t involved. That
might help point at the problem, and see whether the solution is in
nginx or elsewhere.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
ne to get past
> this?
# is usually not included in a url that is sent in a request to a web server.
Can you describe what you want to achieve, and what you are currently doing?
Perhaps that will make clearer how to make it happen.
Cheers,
f
--
Francis Dalyf
at all?
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
to look to prove that nginx is
or is not at fault :-)
> Right, it turns out nginx was working correctly, and the real problem is
> somewhere in the web framework I am using.
Good luck getting the problem fixed.
Cheers,
f
--
Francis Dalyf
h.
In nginx terms, that's auth_request -- http://nginx.org/r/auth_request
If we can understand where in the sequence things fail first, maybe it
will be clearer what needs to change in order to get things to succeed.
Cheers,
f
--
Francis Dalyfran...@daoine.org
_
ndows-server/;";
in your case.
And hopefully the part with the # in the client-side url Just Works for
you too.
Glad you got it working,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
say which location{} was chosen.
Or adding something like
return 200 "Location No. 9\n";
to each location{} block may be a short-term thing to confirm that you
configured nginx the way you wanted to configure nginx.
f
--
Francis Daly
; if you
must use some of those, then you may be much happier using a different
product to do the reverse-proxying.
Both "haproxy" and "nginx plus" appear to have some reports of being
made to work.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
__
43 listener-server block that does ssl and redirects to
https://example.com:8080. Or, probably, change the current 443
listener-server block to redirect to https://example.com:8080 instead
of to http://example.com.
f
--
Francis Dalyfran...@daoine.org
n manipulate
and compare those variables as is appropriate for your situation.
Specifically: in an SNI-only server, if $host is not the same as
$ssl_server_name, something funny is going on.
f
--
Francis Dalyfran...@daoine.org
___
nginx
mately: for each server, run one nginx as
user this-server-user, listening on a unix domain socket. Then run one
nginx initially as user root, which does proxy_pass to the appropriate
unix-domain-socket-server.)
Have I missed something; or are you asking how to do it; or are you
asking why
ith the configuration that it was given.
If you are running multiple nginx system-level processes, each one has
its own idea of the virtual hosts from its configuration. With the above
design, all of the "user" nginx instances have just one server{} block,
while the "root&qu
HP script
and fastcgi server allow them to do. nginx is not involved except as
(probably) an initial pass-through tunnel.
If userP has access to turn off your fridge or reconfigure your nginx-main
or send a million emails or read secret files on your filesystem, then
the outsider will probably have access to do those things too.
Only you can decide what level of risk you're happy with.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
sumed
that it was good enough because other people were using it.
I'm happy to use nginx for my purposes.
One nginx which can read all relevant static files, plus one fastcgi
server for each php application that I don't want to fully assess,
is enough for me.
>I reckon the information gathered so far put me in a quite good
>position, doesn't it?
I hope so.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
odule is not available in the
nginx being used.
For a dynamic module, you must "load_module" it
(http://nginx.org/r/load_module) to let nginx know that you want to use
this module.
f
--
Francis Dalyfran...@daoine.org
___
nginx ma
meone has any suggestion?
sub_filter_types does not read variables. If you set the type to the
string "$subfilter_allowed_content_type", sub_filter might take effect. (I
haven't tested, since it is not a useful case, I think.)
f
--
Francis Dalyfran...@daoine.org
_
sh service actually returns. From
your example, you may want
proxy_pass / /mesh/;
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
asonable not to make those available externally.
Cheers,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
e name $document_root/index.php?$args (expanding the
two variables) exist? If not, processing will continue until the uri or
=code at the end of the argument list.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
On Tue, Nov 13, 2018 at 08:30:08PM -0500, petecooper wrote:
> Francis Daly Wrote:
Hi there,
> I think my question could perhaps be
> worded: is there a `try_files` option where I can have $uri, then $uri/,
> then `index.php` and finally `=404` if all else fails.
I believe "no
ed; but might resolve the
immediate issue.
Cheers,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
ouble-quotes\n"; }
location ~ 'z' { return 200 "match single-quotes\n"; }
and then make requests that include x, y, and z, and see if they are
each processed in the location that you expect they should be.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
ree of the four above.
(Alternatively: set $no_cache to 0 by default, and to 1 based on requests
that you are happy to potentially have served from the cache.)
> proxy_cache artifactory_cache;
> proxy_cache_bypass $no_cache;
>
was set to 1 previously, it will keep that
value. If $no_cache was not set previously, nginx will check the map,
and now potentially set $no_cache to 0.
That is why your "proxy_no_cache" sees a different value depending on
whether "proxy_cache_b
among other things) a reverse proxy
server. They are different things.
If you want an easy proxy, you'll be much happier starting with something
that is built to do that task.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing
t do you want nginx to store in the cache,
and what should nginx send to the client?
same request from client to nginx; it is in the cache. What should nginx
send to the client?
The answer to that might make your question clearer.
Thanks,
f
--
Francis Daly
uld avoid doing anything with the nginx cache; and all of the
"header generation" logic would be on the upstream server.
And it might be simpler than patching nginx, if that is what is necessary.
Cheers,
f
--
Francis Dalyfran...@daoine.org
s there is something there that caused the decoding,
that can be changed.
Possibly you can use something like "tcpdump" to see the actual requests,
if the logs do not show the details.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
1:8090;
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
ething.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
You have one "/" in your config that should not be there.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
#x27;s
> going on.
You can continue to use fastcgi_split_path_info to set some variables.
For uwsgi, you will need some uwsgi_param directives.
You may want to edit whatever default "include" file you use, or perhaps
write the directives directly.
You will want to know
8091;
location / {
return 200 "request: $request; userAccount: $http_useraccount\n";
}
}
==
$ curl -H userAccount:abc http://127.0.0.1:8090/xyz
request: GET / HTTP/1.0; userAccount: abc
f
--
Francis Dalyfran...@daoine.org
ilar curl command that goes to your nginx that "fails"?
Perhaps you can get your upstream server to show exactly what it gets
in both cases, and you can spot the difference between the two.
f
--
Francis Dalyfran...@daoine.org
ame way that the
nginx request fails, that may point at the nginx config changes that
will allow the nginx request succeed.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.ngin
mailarchive.
Cheers,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
v_id ever appear outside of the query string, where a "location"
could match it? If so, you may want to use $request_uri instead of $args.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
what request do you make to fetch your rss xml file?
Do things change if you move the "root" directive out of the "location"
block so that it is directly in the "server" block?
f
--
Francis Dalyfran...@daoine.org
___
rent if you have regex locations in
the config.)
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
That part of your system is probably not nginx-provided C-code.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
reted as a url, will be interpreted the way
you want it to be. If the internal servers do not make that easy, it
will probably not be easy for you.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
two server{} blocks will be
very similar. So either the "if" part should be in both servers, or in
neither server. If your single-server config includes it, it should be
included in the multi-server config too.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
404. With my config, your browser should get a redirect to
/site1/dir/, which has a chance of working.)
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
ever
> set $no_trailing_slash "http://172.31.17.123:8080";;
> #proxy_pass $no_trailing_slash; #spins forever;
Do you see a difference between using "proxy_pass $no_trailing_slash;"
and "proxy_pass http://172.31.17.123:8080";?
f
--
Fr
ing { proxy_pass http://devserver; }
You need to decide what requests you want nginx to send to the upstream
devserver, and configure location{}s accordingly.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mail
It is not nginx's job to edit the response body to change a link to /other
into a link to /A/other. Instead, if serverA wants to be reverse-proxied
to a sub-url, it is serverA-and-the-author's job to ensure that the
response body contains a link to "other" or to "../other&qu
ys be empty and so will not limit
anything; "off" is a string to use as the zone name, "32k" is the
minimum size allowed on my test machine (8x page size), and the "rate"
is something that is odd enough that you will hopefully recognise if if
things go wrong, and this *
aram2
I think "no", using just stock nginx config.
However -- is it acceptable to post-process the log file?
tr '&' '\n' < access.log
is one way to see what you want, without changing what nginx logs.
f
--
Francis Dalyfran...@daoine.or
ro.
If you do not know whether the upstream content has changed or not,
perhaps you could set a short "expiry" time within nginx, and use
proxy_cache_revalidate to "refresh" the validity without re-fetching
the content?
Good luck with it,
f
--
Francis Dalyfra
revious configuration file
name is the one that uses it.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
On Sun, Feb 10, 2019 at 10:21:22PM -0500, nevereturn01 wrote:
Hi there,
> Thanks for your suggestions.
> The rule seems to work.
Good to hear that it is working for you :-)
Cheers,
f
--
Francis Dalyfran...@daoine.org
___
the nginx access_log
say about the matching request?
If it does not correspond to your nginx server -- there is probably
another thing that needs fixing first.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing l
at any string that the browser might interpret as a url,
will expand to the url that you want it to be.
By that, I mean that if the response from http://www.example.com includes
an "img src" of "/image.png" that gets back to the browser, what request
will the browser make for t
fers value in anyway has any
> affect on nginx ?
My reading of http://nginx.org/r/proxy_buffering suggests that
proxy_buffers will not be used for that request.
All the best,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
k seeing if you
can find the code that Internet Archive's memento proxy uses.
I suspect that it is not "merely" clever nginx config; but it may give
you an idea of the kind of things you will need to do in your version.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
onnection forwarded to a
> LAN IP.
>
"TCP" suggests "stream", which knows about an IP address and a TCP port.
"location" and "subdomain" (host name) are features of http requests.
Can you rephrase your request in the light of that? If so, perhaps t
he connection proxied to
10.45.2.2:10101.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
the safest way to
avoid external misconfiguration.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
in the docs, and make sure
you understand "map" and the content of the $ssl_preread_server_name
variable. That will probably help you come to a working config more
reliably.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
]+)/?$ https://ex2.org$1/ permanent;
would only redirect requests of the form /word or /word/
Note in particular:
a request for /foo/?id=7 will be redirected to /foo/?id=7, and not to /?id=7.
So that does not match your third requirement as-stated.
(I suspect that you want it to go to
.0.0.3;
remote: 127.0.0.1;
real: 127.0.0.1;
geo one;
Have I misunderstood what you are doing?
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
e: header in the response from upstream to nginx?
If you do not, your nginx config will not make a difference.
If you do see it in the response from upstream to nginx, and do not see
it in the response from nginx to the client, then there is something
interesting going on.
f
--
Fra
x.x.x.x
and which lines show the real client IP address?
That might help show what the actual incoming requests look like.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
ly the
simplest config would be not to configure things specially, and just
let the client decide what they want to download by using their "save
link as" feature.
I hope this points you in the right direction.
Cheers,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
f
that header comes in a request from nginx.)
I do not know if the suggested haproxy config is possible.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
tes_received '
> '$session_time "$upstream_addr" '
> '"$upstream_bytes_sent" "$upstream_bytes_received"
> "$upstream_connect_time"';
> ...
> }
Switch the order of those directives and it shoul
xtra "nice-to-have", rather than a requirement,
of course.
Cheers,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
or me -- I get 429 in access.log.
Can you show a small but complete config file and test requests that
demonstrate the problem?
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
r you, add it to the place that creates (or
causes to be sent to the client) the "Set-Cookie" http response header.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
rse-proxy in front of both.
With that, you would need some way of knowing which requests correspond
to which back-end server, while using the same server name.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.or
/nginx/conf/nginx.conf test is successful
looks correct to me as-is; as does
$ sbin/nginx -p
nginx: option "-p" requires directory name
Thanks,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://m
you use @fastcgi anywhere else in your
config, this change will break that. In that case, if the test succeeds,
you can change things so that everything still works.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
d the response you get? "curl -v"
is probably good to use.
When I try something similar, just using an "echo" fastcgi script,
I get the expected http response and content for GET, POST, and OPTIONS.
Tested against nginx/1.14.0.
f
--
Fran
stick with the single variable.)
With this second option, you could also choose to move the "if($new)"
stanza outside of "location /", and have it at server level. I don't
think it is necessary; but it might be more efficient, depending on the
fraction of requests that set the
see a problem, there is not a problem that you
looked for.
If you don't measure, then there is not a problem that you care about.
Good luck with it!
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
if it came from this web server); while for tcp or udp
("stream"), nginx acts as a proxy (packet forwarder, with rewritten
source/destination).
That summary is incorrect, but hopefully close enough to allow you to
gauge what might be doable.
Good luck with it,
f
--
Francis
at, depending on your config, the thing that sets
$geoip_country_code and the thing that sets $lan_ip may not be reading
from the same value. So you'll probably want to make sure that they do,
for consistency.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
and obviously-documented way that this specific
problem could be auto-avoided or -alerted. Today, you probably don't
need that work done, because you will remember to check for semi-colon
if you ever see the same problem again.
Great that you found and fixed the problem in
put in your config.
Cheers,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
the same as what is shown in the "server"-level configuration.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
uu5NsagF0hA_Z-OQg&expires=2147483647'
(with &, and with the whole argument shell-quoted in '')?
Cheers,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
are neither the ssl client nor the ssl server, the
whole point of ssl is that you cannot see the plaintext.)
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
xy_set_header Host, the proper way to send it as "bugzilla.example.com"
> so that Apache sees it coming on that server name to activate the correct
> vhost?
Yes, unless you share https certs on the same IP:port; in which case
you need the extra config.
Good luc
quest url".
Cheers,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
guration (page 8000 to 80):
>
> https://unix.stackexchange.com/questions/518085/accessing-nginx-behind-a-virtual-server-looses-port-number/518183?noredirect=1#5181833
to go to port 8000 instead of port 80.
Untested by me, but it looks like it should work.
Good luck testing it!
response from that.
Instead of automatic redirects going to http://name:port/place, they would
just go to /place, and let the clients assume that the http://name:port
part matches what the original url had.
Good luck with it,
f
--
Francis Daly
st who has the same problem in the
future, when that other web site has been edited or removed.
Thanks,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
x the general case,
but that might not matter for your specific case.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
stay
on that one. That may not matter in this case.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
seful, if the IP address associated with def.com runs https
services that require SNI.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Does it use a single cert with multiple Subject Alternate Names; or does
it use individual certs and SNI?
Do you see what you expect when you run from Server1:
curl -v -k -H Host:def.domain.com https://1.1.1.1/abc
and
curl -v -k -H Host:def.abc.com https://1.1.1.1/abc
?
f
--
Fra
an you show one request
that you make that does not give the response that you want?
Perhaps there is something unexpected in the way that the md5sum in the
link is generated or calculated.
f
--
Francis Dalyfran...@daoine.org
uest URL:
> http://86.180.184.242/hls/justin-timberlake/Justin_Timberlake_640_360_600.m3u8
> Request Method: GET
> Status Code: 403 Forbidden
That is what you configured your nginx to do, so it looks like it is
worked as implemented -- but presumably not as desired.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
module.
But you should probably start with what you want to achieve; and then
see whether secure_link is the right answer. And then the mechanics of
configuring nginx to do what you want can be sorted out afterwards.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
@error_ssl_495;
Untested by me here, but
http://nginx.org/r/error_page
shows that you can add another argument with "=" to set the response code,
or to change to the response code that the uri returns.
Cheers,
f
--
Francis Daly
$arg_expires;
secure_link_md5 "enigma$hls_uri$secure_link_expires";
if ($secure_link = "") { return 403; }
if ($secure_link = "0") { return 410; }
proxy_pass http://s3test.s3.amazonaws.com;
}
}
Adjust to fit the rest of your requir
ylist.m3u8 and advertise that.
Note that I have not tested any of this; so if you do get a
confirmed-working config, I'm sure the list will be happy to see it for
future reference.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
;\n";
to see what values the variables have when you are testing.
You can use "curl" to make a test request and see whether the response
is what you expect.
Good luck with it,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
of $one, in
this case.
So - it is the regex engine that sets the value of $one (and $the_time,
etc); and then "map" sets the value of $the_md5 to the current value
of $one.
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
hat will make it clearer what configuration is appropriate.
Cheers,
f
--
Francis Dalyfran...@daoine.org
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
1 - 100 of 1833 matches
Mail list logo
