Hi, all:
I want to get the network latency between the users and my Nginx servers
on tcp layer. I searched about this and found several Nginx variables
bellow:
$tcpinfo_rtt, $tcpinfo_rttvar, $tcpinfo_snd_cwnd, $tcpinfo_rcv_space
information about the client TCP connection; available on systems t
Provide your full config please.
Also this error log. [emerg] "if" directive is not allowed here
That means you put the code I provided in a invalid area I would assume not
between location {} or server {} tags as I said.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,271581,271586#ms
Take a look at this:
http://ask.xmodulo.com/block-specific-user-agents-nginx-web-server.html
Personally, I would use the map feature since eventually there will be other
user agents to block.
I use three maps. I block based on requests, referrals, and user agents. The
user agent is kind of o
If I delete the if!
I get an error
root@mail:~# nginx -t -c /etc/nginx/nginx.conf
nginx: [emerg] unknown directive "($http_user_agent" in
/etc/nginx/nginx.conf:82
nginx: configuration file /etc/nginx/nginx.conf test failed
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,271581,271585#
thanks for fast reply#
here is what I get
root@mail:~# nginx -t -c /etc/nginx/nginx.conf
nginx: [emerg] "if" directive is not allowed here in
/etc/nginx/nginx.conf:82
nginx: configuration file /etc/nginx/nginx.conf test failed
so 'if' should be deleted?
Posted at Nginx Forum:
https://forum.ngin
xstation Wrote:
---
> eneted this in the conf file under http
>
> SetEnvIfNoCase User-Agent "^Baiduspider" block_bot
> Order Allow,Deny
> Allow from All
> Deny from env=block_bot
>
>
> but on restart got a error message
>
> Job for nginx.serv
eneted this in the conf file under http
SetEnvIfNoCase User-Agent "^Baiduspider" block_bot
Order Allow,Deny
Allow from All
Deny from env=block_bot
but on restart got a error message
Job for nginx.service failed. See 'systemctl status nginx.service' and
'journalctl -xn' for details.
root@mail:~
That is why you cache the request. DoS or in your case DDoS since multiple
are involved Caching backend responses and having Nginx serve a cached
response even for 1 second that cached response can be valid for it will
save your day.
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,27148
> proxy_cache / fastcgi_cache the pages output will help. Flood all you want
> Nginx handles flooding and lots of connections fine your back end is your
> weakness / bottleneck that is allowing them to be successful in effecting
> your service.
Definitely. My backend is of course the bottleneck
Here is my philosophy. A packet arrives at your server. This can be broken down
into two parts: who are you and what do you want. The firewall does a fine job
of stopping the hacker at the who are you point.
When the packet reaches Nginx, the what do you want part comes into play. Most
likely
Hello Nikos,
> Are you sure that the nginx module you are using supports the proxy
> protocol version 2?
you're probably right. Nginx seems to support only version 1 of the
proxy protocol because I can't see the binary header preamble. Can
someone confirm?
https://thomas.glanzmann.de/tmp/nginx.p
Hello Roman,
> Please try the attached patch.
thank you for the patch. The patch solves my SNI problem:
185.46.137.5 - [15/Dec/2016:22:25:00 +0100] "vpn.gmvl.de"
Cheers,
Thomas
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/ma
Hi Thomas,
On Thu, Dec 15, 2016 at 05:50:48PM +0100, Thomas Glanzmann wrote:
> Hello Roman,
>
> > You can try logging $ssl_preread_server_name in access_log.
>
> thank you. It seems that nginx is not able to extract the server_name
> from openconnect correctly:
>
> 2a01:598:8181:37ef:95e1:682:4
Hello Roman,
> You can try logging $ssl_preread_server_name in access_log.
thank you. It seems that nginx is not able to extract the server_name
from openconnect correctly:
2a01:598:8181:37ef:95e1:682:4c98:449e - [15/Dec/2016:17:45:57 +0100] ""
When I connect with a browser:
2a01:598:8181:37ef
Hello,
> How can someone debug ngx_stream_ssl_preread_module?
put the following line in the stream section:
error_log /var/log/nginx/sni_error.log debug;
Once done I found out that
2016/12/15 17:09:00 [error] 21043#0: *7426 recv() failed (104: Connection reset
by peer) while proxying connect
Hi Thomas,
On Thu, Dec 15, 2016 at 05:08:41PM +0100, Thomas Glanzmann wrote:
> Hello,
> I would like to use ngx_stream_ssl_preread_module to multiplex between a
> squid, nginx webserver and ocserv (ssl vpn). I setup nginx the following
> way:
>
> stream {
> upstream webserver {
>
Hello,
I would like to use ngx_stream_ssl_preread_module to multiplex between a
squid, nginx webserver and ocserv (ssl vpn). I setup nginx the following
way:
stream {
upstream webserver {
server 127.0.0.1:443;
}
upstream squidtls {
server 12
Hello!
On Thu, Dec 15, 2016 at 10:00:03AM -0500, evgeny.morokin wrote:
> Maxim Dounin Wrote:
> ---
> > No. nginx is able to handle requests with TFO (if configured
> > with the "fastopen" parameter of the "listen" directive,
> > http://nginx.
On Thu, Dec 15, 2016 at 5:08 PM, Maxim Dounin wrote:
> [...]
>
> > 2016/12/15 14:24:02 [notice] 15695#0: *6 rewritten data:
> "/bin/view/Main/WebHome", ...
>
> [...]
>
> > 2016/12/15 14:24:02 [debug] 15695#0: *6 test location: ~ "^/([A-Z_].*)$"
> > 2016/12/15 14:24:02 [debug] 15695#0: *6 using co
Maxim Dounin Wrote:
---
> No. nginx is able to handle requests with TFO (if configured
> with the "fastopen" parameter of the "listen" directive,
> http://nginx.org/r/listen), but it doesn't try to use TFO in
> requests to upstream servers.
M
Hello!
On Thu, Dec 15, 2016 at 02:30:17PM +0300, Руслан Закиров wrote:
> Below is default foswiki config that falls into "rewrite or internal
> redirection cycle while processing
> "/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/Main/WebHome"".
>
> Thi
Hello!
On Thu, Dec 15, 2016 at 05:04:33AM -0500, evgeny.morokin wrote:
> Hi, can someone clarify - If TFO is properly enabled on both systems Nginx
> reverse-proxy and Nginx upstream, will both use it in communication between
> each other or not.
No. nginx is able to handle requests with TFO (i
Hello!
On Thu, Dec 15, 2016 at 04:38:18AM -0500, miracle.max wrote:
> Hello there! we currently have this issue when we restart nginx, the cache
> zone disk consume rise constantly until we reach the 84h after the restart,
> here nginx locks and start deleting, after 15-30m everything starts work
On Thu, Dec 15, 2016 at 02:30:17PM +0300, Руслан Закиров wrote:
Hi there,
> Below is default foswiki config that falls into "rewrite or internal
> redirection cycle while processing
> "/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/Main/WebHome"".
>
>
Hi,
Sorry guys it was my bad. We have policy to only redirect HTTPS requests,
though the request coming from this ip was with HTTP hence no map policy on
it.
In short, things are working as expected :)
Shahzaib
On Thu, Dec 15, 2016 at 5:35 PM, shahzaib mushtaq
wrote:
> Here is the break down
Here is the break down of subnet 39.32.0.0/11 :
http://prntscr.com/djq88m
According to this, geo policy should be apply to 39.45.X.X as well but its
not .
On Thu, Dec 15, 2016 at 5:11 PM, shahzaib mushtaq
wrote:
> Hi,
>
> We're using nginx geo module to redirect requests from specific
> subnet
Hi,
We're using nginx geo module to redirect requests from specific
subnets/supernets. If request is coming from following ips, it should be
redirected towards caching node :
geo $qwilt_user {
default 0;
182.184.25.66/32 1;
103.28.152.0/22 1;
203.135.0.0/18 1;
203.99.0.0/16 1;
116.71.
Hi,
Below is default foswiki config that falls into "rewrite or internal
redirection cycle while processing
"/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/bin/view/Main/WebHome"".
This is Nginx 1.11.6.
Any ideas?
location = / {
root $foswi
On Sat, Dec 10, 2016 at 9:08 PM, hemendra26
wrote:
> I was using nginx x-accel-redirect as an authentication frontend for an
> external db resource.
>
> In my python code I would do the following:
>
> /getresource/
>
> def view(self, req, resp):
> name = get_dbname(req.user.id)
> resp.
Hello :-)
Maxim Dounin Wrote:
---
> Yes, but there isn't much difference: as long as httpready sees
> something different from a HTTP request, it just passes the
> connection to nginx.
>
> Quoting accf_http(9):
>
> If something other tha
gariac Wrote:
---
> This is an interesting bit of code. However if you are being ddos-ed,
> this just eliminates nginx from replying. It isn't like nginx is
> isolated from the attack. I would still rather block the IP at the
> firewall and preven
Hi, can someone clarify - If TFO is properly enabled on both systems Nginx
reverse-proxy and Nginx upstream, will both use it in communication between
each other or not.
Have a great day,
Evgeny
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,271545,271545#msg-271545
_
Hello there! we currently have this issue when we restart nginx, the cache
zone disk consume rise constantly until we reach the 84h after the restart,
here nginx locks and start deleting, after 15-30m everything starts working
as usual and the cache worker behaves as expected until we do another
re
Hello,
On 12/14/16 10:13 PM, kms-pt wrote:
> Hello,
>
> Just wondering if anyone knows if access_logs are able to be configured in
> the stream block. We are looking to implement TCP stream which works but
> also have the requirement of logging the connections, transactions, etc. I
> know error_l
This is an interesting bit of code. However if you are being ddos-ed, this just
eliminates nginx from replying. It isn't like nginx is isolated from the
attack. I would still rather block the IP at the firewall and prevent nginx
from doing any action.
The use of $bot_agent opens up a lot of p
35 matches
Mail list logo
