advisories.html : An error log data are not sanitized Severity: none CVE-2009-4487 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4487 Not vulnerable: none Vulnerable: all Severity is labelled as 'None', though the CVE talks, among other stuff, about 'arbitrary commands and file write'. Is your advisories page wrong? Is the CVE wrong? Has this been solved? --- *B. R.* ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Strange advisory
Hello, This has not been fixed in current nginx releases, this is not directly related to nginx either, the problem is outdated terminal emulators would parse the potentially malicious commands in the log file. This answer http://unix.stackexchange.com/a/15210 explains it better. --- Regards, Kurt Cancemi On Sat, May 10, 2014 at 2:59 PM, B.R. reallfqq-ng...@yahoo.fr wrote: I just saw something strange on http://nginx.org/en/security_advisories.html: An error log data are not sanitized Severity: none CVE-2009-4487 Not vulnerable: none Vulnerable: all Severity is labelled as 'None', though the CVE talks, among other stuff, about 'arbitrary commands and file write'. Is your advisories page wrong? Is the CVE wrong? Has this been solved? --- B. R. ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
RE: Strange advisory
Hi! I just saw something strange on http://nginx.org/en/security_advisories.html: An error log data are not sanitized Severity: none CVE-2009-4487 Not vulnerable: none Vulnerable: all Severity is labelled as 'None', though the CVE talks, among other stuff, about 'arbitrary commands and file write'. Is your advisories page wrong? Is the CVE wrong? Has this been solved? Afaik the nginx developers didn't agree with this CVE advisory, because its actually a terminal problem. Nginx cannot be exploited, but the user when looking at the log files can. Read the advisory for details [1]. Regards, Lukas [1] http://www.ush.it/team/ush/hack_httpd_escape/adv.txt ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx Digest, Vol 55, Issue 26
, 2014 at 11:49 PM, itpp2012 nginx-fo...@nginx.us wrote: Its quite simple, think of it this way, a DNS entry does not have to point to the same IP everywhere. Place your cache machines at a ISP, have them assign its IP to your preferred dns name, thats about it. The rest like distribution works like a reverse riverbed with a master mirror, rsync or the likes. And of course this can all be done with nginx at all locations. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249997,25#msg-25 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -- Steve Holdoway BSc(Hons) MIITP http://www.greengecko.co.nz Linkedin: http://www.linkedin.com/in/steveholdoway Skype: sholdowa -- Message: 4 Date: Sat, 10 May 2014 14:19:37 +0500 From: shahzaib shahzaib shahzaib...@gmail.com To: nginx@nginx.org Subject: Re: Caching servers in Local ISPs !! Message-ID: cad3xhrpbc-f_8cy2t+3jqspl3-g_rzm4spyd7p40wxfcvbo...@mail.gmail.com Content-Type: text/plain; charset=utf-8 Thanks for replying guyz. Can i use nginx (origin and edge) ? As the question in following link. http://stackoverflow.com/questions/10024981/distributed-cached-mp4-pseudostreaming-seeking-with-nginx If i use the origin and edge method, i think i'll change my application codes to redirect local country traffic to edge webservers (ISP caching server for video files) and that edge server will check if the requested file is not in cache and it'll fetch the requested video file from origin web-server located in U.S and cache it to local. For this procedure, I'll have to configure DNS A entries against local ISP caching servers and put those DNS to my application code to stream videos from those LOCAL CACHING SERVERS for specific country. Please correct me if i am wrong. On Sat, May 10, 2014 at 9:24 AM, Steve Holdoway st...@greengecko.co.nz wrote: You might want to look at lsyncd - a GZSOC project - to ease the synchronisation. I have had good results with it. Steve On Sat, 2014-05-10 at 00:22 +0500, shahzaib shahzaib wrote: @itpp thanks for replying. So on easy note, i would have to assign those machines the preferred dns and use rsync on regular basis in order to make identical data between local caching machines and main front end content servers ? What if a client request a video which is not in local caching server ? Does nginx has the configuration for it to check the files locally and then forward the request to main content servers if requested file is not cached locally ? I need a bit of guidance in order to configure nginx this way. Shahzaib On Fri, May 9, 2014 at 11:49 PM, itpp2012 nginx-fo...@nginx.us wrote: Its quite simple, think of it this way, a DNS entry does not have to point to the same IP everywhere. Place your cache machines at a ISP, have them assign its IP to your preferred dns name, thats about it. The rest like distribution works like a reverse riverbed with a master mirror, rsync or the likes. And of course this can all be done with nginx at all locations. Posted at Nginx Forum: http://forum.nginx.org/read.php?2,249997,25#msg-25 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -- Steve Holdoway BSc(Hons) MIITP http://www.greengecko.co.nz Linkedin: http://www.linkedin.com/in/steveholdoway Skype: sholdowa ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx -- next part -- An HTML attachment was scrubbed... URL: http://mailman.nginx.org/pipermail/nginx/attachments/20140510/b44f1a9a/attachment-0001.html -- Message: 5 Date: Sat, 10 May 2014 10:53:17 +0100 From: Tom McLoughlin m...@tommehm.com To: nginx@nginx.org Subject: Re: subs filter error Message-ID: 536df70d.2050...@tommehm.com Content-Type: text/plain; charset=ISO-8859-1 That's the only upstream I'm aware of that works with proxies. On 09/05/2014 23:05, Jonathan Matthews wrote: On 9 May 2014 13:36, Tom
WSS Proxy to a Jetty AppServer
Hi, Im trying to proxy the wss (websockets) to a jetty server I have jetty server listening on 8085 http I've made the ssl proxy to the 8085 fine I've made the ws proxy to jetty ok getting web sockets connecting and transmiting data but wss is not working nginx 1.6.0 default: proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=UCONTACT:50m max_size=100m; server { server_name localhost; listen 80; listen 443 ssl; ssl_certificate /etc/nginx/ssl/server.crt; ssl_certificate_key /etc/nginx/ssl/server.key; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location / { set $no_cache ; if ($request_method !~ ^(GET|HEAD)$) { set $no_cache 1; } if ($no_cache = 1) { add_header Set-Cookie _mcnc=1; Max-Age=2; Path=/; add_header X-Microcachable 0; } if ($http_cookie ~* _mcnc) { set $no_cache 1; } proxy_no_cache $no_cache; proxy_cache_bypass $no_cache; proxy_pass http://localhost:8085; proxy_cache UCONTACT; proxy_cache_key $scheme$host$request_method$request_uri; proxy_cache_valid 200 302 1s; proxy_cache_valid 301 1s; proxy_cache_valid any 1s; proxy_cache_use_stale updating; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_max_temp_file_size 1M; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection upgrade; } location /records/ { alias /var/spool/asterisk/monitor/; } location /agent { alias /etc/IntegraServer/web/agent/; } location /portal { alias /etc/IntegraServer/web/portal/; } } any idea if my config is wrong?? Posted at Nginx Forum: http://forum.nginx.org/read.php?2,250012,250012#msg-250012 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Strange advisory
I read the StackOverflow thread and it seems there are 2 teams ping-ponging the problem: - One says that it is a terminal problem and that control and escape sequences should not be executed - The other says that those features are userful and say that log files are supposed to be text-only, thus readable safely in a terminal (no control character should be there) The advisory stands from the second point of view, which I tend to agree with. If logs cannot be trusted, which are supposed to be filled wikth text, then everything around monitoring (reading, parsing, copying) becomes a nightmare. What is the benefit of having those unescaped control characters in a log file? Escaping them allows you to warn about their presence safely... and that is directly exploitable by anything, once again safely. --- *B. R.* ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx