Hey again,
So I modified my config to this as to prevent client's IP spoofing.
map $http_x_forwarded_for $client_ip_x_forwarded_for {
"" $remote_addr; #if this header missing set remote_addr as real ip
default $http_x_forwarded_for;
}
map $http_cf_connecting_ip $client_ip_from_cf {
"" $client_ip
Does anybody have any history/rationale on why keepalive_requests
use default of 100 requests in nginx? This same default is also used in
Apache. But the default seems very small in today's standards.
http://nginx.org/en/docs/http/ngx_http_core_module.html#keepalive_requests
Regards,
Tolga
__
Hi, Aleks,
This nginx conf is generated by Kubernetes nginx ingress controller. We use the
Nginx in the kubernetes cluster. So many modules are there.
The lua script is supported by the open sourced OpenResty. You can google it to
find how and why use it. We use it for our special load balancin
Of course, with split_clients, you are at the mercy of the hashing and
hope that this distribution will spread work
evenly based on incoming client address space and the duration of
these connections, so you might run into
the limits despite having enough port capacity. More importantly, in
case of
Hey,
I was just looking at the realip module but that module does not seem to
support fallback methods like I demonstrated I was in need of. (If it does
support multiple headers and fallback conditions can someone provide a
demonstration)
If real_ip_header CF-Connecting-IP; is missing then fallba
Yes, split_clients solution fits perfectly in the described use case.
Also, nginx >= 1.11.4 has support for IP_BIND_ADDRESS_NO_PORT socket
option ([1], [2]) on supported systems (Linux kernel >= 4.2, glibc >= 2.23)
which
may be helpful as well.
Quote from [1]:
[..]
Add IP_BIND_ADDRESS_NO_PORT t
> On Mar 7, 2017, at 4:58 PM, Vladimir Homutov wrote:
>
> On 08.03.2017 00:21, Eric Feldhusen wrote:
>> I’m trying to use Nginx to reverse proxy TFTP UDP port 69 traffic and
>> I”m having a problem with getting files through the nginx reverse proxy.
>>
>> My configuration is simple, I’m running
On Tue, Mar 07, 2017 at 04:38:04PM -0500, Jonathan Simowitz via nginx wrote:
Hi there,
> I have an nginx server that runs as reverse proxy and I would like to pass
> the $upstream_response_time value in a header. I find that when I do the
> value is actually a linux timestamp with millisecond res
Hi.
Well that's a lot modules and lua stuff there.
What's in the '*by_lua_file's ?
Can you run from a specific IP the debug log to see what's happen in
nginx?
http://nginx.org/en/docs/debugging_log.html
regards
aleks
Am 07-03-2017 10:49, schrieb t...@sina.com:
> Hi, Aleks,
>
> The r
How about using
split_clients "${remote_addr}AAA" $proxy_ip {
10% 192.168.1.10;
10% 192.168.1.11;
...
* 192.168.1.19;
}
proxy_bind $proxy_ip;
where $proxy_ip is
On 08.03.2017 00:21, Eric Feldhusen wrote:
I’m trying to use Nginx to reverse proxy TFTP UDP port 69 traffic and
I”m having a problem with getting files through the nginx reverse proxy.
My configuration is simple, I’m running TFTP on one Centos 6.x server
and the Nginx reserve proxy on another C
Hello,
I have an nginx server that runs as reverse proxy and I would like to pass
the $upstream_response_time value in a header. I find that when I do the
value is actually a linux timestamp with millisecond resolution instead of
a value of seconds with millisecond resolution. Apparently this is
a
On Mon, Mar 06, 2017 at 02:12:40PM -0500, c0nw0nk wrote:
Hi there,
good that you've found some more answers.
There's still some to be worked on, though, I suspect.
> So to explain how to get the origin IP for each method someone could be
> using here is the list :
>
> Cloudflares proxied traff
> Am 07.03.2017 um 22:12 schrieb Nelson Marcos :
>
> Do you really need to use different source ips or it's a solution that you
> picked?
>
> Also, is it a option to set the keepalive option in your upstream configure
> section?
> http://nginx.org/en/docs/http/ngx_http_upstream_module.html#kee
I’m trying to use Nginx to reverse proxy TFTP UDP port 69 traffic and I”m
having a problem with getting files through the nginx reverse proxy.
My configuration is simple, I’m running TFTP on one Centos 6.x server and the
Nginx reserve proxy on another Centos 6.x server with the latest Nginx main
Do you really need to use different source ips or it's a solution that you
picked?
Also, is it a option to set the keepalive option in your upstream configure
section?
http://nginx.org/en/docs/http/ngx_http_upstream_module.html#keepalive
Um abraço,
NM
2017-03-07 16:50 GMT-03:00 larsg :
> Hi,
>
Hi,
we are operating native nginx 1.8.1 on RHEL as a reverse proxy.
The nginx routes requests to a backend server that can be reached from the
proxy via a single internal IP address.
We have to support a large number of concurrent websocket connections - say
100k to 500k.
As we don't want to incr
Understood. Thanks much for your quick reply !
Alex
Posted at Nginx Forum:
https://forum.nginx.org/read.php?2,255509,272800#msg-272800
___
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Hello!
On Tue, Mar 07, 2017 at 08:18:02AM -0500, alweiss wrote:
> Hi Maxim
> For specific needs, if i don't add the ssl_crl directive to my ssl
> configuration, would nginx just don't check anything or would it issue a
> live query on the url indicated as a crl distribution point in the client
>
Hi Maxim
For specific needs, if i don't add the ssl_crl directive to my ssl
configuration, would nginx just don't check anything or would it issue a
live query on the url indicated as a crl distribution point in the client
certificate, introducing high latency ...?
In other words, how to completel
I have and NGINX reverse proxy and upstream server. NGINX authenticates the
incoming request and forwards the request to upstream server, which also
authenticates the request first and then creates a session for the user.
I want to know if the user session gets expired in NGINX, will NGINX forwar
Hi, Aleks,
The result of nginx -V is as follow:
nginx version: nginx/1.11.1
built by gcc 4.9.2 (Debian 4.9.2-10)
built with OpenSSL 1.0.1t 3 May 2016
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx
--conf-path=/etc/nginx/nginx.conf --http-log-path=/var/log/nginx/access.log
22 matches
Mail list logo
