Re: Nginx ignores proxy_no_cache

2025-01-31 Thread Maxim Dounin
the code in question was modified in freenginx to address the issue reported by Kirill in the thread you are replying to, and your patch won't apply, see https://freenginx.org/hg/nginx/rev/c5623963c29e for details.) [...] -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Allow response with AD bit in resolver

2024-06-15 Thread Maxim Dounin
tcp)) { > +if ((flags & 0xf850) != 0x8000 || (trunc && tcp)) { > ngx_log_error(r->log_level, r->log, 0, >"invalid %s DNS response %ui fl:%04Xi", >tcp ? "TCP" : "UDP&quo

Re: Status code 0

2024-05-04 Thread Maxim Dounin
00. In most cases there should be additional details in the error log explaining the reasons. If there aren't any, or reasons aren't clear, it might be a good idea to dig further. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx

Re: Nginx ignores proxy_no_cache

2024-04-07 Thread Maxim Dounin
, including internally generated 502/504 in ngx_http_upstream_finalize_request(), and intercepted errors in ngx_http_upstream_intercept_errors(). Quick look suggests there will be also issues with caching errors after proxy_cache_bypass (errors won't be cached even if they should), a

Re: announcing freenginx.org

2024-02-15 Thread Maxim Dounin
Hello! On Thu, Feb 15, 2024 at 04:31:49PM +0400, Roman Arutyunyan wrote: > Hello, > > On Wed, Feb 14, 2024 at 08:59:10PM +0300, Maxim Dounin wrote: > > Hello! > > > > As you probably know, F5 closed Moscow office in 2022, and I no > > longer work for F5 sin

Re: announcing freenginx.org

2024-02-15 Thread Maxim Dounin
Will follow freenginx then. > Thx. Thanks. Interesting term, never heard it before. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: announcing freenginx.org

2024-02-14 Thread Maxim Dounin
myself. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: announcing freenginx.org

2024-02-14 Thread Maxim Dounin
Hello! On Thu, Feb 15, 2024 at 03:24:59AM +0800, Jeffrey 'jf' Lim wrote: > On Thu, Feb 15, 2024 at 1:59 AM Maxim Dounin wrote: > > > Hello! > > > > As you probably know, F5 closed Moscow office in 2022, and I no > > longer work for F5 since then. Stil

announcing freenginx.org

2024-02-14 Thread Maxim Dounin
://freenginx.org/ The goal is to keep nginx development free from arbitrary corporate actions. Help and contributions are welcome. Hope it will be beneficial for everyone. -- Maxim Dounin http://freenginx.org/ ___ nginx mailing list nginx@nginx.org

Re: International characters and serving files

2024-02-10 Thread Maxim Dounin
our terminal, and there is an FC byte instead. To see what's there in fact, consider looking at the raw bytes in the file name with something like "ls | hd". Also, you can use nginx autoindex module - it will generate a page with properly escaped links,

Re: Serving pdf configuration issue

2024-02-08 Thread Maxim Dounin
use try_files, as simply serving static files is equivalent (unless you specifically want to return 404 for directories). That is, just location /camp/ { root "C:/.../clearwater"; } would be (mostly) equivalent. But, given that you want "/camp/camprental.p

Re: Occasional "400 Bad Request" Responses from Nginx

2024-02-04 Thread Maxim Dounin
bcdef0123456789abcdef0123456789abcdef0123456789abcdef Since first 680 bytes of this "request" is actually the request body of the previous request, the request line actually starts somewhere in "0123456789abcdef0123..." bytes, and the meth

Re: nginx looking in wrong dir for module

2024-02-02 Thread Maxim Dounin
modules" under prefix, but you'll have to use something different if you've modified --modules-path to a custom value. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: ngx_http_find_virtual_server ngx_http_regex_exec DOS

2024-01-30 Thread Maxim Dounin
using "large number of regex server_names" might be the best solution available here. Requests are not required to be to the same virtual server, and caching won't generally work. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx

Re: Managing Static Files

2024-01-30 Thread Maxim Dounin
for other tasks. Removing uncompressed files usually makes sense only if amount of static files is huge. Hope this helps. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: This is a question about the "$status" log value when "proxy_read_timeout" occurs.

2024-01-16 Thread Maxim Dounin
happens, the response headers are already sent, so $status contains 200 as sent to the client. For errors happened during sending the response body, consider looking into the error log. Some generic information about successful request completion migh

Re: Bug in handling POST then sending a file back

2024-01-08 Thread Maxim Dounin
as a response to the POST request itself (this is generally a bad practice, since it will break page refresh and browser history navigation), consider returning the file directly from your script instead of trying to do an internal redirect. -- Maxim Dounin http://mdounin.ru/ ___

Re: IMAP Proxy with TLS Upstream Configuration

2024-01-06 Thread Maxim Dounin
roxy_ssl on;" to handle SSL/TLS with the backend servers for you, see http://nginx.org/r/proxy_ssl for details. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Windows ARM64

2024-01-02 Thread Maxim Dounin
ps://nginx.org/en/docs/windows.html). Its main purpose is to facilitate web development directly on Windows devices. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Calculating requests per second, per IP address

2023-12-29 Thread Maxim Dounin
umber of requests per day from a legitimate user. Note well that using "nodelay" (or "delay=N") is recommended with such approach, see http://nginx.org/r/limit_req for details. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: ngx_quic_create_stream segfault

2023-12-22 Thread Maxim Dounin
from nginx.org without any 3rd party modules and/or patches and testing if you are able to reproduce the problem. [...] -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Disable http_dav_module in Nginx Web server (version nginx/1.24.0)

2023-11-27 Thread Maxim Dounin
;ve explicitly enabled it in nginx configuration with the dav_methods directive (http://nginx.org/r/dav_methods). If you additionally want nginx without the DAV module compiled in, recompile nginx without the "--with-http_dav_module" configure option. -- Maxim

Re: Limiting number of client TLS connections

2023-11-21 Thread Maxim Dounin
nginx (which has to work with already established connections at the application level). It might be a better idea to actually introduce a firewall if you need such limits (or, rather, make it possible to configure the one most likely already present). -- Maxim Dounin http://mdou

Re: Nginx as reverse proxy - proxy_ssl_x questions

2023-11-19 Thread Maxim Dounin
now that https is being used. > proxy_set_header Upgrade $http_upgrade; > proxy_set_header Connection "upgrade"; This shouldn't be used unless you intentionally configuring WebSocket proxying. > proxy_set_header Early-Data $ssl_early_data; This is certainly not needed un

Re: Limiting number of client TLS connections

2023-11-18 Thread Maxim Dounin
shed connections. Instead, firewall is expected to be used for such tasks. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx as reverse proxy - proxy_ssl_x questions

2023-11-18 Thread Maxim Dounin
for SSL proxying. That is, corresponding values are only used when proxy_pass is used with the "https" scheme. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: control proxy_buffering with variables

2023-11-17 Thread Maxim Dounin
ration, can be implemented using internal redirections, such as with "rewrite". Note well that the proxy_buffering can also be controlled from the backend via the X-Accel-Buffering response header. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: location ~* \.(...) access_log off; prevents access to files instead of logs

2023-11-14 Thread Maxim Dounin
the server level instead, so it will be used for both locations. Just in case, looking into error log usually makes such issues trivial to identify - nginx will complain if it cannot find a file requested, and will show full path it tried to use. Hope this helps. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

nginx-1.25.3

2023-10-24 Thread Maxim Dounin
the PCRE2 library. Thanks to ZhenZhong Wu. *) Bugfixes and improvements in HTTP/3. -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: trying to disable gzip

2023-10-18 Thread Maxim Dounin
esource being returned 1) contains some secret information and 2) it reflects some user input. That is, it certainly does not affect static files, and can be easily avoided by masking secrets in dynamic pages, see https://www.breachattack.com/ for details. -- Maxim Dounin http://mdounin.ru/

Re: OT: Rapid Reset attacks on HTTP/2

2023-10-10 Thread Maxim Dounin
we've decided to implemented some additional mitigations which will help nginx to detect such attacks and drop connections with misbehaving clients faster. The patch to do so was committed (http://hg.nginx.org/nginx/rev/cdda286c0f1b) and will be available in the next nginx release.

Re: OT: Rapid Reset attacks on HTTP/2

2023-10-10 Thread Maxim Dounin
odule" claim is incorrect, see here: https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html Hope this helps. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Compatibility of X25519Kyber768 ClientHello

2023-10-09 Thread Maxim Dounin
it > error free? There are no known issues in nginx with ClientHello split between packets (with all supported SSL libraries). And I would be very much surprised if there are any, as this is indeed a very basic thing TCP-based applications used to handle. Such issues a

Re: Requesting a Nginx Variable - "client_time_taken" (similar to request_time & upstream_response_time)

2023-10-02 Thread Maxim Dounin
to mention that in many practical cases total timeout on the request body reading cannot be less than several hours, making such timeouts irrelevant. For trivial in-nginx protection from Slowloris-like attacks involving request body, consider using limit_conn (http://nginx.org/r/limit_conn). [...] -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Requesting a Nginx Variable - "client_time_taken" (similar to request_time & upstream_response_time)

2023-10-01 Thread Maxim Dounin
it possible to activate debug logging only for a particular client (http://nginx.org/r/debug_connection). > 2. Also, is there a timeout for the whole request? > >     (say request should be timed out if it is more than 15 > minutes) No. -- Maxim Dounin http://mdounin.ru/ _

Re: SSL Reuse not happening in s3 presigned urls

2023-10-01 Thread Maxim Dounin
please help how to achieve SSL Cache? how to make sure the CPU is > not high? Is there any reason why the CPU is high other than SSL Handshake. As outlined above, most likely SSL session reuse to upstream servers is already working properly in your setup. Note though that SSL is generally costly, and you are using it for both client connections and upstream connections. Depending on the certificates being used, ciphers being used and so on costs might vary, and there might be a room for improvement. Hope this helps. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Debugging Nginx Memory Spikes on Production Servers

2023-09-20 Thread Maxim Dounin
without invoking the OOM Killer, that is: worker_processes * worker_connections * (total amount of various buffers as allocated per connection). If not, consider reducing various parts of the equation. Hope this helps. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Unnecessary Log Entry?

2023-09-20 Thread Maxim Dounin
7;t want to see these messages, consider configuring error_log logging level to a higher one, see http://nginx.org/r/error_log for details. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: module which handles POST request help

2023-09-18 Thread Maxim Dounin
s automatically, and there is no need to recover phase processing, so reading the request body is more or less trivial. An example code can be seen in the development guide: http://nginx.org/en/docs/dev/development_guide.html#http_request_body Hope this helps. -- Maxim Dounin http://md

Re: status-line trailing SP is missing ?

2023-08-31 Thread Maxim Dounin
Hello! On Thu, Aug 31, 2023 at 03:45:18PM +0400, Sergey Kandaurov wrote: > > On 29 Aug 2023, at 08:14, Maxim Dounin wrote: > > > > Hello! > > > > On Sat, Aug 26, 2023 at 04:21:07PM +0200, Jérémy Lal wrote: > > > >> Hi, > >> > >&g

Re: status-line trailing SP is missing ?

2023-08-31 Thread Maxim Dounin
Hello! On Thu, Aug 31, 2023 at 03:45:06PM +0400, Sergey Kandaurov wrote: > > On 31 Aug 2023, at 14:28, Maxim Dounin wrote: > > > > Hello! > > > > On Wed, Aug 30, 2023 at 04:20:15PM +0400, Sergey Kandaurov wrote: > > > >>> On 29 Aug 2023, at

Re: status-line trailing SP is missing ?

2023-08-31 Thread Maxim Dounin
Hello! On Wed, Aug 30, 2023 at 04:20:15PM +0400, Sergey Kandaurov wrote: > > On 29 Aug 2023, at 08:33, Maxim Dounin wrote: > > > > On Mon, Aug 28, 2023 at 08:59:28PM +0400, Sergey Kandaurov wrote: > > > >>> On 26 Aug 2023, at 18:21, Jérémy Lal wrote:

Re: status-line trailing SP is missing ?

2023-08-28 Thread Maxim Dounin
stcgi_process_header(ngx_http > } > > u->headers_in.status_n = status; > - u->headers_in.status_line = *status_line; > > } else if (u->headers_in.location) { > u->headers_in.status_n = 302; I don't think it's a good idea, since this always drops the reason phrase provided by the upstream server. It can contain some meaningful information which will be lost as a result, most notably for non-standard error codes. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: status-line trailing SP is missing ?

2023-08-28 Thread Maxim Dounin
for the nginx behaviour, I don't think we want to try to implement custom parsing for the Status header to preserve trailing SP if it's present. We can, however, consider using only the status code from such Status headers, so nginx will provide reason phrase by itself. Something like t

nginx-1.25.2

2023-08-15 Thread Maxim Dounin
in HTTP/3. -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Limit upload time

2023-07-30 Thread Maxim Dounin
proxy_request_buffering off;" and appropriate limits on the backend side (see https://nginx.org/r/proxy_request_buffering for details). This might not be a good solution though, since in most cases keeping connections on nginx side is way cheaper than passing them to backends. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: load_module with "./configure ... --modules-path= ..."

2023-07-14 Thread Maxim Dounin
Hello! On Thu, Jul 13, 2023 at 03:08:19PM -0300, Fabiano Furtado Pessoa Coelho wrote: > Hello... > > On Wed, Jul 12, 2023 at 9:37 PM Maxim Dounin wrote: > > > > Hello! > > > > On Wed, Jul 12, 2023 at 06:40:21PM -0300, Fabiano Furtado Pessoa Coelho > >

Re: load_module with "./configure ... --modules-path= ..."

2023-07-12 Thread Maxim Dounin
guration directives. Note the example in the documentation (http://nginx.org/r/load_module): load_module modules/ngx_mail_module.so; This example assumes the default "--modules-path", so modules are installed into the "modules" directory under prefix. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Possible bug with "proxy_intercept_errors on; " + "error_page 301 302"?

2023-06-30 Thread Maxim Dounin
Hello! On Fri, Jun 30, 2023 at 01:24:18PM -0300, Fabiano Furtado Pessoa Coelho wrote: > Hello Maxim... > > On Thu, Jun 29, 2023 at 7:00 PM Maxim Dounin wrote: > > > > Hello! > > > > On Thu, Jun 29, 2023 at 04:29:39PM -0300, Fabiano Furtado Pesso

Re: Possible bug with "proxy_intercept_errors on; " + "error_page 301 302"?

2023-06-29 Thread Maxim Dounin
"proxy_intercept_errors" handling does not copy any response headers from the original response (the only exception is WWW-Authenticate for 403 responses). If you want nginx to copy some headers, consider doing it yourself with the $upstream_http_* variab

Re: chunk body in response

2023-06-27 Thread Maxim Dounin
nvalid response. Check nginx debug logs and/or tcpdump for more details (and probably some hints on how to fix your upstream server). -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx_http_write_filter_module.c

2023-06-21 Thread Maxim Dounin
;temporary) flag. Check your code to see if the buffer flags are set correctly, it looks like they aren't. See http://nginx.org/en/docs/dev/development_guide.html#buffer for basic information about memory buffers and some basic examples. For additional information, check nginx code. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

nginx-1.25.1

2023-06-13 Thread Maxim Dounin
2 server push support has been removed. *) Change: the deprecated "ssl" directive is not supported anymore. *) Bugfix: in HTTP/3 when using OpenSSL. -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx mail auth_http response support ssl?

2023-06-13 Thread Maxim Dounin
r example, you can make one with the stream module, see here for details: http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Regex match the middle of a URL and also the ending?

2023-06-03 Thread Maxim Dounin
Hello! On Sun, Jun 04, 2023 at 07:30:40AM +1000, Jore wrote: > Hi there, > > Thanks for getting back. > > On 4/6/23 3:16 am, Maxim Dounin wrote: > > > Hello! > > […] > > > The "^~" location modifier is for prefix-match locations to prevent

Re: Regex match the middle of a URL and also the ending?

2023-06-03 Thread Maxim Dounin
for details. If you want to use a regular expression, you have to use the "~" modifier instead. That is, proper configuration will look like: location ~ ^/browser/.*/welcome/welcome.html$ { # URI matches given regular expression ... } locati

nginx-1.25.0

2023-05-23 Thread Maxim Dounin
Changes with nginx 1.25.023 May 2023 *) Feature: experimental HTTP/3 support. -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: http2 error: Invalid HTTP header field was received:

2023-05-23 Thread Maxim Dounin
mporary workaround, this will likely prevent (at least some) clients from rejecting such invalid responses. Note though that this is, uhm, a workaround, and proper solution is to fix the upstream server. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: QUIC Stream and Server Push support

2023-05-19 Thread Maxim Dounin
s://developer.chrome.com/blog/removing-push/). Removing HTTP/2 Server Push support is also planned sometime during nginx 1.25.x development cycle. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: ssl preread for postgres connection

2023-05-14 Thread Maxim Dounin
is, it's not going to work with neither SSL termination, nor SSL preread, and needs an implementation of the Postgres protocol. [...] -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Duplicate Content-Length header with same value, recent change in behavior intentional?

2023-04-19 Thread Maxim Dounin
lines with the same name, as done in nginx 1.23.0. The particular commit is: http://hg.nginx.org/nginx/rev/2bf7792c262e The particular modification isn't in the change log as the upstream response in question is obviously invalid and should never be accepted in the first place, and the

Re: resolver does not work

2023-04-18 Thread Maxim Dounin
ed on the systemd side. Unfortunately, I'm not familiar with systemd-nspawn and have no idea how to do it properly and if it's at all possible. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: resolver does not work

2023-04-18 Thread Maxim Dounin
resolver 127.0.0.53 valid=10s; set $upstream "http://container";;   proxy_pass $upstream; Note though that there should be an actual DNS name which can be resolved with the DNS server configured with the "resolver" directive. The "container could not be resol

Re: ngx_list_free

2023-04-18 Thread Maxim Dounin
etails about memory pools: http://nginx.org/en/docs/dev/development_guide.html#pool -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: ngx_list_free

2023-04-18 Thread Maxim Dounin
are ignored by the code iterating over the list. If you need something more dynamic in your code, ngx_list_t might not be the right structure to use. Something like ngx_queue_t or ngx_rbtree_t might be a better choice. -- Maxim Dounin http://mdounin.ru/

nginx-1.24.0

2023-04-11 Thread Maxim Dounin
Changes with nginx 1.24.011 Apr 2023 *) 1.24.x stable branch. -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: client certificate to upstream via nginx

2023-03-29 Thread Maxim Dounin
it might be a good idea to reconsider the setup you are using. Hope this helps. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

nginx-1.23.4

2023-03-28 Thread Maxim Dounin
h code 400. *) Bugfix: messages about logging to syslog errors did not contain information that the errors happened while logging to syslog. Thanks to Safar Safarly. *) Workaround: "gzip filter failed to use preallocated memory" alerts appeared in logs when using zlib-ng. *) Bugfix: in the mail proxy server. -- Maxim Dounin http://nginx.org/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: How to compile Nginx with zlib-ng

2023-03-27 Thread Maxim Dounin
Hello! On Mon, Mar 27, 2023 at 09:57:34PM +0400, Sergey Kandaurov wrote: > > On 24 Mar 2023, at 06:07, Maxim Dounin wrote: > > > > Hello! > > > > On Thu, Mar 23, 2023 at 09:33:19PM +0100, Richard Stanway via nginx wrote: > > > >> Yes, when using

Re: nginx configuration variable interpolation

2023-03-27 Thread Maxim Dounin
foreign host. As you can see from the telnet output, the Access-Control-Allow-Origin is properly added. If you are seeing a different behaviour, you may want to recheck the value actually being used. If it is indeed "0", and not an empty stri

Re: How to compile Nginx with zlib-ng

2023-03-23 Thread Maxim Dounin
indow bits will be adjusted to 13). Please try the following patch, it should help with recent versions: # HG changeset patch # User Maxim Dounin # Date 1679622670 -10800 # Fri Mar 24 04:51:10 2023 +0300 # Node ID 67a0999550c3622e51639acb8bde57d199826f7e # Parent d1cf09451ae84b930ce

Re: ngx_mail: untagged IMAP responses

2023-03-11 Thread Maxim Dounin
https://mailman.nginx.org/pipermail/nginx-devel/2013-March/003477.html > > Given that it is a known issue and it has not been addressed I don't expect > it > to be supported by nginx out of the box but may be there are 3rd party > patches > for this I can try? I'm

Re: Reverse Proxy 502 Bad Gateway

2023-03-03 Thread Maxim Dounin
? The error is somewhat expected: you are trying to connect to non-SSL port using SSL, and this is expected to fail. You should either configure SSL on the backend, or change proxying to use the "http" protocol instead. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx serving corrupt images

2023-02-23 Thread Maxim Dounin
er_size to 4k, Something for Saint to try out. I don't think it's related. The issue you are seeing is very specific to some broken OpenSSL development builds, and shouldn't appear anywhere else. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx serving corrupt images

2023-02-23 Thread Maxim Dounin
> <http://win10-web-svr.dreamstone.com>", referrer: > > "https://win10-web-svr.dreamstone.com/ > > <https://win10-web-svr.dreamstone.com/>"* The error suggests there is a bug in the SSL library you are using. What does "nginx -V" show? (IIRC, there w

Re: nginx serving corrupt images

2023-02-23 Thread Maxim Dounin
from "location /", and let nginx do it's job. [...] -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx serving corrupt images

2023-02-23 Thread Maxim Dounin
issues impossible to debug, and is generally not recommended - unless you have good reasons to implement something like this. Instead, I would recommend using normal request processing and let nginx to normally return files under the document root and reject requests to non-existing files. Hop

Re: nginx serving corrupt images

2023-02-23 Thread Maxim Dounin
ify at least "location /", even if it's empty. While not specifying any locations mostly works, this causes nginx to process requests in the "server location", which was originally introduced as a purely technical one. Trying

Re: nginx serving corrupt images

2023-02-22 Thread Maxim Dounin
ows that logging is properly configured, as nginx will log some notice-level messages at start. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx serving corrupt images

2023-02-22 Thread Maxim Dounin
ntify exact files being requested, so you'll be able to check them manually, as will contain exact error code, so it will be possible to identify various permission issues. Hope this helps. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Log Of Attempted Files

2023-02-22 Thread Maxim Dounin
m OK > > Short of this, what is the $variable name for the last file for the > log format in nginx? pointer(s) appreciated. I don't think it's possible to obtain such a list of files in a variable. -- Maxim Dounin http://mdounin.ru/ _

Re: nginx serving corrupt images

2023-02-22 Thread Maxim Dounin
x27;t, nobody will be able to do it, unfortunately. The most basic thing I would recommend in the first place is to look into nginx error log, it is likely to contain important information if something goes wrong. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx does not start automatically, what have I done?

2023-02-17 Thread Maxim Dounin
ginx. It should contain "After=" and "Wants=" clauses with "network-online.target", see http://hg.nginx.org/pkg-oss/file/tip/debian/debian/nginx.service for an example. -- Maxim Dounin http://mdounin.ru/ ___ n

Re: nginx does not start automatically, what have I done?

2023-02-17 Thread Maxim Dounin
p order. This should also fix other potential issues, such as non-working DNS resolution during nginx startup. On the other hand, if it works for you, it's probably good enough. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@ngi

Re: nginx does not start automatically, what have I done?

2023-02-16 Thread Maxim Dounin
r wait service, see [1]). - Reconfigure nginx to listen on the wildcard address instead, so it won't try to bind on IP addresses not yet available when it starts. Hope this helps. [1] https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: "ssl_stapling" ignored warning on boot with LE certs?

2023-02-16 Thread Maxim Dounin
inx packages[1] for an example. [1] http://hg.nginx.org/pkg-oss/file/tip/debian/debian/nginx.service -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Nginx won't build with xslt into static linked binary

2023-02-12 Thread Maxim Dounin
ibraries as well. For example, on FreeBSD static linking with libxslt requires "-static -lz -lm -llzma -lmd". Something like pkg-config --static libxslt might be a good starting point for full list of required libraries, assuming libxslt package information is properly installed.

Re: Use of upstream keepalive_time

2023-02-02 Thread Maxim Dounin
> > connection lifetime on connections which are mostly idle and > > therefore do not reach the "keepalive_requests" limit in a > > reasonable time. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Use of upstream keepalive_time

2023-01-20 Thread Maxim Dounin
re do not reach the "keepalive_requests" limit in a reasonable time. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: AW: nginx-1.23.3 on Win Server wth HTTPS

2023-01-18 Thread Maxim Dounin
nginx. What editor do you use? Is using another one and re-typing the directives) makes a difference? E.g., Notepad is usually available on Windows and does not seem to corrupt text files. [...] -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Unsafe AIO under FreeBSD?

2023-01-17 Thread Maxim Dounin
orresponding error in nginx error log at the "crit" level. The error will look like "[crit] ... aio_read("/path/to/file") failed (45: Operation not supported)". It should make it possible to find out what actually causes the error. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: load balancer the best way to solve

2023-01-13 Thread Maxim Dounin
ually happened. Alternatively, you may want to further dig into what happened with the requests by logging the $upstream_addr and $upstream_status variables (see https://nginx.org/r/$upstream_addr and https://nginx.org/r/$upstream_status for details). [...] -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: nginx ssl stream termination for MySQL backends

2023-01-07 Thread Maxim Dounin
or you, but rather a protocol-specific implementation is needed. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Where to compress text files and filter access

2022-12-29 Thread Maxim Dounin
I would recommend both. In particular, rules on the backend server will ensure that the access is denied where the file resides, making things safe even if the frontend servers is somehow bypassed. Rules on the frontend server ensure that requests are denied efficiently. -- Maxim Dounin

Re: website/admin behind my reverse proxy doesn't work

2022-12-29 Thread Maxim Dounin
GET /admin/ HTTP/1.1" 302 5 > "http://mywebsite.org/"; ... > [28/Dec/2022:23:54:33 +0100] "GET / HTTP/1.1" 499 0 "http://mywebsite.org/"; > ... In your nginx configurations no redirects are returned. Accordingly, it looks like redirects you are seeing

Re: Upstream service php-fpm is up and running but reports {"errors": {"status_code": 502,"status": "php-fpm server is down"}}

2022-12-21 Thread Maxim Dounin
Hello! On Tue, Dec 20, 2022 at 11:44:05PM +0530, Kaushal Shriyan wrote: > On Sat, Dec 17, 2022 at 3:48 AM Maxim Dounin wrote: > > > On Fri, Dec 16, 2022 at 11:53:40PM +0530, Kaushal Shriyan wrote: > > > > > I have a follow up question regarding the settings below in

Re: Upstream service php-fpm is up and running but reports {"errors": {"status_code": 502,"status": "php-fpm server is down"}}

2022-12-16 Thread Maxim Dounin
wn, nginx generates 502 (Bad Gateway) itself and returns it to the client. -- Maxim Dounin http://mdounin.ru/ ___ nginx mailing list nginx@nginx.org https://mailman.nginx.org/mailman/listinfo/nginx

Re: Upstream service php-fpm is up and running but reports {"errors": {"status_code": 502,"status": "php-fpm server is down"}}

2022-12-15 Thread Maxim Dounin
d therefore the configuration will always return 502. This matches your observations. An obvious fix would be to remove the configuration chunk in question. Instead, you probably need something like: error_page 502 /502.json; location = /502.json { return 200 '{"

Re: lmit_req with differents rules

2022-12-15 Thread Maxim Dounin
pauth; > proxy_pass http://internal.api.com; >} > } > > Would this be correct and should it work as expected? This is certainly supported, see http://nginx.org/r/limit_req for details. Note that it might be a good idea to add some meaningful "burst" to

Re: Certificate Error

2022-12-14 Thread Maxim Dounin
crt" instead of "domain.com.crt", this looks like the culprit. See http://nginx.org/en/docs/http/configuring_https_servers.html for some basic tips about configuring HTTPS servers. [...] > ssl_trusted_certificate ssl/domain.c

  1   2   3   4   5   6   7   8   9   10   >