Re: Odd behavior

Is your web server on the internet? If so then see what redbot shows. It’s an amazing tool to debug nuanced http issues Sent from my iPhone > On Oct 9, 2019, at 1:52 AM, Ken Wright wrote: > > Sorry to be taking up so much bandwidth lately, but I'm seeing some > weird behavior from nginx. > >

Re: Per IP bandwidth limit

Why do you want to do this at all? What is the real underlying problem that you are attempting to solve? > On Nov 11, 2019, at 8:29 AM, Kostya Velychkovsky > wrote: > > I use Linux, and had a bad experience with Linux shaper (native kernel QoS > mechanism - tc ), it consumed a lot of CPU an

Re: Nginx pre-configured test environment with all scenarios

Why are you doing an nginx POC? To be blunt, nginx is the most powerful, flexible web server/reverse proxy/application delivery software product that exists. If it has an obvious competitor it’s the F5 BigIP LTM/WAF device - and F5 owns nginx. So what does this mean? It means that if you don’t

Re: Is this an attack or a normal request?

I agree with the advice already given It can also be useful to track the User-Agent header of web requests - both to understand who is trying to do what to your website, and then to start blocking on the basis of user agent. There may be some bots and spiders that are helpful or even necessary f

Re: Nginx proxy_bind failing

Gary, This was interesting to read. There was one thing that wasn’t obvious to me however. What was the high level problem that you were solving with this specific configuration? Curiously Peter Sent from my iPhone > On Oct 30, 2020, at 3:16 PM, garyc...@yahoo.com > wrote: > > All: >

Re: least_conn not working for me

From a shell on your nginx host you can run something like netstat -ant | egrep “ESTAB” to see all the open TCP connections. If you run your command line with watch you will see it update each two seconds, etc .. FWIW A long time ago I did a bunch of experiments with different load balancer str

Re: performance test caps at 600Mbit/s [nginx Digest, Vol 87, Issue 7

You said that your test case peaks at 600Mbit/sec. Your first step should be to bisect the problem, to see if you're limited by your hardware+OS or your test + nginx configuration. Easiest way is to install solarflare's free network test utility from the support section of their website. Aft

Re: upstream timeouts I can not explain

All hosts have characteristic stalls and blips but the scale of this issue can vary 100x depending on is configuration. You can get some data about these stalls using solar flare's sysjitter utility or Gil Tene's jhiccup. Sent from my iPhone On Jan 10, 2017, at 12:46 PM, Руслан Закиров wrote:

Re: nginx cache mounted on tmpf getting fulled

I'm curious, why are you using tmpfs for your cache store? With fast local storage bring so cheap, why don't you devote a few TB to your cache? When I look at the techempower benchmarks I see that openresty (an nginx build that comes with lots of lua value add) can serve 440,000 JSON responses p

Re: How to log internal location evaluation

You can get all that and a lot, lot more if you build a debug enabled version of nginx Sent from my iPhone > On Jan 19, 2017, at 11:49 AM, Nikolaos Milas wrote: > > Hello, > > I am running nginx 1.10.2 on CentOS 6. > > I am trying to configure a new (virtual) website and I am having problems

Re: How to log internal location evaluation

I've always had to configure and build debug versions myself - and usually I want them to coexist in parallel with an existing production nginx install. But this link suggests otherwise: http://nginx.org/en/docs/debugging_log.html You'll be overwhelmed by the volume of output. It gave me a real

Re: Cache based on custom header

Yes you can. For some subtle custom cache logic I needed to use openresty, which is an nginx bundle that adds a lot of customization points. Sent from my iPhone > On Feb 8, 2017, at 5:47 PM, Chad Hansen via nginx wrote: > > I use nginx as a reverse proxy, and upstream clients have a need for m

Re: nginx cache mounted on tmpf getting fulled

s like latencies for the popular resources - which is what you want to maximize performance across your entire site. This is another example of why with issues of web performance, its usually better to test theories than to rely on logical reasoning. Peter Booth > On 16 Jan 2017, at

Re: Balancing NGINX reverse proxy

So I have a few different thoughts: 1. Yes nginx does support SSL pass through . You can configure nginx to stream your request to your SSL backend. I do this when I don't have control of the backend and it has to be SSL. I don't think that's your situation. 2. I suspect that there's something

Re: blank page cached ONLY for homepage URL on Wordpress when using keyword monitoring

Seth, It's actually very easy to reproduce this issue - from a browser request http://musikandfilm.com/?a=b and you will see it. There are a couple of low level tools that expose some possible issues. If you email me directly I can talk about this in more detail. Try peter underscore booth at

Re: Can you migrate a web app available via '/' to a proxied sub-URI without modifying the web app?

There's "can you?" and there's "should you?" My attitude is that life is short, so I want to avoid building any opportunities to break. Imagine that you deploy your N web apps. There can be a real value in being able to access the web app directly when debugging, and avoiding the web server lay

Re: Occasional successful upstreamed requests that don't get picked up

Ryan, What is the topology of the system that you are describing? You mention kong/nginx, an upstream host, a load balancer, clients ... Are the load balancers hardware or software devices? Is kong nginx simply forwarding to a load-balancer VIP that fronts multiple upstream sy

Re: WordPress pingback mitigation

Wow- I really like the sound of naxsi. In the past I've used F5's ASM, the WAF built on their big-ip platform. It was powerful though prone to false positives. I don't believe there are any real shortcuts that allow you to build an effective waf without understanding the details of your own webs

Re: "server" directive is not allowed here error

FWIWI have never understood the desire to have nginx configuration spread across multiple files. It just seems to invite error and make it harder to see what is going on. Perhaps if I worked for a hosting company I’d feel differently but on the sites that I have worked on, even with quite compli

Re: [nginx logging module]$Request_time almost show 0.000 with proxy cache configuration

This might not be a bug at all. Remember that when nginx logs request time it's doing so with millisecond precision. This is very, very coarse-grained when you consider what modern hardware is capable of. The Tech Empower benchmarks shwo that an (openresty) nginx on a quad-socket host can server

Re: block google app

From experience this stuff is a lot harder and more nuanced than it might seem. Google's agents are well behaved and obey robots.txt. The last high traffic website I worked on had over 250 different web spiders/bots scraping it. That's 250 different user agents that didn't map to a "real" browse

Re: proxy_cache and X-Accel-Redirect

I've found that the easiest , most accurate way of diagnosing cache related issues is to use the incredible rebot.org service. If you can point redbot at your nginx, and also at your back end, it will identify anything that prevenst the resource being cacehable. If your website isnt visible fro

Re: proxy_cache and X-Accel-Redirect

David, Are the backend resources actually dynamic / created on demand, or are they "real" files that exist on a slow file system? Peter Sent from my iPhone > On Jun 27, 2017, at 12:56 PM, deivid__ wrote: > > I mistakenly typed redirect to /nfs because it redirects to /converted which > has a

Re: Proxy_cache_key based on custom header

I had best caching experience when I started using the openresty nginx bundle. It's a build of nginx that contains a bunch of Lua modules that make it a lean application server. With that I could create cache keys that exactly matched my (complex) business requirements Sent from my iPhone > O

Re: ngx_http_sub_module causes requests to hang on a simple match.

What happens if you simplify the match string to only contain characters? Something like >> sub_filter 'xxx' 'yyy'; Can it ever do a substitute? Sent from my iPad > On Jul 2, 2017, at 8:26 AM, Valentin V. Bartenev wrote: > >> On Friday 30 June 2017 22:14:55 ptcell wrote: >> I've built with

Re: Nginx Tuning

What is your ultimate goal here? What are you wanting to prevent? Sent from my iPhone > On Jul 4, 2017, at 4:01 AM, guruprasads wrote: > > Hi, > > I am trying to tune nginx server. > I want to restrict number of client connection per server and restrict > bandwidth. > I tried > worker_connect

Re: Is there a module that can prettify the page output before it is send to the requesting client?

Depends on your definition of pretty and what you want to achieve. Are you looking for pretty for a human reader or for a browser? Google's pagespeed module comes in both apache and nginx flavors and applies a bunch of page optimization transformations to the page and embedded resources. I've s

Re: NGINX stale-while-revalidate cluster

You could do that but it would be bad. Nginx' great performance is based on serving files from a local Fisk and the behavior of a Linux page cache. If you serve from a shared (nfs) filsystem then every request is slower. You shouldn't slow down the common case just to increase cache hit rate. S

Re: NGINX stale-while-revalidate cluster

gt;> It’s not possible to share a cache across instances by using a shared >> filesystem (e.g. nfs). >> >> --- >> o...@nginx.com >> Skype: owen.garrett >> Cell: +44 7764 344779 >> >>> On 7 Jul 2017, at 14:39, Peter Booth wrote: >>>

Re: NGINX stale-while-revalidate cluster

uest that arrive to Server 1 asking for URL1 will > receive the version of some hours before (not some minutes). This is what we > are trying to avoid. > > Many thanks for all your feedback and suggestions, > > > Joan > On 08/07/17 15:30, Peter Booth wrote: >>

Re: Specify a Vary: Accept-Encoding header

It looks as if the static content is being served by the Rails asset pipeline rather than directly by nginx and the impact is enormous. It took 25s for the base page - but it also took another 25s for the http://cryonics.org.au/assets/application.js

Re: Specify a Vary: Accept-Encoding header

run other tools. Peter > On Jul 21, 2017, at 6:58 AM, Peter Booth wrote: > > It looks as if the static content is being served by the Rails asset pipeline > rather than directly by nginx > and the impact is enormous. It took 25s for the base page - but it also took > anothe

Re: Disable NGINX caching 304 Responses from Origin Server

I can’t see an obvious issue, but I can say that there is no such thing as a simple web server setup where caching is involved. I have gray hairs that appeared after working with a high traffic retail website that had seven levels of caching (browser cache, CDN, hardware load balancer, nginx reve

Re: Disable NGINX caching 304 Responses from Origin Server

g interesting and wondered if you could shed some light >> on it. >> >> Simply adding: >> proxy_ignore_headers Cache-Control Expires; >> >> Enables 304 responses from the origin server without setting: >> >> proxy_set_header If-Modified-Since $http_i

Re: Identifying "Writing" connections in status stub

Vlad, I'd suggest beginning by seeing whether or not this is real. If you create a cron job that invokes netstat -ant every hour, then summarize the connections and either view them manually or write them into an influxdb and graph with grafana you will see whether or not the #tcp connections r

Re: Identifying "Writing" connections in status stub

Vlad, You might not need to replicate it- you have it happening in production in front of you. Some questions: 1. When is the last time that your production nginx was restarted? 2. Do you have regular restarts? 3. Is there an obstacle to restarting at some point? 4. Is this a single instance or

Re: Identifying "Writing" connections in status stub

descriptions for a specific pid? > On Jul 30, 2017, at 5:15 AM, Peter Booth wrote: > > Vlad, > > You might not need to replicate it- you have it happening in production in > front of you. > Some questions: > > 1. When is the last time that your production nginx was

Re: Identifying "Writing" connections in status stub

See below > On Jul 30, 2017, at 6:12 AM, Vlad K. wrote: > > On 2017-07-30 11:26, Peter Booth wrote: >> I just reread the thread and realize that you answered q2, and that >> makes the graph even more >> surprising. You say that it son FreeBSD - does this mean t

Re: Identifying "Writing" connections in status stub

During a busier part of the day, what is your minimum, median,99%, max requests per sec? > On Jul 30, 2017, at 9:31 AM, Vlad K. wrote: > > >> If you open the status page in a browser do the numbers report match >> what you see with netstat? > > Waiting does: > > # netstat -n | grep -E "tcp4

Re: Options for selective logging

What is your ultimate goal? You say that you want to replay 0.05% of traffic into a test environment. Are you wanting to capture real world data on a one off or ongoing basis? You say that this particular proxy is very busy. How busy? Is it hosted on a physical host or a virtual machine? If

Re: ngx_slab_alloc() failed: no memory in cache keys zone

Lots of questions: What are the upstream requests? Are you logging hits and misses for the cache - what's the hit ratio? What size are the objects that you are serving? How many files are there in your cache? What OS and what hardware are you using? If it's Linux can you show the results of the f

Re: Nginx splitting one single request's into multiple requests to upstream. (version 1.13.3)

Pankaj, I can’t understand exactly what you are saying. But I’m confident that here will be a way for nginx to work for you, providing you ask the question in a clear, unambiguous fashion. Is your application behind nginx, such that nginx is POSTING to the app? Or is your application making th

Re: Reverse cache not working on start pages

I found it useful to define a dropCache location that will delete the cache on request. I did this with a shell script that I invoked with lua (via openresty) but I imagine there are multiple ways to do this. Sent from my iPhone > On Oct 4, 2017, at 11:39 AM, Maxim Dounin wrote: > > Hello! >

Re: Nginx splitting one single request's into multiple requests to upstream. (version 1.13.3)

I can say that Maxim's idea of using tcp proxying with the streams module Is very simple to configure - just a couple of lines, and tremendously useful. Sent from my iPhone > On Oct 4, 2017, at 3:24 PM, pan...@releasemanager.in > wrote: > > Maxim, > > totally agree on your statement and op

Re: Multiple upstream_cache_status headers in response in a dual-cache configuration

Why do you want to "realize a distributed caching layer based on disk-speed and storage?” Providing that you are running nginx on a healthy host running linux then your HDD-cache be faster (or the seem speed) as your SSD-cache. This because the cached file will be written though the Linux p

Re: Reverse cache not working on start pages (solution founD)

Sounds like the problem is that you don’t have nginx configured to enforce canonical urls. What do I mean by this? Imagine that every page on the site has one and only one “correct URL” So someone might type http://www.mydomain.com http://mydomain.com http://www.mydomain.com/index.html and

Re: E3-1240 with 32GB Ram - Unable to set the optimal value for the server

Advice - instead of tweaking values, first work out what is happening, locate the bottleneck, then try adjusting things when you have a theory First QN you need to answer: For your test, is your system as a whole overloaded? As in, for he duration of the test is the #req/se supported constant?

Re: E3-1240 with 32GB Ram - Unable to set the optimal value for the server

You said this > On Oct 16, 2017, at 3:30 PM, Peter Booth wrote: > > If i change the values, it hangs with 3k or 5k visitors. > This one handle 5k to 8k what hangs? the host or the nginx worker processes or the PHP or the mysql? You need to capture some diagnostic information over

Re: E3-1240 with 32GB Ram - Unable to set the optimal value for the server

Agree, Can you email me offline. I might have a few ideas on how to assist. Peter peter _ booth @ me.com > On Oct 16, 2017, at 3:55 PM, agriz wrote: > > Sir, > > Thank you for your reply. > > This is a live server. > It is an NPO (non profit organisation). &g

Re: E3-1240 with 32GB Ram - Unable to set the optimal value for the server

w many milliseconds are spent building every request See https://lincolnloop.com/blog/tracking-application-response-time-nginx/ <https://lincolnloop.com/blog/tracking-application-response-time-nginx/> It’s better that you email me off-list for further discussion Peter peter _ booth @ m

Re: E3-1240 with 32GB Ram - Unable to set the optimal value for the server

Agree, I work as performance architect , specializing in improving the performance of trading applications and high traffic web sites. When I first began tuning Apache (and then nginx) I realized the the internet was full of “helpful suggestions” about why you should set configuration X to thi

Re: Performance issue of "ngx_http_mirror_module"

There are a few approaches to this but they depend upon what you’re trying to achieve. Are your requests POSTs or GETs? Why do you have the mirroring configured? If the root cause is that your mirror site cannot support the same workload as your primary site, what do you want to happen when yo

higher precision timings [ Re: why delta only include the execution time of ngx_process_events not ngx_event_process_posted (Zhang Chao)

I think that this discussion touches on another question - are millisecond timings still sufficient when monitoring web applications? I think that in 2017, with the astounding increases in processing power we have seen in the last decade, millisecond timings are too imprecise. The cost of capt

Re: Does anyone know how to configure the session inactivity timeout in Nginx ?

This is true in general, but with a single exception that I know of. It’s common for nginx to proxy requests to a Rails app or Java app on an app server and for the app server to implement the session logic This is an open-resty session implementation that sits within the nginx process. https:/

Re: Nginx dynamic proxy_pass keeps redirecting to wrong domain

You need to understand, step-by-stp, exactly what is happening. Here is one (of many) ways to do this: 1. Open the Chrome browser 2. Right click on the background and select inspect, this will open the developer tools page 3. Select the tab “Network” which shows you the HTTp requests issued for

Re: Issue with flooded warning and request limiting

FWIW - I have found rate limiting very useful (with hardware LB as well as nginx) but, because of the inherent burstiness of web traffic, I typically set my threshold to 10x or 20x my expected “reasonable peak rate.” The rationale is that this is a very crude tool, just one of many that need to

Re: Nginx cache returns MISS after a few hours, can't be set up to cache "forever"

Can you count the number of files that are in your cache and whether or not it's changing with time? Then compare with the number of unique cache keys (from your web server log) When the server starts returning a MISS - does it only do this for newer objects that haven’t been requested before? D

Re: Moving SSL termination to the edge increased the instance of 502 errors

There are many things that *could* cause what you’re seeing - say at least eight. You might be lucky and guess the right one- but probably smarter to see exactly what the issue is. Presumably you changed your upstream webservers to do this work, replacing ssl with unencrypted connections? Do y

Re: How to control the total requests in Ngnix

So what exactly are you trying to protect against? Against “bad people” or “my website is busier than I think I can handle?” Sent from my iPhone > On Nov 30, 2017, at 6:52 AM, "tongshus...@migu.cn" > wrote: > > a limit of two connections per address is just a example. > What does 2000 reque

Re: How to control the total requests in Ngnix

I’m a situation where you are confident that the workload is coming from a DDOS attack and not a real user. For this example the limit is very low and nodelay wouldn’t seem appropriate. If you look at the techempower benchmark results you can see that a single vote VM should be able to serve ov

Re: How to control the total requests in Ngnix

017, at 1:11 AM, Peter Booth wrote: > > I’m a situation where you are confident that the workload is coming from a > DDOS attack and not a real user. > > For this example the limit is very low and nodelay wouldn’t seem appropriate. > If you look at the techempower benchmark res

Re: simple reverse web proxy need a little help

First Step Use something like http://www.kloth.net/services/nslookup.php To check the IP addresses returned for all six names (with and without www for the three domains) Do these look correct? Sent from my iPhone > On Dec 6, 2017, at 5:27 PM, qwazi wrote: > > I'm new to nginx but needed a

Re: Can Nginx used as a reverse proxy send HTTP(s) requests through a forward proxy ?

Take a look at the stream directive in the nginx docs. I’ve used that to proxy an https connection to a backend when I needed to make use of preecisting SSO Sent from my iPhone > On Dec 6, 2017, at 5:47 PM, Nicolas Legroux wrote: > > Hi, > > I'm wondering if it's possible to do what's descri

Re: nginx latency/performance issues

Are you running apache bench on the sam for different host? How big is the javascript file? What is your ab command line? If your site is to be static published (which is a great idea) why are you using SSL anyway? > On 4 Jan 2018, at 6:12 PM, eFX News Development wrote: > > Hello! Thanks for

Re: 504 gateway timeouts

Wade, I think that you are asking “hey why isn’t nginx behaving identically on MacOS and Linux when create a servlet that invokes Thread.sleep(30) before it returns a response?.” Am I reading you correctly? A flippant response would be to say: “because OS/X and Linux are different OSes th

Re: 504 gateway timeouts

gs worked. They did. However they do not have the same >> effect for nginx installed on my production Ubuntu 16.x servers. I did not >> realize that these settings were limited by the OS that nginx is installed >> on. Are there are similar settings that will work for the Ubuntu

Re: 2 of 16 cores are constantly maxing out - how to balance the load?

Perhaps you should use pidstat to validate which processes are running on the two busy cores? > On Jan 11, 2018, at 6:25 AM, Vlad K. wrote: > > On 2018-01-11 11:59, Lucas Rolff wrote: >> Now, in your case with php-fpm in the mix as well, controlling that >> can be hard ( not sure if you can pin

Re: How to correctly dedicate server processes to specific CPU cores?

So some questions: What hardware is this? Are they 16 “real” cores or hyper threaded cores? Do you have a test case setup so you can readily measure the impact of change? Many tunings that involve numa will only show substantial results ion specific app What does cat /proc/cpuinfo | tail -28 ret

Re: Suggestions for web apps to test out nginx load balancing?

The tech empower web framework benchmark is a set of six micro benchmarks implemented with over 100 different web frameworks. It’s free, easy to setup, and comes as prebuilt docker containers. Sent from my iPhone > On Jan 26, 2018, at 2:27 PM, leeand00 wrote: > > Does anyone have a suggestion

Re: Response Header IF statement problem

I think that part of the power and challenge of using nginx’s caching is that there are many different ways of achieving the same or similar results, but some of the approaches will be more awkward than others. I think that it might help if you could express what the issue is that you are try

Re: Files still on disc after inactive time

100GB of cached files sounds enormous. What kinds of files are you caching? How large are they? How many do you have? If you look at your access log what hit rate is your cache seeing? Sent from my iPad > On Feb 16, 2018, at 3:16 AM, Andrzej Walas > wrote: > > After this inactive logs I have

Re: fsync()-in webdav PUT

This discussion is interesting, educational, and thought provoking. Web architects only learn “the right way” by first doing things “the wrong way” and seeing what happens. Attila and Valery asked questions that sound logical, and I think there's value in exploring what would happen if their s

Re: location blocks, and if conditions in server context

I agree that avoiding if is a good thing. But avoiding duplication isn’t always good. Have you considered a model where your configuration file is generated with a templating engine? The input file that you modify to add/remove/change configurations could be free of duplication but the conf fi

Re: Using the mirror module

This is the point where I would jump to using the debug log. You need to build you nginx binary with —with-debug switch and change the log level to debug innginx.conf. Debug generates a *huge* amount of logs but it really is invaluable. I would also want to double check what is actually happen

Re: Using the mirror module

Suggestion: Define two more locations - one that proxies www.example.com and another that proxies staging.example.com. If both locations work then your problem is probably mirroring. If one doesn’t work then the issue is your configuration and not mirroring. Either way you have reduced the size

Re: Nginx 1.12.1 Memory Consumption

Two questions: 1. how are you measuring memory consumption? 2. How much physical memory do you have on your host? Assuming that you are running on Linux, can you use pidstat -r -t -u -v -w -C “nginx” to confirm the process’s memory consumption, and cat /var/meminfo to view a detailed descrip

Re: Nginx 1.12.1 Memory Consumption

processes. > > Do you have any suggestions for differentiating between the two issues that > might prevent memory from being returned to the system? > > Thanks! > >> On Thu, Mar 15, 2018 at 1:06 PM Peter Booth wrote: >> Two questions: >> >> 1. how a

Re: Nginx throttling issue?

You’re correct that this is the ddos throttling. The real question is what do you want to do? JMeter with zero think time is an imperfect load generator- this is only one complication. The bigger one is the open/closed model issue. With you design you have back ptesssure from your system under

Re: Nginx throttling issue?

John, I think that you need to understand what is happening on your host throughout the duration of the test. Specifically, what is happening with the tcp connections. If you run netstat and grep for tcp and do this in a loop every say five seconds then you’ll see how many connections peak get

Re: Monitoring http returns

Jeff, There are some very good reasons for doing things in what sounds like a heavy inefficient manner. The first point is that there are some big differences between application code/business logic and monitoring code: Business logic, or what your nginx instance is doing is what makes you mon

Re: Monitoring http returns

will cause google and bing and other search engines to scrape in a pathological manner Sent from my iPhone > On Apr 11, 2018, at 2:04 AM, Jeff Abrahamson wrote: > >> On Wed, Apr 11, 2018 at 01:17:14AM -0400, Peter Booth wrote: >> There are some very good reasons for do

Re: Monitoring http returns

connections, cache hit ratios etc is important to understand “what is normal?” It’s easy for our mental model of how a site works to differ markedly from reality. Sent from my iPhone > On Apr 11, 2018, at 2:04 AM, Jeff Abrahamson wrote: > >> On Wed, Apr 11, 2018 at 01:17:14AM

Re: Virtual hosts sharing same port

Does this imply that that different behavior *could* be achieved by first defining virtual IP addresses (additional private IPs defined at the OS) which were bound to same physical NIC, and then defining virtual hosts that reference the different VIPs, in a similar fashion to how someone might c

Re: Error: Couldn't connect to server

I’m guessing that you have script that keeps executing curl. What you can do is use curl -K ./fileWithListOfUrls.txt and the one curl process will visit each url in turn reusing the socket (aka HTTP keep alive) That said, curl isn’t a great workload simulator and, in the long time, you can get

Re: Debugging Nginx Cache Misses: Hitting high number of MISS despite high proxy valid

Quintin, I dont know anything about your context, but your setup looks over simplistic. Here are some things that I learned painfully over a few years of supporting a high traffic retail website 1. Is this a website that's on the internet, and thus exposed to random queries from bots and scra

Re: Nginx Rate limiting for HTTPS requests

Rate limiting is a useful but crude tool that should only be one if four or five different things you do to protect your backend: 1 browser caching 2 cDN 3 rate limiting 4 nginx caching reverse proxy What are your requests? Are they static content or proxied to a back end? Do users login? Is i

Re: Nginx Rate limiting for HTTPS requests

5. Do you use keepslive? Sent from my iPhone > On May 20, 2018, at 2:45 PM, Peter Booth wrote: > > Rate limiting is a useful but crude tool that should only be one if four or > five different things you do to protect your backend: > > 1 browser caching > 2 cDN > 3

Re: Block countries - Nginx

If you can dump your http traffic you will probably see a headers with names like: X-Real-IP X-Forwarded-For Sent from my iPhone > On May 23, 2018, at 11:25 PM, Frank Liu wrote: > > Since only load balancer sees the client IP, it has to pass that information > to nginx. You need to talk to yo

Re: Block countries - Nginx

Dont. You should let every tier do it’s job. Just because nginx has geoid functionality doesn’t mean that you should use it. If you are lucky enough to have hardware load balancer in front of nginx then do the blocking there, so you reduce the load on your nginx. The Golden Rule of keeping websi

Re: Performance of h2 is better than h2c

Is your client running n a different host than your server? > On 8 Jun 2018, at 5:35 AM, prabhat wrote: > > I am taking performance data on nginx. > The client I used is h2load > > Request per second using h2 is much higher than h2c. But I think it should > not be as h2 is having the overhead o

Re: massive deleted open files in proxy cache

Sounds weird. 1. It doesn’t make sense for your cache to be on a tmpfs share. Better to use s physical disk allow Linux ‘s page csche to do its job 2. How big are the files in the larger cache? Min/median/max? Sent from my iPhone > On Jun 20, 2018, at 7:38 AM, rihad wrote: > > Have you be

Re: NGINX Proxy Cache Cache-Control

Your question raises so many other questions: 1. The static content - jpg, png, tiff, etc. It looks as though you are serving them your backend and caching them. Are they also being built on demand dynamically? If not, then why csche them? Why not deploy them to nginx and serve them directly?

Re: Recovering from partial writes

How large is a large POST payload? Are the nginx and upstream systems physical hosts in same data center? What are approx best case / typical case / worst case latency for the post to upstream? Sent from my iPhone > On Jun 22, 2018, at 2:40 PM, scott.o...@oracle.com wrote: > > I have an nginx p

Re: Cache question

Sure is. Look at the stale-if-error stale-while-revalidate proxy_cache_use_stale proxy_cache_lock etc Can you describe the use case a bit more? Why don't you want to cache this particular content? Is it that its dynamic and a fresher version is always preferable but the stale is good enough in

QNs about cookies and caching

I'm wondering if someone can help with the following? I have a java app where I'm using nginx as a caching reverse proxy. I have a location defined for five distinct JSPs and different cache configurations and custom keys for each. Some locations are using: proxy_ignore_headers Set-Cookie Proxy_

Selectively implement something like proxy_ignore_headers Set-Cookie?

I'm wondering if anyone has any thoughts about how I might address the following? I am using nginx as a caching reverse proxy in front of a complex Apache/Weblogic Java application. I have a half-dozen Location blocks that have different caching policies with custom keys and different cache

RE: Translating an F5 rule

The code does the following: 1. remove an HTTP header named "SWSSLHDR" 2. replaces it with SWSSLHDR: port, where the port is the local port of the "current context's TCP connection", presumably the port that your F5 virtual server is listening on. This is presumably to separate SSL and non SSL t

Re: Too Many Redirects - CDN Rewrite Rule

Why are you trying to rewrite your URLs at all? Why don't you simply endure that your HTML or dynamic content references images at cdn.mydomain.com? Sent from my iPhone On Mar 20, 2013, at 10:47 PM, "toddlahman" wrote: > I have tried both ways to redirect my static files to a CDN (content > de

Re: Too Many Redirects - CDN Rewrite Rule

What netdna said is sensible and I imagine any cdn would say the same. Ultimately the ball is in your court. If you want to use a CDN (and it's not compulsory) then change your app so that the image links are absolute links with the cdn domain name. There's no good reason for nginx to have any

[no subject]

Sent from my iPhone > >> On Saturday 18 June 2016 14:12:31 B.R. wrote: >> There is no downside on the server application I suppose, especially since, >> as you recalled, nginx got no trouble for it. >> >> One big problem is, there might be socket exhaustion on the TCP stack of >> your front-end

  1   2   >