[ANN] OpenResty 1.11.2.3 released

Hi folks, Long time no releases. We've been very busy setting up the OpenResty Inc. commercial company in the US. That's why we've been quiet in the last few months. The good news is that we now have a strong full-time engineering team that can work on both the OpenResty open source platform and

Re: upstream - behavior on pool exhaustion

I do not know if your detailed explanation was aimed to me, or to the list in general, but I got all that already as far as I am concerned. ​To me, when an attempt is made to an upstream group where no peer can be selected, a 502 should be returned for that request, and no upstream having been

Re: [PATCH 3 of 3] Upstream: add support for trailers in HTTP responses

Hello! On Mon, Apr 03, 2017 at 02:32:13AM -0700, Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490351854 25200 > # Fri Mar 24 03:37:34 2017 -0700 > # Node ID 488c59bd49dcb1503144fe4d712165b69d1a5945 > # Parent

Re: [PATCH 1 of 3] HTTP: add support for trailers in HTTP responses

Hello! On Mon, Apr 03, 2017 at 02:32:11AM -0700, Piotr Sikora via nginx-devel wrote: > # HG changeset patch > # User Piotr Sikora > # Date 1490351854 25200 > # Fri Mar 24 03:37:34 2017 -0700 > # Node ID 8af81a0d66c0f69bcf501edcf10deed4c8f7fbd4 > # Parent

Re: Config advice / wireshark

I guess logging would work I just need to capture the full request and response to replay later. Is there a standard way to do this or plugin available ? On Fri, Apr 21, 2017 at 10:42 AM, Joel Parker wrote: > The only other thing I was thinking of was to double proxy

Re: Config advice / wireshark

The only other thing I was thinking of was to double proxy through localhost. i.e. user -> proxy -> localhost proxy -> upstream server. Seems like it is pretty convoluted but is it still possible ? On Fri, Apr 21, 2017 at 10:30 AM, Robert Paprocki < rpapro...@fearnothingproductions.net> wrote:

Re: Config advice / wireshark

Is what compatible? Nginx logging? I don't think so, Nginx logs are intended to be human readable. Related docs: http://nginx.org/en/docs/http/ngx_http_log_module.html#log_format On Fri, Apr 21, 2017 at 8:25 AM, Joel Parker wrote: > Is it compatible with something like

Re: Config advice / wireshark

Is it compatible with something like log2pcap ? or I just need to set the format somehow to be compatible with it. Joel Parker On Fri, Apr 21, 2017 at 10:21 AM, Robert Paprocki < rpapro...@fearnothingproductions.net> wrote: > Unless wireshark has access to the private key (and PFC isn't

Re: Config advice / wireshark

Unless wireshark has access to the private key (and PFC isn't enabled), you're best bet would be to log the data from nginx directly, rather than trying to examine the raw bytes on the wire. > On Apr 21, 2017, at 08:10, Joel Parker wrote: > > I currently have a

Config advice / wireshark

I currently have a config that allows me to terminate TLSv1.2 and decrypt it. Then it re-encrypts the packets with a different cert before sending to the upstream servers. I want to "look" at the decrypted packets before they are encrypted but I am not sure the best way to accomplish this.

Re: Spawning of Nginx worker process

Hello! On Thu, Apr 20, 2017 at 05:31:22PM -0400, shivramg94 wrote: > Hi All, > > When we issue a reload to Nginx binary ( -s reload), what > are the steps involved inthe spawning of new set of worker processes? > > Is it something like, while the older worker processes are still running or >

RE: execution error - pcre limits exceeded (-8)

>It's worth to try libmodsecurity (aka ModSecurity 3.x) + nginx connector >instead: >https://github.com/SpiderLabs/ModSecurity/tree/v3/master >https://github.com/SpiderLabs/ModSecurity-nginx >Please note that libmodsecurity does not support all of ModSecurity 2.x >features:

Configuration advice

I currently have a config that allows me to terminate TLSv1.2 and decrypt it. Then it re-encrypts the packets with a different cert before sending to the upstream servers. I want to "look" at the decrypted packets before they are encrypted but I am not sure the best way to accomplish this.

Re: execution error - pcre limits exceeded (-8)

> On 21 Apr 2017, at 12:29, Dino Edwards wrote: > > Hi Andrei, > > Which version of modsecurity are you using with nginx? > > I’m using 2.9.1 It's worth to try libmodsecurity (aka ModSecurity 3.x) + nginx connector instead:

RE: execution error - pcre limits exceeded (-8)

Hi Andrei, Which version of modsecurity are you using with nginx? I’m using 2.9.1 ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx

Re: execution error - pcre limits exceeded (-8)

Hi Dino, > On 20 Apr 2017, at 21:42, Dino Edwards wrote: > > Hello, > > I have compiled nginx 1.12.0 with modsecurity on a Ubuntu 16.04 server and > I’m running it as a reverse proxy in front of an Apache webserver which hosts > a variety of different type of

Re: [PATCH] Contrib: vim syntax, support block region

Actually nginx.vim supports on and off[1] before. And some option also been highlighted because there are directives with the same name, ex: ssl. So if we complete remove this. It will looks like the function is missing.

Помогите с переадресацией.

Добрый день появилась проблема, понадобилось перенаправлять все запросы на root.ru/register на root.ru/auth/register и прочие (имена взяты для примера), кусок конфига ниже, но почему-то перенаправление не происходит, подскажите где ошибка ? server { listen 80; # return 301