the code in question was modified in freenginx to
address the issue reported by Kirill in the thread you are
replying to, and your patch won't apply, see
https://freenginx.org/hg/nginx/rev/c5623963c29e for details.)
[...]
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
tcp)) {
> +if ((flags & 0xf850) != 0x8000 || (trunc && tcp)) {
> ngx_log_error(r->log_level, r->log, 0,
>"invalid %s DNS response %ui fl:%04Xi",
>tcp ? "TCP" : "UDP&quo
00.
In most cases there should be additional details in the error log
explaining the reasons. If there aren't any, or reasons aren't
clear, it might be a good idea to dig further.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx
, including internally
generated 502/504 in ngx_http_upstream_finalize_request(), and
intercepted errors in ngx_http_upstream_intercept_errors().
Quick look suggests there will be also issues with caching errors
after proxy_cache_bypass (errors won't be cached even if they
should), a
Hello!
On Thu, Feb 15, 2024 at 04:31:49PM +0400, Roman Arutyunyan wrote:
> Hello,
>
> On Wed, Feb 14, 2024 at 08:59:10PM +0300, Maxim Dounin wrote:
> > Hello!
> >
> > As you probably know, F5 closed Moscow office in 2022, and I no
> > longer work for F5 sin
Will follow freenginx then.
> Thx.
Thanks.
Interesting term, never heard it before.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
myself.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Hello!
On Thu, Feb 15, 2024 at 03:24:59AM +0800, Jeffrey 'jf' Lim wrote:
> On Thu, Feb 15, 2024 at 1:59 AM Maxim Dounin wrote:
>
> > Hello!
> >
> > As you probably know, F5 closed Moscow office in 2022, and I no
> > longer work for F5 since then. Stil
://freenginx.org/
The goal is to keep nginx development free from arbitrary corporate
actions. Help and contributions are welcome. Hope it will be
beneficial for everyone.
--
Maxim Dounin
http://freenginx.org/
___
nginx mailing list
nginx@nginx.org
our terminal, and there is an FC byte instead. To
see what's there in fact, consider looking at the raw bytes in the
file name with something like "ls | hd".
Also, you can use nginx autoindex module - it will generate a page
with properly escaped links,
use
try_files, as simply serving static files is equivalent (unless
you specifically want to return 404 for directories).
That is, just
location /camp/ {
root "C:/.../clearwater";
}
would be (mostly) equivalent.
But, given that you want "/camp/camprental.p
bcdef0123456789abcdef0123456789abcdef0123456789abcdef
Since first 680 bytes of this "request" is actually the request body
of the previous request, the request line actually starts
somewhere in "0123456789abcdef0123..." bytes, and the meth
modules" under prefix, but you'll have
to use something different if you've modified --modules-path to a
custom value.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
using "large number of regex server_names" might be the best
solution available here. Requests are not required to be to the
same virtual server, and caching won't generally work.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx
for other tasks. Removing
uncompressed files usually makes sense only if amount of static
files is huge.
Hope this helps.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
happens, the response
headers are already sent, so $status contains 200 as sent to the
client.
For errors happened during sending the response body, consider
looking into the error log. Some generic information about
successful request completion migh
as a response to the
POST request itself (this is generally a bad practice, since it
will break page refresh and browser history navigation), consider
returning the file directly from your script instead of trying to
do an internal redirect.
--
Maxim Dounin
http://mdounin.ru/
___
roxy_ssl on;" to handle SSL/TLS with the backend
servers for you, see http://nginx.org/r/proxy_ssl for details.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
ps://nginx.org/en/docs/windows.html). Its main purpose is to
facilitate web development directly on Windows devices.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
umber
of requests per day from a legitimate user.
Note well that using "nodelay" (or "delay=N") is recommended with
such approach, see http://nginx.org/r/limit_req for details.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
from nginx.org without any 3rd party modules and/or patches and
testing if you are able to reproduce the problem.
[...]
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
;ve explicitly
enabled it in nginx configuration with the dav_methods directive
(http://nginx.org/r/dav_methods).
If you additionally want nginx without the DAV module compiled in,
recompile nginx without the "--with-http_dav_module" configure
option.
--
Maxim
nginx (which has to work with already established connections
at the application level). It might be a better idea to actually
introduce a firewall if you need such limits (or, rather, make it
possible to configure the one most likely already present).
--
Maxim Dounin
http://mdou
now
that https is being used.
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Connection "upgrade";
This shouldn't be used unless you intentionally configuring
WebSocket proxying.
> proxy_set_header Early-Data $ssl_early_data;
This is certainly not needed un
shed connections. Instead, firewall is
expected to be used for such tasks.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
for SSL
proxying. That is, corresponding values are only used when
proxy_pass is used with the "https" scheme.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
ration, can be implemented using internal
redirections, such as with "rewrite".
Note well that the proxy_buffering can also be controlled from the
backend via the X-Accel-Buffering response header.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
the server level instead, so it will be used for
both locations.
Just in case, looking into error log usually makes such issues
trivial to identify - nginx will complain if it cannot find a file
requested, and will show full path it tried to use.
Hope this helps.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
the PCRE2
library.
Thanks to ZhenZhong Wu.
*) Bugfixes and improvements in HTTP/3.
--
Maxim Dounin
http://nginx.org/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
esource being returned 1) contains some secret
information and 2) it reflects some user input. That is, it
certainly does not affect static files, and can be easily avoided
by masking secrets in dynamic pages, see
https://www.breachattack.com/ for details.
--
Maxim Dounin
http://mdounin.ru/
we've decided to implemented some additional
mitigations which will help nginx to detect such attacks and drop
connections with misbehaving clients faster. The patch to do so
was committed (http://hg.nginx.org/nginx/rev/cdda286c0f1b) and
will be available in the next nginx release.
odule" claim is
incorrect, see here:
https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
Hope this helps.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
it
> error free?
There are no known issues in nginx with ClientHello split between
packets (with all supported SSL libraries). And I would be very
much surprised if there are any, as this is indeed a very basic
thing TCP-based applications used to handle.
Such issues a
to mention that in many
practical cases total timeout on the request body reading cannot
be less than several hours, making such timeouts irrelevant.
For trivial in-nginx protection from Slowloris-like attacks
involving request body, consider using limit_conn
(http://nginx.org/r/limit_conn).
[...]
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
it possible to
activate debug logging only for a particular client
(http://nginx.org/r/debug_connection).
> 2. Also, is there a timeout for the whole request?
>
> (say request should be timed out if it is more than 15
> minutes)
No.
--
Maxim Dounin
http://mdounin.ru/
_
please help how to achieve SSL Cache? how to make sure the CPU is
> not high? Is there any reason why the CPU is high other than SSL Handshake.
As outlined above, most likely SSL session reuse to upstream
servers is already working properly in your setup.
Note though that SSL is generally costly, and you are using it for
both client connections and upstream connections. Depending on
the certificates being used, ciphers being used and so on costs
might vary, and there might be a room for improvement.
Hope this helps.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
without invoking the OOM Killer, that is:
worker_processes * worker_connections * (total amount of various
buffers as allocated per connection). If not, consider reducing
various parts of the equation.
Hope this helps.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
7;t want to see these messages, consider configuring error_log
logging level to a higher one, see http://nginx.org/r/error_log
for details.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
s automatically, and there is no need
to recover phase processing, so reading the request body is more
or less trivial. An example code can be seen in the development
guide:
http://nginx.org/en/docs/dev/development_guide.html#http_request_body
Hope this helps.
--
Maxim Dounin
http://md
Hello!
On Thu, Aug 31, 2023 at 03:45:18PM +0400, Sergey Kandaurov wrote:
> > On 29 Aug 2023, at 08:14, Maxim Dounin wrote:
> >
> > Hello!
> >
> > On Sat, Aug 26, 2023 at 04:21:07PM +0200, Jérémy Lal wrote:
> >
> >> Hi,
> >>
> >&g
Hello!
On Thu, Aug 31, 2023 at 03:45:06PM +0400, Sergey Kandaurov wrote:
> > On 31 Aug 2023, at 14:28, Maxim Dounin wrote:
> >
> > Hello!
> >
> > On Wed, Aug 30, 2023 at 04:20:15PM +0400, Sergey Kandaurov wrote:
> >
> >>> On 29 Aug 2023, at
Hello!
On Wed, Aug 30, 2023 at 04:20:15PM +0400, Sergey Kandaurov wrote:
> > On 29 Aug 2023, at 08:33, Maxim Dounin wrote:
> >
> > On Mon, Aug 28, 2023 at 08:59:28PM +0400, Sergey Kandaurov wrote:
> >
> >>> On 26 Aug 2023, at 18:21, Jérémy Lal wrote:
stcgi_process_header(ngx_http
> }
>
> u->headers_in.status_n = status;
> - u->headers_in.status_line = *status_line;
>
> } else if (u->headers_in.location) {
> u->headers_in.status_n = 302;
I don't think it's a good idea, since this always drops the
reason phrase provided by the upstream server. It can contain
some meaningful information which will be lost as a result, most
notably for non-standard error codes.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
for the nginx behaviour, I don't think we want to try to
implement custom parsing for the Status header to preserve
trailing SP if it's present. We can, however, consider using
only the status code from such Status headers, so nginx will
provide reason phrase by itself.
Something like t
in HTTP/3.
--
Maxim Dounin
http://nginx.org/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
proxy_request_buffering off;" and appropriate limits on
the backend side (see https://nginx.org/r/proxy_request_buffering
for details). This might not be a good solution though, since in
most cases keeping connections on nginx side is way cheaper than
passing them to backends.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Hello!
On Thu, Jul 13, 2023 at 03:08:19PM -0300, Fabiano Furtado Pessoa Coelho wrote:
> Hello...
>
> On Wed, Jul 12, 2023 at 9:37 PM Maxim Dounin wrote:
> >
> > Hello!
> >
> > On Wed, Jul 12, 2023 at 06:40:21PM -0300, Fabiano Furtado Pessoa Coelho
> >
guration directives. Note the example in the documentation
(http://nginx.org/r/load_module):
load_module modules/ngx_mail_module.so;
This example assumes the default "--modules-path", so modules are
installed into the "modules" directory under prefix.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Hello!
On Fri, Jun 30, 2023 at 01:24:18PM -0300, Fabiano Furtado Pessoa Coelho wrote:
> Hello Maxim...
>
> On Thu, Jun 29, 2023 at 7:00 PM Maxim Dounin wrote:
> >
> > Hello!
> >
> > On Thu, Jun 29, 2023 at 04:29:39PM -0300, Fabiano Furtado Pesso
"proxy_intercept_errors" handling does not copy any response
headers from the original response (the only exception is
WWW-Authenticate for 403 responses).
If you want nginx to copy some headers, consider doing it yourself
with the $upstream_http_* variab
nvalid response. Check nginx debug logs and/or tcpdump for more
details (and probably some hints on how to fix your upstream
server).
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
;temporary) flag. Check
your code to see if the buffer flags are set correctly, it looks
like they aren't.
See
http://nginx.org/en/docs/dev/development_guide.html#buffer
for basic information about memory buffers and some basic
examples. For additional information, check nginx code.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
2 server push support has been removed.
*) Change: the deprecated "ssl" directive is not supported anymore.
*) Bugfix: in HTTP/3 when using OpenSSL.
--
Maxim Dounin
http://nginx.org/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
r example, you can make
one with the stream module, see here for details:
http://nginx.org/en/docs/stream/ngx_stream_proxy_module.html
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Hello!
On Sun, Jun 04, 2023 at 07:30:40AM +1000, Jore wrote:
> Hi there,
>
> Thanks for getting back.
>
> On 4/6/23 3:16 am, Maxim Dounin wrote:
>
> > Hello!
>
> […]
>
> > The "^~" location modifier is for prefix-match locations to prevent
for details. If you want to use a
regular expression, you have to use the "~" modifier instead.
That is, proper configuration will look like:
location ~ ^/browser/.*/welcome/welcome.html$ {
# URI matches given regular expression
...
}
locati
Changes with nginx 1.25.023 May 2023
*) Feature: experimental HTTP/3 support.
--
Maxim Dounin
http://nginx.org/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
mporary workaround, this will likely
prevent (at least some) clients from rejecting such invalid
responses. Note though that this is, uhm, a workaround, and
proper solution is to fix the upstream server.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
s://developer.chrome.com/blog/removing-push/). Removing
HTTP/2 Server Push support is also planned sometime during nginx 1.25.x
development cycle.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
is, it's not going to work with neither SSL termination, nor
SSL preread, and needs an implementation of the Postgres protocol.
[...]
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
lines with the same name, as done in
nginx 1.23.0. The particular commit is:
http://hg.nginx.org/nginx/rev/2bf7792c262e
The particular modification isn't in the change log as the
upstream response in question is obviously invalid and should
never be accepted in the first place, and the
ed on the systemd side.
Unfortunately, I'm not familiar with systemd-nspawn and have no
idea how to do it properly and if it's at all possible.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
resolver 127.0.0.53 valid=10s;
set $upstream "http://container";;
proxy_pass $upstream;
Note though that there should be an actual DNS name which can be
resolved with the DNS server configured with the "resolver"
directive. The "container could not be resol
etails about memory pools:
http://nginx.org/en/docs/dev/development_guide.html#pool
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
are
ignored by the code iterating over the list.
If you need something more dynamic in your code, ngx_list_t might
not be the right structure to use. Something like ngx_queue_t or
ngx_rbtree_t might be a better choice.
--
Maxim Dounin
http://mdounin.ru/
Changes with nginx 1.24.011 Apr 2023
*) 1.24.x stable branch.
--
Maxim Dounin
http://nginx.org/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
it might be a good idea to reconsider the setup
you are using.
Hope this helps.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
h code 400.
*) Bugfix: messages about logging to syslog errors did not contain
information that the errors happened while logging to syslog.
Thanks to Safar Safarly.
*) Workaround: "gzip filter failed to use preallocated memory" alerts
appeared in logs when using zlib-ng.
*) Bugfix: in the mail proxy server.
--
Maxim Dounin
http://nginx.org/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
Hello!
On Mon, Mar 27, 2023 at 09:57:34PM +0400, Sergey Kandaurov wrote:
> > On 24 Mar 2023, at 06:07, Maxim Dounin wrote:
> >
> > Hello!
> >
> > On Thu, Mar 23, 2023 at 09:33:19PM +0100, Richard Stanway via nginx wrote:
> >
> >> Yes, when using
foreign host.
As you can see from the telnet output, the
Access-Control-Allow-Origin is properly added. If you are seeing
a different behaviour, you may want to recheck the value actually
being used. If it is indeed "0", and not an empty stri
indow bits will be
adjusted to 13).
Please try the following patch, it should help with recent versions:
# HG changeset patch
# User Maxim Dounin
# Date 1679622670 -10800
# Fri Mar 24 04:51:10 2023 +0300
# Node ID 67a0999550c3622e51639acb8bde57d199826f7e
# Parent d1cf09451ae84b930ce
https://mailman.nginx.org/pipermail/nginx-devel/2013-March/003477.html
>
> Given that it is a known issue and it has not been addressed I don't expect
> it
> to be supported by nginx out of the box but may be there are 3rd party
> patches
> for this I can try?
I'm
?
The error is somewhat expected: you are trying to connect to
non-SSL port using SSL, and this is expected to fail.
You should either configure SSL on the backend, or change proxying
to use the "http" protocol instead.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
er_size to 4k, Something for Saint to try out.
I don't think it's related. The issue you are seeing is very
specific to some broken OpenSSL development builds, and shouldn't
appear anywhere else.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
> <http://win10-web-svr.dreamstone.com>", referrer:
> > "https://win10-web-svr.dreamstone.com/
> > <https://win10-web-svr.dreamstone.com/>"*
The error suggests there is a bug in the SSL library you are
using. What does "nginx -V" show?
(IIRC, there w
from "location /",
and let nginx do it's job.
[...]
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
issues impossible to debug, and is generally
not recommended - unless you have good reasons to implement
something like this. Instead, I would recommend using normal
request processing and let nginx to normally return files under
the document root and reject requests to non-existing files.
Hop
ify at least "location /",
even if it's empty.
While not specifying any locations mostly works, this causes nginx
to process requests in the "server location", which was originally
introduced as a purely technical one. Trying
ows that
logging is properly configured, as nginx will log some
notice-level messages at start.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
ntify exact files being requested, so
you'll be able to check them manually, as will contain exact error
code, so it will be possible to identify various permission
issues.
Hope this helps.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
m OK
>
> Short of this, what is the $variable name for the last file for the
> log format in nginx? pointer(s) appreciated.
I don't think it's possible to obtain such a list of files in a
variable.
--
Maxim Dounin
http://mdounin.ru/
_
x27;t, nobody
will be able to do it, unfortunately.
The most basic thing I would recommend in the first place is to
look into nginx error log, it is likely to contain important
information if something goes wrong.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
ginx. It should contain
"After=" and "Wants=" clauses with "network-online.target", see
http://hg.nginx.org/pkg-oss/file/tip/debian/debian/nginx.service
for an example.
--
Maxim Dounin
http://mdounin.ru/
___
n
p order. This
should also fix other potential issues, such as non-working DNS
resolution during nginx startup.
On the other hand, if it works for you, it's probably good enough.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@ngi
r wait
service, see [1]).
- Reconfigure nginx to listen on the wildcard address instead, so
it won't try to bind on IP addresses not yet available when it
starts.
Hope this helps.
[1] https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
inx packages[1] for an example.
[1] http://hg.nginx.org/pkg-oss/file/tip/debian/debian/nginx.service
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
ibraries as well. For example, on FreeBSD static
linking with libxslt requires "-static -lz -lm -llzma -lmd".
Something like
pkg-config --static libxslt
might be a good starting point for full list of required
libraries, assuming libxslt package information is properly
installed.
> > connection lifetime on connections which are mostly idle and
> > therefore do not reach the "keepalive_requests" limit in a
> > reasonable time.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
re do not reach the "keepalive_requests" limit in a
reasonable time.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
nginx.
What editor do you use? Is using another one and re-typing the
directives) makes a difference? E.g., Notepad is usually
available on Windows and does not seem to corrupt text files.
[...]
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
orresponding error in nginx error log at the "crit" level.
The error will look like "[crit] ... aio_read("/path/to/file")
failed (45: Operation not supported)". It should make it possible
to find out what actually causes the error.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
ually happened. Alternatively, you may want to
further dig into what happened with the requests by logging the
$upstream_addr and $upstream_status variables (see
https://nginx.org/r/$upstream_addr and
https://nginx.org/r/$upstream_status for details).
[...]
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
or you, but rather a
protocol-specific implementation is needed.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
I would recommend both. In particular, rules on the backend
server will ensure that the access is denied where the file
resides, making things safe even if the frontend servers is
somehow bypassed. Rules on the frontend server ensure that
requests are denied efficiently.
--
Maxim Dounin
GET /admin/ HTTP/1.1" 302 5
> "http://mywebsite.org/"; ...
> [28/Dec/2022:23:54:33 +0100] "GET / HTTP/1.1" 499 0 "http://mywebsite.org/";
> ...
In your nginx configurations no redirects are returned.
Accordingly, it looks like redirects you are seeing
Hello!
On Tue, Dec 20, 2022 at 11:44:05PM +0530, Kaushal Shriyan wrote:
> On Sat, Dec 17, 2022 at 3:48 AM Maxim Dounin wrote:
>
> > On Fri, Dec 16, 2022 at 11:53:40PM +0530, Kaushal Shriyan wrote:
> >
> > > I have a follow up question regarding the settings below in
wn, nginx generates 502 (Bad Gateway) itself and
returns it to the client.
--
Maxim Dounin
http://mdounin.ru/
___
nginx mailing list
nginx@nginx.org
https://mailman.nginx.org/mailman/listinfo/nginx
d therefore the
configuration will always return 502. This matches your
observations.
An obvious fix would be to remove the configuration chunk in
question.
Instead, you probably need something like:
error_page 502 /502.json;
location = /502.json {
return 200 '{"
pauth;
> proxy_pass http://internal.api.com;
>}
> }
>
> Would this be correct and should it work as expected?
This is certainly supported, see http://nginx.org/r/limit_req for
details.
Note that it might be a good idea to add some meaningful "burst"
to
crt" instead of "domain.com.crt", this
looks like the culprit.
See
http://nginx.org/en/docs/http/configuring_https_servers.html
for some basic tips about configuring HTTPS servers.
[...]
> ssl_trusted_certificate ssl/domain.c
1 - 100 of 1063 matches
Mail list logo