Re: logrotate (?) screws it badly
* lejeczek via nginx: > For after logs got rotated Nginx logs into: > access.log.1 & error.log.1 > and now as it should, you know > access.log & error.log You may want to try logrotate's "copytruncate" option. -Ralph ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx
Re: Can I rewrite https to http?
* baalch...@gmail.com: > So, can I redirect the request, when user open https://nossl.abc.com, the > will be redirect to http://nossl.abc.com? While technically possible, you might find that connecting clients may interpret this as a "downgrade attack", because the client asked for an encrypted connection. Obtaining a certificate from Let's Encryt or similar seems a more suitable approach to me. -Ralph ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx
Re: Prevent direct access to files but allow download from site
* MAXMAXarena: > The user MUST BE ABLE to download the file from the article pages when > LOGGED. If the user is NOT LOGGED, he cannot download the file, > therefore even recovering the url, he must receive an error or any > other type of block. You describe restricted access, not public access. That differs from your OP where you wanted to have it both ways. See NGINX docs, section "Restricting Access with HTTP Basic Authentication". The latter can be replaced with LDAP or whatever auth mechanism you prefer should basic authentication not be to your taste. -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Prevent direct access to files but allow download from site
* MAXMAXarena: > what do you mean by "mutually exclusive"? I am assuming you have looked up the definition, so I'm not sure in what way the term could be be misunderstood? -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Prevent direct access to files but allow download from site
* MAXMAXarena: > I want to be able to download a file from the site's html tag [...] > But do not allow direct access and download, using the browser or > other tools such as curl or wget. Public access and restricted access are mutually exclusive. It also makes nearly no difference what utility is used to access a URL pointing to the text file you gave as an example, because they'll all send a HTTP GET request, which is what the web server expects. Attempting to limit access based on a User-Agent header or similar, to identify the client type, is easily circumvented. -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Come on... Bring the Official PROPFIND and OPTIONS support!
* LilFag: > I'm using Windows and I want Nginx to support these methods in their > WebDAV. Free software meets entitlement issues. What's the magic word? -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Git Plugin
* noloader: > I'd like to put a web front-end on the Git project for browsing and > diff'ing. Git comes with its own web interface called "gitweb" which covers most basic needs (see https://git-scm.com/docs/gitweb). -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: How to build NodeJS support without an Internet connection?
* Valentin V. Bartenev: > http://hg.nginx.org/unit/rev/fd323ad9e24f That looks promising, Valentin. I'll try a build as soon as I'm able to. Would you perhaps consider releasing this as version 1.6.1, so there's an official tarball I can use during the build process? -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
How to build NodeJS support without an Internet connection?
Hello developer team. I am the maintainer of the NGINX Unit ebuild for Gentoo Linux, and currently I am struggling with colliding requirements of Unit's and Gentoo's build strategies. As you may know, the Gentoo way is to build everything from the source code, with only very few exceptions. If, for example, the user desires Python support in Unit, my ebuild ensures that this requirement is met before Unit's release tarball is even unpacked. NodeJS support is a different beast, because the existing Unit build method relies on node-gyp and npm to download and install dependencies during the build process. This fails, because Gentoo builds are executed in a sandbox environment that prohibits both network access and files being written outside the sandbox. Hence, "npm install --global ..." won't do. Is there a way I can modify the existing Unit build to comply with these restrictions? Everything required for the build must either already exist, or it must be downloaded by Gentoo before Unit's compile phase. Also, all required artefacts are recorded with a checksum when an ebuild is added to the Gentoo tree, so no "download whatever is the most recent version of XYZ". Your help is appreciated. -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Please DO NOT add [nginx] to subject
On 15.10.18 15:55, Lucas Rolff wrote: > Might be important to mention that services such as exchange doesn’t support > subaddressing, so it’s a bit harder there :) Well, Microsoft... Server-side filtering is simple enough, e.g. an "Inbox rule" based on the List-Id header containing the string . > Additionally, I know most common names that post on the mailing list, so it’s > easy to see which list it comes from ^_^ Yeah, some people tend to stand out (cough). ;-) > Get Outlook for iOS [...] Thanks, but no thanks. :-) -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Please DO NOT add [nginx] to subject
On 15.10.18 15:32, Stefan Müller wrote: > I read up on email extension [...] Thanks, I appreciate that. > I still believe that a adding [nginx] would make the situation more > comfortable. And I firmly believe the disadvantages of subject rewriting outweigh the percieved "comfort", based on providing email related services for more than 30 years (and counting). > when I open my email application on a phone or desktop occasionally > throughout the day I want to see what I've got today at a glance > without the need clicking / tabbing into sub folders. Yeah, I got that, but I personally don't consider you not wanting to perform an extra click a valid reason at all. I am not trying to be dismissive in any way, I simply don't care. All you need to organise your mailing list subscriptions is already available. It is *your* problem, not anybody else's, to make use of that data/process. -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Please DO NOT add [nginx] to subject
On 15.10.18 14:59, Stefan Müller wrote: > but is seems others do or at least agree with me So what if "others" agree with you? People agree with me as well, check existing discussions about this issue. If you challenge conventions that have been around for good reason, for longer than some mailing list subscribers lived on this fair planet, you better make a damn good case of it, based on evidence and not on your limited personal experience in this particular matter (which is not something to be ashamed of, just a learning opportunity). You have no case, so why not accept the advice you have been offered? -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Please DO NOT add [nginx] to subject
On 15.10.18 12:35, Stefan Mueller wrote: > In answer to Ralph's reply. Why not reply to my message then? > That is a very Gmail specific solution but, thanks god, not anyone is > using Gmail. For them it needs other solutions. No, it does not. Besides, are you trying to spin this to you looking out for others? :-) Address extensions are not GMail specific. Postfix, Sendmail, Qmail, maildrop, Dovecot, Courier - the list goes on - all support extensions. E-Mail existed long before Google Mail (which I don't use). > Anyway we should not focus on labeling / filtering what should > possible in any email application but I cannot tell how much effort > is needed to make it, it could be a real hassle. On the contrary, we should focus on filtering, and you indeed cannot tell, and it is no hassle. You're making more baseless assumptions here. > My main goal is to improve readability of my inbox. There we go; it is about your preferences, not some greater good. Use folders/labels to keep your Inbox clean, use List-Id and similar headers, and it all works. Frankly, existing mailing lists conventions have proven useful for decades, and I don't care about your Inbox in the greater scheme of things. ;-) -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Please DO NOT add [nginx] to subject
On 14.10.18 21:14, Stefan Müller wrote: > getting a separate email per mailing list gets messy, as there are to > many. It does not get messy at all. I have been using mailing lists since the 1980s, and if you're having trouble you are simply not doing it right. I already explained that you can use mail address extensions with your existing GMail address, but I can repeat: Subscribe to this mailing list as stefan.mueller.83+ng...@gmail.com and you're done. Add a GMail rule "Set label nginx, skip Inbox" if you like. Dovecot can use extensions to deliver into folders automatically. I think that trying to make the list owners solve *your* issues is a sad thing to do. Use labels or folders, that's what they are for. Ideally, use List-xyz headers, because that's the reason they exist. -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: [nginx-user] Please DO NOT add [nginx] to subject
On 13.10.18 10:16, Stefan Müller wrote: > Sure /nginx@nginx.org/ is fine for actively filtering, or for putting > everything into another folder, but every other mailing list I'm on > tags the list name in the subject. Then you are not subscribed the right mailing lists. ;-) Seriously, this discussion is almost as old as mailing lists. Rewriting the subject adds clutter, messes with some MUAs, wastes screen estate on devices with small screens (e.g. smartphones), and breaks DKIM. Filtering by the existing "List-Id" header works just fine. Also, you can use address extensions with your Google Mail (and many others), meaning that you can have your mailing list messages automatically filtered/labelled properly. Look at my address in this message, it uses "+nginx" as an extension. -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Question on having multiple SSL cert for multiple domains
On 04.07.2018 17:03, Danny Horne via nginx wrote: > Easiest way (in my opinion) would be to place the ssl configurations > with the appropriate server block Agreed. The SSL configuration parameters can either be added directly or via 'include' statements. Personally, I prefer using generator scripts which produce nginx config files over include statements because it makes the resulting files easier to read. -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Should listen *:443 bind to IPv4 and IPv6 ?
Hi folks,
I wonder if I missed an announcement for a change in nginx behaviour
or if some local issue is causing me problems. The configuration
server {
listen *:443 ssl default_server;
}
used to bind to both 0.0.0.0:443 and [::]:443, but since I updated to
nginx 1.15.0 it only binds to IPv4 but no longer to IPv6. When I add
a second listen directive
server {
listen *:443 ssl default_server;
listen [::]:443 ssl default_server;
}
the server can be reached via both IPv6 and IPv4 again. Was this a
deliberate change?
-Ralph
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: Unit 1.2 release
On 07.06.18 18:07, Valentin V. Bartenev wrote: > Feature: configuration of environment variables for application > processes. My thanks to the Unit team, this new feature is going to save me a lot of headaches. -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx-1.15.0
Hello Maxim. > You are probably talking about nginx-unit project, right? You are right, my bad. I am waiting anxiously for that nginx-unit feature, and I have mistaken the announcement message. -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: nginx-1.15.0
Hello nginx team, a while ago it was mentioned here that the June release was planned to contain the new feature of passing environment variables to individual apps by using dynamic configuration data. I don't see this mentioned in the release notes? -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Flask app with virtual Python environment in Unit 1.1 ?
On 29.04.18 23:03, Valentin V. Bartenev wrote: > Unfortunately, the only way right now is to set them for the main > process (when unitd is executed) or in the application code. Ok. I've now written an openrc-run init script that uses '-e NAME=VALUE' arguments for start-stop-daemon. This currently works for me, because I don't run applications with conflicting environment variables. Yet. > Setting environment variables through API is planned for the next > release in June. That's good news, I'm looking forward to it. I already like Unit a lot, and I also appreciate you guys being so quick to respond and helpful on this mailing list. -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Flask app with virtual Python environment in Unit 1.1 ?
On 29.04.18 17:06, Valentin V. Bartenev wrote: > You can set a path to Python virtual environment using the "home" > parameter of application object. Ah, that was the missing piece, thank you. > Please also note that your application callable need to be named > "application" (not "app"). Alright, I changed my wsgi.py to this: from mypackage import app as application if __name__ == "__main__": application.run() My application can now be called via NGINX -> NGINX Unit -> App, which is exactly what wanted. It also requires certain environment variables to be set, and I am now wondering how to pass these on? I found the enhancement request https://github.com/nginx/unit/issues/12 but since this feature does not seem to be implemented yet, what is the recommended method to pass env variables to Unit workers? -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Flask app with virtual Python environment in Unit 1.1 ?
Hello,
I have built a Flask application with a Python 3.6 virtual environment
which I would like to run using NGINX Unit 1.1 instead of the usual
"source venv/bin/activate; flask run". When I try to apply the following
configuration
{
"listeners": {
"*:5080": {
"application": "myapp"
}
},
"applications": {
"myapp": {
"type": "python",
"processes": 1,
"module": "wsgi",
"user": "nginx",
"group": "nginx",
"path": "/var/www/myapp"
}
}
}
My log file shows
[info] 21422#21422 "myapp" application started
[alert] 21422#21422 Python failed to import module "wsgi"
[notice] 20803#20803 process 21422 exited with code 1
[warn] 20812#20812 failed to start application "myapp"
[alert] 20812#20812 failed to apply new conf
Here's my minimal wsgi.py:
# /var/www/myapp/wsgi.py
import mypackage
if __name__ == "__main__":
mypackage.run()
The Flask application object is defined in mypackage.__init__.py:
app = Flask(__name__)
NGINX Unit does not know about the virtual Python environment at this
time, and I don't know how I can set the required library paths. Can
somebody please point me in the right direction?
-Ralph
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: Trouble configuring PHP 7.1 module for Unit 1.0 on Gentoo Linux
On 13.04.18 17:12, Igor Sysoev wrote: > > I think it would be worth mentioning this particular detail in > > https://unit.nginx.org/installation/#configuring-sources . > > Almost the same example is here: > https://unit.nginx.org/installation/#configuring-php-modules I should probably have been more specific. ;-) What I meant with "this particular detail" is that specifying --lib-path is apparently required with Unit version 1.0 on Gentoo Linux, even though lib-path is optional per se. -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
[SOLVED] Re: Trouble configuring PHP 7.1 module for Unit 1.0 on Gentoo Linux
On 13.04.2018 16:40, Igor Sysoev wrote: > On Gentoo you should also use --lib-path Thank you, Igor! The following works on my Gentoo test server: ./configure php --config=/usr/lib64/php7.1/bin/php-config --lib-path=/usr/lib64/php7.1/lib64 I think it would be worth mentioning this particular detail in https://unit.nginx.org/installation/#configuring-sources . -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Re: Trouble configuring PHP 7.1 module for Unit 1.0 on Gentoo Linux
On 13.04.2018 14:49, Igor Sysoev wrote:
>> $ ./configure php --config=/usr/lib64/php7.1/bin/php-config
>> configuring PHP module
>> checking for PHP ... found
>> + PHP SAPI: [embed cli fpm apache2handler]
>> checking for PHP embed SAPI ... not found
>
> Could you show the last lines from build/autoconf.err relevant to PHP?
Sure, here you go again. I only added word-wrapping:
--
configuring PHP module ...
checking for PHP ...
7.1.16
checking for PHP embed SAPI
/usr/lib/gcc/x86_64-pc-linux-gnu/6.4.0/../../../../x86_64-pc-linux-gnu/bin/ld:
cannot find -lphp7
collect2: error: ld returned 1 exit status
--
#include
#include
int main() {
php_request_startup();
return 0;
}
--
cc -pipe -fPIC -fvisibility=hidden -O -W -Wall -Wextra
-Wno-unused-parameter -Wwrite-strings -Wmissing-prototypes -Werror -g
-I/usr/lib64/php7.1/include/php -I/usr/lib64/php7.1/include/php/main
-I/usr/lib64/php7.1/include/php/TSRM
-I/usr/lib64/php7.1/include/php/Zend -I/usr/lib64/php7.1/include/php/ext
-I/usr/lib64/php7.1/include/php/ext/date/lib -o build/autotest
build/autotest.c -lphp7
--
I've placed a full console log of the steps I've taken and the results
displayed here: https://pastebin.com/ys2zWqnD (one week expiry).
-Ralph
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: Trouble configuring PHP 7.1 module for Unit 1.0 on Gentoo Linux
On 13.04.18 12:52, Igor Sysoev wrote: > PHP package was built without embed SAPI support. > Otherwise it shows something like this: > + PHP SAPI: [cli fpm embed apache2handler] Thanks, Igor. I have rebuilt PHP 7.1 with the following USE flags: # /etc/portage/package.use/php dev-lang/php apache2 embed fpm curl gd intl ldap mysql mysqli \ pdo sockets xmlreader xmlwriter xslt zip Although 'embed' is now listed, I still see the error when attempting to configure the PHP module: $ ./configure php --config=/usr/lib64/php7.1/bin/php-config configuring PHP module checking for PHP ... found + PHP SAPI: [embed cli fpm apache2handler] checking for PHP embed SAPI ... not found -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Trouble configuring PHP 7.1 module for Unit 1.0 on Gentoo Linux
Congratulations to the whole team for reaching the release 1.0 milestone!
I'm trying to build Unit on Gentoo Linux, and while module configs for
Python and Perl work as expected, I'm struggling with the PHP module:
$ ./configure php --config=/usr/lib64/php7.1/bin/php-config
configuring PHP module
checking for PHP ... found
+ PHP SAPI: [cli fpm apache2handler]
checking for PHP embed SAPI ... not found
Here is the content of build/autoconf.err:
configuring PHP module ...
checking for PHP ...
7.1.16
checking for PHP embed SAPI
/usr/lib/gcc/x86_64-pc-linux-gnu/6.4.0/../../../../x86_64-pc-linux-gnu/bin/ld:
cannot find -lphp7
collect2: error: ld returned 1 exit status
--
#include
#include
int main() {
php_request_startup();
return 0;
}
--
cc -pipe -fPIC -fvisibility=hidden -O -W -Wall -Wextra -Wno-unused-parameter
-Wwrite-strings -Wmissing-prototypes
-Werror -g -I/usr/lib64/php7.1/include/php -I/usr/lib64/php7.1/include/php/main
-I/usr/lib64/php7.1/include/php/TSRM
-I/usr/lib64/php7.1/include/php/Zend -I/usr/lib64/php7.1/include/php/ext
-I/usr/lib64/php7.1/include/php/ext/date/lib -o
build/autotest build/autotest.c -lphp7
--
A search turned up https://github.com/nginx/unit/issues/47 but I am not
sure if/how this applies to my issue and what to do next?
-Ralph
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: Why are my CGI scripts not executed like PHP ?
On 07.04.18 16:18, Francis Daly wrote:
> This mail is a bit long, but I try to cover the points raised in your
> previous mails too.
I appreciate you taking the time. Like I said, I am new to nginx. Years
of using Apache caused me to expect certain things to happen in certain
ways, and even though I studied nginx documentation and already noted
substantial differences, I'm glad for your thorough description. One
sentence in particular got me thinking:
> Perhaps /tmp/script is not executable by the fcgiwrap user, or does
> not provide correct CGI output when run in this limited environment.
Yesterday I had verified that the CGI test script was executable for
all, ran it with "su nginx -c /path/to/test.cgi", and then basically
forgot about the script, to focus all my attention on nginx, fcgiwrap,
and the other tools in my box.
Turns out that the CGI shell script I quickly typed in Vi lacks a small
but significant detail. https://tools.ietf.org/html/rfc3875 section 6.2
states "The response comprises a message-header and a message-body,
separated by a blank line", and unfortunately I omitted that blank line.
Seeing that, the error message I included in yesterday's email makes
more sense to me: "Upstream prematurely closed FastCGI stdout while
reading response header". With the blank line absent, all returned data
was considered message-header, and when the stream was closed, no
message-body had apparently been received.
As soon as I added the missing blank line to my test.cgi, all worked
smoothly. Here's the relevant section of my nginx configuration:
server {
listen *:443 ssl;
server_name test.mydomain.tld;
# ...logging and basic SSL stuff here...
root /var/www/localhost/test;
index test.cgi;
location ~ \.cgi$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/run/fcgi-nginx-1;
}
}
Doesn't look like much, and according to Git, that's actually what I
used on my very first attempt with spawn-fcgi. I sure wish I had spotted
the script problem earlier. Face, meet palm.
-Ralph
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Re: Why are my CGI scripts not executed like PHP ?
On 06.04.18 19:04, Richard Stanway wrote: > https://www.nginx.com/resources/wiki/start/topics/examples/fcgiwrap/ I altered my setup to use fcgiwrap. Since then, I keep getting "502 Bad Gateway" errors, with log entries like this: 2018/04/06 21:21:02 [error] 17838#0: *1 upstream prematurely closed FastCGI stdout while reading response header from upstream, client: 123.234.123.234, server: test.mydomain.tld, request: "GET / HTTP/1.1", upstream: "fastcgi://unix:/tmp/cgi.sock:", host: "test.mydomain.tld:8443" I use fcgiwrap 1.1.0 from 2013, which appears to be the latest available release according to https://github.com/gnosek/fcgiwrap . I tried both the Perl script at the location you linked and spawn-fcgi 1.6.4 as an alternative, but the 502 error pops up regardlesss. Permissions for the socket are as follows: $ ls -l /tmp/cgi.sock srwx-- 1 nginx nginx 0 Apr 6 21:48 /tmp/cgi.sock= Interestingly I found this old message of Richard's: http://mailman.nginx.org/pipermail/nginx/2014-January/041963.html Unfortunately no amount of meddling with SCRIPT_FILENAME, including setting the absolute path to the CGI script, made any difference for me. I don't know how to debug this further. Development of fcgiwrap seems to have ended years ago and the project page is no longer connected. I'd be grateful for more ideas how to solve this puzzle. -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Why are my CGI scripts not executed like PHP ?
On 06.04.2018 19:04, Richard Stanway wrote: > PHP-FPM is only for PHP. You'll want something like fcgiwrap for > regular CGI files. Seriously? But http://php.net/manual/en/intro.fpm.php states: "FPM (FastCGI Process Manager) is an alternative PHP FastCGI implementation with some additional features (mostly) useful for heavy-loaded sites." I mistakenly assumed that the name FastCGI Process Manager implies this piece of software is meant for CGI in general and used for PHP more as a byproduct. Also, there are the nginx config file names fastcgi.conf and fastcgi_params. Sigh. Silly me... :-P Thanks for letting me know that I can stop wasting time with the wrong tool for the job. I'll investigate FCGI Wrap, like you suggested. -Ralph ___ nginx mailing list nginx@nginx.org http://mailman.nginx.org/mailman/listinfo/nginx
Why are my CGI scripts not executed like PHP ?
Hello list,
I am fairly new to nginx and now have stumbled across an issue I can't
solve. I have successfully configured nginx on Gentoo Linux to run PHP
applications (e.g. phpBB and phpMyAdmin) with php-fpm.
As far as I understand, php-fpm should also be able to execute "regular
CGI" in the form of Shell-Scripts or Perl, as long as the files are
executable and use shebang-notation to indicate what interpreter they
want to be run with?
In my test installation CGI scripts are never executed by php-fpm. File
contents are simply piped to the web browser, and I can't figure out
why. I searched the Net and mailing list archives, but did not find a
solution, so I thought it best to ask here.
Output of nginx -V, configuration dump and test.cgi are attached. Your
help is appreciated.
-Ralph
nginx version: nginx/1.13.11
built with OpenSSL 1.0.2n 7 Dec 2017
TLS SNI support enabled
configure arguments: --prefix=/usr --conf-path=/etc/nginx/nginx.conf
--error-log-path=/var/log/nginx/error_log --pid-path=/run/nginx.pid
--lock-path=/run/lock/nginx.lock --with-cc-opt=-I/usr/include
--with-ld-opt=-L/usr/lib64 --http-log-path=/var/log/nginx/access_log
--http-client-body-temp-path=/var/lib/nginx/tmp/client
--http-proxy-temp-path=/var/lib/nginx/tmp/proxy
--http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi
--http-scgi-temp-path=/var/lib/nginx/tmp/scgi
--http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --with-compat
--with-http_v2_module --with-pcre --with-pcre-jit
--with-http_addition_module
--with-http_dav_module --with-http_perl_module --with-http_realip_module
--add-module=external_module/headers-more-nginx-module-0.33
--add-module=external_module/ngx-fancyindex-0.4.2
--add-module=external_module/ngx_http_auth_pam_module-1.5.1
--add-module=external_module/nginx-dav-ext-module-0.1.0
--add-module=external_module/echo-nginx-module-0.61
--add-module=external_module/nginx-auth-ldap-42d195d7a7575ebab1c369ad3fc5d78dc2c2669c
--add-module=external_module/nginx-module-vts-0.1.15-gentoo
--with-http_ssl_module --without-stream_access_module
--without-stream_geo_module --without-stream_limit_conn_module
--without-stream_map_module --without-stream_return_module
--without-stream_split_clients_module --without-stream_upstream_hash_module
--without-stream_upstream_least_conn_module
--without-stream_upstream_zone_module --without-mail_pop3_module --with-mail
--with-mail_ssl_module --user=nginx --group=nginx
# configuration file /etc/nginx/nginx.conf:
user nginx nginx;
worker_processes 1;
error_log /var/log/nginx/error_log info;
events {
worker_connections 1024;
use epoll;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main
'$remote_addr - $remote_user [$time_local] '
'"$request" $status $bytes_sent '
'"$http_referer" "$http_user_agent" '
'"$gzip_ratio"';
client_header_timeout 10m;
client_body_timeout 10m;
send_timeout 10m;
connection_pool_size 256;
client_header_buffer_size 1k;
large_client_header_buffers 4 2k;
request_pool_size 4k;
gzip off;
output_buffers 1 32k;
postpone_output 1460;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 75 20;
ignore_invalid_headers on;
index index.html;
server {
listen *:8080 default_server;
access_log /var/log/nginx/access_log main;
error_log /var/log/nginx/error_log info;
server_name _;
root /var/www/localhost/htdocs;
# Alternative: temp redirect to HTTPS
#return 302 https://$host$request_uri;
}
include local/*.conf;
}
# configuration file /etc/nginx/local/20-test.conf:
server {
listen *:8443 ssl default_server;
server_name test.mydomain.tld;
access_log /var/log/nginx/ssl_access_log main;
error_log /var/log/nginx/ssl_error_log debug;
ssl on;
ssl_certificate /etc/ssl/mydomain/cert.pem;
ssl_certificate_key /etc/ssl/mydomain/key.pem;
root /var/www/localhost/test;
index test.cgi;
location ~ \.cgi$ {
# Test for non-existent scripts or throw a 404 error
try_files $uri =404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_pass unix:/run/php7-fpm.sock;
}
}
# configuration file /etc/nginx/mime.types:
types {
text/htmlhtml htm shtml;
text/css css;
text/xml xml;
image/gifgif;
image/jpeg jpeg jpg;
application/javascript js;
application/atom+xml atom;
application/rss+xml rss;
text/mathml mml;
text/plain txt;
text/vnd.sun.j2me.app-descriptor jad;
text/vnd.wap.wml wml;
text/x-component htc;
image/png
