Quantcast
Channel: Nginx Forum - Other discussion
Viewing all 607 articles
Browse latest View live

SSL error NginX 1.9.10 (4 replies)

February 10, 2016, 11:14 am
$
0
0
Hello guys,

So I compiled nginx by source version 1.9.10 and used openssl 1.0.2f and all went fine..

I have enabled HTTP/2 and I am getting errors in the nginx log

SSL_shutdown() failed (SSL: error:140C5042:SSL routines:ssl_undefined_function:called a function you should not call) while SSL handshaking

anyone got any idea whats going on?

Ubuntu x64 14.04
openssl 1.0.2f
nginx 1.9.10

regards
Search

nginx (1.8.1) and timer_resolution cause freezed downloads on linux (4.4.1) (no replies)

February 7, 2016, 3:29 am
$
0
0
Using archlinux
related topic on arch forum https://bbs.archlinux.org/viewtopic.php?pid=1602417#p1602417

After linux kernel update I found that file transfers through loopback (lo) network interface suddenly hangs. It's seems that it's related to parameter timer_resolution.

I test it this way:
1) change timer_resolution value
2) restart nginx
3) clear cache (sync && echo 3 > /proc/sys/vm/drop_caches)
4) try download file with wget from localhost

if set timer_resolution to 500ms - downloading hangs after ~500ms
if set timer_resolution to 10ms - downloading hangs after ~10ms
if I comment out timer_resolution - no freezes

Is it a bug, feature or misconfiguration?

Nginx secure_link_md5 Module (no replies)

February 8, 2016, 3:28 am
$
0
0
Hi Team,

We have setup a Nginx Server for token authentication using secure_link_md5 Module as per below link
http://nginx.org/en/docs/http/ngx_http_secure_link_module.html

Please let me know how to proceed for two secret keys, say primary secret key and backup secret key so that if we are changing the primary key the current requests should get authenticated from backup key, provided we have copied the same key(i.e. primary key before changing) in backup key.

Regards,
Anish

Different times between frontend and backend. (no replies)

February 9, 2016, 7:03 am
$
0
0
Hi.

Frontend log:
* * [09/Feb/2016:12:58:14 +0000] "GET /hls.ts HTTP/1.1" 200 MISS "123.123.123.123" 1651956 "-" "HLS Client" "15.711" "-" "-/-" "1/196861693" "0.021" "13.275" "200" RU

Backend log:
* * [09/Feb/2016:12:57:59 +0000] "GET /hls.ts HTTP/1.1" 200 HIT "-" 1651956 "-" "HLS Client" "0.388" "-" "-/-" "84/238345969" "-" "-" "-" RU

So there is the question: why it's different times in frontend and backend logs? I mean (13.275) upstream_response_time from frontend and (0.388) request_time from the backend? It's must be the same.

i'm getting following error when compiling nginx 1.8.1 (no replies)

February 10, 2016, 10:23 pm
$
0
0
/root/rpmbuild/SOURCES/modules/nginx_tcp_proxy_module-master/ngx_tcp_session.c
/root/rpmbuild/SOURCES/modules/nginx_tcp_proxy_module-master/ngx_tcp_session.c: In function 'ngx_tcp_send':
/root/rpmbuild/SOURCES/modules/nginx_tcp_proxy_module-master/ngx_tcp_session.c:351: error: 'NGX_LOG_DEBUG_TCP' undeclared (first use in this function)
/root/rpmbuild/SOURCES/modules/nginx_tcp_proxy_module-master/ngx_tcp_session.c:351: error: (Each undeclared identifier is reported only once
/root/rpmbuild/SOURCES/modules/nginx_tcp_proxy_module-master/ngx_tcp_session.c:351: error: for each function it appears in.)
/root/rpmbuild/SOURCES/modules/nginx_tcp_proxy_module-master/ngx_tcp_session.c: In function 'ngx_tcp_finalize_session':
/root/rpmbuild/SOURCES/modules/nginx_tcp_proxy_module-master/ngx_tcp_session.c:410: error: 'NGX_LOG_DEBUG_TCP' undeclared (first use in this function)
/root/rpmbuild/SOURCES/modules/nginx_tcp_proxy_module-master/ngx_tcp_session.c: In function 'ngx_tcp_close_connection':
/root/rpmbuild/SOURCES/modules/nginx_tcp_proxy_module-master/ngx_tcp_session.c:431: error: 'NGX_LOG_DEBUG_TCP' undeclared (first use in this function)
/root/rpmbuild/SOURCES/modules/nginx_tcp_proxy_module-master/ngx_tcp_session.c: In function 'ngx_tcp_cleanup_add':
/root/rpmbuild/SOURCES/modules/nginx_tcp_proxy_module-master/ngx_tcp_session.c:519: error: 'NGX_LOG_DEBUG_TCP' undeclared (first use in this function)
make[1]: *** [objs/addon/nginx_tcp_proxy_module-master/ngx_tcp_session.o] Error 1
make[1]: Leaving directory `/root/rpmbuild/BUILD/nginx-1.8.1'
make: *** [build] Error 2
error: Bad exit status from /var/tmp/rpm-tmp.y2Vbr0 (%build)


RPM build errors:
Bad exit status from /var/tmp/rpm-tmp.y2Vbr0 (%build)

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

following are the modules i compiled nginx with

ngx_devel_kit-master
echo-nginx-module-master
set-misc-nginx-module-master
srcache-nginx-module-master
nginx-sticky-module-master
nginx_upstream_check_module-master
memc-nginx-module-master
nginx_cross_origin_module-master
nginx_tcp_proxy_module-master

Nginx location block and performance (no replies)

February 13, 2016, 1:22 am
$
0
0
I am not an expert with Nginx, so I read several articles and the official guideline to get myself up to speed. However, I found nothing that touch base on the location vs rewrite block performance.

My scenario is the following: an existing website changed their english URLs into Chinese, and I have to prevent any loss of traffic for several URLs (about 1m)

I came up with two working configuration, though this was limited to just a few URLs and I wasn't able to test on any production or pre-production environment to validate the effectiveness.

Solution A)

Use n+1 rewrite blocks followed by a permanent flag straight in the server block;

Solution B)

Use n+1 exact location blocks with a nested rewrite and permanent flag followed by a break;

Both solutions have a catch all rule that redirect to an index.php file to allow Magento process the request and produce the output.

My understanding is that solution B may be more efficient thanks to the break instruction that will prevent additional rewriting rule to be executed, forwarding the rewrite module straight to the location blocks. As I have only one of them - a catch all - there is very little choice here.

Given the above, is it correct assuming the solution B is more efficient?

OSX 10.11 El Capitan using part 8080 is fine but not port 80 (2 replies)

February 21, 2016, 1:54 am
$
0
0
when I use in my nginx.conf

server {
listen 8080;

I can access my index page , but whenever I changed it tp

server {
listen 80

then I cannot access it..

same issue with port 443 , I have to use port 8443 to get it running fine..

It's weird as I checked

sudo lsof -i -P | grep -i nginx
Password:
nginx 35231 root 12u IPv4 0xe906ac28eb68a51b 0t0 TCP *:80 (LISTEN)
nginx 35231 root 13u IPv4 0xe906ac28ee03851b 0t0 TCP *:8443 (LISTEN)
nginx 35231 root 14u IPv4 0xe906ac28eefe9033 0t0 TCP *:8080 (LISTEN)
nginx 35232 yves 12u IPv4 0xe906ac28eb68a51b 0t0 TCP *:80 (LISTEN)
nginx 35232 yves 13u IPv4 0xe906ac28ee03851b 0t0 TCP *:8443 (LISTEN)
nginx 35232 yves 14u IPv4 0xe906ac28eefe9033 0t0 TCP *:8080 (LISTEN)

SSL error : Same base url with different context path (no replies)

March 1, 2016, 8:28 pm
$
0
0
We have two Tomcat instances running on two different server . Both the tomcats are with https (SSL implemented at Tomact level)

Bamboo1 instance : https://bamboo.com

Bamboo 2 isnatnce : https://techiid-bamboo.com

We have to achieve/rename to same base url for both the bamboo instance but different context path

So bamboo 1 should be directly accessed by https://bamboo.com/bamboo1 and bamboo 2 would be https://bamboo.com/bamboo2.

Old DNS names https://techiid-bamboo.com and https://bamboo.com will be deleted.

I set up a below test instance for nginx running

Below is the content for default.conf

listen 80;
server_name nginx_server.com;
#root /etc/tomcat7/webapps/apple;

location /bamboo1 {
proxy_pass https://server1:443/;
include /etc/nginx/proxy.conf;

below is the content of /etc/nginx/proxy.conf

proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;


When i am giving in url http://nginx_server.com/bamboo1 , its not returning anything and returning SSL error and the url changed to below

https://nginx_server.com:80/allPlans.action;jsessionid=54F4D80938906512BF1108D9368B8397 ( Though nginx server does not have SSL running , as SSL implmented in the target tomcat instances)


Error :

Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

Please help me out.

Regards
Deb
Search

nginx application error 0xC0000142 on Windows shutdown (1 reply)

March 2, 2016, 12:18 pm
$
0
0
On Windows shutdown or restart this error occurs:
==========================================
nginx.exe - Application Error

The application was unable to start correctly (0xc0000142).
Click OK to close the application
==========================================

The attached error log contains:
worker process 760 exited with code C0000142

nginx version:
C:\Users\Tom\Projects\local-manager-v4\nginx-server\708\nginx>nginx -v
nginx version: nginx/1.9.1.1 Lizard
nginx origin: http://nginx-win.ecsds.eu/ Build May 1, 2015

It would be good to prevent this error message as it alarms our users.

Setting my web browser use squid proxy, access the nginx web site is fail. (no replies)

March 2, 2016, 7:01 pm
$
0
0
Hi frend:
I have a squid proxy server and a nginx web site server.

My web browser[ IE ] use squid proxy to access any web site is ok in my PC.

But when i access the nginx web site, it will show "the page could not be found".

I remove the squid proxy setting on my web browser,then i can access the nginx.

How can i set the nginx web site config that let the web browser set proxy setting to success access nginx web site?

Please help me,thank you

NFS Access Error while writing logs on mounted device (3 replies)

March 9, 2016, 3:32 am
$
0
0
Good morning,

I am facing a very annoying issue with Nginx access and error logs.

For a reason I cannot mention, I absolutely need to write my nginx logs on a NFS partition mounted on the server.
For this, I mentionned the path to the error and access logs files (each one on a different nfs partition).
The file is properly created bu the Nginx master but only a few logs are written (most of them are lost).

To understand the problem, I separated temporarily the error log and I observed "permission denied" alerts:
2016/03/09 10:13:03 [alert] 1698#0: *13 write() to "<PATH to NFS LOG>/access.log" failed (13: Permission denied) while logging request, client: <server IP>, server: <server IP>, request: "GET /home HTTP/1.1", upstream: "http://<server IP>:<server Port>/home", host: "<server IP>:<server Port>"

A tcpdump gives me NFS3ERR_ACCES error packet at the same time.

You'll tell me it is user permission error to access the NFS mount, but logs are sometimes written and I only have this issue with Nginx (other tools works fine with it).

If you are aware of this, what should I do (in nfs server/client conf or patch for nginx) to fix this issue.

Thank you for your concern,
MPtiBot

Nginx not properly upgrading websocket connections (no replies)

March 9, 2016, 10:23 pm
$
0
0
I followed the documentation and it still isnt properly proxying my websocket for xmpp. Upgrades always somehow result in nginx returning keep-alives and 502's instead of doing what its been told to do.

For full discussion check out this issue which i started on ejabberd and have now brought here due to the fact that i beleive this is a bug in nginx now.

https://github.com/processone/ejabberd/issues/968

HTTP/2 Failure (no replies)

March 12, 2016, 9:13 pm
$
0
0
I ran into an issue with HTTP/2 a while ago, and each version I cannot seem to fix it.
http://serverfault.com/questions/747997/http-2-returning-weird-symbols

Running on the latest version (1.9.12) has the same issue, and FireFox simply does not get a response, and Safari gives this: https://i.imgur.com/pXbF9uA.png

The website is https://xenogamers.com if anyone is able to get a response on these browsers.

keepalive strange behaviour (3 replies)

March 15, 2016, 12:41 am
$
0
0
Hi,

I'm trying to improve the performance of a webapp behind nginx 1.9.7. My server freezes due to the high time_wait ports.
I added the keepalive sentece to the upstream and the "proxy_http_version 1.1;" and "proxy_set_header Connection "";" to the location but I'm still having this issues.

I tried with a simple node js webserver that simulates the flow o the real app (just 302 redirects) and with this server works fine.The real webapp servers are pretty much the same and are developed in node js (not by me).

What could be happening here?

Thanks!

Nginx access works on WAN but not LAN (1 reply)

March 17, 2016, 6:58 am
$
0
0
Hi,

I am new to nginx and have search almost everywhere. The problem is that anywhere outside my network, I can access the default nginx page, but when I am on the local network, be it my arch linux laptop, or my mobile phone, the WAN ip I get a connection can't be found error.
Search

Configuring Nginx to push RTMP to VLC (no replies)

March 17, 2016, 11:26 am
$
0
0
We are currently pulling an RTMP stream from a server into Nginx. We need to configure it to push that RTMP stream out, as is, to a VLC player.

How can we configure Nginx to push an RTMP stream out so we can view it in VLC?

Thank you.

Windows php cgi perfomance (no replies)

March 25, 2016, 6:50 am
$
0
0
Hi

I have

http://nginx-win.ecsds.eu/ version 1.9.13.1
Windows server 2012r2 VDS with two 200% time cpu cores, 4 gb ram
php 7.0.4
opcache enabled, about 95% hit

Story is that when i start free test from loadimpact with 50 virtual users on site main page i have about 40% cpu used with php-cgi.exe..

Is that normal ? I tryed cgi cache. Its ok with it, but its very bad idea to use cgi cache with online shop..

What can i tune in that config ?

Thank you

worker_processes 1;

error_log logs/error.log;
#error_log D:/Server/nginx/logs/error.log;

events {
worker_connections 8192;
multi_accept on;
}


http {
#include /nginx/conf/naxsi_core.rules;
include mime.types;
default_type application/octet-stream;



tcp_nodelay on;
tcp_nopush on;
sendfile on;


server_names_hash_bucket_size 128;
map_hash_bucket_size 64;


reset_timedout_connection on;
send_timeout 5;

client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 30;
keepalive_requests 100;
server_tokens off;

#fastcgi_cache_path D:/Server/nginx_cache/ levels=1:2 keys_zone=ZONE1:250m inactive=60m;
#fastcgi_cache_key "$scheme$request_method$host$request_uri";
#fastcgi_cache_use_stale error timeout invalid_header http_500;
#fastcgi_ignore_headers Cache-Control Expires Set-Cookie;

open_file_cache max=200000 inactive=20s;
open_file_cache_valid 30s;
open_file_cache_min_uses 2;
open_file_cache_errors on;


server{
listen 80 default_server;
listen [::]:80 default_server;
# Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
return 301 https://$host$request_uri;
}




server
{


listen 443 ssl http2;
listen [::]:443 ssl http2;

error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
}
access_log off;
root D:/Server/htdocs/;

server_name 123123.ru;

index index.php;


gzip on;
gzip_vary on;
gzip_static off;
gzip_min_length 1024;
gzip_proxied expired no-cache no-store private auth;
gzip_comp_level 4;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript ;
gzip_disable "msie6";

ssl_certificate D:/Server/ssl/cert_chain.crt;
ssl_certificate_key D:/Server/ssl/key.key;
ssl_trusted_certificate D:/Server/ssl/COMODORSADomainValidationSecureServerCA.crt;
ssl_dhparam D:/Server/ssl/dhparams.pem; #openssl dhparam -out dhparams.pem 2048
ssl_session_timeout 1h;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;



try_files $uri $uri/ /index.php?$query_string;






location ~ \.php$ {
root D:/Server/htdocs/;
fastcgi_pass 127.0.0.1:9123; # single backend process

fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;



}


location /index.php {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9123;
#fastcgi_pass myLoadBalancer;
}

# for install only
location /install.php {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9123;
#fastcgi_pass myLoadBalancer;
}

location /api.php {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9123;
#fastcgi_pass myLoadBalancer;
}

location ^~ /wa-data/protected/ {
#return 403;
#X-Accel-Redirect
internal;
}

location ~* ^/wa-(log|config|cache|system)/ {
return 403;
}

location ~* ^/wa-data/public/contacts/photo/[0-9]+/ {
root /var/www/fw/;
access_log off;
expires 30d;
error_page 404 = @contacts_thumb;
}

location @contacts_thumb {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9123;
#fastcgi_pass myLoadBalancer;
fastcgi_param SCRIPT_NAME /wa-data/public/contacts/photos/thumb.php;
fastcgi_param SCRIPT_FILENAME $document_root/wa-data/public/contacts/photos/thumb.php;
}

# photos app
location ~* ^/wa-data/public/photos/[0-9]+/ {
access_log off;
expires 30d;
error_page 404 = @photos_thumb;
}

location @photos_thumb {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9123;
#fastcgi_pass myLoadBalancer;
fastcgi_param SCRIPT_NAME /wa-data/public/photos/thumb.php;
fastcgi_param SCRIPT_FILENAME $document_root/wa-data/public/photos/thumb.php;
}

# end photos app

# shop app
location ~* ^/wa-data/public/shop/products/[0-9]+/ {
access_log off;
expires 30d;
error_page 404 = @shop_thumb;
}

location @shop_thumb {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9123;
#fastcgi_pass myLoadBalancer;
fastcgi_param SCRIPT_NAME /wa-data/public/shop/products/thumb.php;
fastcgi_param SCRIPT_NAME /wa-data/public/shop/products/thumb.php;
fastcgi_param SCRIPT_FILENAME $document_root/wa-data/public/shop/products/thumb.php;
}

# end shop app

# mailer app
location ~* ^/wa-data/public/mailer/files/[0-9]+/ {
access_log off;
error_page 404 = @mailer_file;
}

location @mailer_file {
include fastcgi_params;
fastcgi_pass 127.0.0.1:9123;
#fastcgi_pass myLoadBalancer;
fastcgi_param SCRIPT_NAME /wa-data/public/mailer/files/file.php;
fastcgi_param SCRIPT_FILENAME $document_root/wa-data/public/mailer/files/file.php;
}

# end mailer app

location ~* ^.+\.(js|css|jpg|jpeg|gif|png|svg|ttf|eot|otf|woff|woff2)$ {
access_log off;
expires 30d;
}


}
}

MS ADFS and Nginx as a LoadBalancer (3 replies)

April 7, 2016, 12:16 pm
$
0
0
Recently I migrate/upgrade our Nginx Load Balancer from version 1.9.5 to 1.9.14 and we were handling Microsoft ADFS traffic through it. After the upgrade to 1.9.14 the Active Sync & Outlook authentication started failing, but the web authentication (OWA) still worked.

It was determined that Nginx was no longer passing the information correctly to the ADFS proxies. We have taken the ADFS traffic out but we are very curious why all of sudden why it stop working.

network topology: World <--> NGINX LB <--> Pair of ADFS Proxies

ADFS 2.0 of server 2008 R2
Nginx 1.9.5 to 1.9.14
SSL communication all the way through, NOT using HTTP2.

Any ideas are welcome. Thanks

second path redirect does not work (2 replies)

April 8, 2016, 12:53 am
$
0
0
Hi,

I have first http to https redirects - works

then the path /bamboo to redirect to http:...:8085 - works

second path redirect from /api to http:...:8080 does not work it says not found (https://mydomainname/api):

# Redirect http -> https
#
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;

rewrite ^/bamboo(.*)$ http://mydomainname:8085/$1 last;
rewrite ^/api(.*)$ http://mydomainname:8080/$1 last;
return 403;
}

Nginx 1.9.14 as Load Balancer & Google Searches (1 reply)

April 11, 2016, 1:24 pm
$
0
0
We have discovered another problem - we are not sure what version it was introduced but we are attempting to find out.

In a recent post I stated that we went from version 1.9.5 (i wish they would show it as 05) to 1.9.14 and ADFS started failing, now we've discovered that our Goggle search results are also not working correctly.

Instead of the Title and snippet fields containing the http title and meta name "description" information, what we are seeing is the Tile appears to be the date & time of the crawl and the snippet looks like the response header. I've been looking through the change logs but I honestly can see anything that might be causing this. There was one thing in 1.9.07 Feature: the "proxy_cache_convert_head" directive. that might be it but it's off by default.

Any ideas would be helpful. We are going to start trying different versions to see if we can pinpoint where it started to occur. We are starting a test at version 1.9.10 at this time. Will keep updating as we determine more.
Viewing all 607 articles
Browse latest View live
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>