I was able to resolve the issue using following rewrite rule.
rewrite ^(.*)$ https://$servername.mydomain.com$1;
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261751,261810#msg-261810
___
nginx mailing list
nginx@nginx.org
http://mailman.n
Thanks for all of your help. With me though it's 2 steps forward and 1 step
back It went further in the build process but I received other errors
that I'm still researching. Let me ask a hopefully simple question though:
Is there a way to compile nginx and the rtmp-module without openssl? I ask
23 сент. 2015 г., в 12:29, itpp2012 написал(а):
>
> Is there any module loading order advice? ea. should it be before or after
> Lua? does/should it matter?
It doesn't matter.
--
Igor Sysoev
http://nginx.com
___
nginx mailing list
nginx@nginx.org
htt
Hello everyone.
I'm trying to setup an Nginx proxy on AWS EC2 with the following general
layout:
mydomain.com > ELB > EC2 Nginx > App's Beanstalk ELB
My first configuration was something like this:
http {
upstream app {
server current-app.elasticbeanstalk.com weight 5;
server new-app.
Is there any module loading order advice? ea. should it be before or after
Lua? does/should it matter?
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261772,261796#msg-261796
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mai
On 9/23/15 9:43 PM, Igor Sysoev wrote:
> On 23 Sep 2015, at 20:39, Danomi Czaski wrote:
>
>> For those interested:
>>
>> https://www.nginx.com/blog/launching-nginscript-and-looking-ahead
>
> Yes, repository is here:
> http://hg.nginx.org/njs/
>
> This is preliminary version.
> No built-in JS ob
On 23 Sep 2015, at 20:39, Danomi Czaski wrote:
> For those interested:
>
> https://www.nginx.com/blog/launching-nginscript-and-looking-ahead
Yes, repository is here:
http://hg.nginx.org/njs/
This is preliminary version.
No built-in JS objects, no closures.
We appreciate your feedback on JS int
The files are correct as they are:
ssl_trusted_certificate includes the intermediate and the root ca,
ssl_certificate includes the server's own and the intermediate.
The error was ... in a missing ssl_trusted_certificate directive in one of
the server clauses. A human error, undetected by nginx
It seems I sent to wrong mailing list... got no response. So forwarding
this question at "nginx@nginx.org"
-- Forwarded message --
From: vikrant singh
Date: Tue, Sep 22, 2015 at 12:38 PM
Subject: Config Guidance
To: nginx-fo...@nginx.us
Hello,
I have quick question on config. On
Will adjust the files, and see what happens...
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261716,261787#msg-261787
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
For those interested:
https://www.nginx.com/blog/launching-nginscript-and-looking-ahead
On Wed, Sep 23, 2015 at 11:26 AM, Igor Sysoev wrote:
> It will be announced today.
>
> --
> Igor Sysoev
>
>> 23 сент. 2015 г., в 8:20, Danomi Czaski написал(а):
>>
>> I read quite a while ago that Nginx pla
Hold on...
ssl_dhparam [...]/ssl/dh2048.pem;
ssl_certificate_key[...]/ssl/www.key;
ssl_certificate[...]/ssl/www-bundle.pem;
ssl_trusted_certificate [...]/ssl/ca-bundle.pem;
The intermediate and the server's own are in www-bundle.pem.
The local trust store
After all, the root certificate is part of the local trust store
(/etc/ssl/ca-bundle.pem),
and nginx knows it (ssl_trusted_certificate points to it).
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261716,261785#msg-261785
___
nginx mailing l
> Simpliest solution would be to switch off OCSP response verification.
I have just tried it. It takes two hits from a client to fill the cache of
its worker process.
There are two problems with this:
- the other worker processes are not primed on restart, and therefore
clients that
require
Hello!
On Wed, Sep 23, 2015 at 12:53:19PM -0400, 173279834462 wrote:
> I see this:
>
> ==> stderr.log <==
> 2015/09/23 18:33:00 [error] 41509#0: OCSP_basic_verify() failed (SSL:
> error:27069065:OCSP routines:OCSP_basic_verify:certificate verify
> error:Verify error:unable to get local issuer ce
I see this:
==> stderr.log <==
2015/09/23 18:33:00 [error] 41509#0: OCSP_basic_verify() failed (SSL:
error:27069065:OCSP routines:OCSP_basic_verify:certificate verify
error:Verify error:unable to get local issuer certificate) while requesting
certificate status, responder: ocsp.startssl.com
Poste
Patch applied to zlib...
Zero errors and zero warnings compiling nginx 1.9.5 with clang/llvm 3.7.0.
Well done...
--- inflate.c.orig 2015-09-23 18:22:54.0 +0200
+++ inflate.c 2015-09-23 18:23:45.0 +0200
@@ -1504,9 +1504,10 @@
{
struct inflate_state FAR *state;
-i
Hello!
On Wed, Sep 23, 2015 at 11:39:13AM -0400, 173279834462 wrote:
> From my seat, the CA works and NGINX is not returning the
> OCSP response. In fact, I can generate the stapling manually.
Most problems I've seen with OCSP stapling was about incorrect use
of ssl_stapling_verify (without ap
On 09/23/15 18:31, Sergey Kandaurov wrote:
Looks like you are building nginx with zlib library sources specified
manually with —-with-zlib option, and that’s an issue in zlib, not nginx.
If such a warning bothers you, you may want to look at this change:
https://github.com/madler/zlib/commit/e54e
Hot from the oven... Thanks!
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261756,261778#msg-261778
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
>From my seat, the CA works and NGINX is not returning the
OCSP response. In fact, I can generate the stapling manually.
Barred the various considerations of what is or is not possible,
I think that a more robust solution is in order, for example,
nginx could (should at this point?) log the sta
On Sep 23, 2015, at 1:38 PM, 173279834462 wrote:
> inflate.c:1507:61: warning: shifting a negative signed value is undefined
> [-Wshift-negative-value]
> if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
>
> ~~~ ^
Looks like you are building nginx with zlib library sources
It will be announced today.
--
Igor Sysoev
> 23 сент. 2015 г., в 8:20, Danomi Czaski написал(а):
>
> I read quite a while ago that Nginx plans to move towards a Javascript
> style configuration file that may have similar functionality to
> ngx_lua. I'm wondering if there were any announcements
173279834462 Wrote:
---
> > Though not providing an OCSP response isn't a problem at all
> > as OCSP stapling is just an optimization, and
>
> Well. it *is* a problem.
>
> Without stapling, each client that hits our server also hits the ocsp
>
I read quite a while ago that Nginx plans to move towards a Javascript
style configuration file that may have similar functionality to
ngx_lua. I'm wondering if there were any announcements at the Nginx
Conference this week.
___
nginx mailing list
nginx@
Hello!
On Wed, Sep 23, 2015 at 09:42:32AM -0400, 173279834462 wrote:
> > Though not providing an OCSP response isn't a problem at all
> > as OCSP stapling is just an optimization, and
>
> Well. it *is* a problem.
>
> Without stapling, each client that hits our server also hits the ocsp
> serv
> Though not providing an OCSP response isn't a problem at all
> as OCSP stapling is just an optimization, and
Well. it *is* a problem.
Without stapling, each client that hits our server also hits the ocsp
server.
In our case, the ocsp server is overloaded (StartSSL), and therefore we
can help
Hello!
On Tue, Sep 22, 2015 at 05:21:27PM -0400, 173279834462 wrote:
> The purpose of the ssl_stapling_file was to prime the cache. Without that
> file, openssl says "OCSP response: no response sent". For nginx to load the
> cache by itself, clients have to hit the same worker process a few times
How about this:
server {
listen 80;
server_name *.mydomain.com;
return 301 https://$http_host$request_uri;
}
Andrejs
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261751,261762#msg-261762
___
I am sorry, I found the answer to my own question:
HTTP/2 uses SPDY as a jumping-off point. HTTP/2, however, uses a fixed
Huffman code-based header compression algorithm, instead of SPDY's dynamic
stream-based compression. This helps to reduce the potential for attacks on
the protocol.
Posted at
Maxim,
How is compression of headers taking place when using the new http_v2
module? Does "spdy_headers_comp" directive have any replacement in the
http_v2 module? I looked at the source code but couldn't find any info.
Are headers compressed by default now?
Andrejs
Posted at Nginx Forum:
On Wed, Sep 23, 2015, at 08:25 PM, linsonj wrote:
> Yes, the line rewrite ^(.*)$ https://$servername.smartdocsonline.com/$1;
> could be the reason.
>
> Any other way to do this ? or Can I edit the existing rewrite rule to
> avoid
> double trailing slash ?
>
I suggest finding out what's being c
Yes, the line rewrite ^(.*)$ https://$servername.smartdocsonline.com/$1;
could be the reason.
Any other way to do this ? or Can I edit the existing rewrite rule to avoid
double trailing slash ?
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261751,261758#msg-261758
___
I hate this editor...
The warning points at the "<< 16" part.
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261756,261757#msg-261757
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
inflate.c:1507:61: warning: shifting a negative signed value is undefined
[-Wshift-negative-value]
if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
~~~ ^
Posted at Nginx Forum:
http://forum.ngin
cannot delete - please ignore this thread
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261754,261755#msg-261755
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
inflate.c:1507:61: warning: shifting a negative signed value is undefined
[-Wshift-negative-value]
if (strm == Z_NULL || strm->state == Z_NULL) return -1L << 16;
~~~ ^
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261754,26175
Hi
On Wed, Sep 23, 2015, at 07:02 PM, linsonj wrote:
>
> Issue is that when I try to access http://webapp.mydomain.com using
> current
> setup, it is redirecting to https://webapp.mydomain.com// ( with two
> trailing slash at the end of url). Looking for a solution to remove this
> double slash i
On 23 September 2015 at 11:48, itpp2012 wrote:
> Have you seen this one
> http://forum.nginx.org/read.php?29,261735,261737#msg-261737
> Have you completely removed the spdy module ?
I have seen that, but I'm using the official Ubuntu precise packages from
nginx.org, so I kinda think it should be
Hello,
I'm using following settings for redirecting all http requests to https
Our nginx configuration is as follows
server {
listen 80;
server_name ~^(.*)\.mydomain\.com$;
set $servername $1;
rewrite ^(.*)$ https://$servername.mydomain.com/$1;
error_page 500 502 503 504 /50x.html;
}
SSL conf f
Have you seen this one
http://forum.nginx.org/read.php?29,261735,261737#msg-261737
Have you completely removed the spdy module ?
Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,261745,261750#msg-261750
___
nginx mailing list
nginx@nginx.org
ht
Thanks for your answer.
the connection id is already unique and during keep-alive it will be the
same for the same visitor.
this is actually what i want, the only problem is that the restart of nginx
resets the connection id
this makes log analysis complicated
having the start time of nginx would
42 matches
Mail list logo
