Re: how to enable non root user to execute nginx reload

Hello Allen. Capabilities for a binary without ambient flag won't work for a non-root user if I get it correctly from manuals. So it looks like you are on the way to success with '--ambient-caps'. It looks like 'su' drops all capabilities, though. You may want to have a look at libpam_cap which

Re: Automatic trailing slash redirect and scheme

Hello, You can try adding an 'error_page 301 @returnme' and then a location like this: location @returnme {     return 301 https://$host$uri/$is_args$args; } Regards, Igor On 22.08.2019 16:22, Jean-Daniel FISCHER wrote: Hi, I an trying to set the sheme used in automatic redirect generates b

Re: 502 Bad Gateway

en Wright wrote: On 8/14/19 3:37 AM, Igor A. Ippolitov wrote: Ken, Try setting 'proxy_buffer_size' to a higher value. Say 128k. Umm, what file would I find that in?  I've seen so many similar statements lately I can't keep them straight.  Sorry for being so dumb! Ken ___

Re: 502 Bad Gateway

Ken, Try setting 'proxy_buffer_size' to a higher value. Say 128k. On 14.08.2019 8:47, Ken Wright wrote: Maxim and anyone else who cares to chime in, I'm still enough of a newbie that I have trouble understanding the error logs.  The one for nginx reads the following at the end: 2019/08/12 22:

Re: autoindex subdirectories

Hello, guys. I think I have a POC using autoindex, ssi and xslt. Obviously it requires further tweaking. You can use configuration like this: map $uri $doc {     ~*/index[^/]*(.*) $1; } server {     listen 8080;     proxy_http_version 1.1;     location /index/ {     alias /tests/nginx;   

Re: Sporadic long response times with upstream server

Assume, you have a really slow client. Nginx will get upstream response in milliseconds and will start feeding data to a client In 3 seconds nginx completed the transfer and issues a log entry. And you see what you see. If this issue involves a single client - most likely it's a client issue (

Re: Nginx Plus Dashboard - memory pages

Michael, Please send your Nginx Plus related questions to plus-supp...@nginx.com. Thank you! Regards, Igor On 24.10.2018 20:25, Friscia, Michael wrote: I’m not really sure I understand what memory pages are in the Nginx Plus dashboard. I’ve been poking around the documentation and must be

Re: posix_memalign error

          2.00   6.00 HugePages_Total             0.00            0.00   0.00 HugePages_Free              0.00            0.00   0.00 HugePages_Surp              0.00            0.00   0.00 Thanks, On Mon, Aug 6, 2018 at 6:33 PM Igor A. Ippolitov <mailto:iippoli...@nginx.com>> wrote

Re: posix_memalign error

ber of server {} blocks (close to 10k) which then makes the nginx process consume ~ 4GB of mem with a single worker process and then a reload is done On Thu, Aug 2, 2018 at 6:02 PM Igor A. Ippolitov <mailto:iippoli...@nginx.com>> wrote: Anoop, There are two guesses: either

Re: posix_memalign error

http://i.imgur.com/La5JbQn.png --- Thank you very much for looking into this On Thu, Aug 2, 2018 at 12:37 PM Igor A. Ippolitov mailto:iippoli...@nginx.com>> wrote: Anoop, I doubt this will be the solution, but may we have

Re: posix_memalign error

Anoop, I doubt this will be the solution, but may we have a look at /proc/buddyinfo and /proc/slabinfo the moment when nginx can't allocate memory? On 02.08.2018 08:15, Anoop Alias wrote: Hi Maxim, I enabled debug and the memalign call is happening on nginx reloads and the ENOMEM happen so

Re: Large CRL file crashing nginx on reload

Shaun, Can you post a snippet on how you include crl into your configuration and 'ps aux | grep nginx' output, please? The wild guess is that you include the crl several times. And on reload you get twice as many workers as there are usually. You can try moving ssl_crl statement into http{}

Re: Nginx url decoding URI problem with proxy_pass

Michael, You can use rewrite. Just catch the host part: >rewrite /image_preview/https://(?[^ :/]/(.*) /$1; >proxy_pass https://$my_host rewrite will encode the URL back again. On 26.07.2018 20:18, Michael Kovacs wrote: Greetings Nginx mailing list! I'm using nginx as an image proxy and am usin

Re: Logfile formatting

Hello, Scott. I think, you can try $request_length. Here is a convenient link to help you with your task: http://nginx.org/en/docs/varindex.html Most of times you can find a proper variable there. On 11.07.2018 16:53, Callum Scott wrote: I'm currently looking at swapping out some of our Apache

Re: Problems with Tomcat + NGINX

Giacomo, Have a look at nginx error and access logs. Most likely, that's tomcat default timeout fires. Regards, Igor. On 04.07.2018 17:17, Giacomo Arru - BETA Technologies wrote: Tomcat: 9.0.8 nginx: 1.12.2 I have this configuration: Vaadin 8 application, served via Tomcat 9. The applic

Re: 404 Method not allowed for DELETE as reverse proxy

It would be nice to have logs for this problem. Please, make sure your log format includes upstream address and upstream status ($upstream_addr and $upstream_status). On 25.05.2018 12:27, ConnorMcLaud wrote: Hi, I use nginx as reverse proxy to my Flask web server and have following problem: af

Re: Nginx Directory Listing - Restrict by IP Address

/noindex_downloads/ {     internal;     alias /downloads/; } On Fri, May 18, 2018, 11:10 PM Igor A. Ippolitov <mailto:iippoli...@nginx.com>> wrote: Sathish, I made a couple of minor mistakes. Please, try following configuration: map $remote_addr $forb

Re: Nginx Directory Listing - Restrict by IP Address

.com <http://abc.com>, request: "GET /Downloads/abcd/file.zip On Fri, May 18, 2018, 8:17 PM Igor A. Ippolitov <mailto:iippoli...@nginx.com>> wrote: Hello, guys. I think, you can try something like this: location = /downloads/ {     root /downloads/;     al

Re: Nginx Directory Listing - Restrict by IP Address

Hello, guys. I think, you can try something like this: location = /downloads/ {     root /downloads/;     allow 1.1.1.1;     autoindex on; } location /downloads/ {     root /downloads/; } This will work nicely if you don't need subdirectories. If you need those, you can use a rewrite like: map

Re: big difference between request time and upstreams time

ан Закиров wrote: On Tue, May 8, 2018 at 7:22 PM, Igor A. Ippolitov mailto:iippoli...@nginx.com>> wrote: Ruslan, This depends on your routing nginx configuration. If doesn't have enough buffers to contain a response completely and temporary files are turned off, the

Re: big difference between request time and upstreams time

only client facing requests are affected proves this idea. On 08.05.2018 18:51, Руслан Закиров wrote: On Tue, May 8, 2018 at 3:11 PM, Igor A. Ippolitov mailto:iippoli...@nginx.com>> wrote: Sorry, didn't realize this is an English mailing list. To sum it up: the proble

Re: big difference between request time and upstreams time

only server out of many with this problem. This in turn may mean that the problem is with that server's network connection. Regards. On 08.05.2018 14:50, Igor A. Ippolitov wrote: Можно я отвечу ссылкой? http://mailman.nginx.org/pipermail/nginx/2008-October/008025.html Проблема, скорее всего,

Re: big difference between request time and upstreams time

Можно я отвечу ссылкой? http://mailman.nginx.org/pipermail/nginx/2008-October/008025.html Проблема, скорее всего, в клиентах. On 08.05.2018 14:43, Руслан Закиров wrote: Hello, Some selected log records: 14:27:46 1.609 [0.013] [0.002] [192.168.1.44:5002 ] 14:27:50 1.0

Re: Nginx OR for 2 differents location

Hello, You can try location ~ (render_img.php|^/url_rewriting.php$) {} Which should effectively do the same On 07.05.2018 15:24, Vincent wrote: Hello, I have 2 location blocks like that: |location =/url_rewriting.php {| and location ~render_img.php {|| with exactly the same content

Re: Client certificates and check for DN?

Hello. I'm not sure about what do you really need, but it looks like you can get almost the same result using a combination of map{} blocks and conditionals. Something like this: map $ssl_client_s_dn $ou_matched {     ~OU=whatever 1;     default 0; } map $ssl_client_s_dn $cn_matched {     ~C

Re: Help needed on Nginx plus configuration

Akhil, As a trial user you can ask evaluati...@nginx.com to help you with this setup. API queries data in status zones. You should configure one for your upstream with 'zone backend 64k;' or similar statement inside upstream{} block. Regards. On 06.02.2018 15:21, Akhil Dangore wrote: Hell

Re: Options for selective logging

Let me reply with a link: http://nginx.org/en/docs/http/ngx_http_split_clients_module.html You can either use split_clients to change upstream or to trigger logging with 'if' option of 'access_log' On 19.09.2017 21:17, mblancett wrote: I am looking for ways to target every Nth request into a v

Re: implementation of access.log with if condition

Hello, As far as I know, it's impossible using Nginx. But you can archive the same result using only 'access_log' statement into 'permanent' location. Just mount your external drive 'nginx' directory over /var/log/nginx like: mount -o bind /externalhdd/log/nginx/ /var/log/nginx/ If it is u

Re: proxy_cache and X-Accel-Redirect

David, It looks like you don't have any 'proxy_pass' in your /converted location at all. And proxy cache is applied to proxied replies only. Nginx assumes it's storage is fast enough to serve content and relies on OS to cache files. May be you should serve your files with Nginx instead of NF

Re: proxy_cache and X-Accel-Redirect

David, In your configuration /converted is configured to be 'internal'. Your backend should redirect to /converted/file1.img (so it will be proxied and cached as configured...) If you there is no mistake and redirect differs from configured location then here is the trouble =) Could you plea

Re: proxy_cache and X-Accel-Redirect

Hello, deivid__ As you are using uwsgi_pass, you may want to try uwsgi_cache (nginx.org/r/uwsgi_cache), uwsgi_cache_path and uwsgi_cache_key directives. To make use of $upstream_status you should move your upstream to a separate block like: upstream backend1 { server unix:///tmp/backend.so

Re: combining map

srcache_store_skip $skip_cache; ## As per srcache docs the value must be 0 for not skipping and anything other than 0 will be considered for skipping Will combining the variables work here too? Thanks, On Thu, Mar 9, 2017 at 1:39 PM, Igor A. Ippolitov mailto:iippoli...@nginx.com>&

Re: combining map

If you are going to use it inside proxy_no_cache directive, you can combine proxy_cache_method (POST is not included by default) and 'proxy_no_cache $query_string$cookie__mcnc' The latter will not cache the request until there is query string or a cookie with a value set. So basically, it looks

Re: input required on proxy_next_upstream

Could it happen, that all servers reply with HTTP 503? I suggest you could extend your logs with upstream_status variable and if there is only one upstream reply status - try looking through error logs. On 15.02.2017 20:17, Kaustubh Deorukhkar wrote: Hi, We are using nginx as reverse proxy a

Re: swapiness value to be set for high load nginx server

I would suggest disabling swap at all. With 1.5Tb of RAM I doubt you need any. You can try finding out what is swapped by `smem` utility. May be you can live we those files swapped out of memory. Anyway, I doubt swappiness tuning will help you. Look through: https://www.kernel.org/doc/Documen

Re: having nginx listen the same port more than once

Assuming a configuration with multiple similar 'listen' and 'server_name' statements, only the first one will work: server { listen 9090; return 404; server_name example.com; } server { listen 9090; return 403; server_name example.com;

Re: Rate limiting by percentage

Hello, Have a look at split_clients which does something similar: http://nginx.org/en/docs/http/ngx_http_split_clients_module.html You can use resulting variable to select upstream, response or whatever you need. On 25.01.2017 03:01, Thangamani J wrote: Hi team, I'm in process of implementi

Re: cache manager of nginx not clearing cache as expected

max_size is not a strict limit. It's just another watermark for cache manager to start deleting files. Also, there might be a difference between du and cache manager used space estimation (https://github.com/nginx/nginx/blob/f8a9d528df92c7634088e575e5c3d63a1d4ab8ea/src/os/unix/ngx_files.h#L188)

Re: cache manager of nginx not clearing cache as expected

Hello, omkar_jadhav_20 It might occur that nginx keeps files opened while serving them to slow clients. You can try looking for these files with 'lsof -n /cache | grep deleted'. In a case like this you might want to set a timeout for clients or use smaller files/chunks. It looks like nginx c

Re: nginx cache mounted on tmpf getting fulled

Hello, Your cache have 200m space for keys. This is around 1.6M items, isn't it? How much files do you have in your cache? May we have a look at `df -i ` and `du -s /cache/123` output, please? On 06.01.2017 08:40, omkar_jadhav_20 wrote: Hi, I am using nginx as webserver with nginx version: ngi

Re: nginx-1.11.6

I believe, it is mostly unmaintained because of least_conn and least_time. On 16.11.2016 11:26, Francis Daly wrote: On Tue, Nov 15, 2016 at 08:00:17PM -0500, shiz wrote: Hi there, I've recompiled without the nginx-upstream-fair module and all went well. It looks unmaintened and I don't really

Re: multiple php-fpm pool upstream alternating 503 & 502 errors

The behaviour of a single and multiple upstreams is changed due to 'http_503' option of 'fastcgi_next_upstream' . When a request comes to nginx, nginx forwards it to an upstream, tries to get a response, gets 503. http 503 is set to be a failed response (with proxy_next_upstream directive). So

Re: auth_basic within location block doesn't work when return is specified?

Changed own example in the last moment and made a mistake: try files should address non existent file and then do an internal redirect. E.g. try_files nosuchfile.txt @ret; Only the last argument may be a redirect. On 07.11.2016 11:37, Igor A. Ippolitov wrote: This behavior is cause by

Re: auth_basic within location block doesn't work when return is specified?

This behavior is cause by general request processing logic. You may look at ngx_http_core_module.h which defines request processing phases. You may notice that a rewrite phase ('return' acts as a rewrite, actually) is run before access phase. So you have your request returned before access rules